#define DEBUGMSG
#include <windows.h>
#include <windef.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include "Psapi.h"
#pragma comment (lib,"Psapi.lib")
#define erron GetLastError ()
#define FIVE 50
#define HIGH 255
TCHAR name[FIVE]={0}; //保存虫虫的文件名+路径
FILE *Gfp=NULL; //输出到文件
BOOL ScanVXER (LPTSTR V_FileName,long V_FileOffset,int V_Length,TCHAR *V_Contents);
//匹配特征码函数
BOOL ScanFileVXER (LPTSTR FileName);
//文件遍历函数
BOOL ProcessVXER (void);
//枚举进程函数
BOOL KillProc (DWORD ProcessID);
//杀进程函数
BOOL EnablePrivilege(LPTSTR PrivilegeName);
//提升权限函数
BOOL RegDelVXER (void);
//删除注册表项函数
void Usage (LPCTSTR Parameter);
//帮助函数
int main (int argc, TCHAR *argv[])
{
if (argc!=2)
{
Usage(argv[0]);
return 0;
}
#ifdef DEBUGMSG
Gfp=fopen("VXER.txt","a+");
if (Gfp==NULL)
{
printf("Open /"VXER.txt/" fail/n");
return 0;
}
fprintf(Gfp,"%s/n/n","[-------------------------File list-------------------------]");
#endif
if (strlen(argv[1])>10)
{
printf("Fine name no larger than /"10/"/n");
return 0;
}
if (!(ScanFileVXER(argv[1])))
{
#ifdef DEBUGMSG
printf("ScanFileVXER() GetLastError reports %d/n",erron);
#endif
fclose(Gfp);
return 0;
}
if (!(ProcessVXER()))
{
#ifdef DEBUGMSG
printf("ProcessesVXER() GetLastError reports %d/n",erron);
#endif
fclose(Gfp);
return 0;
}
if (!(RegDelVXER()))
{
#ifdef DEBUGMSG
printf("RegDelVXER() GetLastError reports %d/n",erron);
#endif
fclose(Gfp);
return 0;
}
fclose(Gfp);
return 0;
}
BOOL ScanFileVXER (LPTSTR FileName)
{
WIN32_FIND_DATA FindFileData;
DWORD lpBufferLength=HIGH;
TCHAR lpBuffer[HIGH]={0};
TCHAR DirBuffer[HIGH]={0};
HANDLE hFind=NULL;
UINT count=0;
long FileOffset=0x1784; //偏移地址
int FileLength=0x77; //长度
TCHAR Contents[]={
0x49, 0x20, 0x6A, 0x75, 0x73, 0x74, 0x20, 0x77, 0x61, 0x6E, 0x74, 0x20, 0x74, 0x6F, 0x20, 0x73,
0x61, 0x79, 0x20, 0x4C, 0x4F, 0x56, 0x45, 0x20, 0x59, 0x4F, 0x55, 0x20, 0x53, 0x41, 0x4E, 0x21,
0x21, 0x20, 0x62, 0x69, 0x6C, 0x6C, 0x79, 0x20, 0x67, 0x61, 0x74, 0x65, 0x73, 0x20, 0x77, 0x68,
0x79, 0x20, 0x64, 0x6F, 0x20, 0x79, 0x6F, 0x75, 0x20, 0x6D, 0x61, 0x6B, 0x65, 0x20, 0x74, 0x68,
0x69, 0x73, 0x20, 0x70, 0x6F, 0x73, 0x73, 0x69, 0x62, 0x6C, 0x65, 0x20, 0x3F, 0x20, 0x53, 0x74,
0x6F, 0x70, 0x20, 0x6D, 0x61, 0x6B, 0x69, 0x6E, 0x67, 0x20, 0x6D, 0x6F, 0x6E, 0x65, 0x79, 0x20,
0x61, 0x6E, 0x64, 0x20, 0x66, 0x69, 0x78, 0x20, 0x79, 0x6F, 0x75, 0x72, 0x20, 0x73, 0x6F, 0x66,
0x74, 0x77, 0x61, 0x72, 0x65, 0x21, 0x21};
//从冲击波中提取出来的,用做特征码
//获取系统目录的完整路径
if (GetSystemDirectory(DirBuffer,lpBufferLength)!=0)
{
if (SetCurrentDirectory(DirBuffer)!=0) //设置为当前目录
{
hFind=FindFirstFile(FileName,&FindFileData); //查找文件
if (hFind==INVALID_HANDLE_VALUE)
{
#ifdef DEBUGMSG
printf("FindFirstFile() GetLastError reports %d/n",erron);
#endif
if (hFind!=NULL)
FindClose(hFind);
return FALSE;
}
else
{
count++;
//获得文件的完整路径
if (GetFullPathName(FindFileData.cFileName,lpBufferLength,lpBuffer,NULL)!=0)
{
#ifdef DEBUGMSG
fprintf(Gfp,"File:/t/t%s/n",lpBuffer);
#else
printf("File:/t/t%s/n",lpBuffer);
#endif
}
else
{
#ifdef DEBUGMSG
printf("GetFullPathName() GetLastError reports %d/n",erron);
#endif
if (hFind!=NULL)
FindClose(hFind);
return FALSE;
}
}
//进行特征码匹配工作
ScanVXER(FindFileData.cFileName,FileOffset,FileLength,Contents);
}
}
while (FindNextFile(hFind,&FindFileData)) //继续查找文件
{
count++;
//以"."和".."除外
if (strcmp(".",FindFileData.cFileName)==0||strcmp("..",FindFileData.cFileName)==0)
{
#ifdef DEBUGMSG
printf("File no include /"./" and /"../"/n");
#endif
if (hFind!=NULL)
FindClose(hFind);
fclose(Gfp);
exit(0);
}
if (GetFullPathName(FindFileData.cFileName,lpBufferLength,lpBuffer,NULL)!=0)
{
#ifdef DEBUGMSG
fprintf(Gfp,"Next File:/t%s/n",lpBuffer);
#else
printf("Next File:/t%s/n",lpBuffer);
#endif
}
else
{
#ifdef DEBUGMSG
printf("GetFullPathName() GetLastError reports %d/n",erron);
#endif
if (hFind!=NULL)
FindCl
清除病毒代码
最新推荐文章于 2024-06-11 11:11:00 发布