最近一个文件夹伪装病毒在同学的电脑内肆虐啊,动手写了一个小时就写不下去了。不想写清除部分,只有检测部分的代码,其实检测出来的时候,顺手就可以杀掉了。最近考试耗费的时间多,懒得写了,先弄这么多吧。以后有时间再说。
1 bool VirKiller::CheckVirExists(void)
2 {
3 dwNumOfDrives = GetLogicalDriveStrings(0, NULL)*sizeof(TCHAR);
4 if (dwNumOfDrives == 0)
5 {
6 ShowMessage(TEXT("无法获得驱动器信息,检测可能无法获得正确结果!"), TEXT("异常:"));
7 return false;
8 }
9
10 hHeap = GetProcessHeap();
11 lpDrivers = (LPWSTR)HeapAlloc(hHeap, HEAP_ZERO_MEMORY,dwNumOfDrives);
12 GetLogicalDriveStrings(HeapSize(hHeap, 0, lpDrivers), lpDrivers);
13
14 while (*lpDrivers != 0)
15 {
16 bool bIsExist = HideFileExist(lpDrivers, ScanVir);
17 if (bIsExist)
18 {
19 return bIsExist;
20 }
21
22 lpDrivers = _tcschr(lpDrivers, 0) + 1;
23 }
24
25 return false;
26 }
27
28
29 bool VirKiller::KillVirProc(void)
30 {
31 while (*lpDrivers != 0)
32 {
33 bool bIsExist = HideFileExist(lpDrivers, ScanVir);
34 if (bIsExist)
35 {
36 return bIsExist;
37 }
38
39 lpDrivers = _tcschr(lpDrivers, 0) + 1;
40 }
41
42 return false;
43 }
44
45 int VirKiller::ShowMessage(LPCTSTR lpContext, LPCTSTR lpTitle)
46 {
47 MessageBox(NULL, lpContext, lpTitle, MB_OK | MB_ICONINFORMATION);
48 return 0;
49 }
50
51 bool VirKiller::HideFileExist(LPWSTR lpDrive, method i)
52 {
53 CString strVirName;
54 CFileFind cVirFinder;
55
56 CString strWildcard(lpDrive);
57 strWildcard += _T("*.*");
58
59 BOOL bFile = cVirFinder.FindFile(strWildcard);
60 while(bFile)
61 {
62 bFile = cVirFinder.FindNextFile();
63
64 if (cVirFinder.IsDots())
65 continue;
66
67 if (cVirFinder.IsDirectory() && cVirFinder.IsHidden())
68 {
69 strVirName=cVirFinder.GetFilePath();
70 if("\\" == strVirName.Right(1))
71 {
72 strVirName = strVirName.Left(strVirName.GetLength()-1);
73 }
74
75 strVirName += ".exe";
76 //ShowMessage(strVirName,TEXT("FileName"));
77
78 if((_waccess(strVirName,0)) != -1)
79 {
80 //ShowMessage(TEXT("There is a virus in here!"),TEXT("IsExist"));
81 return true;
82 }
83 }
84 }
85
86 return false;
87 }
2 {
3 dwNumOfDrives = GetLogicalDriveStrings(0, NULL)*sizeof(TCHAR);
4 if (dwNumOfDrives == 0)
5 {
6 ShowMessage(TEXT("无法获得驱动器信息,检测可能无法获得正确结果!"), TEXT("异常:"));
7 return false;
8 }
9
10 hHeap = GetProcessHeap();
11 lpDrivers = (LPWSTR)HeapAlloc(hHeap, HEAP_ZERO_MEMORY,dwNumOfDrives);
12 GetLogicalDriveStrings(HeapSize(hHeap, 0, lpDrivers), lpDrivers);
13
14 while (*lpDrivers != 0)
15 {
16 bool bIsExist = HideFileExist(lpDrivers, ScanVir);
17 if (bIsExist)
18 {
19 return bIsExist;
20 }
21
22 lpDrivers = _tcschr(lpDrivers, 0) + 1;
23 }
24
25 return false;
26 }
27
28
29 bool VirKiller::KillVirProc(void)
30 {
31 while (*lpDrivers != 0)
32 {
33 bool bIsExist = HideFileExist(lpDrivers, ScanVir);
34 if (bIsExist)
35 {
36 return bIsExist;
37 }
38
39 lpDrivers = _tcschr(lpDrivers, 0) + 1;
40 }
41
42 return false;
43 }
44
45 int VirKiller::ShowMessage(LPCTSTR lpContext, LPCTSTR lpTitle)
46 {
47 MessageBox(NULL, lpContext, lpTitle, MB_OK | MB_ICONINFORMATION);
48 return 0;
49 }
50
51 bool VirKiller::HideFileExist(LPWSTR lpDrive, method i)
52 {
53 CString strVirName;
54 CFileFind cVirFinder;
55
56 CString strWildcard(lpDrive);
57 strWildcard += _T("*.*");
58
59 BOOL bFile = cVirFinder.FindFile(strWildcard);
60 while(bFile)
61 {
62 bFile = cVirFinder.FindNextFile();
63
64 if (cVirFinder.IsDots())
65 continue;
66
67 if (cVirFinder.IsDirectory() && cVirFinder.IsHidden())
68 {
69 strVirName=cVirFinder.GetFilePath();
70 if("\\" == strVirName.Right(1))
71 {
72 strVirName = strVirName.Left(strVirName.GetLength()-1);
73 }
74
75 strVirName += ".exe";
76 //ShowMessage(strVirName,TEXT("FileName"));
77
78 if((_waccess(strVirName,0)) != -1)
79 {
80 //ShowMessage(TEXT("There is a virus in here!"),TEXT("IsExist"));
81 return true;
82 }
83 }
84 }
85
86 return false;
87 }
生成的VirKiller类:
1 bool VirKiller::CheckVirExists(void)
2 {
3 dwNumOfDrives = GetLogicalDriveStrings(0, NULL)*sizeof(TCHAR);
4 if (dwNumOfDrives == 0)
5 {
6 ShowMessage(TEXT("无法获得驱动器信息,检测可能无法获得正确结果!"), TEXT("异常:"));
7 return false;
8 }
9
10 hHeap = GetProcessHeap();
11 lpDrivers = (LPWSTR)HeapAlloc(hHeap, HEAP_ZERO_MEMORY,dwNumOfDrives);
12 GetLogicalDriveStrings(HeapSize(hHeap, 0, lpDrivers), lpDrivers);
13
14 while (*lpDrivers != 0)
15 {
16 bool bIsExist = HideFileExist(lpDrivers, ScanVir);
17 if (bIsExist)
18 {
19 return bIsExist;
20 }
21
22 lpDrivers = _tcschr(lpDrivers, 0) + 1;
23 }
24
25 return false;
26 }
27
28 bool VirKiller::KillVirProc(void)
29 {
30 while (*lpDrivers != 0)
31 {
32 bool bIsExist = HideFileExist(lpDrivers, ScanVir);
33 if (bIsExist)
34 {
35 return bIsExist;
36 }
37
38 lpDrivers = _tcschr(lpDrivers, 0) + 1;
39 }
40
41 return false;
42 }
43
44 int VirKiller::ShowMessage(LPCTSTR lpContext, LPCTSTR lpTitle)
45 {
46 MessageBox(NULL, lpContext, lpTitle, MB_OK | MB_ICONINFORMATION);
47 return 0;
48 }
49
50 bool VirKiller::HideFileExist(LPWSTR lpDrive, method i)
51 {
52 CString strVirName;
53 CFileFind cVirFinder;
54
55 CString strWildcard(lpDrive);
56 strWildcard += _T("*.*");
57
58 BOOL bFile = cVirFinder.FindFile(strWildcard);
59 while(bFile)
60 {
61 bFile = cVirFinder.FindNextFile();
62
63 if (cVirFinder.IsDots())
64 continue;
65
66 if (cVirFinder.IsDirectory() && cVirFinder.IsHidden())
67 {
68 strVirName=cVirFinder.GetFilePath();
69 if("\\" == strVirName.Right(1))
70 {
71 strVirName = strVirName.Left(strVirName.GetLength()-1);
72 }
73
74 strVirName += ".exe";
75 //ShowMessage(strVirName,TEXT("FileName"));
76
77 if((_waccess(strVirName,0)) != -1)
78 {
79 //ShowMessage(TEXT("There is a virus in here!"),TEXT("IsExist"));
80 return true;
81 }
82 }
83 }
84
85 return false;
86 }
2 {
3 dwNumOfDrives = GetLogicalDriveStrings(0, NULL)*sizeof(TCHAR);
4 if (dwNumOfDrives == 0)
5 {
6 ShowMessage(TEXT("无法获得驱动器信息,检测可能无法获得正确结果!"), TEXT("异常:"));
7 return false;
8 }
9
10 hHeap = GetProcessHeap();
11 lpDrivers = (LPWSTR)HeapAlloc(hHeap, HEAP_ZERO_MEMORY,dwNumOfDrives);
12 GetLogicalDriveStrings(HeapSize(hHeap, 0, lpDrivers), lpDrivers);
13
14 while (*lpDrivers != 0)
15 {
16 bool bIsExist = HideFileExist(lpDrivers, ScanVir);
17 if (bIsExist)
18 {
19 return bIsExist;
20 }
21
22 lpDrivers = _tcschr(lpDrivers, 0) + 1;
23 }
24
25 return false;
26 }
27
28 bool VirKiller::KillVirProc(void)
29 {
30 while (*lpDrivers != 0)
31 {
32 bool bIsExist = HideFileExist(lpDrivers, ScanVir);
33 if (bIsExist)
34 {
35 return bIsExist;
36 }
37
38 lpDrivers = _tcschr(lpDrivers, 0) + 1;
39 }
40
41 return false;
42 }
43
44 int VirKiller::ShowMessage(LPCTSTR lpContext, LPCTSTR lpTitle)
45 {
46 MessageBox(NULL, lpContext, lpTitle, MB_OK | MB_ICONINFORMATION);
47 return 0;
48 }
49
50 bool VirKiller::HideFileExist(LPWSTR lpDrive, method i)
51 {
52 CString strVirName;
53 CFileFind cVirFinder;
54
55 CString strWildcard(lpDrive);
56 strWildcard += _T("*.*");
57
58 BOOL bFile = cVirFinder.FindFile(strWildcard);
59 while(bFile)
60 {
61 bFile = cVirFinder.FindNextFile();
62
63 if (cVirFinder.IsDots())
64 continue;
65
66 if (cVirFinder.IsDirectory() && cVirFinder.IsHidden())
67 {
68 strVirName=cVirFinder.GetFilePath();
69 if("\\" == strVirName.Right(1))
70 {
71 strVirName = strVirName.Left(strVirName.GetLength()-1);
72 }
73
74 strVirName += ".exe";
75 //ShowMessage(strVirName,TEXT("FileName"));
76
77 if((_waccess(strVirName,0)) != -1)
78 {
79 //ShowMessage(TEXT("There is a virus in here!"),TEXT("IsExist"));
80 return true;
81 }
82 }
83 }
84
85 return false;
86 }
暂时就写了那么多,也懒得写了。就此作罢,反正后面的工作也很简单了。杀进程,清文件,多了再清理下注册表就ok了。
