創建第一個Windows8應用程序,
Visual Studio 11效果如下
設計下列控件
針對程序進行命名
按鈕插入下列代碼實現殺毒,實現卸載驅動,刪除文件,刪除注冊表,請見代碼注釋
~~~
WCHAR path[100];
// 需要刪除的系統驅動及文件
WCHAR DeviceName[2][50] = { {"\\\\.\\slHBKernel"},
{"\\\\.\\slHBKernel32"} };
WCHAR ServiceName[2][50] = { {"HBKernel"},
{"HBKernel32"} };
WCHAR FileName[2][50] = { {"\\drivers\\HBKernel.sys"},
{"\\drivers\\HBKernel32.sys"} };
for ( int i=0; i<2; i++ )
{
HANDLE hDevice = CreateFile( DeviceName[i],
GENERIC_READ|GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
0,
NULL
);
DWORD dLen;
BOOL Driver_DEL = DeviceIoControl(
hDevice,
0x22E003,
NULL,
0,
NULL,
0,
&dLen,
NULL
);
CloseHandle(hDevice);
if ( Driver_DEL==TRUE )
{
printf("Virus Device Driver %s has been unloaded...\n", DeviceName[i]);
}
SC_HANDLE scm = OpenSCManager(0, 0, 0x0F003F);
SC_HANDLE service = OpenService(scm, ServiceName[i], SERVICE_ALL_ACCESS|DELETE);
if ( service!=NULL )
{
if ( ControlService(service, 1, NULL) )
{
printf("The %s service has been stopped...\n", ServiceName[i]);
}
if ( DeleteService(service) )
{
printf("The %s file has been removed from the SCM...\n", ServiceName[i]);
}
}
CloseServiceHandle(service);
CloseServiceHandle(scm);
GetSystemDirectory(path, 100);
lstrcat(path, FileName[i]);
if ( DeleteFile(path) )
{
printf("The %s file has been removed from the Disk...\n", FileName[i]);
}
}
// 關閉HBInject程序的窗口
HWND hWnd = FindWindow(NULL, "HBInject");
if ( hWnd!=NULL )
{
SendMessage(hWnd, 0x10, NULL, NULL);
}
// 需要刪除的文件
WCHAR files[][20] = { {"\\explore.exe"},
{"\\HBmhly.dll"},
{"\\System.exe"},
{"\\HBWOW.dll"},
{"\\Update.dat"}
};
for ( int j=0; j<5; j++ )
{
GetSystemDirectory(path, 100);
lstrcat(path, files[j]);
if ( DeleteFile(path) )
{
printf("The file %s has been removed from the Disk...\n", path);
}
}
// 需要刪除的注冊表鍵值
HKEY key = NULL;
if ( ERROR_SUCCESS==RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_ALL_ACCESS, &key) )
{
if ( RegDeleteValue(key, "HBService")==ERROR_SUCCESS )
{
printf("The HBService has been removed from the Registry...\n");
}
if ( RegDeleteValue(key, "HBService32")==ERROR_SUCCESS )
{
printf("The HBService32 has been removed from the Registry...\n");
}
}
~~~
- 前言
- Visual Studio 11開發指南(1) Visual Studio 11簡介與新特性
- Visual Studio 11開發指南(2) Visual Studio 11放棄宏處理
- Visual Studio 11開發指南(3)Visual Studio 11開發SharePoint 2011程序
- Visual Studio 11開發指南(4)Visual Studio 11編程語言發展
- Visual Studio 11開發指南(5)Visual Studio 11 IDE增強
- Visual Studio 11開發指南(6)Visual Studio 11平臺改進
- Visual Studio 11開發指南(7)NET 4.5的改善
- Visual Studio 11開發指南(8)Visual C++ 11新特色
- Visual Studio 11開發指南(9)Visual C++ 新功能體驗
- Visual Studio 11開發指南(10)Visual C++11 IDE 新功能體驗
- Visual Studio 11開發指南(11)Visual Studio 11調試游戲
- Visual Studio 11開發指南(12)Visual Studio 11可視化多核多線程編程的行為
- Visual Studio 11開發指南(13)C++11語言新特性
- Visual Studio 11開發指南(14)C++11---C++/ CX設計
- Visual Studio 11開發指南(15)C++11單元測試
- Visual Studio 11開發指南(16)C++11更新-多線程和異步操作管理
- Visual Studio 11開發指南(17)C++11更新- Lambda表達式
- Visual Studio 11開發指南(18)C++11更新-自動矢量器使用
- Visual Studio 11開發指南(19)C++11更新-并行模式庫和代理庫
- 在 C++ 中使用 PPL 進行異步編程
- 基于VisualStudio11開發Windows8的Metro sample講解(1)MessageBox
- Visual C++ 11 中新的并發功能
- 基于Windows8與Visual Studio2012開發內核隱藏注冊表
- 基于VC++2012在Windows8上實現文件隱藏
- 實現諾基亞 lumia Windows phone 的手機通話記錄截取
- 最短代碼實現windows8下的下載器-下載安裝執行一體化
- 用Visual studio2012在Windows8上開發內核驅動監視線程創建
- 用Visual studio2012在Windows8上開發內核驅動監視進程創建
- 基于Windows8與Visual Studio2012實現殺毒通用模塊
- 用Visual studio2012在Windows8上開發內核中隱藏進程
- 用Visual studio11在Windows8上開發內核枚舉注冊表
- 用Visual studio11在Windows8上開發內核驅動隱藏注冊表
- 用Visual studio11在Windows8上開發驅動實現注冊表監控和過濾
- 用Visual studio11在Windows8上開發驅動實現內存填0殺進程
- 【CSDN2012年度博客之星】喜歡本博客的讀者,投票贈送《visual C++2010開發權威指南》電子稿--感謝支持 ~(截至到2012年12月30日)
- 今天在清華圖書館看到我的杰作,感慨萬千,而我要歸零一切 !
- use Visual studio2012 developing kernel driver monitor thread creation on Windows8
- To kernel driver monitoring process developed in Windows8 create using Visual studio2012
- Under Windows8 kernel mode development NDIS application-NDIS Filter explain
- use Visual studio2012 development kernel to hidden process on Windows8