--------------------------------------
黑鹰基地教程
黑鹰基地www.3800cc
专业的黑客安全技术培训基地
多抽出一分钟时间学习.让你的生命更加精彩.
--------------------------------------
第十五章 木马编程实例讲解
第三节 ping命令的实现和控制实例
一,ping 命令的实现
我们在程序中,使用了icmp.dll中的函数。
IcmpCreateFile: 打开一个句柄,通过该句柄发送ICMP的请求报文;
IcmpCloseHandle: 关闭通过IcmpCreateFile函数打开的句柄;
IcmpSendEcho:通过打开的句柄发送ICMP请求,在超时或接收到应答报文后返回。
主要代码为:
Public Function Ping(szAddress As String, ECHO As ICMP_ECHO_REPLY) As Long
Dim hPort As Long
Dim dwAddress As Long
Dim sDataToSend As String
Dim iOpt As Long
sDataToSend = "Echo This"
dwAddress = AddressStringToLong(szAddress)
hPort = IcmpCreateFile()
If IcmpSendEcho(hPort, _
dwAddress, _
sDataToSend, _
Len(sDataToSend), _
0, _
ECHO, _
Len(ECHO), _
PING_TIMEOUT) Then
Ping = ECHO.RoundTripTime
Else: Ping = ECHO.status * -1
End If
Call IcmpCloseHandle(hPort)
End Function
二,关机
关机程序是最为常用的控制手段,它包括关机,重起,注销等
主要代码为:
Private Declare Function ExitWindowsEx Lib "user32" (ByVal dwOptions As Long, ByVal dwReserved As Long) As Long
Private Declare Function GetCurrentProcess Lib "kernel32" () As Long
Private Declare Function OpenProcessToken Lib "advapi32" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function LookupPrivilegeValue Lib "advapi32" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LUID) As Long
Private Declare Function AdjustTokenPrivileges Lib "advapi32" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long
Private Type LUID
UsedPart As Long
IgnoredForNowHigh32BitPart As Long
End Type
Private Type TOKEN_PRIVILEGES
PrivilegeCount As Long
TheLuid As LUID
Attributes As Long
End Type
Private Const EWX_SHUTDOWN As Long = 1
Private Const EWX_REBOOT = 2
Private Const EWX_LOGOFF = 0
Private Sub AdjustToken()
Const TOKEN_ADJUST_PRIVILEGES = &H20
Const TOKEN_QUERY = &H8
Const SE_PRIVILEGE_ENABLED = &H2
Dim hdlProcessHandle As Long
Dim hdlTokenHandle As Long
Dim tmpLuid As LUID
Dim tkp As TOKEN_PRIVILEGES
Dim tkpNewButIgnored As TOKEN_PRIVILEGES
Dim lBufferNeeded As Long
hdlProcessHandle = GetCurrentProcess()
OpenProcessToken hdlProcessHandle, (TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY), hdlTokenHandle
LookupPrivilegeValue "", "SeShutdownPrivilege", tmpLuid
tkp.PrivilegeCount = 1
tkp.TheLuid = tmp
Luid
tkp.Attributes = SE_PRIVILEGE_ENABLED
AdjustTokenPrivileges hdlTokenHandle, False, tkp, Len(tkpNewButIgnored), tkpNewButIgnored, lBufferNeeded
End Sub
Private Sub Command1_Click()
Call AdjustToken
ExitWindowsEx EWX_SHUTDOWN, 0
End Sub
Private Sub Command2_Click()
Call AdjustToken
ExitWindowsEx EWX_REBOOT, 0
End Sub
Private Sub Command3_Click()
ExitWindowsEx EWX_LOGOFF, 0
End Sub
三,光驱的控制
这也是一个非常多见的常用控制,它的实现是借助了多媒体动态连接库文件 winmm.dll。
Private Declare Function mciSendString Lib "winmm.dll" Alias "mciSendStringA" (ByVal lpstrCommand As String, ByVal lpstrReturnString As String, ByVal uReturnLength As Long, ByVal hwndCallback As Long) As Long
Sub OpenCDDoor()
mciSendString "Set CDAudio Door Open Wait", 0&, 0&, 0&
End Sub
Sub CloseCDDoor()
mciSendString "Set CDAudio Door Closed Wait", 0&, 0&, 0&
关机程序代码End Sub
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论