#include "func.h"
#include <ntimage.h>
#define PROCESS_ALL_ACCESS_THREAD (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | THREAD_ALL_ACCESS|0xFFFF)
//全局进程对象
PEPROCESS global_peprocess = NULL;
PEPROCESS global_peprocess2 = NULL;
//
char GAME_NAME[128] = "DNF.exe";
char DEBUG_NAME[128] = "TestMain.exe";
/*
防止TP使用NtRemoveProcessDebug函数清空调试端口
*/
NTSTATUS My_NtRemoveProcessDebug(IN HANDLE ProcessHandle, IN HANDLE DebugHandle)
{
return STATUS_SUCCESS;
}
/************************************************************************
函数名称:PassValidAccessMask
函数功能:修改ValidAccessMask值为0x1F000F
思路:解决调试权限清零 dt _OBJECT_TYPE_INITIALIZER fffffa80`03cdd380+40
eq fffffa8003cdd380+40+0x1c 00000000 为0后无法附加
************************************************************************/
PVOID pNtCreateDebugObject;
PVOID pDbgkDebugObject;
PVOID pDebugObject;
PVOID pValidMask;
PVOID pTargetAddr;
VOID PassValidAccessMask()
{
////win7下恢复调试权限,win10会蓝屏所以注释掉了
//PUCHAR StartSearchAddress = (PUCHAR)GetSSDTFunctionAddress(144);
//pNtCreateDebugObject = (PVOID)GetSSDTFunctionAddress(144);
////DbgPrint("pNtCreateDebugObject:%p\n", pNtCreateDebugObject);
//pTargetAddr = (PVOID)(((ULONG64)pNtCreateDebugObject) + 0x7c);
////DbgPrint("pTargetAddr:%p\n", pTargetAddr);
//PUCHAR EndSearchAddress = StartSearchAddress + 0x100;
//PUCHAR i = 0;
//UCHAR b1 = 0, b2 = 0, b3 = 0;
//LONG temp = 0;
//LONGLONG addr = 0;
//for (i = StartSearchAddress; i < EndSearchAddress; i++)
//{
// if (MmIsAddressValid(i) && MmIsAddressValid(i + 1) && MmIsAddressValid(i + 2))
// {
// b1 = *i;
// b2 = *(i + 1);
// b3 = *(i + 2);
// if (b1 == 0x48 && b2 == 0x8b && b3 == 0x15)
// {
// memcpy_s(&temp, 4, i + 3, 4);
// addr = (LONGLONG)temp + (LONGLONG)i + 7;
// //DbgPrint("ValidAccessMask未修改:%llx\n", *(ULONG *)((*(ULONGLONG *)addr) + 0x40 + 0x1C));
// *(ULONG *)((*(ULONGLONG *)addr) + 0x40 + 0x1C) = 0x1f000f;
// //DbgPrint("ValidAccessMask修改后:%llx\n", *(ULONG *)((*(ULONGLONG *)addr) + 0x40 + 0x1C));
// }
// }
//}
_disable();
//如果存在我的调试器
__try
{
if (MmIsAddressValid(global_peprocess))
{
if (global_peprocess != NULL)
{
//恢复进程打开的句柄权限
RestoreObjectAccess(global_peprocess);
}
}
else
{
global_peprocess = NULL;
}
}
__except (EXCEPTION_EXECUTE_HANDLER){}
//这个是恢复游戏进程句柄权限
//if (MmIsAddressValid(global_peprocess2))
//{
// if (global_peprocess2 != NULL)
// {
// //恢复进程打开的句柄权限
// RestoreObjectAccess2(global_peprocess2);
// }
//}
//else
//{
// global_peprocess2 = NULL;
//}
_enable();
}
/************************************************************************
函数名称:TimerRoutine
函数功能:全局调试对象权限的计时器 500ms一次
************************************************************************/
KTIMER Timer = { 0 }; // 用于全局调试对象权限的计时器
KDPC myDpc = { 0 }; // 用于全局调试对象权限的计时器
VOID TimerRoutine(
_In_ struct _KDPC *Dpc,
_In_opt_ PVOID DeferredContext,
_In_opt_ PVOID SystemArgument1,
_In_opt_ PVOID SystemArgument2
)
{
LARGE_INTEGER lTime = { 0 };
ULONG ulMicroSecond = 0;
//将定时器的时间设置为500ms
ulMicroSecond = 5000;
//将32位整数转化成64位整数
lTime = RtlConvertLongToLargeInteger(-10 * ulMicroSecond);
PassValidAccessMask();
//ViewHandle();
KeSetTimer(&Timer, lTime, &myDpc);
}
/************************************************************************
函数名称:SetDPCTimerForDbgAccess
函数功能:设置定时器
************************************************************************/
VOID SetDPCTimerForDbgAccess()
{
BOOLEAN bTimerStart = FALSE; // DPC定时器是否开启标志
LARGE_INTEGER lTime = { 0 };
ULONG ulMicroSecond = 0;
// 初始化定时器
KeInitializeTimer(&Timer);
// 初始化DPC
KeInitializeDpc(&myDpc, TimerRoutine, NULL);
// 开始定时器
//将定时器的时间设置为500ms
ulMicroSecond = 5000;
//将32位整数转化成64位整数
lTime = RtlConvertLongToLargeInteger(-10 * ulMicroSecond);
bTimerStart = KeSetTimer(&Timer, lTime, &myDpc);
if (bTimerStart)
{
DbgPrint("定时器开启成功...\n");
}
}
VOID CancelTimer()
{
global_peprocess = NULL;
global_peprocess2 = NULL;
//取消DPC定时器
KeCancelTimer(&Timer);//取消定时器
}
PVOID GetDriverEntryByImageBase(PVOID ImageBase)
{
PIMAGE_DOS_HEADER pDOSHeader;
PIMAGE_NT_HEADERS64 pNTHeader;
PVOID pEntryPoint;
pDOSHeader = (PIMAGE_DOS_HEADER)ImageBase;
pNTHeader = (PIMAGE_NT_HEADERS64)((ULONG64)ImageBase + pDOSHeader->e_lfanew);
pEntryPoint = (PVOID)((ULONG64)ImageBase + pNTHeader->OptionalHeader.AddressOfEntryPoint);
return pEntryPoint;
}
VOID UnicodeToChar(PUNICODE_STRING dst, char *src)
{
ANSI_STRING string;
RtlUnicodeStringToAnsiString(&string, dst, TRUE);
strcpy(src, string.Buffer);
RtlFreeAnsiString(&string);
}
BOOLEAN VxkCopyMemory(PVOID pDestination, PVOID pSourceAddress, SIZE_T SizeOfCopy)
{
PMDL pMdl = NULL;
PVOID pSafeAddress = NULL;
pMdl = IoAllocateMdl(pSourceAddress, (ULONG)SizeOfCopy, FALSE, FALSE, NULL);
if (!pMdl) return FALSE;
__try
{
MmProbeAndLockPages(pMdl, KernelMode, IoReadAccess);
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
IoFreeMdl(pMdl);
return FALSE;
}
pSafeAddress = MmGetSystemAddressForMdlSafe(pMdl, NormalPagePriority);
if (!pSafeAddress) return FALSE;
KIRQL irql = WPOFFx64();
RtlCopyMemory(pDestination, pSafeAddress, SizeOfCopy);
WPONx64(irql);
MmUnlockPages(pMdl);
IoFreeMdl(pMdl);
return TRUE;
}
void DenyLoadDriver(PVOID DriverEntry)
{
UCHAR fuck[] = "\xB8\x22\x00\x00\xC0\xC3";
VxkCopyMemory(DriverEntry, fuck, sizeof(fuck));
}
/************************************************************************
函数名称:LoadImageNotifyRoutine
函数功能:模块加载回调通知
************************************************************************/
VOID LoadImageNotifyRoutine
(
__in_opt PUNICODE_STRING FullImageName,
__in HANDLE ProcessId,
__in PIMAGE_INFO ImageInfo
)
{
PVOID pDrvEntry;
char szFullImageName[260] = { 0 };
if (FullImageName != NULL && MmIsAddressValid(FullImageName))
{
if (ProcessId == 0)
{
DbgPrint("[LoadImageNotifyX64]%wZ\n", FullImageName);
pDrvEntry = GetDriverEntryByImageBase(ImageInfo->ImageBase);
DbgPrint("[LoadImageNotifyX64]DriverEntry: %p\n", pDrvEntry);
UnicodeToChar(FullImageName, szFullImageName);
if (strstr(_strlwr(szFullImageName), "tesxnginx.sys"))
{
DbgPrint("Deny load [tesxnginx.SYS]");
//禁止加载tesxnginx.sys
DenyLoadDriver(pDrvEntry);
}
}
}
}
BOOLEAN IsProtectedProcessName(PEPROCESS eprocess)
{
char *Name = PsGetProcessImageFileName(eprocess);
if (!_stricmp(GAME_NAME, Name))
return TRUE;
else
return FALSE;
}
BOOLEAN IsDebugProcessName(PEPROCESS eprocess)
{
char *Name = PsGetProcessImageFileName(eprocess);
if (!_stricmp(DEBUG_NAME, Name))
return TRUE;
else
return FALSE;
}
PSPTERMINATETHREADBYPOINTER PspTerminateThreadByPointer = NULL;
VOID CreateThreadNotify(
IN HANDLE ProcessId,
IN HANDLE ThreadId,
IN BOOLEAN Create)
{
PEPROCESS Process = NULL;
PETHREAD Thread = NULL;
UCHAR *pszImageName = NULL;
NTSTATUS status;
UCHAR *pWin32Address = NULL;
//KdBreakPoint();
status = PsLookupProcessByProcessId(ProcessId, &Process);//1.通过进程ID,获取EPROCESS
if (!NT_SUCCESS(status))
return;
status = PsLookupThreadByThreadId(ThreadId, &Thread);//2.通过线程ID,获取ETHREAD
pszImageName = PsGetProcessImageFileName(Process);//3.通过EPROCESS获取进程名
ULONG32 callcode = 0;
ULONG64 AddressOfPspTTBP = 0, AddressOfPsTST = 0, i = 0;
if (PspTerminateThreadByPointer == NULL)
{
AddressOfPsTST = (ULONG64)GetFunctionAddr(L"PsTerminateSystemThread");
if (AddressOfPsTST == 0)
return STATUS_UNSUCCESSFUL;
for (i
没有合适的资源?快使用搜索试试~ 我知道了~
KingDriver.rar
共109个文件
tlog:55个
obj:8个
ipch:7个
5星 · 超过95%的资源 需积分: 10 5 下载量 52 浏览量
2020-11-02
08:49:07
上传
评论
收藏 32.54MB RAR 举报
温馨提示
cf dxf破图标驱动源码 这个是直接禁止驱动加载源码。支持全系统写法。 禁止其他进程加载或者运行驱动服务。完美不会报错支持受保护的游戏可直接禁止加载驱动保护。
资源推荐
资源详情
资源评论
收起资源包目录
KingDriver.rar (109个子文件)
PassTpFunc.c 16KB
func.c 12KB
main.c 6KB
DeleteFile.c 6KB
kingdriver.cat 3KB
KingDriver.cer 800B
Browse.VC.db 15.26MB
WdfCoinstaller01009.dll 1.64MB
KingDriver.vcxproj.filters 2KB
LDE64x64.h 77KB
struct.h 3KB
func.h 2KB
KingDriver.inf 2KB
KingDriver.inf 2KB
KingDriver.inf 2KB
KingDriver.inf 2KB
KingDriver.inf 2KB
KingDriver.inf 2KB
FUNC.ipch 24.19MB
MAIN.ipch 23.38MB
PASSTPFUNC.ipch 23.31MB
PASSTPFUNC.ipch 23.31MB
DELETEFILE.ipch 22.44MB
PASSTPFUNC.ipch 21.06MB
PASSTPFUNC.ipch 20.13MB
KingDriver.lastbuildstate 230B
KingDriver.lastbuildstate 230B
KingDriver.lastbuildstate 196B
KingDriver.log 19KB
KingDriver.log 3KB
KingDriver.log 3KB
KingDriver.Build.CppClean.log 3KB
KingDriver.Build.CppClean.log 3KB
KingDriver.Build.CppClean.log 570B
func.obj 48KB
func.obj 48KB
PassTpFunc.obj 43KB
PassTpFunc.obj 41KB
main.obj 29KB
DeleteFile.obj 25KB
main.obj 24KB
DeleteFile.obj 22KB
KingDriver.pdb 652KB
vc142.pdb 172KB
vc142.pdb 172KB
vc141.pdb 68KB
KingDriver.sys.recipe 280B
KingDriver.sln 3KB
.suo 38KB
KingDriver.sys 28KB
KingDriver.sys 28KB
CL.read.1.tlog 53KB
CL.read.1.tlog 26KB
CL.command.1.tlog 11KB
inf2cat.read.1.tlog 6KB
CL.command.1.tlog 6KB
link.command.1.tlog 6KB
link.read.1.tlog 5KB
CL.write.1.tlog 4KB
CL.command.1.tlog 3KB
inf2cat.read.1.tlog 3KB
link.command.1.tlog 3KB
link.read.1.tlog 2KB
CL.write.1.tlog 2KB
signtool.read.1.tlog 2KB
link.write.1.tlog 2KB
inf2cat-expand.read.1.tlog 2KB
signtool.write.1.tlog 1KB
inf2cat-expand.write.1.tlog 1KB
signtool.command.1.tlog 1KB
stampinf.command.1.tlog 918B
Inf2Cat.command.1.tlog 906B
inf2cat-expand.506924.read.1.tlog 866B
signtool.read.1.tlog 854B
inf2cat-expand.506040.read.1.tlog 830B
inf2cat-expand.11032.read.1.tlog 802B
inf2cat-expand.12348.read.1.tlog 790B
link.write.1.tlog 782B
stampinf.read.1.tlog 774B
inf2cat-expand.2744.read.1.tlog 766B
inf2cat-expand.9796.read.1.tlog 754B
inf2cat-expand.read.1.tlog 754B
inf2cat-expand.506924.write.1.tlog 586B
stampinf.write.1.tlog 574B
inf2cat-expand.506040.write.1.tlog 568B
inf2cat.write.1.tlog 566B
inf2cat-expand.11032.write.1.tlog 538B
signtool.write.1.tlog 530B
inf2cat-expand.12348.write.1.tlog 530B
inf2cat-expand.2744.write.1.tlog 520B
inf2cat-expand.write.1.tlog 512B
inf2cat-expand.9796.write.1.tlog 512B
signtool.command.1.tlog 508B
stampinf.command.1.tlog 452B
stampinf.command.1.tlog 440B
Inf2Cat.command.1.tlog 418B
stampinf.read.1.tlog 368B
stampinf.read.1.tlog 368B
signtool.timestamp.1.tlog 362B
stampinf.write.1.tlog 268B
共 109 条
- 1
- 2
资源评论
- kendami20092022-06-24找好久了,这个C币要的少,好评。 #完美解决问题
weixin_43970767
- 粉丝: 0
- 资源: 1
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 基于QT的地图可视化桌面系统后台数据库为MySQL5.7源码.zip
- 基于simulink的PLL锁相环系统仿真【包括模型,文档,参考文献,操作步骤】
- 基于EM-GMM模型的目标跟踪和异常行为检测matlab仿真【包括程序,注释,参考文献,操作步骤,说明文档】
- 2109010044_胡晨燕_选课管理数据库设计与实现.prj
- 帕鲁介绍的PPT备份没什么好下的
- demo1-202405
- 两种方式修改Intel网卡MAC地址
- 服务器搭建所需资源:static文件夹
- Vue02的源码学习资料
- Python 程序语言设计模式思路-行为型模式:访问者模式:在不改变被访问对象结构的情况下,定义对其元素的新操作
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功