Some Trojans will only have a client program after decompression, and users can work from some of the settings in the client to generate targeted relatively strong server programs, such as specific ports, hitting the Mail, password, SMTP. Server, etc.. In this article, I will briefly explore the implementation of this technology. In fact, this technology is not mysterious, because it is said that this technology is just a custom resource for executable files. That is, the client program itself is tied to a custom binary data, which is essentially a server template. After the user has been set up, the client fills the set of these specific data completed into this template, and then generates this sectionally configured binary data template to generate a specific server program by writing the operation of the write file. . For example, the post office has a lot of blank envelopes. After you buy an envelope, fill in the postal code, the recipient address and name on the envelope, and then load your letter into the envelope, which becomes a letter you unique. - I hope I explain this to let you understand that I will undergo a general process of operation below. Below I want to implement a demo "MSGBox Builder", you can make MessageBox's title and text settings on the client, and then the program will generate a "Hello," Hello, "Hello," Hello, World program, this pop-up MessageBox is what you were set to the client. The running interface is as follows: Ok, then I will first design this server template. In order to imitate Trojans, I use Win32 ASM to write this template, the program is as follows: .386.Model flat, stdcalloption casemap: noneinclud /masm32/include/windows.incinclude /masm32/include/kernel32.incincluderib / Masm32 / lib / kernel32.libinclude /masm32/include/user32.incincludelib /masm32/lib/user32.lib.dataszTitle db 100 dup ( 'A') szText db 100 dup ( 'B') codestart:. invoke MessageBox, NULL, addr szText, addr Sztitle, MB_OK or MB_ICONIONFORMATIONINVOKE EXITPROCESS, NULLEND Start As you can see, ICZelion is "Hello, World" written in his Win32 compilation tutorial, I only have a change: .datasztitle DB 100 DUP ('A') SzText DB 100 DUP ('b') These two lines of code may make you quite unexpected, then let me leave it later. Now you can compile this source code to generate a msgbox.exe file - this template is left back. Let me explain the use of custom resources. Before this, I first introduced several APIs I want to use: · FindResource: Find a resource. · SIZEOFRESOURCE: Get the size of the resource. · LoadResource: Loading resources. · LockResource: Lock the resource. Ok, you can understand the detailed functions and parameters of these functions by reviewing MSDN, here I haven't described it. My entire idea is as follows: 1. Compile the msgbox.exe template as a binary resource of the client program. 2. When generating the MSGBox.exe server, use the above API functions to read this binary resource data. 3. Re-process this binary data by the data set by the user.
4. Save this new binary data as a file. Now I will implement step 1. First, you change the template msgbox.exe to msgbox.bin as a binary and put this file into the folder of the client source code. Then, import this binary resource to the client's resource script (.rc file), as shown below: At this time, the VC will pop up a dialog prompt, as shown below: You can fill your resource casually in "Resource Type" Type, this type name is the type of resource us used in the third parameter of the FindResource function, and I am here as "Server" as an example. This way, I can use this template in the way of resources. My code is as follows: hrsrc hresinfo; hglobal hresdata; dword dwsize, dwwritten; lpbyte p; handle hndle; tchar sztitle [100], sztext [100]; // Find the required resources hRESINFO = FindResource (null, makeintResource (iDR_server) , "Server"); if (hresinfo == null) {MessageBox (HDLG, "Finding Resource Failed!", "Error", MB_ok | MB_ICONInformation; Break;} // Get Resource Size DWSIZE = SizeOfResource (Null, HRESInfo) ; // Loading resources hresdata = loading (null, hresinfo); if (hresdata == null) {MessageBox (HDLG, "Loading Resource Failed!", "Error", MB_ok | MB_ICONITION; BREAK;} / / For data allocation Space P = (LPBYTE) Globalalloc (GPTR, DWSIZE); if (p == null) {MessageBox (HDLG, "Assign Insepass!", "Error", MB_OK | MB_ICONITIONS; BREAK;} // Copy Resource Data CopyMemory (LPVOID) P, (LPCVOID) LockResource (HRESDATA), DWSIZE); Ok, now I have left a template's data copy so that we can handle this template as needed. Below I need to solve the problem is how to find the title of the source code and the location of the text in the source code to rewrite it? Ah, this is what I define the intention of the series of 'A' and 'B'. Now you can open the binary resource msgbox.bin to see a look, I believe you will find something like this in a location: Yes, this is to say that the relative offset of the title is 0x800, the relative offset of text. The amount is 0x864.
Then, my remaining code is as follows: // Get the title and text, and copy the data getDlgitemtext (HDLG, IDC_EDT_TITLE, SZTITE, 100); getDLGItemText (HDLG, IDC_EDT_Text, Sztext, 100); CopyMemory ((lpvoid) (P 0x800) , (Lpcvoid) SZTITLE, 100); CopyMemory (P 0x864), (LPCVOID) Sztext, 100); // Create a file, write data HFile = CreateFile ("c: //msgbox.exe", generic_write , 0, null; if (hfile! = Null) Writefile (HFile, (LPCVOID) P, DWSIZE, & DWWWWWRITEN, NULL, ELSE {MessageBox (HDLG, "Create File Failed!", "Error ", MB_ok | MB_ICONITION; GlobalFree ((hglobal) p); Break;} // Tailing work, release resource closehandle (hfile); GlobalFree (hglobal); talking about this technology, this technology is basically Already finished. The same is true of the server server settings, but it is called the MSGBOX headings and text here to the corresponding port number, email address, and more. The part of the code is more intuitive, so there is not much explanation, I hope to look at the official Haihan. Click to download sample code
