📄 t-procmon.c

📁 剖析Windows系统服务调用机制相关及驱动编程模式
💻 C
📖 第 1 页 / 共 2 页
字号:
上一页 12

	return TRUE;
}

BOOL 
WINAPI
CtrlEvent(
IN     DWORD  dwType)
{
    switch(dwType)
	{
	case CTRL_C_EVENT:
	case CTRL_BREAK_EVENT:
		if(bMonitor)
		{
			printf("---------------------------------------------\n");
		}
	case CTRL_CLOSE_EVENT:
	case CTRL_LOGOFF_EVENT:
	case CTRL_SHUTDOWN_EVENT:
		Abort();	
	}
	return TRUE;
}

VOID
ShowMessageU(
VOID)
{
	PMESSAGEU  pShowMU;
	DWORD      dwIndex;

	if(MessageLength < 5)
	{
		return ;
	}

	dwIndex = 0;
	while(dwIndex < MessageLength)
	{
		pShowMU = (PMESSAGEU)(Message + dwIndex);
		printf("%.5d\t%s\n",pShowMU->Sequence,pShowMU->Message);
		dwIndex += strlen(pShowMU->Message) + sizeof(pShowMU->Sequence) + 1;
	}

	MessageLength = 0;

	return ;
}

BOOL
GetHiddenProcessName(
VOID)
{
	HANDLE  hFile;
	HANDLE  hMapFile;
	LPVOID  lpMapAddress;
	PTSTR   lpTempFile;
	DWORD   dwFileSize; 
	DWORD   dwPointer;
	DWORD   dwNameLength;

	dwIndex      = 0;
	dwPointer    = 0;

	hFile = CreateFile(InitPath,GENERIC_WRITE | GENERIC_READ,0,NULL,
		               OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
	if(hFile == NULL)
	{
		printf("CreateFile Error: %d\n",GetLastError());
		return FALSE;
	}

	dwFileSize = GetFileSize(hFile,NULL);

	hMapFile = CreateFileMapping(hFile,NULL,PAGE_READWRITE,0,dwFileSize,NULL);
	if(hMapFile == NULL)
	{
		printf("CreateFileMapping Error: %d\n",GetLastError());
		return FALSE;
	}

	lpMapAddress = MapViewOfFile(hMapFile,FILE_MAP_ALL_ACCESS,0,0,0);
	if(lpMapAddress == NULL)
	{
		printf("MapViewOfFile Error: %d\n",GetLastError());
		return FALSE;
	}

	lpTempFile = (PTSTR)lpMapAddress;

	printf("Hidden Process Name List:\n");
    printf("----------------------------------\n");
	while(dwPointer < dwFileSize)
	{
		if(lpTempFile[dwPointer] == '+')
		{
			dwNameLength = dwPointer;
			while(dwPointer < dwFileSize && lpTempFile[dwPointer] != '\r')
			{
				dwPointer++;
			}
			dwNameLength = dwPointer - dwNameLength;

			memcpy(Message + dwIndex,&lpTempFile[dwPointer - dwNameLength + 1],dwNameLength);
			printf("Process Name: %s\n",Message + dwIndex);
			dwIndex += dwNameLength + 1;
		}
		dwPointer ++ ;
	}
	printf("----------------------------------\n");

	if(!UnmapViewOfFile(lpMapAddress))
	{
		printf("UnmapViewOfFile Error: %d\n",GetLastError());
		return FALSE;
	}

	CloseHandle(hMapFile);
	CloseHandle(hFile);

	return TRUE;
}

BOOL DelProcessName(
VOID)
{
	HANDLE  hFile;
	HANDLE  hMapFile;
	LPVOID  lpMapAddress;
	PTSTR   lpTempFile;
	DWORD   dwFileSize; 
	DWORD   dwPointer;
	DWORD   dwNameLength;
	TCHAR   ProcName[256];
	BOOL    bFound;

	dwIndex      = 0;
	dwPointer    = 0;
	bFound       = FALSE;

	hFile = CreateFile(InitPath,GENERIC_WRITE | GENERIC_READ,0,NULL,
		               OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
	if(hFile == NULL)
	{
		printf("CreateFile Error: %d\n",GetLastError());
		return FALSE;
	}

	dwFileSize = GetFileSize(hFile,NULL);

	hMapFile = CreateFileMapping(hFile,NULL,PAGE_READWRITE,0,dwFileSize,NULL);
	if(hMapFile == NULL)
	{
		printf("CreateFileMapping Error: %d\n",GetLastError());
		return FALSE;
	}

	lpMapAddress = MapViewOfFile(hMapFile,FILE_MAP_ALL_ACCESS,0,0,0);
	if(lpMapAddress == NULL)
	{
		printf("MapViewOfFile Error: %d\n",GetLastError());
		return FALSE;
	}

	lpTempFile = (PTSTR)lpMapAddress;

	while(dwPointer < dwFileSize)
	{
		if(lpTempFile[dwPointer] == '+')
		{
			dwNameLength = dwPointer;
			while(dwPointer < dwFileSize && lpTempFile[dwPointer] != '\r')
			{
				dwPointer++;
			}
			dwNameLength = dwPointer - dwNameLength - 1;
			memset(ProcName,0,sizeof(ProcName));
			memcpy(ProcName,&lpTempFile[dwPointer - dwNameLength],dwNameLength);
			if(!strnicmp(ProcName,Message,dwNameLength))
			{
				if(dwPointer + 2 < dwFileSize)
				{
					memcpy(lpTempFile + dwPointer - dwNameLength - 1,
						   lpTempFile + dwPointer + 2, 
						   dwFileSize - dwPointer - 2);
				}
				dwFileSize -= (dwNameLength + 3);
				bFound = TRUE;
				printf("Delete Process Name %s from Hidden List Successfully !\n\n",Message);
				break;
			}
			dwIndex += dwNameLength + 1;
		}
		dwPointer ++ ;
	}

	if(!bFound)
	{
		printf("Process Name %s not in Hidden List !\n\n",Message);
	}

	if(!UnmapViewOfFile(lpMapAddress))
	{
		printf("UnmapViewOfFile Error: %d\n",GetLastError());
		return FALSE;
	}

	CloseHandle(hMapFile);

	dwPointer = SetFilePointer(hFile,dwFileSize,NULL,FILE_BEGIN);
	if(dwPointer == 0xFFFFFFFF) 
	{
		printf("SetFilePointer Error: %d\n",GetLastError());
		return FALSE;
	}

	if(!SetEndOfFile(hFile))
	{
		printf("SetEnfOfFile Error: %d\n",GetLastError());
		return FALSE;
	}

	CloseHandle(hFile);

    return TRUE;
}

BOOL AddProcessName(
VOID)
{
	HANDLE  hFile;
	HANDLE  hMapFile;
	LPVOID  lpMapAddress;
	PTSTR   lpTempFile;
	DWORD   dwFileSize; 
	DWORD   dwPointer;
	DWORD   dwNameLength;
	TCHAR   ProcName[256];
	BOOL    bFound;

	dwIndex      = 0;
	dwPointer    = 0;
	bFound       = FALSE;

	hFile = CreateFile(InitPath,GENERIC_WRITE | GENERIC_READ,0,NULL,
		               OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
	if(hFile == NULL)
	{
		printf("CreateFile Error: %d\n",GetLastError());
		return FALSE;
	}

	dwFileSize = GetFileSize(hFile,NULL);

	hMapFile = CreateFileMapping(hFile,NULL,PAGE_READWRITE,0,dwFileSize + 32,NULL);
	if(hMapFile == NULL)
	{
		printf("CreateFileMapping Error: %d\n",GetLastError());
		return FALSE;
	}

	lpMapAddress = MapViewOfFile(hMapFile,FILE_MAP_ALL_ACCESS,0,0,0);
	if(lpMapAddress == NULL)
	{
		printf("MapViewOfFile Error: %d\n",GetLastError());
		return FALSE;
	}

	lpTempFile = (PTSTR)lpMapAddress;

	while(dwPointer < dwFileSize)
	{
		if(lpTempFile[dwPointer] == '+')
		{
			dwNameLength = dwPointer;
			while(dwPointer < dwFileSize && lpTempFile[dwPointer] != '\r')
			{
				dwPointer++;
			}
			dwNameLength = dwPointer - dwNameLength - 1;
			memset(ProcName,0,sizeof(ProcName));
			memcpy(ProcName,&lpTempFile[dwPointer - dwNameLength],dwNameLength);
			if(!strnicmp(ProcName,Message,dwNameLength))
			{
				printf("Process Name % already in Hidden list !\n\n");
				bFound = TRUE;
				break;
			}
		}
		dwPointer ++ ;
	}

	if(!bFound)
	{
		lpTempFile[dwPointer ++] = '+';
		memcpy(lpTempFile + dwPointer,Message,strlen(Message));
		dwPointer += strlen(Message);
		memcpy(lpTempFile + dwPointer,"\r\n",2);
		dwPointer += 2;
		dwFileSize = dwPointer;
		printf("Add Process Name %s to Hidden List Successfully !\n\n",Message);
	}

	if(!UnmapViewOfFile(lpMapAddress))
	{
		printf("UnmapViewOfFile Error: %d\n",GetLastError());
		return FALSE;
	}

	CloseHandle(hMapFile);

	dwPointer = SetFilePointer(hFile,dwFileSize,NULL,FILE_BEGIN);
	if(dwPointer == INVALID_SET_FILE_POINTER) 
	{
		printf("SetFilePointer Error: %d\n",GetLastError());
		return FALSE;
	}

	if(!SetEndOfFile(hFile))
	{
		printf("SetEnfOfFile Error: %d\n",GetLastError());
		return FALSE;
	}

	CloseHandle(hFile);

    return TRUE;
}


VOID
Abort()
{
	if(!UnloadDeviceDriver(SYS_DRIVER_NAME))
	{
		printf("UnloadDeviceDriver Error: %d\n",GetLastError());
	}
	exit(0);
}

VOID 
Start()
{
	printf("T-ProcMon Version 1.0 by Brief\n");
	printf("E-Mail: Brief@fz5fz.org\n");
	printf("HomePage: www.fz5fz.org && www.safechina.net\n");
	printf("Date: 06-06-2003\n\n");
	return ;
}
 
VOID
Usage()
{
	printf("Usage:\n");
	printf("T-ProcMon [-Monitor] | [-Hide] | [[-Add|-Del] ProcessName] | [-Remove]\n\n");
	printf("Example:\n");
	printf("T-ProcMon -Monitor        (Monitor all Processes in System)\n");
	printf("T-ProcMon -Hide           (Hide all Process(es) the name in List)\n");
	printf("T-ProcMon -Add  smss.exe  (Add Process Name \"smss.exe\" to List)\n");
	printf("T-ProcMon -Del  smss.exe  (Delete Process Name \"smss.exe\" from List)\n");
	printf("T-ProcMon -Remove         (Remove when no Need this Driver)\n\n");
	return ;
}
上一页 12
💿 文件大小 57 K
👤 上传用户 laoniu
📂 所属分类驱动编程
🏷️ 相关标签

#Windows #服务 #机制
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -