cool hit counter Build a remote management software of your own II_Intefrankly

Build a remote management software of your own II


The previous article to build a remote control software of their own a introduced the overall architecture of the software, the next detailed explanation of the controlled side, mainly to introduce the key technologies of the various functional modules of the controlled side and the pitfalls encountered in the development process, I hope you readers have a reference role.

Workflow of the Controlled Side

The application initialization phase initializes the working interface, reads the ip address and port of the reverse connection from the address file as the start parameters of the MyClientThread thread. MyClientThread starts and executes the GetClientSystemInfo function to obtain local information and pass it to the console for display. And then it enters the while(1) loop waiting to receive the control command from the console. Enter the switch_case structure parsing command and execute the corresponding function. Send the execution result to the console and continue into the loop to wait.

Access to computer information

GetClientSystemInfo passes in a reference to a SYSTEMINIT structure, which is defined in the common.h file, which is defined as follows.

typedef struct tagSytemInit {char computer[32]; //Computer name char user[32]; // current username char os[72]; // OS information char processor[16]; //processor information char mem[16]; // memory char version[16]; // software version char HDSerial[32]; //hard drive serial number} SYSTEMINIT;

GetComputerName, GetUserName, GetVersionEx, and GlobalMemoryStatus are called to get the computer name, current user name, operating system version, and memory information, respectively. CPU information is obtained by querying the registry, by opening different comments (only one out of 3) to get different information about the CPU, here we choose to get the CPU frequency information.

#include "stdafx.h"

#include "windows.h"

#include "GetHDSerial.h"

#define BUFSIZE 16

bool GetClientSystemInfo(SYSTEMINIT& sysinfo)

{

TCHAR computerbuf[256]; //Get the computer name

DWORD computersize=256;

memset(computerbuf,0,256);

if(!GetComputerName(computerbuf,&computersize))

return false;

computerbuf[computersize]=0;

sysinfo.computer[0]=0;

strcat(sysinfo.computer,"calculators: ");

strcat(sysinfo.computer,computerbuf);

TCHAR userbuf[256]; //Get username

DWORD usersize=256;

memset(userbuf,0,256);

if(!GetUserName(userbuf,&usersize))

return false;

userbuf[usersize]=0;

sysinfo.user[0]=0;

strcat(sysinfo.user," user ID: ");

strcat(sysinfo.user,userbuf);

OSVERSIONINFOEX osvi; // Get the operating system

BOOL bOsVersionInfoEx;

OSVERSIONINFOEX osviex;

sysinfo.os[0]=0;

memset(&osviex,0,sizeof(OSVERSIONINFOEX));

osviex.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);

if(GetVersionEx((LPOSVERSIONINFO)&osviex)==0)

{

OutputDebugString("GetVersionEx Error");

return FALSE;

}

switch(osviex.dwPlatformId)

{

case VER_PLATFORM_WIN32_NT:

switch(osviex.dwMajorVersion)

{

case 4:

if(osviex.dwMinorVersion == 0)

strcat(sysinfo.os,"Microsoft Windows NT 4");

break;

case 5:

if(osviex.dwMinorVersion == 0)

{

strcat(sysinfo.os,"Microsoft Windows 2000 ");

}

else if(osviex.dwMinorVersion == 1)

{

strcat(sysinfo.os,"Windows XP ");

}

else if(osviex.dwMinorVersion == 2)

{

strcat(sysinfo.os,"Windows 2003 ");

}

}

break;

}

char *temp; // Get the drive serial number

sysinfo.HDSerial[0]=0;

CGetHDSerial HDSerial; // Create an instance

temp=HDSerial.GetHDSerial(); // Get the drive serial number

strcat(sysinfo.HDSerial,temp);

sysinfo.processor[0]=0; // Get CPU information

HKEY hKey;

char szcpuinfo[80];

DWORD dwBufLen=80;

RegOpenKeyEx( HKEY_LOCAL_MACHINE, "HARDWARE\DESCRIPTION\System\CentralProcessor\0", 0, KEY_QUERY_VALUE, &hKey );

RegQueryValueEx( hKey, "VendorIdentifier", NULL, NULL, // Get it herecpu The manufacturer's logo of the

(LPBYTE)szcpuinfo, &dwBufLen);

szcpuinfo[dwBufLen]=0; //strcat(sysinfo.processor,szcpuinfo); // Turn on this comment and the console displays the cpu manufacturer

memset(szcpuinfo,0,80);

dwBufLen=80;

RegQueryValueEx( hKey, "Identifier", NULL, NULL, // gaincpu model number

(LPBYTE)szcpuinfo, &dwBufLen);

szcpuinfo[dwBufLen]=0;

//strcat(sysinfo.processor,szcpuinfo); // this comment can be turned on and the console displays the cpu model

DWORD f;

dwBufLen=8;

RegQueryValueEx( hKey, "~MHz", NULL, NULL,

(LPBYTE)&f, &dwBufLen);

char hz[10];

sprintf(hz," %dMHZ",f); // showscpu Operating frequency

strcat(sysinfo.processor,hz);

RegCloseKey(hKey);

MEMORYSTATUS ms; // Get memory capacity

GlobalMemoryStatus(&ms);

char membuf[256];//physical memory:

sprintf(membuf,"%dMB",ms.dwTotalPhys/1024/1024);

sysinfo.mem[0]=0;

strcpy(sysinfo.mem,membuf);

return true;

}

Get the drive serial number

A CGetHDSerial class is defined here specifically to encapsulate the operations related to serial number reading. The member functions of CGetHDSerial are as follows.

Win9xReadHDSerial // Windows9X/ME system reads the serial number of the hard disk

GetHDSerial // function to read the serial number of the hard disk

WORDToChar // Convert word type (WORD) hard disk information to character type on Windows 9x/ME systems

DWORDToChar // Windows NT/2000/XP systems to convert double word type (DWORD) hard disk information to character type

WinNTReadSCSIHDSerial // Read SCSI hard disk serial numbers on Windows NT/2000/XP systems

WinNTReadIDEHDSerial // Read IDE hard drive serial number under Windows NT/2000/XP

WinNTGetIDEHDInfo // Read IDE device information under Windows NT/2000/XP

The function call relationship is.

Access to services

The parameter is a container that holds the SERVICEINFO pointer type. The SERVICE data structure is defined as.

typedef struct tagServiceInfo {

char ServiceName[32]; //Name of the service/service

char ServiceDetail[128]; // Descriptive information

char ServiceState[16]; // Service status

char ServiceStartType[16]; // Start-up type

}SERVICEINFO,*LPSERVICEINFO;

The OpenSCManager function is used here, which establishes a connection to the Service Control Manager and opens the specified database. The first argument is the computer name, or if NULL, it points to the local computer. The second parameter specifies the name of the service control management database that will be opened, in this case NULL, indicating that it points to the local default. The third parameter is the Service Access Control Manager permissions. Successful execution returns a handle to the Service Control Manager database, ScManager.

Call the EnumServicesStatus function from the returned handle to enumerate the current system services

BOOL ListService(std::vector *service_vector)

{

SERVICEINFO *service_tmp = new SERVICEINFO ;

memset(service_tmp,0,sizeof(SERVICEINFO));

SC_HANDLE ScManager;

ENUM_SERVICE_STATUS EnService[512];

DWORD cbBufSize=512*sizeof(ENUM_SERVICE_STATUS);

DWORD lpServicesReturned;

DWORD pcbBytesNeeded; // buffer size needed

DWORD lpResumeHandle=0; // next entry

cstring str,csTemp;

service_vector->clear();

ScManager=::OpenSCManager(NULL,NULL,SC_MANAGER_ENUMERATE_SERVICE| GENERIC_READ); // established a connection to the Service Control Manager and got a handle to the Service Control Manager database

if(ScManager==NULL)

{

AfxMessageBox("Error Opening Service Mgr");

return FALSE;

}

if(::EnumServicesStatus(ScManager,SERVICE_WIN32,SERVICE_STATE_ALL,EnService,cbBufSize,&pcbBytesNeeded,&lpServicesReturned,&lpResumeHandle )==0) // Enumerate current system services

{

AfxMessageBox("Error Querrying Service Mgr");

return FALSE;

}

for(int i=0;i

{

SERVICEINFO *service_tmp = new SERVICEINFO ;

memset(service_tmp,0,sizeof(SERVICEINFO));

strcpy(service_tmp->ServiceName,EnService[i].lpServiceName);

strcpy(service_tmp->ServiceDetail,EnService[i].lpDisplayName);

switch(EnService[i].ServiceStatus.dwCurrentState)

{

case SERVICE_PAUSED:

strcpy(service_tmp->ServiceState," pause (media player)");

break;

case SERVICE_RUNNING:

strcpy(service_tmp->ServiceState," Activated");

break;

case SERVICE_STOPPED :

strcpy(service_tmp->ServiceState," stop");

break;

case SERVICE_START_PENDING :

strcpy(service_tmp->ServiceState," Activating.");

break;

case SERVICE_STOP_PENDING :

strcpy(service_tmp->ServiceState," It's stopping.");

break;

default:

strcpy(service_tmp->ServiceState," uncharted");

break;

}

{

SC_HANDLE ScService;

QUERY_SERVICE_CONFIG ServiceConfig;

DWORD CbBufSize, pcbBytesNeeded;

CbBufSize=sizeof(QUERY_SERVICE_CONFIG); if((ScService=::OpenService(ScManager,EnService[i].lpServiceName,SERVICE_ALL_ACCESS))==NULL)

{

::CloseHandle(ScManager);

"Problem in opening service";

}

::QueryServiceConfig(ScService,&ServiceConfig,CbBufSize,&pcbBytesNeeded);

switch(ServiceConfig.dwStartType) //query the service status

{

case SERVICE_AUTO_START: strcpy(service_tmp->ServiceStartType," automate"); break;

case SERVICE_DEMAND_START: strcpy(service_tmp->ServiceStartType," manual mode"); break;

case SERVICE_DISABLED : strcpy(service_tmp->ServiceStartType," prohibition on use"); break;

default: strcpy(service_tmp->ServiceStartType," uncharted");

}

}

service_vector->push_back(service_tmp); // Press into container

}

return true;

}

Get the list of processes

The GetProcessList parameter is a container of type PROCESSINFO pointer. The PROCESSINFO data structure is defined in common.h.

typedef struct tagProcessInfo

{

DWORD PID; //Process PID

char ProcName[64]; //Process name

char ProcPath[128]; // Path to process

}PROCESSINFO,*LPPROCESSINFO;

First call CreateToolhelpSnapshot to get a snapshot of all processes on the current system, returning the snapshot handle. The second step calls Process32First to get the first process snapshot information info and get the process PID and process name. In order to get the full path to the module loaded by the current process, you need to call OpenProcess to open the corresponding process object. However, after several open failures, it turns out that by default some access rights of the process are not enabled, even if you are Administrator, so an important step is to enhance the current process rights (enable these rights), so first call OpenProcessToken to open the access token of the relevant process (parameters yourself Baidu), and then call EnablePrivilege to enhance the current process rights, so you can open the process object. The third step is to get information about the other processes through the while loop.

BOOL GetProcessList(std::vector

*pProcInfo)

{

DWORD processid[1024],needed;

HANDLE hProcess;

HMODULE hModule;

char path[MAX_PATH] = "";

char temp[256] = "";

cstring path_convert=path;

pProcInfo->clear();

HANDLE handle = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 ); // Get information about the running processes on the system, take a snapshot of // all processes on the system, and return a process snapshot handle

PROCESSENTRY32 *info = new PROCESSENTRY32;

info->dwSize=sizeof(PROCESSENTRY32); // Specify the structure size before using this structure

int i = 0;

PROCESSINFO *Proc = new PROCESSINFO;

if(Process32First(handle,info)) //Get the handle of the first process

{

Proc = new PROCESSINFO;

memset(Proc, 0,sizeof(PROCESSINFO));

Proc->PID = info->th32ProcessID;

HANDLE hToken;

lstrcpy(Proc->ProcName,info->szExeFile);

if (OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken)) // Open the access token associated with the process

{

if (EnablePrivilege(hToken,SE_DEBUG_NAME))

{

EnumProcesses(processid, sizeof(processid), &needed); // Retrieve each process identifier in the process, Get an array of process identifiersprocessid

hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,false,processid[i]); // opens the process object and returns a handle to the // process

if (hProcess) //open the process to retrieve the path to the process load module

{

EnumProcessModules(hProcess, &hModule, sizeof(hModule), &needed);

GetModuleFileNameEx(hProcess, hModule, path, sizeof(path)); // Get the full path to the file where the module has been loaded by the current process

GetShortPathName(path,path,260);

lstrcpy(Proc->ProcPath,path);

}

}

}

i++;

pProcInfo->push_back(Proc);

}

while(Process32Next(handle,info)!=FALSE) // loop to get the handle of the next process {

Proc = new PROCESSINFO;

memset(Proc, 0,sizeof(PROCESSINFO));

Proc->PID = info->th32ProcessID;

lstrcpy(Proc->ProcName,info->szExeFile);

HANDLE hToken;

if ( OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken)) // Obtaining process access tokens

{

if (EnablePrivilege(hToken,SE_DEBUG_NAME)) // elevate process privileges

{

EnumProcesses(processid, sizeof(processid), &needed); //

hProcess=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,false,processid[i]);

if (hProcess)

{

EnumProcessModules(hProcess, &hModule, sizeof(hModule), &needed);

GetModuleFileNameEx(hProcess, hModule, path, sizeof(path));

GetShortPathName(path,path,260);

lstrcpy(Proc->ProcPath,path);

}

}

}

i++;

pProcInfo->push_back(Proc);

}

CloseHandle(handle);

return true;

}

screen monitor

The CGetScreenToBitmap class is used to get the current screen screen converted into bitmap information.

SetArea(CRect rcArea,int nArea); // Take image area

void ResetVariable(void); // Release of resources

GetScreen(CRect rcArea, int nBits, int nArea); //Intercept screen

If you want to get the source code, follow me and private message to get oh, more exciting and interesting content and you to discover.


Recommended>>
1、优步自动驾驶事故女子被自动驾驶汽车撞伤身亡
2、The future of image recognition presents both opportunities and challenges
3、Indepth analysis of Kirin by foreign media970 Its really tough
4、Anju 365 exclusive interpretation the end of the three consecutive rise in November Wu city housing prices stabilized
5、Yale Zhejiang University Focus on Cutting Edge Topics ChinaUS Blockchain Technology and Applications Exchange Invites You to Attend

    已推荐到看一看 和朋友分享想法
    最多200字,当前共 发送

    已发送

    朋友将在看一看看到

    确定
    分享你的想法...
    取消

    分享想法到看一看

    确定
    最多200字,当前共

    发送中

    网络异常,请稍后重试

    微信扫一扫
    关注该公众号