資源簡介
《寒江獨釣:Windows內(nèi)核安全編程》從Windows內(nèi)核編程出發(fā),全面系統(tǒng)地介紹了串口、鍵盤、磁盤、文件系統(tǒng)、網(wǎng)絡(luò)等相關(guān)的Windows內(nèi)核模塊的編程技術(shù),以及基于這些技術(shù)實現(xiàn)的輸入密碼保護、防毒引擎、文件加密、網(wǎng)絡(luò)嗅探、網(wǎng)絡(luò)防火墻等信息安全軟件的核心組件的具體編程。主要知識重點包括:Windows串口與鍵盤過濾驅(qū)動、 Windows虛擬存儲設(shè)備與存儲設(shè)備過濾驅(qū)動、Windows文件系統(tǒng)過濾驅(qū)動、文件系統(tǒng)透明加密/解密驅(qū)動、Windows各類網(wǎng)絡(luò)驅(qū)動(包括TDI 過濾驅(qū)動及3類NDIS驅(qū)動),以及最新的WDF驅(qū)動開發(fā)模型。有助于讀者熟悉Windows內(nèi)核驅(qū)動的體系結(jié)構(gòu),并精通信息安全類的內(nèi)核編程技術(shù)。本書的大部分代碼具有廣泛的兼容性,適合從Windows 2000一直到目前最新的Windows 7 Beta版。
代碼片段和文件信息
///
///?@file comcap.c
///?@author crazy_chu
///?@date 2008-6-18
///?
#include?
#define?NTSTRSAFE_LIB
#include?
#ifndef?SetFlag
#define?SetFlag(_F_SF)???????((_F)?|=?(_SF))
#endif
#ifndef?ClearFlag
#define?ClearFlag(_F_SF)?????((_F)?&=?~(_SF))
#endif
#define?CCP_MAX_COM_ID?32
//?過濾設(shè)備和真實設(shè)備
static?PDEVICE_object?s_fltobj[CCP_MAX_COM_ID]?=?{?0?};
static?PDEVICE_object?s_nextobj[CCP_MAX_COM_ID]?=?{?0?};
//?打開一個端口設(shè)備
PDEVICE_object?ccpOpenCom(ULONG?idNTSTATUS?*status)
{
UNICODE_STRING?name_str;
static?WCHAR?name[32]?=?{?0?};
PFILE_object?fileobj?=?NULL;
PDEVICE_object?devobj?=?NULL;
//?輸入字符串。
memset(name0sizeof(WCHAR)*32);
RtlStringCchPrintfW(
name32
L“\\Device\\Serial%d“id);
RtlInitUnicodeString(&name_strname);
//?打開設(shè)備對象
*status?=?IoGetDeviceobjectPointer(&name_str?FILE_ALL_ACCESS?&fileobj?&devobj);
if?(*status?==?STATUS_SUCCESS)
ObDereferenceobject(fileobj);
return?devobj;
}
NTSTATUS
ccpAttachDevice(
PDRIVER_object?driver?
PDEVICE_object?oldobj
PDEVICE_object?*fltobj?
PDEVICE_object?*next)
{
NTSTATUS?status;
PDEVICE_object?topdev?=?NULL;
//?生成設(shè)備,然后綁定之。
status?=?IoCreateDevice(driver
0
NULL
oldobj->DeviceType
0
FALSE
fltobj);
if?(status?!=?STATUS_SUCCESS)
return?status;
//?拷貝重要標(biāo)志位。
if(oldobj->Flags?&?DO_BUFFERED_IO)
(*fltobj)->Flags?|=?DO_BUFFERED_IO;
if(oldobj->Flags?&?DO_DIRECT_IO)
(*fltobj)->Flags?|=?DO_DIRECT_IO;
if(oldobj->Flags?&?DO_BUFFERED_IO)
(*fltobj)->Flags?|=?DO_BUFFERED_IO;
if(oldobj->Characteristics?&?FILE_DEVICE_SECURE_OPEN)
(*fltobj)->Characteristics?|=?FILE_DEVICE_SECURE_OPEN;
(*fltobj)->Flags?|=??DO_POWER_PAGABLE;
//?綁定一個設(shè)備到另一個設(shè)備上
topdev?=?IoAttachDeviceToDeviceStack(*fltobjoldobj);
if?(topdev?==?NULL)
{
//?如果綁定失敗了,銷毀設(shè)備,重新來過。
IoDeleteDevice(*fltobj);
*fltobj?=?NULL;
status?=?STATUS_UNSUCCESSFUL;
return?status;
}
*next?=?topdev;
//?設(shè)置這個設(shè)備已經(jīng)啟動。
(*fltobj)->Flags?=?(*fltobj)->Flags?&?~DO_DEVICE_INITIALIZING;
return?STATUS_SUCCESS;
}
//?這個函數(shù)綁定所有的串口。
void?ccpAttachAllComs(PDRIVER_object?driver)
{
ULONG?i;
PDEVICE_object?com_ob;
NTSTATUS?status;
for(i?=?0;i
//?獲得object引用。
com_ob?=?ccpOpenCom(i&status);
if(com_ob?==?NULL)
continue;
//?在這里綁定。并不管綁定是否成功。
ccpAttachDevice(drivercom_ob&s_fltobj[i]&s_nextobj[i]);
//?取消object引用。
}
}
#define??DELAY_ONE_MICROSECOND??(-10)
#define??DELAY_ONE_MILLISECOND?(DELAY_ONE_MICROSECOND*1000)
#define??DELAY_ONE_SECOND?(DELAY_ONE_MILLISECOND*1000)
void?ccpUnload(PDRIVER_object?drv)
{
ULONG?i;
LARGE_INTEGER?interval;
//?首先解除綁定
for(i=0;i
if(s_nextobj[i]?!=?NULL)
IoDetachDevice(s_nextobj[i]);
}
//?睡眠5秒。等待所有irp處理結(jié)束
interval.QuadPart?=?(5*1000?*?DELAY_ONE_MILLISECOND);
KeDelayExecutionThread(KernelModeFALSE&interval);
//?刪除這些設(shè) ?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
????......R??????2058??2009-04-28?22:03??source_code\DP\DP.vcproj
????......R??????2623??2009-03-20?20:43??source_code\DP\DP.vcproj.MAC.xiao.yang.user
????......R??????3633??2009-04-28?21:18??source_code\DP\DP.vcproj.old
????......R?????10236??2009-03-20?00:44??source_code\DP\DPBitmap.c
????......R??????1864??2009-03-20?00:44??source_code\DP\DPBitmap.h
????......R?????29772??2009-03-16?09:31??source_code\DP\DPMain.c
????......R??????4733??2009-03-12?14:11??source_code\DP\DPMain.h
????......R???????286??2009-04-28?22:38??source_code\DP\buildchk_wnet_x86.log
????......R???????519??2009-03-12?22:23??source_code\DP\buildchk_wxp_x86.log
????......R???????286??2009-04-28?22:38??source_code\DP\buildfre_wnet_x86.log
????......R???????508??2009-03-06?13:21??source_code\DP\clean.bat
????......R???????891??2009-03-06?13:21??source_code\DP\makefile
????......R???????177??2009-04-28?22:05??source_code\DP\my_build.bat
????......R???????111??2008-12-11?21:24??source_code\DP\my_clean.bat
????......R????????75??2009-03-11?11:57??source_code\DP\sources
????......R??????6394??2009-04-30?16:52??source_code\Kb_sniff_Mp\KbRelated.c
????......R???????412??2009-05-06?09:47??source_code\Kb_sniff_Mp\KbRelated.h
????......R?????12489??2009-05-06?09:47??source_code\Kb_sniff_Mp\Kb_sniffMp.c
????......R??????1421??2009-05-05?15:49??source_code\Kb_sniff_Mp\Kb_sniffMp.h
????......R???????975??2009-05-09?11:08??source_code\Kb_sniff_Mp\Kb_sniffMp.sln
????.....HR?????13824??2009-05-14?21:45??source_code\Kb_sniff_Mp\Kb_sniffMp.suo
????......R??????1718??2009-05-09?11:03??source_code\Kb_sniff_Mp\Kb_sniffMp.vcproj
????......R??????6578??2008-11-07?01:24??source_code\Kb_sniff_Mp\Kb_sniffMp.vcproj.7.10.old
????......R??????1444??2009-05-07?09:52??source_code\Kb_sniff_Mp\Kb_sniffMp.vcproj.NEC-9F096F6DE5D.admin.user
????......R??????1432??2009-05-07?13:12??source_code\Kb_sniff_Mp\Kb_sniffMp.vcproj.NECAS-SJL.wowocock.user
????......R??????3239??2009-05-09?11:02??source_code\Kb_sniff_Mp\Kb_sniffMp.vcproj.old
????......R???????267??2003-02-05?03:23??source_code\Kb_sniff_Mp\MAKEFILE
????......R????????79??2008-11-07?01:14??source_code\Kb_sniff_Mp\SOURCES.bak
????......R??????4261??2009-04-30?16:11??source_code\Kb_sniff_Mp\UpgradeLog.xm
????......R??????3348??2009-04-30?16:11??source_code\Kb_sniff_Mp\_UpgradeReport_Files\UpgradeReport.css
............此處省略348個文件信息
評論
共有 條評論
川公網(wǎng)安備 51152502000135號