以前曾经写过一篇使用匿名管道实现CMD回显,现在看起来那时候的代码真是弱爆了,怒重写一份。
[mw_shl_code=c,true]void ExecuteCommand(WCHAR * pszCommand, WCHAR *pszResult, DWORD dwCount)
{
BOOL bRet = FALSE;
USES_CONVERSION;
WCHAR szCmdPath[MAX_PATH] = {0};
GetSystemDirectory(szCmdPath, sizeof(szCmdPath));
PathAppend(szCmdPath, L"cmd.exe");
SECURITY_ATTRIBUTES SecurityAttributes;
SecurityAttributes.nLength = sizeof(SECURITY_ATTRIBUTES);
SecurityAttributes.lpSecurityDescrip{过滤}tor = NULL;
SecurityAttributes.bInheritHandle = TRUE;
HANDLE hRead = NULL;
HANDLE hWrite = NULL;
if(CreatePipe(&hRead, &hWrite, &SecurityAttributes, 0))
{
STARTUPINFO StartupInfo = {0};
StartupInfo.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
StartupInfo.hStdOutput = hWrite;
StartupInfo.hStdError = hWrite;
StartupInfo.wShowWindow = SW_HIDE;
PROCESS_INFORMATION ProcessInformation = {0};
WCHAR szCurrentPath[MAX_PATH] = {0};
GetCurrentDirectory(sizeof(szCurrentPath), szCurrentPath);
if(CreateProcess(szCmdPath, pszCommand, NULL, NULL, TRUE, 0, NULL, szCurrentPath, &StartupInfo, &ProcessInformation))
{
CloseHandle(hWrite);
char szBuffer[4096] = {0};
DWORD dwRead = 0;
if(pszResult)
{
pszResult[0] = 0;
while(TRUE)
{
memset(szBuffer, 0, sizeof(szBuffer));
bRet = ReadFile(hRead, szBuffer, sizeof(szBuffer), &dwRead, NULL);
if((FALSE == bRet) || (dwRead = 0))
break;
wcscat_s(pszResult, dwCount, A2W(szBuffer));
}
}
}
CloseHandle(hRead);
}
}[/mw_shl_code]
|