最新消息:

使用匿名管道实现CMD回显

C/C++ admin 4076浏览 0评论

DWORD WINAPI MyThread(LPVOID lParam)
{
CTestDlg *p = (CTestDlg *)lParam;

char path[1024];
char cmdline[1024];
char buffer[1024];
memset(buffer, 0, sizeof(buffer));
memset(cmdline, 0, sizeof(cmdline));
memset(path, 0, sizeof(path));
::GetSystemDirectory(path, sizeof(path));

strcpy(cmdline, “ping.exe”);
strcat(cmdline, ” 127.0.0.1″);

HANDLE hwrite,hread;
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = TRUE;
if(!::CreatePipe(&hread, &hwrite, &sa,0))
{
p->MessageBox(“创建管道出错!”);
return 0;
}

STARTUPINFO si;
memset(&si, 0, sizeof(si));
si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
si.hStdOutput = hwrite;
si.hStdError = hwrite;
si.wShowWindow = SW_HIDE;
PROCESS_INFORMATION pi;
memset(&pi, 0, sizeof(pi));

if(!::CreateProcess( NULL, cmdline, NULL, NULL, TRUE, 0, NULL, path, &si, &pi))
{
p->MessageBox(“打开进程出错!”);
return 0;
}
::CloseHandle(hwrite);

DWORD byte = 0;

p->m_out = “”;
while(TRUE)
{
if(!ReadFile(hread, buffer, sizeof(buffer), &byte, NULL))
break;
if(byte > 0)
{
p->m_out += buffer;
}
Sleep(1000);
}
p->UpdateData(FALSE);
return 0;
}

转载请注明:爱开源 » 使用匿名管道实现CMD回显

您必须 登录 才能发表评论!