ntdrivercontroller.cpp

文件隐藏驱动 在2000XP2003等机器上可以运行 比较稳定

//---------------------------------------------------------------------------
//
// NtDriverController.cpp
//
// SUBSYSTEM: 
//				API Hooking system
// MODULE:    
//				提供简单的接口，用于管理设备驱动
//
// DESCRIPTION:
//
// AUTHOR:		Ivo Ivanov (ivopi@hotmail.com)
//                                                                         
//---------------------------------------------------------------------------
#include "StdAfx.h"
#include "NtCommon.h"
#include "NtDriverController.h"
#include "SysUtils.h"

//---------------------------------------------------------------------------
//
// class CNtDriverController
//
//---------------------------------------------------------------------------


CNtDriverController::CNtDriverController():
	m_hSCM(NULL),
	m_hDriver(NULL),
	m_bDriverStarted(FALSE),
	m_bErrorOnStart(FALSE)
{
	

	if (TRUE == Open())
	{	
		char szFullFileName[MAX_PATH];
		memset(m_szName, 0, MAX_PATH);
		memset(m_szInfo, 0, MAX_PATH);
		
		strncpy_s(m_szName, 260, "Cyber02Hide", sizeof("Cyber02Hide"));
		strncpy_s(m_szInfo, 260, "Cyber02Hide", sizeof("Cyber02Hide"));
		
		GetSystemDirectory(szFullFileName, MAX_PATH);
		
		if (szFullFileName[strlen(szFullFileName) - 1] != '\\')
			strcat_s(szFullFileName, MAX_PATH, "\\");
		strcat_s(szFullFileName, MAX_PATH, "drivers\\Cyber02Hide.sys");
		wsprintf(m_szFullFileName,_T("%s"), szFullFileName);
		m_bDriverStarted = InstallAndStart();

	} // if
}

CNtDriverController::~CNtDriverController()
{
	StopAndRemove();
	Close();
}

//
// 获得服务控制句柄
//
BOOL CNtDriverController::Open()
{
	m_hSCM = ::OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
	return (m_hSCM != NULL);
}

//
// 关闭句柄obtained from Open()
//
void CNtDriverController::Close()
{
	if (m_hDriver != NULL)
	{
		::CloseServiceHandle(m_hDriver);
		m_hDriver = NULL;
	}
	if (m_hSCM != NULL)
	{
		::CloseServiceHandle(m_hSCM);
		m_hSCM = NULL;
	} 
}

//
// 等待，直到driver达到需求的状态或错误发生
//
BOOL CNtDriverController::WaitForState(
	DWORD           dwDesiredState, 
	SERVICE_STATUS* pss
	) 
{
	BOOL bResult = FALSE;
	if (NULL != m_hDriver)
	{
		// Loop until driver reaches desired state or error occurs
		while (1)
		{
			// 得到driver的目前状态
			bResult = ::QueryServiceStatus(m_hDriver, pss);
			// 不能查询，退出
			if (!bResult) 
				break;
			// 达到所需状态，退出
			if (pss->dwCurrentState == dwDesiredState) 
				break;
			// 再service_status中有一个下次操作的暗示时间
			DWORD dwWaitHint = pss->dwWaitHint / 10;    // Poll 1/10 of the wait hint
			if (dwWaitHint <  1000) dwWaitHint = 1000;  // At most once a second
			if (dwWaitHint > 10000) dwWaitHint = 10000; // At least every 10 seconds
			::Sleep(dwWaitHint);
		} // while
	} // if

	return bResult;
}


//
// 增加driver到系统中，并启动它
//
BOOL CNtDriverController::InstallAndStart()
{
	BOOL bResult = FALSE;

	if (NULL != m_hSCM)
	{
		m_hDriver = ::CreateService(
			m_hSCM, 
			m_szName, 
			m_szInfo,
			SERVICE_ALL_ACCESS,
			SERVICE_KERNEL_DRIVER,
			SERVICE_DEMAND_START,
			SERVICE_ERROR_NORMAL,
			m_szFullFileName, 
			NULL, 
			NULL,
			NULL, 
			NULL, 
			NULL
			);
		if (NULL == m_hDriver)
		{
			DWORD error = ::GetLastError();
			if ( (error == ERROR_SERVICE_EXISTS) ||
			     (error == ERROR_SERVICE_MARKED_FOR_DELETE) ||
			     (error == ERROR_DUPLICATE_SERVICE_NAME) 
				 )
				m_hDriver = ::OpenService(
					m_hSCM,
					m_szName,
					SERVICE_ALL_ACCESS
					);
		}
		if (NULL != m_hDriver)
		{
			SERVICE_STATUS serviceStatus = { 0 };
			bResult = ::StartService(m_hDriver, 0, NULL);
			if (bResult)
				bResult = WaitForState(SERVICE_RUNNING, &serviceStatus);	
			else
				bResult = (::GetLastError() == ERROR_SERVICE_ALREADY_RUNNING);
			// We should call DeleteService() if the SCM reports an error
			// on StartService(). Otherwise, the service will remain loaded
			// in an undesired state
			if (!bResult)
			{
				// Mark the service for deletion.
				::DeleteService(m_hDriver);
				if (m_hDriver != NULL)
				{
					::CloseServiceHandle(m_hDriver);
					m_hDriver = NULL;
				}
				m_bErrorOnStart = TRUE;
			}
		} // if
	} // if

	return bResult;
}

//
// 停止driver并从系统中移除
//
void CNtDriverController::StopAndRemove()
{
	if ((NULL != m_hDriver) && (!m_bErrorOnStart))
	{
		BOOL bResult;
		SERVICE_STATUS serviceStatus = { 0 };
		// Notifies a service that it should stop. 
		bResult = ::ControlService(m_hDriver, SERVICE_CONTROL_STOP, &serviceStatus);
		if (bResult)
			bResult = WaitForState(SERVICE_STOPPED, &serviceStatus);	
		// Mark the service for deletion.
		::DeleteService(m_hDriver);
	} // if
}

//----------------------------End of the file -------------------------------