70,024
社区成员
发帖
与我相关
我的任务
分享C环境中,如何向stdin中写入数据
如题,一个程序如何实现这样一个问题:
子进程等待键盘输入数据,父进程通过向stdin中写数据,子进程直接得到改数据之后结束进程。要达到类似效果如何实现?
子进程等待键盘输入数据,父进程通过向stdin中写数据,子进程直接得到改数据之后结束进程。要达到类似效果如何实现?
...全文
请发表友善的回复…
发表回复
赵4老师 2017-10-23
- 打赏
- 举报
http://www.autohotkey.com
使用.ahk脚本,理论上可以将90%以上的手动操作转化为自动运行的程序。
qq_40356934 2017-10-23
- 打赏
- 举报
shell语句执行的命令是由某一个服务提供的的操作,我如果想改只能去改这个服务的源码了?
qq_40356934 2017-10-23
- 打赏
- 举报
赵老师您好!感谢您的帮助,但是我确实没看懂上面的代码~~问题是这样的,我想重写一个system函数,子进程用execl执行一个shell语句,需要在终端上输入密码,并重复输入一次,我现在想做成,当这个shell语句阻塞在等待输入时,由父进程向子进程的stdin里写入一个密码并重复写入一次,这样就不需要有任何手动输入的操作了。
问题一:能否向stdin里写入数据?
问题二:父子进程间的stdin是否是同一个?
能否在子进程中将stdin重定向为管道读端,这样父进程直接向管道写端写入就可以了?
谢谢~~!
赵4老师 2017-10-20
- 打赏
- 举报
API SendInput
http://www.autohotkey.com
赵4老师 2017-10-20
- 打赏
- 举报
仅供参考:
/*
Application: Code Injection in Explorer
Author: @_RT
Compiled on: Feb 2014
URL:http://www.codeproject.com/Tips/732044/Code-Injection-2
We will see the different steps involved to perform a code injection into an already running process.
Following are the quick steps through the process of injection.
1.Get the API addresses that you will be calling from the injected code.
2.Prepare shell code of your function that you want to get executed from the injected process.
3.Get the process ID of the running process that you wish to inject into by enumerating through the
list of processes or by finding the process's window (in case it's a GUI application) by class name or title.
4.Open the process using its Pid with All Access rights.
5.Allocate different memory spaces in the process that you are going to inject to with desired access
rights for holding different segments of your shell code.
Code part (executable instructions)
Data part (strings, function parameters, etc.)
6.Write the allocated memories with the respective values (code and data).
7.Call CreateRemoteThread API and pass to it the start of allocated memory address where you have
written your shell code from the process we are injecting.
*/
#include <windows.h>
#pragma comment(lib,"user32.lib")
LPVOID addr;
LPVOID addr2;
BOOL InjectExecutable(DWORD dwPid,LPVOID si,LPVOID pi,int sisize,int pisize)
{
LPVOID hNewModule;
HANDLE hProcess;
CHAR S[] = { "C:\\Windows\\system32\\notepad.exe" };
BYTE byt[] = {0x6A, 0x00, 0x6A, 0x00, 0x6A, 0x00, 0x6A, 0x01, 0x6A, 0x00, 0x6A, 0x00, 0x6A, 0x00, 0x68};
//push 0 , push 0, push 0, push 1, push 0, push 0, push 0, push 0xXXXXXXXX
BYTE byt2[] = {0xE8};//call 0xXXXXXXXX
BYTE byt3[] = {0x68};//push 0xXXXXXXXX
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);
if (hProcess == NULL)
{
return FALSE;
}
LPVOID staddr = VirtualAllocEx(hProcess, NULL, sizeof(S), MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess, staddr, S, sizeof(S), NULL);
LPVOID fnaddr = VirtualAllocEx(hProcess, NULL, 4, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess, fnaddr, pi, sisize, NULL);
LPVOID fnaddr2 = VirtualAllocEx(hProcess, NULL, 4, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess, fnaddr2, si, pisize, NULL);
hNewModule = VirtualAllocEx(hProcess, NULL, 100, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (hNewModule == NULL)
{
return FALSE;
}
LPTHREAD_START_ROUTINE strtaddr = (LPTHREAD_START_ROUTINE)hNewModule;
WriteProcessMemory(hProcess, hNewModule, byt3, sizeof(byt3), NULL);
hNewModule = (LPVOID)((int)hNewModule + sizeof(byt3));
WriteProcessMemory(hProcess, hNewModule, &fnaddr, sizeof(fnaddr), NULL);
hNewModule = (LPVOID)((int)hNewModule + sizeof(fnaddr)); // push &pi ;lpProcessInformation
WriteProcessMemory(hProcess, hNewModule, byt3, sizeof(byt3), NULL);
hNewModule = (LPVOID)((int)hNewModule + sizeof(byt3));
WriteProcessMemory(hProcess, hNewModule, &fnaddr2, sizeof(fnaddr2), NULL);
hNewModule = (LPVOID)((int)hNewModule + sizeof(fnaddr2)); // push &si ;lpStartupInfo
WriteProcessMemory(hProcess, hNewModule, byt, sizeof(byt), NULL); // push 0 , push 0, push 0, push 1, push 0, push 0, push 0, push 0xXXXXXXXX==&S[0];"C:\\Windows\\system32\\notepad.exe"
hNewModule = (LPVOID)((int)hNewModule + sizeof(byt)); // lpCurrentDirectory,lpEnvironment,dwCreationFlags,bInheritHandles,lpThreadAttributes,lpProcessAttributes,lpCommandLine,lpApplicationName
WriteProcessMemory(hProcess, hNewModule, &staddr, sizeof(staddr), NULL);
hNewModule = (LPVOID)((int)hNewModule + sizeof(staddr));
WriteProcessMemory(hProcess, hNewModule, byt2, sizeof(byt2), NULL);
hNewModule = (LPVOID)((int)hNewModule + sizeof(byt2)); // call CreateProcessA
addr = (LPVOID)((int)addr - ((int)hNewModule + 4));
WriteProcessMemory(hProcess, hNewModule, &addr, sizeof(addr), NULL);
hNewModule = (LPVOID)((int)hNewModule + sizeof(addr));
WriteProcessMemory(hProcess, hNewModule, byt, 2, NULL);
hNewModule = (LPVOID)((int)hNewModule + 2); // push 0 ;DWORD dwExitCode // exit code for this thread
WriteProcessMemory(hProcess, hNewModule, byt2, sizeof(byt2), NULL);
hNewModule = (LPVOID)((int)hNewModule + sizeof(byt2)); // call ExitThread
addr2 = (LPVOID)((int)addr2 - ((int)hNewModule + 4));
WriteProcessMemory(hProcess, hNewModule, &addr2, sizeof(addr2), NULL);
CreateRemoteThread(hProcess, 0, 0, strtaddr, NULL, 0, NULL);
return TRUE;
}
int main()
{
_STARTUPINFOA si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
ZeroMemory(&pi, sizeof(pi));
DWORD dwPid;
HMODULE ldlib = LoadLibraryA("Kernel32.dll");
addr = GetProcAddress(ldlib, "CreateProcessA");
addr2 = GetProcAddress(ldlib, "ExitThread");
HWND hWnd1=FindWindow(NULL, "Program Manager");
if (NULL==hWnd1) {
return 1;
}
GetWindowThreadProcessId(hWnd1, &dwPid);
InjectExecutable(dwPid,&si,&pi,sizeof(si),sizeof(pi));
return 0;
}
qq_40356934 2017-10-20
- 打赏
- 举报
审题!审题!审题!子进程已经被scanf阻塞了,并不是进程间通信,需要父进程向stdin里写入数据来结束子进程的阻塞,有什么办法哪个做到
赵4老师 2017-10-19
- 打赏
- 举报
仅供参考:
#pragma comment(lib,"user32")
#include <stdio.h>
#include <string.h>
#include <windows.h>
int main() {
SECURITY_ATTRIBUTES sa = {0};
STARTUPINFO si = {0};
PROCESS_INFORMATION pi = {0};
HANDLE hPipeOutputRead = NULL;
HANDLE hPipeOutputWrite = NULL;
HANDLE hPipeInputRead = NULL;
HANDLE hPipeInputWrite = NULL;
BOOL bTest = 0;
DWORD dwNumberOfBytesRead = 0;
DWORD dwNumberOfBytesWrite = 0;
CHAR szMsg[100];
CHAR szBuffer[256];
sa.nLength = sizeof(sa);
sa.bInheritHandle = TRUE;
sa.lpSecurityDescriptor = NULL;
// Create pipe for standard output redirection.
CreatePipe(&hPipeOutputRead, // read handle
&hPipeOutputWrite, // write handle
&sa, // security attributes
0 // number of bytes reserved for pipe - 0 default
);
// Create pipe for standard input redirection.
CreatePipe(&hPipeInputRead, // read handle
&hPipeInputWrite, // write handle
&sa, // security attributes
0 // number of bytes reserved for pipe - 0 default
);
// Make child process use hPipeOutputWrite as standard out,
// and make sure it does not show on screen.
si.cb = sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
si.wShowWindow = SW_HIDE;
si.hStdInput = hPipeInputRead;
si.hStdOutput = hPipeOutputWrite;
si.hStdError = hPipeOutputWrite;
CreateProcess (
NULL, "cmd.exe",
NULL, NULL,
TRUE, 0,
NULL, NULL,
&si, &pi);
// Now that handles have been inherited, close it to be safe.
// You don't want to read or write to them accidentally.
CloseHandle(hPipeOutputWrite);
CloseHandle(hPipeInputRead);
// Now test to capture DOS application output by reading
// hPipeOutputRead. Could also write to DOS application
// standard input by writing to hPipeInputWrite.
sprintf(szMsg, "ver\n");
WriteFile(
hPipeInputWrite, // handle of the write end of our pipe
&szMsg, // address of buffer that send data
strlen(szMsg), // number of bytes to write
&dwNumberOfBytesWrite,// address of number of bytes read
NULL // non-overlapped.
);
while(TRUE)
{
bTest=ReadFile(
hPipeOutputRead, // handle of the read end of our pipe
&szBuffer, // address of buffer that receives data
256, // number of bytes to read
&dwNumberOfBytesRead, // address of number of bytes read
NULL // non-overlapped.
);
if (!bTest){
sprintf(szMsg, "Error #%d reading pipe.",GetLastError());
printf("%s",szMsg);
break;
}
// do something with data.
szBuffer[dwNumberOfBytesRead] = 0; // null terminate
printf("%s",szBuffer);
if ('>'==szBuffer[dwNumberOfBytesRead-1]) break;
}
sprintf(szMsg, "chcp\nexit\n");
WriteFile(
hPipeInputWrite, // handle of the write end of our pipe
&szMsg, // address of buffer that send data
strlen(szMsg), // number of bytes to write
&dwNumberOfBytesWrite,// address of number of bytes read
NULL // non-overlapped.
);
while(TRUE)
{
bTest=ReadFile(
hPipeOutputRead, // handle of the read end of our pipe
&szBuffer, // address of buffer that receives data
256, // number of bytes to read
&dwNumberOfBytesRead, // address of number of bytes read
NULL // non-overlapped.
);
if (!bTest){
sprintf(szMsg, "Error #%d reading pipe.",GetLastError());
printf("%s",szMsg);
break;
}
// do something with data.
szBuffer[dwNumberOfBytesRead] = 0; // null terminate
printf("%s",szBuffer);
}
// Wait for CONSPAWN to finish.
WaitForSingleObject (pi.hProcess, INFINITE);
// Close all remaining handles
CloseHandle (pi.hProcess);
CloseHandle (hPipeOutputRead);
CloseHandle (hPipeInputWrite);
return 0;
}
//C:\test>test
//Microsoft Windows [版本 5.2.3790]
//(C) 版权所有 1985-2003 Microsoft Corp.
//
//C:\test>ver
//
//Microsoft Windows [版本 5.2.3790]
//
//C:\test>chcp
//活动的代码页: 936
//
//C:\test>exit
//Error #109 reading pipe.
//C:\test>
xiaohuh421 2017-10-18
- 打赏
- 举报
进程间通信方式都能实现吧.
百度: 进程间通信方式
自信男孩 2017-10-18
- 打赏
- 举报
建议参考管道的实现
