7,655
社区成员
发帖
与我相关
我的任务
分享windows匿名管道的问题
想通过匿名管道实现对hashcat这个程序的控制,即模拟键盘输入与获取输出。问题如下:程序运行后,可以通过一些按键来进行控制,如下图
。
按下s键后可以显示一些信息,如下图
。
想要通过匿名管道实现对这个程序的控制,并接受显示信息。程序启动后打印的信息可以正常接受,我创建的匿名管道感觉应该没有什么问题,我尝试创建cmd程序,然后通过管道输入"cmd\n",子程序执行,并回显。
程序的代码如下
。按下s键后可以显示一些信息,如下图
。想要通过匿名管道实现对这个程序的控制,并接受显示信息。程序启动后打印的信息可以正常接受,我创建的匿名管道感觉应该没有什么问题,我尝试创建cmd程序,然后通过管道输入"cmd\n",子程序执行,并回显。
程序的代码如下
#include "windows.h"
#include "tchar.h"
#include <string>
using std::wstring;
DWORD WINAPI ThreadWritePipe(LPVOID lParam)
{
HANDLE hWrite = *(HANDLE*)lParam;
DWORD dwWritten;
while (1)
{
Sleep(1000);
DWORD toWrite = 3;
char ctrlc[2] = { 0x03,0 };
WriteFile(hWrite, "s", 1, &dwWritten, NULL);
}
}
void main()
{
SECURITY_ATTRIBUTES sa;
HANDLE hRead, hWrite2, hRead2, hWrite;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = NULL; //使用系统默认的安全描述符
sa.bInheritHandle = TRUE; //创建的进程继承句柄
if (!CreatePipe(&hRead, &hWrite, &sa, 0)) //创建匿名管道 ,作为子进程的输出。
{
::MessageBox(NULL, _T("CreatePipe Failed!"), _T("提示"), MB_OK | MB_ICONWARNING);
return ;
}
if (!CreatePipe(&hRead2, &hWrite2, &sa, 0)) //创建匿名管道 ,作为子进程的输入。
{
::MessageBox(NULL, _T("CreatePipe Failed!"), _T("提示"), MB_OK | MB_ICONWARNING);
return ;
}
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(STARTUPINFO));
si.cb = sizeof(STARTUPINFO);
GetStartupInfo(&si);
si.hStdInput = hRead2;//子进程读,即是父进程写
si.hStdError = hWrite;
si.hStdOutput = hWrite; //新创建进程的标准输出连在写管道一端
si.wShowWindow = SW_HIDE; //隐藏窗口
si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
wstring inputcmd = _T("E:\\Security\\Project\\CrackFile\\CrackFile\\Debug\\cuda\\cuda\\cudahashcat64 -m 13000 -a 0 E:\\Security\\Project\\CrackFile\\CrackFile\\Debug\\cuda\\filehash.txt \
E:\\Security\\Project\\CrackFile\\hashcat-3.10\\dict.txt -o E:\\Security\\Project\\CrackFile\\CrackFile\\Debug\\cuda\\out.txt");
if (!CreateProcess(NULL, (LPWSTR)inputcmd.c_str(), NULL, NULL, TRUE, NULL, NULL, NULL, &si, &pi)) //创建子进程
{
int a = GetLastError();
::MessageBox(NULL, _T("CreateProcess Failed!"), _T("提示"), MB_OK | MB_ICONWARNING);
return ;
}
DWORD dwId;
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ThreadWritePipe, &hWrite2, 0, &dwId);
CloseHandle(hWrite); //关闭管道句柄
//CloseHandle(hRead2);
DWORD dwWritten;
//WriteFile(hWrite2, "sssss", 5, &dwWritten, NULL);
int a = GetLastError();
char buffer[4096] = { 0 };
DWORD bytesRead;
while (1) {
PeekNamedPipe(hRead, buffer, 4095, &bytesRead, NULL, NULL);
if (bytesRead == 0)continue;
if (ReadFile(hRead, buffer, 4095, &bytesRead, NULL) == NULL) //读取管道
break;
}
TCHAR tBuffer[4096];
_sntprintf_s(tBuffer, (strlen(buffer) + 1) * sizeof(CHAR), _TRUNCATE, _T("%S"), buffer);
}
...全文
请发表友善的回复…
发表回复
ouguanxiaosilang 2017-02-10
- 打赏
- 举报
在Hashcat程序中,找到了接受输入的源代码,部分代码如下
int tty_getchar()
{
fd_set rfds;
FD_ZERO (&rfds);
FD_SET (fileno (stdin), &rfds);
struct timeval tv;
tv.tv_sec = 1;
tv.tv_usec = 0;
int retval = select (1, &rfds, NULL, NULL, &tv);
if (retval == 0) return 0;
if (retval == -1) return -1;
return getchar();
}
static void keypress (hashcat_ctx_t *hashcat_ctx)
{
status_ctx_t *status_ctx = hashcat_ctx->status_ctx;
user_options_t *user_options = hashcat_ctx->user_options;
// this is required, because some of the variables down there are not initialized at that point
while (status_ctx->devices_status == STATUS_INIT) hc_sleep_msec (100);
const bool quiet = user_options->quiet;
tty_break ();
while (status_ctx->shutdown_outer == false)
{
int ch = tty_getchar ();
if (ch == -1) break;
if (ch == 0) continue;
//https://github.com/hashcat/hashcat/issues/302
//#if defined (_POSIX)
//if (ch != '\n')
//#endif
hc_thread_mutex_lock (status_ctx->mux_display);
event_log_info (hashcat_ctx, "");
switch (ch)
{
case 's':
case '\r':
case '\n':
event_log_info (hashcat_ctx, "");
status_display (hashcat_ctx);
event_log_info (hashcat_ctx, "");
if (quiet == false) send_prompt ();
break;
