[讨论]如何获取控制台程序输出的内容
议题作者:asm信息来源:邪恶八进制信息安全团队
要下之前提个问题。比如一些控制台程序,netstat.exe ,执行 netstat -an之后,它会输出:
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3077 0.0.0.0:0 LISTENING
TCP 192.168.3.133:139 0.0.0.0:0 LISTENING
TCP 192.168.3.133:1028 192.168.3.251:3260 ESTABLISHED
TCP 192.168.3.133:1266 219.133.49.80:443 CLOSE_WAIT
TCP 192.168.3.133:2327 221.238.196.29:80 CLOSE_WAIT
TCP 192.168.3.133:2759 219.133.60.243:8000 CLOSE_WAIT
TCP 192.168.3.133:4693 219.133.49.80:443 CLOSE_WAIT
TCP 192.168.3.133:4778 219.133.38.247:443 ESTABLISHED
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:1260 *:*
UDP 0.0.0.0:1971 *:*
现在,要利用编程的手段能否把上面的数据接收并且保存到一个缓冲区? 1、 先将输出保存到一个文件里面system(netstat -an>c:\port.txt);
2、再用CreateFile()函数来打开这个文件,再用ReadFile()函数读取文件句柄内容到一个字符缓冲区当中?
不知道能不能解决你的问题? [s:265] 俺用管道解决了。
.386
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
includelib kernel32.lib
include user32.inc
includelib user32.lib
.data
szCommandLine byte 'C:\windows\system32\cmd.exe', 0
.code
_Client proc
local sat:SECURITY_ATTRIBUTES
local hiRead:dword
local hoRead:dword
local hiWrite:dword
local hoWrite:dword
local startupinfo:STARTUPINFO
local processinfo:PROCESS_INFORMATION
local buffer[1024]:byte
local bytes:dword
local available:dword
mov sat.nLength, sizeof SECURITY_ATTRIBUTES
mov sat.lpSecurityDescriptor, 0
mov sat.bInheritHandle, TRUE
invoke CreatePipe, addr hiRead, addr hiWrite, addr sat, 0
invoke CreatePipe, addr hoRead, addr hoWrite, addr sat, 0
invoke GetStartupInfo, addr startupinfo
mov startupinfo.cb, sizeof STARTUPINFO
mov eax, hoWrite
mov startupinfo.hStdOutput, eax
mov startupinfo.hStdError, eax
mov eax, hiRead
mov startupinfo.hStdInput, eax
mov startupinfo.dwFlags, STARTF_USESHOWWINDOW + STARTF_USESTDHANDLES
mov startupinfo.wShowWindow, SW_HIDE
invoke CreateProcess, 0, addr szCommandLine, 0, 0, TRUE, CREATE_NEW_CONSOLE, 0, 0, addr startupinfo, addr processinfo
invoke CloseHandle, hiRead
invoke PeekNamedPipe, hoRead, addr buffer, 1024, addr bytes, addr available, 0
invoke ReadFile, hoRead, addr buffer, 1024, addr bytes, 0
invoke MessageBox, 0, addr buffer,0,MB_ICONINFORMATION
invoke CloseHandle, hiWrite
invoke CloseHandle, hoRead
ret
_Client endp
start:
call _Client
invoke ExitProcess, 0
end start
页:
[1]