ActiveX启动你的程序

目前国内也有好多木马也支持这种方式启动自己,我只是给出一个例子,希望大家以后见到了不会怕它们.
下面是代码,用VC新一个Application工程(带基本结构的)把代码直接贴上就可以编译
// ActiveX to Start Up.cpp : Defines the entry point for the application.
//
#include "stdafx.h"
#include "winreg.h"
#include "windows.h"
#include <objbase.h>
#include <stdio.h>
#include <Tchar.h>
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
#pragma comment (lib, "Ws2_32.lib")
//--生成GUID
const char* newGUID() //GUID生成函数
{
static char buf[64] = {0};
GUID guid;
if (S_OK == ::CoCreateGuid(&guid))
{
_snprintf(buf, sizeof(buf)
, "{%08X-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X}"
, guid.Data1
, guid.Data2
, guid.Data3
, guid.Data4[0], guid.Data4[1]
, guid.Data4[2], guid.Data4[3], guid.Data4[4], guid.Data4[5]
, guid.Data4[6], guid.Data4[7]
);
}
return (const char*)buf;
}
const char * WINAPI CheckREG() //启动项测试函数
{
HKEY hkey,tmpkey;
//LPCTSTR RDkey="Software\Microsoft\MePath";
//long regMP=(::RegOpenKeyEx(HKEY_LOCAL_MACHINE,RDkey, 0, KEY_READ|KEY_WRITE, &hkey));
if(RegOpenKey(HKEY_LOCAL_MACHINE,"Software\Microsoft\MePath",&hkey)!=ERROR_SUCCESS)
{
    RegOpenKey(HKEY_LOCAL_MACHINE,"Software\Microsoft",&tmpkey);
    RegCreateKey(tmpkey,"MePath",&hkey);
    RegCloseKey(tmpkey);
}
LPBYTE oGet=new BYTE[80]; 
DWORD typeMP=REG_SZ; 
DWORD cbData=80; 
long ret1=::RegQueryValueEx(hkey, "ShellPath", NULL,&typeMP, oGet, &cbData); 
if(ret1!=ERROR_SUCCESS) 
{ 
   //--COM初始化
    CoInitialize(NULL);
    //这里是可以生成这个键
    oGet=(LPBYTE)newGUID();//GUID生成函数
 
    //设置ShellPath项为 oGet
::RegSetValueEx(hkey,"ShellPath",NULL,REG_SZ,(const unsigned char *)oGet,strlen((const char *)oGet));
    //设置(默认)项为 oGet
    //::RegSetValueEx(hkey,NULL,NULL,REG_SZ,(const unsigned char *)oGet,strlen((const char *)oGet)); 
    //关闭COM
    CoUninitialize();
} 
RegCloseKey(hkey);
return(const char*)oGet;
}
const char * WINAPI CheckStartUP(unsigned char * MyPaths)
{
HKEY hkey,tmpkey;
char * pp="SOFTWARE\Microsoft\Active Setup\Installed Components\";
LPCTSTR RDkey={0};
const char * MyGuid=CheckREG();
RDkey=(LPCTSTR)strcat(pp,MyGuid);
//long regMP=RegOpenKey(HKEY_LOCAL_MACHINE,RDkey,&hkey);
if(RegOpenKey(HKEY_LOCAL_MACHINE,RDkey,&hkey)!=ERROR_SUCCESS)
{
    RegOpenKey(HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Active Setup\Installed Components",&tmpkey);
    RegCreateKey(tmpkey,MyGuid,&hkey);
    RegCloseKey(tmpkey);
    //return ("1");
}
LPBYTE oGet=new BYTE[80]; 
DWORD typeMP=REG_SZ; 
DWORD cbData=80; 
long ret1=::RegQueryValueEx(hkey, "StubPath", NULL,&typeMP, oGet, &cbData); 
if(ret1!=ERROR_SUCCESS) 
{
    oGet=MyPaths;
    RegSetValueEx(hkey,"StubPath",NULL,REG_SZ,(const unsigned char *)oGet,strlen((const char *)oGet));
}
RegCloseKey(hkey);
return(const char*)oGet;
}
unsigned char * changme(const char *kk) //把字符串前后各加一个 ",以方便在命令行运行时可以作为一个字串看待
{
int kklen,i;
kklen=strlen(kk);
char *szkk=new char[kklen+1];
szkk[0]=";
i=0;
while(kk!=)
{
szkk[i+1]=kk[i++];
};
szkk[i+1]=";
return (unsigned char *)szkk;
}
int APIENTRY WinMain(HINSTANCE hInstance,
                  HINSTANCE hPrevInstance,
                  LPSTR    lpCmdLine,
                  int        nCmdShow)
{
// TODO: Place code here.
    if(stricmp(lpCmdLine,"")==0)
{
char szFilePath[MAX_PATH]={0};
const char * mereg;
//在此之前可以加一些复制自己到目标文件夹的代码
::GetModuleFileName(NULL, szFilePath, MAX_PATH);
mereg=CheckStartUP(changme(szFilePath));
//这句在真正运用的时候,可以换CreateProcess或 
//ShellExecute来运行带参数的程序实例,让程序可以运行其它功能
//记得重新运行的时候,后面要带参数,随便什么字符都可以 ,只要lpCmdLine不为空就行?:)
}
else
{
//
MessageBox(NULL,"工作正常",";PL",0);
}
return 0;
}

补充：综合编程 , 安全编程 ,

上一个：JS查看本地盘符是否存在
下一个：asm编写的只有268字节的shellcode