BOOL
ApiHammering(DWORD dwStress) {
WCHAR szPath [MAX_PATH
*
2
],
szTmpPath [MAX_PATH];
HANDLE hRFile
=
INVALID_HANDLE_VALUE,
hWFile
=
INVALID_HANDLE_VALUE;
DWORD dwNumberOfBytesRead
=
NULL,
dwNumberOfBytesWritten
=
NULL;
PBYTE pRandBuffer
=
NULL;
SIZE_T sBufferSize
=
0xFFFFF
;
INT
Random
=
0
;
if
(!GetTempPathW(MAX_PATH, szTmpPath)) {
printf(
"[!] GetTempPathW Failed With Error : %d \n"
, GetLastError());
return
FALSE;
}
wsprintfW(szPath, L
"%s%s"
, szTmpPath, TMPFILE);
for
(SIZE_T i
=
0
; i < dwStress; i
+
+
){
if
((hWFile
=
CreateFileW(szPath, GENERIC_WRITE, NULL, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_TEMPORARY, NULL))
=
=
INVALID_HANDLE_VALUE) {
printf(
"[!] CreateFileW Failed With Error : %d \n"
, GetLastError());
return
FALSE;
}
pRandBuffer
=
HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sBufferSize);
Random
=
rand()
%
0xFF
;
memset(pRandBuffer, Random, sBufferSize);
if
(!WriteFile(hWFile, pRandBuffer, sBufferSize, &dwNumberOfBytesWritten, NULL) || dwNumberOfBytesWritten !
=
sBufferSize) {
printf(
"[!] WriteFile Failed With Error : %d \n"
, GetLastError());
printf(
"[i] Written %d Bytes of %d \n"
, dwNumberOfBytesWritten, sBufferSize);
return
FALSE;
}
RtlZeroMemory(pRandBuffer, sBufferSize);
CloseHandle(hWFile);
if
((hRFile
=
CreateFileW(szPath, GENERIC_READ, NULL, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE, NULL))
=
=
INVALID_HANDLE_VALUE) {
printf(
"[!] CreateFileW Failed With Error : %d \n"
, GetLastError());
return
FALSE;
}
if
(!ReadFile(hRFile, pRandBuffer, sBufferSize, &dwNumberOfBytesRead, NULL) || dwNumberOfBytesRead !
=
sBufferSize) {
printf(
"[!] ReadFile Failed With Error : %d \n"
, GetLastError());
printf(
"[i] Read %d Bytes of %d \n"
, dwNumberOfBytesRead, sBufferSize);
return
FALSE;
}
RtlZeroMemory(pRandBuffer, sBufferSize);
HeapFree(GetProcessHeap(), NULL, pRandBuffer);
CloseHandle(hRFile);
}
return
TRUE;
}
int
main() {
if
(!ApiHammering(SECTOSTRESS(
5
))) {
return
-
1
;
}
/
/
执行shellcode
}