C环境中,如何向stdin中写入数据

qq_40356934 2017-10-18 02:32:23
如题,一个程序如何实现这样一个问题:
子进程等待键盘输入数据,父进程通过向stdin中写数据,子进程直接得到改数据之后结束进程。要达到类似效果如何实现?
...全文
1380 9 打赏 收藏 转发到动态 举报
AI 作业
写回复
用AI写文章
9 条回复
切换为时间正序
请发表友善的回复…
发表回复
赵4老师 2017-10-23
  • 打赏
  • 举报
回复
http://www.autohotkey.com 使用.ahk脚本,理论上可以将90%以上的手动操作转化为自动运行的程序。
qq_40356934 2017-10-23
  • 打赏
  • 举报
回复
shell语句执行的命令是由某一个服务提供的的操作,我如果想改只能去改这个服务的源码了?
qq_40356934 2017-10-23
  • 打赏
  • 举报
回复
赵老师您好!感谢您的帮助,但是我确实没看懂上面的代码~~问题是这样的,我想重写一个system函数,子进程用execl执行一个shell语句,需要在终端上输入密码,并重复输入一次,我现在想做成,当这个shell语句阻塞在等待输入时,由父进程向子进程的stdin里写入一个密码并重复写入一次,这样就不需要有任何手动输入的操作了。 问题一:能否向stdin里写入数据? 问题二:父子进程间的stdin是否是同一个? 能否在子进程中将stdin重定向为管道读端,这样父进程直接向管道写端写入就可以了? 谢谢~~!
赵4老师 2017-10-20
  • 打赏
  • 举报
回复
赵4老师 2017-10-20
  • 打赏
  • 举报
回复
仅供参考:
/*
    Application:    Code Injection in Explorer
    Author:     @_RT
    Compiled on:    Feb 2014
    URL:http://www.codeproject.com/Tips/732044/Code-Injection-2

    We will see the different steps involved to perform a code injection into an already running process.

    Following are the quick steps through the process of injection.
    1.Get the API addresses that you will be calling from the injected code.
    2.Prepare shell code of your function that you want to get executed from the injected process.
    3.Get the process ID of the running process that you wish to inject into by enumerating through the
      list of processes or by finding the process's window (in case it's a GUI application) by class name or title.
    4.Open the process using its Pid with All Access rights.
    5.Allocate different memory spaces in the process that you are going to inject to with desired access
      rights for holding different segments of your shell code.
        Code part (executable instructions)
        Data part (strings, function parameters, etc.)
    6.Write the allocated memories with the respective values (code and data).
    7.Call CreateRemoteThread API and pass to it the start of allocated memory address where you have
      written your shell code from the process we are injecting.
*/

#include <windows.h>
#pragma comment(lib,"user32.lib")

LPVOID addr;
LPVOID addr2;

BOOL InjectExecutable(DWORD dwPid,LPVOID si,LPVOID pi,int sisize,int pisize)
{
    LPVOID hNewModule;
    HANDLE hProcess;
    CHAR S[]    = { "C:\\Windows\\system32\\notepad.exe" };
    BYTE byt[]  = {0x6A, 0x00, 0x6A, 0x00, 0x6A, 0x00, 0x6A, 0x01, 0x6A, 0x00, 0x6A, 0x00, 0x6A, 0x00, 0x68};
                 //push  0   , push     0, push     0, push     1, push     0, push     0, push     0, push 0xXXXXXXXX
    BYTE byt2[] = {0xE8};//call 0xXXXXXXXX
    BYTE byt3[] = {0x68};//push 0xXXXXXXXX

    hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);
    if (hProcess == NULL)
    {
        return FALSE;
    }

    LPVOID staddr = VirtualAllocEx(hProcess, NULL, sizeof(S), MEM_COMMIT, PAGE_READWRITE);
    WriteProcessMemory(hProcess, staddr, S, sizeof(S), NULL);
    LPVOID fnaddr = VirtualAllocEx(hProcess, NULL, 4, MEM_COMMIT, PAGE_READWRITE);
    WriteProcessMemory(hProcess, fnaddr, pi, sisize, NULL);
    LPVOID fnaddr2 = VirtualAllocEx(hProcess, NULL, 4, MEM_COMMIT, PAGE_READWRITE);
    WriteProcessMemory(hProcess, fnaddr2, si, pisize, NULL);

    hNewModule = VirtualAllocEx(hProcess, NULL, 100, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
    if (hNewModule == NULL)
    {
        return FALSE;
    }
    LPTHREAD_START_ROUTINE strtaddr = (LPTHREAD_START_ROUTINE)hNewModule;

    WriteProcessMemory(hProcess, hNewModule, byt3, sizeof(byt3), NULL);
    hNewModule = (LPVOID)((int)hNewModule + sizeof(byt3));
    WriteProcessMemory(hProcess, hNewModule, &fnaddr, sizeof(fnaddr), NULL);
    hNewModule = (LPVOID)((int)hNewModule + sizeof(fnaddr));                    // push &pi ;lpProcessInformation
    WriteProcessMemory(hProcess, hNewModule, byt3, sizeof(byt3), NULL);
    hNewModule = (LPVOID)((int)hNewModule + sizeof(byt3));
    WriteProcessMemory(hProcess, hNewModule, &fnaddr2, sizeof(fnaddr2), NULL);
    hNewModule = (LPVOID)((int)hNewModule + sizeof(fnaddr2));                   // push &si ;lpStartupInfo
    WriteProcessMemory(hProcess, hNewModule, byt, sizeof(byt), NULL);           // push 0 , push 0, push 0, push 1, push 0, push 0, push 0, push 0xXXXXXXXX==&S[0];"C:\\Windows\\system32\\notepad.exe"
    hNewModule = (LPVOID)((int)hNewModule + sizeof(byt));                       // lpCurrentDirectory,lpEnvironment,dwCreationFlags,bInheritHandles,lpThreadAttributes,lpProcessAttributes,lpCommandLine,lpApplicationName
    WriteProcessMemory(hProcess, hNewModule, &staddr, sizeof(staddr), NULL);
    hNewModule = (LPVOID)((int)hNewModule + sizeof(staddr));
    WriteProcessMemory(hProcess, hNewModule, byt2, sizeof(byt2), NULL);
    hNewModule = (LPVOID)((int)hNewModule + sizeof(byt2));                      // call CreateProcessA
    addr = (LPVOID)((int)addr - ((int)hNewModule + 4));
    WriteProcessMemory(hProcess, hNewModule, &addr, sizeof(addr), NULL);
    hNewModule = (LPVOID)((int)hNewModule + sizeof(addr));
    WriteProcessMemory(hProcess, hNewModule, byt, 2, NULL);
    hNewModule = (LPVOID)((int)hNewModule + 2);                                 // push 0 ;DWORD dwExitCode   // exit code for this thread
    WriteProcessMemory(hProcess, hNewModule, byt2, sizeof(byt2), NULL);
    hNewModule = (LPVOID)((int)hNewModule + sizeof(byt2));                      // call ExitThread
    addr2 = (LPVOID)((int)addr2 - ((int)hNewModule + 4));
    WriteProcessMemory(hProcess, hNewModule, &addr2, sizeof(addr2), NULL);

    CreateRemoteThread(hProcess, 0, 0, strtaddr, NULL, 0, NULL);
    return TRUE;
}

int main()
{
    _STARTUPINFOA si;
    PROCESS_INFORMATION pi;

    ZeroMemory(&si, sizeof(si));
    si.cb = sizeof(si);
    ZeroMemory(&pi, sizeof(pi));

    DWORD dwPid;
    HMODULE ldlib = LoadLibraryA("Kernel32.dll");
    addr = GetProcAddress(ldlib, "CreateProcessA");
    addr2 = GetProcAddress(ldlib, "ExitThread");
    HWND hWnd1=FindWindow(NULL, "Program Manager");
    if (NULL==hWnd1) {
        return 1;
    }
    GetWindowThreadProcessId(hWnd1, &dwPid);

    InjectExecutable(dwPid,&si,&pi,sizeof(si),sizeof(pi));

    return 0;
}
qq_40356934 2017-10-20
  • 打赏
  • 举报
回复 1
审题!审题!审题!子进程已经被scanf阻塞了,并不是进程间通信,需要父进程向stdin里写入数据来结束子进程的阻塞,有什么办法哪个做到
赵4老师 2017-10-19
  • 打赏
  • 举报
回复
仅供参考:
#pragma comment(lib,"user32")
#include <stdio.h>
#include <string.h>
#include <windows.h>
int main() {
    SECURITY_ATTRIBUTES sa          = {0};
    STARTUPINFO         si          = {0};
    PROCESS_INFORMATION pi          = {0};
    HANDLE              hPipeOutputRead  = NULL;
    HANDLE              hPipeOutputWrite = NULL;
    HANDLE              hPipeInputRead   = NULL;
    HANDLE              hPipeInputWrite  = NULL;
    BOOL                bTest = 0;
    DWORD               dwNumberOfBytesRead = 0;
    DWORD               dwNumberOfBytesWrite = 0;
    CHAR                szMsg[100];
    CHAR                szBuffer[256];

    sa.nLength = sizeof(sa);
    sa.bInheritHandle = TRUE;
    sa.lpSecurityDescriptor = NULL;

    // Create pipe for standard output redirection.
    CreatePipe(&hPipeOutputRead,  // read handle
            &hPipeOutputWrite, // write handle
            &sa,      // security attributes
            0      // number of bytes reserved for pipe - 0 default
            );

    // Create pipe for standard input redirection.
    CreatePipe(&hPipeInputRead,  // read handle
            &hPipeInputWrite, // write handle
            &sa,      // security attributes
            0      // number of bytes reserved for pipe - 0 default
            );

    // Make child process use hPipeOutputWrite as standard out,
    // and make sure it does not show on screen.
    si.cb = sizeof(si);
    si.dwFlags     = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
    si.wShowWindow = SW_HIDE;
    si.hStdInput   = hPipeInputRead;
    si.hStdOutput  = hPipeOutputWrite;
    si.hStdError   = hPipeOutputWrite;

    CreateProcess (
          NULL, "cmd.exe",
          NULL, NULL,
          TRUE, 0,
          NULL, NULL,
          &si, &pi);

    // Now that handles have been inherited, close it to be safe.
    // You don't want to read or write to them accidentally.
    CloseHandle(hPipeOutputWrite);
    CloseHandle(hPipeInputRead);

    // Now test to capture DOS application output by reading
    // hPipeOutputRead.  Could also write to DOS application
    // standard input by writing to hPipeInputWrite.
    sprintf(szMsg, "ver\n");
    WriteFile(
          hPipeInputWrite,      // handle of the write end of our pipe
          &szMsg,               // address of buffer that send data
          strlen(szMsg),        // number of bytes to write
          &dwNumberOfBytesWrite,// address of number of bytes read
          NULL                  // non-overlapped.
          );

    while(TRUE)
    {
       bTest=ReadFile(
          hPipeOutputRead,      // handle of the read end of our pipe
          &szBuffer,            // address of buffer that receives data
          256,                  // number of bytes to read
          &dwNumberOfBytesRead, // address of number of bytes read
          NULL                  // non-overlapped.
          );

      if (!bTest){
          sprintf(szMsg, "Error #%d reading pipe.",GetLastError());
          printf("%s",szMsg);
          break;
      }

      // do something with data.
      szBuffer[dwNumberOfBytesRead] = 0;  // null terminate
      printf("%s",szBuffer);
      if ('>'==szBuffer[dwNumberOfBytesRead-1]) break;
    }

    sprintf(szMsg, "chcp\nexit\n");
    WriteFile(
          hPipeInputWrite,      // handle of the write end of our pipe
          &szMsg,               // address of buffer that send data
          strlen(szMsg),        // number of bytes to write
          &dwNumberOfBytesWrite,// address of number of bytes read
          NULL                  // non-overlapped.
          );

    while(TRUE)
    {
       bTest=ReadFile(
          hPipeOutputRead,      // handle of the read end of our pipe
          &szBuffer,            // address of buffer that receives data
          256,                  // number of bytes to read
          &dwNumberOfBytesRead, // address of number of bytes read
          NULL                  // non-overlapped.
          );

      if (!bTest){
          sprintf(szMsg, "Error #%d reading pipe.",GetLastError());
          printf("%s",szMsg);
          break;
      }

      // do something with data.
      szBuffer[dwNumberOfBytesRead] = 0;  // null terminate
      printf("%s",szBuffer);
    }

    // Wait for CONSPAWN to finish.
    WaitForSingleObject (pi.hProcess, INFINITE);

    // Close all remaining handles
    CloseHandle (pi.hProcess);
    CloseHandle (hPipeOutputRead);
    CloseHandle (hPipeInputWrite);

    return 0;
}
//C:\test>test
//Microsoft Windows [版本 5.2.3790]
//(C) 版权所有 1985-2003 Microsoft Corp.
//
//C:\test>ver
//
//Microsoft Windows [版本 5.2.3790]
//
//C:\test>chcp
//活动的代码页: 936
//
//C:\test>exit
//Error #109 reading pipe.
//C:\test>
xiaohuh421 2017-10-18
  • 打赏
  • 举报
回复
进程间通信方式都能实现吧. 百度: 进程间通信方式
自信男孩 2017-10-18
  • 打赏
  • 举报
回复
建议参考管道的实现
1. C 语言的指针和内存泄漏 5 2. C语言难点分析整理 10 3. C语言难点 18 4. C/C++实现冒泡排序算法 32 5. C++指针和引用的区别 35 6. const char*, char const*, char*const的区别 36 7. C可变参数函数实现 38 8. C程序内存组成部分 41 9. C编程拾粹 42 10. C语言实现数组的动态增长 44 11. C语言的位运算 46 12. 浮点数的存储格式: 50 13. 位域 58 14. C语言函数二维数组传递方法 64 15. C语言复杂表达式的执行步骤 66 16. C语言字符串函数大全 68 17. C语言宏定义技巧 89 18. C语言实现动态数组 100 19. C语言笔试-运算符和表达式 104 20. C语言编程准则之稳定篇 107 21. C语言编程常见问题分析 108 22. C语言编程易犯毛病集合 112 23. C语言缺陷与陷阱(笔记) 119 24. C语言防止缓冲区溢出方法 126 25. C语言高效编程秘籍 128 26. C运算符优先级口诀 133 27. do/while(0)的妙用 134 28. exit()和return()的区别 140 29. exit子程序终止函数与return的差别 141 30. extern与static存储空间矛盾 145 31. PC-Lint与C\C++代码质量 147 32. spirntf函数使用大全 158 33. 二叉树的数据结构 167 34. 位运算应用口诀和实例 170 35. 内存对齐与ANSI Cstruct内存布局 173 36. 冒泡和选择排序实现 180 37. 函数指针数组与返回数组指针的函数 186 38. 右左法则- 复杂指针解析 189 39. 回车和换行的区别 192 40. 堆和堆栈的区别 194 41. 堆和堆栈的区别 198 42. 如何写出专业的C头文件 202 43. 打造最快的Hash表 207 44. 指针与数组学习笔记 222 45. 数组不是指针 224 46. 标准C字符串分割的方法 228 47. 汉诺塔源码 231 48. 洗牌算法 234 49. 深入理解C语言指针的奥秘 236 50. 游戏外挂的编写原理 254 51. 程序实例分析-为什么会陷入死循环 258 52. 空指针究竟指向了内存的哪个地方 260 53. 算术表达式的计算 265 54. 结构体对齐的具体含义 269 55. 连连看AI算法 274 56. 连连看寻路算法的思路 283 57. 重新认识:指向函数的指针 288 58. 链表的源码 291 59. 高质量的子程序 295 60. 高级C语言程序员测试必过的十六道最佳题目+答案详解 297 61. C语言常见错误 320 62. 超强的指针学习笔记 325 63. 程序员之路──关于代码风格 343 64. 指针、结构体、联合体的安全规范 346 65. C指针讲解 352 66. 关于指向指针的指针 368 67. C/C++ 误区一:void main() 373 68. C/C++ 误区二:fflush(stdin) 376 69. C/C++ 误区三:强制转换 malloc() 的返回值 380 70. C/C++ 误区四:char c = getchar(); 381 71. C/C++ 误区五:检查 new 的返回值 383 72. C 是 C++ 的子集吗? 384 73. C和C++的区别是什么? 387 74. 无条件循环 388 75. 产生随机数的方法 389 76. 顺序表及其操作 390 77. 单链表的实现及其操作 391 78. 双向链表 395 79. 程序员数据结构笔记 399 80. Hashtable和HashMap的区别 408 81. hash 表学习笔记 410 82. C程序设计常用算法源代码 412 83. C语言有头结点链表的经典实现 419 84. C语言惠通面试题 428 85. C语言常用宏定义 450

70,024

社区成员

发帖
与我相关
我的任务
社区描述
C语言相关问题讨论
社区管理员
  • C语言
  • 花神庙码农
  • 架构师李肯
加入社区
  • 近7日
  • 近30日
  • 至今
社区公告
暂无公告

试试用AI创作助手写篇文章吧