📄 支持 ps2 与 usb 的键盘过滤驱动(可卸载).txt
字号:
{
ObDereferenceObject( FileObject );
DbgPrint( "IoCreateDevice() 0x%x!\n", ntStatus );
return ntStatus;
}
//
// 得到设备扩展结构,以便下面保存过滤设备信息
//
DevExt = ( PDEVICE_EXTENSION ) FilterDeviceObject->DeviceExtension;
//
// 初始化自旋锁
//
KeInitializeSpinLock( &DevExt->SpinLock );
//
// 初始化 IRP 计数器
//
DevExt->IrpsInProgress = 0;
//
// 将过滤设备对象附加在目标设备对象之上,并返回附加后的原设备对象
//
TargetDevice = IoAttachDeviceToDeviceStack( FilterDeviceObject,
DeviceObject );
if ( !TargetDevice )
{
ObDereferenceObject( FileObject );
IoDeleteDevice( FilterDeviceObject );
DbgPrint( "IoAttachDeviceToDeviceStack() 0x%x!\n", ntStatus );
return STATUS_INSUFFICIENT_RESOURCES;
}
//
// 保存过滤设备信息
//
DevExt->DeviceObject = FilterDeviceObject;
DevExt->TargetDevice = TargetDevice;
DevExt->pFilterFileObject = FileObject;
//
// 设置过滤设备相关信息与标志
//
FilterDeviceObject->DeviceType = TargetDevice->DeviceType;
FilterDeviceObject->Characteristics = TargetDevice->Characteristics;
FilterDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;
FilterDeviceObject->Flags |= ( TargetDevice->Flags & ( DO_DIRECT_IO |
DO_BUFFERED_IO ) );
//
// 返回附加后的驱动对象
//
*FilterDriverObject = TargetDevice->DriverObject;
ObDereferenceObject( FileObject );
return STATUS_SUCCESS;
}
/////////////////////////////////////////////////////////////////
// 函数类型 : 自定义工具函数
// 函数模块 : 键盘过滤模块
////////////////////////////////////////////////////////////////
// 功能 : 键盘过滤驱动的 IRP_MJ_READ 派遣例程,所有按键将触发
// 这个 IRP 的完成
// 注意 :
/////////////////////////////////////////////////////////////////
// 作者 : sinister
// 发布版本 : 1.00.00
// 发布日期 : 2007.2.15
/////////////////////////////////////////////////////////////////
// 重 大 修 改 历 史
////////////////////////////////////////////////////////////////
// 修改者 :
// 修改日期 :
// 修改内容 :
/////////////////////////////////////////////////////////////////
NTSTATUS
KeyReadPassThrough( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp )
{
NTSTATUS status;
KIRQL IrqLevel;
PDEVICE_OBJECT pDeviceObject;
PDEVICE_EXTENSION KeyExtension = ( PDEVICE_EXTENSION )
DeviceObject->DeviceExtension;
IoCopyCurrentIrpStackLocationToNext( Irp );
//
// 将 IRP 计数器加一,为支持 SMP 使用自旋锁
//
KeAcquireSpinLock( &KeyExtension->SpinLock, &IrqLevel );
InterlockedIncrement( &KeyExtension->IrpsInProgress );
KeReleaseSpinLock( &KeyExtension->SpinLock, IrqLevel );
IoSetCompletionRoutine( Irp,
KeyReadCompletion,
DeviceObject,
TRUE,
TRUE,
TRUE );
return IoCallDriver( KeyExtension->TargetDevice, Irp );
}
/////////////////////////////////////////////////////////////////
// 函数类型 :系统回调函数
// 函数模块 : 键盘过滤模块
////////////////////////////////////////////////////////////////
// 功能 : 获得键盘按键,用无效扫描码替换,以达到屏蔽键盘的目的
// 注意 :
/////////////////////////////////////////////////////////////////
// 作者 : sinister
// 发布版本 : 1.00.00
// 发布日期 : 2007.2.12
/////////////////////////////////////////////////////////////////
// 重 大 修 改 历 史
////////////////////////////////////////////////////////////////
// 修改者 :
// 修改日期 :
// 修改内容 :
/////////////////////////////////////////////////////////////////
NTSTATUS
KeyReadCompletion( IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context )
{
PIO_STACK_LOCATION IrpSp;
PKEYBOARD_INPUT_DATA KeyData;
PDEVICE_EXTENSION KeyExtension = ( PDEVICE_EXTENSION )
DeviceObject->DeviceExtension;
int numKeys, i;
KIRQL IrqLevel;
IrpSp = IoGetCurrentIrpStackLocation( Irp );
if ( Irp->IoStatus.Status != STATUS_SUCCESS )
{
DbgPrint( "ntStatus:0x%x", Irp->IoStatus.Status );
goto __RoutineEnd;
}
//
// 系统在 SystemBuffer 中保存按键信息
//
KeyData = Irp->AssociatedIrp.SystemBuffer;
if ( KeyData == NULL )
{
DbgPrint( "KeyData is NULL\n" );
goto __RoutineEnd;
}
//
// 得到按键数
//
numKeys = Irp->IoStatus.Information / sizeof( KEYBOARD_INPUT_DATA );
if ( numKeys < 0 )
{
DbgPrint( "numKeys less zero\n" );
goto __RoutineEnd;
}
//
// 使用 0 无效扫描码替换,屏蔽所有按键
//
for ( i = 0; i < numKeys; i++ )
{
DbgPrint( "KeyDwon: 0x%x\n", KeyData[i].MakeCode );
KeyData[i].MakeCode = 0x00;
}
__RoutineEnd :
if ( Irp->PendingReturned )
{
IoMarkIrpPending( Irp );
}
//
// 将 IRP 计数器减一,为支持 SMP 使用自旋锁
//
KeAcquireSpinLock( &KeyExtension->SpinLock, &IrqLevel );
InterlockedDecrement( &KeyExtension->IrpsInProgress );
KeReleaseSpinLock( &KeyExtension->SpinLock, IrqLevel );
return Irp->IoStatus.Status ;
}
/*****************************************************************
文件名 : WssLockKey.h
描述 : 键盘过滤驱动
作者 : sinister
最后修改日期 : 2007-02-26
*****************************************************************/
#ifndef __WSS_LOCKKEY_H_
#define __WSS_LOCKKEY_H_
#include "ntddk.h"
#include "ntddkbd.h"
#include "string.h"
#include
#define MAXLEN 256
#define KDBDEVICENAME L"\\Driver\\kbdhid"
#define USBKEYBOARDNAME L"\\Driver\\hidusb"
#define PS2KEYBOARDNAME L"\\Device\\KeyboardClass0"
typedef struct _OBJECT_CREATE_INFORMATION
{
ULONG Attributes;
HANDLE RootDirectory;
PVOID ParseContext;
KPROCESSOR_MODE ProbeMode;
ULONG PagedPoolCharge;
ULONG NonPagedPoolCharge;
ULONG SecurityDescriptorCharge;
PSECURITY_DESCRIPTOR SecurityDescriptor;
PSECURITY_QUALITY_OF_SERVICE SecurityQos;
SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
} OBJECT_CREATE_INFORMATION, * POBJECT_CREATE_INFORMATION;
typedef struct _OBJECT_HEADER
{
LONG PointerCount;
union
{
LONG HandleCount;
PSINGLE_LIST_ENTRY SEntry;
};
POBJECT_TYPE Type;
UCHAR NameInfoOffset;
UCHAR HandleInfoOffset;
UCHAR QuotaInfoOffset;
UCHAR Flags;
union
{
POBJECT_CREATE_INFORMATION ObjectCreateInfo;
PVOID QuotaBlockCharged;
};
PSECURITY_DESCRIPTOR SecurityDescriptor;
QUAD Body;
} OBJECT_HEADER, * POBJECT_HEADER;
#define NUMBER_HASH_BUCKETS 37
typedef struct _OBJECT_DIRECTORY
{
struct _OBJECT_DIRECTORY_ENTRY* HashBuckets[NUMBER_HASH_BUCKETS];
struct _OBJECT_DIRECTORY_ENTRY** LookupBucket;
BOOLEAN LookupFound;
USHORT SymbolicLinkUsageCount;
struct _DEVICE_MAP* DeviceMap;
} OBJECT_DIRECTORY, * POBJECT_DIRECTORY;
typedef struct _OBJECT_HEADER_NAME_INFO
{
POBJECT_DIRECTORY Directory;
UNICODE_STRING Name;
ULONG Reserved;
#if DBG
ULONG Reserved2 ;
LONG DbgDereferenceCount ;
#endif
} OBJECT_HEADER_NAME_INFO, * POBJECT_HEADER_NAME_INFO;
#define OBJECT_TO_OBJECT_HEADER( o ) \
CONTAINING_RECORD( (o), OBJECT_HEADER, Body )
#define OBJECT_HEADER_TO_NAME_INFO( oh ) ((POBJECT_HEADER_NAME_INFO) \
((oh)->NameInfoOffset == 0 ? NULL : ((PCHAR)(oh) - (oh)->NameInfoOffset)))
typedef struct _DEVICE_EXTENSION
{
PDEVICE_OBJECT DeviceObject;
PDEVICE_OBJECT TargetDevice;
PFILE_OBJECT pFilterFileObject;
ULONG DeviceExtensionFlags;
LONG IrpsInProgress;
KSPIN_LOCK SpinLock;
}DEVICE_EXTENSION, * PDEVICE_EXTENSION;
VOID
KeyDriverUnload( PDRIVER_OBJECT KeyDriver );
BOOLEAN
CancelKeyboardIrp( IN PIRP Irp );
extern POBJECT_TYPE* IoDriverObjectType;
NTSYSAPI
NTSTATUS
NTAPI ObReferenceObjectByName( IN PUNICODE_STRING ObjectName,
IN ULONG Attributes,
IN PACCESS_STATE AccessState OPTIONAL,
IN ACCESS_MASK DesiredAccess OPTIONAL,
IN POBJECT_TYPE ObjectType,
IN KPROCESSOR_MODE AccessMode,
IN OUT PVOID ParseContext OPTIONAL,
OUT PVOID* Object );
NTSTATUS
GetUsbKeybordDevice( OUT PDEVICE_OBJECT* UsbDeviceObject );
BOOLEAN
GetAttachedDeviceInfo( IN PDEVICE_OBJECT DevObj );
VOID
GetDeviceObjectInfo( IN PDEVICE_OBJECT DevObj );
NTSTATUS
AttachUSBKeyboardDevice( IN PDEVICE_OBJECT UsbDeviceObject,
IN PDRIVER_OBJECT DriverObject );
NTSTATUS
AttachPS2KeyboardDevice( IN UNICODE_STRING* DeviceName,
IN PDRIVER_OBJECT DriverObject,
OUT PDRIVER_OBJECT* FilterDriverObject );
NTSTATUS
KeyReadCompletion( IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context );
NTSTATUS
KeyReadPassThrough( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp );
WCHAR szUsbDeviceName[MAXLEN];
#endif
WSS(Whitecell Security Systems),一个非营利性民间技术组织,致力于各种系统安全技术的研究。坚持传统的hacker精神,追求技术的精纯。
WSS 主页:http://www.whitecell.org/
WSS 论坛:http://www.whitecell.org/forums/ ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -