91av视频/亚洲h视频/操亚洲美女/外国一级黄色毛片 - 国产三级三级三级三级

  • 大小: 428KB
    文件類型: .rar
    金幣: 2
    下載: 2 次
    發(fā)布日期: 2021-05-23
  • 語言: 其他
  • 標(biāo)簽: minifilter??禁止打開??

資源簡介

《寒江獨(dú)釣 Windows內(nèi)核安全編程》的miniflter簡單介紹和使用,Minifilter驅(qū)動文件,用Minifilter.inf安裝 UseMinifilter,應(yīng)用層 Minifilter_dll ,應(yīng)用層(客戶程序和驅(qū)動層通信)

資源截圖

代碼片段和文件信息 

/*++

Module?Name:

????MiniFilter.c

Abstract:

????This?is?the?main?module?of?the?MiniFilter?miniFilter?driver.

Environment:

????Kernel?mode

--*/

#include?
#include?
#include?	

#pragma?prefast(disable:__WARNING_ENCODE_MEMBER_FUNCTION_POINTER?“Not?valid?for?kernel?mode?drivers“)

#define?MINISPY_PORT_NAME								L“\\MiniPort“

PFLT_FILTER?gFilterHandle;
PFLT_PORT?	gServerPort;
PFLT_PORT?	gClientPort;

ULONG_PTR?OperationStatusCtx?=?1;

#define?PTDBG_TRACE_ROUTINES????????????0x00000001
#define?PTDBG_TRACE_OPERATION_STATUS????0x00000002

ULONG?gTraceFlags?=?0;

//??Defines?the?commands?between?the?utility?and?the?filter
typedef?enum?_MINI_COMMAND?{
	ENUM_PASS?=?0
	ENUM_BLOCK
}?MINI_COMMAND;	

//??Defines?the?command?structure?between?the?utility?and?the?filter.
typedef?struct?_COMMAND_MESSAGE?{
	MINI_COMMAND?	Command;??
}?COMMAND_MESSAGE?*PCOMMAND_MESSAGE;

MINI_COMMAND?gCommand?=?ENUM_PASS;


#define?PT_DBG_PRINT(?_dbgLevel?_string?)??????????\
????(FlagOn(gTraceFlags(_dbgLevel))????????????????\
????????DbgPrint?_string?:??????????????????????????\
????????((int)0))

/*************************************************************************
????Prototypes
*************************************************************************/

BOOLEAN?NPUnicodeStringToChar(PUNICODE_STRING?UniName?char?Name[])
{
	ANSI_STRING	AnsiName;			
	NTSTATUS	ntstatus;
	char*		nameptr;			

	__try?{	????		???		????		
		ntstatus?=?RtlUnicodeStringToAnsiString(&AnsiName?UniName?TRUE);		

		if?(AnsiName.Length?			nameptr?=?(PCHAR)AnsiName.Buffer;
			//Convert?into?upper?case?and?copy?to?buffer
			//strcpy(Name?_strupr(nameptr));	//將字符串轉(zhuǎn)換成大寫形式
			strcpy(Name_strlwr(nameptr));//講字符串轉(zhuǎn)換成小寫形式
			DbgPrint(“NPUnicodeStringToChar?:?%s\n“?Name);	
		}		??	
		RtlFreeAnsiString(&AnsiName);		?
	}?
	__except(EXCEPTION_EXECUTE_HANDLER)?{
		DbgPrint(“NPUnicodeStringToChar?EXCEPTION_EXECUTE_HANDLER\n“);	
		return?FALSE;
	}
	return?TRUE;
}

//獲取進(jìn)程全路徑
PUNICODE_STRING?GetSeLocateProcessImageName(PEPROCESS?ProcessPUNICODE_STRING?*pImageFileName)
{
	Pobject_NAME_INFORMATION?pProcessImageName?=?NULL;
	PUNICODE_STRING?pTempUS?=?NULL;
	ULONG?NameLength?=?0;
	//Process->SeAuditProcessCreationInfo.ImageFileName->Name
	//win7?x86?offset?=?0x1ec
	//if?(NULL?==?Process->SeAuditProcessCreationInfo.ImageFileName)
	pProcessImageName?=?(Pobject_NAME_INFORMATION)(*(ULONG*)((ULONG)Process?+?0x1ec));
	if(pProcessImageName?==?NULL)
	{
		DbgPrint(“Process->SeAuditProcessCreationInfo.ImageFileName?==?NULL?\n“);
		return?NULL;
	}
	else
	{
		NameLength?=?sizeof(UNICODE_STRING)?+?pProcessImageName->Name.MaximumLength;
		pTempUS?=?ExAllocatePoolWithTag(?NonPagedPool?NameLength?‘a(chǎn)PeS‘?);
		if?(NULL?!=?pTempUS)?{

			RtlCopyMemory(?
				pTempUS?
				&pProcessImageName->Name?
				NameLength?
				);

			pTempUS->Buffer?=?(PWSTR)(((PUCHAR)?pTempUS)?+

?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----

?????文件?????458240??2017-11-03?09:36??MiniFilter\Debug\MiniFilter_dll.dll

?????文件????????803??2017-11-03?09:36??MiniFilter\Debug\MiniFilter_dll.exp

?????文件???????2140??2017-11-03?09:36??MiniFilter\Debug\MiniFilter_dll.lib

?????文件????1046016??2017-11-03?10:40??MiniFilter\Debug\UseMiniFilter.exe

?????文件??????30921??2017-11-02?10:19??MiniFilter\MiniFilter\MiniFilter.c

?????文件???????3148??2017-10-31?15:48??MiniFilter\MiniFilter\MiniFilter.inf

????.......???????264??2017-10-25?15:17??MiniFilter\MiniFilter\MiniFilter.rc

?????文件???????7243??2017-10-31?14:55??MiniFilter\MiniFilter\MiniFilter.vcxproj

????.......??????1402??2017-10-25?15:17??MiniFilter\MiniFilter\MiniFilter.vcxproj.filters

?????文件???????7287??2017-10-25?15:17??MiniFilter\MiniFilter?Package\MiniFilter?Package.vcxproj

????.......???????361??2017-10-25?15:17??MiniFilter\MiniFilter?Package\MiniFilter?Package.vcxproj.filters

?????文件??????10714??2017-11-02?16:09??MiniFilter\MiniFilter.sln

????..A..H.?????42496??2017-11-03?10:43??MiniFilter\MiniFilter.v11.suo

?????文件???????1178??2017-11-03?09:23??MiniFilter\MiniFilter_dll\MiniFilter_dll.cpp

?????文件????????840??2017-11-03?09:36??MiniFilter\MiniFilter_dll\MiniFilter_dll.h

?????文件???????4294??2017-11-02?16:09??MiniFilter\MiniFilter_dll\MiniFilter_dll.vcxproj

?????文件???????1093??2017-11-02?16:09??MiniFilter\MiniFilter_dll\MiniFilter_dll.vcxproj.filters

?????文件???????1903??2017-11-03?10:26??MiniFilter\UseMiniFilter\App.cpp

?????文件????????480??2017-11-02?11:40??MiniFilter\UseMiniFilter\App.h

?????文件???????4203??2017-10-30?15:35??MiniFilter\UseMiniFilter\UseMiniFilter.vcxproj

?????文件???????1071??2017-10-30?15:13??MiniFilter\UseMiniFilter\UseMiniFilter.vcxproj.filters

?????文件????????800??2017-11-02?10:19??MiniFilter\Win7Debug\MiniFilter.cer

?????文件???????3167??2017-11-02?10:19??MiniFilter\Win7Debug\MiniFilter.inf

????.CA....????297984??2017-11-02?10:19??MiniFilter\Win7Debug\MiniFilter.pdb

?????文件??????12448??2017-11-02?10:19??MiniFilter\Win7Debug\MiniFilter.sys

?????目錄??????????0??2017-11-03?10:44??MiniFilter\MiniFilter\VistaDebug

?????目錄??????????0??2017-11-03?10:44??MiniFilter\MiniFilter\Win7Debug

?????目錄??????????0??2017-10-25?15:17??MiniFilter\MiniFilter?Package\VistaDebug

?????目錄??????????0??2017-11-03?10:45??MiniFilter\MiniFilter_dll\Debug

?????目錄??????????0??2017-11-03?10:45??MiniFilter\UseMiniFilter\Debug

............此處省略11個文件信息

評論

共有 條評論