資源簡介
驅(qū)動加載工具zwloaddriver源代碼
代碼片段和文件信息
#include?
#include?
typedef?struct?_LSA_UNICODE_STRING?{
????USHORT?Length;
????USHORT?MaximumLength;
????PVOID?Buffer;
}?LSA_UNICODE_STRING?*PLSA_UNICODE_STRING;?
typedef?LSA_UNICODE_STRING?UNICODE_STRING?*PUNICODE_STRING;
//?申明ntdll中使用的函數(shù)
typedef?DWORD?(CALLBACK*?RTLANSISTRINGTOUNICODESTRING)(PVOID?PVOIDDWORD);
RTLANSISTRINGTOUNICODESTRING?RtlAnsiStringToUnicodeString;
typedef?DWORD?(CALLBACK*?RTLFREEUNICODESTRING)(PVOID);
RTLFREEUNICODESTRING?RtlFreeUnicodeString;
typedef?DWORD?(CALLBACK*?ZWLOADDRIVER)(PVOID);
ZWLOADDRIVER?ZwLoadDriver;
int?LoadDriver(char?*?szDrvName?char?*?szDrvPath)
{
????//修改注冊表啟動驅(qū)動程序
????char?szSubKey[200]?szDrvFullPath[256];
????LSA_UNICODE_STRING?buf1;
????LSA_UNICODE_STRING?buf2;
????int?iBuffLen;
????HKEY?hkResult;
????char?Data[4];
????DWORD?dwOK;
????iBuffLen?=?sprintf(szSubKey“System\\CurrentControlSet\\Services\\%s“szDrvName);
????szSubKey[iBuffLen]=0;
????dwOK?=?RegCreateKey(HKEY_LOCAL_MACHINEszSubKey&hkResult);
????if(dwOK!=ERROR_SUCCESS)
????????return?0;
????Data[0]=1;
????Data[1]=0;
????Data[2]=0;
????Data[3]=0;
????dwOK=RegSetValueEx(hkResult“Type“04(const?unsigned?char?*)Data4);
????dwOK=RegSetValueEx(hkResult“ErrorControl“04(const?unsigned?char?*)Data4);
????dwOK=RegSetValueEx(hkResult“Start“04(const?unsigned?char?*)Data4);
????GetFullPathName(szDrvPath?256?szDrvFullPath?NULL);???
????printf(“Loading?driver:?%s\r\n“?szDrvFullPath);
????iBuffLen?=?sprintf(szSubKey“\\??\\%s“szDrvFullPath);
????szSubKey[iBuffLen]=0;
????dwOK=RegSetValueEx(hkResult“ImagePath“01(const?unsigned?char?*)szSubKeyiBuffLen);
????RegCloseKey(hkResult);?
????iBuffLen?=?sprintf(szSubKey“\\Registry\\Machine\\System\\CurrentControlSet\\Services\\%s“szDrvName);
????szSubKey[iBuffLen]=0;
????buf2.Buffer?=?(PVOID)szSubKey;
????buf2.Length?=?iBuffLen;
????RtlAnsiStringToUnicodeString(&buf1&buf21);
????//加載驅(qū)動程序
????dwOK?=?ZwLoadDriver(&buf1);
printf(“ZwLoadDriver?return?0x%x?\r\n“dwOK);
????RtlFreeUnicodeString(&buf1);
????iBuffLen=sprintf(szSubKey“%s%s\\Enum““System\\CurrentControlSet\\Services\\“szDrvName);
????szSubKey[iBuffLen]=0;
????//刪除注冊表項
????RegDeleteKey(HKEY_LOCAL_MACHINEszSubKey);
????iBuffLen=sprintf(szSubKey“%s%s\\Security““System\\CurrentControlSet\\Services\\“szDrvName);
????szSubKey[iBuffLen]=0;
????RegDeleteKey(HKEY_LOCAL_MACHINEszSubKey);
????iBuffLen=sprintf(szSubKey“%s%s““System\\CurrentControlSet\\Services\\“szDrvName);
????szSubKey[iBuffLen]=0;
????RegDeleteKey(HKEY_LOCAL_MACHINEszSubKey);
????iBuffLen=sprintf(szSubKey“\\\\.\\%s“szDrvName);
????szSubKey[iBuffLen]=0;
????return?1
}
BOOL?EnablePrivilege(TCHAR?*PrivilegeName)
{
HANDLE?TokenHandle;
LUID???Luid;
BOOL?result?=?FALSE;
DWORD?RetLen;
TOKEN_PRIVILEGES?LPrivileges;
if(!OpenProcessToken(GetCurrentProcess()?TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY?&TokenHandle))
return?FALSE;
if(!LookupPrivilegeValue(NU?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
?????文件????????9216??2007-12-19?17:25??zwloaddriver\DrvLoader.exe
?????文件????????4608??2007-12-18?18:22??zwloaddriver\HReg.sys
?????文件????????5749??2007-12-19?17:12??zwloaddriver\zwloaddriver.cpp
評論
共有 條評論
川公網(wǎng)安備 51152502000135號