再网上看见了delphi木马生成器的生成相关文章,我就做了一下测试,,效果不错,写下来以后用
分成几个步骤
1,写服务端代码,留下要写入的字段等
2,生成资源文件res
3,写客户端源码,引入资源文件,生成服务端。
服务端源码
unit zichengxu;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
TForm1 = class(TForm)
lbl1: TLabel;
btn1: TButton;
procedure FormCreate(Sender: TObject);
procedure btn1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
qq: string ='138029200';
frmname:string ='xxxx';
implementation
{$R *.dfm}
procedure TForm1.btn1Click(Sender: TObject);
begin
Close
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
lbl1.caption:=string(qq);
Form1.caption:=string(frmname);
end;
end.
rc文件的源码,用于生成res资源文件
test RCDATA Project1.exe
到这里,基本就完成了服务端的编写,右键点击rc文件,选择“用delphi7编译”就能生成res资源文件了。
使用winhex打开Project1.exe,查找生成时需要修改的文件地址,用于生成时修改变量。
搜索定位符“138029200”找到地址并转换为10进制填写到客户端源码中。
客户端源码
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
const OFFSET_qq = 1734324;
type
TForm1 = class(TForm)
edt1: TEdit;
btn1: TButton;
edt2: TEdit;
procedure btn1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
{$R test.res}
procedure TForm1.btn1Click(Sender: TObject);
var
WriteBuff, ziyuanzhizhen: PChar;
ziyuanweizhi: HRSRC;
ziyuandaxiao, BytesWritten: Longword;
shujuchulijubing: THandle;
shenqingzhizhen: THandle;
qq:string;
begin
qq:=trim(Edt1.Text);
//端口为edit4的文字
ziyuanweizhi := FindResource(HInstance, 'test', RT_RCDATA); //资源指针为寻找到的资源'fuwuduan'(就是我先说的标识符)
ziyuandaxiao := SizeofResource(HInstance, ziyuanweizhi);//资源大小
shujuchulijubing := LoadResource(HInstance, ziyuanweizhi); //数据处理句炳
ziyuanzhizhen := LockResource(shujuchulijubing);//资源指针
shenqingzhizhen := CreateFile(pchar('myqq.exe'), GENERIC_WRITE, FILE_SHARE_WRITE, nil, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
WriteFile(shenqingzhizhen, ziyuanzhizhen^, ziyuandaxiao, BytesWritten, nil);//写文件
Sleep(100);
SetFilePointer(shenqingzhizhen, OFFSET_qq, nil, FILE_BEGIN);//重定位指针
WriteBuff := PChar(qq + StringOfChar(#0,65 - Length(qq)));//要写的数据
WriteFile(shenqingzhizhen, WriteBuff^, 65, BytesWritten, nil);//再次修改文件
CloseHandle(shenqingzhizhen);//关闭资源
end;
end.
参考文章
http://www.myhack58.com/Article/html/3/68/2007/16334.htm
http://blog.csdn.net/fkedwgwy/article/details/4069898
© 版权声明
文章版权归作者所有,未经允许请勿转载。
