-
Notifications
You must be signed in to change notification settings - Fork 270
/
Copy pathcommand.h
130 lines (104 loc) · 5.04 KB
/
command.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#ifndef __COMMAND_H
#define __COMMAND_H
#define MAX_PARAM 32
#define MAX_STUBS 32
#define MAX_BUF 8192
// We remember stub data so user only has to remember ID and thread.
typedef struct _STUB_RECORD {
DWORD ThreadId;
CTF_MARSHAL_COMSTUB Stub;
} STUB_RECORD, *PSTUB_RECORD;
typedef struct _COMMAND_HANDLER {
PCHAR Command;
ULONG MinParams;
PCHAR LongDescription;
PCHAR Description;
ULONG (*Callback)(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
} COMMAND_HANDLER, *PCOMMAND_HANDLER;
typedef struct _SPECIAL_VARIABLE {
PCHAR Name;
PCHAR Description;
ULONGLONG Value;
} SPECIAL_VARIABLE, *PSPECIAL_VARIABLE;
// If you specify a tid of 0, the DefaultThread is used, which can be set
// via wait or thread commands.
extern UINT64 DefaultThread;
// If you specify a stubid of 0, the last stub created is used (Note that
// msctf will never return a 0 stubid).
extern UINT64 DefaultStub;
// The handle to the monitor.
extern HANDLE PortHandle;
// We create a window to monitor RPC commands.
extern HWND MessageWindow;
// The monitor leaks a stack pointer on every marshal command.
// This might be useful in exploitation, so you can retrieve it if you want it.
extern UINT64 LeakedStackPointer;
extern UINT64 LastModuleBase;
extern UINT64 LastSymbolOffset;
// How many stubs we know about.
extern ULONG NumStubs;
// Known stubs.
extern STUB_RECORD StubRecords[MAX_STUBS];
// Total number of parameters in the current parameter chain.
extern ULONG CountMarshalParams;
// How many of the total parameters have been specified.
extern ULONG CurrentMarshalParam;
// Pointer to the current parameter chain.
extern PCTF_MARSHAL_PARAM MarshalParams;
// The ThreadID we are claiming to be, by default it's the truth, but you can
// lie if you like.
extern UINT64 ClientThreadId;
// The flags we set when we connect.
extern UINT64 ClientFlags;
// Set when we're running a script.
extern ULONG NonInteractive;
// Padding for the PROXY_SIGNATURE.
extern UINT64 ProxyExtra1;
extern UINT64 ProxyExtra2;
extern UINT64 ProxyExtra3;
// User specified variables for scripting.
extern ULONGLONG UserRegisters[6];
// The return code of the last process from "run"
extern ULONGLONG LastCommandResult;
// The last value looked up in the registry.
extern ULONGLONG LastRegistryValue;
ULONG ExitHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG HelpHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG ConnectHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG InfoHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG ScanHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG CreateStubHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG CallStubHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG SetArgHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG GetArgHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG HijackHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG WaitHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG ThreadHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG SleepHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG ForgetHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG StackHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG MarshalHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG ProxyHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG CallHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG PatchHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG ModuleHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG ModuleHandler64(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG EditArgHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG SymbolHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG SetHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG ShowHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG LockHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG RepeatHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG RunHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG ScriptHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG PrintHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG ConsentHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG RegHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG WindowHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG GadgetHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG SectionHandler(PCHAR Command, ULONG ParamCount, PCHAR *Parameters);
ULONG DispatchCommand(PCHAR CommandLine);
int CompareFirst(PCHAR a, PCHAR *b);
ULONGLONG DecodeIntegerParameter(PCHAR Value);
HWND CreateMessageWindow();
#endif