⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 dug2.txt

📁 usb透明加密驱动程序源代码
💻 TXT
字号:
🔍 
win2k3
写入时加密数据286字节=11e
fa2e7000  28 15 67 ab 2f 4c f0 d7-3d 31 98 22 5b 8b 83 93  (.g./L..=1."[...
fa2e7010  72 b0 48 03 02 64 93 83-54 87 85 1b b2 68 74 e8  r.H..d..T....ht.
fa2e7020  78 31 d6 64 de ea 74 60-a9 48 8d d6 58 0d d3 88  x1.d..t`.H..X...
fa2e7030  d8 1e 86 e4 22 c0 bf 55-72 62 ae 9b 2d 26 c0 dd  ...."..Urb..-&..
fa2e7040  43 c9 02 af c1 07 10 0b-fb 56 15 a2 e3 5f 19 cc  C........V..._..
fa2e7050  4f 7c 49 a1 1a a1 2d bc-31 5e ed 4e f6 b4 62 bf  O|I...-.1^.N..b.
fa2e7060  1e 14 98 06 72 33 c7 96-66 01 1a a1 6d 68 8e 7d  ....r3..f...mh.}
fa2e7070  13 47 91 db 68 32 93 b4-85 6b 7a d9 36 85 0a ad  .G..h2...kz.6...
fa2e7080  81 56 b2 e2 7b 41 23 77-b3 e9 d7 18 0b 83 f0 03  .V..{A#w........
fa2e7090  28 15 67 ab 2f 4c f0 d7-3d 31 98 22 5b 8b 83 93  (.g./L..=1."[...
fa2e70a0  72 b0 48 03 02 64 93 83-54 87 85 1b b2 68 74 e8  r.H..d..T....ht.
fa2e70b0  78 31 d6 64 de ea 74 60-a9 48 8d d6 58 0d d3 88  x1.d..t`.H..X...
fa2e70c0  d8 1e 86 e4 22 c0 bf 55-72 62 ae 9b 2d 26 c0 dd  ...."..Urb..-&..
fa2e70d0  43 c9 02 af c1 07 10 0b-fb 56 15 a2 e3 5f 19 cc  C........V..._..
fa2e70e0  4f 7c 49 a1 1a a1 2d bc-31 5e ed 4e f6 b4 62 bf  O|I...-.1^.N..b.
fa2e70f0  1e 14 98 06 72 33 c7 96-66 01 1a a1 6d 68 8e 7d  ....r3..f...mh.}
fa2e7100  13 47 91 db 68 32 93 b4-85 6b 7a d9 36 85 0a ad  .G..h2...kz.6...
fa2e7110  90 78 06 e5 12 18 a4 f6-80 bd 46 3a c6 a8 87 8e  .x........F:....
fa2e7120  c6 a1 3b 37 87 8f 5b 82-6f 4f 81 62 a1 c8 d8 79  ..;7..[.oO.b...y
fa2e7130  c6 a1 3b 37 87 8f 5b 82-6f 4f 81 62 a1 c8 d8 79  ..;7..[.oO.b...y

读取数据dmp -最后两字节读取错误
kd> db fa1ef000  l1000
fa1ef000  28 15 67 ab 2f 4c f0 d7-3d 31 98 22 5b 8b 83 93  (.g./L..=1."[...
fa1ef010  72 b0 48 03 02 64 93 83-54 87 85 1b b2 68 74 e8  r.H..d..T....ht.
fa1ef020  78 31 d6 64 de ea 74 60-a9 48 8d d6 58 0d d3 88  x1.d..t`.H..X...
fa1ef030  d8 1e 86 e4 22 c0 bf 55-72 62 ae 9b 2d 26 c0 dd  ...."..Urb..-&..
fa1ef040  43 c9 02 af c1 07 10 0b-fb 56 15 a2 e3 5f 19 cc  C........V..._..
fa1ef050  4f 7c 49 a1 1a a1 2d bc-31 5e ed 4e f6 b4 62 bf  O|I...-.1^.N..b.
fa1ef060  1e 14 98 06 72 33 c7 96-66 01 1a a1 6d 68 8e 7d  ....r3..f...mh.}
fa1ef070  13 47 91 db 68 32 93 b4-85 6b 7a d9 36 85 0a ad  .G..h2...kz.6...
fa1ef080  81 56 b2 e2 7b 41 23 77-b3 e9 d7 18 0b 83 f0 03  .V..{A#w........
fa1ef090  28 15 67 ab 2f 4c f0 d7-3d 31 98 22 5b 8b 83 93  (.g./L..=1."[...
fa1ef0a0  72 b0 48 03 02 64 93 83-54 87 85 1b b2 68 74 e8  r.H..d..T....ht.
fa1ef0b0  78 31 d6 64 de ea 74 60-a9 48 8d d6 58 0d d3 88  x1.d..t`.H..X...
fa1ef0c0  d8 1e 86 e4 22 c0 bf 55-72 62 ae 9b 2d 26 c0 dd  ...."..Urb..-&..
fa1ef0d0  43 c9 02 af c1 07 10 0b-fb 56 15 a2 e3 5f 19 cc  C........V..._..
fa1ef0e0  4f 7c 49 a1 1a a1 2d bc-31 5e ed 4e f6 b4 62 bf  O|I...-.1^.N..b.
fa1ef0f0  1e 14 98 06 72 33 c7 96-66 01 1a a1 6d 68 8e 7d  ....r3..f...mh.}
fa1ef100  13 47 91 db 68 32 93 b4-85 6b 7a d9 36 85 0a ad  .G..h2...kz.6...
fa1ef110  90 78 06 e5 12 18 a4 f6-80 bd 46 3a c6 a8 00 00  .x........F:....
fa1ef120  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
fa1ef120  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
fa1ef130  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................

推测windows自动将超出部分清0导致最后一个128bit解码错误,而使用XOR算法就不会出问题

windows2k超出部分的数据没有清0因此解码正确
kd> db 8c27c000 l1000
8c27c000  28 15 67 ab 2f 4c f0 d7-3d 31 98 22 5b 8b 83 93  (.g./L..=1."[...
8c27c010  72 b0 48 03 02 64 93 83-54 87 85 1b b2 68 74 e8  r.H..d..T....ht.
8c27c020  78 31 d6 64 de ea 74 60-a9 48 8d d6 58 0d d3 88  x1.d..t`.H..X...
8c27c030  d8 1e 86 e4 22 c0 bf 55-72 62 ae 9b 2d 26 c0 dd  ...."..Urb..-&..
8c27c040  43 c9 02 af c1 07 10 0b-fb 56 15 a2 e3 5f 19 cc  C........V..._..
8c27c050  4f 7c 49 a1 1a a1 2d bc-31 5e ed 4e f6 b4 62 bf  O|I...-.1^.N..b.
8c27c060  1e 14 98 06 72 33 c7 96-66 01 1a a1 6d 68 8e 7d  ....r3..f...mh.}
8c27c070  13 47 91 db 68 32 93 b4-85 6b 7a d9 36 85 0a ad  .G..h2...kz.6...
8c27c080  81 56 b2 e2 7b 41 23 77-b3 e9 d7 18 0b 83 f0 03  .V..{A#w........
8c27c090  28 15 67 ab 2f 4c f0 d7-3d 31 98 22 5b 8b 83 93  (.g./L..=1."[...
8c27c0a0  72 b0 48 03 02 64 93 83-54 87 85 1b b2 68 74 e8  r.H..d..T....ht.
8c27c0b0  78 31 d6 64 de ea 74 60-a9 48 8d d6 58 0d d3 88  x1.d..t`.H..X...
8c27c0c0  d8 1e 86 e4 22 c0 bf 55-72 62 ae 9b 2d 26 c0 dd  ...."..Urb..-&..
8c27c0d0  43 c9 02 af c1 07 10 0b-fb 56 15 a2 e3 5f 19 cc  C........V..._..
8c27c0e0  4f 7c 49 a1 1a a1 2d bc-31 5e ed 4e f6 b4 62 bf  O|I...-.1^.N..b.
8c27c0f0  1e 14 98 06 72 33 c7 96-66 01 1a a1 6d 68 8e 7d  ....r3..f...mh.}
8c27c100  13 47 91 db 68 32 93 b4-85 6b 7a d9 36 85 0a ad  .G..h2...kz.6...
8c27c110  90 78 06 e5 12 18 a4 f6-80 bd 46 3a c6 a8 87 8e  .x........F:....
8c27c120  c6 a1 3b 37 87 8f 5b 82-6f 4f 81 62 a1 c8 d8 79  ..;7..[.oO.b...y
8c27c130  c6 a1 3b 37 87 8f 5b 82-6f 4f 81 62 a1 c8 d8 79  ..;7..[.oO.b...y
8c27c140  c6 a1 3b 37 87 8f 5b 82-6f 4f 81 62 a1 c8 d8 79  ..;7..[.oO.b...y
8c27c150  c6 a1 3b 37 87 8f 5b 82-6f 4f 81 62 a1 c8 d8 79  ..;7..[.oO.b...y
8c27c160  c6 a1 3b 37 87 8f 5b 82-6f 4f 81 62 a1 c8 d8 79  ..;7..[.oO.b...y
8c27c170  c6 a1 3b 37 87 8f 5b 82-6f 4f 81 62 a1 c8 d8 79  ..;7..[.oO.b...y
8c27c180  c6 a1 3b 37 87 8f 5b 82-6f 4f 81 62 a1 c8 d8 79  ..;7..[.oO.b...y
8c27c190  c6 a1 3b 37 87 8f 5b 82-6f 4f 81 62 a1 c8 d8 79  ..;7..[.oO.b...y
8c27c1a0  c6 a1 3b 37 87 8f 5b 82-6f 4f 81 62 a1 c8 d8 79  ..;7..[.oO.b...y
8c27c1b0  c6 a1 3b 37 87 8f 5b 82-6f 4f 81 62 a1 c8 d8 79  ..;7..[.oO.b...y
8c27c1c0  c6 a1 3b 37 87 8f 5b 82-6f 4f 81 62 a1 c8 d8 79  ..;7..[.oO.b...y
8c27c1d0  c6 a1 3b 37 87 8f 5b 82-6f 4f 81 62 a1 c8 d8 79  ..;7..[.oO.b...y
8c27c1e0  c6 a1 3b 37 87 8f 5b 82-6f 4f 81 62 a1 c8 d8 79  ..;7..[.oO.b...y
8c27c1f0  c6 a1 3b 37 87 8f 5b 82-6f 4f 81 62 a1 c8 d8 79  ..;7..[.oO.b...y


修改建议??
HookIoCompletionRoutine-》
status = hookContext->OrgRoutine(DeviceObject, Irp, hookContext->OrgContext);执行反正解码后面测试无效

数据长度可使用-》Srb->DataTransferLength ??? = 0x200 = 512字节
HookUsbScsi 处理次序有待考虑

USBSTORY--
kd> !irp 0x81654448
Irp is active with 4 stacks 3 is current (= 0x81654500)
 Mdl = 812814e8 Thread 00000000:  Irp stack trace.  
     cmd  flg cl Device   File     Completion-Context
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    

			Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000    

			Args: 00000000 00000000 00000000 00000000
>[  f, 0]   0 e1 8159a618 00000000 f8aef16a-00000000 Success Error Cancel pending
	       \Driver\usbehci	USBSTOR
			Args: 8161536c 00000000 00220003 00000000
 [  f, 0]   0 e1 816d1358 00000000 f89a1acf-ffb984a8 Success Error Cancel pending
	       \Driver\USBSTOR	usbmon!HookIoCompletionRoutine
			Args: 8155b0b4 816d1410 00000000 00000000

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -