本来是想寒假时写的,结果一直懒得动手。
虽然手上有ghost源码,但是感觉功能不是我想要的,比如把精力费在学MFC写界面上不如改进下隐藏性。
基本的计划就是做一个后门程序,目的是用来进行权限维持的。目前来看是基于控制台的,而且要带有内核模块,应用层的主要问题就是没写过太大体量的程序导致搞起来很蛋疼,内核方面就是通用性坑爹,
蓝屏起来也要费时间。
第一部分就是封装的两个函数,文件操作和注册表管理。ghost是把这两个功能封装成两个类,我这里就直接用函数来实现了。
VS2015编译通过
1 //文件操作类函数
2 #include "windows.h"
3
4 //Mode操作模式
5 //0.新建文件 1.删除文件 2.写文件 3.读文件 4.移动文件 5.获取文件信息
6 #define CREATE_FILE 0
7 #define DELETE_FILE 1
8 #define WRITE_FILE 2
9 #define READ_FILE 3
10 #define MOVE_FILE 4
11 #define QUERY_FILE 5
12
13 #define FILE_SUCCESS 1
14 #define FILE_ERROR 0
15
16 //定义一个文件信息的结构,用于QUERY_FILE返回
17 typedef struct _FileInfo{
18 DWORD FileAttributes;
19 char *FileName;
20 char *TypeName;
21
22 } FILE_INFO,*PFILE_INFO;
23
24 DWORD FileControl(IN DWORD Mode,IN LPWSTR FilePath, IN OUT PVOID Buffer,IN __int64 FilePointer,IN OUT DWORD *Size)
25 {
26 HANDLE FileHandle = 0;
27 DWORD Return = 0;
28 SHFILEINFO MyFileInfo = { 0 };
29 PFILE_INFO FileInfo = 0;
30 __int64 TempPointer = FilePointer;
31 TempPointer = TempPointer & 0XFFFFFFFF;
32 __int64 *pTempPointer = &TempPointer;
33 switch (Mode)
34 {
35 case WRITE_FILE:
36 case READ_FILE:
37 case QUERY_FILE:
38 FileHandle=CreateFile(FilePath,
39 GENERIC_READ | GENERIC_WRITE | GENERIC_ALL,
40 FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE,
41 NULL,
42 OPEN_EXISTING,
43 FILE_ATTRIBUTE_NORMAL,
44 NULL
45 );
46 if (FileHandle== INVALID_HANDLE_VALUE)
47 {
48 Return = GetLastError();
49 return Return;
50 }
51 break;
52 case CREATE_FILE:
53 FileHandle = CreateFile(FilePath,
54 GENERIC_READ | GENERIC_WRITE | GENERIC_ALL,
55 FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE,
56 NULL,
57 CREATE_NEW,
58 FILE_ATTRIBUTE_NORMAL,
59 NULL
60 );
61 if (FileHandle == INVALID_HANDLE_VALUE)
62 {
63 Return = GetLastError();
64 return Return;
65 }
66 break;
67 default:
68 break;
69 }
70 switch (Mode)
71 {
72 case CREATE_FILE:
73 CloseHandle(FileHandle);
74 break;
75 case DELETE_FILE:
76 if (!DeleteFile(FilePath))
77 {
78 Return = GetLastError();
79 return Return;
80 }
81 break;
82 case MOVE_FILE:
83 if (!MoveFile(FilePath,(LPCWSTR)Buffer))
84 {
85 return FILE_ERROR;
86 }
87 break;
88 case QUERY_FILE:
89 SHGetFileInfo(FilePath,
90 NULL,
91 &MyFileInfo,
92 sizeof(MyFileInfo),
93 SHGFI_TYPENAME | SHGFI_DISPLAYNAME | SHGFI_ATTRIBUTES);
94 ///////////////////////////////////////////////////
95 /*
96 typedef struct _SHFILEINFO
97
98 {
99
100 HICON hIcon;//文件的图标句柄
101
102 int iIcon;//图标的系统索引号
103
104 DWORD dwAttributes;//文件的属性值
105
106 char szDisplayName[MAX_PATH];//文件的显示名
107
108 char szTypeName[80];//文件的类型名
109
110 } SHFILEINFO;
111 */
112 /////////////////////////////////////////////
113 FileInfo=(PFILE_INFO)HeapAlloc(GetProcessHeap(),
114 HEAP_ZERO_MEMORY,
115 sizeof(FILE_INFO));
116 if (!FileInfo)
117 {
118 return FILE_ERROR;
119 }
120 memset(FileInfo, 0, sizeof(FILE_INFO));
121 FileInfo->FileAttributes = MyFileInfo.dwAttributes;
122 FileInfo->FileName = (char *)HeapAlloc(GetProcessHeap(),
123 HEAP_ZERO_MEMORY,
124 sizeof(MyFileInfo.szDisplayName));
125 memcpy(FileInfo->FileName,
126 MyFileInfo.szDisplayName,
127 sizeof(MyFileInfo.szDisplayName));
128 FileInfo->TypeName = (char *)HeapAlloc(GetProcessHeap(),
129 HEAP_ZERO_MEMORY,
130 sizeof(MyFileInfo.szTypeName));
131 memcpy(FileInfo->TypeName,
132 MyFileInfo.szTypeName,
133 sizeof(MyFileInfo.szTypeName));
134 ((DWORD *)Buffer)[0] = (DWORD)FileInfo;
135 CloseHandle(FileHandle);
136 break;
137 case READ_FILE:
138 if ((!FilePointer)||(!Size))
139 {
140 return FILE_ERROR;
141 }
142 if (SetFilePointer(FileHandle,
143 (LONG)(FilePointer >> 32),
144 (LONG *)pTempPointer,
145 FILE_BEGIN
146 ) == HFILE_ERROR)
147 {
148 return GetLastError();
149 }
150 memset(Buffer,
151 0,
152 *Size);
153 if (!ReadFile(FileHandle,
154 (LPVOID)Buffer,
155 *Size,
156 Size,
157 NULL))
158 {
159 return GetLastError();
160 }
161 CloseHandle(FileHandle);
162 break;
163 case WRITE_FILE:
164 if ((!FilePointer) || (!Size))
165 {
166 return FILE_ERROR;
167 }
168 if (SetFilePointer(FileHandle,
169 (LONG)(FilePointer >> 32),
170 (LONG *)pTempPointer,
171 FILE_BEGIN
172 ) == HFILE_ERROR)
173 {
174 return GetLastError();
175 }
176 if (!WriteFile(FileHandle,
177 (LPCVOID)Buffer,
178 *Size,
179 Size,
180 NULL))
181 {
182 return GetLastError();
183 }
184 default:
185 return FILE_ERROR;
186 }
187 return FILE_SUCCESS;
188 }
189 DWORD IfFile(DWORD Return)
190 {
191 switch (Return)
192 {
193 case FILE_SUCCESS:
194 return 1;
195 case FILE_ERROR:
196 return 0;
197 default:
198 return -1;
199 }
200 }
1 //注册表操作的封装函数
2 #include "windows.h"
3
4 #define DUQV 0
5 #define MEIJVZIJIAN 1
6 #define MEIJVJIANXIANG 2
7 #define PANDUANCUNZAI 3
8 //读取注册表的指定键的数据(Mode:0-读键值数据 1-牧举子键 2-牧举指定键项 3-判断该键是否存在)
9 int ReadReg(HKEY MainKey, LPCTSTR SubKey, LPCTSTR Vname, DWORD Type, char *szData, LPBYTE szBytes, DWORD lbSize, int Mode)
10 {
11 HKEY hKey;
12 int iResult = 0;
13 char KeyName[32], ValueSz[MAX_PATH], ValueTemp[MAX_PATH];
14 DWORD szSize, KnSize, dwIndex = 0;
15 memset(KeyName, 0, sizeof(KeyName));
16 memset(ValueSz, 0, sizeof(ValueSz));
17 memset(ValueTemp, 0, sizeof(ValueTemp));
18 if (RegOpenKeyEx(MainKey,SubKey,0,KEY_READ,&hKey)!=ERROR_SUCCESS)
19 {
20 return -1;
21 }
22 switch (Mode)
23 {
24 case DUQV:
25 switch (Type)
26 {
27 case REG_SZ:
28 case REG_EXPAND_SZ:
29 szSize = sizeof(ValueSz);
30 if (RegQueryValueEx(hKey,Vname,NULL,&Type,(LPBYTE)ValueSz,&szSize)==ERROR_SUCCESS)
31 {
32 return -1;
33 }
34 break;
35 case REG_MULTI_SZ:
36 szSize = sizeof(ValueSz);
37 if (RegQueryValueEx(hKey,Vname,NULL,&Type,(LPBYTE)ValueSz,&szSize)==ERROR_SUCCESS)
38 {
39 return -1;
40 }
41 break;
42 case REG_BINARY:
43 szSize = lbSize;
44 if (RegQueryValueEx(hKey,Vname,NULL,&Type,szBytes,&szSize)==ERROR_SUCCESS)
45 {
46 return -1;
47 }
48 break;
49 }
50 break;
51 case MEIJVZIJIAN:
52 while (1)
53 {
54 memset(ValueSz, 0, sizeof(ValueSz));
55 szSize = sizeof(ValueSz);
56 if (RegEnumKeyExA(hKey,dwIndex++,ValueSz,&szSize,NULL,NULL,NULL,NULL)!=ERROR_SUCCESS)
57 {
58 break;
59 }
60 wsprintf((LPWSTR)ValueTemp, L"[%s]\r\n", ValueSz);
61 strcat(szData, ValueTemp);
62 iResult = -1;
63 }
64 break;
65 case MEIJVJIANXIANG:
66 while (1)
67 {
68 memset(KeyName, 0, sizeof(KeyName));
69 memset(ValueSz, 0, sizeof(ValueSz));
70 memset(ValueTemp, 0, sizeof(ValueTemp));
71 KnSize = sizeof(KeyName);
72 szSize = sizeof(ValueSz);
73 if (RegEnumValue(hKey,dwIndex++,(LPWSTR)KeyName,&KnSize,NULL,&Type,(LPBYTE)ValueSz,&szSize)!=ERROR_SUCCESS)
74 {
75 break;
76 }
77 switch (Type)
78 {
79 case REG_SZ:
80 wsprintf((LPWSTR)ValueTemp, L"%-24s %-15s %s \r\n", KeyName, "REG_SZ", ValueSz);
81 break;
82 case REG_EXPAND_SZ:
83 wsprintf((LPWSTR)ValueTemp, L"%-24s %-15s %s \r\n", KeyName, "REG_EXPAND_SZ", ValueSz);
84 break;
85 case REG_DWORD:
86 wsprintf((LPWSTR)ValueTemp, L"%-24s %-15s 0x%x(%d) \r\n", KeyName, "REG_DWORD", ValueSz, int(ValueSz));
87 break;
88 case REG_MULTI_SZ:
89 wsprintf((LPWSTR)ValueTemp, L"%-24s %-15s \r\n", KeyName, "REG_MULTI_SZ");
90 break;
91 case REG_BINARY:
92 wsprintf((LPWSTR)ValueTemp, L"%-24s %-15s \r\n", KeyName, "REG_BINARY");
93 break;
94 default:
95 break;
96 }
97 lstrcat((LPWSTR)szData, (LPWSTR)ValueTemp);
98 iResult = 1;
99 }
100 break;
101 case PANDUANCUNZAI:
102 iResult = 1;
103 break;
104 default:
105 break;
106 }
107 RegCloseKey(MainKey);
108 RegCloseKey(hKey);
109 return iResult;
110 }
时间: 2024-10-17 09:52:56