基于Windows8与Visual Studio2012实现杀毒通用模块
来源:互联网 发布:mysql 压缩包 root密码 编辑:程序博客网 时间:2024/05/23 11:53
创建第一个Windows8应用程序,
Visual Studio 11效果如下
设计下列控件
针对程序进行命名
按钮插入下列代码实现杀毒,实现卸载驱动,删除文件,删除注册表,请见代码注释
WCHAR path[100];//需要删除的系统驱动及文件WCHAR DeviceName[2][50] = {{"\\\\.\\slHBKernel"},{"\\\\.\\slHBKernel32"}};WCHAR ServiceName[2][50] = {{"HBKernel"},{"HBKernel32"}};WCHAR FileName[2][50] = {{"\\drivers\\HBKernel.sys"},{"\\drivers\\HBKernel32.sys"}};for ( int i=0; i<2; i++ ){HANDLE hDevice = CreateFile(DeviceName[i], GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,0,NULL );DWORD dLen;BOOL Driver_DEL = DeviceIoControl(hDevice,0x22E003,NULL,0,NULL,0,&dLen,NULL);CloseHandle(hDevice);if ( Driver_DEL==TRUE ){printf("Virus Device Driver %s has been unloaded...\n", DeviceName[i]);}SC_HANDLE scm = OpenSCManager(0, 0, 0x0F003F);SC_HANDLE service = OpenService(scm, ServiceName[i], SERVICE_ALL_ACCESS|DELETE); if ( service!=NULL ){if ( ControlService(service, 1, NULL) ){printf("The %s service has been stopped...\n", ServiceName[i]);}if ( DeleteService(service) ){printf("The %s file has been removed from the SCM...\n", ServiceName[i]);}}CloseServiceHandle(service);CloseServiceHandle(scm);GetSystemDirectory(path, 100);lstrcat(path, FileName[i]);if ( DeleteFile(path) ){printf("The %s file has been removed from the Disk...\n", FileName[i]);}}//关闭HBInject程序的窗口HWND hWnd = FindWindow(NULL, "HBInject");if ( hWnd!=NULL ){SendMessage(hWnd, 0x10, NULL, NULL);}//需要删除的文件WCHAR files[][20] ={{"\\explore.exe"},{"\\HBmhly.dll"},{"\\System.exe"},{"\\HBWOW.dll"},{"\\Update.dat"}};for ( int j=0; j<5; j++ ){GetSystemDirectory(path, 100);lstrcat(path, files[j]);if ( DeleteFile(path) ){printf("The file %s has been removed from the Disk...\n", path);}}//需要删除的注册表键值HKEY key = NULL;if ( ERROR_SUCCESS==RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_ALL_ACCESS, &key) ){if ( RegDeleteValue(key, "HBService")==ERROR_SUCCESS ){printf("The HBService has been removed from the Registry...\n");}if ( RegDeleteValue(key, "HBService32")==ERROR_SUCCESS ){printf("The HBService32 has been removed from the Registry...\n");}}
- 基于Windows8与Visual Studio2012实现杀毒通用模块
- 基于Windows8与Visual Studio2012开发内核隐藏注册表
- 基于Visual Studio2012实现Windows8的metro界面笔迹手写识别文档
- [Win8]如何使用Visual Studio2012进行Windows8项目开发
- use Visual studio2012 development kernel to hidden process on Windows8
- [Win8]如何使用Visual Studio2012进行Windows8项目开发
- 基于Windows8与Visual Studio11开发第一个内核驱动程序
- 基于Windows8与Visual Studio11开发第一个ring3驱动程序
- 基于Windows8与Visual Studio11开发第一个Wdm驱动程序
- 基于Windows8与Visual Studio11开发第一个ring3驱动程序
- 用Visual studio2012在Windows8上开发内核驱动监视线程创建
- 用Visual studio2012在Windows8上开发内核驱动监视进程创建
- 用Visual studio2012在Windows8上开发内核中隐藏进程
- use Visual studio2012 developing kernel driver monitor thread creation on Windows8
- To kernel driver monitoring process developed in Windows8 create using Visual studio2012
- Visual Studio2012 配置问题
- visual studio2012常用快捷键
- visual studio2012 配置Opencv
- 区分shell内置命令
- IE中DIV的OverFlow和 CSSbug来兼容浏览器
- Linux查看硬件信息及驱动设备
- Android调用相机并将照片存储到sd卡上
- RFC6120——可扩展的消息和出席信息协议 (XMPP): 核心协议
- 基于Windows8与Visual Studio2012实现杀毒通用模块
- sql server 插入 重复列 解决办法
- PRC、RPC service、NFS server详解
- Delphi GDI+ 安装方法
- php进制转换
- 立体匹配
- 如何在sd卡上创建文件夹
- exit() _exit()
- centos 忘记用户名和密码