基于Windows8与Visual Studio2012实现杀毒通用模块


创建第一个Windows8应用程序,

基于Windows8与Visual Studio2012实现杀毒通用模块_第1张图片

Visual Studio 11效果如下

基于Windows8与Visual Studio2012实现杀毒通用模块_第2张图片

设计下列控件

基于Windows8与Visual Studio2012实现杀毒通用模块_第3张图片

针对程序进行命名

基于Windows8与Visual Studio2012实现杀毒通用模块_第4张图片



按钮插入下列代码实现杀毒,实现卸载驱动,删除文件,删除注册表,请见代码注释


WCHAR path[100];

		//	需要删除的系统驱动及文件
		WCHAR DeviceName[2][50] = {	{"\\\\.\\slHBKernel"},
									{"\\\\.\\slHBKernel32"}	};

		WCHAR ServiceName[2][50] = {	{"HBKernel"},
									{"HBKernel32"}	};

		WCHAR FileName[2][50] = {	{"\\drivers\\HBKernel.sys"},
									{"\\drivers\\HBKernel32.sys"}	};

		for ( int i=0; i<2; i++ )
		{
			HANDLE hDevice = CreateFile(	DeviceName[i], 
											GENERIC_READ|GENERIC_WRITE,
											0,
											NULL,
											OPEN_EXISTING,
											0,
											NULL 
										);
			
			DWORD dLen;
			BOOL Driver_DEL = DeviceIoControl(
												hDevice,
												0x22E003,
												NULL,
												0,
												NULL,
												0,
												&dLen,
												NULL
											);
			CloseHandle(hDevice);

			if ( Driver_DEL==TRUE )
			{
				printf("Virus Device Driver %s has been unloaded...\n",  DeviceName[i]);
			}

			SC_HANDLE scm = OpenSCManager(0, 0, 0x0F003F);
			SC_HANDLE service = OpenService(scm, ServiceName[i], SERVICE_ALL_ACCESS|DELETE); 
			if ( service!=NULL )
			{
				if ( ControlService(service, 1, NULL) )
				{
					printf("The %s service has been stopped...\n", ServiceName[i]);
				}

				if ( DeleteService(service) )
				{
					printf("The %s file has been removed from the SCM...\n", ServiceName[i]);
				}
			}
			CloseServiceHandle(service);
			CloseServiceHandle(scm);
		
			GetSystemDirectory(path, 100);
			lstrcat(path, FileName[i]);
			if ( DeleteFile(path) )
			{
				printf("The %s file has been removed from the Disk...\n", FileName[i]);
			}
		
		}
		//	关闭HBInject程序的窗口
		HWND hWnd = FindWindow(NULL, "HBInject");		
		if ( hWnd!=NULL )
		{
			SendMessage(hWnd, 0x10, NULL, NULL);
		}

			
		//	需要删除的文件
		WCHAR files[][20] =	{	{"\\explore.exe"},
								{"\\HBmhly.dll"},
								{"\\System.exe"},
								{"\\HBWOW.dll"},
								{"\\Update.dat"}
							};
									
		for ( int j=0; j<5; j++ )
		{
			GetSystemDirectory(path, 100);
			lstrcat(path, files[j]);
			if ( DeleteFile(path) )
			{
				printf("The file %s has been removed from the Disk...\n", path);
			}
		}

		//	需要删除的注册表键值
		HKEY key = NULL;
		if ( ERROR_SUCCESS==RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_ALL_ACCESS, &key) )
		{
			if ( RegDeleteValue(key, "HBService")==ERROR_SUCCESS )
			{
				printf("The HBService has been removed from the Registry...\n");
			}

			if ( RegDeleteValue(key, "HBService32")==ERROR_SUCCESS )
			{
				printf("The HBService32 has been removed from the Registry...\n");
			}
		}




你可能感兴趣的:(windows,service,Microsoft,null,Access,Path)