hidehkapi.cpp

文件隐藏驱动 在2000XP2003等机器上可以运行 比较稳定

// HideHkApi.cpp : Defines the initialization routines for the DLL.
//

#include "stdafx.h"
#include "HideHkApi.h"
#include <winioctl.h>
#include "IoCtlCode_defines.h"
#include "NtDriverController.h"
#include "HideHkApi_Header.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#endif

//
//TODO: If this DLL is dynamically linked against the MFC DLLs,
//		any functions exported from this DLL which call into
//		MFC must have the AFX_MANAGE_STATE macro added at the
//		very beginning of the function.
//
//		For example:
//
//		extern "C" BOOL PASCAL EXPORT ExportedFunction()
//		{
//			AFX_MANAGE_STATE(AfxGetStaticModuleState());
//			// normal function body here
//		}
//
//		It is very important that this macro appear in each
//		function, prior to any calls into MFC.  This means that
//		it must appear as the first statement within the 
//		function, even before any object variable declarations
//		as their constructors may generate calls into the MFC
//		DLL.
//
//		Please see MFC Technical Notes 33 and 58 for additional
//		details.
//


// CHideHkApiApp

BEGIN_MESSAGE_MAP(CHideHkApiApp, CWinApp)
END_MESSAGE_MAP()


// CHideHkApiApp construction

CHideHkApiApp::CHideHkApiApp()
{
	// TODO: add construction code here,
	// Place all significant initialization in InitInstance
}


// The one and only CHideHkApiApp object

int FindFileRule(FILEHIDERULE FileRule);
int FindProcessRule(PROCESSHIDERULE ProcessRule);
int FindKeyRule(KEYHIDERULE KeyRule);
int FindValueRule(VALUEHIDERULE ValueRule);

CHideHkApiApp theApp;
CArray<FILEHIDERULE, FILEHIDERULE> g_arryFileHideRule;
CArray<PROCESSHIDERULE, PROCESSHIDERULE> g_arryProcessHideRule;
CArray<KEYHIDERULE, KEYHIDERULE> g_arryKeyHideRule;
CArray<VALUEHIDERULE, VALUEHIDERULE> g_arryValueHideRule;
CNtDriverController *loaddrver;
//设备对象句柄
HANDLE g_hFile;

// CHideHkApiApp initialization

BOOL CHideHkApiApp::InitInstance()
{
	CWinApp::InitInstance();

	return TRUE;
}

////////////////////////////////////////////////////////////////////////////////
//访问驱动程序接口
//文件隐藏部分

int AddFileRule(FILEHIDERULE FileRule)
{
	BOOL Result = FALSE;
	DWORD BytesReturned = 0;

	Result = DeviceIoControl(
		g_hFile,
		IOCTL_HIDEHKAPI_ADDFILERULE,
		&FileRule,
		sizeof(FILEHIDERULE),
		NULL,
		0,
		&BytesReturned,
		NULL
		);

	return Result;
}

int DelFileRule(FILEHIDERULE FileRule)
{
	BOOL Result = FALSE;
	DWORD BytesReturned = 0;

	Result = DeviceIoControl(
		g_hFile,
		IOCTL_HIDEHKAPI_DELFILERULE,
		&FileRule,
		sizeof(FILEHIDERULE),
		NULL,
		0,
		&BytesReturned,
		NULL
		);

	return Result;
}
//进程隐藏部分
int AddProcessRule(PROCESSHIDERULE ProcessRule)
{
	BOOL Result = FALSE;
	DWORD BytesReturned = 0;

	Result = DeviceIoControl(
		g_hFile,
		IOCTL_HIDEHKAPI_ADDPROCESSRULE,
		&ProcessRule,
		sizeof(PROCESSHIDERULE),
		NULL,
		0,
		&BytesReturned,
		NULL
		);

	return Result;
}

int DelProcessRule(PROCESSHIDERULE ProcessRule)
{
	BOOL Result = FALSE;
	DWORD BytesReturned = 0;

	Result = DeviceIoControl(
		g_hFile,
		IOCTL_HIDEHKAPI_DELPROCESSRULE,
		&ProcessRule,
		sizeof(PROCESSHIDERULE),
		NULL,
		0,
		&BytesReturned,
		NULL
		);

	return Result;
}
//注册表项隐藏部分
int AddKeyRule(KEYHIDERULE KeyRule)
{
	BOOL Result = FALSE;
	DWORD BytesReturned = 0;

	Result = DeviceIoControl(
		g_hFile,
		IOCTL_HIDEHKAPI_ADDKEYRULE,
		&KeyRule,
		sizeof(KEYHIDERULE),
		NULL,
		0,
		&BytesReturned,
		NULL
		);

	return Result;
}

int DelKeyRule(KEYHIDERULE KeyRule)
{
	BOOL Result = FALSE;
	DWORD BytesReturned = 0;

	Result = DeviceIoControl(
		g_hFile,
		IOCTL_HIDEHKAPI_DELKEYRULE,
		&KeyRule,
		sizeof(KEYHIDERULE),
		NULL,
		0,
		&BytesReturned,
		NULL
		);

	return Result;
}

//注册表键值隐藏部分
int AddValueRule(VALUEHIDERULE ValueRule)
{
	BOOL Result = FALSE;
	DWORD BytesReturned = 0;

	Result = DeviceIoControl(
		g_hFile,
		IOCTL_HIDEHKAPI_ADDVALUERULE,
		&ValueRule,
		sizeof(VALUEHIDERULE),
		NULL,
		0,
		&BytesReturned,
		NULL
		);

	return Result;
}

int DelValueRule(VALUEHIDERULE ValueRule)
{
	BOOL Result = FALSE;
	DWORD BytesReturned = 0;

	Result = DeviceIoControl(
		g_hFile,
		IOCTL_HIDEHKAPI_DELVALUERULE,
		&ValueRule,
		sizeof(VALUEHIDERULE),
		NULL,
		0,
		&BytesReturned,
		NULL
		);

	return Result;
}
////////////////////////////////////////////////////////////////////////////////
//向上层提供的接口
//初始化与卸载
int HkApi_Initial()
{
	loaddrver = new CNtDriverController();

	//打开设备
	g_hFile = CreateFile(TEXT("\\\\.\\Cyber02Hide"),
					GENERIC_WRITE | GENERIC_READ,
					FILE_SHARE_READ | FILE_SHARE_WRITE,
					NULL,
					CREATE_ALWAYS,
					FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
					NULL
					);

	if(g_hFile == INVALID_HANDLE_VALUE)
	{
		return -1;
	}

	return 0;
}

int HkApi_Uninitial()
{

	CloseHandle(g_hFile);
	if (loaddrver) delete loaddrver;

	return 0;

}

//文件隐藏部分
int HkApi_AddFileRule(FILEHIDERULE FileRule)
{
	int nIndex = 0;
	//察看该规则是否已在规则链表中，如果不在，则添加到链表中
	nIndex = FindFileRule(FileRule);
	if ( nIndex >= 0 )
	{
		return 0;	
	}

	g_arryFileHideRule.Add(FileRule);

//将规则设到驱动中
	AddFileRule(FileRule);

	return 0;
}

int HkApi_DelFileRule(FILEHIDERULE FileRule)
{
	int nIndex = 0;
	
	nIndex = FindFileRule(FileRule);
	if ( nIndex < 0 )
	{
		return 0;	
	}

	g_arryFileHideRule.RemoveAt(nIndex);

	DelFileRule(FileRule);

	return 0;
}

int HkApi_ClearAllFileRule()
{
	int nIndex = 0;
	FILEHIDERULE FileRule;

	for (nIndex = 0; nIndex < g_arryFileHideRule.GetCount(); nIndex ++ )
	{
		FileRule = g_arryFileHideRule[nIndex];
		DelFileRule(FileRule);	
	}

	g_arryFileHideRule.RemoveAll(); 

	return 0;

}

//进程隐藏部分
int HkApi_AddProcessRule(PROCESSHIDERULE ProcessRule)
{
	int nIndex = 0;
	//察看该规则是否已在规则链表中，如果不在，则添加到链表中
	nIndex = FindProcessRule(ProcessRule);
	if ( nIndex >= 0 )
	{
		return 0;	
	}

	g_arryProcessHideRule.Add(ProcessRule);

//将规则设到驱动中
	AddProcessRule(ProcessRule);

	return 0;
}

int HkApi_DelProcessRule(PROCESSHIDERULE ProcessRule)
{
	int nIndex = 0;
	
	nIndex = FindProcessRule(ProcessRule);
	if ( nIndex < 0 )
	{
		return 0;	
	}

	g_arryProcessHideRule.RemoveAt(nIndex);

	DelProcessRule(ProcessRule);

	return 0;
}

int HkApi_ClearAllProcessRule()
{
	int nIndex = 0;
	PROCESSHIDERULE ProcessRule;

	for (nIndex = 0; nIndex < g_arryProcessHideRule.GetCount(); nIndex ++ )
	{
		ProcessRule = g_arryProcessHideRule[nIndex];
		DelProcessRule(ProcessRule);	
	}

	g_arryProcessHideRule.RemoveAll(); 

	return 0;

}

//注册表项隐藏部分
int HkApi_AddKeyRule(KEYHIDERULE KeyRule)
{
	int nIndex = 0;
	//察看该规则是否已在规则链表中，如果不在，则添加到链表中
	nIndex = FindKeyRule(KeyRule);
	if ( nIndex >= 0 )
	{
		return 0;	
	}

	g_arryKeyHideRule.Add(KeyRule);

//将规则设到驱动中
	AddKeyRule(KeyRule);

	return 0;
}

int HkApi_DelKeyRule(KEYHIDERULE KeyRule)
{
	int nIndex = 0;
	
	nIndex = FindKeyRule(KeyRule);
	if ( nIndex < 0 )
	{
		return 0;	
	}

	g_arryKeyHideRule.RemoveAt(nIndex);

	DelKeyRule(KeyRule);

	return 0;
}

int HkApi_ClearAllKeyRule()
{
	int nIndex = 0;
	KEYHIDERULE KeyRule;

	for (nIndex = 0; nIndex < g_arryKeyHideRule.GetCount(); nIndex ++ )
	{
		KeyRule = g_arryKeyHideRule[nIndex];
		DelKeyRule(KeyRule);	
	}

	g_arryKeyHideRule.RemoveAll(); 

	return 0;

}

//注册表键值隐藏部分
int HkApi_AddValueRule(VALUEHIDERULE ValueRule)
{
	int nIndex = 0;
	//察看该规则是否已在规则链表中，如果不在，则添加到链表中
	nIndex = FindValueRule(ValueRule);
	if ( nIndex >= 0 )
	{
		return 0;	
	}

	g_arryValueHideRule.Add(ValueRule);

//将规则设到驱动中
	AddValueRule(ValueRule);

	return 0;
}

int HkApi_DelValueRule(VALUEHIDERULE ValueRule)
{
	int nIndex = 0;
	
	nIndex = FindValueRule(ValueRule);
	if ( nIndex < 0 )
	{
		return 0;	
	}

	g_arryValueHideRule.RemoveAt(nIndex);

	DelValueRule(ValueRule);

	return 0;
}

int HkApi_ClearAllValueRule()
{
	int nIndex = 0;
	VALUEHIDERULE ValueRule;

	for (nIndex = 0; nIndex < g_arryValueHideRule.GetCount(); nIndex ++ )
	{
		ValueRule = g_arryValueHideRule[nIndex];
		DelValueRule(ValueRule);	
	}

	g_arryValueHideRule.RemoveAll(); 

	return 0;

}