什么是管道
通过管道控制cmd
思路大概是创建两根管道替换掉被调用程序(cmd)的标准输入和输出,控制程序在A管道中写如数据,让被调用程序从A管道管道中读入数据,而被调用程序的输出数据输出到B管道*控制程序读入。
此处有图
创建管道
SECURITY_ATTRIBUTES sa = { 0 };
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = NULL;
sa.bInheritHandle = TRUE;
HANDLE rh1, wh1, rh2, wh2;
if (!CreatePipe(&rh1, &wh1, &sa, 1024)) {//outputpipe
return false;
}
if (!CreatePipe(&rh2, &wh2, &sa, 1024)) {//input pipe
return false;
}
(*readH) = rh1;
(*writeH) = wh2;
//Creates an anonymous pipe, and returns handles to the read and write ends of the pipe.
BOOL WINAPI CreatePipe(
_Out_ PHANDLE hReadPipe,
_Out_ PHANDLE hWritePipe,
_In_opt_ LPSECURITY_ATTRIBUTES lpPipeAttributes,
_In_ DWORD nSize
);
创建进程并替换输入输出
修改si.hStdInput和si.hStdOutput
STARTUPINFOA si;
memset(&si, 0, sizeof(si));
si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
si.wShowWindow = SW_HIDE;
si.hStdInput = rh2;//rh2
si.hStdOutput = wh1;//wh1
si.hStdError = wh1;
if (!CreateProcessWithDllA(NULL, "C:\\Users\\hasee\\Desktop\\tellnet\\telnet.exe", NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS|CREATE_NEW_CONSOLE, NULL, NULL, &si, pi)) {
cout << "CreateProcess error!" << endl;
return false;
通过管道控制
//write pipe
WriteFile(writeH, cmd, n2*2, &n, NULL);
//read pipe
PeekNamedPipe(readH, NULL, 0, NULL, &n, NULL);
ReadFile(readH, output, length, &n, NULL);
这样就可以通过控制程序控制cmd。