📄 filetool.c
字号:
#include <windows.h>
#include <commctrl.h>
#include <string.h>
#include <winioctl.h>
#include "hexview.h"
#include "ioctl.h"
#include "resource.h"
#pragma comment(lib, "F:\\03\\NTDDK\\libfre\\i386\\ntdll.lib")
#pragma comment(lib, "comctl32.lib")
#define GetBit(a, b) (a & (1 << (b - 1)))
#define SetBit(a, b) (a |= 1 << (b - 1))
#define OP_COPY 1
#define OP_REPLACE 2
#define OP_DELETE 3
#define OP_UNLOCK 4
#define OP_VIEW 5
#define OP_MAXIMUM 7
#define malloc(s) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, s)
#define free(p) HeapFree(GetProcessHeap(), 0, p)
#define realloc(p, s) HeapReAlloc(GetProcessHeap(), 0, p, s)
LONG
NTAPI
ZwQueryInformationFile(
IN HANDLE FileHandle,
OUT PVOID IoStatusBlock,
OUT PVOID FileInformation,
IN ULONG Length,
IN ULONG FileInformationClass
);
LONG
NTAPI
ZwSetInformationFile(
IN HANDLE FileHandle,
OUT PVOID IoStatusBlock,
IN PVOID FileInformation,
IN ULONG Length,
IN ULONG FileInformationClass
);
LONG
NTAPI
ZwQuerySystemInformation(
IN ULONG SystemInformationClass,
IN OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
LONG
NTAPI
ZwQueryObject(
IN HANDLE Handle,
IN ULONG ObjectInformationClass,
OUT PVOID ObjectInformation,
IN ULONG ObjectInformationLength,
OUT PULONG ReturnLength OPTIONAL
);
typedef struct _SYSTEM_HANDLE_INFORMATION
{
ULONG ProcessId;
UCHAR ObjectTypeNumber;
UCHAR Flags;
USHORT Handle;
PVOID Object;
ACCESS_MASK GrantedAccess;
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
typedef struct _SYSTEM_HANDLE_INFORMATION_EX
{
ULONG NumberOfHandles;
SYSTEM_HANDLE_INFORMATION Information[1];
} SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX;
typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;
typedef struct _HANDLE_DESC
{
ULONG Pid;
ULONG Handle;
ULONG DesiredAccess;
LPSTR ObjectType;
LPSTR ObjectName;
} HANDLE_DESC, *PHANDLE_DESC;
typedef BOOL (*HANDLEINFOFUNC)(PHANDLE_DESC Info, LPVOID Param);
LPCSTR g_szDriverName = "drvTest";
TCHAR FileName[MAX_PATH];
DWORD OpFlags = 0;
LRESULT CALLBACK DlgProc1(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam);
LRESULT CALLBACK DlgProc2(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam);
LRESULT CALLBACK DlgProc3(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam);
VOID PrintLastError(LPCTSTR Prefix)
{
CHAR OutBuf[280];
DWORD ErrorCode;
LPVOID lpMsgBuf;
ErrorCode = GetLastError();
FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS,
NULL,
ErrorCode,
0,
(LPTSTR)&lpMsgBuf,
0,
NULL
);
wsprintf(OutBuf, "%s Error = %d \n(%s)\n", Prefix, ErrorCode, lpMsgBuf);
MessageBox(NULL, OutBuf, "ERROR!", MB_ICONERROR);
LocalFree(lpMsgBuf);
}
BOOL InstallDriver(SC_HANDLE SCManager, LPCTSTR DriverName, LPCTSTR ServiceExe)
{
SC_HANDLE hSCService;
hSCService = CreateService( SCManager,
DriverName,
DriverName,
SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER,
SERVICE_DEMAND_START,
SERVICE_ERROR_NORMAL,
ServiceExe,
NULL,
NULL,
NULL,
NULL,
NULL);
if (hSCService)
{
CloseServiceHandle(hSCService);
return TRUE;
}
if (GetLastError() != ERROR_SERVICE_EXISTS)
{
PrintLastError("CreateService failed!");
return FALSE;
}
return TRUE;
}
BOOL RemoveDriver(SC_HANDLE SCManager, LPCTSTR DriverName)
{
SC_HANDLE hSCService;
BOOL bResult = FALSE;
hSCService = OpenService( SCManager,
DriverName,
SERVICE_ALL_ACCESS);
if (hSCService)
{
bResult = DeleteService(hSCService);
if (!bResult)
{
PrintLastError("DeleteService failed!");
}
CloseServiceHandle(hSCService);
}
return bResult;
}
BOOL StartDriver(SC_HANDLE SCManager, LPCTSTR DriverName)
{
SC_HANDLE hSCService;
BOOL bResult = FALSE;
hSCService = OpenService( SCManager,
DriverName,
SERVICE_ALL_ACCESS);
if (hSCService)
{
bResult = StartService(hSCService, 0, NULL)
|| GetLastError() == ERROR_SERVICE_ALREADY_RUNNING
|| GetLastError() == ERROR_SERVICE_DISABLED;
if (!bResult)
{
PrintLastError("StartService failed!");
}
CloseServiceHandle(hSCService);
}
return bResult;
}
BOOL StopDriver(SC_HANDLE SCManager, LPCTSTR DriverName)
{
SC_HANDLE hSCService;
BOOL bResult = FALSE;
SERVICE_STATUS status;
hSCService = OpenService( SCManager,
DriverName,
SERVICE_ALL_ACCESS);
if (hSCService)
{
bResult = ControlService( hSCService,
SERVICE_CONTROL_STOP,
&status);
CloseServiceHandle(hSCService);
}
return bResult;
}
BOOL LoadDeviceDriver(LPCTSTR Name, LPCTSTR Path)
{
SC_HANDLE hSCManager;
BOOL bResult = FALSE;
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
InstallDriver(hSCManager, Name, Path);
bResult = StartDriver(hSCManager, Name);
CloseServiceHandle(hSCManager);
}
return bResult;
}
BOOL UnloadDeviceDriver(LPCTSTR Name)
{
SC_HANDLE hSCManager;
BOOL bResult = FALSE;
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (hSCManager)
{
StopDriver(hSCManager, Name);
bResult = RemoveDriver(hSCManager, Name);
CloseServiceHandle(hSCManager);
}
return bResult;
}
BOOL OpenDevice(LPCTSTR DriverName, HANDLE *lphDevice)
{
TCHAR DeviceName[64];
HANDLE hDevice;
TCHAR FullPath[MAX_PATH];
wsprintf(DeviceName, TEXT("\\\\.\\%s"), DriverName);
hDevice = CreateFile( DeviceName,
GENERIC_WRITE | GENERIC_READ,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hDevice == INVALID_HANDLE_VALUE)
{
if (GetLastError() != ERROR_FILE_NOT_FOUND)
return FALSE;
GetModuleFileName(NULL, FullPath, MAX_PATH - 11);
strcpy(strrchr(FullPath, '\\') + 1, "driver.sys");
//GetFullPathName("driver.sys", MAX_PATH, FullPath, NULL);
LoadDeviceDriver(DriverName, FullPath);
hDevice = CreateFile( DeviceName,
GENERIC_WRITE | GENERIC_READ,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hDevice == INVALID_HANDLE_VALUE)
return FALSE;
}
if (lphDevice)
*lphDevice = hDevice;
else
CloseHandle(hDevice);
return TRUE;
}
BOOL CallDriver(ULONG IoCode, PVOID InBuffer, ULONG InLength, PVOID OutBuffer, ULONG OutLength, PULONG BytesReturned)
{
HANDLE DeviceHandle;
BOOL bResult;
ULONG Returned;
DWORD lastError;
if (!OpenDevice(g_szDriverName, &DeviceHandle))
return FALSE;
bResult = DeviceIoControl( DeviceHandle,
IoCode,
InBuffer,
InLength,
OutBuffer,
OutLength,
&Returned,
NULL);
lastError = GetLastError();
CloseHandle(DeviceHandle);
SetLastError(lastError);
if (bResult && BytesReturned != NULL)
*BytesReturned = Returned;
return bResult;
}
HANDLE ExCreateFile(LPTSTR lpName)
{
HANDLE hOutFile;
DWORD dwErrorCode, nSize;
LPVOID lpMsgBuf;
PFILE_REQUEST_CREATE frc;
nSize = sizeof(FILE_REQUEST_CREATE) + strlen(lpName) + 1;
frc = (PFILE_REQUEST_CREATE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, nSize);
if (frc == NULL)
return NULL;
strcpy(frc->FileName, lpName);
frc->CreateDisposition = FILE_OPEN;
frc->DesiredAccess = GENERIC_READ | GENERIC_WRITE;
frc->ShareAccess = FILE_SHARE_READ;
CallDriver( IOCTL_FILE_CREATE,
frc,
nSize,
&hOutFile,
sizeof(HANDLE),
NULL);
dwErrorCode = GetLastError();
HeapFree(GetProcessHeap(), 0, frc);
if (dwErrorCode == ERROR_SUCCESS)
return hOutFile;
else
{
FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS,
NULL,
dwErrorCode,
0,
(LPTSTR)&lpMsgBuf,
0,
NULL
);
MessageBox(NULL, lpMsgBuf, "ERROR", MB_ICONSTOP);
LocalFree(lpMsgBuf);
return NULL;
}
}
BOOL ExReadFile(HANDLE hFile, PVOID Buffer, DWORD Length)
{
DWORD dwErrorCode;
LPVOID lpMsgBuf;
CallDriver( IOCTL_FILE_READ,
&hFile,
sizeof(HANDLE),
Buffer,
Length,
NULL);
dwErrorCode = GetLastError();
if (dwErrorCode == ERROR_SUCCESS)
return TRUE;
else
{
FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS,
NULL,
dwErrorCode,
0,
(LPTSTR)&lpMsgBuf,
0,
NULL
);
MessageBox(NULL, lpMsgBuf, "ERROR", MB_ICONSTOP);
LocalFree(lpMsgBuf);
return FALSE;
}
}
BOOL ExCopyFile(HANDLE hSourceFile, LPCTSTR lpNewFile)
{
HANDLE hBakFile, hMap;
PBYTE pMap;
DWORD i = 0, dwSize, nWriteByte;
dwSize = GetFileSize(hSourceFile, NULL);
if (dwSize == -1)
{
return FALSE;
}
hMap = CreateFileMapping( hSourceFile,
NULL,
PAGE_READONLY,
0,
0,
NULL);
if (hMap == NULL)
{
return FALSE;
}
pMap = MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0);
CloseHandle(hMap);
if (pMap == NULL)
{
return FALSE;
}
hBakFile = CreateFile( lpNewFile,
GENERIC_WRITE,
0,
NULL,
CREATE_ALWAYS,
0,
NULL);
if (hBakFile == INVALID_HANDLE_VALUE)
{
UnmapViewOfFile(pMap);
return FALSE;
}
do
{
if (!WriteFile( hBakFile,
pMap + i,
dwSize - i,
&nWriteByte,
NULL))
{
UnmapViewOfFile(pMap);
CloseHandle(hBakFile);
DeleteFile(lpNewFile);
return FALSE;
}
} while ((i += nWriteByte) < dwSize);
UnmapViewOfFile(pMap);
CloseHandle(hBakFile);
return TRUE;
}
BOOL ExDeleteFile(HANDLE hSourceHandle)
{
DWORD IoSB[2];
DWORD FileAttributes[2];
DWORD status;
BOOL bResult;
status = ZwQueryInformationFile( hSourceHandle,
IoSB,
FileAttributes,
8,
0x23);
if ((int)status < 0)
return FALSE;
FileAttributes[0] = 1;
status = ZwSetInformationFile( hSourceHandle,
IoSB,
FileAttributes,
1,
0x0d);
if ((int)status >= 0)
return TRUE;
{
DWORD dwReturned;
HANDLE hDeviceCtl;
if (!OpenDevice(g_szDriverName, &hDeviceCtl))
return FALSE;
bResult = DeviceIoControl( hDeviceCtl,
IOCTL_FILE_DELETE,
&hSourceHandle,
4,
NULL,
0,
&dwReturned,
NULL);
CloseHandle(hDeviceCtl);
}
return bResult;
}
BOOL ExReplaceFile(HANDLE hDestFile, LPCTSTR lpSourceFile)
{
HANDLE hSrcFile, hMap;
PBYTE pMap;
DWORD i = 0, dwSize, nReadByte;
hSrcFile = CreateFile( lpSourceFile,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
0,
NULL);
if (hSrcFile == INVALID_HANDLE_VALUE)
{
return FALSE;
}
dwSize = GetFileSize(hSrcFile, NULL);
if (dwSize == -1)
{
CloseHandle(hSrcFile);
return FALSE;
}
hMap = CreateFileMapping( hDestFile,
NULL,
PAGE_READWRITE,
0,
dwSize,
NULL);
if (hMap == NULL)
{
CloseHandle(hSrcFile);
return FALSE;
}
pMap = MapViewOfFile(hMap, FILE_MAP_WRITE, 0, 0, 0);
CloseHandle(hMap);
if (pMap == NULL)
{
CloseHandle(hSrcFile);
return FALSE;
}
do
{
if (!ReadFile( hSrcFile,
pMap + i,
dwSize - i,
&nReadByte,
NULL))
{
UnmapViewOfFile(pMap);
CloseHandle(hSrcFile);
return FALSE;
}
} while ((i += nReadByte) < dwSize);
UnmapViewOfFile(pMap);
CloseHandle(hSrcFile);
return TRUE;
}
BOOL UnicodeToAnsi(PUNICODE_STRING SourceString, LPSTR TargetString, ULONG MaxLength)
{
ULONG i;
if (MaxLength < (ULONG)(SourceString->Length + 1))
return FALSE;
for (i = 0; i < (ULONG)(SourceString->Length + 1); i++)
{
TargetString[i] = (TCHAR)SourceString->Buffer[i];
}
return TRUE;
}
BOOL ExQueryHandleInfo(PSYSTEM_HANDLE_INFORMATION HandleInfo, PVOID OutputBuffer, ULONG OutputBufferLength)
{
HANDLE ProcessHandle, ObjectHandle;
LONG status;
TCHAR Buffer[0x400];
PHANDLE_DESC HandleDesc;
LPSTR Name;
ULONG MaxNameLength;
HandleDesc = (PHANDLE_DESC)OutputBuffer;
Name = (LPSTR)OutputBuffer + sizeof(HANDLE_DESC);
MaxNameLength = OutputBufferLength - sizeof(HANDLE_DESC);
if (OutputBufferLength < sizeof(HANDLE_DESC))
return FALSE;
HandleDesc->Pid = HandleInfo->ProcessId;
HandleDesc->Handle = HandleInfo->Handle;
HandleDesc->DesiredAccess = HandleInfo->GrantedAccess;
ProcessHandle = OpenProcess(PROCESS_DUP_HANDLE,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -