Deliver high scores-> edit the .exe file to restore the file that is infected with virus.

Source: Internet
Author: User
Deliver high scores-> edit the .exe file to restore the file that is infected with virus. Delphi/Windows SDK/API
Unfortunately, I am poisoned. Infected with the full .exe Program Files And. scr screensaver files. These files cannot be used after virus removal.

However, when I used a 16-byte editing tool to compare the infected and uninfected files, I found that this virus only adds the same 61347 bytes of data before my .exe and. SCR files. After deleting these 61347 bytes, you can restore them to the original usable files. It is not a solution to change one by one in the hexadecimal editor.
Please use delphito compile a program that can open and modify the .exe and. SCR files.

Open, modify, save, and compare.

High score !!! Thank you !!!

The landlord is also preparing for virus attacks. How can this problem be solved?


Dizzy attention ~~~

File modification methods
1. memory stream
2 Delphi internal functions
3. API
We recommend that you use the memory stream for modification.

It seems that I cannot post a post at the beginning. Sorry, the landlord.
I can't post the post here. Please help me by passing.
The problem is that when the SQL statement is selected, it is 0.80185000, but when memo is printed out in fastreport, how can we get 0.8018? The last three won't. Thank you, younger brother.

This virus is an amateur task. You can write yourself to the front.

Tfilestream is ready for use. Examples are provided in the help documentation.

Then, run the first few bytes of the file before running the following ??????

Dizzy !!!!!! A little interesting !!!!!


The virus solution does not mean that the previous redundant bytes are all done. The virus has modified the entrance and exit of the program running, the file length, etc. Otherwise, how does the virus attack and how is the virus infected? I have studied and successfully removed the file infectious virus in DOS before. I have not studied the virus in windows, but the principle should be the same.

You are not going to get into Weijin. It seems that the symptoms are a bit like that, and all the EXE files are finished!

Maozefa (AFA)
He said that he can manually remove the front, and what file headers are not at the end of the file.

As I said
Search all EXE files on the hard disk,
Put it in the memory stream, copy the part after the 61347 bytes and write it back to the file.

I rely on it. It's the same as mine, but I have done it! Haha
I found all the anti-virus software, but I couldn't even kill it. Then, like the landlord, I studied the infected files and found that I added someCodeSo I wrote a purge and killed myself!
The Code is as follows:
Hope it will be useful to you!
Good luck!
Get rid of the virus!

Haha ~
Analyze it by yourself

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.