进程防杀Delphi版(DLL部分)
来源:互联网 发布:昆仑数据陆薇多大年龄 编辑:程序博客网 时间:2024/06/06 02:38
自己程序中的一段代码,进程防杀。根据网上面流传的进程防杀的C++代码改编。
DLL部分:
PIMAGE_IMPORT_DESCRIPTOR = ^_IMAGE_IMPORT_DESCRIPTOR;
PImageImportDescriptor = PIMAGE_IMPORT_DESCRIPTOR;
_IMAGE_IMPORT_DESCRIPTOR = packed record
CharacteristicsOrOriginalFirstThunk: DWord;
TimeDateStamp: DWord;
ForwarderChain: DWord;
Name: DWord;
FirstThunk: DWord;
end;
PIMAGE_THUNK_DATA = ^_IMAGE_THUNK_DATA;
PImageThunkData = PIMAGE_THUNK_DATA;
_IMAGE_THUNK_DATA = packed record
Case Integer of
0 : (ForwarderString: DWord);
1 : (Function_: DWord);
2 : (Ordinal: DWord);
3 : (AddressOfData: DWord);
end;
var
OriginalOpenProcess : function (dwDesiredAccess: DWORD; bInheritHandle: BOOL;
dwProcessId: DWORD): THandle; stdcall;
function HookAPIFunction(hFromModule: HMODULE;pszFunctionModule: PAnsiChar;
pszFunctionName: PAnsiChar;pfnNewProc: Pointer): Pointer;
var
pfnOriginalProc: Pointer;
pDosHeader: PImageDosHeader;
pNTHeader: PImageNtHeaders;
pImportDesc: PImageImportDescriptor;
pThunk: PImageThunkData;
dwProtectionFlags,dwScratch: DWORD;
pszModName: PAnsiChar;
begin
Result := nil;
pfnOriginalProc := GetProcAddress(GetModuleHandle(pszFunctionModule),
pszFunctionName);
pDosHeader := PImageDosHeader(hFromModule);
pNTHeader := PImageNTHeaders(DWORD(pDosHeader)+DWORD(pDosHeader^._lfanew));
pImportDesc := PImageImportDescriptor(DWORD(pDosHeader)+
DWORD(pNTHeader^.OptionalHeader.
DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].
VirtualAddress));
while pImportDesc^.Name <> 0 do
begin
pszModName := PAnsiChar(Pointer(DWORD(pDosHeader) + DWORD(pImportDesc^.Name)));
if LowerCase(pszModName) = LowerCase(pszFunctionModule) then Break;
Inc(pImportDesc);
end;
if pImportDesc^.Name = 0 then Exit;
pThunk := PImageThunkData(DWORD(pDosHeader) + DWORD(pImportDesc^.FirstThunk));
while pThunk^.Function_ <> 0 do
begin
if (pThunk^.Function_ = DWORD(pfnOriginalProc)) then
begin
dwProtectionFlags := PAGE_READWRITE;
VirtualProtect(@pThunk^.Function_,4096,dwProtectionFlags,@dwScratch);
pThunk^.Function_ := DWORD(pfnNewProc);
Result := pfnOriginalProc ;
Break;
end;
Inc(pThunk);
end;
end;
function OpenProcessHandler(dwDesiredAccess: DWORD; bInheritHandle: BOOL;
dwProcessId: DWORD): THandle; stdcall;
begin
Result := OriginalOpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId);
if (dwProcessID = PID) and (PID <> 0) then Result := 0;
end;
//防杀的进程ID,从注册表中获得
procedure GetHookProcessID;
var
TempKey: HKEY;
DataType,Size: Integer;
begin
PID := 0;
Size := Sizeof(Integer);
if RegOpenKeyEx(HKEY_LOCAL_MACHINE,’Software/Vssoft’, 0,KEY_READ,
TempKey) = ERROR_SUCCESS then
begin
RegQueryValueEx(TempKey,’ProcessID’,nil,@DataType,PByte(@PID),@Size);
RegCloseKey(TempKey);
end;
end;
function HookOpenProcess(nCode: Integer;wParam: WPARAM;lParam: LPARAM): LRESULT;stdcall;
begin
GetHookProcessID;
if not Assigned(OriginalOpenProcess) then
OriginalOpenProcess := HookAPIFunction(GetModuleHandle(nil),
’KERNEL32.DLL’,’OpenProcess’,@OpenProcessHandler);
Result := 0;
end;
exports
HookOpenProcess;
- 进程防杀Delphi版(DLL部分)
- 进程防杀Delphi版(DLL部分)
- Delphi进程注入的部分代码 (非DLL注入)
- DELPHI实现关闭指定进程,自身防杀
- 远程进程的Dll注入[黑防]
- c#进程防杀
- Service进程防杀
- Service进程防杀
- Delphi进程注入的部分代码
- 进程防杀的实现
- 进程防杀的实现
- 进程防杀的实现
- Dll注入系统进程的部分代码
- Linux进程防杀/防崩溃monitor的实现
- Linux进程防杀/防崩溃monitor的实现
- delphi杀进程代码
- Delphi通过开启远程线程注射DLL至目标进程
- 很巧妙的进程防杀方法
- ming:开心网自我炒作还是被人使拌?
- InstallShield脚本语言的编写参考
- InstallShield 之String Table /property /path变量
- [转帖]一名Delphi程序员的开发习惯(非技术问题)
- 加油
- 进程防杀Delphi版(DLL部分)
- 现有 Delphi 项目迁移到 Tiburon 中的注意事项[转]
- java.util.Timer类的使用
- PHP的WEB服务编程工具---NuSoap介绍[转]
- 用 PHP 读取和编写 XML DOM[转]
- 好片推荐---《WALL·E》(又名《机器人瓦力》
- Delphi对INI文件的详细操作方法
- 关于前几天无法访问的问题
- MySQL中进行树状所有子节点的查询