[Copy] grayFox's Code

I was informed that the website where grayfox's blog is located is http://www.huihu32.cn. The NetBIOS MAC address retrieval code uses NetBIOS programming to obtain the MAC address VC code, from hacker programming entry. The original code has two errors during compiling in the vc6.0 environment, after debugging, use forced type conversion to obtain the output result.

# Include <windows. h>
# Include <wincon. h>
# Include <stdlib. h>
# Include <stdio. h>
# Include <time. h>

# Pragma comment (Lib, "netapi32 ")

Typedef struct _ astat _
{
Adapter_status adapt;
Name_buffer namebuff [30];
} Astat, * pastat;

Astat adapter;

Void main (void)
{
NCB;
Uchar uretcode;

Memset (& NCB, 0, sizeof (NCB ));
NCB. ncb_command = ncbreset;
Ncb. ncb_lana_num = 0;
URetCode = Netbios (& ncb );
Printf ("The NCBRESET return code is: 0x % x/n", uRetCode );

Memset (& ncb, 0, sizeof (ncb ));
Ncb. ncb_command = NCBASTAT;
Ncb. ncb_lana_num = 0;
Strcpy (char *) ncb. ncb_callname, "*"); // Error
Ncb. ncb_buffer = (unsigned char *) & Adapter; // Error
Ncb. ncb_length = sizeof (Adapter );
URetCode = Netbios (& ncb );
Printf ("The NCBASTAT return code is: 0x % x/n", uRetCode );

If (uRetCode = 0)
{
Printf ("the Ethernet number is: % 02x-% 02x-% 02x-% 02x-% 02x-% 02x/n ",
Adapter. Adapt. adapter_address [0],
Adapter. Adapt. adapter_address [1],
Adapter. Adapt. adapter_address [2],
Adapter. Adapt. adapter_address [3],
Adapter. Adapt. adapter_address [4],
Adapter. Adapt. adapter_address [5]);
}
} Code for Traversing files in the VC 6.0 environment

Program Author: gray fox

I wrote it in the past. Today, I turned it out to be a USB flash drive thief. It took some time to complete it as soon as I saw so many imperfections, allows you to traverse all directories and files in a specified path. Save it here for future backup.

# Include <stdio. h>
# Include <windows. h>

Void searchfile (char filedir [max_path], char filetype [max_path])
{
Char buffer [max_path];
Sprintf (buffer, "% S // % s", filedir, filetype );

Handle hfind;
Win32_find_data dat;
Int filenum = 0, dirnum = 0;
Hfind =: findfirstfile (buffer, & dat );
If (hfind = invalid_handle_value)
{
Printf ("find error! /N ");
Return;
}
Else
{
Char newbuf [max_path];
Do
{
If (dat. dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
{
If (dat. cFileName [0] = '.')
Continue;
Else
{
Sprintf (NewBuf, "% s // % s", FileDir, dat. cFileName );
Printf ("NewDirectory: % s/n", NewBuf );
Dirnum ++;
Searchfile (newbuf ,"*.*");
}
}
Else
{
Sprintf (buffer, "% S // % s", filedir, dat. cfilename );
Filenum ++;
Printf ("find file: % s/n", buffer );
}
} While (: findnextfile (hfind, & dat ));
}

Printf ("/nfind % d files and % d dirs! /N ", filenum, dirnum );
}

Void main ()
{
Searchfile ("C: // windows // System32 ","*.*");
}

Simple console traffic flushing program code

Dyong (http://dyong.syclover.cn)
Source: cuit (http://icuit.cn)

# Include <stdio. h>
# Include <winsock2.h>
# Include <WINBASE. h>
# Pragma comment (Lib, "ws2_32 ")
// # Define buf_size 1024
# Define refreshtimes 10 // Number of refreshes
Char host [128];
Char path [128];
Void main (INT argc, char * argv [])
{
Handle hthread [refreshtimes];
DWORD dwthread [refreshtimes];
DWORD winapi sendthread (lpvoid lpparam );
Void setparam (); // set host and Path
Int I;
Setparam ();
For (I = 0; I <refreshtimes; I ++)
{
Hthread = createthread (null, 0, sendthread, (lpvoid) I, 0, & dwthread );
If (hthread = NULL)
{
Printf ("/tcreatethread failed./N ");
Exit (0 );
}
Sleep (100); // ms to create the next thread
CloseHandle (hThread );
}
}
Dword winapi SendThread (LPVOID lpParam) // data sending thread
{
WSADATA wsd;
SOCKET local;
SOCKADDR_IN addr;
HOSTENT * Host = NULL;
If (WSAStartup (MAKEWORD (2, 2), & wsd )! = 0)
{
Printf ("/tFailed To Load Winsock Library! /N ");
Exit (0 );
}
Local = socket (AF_INET, SOCK_STREAM, 0 );
If (local = invalid_socket)
{
Printf ("/tfailed to create socket/N ");
Exit (0 );
}
ADDR. sin_family = af_inet;
ADDR. sin_port = htons (80 );
ADDR. sin_addr.s_un.s_addr = inet_addr (host );
If (ADDR. sin_addr.s_un.s_addr = inaddr_none)
{
Host = gethostbyname (host );
If (host = NULL)
{
Printf ("/tunable to resolve server: % s/n", host );
Return 0;
}
CopyMemory (& addr. sin_addr, Host-> h_addr_list [0], Host-> h_length );
Printf ("/tSend To: % s/n", inet_ntoa (addr. sin_addr ));
}
If (SOCKET_ERROR = connect (local, (sockaddr *) & addr, sizeof (SOCKADDR )))
{
Printf ("/tFailed To Connect To The Server! /N ");
Exit (0 );
}
Char SendBuf [512];
Memset (SendBuf, '/0', 512 );
Strcpy (SendBuf, "GET ");
Char PartOne [] = "HTTP/1.1/r/nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/msword, application/vnd. ms-excel, application/vnd. ms-powerpoint, */r/nAccept-Language: zh-cn/r/nAccept-Encoding: gzip, deflate/r/nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)/r/nHost :";
Char PartTwo [] = "/r/nConnection: Keep-Alive/r/n ";
Strcat (SendBuf, path );
Strcat (SendBuf, PartOne );
Strcat (SendBuf, host );
Strcat (SendBuf, PartTwo );
If (send (local, SendBuf, strlen (SendBuf) + 1, 0) = SOCKET_ERROR)
{
Printf ("/tSend Data Error./n ");
}
Closesocket (local );
WSACleanup ();
Return 0;
}
Void SetParam ()
{
Char Host_Temp [2, 128];
Char path_temp [128];
Printf ("/n/tmade by dyong/n/tqq: 469892615/n/temail: dyong.syclover@163.com/N ");
Printf ("/tget the Host :");
Gets (host_temp );
Fflush (stdout );
Strcpy (host, & host_temp [0]);
Printf ("/tget the path of webpage :");
Gets (path_temp );
Strcpy (path, & ath_temp [0]);
}

PE File Format Analysis

1. PE file structure analysis

1. Dos header Structure
All PE files must start with a simple dos MZ header ("MZ "). We usually don't need to pay too much attention to this structure. It is generally used to prompt errors when running in a DOS system that does not support PE file format. It is an image_dos_header struct with a size of 64 B and followed by Dos Stub. In the image_dos_header structure, a key field e_lfanew indicates the start of the PE Header. It is short for PE-related structure image_nt_headers, which contains many important domains used by PE loaders. When the program runs in an operating system that supports the PE file structure, the PE Loader finds the start offset e_lfanew of the PE Header from the dos mz header, therefore, the real file header PE Header is located directly without Dos Stub.
 
2. PE Header Structure
The description of the PE Header structure image_nt_headers is as follows:
Typedef struct _ image_nt_headers {
DWORD signature; // 4B PE Header mark "PE/0/0"
Image_file_header fileheader; // information about the physical distribution of 20b PE files
Image_optional_header32 optionalheader; // information about the logical distribution of the 224b PE File
} Image_nt_headers32, * pimage_nt_headers32;
It has two structure fields, respectively:
Typedef struct _ image_file_header {// a total of 20 B
Word machine; // running platform
Word numberofsections; // number of file sections
DWORD timedatestamp; // file creation date and time
DWORD pointertosymboltable; // execution symbol table for debugging
DWORD numberofsymbols; // Number of symbols in the symbol table, used for debugging
Word sizeofoptionalheader; // size of the optionalheader Structure
Word characteristics; // mark the file information, such as whether the file is exe or DLL
} Image_file_header, * pimage_file_header;
The second structure optionalheader is very important. It contains a lot of important information about the executable image. For example, the initial stack size, program entry point location, preferred base address, operating system version, and segment alignment information. Of course, some other fields are not commonly used. Here, only some key notes are marked.
Typedef struct _ image_optonal_header {
//
// Standard domain
//
Word magic;
Byte majorlinkerversion;
Byte minorlinkerversion;
DWORD sizeofcode; // The total size of the contained Code Section
DWORD sizeofinitializeddata; // The total size of the initialized data section.
DWORD sizeofuninitializeddata; // total size of uninitialized data segments
DWORD addressofentrypoint; // endpoint of the PE File
DWORD baseofcode; // The starting RVA of the Code Section
DWORD baseofdata; // The starting RVA of the Data Section
//
// Nt additional domain
//
DWORD imagebase;
DWORD sectionalignment; // Data Alignment granularity after memory is transferred
DWORD filealignment; // the granularity of the data in the file section
Word majoroperatingsystemversion;
WORD MinorOperationSystemVersion;
WORD MajorImageVersion; // The minimum version of the operating system that can be run
WORD MinorImageVersion;
WORD MajorSubsystemVersion; // The minimum sub-version that can run the Operating System
WORD MinorSubsystemVersion;
DWORD Win32VersionValue;
DWORD SizeOfImage; // the entire image size in the memory
DWORD SizeOfHeaders; // file size of all headers + section table description items
DWORD CheckSum;
WORD Subsystem; // whether it is a CUI or GUI Program
WORD DllCharacteristics;
DWORD SizeOfStackReserve;
DWORD SizeOfStackCommit;
DWORD sizeofheapreserve;
DWORD sizeofheapcommit;
DWORD loaderflags;
DWORD numberofrvaandsizes;
Image_data_directory datadirectory [16];
} Image_optional_header, * pimage_optional_header;
There is also a section table, which is a structure array next to the PE Header. The number of members is determined by the value of the numberofsections field in the fileheader structure.
Typedef struct _ image_section_header {// totally 40B
Byte name [8]; // The Table Name of the Section, such as ". Text"
Union {
DWORD physicaladdress; // physical address
DWORD virtualsize; // the actual length.
} MISC;
DWORD virtualaddress; // RVA
DWORD sizeofrawdata; // align the rear size of the Section in the file
DWORD pointertorawdata; // the offset of the section based on the file
DWORD pointertorelocations; // relocation offset
DWORD pointertolinenumbers; // offset of the row number table
Word numberofrelocations; // Number of relocation items
Word numberoflinenumbers; // Number of row number tables
DWORD characteristics; // section attributes
} Image_section_header, * pimage_section_header;

3. Compile the PE File Analysis Program

The Code is as follows:

# Include <stdio. h>
# Include <windows. h>

Int main (INT argc, char * argv [])
{
File * FP;

Image_dos_header dos_header; // dos header Structure
Image_nt_headers nt_header; // PE Header Structure
Image_section_header * psection_header; // table structure pointer

Char filename [max_path];
Printf ("Enter the PE file name :");
Gets (filename );
Fp = fopen (filename, "rb ");
If (FP = NULL)
{
Printf ("/nerror: An error occurred while opening the file. Please try again! /N ");
Getchar ();
Exit (0 );
}
System ("CLS ");
Printf ("/n current file: % s/n", argv [0]);

Printf ("/n -------------------------------- File Information --------------------------------/N ");
Fread (& DOS_header, sizeof (struct _ IMAGE_DOS_HEADER), 1, fp );
Printf ("/nPE File Header offset: % 8X h/n", DOS_header.e_lfanew );
 
Fseek (fp, DOS_header.e_lfanew, 0 );
Fread (& nt_header, sizeof (struct _ IMAGE_NT_HEADERS), 1, fp );
Printf ("/n contains the number of sections: % 8X h/n", nt_header.FileHeader.NumberOfSections );
Printf ("/n program entry address: % 8X h/n", nt_header.OptionalHeader.AddressOfEntryPoint );
Printf ("/n priority Virtual Address: % 8X h/n", nt_header.OptionalHeader.ImageBase );
Printf ("/n memory file image size: 0x % X/n", nt_header.OptionalHeader.SizeOfImage );
 
System ("pause ");
System ("cls ");
Printf ("/n ------------------------------- detailed analysis of each section -----------------------------/n ");

Psection_header = new IMAGE_SECTION_HEADER [nt_header.FileHeader.NumberOfSections];
Fread (psection_header, nt_header.fileheader.numberofsections * sizeof (struct _ image_section_header), 1, FP );
For (INT I = 0; I <nt_header.fileheader.numberofsections; I ++)
{
Printf ("/n section % d table name: % s/n", I + 1, psection_header [I]. Name );
Printf ("/n file offset in section % d: % XH/N", I + 1, psection_header [I]. pointertorawdata );
Printf ("/n memory offset in section % d: % XH/N", I + 1, psection_header [I]. virtualaddress );
Printf ("/n section % d actual size: % XH/N", I + 1, psection_header [I]. Misc. virtualsize );
Printf ("/n section % d after alignment size: % XH/N", I + 1, psection_header [I]. sizeofrawdata );
Printf ("/n section % d related attributes: % XH/n", I + 1, psection_header [I]. characteristics );
}
 
Fclose (FP );

System ("pause ");
System ("CLS ");
Printf ("/n ----------------------------------------------------------------------/n ");
Printf ("/n * Grayfox */n ");
Printf ("/n * Www. HuiHu32.cN */n ");
Printf ("/N * ninesky Network Security Group */N ");
Printf ("/n ----------------------------------------------------------------------/n ");
Getchar ();

Return 0;
}