从零构建自己的远控?用匿名管道执行powershell&cmd(9)
2021/9/3 7:06:31
本文主要是介绍从零构建自己的远控?用匿名管道执行powershell&cmd(9),对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
#include <stdio.h>
#include <windows.h>
//读缓冲区
HANDLE m_hReadPipeHandle = NULL;
//写缓冲区
HANDLE m_hWritePipeHandle = NULL;
HANDLE m_hReadPipeShell = NULL;
HANDLE m_hWritePipeShell = NULL;
DWORD WINAPI ReadPipeThread(LPVOID lparam)
{
unsigned long BytesRead = 0;
char ReadBuff[1024];
DWORD TotalBytesAvail;
while (1)
{
Sleep(100);
//检查管道是否有数据
while (PeekNamedPipe(m_hReadPipeHandle, ReadBuff, sizeof(ReadBuff), &BytesRead, &TotalBytesAvail, NULL))
{
if (BytesRead <= 0)
break;
memset(ReadBuff, 0, sizeof(ReadBuff));
LPBYTE lpBuffer = (LPBYTE)LocalAlloc(LPTR, TotalBytesAvail);
//读取管道数据
ReadFile(m_hReadPipeHandle, lpBuffer, TotalBytesAvail, &BytesRead, NULL);
//把读到的数据发送当前窗口
puts((char *)lpBuffer);
LocalFree(lpBuffer);
//主控端的处理函数
}
}
return 0;
}
void main()
{
SECURITY_ATTRIBUTES sa = { 0 };
STARTUPINFO si = { 0 };
PROCESS_INFORMATION pi = { 0 };
char strShellPath[MAX_PATH] = { 0 };
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = TRUE;
//创建管道
if (!CreatePipe(&m_hReadPipeHandle, &m_hWritePipeShell, &sa, 0))
{
if (m_hReadPipeHandle != NULL) CloseHandle(m_hReadPipeHandle);
if (m_hWritePipeShell != NULL) CloseHandle(m_hWritePipeShell);
return;
}
if (!CreatePipe(&m_hReadPipeShell, &m_hWritePipeHandle, &sa, 0))
{
if (m_hWritePipeHandle != NULL) CloseHandle(m_hWritePipeHandle);
if (m_hReadPipeShell != NULL) CloseHandle(m_hReadPipeShell);
return;
}
memset((void*)&si, 0, sizeof(si));
memset((void*)&pi, 0, sizeof(pi));
GetStartupInfo(&si);
si.cb = sizeof(STARTUPINFO);
//标志wShowWindow,hStdInput,hStdOutput成员
si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;//隐藏
si.hStdInput = m_hReadPipeShell;//写入
si.hStdOutput = si.hStdError = m_hWritePipeShell; //写出
GetSystemDirectory(strShellPath, MAX_PATH);
//strcat(strShellPath, "\\cmd.exe");//cmd 命令执行
strcat(strShellPath, "\\WindowsPowerShell\\v1.0\\powershell.exe");
//创建cmd 进入 并指定管道 继承父进程
if (!CreateProcess(strShellPath, NULL, NULL, NULL, TRUE,
NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi))
{
CloseHandle(m_hReadPipeHandle);
CloseHandle(m_hWritePipeHandle);
CloseHandle(m_hReadPipeShell);
CloseHandle(m_hWritePipeShell);
return;
}
HANDLE m_hProcessHandle = pi.hProcess;
HANDLE m_hThreadHandle = pi.hThread;
//接收消息
HANDLE m_hThreadRead = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ReadPipeThread, NULL, 0, NULL);
while (true)
{
DWORD TotalBytesAvail;
char buffer[1024];
unsigned long ByteWrite;
scanf_s("%s", buffer, 1024);
int szlen = strlen(buffer);
buffer[szlen] = '\n';
buffer[szlen + 1] = '\0';
WriteFile(m_hWritePipeHandle, (LPCVOID)buffer, strlen(buffer), &ByteWrite, NULL);
}
return ;
}
这篇关于从零构建自己的远控?用匿名管道执行powershell&cmd(9)的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-11-26MATLAB 中 A(7)=[];什么意思?-icode9专业技术文章分享
- 2024-11-26UniApp 中如何实现使用输入法时保持页面列表不动的效果?-icode9专业技术文章分享
- 2024-11-26在 UniApp 中怎么实现输入法弹出时禁止页面向上滚动?-icode9专业技术文章分享
- 2024-11-26WebSocket是什么,怎么使用?-icode9专业技术文章分享
- 2024-11-26页面有多个ref 要动态传入怎么实现?-icode9专业技术文章分享
- 2024-11-26在 UniApp 中实现一个底部输入框的常见方法有哪些?-icode9专业技术文章分享
- 2024-11-26RocketMQ入门指南:搭建与使用全流程详解
- 2024-11-26RocketMQ入门教程:轻松搭建与使用指南
- 2024-11-26手写RocketMQ:从入门到实践的简单教程
- 2024-11-25【机器学习(二)】分类和回归任务-决策树(Decision Tree,DT)算法-Sentosa_DSML社区版
