skdrv_misc.c

在windows下面通过驱动进行进程的隐藏

    if( iValue == 0)
      break;
    pUnit = pUnit->pNext;
  }
  KeReleaseMutex( &pMang->LinkMutex, FALSE);
  return pUnit;
}


//==============================================================================
// Hash function.
//==============================================================================

#define HASH_ENTRY_SIZE 0x100
HashUnit *HashEntry[HASH_ENTRY_SIZE];
KMUTEX HashMutex;

#define GET_HASH_OFFSET(ptr) (((unsigned long)ptr)&0xff)

void Sk_HashEntry_Init()
{
  int i;

  KeInitializeMutex( &HashMutex, 0);

  for( i=0; i<HASH_ENTRY_SIZE; i++)
    HashEntry[i] = NULL;
}

void Sk_HashEntry_DeInit()
{
  Sk_HashEntry_FreeAll();
}

//Free the all Link table's memory
void Sk_HashEntry_FreeAll()
{
  int i;
  HashUnit * pUnit, *pUnit2;

  KeWaitForMutexObject( &HashMutex, Executive, KernelMode, FALSE, NULL);

  for( i=0; i<HASH_ENTRY_SIZE; i++){
    pUnit = HashEntry[i];
    while( pUnit){
      pUnit2 = pUnit->pNext;
      ExFreePool( pUnit);
      pUnit = pUnit2;
    }
    HashEntry[i] = NULL;
  }
  KeReleaseMutex( &HashMutex, FALSE);
}

//Add a unit to hashTable's Link's tail.
//if the TAble's Unit is NULL, set to NULL.
void Sk_HashEntry_AddUnit(IN void * ptr, IN char *pszStr)
{
  int iUnit;
  HashUnit * pUnit, *pUnit2, *pNewUnit;

  iUnit = GET_HASH_OFFSET(ptr);

  pNewUnit = Sk_HashEntry_AllocNewHashUnit( ptr, pszStr);
  if( !pNewUnit) return; //no memory, failure.!!!
  
  KeWaitForMutexObject( &HashMutex, Executive, KernelMode, FALSE, NULL);

  pUnit = HashEntry[iUnit];
  if( pUnit){ //the link not empty. add to tail.
    while( pUnit->pNext) pUnit = pUnit->pNext;
    pUnit->pNext = pNewUnit;
    pNewUnit->pNext = NULL;
  }
  else{ //the link empty.
    HashEntry[iUnit] = pNewUnit;
    pNewUnit->pNext = NULL;
  }
  KeReleaseMutex( &HashMutex, FALSE);
}

//Alloc new memory for HashUnit.
HashUnit * Sk_HashEntry_AllocNewHashUnit(IN void * ptr, IN char *pszStr)
{
  int iStrSize = strlen( pszStr);
  HashUnit *pUnit;

  pUnit = (HashUnit*)ExAllocatePool( PagedPool, iStrSize+sizeof(HashUnit)+1);
  if( pUnit){
    pUnit->ptr = ptr;
    pUnit->pNext = NULL;
    pUnit->iStrSize = iStrSize;
    strcpy( pUnit->szStr, pszStr);
  }
  return pUnit;
}

//free memory that Unit occupy.
void Sk_HashEntry_FreeHashUnit( IN HashUnit *pUnit)
{
  if( pUnit){
    ExFreePool( pUnit);
  }
}

//Free the HashUnit's Item which it's ptr == paramater.
void Sk_HashEntry_FreeUnit( IN void * ptr)
{
  int iItem;
  HashUnit *pUnit, *pUnit2;

  iItem = GET_HASH_OFFSET(ptr);
  pUnit = HashEntry[iItem];

  KeWaitForMutexObject( &HashMutex, Executive, KernelMode, FALSE, NULL);
  
  if( pUnit){
    while( pUnit && (pUnit->ptr == ptr) ){ //is the special unit in head?
      pUnit2 = pUnit->pNext;
      Sk_HashEntry_FreeHashUnit( pUnit);
      pUnit = pUnit2;
      HashEntry[iItem] = pUnit; //move Table's pointer to next.
    }
    while( pUnit && pUnit->pNext && (pUnit->pNext->ptr == ptr)){ //special unit not head. adjust next.
      pUnit2 = pUnit->pNext;
      pUnit->pNext = pUnit2->pNext;
      Sk_HashEntry_FreeHashUnit( pUnit2);
      pUnit = pUnit->pNext; //move Unit to next.
    }
  }
  KeReleaseMutex( &HashMutex, FALSE);
}

//Search an Item in a HashTable.
HashUnit *Sk_HashEntry_SearchItem( IN void * ptr)
{
  HashUnit *pUnit;
  int iItem;

  if( !ptr) return NULL;
  iItem = GET_HASH_OFFSET(ptr);
  pUnit = HashEntry[iItem];
  if( pUnit){ //link exist?
    while( pUnit){
      if(pUnit->ptr == ptr) // && (strcmp( pUnit->szStr, pszStr)==0)
        break;
      pUnit = pUnit->pNext;
    }
  }
  return pUnit;
}

//==============================================================================
// ULONG Link function.. develop from Sk_LogUnit_Link... functions
//==============================================================================
//though, the pMang should be init yet.
BOOLEAN Sk_dwLink_IsData_InLink(Sk_LogUnit_Mang *pMang, ULONG dwData)
{
  LogUnit *pUnit, *pUnit2;
  BOOLEAN bValue = FALSE;

  KeWaitForMutexObject( &pMang->LinkMutex, Executive, KernelMode, FALSE, NULL);
  pUnit = pMang->pHead;
  while( pUnit){
    if( *(ULONG *)(pUnit->pszStr) == dwData){
      bValue = TRUE;
      break;
    }
    pUnit = pUnit->pNext;
  }
  KeReleaseMutex( &pMang->LinkMutex, FALSE);
  return bValue;
}

void Sk_dwLink_Insert_Data( Sk_LogUnit_Mang *pMang, ULONG dwData)
{
  LogUnit *pNewUnit;

  pNewUnit = Sk_LogUnit_GetNewUnit_Dword( pMang, dwData);
  if( pNewUnit){
    Sk_LogUnit_InsertUnitToLink( pMang, pNewUnit, FALSE);
  }
}

//remove the pUnit which Containing Data's value = dwData.
void Sk_dwLink_Remove_Data( Sk_LogUnit_Mang *pMang, ULONG dwData)
{
  LogUnit *pGetUnit;

  while(1){
    pGetUnit = Sk_LogUnit_SearchData_Dword( pMang, dwData);
    if( pGetUnit){
      Sk_LogUnit_DeleteUnitFromLink( pMang, pGetUnit);
      Sk_LogUnit_FreeLogUnit( pMang, pGetUnit);
    }
    else //cannot get.
      break; 
  }
}

//==============================================================================
//String Link function... develop from Sk_LogUnit Link...
//==============================================================================
//Search a string in the string link?
// can special whether is Ignore Case?
BOOLEAN Sk_dwLink_IsStr_InLink( Sk_LogUnit_Mang *pMang, char *pStr, BOOLEAN bDiscardCase)
{
  LogUnit *pUnit, *pUnit2;
  BOOLEAN bValue = FALSE;
  int iValue;

  KeWaitForMutexObject( &pMang->LinkMutex, Executive, KernelMode, FALSE, NULL);
  pUnit = pMang->pHead;
  while( pUnit){
    if( bDiscardCase)
      iValue = Sk_stricmp(pUnit->pszStr, pStr);
    else
      iValue = strcmp( pUnit->pszStr, pStr);
    if( iValue == 0)
      break;
    pUnit = pUnit->pNext;
  }
  KeReleaseMutex( &pMang->LinkMutex, FALSE);
  return (pUnit)?TRUE:FALSE;
}

// Insert a string to unit link.
void Sk_dwLink_Insert_Str( Sk_LogUnit_Mang *pMang, char *pStr)
{
  LogUnit *pUnit;

  pUnit = Sk_LogUnit_GetNewUnit( pMang, pStr);
  if( pUnit)
    Sk_LogUnit_InsertUnitToLink( pMang, pUnit,TRUE);
}

void Sk_dwLink_Remove_Str( Sk_LogUnit_Mang *pMang, char *pStr, BOOLEAN bIgnoreCase)
{
  LogUnit *pUnit;

  while(1){
    pUnit = Sk_LogUnit_SearchData_Str( pMang, pStr, bIgnoreCase);
    if( pUnit){
      Sk_LogUnit_DeleteUnitFromLink( pMang, pUnit);
      Sk_LogUnit_FreeLogUnit( pMang, pUnit);
    }
    else
      break;
  }
}

//get the link's
ULONG Sk_dwLink_Get_Link_Buff_Size( Sk_LogUnit_Mang *pMang)
{
  LogUnit *pUnit, *pUnit2;
  BOOLEAN bValue = FALSE;
  ULONG uRetSize;

  KeWaitForMutexObject( &pMang->LinkMutex, Executive, KernelMode, FALSE, NULL);
  pUnit = pMang->pHead;
  uRetSize = 0;
  while( pUnit){
    uRetSize += (pUnit->iStrSize + sizeof(LogUnit));
    pUnit = pUnit->pNext;
  }
  KeReleaseMutex( &pMang->LinkMutex, FALSE);
  return uRetSize;
}

//==============================================================================
// some misc function..
//==============================================================================
int Sk_stricmp( char *str1, char *str2)
{
  char *pNStr1, *pNStr2;
  int iValue;

  iValue = strlen(str1);
  pNStr1 = ExAllocatePool( PagedPool, iValue+1);
  iValue = strlen(str2);
  pNStr2 = ExAllocatePool( PagedPool, iValue+1);

  if( pNStr1 && pNStr2){
    strcpy( pNStr1, str1);
    strcpy( pNStr2, str2);
    Sk_strupr( pNStr1);
    Sk_strupr( pNStr2);
    iValue = strcmp( pNStr1, pNStr2);
  }
  else //no memory.
    iValue = -1; //issue failure.

  if( pNStr1)
    ExFreePool( pNStr1);
  if( pNStr2)
    ExFreePool( pNStr2);
  return iValue;
}

//change the string in param into UpperCase.
void Sk_strupr( char *pStr)
{
  int iDel = 'a' -'A';

  while(*pStr){
    if( (*pStr >= 'a') && (*pStr <= 'z'))
      *pStr -= iDel;
    *pStr++;
  }
}