Documentation
¶
Index ¶
- Constants
- func DeleteService()
- type Client
- func (c *Client) CloseService(treeId uint32, fileId, serviceHandle []byte) error
- func (c *Client) CreateService(treeId uint32, fileId, contextHandle []byte, ...) (handler []byte, err error)
- func (c *Client) FileUpload(file, Path string) (filename string, err error)
- func (c *Client) NewOpenSCManagerWRequest(treeId uint32, fileId []byte) PDUHeader
- func (c *Client) NewPDUBind(treeId uint32, fileId []byte, uuid string, version uint32) PDUHeader
- func (c *Client) NewRCloseServiceHandleRequest(treeId uint32, fileId, contextHandle []byte) PDUHeader
- func (c *Client) NewRCreateServiceWRequest(treeId uint32, fileId, contextHandle []byte, ...) PDUHeader
- func (c *Client) NewROpenServiceWRequest(treeId uint32, fileId, contextHandle []byte, servicename string) PDUHeader
- func (c *Client) NewRStartServiceWRequest(treeId uint32, fileId, contextHandle []byte) PDUHeader
- func (c *Client) OpenService(treeId uint32, fileId, contextHandle []byte, servicename string) error
- func (c *Client) OpenSvcManager(treeId uint32) (fileid, handler []byte, err error)
- func (c *Client) PDUBind(treeId uint32, fileId []byte, uuid string, version uint32) error
- func (c *Client) ServiceInstall(servicename string, file, path string) (service string, err error)
- func (c *Client) StartService(treeId uint32, fileId, serviceHandle []byte) error
- type OpenSCManagerWResponse
- type OpenSCManagerWStruct
- type PDUBindAckStruct
- type PDUBindStruct
- type PDUCtxEItem
- type PDUCtxEItemResponseStruct
- type PDUExtHeaderStruct
- type PDUHeader
- type PDUHeaderStruct
- type PDUSyntaxID
- type RCloseServiceHandleRequestStruct
- type RCloseServiceHandleResponseStruct
- type RCreateServiceWRequestStruct
- type RCreateServiceWResponseStruct
- type ROpenServiceWRequestStruct
- type ROpenServiceWResponseStruct
- type RStartServiceWRequestStruct
- type RStartServiceWResponseStruct
Constants ¶
View Source
const ( PDURequest = 0 PDUPing = 1 PDUResponse = 2 PDUFault = 3 PDUWorking = 4 PDUNoCall = 5 PDUReject = 6 PDUAck = 7 PDUCl_Cancel = 8 PDUFack = 9 PDUCancel_Ack = 10 PDUBind = 11 PDUBind_Ack = 12 PDUBind_Nak = 13 PDUAlter_Context = 14 PDUAlter_Context_Resp = 15 PDUShutdown = 17 PDUCo_Cancel = 18 PDUOrphaned = 19 )
PDU PacketType https://pubs.opengroup.org/onlinepubs/9629399/chap12.htm
View Source
const ( PDUFlagReserved_01 = 0x01 PDUFlagLastFrag = 0x02 PDUFlagPending = 0x03 PDUFlagFrag = 0x04 PDUFlagNoFack = 0x08 PDUFlagMayBe = 0x10 PDUFlagIdemPotent = 0x20 PDUFlagBroadcast = 0x40 PDUFlagReserved_80 = 0x80 )
PDU PacketFlags https://pubs.opengroup.org/onlinepubs/9629399/chap12.htm
View Source
const ( NDRSyntax = "8a885d04-1ceb-11c9-9fe8-08002b104860" //Version 02, NDR64 data representation protocol NDR64Syntax = "71710533-BEBA-4937-8319-B5DBEF9CCC36" //Version 01, NDR64 data representation protocol )
View Source
const ( SERVICE_ALL_ACCESS = 0x000F01FF SC_MANAGER_CREATE_SERVICE = 0x00000002 SC_MANAGER_CONNECT = 0x00000001 )
View Source
const ( RCloseServiceHandle = 0 RControlService = 1 RDeleteService = 2 RLockServiceDatabase = 3 RQueryServiceObjectSecurity = 4 RSetServiceObjectSecurity = 5 RQueryServiceStatus = 6 RSetServiceStatus = 7 RUnlockServiceDatabase = 8 RNotifyBootConfigStatus = 9 RChangeServiceConfigW = 11 RCreateServiceW = 12 REnumDependentServicesW = 13 REnumServicesStatusW = 14 ROpenSCManagerW = 15 ROpenServiceW = 16 RQueryServiceConfigW = 17 RQueryServiceLockStatusW = 18 RStartServiceW = 19 RGetServiceDisplayNameW = 20 RGetServiceKeyNameW = 21 RChangeServiceConfigA = 23 RCreateServiceA = 24 REnumDependentServicesA = 25 REnumServicesStatusA = 26 ROpenSCManagerA = 27 ROpenServiceA = 28 RQueryServiceConfigA = 29 RQueryServiceLockStatusA = 30 RStartServiceA = 31 RGetServiceDisplayNameA = 32 RGetServiceKeyNameA = 33 REnumServiceGroupW = 35 RChangeServiceConfig2A = 36 RChangeServiceConfig2W = 37 RQueryServiceConfig2A = 38 RQueryServiceConfig2W = 39 RQueryServiceStatusEx = 40 REnumServicesStatusExA = 41 REnumServicesStatusExW = 42 RCreateServiceWOW64A = 44 RCreateServiceWOW64W = 45 RNotifyServiceStatusChange = 47 RGetNotifyResults = 48 RCloseNotifyHandle = 49 RControlServiceExA = 50 RControlServiceExW = 51 RQueryServiceConfigEx = 56 RCreateWowService = 60 ROpenSCManager2 = 64 )
View Source
const ( SERVICE_KERNEL_DRIVER = 0x00000001 SERVICE_FILE_SYSTEM_DRIVER = 0x00000002 SERVICE_WIN32_OWN_PROCESS = 0x00000010 SERVICE_WIN32_SHARE_PROCESS = 0x00000020 SERVICE_INTERACTIVE_PROCESS = 0x00000100 )
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-scmr/6a8ca926-9477-4dd4-b766-692fab07227e dwServiceType 类型
View Source
const ( SERVICE_BOOT_START = 0x00000000 SERVICE_SYSTEM_START = 0x00000001 SERVICE_AUTO_START = 0x00000002 SERVICE_DEMAND_START = 0x00000003 SERVICE_DISABLED = 0x00000004 )
dwStartType类型
View Source
const ( SERVICE_ERROR_IGNORE = 0x00000000 SERVICE_ERROR_NORMAL = 0x00000001 SERVICE_ERROR_SEVERE = 0x00000002 SERVICE_ERROR_CRITICAL = 0x00000003 )
dwErrorControl类型
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Client ¶
func SMBTransport ¶
func (*Client) CloseService ¶
关闭scm句柄
func (*Client) CreateService ¶
func (c *Client) CreateService(treeId uint32, fileId, contextHandle []byte, servicename, uploadPathFile string) (handler []byte, err error)
创建服务,返回创建服务后的实例句柄
func (*Client) FileUpload ¶
上传文件,返回文件名
func (*Client) NewOpenSCManagerWRequest ¶
OpenSCManagerW请求 DWORD ROpenSCManagerW(
[in, string, unique, range(0, SC_MAX_COMPUTER_NAME_LENGTH)] SVCCTL_HANDLEW lpMachineName, [in, string, unique, range(0, SC_MAX_NAME_LENGTH)] wchar_t* lpDatabaseName, [in] DWORD dwDesiredAccess, [out] LPSC_RPC_HANDLE lpScHandle );
lpMachineName:一种 SVCCTL_HANDLEW(第 2.2.3 节)数据类型,它定义指向以空字符结尾的 UNICODE 字符串的指针,该字符串指定服务器的机器名称。 lpDatabaseName:指向以空结尾的 UNICODE 字符串的指针,该字符串指定要打开的 SCM 数据库的名称。该参数必须设置为 NULL、“ServicesActive”或“ServicesFailed”。 dwDesiredAccess:一个值,指定对数据库的访问。这必须是第 3.1.4 节中指定的值之一。 客户端还必须具有 SC_MANAGER_CONNECT 访问权限。 lpScHandle:一种 LPSC_RPC_HANDLE 数据类型,用于定义新打开的 SCM 数据库的句柄。
func (*Client) NewPDUBind ¶
函数绑定请求
func (*Client) NewRCloseServiceHandleRequest ¶
func (*Client) NewRCreateServiceWRequest ¶
func (*Client) NewROpenServiceWRequest ¶
func (*Client) NewRStartServiceWRequest ¶
启动服务封装
func (*Client) OpenService ¶
打开服务
func (*Client) OpenSvcManager ¶
打开scm,返回scm服务句柄
func (*Client) ServiceInstall ¶
服务安装
type OpenSCManagerWResponse ¶
type OpenSCManagerWResponse struct {
smb2.ReadResponseStruct
Version uint8
VersionMinor uint8
PacketType uint8
PacketFlags uint8
DataRepresentation uint32
FragLength uint16
AuthLength uint16
CallId uint32
AllocHint uint32
ContextId uint16
CancelCount uint8
Reserved uint8
ContextHandle []byte `smb:"fixed:20"`
ReturnCode uint32
}
OpenSCManagerW响应结构
func NewOpenSCManagerWResponse ¶
func NewOpenSCManagerWResponse() OpenSCManagerWResponse
type OpenSCManagerWStruct ¶
type OpenSCManagerWStruct struct {
MachineName machineName
Database database
AccessMask uint32
}
ms service control https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-scmr/dc84adb3-d51d-48eb-820d-ba1c6ca5faf2
type PDUBindAckStruct ¶
type PDUBindAckStruct struct {
smb2.ReadResponseStruct
Version uint8
VersionMinor uint8
PacketType uint8
PacketFlags uint8
DataRepresentation uint32
FragLength uint16
AuthLength uint16
CallId uint32
MaxXmitFrag uint16
MaxRecvFrag uint16
AssocGroup uint32
ScndryAddrlen uint16
ScndryAddr []byte `smb:"count:ScndryAddrlen"` //取决管道的长度
NumResults uint8
CtxItem PDUCtxEItemResponseStruct
}
type PDUBindStruct ¶
type PDUBindStruct struct {
//PDUHeader
MaxXmitFrag uint16 //4字节,发送大小协商
MaxRecvFrag uint16 //4字节,接收大小协商
AssocGroup uint32
NumCtxItems uint8
Reserved uint8
Reserved2 uint16
CtxItem PDUCtxEItem
}
函数绑定结构
type PDUCtxEItem ¶
type PDUCtxEItem struct {
ContextId uint16
NumTransItems uint8
Reserved uint8
AbstractSyntax PDUSyntaxID
TransferSyntax PDUSyntaxID
}
PDU CtxItem结构
type PDUCtxEItemResponseStruct ¶
type PDUCtxEItemResponseStruct struct {
AckResult uint16
AckReason uint16
TransferSyntax []byte `smb:"fixed:16"` //16字节
SyntaxVer uint32
}
PDU CtxItem响应结构
type PDUExtHeaderStruct ¶
type PDUExtHeaderStruct struct {
Version uint8
VersionMinor uint8
PacketType uint8
PacketFlags uint8
DataRepresentation uint32 //4字节,小端排序,0x10
FragLength uint16 //2字节,整个结构的长度
AuthLength uint16
CallId uint32
AllocHint uint32 `smb:"len:Buffer"` //Buffer的长度
ContextId uint16
OpNum uint16
Buffer interface{}
}
DCE/RPC 扩展头 调用win ms service control api
type PDUHeader ¶
type PDUHeader struct {
smb.SMB2Header
StructureSize uint16
DataOffset uint16 `smb:"offset:Buffer"`
WriteLength uint32 `smb:"len:Buffer"`
FileOffset []byte `smb:"fixed:8"`
FileId []byte `smb:"fixed:16"` //16字节,服务端返回句柄
Channel uint32
RemainingBytes uint32
WriteChannelInfoOffset uint16
WriteChannelInfoLength uint16
WriteFlags uint32
Buffer interface{} //写入的数据
}
RPC over SMB 标准头
func NewPDUHeader ¶
func NewPDUHeader() PDUHeader
type PDUHeaderStruct ¶
type PDUHeaderStruct struct {
Version uint8
VersionMinor uint8
PacketType uint8
PacketFlags uint8
DataRepresentation uint32 //4字节,小端排序,0x10
FragLength uint16 //2字节,整个结构的长度
AuthLength uint16
CallId uint32
Buffer interface{}
}
DCE/RPC 标准头
type PDUSyntaxID ¶
type RCloseServiceHandleRequestStruct ¶
type RCloseServiceHandleRequestStruct struct {
ContextHandle []byte `smb:"fixed:20"`
}
关闭服务句柄
type RCloseServiceHandleResponseStruct ¶
type RCloseServiceHandleResponseStruct struct {
smb2.ReadResponseStruct
Version uint8
VersionMinor uint8
PacketType uint8
PacketFlags uint8
DataRepresentation uint32
FragLength uint16
AuthLength uint16
CallId uint32
AllocHint uint32
ContextId uint16
CancelCount uint8
Reserved uint8
ContextHandle []byte `smb:"fixed:20"`
ReturnCode uint32
}
func NewRCloseServiceHandleResponse ¶
func NewRCloseServiceHandleResponse() RCloseServiceHandleResponseStruct
type RCreateServiceWRequestStruct ¶
type RCreateServiceWRequestStruct struct {
ContextHandle []byte `smb:"fixed:20"` //OpenSCManagerW 句柄
ServiceName serviceName
DisplayName displayName
AccessMask uint32
ServiceType uint32
ServiceStartType uint32
ServiceErrorControl uint32
BinaryPathName binaryPathName
NULLPointer uint32
TagId uint32
NULLPointer2 uint32
DependSize uint32
NULLPointer3 uint32
NULLPointer4 uint32
PasswordSize uint32
}
type RCreateServiceWResponseStruct ¶
type RCreateServiceWResponseStruct struct {
smb2.ReadResponseStruct
Version uint8
VersionMinor uint8
PacketType uint8
PacketFlags uint8
DataRepresentation uint32
FragLength uint16
AuthLength uint16
CallId uint32
AllocHint uint32
ContextId uint16
CancelCount uint8
Reserved uint8
TagId uint32
ContextHandle []byte `smb:"fixed:20"`
ReturnCode uint32
}
RCreateServiceW响应结构
func NewRCreateServiceWResponse ¶
func NewRCreateServiceWResponse() RCreateServiceWResponseStruct
type ROpenServiceWRequestStruct ¶
type ROpenServiceWResponseStruct ¶
type ROpenServiceWResponseStruct struct {
smb2.ReadResponseStruct
Version uint8
VersionMinor uint8
PacketType uint8
PacketFlags uint8
DataRepresentation uint32
FragLength uint16
AuthLength uint16
CallId uint32
AllocHint uint32
ContextId uint16
CancelCount uint8
Reserved uint8
ContextHandle []byte `smb:"fixed:20"`
ReturnCode uint32
}
func NewROpenServiceWResponse ¶
func NewROpenServiceWResponse() ROpenServiceWResponseStruct
type RStartServiceWRequestStruct ¶
type RStartServiceWResponseStruct ¶
type RStartServiceWResponseStruct struct {
smb2.ReadResponseStruct
Version uint8
VersionMinor uint8
PacketType uint8
PacketFlags uint8
DataRepresentation uint32
FragLength uint16
AuthLength uint16
CallId uint32
AllocHint uint32
ContextId uint16
CancelCount uint8
Reserved uint8
StubData uint32
}
func NewRStartServiceWResponse ¶
func NewRStartServiceWResponse() RStartServiceWResponseStruct
启动服务响应封装
Source Files
Click to show internal directories.
Click to hide internal directories.