unit1.dfm

多种检测隐藏进程的源代码 驱动采用C++编写 主程序采用Delphi编写

object Form1: TForm1
  Left = 411
  Top = 25
  Width = 674
  Height = 612
  BorderIcons = [biSystemMenu, biMinimize]
  Caption = 'Process Hunter (Hidden processes detector) by Ms-Rem'
  Color = clBtnFace
  Font.Charset = DEFAULT_CHARSET
  Font.Color = clWindowText
  Font.Height = -11
  Font.Name = 'MS Sans Serif'
  Font.Style = []
  Icon.Data = {
    0000010001001020000001000400280100001600000028000000100000002000
    00000100040000000000C0000000000000000000000000000000000000000000
    0000000080000080000000808000800000008000800080800000C0C0C0008080
    80000000FF0000FF000000FFFF00FF000000FF00FF00FFFF0000FFFFFF000000
    00000000000088888888888888008F7A7777778778808F777770000078808FFF
    FFFFFFFFF8800000000000000880088888888888808008F777777777880008F7
    04444447880008F70000A047880008F7AA0A0AA7880008F700A00047880008F7
    00000007880008FFFFFFFFFF8800008777777777F80000088888888888008003
    0000000100000000000000000000000000008000000080010000800100008001
    00008001000080010000800100008001000080010000C0010000E0030000}
  OldCreateOrder = False
  Position = poDesktopCenter
  OnCanResize = FormCanResize
  OnCreate = FormCreate
  PixelsPerInch = 96
  TextHeight = 13
  object Splitter1: TSplitter
    Left = 0
    Top = 429
    Width = 666
    Height = 3
    Cursor = crVSplit
    Align = alBottom
    ResizeStyle = rsLine
  end
  object ListView1: TListView
    Left = 0
    Top = 0
    Width = 666
    Height = 429
    Align = alClient
    BevelInner = bvLowered
    BevelOuter = bvNone
    BorderWidth = 1
    Columns = <
      item
        AutoSize = True
        Caption = 'Name'
      end
      item
        AutoSize = True
        Caption = 'PID'
      end
      item
        AutoSize = True
        Caption = 'Parrent PID'
      end
      item
        AutoSize = True
        Caption = 'EPROCESS'
      end
      item
        AutoSize = True
        Caption = 'State'
      end>
    ColumnClick = False
    FlatScrollBars = True
    GridLines = True
    ReadOnly = True
    RowSelect = True
    PopupMenu = PopupMenu1
    TabOrder = 0
    ViewStyle = vsReport
  end
  object Panel1: TPanel
    Left = 0
    Top = 491
    Width = 666
    Height = 94
    Align = alBottom
    BevelOuter = bvLowered
    TabOrder = 1
    object Button1: TButton
      Left = 544
      Top = 13
      Width = 97
      Height = 25
      Caption = 'Start detection'
      TabOrder = 0
      OnClick = Button1Click
    end
    object Button2: TButton
      Left = 544
      Top = 41
      Width = 97
      Height = 25
      Caption = 'Stop detection'
      Enabled = False
      TabOrder = 1
      OnClick = Button2Click
    end
    object CheckBox2: TCheckBox
      Left = 8
      Top = 9
      Width = 81
      Height = 17
      Caption = 'Native API'
      TabOrder = 2
    end
    object CheckBox3: TCheckBox
      Left = 8
      Top = 26
      Width = 65
      Height = 14
      Caption = 'Syscall'
      TabOrder = 3
    end
    object CheckBox4: TCheckBox
      Left = 8
      Top = 40
      Width = 81
      Height = 18
      Caption = 'List handles'
      TabOrder = 4
    end
    object CheckBox5: TCheckBox
      Left = 8
      Top = 58
      Width = 89
      Height = 14
      Caption = 'List Windows'
      TabOrder = 5
    end
    object CheckBox6: TCheckBox
      Left = 144
      Top = 24
      Width = 153
      Height = 17
      Caption = 'Search processes handles'
      TabOrder = 6
    end
    object CheckBox7: TCheckBox
      Left = 144
      Top = 8
      Width = 137
      Height = 17
      Caption = 'Search threads handles'
      TabOrder = 7
    end
    object CheckBox8: TCheckBox
      Left = 8
      Top = 72
      Width = 113
      Height = 17
      Caption = 'Scan Job objects'
      TabOrder = 8
    end
    object CheckBox1: TCheckBox
      Left = 144
      Top = 73
      Width = 145
      Height = 15
      Caption = 'Scan KiWait.. linked lists'
      TabOrder = 9
    end
    object CheckBox10: TCheckBox
      Left = 144
      Top = 40
      Width = 129
      Height = 17
      Caption = 'Native API from kernel'
      TabOrder = 10
    end
    object CheckBox11: TCheckBox
      Left = 144
      Top = 56
      Width = 145
      Height = 17
      Caption = 'Scan EPROCESSes list'
      TabOrder = 11
    end
    object CheckBox12: TCheckBox
      Left = 304
      Top = 8
      Width = 129
      Height = 17
      Caption = 'SwapContext hooking'
      TabOrder = 12
    end
    object CheckBox13: TCheckBox
      Left = 304
      Top = 24
      Width = 105
      Height = 17
      Caption = 'Syscall Hooking'
      TabOrder = 13
    end
    object Button3: TButton
      Left = 448
      Top = 23
      Width = 75
      Height = 19
      Caption = 'Usermode'
      TabOrder = 14
      OnClick = Button3Click
    end
    object Button4: TButton
      Left = 448
      Top = 41
      Width = 75
      Height = 19
      Caption = 'Base driver'
      TabOrder = 15
      OnClick = Button4Click
    end
    object Button5: TButton
      Left = 448
      Top = 59
      Width = 75
      Height = 19
      Caption = 'Extended'
      TabOrder = 16
      OnClick = Button5Click
    end
    object Button6: TButton
      Left = 448
      Top = 4
      Width = 75
      Height = 19
      Caption = 'None'
      TabOrder = 17
      OnClick = Button6Click
    end
    object CheckBox9: TCheckBox
      Left = 304
      Top = 40
      Width = 113
      Height = 17
      Caption = 'PspCidTable scan'
      TabOrder = 18
    end
    object CheckBox14: TCheckBox
      Left = 304
      Top = 56
      Width = 121
      Height = 17
      Caption = 'Scan Handle Tables'
      TabOrder = 19
    end
  end
  object ListBox1: TListBox
    Left = 0
    Top = 432
    Width = 666
    Height = 59
    Align = alBottom
    ItemHeight = 13
    TabOrder = 2
  end
  object Timer1: TTimer
    Enabled = False
    Interval = 500
    OnTimer = Timer1Timer
    Left = 552
    Top = 24
  end
  object PopupMenu1: TPopupMenu
    Left = 512
    Top = 80
    object Kill1: TMenuItem
      Caption = 'Kill'
      OnClick = Kill1Click
    end
  end
end