能力值:
( LV2,RANK:10 )
|
-
-
2 楼
我写的代码如下: 哪位大虾看下错在哪?
.data
add1 dd ?
add2 dd ?
add3 dd ?
k32 db "kernel32.dll",0
EP db "ExitProcess",0
DF db "DeleteFileA",0
UM db UnmapViewOfFile",0
hk32 dd ?
.code
main:
mov ebp,esp
sub esp,200h
push 0
call GetModuleHandleA ;pModule=NULL
mov [ebp-4h],eax
push 104h ;BufSize=104h
lea eax,[ebp-108h]
push eax ;PathBuffer
mov ecx,[ebp-4h]
push ecx ;hModule
call GetModuleFileNameA
push 4 ;hObject=00000004
call CloseHandle
invoke GetModuleHandle,addr k32
mov hk32,eax
invoke GetProcAddress,hk32,addr EP
mov add1,eax
mov hk32,eax
invoke GetProcAddress,hk32,addr DF
mov add2,eax
mov hk32,eax
invoke GetProcAddress,hk32,addr UM
mov add3,eax
lea eax,[ebp-108h]
push 0
push 0
push eax
push add1
push dword ptr [ebp-4h]
push add2
push add3
retn
end main
|
能力值:
( LV10,RANK:170 )
|
-
-
3 楼
1.创建一个Bat进行自删除.
2.创建一个远程线程.
|
能力值:
( LV8,RANK:130 )
|
-
-
4 楼
对啊~
我反了部分木马都是创建.bat的
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
那位顺手发个创建bat源码
|
能力值:
( LV9,RANK:1130 )
|
-
-
6 楼
crackme区有,我见过
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
procedure DelMe;
var
f:TextFile;
begin
assignfile(f,'del.bat');
rewrite(f);
WriteLn(F, 'del "' + ParamStr(0) + '"');
writeln(f,'del %0');
closefile(f);
winexec('del.bat',SW_HIDE);
end;
|
能力值:
( LV2,RANK:10 )
|
-
-
8 楼
在bat里放循环 直到删除
|
能力值:
( LV2,RANK:10 )
|
-
-
9 楼
procedure DelMe; var f:TextFile; begin assignfile(f,'del.bat'); rewrite(f); WriteLn(F, 'del "' + ParamStr(0) + '"'); writeln(f,'del %0'); closefile(f); winexec('del.bat',SW_HIDE); end;
谢谢雷锋给出的代码. 不用bat用我的发方法可以吗? 如果可以我到底哪里错了?
|
能力值:
(RANK:1130 )
|
-
-
10 楼
bat内容样本
:try
del "E:\病毒样本\qq2007.3.26\KnQQ3.26.exe"
if exist "E:\病毒样本\qq2007.3.26\KnQQ3.26.exe" goto try
del %0
|
|
|