程序基本流程:
??????1,創建服務端Socket,端口綁定,監聽。
????????????這也是一般的socket程序的處理流程。
??????2,啟動循環并在循環體中接收客戶端請求并返回客戶端套接字。
??????3，啟動子線程處理當前連接。在子線程中進行cmd子進程的創建及數據的發送和接受。其中子進程的輸入輸出重定向如下：
??????
??????????????????????
??????3.1,創建讀寫管道.
??????
??????3.2,創建cmd子進程,將設置cmd的輸入輸出句柄為管道句柄.
??????
??????未完待續.?
??????程序代碼: Code
#include?<stdio.h>
#include?<winsock2.h>
#pragma?comment(lib,"ws2_32");

//線程參數
struct?THREADPARAM{
????SOCKET?socket;//客戶端連接套接字.
????HANDLE?hReadShell;//shell的讀管道句柄.
????HANDLE?hWriteShell;//shell的寫管道句柄.
};
//接收線程
DWORD?WINAPI?RecvFunc(LPVOID?lpParam);
//發送線程
DWORD?WINAPI?SendFunc(LPVOID?lpParam);

void?main()
{
????WSADATA?wsaData;
????int?err;
????err=WSAStartup(MAKEWORD(2,2),&wsaData);
????if(err?!=?0){
????????printf("WSAStartup?failed\r\n");
????????return;
????}
????if(LOBYTE(wsaData.wVersion)?!=?2||
????????HIBYTE(wsaData.wVersion)?!=?2){
????????WSACleanup();
????????return;
????}
????//創建服務端套接字
????SOCKET?sockSrv=socket(AF_INET,SOCK_STREAM,0);
????SOCKADDR_IN?addrSrv;
????addrSrv.sin_addr.S_un.S_addr=htonl(INADDR_ANY);
????addrSrv.sin_family=AF_INET;
????addrSrv.sin_port=htons(1234);
????//綁定端口
????bind(sockSrv,(SOCKADDR?*)&addrSrv,sizeof(SOCKADDR));
????//監聽
????listen(sockSrv,5);
????while(1){
????????SOCKADDR_IN?addrClient;
????????int?len=sizeof(SOCKADDR);
????????SOCKET?sockClient=accept(sockSrv,(SOCKADDR?*)&addrClient,&len);
????????if(sockClient?==?INVALID_SOCKET){
????????????printf("Invalid?client?socket!\r\n");
????????????break;
????????}
????????//安全屬性
????????SECURITY_ATTRIBUTES?sa;
????????sa.nLength=sizeof(SECURITY_ATTRIBUTES);
????????sa.bInheritHandle=TRUE;
????????sa.lpSecurityDescriptor=NULL;
????????HANDLE?hReadPipe,hWritePipe;
????????HANDLE?hWriteShell,hReadShell;
????????//創建管道
????????if(!CreatePipe(&hReadPipe,&hWriteShell,&sa,NULL)){
????????????printf("Create?anomyous?pipe?failed!\r\n");
????????????break;
????????};
????????if(!CreatePipe(&hReadShell,&hWritePipe,&sa,NULL)){
????????????printf("Create?anomyous?pipe?failed!\r\n");
????????????break;
????????};
????????
????????//設置啟動參數并啟動shell子進程
????????STARTUPINFO?startupInfo;
????????ZeroMemory(&startupInfo,sizeof(STARTUPINFO));
????????startupInfo.cb=sizeof(STARTUPINFO);
????????startupInfo.dwFlags=STARTF_USESTDHANDLES|STARTF_USESHOWWINDOW;
????????startupInfo.hStdInput?=hReadPipe;
????????startupInfo.hStdOutput=hWritePipe;
????????startupInfo.hStdError?=?hWritePipe;
????????startupInfo.wShowWindow=SW_SHOW;
????????PROCESS_INFORMATION?pi;
????????CreateProcess(NULL,"cmd",NULL,NULL,
????????????TRUE,0,NULL,NULL,&startupInfo,&pi);
????????DWORD?threadId1,threadId2;
????????THREADPARAM?tp;
????????tp.socket=sockClient;
????????tp.hReadShell=hReadShell;
????????tp.hWriteShell=hWriteShell;
????????HANDLE?h1=CreateThread(NULL,0,RecvFunc,(LPVOID)&tp,NULL,&threadId1);
????????HANDLE?h2=????CreateThread(NULL,0,SendFunc,(LPVOID)&tp,NULL,&threadId2);
????????//WaitForSingleObject(h1,INFINITE);
????????//WaitForSingleObject(h2,INFINITE);
????}
????closesocket(sockSrv);
????WSACleanup();
????return?;
}



DWORD?WINAPI?RecvFunc(LPVOID?lpParam){
????THREADPARAM?*pParam=(THREADPARAM?*)lpParam;
????char?buf[4096];
????while(1){
????????if(pParam->socket?==?INVALID_SOCKET){
????????????return?0;
????????}
????????memset(buf,0,4096);
????????DWORD?dwRecvLen=recv(pParam->socket,buf,100,0);
????????if(dwRecvLen?<=?0){
????????????closesocket(pParam->socket);
????????????pParam->socket=INVALID_SOCKET;
????????????return?0;
????????}
????????DWORD?dwBytesWritten;
????????WriteFile(pParam->hWriteShell,buf,dwRecvLen,&dwBytesWritten,0);
????????printf("In?RecvFunc:\nsocket=0x%08x\r\n",pParam->socket);
????????printf("Write?%d?bytes:%s,%d?bytes?writen?actually\r\n",dwRecvLen,buf,dwBytesWritten);
????}

????return?0;
}

DWORD?WINAPI?SendFunc(LPVOID?lpParam){
????THREADPARAM?*pParam=(THREADPARAM?*)lpParam;
????char?buf[4096];
????while(1){
????????if(pParam->socket?==?INVALID_SOCKET)
????????????return?0;
????????memset(buf,0,4096);
????????DWORD?dwRead=0;
????????ReadFile(pParam->hReadShell,buf,100,&dwRead,0);
????????if(dwRead?!=?0){
????????????int?ret=send(pParam->socket,buf,dwRead+1,0);
????????????printf("In?SendFunc:\nsocket=0x%08x\r\n",pParam->socket);
????????????printf("Read?%d?bytes:%s\r\nSend",dwRead,buf);
????????}

????}

????return?0;
}??????程序在處理客戶端斷開連接時還未加處理.歡迎讀者給我提出一些意見和建議.

轉載于:https://www.cnblogs.com/cmleung/archive/2009/09/23/1572279.html

總結

以上是生活随笔為你收集整理的获取Windows Shell的简单示例程序二的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。