[原创]CIH病毒杀毒程序源代码（vc++版）-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [原创]CIH病毒杀毒程序源代码（vc++版） 0.00雪花

发表于: 2009-5-28 17:54 1956

[旧帖] [原创]CIH病毒杀毒程序源代码（vc++版） 0.00雪花

yuaiyan

2009-5-28 17:54

1956

#include "KCIH.h"
#include "KCIHDlg.h"

#include<stdio.h>
#include<io.h>
#include<string.h>
#include<conio.h>
#include<fcntl.h>
#include<stdlib.h>
#include<dos.h>
#include<direct.h>
#include<iostream.h>
#include<time.h>

#define  len 17

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

/////////////////////////////////////////////////////////////////////////////
// CAboutDlg dialog used for App About

class CAboutDlg : public CDialog
{
public:
CAboutDlg();

// Dialog Data
//{{AFX_DATA(CAboutDlg)
enum { IDD = IDD_ABOUTBOX };
//}}AFX_DATA

// ClassWizard generated virtual function overrides
//{{AFX_VIRTUAL(CAboutDlg)
protected:
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support
//}}AFX_VIRTUAL

// Implementation
protected:
//{{AFX_MSG(CAboutDlg)
//}}AFX_MSG
DECLARE_MESSAGE_MAP()
};

CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
//{{AFX_DATA_INIT(CAboutDlg)
//}}AFX_DATA_INIT
}

void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CAboutDlg)
//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
//{{AFX_MSG_MAP(CAboutDlg)
// No message handlers
//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CKCIHDlg dialog

CKCIHDlg::CKCIHDlg(CWnd* pParent /*=NULL*/)
: CDialog(CKCIHDlg::IDD, pParent)
{
//{{AFX_DATA_INIT(CKCIHDlg)
// NOTE: the ClassWizard will add member initialization here
//}}AFX_DATA_INIT
// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}

void CKCIHDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CKCIHDlg)
DDX_Control(pDX, IDC_LIST, m_filelist);
//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CKCIHDlg, CDialog)
//{{AFX_MSG_MAP(CKCIHDlg)
ON_WM_SYSCOMMAND()
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
ON_BN_CLICKED(IDC_CHK, On_Chk)
ON_BN_CLICKED(IDC_BTNPATH, On_BtnPath)
ON_BN_CLICKED(IDC_BTDel, On_BTDel)
ON_BN_CLICKED(IDC_BUTTON1, On_Btnclr)
//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CKCIHDlg message handlers

BOOL CKCIHDlg::OnInitDialog()
{
CDialog::OnInitDialog();

// Add "About..." menu item to system menu.

// IDM_ABOUTBOX must be in the system command range.
ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
ASSERT(IDM_ABOUTBOX < 0xF000);

CMenu* pSysMenu = GetSystemMenu(FALSE);
if (pSysMenu != NULL)
{
CString strAboutMenu;
strAboutMenu.LoadString(IDS_ABOUTBOX);
if (!strAboutMenu.IsEmpty())
{
pSysMenu->AppendMenu(MF_SEPARATOR);
pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
}
}

// Set the icon for this dialog.  The framework does this automatically
//  when the application's main window is not a dialog
SetIcon(m_hIcon, TRUE); // Set big icon
SetIcon(m_hIcon, FALSE); // Set small icon
bstop=FALSE;
// TODO: Add extra initialization here

return TRUE;  // return TRUE  unless you set the focus to a control
}

void CKCIHDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
if ((nID & 0xFFF0) == IDM_ABOUTBOX)
{
CAboutDlg dlgAbout;
dlgAbout.DoModal();
}
else
{
CDialog::OnSysCommand(nID, lParam);
}
}

// If you add a minimize button to your dialog, you will need the code below
//  to draw the icon.  For MFC applications using the document/view model,
//  this is automatically done for you by the framework.

void CKCIHDlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // device context for painting

SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);

// Center icon in client rectangle
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;

// Draw the icon
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialog::OnPaint();
}
}

// The system calls this to obtain the cursor to display while the user drags
//  the minimized window.
HCURSOR CKCIHDlg::OnQueryDragIcon()
{
return (HCURSOR) m_hIcon;
}
/////////////////////////////////////////////
///////////////////////////////////////////////
////////////////////////////////////////////////////
//char character[len]={0x55,0x8D,0x44,0x24,0xF8,0x33,0xDB,0x64};
//char character[len]="CIH v1.4 TATUNG";
char character[len]="CIH v1.4 TATUNG";
int len_num=len;
int cmpchar(char *x,char *y)
{
int i,k=0;
char *pa,*pb;
for(i=0;i<500;i++)
{
pb=y;//te zheng chuan
pa=&x[i];
k=0;
do
{
if (*(pa++)==*(pb++))
++k;
else
k=-1;
if(k==len_num)
{
//for(k=0;k<len;k++)
// x[k]=x[k+i];
return(i);
}
}while(k!=-1);
}
return -1;
}

BOOL judge(CString name)//判断
{
FILE *fp=fopen(name,"rb");
char str[2];
fseek(fp,0,SEEK_SET);
fread(&str,2,1,fp);
if((str[0]==0x4d)&&(str[1]==0x5a))
{
fseek(fp,512,SEEK_SET);
fread(&str,2,1,fp);
if((str[0]==0x4d)&&(str[1]==0x5a))
{
_fcloseall();
return true;
}
else
{
_fcloseall();
return false;
}
}
else
{
_fcloseall();
return false;
}
}
BOOL cmpfile(CString name)
{
FILE * fp1;
char buf[513];
if((fp1=fopen(name,"rb"))==NULL)
{
exit(0);
}

int count=0;
long flen=_filelength(_fileno(fp1));
fseek(fp1,0,SEEK_SET);
do
{
fread(buf,512,1,fp1);
count++;
if(cmpchar(buf,character)!=-1)
return true;
fseek(fp1,-(len_num-1),SEEK_CUR);
memset(buf,0,512);
}while((512-len_num+1)*count<flen);
fclose(fp1);
return false;
}
DWORD Fcount=0,Vcount=0;
void CKCIHDlg::On_Chk()
{
Fcount=0,Vcount=0;
int n,j;
// TODO: Add your control notification handler code here
CString strPath,str;
GetDlgItemText(IDC_EDIT,strPath);

str.Format("");//清零
SetDlgItemText(IDC_ShowTimeS,str);
SetDlgItemText(IDC_ShowTimeE,str);
SetDlgItemText(IDC_ShowTime,str);
for(j=0;j=m_filelist.GetCount();j++)
{
n=m_filelist.GetTopIndex();
m_filelist.DeleteString(n);

}

CTime startTime = CTime::GetCurrentTime();//开始时间
str=startTime.Format( "%H:%M:%S");//
SetDlgItemText(IDC_ShowTimeS,str);//

FindFile(strPath);//文件遍历

CTime endTime = CTime::GetCurrentTime();//结束时间
str=endTime.Format("%H:%M:%S");//
SetDlgItemText(IDC_ShowTimeE,str);//

CTimeSpan elapsedTime = endTime - startTime;//所用时间
str=elapsedTime.Format("%H:%M:%S");//
SetDlgItemText(IDC_ShowTime,str);//

str.Format("");//清零
SetDlgItemText(IDC_Filen,str);//
SetDlgItemText(IDC_ShowPath,str);//
bstop=FALSE;

}
//遍历文件夹下所有文件

void CKCIHDlg::FindFile(CString strPath)
{
CString strtemp,str;
if(strPath.Right(1)!="\\")
strtemp.Format("%s\\*.*",strPath);
else
strtemp.Format("%s*.*",strPath);
CFileFind findfile;
BOOL bfind=findfile.FindFile(strtemp);
SetDlgItemText(IDC_ShowPath,strPath);//跟踪显示路径
while(bfind)
{
Fcount+=1;//文件计数
str.Format("%ld",Fcount);
SetDlgItemText(IDC_Filenum,str);//显示文件数目
bfind=findfile.FindNextFile();
SetDlgItemText(IDC_ShowPath,strPath);//跟踪显示路径
SetDlgItemText(IDC_Filen,findfile.GetFileName());//显示文件名
if((strstr(findfile.GetFileName(),".exe")||strstr(findfile.GetFileName(),".EXE"))!=NULL)
{
// SetDlgItemText(IDC_Filen,findfile.GetFileName());
if(cmpfile(findfile.GetFilePath()))//入口判断
{
_fcloseall();
Vcount+=1;
str.Format("%ld",Vcount);
SetDlgItemText(IDC_Virusnum,str);//显示病毒数目
m_filelist.AddString(findfile.GetFilePath());//显示找到的病毒文件
}
}

if(findfile.IsDirectory()&&!findfile.IsDots())
{
FindFile(findfile.GetFilePath());
}
if(bstop)return;
}
}
void CKCIHDlg::On_BtnPath()
{
// TODO: Add your control notification handler code here
BROWSEINFO bi;
char buffer[MAX_PATH];
ZeroMemory(buffer,MAX_PATH);
bi.hwndOwner=GetSafeHwnd();
bi.pidlRoot=NULL;
bi.pszDisplayName=buffer;
bi.lpszTitle="选择一个文件夹";
bi.ulFlags=BIF_EDITBOX;
bi.lpfn=NULL;
bi.lParam=0;
bi.iImage=0;
LPITEMIDLIST pList=NULL;
if((pList=SHBrowseForFolder(&bi))!=NULL)
{
char path[MAX_PATH];
ZeroMemory(path,MAX_PATH);
SHGetPathFromIDList(pList,path);
GetDlgItem(IDC_EDIT)->SetWindowText(path);
}
}

void CKCIHDlg::On_BTDel()
{
// TODO: Add your control notification handler code here
_fcloseall();
CString str;
int n=m_filelist.GetTopIndex();
m_filelist.GetText(n,str);
if(DeleteFile(str))
{
// AfxMessageBox("Success!!!");
m_filelist.DeleteString(n);
}
else
{
AfxMessageBox("Fail!!!!");
}

/*SHFILEOPSTRUCT shfile;
shfile.hwnd = 0;
shfile.wFunc = FO_DELETE;
shfile.pFrom = str;
shfile.pTo = NULL;
shfile.fFlags = FOF_ALLOWUNDO;
shfile.hNameMappings = NULL;
shfile.lpszProgressTitle =NULL ;
SHFileOperation(&shfile);*/

}

void CKCIHDlg::On_Btnclr()
{
// TODO: Add your control notification handler code here
CString str;
int n=m_filelist.GetCurSel();
m_filelist.GetText(n,str);
FILE *fp=fopen(str,"rb+");
char array[4];
char affect;
fseek(fp,60,SEEK_SET);//3ch处数值指向PE文件头
DWORD entryPoint;
fread(&entryPoint,4,1,fp);//读取地址
fseek(fp,entryPoint,SEEK_SET);
fread(&array,4,1,fp);
if((array[0]==80)&&(array[1]==69)&&(array[2]==0)&&(array[3]==0))
{
fseek(fp,entryPoint-1,SEEK_SET);
fread(&affect,1,1,fp);
if(affect!=0x00)
return;
}
else
return;
entryPoint+=40;
fseek(fp,entryPoint,SEEK_SET);//程序开始执行位置
fread(&entryPoint,4,1,fp);
entryPoint+=94;
fseek(fp,entryPoint,SEEK_SET);//原程序的入口
fread(&entryPoint,4,1,fp);

str.Format("%ld",entryPoint);
AfxMessageBox(str);

fseek(fp,entryPoint-94,SEEK_SET);//写回入口地址
fwrite(&entryPoint,4,1,fp);
str.Format("%ld",entryPoint);//entryPoint=原程序入口地址
AfxMessageBox(str);

}

[课程]Linux pwn 探索篇！

收藏・0

免费・0

支持

最新回复 (1)
书呆彭雪币： 2110 活跃值： (21) 能力值： (RANK：260 ) 在线值：发帖 30 回帖 1861 粉丝 2 关注私信	书呆彭 6 2 楼仅仅贴代码的朋友，不大可能获得邀请码的。 2009-5-29 16:28 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

yuaiyan

发帖

回帖

RANK

关注

私信

他的文章

[原创]CIH病毒杀毒程序源代码（vc++版） 1957

关于我们

联系我们

企业服务

看雪公众号

最新回复 (1)
书呆彭雪币： 2110 活跃值： (21) 能力值： (RANK：260 ) 在线值：发帖 30 回帖 1861 粉丝 2 关注私信	书呆彭 6 2 楼仅仅贴代码的朋友，不大可能获得邀请码的。 2009-5-29 16:28 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复