📄 rk_driver.h

📁 能够在windows 2000以上操作系统下隐藏特定的进程
💻 H
📖 第 1 页 / 共 2 页
字号:
12 下一页

#ifndef __NTROOT_DRIVERH__
#define __NTROOT_DRIVERH__

#include "ntddk.h"
#include "stdarg.h"
#include "stdio.h"
#include "ndis.h"
#include "ntddpack.h"
#include "ntddkbd.h"
#include "ntiologc.h"

/*
 * Defines and such
 * --------------------------------------------------------
 */
/* For the definitions in Winioctl.h */
/* #undef DEVICE_TYPE */
typedef UCHAR  BYTE;
typedef USHORT WORD;
typedef ULONG  DWORD;
typedef LONGLONG  DWORDLONG;
typedef PVOID SID;
#include "winioctl.h"

#define DWORD unsigned __int32
#define WORD unsigned __int16
#define BYTE unsigned __int8
#define BOOL __int32
typedef PVOID POBJECT;

#define LOWORD(l)           ((WORD)(l))
#define HIWORD(l)           ((WORD)(((DWORD)(l) >> 16) & 0xFFFF))
#define LOBYTE(w)           ((BYTE)(w))
#define HIBYTE(w)           ((BYTE)(((WORD)(w) >> 8) & 0xFF))

#define MAKELONG(a, b) ((LONG) (((WORD) (a)) | ((DWORD) ((WORD) (b))) << 16)) 

#define MAX_REQUESTS    4
#define MAX_PATH_LENGTH 256
// Length of process name (rounded up to next DWORD)
#define PROCNAMELEN     20

// Maximum length of NT process name
#define NT_PROCNAMELEN  16

#undef	ASSERT
#define ASSERT(_c) \
	if(!(_c)) { \
		DbgPrint("Assert failed in file %s, line %d.\n", __FILE__, __LINE__); \
	}

/**********************************************************************************
 * System Structures - reversed from various sources
 **********************************************************************************/

typedef struct
{
	WORD NtSDTfCount;
	DWORD fAddress[ANYSIZE_ARRAY];
} NTSDT;

typedef struct
{
	WORD CallNumber;
	WORD ProcessId;
	LARGE_INTEGER Time;
	DWORD status;	// execute status
} NTS_TRACE_ENTRY;

typedef struct
{
	WORD EntriesCount;
	NTS_TRACE_ENTRY trace[ANYSIZE_ARRAY];
} NTS_TRACE;

typedef struct
{
	WORD EntriesCount;
	WORD ProcessIdArray[ANYSIZE_ARRAY];
} PROCESS_FILTER;

/* ________________________________________________
 . Timer
 . ________________________________________________ */
typedef enum _TIMER_INFO_CLASS {
	TimerBasicInfo
} TIMER_INFO_CLASS;

typedef struct TimerInfo_t {
	LARGE_INTEGER DueTime;
	CCHAR TimerState;
	CCHAR Unused[3];
	ULONG TimerType;
} TIMER_INFO, *PTIMER_INFO;


/* ________________________________________________
 . Event Objects
 . ________________________________________________ */
typedef enum _EVENT_INFO_CLASS {
	EventBasicInfo
} EVENT_INFO_CLASS;

typedef struct EventInfo_t {
	EVENT_TYPE EventType;
	LONG EventState;
} EVENT_INFO, *PEVENT_INFO;

/* ________________________________________________
 . Mutexes
 . ________________________________________________ */
typedef enum _MUTANT_INFO_CLASS {
	MutantBasicInfo
} MUTANT_INFO_CLASS;

typedef struct MutantInfo_t {
	LONG MutantState;
	BOOLEAN bOwnedByCallingThread;
	BOOLEAN bAbandoned;
	USHORT Unused;
} MUTANT_INFO, *PMUTANT_INFO;

typedef enum _SEMAPHORE_INFO_CLASS 
{
	SemaphoreBasicInfo	/* ntddk */
} SEMAPHORE_INFO_CLASS;

typedef struct SemaphoreInfo_t 
{
	ULONG CurrentCount;
	ULONG MaxCount;
} SEMAPHORE_INFO, *PSEMAPHORE_INFO;


/**********************************************************************************
 * System Call Prototypes
 **********************************************************************************/

NTSYSAPI
NTSTATUS
NTAPI ObQueryNameString( POBJECT Object, PUNICODE_STRING Name, ULONG MaximumLength, PULONG ActualLength );


/* _______________________________________
 . System Time
 . _______________________________________ */

NTSYSAPI 
NTSTATUS 
NTAPI 
RtlLocalTimeToSystemTime(PLARGE_INTEGER LocalTime, 
						 PLARGE_INTEGER SystemTime
);

NTSYSAPI 
NTSTATUS 
NTAPI 
RtlSystemTimeToLocalTime(PLARGE_INTEGER SystemTime, 
						 PLARGE_INTEGER LocalTime
);


/* _______________________________________________
 . Event Objects
 . _______________________________________________ */

NTSYSAPI
NTSTATUS
NTAPI
NtCreateEvent(
	OUT PHANDLE hEvent,
	IN ACCESS_MASK AccessMask,
	IN POBJECT_ATTRIBUTES ObjectAttributes,
	IN EVENT_TYPE EventType,
	IN BOOLEAN bInitialState
);

NTSYSAPI
NTSTATUS
NTAPI
ZwCreateEvent(
	OUT PHANDLE hEvent,
	IN ACCESS_MASK AccessMask,
	IN POBJECT_ATTRIBUTES ObjectAttributes,
	IN EVENT_TYPE EventType,
	IN BOOLEAN bInitialState
);

NTSYSAPI
NTSTATUS
NTAPI
NtOpenEvent(
	OUT PHANDLE hEvent,
	IN ACCESS_MASK DesiredAccess,
	IN POBJECT_ATTRIBUTES ObjectAttributes
);

NTSYSAPI
NTSTATUS
NTAPI
ZwOpenEvent(
	OUT PHANDLE hEvent,
	IN ACCESS_MASK DesiredAccess,
	IN POBJECT_ATTRIBUTES ObjectAttributes
);

NTSYSAPI
NTSTATUS
NTAPI
NtClearEvent(
	IN HANDLE hEvent
);

NTSYSAPI
NTSTATUS
NTAPI
ZwClearEvent(
	IN HANDLE hEvent
);

NTSYSAPI
NTSTATUS
NTAPI
NtPulseEvent(
	IN HANDLE hEvent,
	OUT OPTIONAL PULONG PreviousState
);

NTSYSAPI
NTSTATUS
NTAPI
ZwPulseEvent(
	IN HANDLE hEvent,
	OUT OPTIONAL PULONG PreviousState
);

NTSYSAPI
NTSTATUS
NTAPI
NtSetEvent(
	IN HANDLE hEvent,
	OUT OPTIONAL PULONG PreviousState
);

NTSYSAPI
NTSTATUS
NTAPI
ZwSetEvent(
	IN HANDLE hEvent,
	OUT OPTIONAL PULONG PreviousState
);

NTSYSAPI
NTSTATUS
NTAPI
NtResetEvent(
	IN HANDLE hEvent,
	OUT OPTIONAL PULONG PreviousState
);

NTSYSAPI
NTSTATUS
NTAPI
ZwResetEvent(
	IN HANDLE hEvent,
	OUT OPTIONAL PULONG PreviousState
);

NTSYSAPI
NTSTATUS
NTAPI
NtQueryEvent(
	IN HANDLE hEvent,
	IN EVENT_INFO_CLASS InfoClass,
	OUT PVOID EventInfoBuffer,
	IN ULONG EventInfoBufferSize,
	OUT PULONG BytesCopied
);

NTSTATUS
NTAPI
ZwQueryEvent(
	IN HANDLE hEvent,
	IN EVENT_INFO_CLASS InfoClass,
	OUT PVOID EventInfoBuffer,
	IN ULONG EventInfoBufferSize,
	OUT PULONG BytesCopied
);

NTSYSAPI
NTSTATUS
NTAPI
NtCreateEventPair(
	OUT PHANDLE hEventPair,
	IN ACCESS_MASK AccessMask,
	IN POBJECT_ATTRIBUTES ObjectAttributes
);

NTSYSAPI
NTSTATUS
NTAPI
ZwCreateEventPair(
	OUT PHANDLE hEventPair,
	IN ACCESS_MASK AccessMask,
	IN POBJECT_ATTRIBUTES ObjectAttributes
);

NTSYSAPI
NTSTATUS
NTAPI
NtOpenEventPair(
	OUT PHANDLE hEventPair,
	IN ACCESS_MASK AccessMask,
	IN POBJECT_ATTRIBUTES ObjectAttributes
);

NTSYSAPI
NTSTATUS
NTAPI
ZwOpenEventPair(
	OUT PHANDLE hEventPair,
	IN ACCESS_MASK AccessMask,
	IN POBJECT_ATTRIBUTES ObjectAttributes
);

NTSYSAPI
NTSTATUS
NTAPI
NtSetLowWaitHighEventPair(
	IN HANDLE hEventPair
);

NTSYSAPI
NTSTATUS
NTAPI
ZwSetLowWaitHighEventPair(
	IN HANDLE hEventPair
);

NTSYSAPI
NTSTATUS
NTAPI
NtSetHighWaitLowEventPair(
	IN HANDLE hEventPair
);

NTSYSAPI
NTSTATUS
NTAPI
ZwSetHighWaitLowEventPair(
	IN HANDLE hEventPair
);

NTSYSAPI
NTSTATUS
NTAPI
NtSetHighEventPair(
	IN HANDLE hEventPair
);

NTSYSAPI
NTSTATUS
NTAPI
ZwSetHighEventPair(
	IN HANDLE hEventPair
);

NTSYSAPI
NTSTATUS
NTAPI
NtSetLowEventPair(
	IN HANDLE hEventPair
);

NTSYSAPI
NTSTATUS
NTAPI
ZwSetLowEventPair(
	IN HANDLE hEventPair
);

NTSYSAPI
NTSTATUS
NTAPI
NtWaitHighEventPair(
	IN HANDLE hEventPair
);

NTSYSAPI
NTSTATUS
NTAPI
ZwWaitHighEventPair(
	IN HANDLE hEventPair
);

NTSYSAPI
NTSTATUS
NTAPI
NtWaitLowEventPair(
	IN HANDLE hEventPair
);

NTSYSAPI
NTSTATUS
NTAPI
ZwWaitLowEventPair(
	IN HANDLE hEventPair
);

/* ______________________________________________
 . Mutants are mutexes - sync objects
 . ______________________________________________ */
NTSYSAPI
NTSTATUS
NTAPI
NtCreateMutant(
	OUT PHANDLE hMutex,
	IN ACCESS_MASK AccessMask,
	IN POBJECT_ATTRIBUTES ObjectAttributes,
	IN BOOLEAN bOwnMutant
);

NTSTATUS
NTAPI
ZwCreateMutant(
	OUT PHANDLE hMutex,
	IN ACCESS_MASK AccessMask,
	IN POBJECT_ATTRIBUTES ObjectAttributes,
	IN BOOLEAN bOwnMutant
);

NTSYSAPI
NTSTATUS
NTAPI
NtOpenMutant(
	OUT PHANDLE hMutex,
	IN ACCESS_MASK DesiredAccess,
	IN POBJECT_ATTRIBUTES ObjectAttributes
);

NTSTATUS
NTAPI
ZwOpenMutant(
	OUT PHANDLE hMutex,
	IN ACCESS_MASK DesiredAccess,
	IN POBJECT_ATTRIBUTES ObjectAttributes
);

NTSYSAPI
NTSTATUS
NTAPI
NtQueryMutant(
	IN HANDLE hMutant,
	IN MUTANT_INFO_CLASS InfoClass,
	OUT PVOID MutantInfoBuffer,
	IN ULONG MutantInfoBufferSize,
	OUT PULONG BytesCopied
);

NTSTATUS
NTAPI
ZwQueryMutant(
	IN HANDLE hMutant,
	IN MUTANT_INFO_CLASS InfoClass,
	OUT PVOID MutantInfoBuffer,
	IN ULONG MutantInfoBufferSize,
	OUT PULONG BytesCopied
);

NTSYSAPI
NTSTATUS
NTAPI
NtReleaseMutant(
	IN HANDLE hMutant,
	OUT OPTIONAL PULONG bWasSignalled
);

NTSTATUS
NTAPI
ZwReleaseMutant(
	IN HANDLE hMutant,
	OUT OPTIONAL PULONG bWasSignalled
);


NTSYSAPI
NTSTATUS
NTAPI
NtCreateSemaphore(
	OUT PHANDLE hSemaphore,
	IN ACCESS_MASK AccessMask,
	IN POBJECT_ATTRIBUTES ObjectAttributes,
	IN ULONG InitialCount,
	IN ULONG MaximumCount
);


NTSTATUS
NTAPI
ZwCreateSemaphore(
	OUT PHANDLE hSemaphore,
	IN ACCESS_MASK AccessMask,
	IN POBJECT_ATTRIBUTES ObjectAttributes,
	IN ULONG InitialCount,
	IN ULONG MaximumCount
);

NTSYSAPI
NTSTATUS
NTAPI
NtOpenSemaphore(
	OUT PHANDLE hSemaphore,
	IN ACCESS_MASK DesiredAccess,
	IN POBJECT_ATTRIBUTES ObjectAttributes
);

NTSTATUS
NTAPI
ZwOpenSemaphore(
	OUT PHANDLE hSemaphore,
	IN ACCESS_MASK DesiredAccess,
	IN POBJECT_ATTRIBUTES ObjectAttributes
);

NTSYSAPI
NTSTATUS
NTAPI
NtQuerySemaphore(
	IN HANDLE hSemaphore,
12 下一页
💿 文件大小 161 K
👤 上传用户 lidaniel
📂 所属分类操作系统开发
🏷️ 相关标签

#windows #2000 #操作系统 #进程
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -