驅動級文件隱藏技術

大小: 4.06MB

文件類型: .rar

金幣: 2

下載: 0 次

發布日期: 2023-11-15
語言: 其他
標簽: 文件隱藏??

高速下載

資源簡介

驅動級文件隱藏技術讓你的文件資源深藏電腦之中

資源截圖

小圖大圖

代碼片段和文件信息


#include?“Cyber02Hide.h“
#include?“..\\inc\common.h“




#define?ULONG??unsigned?long
#define?LONG??long

#define?SYSTEMSERVICE（_function）?KeServiceDescriptorTable.ServiceTablebase[*（PULONG）（（PUCHAR）_function?+?1）]

//add?lizr
LIST_ENTRY?ProcessList;
KSPIN_LOCK?ProcessLock;

LIST_ENTRY?HideFileList;
KSPIN_LOCK?HideFileLock;

extern?PSHORT?NtBuildNumber;
typedef?PVOID???（*PGetProcessPeb）（PEPROCESS?t）;
PGetProcessPeb??g_PsGetProcessPeb?=?NULL;


//VOID?CreateProcessNotifyRoutine?（IN?HANDLE??ParentIdIN?HANDLE??ProcessIdIN?BOOLEAN?Create）;

NTKERNELAPI
NTSTATUS
PsLookupProcessByProcessId（
						???IN??HANDLE?ProcessId
						???OUT?PEPROCESS?*Process
						???）;

//定義一個原函數指針
REALZWCREATEFILE?????????RealZwCreateFile=NULL;
REALZWQUERYDIRECTORYFILE?RealZwQueryDirectoryFile=NULL;

/*----------------------------------------------------------------------------------------------------*/
/*----------------------------------------------------------------------------------------------------*/
/*----------------------------------------------------------------------------------------------------*/
/*-----------------------------------------驅動入口---------------------------------------------------*/
NTSTATUS?
DriverEntry（IN?PDRIVER_object?Driverobject
			IN?PUNICODE_STRING?RegistryPath）
{
	UNICODE_STRING				nameString?linkString;?
	PDEVICE_object				deviceobject;?
	NTSTATUS					status;
	WCHAR						wBuffer[200];?

	//DbgPrint（“HelloThis?is?DriverEntry!\n“）;

	Driverobject->MajorFunction[IRP_MJ_CREATE]?????????=?
	Driverobject->MajorFunction[IRP_MJ_CLOSE]??????????=?DriverDispatch;
	Driverobject->MajorFunction[IRP_MJ_DEVICE_CONTROL]?=?DriverIoControl;
	Driverobject->DriverUnload?????????????????????????=?DriverUnload;?

??????//建立與上層通信的設備
	RtlInitUnicodeString（&nameString?L“\\Device\\Cyber02Hide“）;?

	status?=?IoCreateDevice（
				Driverobject?
				0										//無設備擴展
				&nameString?
				FILE_DEVICE_FILEMON?
				0?
				TRUE?
				&deviceobject?
				）;?

	if?（!NT_SUCCESS（?status?））?
		return?status;?

	RtlInitUnicodeString（&linkString?L“\\DosDevices\\Cyber02HideCD1“）;

	status?=?IoCreateSymboliclink?（&linkString?&nameString）;?

	if?（!NT_SUCCESS（?status?））?
	{?
		IoDeleteDevice?（Driverobject->Deviceobject）;?
		return?status;?
	}?

	InitializeListHead（&ProcessList）;
	KeInitializeSpinLock（&ProcessLock）;
	InitializeListHead（&HideFileList）;
	KeInitializeSpinLock（&HideFileLock）;

	AddProcess（PsGetCurrentProcessId（））;
	deviceobject->Flags?&=?~DO_DEVICE_INITIALIZING;
	deviceobject->Flags?|=?DO_DIRECT_IO;
????return?STATUS_SUCCESS;
}

/*----------------------------------------------------------------------------------------------------*/
/*----------------------------------------------------------------------------------------------------*/
/*----------------------------------------------------------------------------------------------------*/

NTSTATUS
DriverDispat

?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----

?????文件????????806??2012-02-01?19:07??11.驅動級文件隱藏技術\driver\buildchk.log

?????文件??????24439??2012-02-01?19:05??11.驅動級文件隱藏技術\driver\Cyber02Hide.c

?????文件???????3459??2012-02-01?18:51??11.驅動級文件隱藏技術\driver\Cyber02Hide.dsp

?????文件????????530??2012-02-01?19:04??11.驅動級文件隱藏技術\driver\Cyber02Hide.dsw

?????文件???????4597??2010-05-27?15:01??11.驅動級文件隱藏技術\driver\Cyber02Hide.h

?????文件??????50176??2012-02-21?21:20??11.驅動級文件隱藏技術\driver\Cyber02Hide.ncb

?????文件?????670208??2012-02-21?21:20??11.驅動級文件隱藏技術\driver\Cyber02Hide.opt

?????文件???????1544??2012-02-01?18:51??11.驅動級文件隱藏技術\driver\Cyber02Hide.plg

?????文件???????7040??2010-05-27?17:20??11.驅動級文件隱藏技術\driver\Cyber02Hide.sys

?????文件??????19456??2012-02-01?18:51??11.驅動級文件隱藏技術\driver\Debug\vc70.idb

?????文件??????36864??2012-02-01?18:51??11.驅動級文件隱藏技術\driver\Debug\vc70.pdb

?????文件????????267??2003-02-04?12:23??11.驅動級文件隱藏技術\driver\MAKEFILE

?????文件?????779124??2004-07-17?22:56??11.驅動級文件隱藏技術\driver\ntifs.h

?????文件????????241??2012-02-01?19:01??11.驅動級文件隱藏技術\driver\obj\_objects.mac

?????文件??????54985??2012-02-01?19:05??11.驅動級文件隱藏技術\driver\objchk\i386\cyber02hide.obj

?????文件??????44373??2012-02-01?18:59??11.驅動級文件隱藏技術\driver\objchk\i386\protect.obj

?????文件?????????78??2012-02-01?19:01??11.驅動級文件隱藏技術\driver\Sources

?????文件??????84992??2012-02-01?19:05??11.驅動級文件隱藏技術\driver\sys\i386\Protect.pdb

?????文件???????6400??2012-02-01?19:05??11.驅動級文件隱藏技術\driver\sys\i386\Protect.sys

?????文件??????36664??2012-02-21?21:04??11.驅動級文件隱藏技術\exe\exe.aps

?????文件???????1421??2012-02-21?21:13??11.驅動級文件隱藏技術\exe\exe.clw

?????文件???????2021??2010-05-25?16:30??11.驅動級文件隱藏技術\exe\exe.cpp

?????文件???????4236??2012-01-29?20:53??11.驅動級文件隱藏技術\exe\exe.dsp

?????文件????????529??2010-05-25?16:30??11.驅動級文件隱藏技術\exe\exe.dsw

?????文件???????1291??2010-05-25?16:30??11.驅動級文件隱藏技術\exe\exe.h

?????文件?????132096??2012-02-21?21:13??11.驅動級文件隱藏技術\exe\exe.ncb

?????文件?????670208??2012-02-21?21:13??11.驅動級文件隱藏技術\exe\exe.opt

?????文件????????744??2012-02-21?21:04??11.驅動級文件隱藏技術\exe\exe.plg

?????文件???????5861??2012-02-21?21:04??11.驅動級文件隱藏技術\exe\exe.rc

?????文件???????8840??2012-02-01?18:43??11.驅動級文件隱藏技術\exe\exeDlg.cpp

............此處省略40個文件信息

上一篇：基于STM32F407的MLX90614驅動程序（寄存器版本）
下一篇：orl+yale+中科院人臉庫

91av视频/亚洲h视频/操亚洲美女/外国一级黄色毛片 - 国产三级三级三级三级

驅動級文件隱藏技術

資源簡介

資源截圖

代碼片段和文件信息

評論

相關資源