本
程序通过调用kernel dll中的几个API 函数 搜索并列出系统中除本
进程外的所有进程的ID 对应的文件说明符 优先级 CPU占有率 线程数 相关进程信息等有关信息 并可中止所选进程 本程序运行时会在系统托盘区加入图标 不会出现在按Ctrl+Alt+Del出现的任务列表中 也不会在任务栏上显示任务按钮 在不活动或
最小化时会自动隐藏 不会重复运行 若程序已经运行 再想运行时只会激活已经运行的程序 本程序避免程序反复运行的方法是比较独特的 因为笔者在试用网上介绍一些方法后 发现程序从最小化状态被激活时 单击窗口最小化按钮时 窗口却不能最小化 于是笔者采用了发送和处理自定义消息的方法 在程序运行时先枚举系统中已有窗口 若发现程序已经运行 就向该程序窗口发送自定义消息 然后结束 已经运行的程序接到自定义消息后显示出窗口 //工程文件procviewpro dprprogram procviewprousesForms windows messages main in procview pas {Form }{$R * RES}{//这是系统自动的beginApplication InitializeApplication Title := 系统进程监控 Application CreateForm(TForm Form )Application Runend }varmyhwnd:hwndbeginmyhwnd := FindWindow(nil 系统进程监控 )// 查找窗口if myhwnd= then // 没有发现 继续运行beginApplication InitializeApplication Title := 系统进程监控 Application CreateForm(TForm Form )Application Runendelse //发现窗口 发送鼠标单击系统托盘区消息以激活窗口postmessage(myhwnd WM_SYSTRAYMSG wm_lbuttondown){//下面的方法的缺点是 若窗口原先为最小化状态 激活后单击窗口最小化按钮将不能最小化窗口showwindow(myhwnd sw_restore)FlashWindow(MYHWND TRUE)}end {//下面是使用全局原子的方法避免程序反复运行constatomstr= procview varatom:integerbeginif globalfindatom(atomstr)= thenbeginatom:=globaladdatom(atomstr)with application dobeginInitializeTitle := 系统进程监控 CreateForm(TForm Form )Runendglobaldeleteatom(atom)endend }//单元文件procview pasunit procviewinterfaceusesWindows Messages SysUtils Classes Graphics Controls Forms Dialogs StdCtrls TLHelp Buttons ComCtrls ExtCtrls ShellAPI MyFlagconstPROCESS_TERMINATE= SYSTRAY_ID= WM_SYSTRAYMSG=WM_USER+ typeTForm = class(TForm)lvSysProc: TListViewlblSysProc: TLabellblAboutProc: TLabellvAboutProc: TListViewlblCountSysProc: TLabellblCountAboutProc: TLabelPanel : TPanelbtnDetermine: TButtonbtnRefresh: TButtonlblOthers: TLabellblEmail: TLabelMyFlag : TMyFlagprocedure btnRefreshClick(Sender: TObject)procedure btnDetermineClick(Sender: TObject)procedure lvSysProcClick(Sender: TObject)procedure FormCreate(Sender: TObject)procedure AppOnMinimize(Sender:TObject)procedure FormClose(Sender: TObjectvar Action: TCloseAction)procedure FormDeactivate(Sender: TObject)procedure lblEmailClick(Sender: TObject)procedure FormResize(Sender: TObject)private{ Private declarations }fshandle:thandleFormOldHeight FormOldWidth:Integerprocedure SysTrayOnClick(var message:TMessage)message WM_SYSTRAYMSGpublic{ Public declarations }endvarForm : TForm idid: dwordfp :tprocessentry fm :tmoduleentry SysTrayIcon:TNotifyIconDataimplementation{$R * DFM}function RegisterServiceProcess(dwProcessID dwType:integer):integerstdcallexternal KERNEL DLL procedure TForm btnRefreshClick(Sender: TObject)varclp:boolnewitem :TlistitemMyIcon:TIconIconIndex:wordProcFile : array[ MAX_PATH] of charbeginMyIcon:=TIcon createlvSysProc Items clearlvSysProc SmallImages clearfshandle:=CreateToolhelp Snapshot(th cs_snapprocess )fp dwsize:=sizeof(fp )clp:=process first(fshandle fp )IconIndex:= while integer(clp)<>dobeginif fp th processid<>getcurrentprocessid thenbeginnewitem :=ems add{newitem caption:=fp szexefileMyIcon Handle:=ExtractIcon(Form Handle fp szexefile )}StrCopy(ProcFile fp szExeFile)newitem caption:=ProcFileMyIcon Handle:=ExtractAssociatedIcon(HINSTANCE ProcFile IconIndex)if MyIcon Handle<>thenbeginwith lvSysProc dobeginNewItem ImageIndex:= *** allimages addicon(MyIcon)endendwith newitem subitems dobeginadd(IntToHex(fp th processid ))Add(IntToHex(fp th ParentProcessID ))Add(IntToHex(fp pcPriClassBase ))Add(IntToHex(tUsage ))Add(IntToStr(tThreads))endendclp:=process next(fshandle fp )endclosehandle(fshandle)lblCountSysProc caption:=IntToStr(unt)MyIcon Freeendprocedure TForm btnDetermineClick(Sender: TObject)varprocesshndle:thandlebeginwith lvSysProc dobeginif selected thenbeginmessagebox(form handle 请先选择要终止的进程! *** 作提示 MB_OK+MB_ICONINFORMATION)endelsebeginif messagebox(form handle pchar( 终止 +itemfocused caption+ ? ) 终止进程 mb_yesno+MB_ICONWARNING+MB_DEFBUTTON )=mryes thenbeginidid:=strtoint( $ +itemfocused subitems[ ])processhndle:=openprocess(PROCESS_TERMINATE bool( ) idid)if integer(terminateprocess(processhndle ))= thenmessagebox(form handle pchar( 不能终止 +itemfocused caption+ ! ) *** 作失败 mb_ok+MB_ICONERROR)elsebeginSelected DeletelvAboutProc Items ClearlblCountSysProc caption:=inttostr(unt)lblCountAboutProc caption:= endendendendendprocedure TForm lvSysProcClick(Sender: TObject)varnewitem :Tlistitemclp:boolbeginif lvSysProc selected<>nil thenbeginidid:=strtoint( $ +emfocused subitems[ ])ems Clearfshandle:=CreateToolhelp Snapshot(th cs_snapmodule idid)fm dwsize:=sizeof(fm )clp:=Module First(fshandle fm )while integer(clp)<>dobeginnewitem :=lvAboutProc Items addwith newitem dobegincaption:=fm szexepathwith newitem subitems dobeginadd(IntToHex(fm th moduleid ))add(IntToHex(fm GlblcntUsage ))add(IntToHex(fm proccntUsage ))endendclp:=Module Next(fshandle fm )endclosehandle(fshandle)lblCountAboutProc Caption:=IntToStr(unt)endendprocedure TForm FormCreate(Sender: TObject)beginwith application dobeginshowwindow(handle SW_HIDE)//隐藏任务栏上的任务按钮OnMinimize:=AppOnMinimize//最小化时自动隐藏OnDeactivate:=FormDeactivate//不活动时自动隐藏OnActivate:=btnRefreshClickendRegisterServiceProcess(GetcurrentProcessID )//将程序注册为系统服务程序 lishixinzhi/Article/program/Delphi/201311/24680
你是想嵌入木马一样监控,不复杂,可以看到他们的屏幕,呵呵,看股市、玩游戏、聊天、看美女。。。。统统被你老人家捉住!!!!!!!!!
很简单:把他们的屏幕保存到一个文件里,再传到你的电脑中或数据库中,就可以监控了!
给你个我自己用的函数吧。
//---------------
//公用函数
//引用 *** 作系统SensApi.dll 判断当前的网络是否连接
function IsNetworkAlive(var lpdwFlagsLib:Integer):Integerstdcallexternal'SensApi.dll'
//ping网络
function fucPing(url: String): Boolean
//获取当前网络的连接状态 add by jzh 2010-05-24
function fucIsNetworkAlive: Boolean
const
NETWORK_ALIVE_LAN = 1 //通过局域网上网
const
NETWORK_ALIVE_WAN = 2 //通过广域网上网
var
falg: Integer
bAlive: Boolean
begin
try
bAlive:= False
IsNetworkAlive(falg)
case falg of
NETWORK_ALIVE_LAN:
begin
bAlive:= True
end
NETWORK_ALIVE_WAN:
begin
bAlive:= True
end
end
result:= bAlive
except
result:= false
end
end
//ping网络
function fucPing(url: String): Boolean
var
aIdICMPClient: TIdICMPClient
begin
aIdICMPClient:= TIdICMPClient.Create(nil)
aIdIcmpclient.ReceiveTimeout:=500
aIdICMPClient.Host:= url
try
aIdICMPClient.Ping()
except
Result:= false
end
if (aidicmpclient.ReplyStatus.fromipaddress<>'0.0.0.0')
and (aidicmpclient.ReplyStatus.fromipaddress<>'') then
result:= true
else
result:= false
aIdICMPClient.Free
end
评论列表(0条)