📄 t-procmon.c
字号:
#include "T-ProcMon.h"
INT
main(
INT iArgc,
PTSTR pArgv[])
{
Start();
if(!SetConsoleCtrlHandler(CtrlEvent,TRUE))
{
printf("SetConsoleCtrlHandler for Event Control Error: %d\n",GetLastError());
return -1;
}
if(!GetCurrentDirectory(MAX_PATH,(PTSTR)DriverPath))
{
printf("GetCurrentDirectory Error: %d\n",GetLastError());
}
else
{
_tcscat((PTSTR)DriverPath,TEXT("\\"));
_tcscpy((PTSTR)InitPath,(PTSTR)DriverPath);
_tcscat((PTSTR)DriverPath,SYS_DRIVER_FILE);
hFindFile = FindFirstFile(DriverPath,&FindData);
if(hFindFile == INVALID_HANDLE_VALUE)
{
printf("Could no find %s in Current Directory !\n",SYS_DRIVER_FILE);
return -1;
}
_tcscat((PTSTR)InitPath,SYS_INIT_FILE);
hFindFile = FindFirstFile(InitPath,&FindData);
if(hFindFile == INVALID_HANDLE_VALUE)
{
printf("Could no find %s in Current Directory !\n",SYS_INIT_FILE);
return -1;
}
}
if(iArgc == 2)
{
if(!stricmp(pArgv[1],"-Monitor"))
{
if(!LoadDeviceDriver(SYS_DRIVER_NAME,(PTSTR)DriverPath,&SysHandle))
{
printf("LoadDeviceDriver Error: %d\n",GetLastError());
return -1;
}
bMonitor = TRUE;
printf("Enter Ctrl+C to End up ...\n\n");
printf("SEQ.\tProcID\tOperation\n");
printf("---------------------------------------------\n");
while(1)
{
MessageLength = 0;
if(!DeviceIoControl(SysHandle,PROCMON_MONITOR,NULL,0,Message,
sizeof(Message),&MessageLength,NULL))
{
printf("Control Monitor Error: %d\n",GetLastError());
Abort();
}
if(MessageLength > 0)
{
ShowMessageU();
}
Sleep(500);
}
}
else if(!stricmp(pArgv[1],"-Hide"))
{
if(!LoadDeviceDriver(SYS_DRIVER_NAME,(PTSTR)DriverPath,&SysHandle))
{
printf("LoadDeviceDriver Error: %d\n",GetLastError());
return -1;
}
if(!GetHiddenProcessName())
{
printf("Get Hidden Proces Name Error !\n");
Abort();
}
if(!DeviceIoControl(SysHandle,PROCMON_HIDDEN,Message,dwIndex,
NULL,0,&MessageLength,NULL))
{
printf("Get Hidden Information Error: %d\n",GetLastError());
Abort();
}
printf("\nEnter Ctrl+C to End up ...\n");
while(1)
{
Sleep(200);
}
}
else if(!stricmp(pArgv[1],"-Remove"))
{
if(!RemoveDeviceDriver(SYS_DRIVER_NAME))
{
printf("RemoveDeviceDriver Error: %d\n",GetLastError());
return -1;
}
}
else
{
Usage();
}
}
else if(iArgc == 3)
{
if(!stricmp(pArgv[1],"-Add"))
{
strcpy(Message,pArgv[2]);
if(!AddProcessName())
{
printf("AddProcessName Error: %d\n",GetLastError());
}
if(!GetHiddenProcessName())
{
printf("Get Hidden Proces Name Error !\n");
}
}
else if(!stricmp(pArgv[1],"-Del"))
{
strcpy(Message,pArgv[2]);
if(!DelProcessName())
{
printf("DelProcessName Error: %d\n",GetLastError());
}
if(!GetHiddenProcessName())
{
printf("Get Hidden Proces Name Error !\n");
}
}
else
{
Usage();
}
}
else
{
Usage();
}
return 0;
}
BOOL
LoadDeviceDriver(
IN PTSTR DriverName,
IN PTSTR DriverPath,
OUT HANDLE* pDeviceHandle)
{
SC_HANDLE scManager;
BOOL bResult;
DWORD dwReturned;
scManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
InstallDriver(scManager,DriverName,DriverPath);
StartDriver(scManager,DriverName);
bResult = OpenDevice(DriverName,pDeviceHandle);
CloseHandle(scManager);
if(bResult)
{
if(!DeviceIoControl(SysHandle,PROCMON_HOOK,NULL,
0,NULL,0,&dwReturned,NULL))
{
printf("Control Hook Error: %d\n",GetLastError());
bResult = FALSE;
}
}
return bResult;
}
BOOL
UnloadDeviceDriver(
IN PTSTR DriverName)
{
SC_HANDLE scManager;
scManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
StopDriver(scManager,DriverName);
CloseHandle(scManager);
return TRUE;
}
BOOL
RemoveDeviceDriver(
IN PTSTR DriverName)
{
SC_HANDLE scManager;
scManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
StopDriver(scManager,DriverName);
RemoveDriver(scManager,DriverName);
CloseHandle(scManager);
return TRUE;
}
BOOL
InstallDriver(
IN SC_HANDLE scManager,
IN LPTSTR DriverName,
IN LPTSTR DriverPath)
{
SC_HANDLE scService = NULL;
scService = CreateService(scManager,
DriverName,
DriverName,
SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER,
SERVICE_DEMAND_START,
SERVICE_ERROR_NORMAL,
DriverPath,
NULL,
NULL,
NULL,
NULL,
NULL);
if(scService == NULL)
{
if(GetLastError() != 1073)
{
printf("CreateService for %s Error: %d\n",DriverName,GetLastError());
return FALSE;
}
}
CloseServiceHandle(scService);
return TRUE;
}
BOOL
StartDriver(
IN SC_HANDLE scManager,
IN LPTSTR DriverName)
{
SC_HANDLE scService = NULL;
BOOL bResult;
scService = OpenService(scManager,
DriverName,
SERVICE_ALL_ACCESS);
if(scService == NULL)
{
return FALSE;
}
bResult = StartService(scService,0,NULL);
if(bResult == FALSE)
{
if(GetLastError() != ERROR_SERVICE_ALREADY_RUNNING)
{
printf("StartService for %s Error: %d\n",DriverName,GetLastError());
return FALSE;
}
}
return TRUE;
}
BOOL
StopDriver(
IN SC_HANDLE scManager,
IN LPTSTR DriverName)
{
SC_HANDLE scService;
BOOL bResult;
SERVICE_STATUS ServiceStatus;
scService = OpenService(scManager,DriverName,SERVICE_ALL_ACCESS);
if(scService == NULL)
{
return FALSE;
}
bResult = ControlService(scService,SERVICE_CONTROL_STOP,&ServiceStatus);
if(!bResult)
{
if(GetLastError() != 1062)
{
printf("StopService for %s Error: %d\n",DriverName,GetLastError());
}
}
return bResult;
}
BOOL
RemoveDriver(
IN SC_HANDLE scManager,
IN LPTSTR DriverName)
{
SC_HANDLE scService;
BOOL bResult;
scService = OpenService(scManager,
DriverName,
SERVICE_ALL_ACCESS);
if(scService == NULL)
{
return FALSE;
}
bResult = DeleteService(scService);
if(!bResult)
{
printf("Delete Service for %s Error: %d\n",DriverName,GetLastError());
}
else
{
printf("Remove Device %s Successfully !\n",DriverName);
}
CloseServiceHandle(scService);
return bResult;
}
BOOL
OpenDevice(
IN LPTSTR DriverName,
OUT HANDLE * pDeviceHandle)
{
TCHAR SymbolDeviceName[128];
HANDLE hDevice;
wsprintf(SymbolDeviceName,TEXT("\\\\.\\%s"),DriverName);
hDevice = CreateFile(SymbolDeviceName,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if(hDevice == INVALID_HANDLE_VALUE)
{
printf("CreateFile for %s Error: %d\n",SymbolDeviceName,GetLastError());
return FALSE;
}
if(pDeviceHandle == NULL)
{
CloseHandle(hDevice);
}
else
{
*pDeviceHandle = hDevice;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -