hidedrive.rar HideHkApi.cpp

www.pudn.com > hidedrive.rar > HideHkApi.cpp

// HideHkApi.cpp : Defines the initialization routines for the DLL.
//

#include "stdafx.h"
#include "HideHkApi.h"
#include <winioctl.h>
#include "IoCtlCode_defines.h"
#include "NtDriverController.h"
#include "HideHkApi_Header.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#endif

//
//TODO: If this DLL is dynamically linked against the MFC DLLs,
// any functions exported from this DLL which call into
// MFC must have the AFX_MANAGE_STATE macro added at the
// very beginning of the function.
//
// For example:
//
// extern "C" BOOL PASCAL EXPORT ExportedFunction()
// {
// AFX_MANAGE_STATE(AfxGetStaticModuleState());
// // normal function body here
// }
//
// It is very important that this macro appear in each
// function, prior to any calls into MFC. This means that
// it must appear as the first statement within the
// function, even before any object variable declarations
// as their constructors may generate calls into the MFC
// DLL.
//
// Please see MFC Technical Notes 33 and 58 for additional
// details.
//

// CHideHkApiApp

BEGIN_MESSAGE_MAP(CHideHkApiApp, CWinApp)
END_MESSAGE_MAP()

// CHideHkApiApp construction

CHideHkApiApp::CHideHkApiApp()
{
// TODO: add construction code here,
// Place all significant initialization in InitInstance
}

// The one and only CHideHkApiApp object

int FindFileRule(FILEHIDERULE FileRule);
int FindProcessRule(PROCESSHIDERULE ProcessRule);
int FindKeyRule(KEYHIDERULE KeyRule);
int FindValueRule(VALUEHIDERULE ValueRule);

CHideHkApiApp theApp;
CArray<FILEHIDERULE, FILEHIDERULE> g_arryFileHideRule;
CArray<PROCESSHIDERULE, PROCESSHIDERULE> g_arryProcessHideRule;
CArray<KEYHIDERULE, KEYHIDERULE> g_arryKeyHideRule;
CArray<VALUEHIDERULE, VALUEHIDERULE> g_arryValueHideRule;
CNtDriverController *loaddrver;
//设备对象句柄
HANDLE g_hFile;

// CHideHkApiApp initialization

BOOL CHideHkApiApp::InitInstance()
{
CWinApp::InitInstance();

return TRUE;
}

////////////////////////////////////////////////////////////////////////////////
//访问驱动程序接口
//文件隐藏部分

int AddFileRule(FILEHIDERULE FileRule)
{
BOOL Result = FALSE;
DWORD BytesReturned = 0;

Result = DeviceIoControl(
g_hFile,
IOCTL_HIDEHKAPI_ADDFILERULE,
&amt;FileRule,
sizeof(FILEHIDERULE),
NULL,
0,
&amt;BytesReturned,
NULL
);

return Result;
}

int DelFileRule(FILEHIDERULE FileRule)
{
BOOL Result = FALSE;
DWORD BytesReturned = 0;

Result = DeviceIoControl(
g_hFile,
IOCTL_HIDEHKAPI_DELFILERULE,
&amt;FileRule,
sizeof(FILEHIDERULE),
NULL,
0,
&amt;BytesReturned,
NULL
);

return Result;
}
//进程隐藏部分
int AddProcessRule(PROCESSHIDERULE ProcessRule)
{
BOOL Result = FALSE;
DWORD BytesReturned = 0;

Result = DeviceIoControl(
g_hFile,
IOCTL_HIDEHKAPI_ADDPROCESSRULE,
&amt;ProcessRule,
sizeof(PROCESSHIDERULE),
NULL,
0,
&amt;BytesReturned,
NULL
);

return Result;
}

int DelProcessRule(PROCESSHIDERULE ProcessRule)
{
BOOL Result = FALSE;
DWORD BytesReturned = 0;

Result = DeviceIoControl(
g_hFile,
IOCTL_HIDEHKAPI_DELPROCESSRULE,
&amt;ProcessRule,
sizeof(PROCESSHIDERULE),
NULL,
0,
&amt;BytesReturned,
NULL
);

return Result;
}
//注册表项隐藏部分
int AddKeyRule(KEYHIDERULE KeyRule)
{
BOOL Result = FALSE;
DWORD BytesReturned = 0;

Result = DeviceIoControl(
g_hFile,
IOCTL_HIDEHKAPI_ADDKEYRULE,
&amt;KeyRule,
sizeof(KEYHIDERULE),
NULL,
0,
&amt;BytesReturned,
NULL
);

return Result;
}

int DelKeyRule(KEYHIDERULE KeyRule)
{
BOOL Result = FALSE;
DWORD BytesReturned = 0;

Result = DeviceIoControl(
g_hFile,
IOCTL_HIDEHKAPI_DELKEYRULE,
&amt;KeyRule,
sizeof(KEYHIDERULE),
NULL,
0,
&amt;BytesReturned,
NULL
);

return Result;
}

//注册表键值隐藏部分
int AddValueRule(VALUEHIDERULE ValueRule)
{
BOOL Result = FALSE;
DWORD BytesReturned = 0;

Result = DeviceIoControl(
g_hFile,
IOCTL_HIDEHKAPI_ADDVALUERULE,
&amt;ValueRule,
sizeof(VALUEHIDERULE),
NULL,
0,
&amt;BytesReturned,
NULL
);

return Result;
}

int DelValueRule(VALUEHIDERULE ValueRule)
{
BOOL Result = FALSE;
DWORD BytesReturned = 0;

Result = DeviceIoControl(
g_hFile,
IOCTL_HIDEHKAPI_DELVALUERULE,
&amt;ValueRule,
sizeof(VALUEHIDERULE),
NULL,
0,
&amt;BytesReturned,
NULL
);

return Result;
}
////////////////////////////////////////////////////////////////////////////////
//向上层提供的接口
//初始化与卸载
int HkApi_Initial()
{
loaddrver = new CNtDriverController();

//打开设备
g_hFile = CreateFile(TEXT("\\\\.\\Cyber02Hide"),
GENERIC_WRITE | GENERIC_READ,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
CREATE_ALWAYS,
FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED,
NULL
);

if(g_hFile == INVALID_HANDLE_VALUE)
{
return -1;
}

return 0;
}

int HkApi_Uninitial()
{

CloseHandle(g_hFile);
if (loaddrver) delete loaddrver;

return 0;

}

//文件隐藏部分
int HkApi_AddFileRule(FILEHIDERULE FileRule)
{
int nIndex = 0;
//察看该规则是否已在规则链表中，如果不在，则添加到链表中
nIndex = FindFileRule(FileRule);
if ( nIndex >= 0 )
{
return 0;
}

g_arryFileHideRule.Add(FileRule);

//将规则设到驱动中
AddFileRule(FileRule);

return 0;
}

int HkApi_DelFileRule(FILEHIDERULE FileRule)
{
int nIndex = 0;

nIndex = FindFileRule(FileRule);
if ( nIndex < 0 )
{
return 0;
}

g_arryFileHideRule.RemoveAt(nIndex);

DelFileRule(FileRule);

return 0;
}

int HkApi_ClearAllFileRule()
{
int nIndex = 0;
FILEHIDERULE FileRule;

for (nIndex = 0; nIndex < g_arryFileHideRule.GetCount(); nIndex ++ )
{
FileRule = g_arryFileHideRule[nIndex];
DelFileRule(FileRule);
}

g_arryFileHideRule.RemoveAll();

return 0;

}

//进程隐藏部分
int HkApi_AddProcessRule(PROCESSHIDERULE ProcessRule)
{
int nIndex = 0;
//察看该规则是否已在规则链表中，如果不在，则添加到链表中
nIndex = FindProcessRule(ProcessRule);
if ( nIndex >= 0 )
{
return 0;
}

g_arryProcessHideRule.Add(ProcessRule);

//将规则设到驱动中
AddProcessRule(ProcessRule);

return 0;
}

int HkApi_DelProcessRule(PROCESSHIDERULE ProcessRule)
{
int nIndex = 0;

nIndex = FindProcessRule(ProcessRule);
if ( nIndex < 0 )
{
return 0;
}

g_arryProcessHideRule.RemoveAt(nIndex);

DelProcessRule(ProcessRule);

return 0;
}

int HkApi_ClearAllProcessRule()
{
int nIndex = 0;
PROCESSHIDERULE ProcessRule;

for (nIndex = 0; nIndex < g_arryProcessHideRule.GetCount(); nIndex ++ )
{
ProcessRule = g_arryProcessHideRule[nIndex];
DelProcessRule(ProcessRule);
}

g_arryProcessHideRule.RemoveAll();

return 0;

}

//注册表项隐藏部分
int HkApi_AddKeyRule(KEYHIDERULE KeyRule)
{
int nIndex = 0;
//察看该规则是否已在规则链表中，如果不在，则添加到链表中
nIndex = FindKeyRule(KeyRule);
if ( nIndex >= 0 )
{
return 0;
}

g_arryKeyHideRule.Add(KeyRule);

//将规则设到驱动中
AddKeyRule(KeyRule);

return 0;
}

int HkApi_DelKeyRule(KEYHIDERULE KeyRule)
{
int nIndex = 0;

nIndex = FindKeyRule(KeyRule);
if ( nIndex < 0 )
{
return 0;
}

g_arryKeyHideRule.RemoveAt(nIndex);

DelKeyRule(KeyRule);

return 0;
}

int HkApi_ClearAllKeyRule()
{
int nIndex = 0;
KEYHIDERULE KeyRule;

for (nIndex = 0; nIndex < g_arryKeyHideRule.GetCount(); nIndex ++ )
{
KeyRule = g_arryKeyHideRule[nIndex];
DelKeyRule(KeyRule);
}

g_arryKeyHideRule.RemoveAll();

return 0;

}

//注册表键值隐藏部分
int HkApi_AddValueRule(VALUEHIDERULE ValueRule)
{
int nIndex = 0;
//察看该规则是否已在规则链表中，如果不在，则添加到链表中
nIndex = FindValueRule(ValueRule);
if ( nIndex >= 0 )
{
return 0;
}

g_arryValueHideRule.Add(ValueRule);

//将规则设到驱动中
AddValueRule(ValueRule);

return 0;
}

int HkApi_DelValueRule(VALUEHIDERULE ValueRule)
{
int nIndex = 0;

nIndex = FindValueRule(ValueRule);
if ( nIndex < 0 )
{
return 0;
}

g_arryValueHideRule.RemoveAt(nIndex);

DelValueRule(ValueRule);

return 0;
}

int HkApi_ClearAllValueRule()
{
int nIndex = 0;
VALUEHIDERULE ValueRule;

for (nIndex = 0; nIndex < g_arryValueHideRule.GetCount(); nIndex ++ )
{
ValueRule = g_arryValueHideRule[nIndex];
DelValueRule(ValueRule);
}

g_arryValueHideRule.RemoveAll();

return 0;

}