【免费】断链隐藏进程(易语言)资源-CSDN文库

共6个文件

c：2个

vcxproj：1个

h：1个

需积分: 0 76 浏览量 2023-07-16 01:22:45 上传评论收藏 15KB ZIP 举报

资源推荐

资源详情

资源评论

收起资源包目录

断链隐藏进程(易语言).zip （6个子文件）

断链隐藏进程

SystemHide.c 551B

Head.h 454B

SystemHide.sln 3KB

SystemHide.vcxproj 7KB

DriverControl.c 3KB

断链隐藏进程.e 32KB

#include"Head.h" NTSTATUS DispatchCreate(PDEVICE_OBJECT pDriverObj, PIRP pIrp) { UNREFERENCED_PARAMETER(pDriverObj); pIrp->IoStatus.Status = STATUS_SUCCESS; pIrp->IoStatus.Information = 0; IoCompleteRequest(pIrp, IO_NO_INCREMENT); return STATUS_SUCCESS; } NTSTATUS DispatchClose(PDEVICE_OBJECT pDriverObj, PIRP pIrp) { UNREFERENCED_PARAMETER(pDriverObj); pIrp->IoStatus.Status = STATUS_SUCCESS; pIrp->IoStatus.Information = 0; IoCompleteRequest(pIrp, IO_NO_INCREMENT); return STATUS_SUCCESS; } NTSTATUS DispatchIoctl(PDEVICE_OBJECT pDriverObj, PIRP pIrp) { UNREFERENCED_PARAMETER(pDriverObj); NTSTATUS Status = STATUS_SUCCESS; PIO_STACK_LOCATION IoStackLocation = IoGetCurrentIrpStackLocation(pIrp); PVOID InputData = NULL, OutputData = NULL; ULONG InputDataLength = 0, OutputDataLength = 0, IoControlCode = 0; IoControlCode = IoStackLocation->Parameters.DeviceIoControl.IoControlCode; InputData = pIrp->AssociatedIrp.SystemBuffer; OutputData = pIrp->AssociatedIrp.SystemBuffer; InputDataLength = IoStackLocation->Parameters.DeviceIoControl.InputBufferLength; OutputDataLength = IoStackLocation->Parameters.DeviceIoControl.OutputBufferLength; switch (IoControlCode) { case IOCTL_IO_HIDE_PROCESS: { Status = HideProcess(*(PULONG)InputData); break; } default: Status = STATUS_UNSUCCESSFUL; break; } if (Status == STATUS_SUCCESS) { pIrp->IoStatus.Information = OutputDataLength; } else { pIrp->IoStatus.Information = 0; } pIrp->IoStatus.Status = Status; IoCompleteRequest(pIrp, IO_NO_INCREMENT); return Status; } NTSTATUS DriverExit(PDRIVER_OBJECT pdrive) { UNICODE_STRING symLinkName; RtlInitUnicodeString(&symLinkName, DEVICE_LINK_NAME); IoDeleteSymbolicLink(&symLinkName); IoDeleteDevice(pdrive->DeviceObject); DbgPrint("System Hide Driver Exit...\n"); return STATUS_SUCCESS; } NTSTATUS DriverEntry(PDRIVER_OBJECT pdriver, PUNICODE_STRING path) { DbgPrint("System Hide Driver Entry...\n"); DbgPrint("System Hide Driver Path:%s\n", path); NTSTATUS status = STATUS_SUCCESS; UNICODE_STRING link_name = { 0 }; UNICODE_STRING device_name = { 0 }; PDEVICE_OBJECT pdevice = NULL; pdriver->MajorFunction[IRP_MJ_CREATE] = DispatchCreate; pdriver->MajorFunction[IRP_MJ_CLOSE] = DispatchClose; pdriver->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchIoctl; pdriver->DriverUnload = DriverExit; RtlInitUnicodeString(&device_name, DEVICE_NAME); status = IoCreateDevice(pdriver, 0, &device_name, FILE_DEVICE_UNKNOWN, 0, FALSE, &pdevice); if (!NT_SUCCESS(status)) DbgPrint("System Hide Driver IoCreateDevice failed\n"); RtlInitUnicodeString(&link_name, DEVICE_LINK_NAME); status = IoCreateSymbolicLink(&link_name, &device_name); if (!NT_SUCCESS(status)) { IoDeleteDevice(pdevice); DbgPrint("System Hide Driver IoCreateSymbolicLink failed\n"); } return status; }

评论收藏

内容反馈