我用WinAPI和WinSock 2.2制作了一个Windows程序。但是当我调用accept()函数并编译程序时,AntiVir告诉我它在我的应用程序中发现了病毒(" BDS / Backdoor.Gen")。
这是我的代码的重要部分:
...
DWORD WINAPI winMsgServerAcceptThread(LPVOID);
SOCKET mSocket;
SOCKET mSocket2;
WSADATA wsaData;
sockaddr_in socketService;
...
LRESULT CALLBACK WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
...
switch(uMsg)
{
case WINMSG_WM_INITSOCKET:
{
int wsaErr = WSAStartup(MAKEWORD(2, 2), &wsaData);
if(wsaErr != 0)
{
swprintf(statusBuffer, 10000, L"%s\r\n\r\nError: WSAStartup() returned code 0x%x!", statusBuffer, WSAGetLastError());
SendMessage(hwnd, WINMSG_WM_UPDATE_STATUS, 0, 0);
WSACleanup();
return 0;
}
if(LOBYTE(wsaData.wVersion) != 2 || HIBYTE(wsaData.wVersion) != 2)
{
swprintf(statusBuffer, 10000, L"%s\r\n\r\nError: System doesn't support WinSock version 2.2!", statusBuffer);
SendMessage(hwnd, WINMSG_WM_UPDATE_STATUS, 0, 0);
WSACleanup();
return 0;
}
mSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(mSocket == INVALID_SOCKET)
{
swprintf(statusBuffer, 10000, L"%s\r\n\r\nError: socket() returned code 0x%x!", statusBuffer, WSAGetLastError());
SendMessage(hwnd, WINMSG_WM_UPDATE_STATUS, 0, 0);
closesocket(mSocket);
WSACleanup();
return 0;
}
//Read own IP
wchar_t ownIPWC[20];
hostent *thisHost = gethostbyname("");
strcpy(ownIP, inet_ntoa(*(struct in_addr*)*thisHost->h_addr_list));
mbstowcs(ownIPWC, ownIP, 20);
swprintf(statusBuffer, 10000, L"%s\r\n\r\nSocket with IP %s successfully initialized!", statusBuffer, ownIPWC);
SendMessage(hwnd, WINMSG_WM_UPDATE_STATUS, 0, 0);
return 0;
}
...
case WINMSG_WM_CREATE_CONNECTION:
{
wchar_t serverIPString[20];
swprintf(statusBuffer, 10000, L"%s\r\n\r\nEstablish connection...", statusBuffer);
SendMessage(hwnd, WINMSG_WM_UPDATE_STATUS, 0, 0);
socketService.sin_family = AF_INET;
socketService.sin_addr.s_addr = inet_addr(WINMSG_RECV_IP);
socketService.sin_port = htons(WINMSG_STD_PORT);
if(connect(mSocket, (SOCKADDR*)&socketService, sizeof(socketService)) == SOCKET_ERROR) //Am I client?
{
closesocket(mSocket);
mSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
socketService.sin_addr.s_addr = inet_addr(ownIP);
mbstowcs(serverIPString, ownIP, 20);
if(bind(mSocket, (SOCKADDR*)&socketService, sizeof(socketService)) == SOCKET_ERROR) //No, I am server
{
swprintf(statusBuffer, 10000, L"%s\r\n\r\nError: bind() returned code 0x%x!", statusBuffer, WSAGetLastError());
SendMessage(hwnd, WINMSG_WM_UPDATE_STATUS, 0, 0);
closesocket(mSocket);
WSACleanup();
return 0;
}
else
{
if(listen(mSocket, 10) == SOCKET_ERROR)
{
swprintf(statusBuffer, 10000, L"%s\r\n\r\nError: listen() returned code 0x%x!", statusBuffer, WSAGetLastError());
SendMessage(hwnd, WINMSG_WM_UPDATE_STATUS, 0, 0);
closesocket(mSocket);
WSACleanup();
return 0;
}
else
{
swprintf(statusBuffer, 10000, L"%s\r\n\r\nlisten() successful! Wait for client...", statusBuffer);
SendMessage(hwnd, WINMSG_WM_UPDATE_STATUS, 0, 0);
CreateThread(NULL, NULL, winMsgServerAcceptThread, 0, 0, &winMsgServerAcceptThreadID);
return 0;
}
}
}
else
{
swprintf(statusBuffer, 10000, L"%s\r\n\r\nConnection with %s:%d established!", statusBuffer, serverIPString, WINMSG_STD_PORT);
connectionAvailable = 1;
SendMessage(hwnd, WINMSG_WM_UPDATE_STATUS, 0, 0);
return 0;
}
return 0;
}
}
}
DWORD WINAPI winMsgServerAcceptThread(LPVOID lpParam)
{
mSocket2 = SOCKET_ERROR;
while(mSocket2 == SOCKET_ERROR)
mSocket2 = accept(mSocket, NULL, NULL);
closesocket(mSocket);
SendMessage(hwnd, WINMSG_WM_CLIENT_ACCEPTED, NULL, NULL);
return 0;
}
如果我删除" winMsgServerAcceptThread"中的accept() - 函数,则可以执行该程序并且不会检测到病毒。
我需要更改什么才能让AntiVir不再检测到我的程序?
编辑1: 以下是该程序的缩小版本:
#ifndef UNICODE
#define UNICODE
#endif
#pragma comment (lib, "wsock32.lib")
#include <stdio.h>
#include <winsock2.h>
int main()
{
SOCKET mSocket;
SOCKET acceptSocket;
WSADATA wsaData;
sockaddr_in socketService;
int wsaErr;
wchar_t serverIP[50];
wsaErr = WSAStartup(MAKEWORD(2, 2), &wsaData);
if(wsaErr == 0)
printf("Winsock DLL found!\n");
mSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(mSocket != INVALID_SOCKET)
printf("socket() successful!\n");
socketService.sin_family = AF_INET;
socketService.sin_addr.s_addr = inet_addr("127.0.0.1");
socketService.sin_port = htons(55555);
if(bind(mSocket, (SOCKADDR*)&socketService, sizeof(socketService)) != SOCKET_ERROR)
printf("bind() with 127.0.0.1:55555 successful!\n");
if(listen(mSocket, 10) != SOCKET_ERROR)
printf("listen() successful!\nWait for client...\n");
while(1)
{
acceptSocket = SOCKET_ERROR;
while(acceptSocket == SOCKET_ERROR)
acceptSocket = accept(mSocket, NULL, NULL);
break;
}
mSocket = acceptSocket;
printf("Connected with client!");
return 0;
}