RawC Framework Documentation

Welcome to the technical documentation for the native Win32 C Client/Server framework. This document covers the internal workings of both Client.cpp and Server.cpp, detailing socket management, video/audio capture pipelines, and command execution.

System Architecture

The framework operates on a standard Command & Control (C2) architecture using TCP sockets. The Server binds to a specified port and listens for incoming Client connections. The Server utilizes a graphical UI built with native Win32 controls (ListViews, Context Menus) to manage these connections concurrently.

Server Module Server.cpp

The Server acts as the controller. It handles multi-threaded client connections, routes commands, and serves multimedia streams.

Network Initialization

The server relies on Winsock2.h for networking. It sets up a listening socket and spawns a new thread for each incoming client connection, tracking them in a global array or linked list.

// Pseudocode representation of Server socket init
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);

SOCKET ListenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
bind(ListenSocket, (SOCKADDR*)&serverAddr, sizeof(serverAddr));
listen(ListenSocket, SOMAXCONN);

// Accept loop
while (TRUE) {
    SOCKET ClientSocket = accept(ListenSocket, NULL, NULL);
    CreateThread(NULL, 0, ClientHandlerThread, (LPVOID)ClientSocket, 0, NULL);
}

Consolidated MJPEG Server

The server features a built-in HTTP server listening on port 8080. When a client begins sending desktop or webcam frames, the server wraps these raw JPEG bytes into a multi-part HTTP response, creating a smooth MJPEG stream viewable in any standard web browser.

// Standard MJPEG HTTP Header pushed to the browser
const char* mjpeg_header = 
    "HTTP/1.1 200 OK\r\n"
    "Content-Type: multipart/x-mixed-replace; boundary=--myboundary\r\n\r\n";

// Boundary pushed before each frame
const char* frame_boundary = 
    "--myboundary\r\n"
    "Content-Type: image/jpeg\r\n"
    "Content-Length: %d\r\n\r\n";

Administration & Context Menu

The Server UI allows operators to right-click a connected client to issue commands. These UI interactions translate directly to network packets sent to the client.

Client Module Client.cpp

The Client is designed for stealth, low footprint, and high performance. It operates entirely in the background, continuously attempting to connect to the Server's IP address.

Core Loop

Upon execution, the Client hides its console window (if applicable) and enters a persistent connection loop. Once connected, it waits for commands using a blocking recv() call.

Remote Desktop & Webcam Capture

To capture the desktop, the Client utilizes the standard Windows GDI API (Graphics Device Interface).

1. GetDC(NULL) is used to get the screen device context.
2. BitBlt copies the screen data into a memory DC.
3. The raw bitmap is compressed into a JPEG in memory using a lightweight C encoder or GDI+.
4. The resulting buffer is fragmented and sent over the socket.

Live Audio Capture

Audio is captured using the native Windows Multimedia API (mmsystem.h). The client opens the default recording device using waveInOpen, records chunks of audio (usually 8kHz or 16kHz PCM), and streams them continuously to the server.

Network Protocol

To prevent TCP stream fragmentation issues, all communications utilize a strictly defined packet header. This ensures the receiver always knows exactly how many bytes to read.

// Example Packet Header Structure
typedef struct _PACKET_HEADER {
    DWORD MagicNumber;  // e.g., 0xDEADBEEF for verification
    DWORD Opcode;       // Command identifier (see Opcodes)
    DWORD DataLength;   // Size of the payload following the header
} PACKET_HEADER, *PPACKET_HEADER;

Command Opcodes