skdrv_misc.h

在windows下面通过驱动进行进程的隐藏

// SkDrv_Misc.H
////////////////////////////////////////////////////////////////////////////////
// the header of some SkDrv Share Functions.
// start 1 at 2000/9/27.   by snake
//   Add --- ProcessName Getting function.
//       --- LogUnit double direction Link 
////////////////////////////////////////////////////////////////////////////////
 
#ifndef _SNAKE_DRIVER_MISC_FUNCTION_HEADER
#define _SNAKE_DRIVER_MISC_FUNCTION_HEADER

//Process Name functions.
BOOLEAN InitGetProcessName(PCHAR lpszProcName);
BOOLEAN GetProcessName( IN OUT PCHAR pszName, IN OUT ULONG *pID);

enum LogUnitDataType{ TYPE_STRING, TYPE_DWORD, TYPE_UNDEFINED};

//Log unit's functions.
typedef struct _Log_Unit{
  int iStrSize;
  struct _Log_Unit *pNext, *pBack;
  enum LogUnitDataType dataType;
  char pszStr[1];
}LogUnit;

//for Manging the UnitLink.
typedef struct {
  KMUTEX LinkMutex;
  LogUnit *pHead, *pTail;
  int iLogUnitNum;
  int iMaxLogUnitNum;
}Sk_LogUnit_Mang;

void Sk_LogUnit_InitLink(Sk_LogUnit_Mang *pMang);
void Sk_LogUnit_DeInitLink(Sk_LogUnit_Mang *pMang);
void Sk_LogUnit_FreeAll(Sk_LogUnit_Mang *pMang);

LogUnit *Sk_LogUnit_GetNewUnit(Sk_LogUnit_Mang *pMang, IN PCHAR pszStr);
LogUnit *Sk_LogUnit_GetNewUnit_Dword( Sk_LogUnit_Mang *pMang, IN ULONG dwData);
LogUnit *Sk_LogUnit_GetNewUnit_BySize(Sk_LogUnit_Mang *pMang, IN ULONG size);

void Sk_LogUnit_AddStrToLog(Sk_LogUnit_Mang *pMang, const char *format, ...);
void Sk_LogUnit_FreeLogUnit( Sk_LogUnit_Mang *pMang, IN LogUnit *pUnit);
void Sk_LogUnit_InsertUnitToLink( Sk_LogUnit_Mang *pMang, IN LogUnit *pUnit, IN BOOLEAN bHead);
LogUnit *Sk_LogUnit_PopUnitFromLink(Sk_LogUnit_Mang *pMang, IN BOOLEAN bHead);

void Sk_LogUnit_DeleteUnitFromLink( Sk_LogUnit_Mang *pMang, LogUnit *pUnit);
LogUnit *Sk_LogUnit_SearchData_Dword( Sk_LogUnit_Mang *pMang, ULONG dwData);

//Hash Table.
typedef struct _HashUnit{
  void *ptr;
  unsigned long dwData;
  int iStrSize;
  struct _HashUnit *pNext;
  char szStr[1];
}HashUnit;

void Sk_HashEntry_Init();
void Sk_HashEntry_DeInit();
void Sk_HashEntry_FreeAll();
void Sk_HashEntry_AddUnit(IN void * ptr, IN char *pszStr);
HashUnit * Sk_HashEntry_AllocNewHashUnit(IN void * ptr, IN char *pszStr);
void Sk_HashEntry_FreeHashUnit( IN HashUnit *pUnit);
void Sk_HashEntry_FreeUnit( IN void * ptr);
HashUnit *Sk_HashEntry_SearchItem( IN void * ptr);
void Sk_LogUnit_SetMaxUnitNum( int iNewValue);

//other function.
NTSTATUS SkDriverMisc_AddDevice( IN PDRIVER_OBJECT DriverObject,
                     IN PWSTR pwDeviceName, IN PWSTR pwDosDeviceName);

//dwLink functions.
BOOLEAN Sk_dwLink_IsData_InLink(Sk_LogUnit_Mang *pMang, ULONG dwData);
void Sk_dwLink_Insert_Data( Sk_LogUnit_Mang *pMang, ULONG dwData);
void Sk_dwLink_Remove_Data( Sk_LogUnit_Mang *pMang, ULONG dwData);

BOOLEAN Sk_dwLink_IsStr_InLink( Sk_LogUnit_Mang *pMang, char *pStr, BOOLEAN bIgnoreCase);
void Sk_dwLink_Insert_Str( Sk_LogUnit_Mang *pMang, char *pStr);
void Sk_dwLink_Remove_Str( Sk_LogUnit_Mang *pMang, char *pStr, BOOLEAN bIgnoreCase);
ULONG Sk_dwLink_Get_Link_Buff_Size( Sk_LogUnit_Mang *pMang);

//some misc function.
int Sk_stricmp( char *str1, char *str2);
void Sk_strupr( char *pStr);

#endif //_SNAKE_DRIVER_MISC_FUNCTION_HEADER