1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165
| #include <iostream> #include <stdio.h> #include <windows.h> #include <memory.h> #include<assert.h> #include <cstring> // for strcpy(), strcat() #include <io.h> #include<shlwapi.h> #pragma comment(lib,"Shlwapi.lib") using namespace std;
char buffer[256];
HANDLE hFile = NULL; HANDLE hMap = NULL; LPVOID lpBase = NULL; int flag; char* path; char* path1; char name[MAX_PATH]; char drive[MAX_PATH]; int repair(char *filename) {
hFile = CreateFile((char *)filename, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (GetLastError() != 0) { printf("%d", GetLastError()); printf("%s Open fail\n", filename); return 0; } hMap = CreateFileMapping(hFile, NULL, PAGE_READWRITE, 0, 0, 0); if (GetLastError() != 0) { printf("%s CreateFileMapping Fail\n", filename); return 0; } lpBase = MapViewOfFile(hMap, FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, 0);
PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)lpBase; PIMAGE_NT_HEADERS pNtHeader = NULL;
if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) { UnmapViewOfFile(lpBase); CloseHandle(hMap); CloseHandle(hFile); return 0; } pNtHeader = (PIMAGE_NT_HEADERS)((BYTE*)lpBase + pDosHeader->e_lfanew); if (pNtHeader->Signature != IMAGE_NT_SIGNATURE) { UnmapViewOfFile(lpBase); CloseHandle(hMap); CloseHandle(hFile); return 0; } int nSecNum = pNtHeader->FileHeader.NumberOfSections; PIMAGE_SECTION_HEADER pSecHeader = (PIMAGE_SECTION_HEADER)((DWORD) & (pNtHeader->OptionalHeader) + pNtHeader-> FileHeader.SizeOfOptionalHeader); PIMAGE_SECTION_HEADER pTmpSec = pSecHeader + nSecNum - 1; if (strcmp((char*)pTmpSec->Name, ".rmnet") == 0) { printf("%s ", filename); printf("File has been infected And repair now \n"); memset(pTmpSec, 0, sizeof(pTmpSec)); pNtHeader->OptionalHeader.SizeOfImage -= pTmpSec->Misc.VirtualSize; pNtHeader->FileHeader.NumberOfSections -= 1; DWORD OffsetOfOEP = *(PDWORD)(pTmpSec->PointerToRawData + 0x328 + (int)lpBase); pNtHeader->OptionalHeader.AddressOfEntryPoint = pTmpSec->VirtualAddress - OffsetOfOEP; printf("%s ", filename); printf("Repair Compelete\n"); } else printf("%s ", filename); printf("File has not been infected\n"); FlushViewOfFile(lpBase, 0); UnmapViewOfFile(lpBase); CloseHandle(hMap); CloseHandle(hFile); } void num(const char* dir) { char dirNew[MAX_PATH]; strcpy(dirNew, dir); strcat(dirNew, "\\*.*");
intptr_t handle; _finddata_t findData;
handle = _findfirst(dirNew, &findData); if (handle == -1) return;
do { if (findData.attrib & _A_SUBDIR) { if (strcmp(findData.name, ".") == 0 || strcmp(findData.name, "..") == 0) continue;
strcpy(dirNew, dir); strcat(dirNew, "\\"); strcat(dirNew, findData.name);
num(dirNew); } else { path = (char *)dir;
sprintf(name, "%s\\%s", path,findData.name); repair(name);
} } while (_findnext(handle, &findData) == 0);
_findclose(handle); } int main() { int m, n; char i; for (i = 'A'; i <= 'Z'; i++) { sprintf(drive, "%c:", i); printf("%s\n", drive); num(drive); } system("pause"); return 0; }
|