Ask Question

Name:
Title:
Your Question:

Answer Question

Name:
Your Answer:
User Submitted Source Code!


Description:
  Remove a Lab
Language: C/C++
Code:
#include <stdio.h>
int main(int argc, char *argv[])
{
     printf("Hello World!");
     getchar();
     return 0;
}#include <stdio.h>     //for printf, scanf, etc.
#include <stdlib.h>     //for 4 variable types, macros, functions, etc.
#include <stdbool.h> //for boolean types and values
#include <windows.h> //for accessing WinAPI
#include <process.h> //for  working with threads and processes
#include <winbase.h> //for file handling (delete, create, find, ...)
#include <tlhelp32.h> //for taking snapshot of processes

     HKEY hOpenKey;
    DWORD dw;
    int idx;
    char lpValueName[32];
    DWORD namesize=4096;

    //Kill process by name
    void killProcessByName(const char *filename)
    {
         //DWORD pID;
        HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0); //Takes a snapshot of the specified processes
        PROCESSENTRY32 pEntry;
        pEntry.dwSize = sizeof (pEntry);
        BOOL hRes = Process32First(hSnapShot, &pEntry);//Retrieves information about the first process encountered in a system snapshot
        while (hRes)
        {
            if (strcmp(pEntry.szExeFile, filename) == 0) //Search the executable file for the process.
            {
                HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, 0,
                                              (DWORD) pEntry.th32ProcessID);
                if (hProcess != NULL)
                {
                    TerminateProcess(hProcess, 9);
                    CloseHandle(hProcess);
                    printf("Process %s terminated!n", filename);
                }
            }
            hRes = Process32Next(hSnapShot, &pEntry);
        }
        CloseHandle(hSnapShot);
    }
    //List all Thread created in Windows
    void listAllThread(void)
    {
     HANDLE h = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
     if (h != INVALID_HANDLE_VALUE) {
      THREADENTRY32 te;
      te.dwSize = sizeof(te);
      if (Thread32First(h, &te)) {
       do {
         if (te.dwSize >= FIELD_OFFSET(THREADENTRY32, th32OwnerProcessID) +
                          sizeof(te.th32OwnerProcessID)) {
           printf("Process %li Thread %lin", te.th32OwnerProcessID, te.th32ThreadID);
         }
       te.dwSize = sizeof(te);
       } while (Thread32Next(h, &te));
      }
      CloseHandle(h);
     } else
      printf("List thread failed !!!");
    }

    //remove registry key name
    void removeRegistryName(const char *regName)
    {
         if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,TEXT("Software\Microsoft\Windows\CurrentVersion\Run"),0,KEY_ALL_ACCESS,&hOpenKey)==ERROR_SUCCESS)
              {

                   long delresult;
                   strncpy(lpValueName,regName,12);
                        delresult=RegDeleteValueA(hOpenKey,lpValueName);
                        if(delresult==ERROR_SUCCESS)

                             printf("Remove registry successfully!");
                        else
                        printf("Remove registry failed with error %li", delresult);
              }
              RegCloseKey(hOpenKey);
    }

int main(int argc, char* argv[]) {
     //Not enough arguments
     if (argc!=3) {
          printf("Not enough argument!!!");
          return 0;
     }
     //If option "-r" provided, remove the malware including:
     // process Lab03-01.exe, C:WindowsSystem32vmx32to64.exe, registry key name "VideoDrive"
     if (strncmp(argv[1],"-r",2) == 0){
          if(strncmp(argv[2],"Lab03-01",8)==0)
          {
               //listAllThread();
               killProcessByName("Lab03-01.exe");
               DeleteFileA("c:\Windows\System32\vmx32to64.exe");
               printf("File vmx32to64.exe in System32 deleted!n");
               removeRegistryName("VideoDriver");
          }
     } else printf("Incorrect argument!");
     return EXIT_SUCCESS;
}

          
          
Comments: