ChiChou/ujs_library.cpp

## ujs_library.cpp
#include <iostream>
#include <Shlwapi.h>
#include <Shlobj.h>
#include <Tlhelp32.h>
#include <Pathcch.h>

#pragma comment(lib, "Shlwapi.lib")
#pragma comment(lib, "Pathcch.lib")

#define SHORT_NAME 32
#define SOME_RANDOM_PATH_THAT_CAN_NOT_BE_REACHED L"1HK441C454PZM2T9"
#define PATTERN_PROCESS_NAME L"%s.exe"
#define PATTERN_FOLDER_NAME L"%s.exe.manifest"
#define CXSTAR_DIR L"cxstar"
#define PROCESS_EXPLORER L"explorer.exe"

using namespace std;

bool KillProcessByName(WCHAR *name)
{
    HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, NULL);
    PROCESSENTRY32 pEntry;
    pEntry.dwSize = sizeof(pEntry);
    BOOL hRes = Process32First(hSnapShot, &pEntry);
    DWORD dwPID;

    while (hRes)
    {
        // match
        if (_wcsicmp(pEntry.szExeFile, name) == 0)
        {
            dwPID = pEntry.th32ProcessID;
            HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, 0, dwPID);

            if (hProcess)
            {
                TerminateProcess(hProcess, 9);
                CloseHandle(hProcess);
                wcout << "SUCCESS: The process " << name << " with PID "
                    << dwPID << " has been terminated.";
            }
            else {
                // need privilege
                cout << "ERROR: Unable to open process [" << dwPID << "]" << endl;
                return false;
            }
        }

        hRes = Process32Next(hSnapShot, &pEntry);
    }
    CloseHandle(hSnapShot);
    return true;
}
/*
* kills processes in black list
*/
bool TernimateProcesses()
{
    WCHAR blacklist[][SHORT_NAME] = {
        L"WP9Service",
        L"StatusTray",
        L"Client",
        L"cliGold",
        L"ravmsg",
        L"net",
        L"net1",
        L"notepad",
    };

    bool result = true;
    WCHAR szProcessName[MAX_PATH];
    for (auto name : blacklist) {
        swprintf_s(szProcessName, MAX_PATH, PATTERN_PROCESS_NAME, name);
        result &= KillProcessByName(szProcessName);
    }

    return result;
}

/*
* prevent programs in blacklist from relaunch
*/
bool MakeImmunityFolders()
{
    WCHAR blacklist[][SHORT_NAME] = {
        L"ravmsg",
        L"cliGold",
        L"client",
        L"net",
        L"net1"
    };

    WCHAR szSystem32[MAX_PATH];
    if (!SUCCEEDED(SHGetFolderPath(NULL,
        CSIDL_SYSTEM,
        NULL,
        0,
        szSystem32)))
    {
        wcout << L"ERROR: Unable to locate SYSTEM32." << endl;
        return false;
    }

    wcout << L"Creating immunity directory: " << endl;
    WCHAR szFolderPath[MAX_PATH], szFolderName[SHORT_NAME];

    for (auto name : blacklist) {
        swprintf_s(szFolderName, SHORT_NAME, PATTERN_FOLDER_NAME, name);
        wcscpy_s(szFolderPath, szSystem32);
        PathCchAppend(szFolderPath, MAX_PATH, szFolderName);
        wcout << L"> " << szFolderPath << endl;
        if (SHCreateDirectoryEx(NULL, szFolderPath, NULL) != ERROR_SUCCESS) {
            wcout << "ERROR: No enough privilege to create following folder:"
                << endl << szFolderPath << endl;
            return false;
        }
    }
    return true;
}

/*
* remove C:\cxstar
*/
bool RemoveModuleDir()
{
    WCHAR szCxstarPath[MAX_PATH];
    if (!SUCCEEDED(SHGetFolderPath(NULL,
        CSIDL_SYSTEM,
        NULL,
        0,
        szCxstarPath)))
    {
        wcout << L"ERROR: Unable to locate SYSTEM32." << endl;
        return false;
    }

    // Strip to C:
    PathStripToRoot(szCxstarPath);

    WCHAR szDest[MAX_PATH];
    wcscpy_s(szDest, MAX_PATH, szCxstarPath);

    PathCchAppend(szCxstarPath, MAX_PATH, CXSTAR_DIR); // src
    PathCchAppend(szDest, MAX_PATH, SOME_RANDOM_PATH_THAT_CAN_NOT_BE_REACHED); // dest

    wcout << L"Moving " << szCxstarPath << L" to " << szDest << endl;

    if (PathFileExists(szCxstarPath)) {
        KillProcessByName(PROCESS_EXPLORER); // temporary kill explorer
        if (MoveFile(szCxstarPath, szDest)) {
            cout << "ERROR: " << GetLastError();
            return false;
        }
        ShellExecute(NULL, L"OPEN", PROCESS_EXPLORER, NULL, NULL, SW_NORMAL); // restore windows shell
    }

    return true;
}

int main(void)
{
    if (MakeImmunityFolders() &&
        TernimateProcesses() &&
        RemoveModuleDir()) {
        cout << "Have fun!" << endl;
    }
    return 0;
}
	#include <iostream>
	#include <Shlwapi.h>
	#include <Shlobj.h>
	#include <Tlhelp32.h>
	#include <Pathcch.h>

	#pragma comment(lib, "Shlwapi.lib")
	#pragma comment(lib, "Pathcch.lib")

	#define SHORT_NAME 32
	#define SOME_RANDOM_PATH_THAT_CAN_NOT_BE_REACHED L"1HK441C454PZM2T9"
	#define PATTERN_PROCESS_NAME L"%s.exe"
	#define PATTERN_FOLDER_NAME L"%s.exe.manifest"
	#define CXSTAR_DIR L"cxstar"
	#define PROCESS_EXPLORER L"explorer.exe"

	using namespace std;

	bool KillProcessByName(WCHAR *name)
	{
	HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, NULL);
	PROCESSENTRY32 pEntry;
	pEntry.dwSize = sizeof(pEntry);
	BOOL hRes = Process32First(hSnapShot, &pEntry);
	DWORD dwPID;

	while (hRes)
	{
	// match
	if (_wcsicmp(pEntry.szExeFile, name) == 0)
	{
	dwPID = pEntry.th32ProcessID;
	HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, 0, dwPID);

	if (hProcess)
	{
	TerminateProcess(hProcess, 9);
	CloseHandle(hProcess);
	wcout << "SUCCESS: The process " << name << " with PID "
	<< dwPID << " has been terminated.";
	}
	else {
	// need privilege
	cout << "ERROR: Unable to open process [" << dwPID << "]" << endl;
	return false;
	}
	}

	hRes = Process32Next(hSnapShot, &pEntry);
	}
	CloseHandle(hSnapShot);
	return true;
	}
	/*
	* kills processes in black list
	*/
	bool TernimateProcesses()
	{
	WCHAR blacklist[][SHORT_NAME] = {
	L"WP9Service",
	L"StatusTray",
	L"Client",
	L"cliGold",
	L"ravmsg",
	L"net",
	L"net1",
	L"notepad",
	};

	bool result = true;
	WCHAR szProcessName[MAX_PATH];
	for (auto name : blacklist) {
	swprintf_s(szProcessName, MAX_PATH, PATTERN_PROCESS_NAME, name);
	result &= KillProcessByName(szProcessName);
	}

	return result;
	}

	/*
	* prevent programs in blacklist from relaunch
	*/
	bool MakeImmunityFolders()
	{
	WCHAR blacklist[][SHORT_NAME] = {
	L"ravmsg",
	L"cliGold",
	L"client",
	L"net",
	L"net1"
	};

	WCHAR szSystem32[MAX_PATH];
	if (!SUCCEEDED(SHGetFolderPath(NULL,
	CSIDL_SYSTEM,
	NULL,
	0,
	szSystem32)))
	{
	wcout << L"ERROR: Unable to locate SYSTEM32." << endl;
	return false;
	}

	wcout << L"Creating immunity directory: " << endl;
	WCHAR szFolderPath[MAX_PATH], szFolderName[SHORT_NAME];

	for (auto name : blacklist) {
	swprintf_s(szFolderName, SHORT_NAME, PATTERN_FOLDER_NAME, name);
	wcscpy_s(szFolderPath, szSystem32);
	PathCchAppend(szFolderPath, MAX_PATH, szFolderName);
	wcout << L"> " << szFolderPath << endl;
	if (SHCreateDirectoryEx(NULL, szFolderPath, NULL) != ERROR_SUCCESS) {
	wcout << "ERROR: No enough privilege to create following folder:"
	<< endl << szFolderPath << endl;
	return false;
	}
	}
	return true;
	}

	/*
	* remove C:\cxstar
	*/
	bool RemoveModuleDir()
	{
	WCHAR szCxstarPath[MAX_PATH];
	if (!SUCCEEDED(SHGetFolderPath(NULL,
	CSIDL_SYSTEM,
	NULL,
	0,
	szCxstarPath)))
	{
	wcout << L"ERROR: Unable to locate SYSTEM32." << endl;
	return false;
	}

	// Strip to C:
	PathStripToRoot(szCxstarPath);

	WCHAR szDest[MAX_PATH];
	wcscpy_s(szDest, MAX_PATH, szCxstarPath);

	PathCchAppend(szCxstarPath, MAX_PATH, CXSTAR_DIR); // src
	PathCchAppend(szDest, MAX_PATH, SOME_RANDOM_PATH_THAT_CAN_NOT_BE_REACHED); // dest

	wcout << L"Moving " << szCxstarPath << L" to " << szDest << endl;

	if (PathFileExists(szCxstarPath)) {
	KillProcessByName(PROCESS_EXPLORER); // temporary kill explorer
	if (MoveFile(szCxstarPath, szDest)) {
	cout << "ERROR: " << GetLastError();
	return false;
	}
	ShellExecute(NULL, L"OPEN", PROCESS_EXPLORER, NULL, NULL, SW_NORMAL); // restore windows shell
	}

	return true;
	}

	int main(void)
	{
	if (MakeImmunityFolders() &&
	TernimateProcesses() &&
	RemoveModuleDir()) {
	cout << "Have fun!" << endl;
	}
	return 0;
	}