TA的每日心情 | 开心
2014-6-18 08:29 |
|---|
签到天数: 14 天 [LV.3]偶尔看看II
滴水大师
 
- 积分
- 2345
|
基于Windows8与Visual Studio2012实现杀毒通用模块
windowsservicenullpathmicrosoftaccess
创建第一个Windows8应用程序,
![]()
Visual Studio 11效果如下
![]()
设计下列控件
![]()
针对程序进行命名
![]()
按钮插入下列代码实现杀毒,实现卸载驱动,删除文件,删除注册表,请见代码注释
[cpp] view plaincopy
- WCHAR path[100];
-
- // 需要删除的系统驱动及文件
- WCHAR DeviceName[2][50] = { {"\\\\.\\slHBKernel"},
- {"\\\\.\\slHBKernel32"} };
-
- WCHAR ServiceName[2][50] = { {"HBKernel"},
- {"HBKernel32"} };
-
- WCHAR FileName[2][50] = { {"\\drivers\\HBKernel.sys"},
- {"\\drivers\\HBKernel32.sys"} };
-
- for ( int i=0; i<2; i++ )
- {
- HANDLE hDevice = CreateFile( DeviceName,
- GENERIC_READ|GENERIC_WRITE,
- 0,
- NULL,
- OPEN_EXISTING,
- 0,
- NULL
- );
-
- DWORD dLen;
- BOOL Driver_DEL = DeviceIoControl(
- hDevice,
- 0x22E003,
- NULL,
- 0,
- NULL,
- 0,
- &dLen,
- NULL
- );
- CloseHandle(hDevice);
-
- if ( Driver_DEL==TRUE )
- {
- printf("Virus Device Driver %s has been unloaded...\n", DeviceName);
- }
-
- SC_HANDLE scm = OpenSCManager(0, 0, 0x0F003F);
- SC_HANDLE service = OpenService(scm, ServiceName, SERVICE_ALL_ACCESS|DELETE);
- if ( service!=NULL )
- {
- if ( ControlService(service, 1, NULL) )
- {
- printf("The %s service has been stopped...\n", ServiceName);
- }
-
- if ( DeleteService(service) )
- {
- printf("The %s file has been removed from the SCM...\n", ServiceName);
- }
- }
- CloseServiceHandle(service);
- CloseServiceHandle(scm);
-
- GetSystemDirectory(path, 100);
- lstrcat(path, FileName);
- if ( DeleteFile(path) )
- {
- printf("The %s file has been removed from the Disk...\n", FileName);
- }
-
- }
- // 关闭HBInject程序的窗口
- HWND hWnd = FindWindow(NULL, "HBInject");
- if ( hWnd!=NULL )
- {
- SendMessage(hWnd, 0x10, NULL, NULL);
- }
-
-
- // 需要删除的文件
- WCHAR files[][20] = { {"\\explore.exe"},
- {"\\HBmhly.dll"},
- {"\\System.exe"},
- {"\\HBWOW.dll"},
- {"\\Update.dat"}
- };
-
- for ( int j=0; j<5; j++ )
- {
- GetSystemDirectory(path, 100);
- lstrcat(path, files[j]);
- if ( DeleteFile(path) )
- {
- printf("The file %s has been removed from the Disk...\n", path);
- }
- }
-
- // 需要删除的注册表键值
- HKEY key = NULL;
- if ( ERROR_SUCCESS==RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_ALL_ACCESS, &key) )
- {
- if ( RegDeleteValue(key, "HBService")==ERROR_SUCCESS )
- {
- printf("The HBService has been removed from the Registry...\n");
- }
-
- if ( RegDeleteValue(key, "HBService32")==ERROR_SUCCESS )
- {
- printf("The HBService32 has been removed from the Registry...\n");
- }
- }
|
|
发表于 2014-9-29 08:41:33
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
转播
分享
淘帖
支持
反对