首页 > > 网络编程 > 其它 >

端口到进程实现的源代码

2008-04-09 04:00:15来源:互联网 阅读 ()

新老客户大回馈,云服务器低至5折

端口到进程实现的源代码

作者:闪空


#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <Aclapi.h>
#include <comdef.h>
#include <winioctl.h>
#pragma comment ( lib, "ws2_32.lib" )
#define NT_HANDLE_LIST 16
#define MAX_HANDLE_LIST_BUF 0x200000
typedef struct _HandleInfo
{
USHORT dwPid;  
USHORT CreatorBackTraceIndex;
BYTE  ObjType;
BYTE  HandleAttributes;
USHORT HndlOffset;
DWORD dwKeObject;
ULONG GrantedAccess;
}HANDLEINFO, *PHANDLEINFO;
typedef struct _IO_STATUS_BLOCK {
DWORD Status;
ULONG Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
typedef struct _LSA_UNICODE_STRING {
  USHORT Length;
  USHORT MaximumLength;
  PWSTR Buffer;
} LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING;
typedef struct _OBJECT_ATTRIBUTES {
ULONG Length;
HANDLE RootDirectory;
  UNICODE_STRING *ObjectName;
ULONG Attributes;
PSECURITY_DESCRIPTOR SecurityDescriptor;
PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
} OBJECT_ATTRIBUTES,*POBJECT_ATTRIBUTES;
// 申明NtQuerySystemInformation()函数
typedef DWORD (CALLBACK* NTQUERYSYSTEMINFORMATION)( DWORD, PDWORD, DWORD, PVOID );
NTQUERYSYSTEMINFORMATION NtQuerySystemInformation;
typedef VOID (CALLBACK* RTLINITUNICODESTRING)(PUNICODE_STRING,PCWSTR);
RTLINITUNICODESTRING RtlInitUnicodeString;
typedef DWORD (CALLBACK* ZWOPENSECTION)(PVOID, DWORD,POBJECT_ATTRIBUTES);
ZWOPENSECTION ZwOpenSection;
typedef VOID(CALLBACK* INITIALIZEOBJECTATTRIBUTES)(POBJECT_ATTRIBUTES,PUNICODE_STRING,ULONG,HANDLE,PSECURITY_DESCRIPTOR);
INITIALIZEOBJECTATTRIBUTES InitializeObjectAttributes;
typedef DWORD (CALLBACK* ZWOPENFILE)(PHANDLE,DWORD,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,ULONG,ULONG);
ZWOPENFILE ZwOpenFile;
DWORD getmap(PHANDLEINFO get1,LPVOID addr,HANDLE pm,char * buf)
{
DWORD readset;
LPVOID pmaddr1;
int i;
readset = (get1->dwKeObject>>0x16);
readset = *((LPDWORD)((DWORD)addr 4*readset));
if((readset&0x000000ff)==1)
{
 return 0;
}
else
{
 if((readset&0x000000ff)==0x80)
 {
  pmaddr1 = MapViewOfFile(pm,4,0,readset&0xfffff000,0x1000);
  readset = (get1->dwKeObject>>0x0c) & 0x3ff;
  readset = *((LPDWORD)((DWORD)pmaddr1 4*readset));
  UnmapViewOfFile(pmaddr1);
  readset = readset & 0x0FFFFF000;
 }
 else
 {
  readset=(readset&0xfffff000) (get1->dwKeObject&0x003ff000);
 }
 pmaddr1 =MapViewOfFile(pm,4,0,readset,0x1000);
 if(pmaddr1!=NULL)
 {
  readset = get1->dwKeObject&0x00000fff;
  readset = (DWORD)pmaddr1 readset;
  for(i=0;i<0x70;i )
  buf[i] = *((char *)(readset i));
  UnmapViewOfFile(pmaddr1);
 }
 else
 {
  return 0;
 }
}
return readset;
}
int main( )
{
DWORD readset1;
DWORD readset2;
DWORD readset3;
OVERLAPPED la;
HMODULE hNtdll = NULL;
DWORD dwNumEntries;
PHANDLEINFO pHandleInfo;
HANDLE htcp;
HANDLE pmy;
HANDLE hudp;
HANDLE myhand;
HANDLE h1=NULL;
hNtdll = LoadLibrary( "ntdll.dll" );
DWORD status;
LPVOID pmaddr;
TOKEN_PRIVILEGES NewState;
DWORD dwNumBytes = MAX_HANDLE_LIST_BUF;
PDWORD pdwHandleList;
PDWORD pdwHandInfo;
DWORD dwNumBytesRet;
HANDLE hToken;
BOOL isok;
UNICODE_STRING dn;
IO_STATUS_BLOCK ch3;
int port1;
int port2;
HANDLE hProc;
wchar_t * ch1 = L"\\Device\\Tcp";
wchar_t * ch2 = L"\\Device\\Udp"; 
OBJECT_ATTRIBUTES ofs;
DWORD i;
DWORD p=0;
char buf1[0x70];
char buf2[0x70];
char buf3[0x70];
char in[0x18];
char in1[0x18];
char out[0x38];
char out1[0x30];
PHANDLEINFO tcpdnum;
PHANDLEINFO udpdnum;
if ( !hNtdll )
{
 printf( "LoadLibrary( NTDLL.DLL ) Error:%d\n", GetLastError() );
 return false;
}
NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)
 GetProcAddress( hNtdll, "NtQuerySystemInformation");
RtlInitUnicodeString = (RTLINITUNICODESTRING)
 GetProcAddress( hNtdll, "RtlInitUnicodeString");
ZwOpenSection = (ZWOPENSECTION)
 GetProcAddress( hNtdll, "ZwOpenSection");;
InitializeObjectAttributes = (INITIALIZEOBJECTATTRIBUTES)
 GetProcAddress( hNtdll, "InitializeObjectAttributes");
ZwOpenFile = (ZWOPENFILE)
 GetProcAddress( hNtdll, "ZwOpenFile");;
RtlInitUnicodeString(&dn,L"\\Device\\PhysicalMemory");
OBJECT_ATTRIBUTES udm= {
     sizeof(OBJECT_ATTRIBUTES),     // Length
     NULL,                // RootDirectory
     &dn,                // ObjectName
     0,                 // Attributes
     NULL,                // SecurityDescriptor
     NULL,                // SecurityQualityOfService

标签:

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有

上一篇:透视木马程序开发技术(上)

下一篇:Win2K下关联进程/端口之代码初步分析

相关文章

IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设

网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源

网站联盟: 联盟新闻 联盟介绍 联盟点评 网赚技巧

行业资讯: 搜索引擎 网络游戏 电子商务 广告传媒

网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它

服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护

软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷

网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash

程序设计: Java技术 C/C++ VB delphi

网络知识: 网络协议 网络安全 网络管理 组网方案 Cisco技术

操作系统: Win2000 WinXP Win2003 Mac OS Linux FreeBSD

热门词条
最新资讯
热门关注
热门标签