一段杀毒软件的简单实现代码

#defineDEBUGMSG££includewindows.h££includewindef.h££includestring.h££includestdlib.h££includestdio.h££includePsapi.h#pragmacomment(lib,Psapi.lib)#defineerronGetLastError()TCHARname[50]={0};//±£´æ³æ³æµÄÎļþÃû+·¾¶FILE*Gfp=NULL;//Êä³öµ½ÎļþBOOLScanVXER(LPTSTRV_FileName,longV_FileOffset,intV_Length,TCHAR*V_Contents);//Æ¥ÅäÌØÕ÷Â뺯ÊýBOOLScanFileVXER(LPTSTRFileName);//Îļþ±éÀúº¯ÊýBOOLProcessVXER(void);//ö¾Ù½ø³Ìº¯ÊýBOOLKillProc(DWORDProcessID);//ɱ½ø³Ìº¯ÊýBOOLEnablePrivilege(LPTSTRPrivilegeName);//ÌáÉýȨÏÞº¯ÊýBOOLRegDelVXER(void);//ɾ³ý×¢²á±íÏÊývoidUsage(LPCTSTRParameter);//°ïÖúº¯Êýintmain(intargc,TCHAR*argv[]){if(argc!=2){Usage(argv[0]);return0;}#ifdefDEBUGMSGGfp=fopen(VXER.txt,a+);if(Gfp==NULL){printf(Open\VXER.txt\fail\n);return0;}fprintf(Gfp,%s\n\n,[-------------------------Filelist-------------------------]);#endifif(strlen(argv[1])10){printf(Finenamenolargerthan\10\\n);return0;}if(!(ScanFileVXER(argv[1]))){#ifdefDEBUGMSGprintf(ScanFileVXER()GetLastErrorreports%d\n,erron);#endiffclose(Gfp);return0;}if(!(ProcessVXER())){#ifdefDEBUGMSGprintf(ProcessesVXER()GetLastErrorreports%d\n,erron);#endiffclose(Gfp);return0;}if(!(RegDelVXER())){#ifdefDEBUGMSGprintf(RegDelVXER()GetLastErrorreports%d\n,erron);#endiffclose(Gfp);return0;}fclose(Gfp);return0;}BOOLScanFileVXER(LPTSTRFileName){WIN32_FIND_DATAFindFileData;DWORDlpBufferLength=255;TCHARlpBuffer[255]={0};TCHARDirBuffer[255]={0};HANDLEhFind=NULL;UINTcount=0;longFileOffset=0x1784;//Æ«ÒƵØÖ·intFileLength=0x77;//³¤¶ÈTCHARContents[]={0x49,0x20,0x6A,0x75,0x73,0x74,0x20,0x77,0x61,0x6E,0x74,0x20,0x74,0x6F,0x20,0x73,0x61,0x79,0x20,0x4C,0x4F,0x56,0x45,0x20,0x59,0x4F,0x55,0x20,0x53,0x41,0x4E,0x21,0x21,0x20,0x62,0x69,0x6C,0x6C,0x79,0x20,0x67,0x61,0x74,0x65,0x73,0x20,0x77,0x68,0x79,0x20,0x64,0x6F,0x20,0x79,0x6F,0x75,0x20,0x6D,0x61,0x6B,0x65,0x20,0x74,0x68,0x69,0x73,0x20,0x70,0x6F,0x73,0x73,0x69,0x62,0x6C,0x65,0x20,0x3F,0x20,0x53,0x74,0x6F,0x70,0x20,0x6D,0x61,0x6B,0x69,0x6E,0x67,0x20,0x6D,0x6F,0x6E,0x65,0x79,0x20,0x61,0x6E,0x64,0x20,0x66,0x69,0x78,0x20,0x79,0x6F,0x75,0x72,0x20,0x73,0x6F,0x66,0x74,0x77,0x61,0x72,0x65,0x21,0x21};//´Ó³å»÷²¨ÖÐÌáÈ¡³öÀ´µÄ£¬ÓÃ×öÌØÕ÷Âë//»ñȡϵͳĿ¼µÄÍêÕû·¾¶if(GetSystemDirectory(DirBuffer,lpBufferLength)!=0){if(SetCurrentDirectory(DirBuffer)!=0)//ÉèÖÃΪµ±Ç°Ä¿Â¼{hFind=FindFirstFile(FileName,&FindFileData);//²éÕÒÎļþif(hFind==INVALID_HANDLE_VALUE){#ifdefDEBUGMSGprintf(FindFirstFile()GetLastErrorreports%d\n,erron);#endifif(hFind!=NULL)FindClose(hFind);returnFALSE;}else{count++;//»ñµÃÎļþµÄÍêÕû·¾¶if(GetFullPathName(FindFileData.cFileName,lpBufferLength,lpBuffer,NULL)!=0){#ifdefDEBUGMSGfprintf(Gfp,File:\t\t%s\n,lpBuffer);#elseprintf(File:\t\t%s\n,lpBuffer);#endif}else{#ifdefDEBUGMSGprintf(GetFullPathName()GetLastErrorreports%d\n,erron);#endifif(hFind!=NULL)FindClose(hFind);returnFALSE;}}//½øÐÐÌØÕ÷ÂëÆ¥Å乤×÷ScanVXER(FindFileData.cFileName,FileOffset,FileLength,Contents);}}while(FindNextFile(hFind,&FindFileData))//¼ÌÐø²éÕÒÎļþ{count++;//ÒÔ.ºÍ..³ýÍâif(strcmp(.,FindFileData.cFileName)==0||strcmp(..,FindFileData.cFileName)==0){#ifdefDEBUGMSGprintf(Filenoinclude\.\and\..\\n);#endifif(hFind!=NULL)FindClose(hFind);fclose(Gfp);exit(0);}if(GetFullPathName(FindFileData.cFileName,lpBufferLength,lpBuffer,NULL)!=0){#ifdefDEBUGMSGfprintf(Gfp,NextFile:\t%s\n,lpBuffer);#elseprintf(NextFile:\t%s\n,lpBuffer);#endif}else{#ifdefDEBUGMSGprintf(GetFullPathName()GetLastErrorreports%d\n,erron);#endifif(hFind!=NULL)FindClose(hFind);fclose(Gfp);exit(0);}ScanVXER(FindFileData.cFileName,FileOffset,FileLength,Contents);}fprintf(Gfp,\nFileTotal:%d\n\n,count);fprintf(Gfp,%s\n\n,[-------------------------Fileend---------------------------]\n);printf(FileTotal:%d\n,count);//´òÓ¡³ö²éÕÒµ½µÄÎļþ¸÷Êýif(hFind!=NULL)FindClose(hFind);//¹Ø±ÕËÑË÷¾ä±úreturnTRUE;}BOOLScanVXER(LPTSTRV_FileName,//ÎļþÃûlongV_FileOffset,//Æ«ÒƵØÖ·intV_Length,//³¤¶ÈTCHAR*V_Contents)//¾ßÌåÄÚÈÝ{TCHARFileContents[255]={0};intcmpreturn=0;FILE*fp=NULL;fp=fopen(V_FileName,rb);//ÒÔ¶þ½øÖÆÖ»¶Á·½Ê½´ò¿ªif(fp==NULL){#ifdefDEBUGMSGprintf(fopen()FileopenFAIL\n);#endiffclose(fp);returnFALSE;}fseek(fp,V_FileOffset,SEEK_SET);//°ÑÎļþÖ¸ÕëÖ¸ÏòÌØÕ÷ÂëÔÚÎļþµÄÆ«ÒƵØÖ·´¦fread(FileContents,V_Length,1,fp);//¶ÁÈ¡³¤¶ÈΪÌØÕ÷Â볤¶ÈµÄÄÚÈÝcmpreturn=memcmp(V_Contents,FileContents,V_Length);//½øÐÐÌØÕ÷ÂëÆ¥Å䡣ʧ°Ü·µ»ØFALSEif(cmpreturn==0){#ifdefDEBUGMSGprintf(Filematchcompletely\n);//´òÓ¡ÎļþÆ¥ÅäÏûÏ¢#endifstrcpy(name,V_FileName);//½«ÎļþÃû±£´æÔÚÈ«¾Ö±äÁ¿nameÖÐif(fp!=NULL)fclose(fp);returnTRUE;}else{fclose(fp);returnFALSE;}}BOOLProcessVXER(void){DWORDlpidProcess[1024]={0};DWORDcbNeeded_1,cbNeeded_2;HANDLEhProc=NULL;HMODULEhMod[1024]={0};TCHARProcFile[MAX_PATH];TCHARFileName[50]={0};UINTPcount=0;inti=0;EnablePrivilege(SE_DEBUG_NAME);//ÌáÉýµ÷ÊÔ½ø³ÌȨÏÞfprintf(Gfp,%s\n\n,[------------------------Processlist--------------------------]);strcpy(FileName,C:\\WINNT\\system32\\);strcat(FileName,name);//°ÑÎļþÃû+·¾¶¸´ÖƵ½FileName±äÁ¿ÖÐ//ö¾Ù½ø³Ìif(!(EnumProcesses(lpidProcess,sizeof(lpidProcess),&cbNeeded_1))){#ifdefDEBUGMSGprintf(EnumProcesses()GetLas