NullCode Posted August 17, 2007 Report Share Posted August 17, 2007 Ptr cei ce nu stiu ce e un sandbox .. sa spunem ca e ceva ce folosesc unii sa afle ce fac un virus . ==============================================================================================/*****************************************************\ a small and simple IRC bot for learning purposes by skorikov 2007 -- I was originally planning on putting detailed comments but i got a bit lazy half way through, sorry \*****************************************************/ #define WIN32 /*#define LINUX*/ #ifdef WIN32 #include <windows.h> #include <winsock.h> #define BUILD_TYPE "WIN32" #endif #ifdef LINUX #include <sys/socket.h> #include <sys/types.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netdb.h> #define BUILD_TYPE "LINUX" #endif #include <stdio.h> #include <stdlib.h> #include <string.h> #include <malloc.h> #include <stdarg.h> #define IRC_BUFFER_SIZE 512 #define MAX_ARGS 256 #ifdef WIN32 #define vsnprintf _vsnprintf #define snprintf _snprintf #endif /********************************************************************\ IRC_CLIENT CONFIGURATION \********************************************************************/ const char *IRC_SERVER = "irc.bluehell.org"; const short IRC_PORT = 6667; const char *IRC_CHAN = "#testchan"; const char *IRC_CHANKEY = "key"; const char *IRC_NICK = "SmallBot"; const char *IRC_REALNAME = "Small IRC Bot"; const char IRC_CMD_TRIGGER = '.'; /********************************************************************\ COMMAND PROTOTYPES \********************************************************************/ void cmd_quit(int sock, char *from_p, char **arg_p, int arg_count), cmd_test(int sock, char *from_p, char **arg_p, int arg_count), cmd_help(int sock, char *from_p, char **arg_p, int arg_count); /********************************************************************\ FUNCTION PROTOTYPES \********************************************************************/ int irc_connect(int sock, const char *remote_host_p, unsigned short remote_port), irc_send_line(int sock, const char *format_p, ...), irc_recv_line(int sock, char *line_p, unsigned int line_size); /* this is pretty much just a table of command names and pointers to their according functions */ struct irc_command { const char *command_name_p, *description_p; void (*exec_command)(int sock, char *from_p, char **arg_p, int arg_count); } /********************************************************************\ COMMAND TABLE \********************************************************************/ COMMAND[] = { {"quit", "Make the bot quit", &cmd_quit}, {"test", "A test command", &cmd_test}, {"help", "Print this menu", &cmd_help} }; /********************************************************************\ BOT MAIN \********************************************************************/ int main(int argc, char **argv) { #ifdef WIN32 WSADATA wsa_data; /* a structure to store output from the WSAStartup call, we dont do anything with this so just ignore it */ #endif int sock, /* our socket handle */ connect_attempts = 0, argument_count, i; char buffer[512] = {0}, /* buffer to recv lines from IRC */ from[56] = {0}, nick[56] = {0}, *argument[MAX_ARGS], *token_p; #ifdef WIN32 /* WSAStartup() initializes the WinSock DLL, version 2.2, MAKEWORD(2, 2) just takes 2 bytes each with a value of 2 (00000010) and puts them together like so (0000001000000010), ^^ this isn't really important so you can ignore this */ if (WSAStartup(MAKEWORD(2, 2), &wsa_data)) { printf("- fatal error: failed to initialize winsock\r\n"); return (0); } #endif /* create a socket using the INET protocol family (IPv4), and make it a streaming TCP socket */ if ((sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) { printf("- fatal error: socket() failed.\r\n"); return (0); } printf("- Created socket\r\n"); if (!irc_connect(sock, IRC_SERVER, IRC_PORT)) { printf("- Failed to connect to %s:%i\r\n", IRC_SERVER, IRC_PORT); return (0); } printf("- Connected to %s:%i\r\n", IRC_SERVER, IRC_PORT); snprintf(nick, sizeof(nick), "%s", IRC_NICK); irc_send_line(sock, "USER %s 127.0.0.1 localhost :%s", IRC_NICK, IRC_REALNAME); irc_send_line(sock, "NICK %s", nick); while (1) { memset(buffer, 0, sizeof(buffer)); if (irc_recv_line(sock, buffer, sizeof(buffer)) == 0) break; token_p = strtok(buffer, " "); argument_count = 0; while (token_p != NULL) { argument[argument_count] = token_p; token_p = strtok(NULL, " "); argument_count++; } if (argument_count > 2) { if (strcmp(argument[1], "001") == 0) { irc_send_line(sock, "JOIN %s :%s", IRC_CHAN, IRC_CHANKEY); continue; } else if (strcmp(argument[1], "433") == 0) { strncat(nick, "_", 1); irc_send_line(sock, "NICK %s", nick); continue; } } if (argument_count == 2) { if (strcmp(argument[0], "PING") == 0) { irc_send_line(sock, "PONG %s", argument[1]); continue; } } if (argument_count >= 4) { if (strcmp(argument[1], "PRIVMSG") == 0) { snprintf(from, sizeof(from), "%s", argument[2]); /* this just shifts the argument variable the numbers of bytes there are before the PRIVMSG text so ":user@host PRIVMSG #channel :message here" becomes just "message here" */ if (argument[3][1] == IRC_CMD_TRIGGER) { *argument += (strlen(argument[0]) + 1) + (strlen(argument[1]) + 1) + (strlen(argument[2]) + 3); for (i = 0; i < sizeof(COMMAND) / sizeof(struct irc_command); ++i) { if (strcmp(argument[0], COMMAND.command_name_p) == 0) { COMMAND.exec_command(sock, from, argument, argument_count - 3); break; } } } continue; } } } printf("- Disconnected\r\n"); #ifdef WIN32 /* clean up after ourselves */ WSACleanup(); #endif return (0); } /********************************************************************\ IRC CONNECT FUNCTION \********************************************************************/ int irc_connect(int sock, const char *remote_host_p, unsigned short remote_port) { struct sockaddr_in sin; /* a structure which tells our socket where it's connecting to */ struct hostent *hostent_p; /* a structure which will store results from the DNS query we do for remote_host_p */ /* perform a DNS query to find the IP address of remote_host_p */ if (!(hostent_p = gethostbyname(remote_host_p))) return (0); memset(&sin, 0, sizeof(sin)); sin.sin_family = PF_INET; /* IPv4 */ sin.sin_addr.s_addr = *(long *) hostent_p->h_addr; /* take the IP address returned */ sin.sin_port = htons(remote_port); /* convert remote_port to a network order byte */ printf("- Resolved %s to %s\r\n", remote_host_p, inet_ntoa(sin.sin_addr)); /* tell the socket to connect */ if (connect(sock, (struct sockaddr *) &sin, sizeof(sin)) == -1) return (0); return (1); } /********************************************************************\ IRC SEND LINE FUNCTION \********************************************************************/ int irc_send_line(int sock, const char *format_p, ...) { va_list args; char buffer[512] = {0}; va_start(args, format_p); vsnprintf(buffer, sizeof(buffer), format_p, args); va_end(args); strncat(buffer, "\r\n", (sizeof(buffer) - strlen(buffer))); printf(">> %s", buffer); return (send(sock, buffer, strlen(buffer), 0)); } /********************************************************************\ IRC RECIEVE LINE FUNCTION \********************************************************************/ int irc_recv_line(int sock, char *line_p, unsigned int line_size) { char byte = 0; /* recv one byte at a time from the socket untill you reach a newline (\n) character */ while (byte != '\n' && strlen(line_p) < line_size) { if (!recv(sock, (char *) &byte, 1, 0)) return (0); if (byte != '\r' && byte != '\n' && byte != '\0') { strncat(line_p, (char *) &byte, 1); } } printf("<< %s\r\n", line_p); return (1); } /********************************************************************\ QUIT COMMAND FUNCTION \********************************************************************/ void cmd_quit(int sock, char *from_p, char **arg_p, int arg_count) { irc_send_line(sock, "QUIT"); } /********************************************************************\ TEST COMMAND FUNCTION \********************************************************************/ void cmd_test(int sock, char *from_p, char **arg_p, int arg_count) { irc_send_line(sock, "PRIVMSG %s :This is a test. Did it work?", from_p); } /********************************************************************\ HELP COMMAND FUNCTION \********************************************************************/ void cmd_help(int sock, char *from_p, char **arg_p, int arg_count) { unsigned int i; irc_send_line(sock, "PRIVMSG %s :(Help): Build type: %s (%s, %s)", from_p, BUILD_TYPE, __DATE__, __TIME__); irc_send_line(sock, "PRIVMSG %s :(Help): COMMAND DESCRIPTION", from_p); for (i = 0; i < sizeof(COMMAND) / sizeof(struct irc_command); ++i) { irc_send_line(sock, "PRIVMSG %s :(Help): %s %s", from_p, COMMAND.command_name_p, COMMAND.description_p); } }========================================================================================================================================================================================================================================================================================================================================================================================Not my code - ' ================================================== ======= ' Anti Sandboxie Code by ZiG = ' = ' For testing purposes only! = ' I'm Not responsible For anything you Do With this code! = ' ================================================== ======= Option Explicit Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long Private Declare Sub CloseHandle Lib "kernel32" (ByVal hObject As Long) Private Const TH32CS_SNAPPROCESS = &H2 Private Const MAX_PATH As Long = 260 Private Type PROCESSENTRY32 dwSize As Long cntUsage As Long th32ProcessID As Long th32DefaultHeapID As Long th32ModuleID As Long cntThreads As Long th32ParentProcessID As Long pcPriClassBase As Long dwFlags As Long szExeFile As String * MAX_PATH End Type Public Function Sandboxed(ByVal nFilename As String) As Boolean Dim nSnapshot As Long, nProcess As PROCESSENTRY32 Dim nResult As Long, ParentID As Long, IDCheck As Boolean 'Abbild der Prozesse machen nSnapshot = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0&) If nSnapshot <> 0 Then nProcess.dwSize = Len(nProcess) 'Zeiger auf ersten Prozess bewegen nResult = ProcessFirst(nSnapshot, nProcess) Do Until nResult = 0 'Überprüfen ob der Prozessname mit dem Namen der exe übereinstimmt. If InStr(LCase$(nProcess.szExeFile), LCase$(nFilename)) <> 0 Then 'Wir merken uns die ParentProcessID ParentID = nProcess.th32ParentProcessID 'Wir beginnen nochmal beim ersten Prozess nResult = ProcessFirst(nSnapshot, nProcess) Do Until nResult = 0 'Wir suchen den Process mit der ParentID If nProcess.th32ProcessID = ParentID Then 'Falls so ein Prozess vorhanden ist, dann ist das Programm nicht sandboxed IDCheck = False Exit Do Else IDCheck = True nResult = ProcessNext(nSnapshot, nProcess) End If Loop 'Falls check True ist, dann ist das Programm Sandboxed Sandboxed = IDCheck Exit Do End If 'Zum nächsten Prozess nResult = ProcessNext(nSnapshot, nProcess) Loop ' Handle wird geschloßen CloseHandle nSnapshot End If End Function Aufrufen könnt ihr das ganze dann so: Visual Basic Code: Private Sub Form_Load() If Sandboxed(App.EXEName) Then 'Programm läuft In der Sandbox Else 'Programm läuft nicht In der Sandbox 'Programm kann normal weiterlaufen End If End Sub Quote Link to comment Share on other sites More sharing options...