Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initial commit of vncdll from the Metasploit Framework project.
- Loading branch information
0 parents
commit 3f1f3f1
Showing
308 changed files
with
103,611 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
@ECHO OFF | ||
IF "%VCINSTALLDIR%" == "" GOTO NEED_VS | ||
|
||
IF "%1"=="x86" GOTO BUILD_X86 | ||
IF "%1"=="X64" GOTO BUILD_X64 | ||
|
||
ECHO "Building VNCDLL x64 and x86 (Release)" | ||
SET PLAT=all | ||
GOTO RUN | ||
|
||
:BUILD_X86 | ||
ECHO "Building VNCDLL x86 (Release)" | ||
SET PLAT=x86 | ||
GOTO RUN | ||
|
||
:BUILD_X64 | ||
ECHO "Building VNCDLL x64 (Release)" | ||
SET PLAT=x64 | ||
GOTO RUN | ||
|
||
:RUN | ||
PUSHD workspace | ||
msbuild.exe make.msbuild /target:%PLAT% | ||
POPD | ||
|
||
GOTO :END | ||
|
||
:NEED_VS | ||
ECHO "This command must be executed from within a Visual Studio Command prompt." | ||
ECHO "This can be found under Microsoft Visual Studio 2013 -> Visual Studio Tools" | ||
|
||
:END |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
<?xml version="1.0" standalone="yes"?> | ||
<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | ||
<PropertyGroup> | ||
<SolutionPath>.\vncdll.sln</SolutionPath> | ||
</PropertyGroup> | ||
|
||
<Target Name="all" DependsOnTargets="x86;x64" /> | ||
|
||
<Target Name="x86"> | ||
<Message Text="Building VNCDLL x86 Release version" /> | ||
<MSBuild Projects="$(SolutionPath)" Properties="Configuration=Release;Platform=Win32" Targets="Clean;Rebuild"/> | ||
</Target> | ||
|
||
<Target Name="x64"> | ||
<Message Text="Building VNCDLL x64 Release version" /> | ||
<MSBuild Projects="$(SolutionPath)" Properties="Configuration=Release;Platform=x64" Targets="Clean;Rebuild"/> | ||
</Target> | ||
</Project> | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
Microsoft Visual Studio Solution File, Format Version 12.00 | ||
# Visual Studio 2013 | ||
VisualStudioVersion = 12.0.21005.1 | ||
MinimumVisualStudioVersion = 10.0.40219.1 | ||
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "winvnc", "winvnc\WinVNC.vcxproj", "{EA6A09AC-04BB-423D-8842-CA48DF901058}" | ||
EndProject | ||
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "vncdll", "vncdll\vncdll.vcxproj", "{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}" | ||
EndProject | ||
Global | ||
GlobalSection(SolutionConfigurationPlatforms) = preSolution | ||
Debug|Win32 = Debug|Win32 | ||
Debug|x64 = Debug|x64 | ||
Release|Win32 = Release|Win32 | ||
Release|x64 = Release|x64 | ||
EndGlobalSection | ||
GlobalSection(ProjectConfigurationPlatforms) = postSolution | ||
{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Debug|Win32.ActiveCfg = Debug|Win32 | ||
{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Debug|Win32.Build.0 = Debug|Win32 | ||
{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Debug|x64.ActiveCfg = Debug|x64 | ||
{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Debug|x64.Build.0 = Debug|x64 | ||
{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Release|Win32.ActiveCfg = Release|Win32 | ||
{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Release|Win32.Build.0 = Release|Win32 | ||
{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Release|x64.ActiveCfg = Release|x64 | ||
{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Release|x64.Build.0 = Release|x64 | ||
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Debug|Win32.ActiveCfg = Debug|Win32 | ||
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Debug|Win32.Build.0 = Debug|Win32 | ||
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Debug|x64.ActiveCfg = Debug|x64 | ||
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Debug|x64.Build.0 = Debug|x64 | ||
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Release|Win32.ActiveCfg = Release|Win32 | ||
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Release|Win32.Build.0 = Release|Win32 | ||
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Release|x64.ActiveCfg = Release|x64 | ||
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Release|x64.Build.0 = Release|x64 | ||
EndGlobalSection | ||
GlobalSection(SolutionProperties) = preSolution | ||
HideSolutionNode = FALSE | ||
EndGlobalSection | ||
EndGlobal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
Copyright (C) 2006-2010, Rapid7, Inc | ||
All rights reserved. | ||
|
||
Redistribution and use in source and binary forms, with or without modification, | ||
are permitted provided that the following conditions are met: | ||
|
||
* Redistributions of source code must retain the above copyright notice, | ||
this list of conditions and the following disclaimer. | ||
|
||
* Redistributions in binary form must reproduce the above copyright notice, | ||
this list of conditions and the following disclaimer in the documentation | ||
and/or other materials provided with the distribution. | ||
|
||
* Neither the name of Rapid7, Inc nor the names of its contributors | ||
may be used to endorse or promote products derived from this software | ||
without specific prior written permission. | ||
|
||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | ||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR | ||
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | ||
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON | ||
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS | ||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,273 @@ | ||
#include "loader.h" | ||
#include "context.h" | ||
|
||
AGENT_CTX AgentContext = {0}; | ||
|
||
/* | ||
* | ||
*/ | ||
VOID context_init( VOID ) | ||
{ | ||
memset( &AgentContext, 0, sizeof(AGENT_CTX) ); | ||
|
||
AgentContext.bDisableCourtesyShell = FALSE; | ||
AgentContext.bInit = TRUE; | ||
AgentContext.hCloseEvent = NULL; | ||
AgentContext.dwEncoding = 0; | ||
AgentContext.dwCompressLevel = 6; | ||
AgentContext.dwQualityLevel = -1; | ||
AgentContext.bUseCopyRect = FALSE; | ||
AgentContext.bEncodingRichCursor = FALSE; | ||
AgentContext.bEncodingPointerPos = FALSE; | ||
AgentContext.bEncodingLastRect = FALSE; | ||
AgentContext.bEncodingNewfbSize = FALSE; | ||
AgentContext.bEncodingXCursor = FALSE; | ||
|
||
/*AgentContext.dictionaries[0] = NULL; | ||
AgentContext.dictionaries[1] = NULL; | ||
AgentContext.dictionaries[2] = NULL; | ||
AgentContext.dictionaries[3] = NULL;*/ | ||
|
||
AgentContext.dwPipeName = ( GetTickCount() ^ (DWORD)&AgentContext ); | ||
} | ||
|
||
/* | ||
* Try to read an exact ammount of data from a pipe and return | ||
* when either the data has been read or a failure occurs. | ||
*/ | ||
DWORD _readexact( HANDLE hPipe, DWORD dwLength, BYTE * pBuffer ) | ||
{ | ||
DWORD dwTotal = 0; | ||
DWORD dwRead = 0; | ||
|
||
do | ||
{ | ||
while( dwTotal < dwLength ) | ||
{ | ||
if( !PeekNamedPipe( hPipe, NULL, 0, NULL, &dwRead, NULL ) ) | ||
break; | ||
|
||
if( !dwRead ) | ||
{ | ||
Sleep( 50 ); | ||
continue; | ||
} | ||
|
||
if( ReadFile( hPipe, (LPVOID)((LPBYTE)pBuffer + dwTotal), (dwLength - dwTotal), &dwRead, NULL ) ) | ||
dwTotal += dwRead; | ||
} | ||
|
||
} while( 0 ); | ||
|
||
return dwTotal; | ||
} | ||
|
||
/* | ||
* A thread to pick up any messages being posted back to the loader (such as an encoder change in the stream) | ||
*/ | ||
DWORD WINAPI context_message_thread( LPVOID lpParameter ) | ||
{ | ||
DWORD dwResult = ERROR_SUCCESS; | ||
HANDLE hServerPipe = NULL; | ||
BYTE * pBuffer = NULL; | ||
char cNamedPipe[MAX_PATH] = {0}; | ||
|
||
__try | ||
{ | ||
do | ||
{ | ||
_snprintf_s( cNamedPipe, MAX_PATH, MAX_PATH - 1, "\\\\.\\pipe\\%08X", AgentContext.dwPipeName ); | ||
|
||
dprintf("[LOADER] loader_message_thread. cNamedPipe=%s", cNamedPipe ); | ||
|
||
hServerPipe = CreateNamedPipe( cNamedPipe, PIPE_ACCESS_INBOUND, PIPE_TYPE_BYTE|PIPE_READMODE_BYTE|PIPE_WAIT, PIPE_UNLIMITED_INSTANCES, 0, 0, 0, NULL ); | ||
if( !hServerPipe ) | ||
BREAK_ON_ERROR( "[LOADER] loader_message_thread. CreateNamedPipe failed" ); | ||
|
||
while( TRUE ) | ||
{ | ||
struct _hdr { | ||
DWORD dwMessage; | ||
DWORD dwLength; | ||
} header = {0}; | ||
DWORD dwTotal = 0; | ||
|
||
if( !ConnectNamedPipe( hServerPipe, NULL ) ) | ||
{ | ||
if( GetLastError() != ERROR_PIPE_CONNECTED ) | ||
continue; | ||
} | ||
|
||
dwTotal = _readexact( hServerPipe, 8, (BYTE *)&header ); | ||
if( dwTotal != sizeof( struct _hdr ) ) | ||
BREAK_WITH_ERROR( "[LOADER] loader_message_thread. _readexact header failed", ERROR_INVALID_HANDLE ); | ||
|
||
pBuffer = (BYTE *)malloc( header.dwLength ); | ||
if( !pBuffer ) | ||
BREAK_WITH_ERROR( "[LOADER] loader_message_thread. pBuffer malloc failed", ERROR_INVALID_HANDLE ); | ||
|
||
dwTotal = _readexact( hServerPipe, header.dwLength, pBuffer ); | ||
if( dwTotal != header.dwLength ) | ||
BREAK_WITH_ERROR( "[LOADER] loader_message_thread. _readexact pBuffer failed", ERROR_INVALID_HANDLE ); | ||
|
||
DisconnectNamedPipe( hServerPipe ); | ||
|
||
switch( header.dwMessage ) | ||
{ | ||
case MESSAGE_SETENCODING: | ||
if( header.dwLength != sizeof(DWORD) ) | ||
{ | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODING, not enought data (got %d bytes)", header.dwLength ); | ||
break; | ||
} | ||
AgentContext.dwEncoding = *(DWORD *)pBuffer; | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODING, new encoding is %d", AgentContext.dwEncoding ); | ||
break; | ||
case MESSAGE_SETPIXELFORMAT: | ||
if( header.dwLength != sizeof(PIXELFORMAT) ) | ||
{ | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETPIXELFORMAT, not enought data (got %d bytes)", header.dwLength ); | ||
break; | ||
} | ||
memcpy( &AgentContext.PixelFormat, pBuffer, sizeof(PIXELFORMAT) ); | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETPIXELFORMAT" ); | ||
break; | ||
case MESSAGE_SETCOMPRESSLEVEL: | ||
if( header.dwLength != sizeof(DWORD) ) | ||
{ | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETCOMPRESSLEVEL, not enought data (got %d bytes)", header.dwLength ); | ||
break; | ||
} | ||
AgentContext.dwCompressLevel = *(DWORD *)pBuffer; | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETCOMPRESSLEVEL, new compress level is %d", AgentContext.dwCompressLevel ); | ||
break; | ||
case MESSAGE_SETQUALITYLEVEL: | ||
if( header.dwLength != sizeof(DWORD) ) | ||
{ | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETQUALITYLEVEL, not enought data (got %d bytes)", header.dwLength ); | ||
break; | ||
} | ||
AgentContext.dwQualityLevel = *(DWORD *)pBuffer; | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETQUALITYLEVEL, new quality level is %d", AgentContext.dwQualityLevel ); | ||
break; | ||
case MESSAGE_SETCOPYRECTUSE: | ||
if( header.dwLength != sizeof(BOOL) ) | ||
{ | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETCOPYRECTUSE, not enought data (got %d bytes)", header.dwLength ); | ||
break; | ||
} | ||
AgentContext.bUseCopyRect = *(BOOL *)pBuffer; | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETCOPYRECTUSE, new bUseCopyRect is %d", AgentContext.bUseCopyRect ); | ||
break; | ||
case MESSAGE_SETENCODINGRICHCURSOR: | ||
if( header.dwLength != sizeof(BOOL) ) | ||
{ | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGRICHCURSOR, not enought data (got %d bytes)", header.dwLength ); | ||
break; | ||
} | ||
AgentContext.bEncodingRichCursor = *(BOOL *)pBuffer; | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGRICHCURSOR, new dwEncodingRichCursor is %d", AgentContext.bEncodingRichCursor ); | ||
break; | ||
case MESSAGE_SETENCODINGPOINTERPOS: | ||
if( header.dwLength != sizeof(BOOL) ) | ||
{ | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGPOINTERPOS, not enought data (got %d bytes)", header.dwLength ); | ||
break; | ||
} | ||
AgentContext.bEncodingPointerPos = *(BOOL *)pBuffer; | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGPOINTERPOS, new dwEncodingPointerPos is %d", AgentContext.bEncodingPointerPos ); | ||
break; | ||
case MESSAGE_SETENCODINGLASTRECT: | ||
if( header.dwLength != sizeof(BOOL) ) | ||
{ | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGLASTRECT, not enought data (got %d bytes)", header.dwLength ); | ||
break; | ||
} | ||
AgentContext.bEncodingLastRect = *(BOOL *)pBuffer; | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGLASTRECT, new dwEncodingLastRect is %d", AgentContext.bEncodingLastRect ); | ||
break; | ||
case MESSAGE_SETENCODINGNEWFBSIZE: | ||
if( header.dwLength != sizeof(BOOL) ) | ||
{ | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGNEWFBSIZE, not enought data (got %d bytes)", header.dwLength ); | ||
break; | ||
} | ||
AgentContext.bEncodingNewfbSize = *(BOOL *)pBuffer; | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGNEWFBSIZE, new bEncodingNewfbSize is %d", AgentContext.bEncodingNewfbSize ); | ||
break; | ||
case MESSAGE_SETENCODINGXCURSOR: | ||
if( header.dwLength != sizeof(BOOL) ) | ||
{ | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGXCURSOR, not enought data (got %d bytes)", header.dwLength ); | ||
break; | ||
} | ||
AgentContext.bEncodingXCursor = *(BOOL *)pBuffer; | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETENCODINGXCURSOR, new bEncodingXCursor is %d", AgentContext.bEncodingXCursor ); | ||
break; | ||
/* | ||
case MESSAGE_SETZLIBDICTIONARY: | ||
if( header.dwLength < sizeof(DICTMSG) ) | ||
{ | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETZLIBDICTIONARY, not enought data (got %d bytes)", header.dwLength ); | ||
break; | ||
} | ||
else | ||
{ | ||
DICTMSG * dmsg = (DICTMSG *)pBuffer; | ||
if( dmsg->dwId > 4 ) | ||
{ | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETZLIBDICTIONARY, invalid id (got %d)", dmsg->dwId ); | ||
break; | ||
} | ||
if( AgentContext.dictionaries[dmsg->dwId] ) | ||
free( AgentContext.dictionaries[dmsg->dwId] ); | ||
AgentContext.dictionaries[dmsg->dwId] = (DICTMSG *)malloc( sizeof(DICTMSG) + dmsg->dwDictLength ); | ||
if( !AgentContext.dictionaries[dmsg->dwId] ) | ||
{ | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETZLIBDICTIONARY, malloc failed" ); | ||
break; | ||
} | ||
AgentContext.dictionaries[dmsg->dwId]->dwId = dmsg->dwId; | ||
AgentContext.dictionaries[dmsg->dwId]->dwDictLength = dmsg->dwDictLength; | ||
memcpy( &AgentContext.dictionaries[dmsg->dwId]->bDictBuffer, &dmsg->bDictBuffer, dmsg->dwDictLength ); | ||
dprintf("[LOADER] loader_message_thread. MESSAGE_SETZLIBDICTIONARY, id=%d, length=%d", dmsg->dwId, dmsg->dwDictLength ); | ||
} | ||
break; | ||
*/ | ||
default: | ||
dprintf("[LOADER] loader_message_thread. Unknown message 0x%08X", header.dwMessage ); | ||
break; | ||
} | ||
|
||
if( pBuffer ) | ||
{ | ||
free( pBuffer ); | ||
pBuffer = NULL; | ||
} | ||
} | ||
|
||
} while( 0 ); | ||
} | ||
__except( EXCEPTION_EXECUTE_HANDLER ) | ||
{ | ||
dprintf( "[LOADER] loader_message_thread. EXCEPTION_EXECUTE_HANDLER\n\n" ); | ||
} | ||
|
||
dprintf("[LOADER] loader_message_thread. thread finishing..."); | ||
|
||
if( hServerPipe ) | ||
{ | ||
DisconnectNamedPipe( hServerPipe ); | ||
CLOSE_HANDLE( hServerPipe ); | ||
} | ||
|
||
if( pBuffer ) | ||
free( pBuffer ); | ||
|
||
return dwResult; | ||
} |
Oops, something went wrong.