基于Windows8与Visual Studio2012实现杀毒通用模块

基于Windows8与Visual Studio2012实现杀毒通用模块

创建第一个Windows8应用程序，

Visual Studio 11效果如下

设计下列控件

针对程序进行命名

按钮插入下列代码实现杀毒，实现卸载驱动，删除文件，删除注册表，请见代码注释

WCHAR path[100]; // 需要删除的系统驱动及文件 WCHAR DeviceName[2][50] = { {"\\\\.\\slHBKernel"}, {"\\\\.\\slHBKernel32"} }; WCHAR ServiceName[2][50] = { {"HBKernel"}, {"HBKernel32"} }; WCHAR FileName[2][50] = { {"\\drivers\\HBKernel.sys"}, {"\\drivers\\HBKernel32.sys"} }; for ( int i=0; i<2; i++ ) { HANDLE hDevice = CreateFile( DeviceName[i], GENERIC_READ|GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL ); DWORD dLen; BOOL Driver_DEL = DeviceIoControl( hDevice, 0x22E003, NULL, 0, NULL, 0, &dLen, NULL ); CloseHandle(hDevice); if ( Driver_DEL==TRUE ) { printf("Virus Device Driver %s has been unloaded...\n", DeviceName[i]); } SC_HANDLE scm = OpenSCManager(0, 0, 0x0F003F); SC_HANDLE service = OpenService(scm, ServiceName[i], SERVICE_ALL_ACCESS|DELETE); if ( service!=NULL ) { if ( ControlService(service, 1, NULL) ) { printf("The %s service has been stopped...\n", ServiceName[i]); } if ( DeleteService(service) ) { printf("The %s file has been removed from the SCM...\n", ServiceName[i]); } } CloseServiceHandle(service); CloseServiceHandle(scm); GetSystemDirectory(path, 100); lstrcat(path, FileName[i]); if ( DeleteFile(path) ) { printf("The %s file has been removed from the Disk...\n", FileName[i]); } } // 关闭HBInject程序的窗口 HWND hWnd = FindWindow(NULL, "HBInject"); if ( hWnd!=NULL ) { SendMessage(hWnd, 0x10, NULL, NULL); } // 需要删除的文件 WCHAR files[][20] = { {"\\explore.exe"}, {"\\HBmhly.dll"}, {"\\System.exe"}, {"\\HBWOW.dll"}, {"\\Update.dat"} }; for ( int j=0; j<5; j++ ) { GetSystemDirectory(path, 100); lstrcat(path, files[j]); if ( DeleteFile(path) ) { printf("The file %s has been removed from the Disk...\n", path); } } // 需要删除的注册表键值 HKEY key = NULL; if ( ERROR_SUCCESS==RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_ALL_ACCESS, &key) ) { if ( RegDeleteValue(key, "HBService")==ERROR_SUCCESS ) { printf("The HBService has been removed from the Registry...\n"); } if ( RegDeleteValue(key, "HBService32")==ERROR_SUCCESS ) { printf("The HBService32 has been removed from the Registry...\n"); } }

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。