资源描述
1 Data Structure
1.1 Request
数据包头结构定义
typedef struct _InstructionPackHead
{
Int nInstructionType;
DWORD nPackLength;
}_InstructionPackHead;
数据包定义
typedef struct _InstructionPack
{
_InstructionPackHead InsHead;
char nDataPackContent[1]; //datapack content struct
}_InstructionPack;
1.1.1 nInstructionType
int型。标志位,赋值如下内容:
100:请求发起cmd控制线程
101:对于cmd线程发送实际控制内容
200:请求发起文件系统管理线程
201:获取文件系统treelist
203:下载文件
205:发送上传文件信息
207:发送上传文件数据
209:请求list directory
211:上传文件结束
300:请求发起键盘记录线程
301:请求开始记录键盘
303:请求停止记录键盘
400:请求发起屏幕监视线程
500:对于主线程请求获取木马编号,对于功能线程为获取其编号及当前指令名称
600:结束当前进程
700:控制注册表
701:要求获取注册表对应list
703:获取键
705:修改项
707:修改键
1.1.2 nPackLength
DWORD型。记录包实际数据长度
1.1.3 nDataPackContent[1]
char型,实际数据内容。可变长度。
1.2 Response
结构同request
1.2.1 nInstructionType
int型。标志位,赋值如下内容:
102:返回为实际cmd控制结果
202:返回为实际文件管理结果
302:返回为实际键盘记录结果
402:返回为实际屏幕数据
501:响应cmd线程查询
502:响应文件管理线程查询
503:响应键盘记录线程查询
504:响应屏幕数据线程查询
505:响应主线程查询
507:响应注册表线程查询
202:返回gettreelist结果
204:返回下载文件信息
206:返回下载文件数据
208:下载文件结束
210:返回listdirectory结果
702:返回注册表对应list和键值
704:返回键值
706:修改结果
1.2.2 nPackLength
DWORD型。记录包实际数据长度
1.2.3 nDataPackContent[1]
char型,实际数据内容。可变长度。
2 Listener
Query type
Request
nInstructionType = 500
nPackLength = 0
nDataPackContent[1] = null
Response
nInstructionType = 505
nPackLength = sizeof(int)
nDataPackContent[1] 内容为木马编号
Close
Request
nInstructionType = 600
nPackLength = 0
nDataPackContent[1] = null
Response
无response
New client
Request
nInstructionType = 100 //请求发起cmd控制线程
200 //请求发起文件系统管理线程
300 //请求发起键盘记录线程
400 //请求发起屏幕监视线程
nPackLength = 0
nDataPackContent[1] = null
Response
无response
3 Command
Query type
Request
nInstructionType = 500
nPackLength = 0
nDataPackContent[1] = null
response
nInstructionType = 501
nPackLength = sizeof(int)
nDataPackContent[1] 内容为木马编号
Close
Request
nInstructionType = 600
nPackLength = 0
nDataPackContent[1] = null
Response
无response
Excute
Request
nInstructionType = 101
nPackLength = cmd命令长度
nDataPackContent[1] 内容为cmd命令
Response
nInstructionType = 102
nPackLength = cmd返回结果长度
nDataPackContent[1] 内容为cmd返回结果
4 Filemanager
Query type
Request
nInstructionType = 500
nPackLength = 0
nDataPackContent[1] = null
response
nInstructionType = 502
nPackLength = sizeof(int)
nDataPackContent[1] 内容为木马编号
Close
Request
nInstructionType = 600
nPackLength = 0
nDataPackContent[1] = null
Response
无response
Get file tree
Request
nInstructionType = 201
nPackLength = 0
nDataPackContent[1] = null
Response
nInstructionType = 202
nPackLength = 数据长度
nDataPackContent[1] = filetree的结果
List Directory
Request
nInstructionType = 209
nPackLength = 路径长度
nDataPackContent[1] = 需获取list的完整路径
Response
nInstructionType = 210
nPackLength = 数据长度
nDataPackContent[1] = list结果
Upload file
Request
nInstructionType = 205 //发送上传文件信息
先发送文件名及大小
nPackLength = 数据长度
nDataPackContent[1] = 文件名及文件大小
nInstructionType =207 //发送上传文件数据
发送文件数据
nPackLength = 数据长度
nDataPackContent[1] = 数据实际缓冲区
Response
无response
Download file
Request
nInstructionType = 204
nPackLength = 路径长度
nDataPackContent[1] = 需下载文件的完整路径
Response
nInstructionType = 206 //发送下载文件信息
先发送文件名及大小
nPackLength = 数据长度
nDataPackContent[1] = 文件名及文件大小
nInstructionType =208 //发送下载文件数据
发送文件数据
nPackLength = 数据长度
nDataPackContent[1] = 数据实际缓冲区
5 Keyboard
Query type
Request
nInstructionType = 500
nPackLength = 0
nDataPackContent[1] = null
Response
nInstructionType = 504
nPackLength = sizeof(int)
nDataPackContent[1] 内容为木马编号
Close
Request
nInstructionType = 600
nPackLength = 0
nDataPackContent[1] = null
Response
无response
Start log
Request
nInstructionType = 301
nPackLength = 0
nDataPackContent[1] = null
Response
无response
Stop log
Request
nInstructionType = 303
nPackLength = 0
nDataPackContent[1] = null
Response
无response
Keylog
Request
无Request,startlog之后由客户端主动发送
Response
nInstructionType = 302
nPackLength = 返回的log长度
nDataPackContent[1] = log内容。
6 Screen
Query type
Close
Start screen
Stop screen
Screen data
Screen ctrl
展开阅读全文
浙ICP备2021020529号-1 | 浙B2-20240490 
