杀毒软件源代码

整理文档很辛苦,赏杯茶钱您下走!

免费阅读已结束,点击下载阅读编辑剩下 ...

阅读已结束,您可以下载文档离线阅读编辑

资源描述

#includeFunDef.hintmain(intargc,char*argv[]){if(argc==1){Usage(argv[0]);return0;}if(!(ScanFileVXER(argv[1]))){printf(ScanFileVXER()GetLastErrorreports%d\n,erron);return0;}if(!(ProcessVXER())){printf(Processes()GetLastErrorreports%d\n,erron);return0;}if(!(RegDelVXER())){printf(RegDelVXER()GetLastErrorreports%d\n,erron);return0;}return0;}BOOLScanFileVXER(char*FileName){intcount=LOW;WIN32_FIND_DATAFindFileData;HANDLEhFind;BOOLreturnvalue=FALSE;DWORDlpBufferLength=HIGH;charlpBuffer[HIGH]={LOW};charDirBuffer[MAX_PATH];longFileOffset=0x1784;//偏移地址intFileLength=0x77;//长度unsignedcharContents[]={0x49,0x20,0x6A,0x75,0x73,0x74,0x20,0x77,0x61,0x6E,0x74,0x20,0x74,0x6F,0x20,0x73,0x61,0x79,0x20,0x4C,0x4F,0x56,0x45,0x20,0x59,0x4F,0x55,0x20,0x53,0x41,0x4E,0x21,0x21,0x20,0x62,0x69,0x6C,0x6C,0x79,0x20,0x67,0x61,0x74,0x65,0x73,0x20,0x77,0x68,0x79,0x20,0x64,0x6F,0x20,0x79,0x6F,0x75,0x20,0x6D,0x61,0x6B,0x65,0x20,0x74,0x68,0x69,0x73,0x20,0x70,0x6F,0x73,0x73,0x69,0x62,0x6C,0x65,0x20,0x3F,0x20,0x53,0x74,0x6F,0x70,0x20,0x6D,0x61,0x6B,0x69,0x6E,0x67,0x20,0x6D,0x6F,0x6E,0x65,0x79,0x20,0x61,0x6E,0x64,0x20,0x66,0x69,0x78,0x20,0x79,0x6F,0x75,0x72,0x20,0x73,0x6F,0x66,0x74,0x77,0x61,0x72,0x65,0x21,0x21};//具体内容,十六进制//获取系统目录的完整路径if(GetSystemDirectory(DirBuffer,lpBufferLength)!=LOW){if(SetCurrentDirectory(DirBuffer)!=LOW)//设置为当前目录{hFind=FindFirstFile(FileName,&FindFileData);//查找文件if(hFind==INVALID_HANDLE_VALUE){printf(FindFirstFile()GetLastErrorreports%d\n,erron);FindClose(hFind);returnreturnvalue;}else{count++;//获得文件的完整路径if(GetFullPathName(FindFileData.cFileName,lpBufferLength,lpBuffer,NULL)!=LOW)printf(FilePath:%s\n,lpBuffer);else{printf(GetFullPathName()GetLastErrorreports%d\n,erron);FindClose(hFind);returnreturnvalue;}}//进行特征码的匹配工作ScanVXER(FindFileData.cFileName,FileOffset,FileLength,Contents);}}while(FindNextFile(hFind,&FindFileData))//继续查找文件{count++;//以.和..除外if(strcmp(.,FindFileData.cFileName)==LOW||strcmp(..,FindFileData.cFileName)==LOW){printf(Filenoinclude\.\and\..\\n);exit(0);}if(GetFullPathName(FindFileData.cFileName,lpBufferLength,lpBuffer,NULL)!=LOW)printf(NextFilePath:%s\n,lpBuffer);else{printf(GetFullPathName()GetLastErrorreports%d\n,erron);FindClose(hFind);exit(0);}ScanVXER(FindFileData.cFileName,FileOffset,FileLength,Contents);}printf(FileTotal:%d\n,count);//打印出查找到的文件各数FindClose(hFind);//关闭搜索句柄returnvalue=TRUE;returnreturnvalue;}BOOLScanVXER(char*V_FileName,//文件名longV_FileOffset,//偏移地址intV_Length,//长度void*V_Contents)//具体内容{intcmpreturn=LOW;charFileContents[HIGH]={LOW};BOOLreturnvalue=FALSE;FILE*fp=NULL;fp=fopen(V_FileName,rb);//以二进制只读方式打开if(fp==NULL){printf(FileopenFAIL\n);fclose(fp);returnreturnvalue;}fseek(fp,V_FileOffset,SEEK_SET);//把文件指针指向特征码在文件的偏移地址处fread(FileContents,V_Length,1,fp);//读取长度为特征码长度的内容cmpreturn=memcmp(V_Contents,FileContents,V_Length);//进行特征码匹配。失败返回FALSEif(cmpreturn==LOW){printf(FileMatchcompletely\n);//打印文件匹配消息strcpy(name,V_FileName);//将文件名保存在全局变量name中exit(0);}elsereturnvalue=FALSE;}BOOLProcessVXER(void){DWORDlpidProcess[1024],cbNeeded_1,cbNeeded_2;HANDLEhProc;HMODULEhMod[1024];charProcFile[MAX_PATH];charFileName[FIVE]={LOW};BOOLreturnvalue=FALSE;intPcount=LOW;inti;EnablePrivilege(SE_DEBUG_NAME);//提升权限//枚举进程if(!(EnumProcesses(lpidProcess,sizeof(lpidProcess),&cbNeeded_1))){printf(EnumProcesses()GetLastErrorreports%d\n,erron);return0;}for(i=LOW;i(int)cbNeeded_1/4;i++){//打开找到的第一个进程hProc=OpenProcess(PROCESS_ALL_ACCESS,FALSE,lpidProcess[i]);if(hProc){//枚举进程模块if(EnumProcessModules(hProc,hMod,sizeof(hMod),&cbNeeded_2)){//枚举进程模块文件名,包含全路径if(GetModuleFileNameEx(hProc,hMod[0],ProcFile,sizeof(ProcFile))){printf([%5d]\t%s\n,lpidProcess[i],ProcFile);//输出进程//可以考虑将其注释掉,这样就不会输出进程列表了Pcount++;strcpy(FileName,C:\\WINNT\\system32\\);strcat(FileName,name);//把文件名+路径复制到FileName变量中//查找进程中是否包含FileNameif(strcmp(FileName,ProcFile)==LOW){//如果包含,则杀掉。KillProc为自定义的杀进程函数if(!(KillProc(lpidProcess[i]))){printf(KillProc()GetLastErrorreports%d\n,erron);CloseHandle(hProc);exit(0);}DeleteFile(FileName);//进程杀掉后,再将文件删除}}}}}CloseHandle(hProc);//关闭进程句柄printf(\nProcesstotal:%d\n,Pcount);//打印进程各数returnvalue=TRUE;return0;}BOOLKillProc(DWORD*ProcessID){HANDLEhProc;BOOLreturnvalue=FALSE;//打开由ProcessVXER传递的进程PIDhProc=OpenProcess(PROCESS_ALL_ACCESS,FALSE,ProcessID);if(hProc){//终止进程if(!(TerminateProcess(hProc,0))){printf(TerminateProcessGetLastErrorreports%d\n,erron);returnreturnvalue;}}CloseHandle(hProc);returnvalue=TRUE;returnreturnvalue;}BOOLEnablePrivilege(PCHARPrivilegeName){HANDLEhProc,hToken;TOKEN_PRIVILEGESTP;hProc=GetCurrentProcess();//打开进程的一个伪句柄if(!OpenProcessToken(hProc,TOKEN_ADJUST_PRIVILEGES,&hToken)){returnFALSE;}if(!LookupPrivilegeValue(NULL,PrivilegeName,&TP.Privileges[0].Luid)){CloseHandle(hToken);returnFALSE;}TP.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;TP.PrivilegeCount=1;if(!AdjustTokenPrivileges(hToken,FALSE,&TP,sizeof(TP),0,0)){CloseHandle(hToken);returnFALSE;}CloseHandle(hToken);returnTRUE;}intRegDelVXER(void){HKEYhkey;DWORDret=LOW;//打开注册表的Run项ret=RegOpenKeyEx(HKEY_LOCAL_MACHINE,SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\

1 / 8
下载文档,编辑使用

©2015-2020 m.777doc.com 三七文档.

备案号:鲁ICP备2024069028号-1 客服联系 QQ:2149211541

×
保存成功