{"id":104703,"date":"2021-09-23T17:44:03","date_gmt":"2021-09-23T09:44:03","guid":{"rendered":"https:\/\/www.keaglegz.com\/104703.html"},"modified":"2021-09-23T17:44:03","modified_gmt":"2021-09-23T09:44:03","slug":"%e5%8d%95exe%e5%a4%8d%e6%b4%bb%e4%bb%a3%e7%a0%81vc","status":"publish","type":"post","link":"https:\/\/www.dongwubaike.cn\/fanhao\/104703.html","title":{"rendered":"\u5355EXE\u590d\u6d3b\u4ee3\u7801(VC++)"},"content":{"rendered":"\n<p>\u4ee3\u7801<\/p>\n<pre>DWORD WINAPI ShieldThread()  {  char FilePath[MAX_PATH];  HANDLE hFile;  HANDLE hSearch;  void* Mem;  int Size;    DWORD BytesRead;  WIN32_FIND_DATA FileData;  char ProtectKey1[MAX_PATH*2],ProtectKey2[MAX_PATH*2];  __try  {  GetModuleFileNameA(NULL,FilePath,MAX_PATH); \/\/\u83b7\u53d6\u81ea\u8eab\u8def\u5f84  hFile =CreateFileA(FilePath,GENERIC_READ,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0); \/\/\u6253\u5f00\u81ea\u8eab  Size =GetFileSize(hFile,0); \/\/\u83b7\u53d6\u81ea\u8eab\u5927\u5c0f  Mem =VirtualAlloc(0,Size,MEM_COMMIT|MEM_RESERVE,PAGE_READWRITE); \/\/\u7533\u8bf7\u81ea\u8eab\u5185\u5b58,\u5927\u5c0f\u4e3a\u81ea\u8eab\u5927\u5c0f  ReadFile(hFile,Mem,Size,&amp;BytesRead,0); \/\/\u83b7\u53d6\u81ea\u8eab\u7684CODE  CloseHandle(hFile); \/\/\u5173\u95ed\u53e5\u67c4  while(1)  {  hSearch =FindFirstFile(FilePath,&amp;FileData);  if(hSearch==INVALID_HANDLE_VALUE) \/\/\u5982\u679c\u81ea\u8eab\u4e0d\u5b58\u5728,\u8bf4\u660e\u81ea\u8eab\u88ab\u5220\u88ab\u6740\u4e86  {  hFile=CreateFileA(FilePath,GENERIC_WRITE,0,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0); \/\/\u521b\u5efa\u6587\u4ef6\u53e5\u67c4  WriteFile(hFile,Mem,Size,&amp;BytesRead,0); \/\/\u5199\u5165\u521a\u624d\u83b7\u53d6\u5230\u7684\u81ea\u8eab\u7684Code  CloseHandle(hFile); \/\/\u5173\u95ed\u53e5\u67c4    \/\/\u5b8c\u6210\u590d\u6d3b  }  FindClose(hSearch);  Sleep(15000); \/\/\u68c0\u6d4b\u5468\u671f15\u79d2  }  }  __finally  {    CloseHandle(hFile);  FindClose(hSearch);  }  return 0;  }<\/pre>\n<p>\u8c03\u7528<\/p>\n<pre>CreateThread(0,0,(LPTHREAD_START_ROUTINE)ShieldThread,0,0,0);<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u4ee3\u7801\u8c03\u7528<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[65088],"class_list":["post-104703","post","type-post","status-publish","format-standard","hentry","tag-hse"],"_links":{"self":[{"href":"https:\/\/www.dongwubaike.cn\/fanhao\/wp-json\/wp\/v2\/posts\/104703","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dongwubaike.cn\/fanhao\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dongwubaike.cn\/fanhao\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dongwubaike.cn\/fanhao\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dongwubaike.cn\/fanhao\/wp-json\/wp\/v2\/comments?post=104703"}],"version-history":[{"count":0,"href":"https:\/\/www.dongwubaike.cn\/fanhao\/wp-json\/wp\/v2\/posts\/104703\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.dongwubaike.cn\/fanhao\/wp-json\/wp\/v2\/media?parent=104703"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dongwubaike.cn\/fanhao\/wp-json\/wp\/v2\/categories?post=104703"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dongwubaike.cn\/fanhao\/wp-json\/wp\/v2\/tags?post=104703"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}