1,183
社区成员
发帖
与我相关
我的任务
分享关于网吧杀木马的问题!![100分]
玩传奇时ID老是被那可恶木马盗走!
想写一个杀所有进程,除windows的系统进程的代码!
windows的系统进程可以前列出来!除列出来之进程,全给干掉 :)
我写了一下只能杀列出来的几个进程! 木马那么多! 不实用呀!
想写一个杀所有进程,除windows的系统进程的代码!
windows的系统进程可以前列出来!除列出来之进程,全给干掉 :)
我写了一下只能杀列出来的几个进程! 木马那么多! 不实用呀!
...全文
请发表友善的回复…
发表回复
一平1 2003-09-12
- 打赏
- 举报
呵~~呵~~
自己的电脑不能上网呀!
自己的电脑不能上网呀!
hhddff 2003-09-08
- 打赏
- 举报
你编的不成了比杀毒软件还牛的软件吗,还是自己多注意点你的机器,我认为最好。
coolfilm 2003-09-07
- 打赏
- 举报
up
一平1 2003-09-05
- 打赏
- 举报
好东东!
MicroSword 2003-09-01
- 打赏
- 举报
试试天剑进程管理器
aslqp 2003-08-30
- 打赏
- 举报
监视邮件吧!
fengyvn 2003-08-30
- 打赏
- 举报
现在这么多种网吧管理软件,能列举完吗?
huojiehai 2003-08-30
- 打赏
- 举报
unit MainUnit;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
StdCtrls,TLHelp32;
type
TProcessInfo = Record
ExeFile : String;
ProcessID : DWORD;
end;
pProcessInfo = ^TProcessInfo;
type
TMainFrm = class(TForm)
btnList: TButton;
ListBox1: TListBox;
Button1: TButton;
procedure btnListClick(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
procedure FormDestroy(Sender: TObject);
private
FSL: TStringList;
{ Private declarations }
procedure KillProc(ProcName: string);
public
{ Public declarations }
end;
var
MainFrm: TMainFrm;
implementation
{$R *.DFM}
function GetProcModuleID(ProcessID:DWORD):DWORD;
var b:BOOL;
SnapHandle:THandle;
Entry:TProcessEntry32;
begin
SnapHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
Entry.dwSize:=Sizeof(Entry);
b:=Process32First(SnapHandle,Entry);
while integer(b)<>0 do begin
if Entry.th32ProcessID=ProcessID then Result:=Entry.th32ModuleID;
b:=Process32Next(SnapHandle,Entry);
end;
end;
function GetProcSize(ProcessID:DWORD):DWORD;
var b:BOOL;
SnapHandle:THandle;
Entry:TModuleEntry32;
ModuleID:DWORD;
begin
ModuleID:=GetProcModuleID(ProcessID);
SnapHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPALL,ProcessID);
Entry.dwSize:=Sizeof(Entry);
b:=Module32First(SnapHandle,Entry);
while integer(b)<>0 do begin
if Entry.th32ModuleID=ModuleID then Result:=Entry.modBaseSize;
b:=Module32Next(SnapHandle,Entry);
end;
end;
procedure TMainFrm.btnListClick(Sender: TObject);
var
p: pProcessInfo;
ContinueLoop: BOOL;
FSnapshotHandle, hProcess: THandle;
FProcessEntry32: TProcessEntry32;
n: integer;
b:BOOL;
SnapHandle:THandle;
Entry:TModuleEntry32;
begin
FSL.Clear;
n:=1;
New(p);
FSnapshotHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
FProcessEntry32.dwSize:=Sizeof(FProcessEntry32);
ContinueLoop:=Process32First(FSnapshotHandle,FProcessEntry32);
while integer(ContinueLoop)<>0 do
begin
p.ExeFile:= FProcessEntry32.szExeFile;
///////////////////////
b := Module32First(FSnapshotHandle, Entry);
while integer(b)<>0 do begin
if Entry.th32ModuleID=FProcessEntry32.th32ProcessID then
break;
b:=Module32Next(FSnapshotHandle,Entry);
end;
//
ListBox1.Items.Add(inttostr(n)+':'+inttostr
(FProcessEntry32. th32ProcessID)+' * ' +
p.ExeFile + ' 内存:' + IntToStr(GetProcSize(FProcessEntry32.th32ProcessID)));//Entry.modBaseSize));
inc(n);
FSL.Add(p.ExeFile);
if UpperCase(p.ExeFile)='CALC.EXE' then
begin
hProcess := OpenProcess(PROCESS_ALL_ACCESS, FALSE,
FProcessEntry32.th32ProcessID);
TerminateProcess(hProcess,0);
end;
ContinueLoop:=Process32Next(FSnapshotHandle,FProcessEntry32);
end;
end;
procedure TMainFrm.KillProc(ProcName: string);
var
p: pProcessInfo;
ContinueLoop: BOOL;
FSnapshotHandle, hProcess: THandle;
FProcessEntry32: TProcessEntry32;
begin
if trim(ProcName) = '' then exit;
ProcName := UpperCase(ProcName);
ProcName := ExtractFileName(ProcName);
if Pos('.EXE', ProcName) < 1 then ProcName := ProcName + '.EXE';
New(p);
FSnapshotHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
FProcessEntry32.dwSize:=Sizeof(FProcessEntry32);
ContinueLoop:=Process32First(FSnapshotHandle,FProcessEntry32);
while integer(ContinueLoop) <> 0 do
begin
p.ExeFile:= FProcessEntry32.szExeFile;
//if UpperCase(ExtractFileName(p.ExeFile)) = ProcName then
if Pos(UpperCase(ExtractFileName(p.ExeFile)), ProcName) > 0 then
begin
hProcess := OpenProcess(PROCESS_ALL_ACCESS, FALSE,
FProcessEntry32.th32ProcessID);
TerminateProcess(hProcess,0);
end;
ContinueLoop:=Process32Next(FSnapshotHandle,FProcessEntry32);
end;
end;
procedure TMainFrm.Button1Click(Sender: TObject);
const
ExceptPro = 'EXPLORE.EXE,DELPHI32.EXE,TOOLS.EXE,QQ.EXE,KILLPROC.EXE'; //我这里只过滤了五个,其他要过滤加入就行了,但必需要大小
var
lp: integer;
PorceName: string;
begin
for lp := 0 to FSL.Count - 1 do
begin
PorceName := UpperCase(trim(ExtractFileName(FSl[lp])));
if Pos(PorceName, ExceptPro) > 0 then Continue; //在这里过滤不想Kill进程
if trim(PorceName) <> '' then
KillProc(PorceName);
end;
end;
procedure TMainFrm.FormCreate(Sender: TObject);
begin
FSL := TStringList.Create;
end;
procedure TMainFrm.FormDestroy(Sender: TObject);
begin
FSL.Free;
end;
end.
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
StdCtrls,TLHelp32;
type
TProcessInfo = Record
ExeFile : String;
ProcessID : DWORD;
end;
pProcessInfo = ^TProcessInfo;
type
TMainFrm = class(TForm)
btnList: TButton;
ListBox1: TListBox;
Button1: TButton;
procedure btnListClick(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
procedure FormDestroy(Sender: TObject);
private
FSL: TStringList;
{ Private declarations }
procedure KillProc(ProcName: string);
public
{ Public declarations }
end;
var
MainFrm: TMainFrm;
implementation
{$R *.DFM}
function GetProcModuleID(ProcessID:DWORD):DWORD;
var b:BOOL;
SnapHandle:THandle;
Entry:TProcessEntry32;
begin
SnapHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
Entry.dwSize:=Sizeof(Entry);
b:=Process32First(SnapHandle,Entry);
while integer(b)<>0 do begin
if Entry.th32ProcessID=ProcessID then Result:=Entry.th32ModuleID;
b:=Process32Next(SnapHandle,Entry);
end;
end;
function GetProcSize(ProcessID:DWORD):DWORD;
var b:BOOL;
SnapHandle:THandle;
Entry:TModuleEntry32;
ModuleID:DWORD;
begin
ModuleID:=GetProcModuleID(ProcessID);
SnapHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPALL,ProcessID);
Entry.dwSize:=Sizeof(Entry);
b:=Module32First(SnapHandle,Entry);
while integer(b)<>0 do begin
if Entry.th32ModuleID=ModuleID then Result:=Entry.modBaseSize;
b:=Module32Next(SnapHandle,Entry);
end;
end;
procedure TMainFrm.btnListClick(Sender: TObject);
var
p: pProcessInfo;
ContinueLoop: BOOL;
FSnapshotHandle, hProcess: THandle;
FProcessEntry32: TProcessEntry32;
n: integer;
b:BOOL;
SnapHandle:THandle;
Entry:TModuleEntry32;
begin
FSL.Clear;
n:=1;
New(p);
FSnapshotHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
FProcessEntry32.dwSize:=Sizeof(FProcessEntry32);
ContinueLoop:=Process32First(FSnapshotHandle,FProcessEntry32);
while integer(ContinueLoop)<>0 do
begin
p.ExeFile:= FProcessEntry32.szExeFile;
///////////////////////
b := Module32First(FSnapshotHandle, Entry);
while integer(b)<>0 do begin
if Entry.th32ModuleID=FProcessEntry32.th32ProcessID then
break;
b:=Module32Next(FSnapshotHandle,Entry);
end;
//
ListBox1.Items.Add(inttostr(n)+':'+inttostr
(FProcessEntry32. th32ProcessID)+' * ' +
p.ExeFile + ' 内存:' + IntToStr(GetProcSize(FProcessEntry32.th32ProcessID)));//Entry.modBaseSize));
inc(n);
FSL.Add(p.ExeFile);
if UpperCase(p.ExeFile)='CALC.EXE' then
begin
hProcess := OpenProcess(PROCESS_ALL_ACCESS, FALSE,
FProcessEntry32.th32ProcessID);
TerminateProcess(hProcess,0);
end;
ContinueLoop:=Process32Next(FSnapshotHandle,FProcessEntry32);
end;
end;
procedure TMainFrm.KillProc(ProcName: string);
var
p: pProcessInfo;
ContinueLoop: BOOL;
FSnapshotHandle, hProcess: THandle;
FProcessEntry32: TProcessEntry32;
begin
if trim(ProcName) = '' then exit;
ProcName := UpperCase(ProcName);
ProcName := ExtractFileName(ProcName);
if Pos('.EXE', ProcName) < 1 then ProcName := ProcName + '.EXE';
New(p);
FSnapshotHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
FProcessEntry32.dwSize:=Sizeof(FProcessEntry32);
ContinueLoop:=Process32First(FSnapshotHandle,FProcessEntry32);
while integer(ContinueLoop) <> 0 do
begin
p.ExeFile:= FProcessEntry32.szExeFile;
//if UpperCase(ExtractFileName(p.ExeFile)) = ProcName then
if Pos(UpperCase(ExtractFileName(p.ExeFile)), ProcName) > 0 then
begin
hProcess := OpenProcess(PROCESS_ALL_ACCESS, FALSE,
FProcessEntry32.th32ProcessID);
TerminateProcess(hProcess,0);
end;
ContinueLoop:=Process32Next(FSnapshotHandle,FProcessEntry32);
end;
end;
procedure TMainFrm.Button1Click(Sender: TObject);
const
ExceptPro = 'EXPLORE.EXE,DELPHI32.EXE,TOOLS.EXE,QQ.EXE,KILLPROC.EXE'; //我这里只过滤了五个,其他要过滤加入就行了,但必需要大小
var
lp: integer;
PorceName: string;
begin
for lp := 0 to FSL.Count - 1 do
begin
PorceName := UpperCase(trim(ExtractFileName(FSl[lp])));
if Pos(PorceName, ExceptPro) > 0 then Continue; //在这里过滤不想Kill进程
if trim(PorceName) <> '' then
KillProc(PorceName);
end;
end;
procedure TMainFrm.FormCreate(Sender: TObject);
begin
FSL := TStringList.Create;
end;
procedure TMainFrm.FormDestroy(Sender: TObject);
begin
FSL.Free;
end;
end.
