简易网页监控程序
相关的例子:下载>>> 作者:Dogukan 于2008-12-15上传 

有次到一家网吧上网,想下点东西,却发现下载被禁止了,QQ网络硬盘,群共享什么的都未能幸免于难(最为BT的是,我让同学传送一个下载软件给我,竟然发现没有“接收”、“另存为”,看来对QQ做的手脚不少)。于是我试图在Google中搜索“破解网吧XXXX”来找到破解的方法,却发现刚按下回车不久,IE就被关闭了,多试几次仍然如此。后来我发现,凡是出现包含“破解”、“黑客”等一些敏感关键词的网页IE都会被结束掉。
今天我们也来写一个简易网页监控程序,通过分析窗口标题栏来判断是否结束该窗体所属进程,具体一点就是使用FindWindowEx来枚举窗体,然后调用GetWindowText来获取窗体的标题,再判断逐一判断窗口标题是否包含目标关键字,如果包含,则使用TerminateProcess函数来结束窗体所属进程。大家可以拓展一下,写一个根据网页内容来实现监控的程序,可别忘了共享出来哦(^_^)

程序代码如下:

simple.asm

*************************************************
** 简易网页监控程序
** by Dogukan
** 2008-10-8
**编译方法:
**ml /c /coff simple.asm
**rc simple.rc
**link /subsystem:windows simple.obj simple.res
**编译工具:masm32 v9.0
**编译平台:Windows XP SP2
*************************************************
.486
.model flat,stdcall
option casemap:none

include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\masm32.inc
include \masm32\include\shell32.inc

includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\masm32.lib
includelib \masm32\lib\shell32.lib

DlgProc proto :DWORD,:DWORD,:DWORD,:DWORD
IsIn proto :DWORD,:DWORD

.data?

hInstance HINSTANCE ?
hListBox DWORD ?
dwFileHandle DWORD ?
dwFileHandle1 DWORD ?
dwCount DWORD ?
wRecv WORD ?
dbKey db 20 dup(?)
dwTemp DWORD ?
dbRecv db 20 dup(?)
dbHere db 20 dup(?)
dbTemp db MAX_PATH dup(?)


.data
szStateOn db "开始监控",0
szStateOff db "停止监控",0
szFilterFile db "Filter.txt",0
szDlgName db "MAIN_DIALOG",0
bFlag db 0
bIsEmpty db 0
bState db 0
szOurSite db "http://www.aogosoft.com/",0
szTitle db "简易网页监控程序",0
szErrorAlreadyRun db "程序已经运行",0
szMutex db "kkh9654;t--",0
szInfo db "====简易网页监控程序====",0dh,0ah,0dh,0ah,
"------------------------",0dh,0ah,
"-------++++++++++-------",0dh,0ah,
"*******by zhangke*******",0dh,0ah,
"-------++++++++++-------",0dh,0ah,
"------------------------",0dh,0ah,
"http://www.aogosoft.com/",0
szErrorOpen db "打开过滤文件失败!",0
szErrorRegHotKey db "注册热键失败,程序将无法隐藏运行!",0
szErrorEmpty db "关键字不能为空!",0
szErrorNoSel db "请先选择你要删除的关键字!",0
szHKInfo db "呼出程序请按Win+I",0
wKEY WORD 0A0Dh

.const

IDC_LIST equ 1001
IDC_ADD equ 1002
IDC_EDT1 equ 1003
IDC_DEL equ 1004
IDC_STATE equ 1005
IDC_HIDE equ 1006
IDC_ABOUT equ 1007
IDC_EXIT equ 1008

.code

start:

Main proc
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,addr szDlgName,NULL,addr DlgProc,NULL
invoke ExitProcess,0
Main endp
DlgProc proc hWnd:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM
.if uMsg==WM_INITDIALOG
invoke CreateMutex,NULL,FALSE,addr szMutex
invoke GetLastError
.IF eax == ERROR_ALREADY_EXISTS
invoke MessageBox,NULL,offset szErrorAlreadyRun,offset szTitle,MB_ICONERROR or MB_OK
invoke ExitProcess,NULL
.ENDIF
;创建互斥对象避免程序重复运行
invoke RegisterHotKey,hWnd,1,MOD_WIN,49h
;注册热键Win+I
test eax,eax
jnz @f
invoke MessageBox,hWnd,offset szErrorRegHotKey,offset szTitle,MB_OK or MB_ICONERROR
invoke GetDlgItem,hWnd,IDC_HIDE
invoke EnableWindow,eax,0
;如果注册热键失败,则禁用"隐藏运行"按钮
@@:
invoke SetTimer,hWnd,1,1000,NULL
invoke GetDlgItem,hWnd,IDC_LIST
mov hListBox,eax
;获取并保存ListBox的句柄
invoke CreateFile,offset szFilterFile,GENERIC_ALL,NULL,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL
;打开Filter.txt(以下均称为关键字文件)
inc eax
jnz @f
invoke MessageBox,hWnd,offset szErrorOpen,offset szTitle,MB_OK or MB_ICONERROR
;如果打开关键字文件失败,显示错误信息
ret
@@:
dec eax
mov dwFileHandle,eax
;保存关键字文件句柄
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@next:
mov dwCount,0
@count:
mov wRecv,0
invoke ReadFile,dwFileHandle,offset wRecv,2,offset dwTemp,NULL
invoke SetFilePointer,dwFileHandle,-1,0,FILE_CURRENT
mov ax,wRecv
cmp ax,wKEY
je @f
cmp dwTemp,0
je @complete
inc dwCount
jmp @count
@@:
inc dwCount
neg dwCount
invoke SetFilePointer,dwFileHandle,dwCount,0,FILE_CURRENT
neg dwCount
dec dwCount
invoke RtlZeroMemory,offset dbKey,MAX_PATH
invoke ReadFile,dwFileHandle,offset dbKey,dwCount,offset dwTemp,NULL
invoke SetFilePointer,dwFileHandle,2,0,FILE_CURRENT
invoke SendMessage,hListBox,LB_ADDSTRING,0,offset dbKey
jmp @next
@complete:
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;上面这个循环用于读取关键字文件中的关键字,并通过向ListBox发送LB_ADDSTRING
;消息将关键字一一增加到ListBox中
.elseif uMsg==WM_COMMAND
mov eax,wParam
.if ax==IDC_ABOUT
invoke MessageBox,hWnd,offset szInfo,offset szTitle,MB_OK
.elseif ax==IDC_EXIT
invoke ExitProcess,NULL
.elseif ax==IDC_ADD
invoke GetDlgItemText,hWnd,IDC_EDT1,offset dbRecv,20
push eax
mov bIsEmpty,0
lea esi,dbRecv
;;;;;;;;;;;;;;;;;;;;;
.while eax>0
dec eax
mov cl,[esi]
cmp cl,20h
je @f
inc bIsEmpty
@@:
inc esi
.endw
;;;;;;;;;;;;;;;;;;;;;
;检测要添加的关键字是否为空
cmp bIsEmpty,0
je @f
invoke SendMessage,hListBox,LB_ADDSTRING,0,offset dbRecv
invoke SetFilePointer,dwFileHandle,0,0,FILE_END
pop eax
invoke WriteFile,dwFileHandle,offset dbRecv,eax,offset dwTemp,NULL
invoke WriteFile,dwFileHandle,offset wKEY,2,offset dwTemp,NULL
;若要添加的关键字不为空则将其增加到ListBox并写入到关键字文件中
jmp @last
@@:
pop eax
invoke MessageBox,hWnd,offset szErrorEmpty,offset szTitle,MB_OK or MB_ICONINFORMATION
;如果要添加的关键字为空则显示错误信息
@last:

.elseif ax==IDC_HIDE
invoke MessageBox,hWnd,offset szHKInfo,offset szTitle,MB_OK or MB_ICONINFORMATION
invoke ShowWindow,hWnd,SW_HIDE
;通过MessageBox显示呼出程序热键,然后隐藏程序窗体
.elseif ax==IDC_STATE
cmp bState,0
jne @1
dec bState
invoke SetTimer,hWnd,2,500,NULL
invoke SetDlgItemText,hWnd,IDC_STATE,offset szStateOff
jmp @2
@1:
inc bState
invoke KillTimer,hWnd,2
invoke SetDlgItemText,hWnd,IDC_STATE,offset szStateOn
@2:
;根据bState的值来决定IDC_STATE按钮的CAPTION以及监控状态
.elseif ax==IDC_DEL
invoke SendMessage,hListBox,LB_GETCURSEL,0,0
cmp eax,LB_ERR
je @f
;判断是否有关键字被选中
invoke SendMessage,hListBox,LB_DELETESTRING,eax,0
invoke CloseHandle,dwFileHandle
invoke DeleteFile,offset szFilterFile
invoke CreateFile,offset szFilterFile,GENERIC_ALL,NULL,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL
mov dwFileHandle1,eax
invoke SendMessage,hListBox,LB_GETCOUNT,0,0
xor ecx,ecx
.while eax>0
dec eax
push eax
push ecx
invoke RtlZeroMemory,offset dbKey,20
pop ecx
push ecx
invoke SendMessage,hListBox,LB_GETTEXT,ecx,offset dbKey
invoke WriteFile,dwFileHandle1,offset dbKey,eax,offset dwTemp,NULL
invoke WriteFile,dwFileHandle1,offset wKEY,2,offset dwTemp,NULL
pop ecx
pop eax
inc ecx
.endw
;如果有关键字被选中,则将其从ListBox中删除,并更新关键字文件的内容
jmp @noerror
@@:
invoke MessageBox,hWnd,offset szErrorNoSel,offset szTitle,MB_OK or MB_ICONERROR
;如果没有关键字被选中,则显示错误信息
@noerror:
.endif


.elseif uMsg==WM_CLOSE
invoke CloseHandle,dwFileHandle
invoke EndDialog,hWnd,0
.elseif uMsg==WM_TIMER
.if wParam==1
.if bFlag==0
inc bFlag
lea esi,szOurSite
.else
dec bFlag
lea esi,szTitle
.endif
invoke SetWindowText,hWnd,esi
;根据bFlag的值来设置主窗体的标题
.elseif wParam==2
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
invoke SendMessage,hListBox,LB_GETCOUNT,0,0
xor ecx,ecx
.while eax>0
dec eax
push eax
push ecx
invoke RtlZeroMemory,offset dbKey,20
pop ecx
push ecx
invoke SendMessage,hListBox,LB_GETTEXT,ecx,offset dbKey
xor eax,eax
@@:
invoke FindWindowEx,NULL,eax,NULL,NULL
test eax,eax
jz @f
push eax
invoke GetWindowText,eax,offset dbTemp,MAX_PATH
invoke IsIn,offset dbTemp,offset dbKey
test eax,eax
jz @not
pop eax
push eax
invoke GetWindowThreadProcessId,eax,offset dwTemp
invoke OpenProcess,PROCESS_ALL_ACCESS,NULL,dwTemp
invoke TerminateProcess,eax,0
@not:
pop eax
jmp @b
@@:
pop ecx
inc ecx
pop eax
.endw
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;以上为程序核心代码,原理就是通过FindWindowEx枚举窗体,然后使用GetWindowText
;函数获取窗体标题,再通过调用自定义的IsIn函数来判断关键字是否包含在窗体的标
;题中,如果包含于,则使用TerminateProcess函数结束之
.endif
.elseif uMsg==WM_HOTKEY
invoke ShowWindow,hWnd,SW_SHOWNORMAL
;呼出被隐藏的窗体
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
DlgProc endp

;IsIn函数的过程是判断地址dwTarget中的字符串是否
;包含于地址dwAddress中的字符串,如果包含于,eax=1
;否则eax=0
IsIn proc dwAddress:DWORD,dwTarget:DWORD
local dwRet:DWORD
pushad
mov esi,dwTarget
@@:
mov al,[esi]
test al,al
jz @f
inc esi
jmp @b
@@:
mov ecx,esi
mov esi,dwTarget
mov edi,dwAddress
@continue:
mov al,[edi]
test al,al
jz @finish
cmp [esi],al
je @match
inc edi
jmp @continue
@match:
inc esi
inc edi
mov al,[esi]
test al,al
jz @finish
cmp al,[edi]
je @match
dec esi
jmp @continue
@finish:
xor eax,eax
cmp ecx,esi
sete al
mov dwRet,eax
popad
mov eax,dwRet
ret
IsIn endp

end start


simple.rc

#define IDC_LIST 1001
#define IDC_ADD 1002
#define IDC_EDT1 1003
#define IDC_DEL 1004
#define IDC_STATE 1005
#define IDC_HIDE 1006
#define IDC_ABOUT 1007
#define IDC_EXIT 1008
#define IDC_STC1 1
#include "/masm32/include/resource.h"
MAIN_DIALOG DIALOGEX 6,5,180,153
CAPTION "简易网页监控程序"
FONT 8,"MS Sans Serif",0,0
STYLE 0x10CA0800
BEGIN
CONTROL "",IDC_LIST,"ListBox",0x50310141,8,42,86,107,0x00000200
CONTROL "增加关键字",IDC_ADD,"Button",0x50010000,114,14,54,13
CONTROL "",IDC_EDT1,"Edit",0x50010000,8,16,85,11,0x00000200
CONTROL "删除关键字",IDC_DEL,"Button",0x50010000,114,33,54,13
CONTROL "开始监控",IDC_STATE,"Button",0x50010000,114,59,54,13
CONTROL "隐藏运行",IDC_HIDE,"Button",0x50010000,114,83,54,13
CONTROL "关于程序",IDC_ABOUT,"Button",0x50010000,114,107,54,13
CONTROL "退出",IDC_EXIT,"Button",0x50010000,114,131,54,13
CONTROL "关键字列表",IDC_STC1,"Static",0x50000000,10,31,46,8
END




<<<上一篇
欢迎访问AoGo汇编小站:http://www.aogosoft.com
下一篇>>>