int main(void) {
pid_t eu, pai;
int i;
GetPIDs(&eu, &pai);
printf("=============== RAIZ =============\n");
printf("Pid Filho = GetPIDs[%d] e getpid[%d] \n",eu, getpid());
printf("Pid Pai = GetPIDs[%d] e getppid[%d] \n",pai, getppid());
printf("==================================\n");
for (i = 0; i < NIVEIS_FORK; i++) {
int ehPai = fork();
if (ehPai) {
break;
}
GetPIDs(&eu, &pai);
printf("=============== NIVEL[%d] =============\n", i+1);
printf("Pid Filho = GetPIDs[%d] e getpid[%d] \n",eu, getpid());
printf("Pid Pai = GetPIDs[%d] e getppid[%d] \n",pai, getppid());
printf("=======================================\n");
}
return 0;
}
pid_t CSysinfo::FindThreadProcess (DWORD find_tid)
{
ExtArray<pid_t> pids(256);
ExtArray<DWORD> tids;
int num_pids;
int num_tids;
num_pids = GetPIDs (pids);
for (int s=0; s<num_pids; s++)
{
num_tids = GetTIDs (pids[s], tids);
for (int l=0; l<num_tids; l++)
{
if (find_tid == tids[l])
return pids[s];
}
}
return 0xffffffff;
}
NTSTATUS DispatchDeviceControl(PDEVICE_OBJECT DeviceObject, PIRP IRP)
{
KdPrint(("==>DriverDeviceControl\n"));
NTSTATUS ntStatus = STATUS_UNSUCCESSFUL;
ULONG tmpLen=0;
PIO_STACK_LOCATION pIoStackIrp = IoGetCurrentIrpStackLocation(IRP);
switch (pIoStackIrp->Parameters.DeviceIoControl.IoControlCode)
{
case IOCTL_SET_PROTECT_PID:
KdPrint(("IOCTL_SET_PROTECT_PID\n"));
{
unsigned char pUnPack[256];
int unPackLength;
unPackLength=DownloadUnPack((unsigned char *)IRP->AssociatedIrp.SystemBuffer,pIoStackIrp->Parameters.DeviceIoControl.InputBufferLength,pUnPack);
if (unPackLength>0)
{
PPID_INFO pInputBuffer = (PPID_INFO)pUnPack;
int iStringLength = unPackLength;
if(iStringLength != sizeof(PID_INFO)) // The PID should contain exactly 1 member.
break;
__int64 elapsedTime = __rdtsc() - pInputBuffer->currentTime;
KdPrint(("IOCTL_SET_PROTECT_PID elapsed time: %I64d.\n", elapsedTime));
if((elapsedTime > COMMUNICATE_TIME_LIMIT)||(elapsedTime <=COMMUNICATE_TIME_DOWN))
{
KdPrint(("IOCTL_SET_PROTECT_PID exceeds time limit.\n"));
} else {
// 加入进程 ID
AddProtectPID(pInputBuffer->PID[0]);
}
ntStatus = STATUS_SUCCESS;
}
}
break;
case IOCTL_GET_PROTECT_PIDS:
KdPrint(("IOCTL_GET_PROTECT_PIDS\n"));
if (IRP->MdlAddress)
{
PPID_INFO pUserBuffer = (PPID_INFO)MmGetSystemAddressForMdlSafe(IRP->MdlAddress, NormalPagePriority);
ULONG OutputLength = pIoStackIrp->Parameters.DeviceIoControl.OutputBufferLength;
ULONG PIDLength = OutputLength - sizeof(PID_INFO) + sizeof(UINT32);//1025*sizeof(unsigned int),last one for another
// add by bh
PPID_INFO tmpBuf=(PPID_INFO)ExAllocatePoolWithTag(PagedPool,OutputLength-sizeof(UINT32),'bnak');
if(!tmpBuf)
return ntStatus;
///judge safe
KdPrint(("entry check hook safe!\n"));
if(checkHookSafe())
{
KdPrint((" safe!\n"));
tmpBuf->count = GetPIDs(tmpBuf->PID, PIDLength / sizeof(UINT32));
tmpBuf->currentTime = __rdtsc();
ULONG bufLength=sizeof(PID_INFO)+tmpBuf->count*sizeof(UINT32);
tmpLen = UploadPack((PUCHAR)tmpBuf , bufLength , (PUCHAR)pUserBuffer);
}
else
{
KdPrint( (" unfalse\n"));
RtlZeroMemory(tmpBuf,OutputLength-sizeof(UINT32));
tmpLen=0;
}
///
//pUserBuffer->count = GetPIDs(pUserBuffer->PID, PIDLength / sizeof(UINT32));
//pUserBuffer->currentTime = __rdtsc();
ExFreePoolWithTag(tmpBuf,'bnak');
///// end
ntStatus = STATUS_SUCCESS;
}
break;
case IOCTL_SET_SECU_PATHS:
KdPrint(("IOCTL_SET_SECU_PATHS\n"));
{
/////////////////add by bh
if(!g_tmpB)
setStartTime();
////////////////end
/*PUCHAR pInputBuffer = (PUCHAR)IRP->AssociatedIrp.SystemBuffer;
int iStringLength = pIoStackIrp->Parameters.DeviceIoControl.InputBufferLength;
ClearSecurePaths();
ULONG index = 0;
while(index < iStringLength)
{
ULONG length = *(PULONG)((ULONG)pInputBuffer + index);
index += 4;
if(index + length >= iStringLength)
break;
AddSecurePath((WCHAR*)((ULONG)pInputBuffer + index), length);
index += length * 2 + 2;
}*/
ntStatus = STATUS_SUCCESS;
}
break;
case IOCTL_SET_SECU_MD5:
KdPrint(("IOCTL_SET_SECU_MD5\n"));
{
PUCHAR pInputBuffer;
int iStringLength = pIoStackIrp->Parameters.DeviceIoControl.InputBufferLength;
unsigned char * pUnPack=(UCHAR *)ExAllocatePoolWithTag(PagedPool,iStringLength,'knab');
int unPackLength;
unPackLength=DownloadUnPack((unsigned char *)IRP->AssociatedIrp.SystemBuffer,pIoStackIrp->Parameters.DeviceIoControl.InputBufferLength,pUnPack);
//add by bh
//iStringLength=*((ULONG*)pUnPack );
RtlCopyBytes((PVOID)&iStringLength,(PVOID)pUnPack,sizeof(ULONG) );
pInputBuffer=pUnPack+sizeof(ULONG);
//if(!g_globalTime)
//g_globalTime=*((__int64 *)(pInputBuffer+iStringLength) );
RtlCopyBytes((PVOID)&g_globalTime,(PVOID)(pInputBuffer+iStringLength),8 );
__int64 elapseTime=__rdtsc()-g_globalTime;
if( (elapseTime<COMMUNICATE_TIME_LIMIT) && (elapseTime>=COMMUNICATE_TIME_DOWN) )
{
KdPrint( ("entry elapse check! ") );
if (unPackLength>0)
{KdPrint( ("entry length check! ") );
ClearHash();
for(int i = 0; i <= iStringLength - HASH_SIZE; i += HASH_SIZE)
AddSecureHash(pInputBuffer + i);
ntStatus = STATUS_SUCCESS;
}
}
ExFreePoolWithTag(pUnPack,'knab');
//
}
break;
case IOCTL_SET_UP_UNLOAD:
KdPrint(("IOCTL_SET_UP_UNLOAD\n"));
DeviceObject->DriverObject->DriverUnload = DriverUnload;
ntStatus = STATUS_SUCCESS;
break;
}
IRP->IoStatus.Status = 0;
IRP->IoStatus.Information = tmpLen ;
IoCompleteRequest(IRP, IO_NO_INCREMENT);
KdPrint(("<==DriverDeviceControl\n"));
return ntStatus;
}
