⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 fgwatcher.cpp

📁 文件加密的过滤驱动程序源代码.
💻 CPP
字号:
🔍 
//////////////////////////////////////////////////////////////////////////////////////////////////////
//
//FGWatcher.cpp------for watcher process.

#include "StdAfx.h"
#include "FileGuard.h"
#include "..\HookShr\HookError.h"
#include "FileGuardApp.h"

BOOL bWatcher=FALSE;		//is the process is a watcher?

//hWatchee: handle of a process to be watched.
//return 0 if fail.
HANDLE WatcherProc(HANDLE hWatchee)
{
	//wait for the process to terminate.
	WaitForSingleObject(hWatchee, INFINITE);

	STARTUPINFO sinfo;
	ZeroMemory(&sinfo, sizeof(sinfo));
	sinfo.cb=sizeof(sinfo);
	sinfo.dwFlags=STARTF_FORCEOFFFEEDBACK;		//Not change cursor.
	PROCESS_INFORMATION pinfo;
	if(!bWatcher)
	{
		char szHandle[16];
		sprintf(szHandle, "%u", OpenProcess(PROCESS_ALL_ACCESS, TRUE, GetCurrentProcessId()));  //debug
		SetEnvironmentVariable("HANDLE", (char *)szHandle);
	}
	//Create a watcher process or a main process depent on bWatcher.
	if(!CreateProcess("FILEGUARD.EXE", bWatcher? NULL: "FILEGUARD.EXE -Watcher", 0, 0, !bWatcher, 0, 0, 0, &sinfo, &pinfo))
		return 0;

	CloseHandle(pinfo.hThread);
	return pinfo.hProcess;			//debug //Remember to close hProcess.
}

//Create a new watcher to watch myself.
HANDLE CreateWatcher()
{
	return WatcherProc(NULL);
}

//Prevent watcher process to be closed.
UINT WatchTheWatcher(LPVOID param)
{
	HANDLE hNewWatcher;

	while((hNewWatcher=WatcherProc(hWatcher))!=NULL)
	{
		CloseHandle(hWatcher);
		hWatcher=hNewWatcher;
	}

	//The only way to terminate the thread is to call terminatethread from parent thread.

	//Cannot not create new watcher.
	ErrorHandler(FG_ERR_NOT_ENOUGH_MEMORY);

	return 1;
}

//hide process.
void HideProcess()
{
    HINSTANCE hDllInst = LoadLibrary("KERNEL32.DLL"); 

    if(hDllInst) 
    {        
        typedef DWORD (WINAPI *WINPROC)(DWORD,DWORD); 
    
        WINPROC RegisterServiceProcessAlias = NULL; 
        RegisterServiceProcessAlias = (WINPROC)GetProcAddress(hDllInst, "RegisterServiceProcess"); 
    
        if(RegisterServiceProcessAlias) 
            RegisterServiceProcessAlias(GetCurrentProcessId(),1); 

    FreeLibrary(hDllInst); 
    }
}

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -