91av视频/亚洲h视频/操亚洲美女/外国一级黄色毛片 - 国产三级三级三级三级

資源簡(jiǎn)介

多種方法 保護(hù)進(jìn)程 斷鏈 修改Flag hook對(duì)象 抹psp表 csscs表 注冊(cè)回調(diào) ObRegisterCallbacks

資源截圖

代碼片段和文件信息 

#include“stdafx.h“
#include
#include
#include“DEVICE_IO_CONTROL.h“
#include“MRWAPI.h“
//KMDF
//KERNELTEST_WIN32_DEVICE_NAME_W?//?L“\\\\.\\BufferedIODevcielinkName“
#define?DEVICE_link_NAME??KERNELTEST_DEVICE_SIMBOLIC_W


//#define?CTL_SYS?????CTL_CODE(FILE_DEVICE_UNKNOWN0x830METHOD_BUFFEREDFILE_ANY_ACCESS)
//BOOL?WINAPI?DeviceIoControl(
//	_In_?????????HANDLE?hDevice???????//CreateFile函數(shù)打開的設(shè)備句柄
//	_In_?????????DWORD?dwIoControlCode//自定義的控制碼
//	_In_opt_?????LPVOID?lpInBuffer????//輸入緩沖區(qū)
//	_In_?????????DWORD?nInBufferSize??//輸入緩沖區(qū)的大小
//	_Out_opt_????LPVOID?lpOutBuffer???//輸出緩沖區(qū)
//	_In_?????????DWORD?nOutBufferSize?//輸出緩沖區(qū)的大小
//	_Out_opt_????LPDWORD?lpBytesReturned?//實(shí)際返回的字節(jié)數(shù),對(duì)應(yīng)驅(qū)動(dòng)程序中pIrp->IoStatus.Information。
//	_Inout_opt_??LPOVERLAPPED?lpOverlapped?//重疊操作結(jié)構(gòu)指針。同步設(shè)為NULL,DeviceIoControl將進(jìn)行阻塞調(diào)用;否則,應(yīng)在編程時(shí)按異步操作設(shè)計(jì)
//);
//測(cè)試?傳送參數(shù)
ULONG64?DeviceIo_Test()??
{
	UINT?nTypeCode?=?hook_code;
	HANDLE?DeviceHandle?=?CreateFile(
		DEVICE_link_NAME?//
		GENERIC_READ?|?GENERIC_WRITE
		FILE_SHARE_READ?|?FILE_SHARE_WRITE
		NULL
		OPEN_EXISTING
		FILE_ATTRIBUTE_NORMAL
		NULL);

	TRACE(“yjx:打開設(shè)備驅(qū)動(dòng)?DeviceHandle=%lx----------“?DeviceHandle);
	if?(DeviceHandle?==?INVALID_HANDLE_VALUE)
	{
		TRACE(“yjx:打開設(shè)備驅(qū)動(dòng)?失敗?Error?1132323??DeviceIo_Test\n“);
		return?0;
	}
	char?BufferDataIn[MAX_PATH]?=?“Ring3->Ring0“;
	char?BufferDataOut[MAX_PATH]?=?{?0?};
	DWORD?ReturnLength?=?0;

	BOOL?IsOK?=?DeviceIoControl(
		DeviceHandle?//CreateFile函數(shù)打開的設(shè)備句柄
		nTypeCode//自定義的控制碼
		BufferDataIn//輸入緩沖區(qū)
		MAX_PATH//輸入緩沖區(qū)大小
		(LPVOID)BufferDataOut////輸出緩沖區(qū)
		MAX_PATH//輸出緩沖區(qū)的大小
		&ReturnLength//實(shí)際返回的字節(jié)數(shù),對(duì)應(yīng)驅(qū)動(dòng)程序中pIrp->IoStatus.Information。
		NULL);?////重疊操作結(jié)構(gòu)指針。同步設(shè)為NULL,DeviceIoControl將進(jìn)行阻塞調(diào)用;否則,應(yīng)在編程時(shí)按異步操作設(shè)計(jì)
	TRACE(“yjx:IsOK=%lx?-------“?IsOK);

	if?(IsOK==0)?//IO通信出錯(cuò)
	{
		//int?LastError?=?GetLastError();

		//if?(LastError?==?ERROR_NO_SYSTEM_RESOURCES)
		//{
		//	char?BufferData[MAX_PATH]?=?{?0?};
		//	IsOK?=?DeviceIoControl(
		//		DeviceHandle?
		//		nTypeCode
		//		“Ring3->Ring0“
		//		strlen(“Ring3->Ring0“)?+?1
		//		(LPVOID)BufferData
		//		MAX_PATH//輸出緩沖區(qū)的大小
		//		&ReturnLength
		//		NULL);

		//	if?(LastError?==?0)
		//	{
		//		TRACE(“yjx:%s\r\n“?BufferData);
		//	}
		//}
	}

	if?(DeviceHandle?!=?NULL)
	{
		CloseHandle(DeviceHandle);
		DeviceHandle?=?NULL;
	}

	TRACE(“yjx:test?OK?retBuf=%s?-------111\r\n“?“test“);
	TRACE(“yjx:test?OK?retBuf=%s?-------222\r\n“?BufferDataOut);

	//getchar();
	return?0;
}


//添加要保護(hù)的進(jìn)程
ULONG64?AddPidToProtectList(DWORD?PID)//?CTLCODE)
{
	UINT?nTypeCode?=?addpid_code;//添加保護(hù)進(jìn)程的PID
	HANDLE?DeviceHandle?=?CreateFile(
		DEVICE_link_NAME?//
		GENERIC_READ?|?GENERIC_WRITE
		FILE_SHARE_READ?|?FILE_SHARE_WRITE
		NULL
		OPEN_EXISTING
		FILE_ATTRIBUTE_NORMAL
		NULL);

	if?(DeviceHandle?==?INVALID_HANDLE_VALUE)
	{
		TRACE(“yjx:打開設(shè)備驅(qū)動(dòng)?失敗?Error?1132323??AddPidToProtectList\n“);
		return?0;
	}
	DWORD?BufferInD

?屬性????????????大小?????日期????時(shí)間???名稱
-----------?---------??----------?-----??----
?????目錄???????????0??2018-05-18?01:36??ProtectProcess\
?????文件???????17816??2018-05-18?00:17??ProtectProcess\DriverEntry.c
?????文件????????3771??2018-05-17?00:59??ProtectProcess\IRP_MJ_DEVICE_CONGROL.c
?????文件????????1042??2018-05-17?23:10??ProtectProcess\MRWAPI.c
?????文件?????????275??2018-05-17?23:10??ProtectProcess\MRWAPI.h
?????文件????????8302??2018-05-18?00:06??ProtectProcess\ObRegisterCallbacks回調(diào)保護(hù)進(jìn)程資料.txt
?????文件????????3993??2018-05-17?23:14??ProtectProcess\ProcessProtect.c
?????文件?????????323??2018-05-17?01:08??ProtectProcess\ProcessProtect.h
?????文件????????5201??2018-05-16?22:59??ProtectProcess\ProcessStruct.h
?????文件?????????188??2018-05-16?23:12??ProtectProcess\ProcessTtruct.c
?????文件????????2542??2018-05-16?11:27??ProtectProcess\ProtectProcess.inf
?????文件????????9194??2018-05-18?01:17??ProtectProcess\ProtectProcess.vcxproj
?????文件????????3552??2018-05-17?23:36??ProtectProcess\ProtectProcess.vcxproj.filters
?????文件????????1166??2018-05-18?01:09??ProtectProcess\ProtectProcess.vcxproj.user
?????文件????????9832??2018-05-18?01:32??ProtectProcess\ProtectProcess_CallBack.c
?????文件????????1223??2018-05-18?00:11??ProtectProcess\ProtectProcess_CallBack.h
?????文件????????3443??2018-05-16?12:54??ProtectProcess\mdlhook.c
?????文件???????80315??2018-05-16?12:04??ProtectProcess\x64asm.c
?????文件?????????169??2018-05-16?22:10??ProtectProcess\x64asm.h
?????文件????????5920??2018-05-18?00:26??ProtectProcess.sln
?????目錄???????????0??2018-05-18?01:36??ProtectProcess_CallBack\
?????文件????????6808??2018-05-18?01:15??ProtectProcess_CallBack\DriverEntry.c
?????文件????????2821??2018-05-18?00:24??ProtectProcess_CallBack\ProtectProcess_CallBack.inf
?????文件????????7926??2018-05-18?00:26??ProtectProcess_CallBack\ProtectProcess_CallBack.vcxproj
?????文件????????1268??2018-05-18?00:26??ProtectProcess_CallBack\ProtectProcess_CallBack.vcxproj.filters
?????文件?????????271??2018-05-18?00:26??ProtectProcess_CallBack\ProtectProcess_CallBack.vcxproj.user
?????目錄???????????0??2018-05-18?01:36??mfc_load_driver\
?????文件??????????14??2018-05-15?07:16??mfc_load_driver\ASMX64.h
?????文件????????7133??2018-05-17?00:43??mfc_load_driver\DEVICE_IO_CONTROL.cpp
?????文件????????1428??2018-05-16?23:54??mfc_load_driver\DEVICE_IO_CONTROL.h
?????文件?????????624??2018-05-17?01:17??mfc_load_driver\MRWAPI.cpp
............此處省略32個(gè)文件信息

評(píng)論

共有 條評(píng)論