Writing method with Trojan with UDP protocol

xiaoxiao2021-03-06  83

A very important function of the Trojan is the remote monitoring screen. The following article tells how to use the UDP protocol to implement, not the TCP / IP protocol we usually used, very characterful, worth learning.

I. Software and software requirements. Windows95 / 98 peer-to-peer, computer (hereinafter referred to as the master) and the monitored computer (hereinafter referred to as a controller) must have a TCP / IP protocol and configure it correctly. If there is no network, you can debug on a single computer.

Second, implement the method. To prepare two applications, one is vclient.exe, mounted on a controlled machine, and the other is VSERVER.EXE, mounted on the master. VServer.exe Specifies the IP address of the controlled machine to be monitored and the size and location of the area to be captured on the controlled machine screen, and issue the screen capture instruction to vclient.exe, Vclient.exe gets the instruction, in controlled The specified area is selected on the screen, generate a data stream, send it back to the master, and display the BMP image of the capture area on the main control. As can be seen from the above process, the key to the method is two: one, how is the screen capture on a controlled machine, and the second is how to transfer data in two computers through the TCP / IP protocol.

UDP (User DataGram Protocol, is a user packet protocol) is one of the widely used communication protocols on the Internet. Unlike TCP protocols, it is a non-connected transport protocol, no confirmation mechanism, reliability is not as good as TCP, but its efficiency is higher than TCP, which is used for remote screen monitoring or more suitable. At the same time, the UDP control does not distinguish between server-side and clients, only distinguishes transmitting ends and receiving ends, which is more simple, so select UDP protocol, use the TNMUDP control provided by Delphi 4.0.

Third, create a demo program. The first step is to prepare a vclient.exe file. New Delphi project, set the Name property of the default form to "Client". Add TNMUDP control, the Name property is set to "CUDP"; set to "1111", allow the control CUDP to monitor the 1111 port of the controlled machine, when the data is sent to the port, the control CUDP's OnDataReceiveD event; RemotePort property To "2222", when the control CUDP sends data, the data is sent to 2222 ports of the master.

Add variable definitions after IMPLEMentation

Const buffsize = 2048; {Buffer size of each data} varbmpstream: tmemorystream; Leftsize: longint; {Send every byte after each data}

Add code to Client's oncreate event: Procedure Tclient.formcreate (Sender: TOBJECT); BeginbmpStream: = TMEMORYSTREAM.CREATE; END;

Add code to Client's OnDestroy Event: Procedure Tclient.formDestroy (Sender: TOBJECT); BeginbmpStream.free;

Adding the control code for the event CUDP OnDataReceived of: procedure TClient.CUDPDataReceived (Sender: TComponent; NumberBytes: Integer; FromIP: String); varCtrlCode: array [0..29] of char; Buf: array [0..BufSize-1] of char; tmpStr: string; sendSize, LeftPos, TopPos, RightPos, BottomPos: integer; beginCUDP.ReadBuffer (CtrlCode, NumberBytes); {reading control code} if CtrlCode [0] CtrlCode [1] CtrlCode [2] Ctrlcode [3] = 'show' thenbegin {THENBEGIN {SHOW "indicates that the master has a grip instruction} if bmpstream.size = 0 THEN {No data can be sent, must be displayed into data} begintmpstr: = STRPAS (Ctrlcode); Tmpstr: = Copy (Tmpstr, 5, Length (Tmpstr) -4); Leftpos: = StrtOINT (Copy (Tmpstr, 1, POS (':', tmpstr) -1)); TMPSTR: = COPY (TMPSTR, POS (':', tmpstr) 1, Length (tmpstr) -pos (':', tmpstr)); TOPPOS: = StrtOINT (Copy (Tmpstr, 1, POS (':', tmpstr) -1 )); TMPSTR: = COPY (TmpStr, POS (':', tmpstr) 1, Length (tmpstr) -pos (':', tmpstr)); Rightpos: = Strtoint (Copy (Tmpstr, 1, POS (' : ', Tmpstr) -1)))); bottompos: = start (Copy (Tmpstr, POS (', Tmpstr) 1, Length (Tmpstr) -pos ':', tmpstr)); Screencap (Leftpos, Toppos Rightpos, Bottompos; {Intercept screen} end; if leftsize> buffsize kilselse se ndSize: = LeftSize; BmpStream.ReadBuffer (Buf, SendSize); LeftSize: = LeftSize-SendSize; if LeftSize = 0 then BmpStream.Clear; {clear stream} CUDP.RemoteHost: = FromIP; {FromIP IP address for the master} Cudp.sendbuffer (buf, sendsize); {2222 portions of the data to the master;

Wherein ScreenCap custom function, interception of the screen designated area code is as follows: procedure TClient.ScreenCap (LeftPos, TopPos, RightPos, BottomPos: integer); varRectWidth, RectHeight: integer; SourceDC, DestDC, Bhandle: integer; Bitmap: TBitmap; beginRectWidth : = RightPos-LeftPos; RectHeight: = BottomPos-TopPos; SourceDC: = CreateDC ( 'DISPLAY', '', '', nil); DestDC: = CreateCompatibleDC (SourceDC); Bhandle: = CreateCompatibleBitmap (SourceDC, RectWidth, RectHeight) ; SelectObject (DestDC, Bhandle); BitBlt (DestDC, 0,0, RectWidth, RectHeight, SourceDC, LeftPos, TopPos, SRCCOPY); Bitmap: = TBitmap.Create; Bitmap.Handle: = BHandle; BitMap.SaveToStream (BmpStream); Bmpstream.position: = 0; Leftsize: = bmpstream.size; Bitmap.Free; deletedc (DESTDC); ReleaseDC (Bhandle, Sourcedc); End; stored "C: /VClient/clnit.pas" and "C: / vclient /VClient.dpr "and compiled. Step 2, prepare a VServer.exe file. Create a new Delphi project, set the Name property of the form to "Server". Add TNMUDP control, the Name property is set to "SUDP"; the localport property is set to "2222", allows the control SUDP to monitor the 2222 port of the master, and trigger the control SUDP's OnDataReceIVed event; RemotePort property For "1111", when the control SUDP sends data, the data is sent to the 1111 port of the controlled machine. Add the control image1, the align property is set to "AlClient"; add the control button1, the CAPTION property is set to "Screen capture"; add the control Label1, the CAPTION property is set to "Left: upper: Right: Next"; join the control Edit1, the TEXT property is set to "0: 0: 100: 100"; join the control Label2, the CAPTION property is set to "Controller IP Address"; add the control EDIT2, and the Text property is set to "127.0.0.1";

Add variable definitions after IMPLEMentation const buffsize = 2048; VarrsltStream, TmpStream: TmemoryStream;

Add code to Server's oncreate event: Procedure TSERVER.FORMCREATE (Sender: Tobject); BeginRSLTSTREAM: = TMEMORYSTREAM.CREATE; TMPSTREAM: = TMEMORYSTREAM.CREATE; END;

Add code to Client's OnDestroy Event: Procedure TSERVER.FORMDESTROY (Sender: Tobject); BeginRSLTStream.Free; tmpstream.free;

Add Button1 OnClick event control code: procedure TServer.Button1Click (Sender: TObject); var ReqCode: array [0..29] of char; ReqCodeStr: string; beginReqCodeStr: = 'show' Edit1.Text; StrpCopy (ReqCode , ReqCodeStr); TmpStream.Clear; RsltStream.Clear; SUDP.RemoteHost: = Edit2.Text; SUDP.SendBuffer (ReqCode, 30); end; add the code for the control of SUDP OnDataReceived event: procedure TServer.SUDPDataReceived (Sender: TComponent; NumberBytes: Integer; FromIP: String); var ReqCode: array [0..29] of char; ReqCodeStr: string; beginReqCodeStr: = 'show' Edit1.text; StrpCopy (ReqCode, ReqCodeStr); SUDP.ReadStream (TmpStream) ; RsltStream.CopyFrom (TmpStream, NumberBytes); if NumberBytes

Save "C: /VServer/svrunit.pas" and "C: /VServer/vser.dpr" and compiled. ---- Fourth, test.

1. Local test: Run Vserver.exe and vclient.exe simultaneously, using the default settings of the program, screen capture can be implemented. View "Control Panel" - "Network" - "TCP / IP" - "IP Address", set the "Customer IP Address" of the program to this address, which is equally normal.

2, remote test: choose a controller, run vclient.exe; choose one master machine, run VServer.exe, set "controlled machine IP address", the contents of Edit2 is set to the IP address of the controlled machine , "Screen capture". The above is briefly introduced the implementation method of the remote screen, as for monitoring multiple controlled machines at the same time on the main control machine, readers can improve themselves. The above procedures, in Windows98 peer, Delphi 4.0 debugging.

转载请注明原文地址:https://www.9cbs.com/read-121593.html

New Post(0)