📄 wincespy.cpp
字号:
// WinceSpy.cpp : Defines the entry point for the application.
//
#include "Tools.h"
#include "BaseUDP.h"
CBaseUDP UDPClient;
typedef int (* ExecFunc)(char *szExec);
#define MAX_PARAM 1024
#define MAX_RET 1024 * 3
#define BUSINESS_SAYHELLO 0
#define BUSINESS_RUNPROGRESS 1
#define BUSINESS_RUNDOS 2
#define BUSINESS_COPYFILE 3
#define BUSINESS_GETFILE 4
#define BUSINESS_HEAP 5
#define BUSINESS_KILL 6
#define ACTION_COPYFILE_OPEN 0x00
#define ACTION_COPYFILE_WRITE 0x01
#define ACTION_COPYFILE_CLOSE 0x02
#define ACTION_GETFILE_OPEN 0x00
#define ACTION_GETFILE_READ 0x01
#define ACTION_GETFILE_CLOSE 0x02
char g_szIP[255] = {0};
char g_szPort[255] = {0};
char g_szShell[255] = {0};
char szDisp[MAX_RET] = {0};
typedef struct TagExec
{
char szExec[255];
ExecFunc Exec;
char szHelp[1024];
}StructExec;
typedef struct TagRemoteCtl
{
int nBusiID;
int nSize;
char szParam[MAX_PARAM];
}StructRemoteCtl;
int DealExit(char *szExec);
int DealHelp(char *szExec);
int DealHello(char *szExec);
int DealHeap(char *szExec);
int DealDos(char *szExec);
int DealRun(char *szExec);
int DealShell(char *szExec);
int DealCopy(char *szExec);
int DealGet(char *szExec);
int DealKill(char *szExec);
StructExec ExecLib[]=
{
{"Copy", DealCopy, "Copy: Copy local file to remote\n Copy <local>?<remote>\n"},
{"Dos", DealDos, "Dos: Execute a dos cmd!\n Dos <dos cmd>\n"},
{"Get", DealGet, "Get: Get a Remote File!\n"},
{"Exit", DealExit, "Exit: Exit this program\n exit\n"},
{"Hello", DealHello, "Hello: Say Hello to a remote CC\n hello <ip> <port>\n"},
{"Help", DealHelp, "Help: List Command\n"},
{"Heap", DealHeap, "Heap: Get the Process Heap\n"},
{"Run", DealRun, "Run: Run a program!\n"},
{"Kill", DealKill, "Kill: Kill a program!\n"},
{"Shell", DealShell, "Shell: Run as a shell!\n"}
};
char UPPER(char cUper)
{
if(cUper >= 'a' && cUper <= 'z')
return cUper - 'a' + 'A';
return cUper;
}
int cmp_util_space(const char *pSrc, const char *pDest)
{
while(*pSrc && *pDest && *pDest != ' ')
{
if(UPPER(*pSrc) != UPPER(*pDest))
return -1;
pSrc++;
pDest++;
}
if(!*pDest || (*pDest == ' ' && !*pSrc))
return 0;
return -1;
};
char *trim(const char *p)
{
char *tmp = (char *)p;
while(*tmp == ' ' || *tmp == '\t')
tmp++;
return tmp;
};
int DealExit(char *szExec)
{
ExitProcess(0);
return 0;
};
int DealHelp(char *szExec)
{
for(int nCount = 0; nCount < sizeof(ExecLib) / sizeof(ExecLib[0]); nCount++)
Printf(ExecLib[nCount].szHelp);
return 0;
};
int DealHello(char *szExec)
{
char *pExec = szExec;
while(*pExec != ' ' && *pExec)
pExec++;
if(!*pExec++ || !*pExec)
{
Printf("Error:NULL Remote IP!\n");
return 0;
}
pExec = trim(pExec);
char *pIp = (char *)pExec;
while(*pExec != ' ' && *pExec)
pExec++;
if(!*pExec)
{
Printf("Error:NULL Remote Port!\n");
return 0;
}
*pExec++ = 0;
pExec = trim(pExec);
char *pPort = (char *)pExec;
if(!*pPort)
{
Printf("Error:NULL Remote Port!\n");
return 0;
}
while(*pExec != ' ' && *pExec)
pExec++;
*pExec++ = 0;
StructRemoteCtl RmtCtl;
RmtCtl.nBusiID = BUSINESS_SAYHELLO;
RmtCtl.nSize = 0;
sockaddr_in sa;
int sk = UDPClient.Send((char *)&RmtCtl, RmtCtl.nSize + 8, pIp, atoi(pPort), sa);
Printf("Say Hello to %s:%d...", pIp, atoi(pPort));
if(sk < 0)
{
Printf("socket Error\n");
return 0;
}
if(CBaseUDP::WaitForDataRecv(sk, 5) < 0)
{
Printf("time out\n");
return 0;
}
if(UDPClient.Recv(szDisp, MAX_RET, sk, sa) < 0)
{
Printf("Recv Error(%d)\n", WSAGetLastError());
return 0;
}
Printf("Success!\n");
strcpy(g_szIP, pIp);
strcpy(g_szPort, pPort);
return 0;
};
int DealKill(char *szExec)
{
char *pExec = szExec;
while(*pExec != ' ' && *pExec)
pExec++;
pExec = trim(pExec);
char *pProc = (char *)pExec;
StructRemoteCtl RmtCtl;
RmtCtl.nBusiID = BUSINESS_KILL;
RmtCtl.nSize = strlen(pProc) + 1;
strcpy(RmtCtl.szParam, pProc);
sockaddr_in sa;
int sk = UDPClient.Send((char *)&RmtCtl, RmtCtl.nSize + 8, g_szIP, atoi(g_szPort), sa);
if(sk < 0)
{
Printf("socket Error\n");
return 0;
}
while(1)
{
if(CBaseUDP::WaitForDataRecv(sk, 10) < 0)
{
Printf("time out\n");
return 0;
}
if(UDPClient.Recv(szDisp, MAX_RET, sk, sa, false) < 0)
{
Printf("Recv Error(%d)\n", WSAGetLastError());
return 0;
}
if(szDisp[0] == 0)
{
Printf("\n");
break;
}
Printf(szDisp);
}
closesocket(sk);
return 0;
};
int DealHeap(char *szExec)
{
int nTimes = 1;
char *pExec = szExec;
while(*pExec != ' ' && *pExec)
pExec++;
if(!*pExec++ || !*pExec)
{
Printf("Error:NULL Process Name!\n");
return 0;
}
pExec = trim(pExec);
char *pProcName = (char *)pExec;
while(*pExec != ' ' && *pExec)
pExec++;
pExec = trim(pExec);
char *pTimes = (char *)pExec;
if(!*pTimes)
nTimes = 1;
else
{
while(*pExec != ' ' && *pExec)
pExec++;
*pExec++ = 0;
nTimes = atoi(pTimes);
}
while(nTimes > 0)
{
nTimes--;
StructRemoteCtl RmtCtl;
RmtCtl.nBusiID = BUSINESS_HEAP;
RmtCtl.nSize = strlen(pProcName) + 1;
strcpy(RmtCtl.szParam, pProcName);
sockaddr_in sa;
int sk = UDPClient.Send((char *)&RmtCtl, RmtCtl.nSize + 8, g_szIP, atoi(g_szPort), sa);
if(sk < 0)
{
Printf("socket Error\n");
return 0;
}
if(CBaseUDP::WaitForDataRecv(sk, 10) < 0)
{
Printf("time out\n");
return 0;
}
if(UDPClient.Recv(szDisp, MAX_RET, sk, sa, false) < 0)
{
Printf("Recv Error(%d)\n", WSAGetLastError());
return 0;
}
Printf(szDisp);
FILE *fp = NULL;
char szLog[255] = {0};
strcat(szLog, pProcName);
strcat(szLog, ".log");
if((fp = fopen(szLog, "a+")) == NULL)
{
Printf("Error:open %s Failed\n", szLog);
return 0;
}
fwrite(szDisp, sizeof(char), strlen(szDisp), fp);
fclose(fp);
if(nTimes != 0)
Sleep(1000 * 60);
closesocket(sk);
}
return 0;
}
int DealDos(char *szExec)
{
char *pExec = szExec;
while(*pExec != ' ' && *pExec)
pExec++;
if(!*pExec++ || !*pExec)
{
Printf("Error:NULL DOS CMD!\n");
return 0;
}
pExec = trim(pExec);
StructRemoteCtl RmtCtl;
RmtCtl.nBusiID = BUSINESS_RUNDOS;
RmtCtl.nSize = strlen(pExec) + 1;
strcpy(RmtCtl.szParam, pExec);
sockaddr_in sa;
int sk = UDPClient.Send((char *)&RmtCtl, RmtCtl.nSize + 8, g_szIP, atoi(g_szPort), sa);
if(sk < 0)
{
Printf("socket Error\n");
return 0;
}
while(1)
{
if(CBaseUDP::WaitForDataRecv(sk, 10) < 0)
{
Printf("time out\n");
return 0;
}
if(UDPClient.Recv(szDisp, MAX_RET, sk, sa, false) < 0)
{
Printf("Recv Error(%d)\n", WSAGetLastError());
return 0;
}
if(szDisp[0] == 0)
{
Printf("\n");
break;
}
Printf(szDisp);
}
closesocket(sk);
return 0;
};
int DealRun(char *szExec)
{
char *pExec = szExec;
while(*pExec != ' ' && *pExec)
pExec++;
if(!*pExec++ || !*pExec)
{
Printf("Error:NULL path of program!\n");
return 0;
}
pExec = trim(pExec);
StructRemoteCtl RmtCtl;
RmtCtl.nBusiID = BUSINESS_RUNPROGRESS;
RmtCtl.nSize = strlen(pExec) + 1;
strcpy(RmtCtl.szParam, pExec);
sockaddr_in sa;
int sk = UDPClient.Send((char *)&RmtCtl, RmtCtl.nSize + 8, g_szIP, atoi(g_szPort), sa);
if(sk < 0)
{
Printf("socket Error\n");
return 0;
}
while(1)
{
if(CBaseUDP::WaitForDataRecv(sk, 10) < 0)
{
Printf("time out\n");
return 0;
}
if(UDPClient.Recv(szDisp, MAX_RET, sk, sa, false) < 0)
{
Printf("Recv Error(%d)\n", WSAGetLastError());
return 0;
}
if(szDisp[0] == 0)
{
Printf("\n");
break;
}
Printf(szDisp);
}
closesocket(sk);
return 0;
};
int DealShell(char *szExec)
{
char *pExec = szExec;
while(*pExec != ' ' && *pExec)
pExec++;
pExec = trim(pExec);
strcpy(g_szShell, pExec);
return 0;
};
int DealCopy(char *szExec)
{
char *pExec = szExec;
while(*pExec != ' ' && *pExec)
pExec++;
pExec = trim(pExec);
char *plocal = pExec;
while(*pExec != '?' && *pExec)
pExec++;
if(*pExec == '?')
*pExec++ = 0;
if(!*pExec)
{
Printf("Error:NULL Remote File Path!\n");
return 0;
}
pExec = trim(pExec);
char *pRemote = pExec;
FILE *fp = NULL;
if((fp = fopen(plocal, "rb")) == NULL)
{
Printf("Error:open %s Failed\n", plocal);
return 0;
}
StructRemoteCtl RmtCtl;
RmtCtl.nBusiID = BUSINESS_COPYFILE;
RmtCtl.nSize = strlen(pRemote) + 1;
if(RmtCtl.nSize >= MAX_PARAM)
{
Printf("Error:Path of Remote is too large!\n");
fclose(fp);
return 0;
}
RmtCtl.szParam[0] = ACTION_COPYFILE_OPEN;
RmtCtl.szParam[1] = 0;
strcpy(RmtCtl.szParam + 1, pRemote);
RmtCtl.szParam[RmtCtl.nSize + 1] = 0;
sockaddr_in sa;
int sk = UDPClient.Send((char *)&RmtCtl, RmtCtl.nSize + 8, g_szIP, atoi(g_szPort), sa);
if(sk < 0)
{
Printf("socket Error\n");
fclose(fp);
return 0;
}
if(CBaseUDP::WaitForDataRecv(sk, 10) < 0)
{
Printf("time out\n");
fclose(fp);
closesocket(sk);
return 0;
}
if(UDPClient.Recv(szDisp, MAX_RET, sk, sa, false) < 0)
{
Printf("Recv Error(%d)\n", WSAGetLastError());
fclose(fp);
closesocket(sk);
return 0;
}
RmtCtl.szParam[0] = ACTION_COPYFILE_WRITE;
int nReadTotal = 0;
while(szDisp[0] == 0 && !feof(fp) && (nReadTotal = fread(RmtCtl.szParam + 1, sizeof(char), 1022, fp)) != 0)
{
RmtCtl.nSize = nReadTotal + 1;
if(UDPClient.Send((char *)&RmtCtl, RmtCtl.nSize + 8, sk, sa, sizeof(sa)) < 0)
{
Printf("Send Error!\n");
break;
}
if(CBaseUDP::WaitForDataRecv(sk, 10) < 0)
{
Printf("Time out\n");
break;
}
if(UDPClient.Recv(szDisp, MAX_RET, sk, sa, false) < 0)
{
Printf("Recv Error(%d)\n", WSAGetLastError());
break;
}
Printf(".");
}
if(szDisp[0] != 0)
Printf("Error:%d\n", szDisp[0]);
else
{
RmtCtl.szParam[0] = ACTION_COPYFILE_CLOSE;
RmtCtl.nSize = 1;
UDPClient.Send((char *)&RmtCtl, RmtCtl.nSize + 8, sk, sa, sizeof(sa));
Printf("Success\n");
}
fclose(fp);
closesocket(sk);
return 0;
};
int DealGet(char *szExec)
{
char *pExec = szExec;
while(*pExec != ' ' && *pExec)
pExec++;
pExec = trim(pExec);
char *pRemote = pExec;
while(*pExec != '?' && *pExec)
pExec++;
if(*pExec == '?')
*pExec++ = 0;
if(!*pExec)
{
Printf("Error:NULL Remote File Path!\n");
return 0;
}
pExec = trim(pExec);
char *pLocal = pExec;
FILE *fp = NULL;
if((fp = fopen(pLocal, "wb")) == NULL)
{
Printf("Error:open %s Failed\n", pLocal);
return 0;
}
StructRemoteCtl RmtCtl;
RmtCtl.nBusiID = BUSINESS_GETFILE;
RmtCtl.nSize = strlen(pRemote) + 1;
RmtCtl.szParam[0] = ACTION_COPYFILE_OPEN;
strcpy(RmtCtl.szParam + 1, pRemote);
sockaddr_in sa;
int sk = UDPClient.Send((char *)&RmtCtl, RmtCtl.nSize + 8, g_szIP, atoi(g_szPort), sa);
if(sk < 0)
{
Printf("socket Error\n");
return 0;
}
if(CBaseUDP::WaitForDataRecv(sk, 10) < 0)
{
Printf("time out\n");
closesocket(sk);
return 0;
}
if(UDPClient.Recv(szDisp, MAX_RET, sk, sa, false) < 0)
{
Printf("Recv Error(%d)\n", WSAGetLastError());
closesocket(sk);
return 0;
}
RmtCtl.szParam[0] = ACTION_GETFILE_READ;
int nWriteTotal = 0;
while(*(int *)szDisp > 0 && (nWriteTotal = fwrite(szDisp + 4, sizeof(char), *(int *)szDisp, fp)) == *(int *)szDisp)
{
if(UDPClient.Send((char *)&RmtCtl, RmtCtl.nSize + 8, sk, sa, sizeof(sa)) < 0)
{
Printf("Send Error!\n");
break;
}
if(CBaseUDP::WaitForDataRecv(sk, 10) < 0)
{
Printf("Time out\n");
break;
}
if(UDPClient.Recv(szDisp, MAX_RET, sk, sa, false) < 0)
{
Printf("Recv Error(%d)\n", WSAGetLastError());
break;
}
Printf(".");
}
if(*(int *)szDisp == 0)
Printf("Success\n");
else
Printf("Error\n");
RmtCtl.szParam[0] = ACTION_GETFILE_CLOSE;
UDPClient.Send((char *)&RmtCtl, RmtCtl.nSize + 8, sk, sa, sizeof(sa));
fclose(fp);
closesocket(sk);
return 0;
}
int Execute(char *szExec, int nLength)
{
for(int nCount = 0; nCount < sizeof(ExecLib)/sizeof(ExecLib[0]); nCount++)
{
if(!cmp_util_space(ExecLib[nCount].szExec, szExec))
{
return ExecLib[nCount].Exec(szExec);
}
}
return -1;
}
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
while(1)
{
char szRead[1024] = {0};
Printf("[IP:%s Port:%s Shell:%s]>", g_szIP, g_szPort, g_szShell);
strcpy(szRead, g_szShell);
strcat(szRead, " ");
int nShellLen = strlen(szRead);
int nRet = Readln(szRead + nShellLen, 1024);
if(nRet <= 0)
{
g_szShell[0] = 0;
continue;
}
char *p = trim(szRead);
if(Execute(p, strlen(p)) < 0)
Printf("Error:Unknown cmd!\n");
}
return 0;
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -