亚洲欧美第一页_禁久久精品乱码_粉嫩av一区二区三区免费野_久草精品视频

? 歡迎來到蟲蟲下載站! | ?? 資源下載 ?? 資源專輯 ?? 關于我們
? 蟲蟲下載站

?? uprocapi.pas

?? windows rootkit 驅動級的后門! 絕對推薦!
?? PAS
字號: 
unit UProcAPI;

interface
uses Windows;

function EnableDebugPrivilege:Boolean;
function ModuleName2PID(AName:string):Cardinal;
function EnumProcesses(AProcessesId:Pointer;ASizeOfPID:Cardinal;ADone:Pointer):Cardinal; stdcall;
function EnumProcessModules(AProcess:THandle;AModules:Pointer;ASizeOfModule:Cardinal;ADone:Pointer):Cardinal; stdcall;
function GetModuleBaseNameA(AProcess:THandle;AModule:HMODULE;AProcessName:PChar;ASizeOfName:Cardinal):Cardinal; stdcall; 

implementation

{$INCLUDE USysUtils-Case.inc}

type
 TSystemInformationClass=(
  SystemBasicInformation,SystemProcessorInformation,SystemPerformanceInformation,SystemTimeOfDayInformation,
  SystemNotImplemented1,SystemProcessesAndThreadsInformation,SystemCallCounts,SystemConfigurationInformation,
  SystemProcessorTimes,SystemGlobalFlag,SystemNotImplemented2,SystemModuleInformation,SystemLockInformation,
  SystemNotImplemented3,SystemNotImplemented4,SystemNotImplemented5,SystemHandleInformation,SystemObjectInformation,
  SystemPagefileInformation,SystemInstructionEmulationCounts,SystemInvalidInfoClass1,SystemCacheInformation,
  SystemPoolTagInformation,SystemProcessorStatistics,SystemDpcInformation,SystemNotImplemented6,
  SystemLoadImage,SystemUnloadImage,SystemTimeAdjustment,SystemNotImplemented7,SystemNotImplemented8,
  SystemNotImplemented9,SystemCrashDumpInformation,SystemExceptionInformation,SystemCrashDumpStateInformation,
  SystemKernelDebuggerInformation,SystemContextSwitchInformation,SystemRegistryQuotaInformation,
  SystemLoadAndCallImage,SystemPrioritySeparation,SystemNotImplemented10,SystemNotImplemented11,
  SystemInvalidInfoClass2,SystemInvalidInfoClass3,SystemTimeZoneInformation,SystemLookasideInformation,
  SystemSetTimeSlipEvent,SystemCreateSession,SystemDeleteSession,SystemInvalidInfoClass4,
  SystemRangeStartInformation,SystemVerifierInformation,SystemAddVerifier,SystemSessionProcessesInformation);
 TProcessInfoClass=(
  ProcessBasicInformation,ProcessQuotaLimits,ProcessIoCounters,ProcessVmCounters,ProcessTimes,
  ProcessBasePriority,ProcessRaisePriority,ProcessDebugPort,ProcessExceptionPort,ProcessAccessToken,
  ProcessLdtInformation,ProcessLdtSize,ProcessDefaultHardErrorMode,ProcessIoPortHandlers,
  ProcessPooledUsageAndLimits,ProcessWorkingSetWatch,ProcessUserModeIOPL,ProcessEnableAlignmentFaultFixup,
  ProcessPriorityClass,ProcessWx86Information,ProcessHandleCount,ProcessAffinityMask,ProcessPriorityBoost,
  ProcessDeviceMap,ProcessSessionInformation,ProcessForegroundInformation,ProcessWow64Information,
  MaxProcessInfoClass);




function NtQuerySystemInformation(ASystemInformationClass:TSystemInformationClass;out OSystemInformation:Pointer;
                                  ASystemInformationLength:Cardinal;out OReturnLength:Pointer):Cardinal; stdcall; external 'ntdll.dll' name 'NtQuerySystemInformation';

function NtQueryInformationProcess(AProcessHandle:THandle;AProcessInformationClass:TProcessInfoClass;
                                   out OProcessInformation:Pointer;AProcessInformationLength:Cardinal;
                                   out OReturnLength:Pointer):Cardinal; stdcall; external 'ntdll.dll' name 'NtQueryInformationProcess';
function RtlNtStatusToDosError(AStatus:Cardinal):Cardinal; stdcall; external 'ntdll.dll' name 'RtlNtStatusToDosError';

function EnumProcesses(AProcessesId:Pointer;ASizeOfPID:Cardinal;ADone:Pointer):Cardinal; stdcall; assembler;
asm
 pop ebp                                //fucking delphi call

 mov eax,fs:000000000h
 push ebp
 mov ebp,esp
 push 0FFFFFFFFh
 push 0731B3448h
 push 0731B2E38h
 push eax
 mov fs:000000000h,esp
 sub esp,014h
 push ebx
 push esi
 push edi
 mov esi,08000h
 xor edi,edi
 mov dword ptr [ebp-018h],esp

@loc_731B2B37:
 push esi
 push edi
 call LocalAlloc
 mov dword ptr [ebp-01Ch],eax
 cmp eax,edi
 jz @loc_731B2C12
 push edi
 push esi
 push eax
 push 005h
 call NtQuerySystemInformation
 cmp eax,0C0000004h
 jnz @loc_731B2B6D
 push dword ptr [ebp-01Ch]
 call LocalFree
 add esi,08000h
 jmp @loc_731B2B37

@loc_731B2B6D:
 test eax,eax
 jge @loc_731B2B84
 push eax
 call RtlNtStatusToDosError
 push eax
 call SetLastError
 jmp @loc_731B2C12

@loc_731B2B84:
 xor esi,esi
 mov edx,dword ptr [ebp+00Ch]
 shr edx,002h
 xor edi,edi
 mov ecx,dword ptr [ebp+008h]

@loc_731B2B91:
 mov eax,dword ptr [ebp-01Ch]
 add eax,esi
 cmp edi,edx
 jnb @loc_731B2BAF
 mov dword ptr [ebp-004h],000000000h
 mov ebx,dword ptr [eax+044h]
 mov dword ptr [ecx+edi*004h],ebx
 inc edi
 mov dword ptr [ebp-004h], 0FFFFFFFFh

@loc_731B2BAF:
 mov eax,dword ptr [eax]
 add esi,eax
 test eax,eax
 jnz @loc_731B2B91
 mov esi,001h
 mov dword ptr [ebp-004h],esi
 lea ecx,ds:000000000h [edi*004h]
 mov eax,[ebp+10h]
 mov dword ptr [eax],ecx
 mov dword ptr [ebp-004h],0FFFFFFFFh
 push dword ptr [ebp-1Ch]
 call LocalFree
 mov eax,esi
 jmp @loc_731B2C14

@loc_731B2C12:

 xor eax,eax

@loc_731B2C14:
 mov ecx,dword ptr [ebp-010h]
 pop edi
 mov fs:000000000h,ecx
 pop esi
 pop ebx
 mov esp,ebp
 pop ebp

 ret 0000Ch
end;

function EnumProcessModules(AProcess:THandle;AModules:Pointer;ASizeOfModule:Cardinal;ADone:Pointer):Cardinal; stdcall; assembler;
asm
 pop ebp                                //fucking delphi call

 mov eax,fs:000000000h
 push ebp
 mov ebp,esp
 push 0FFFFFFFFh
 push 0731B3178h
 push 0731B2E38h
 push eax
 mov fs:000000000h,esp
 sub esp,078h
 lea eax,dword ptr [ebp-040h]
 push ebx
 push esi
 push edi
 mov dword ptr [ebp-018h],esp
 push 000h
 push 018h
 push eax
 push 000h
 push dword ptr [ebp+008h]
 call NtQueryInformationProcess
 test eax,eax
 jge @loc_731B15BF
 push eax
 call RtlNtStatusToDosError
 push eax
 call SetLastError
 jmp @loc_731B169E

@loc_731B15BF:
 push 000h
 lea eax,dword ptr [ebp-028h]
 push 004h
 push eax
 mov eax,dword ptr [ebp-03Ch]
 add eax,00Ch
 push eax
 push dword ptr [ebp+008h]
 call ReadProcessMemory 
 test eax,eax
 jz @loc_731B169E
 mov esi,dword ptr [ebp-028h]
 push 000h
 add esi,014h
 push 004
 lea eax,[ebp-01Ch]
 push eax
 push esi
 push dword ptr [ebp+008h]
 call ReadProcessMemory
 test eax,eax
 jz @loc_731B169E
 mov eax,dword ptr [ebp+010h]
 xor edi,edi
 shr eax,002h
 cmp esi,dword ptr [ebp-01Ch]
 mov dword ptr [ebp-024h],eax
 jz @loc_731B1657
 mov ebx,dword ptr [ebp+00Ch]

@loc_731B1612:
 mov eax,[ebp-01Ch]
 push 000h
 sub eax,008h
 push 48h
 lea ecx,[ebp-088h]
 push ecx
 push eax
 push dword ptr [ebp+008h]
 call ReadProcessMemory 
 test eax,eax
 jz @loc_731B169E
 cmp edi, [ebp-24h] 
 jnb @loc_731B1649
 mov dword ptr [ebp-004h],000000000h
 mov eax,dword ptr [ebp-070h]
 mov dword ptr [ebx],eax
 mov dword ptr [ebp-4], 0FFFFFFFFh

@loc_731B1649:    
 add ebx,004h  
 inc edi  
 mov eax,dword ptr [ebp-080h]
 mov dword ptr [ebp-01Ch],eax
 cmp esi,eax
 jnz @loc_731B1612 

@loc_731B1657:    
 mov eax,001h
 mov dword ptr [ebp-004h],eax
 lea edx,ds:000000000h [edi*004h]
 mov ecx,dword ptr [ebp+014h]
 mov dword ptr [ecx],edx
 mov dword ptr [ebp-004h],0FFFFFFFFh
 jmp @loc_731B16A0

@loc_731B169E:
 xor eax,eax

@loc_731B16A0:
 mov ecx,dword ptr [ebp-010h]
 pop edi
 mov fs:000000000h,ecx
 pop esi
 pop ebx
 mov esp,ebp
 pop ebp
 ret 00010h
end;

procedure sub_731B14A5; assembler; stdcall;
asm
 push ebp
 mov ebp,esp
 sub esp,020h
 push ebx
 lea eax,dword ptr [ebp-020h]
 push esi
 push edi
 push 000h
 mov esi,dword ptr [ebp+008h]
 push 018h
 push eax
 push 000h
 push esi
 call NtQueryInformationProcess
 test eax,eax
 jge @loc_731B14D3
 push eax
 call RtlNtStatusToDosError
 push eax
 jmp @loc_731B1557

@loc_731B14D3:
 cmp dword ptr [ebp+00Ch],000h
 mov edi,dword ptr [ebp-01Ch]
 jnz @loc_731B14F3
 push 000h
 lea eax,dword ptr [ebp+00Ch]
 push 004h
 lea ecx,dword ptr [edi+008h]
 push eax
 push ecx
 push esi
 call ReadProcessMemory
 test eax,eax
 jz @loc_731B155D

@loc_731B14F3:
 push 000h
 lea eax,dword ptr [ebp-008h]
 push 004h
 add edi,00Ch 
 push eax
 push edi
 push esi
 call ReadProcessMemory
 test eax,eax
 jz @loc_731B155D
 mov edi,dword ptr [ebp-008h]
 push 000h
 add edi,014h
 push 004h
 lea eax,dword ptr [ebp-004h] 
 push eax
 push edi
 push esi
 call ReadProcessMemory
 test eax,eax
 jz @loc_731B155D
 cmp dword ptr [ebp-004h],edi
 jz @loc_731B1555
 mov ebx,dword ptr [ebp+010h]

@loc_731B152C:
 mov eax,dword ptr [ebp-004h]
 push 000h
 sub eax,008h
 push 048h
 push ebx
 push eax
 push esi
 call ReadProcessMemory
 test eax,eax
 jz @loc_731B155D
 mov eax,dword ptr [ebp+00Ch]
 cmp [ebx+018h],eax
 jz @loc_731B1568
 mov eax,dword ptr [ebx+008h]
 mov dword ptr [ebp-004h],eax
 cmp eax,edi
 jnz @loc_731B152C

@loc_731B1555:
 push 006h

@loc_731B1557:
 call SetLastError

@loc_731B155D:
 xor eax,eax

@loc_731B155F:
 pop edi
 pop esi
 pop ebx
 mov esp,ebp
 pop ebp
 ret 0000Ch
@loc_731B1568:
 mov eax,001h
 jmp @loc_731B155F
end;

function GetModuleBaseNameW(AProcess:THandle;AModule:HMODULE;AProcessName:PWChar;ASizeOfName:Cardinal):Cardinal; stdcall; assembler;
asm
 pop ebp                                //fucking delphi call

 push ebp
 mov ebp,esp
 sub esp,048h
 push esi
 lea eax,dword ptr [ebp-048h]
 push eax
 push dword ptr [ebp+00Ch]
 push dword ptr [ebp+008h]
 call sub_731B14A5
 test eax,eax
 jnz @loc_731B1793
 xor eax,eax
 jmp @loc_731B17CB

@loc_731B1793:
 movzx esi,word ptr [ebp-01Ah]
 mov eax,dword ptr [ebp+014h]
 add eax,eax
 cmp esi,eax
 jbe @loc_731B17A2
 mov esi,eax

@loc_731B17A2:
 push 000h
 push esi
 push dword ptr [ebp+010h]
 push dword ptr [ebp-018h]
 push dword ptr [ebp+008h]
 call ReadProcessMemory
 test eax,eax
 jnz @loc_731B17BC
 xor eax,eax
 jmp @loc_731B17CB

@loc_731B17BC:
 movzx eax,word ptr [ebp-01Ah]
 cmp eax,esi
 jnz @loc_731B17C7 
 sub esi,002h

@loc_731B17C7:
 mov eax,esi
 shr eax,001h

@loc_731B17CB:
 pop esi
 mov esp,ebp
 pop ebp
 ret 00010h
end;

function GetModuleBaseNameA(AProcess:THandle;AModule:HMODULE;AProcessName:PChar;ASizeOfName:Cardinal):Cardinal; stdcall; assembler;
asm
 pop ebp                                //fucking delphi call

 push ebx
 push esi
 mov esi,dword ptr [esp+018h]
 push edi
 push ebp
 lea eax,ds:000000000 [esi*002h]
 push eax
 push 000h
 call LocalAlloc
 mov edi,eax
 test edi,edi
 jnz @loc_731B17F4
 xor eax,eax
 jmp @loc_731B1830

@loc_731B17F4:
 push esi
 push edi
 push dword ptr [esp+020h]
 push dword ptr [esp+020h]
 call GetModuleBaseNameW
 mov ecx,eax
 cmp eax,esi
 mov ebx,eax
 jnb @loc_731B180E
 lea ecx,dword ptr [ebx+001h]

@loc_731B180E:
 xor ebp,ebp
 push ebp
 push ebp
 push esi
 push dword ptr [esp+028h]
 push ecx
 push edi
 push ebp
 push ebp
 call WideCharToMultiByte
 test eax,eax
 jnz @loc_731B1827
 xor ebx,ebx

@loc_731B1827:
 push edi
 call LocalFree
 mov eax,ebx

@loc_731B1830:
 pop ebp
 pop edi
 pop esi
 pop ebx
 ret 00010h
end;

function ModuleName2PID(AName:string):Cardinal;
var
 LI:Integer;
 LProcessesID:array[1..1024] of Cardinal;
 LDone,LProcesses,LPID:Cardinal;
 LModuleHandle:HMODULE;
 LProcessHandle:THandle;
 LProcessName:array[0..MAX_PATH-1] of Char;
 LProcNameStr:string;

begin
 AName:=UpCase(AName);
 if not Boolean(EnumProcesses(@LProcessesID,SizeOf(LProcessesID),@LDone)) then
 begin
  Result:=$FFFFFFFF;
  Exit;
 end;
 LProcesses:=LDone div SizeOf(Cardinal);
 for LI:=0 to LProcesses-1 do
 begin
  LProcessName:='unknown';
  LPID:=LProcessesID[LI];
  LProcessHandle:=OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ,False,LPID);
  if LProcessHandle=0 then Continue;
  if Boolean(EnumProcessModules(LProcessHandle,@LModuleHandle,SizeOf(LModuleHandle),@LDone)) then
  begin
   GetModuleBaseNameA(LProcessHandle,LModuleHandle,LProcessName,SizeOf(LProcessName));
   LProcNameStr:=UpCase(LProcessName);
  end;
  CloseHandle(LProcessHandle);
  if LProcNameStr=AName then
  begin
   Result:=LPID;
   Exit;
  end;
 end;
 Result:=0;
end;

function EnableDebugPrivilege:Boolean;
var
 TokenHandle:THandle;
 DebugNameValue:TLargeInteger;
 Privileges:TOKEN_PRIVILEGES;
 RetLen:Cardinal;
begin
 Result:=False;
 if not OpenProcessToken(GetCurrentProcess,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,TokenHandle) then Exit;
 if not LookupPrivilegeValue(nil,'SeDebugPrivilege',DebugNameValue) then
 begin
  CloseHandle(TokenHandle);
  Exit;
 end;
 Privileges.PrivilegeCount:=1;
 Privileges.Privileges[0].Luid:=DebugNameValue;
 Privileges.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED;
 Result:=AdjustTokenPrivileges(TokenHandle,False,Privileges,SizeOf(Privileges),nil,RetLen);
 CloseHandle(TokenHandle);
end;


end.

?? 快捷鍵說明

復制代碼 Ctrl + C
搜索代碼 Ctrl + F
全屏模式 F11
切換主題 Ctrl + Shift + D
顯示快捷鍵 ?
增大字號 Ctrl + =
減小字號 Ctrl + -
亚洲欧美第一页_禁久久精品乱码_粉嫩av一区二区三区免费野_久草精品视频
26uuu国产电影一区二区| 亚洲午夜精品一区二区三区他趣| 蜜桃视频在线一区| 91麻豆精品久久久久蜜臀 | 欧美视频在线不卡| 亚洲成人资源网| 日韩免费看的电影| 国产精品2024| 亚洲综合色婷婷| 欧美一级黄色大片| 国产成人免费视频网站| 中文字幕日韩欧美一区二区三区| 日本丰满少妇一区二区三区| 亚洲成人一二三| 欧美精品一区在线观看| gogogo免费视频观看亚洲一| 亚洲自拍偷拍欧美| 成人免费视频国产在线观看| 欧美日韩大陆一区二区| 欧美成人vps| 国产成人无遮挡在线视频| 亚洲欧洲av一区二区三区久久| 91在线云播放| 男女性色大片免费观看一区二区| 国产喂奶挤奶一区二区三区| 色香蕉久久蜜桃| 美女在线视频一区| 中文字幕一区在线| 日韩一级高清毛片| 91婷婷韩国欧美一区二区| 偷拍日韩校园综合在线| 欧美极品aⅴ影院| 欧美日韩一区高清| 成人晚上爱看视频| 免费在线观看视频一区| 亚洲色欲色欲www| 欧美xxxx在线观看| 欧美亚洲禁片免费| 成人av午夜电影| 日韩激情一二三区| 亚洲欧美日韩中文字幕一区二区三区 | 日韩免费看的电影| 在线国产亚洲欧美| 韩国毛片一区二区三区| 国产日韩欧美一区二区三区综合| 欧美丰满一区二区免费视频| 亚洲欧美在线aaa| 日韩一区二区高清| 91蝌蚪porny九色| 国产成人福利片| 日本在线不卡视频| 亚洲一区二区三区在线看| 中文字幕精品一区二区精品绿巨人 | 亚洲美女视频在线观看| 久久久影视传媒| 欧美一级淫片007| 欧美日韩一区二区三区四区五区 | 亚洲一线二线三线视频| 中文字幕一区二区三区四区不卡| 欧美大片在线观看| 欧美精品国产精品| 欧美色窝79yyyycom| 色综合久久久网| 99视频热这里只有精品免费| 国产呦精品一区二区三区网站 | 久热成人在线视频| 视频一区二区三区中文字幕| 一区二区三区日韩欧美精品| 国产精品三级在线观看| 欧美成人三级在线| 日韩一区二区三区四区五区六区| 欧美日产在线观看| 欧美二区三区的天堂| 欧美午夜在线观看| 欧美日韩高清一区二区| 欧美日韩精品三区| 欧美高清精品3d| 7777精品伊人久久久大香线蕉完整版| 欧美自拍偷拍一区| 欧美日韩美女一区二区| 狠狠色狠狠色综合系列| 国产精品无人区| 久久女同互慰一区二区三区| 欧美大白屁股肥臀xxxxxx| 欧美精品aⅴ在线视频| 欧美精三区欧美精三区| 欧美日韩专区在线| 国产无人区一区二区三区| 久久综合丝袜日本网| 国产喷白浆一区二区三区| 国产精品美日韩| 亚洲狠狠丁香婷婷综合久久久| 一区二区三区成人| 亚洲国产日韩av| 蜜桃久久久久久久| 国产一二精品视频| 99国产精品久久久久久久久久| 北条麻妃一区二区三区| 色综合一区二区| 欧美日韩亚洲综合| 精品久久五月天| 1024成人网| 日韩影院在线观看| 国产激情一区二区三区桃花岛亚洲| 成人高清视频在线观看| 色菇凉天天综合网| 欧美一区二区三区日韩视频| 欧洲国产伦久久久久久久| 国产精品综合二区| 国产精品一区二区男女羞羞无遮挡| 国产91综合网| 欧美日韩在线观看一区二区| 日韩欧美在线网站| 中文字幕精品在线不卡| 亚洲高清免费视频| 久久不见久久见免费视频1| a级精品国产片在线观看| 884aa四虎影成人精品一区| 欧美激情综合在线| 日日摸夜夜添夜夜添精品视频| 国产成人鲁色资源国产91色综| 91视频国产资源| 欧美成人艳星乳罩| 亚洲精品成人少妇| 久久精品国产精品亚洲红杏| 97久久精品人人爽人人爽蜜臀| 欧美一区二区在线看| 国产精品女同互慰在线看| 亚洲成人你懂的| 国产成人h网站| 日韩无一区二区| 亚洲午夜视频在线| 99久久精品免费观看| 3atv一区二区三区| 韩国午夜理伦三级不卡影院| 精品视频一区 二区 三区| 91精品国产美女浴室洗澡无遮挡| 琪琪久久久久日韩精品| 国产麻豆日韩欧美久久| 欧美日韩一区二区在线视频| 国产农村妇女毛片精品久久麻豆| 亚洲最大成人综合| 成人性生交大片| 欧美成人艳星乳罩| 亚洲成人免费观看| 色香蕉久久蜜桃| 国产精品第13页| 风间由美一区二区av101| 欧美刺激脚交jootjob| 亚洲国产你懂的| 91麻豆精东视频| 日韩理论电影院| 成人看片黄a免费看在线| 国产人妖乱国产精品人妖| 久久国产精品99久久人人澡| 4438x成人网最大色成网站| 亚洲亚洲人成综合网络| 色婷婷国产精品| 亚洲欧美偷拍另类a∨色屁股| 成人黄色777网| 亚洲欧洲日韩av| 成人免费观看av| 亚洲欧美综合另类在线卡通| 国产在线精品免费| xf在线a精品一区二区视频网站| 毛片av一区二区| 精品久久久久久久久久久院品网| 日本少妇一区二区| 欧美xingq一区二区| 久久国产精品免费| 久久色中文字幕| 成人a免费在线看| 亚洲人成精品久久久久久| 色噜噜狠狠色综合欧洲selulu| 亚洲精品国产一区二区精华液| 色偷偷久久一区二区三区| 亚洲一级片在线观看| 欧美另类高清zo欧美| 天涯成人国产亚洲精品一区av| 欧美一区二区观看视频| 狠狠狠色丁香婷婷综合激情| 久久欧美中文字幕| 播五月开心婷婷综合| 亚洲卡通动漫在线| 在线91免费看| 国产在线视频精品一区| 中文成人综合网| 99re热这里只有精品免费视频| 一区二区三区中文字幕精品精品| 精品视频在线免费看| 理论电影国产精品| 久久精品一二三| 在线区一区二视频| 91福利在线免费观看| 日韩午夜av电影| 欧美大胆一级视频| 国产三级欧美三级| 天天免费综合色| 欧美一区二区在线免费观看| 久久精品免费看|