Skip to content

Commit

Permalink
Initial commit of vncdll from the Metasploit Framework project.
Browse files Browse the repository at this point in the history
  • Loading branch information
@rsmudge
rsmudge committed Aug 30, 2017
0 parents commit 3f1f3f1
Show file tree
Hide file tree
Showing 308 changed files with 103,611 additions and 0 deletions.
32 changes: 32 additions & 0 deletions make.bat
@@ -0,0 +1,32 @@
@ECHO OFF
IF "%VCINSTALLDIR%" == "" GOTO NEED_VS

IF "%1"=="x86" GOTO BUILD_X86
IF "%1"=="X64" GOTO BUILD_X64

ECHO "Building VNCDLL x64 and x86 (Release)"
SET PLAT=all
GOTO RUN

:BUILD_X86
ECHO "Building VNCDLL x86 (Release)"
SET PLAT=x86
GOTO RUN

:BUILD_X64
ECHO "Building VNCDLL x64 (Release)"
SET PLAT=x64
GOTO RUN

:RUN
PUSHD workspace
msbuild.exe make.msbuild /target:%PLAT%
POPD

GOTO :END

:NEED_VS
ECHO "This command must be executed from within a Visual Studio Command prompt."
ECHO "This can be found under Microsoft Visual Studio 2013 -> Visual Studio Tools"

:END
19 changes: 19 additions & 0 deletions make.msbuild
@@ -0,0 +1,19 @@
<?xml version="1.0" standalone="yes"?>
<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<SolutionPath>.\vncdll.sln</SolutionPath>
</PropertyGroup>

<Target Name="all" DependsOnTargets="x86;x64" />

<Target Name="x86">
<Message Text="Building VNCDLL x86 Release version" />
<MSBuild Projects="$(SolutionPath)" Properties="Configuration=Release;Platform=Win32" Targets="Clean;Rebuild"/>
</Target>

<Target Name="x64">
<Message Text="Building VNCDLL x64 Release version" />
<MSBuild Projects="$(SolutionPath)" Properties="Configuration=Release;Platform=x64" Targets="Clean;Rebuild"/>
</Target>
</Project>

37 changes: 37 additions & 0 deletions vncdll.sln
@@ -0,0 +1,37 @@
Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 2013
VisualStudioVersion = 12.0.21005.1
MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "winvnc", "winvnc\WinVNC.vcxproj", "{EA6A09AC-04BB-423D-8842-CA48DF901058}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "vncdll", "vncdll\vncdll.vcxproj", "{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Win32 = Debug|Win32
Debug|x64 = Debug|x64
Release|Win32 = Release|Win32
Release|x64 = Release|x64
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Debug|Win32.ActiveCfg = Debug|Win32
{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Debug|Win32.Build.0 = Debug|Win32
{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Debug|x64.ActiveCfg = Debug|x64
{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Debug|x64.Build.0 = Debug|x64
{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Release|Win32.ActiveCfg = Release|Win32
{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Release|Win32.Build.0 = Release|Win32
{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Release|x64.ActiveCfg = Release|x64
{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Release|x64.Build.0 = Release|x64
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Debug|Win32.ActiveCfg = Debug|Win32
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Debug|Win32.Build.0 = Debug|Win32
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Debug|x64.ActiveCfg = Debug|x64
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Debug|x64.Build.0 = Debug|x64
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Release|Win32.ActiveCfg = Release|Win32
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Release|Win32.Build.0 = Release|Win32
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Release|x64.ActiveCfg = Release|x64
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Release|x64.Build.0 = Release|x64
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
27 changes: 27 additions & 0 deletions vncdll/LICENSE.txt
@@ -0,0 +1,27 @@
Copyright (C) 2006-2010, Rapid7, Inc
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.

* Neither the name of Rapid7, Inc nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
273 changes: 273 additions & 0 deletions vncdll/context.c
@@ -0,0 +1,273 @@
#include "loader.h"
#include "context.h"

AGENT_CTX AgentContext = {0};

/*
*
*/
VOID context_init( VOID )
{
memset( &AgentContext, 0, sizeof(AGENT_CTX) );

AgentContext.bDisableCourtesyShell = FALSE;
AgentContext.bInit = TRUE;
AgentContext.hCloseEvent = NULL;
AgentContext.dwEncoding = 0;
AgentContext.dwCompressLevel = 6;
AgentContext.dwQualityLevel = -1;
AgentContext.bUseCopyRect = FALSE;
AgentContext.bEncodingRichCursor = FALSE;
AgentContext.bEncodingPointerPos = FALSE;
AgentContext.bEncodingLastRect = FALSE;
AgentContext.bEncodingNewfbSize = FALSE;
AgentContext.bEncodingXCursor = FALSE;

/*AgentContext.dictionaries[0] = NULL;
AgentContext.dictionaries[1] = NULL;
AgentContext.dictionaries[2] = NULL;
AgentContext.dictionaries[3] = NULL;*/

AgentContext.dwPipeName = ( GetTickCount() ^ (DWORD)&AgentContext );
}

/*
* Try to read an exact ammount of data from a pipe and return
* when either the data has been read or a failure occurs.
*/
DWORD _readexact( HANDLE hPipe, DWORD dwLength, BYTE * pBuffer )
{
DWORD dwTotal = 0;
DWORD dwRead = 0;

do
{
while( dwTotal < dwLength )
{
if( !PeekNamedPipe( hPipe, NULL, 0, NULL, &dwRead, NULL ) )
break;

if( !dwRead )
{
Sleep( 50 );
continue;
}

if( ReadFile( hPipe, (LPVOID)((LPBYTE)pBuffer + dwTotal), (dwLength - dwTotal), &dwRead, NULL ) )
dwTotal += dwRead;
}

} while( 0 );

return dwTotal;
}

/*
* A thread to pick up any messages being posted back to the loader (such as an encoder change in the stream)
*/
DWORD WINAPI context_message_thread( LPVOID lpParameter )
{
DWORD dwResult = ERROR_SUCCESS;
HANDLE hServerPipe = NULL;
BYTE * pBuffer = NULL;
char cNamedPipe[MAX_PATH] = {0};

__try
{
do
{
_snprintf_s( cNamedPipe, MAX_PATH, MAX_PATH - 1, "\\\\.\\pipe\\%08X", AgentContext.dwPipeName );

dprintf("[LOADER] loader_message_thread. cNamedPipe=%s", cNamedPipe );

hServerPipe = CreateNamedPipe( cNamedPipe, PIPE_ACCESS_INBOUND, PIPE_TYPE_BYTE|PIPE_READMODE_BYTE|PIPE_WAIT, PIPE_UNLIMITED_INSTANCES, 0, 0, 0, NULL );
if( !hServerPipe )
BREAK_ON_ERROR( "[LOADER] loader_message_thread. CreateNamedPipe failed" );

while( TRUE )
{
struct _hdr {
DWORD dwMessage;
DWORD dwLength;
} header = {0};
DWORD dwTotal = 0;

if( !ConnectNamedPipe( hServerPipe, NULL ) )
{
if( GetLastError() != ERROR_PIPE_CONNECTED )
continue;
}

dwTotal = _readexact( hServerPipe, 8, (BYTE *)&header );
if( dwTotal != sizeof( struct _hdr ) )
BREAK_WITH_ERROR( "[LOADER] loader_message_thread. _readexact header failed", ERROR_INVALID_HANDLE );

pBuffer = (BYTE *)malloc( header.dwLength );
if( !pBuffer )
BREAK_WITH_ERROR( "[LOADER] loader_message_thread. pBuffer malloc failed", ERROR_INVALID_HANDLE );

dwTotal = _readexact( hServerPipe, header.dwLength, pBuffer );
if( dwTotal != header.dwLength )
BREAK_WITH_ERROR( "[LOADER] loader_message_thread. _readexact pBuffer failed", ERROR_INVALID_HANDLE );

DisconnectNamedPipe( hServerPipe );

switch( header.dwMessage )
{
case MESSAGE_SETENCODING:
if( header.dwLength != sizeof(DWORD) )
{
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODING, not enought data (got %d bytes)", header.dwLength );
break;
}
AgentContext.dwEncoding = *(DWORD *)pBuffer;
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODING, new encoding is %d", AgentContext.dwEncoding );
break;
case MESSAGE_SETPIXELFORMAT:
if( header.dwLength != sizeof(PIXELFORMAT) )
{
dprintf("[LOADER] loader_message_thread. MESSAGE_SETPIXELFORMAT, not enought data (got %d bytes)", header.dwLength );
break;
}
memcpy( &AgentContext.PixelFormat, pBuffer, sizeof(PIXELFORMAT) );
dprintf("[LOADER] loader_message_thread. MESSAGE_SETPIXELFORMAT" );
break;
case MESSAGE_SETCOMPRESSLEVEL:
if( header.dwLength != sizeof(DWORD) )
{
dprintf("[LOADER] loader_message_thread. MESSAGE_SETCOMPRESSLEVEL, not enought data (got %d bytes)", header.dwLength );
break;
}
AgentContext.dwCompressLevel = *(DWORD *)pBuffer;
dprintf("[LOADER] loader_message_thread. MESSAGE_SETCOMPRESSLEVEL, new compress level is %d", AgentContext.dwCompressLevel );
break;
case MESSAGE_SETQUALITYLEVEL:
if( header.dwLength != sizeof(DWORD) )
{
dprintf("[LOADER] loader_message_thread. MESSAGE_SETQUALITYLEVEL, not enought data (got %d bytes)", header.dwLength );
break;
}
AgentContext.dwQualityLevel = *(DWORD *)pBuffer;
dprintf("[LOADER] loader_message_thread. MESSAGE_SETQUALITYLEVEL, new quality level is %d", AgentContext.dwQualityLevel );
break;
case MESSAGE_SETCOPYRECTUSE:
if( header.dwLength != sizeof(BOOL) )
{
dprintf("[LOADER] loader_message_thread. MESSAGE_SETCOPYRECTUSE, not enought data (got %d bytes)", header.dwLength );
break;
}
AgentContext.bUseCopyRect = *(BOOL *)pBuffer;
dprintf("[LOADER] loader_message_thread. MESSAGE_SETCOPYRECTUSE, new bUseCopyRect is %d", AgentContext.bUseCopyRect );
break;
case MESSAGE_SETENCODINGRICHCURSOR:
if( header.dwLength != sizeof(BOOL) )
{
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGRICHCURSOR, not enought data (got %d bytes)", header.dwLength );
break;
}
AgentContext.bEncodingRichCursor = *(BOOL *)pBuffer;
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGRICHCURSOR, new dwEncodingRichCursor is %d", AgentContext.bEncodingRichCursor );
break;
case MESSAGE_SETENCODINGPOINTERPOS:
if( header.dwLength != sizeof(BOOL) )
{
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGPOINTERPOS, not enought data (got %d bytes)", header.dwLength );
break;
}
AgentContext.bEncodingPointerPos = *(BOOL *)pBuffer;
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGPOINTERPOS, new dwEncodingPointerPos is %d", AgentContext.bEncodingPointerPos );
break;
case MESSAGE_SETENCODINGLASTRECT:
if( header.dwLength != sizeof(BOOL) )
{
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGLASTRECT, not enought data (got %d bytes)", header.dwLength );
break;
}
AgentContext.bEncodingLastRect = *(BOOL *)pBuffer;
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGLASTRECT, new dwEncodingLastRect is %d", AgentContext.bEncodingLastRect );
break;
case MESSAGE_SETENCODINGNEWFBSIZE:
if( header.dwLength != sizeof(BOOL) )
{
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGNEWFBSIZE, not enought data (got %d bytes)", header.dwLength );
break;
}
AgentContext.bEncodingNewfbSize = *(BOOL *)pBuffer;
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGNEWFBSIZE, new bEncodingNewfbSize is %d", AgentContext.bEncodingNewfbSize );
break;
case MESSAGE_SETENCODINGXCURSOR:
if( header.dwLength != sizeof(BOOL) )
{
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGXCURSOR, not enought data (got %d bytes)", header.dwLength );
break;
}
AgentContext.bEncodingXCursor = *(BOOL *)pBuffer;
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGXCURSOR, new bEncodingXCursor is %d", AgentContext.bEncodingXCursor );
break;
/*
case MESSAGE_SETZLIBDICTIONARY:
if( header.dwLength < sizeof(DICTMSG) )
{
dprintf("[LOADER] loader_message_thread. MESSAGE_SETZLIBDICTIONARY, not enought data (got %d bytes)", header.dwLength );
break;
}
else
{
DICTMSG * dmsg = (DICTMSG *)pBuffer;
if( dmsg->dwId > 4 )
{
dprintf("[LOADER] loader_message_thread. MESSAGE_SETZLIBDICTIONARY, invalid id (got %d)", dmsg->dwId );
break;
}
if( AgentContext.dictionaries[dmsg->dwId] )
free( AgentContext.dictionaries[dmsg->dwId] );
AgentContext.dictionaries[dmsg->dwId] = (DICTMSG *)malloc( sizeof(DICTMSG) + dmsg->dwDictLength );
if( !AgentContext.dictionaries[dmsg->dwId] )
{
dprintf("[LOADER] loader_message_thread. MESSAGE_SETZLIBDICTIONARY, malloc failed" );
break;
}
AgentContext.dictionaries[dmsg->dwId]->dwId = dmsg->dwId;
AgentContext.dictionaries[dmsg->dwId]->dwDictLength = dmsg->dwDictLength;
memcpy( &AgentContext.dictionaries[dmsg->dwId]->bDictBuffer, &dmsg->bDictBuffer, dmsg->dwDictLength );
dprintf("[LOADER] loader_message_thread. MESSAGE_SETZLIBDICTIONARY, id=%d, length=%d", dmsg->dwId, dmsg->dwDictLength );
}
break;
*/
default:
dprintf("[LOADER] loader_message_thread. Unknown message 0x%08X", header.dwMessage );
break;
}

if( pBuffer )
{
free( pBuffer );
pBuffer = NULL;
}
}

} while( 0 );
}
__except( EXCEPTION_EXECUTE_HANDLER )
{
dprintf( "[LOADER] loader_message_thread. EXCEPTION_EXECUTE_HANDLER\n\n" );
}

dprintf("[LOADER] loader_message_thread. thread finishing...");

if( hServerPipe )
{
DisconnectNamedPipe( hServerPipe );
CLOSE_HANDLE( hServerPipe );
}

if( pBuffer )
free( pBuffer );

return dwResult;
}

0 comments on commit 3f1f3f1

Please sign in to comment.