skmon_reg.h

在windows下面通过驱动进行进程的隐藏

//SkMon_reg.h
////////////////////////////////////////////////////////////////////////////////
// header of Snake Registry Monitor function.
////////////////////////////////////////////////////////////////////////////////

#ifndef _SNAKE_MONITOR_REGISTRY_HEADER
#define _SNAKE_MONITOR_REGISTRY_HEADER
 
typedef enum {
  BASE_CALLED=0,
  STANDARD
}FILE_SYSTEM_TYPE;

typedef struct _SKEYE_DEVICE_EXTENSION
{
  PDEVICE_OBJECT pDeviceObject;
  PDEVICE_OBJECT NextStackDevice;
  UNICODE_STRING ifSymLinkName;
  unsigned LogicalDrive;
  BOOLEAN Hooked;
  FILE_SYSTEM_TYPE Type;

}SKMON_DEVICE_EXTENSION, *PSKMON_DEVICE_EXTENSION;

typedef struct _SRVTABLE {
	PVOID           *ServiceTable;
	ULONG           LowCall;        
	ULONG           HiCall;
	PVOID		    *ArgTable;
} SRVTABLE, *PSRVTABLE;

extern PSRVTABLE        ServiceTable; //MyServiceTable.

//next for Set / Unset hooking Registry functions.
extern void InitHookSkMonRegistry();
extern void DeInitHookSkMonRegistry();

extern void UnHookSkMonRegistry();
extern void HookSkMonRegistry();

extern Sk_LogUnit_Mang skLogLink;     //log unit link.
extern Sk_LogUnit_Mang Disable_ProcessIDTable;  //process that should be disable when accessing...
extern Sk_LogUnit_Mang Disable_ProcessNameTable;

extern Sk_LogUnit_Mang Log_ProcessIDTable;   //the process that should be write into log.
extern Sk_LogUnit_Mang Log_ProcessNameTable;
extern char byLogProcessInListOnly;

#endif //_SNAKE_MONITOR_REGISTRY_HEADER