📄 w2k_hook.c
字号:
// __________________________________________________________
//
// w2k_hook.c
// SBS Windows 2000 API Hook Viewer V1.00
// 08-27-2000 Sven B. Schreiber
// sbs@orgon.com
// __________________________________________________________
#include "w2k_hook.h"
// =================================================================
// DISCLAIMER
// =================================================================
/*
This software is provided "as is" and any express or implied
warranties, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose are disclaimed.
In no event shall the author Sven B. Schreiber be liable for any
direct, indirect, incidental, special, exemplary, or consequential
damages (including, but not limited to, procurement of substitute
goods or services; loss of use, data, or profits; or business
interruption) however caused and on any theory of liability,
whether in contract, strict liability, or tort (including negligence
or otherwise) arising in any way out of the use of this software,
even if advised of the possibility of such damage.
*/
// =================================================================
// REVISION HISTORY
// =================================================================
/*
08-27-2000 V1.00 Original version (SBS).
*/
// =================================================================
// GLOBAL VARIABLES
// =================================================================
BOOL gfSpyUnload = TRUE;
// =================================================================
// GLOBAL STRINGS
// =================================================================
WORD awSpyFile [] = SW(DRV_FILENAME);
WORD awSpyDevice [] = SW(DRV_MODULE);
WORD awSpyDisplay [] = SW(DRV_NAME);
WORD awSpyPath [] = SW(DRV_PATH);
// -----------------------------------------------------------------
WORD awArguments [] = L"<pattern #1> ... <pattern #N>\r\n\r\n"
L"Examples: " SW(MAIN_MODULE) L" *\r\n"
L" " SW(MAIN_MODULE) L" *key\r\n"
L" " SW(MAIN_MODULE)
L" ntopenfile ntcreatefile"
L" nt*informationfile";
// -----------------------------------------------------------------
BYTE abPauseOff [] = "---------- PROTOCOL RESUMED ----------\n";
BYTE abPauseOn [] = "---------- PROTOCOL PAUSED -----------\n";
BYTE abFilterOff [] = "---------- FILTER DISABLED -----------\n";
BYTE abFilterOn [] = "---------- FILTER ENABLED ------------\n";
BYTE abReset [] = "---------- PROTOCOL RESET ------------\n";
BYTE abExit [] = "---------- PROTOCOL STOPPED ----------";
// =================================================================
// CONSOLE I/O
// =================================================================
DWORD KeyboardData (void)
{
INPUT_RECORD InputRecord;
DWORD dCount;
DWORD dKeyCode = 0;
GetNumberOfConsoleInputEvents (ghStdInput, &dCount);
while (dCount &&
ReadConsoleInput (ghStdInput, &InputRecord, 1, &dCount))
{
if ((InputRecord.EventType == KEY_EVENT) &&
(InputRecord.Event.KeyEvent.bKeyDown))
{
dKeyCode = InputRecord.Event.KeyEvent.wVirtualKeyCode;
break;
}
GetNumberOfConsoleInputEvents (ghStdInput, &dCount);
}
return dKeyCode;
}
// =================================================================
// PATTERN MATCHER
// =================================================================
BOOL WINAPI PatternMatcher (PWORD pwFilter,
PWORD pwData)
{
DWORD i, j;
i = j = 0;
while (pwFilter [i] && pwData [j])
{
if (pwFilter [i] != '?')
{
if (pwFilter [i] == '*')
{
i++;
if ((pwFilter [i] != '*') && (pwFilter [i] != '?'))
{
if (pwFilter [i])
{
while (pwData [j] &&
(!PatternMatcher (pwFilter + i,
pwData + j)))
{
j++;
}
}
return (pwData [j]);
}
}
if ((WORD) CharUpperW ((PWORD) (pwFilter [i])) !=
(WORD) CharUpperW ((PWORD) (pwData [j])))
{
return FALSE;
}
}
i++;
j++;
}
if (pwFilter [i] == '*') i++;
return !(pwFilter [i] || pwData [j]);
}
// =================================================================
// SPY DEVICE I/O
// =================================================================
BOOL WINAPI SpyIoControl (HANDLE hDevice,
DWORD dCode,
PVOID pInput,
DWORD dInput,
PVOID pOutput,
DWORD dOutput)
{
DWORD dInfo = 0;
return DeviceIoControl (hDevice, dCode,
pInput, dInput,
pOutput, dOutput,
&dInfo, NULL)
&&
(dInfo == dOutput);
}
// -----------------------------------------------------------------
BOOL WINAPI SpyVersionInfo (HANDLE hDevice,
PSPY_VERSION_INFO psvi)
{
return SpyIoControl (hDevice, SPY_IO_VERSION_INFO,
NULL, 0,
psvi, SPY_VERSION_INFO_);
}
// -----------------------------------------------------------------
BOOL WINAPI SpyHookInfo (HANDLE hDevice,
PSPY_HOOK_INFO pshi)
{
return SpyIoControl (hDevice, SPY_IO_HOOK_INFO,
NULL, 0,
pshi, SPY_HOOK_INFO_);
}
// -----------------------------------------------------------------
BOOL WINAPI SpyHookInstall (HANDLE hDevice,
BOOL fReset,
PDWORD pdCount)
{
return SpyIoControl (hDevice, SPY_IO_HOOK_INSTALL,
&fReset, BOOL_,
pdCount, DWORD_);
}
// -----------------------------------------------------------------
BOOL WINAPI SpyHookRemove (HANDLE hDevice,
BOOL fReset,
PDWORD pdCount)
{
return SpyIoControl (hDevice, SPY_IO_HOOK_REMOVE,
&fReset, BOOL_,
pdCount, DWORD_);
}
// -----------------------------------------------------------------
BOOL WINAPI SpyHookPause (HANDLE hDevice,
BOOL fPause,
PBOOL pfPause)
{
return SpyIoControl (hDevice, SPY_IO_HOOK_PAUSE,
&fPause, BOOL_,
pfPause, BOOL_);
}
// -----------------------------------------------------------------
BOOL WINAPI SpyHookFilter (HANDLE hDevice,
BOOL fFilter,
PBOOL pfFilter)
{
return SpyIoControl (hDevice, SPY_IO_HOOK_FILTER,
&fFilter, BOOL_,
pfFilter, BOOL_);
}
// -----------------------------------------------------------------
BOOL WINAPI SpyHookReset (HANDLE hDevice)
{
return SpyIoControl (hDevice, SPY_IO_HOOK_RESET,
NULL, 0,
NULL, 0);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -