forked from stay41327/Windows_AutoRun
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Drivers.cpp
executable file
·125 lines (113 loc) · 3.92 KB
/
Drivers.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#include "Drivers.h"
/*
******************************************************
Driver Tab
autorun drivers
******************************************************
*/
int Driver ( vector<tstring> *result,
vector<tstring> *descript,
vector<tstring> *publisher,
vector<tstring> *path)
{
HKEY hKey;
LONG lResult = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
"system\\currentcontrolset"
"\\services",
0,
KEY_READ|KEY_WOW64_64KEY, &hKey);
if ( lResult )
{
// Check premission Level
// report the error
// Not Found Error FILE_NOT_FOUND(2),PATH_NOT_FOUND(3)
if ( lResult != 5 )
return 0;
// Premission denied Error (5) ---- add read premission
return 0;
// Else ? Move on, man!
}
// Enumerate through the whole subkey
DWORD i = 0;
DWORD maxKey = 1024;
LPTSTR keyName = (LPTSTR)malloc(1024);
DWORD valueSiz = 1024;
DWORD type = REG_SZ;
LPTSTR value = (LPTSTR)malloc(1024);
DWORD dispSiz = 1024;
LPTSTR disp = (LPTSTR)malloc(1024);
vector<tstring> tmp;
tstring str;
while ( true )
{
keyName[0] = '\0';
maxKey = 1024;
if ( RegEnumKeyEx( hKey, i, keyName, &maxKey, NULL, NULL, NULL, NULL))
break;
str = keyName;
tmp.push_back( str );
i++;
}
for (vector<tstring>::iterator it = tmp.begin(); it != tmp.end(); ++it )
{
// Open subKey first. Check it's a Service or Driver?
HKEY subKey = NULL;
if ( RegOpenKeyEx( hKey, (*it).c_str(), 0, KEY_READ|KEY_WOW64_64KEY, &subKey ) )
continue;
if ( RegQueryValueEx( subKey, "ImagePath", NULL, &type, (LPBYTE)value, &valueSiz) )
{ RegCloseKey(subKey);
valueSiz = 1024;
value[0] = '\0';
continue; }
if ( RegQueryValueEx( subKey, "DisplayName", NULL, &type, (LPBYTE)disp, &dispSiz) )
{ RegCloseKey(subKey);
dispSiz = 1024;
disp[0] = '\0'; }
str = value;
// Convert to lowCase
#ifdef UNICODE
{
int idx = 0;
char c;
while(str[idx])
{ c = str[idx];
str[idx] = towlower(c);
idx++; }
}
#else
{
int idx = 0;
char c;
while(str[idx])
{ c = str[idx];
str[idx] = tolower(c);
idx++; }
}
#endif
if (str.find("\\drivers\\") != string::npos )
{ // Is Driver
// Push back keyName
str = value;
path->push_back(str);
str = (*it);
result->push_back( str );
str = disp;
descript->push_back( str );
}
else {
// Not Driver (service)
// Just Pass~
}
// TODO: find publisher
publisher->push_back("");
// CleanUp
dispSiz = 1024;
disp[0] = '\0';
valueSiz = 1024;
value[0] = '\0';
}
free(value);
free(keyName);
RegCloseKey(hKey);
return 1;
}