admin/SimpleRemoter
1
0
Fork 0
mirror of https://github.com/yuanyuanxiang/SimpleRemoter.git synced 2026-01-22 07:14:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Feature: Support upload/download executable file and run it

Browse Source
This commit is contained in:
shaun
2025-12-17 15:54:50 +01:00
committed by yuanyuanxiang
parent d3fb4862b9
commit b4687bb1a2
11 changed files with 254 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
client/SessionMonitor.c
View File

@@ -1,17 +1,17 @@
#include "SessionMonitor.h"
#include "SessionMonitor.h"
#include <stdio.h>
#include <tlhelp32.h>
#include <userenv.h>
#pragma comment(lib, "userenv.lib")
// <EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 动态数组初始容量
#define INITIAL_CAPACITY 4
#define Mprintf(format, ...) MyLog(__FILE__, __LINE__, format, __VA_ARGS__)
extern void MyLog(const char* file, int line, const char* format, ...);
// ǰ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 前向声明
static DWORD WINAPI MonitorThreadProc(LPVOID param);
static void MonitorLoop(SessionMonitor* self);
static BOOL LaunchAgentInSession(SessionMonitor* self, DWORD sessionId);
@@ -19,14 +19,14 @@ static BOOL IsAgentRunningInSession(SessionMonitor* self, DWORD sessionId);
static void TerminateAllAgents(SessionMonitor* self);
static void CleanupDeadProcesses(SessionMonitor* self);
// <EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 动态数组辅助函数
static void AgentArray_Init(AgentProcessArray* arr);
static void AgentArray_Free(AgentProcessArray* arr);
static BOOL AgentArray_Add(AgentProcessArray* arr, const AgentProcessInfo* info);
static void AgentArray_RemoveAt(AgentProcessArray* arr, size_t index);
// ============================================
// <EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʵ<EFBFBD><EFBFBD>
// 动态数组实现
// ============================================
static void AgentArray_Init(AgentProcessArray* arr)
@@ -51,7 +51,7 @@ static BOOL AgentArray_Add(AgentProcessArray* arr, const AgentProcessInfo* info)
size_t newCapacity;
AgentProcessInfo* newItems;
// <EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 需要扩容
if (arr->count >= arr->capacity) {
newCapacity = arr->capacity == 0 ? INITIAL_CAPACITY : arr->capacity * 2;
newItems = (AgentProcessInfo*)realloc(
@@ -76,7 +76,7 @@ static void AgentArray_RemoveAt(AgentProcessArray* arr, size_t index)
return;
}
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ԫ<EFBFBD><EFBFBD>ǰ<EFBFBD><EFBFBD>
// 将后面的元素前移
for (i = index; i < arr->count - 1; i++) {
arr->items[i] = arr->items[i + 1];
}
@@ -84,7 +84,7 @@ static void AgentArray_RemoveAt(AgentProcessArray* arr, size_t index)
}
// ============================================
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ӿ<EFBFBD>ʵ<EFBFBD><EFBFBD>
// 公开接口实现
// ============================================
void SessionMonitor_Init(SessionMonitor* self)
@@ -140,7 +140,7 @@ void SessionMonitor_Stop(SessionMonitor* self)
self->monitorThread = NULL;
}
// <EFBFBD><EFBFBD>ֹ<EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 终止所有代理进程
Mprintf("Terminating all agent processes...");
TerminateAllAgents(self);
@@ -149,7 +149,7 @@ void SessionMonitor_Stop(SessionMonitor* self)
}
// ============================================
// <EFBFBD>ڲ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʵ<EFBFBD><EFBFBD>
// 内部函数实现
// ============================================
static DWORD WINAPI MonitorThreadProc(LPVOID param)
@@ -175,10 +175,10 @@ static void MonitorLoop(SessionMonitor* self)
while (self->running) {
loopCount++;
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֹ<EFBFBD>Ľ<EFBFBD><EFBFBD><EFBFBD>
// 清理已终止的进程
CleanupDeadProcesses(self);
// ö<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>лỰ
// 枚举所有会话
pSessionInfo = NULL;
dwCount = 0;
@@ -192,7 +192,7 @@ static void MonitorLoop(SessionMonitor* self)
sessionId = pSessionInfo[i].SessionId;
foundActiveSession = TRUE;
// <EFBFBD><EFBFBD>¼<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿ5<EFBFBD><EFBFBD>ѭ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼һ<EFBFBD>Σ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><EFBFBD>
// 记录活动会话每5次循环记录一次避免日志过多
if (loopCount % 5 == 1) {
sprintf(buf, "Active session found: ID=%d, Name=%s",
(int)sessionId,
@@ -200,21 +200,21 @@ static void MonitorLoop(SessionMonitor* self)
Mprintf(buf);
}
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD>ڸûỰ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 检查代理是否在该会话中运行
if (!IsAgentRunningInSession(self, sessionId)) {
sprintf(buf, "Agent not running in session %d, launching...", (int)sessionId);
Mprintf(buf);
if (LaunchAgentInSession(self, sessionId)) {
Mprintf("Agent launched successfully");
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һЩʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 给进程一些时间启动
Sleep(2000);
} else {
Mprintf("Failed to launch agent");
}
}
// ֻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 只处理第一个活动会话
break;
}
}
@@ -230,7 +230,7 @@ static void MonitorLoop(SessionMonitor* self)
}
}
// ÿ10<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD>
// 10秒检查一次
for (j = 0; j < 100 && self->running; j++) {
Sleep(100);
}
@@ -249,14 +249,14 @@ static BOOL IsAgentRunningInSession(SessionMonitor* self, DWORD sessionId)
BOOL found = FALSE;
DWORD procSessionId;
(void)self; // δʹ<EFBFBD><EFBFBD>
(void)self; // 未使用
// <EFBFBD><EFBFBD>ȡ<EFBFBD><EFBFBD>ǰ<EFBFBD><EFBFBD><EFBFBD>̵<EFBFBD> exe <EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 获取当前进程的 exe 名称
if (!GetModuleFileName(NULL, currentExeName, MAX_PATH)) {
return FALSE;
}
// <EFBFBD><EFBFBD>ȡ<EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 获取文件名(不含路径)
pFileName = strrchr(currentExeName, '\\');
if (pFileName) {
pFileName++;
@@ -264,10 +264,10 @@ static BOOL IsAgentRunningInSession(SessionMonitor* self, DWORD sessionId)
pFileName = currentExeName;
}
// <EFBFBD><EFBFBD>ȡ<EFBFBD><EFBFBD>ǰ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̵<EFBFBD> PID
// 获取当前服务进程的 PID
currentPID = GetCurrentProcessId();
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̿<EFBFBD><EFBFBD><EFBFBD>
// 创建进程快照
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot == INVALID_HANDLE_VALUE) {
Mprintf("CreateToolhelp32Snapshot failed");
@@ -278,17 +278,17 @@ static BOOL IsAgentRunningInSession(SessionMonitor* self, DWORD sessionId)
if (Process32First(hSnapshot, &pe32)) {
do {
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͬ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> exe<EFBFBD><EFBFBD>ghost.exe<EFBFBD><EFBFBD>
// 查找同名的 exeghost.exe
if (_stricmp(pe32.szExeFile, pFileName) == 0) {
// <EFBFBD>ų<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Լ<EFBFBD>
// 排除服务进程自己
if (pe32.th32ProcessID == currentPID) {
continue;
}
// <EFBFBD><EFBFBD>ȡ<EFBFBD><EFBFBD><EFBFBD>̵ĻỰID
// 获取进程的会话ID
if (ProcessIdToSessionId(pe32.th32ProcessID, &procSessionId)) {
if (procSessionId == sessionId) {
// <EFBFBD>ҵ<EFBFBD><EFBFBD>ˣ<EFBFBD>ͬ<EFBFBD><EFBFBD> exe<78><65><EFBFBD><EFBFBD>ͬ PID<49><44><EFBFBD><EFBFBD>Ŀ<EFBFBD><C4BF><EFBFBD><EFBFBD><E1BBB0>
// 找到了:同名 exe不同 PID在目标会话中
found = TRUE;
break;
}
@@ -301,7 +301,7 @@ static BOOL IsAgentRunningInSession(SessionMonitor* self, DWORD sessionId)
return found;
}
// <EFBFBD><EFBFBD>ֹ<EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 终止所有代理进程
static void TerminateAllAgents(SessionMonitor* self)
{
char buf[256];
@@ -321,17 +321,17 @@ static void TerminateAllAgents(SessionMonitor* self)
(int)info->processId, (int)info->sessionId);
Mprintf(buf);
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 检查进程是否还在运行
if (GetExitCodeProcess(info->hProcess, &exitCode)) {
if (exitCode == STILL_ACTIVE) {
// <EFBFBD><EFBFBD><EFBFBD>̻<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD><EFBFBD><EFBFBD>ֹ
// 进程还在运行,终止
if (!TerminateProcess(info->hProcess, 0)) {
sprintf(buf, "WARNING: Failed to terminate PID=%d, error=%d",
(int)info->processId, (int)GetLastError());
Mprintf(buf);
} else {
Mprintf("Agent terminated successfully");
// <EFBFBD>ȴ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ<EFBFBD>˳<EFBFBD>
// 等待进程完全退出
WaitForSingleObject(info->hProcess, 5000);
}
} else {
@@ -344,13 +344,13 @@ static void TerminateAllAgents(SessionMonitor* self)
CloseHandle(info->hProcess);
}
self->agentProcesses.count = 0; // <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
self->agentProcesses.count = 0; // 清空数组
LeaveCriticalSection(&self->csProcessList);
Mprintf("All agents terminated");
}
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ѿ<EFBFBD><EFBFBD><EFBFBD>ֹ<EFBFBD>Ľ<EFBFBD><EFBFBD><EFBFBD>
// 清理已经终止的进程
static void CleanupDeadProcesses(SessionMonitor* self)
{
size_t i;
@@ -366,17 +366,17 @@ static void CleanupDeadProcesses(SessionMonitor* self)
if (GetExitCodeProcess(info->hProcess, &exitCode)) {
if (exitCode != STILL_ACTIVE) {
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˳<EFBFBD>
// 进程已退出
sprintf(buf, "Agent PID=%d exited with code %d, cleaning up",
(int)info->processId, (int)exitCode);
Mprintf(buf);
CloseHandle(info->hProcess);
AgentArray_RemoveAt(&self->agentProcesses, i);
continue; // <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> i<><69><EFBFBD><EFBFBD>Ϊɾ<CEAA><C9BE><EFBFBD><EFBFBD>Ԫ<EFBFBD><D4AA>
continue; // 不增加 i因为删除了元素
}
} else {
// <EFBFBD>޷<EFBFBD><EFBFBD><EFBFBD>ȡ<EFBFBD>˳<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܽ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ѳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 无法获取退出代码,可能进程已不存在
sprintf(buf, "Cannot query agent PID=%d, removing from list",
(int)info->processId);
Mprintf(buf);
@@ -415,16 +415,16 @@ static BOOL LaunchAgentInSession(SessionMonitor* self, DWORD sessionId)
Mprintf(buf);
si.cb = sizeof(STARTUPINFO);
si.lpDesktop = (LPSTR)"winsta0\\default"; // <EFBFBD>ؼ<EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
si.lpDesktop = (LPSTR)"winsta0\\default"; // 关键:指定桌面
// <EFBFBD><EFBFBD>ȡ<EFBFBD><EFBFBD>ǰ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̵<EFBFBD> SYSTEM <EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 获取当前服务进程的 SYSTEM 令牌
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE | TOKEN_QUERY, &hToken)) {
sprintf(buf, "OpenProcessToken failed: %d", (int)GetLastError());
Mprintf(buf);
return FALSE;
}
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڴ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̵<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 复制为可用于创建进程的主令牌
if (!DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL,
SecurityImpersonation, TokenPrimary, &hDupToken)) {
sprintf(buf, "DuplicateTokenEx failed: %d", (int)GetLastError());
@@ -433,7 +433,7 @@ static BOOL LaunchAgentInSession(SessionMonitor* self, DWORD sessionId)
return FALSE;
}
// <EFBFBD>޸<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƵĻỰ ID ΪĿ<CEAA><C4BF><EFBFBD>û<EFBFBD><C3BB>
// 修改令牌的会话 ID 为目标用户会话
if (!SetTokenInformation(hDupToken, TokenSessionId, &sessionId, sizeof(sessionId))) {
sprintf(buf, "SetTokenInformation failed: %d", (int)GetLastError());
Mprintf(buf);
@@ -444,7 +444,7 @@ static BOOL LaunchAgentInSession(SessionMonitor* self, DWORD sessionId)
Mprintf("Token duplicated");
// <EFBFBD><EFBFBD>ȡ<EFBFBD><EFBFBD>ǰ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Լ<EFBFBD><EFBFBD><EFBFBD>
// 获取当前进程路径(启动自己)
if (!GetModuleFileName(NULL, exePath, MAX_PATH)) {
Mprintf("GetModuleFileName failed");
CloseHandle(hDupToken);
@@ -455,7 +455,7 @@ static BOOL LaunchAgentInSession(SessionMonitor* self, DWORD sessionId)
sprintf(buf, "Service path: %s", exePath);
Mprintf(buf);
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 检查文件是否存在
fileAttr = GetFileAttributes(exePath);
if (fileAttr == INVALID_FILE_ATTRIBUTES) {
sprintf(buf, "ERROR: Executable not found at: %s", exePath);
@@ -465,19 +465,19 @@ static BOOL LaunchAgentInSession(SessionMonitor* self, DWORD sessionId)
return FALSE;
}
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD>ͬһ<EFBFBD><EFBFBD> exe<78><65> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> -agent <EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 构建命令行:同一个 exe 但带上 -agent 参数
sprintf(cmdLine, "\"%s\" -agent", exePath);
sprintf(buf, "Command line: %s", cmdLine);
Mprintf(buf);
// <EFBFBD><EFBFBD>ȡ<EFBFBD>û<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 获取用户令牌用于环境变量
if (!WTSQueryUserToken(sessionId, &hUserToken)) {
sprintf(buf, "WTSQueryUserToken failed: %d", (int)GetLastError());
Mprintf(buf);
}
// ʹ<EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƴ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 使用用户令牌创建环境块
if (hUserToken) {
if (!CreateEnvironmentBlock(&lpEnvironment, hUserToken, FALSE)) {
Mprintf("CreateEnvironmentBlock failed");
@@ -485,17 +485,17 @@ static BOOL LaunchAgentInSession(SessionMonitor* self, DWORD sessionId)
CloseHandle(hUserToken);
}
// <EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
// 在用户会话中创建进程
result = CreateProcessAsUser(
hDupToken,
NULL, // Ӧ<EFBFBD>ó<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
cmdLine, // <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>в<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ghost.exe -agent
NULL, // <EFBFBD><EFBFBD><EFBFBD>̰<EFBFBD>ȫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
NULL, // <EFBFBD>̰߳<EFBFBD>ȫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
FALSE, // <EFBFBD><EFBFBD><EFBFBD>̳о<EFBFBD><EFBFBD><EFBFBD>
NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW | CREATE_UNICODE_ENVIRONMENT, // <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־
lpEnvironment, // <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
NULL, // <EFBFBD><EFBFBD>ǰĿ¼
NULL, // 应用程序名(在命令行中解析)
cmdLine, // 命令行参数:ghost.exe -agent
NULL, // 进程安全属性
NULL, // 线程安全属性
FALSE, // 不继承句柄
NORMAL_PRIORITY_CLASS | CREATE_NO_WINDOW | CREATE_UNICODE_ENVIRONMENT, // 创建标志
lpEnvironment, // 环境变量
NULL, // 当前目录
&si,
&pi
);
@@ -508,21 +508,21 @@ static BOOL LaunchAgentInSession(SessionMonitor* self, DWORD sessionId)
sprintf(buf, "SUCCESS: Agent process created (PID=%d)", (int)pi.dwProcessId);
Mprintf(buf);
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD>ֹͣʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֹ<EFBFBD><EFBFBD>
// 保存进程信息,以便停止时可以终止它
EnterCriticalSection(&self->csProcessList);
info.processId = pi.dwProcessId;
info.sessionId = sessionId;
info.hProcess = pi.hProcess; // <EFBFBD><EFBFBD><EFBFBD>رվ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ں<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֹ
info.hProcess = pi.hProcess; // 不关闭句柄,保留用于后续终止
AgentArray_Add(&self->agentProcesses, &info);
LeaveCriticalSection(&self->csProcessList);
CloseHandle(pi.hThread); // <EFBFBD>߳̾<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Թر<EFBFBD>
CloseHandle(pi.hThread); // 线程句柄可以关闭
} else {
err = GetLastError();
sprintf(buf, "CreateProcessAsUser failed: %d", (int)err);
Mprintf(buf);
// <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϸ<EFBFBD>Ĵ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
// 提供更详细的错误信息
if (err == ERROR_FILE_NOT_FOUND) {
Mprintf("ERROR: agent executable file not found");
} else if (err == ERROR_ACCESS_DENIED) {