search

quasar / Quasar

Remote Administration Tool for Windows
MIT License
8.71k stars 2.46k forks source link

Builder: Persistant process #388

Open webiummedia opened 9 years ago

webiummedia commented 9 years ago

In the builder we could have a box that we can tick called persistent process. When the client process is killed it goes back online a few minutes later.

yankejustin commented 9 years ago

Similar issue here. Persistence is eventually going to be in the form of a Windows Service. Restarting the client if it is killed really isn't a simple manner to do correctly. It is easy to spawn a mess of other programs to make sure the main one is still alive among other methods, but it is a slippery slope with regard to a viable solution and a hacky implementation.

webiummedia commented 9 years ago

Do anybody know how Darkcomet (or was it Babylone) does it?

yankejustin commented 9 years ago

Darkcomet mostly used HKLM Run Keys and Userinit Keys.

MaxXor commented 9 years ago

We could spawn a cmd process which checks the client process and restarts it if needed. (client can also check if cmd process got killed, so they watch each other)

webiummedia commented 9 years ago

I think that's a simple and brilliant idea =)

werkamsus commented 9 years ago

I'd suggest to make the delay for the client persistence modular, so you can choose whether you want it to come back immediately or after a set delay.

webiummedia commented 9 years ago

That would be awsome

rabbitsmith commented 9 years ago

We shouldnt spawn the process from the client application directly from the process.start since if client.exe is termintaed, the cmd will also likely be terminated. Correct me if i am wrong.

MaxXor commented 9 years ago

@rabbitsmith It's fine to use Process.Start, just set the correct parameters in ProcessStartInfo. :)

pavhl commented 9 years ago

But then the client process will be the parent process. If you select "Kill process structure" in Task Manager it will kill the CMD process too.

You have to start the CMD via a batch file with the "start" command to bypass it.

MaxXor commented 9 years ago

Alright, seems possible.

pavhl commented 9 years ago

My idea for this would be:

  1. Client drops a precompiled or runtime compiled (CodeDom) executable to a temporary place (persistence executable)
  2. Client writes batch file to start the persistence executable with the process ID of the Client process as an argument
  3. Client get's the PID of the persistence process either via named pipes or it just searches through all running processes for the file and the corresponding process ID
  4. Client starts thread to watch the persistence executable and restart it if it got killed If the persistence executable detects that the Client process got killed, it restarts the client and kills itself (would be the simplest, but inefficient way) or waits until it receives the new PID via named pipes

Everything should be started even before the Client initializes in a second thread.

I already have a similar project to this, I just have to find it. If you like the idea, I can implement it and create a pull request.

(I hope you can follow my broken english)

yankejustin commented 9 years ago

@Crash129 Your English is not broken. It was actually very understandable and nearly flawless. :) Just to point out, many of us know more languages than English, so please feel free to speak your native language if you feel you aren't making sense. I think your idea would work quite well. It is simple, which is good because I don't think persistence should be a complex thing to implement using the methods we currently are thinking about using.

its0x08 commented 8 years ago

My native one is albanian,, Who's fmailiar with it?! :P