Description: 一个用C语言写病毒的简单例子,结合了C语言和win编程,代码后有一段注释,能看出用c写病毒的模型。此源码系转载+少许改动。-A virus using C language to write a simple example, a combination of C programming language and win, the Notes section of code has to be seen with c write virus model. This source is reproduced Department+ Little change. Platform: |
Size: 4096 |
Author: |
Hits:
Description: 总体下来,能查杀exe文件夹病毒文件,但无法清除它在c:\F10S 目录下的 ctfmon.exe 与 svchost.exe 和它生成的启动组的快捷方式。
由于条件的限制,我也乏天回术。它将自己的句柄写入到 系统关键的进程 winlogon 中。
源码中有个UnLocker的类、本来想清掉它的句柄删除文件,但是发生个很无奈的 0xC0000005(STATUS_ACCESS_VIOLATION)错误。最后我很无耻的放弃了。
另外 附加 LPK查杀。基本上它创建的服务,打开的进程,注入的线程,文件都能查杀。
源码中有个SysService类。用来枚举系统服务的、测试过程中发生个未知的错误。
无奈之下也无耻的放弃了。最后使用了CMD的SC命令来卸载服务。-Overall down, killing exe folder virus file, but you can not clear it in the c: \ F10S directory, the ctfmon.exe and the svchost.exe and it generates the Startup group shortcut. Due to constraints, I also spent days back surgery. It write your own handle to the key process winlogon. A UnLocker class in the source code, originally wanted cleared its handle to delete files, but are helpless of 0xC0000005 (STATUS_ACCESS_VIOLATION) of errors occurred. Finally, I am shameless abandon. Addition additional LPK killing. Basically it created the service, open process, injected threads, files can be killing. Source in SysService class. Services used to enumerate the system, unknown error occurred during the test. In desperation shameless abandon. Finally, use the CMD SC command to uninstall the service. Platform: |
Size: 658432 |
Author:猪蹄 |
Hits: