코드 쓰기 원격 실행

#include
#include
#include
#include
#define ID_BUTTON1 1
#define buff MAX_PATH
#pragma comment(lib,"Psapi.lib")
typedef int (WINAPI* addsA)(HWND,LPSTR, LPSTR, UINT);
//#pragma comment(lib,"Psapi.lib")
struct jiegou
{
	int x;
	int y;
}JG;
struct messageadds
{	
	int (WINAPI* adds)(HWND,LPSTR, LPSTR, UINT);
	LPSTR str1;
	LPSTR str2;
	UINT message;
};

DWORD FindPecoeess(LPSTR lp,LPDWORD pid);
BOOL CreteRemotehandle(LPSTR lp);
DWORD _stdcall RemoteProc(LPVOID lp);
LPVOID GetdllFunBase(LPSTR lp,LPSTR lp2);
LRESULT CALLBACK WinProc(HWND ,UINT ,WPARAM ,LPARAM);
int APIENTRY WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow)
{	
	HDC hdc;
	MSG msg;
	HWND hwnd;
	WNDCLASSEX wc;
	wc.style=CS_HREDRAW|CS_VREDRAW;
	wc.cbSize=sizeof(wc);
	wc.lpfnWndProc=WinProc;
	wc.hInstance=hInstance;
	wc.cbClsExtra=0;
	wc.cbWndExtra=0;
	wc.hIcon=NULL;
	wc.hIconSm=NULL; 
	wc.hCursor=LoadCursor(NULL,IDC_ARROW);
	wc.hbrBackground=(HBRUSH)GetStockObject(2);
	wc.lpszClassName="window";
	wc.lpszMenuName=NULL;
	if(!RegisterClassEx(&wc))
	{
		MessageBox(NULL,"      ","ERROR",MB_OK);
	}
	hdc=CreateDC("DISPLAY",NULL,NULL,NULL);
	JG.x=GetDeviceCaps(hdc,8);
	JG.y=GetDeviceCaps(hdc,10);
    hwnd=CreateWindow("window","window",WS_OVERLAPPEDWINDOW,JG.x/2-200,JG.y/2-200,400,400,NULL,NULL,hInstance,NULL) ;
	ShowWindow(hwnd,nCmdShow);
	UpdateWindow(hwnd);
	while(GetMessage(&msg,NULL,0,0))
	{
		TranslateMessage(&msg);
		DispatchMessage(&msg);
	}
	return msg.wParam;
}
LRESULT CALLBACK WinProc(HWND hwnd,UINT message ,WPARAM wparam,LPARAM lparam)
{

HDC hdc;
PAINTSTRUCT ps;
RECT rect;
int x,y;
HWND hbutton1;
switch(message)
{
case WM_CREATE:
	GetClientRect(hwnd,&rect);
	x=rect.right;
	y=rect.bottom;
hbutton1=CreateWindow("button","  ",WS_CHILD|WS_VISIBLE|BS_PUSHBUTTON,x/2-20,y-20,40,20,hwnd,(HMENU)ID_BUTTON1,((LPCREATESTRUCT)lparam)->hInstance,NULL);break;
case WM_PAINT:
hdc=BeginPaint(hwnd,&ps);
/*															code  										*/
/*																↓											*/



/*																↑											*/
/*															code   										*/
EndPaint(hwnd,&ps);
break;
case WM_COMMAND:
switch(LOWORD(wparam))
{
case ID_BUTTON1:
/*															code  										*/
/*																↓											*/
CreteRemotehandle("  .exe");
/*																↑											*/
/*															code   										*/
InvalidateRect(hwnd,NULL,TRUE);
break;
};
break;
case 0x2:
	 PostQuitMessage(0); break;
}
return DefWindowProc(hwnd,message,wparam,lparam);
}
DWORD FindPecoeess(LPSTR lp,LPDWORD pid)//    ID
{
HANDLE hproc;
PROCESSENTRY32 hinfo={0};
hproc=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hproc==NULL)
{
	return GetLastError();
}
hinfo.dwSize=sizeof(PROCESSENTRY32);
if(!Process32First(hproc,&hinfo))
{
	return GetLastError();
}
do{
	if(lstrcmpi(hinfo.szExeFile,lp)==0)
	{
		*pid=hinfo.th32ProcessID;
	}
}while(Process32Next(hproc,&hinfo));
if(pid)
{
	return GetLastError();
}
return FALSE;
}
BOOL CreteRemotehandle(LPSTR lp)
{
	DWORD pid=0,Threadid;
	HANDLE hprocess,hRemoteThread;
	LPVOID lpVirtual,lpVirtualParameter;
	DWORD size;
	struct messageadds adds;
	char ch[]={"        "};
	char ch2[]="TRUE";

	FindPecoeess(lp,&pid);//    ID

	hprocess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid);

	size=(DWORD)GetdllFunBase-(DWORD)RemoteProc;            // ?       

	lpVirtual=VirtualAllocEx(hprocess,NULL,size,MEM_COMMIT|MEM_RESERVE,PAGE_EXECUTE_READWRITE);

	if(!WriteProcessMemory(hprocess,lpVirtual,&RemoteProc,size,0))
	{
		return FALSE;
	}

	lpVirtualParameter=VirtualAllocEx(hprocess,NULL,sizeof(struct messageadds),MEM_COMMIT|MEM_RESERVE,PAGE_READWRITE);

	adds.adds=(addsA)(GetdllFunBase("User32.dll","MessageBoxA"));
	adds.str1=ch;
	adds.str2=ch2;
	adds.message=MB_OK;

	if(!WriteProcessMemory(hprocess,lpVirtualParameter,&adds,sizeof(struct messageadds),0)) //      ，messagadds  str1 str2     ，       ，                 
	{
		return FALSE;
	}
	hRemoteThread=CreateRemoteThread(hprocess,NULL,0,(DWORD (WINAPI *) (LPVOID))lpVirtual,lpVirtualParameter,0,&Threadid);
	if(!hRemoteThread)
	{
		return FALSE;
	}
	WaitForSingleObject(hRemoteThread,INFINITE);
	VirtualFreeEx(hRemoteThread,lpVirtual,0,MEM_RELEASE);
	VirtualFreeEx(hRemoteThread,lpVirtualParameter,0,MEM_RELEASE);
//	CloseHandle(hprocess);
	return 1;
}
DWORD _stdcall RemoteProc(LPVOID lp)
{
	typedef int (WINAPI* MESSAGEBOXA)(HWND,LPSTR,LPSTR,UINT);
	MESSAGEBOXA MessageBoxA;
	MessageBoxA=((struct messageadds *)lp)->adds;
	MessageBoxA(NULL,((struct messageadds *)lp)->str1,((struct messageadds *)lp)->str2,MB_OK);
	CloseHandle(GetCurrentProcess());
	return 0;
}
LPVOID GetdllFunBase(LPSTR lp,LPSTR lp2)
{
	return (LPVOID)GetProcAddress(LoadLibrary(lp),lp2);
}

이 내용에 흥미가 있습니까?

현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:

다양한 언어의 JSON

JSON은 Javascript 표기법을 사용하여 데이터 구조를 레이아웃하는 데이터 형식입니다. 그러나 Javascript가 코드에서 이러한 구조를 나타낼 수 있는 유일한 언어는 아닙니다. 저는 일반적으로 '객체'{}...

텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.

CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.

코드 쓰기 원격 실행

좋은 웹페이지 즐겨찾기