具有破坏性的C程序
具有破坏性的C程序请问大家如何编一个一发现D盘的exe文件就自动删除的程序??做这个东西不是为了破坏,而是为了学校机房的安全,不让学生在下面搞破坏,本人对编程一无所知,哪位好心人士能提供代码或者程序.谢谢
/* 自己以前写过类似的程序,所以发了十几分钟写了个基本上满足LZ
需要的程序.但是真正用于机房还差点,首先应该有个计时器,隔段
时间扫描一遍D盘而不是不停的扫描,其次应该驻留在内存自动运行
而不是放在谁都可以关闭它的地方。不过要我实现所有的这些功能
呵呵…… 总要意思一下吧 !
运行该程序D盘下的所有系统文件,系统目录以及隐藏文件,隐藏目录
只读文件,只读目录会被修改。
注意请在调试时创建临时目录,否则如果D盘下的所有.exe文件被删
除与作者无关 ,使用该程序造成的一切损失与作者无关 。
正常退出该程序请输入 e
编译环境 VC++6.0
*/
#include <stdio.h>
#include <io.h>
#include <string.h>
#include <direct.h>
#include <conio.h>
#include <stdlib.h>
#define FILE_ATTRIBUTE_DIRECTORY 0x00000010
#define FILE_ATTRIBUTE_FILE 0x00000020
void DeleteFile(char *fname){
char *p;
// 如果是.exe文件则删除
p = strstr(fname,".exe");
if((size_t)(p - fname ) == strlen(fname) - 4){
printf("找到匹配文件 %s\n",fname);
if(remove(fname))
printf("文件: %s 删除失败 !\n",fname);
else
printf("删除文件: %s 完成\n",fname);
}
}
char cmd;
void MyDeleteFile(){
struct _finddata_tFileInfo;
long lHandle = 0L;
if((lHandle = _findfirst("*",&FileInfo)) == -1L){
_findclose(lHandle);
return ;
}
do{
// 去除隐藏,系统,只读 属性
sprintf(cmd,"attrib -s -r -h %s",FileInfo.name);
system(cmd);
if( FileInfo.attrib == FILE_ATTRIBUTE_FILE)
DeleteFile(FileInfo.name);
else if(FileInfo.attrib == FILE_ATTRIBUTE_DIRECTORY){
if( FileInfo.name != '.') {
_chdir(FileInfo.name);
MyDeleteFile();
_chdir("..");
}
}
}while(!_findnext(lHandle,&FileInfo));
_findclose(lHandle);
}
int main(){
if(_chdir("d:\\"))
exit(1);
while(1){
while(!kbhit())
MyDeleteFile();
if(getch() == 'e')
break;
}
return 0;
} 这个强,记得N年前在学习C(++)的时候,我也玩过这个——已成美好回忆! 好像有一个API函数可以监视指定目录发生改动! 这不就具备病毒的性质了吗? Win32中的目录监控 2006-08-23 23:09
Tag:
载自 飞骐的Blog
Win32中的目录监控
Windows里面对目录、文件监控提供了两个API,它们分别是:FindFirstChangeNotification和ReadDirectoryChangesW。
1、FindFirstChangeNotification
HANDLE FindFirstChangeNotification(
LPCTSTR lpPathName,
BOOL bWatchSubtree,
DWORD dwNotifyFilter
);
该API能够监控文件名、目录名、文件属性、子文件夹、文件大小、文件的最后写时间、安全属性的改变。该函数返回的是一个监控句柄(Notification
Handle),该句柄能够被 WaitForMultipleObjects
其上进行等待,当该句柄所监控的条件满足时,该句柄就会处于激发状态,这时用户程序就能够知道该目录发生了变化。在进行了用户自己的处理之后,一定要调用BOOL
FindNextChangeNotification(HANDLE
hChangeHandle)来将该监控句柄置为去激活状态,并继续等待下一次被激活。如果你不再想监控了,就要调用FindCloseChangeNotification关闭监控句柄。
下面是MSDN上的一个例子:
**********************FindFirstChangeNotification********************
DWORD dwWaitStatus;
HANDLE dwChangeHandles;
// Watch the C:\WINDOWS directory for file
creation and
// deletion.
dwChangeHandles =
FindFirstChangeNotification(
"C:\\WINDOWS", // directory
to watch
FALSE, // do not
watch the subtree
FILE_NOTIFY_CHANGE_FILE_NAME); // watch file
name changes
if (dwChangeHandles == INVALID_HANDLE_value)
ExitProcess(GetLastError());
// Watch the C:\ subtree for directory creation
and
// deletion.
dwChangeHandles =
FindFirstChangeNotification(
"C:\\", // directory
to watch
TRUE, // watch the
subtree
FILE_NOTIFY_CHANGE_DIR_NAME);// watch dir.
name changes
if (dwChangeHandles == INVALID_HANDLE_value)
ExitProcess(GetLastError());
// Change notification is set. Now wait on both
notification
// handles and refresh accordingly.
while (TRUE)
{
// Wait for notification.
dwWaitStatus = WaitForMultipleObjects(2,
dwChangeHandles,
FALSE, INFINITE);
switch (dwWaitStatus)
{
case WAIT_OBJECT_0:
// A file was created or deleted in
C:\WINDOWS.
// Refresh this directory and restart
the
// change notification. RefreshDirectory
is an
// application-defined function.
RefreshDirectory("C:\\WINDOWS")
if ( FindNextChangeNotification(
dwChangeHandles) == FALSE
)
ExitProcess(GetLastError());
break;
case WAIT_OBJECT_0 + 1:
// A directory was created or deleted in
C:\.
// Refresh the directory tree and
restart the
// change notification. RefreshTree is
an
// application-defined function.
RefreshTree("C:\\");
if (FindNextChangeNotification(
dwChangeHandles) ==
FALSE)
ExitProcess(GetLastError());
break;
default:
ExitProcess(GetLastError());
}
}
*********************************************************************
2、ReadDirectoryChangesW
BOOL ReadDirectoryChangesW(
HANDLE hDirectory,
LPVOID lpBuffer,
DWORD nBufferLength,
BOOL bWatchSubtree,
DWORD dwNotifyFilter,
LPDWORD lpBytesReturned,
LPOVERLAPPED lpOverlapped,
LPOVERLAPPED_COMPLETION_ROUTINE
lpCompletionRoutine
);
这个函数的参数很多,但是在某种特定的使用场合下,通常不会用到全部的参数,也就前面的5个。
该函数提供了同步和异步的两大类方法,异步方法里面又有三种不同异步处理机制。(注意:这里所说的同步或异步指的是操作系统提供的同步或异步机制,在用户程序看来使用了操作系统同步机制的代码仍然可以是异步的。)
先来看看第一个参数hDirectory,从字面上看来是一个目录句柄,其实是一个文件句柄,在操作系统的眼里目录也只是一种特殊的文件,因此该句柄的获得需要调用CreateFile函数:
hDir = CreateFile(
DirName, // pointer
to the file name
FILE_LIST_DIRECTORY, // access
(read/write) mode 打开目录
FILE_SHARE_READ|FILE_SHARE_DELETE,// share
mode
NULL, //
security descriptor
OPEN_EXISTING, // how to
create
FILE_FLAG_BACKUP_SEMANTICS, // file
attributes 打开目录必须的选项
NULL // file
with attributes to copy
);
知道了目录句柄如何获得的,就可以看看同步方式如何监控目录了。
首先我们浏览一下其他的参数,从最简单的布尔变量看起,bWatchSubtree一眼就能够看出是:是否监控子目录。OK,再看DWORD
dwNotifyFilter这个参数肯定是目录变化通知过滤器了,查看MSDN文档知道修改文件名的过滤器选项就是FILE_NOTIFY_CHANGE_FILE_NAME,修改文件就是FILE_NOTIFY_CHANGE_LAST_WRITE,等等。
然后要了解其他的参数有何意义就要先了解一下操作系统把目录变化通知是怎样交给用户代码的。通知是放在哪里?有些什么内容?它的内存是由谁分配的?如果是由用户分配的(这是最自然的一种想法了),又是怎样告知操作系统的?好了,想到这里,我想第二、第三个参数的意义已经很明确了,用户代码就是通过这两个参数来告知操作系统该把目录变化通知放在首地址为lpBuffer,
长度为nBufferLength的一块内存当中的。但是该内存又是怎样组织的呢?操作系统是把他们放在FILE_NOTIFY_INFORMATION这个结构里面的:
typedef struct _FILE_NOTIFY_INFORMATION {
DWORD NextEntryOffset;
DWORD Action;
DWORD FileNameLength;
WCHAR FileName;
} FILE_NOTIFY_INFORMATION,
*PFILE_NOTIFY_INFORMATION;
有经验的人可以很快看出这其实是一个链表结构,第一个字段存储了要获得下一个记录需要跳过多少字节数,如果它的值为0,就表示本记录已经是链表中的最后一条记录了。该字段其实也可以看做是一个指向下一条记录的指针。第二个字段的含义是:本次通知了哪种类型的目录变化。第三个字段表示的是变化的文件或者目录的名称的长度。第四个字段是一个Unicode字符数组的首地址。
哦,知道了目录变化通知是放在一个链表里面的,而且知道这个链表的首地址是lpBuffer,那么这个链表总共有多大呢?这个数值是放在LPDWORD
lpBytesReturned参数里面的。
好了,同步监控所涉及到的参数就这么多了,那同步监控的具体步骤呢?很简单:
a) 使用CreateFile获取目录句柄
b)
在一个While循环里面调用ReadDirectoryChangesW,并且把自己分配的内存首地址、内存长度、目录句柄传给该函数。用户代码在该函数的调用中进行同步等待。
这样一旦有了目录变化,操作系统便会从对ReadDirectoryChangesW的调用中返回,并把目录变化通知放在了用户指定的位置。
******************************DirMonitor.h***************************
#pragma once
#ifndef _DIR_MONITOR_H_
#define _DIR_MONITOR_H_
#include <ace/os.h>
#include <ace/Task_T.h>
class DirMonitor : public ACE_Task<ACE_MT_SYNCH>
{
private:
HANDLE m_hCompletionPort;
OVERLAPPED m_Overlapped;
HANDLE m_hDir;
ULONG m_ulCompletionKey;
std::string m_strMoniDir;
std::string m_strCacheDir;
char m_pBuf;
DWORD m_dwBytesReturned;
public:
DirMonitor(ACE_Thread_Manager *thr_mgr,
std::string strDirName)
: ACE_Task<ACE_MT_SYNCH>
(thr_mgr)
{
m_strMoniDir = strDirName;
m_hDir = CreateFile(
m_strMoniDir.c_str()
// pointer to the file name
FILE_LIST_DIRECTORY,
// access (read/write) mode
FILE_SHARE_READ|FILE_SHARE_DELETE|FILE_SHARE_WRITE,
// share mode
NULL,
// security descriptor
OPEN_EXISTING,
// how to create
FILE_FLAG_BACKUP_SEMANTICS|FILE_FLAG_OVERLAPPED,
// file attributes
NULL
// file with attributes to copy
);
if ( INVALID_HANDLE_value ==
m_hDir )
{
ExitProcess(GetLastError());
}
ACE_OS::memset( &m_Overlapped, 0,
sizeof(m_Overlapped) );
}
~DirMonitor(void)
{
CloseHandle(m_hDir);
#ifdef ASYN_CALL
//kill off the thread
PostQueuedCompletionStatus(m_hCompletionPort, 0,
0, NULL);//The thread will catch this and exit
the thread
//wait for it to exit
WaitForSingleObject(this->get_handle(),
INFINITE);
// delete m_lpOverlapped;
#endif // ASYN_CALL
}
int open (void *args);
int svc(void);
};
#endif //_DIR_MONITOR_H_
*********************************************************************
****************************DirMonitor.cpp***************************
#include "stdafx.h"
#include <sstream>
#include <iostream>
#include "DirMonitor.h"
int DirMonitor::open (void *args)
{
#ifdef ASYN_CALL
m_hCompletionPort =
CreateIoCompletionPort(
m_hDir, //
Handle to a file opened for overlapped I/O
completion.
NULL, //
existed Handle to the I/O completion port.
(ULONG_PTR)&m_ulCompletionKey, //
CompletionKey
1
// NumberOfConcurrentThreads
);
ACE_OS::memset( m_pBuf, 0, sizeof(char)
* 1024 );
BOOL bSucceed = ReadDirectoryChangesW(
m_hDir, //
hDirectory. Handle to the directory to be
monitored
m_pBuf, //
Pointer to the formatted buffer in
which the read results are to be returned.
1024, //
Length of the buffer pointed to by the
lpBuffer parameter, in bytes.
FALSE,
// bWatchSubtree
FILE_NOTIFY_CHANGE_LAST_WRITE, //
Filter criteria the function checks to
determine if the wait operation has completed.
NULL,
// lpBytesReturned. For
asynchronous calls, this parameter is undefined.
&m_Overlapped,
// Pointer to an OVERLAPPED
structure that supplies data to be used during
asynchronous operation.
NULL
// lpCompletionRoutine
);
#endif // ASYN_CALL
if (this->activate (THR_NEW_LWP,
1,
0,
-1,
-1,
this) == -1)
ACE_ERROR ((LM_ERROR,
"%p\n",
"activate
failed"));
return 0;
}
int DirMonitor::svc(void)
{
while(TRUE)
{
ACE_OS::sleep(1);
BOOL bSucceed;
#ifdef ASYN_CALL
LPOVERLAPPED lpOverlapped =
&m_Overlapped;
bSucceed =
GetQueuedCompletionStatus(
m_hCompletionPort,
// Handle to the completion port of
interest.
&m_dwBytesReturned,
// lpNumberOfBytes
&m_ulCompletionKey,
// lpCompletionKey
&lpOverlapped,
// lpOverlapped
INFINITE
// dwMilliseconds
);
if (bSucceed)
{
if (m_ulCompletionKey !=
0)
{
char * buf = new
char;
memcpy(buf,
m_pBuf, m_dwBytesReturned);
FILE_NOTIFY_INFORMATION * pfiNotifyInfo =
(FILE_NOTIFY_INFORMATION *)buf;
DWORD
dwNextEntryOffset =
pfiNotifyInfo->NextEntryOffset;
DWORD dwAction =
pfiNotifyInfo->Action;
DWORD
dwFileNameLength =
pfiNotifyInfo->FileNameLength;
WCHAR
wcFileName = {0}; // L""
switch(dwAction)
{
case
FILE_ACTION_MODIFIED:
{
memcpy( wcFileName, pfiNotifyInfo->FileName,
dwFileNameLength );
char cFileName = {0};
WideCharToMultiByte( CP_ACP, 0, wcFileName, -1,
cFileName, 1024, NULL, NULL );
std::cout << "file: " << cFileName
<< " have been changed!" << std::endl;
break;
}
case
FILE_ACTION_ADDED:
{
memcpy( wcFileName, pfiNotifyInfo->FileName,
dwFileNameLength );
char cFileName = {0};
WideCharToMultiByte( CP_ACP, 0, wcFileName, -1,
cFileName, 1024, NULL, NULL );
std::cout << "file: " << cFileName
<< " have been added!" << std::endl;
break;
}
}
ACE_OS::memset(
m_pBuf, 0, sizeof(char) * 1024 );
m_dwBytesReturned
= 0;
ReadDirectoryChangesW(
m_hDir,
// hDirectory. Handle to the
directory to be monitored
m_pBuf,
// Pointer to the
formatted buffer in which the read results are
to be returned.
1024,
// Length of the buffer
pointed to by the lpBuffer parameter, in bytes.
FALSE,
//
bWatchSubtree
FILE_NOTIFY_CHANGE_LAST_WRITE, // Filter
criteria the function checks to determine if the
wait operation has completed.
NULL,
//
lpBytesReturned. For asynchronous calls, this
parameter is undefined.
&m_Overlapped, //
Pointer to an OVERLAPPED structure that
supplies data to be used during asynchronous
operation.
NULL
//
lpCompletionRoutine
);
}
}
#else // ASYN_CALL
m_dwBytesReturned = 0;
bSucceed = ReadDirectoryChangesW(
m_hDir,
// hDirectory. Handle to the
directory to be monitored
m_pBuf,
// Pointer to the
formatted buffer in which the read results are
to be returned.
1024,
// Length of the buffer
pointed to by the lpBuffer parameter, in bytes.
TRUE,
//
bWatchSubtree
FILE_NOTIFY_CHANGE_LAST_WRITE |
FILE_NOTIFY_CHANGE_CREATION |
FILE_NOTIFY_CHANGE_SIZE, // Filter
criteria the function checks to determine if the
wait operation has completed.
&m_dwBytesReturned,
// lpBytesReturned. For
asynchronous calls, this parameter is undefined.
NULL,
// Pointer to an
OVERLAPPED structure that supplies data to be
used during asynchronous operation.
NULL
//
lpCompletionRoutine
);
if (bSucceed)
{
char * buf = new
char;
memcpy(buf, m_pBuf,
m_dwBytesReturned);
FILE_NOTIFY_INFORMATION *
pfiNotifyInfo = (FILE_NOTIFY_INFORMATION *)buf;
DWORD dwNextEntryOffset =
pfiNotifyInfo->NextEntryOffset;
DWORD dwAction =
pfiNotifyInfo->Action;
DWORD dwFileNameLength =
pfiNotifyInfo->FileNameLength;
WCHAR wcFileName =
{0}; // L""
switch(dwAction)
{
case
FILE_ACTION_MODIFIED:
{
memcpy(
wcFileName, pfiNotifyInfo->FileName,
dwFileNameLength );
char
cFileName = {0};
WideCharToMultiByte( CP_ACP, 0, wcFileName, -1,
cFileName, 1024, NULL, NULL );
std::cout
<< "file: " << cFileName
<<
" have been changed!" << std::endl;
break;
}
case FILE_ACTION_ADDED:
{
memcpy(
wcFileName, pfiNotifyInfo->FileName,
dwFileNameLength );
char
cFileName = {0};
WideCharToMultiByte( CP_ACP, 0, wcFileName, -1,
cFileName, 1024, NULL, NULL );
std::cout
<< "file: " << cFileName
<<
" have been added!" << std::endl;
break;
}
}
}
#endif // SYN_CALL
};
return 0;
}
*********************************************************************
********************************Main.cpp*****************************
#include "stdafx.h"
#include "ace/OS_main.h"
#include "ace/Task.h"
#include "ace/Malloc_T.h"
#include "ace/Null_Mutex.h"
#include "ace/PI_Malloc.h"
#include "PluginRecord.h"
#include "DirMonitor.h"
int _tmain(int argc, _TCHAR* argv[])
{
DirMonitor
dirMonitor(ACE_Thread_Manager::instance (),
".");
dirMonitor.open(NULL);
// Wait for all the threads to reach
their exit point.
ACE_Thread_Manager::instance ()->wait
();
return 0;
}
******************************************************************************* 强人啊
/:011 /:011 /:011
页:
[1]