www.pudn.com > hidedrive.rar > HideHkApi.cpp
// HideHkApi.cpp : Defines the initialization routines for the DLL.
//
#include "stdafx.h"
#include "HideHkApi.h"
#include
#include "IoCtlCode_defines.h"
#include "NtDriverController.h"
#include "HideHkApi_Header.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#endif
//
//TODO: If this DLL is dynamically linked against the MFC DLLs,
// any functions exported from this DLL which call into
// MFC must have the AFX_MANAGE_STATE macro added at the
// very beginning of the function.
//
// For example:
//
// extern "C" BOOL PASCAL EXPORT ExportedFunction()
// {
// AFX_MANAGE_STATE(AfxGetStaticModuleState());
// // normal function body here
// }
//
// It is very important that this macro appear in each
// function, prior to any calls into MFC. This means that
// it must appear as the first statement within the
// function, even before any object variable declarations
// as their constructors may generate calls into the MFC
// DLL.
//
// Please see MFC Technical Notes 33 and 58 for additional
// details.
//
// CHideHkApiApp
BEGIN_MESSAGE_MAP(CHideHkApiApp, CWinApp)
END_MESSAGE_MAP()
// CHideHkApiApp construction
CHideHkApiApp::CHideHkApiApp()
{
// TODO: add construction code here,
// Place all significant initialization in InitInstance
}
// The one and only CHideHkApiApp object
int FindFileRule(FILEHIDERULE FileRule);
int FindProcessRule(PROCESSHIDERULE ProcessRule);
int FindKeyRule(KEYHIDERULE KeyRule);
int FindValueRule(VALUEHIDERULE ValueRule);
CHideHkApiApp theApp;
CArray g_arryFileHideRule;
CArray g_arryProcessHideRule;
CArray g_arryKeyHideRule;
CArray g_arryValueHideRule;
CNtDriverController *loaddrver;
//设备对象句柄
HANDLE g_hFile;
// CHideHkApiApp initialization
BOOL CHideHkApiApp::InitInstance()
{
CWinApp::InitInstance();
return TRUE;
}
////////////////////////////////////////////////////////////////////////////////
//访问驱动程序接口
//文件隐藏部分
int AddFileRule(FILEHIDERULE FileRule)
{
BOOL Result = FALSE;
DWORD BytesReturned = 0;
Result = DeviceIoControl(
g_hFile,
IOCTL_HIDEHKAPI_ADDFILERULE,
&FileRule,
sizeof(FILEHIDERULE),
NULL,
0,
&BytesReturned,
NULL
);
return Result;
}
int DelFileRule(FILEHIDERULE FileRule)
{
BOOL Result = FALSE;
DWORD BytesReturned = 0;
Result = DeviceIoControl(
g_hFile,
IOCTL_HIDEHKAPI_DELFILERULE,
&FileRule,
sizeof(FILEHIDERULE),
NULL,
0,
&BytesReturned,
NULL
);
return Result;
}
//进程隐藏部分
int AddProcessRule(PROCESSHIDERULE ProcessRule)
{
BOOL Result = FALSE;
DWORD BytesReturned = 0;
Result = DeviceIoControl(
g_hFile,
IOCTL_HIDEHKAPI_ADDPROCESSRULE,
&ProcessRule,
sizeof(PROCESSHIDERULE),
NULL,
0,
&BytesReturned,
NULL
);
return Result;
}
int DelProcessRule(PROCESSHIDERULE ProcessRule)
{
BOOL Result = FALSE;
DWORD BytesReturned = 0;
Result = DeviceIoControl(
g_hFile,
IOCTL_HIDEHKAPI_DELPROCESSRULE,
&ProcessRule,
sizeof(PROCESSHIDERULE),
NULL,
0,
&BytesReturned,
NULL
);
return Result;
}
//注册表项隐藏部分
int AddKeyRule(KEYHIDERULE KeyRule)
{
BOOL Result = FALSE;
DWORD BytesReturned = 0;
Result = DeviceIoControl(
g_hFile,
IOCTL_HIDEHKAPI_ADDKEYRULE,
&KeyRule,
sizeof(KEYHIDERULE),
NULL,
0,
&BytesReturned,
NULL
);
return Result;
}
int DelKeyRule(KEYHIDERULE KeyRule)
{
BOOL Result = FALSE;
DWORD BytesReturned = 0;
Result = DeviceIoControl(
g_hFile,
IOCTL_HIDEHKAPI_DELKEYRULE,
&KeyRule,
sizeof(KEYHIDERULE),
NULL,
0,
&BytesReturned,
NULL
);
return Result;
}
//注册表键值隐藏部分
int AddValueRule(VALUEHIDERULE ValueRule)
{
BOOL Result = FALSE;
DWORD BytesReturned = 0;
Result = DeviceIoControl(
g_hFile,
IOCTL_HIDEHKAPI_ADDVALUERULE,
&ValueRule,
sizeof(VALUEHIDERULE),
NULL,
0,
&BytesReturned,
NULL
);
return Result;
}
int DelValueRule(VALUEHIDERULE ValueRule)
{
BOOL Result = FALSE;
DWORD BytesReturned = 0;
Result = DeviceIoControl(
g_hFile,
IOCTL_HIDEHKAPI_DELVALUERULE,
&ValueRule,
sizeof(VALUEHIDERULE),
NULL,
0,
&BytesReturned,
NULL
);
return Result;
}
////////////////////////////////////////////////////////////////////////////////
//向上层提供的接口
//初始化与卸载
int HkApi_Initial()
{
loaddrver = new CNtDriverController();
//打开设备
g_hFile = CreateFile(TEXT("\\\\.\\Cyber02Hide"),
GENERIC_WRITE | GENERIC_READ,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
CREATE_ALWAYS,
FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
NULL
);
if(g_hFile == INVALID_HANDLE_VALUE)
{
return -1;
}
return 0;
}
int HkApi_Uninitial()
{
CloseHandle(g_hFile);
if (loaddrver) delete loaddrver;
return 0;
}
//文件隐藏部分
int HkApi_AddFileRule(FILEHIDERULE FileRule)
{
int nIndex = 0;
//察看该规则是否已在规则链表中,如果不在,则添加到链表中
nIndex = FindFileRule(FileRule);
if ( nIndex >= 0 )
{
return 0;
}
g_arryFileHideRule.Add(FileRule);
//将规则设到驱动中
AddFileRule(FileRule);
return 0;
}
int HkApi_DelFileRule(FILEHIDERULE FileRule)
{
int nIndex = 0;
nIndex = FindFileRule(FileRule);
if ( nIndex < 0 )
{
return 0;
}
g_arryFileHideRule.RemoveAt(nIndex);
DelFileRule(FileRule);
return 0;
}
int HkApi_ClearAllFileRule()
{
int nIndex = 0;
FILEHIDERULE FileRule;
for (nIndex = 0; nIndex < g_arryFileHideRule.GetCount(); nIndex ++ )
{
FileRule = g_arryFileHideRule[nIndex];
DelFileRule(FileRule);
}
g_arryFileHideRule.RemoveAll();
return 0;
}
//进程隐藏部分
int HkApi_AddProcessRule(PROCESSHIDERULE ProcessRule)
{
int nIndex = 0;
//察看该规则是否已在规则链表中,如果不在,则添加到链表中
nIndex = FindProcessRule(ProcessRule);
if ( nIndex >= 0 )
{
return 0;
}
g_arryProcessHideRule.Add(ProcessRule);
//将规则设到驱动中
AddProcessRule(ProcessRule);
return 0;
}
int HkApi_DelProcessRule(PROCESSHIDERULE ProcessRule)
{
int nIndex = 0;
nIndex = FindProcessRule(ProcessRule);
if ( nIndex < 0 )
{
return 0;
}
g_arryProcessHideRule.RemoveAt(nIndex);
DelProcessRule(ProcessRule);
return 0;
}
int HkApi_ClearAllProcessRule()
{
int nIndex = 0;
PROCESSHIDERULE ProcessRule;
for (nIndex = 0; nIndex < g_arryProcessHideRule.GetCount(); nIndex ++ )
{
ProcessRule = g_arryProcessHideRule[nIndex];
DelProcessRule(ProcessRule);
}
g_arryProcessHideRule.RemoveAll();
return 0;
}
//注册表项隐藏部分
int HkApi_AddKeyRule(KEYHIDERULE KeyRule)
{
int nIndex = 0;
//察看该规则是否已在规则链表中,如果不在,则添加到链表中
nIndex = FindKeyRule(KeyRule);
if ( nIndex >= 0 )
{
return 0;
}
g_arryKeyHideRule.Add(KeyRule);
//将规则设到驱动中
AddKeyRule(KeyRule);
return 0;
}
int HkApi_DelKeyRule(KEYHIDERULE KeyRule)
{
int nIndex = 0;
nIndex = FindKeyRule(KeyRule);
if ( nIndex < 0 )
{
return 0;
}
g_arryKeyHideRule.RemoveAt(nIndex);
DelKeyRule(KeyRule);
return 0;
}
int HkApi_ClearAllKeyRule()
{
int nIndex = 0;
KEYHIDERULE KeyRule;
for (nIndex = 0; nIndex < g_arryKeyHideRule.GetCount(); nIndex ++ )
{
KeyRule = g_arryKeyHideRule[nIndex];
DelKeyRule(KeyRule);
}
g_arryKeyHideRule.RemoveAll();
return 0;
}
//注册表键值隐藏部分
int HkApi_AddValueRule(VALUEHIDERULE ValueRule)
{
int nIndex = 0;
//察看该规则是否已在规则链表中,如果不在,则添加到链表中
nIndex = FindValueRule(ValueRule);
if ( nIndex >= 0 )
{
return 0;
}
g_arryValueHideRule.Add(ValueRule);
//将规则设到驱动中
AddValueRule(ValueRule);
return 0;
}
int HkApi_DelValueRule(VALUEHIDERULE ValueRule)
{
int nIndex = 0;
nIndex = FindValueRule(ValueRule);
if ( nIndex < 0 )
{
return 0;
}
g_arryValueHideRule.RemoveAt(nIndex);
DelValueRule(ValueRule);
return 0;
}
int HkApi_ClearAllValueRule()
{
int nIndex = 0;
VALUEHIDERULE ValueRule;
for (nIndex = 0; nIndex < g_arryValueHideRule.GetCount(); nIndex ++ )
{
ValueRule = g_arryValueHideRule[nIndex];
DelValueRule(ValueRule);
}
g_arryValueHideRule.RemoveAll();
return 0;
}