/*--------------------------------------------------------------------------*/ int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR szCmdLine, int iCmdShow) { int iExitCode = 0; HINSTANCE hinstLib = NULL; BOOL fFreeResult = FALSE, fRunTimeLinkSuccess = FALSE; if (GetWindowsVersion() == OS_ERROR ) { MessageBox(NULL, TEXT(MSG_DETECT_UNKNOW), TEXT(MSG_WARNING), MB_ICONWARNING); return -1; } if (GetWindowsVersion() < OS_WIN32_WINDOWS_XP ) { MessageBox(NULL, TEXT(MSG_DETECT_XP_OR_MORE), TEXT(MSG_WARNING), MB_ICONWARNING); return -1; } /* http://msdn.microsoft.com/en-us/library/ms724482(VS.85).aspx */ if (!IsProcessorFeaturePresent(PF_XMMI_INSTRUCTIONS_AVAILABLE)) { MessageBox(NULL, TEXT(MSG_DETECT_SSE_OR_MORE), TEXT(MSG_WARNING), MB_ICONWARNING); return -1; } hinstLib = LoadLibrary(TEXT(SCILAB_LIBRARY)); if (hinstLib != NULL) { MYPROC1 Windows_Main = NULL; /* launch main */ Windows_Main = (MYPROC1) GetProcAddress(hinstLib, MAIN_FUNCTION); if (NULL != Windows_Main) { #ifndef _DEBUG /* catch system errors msgbox (release mode only) */ /* http://msdn.microsoft.com/en-us/library/ms680621(VS.85).aspx */ UINT LastErrorMode = SetErrorMode( SEM_FAILCRITICALERRORS | SEM_NOALIGNMENTFAULTEXCEPT | SEM_NOGPFAULTERRORBOX ); _try { #endif fRunTimeLinkSuccess = TRUE; /* launch main */ iExitCode = (Windows_Main)(hInstance, hPrevInstance, szCmdLine, iCmdShow); #ifndef _DEBUG } _except (EXCEPTION_EXECUTE_HANDLER) { } #endif }
//####################################################################################### //@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ //@@@@@@@@ D R I V E R E N T R Y P O I N T @@@@@@@@ //@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ //####################################################################################### NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObj, IN PUNICODE_STRING pRegistryString) { NTSTATUS status = STATUS_UNSUCCESSFUL; //记录自身驱动的信息 g_MyDriverObject = pDriverObj; g_MyDriverBase = pDriverObj->DriverStart; g_MyDriverSize = pDriverObj->DriverSize; //Initialize Windows Version GetWindowsVersion(); if (WinVersion == WINDOWS_VERSION_7_7000 || WinVersion == WINDOWS_VERSION_7_7600_UP) { bWin7 = TRUE; } else if (WinVersion == WINDOWS_VERSION_XP) { bWin7 = FALSE; } else { //既不是win7也不是winxp goto DriverRet; } //测试 //__asm int 3; status = ReloadNtos(g_MyDriverObject); if (status != STATUS_SUCCESS) { goto DriverRet; } DriverRet: return status; }
//---------------------------------------------------------------------------------- // //---------------------------------------------------------------------------------- void WriteSystemSpecToLog(Log* log) { log->WriteLineStrongly("システム情報"); log->BeginTable(); log->Write("CPU名"); log->ChangeColumn(); log->Write(GetCPUName().c_str()); log->ChangeRow(); log->Write("OS情報"); log->ChangeColumn(); #if defined(_WIN32) log->Write("OS: Windows\n"); log->Write(GetWindowsVersion().c_str()); #else log->Write("Unavailable"); #endif log->ChangeRow(); log->Write("メモリ情報"); log->ChangeColumn(); log->Write(GetMemoryInfo().c_str()); log->EndTable(); }
CStdString SystemFolderInfo::GetCommonStartMenu() { CStdString sPath; switch (GetWindowsVersion()) { case WINDOWS_95: case WINDOWS_ME: case WINDOWS_98: { if (HasWin98UserGotProfile()) sPath = GetProfilePath(); else sPath = GetWindowsPath(); sPath += _T("\\Local Settings\\Start Menu"); } break; case WINDOWS_NT: case WINDOWS_2K: case WINDOWS_XP: case WINDOWS_2003SERVER: default: sPath = GetFolderPath(CSIDL_COMMON_STARTMENU, NULL); break; } ValidatePath(sPath, CSIDL_COMMON_STARTMENU); return sPath; }
CStdString SystemFolderInfo::GetLocalUserAppDataPath() { CStdString sPath; switch (GetWindowsVersion()) { case WINDOWS_95: case WINDOWS_ME: case WINDOWS_98: { if (HasWin98UserGotProfile()) sPath = GetProfilePath() + _T("\\Application Data"); else sPath = GetWindowsPath() + _T("\\Local Settings\\Application Data"); } break; case WINDOWS_NT: case WINDOWS_2K: case WINDOWS_XP: case WINDOWS_2003SERVER: default: sPath = GetFolderPath(CSIDL_APPDATA, NULL); break; } ValidatePath(sPath, CSIDL_APPDATA); return sPath; }
TEST_F(ShellTest, CreateShortcut) { // FIXME i#12: Re-enable on XP when passes. if (GetWindowsVersion() < WIN_VISTA) { printf("WARNING: Disabling ShellTest.* on Pre-Vista, see i#12.\n"); return; } HRESULT hr; IShellLinkW *shell; IPersistFile *persist = NULL; // Create a shortcut. hr = CoCreateInstance(CLSID_ShellLink, NULL, CLSCTX_INPROC_SERVER, IID_IShellLinkW, (LPVOID*)(&shell)); EXPECT_TRUE(SUCCEEDED(hr)); hr = shell->QueryInterface(IID_IPersistFile, (void**)(&persist)); EXPECT_TRUE(SUCCEEDED(hr)); hr = shell->SetPath(file_path_.c_str()); EXPECT_TRUE(SUCCEEDED(hr)); hr = shell->SetDescription(kLinkDescription); EXPECT_TRUE(SUCCEEDED(hr)); hr = persist->Save(link_path_.c_str(), TRUE); EXPECT_TRUE(SUCCEEDED(hr)); if (persist) persist->Release(); if (shell) shell->Release(); }
CStdString SystemFolderInfo::GetDefaultUserAppDataPath() { CStdString sPath; switch (GetWindowsVersion()) { case WINDOWS_95: case WINDOWS_ME: case WINDOWS_98: sPath = GetWindowsPath() + _T("\\Application Data"); break; case WINDOWS_NT: { sPath = GetLocalUserAppDataPath(); int nPos = sPath.Find(_T("\\"), GetProfilesRoot().size()+1); sPath = GetProfilesRoot() + _T("\\Default User\\") + sPath.Right(sPath.size() - nPos - 1); } break; case WINDOWS_2K: case WINDOWS_XP: case WINDOWS_2003SERVER: default: sPath = GetFolderPath(CSIDL_APPDATA, (HANDLE)-1); break; } ValidatePath(sPath, CSIDL_APPDATA); return sPath; }
CStdString SystemFolderInfo::GetCommonAppDataPath() { CStdString sPath; switch (GetWindowsVersion()) { case WINDOWS_95: case WINDOWS_ME: case WINDOWS_98: sPath = GetWindowsPath() + _T("\\All Users\\Application Data"); break; case WINDOWS_NT: sPath = GetFolderPath(CSIDL_COMMON_APPDATA, NULL); // For some reason - if the user has restricted access to the folder // this will return an empty string - but we know we can // access it and it should exist! if (sPath.IsEmpty()) sPath = GetProfilesRoot() + _T("\\All Users\\Application Data"); break; case WINDOWS_2K: case WINDOWS_XP: case WINDOWS_2003SERVER: default: sPath = GetFolderPath(CSIDL_COMMON_APPDATA, NULL); break; } ValidatePath(sPath, CSIDL_COMMON_APPDATA); return sPath; }
NTSTATUS ReLoadKbdclassFree() { WIN_VER_DETAIL WinVer; WinVer = GetWindowsVersion(); if (WinVer == WINDOWS_VERSION_2K3_SP1_SP2) return STATUS_UNSUCCESSFUL; if (MmIsAddressValidEx(PKbdclassDriverObjectBakup)) { if (ulReal_KBDCLASS_IRP_MJ_CREATE && ulReal_KBDCLASS_IRP_MJ_CLOSE && ulReal_KBDCLASS_IRP_MJ_READ && ulReal_KBDCLASS_IRP_MJ_FLUSH_BUFFERS && ulReal_KBDCLASS_IRP_MJ_DEVICE_CONTROL && ulReal_KBDCLASS_IRP_MJ_INTERNAL_DEVICE_CONTROL && ulReal_KBDCLASS_IRP_MJ_CLEANUP && ulReal_KBDCLASS_IRP_MJ_POWER && ulReal_KBDCLASS_IRP_MJ_SYSTEM_CONTROL && ulReal_KBDCLASS_IRP_MJ_PNP_POWER) { PKbdclassDriverObjectBakup->MajorFunction[IRP_MJ_CREATE] = ulReal_KBDCLASS_IRP_MJ_CREATE; PKbdclassDriverObjectBakup->MajorFunction[IRP_MJ_CLOSE] = ulReal_KBDCLASS_IRP_MJ_CLOSE; PKbdclassDriverObjectBakup->MajorFunction[IRP_MJ_READ] = ulReal_KBDCLASS_IRP_MJ_READ; PKbdclassDriverObjectBakup->MajorFunction[IRP_MJ_FLUSH_BUFFERS] = ulReal_KBDCLASS_IRP_MJ_FLUSH_BUFFERS; PKbdclassDriverObjectBakup->MajorFunction[IRP_MJ_DEVICE_CONTROL] = ulReal_KBDCLASS_IRP_MJ_DEVICE_CONTROL; PKbdclassDriverObjectBakup->MajorFunction[IRP_MJ_INTERNAL_DEVICE_CONTROL] = ulReal_KBDCLASS_IRP_MJ_INTERNAL_DEVICE_CONTROL; PKbdclassDriverObjectBakup->MajorFunction[IRP_MJ_CLEANUP] = ulReal_KBDCLASS_IRP_MJ_CLEANUP; PKbdclassDriverObjectBakup->MajorFunction[IRP_MJ_POWER] = ulReal_KBDCLASS_IRP_MJ_POWER; PKbdclassDriverObjectBakup->MajorFunction[IRP_MJ_SYSTEM_CONTROL] = ulReal_KBDCLASS_IRP_MJ_SYSTEM_CONTROL; PKbdclassDriverObjectBakup->MajorFunction[IRP_MJ_PNP_POWER] = ulReal_KBDCLASS_IRP_MJ_PNP_POWER; } } return STATUS_SUCCESS; }
VOID SetTcpHook(ULONG ulNumber,ULONG ulRealDispatch) { PDRIVER_OBJECT PTcpDriverObject = NULL; ULONG ulReloadDispatch; if (MmIsAddressValidEx(PTcpDriverObjectBakup)) { PTcpDriverObject = PTcpDriverObjectBakup; PTcpDriverObject->MajorFunction[ulNumber] = ulRealDispatch; //恢复 fsd hook if (GetWindowsVersion() == WINDOWS_VERSION_XP || GetWindowsVersion() == WINDOWS_VERSION_2K3_SP1_SP2) { ulReloadDispatch = ulRealDispatch - ulTcpipModuleBase + ulReLoadTcpipModuleBase; //恢复 fsd inline hook if (GetFunctionCodeSize(ulRealDispatch) != GetFunctionCodeSize(ulReloadDispatch)) { return; } if (memcmp(ulRealDispatch,ulReloadDispatch,GetFunctionCodeSize(ulRealDispatch)) == NULL) { return; } __asm { cli push eax mov eax,cr0 and eax,not 0x10000 mov cr0,eax pop eax } memcpy(ulRealDispatch,ulReloadDispatch,GetFunctionCodeSize(ulRealDispatch)); __asm { push eax mov eax,cr0 or eax,0x10000 mov cr0,eax pop eax sti } } }
bool ActivationContextLoader::IsWindowsXPorHigher() { if (GetWindowsVersion() > WINDOWS_2K) { return true; } return false; }
extern "C" __declspec(dllexport) int Load(void) { mir_getLP(&pluginInfo); GetWindowsVersion(); OpenKeyboardDevice(); hModulesLoaded = HookEvent(ME_SYSTEM_MODULESLOADED, ModulesLoaded); return 0; }
//============================================================================== // вспомогательные функции для работы с модулем //============================================================================== BOOL WINAPI TLUSBBASE::OpenLDeviceByID(WORD VirtualSlot, DWORD DeviceID) { char DeviceName[18]; WORD i; DWORD WindowsVersion; // сбросим номер последней ошибки LAST_ERROR_NUMBER(0x0); // виртуальный слот доступен? if(hDevice != INVALID_HANDLE_VALUE) { CloseHandle(hDevice); hDevice = INVALID_HANDLE_VALUE; } // определимся с версией используемой Windows WindowsVersion = GetWindowsVersion(); if((WindowsVersion == UNKNOWN_WINDOWS_VERSION) || (WindowsVersion == WINDOWS_32S) || (WindowsVersion == WINDOWS_95) || (WindowsVersion == WINDOWS_NT)) { LAST_ERROR_NUMBER(1); return FALSE; } // формируем название драйвера USB wsprintf(DeviceName, "\\\\.\\LDev%d", VirtualSlot); // попробуем открыть идентификатор для модуля hDevice = CreateFile(DeviceName, GENERIC_READ|GENERIC_WRITE, 0x0, NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED, NULL); // проверим: получилось ли открыть устройство? if(hDevice == INVALID_HANDLE_VALUE) { LAST_ERROR_NUMBER(2); return FALSE; } // попробуем получить первичную информацию об открытом устройсве if(!GetDeviceInitialInfo()) { LAST_ERROR_NUMBER(11); CloseLDevice(); return FALSE; } // если требуется пройтись по всем ID, то выполним это else if(DeviceID == ENUM_ALL_USB_DEVICE_ID) { for(i = 0x0; i < SUPPORTED_USB_DEVICES_QUANTITY; i++) if(DeviceInitialInfo.DeviceID == DEVICES_ID_ARRAY[i]) break; if(i == SUPPORTED_USB_DEVICES_QUANTITY) { LAST_ERROR_NUMBER(12); return FALSE; } } // проверим полученное ID устройства с требуемым else if(DeviceInitialInfo.DeviceID != DeviceID) { if(DeviceID == E2010_ID) { if(DeviceInitialInfo.DeviceID != E2010B_ID) { LAST_ERROR_NUMBER(13); return FALSE; } } else { LAST_ERROR_NUMBER(13); return FALSE; } } // попробуем прочитать название модуля if(!GetModuleName(ModuleName)) { LAST_ERROR_NUMBER(3); CloseLDevice(); return FALSE; } // определим на какой скорости работает модуль else if(!GetUsbSpeed(&UsbSpeed)) { LAST_ERROR_NUMBER(4); CloseLDevice(); return FALSE; } // неправильно опредилась скорость работы модуля на шине USB else if(UsbSpeed >= INVALID_USB_SPEED_LUSBAPI) { LAST_ERROR_NUMBER(5); CloseLDevice(); return FALSE; } // все хорошо :))))) else return TRUE; }
extern "C" __declspec(dllexport) int Load(void) { mir_getLP(&pluginInfo); mir_getCLI(); GetWindowsVersion(); OpenKeyboardDevice(); HookEvent(ME_SYSTEM_MODULESLOADED, ModulesLoaded); HookEvent(ME_SYSTEM_PRESHUTDOWN, OnPreshutdown); return 0; }
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd) { #ifndef NDEBUG #define new new(_NORMAL_BLOCK, __FILE__, __LINE__) int flag = _CrtSetDbgFlag(_CRTDBG_REPORT_FLAG); flag |= _CRTDBG_LEAK_CHECK_DF; _CrtSetDbgFlag(flag); #endif // Get the Version of Windows windows_version = GetWindowsVersion(); if( windows_version < WINVER_VISTA ) { MessageBox(NULL, TEXT("his program requires Windows Vista or newer."), TEXT("VulCan"), NULL); return 1; } // Keep the instance handle of the application g_hInst = hInstance; // Creation and registration of the application class WNDCLASSEX wcex; wcex.cbSize = sizeof(WNDCLASSEX); wcex.style = 0; wcex.lpfnWndProc = (WNDPROC) MainWndProc; wcex.cbClsExtra = 0; wcex.cbWndExtra = 0; wcex.hInstance = g_hInst; wcex.hIcon = NULL; wcex.hCursor = NULL; wcex.hbrBackground = NULL; wcex.lpszMenuName = NULL; wcex.lpszClassName = g_szMainWnd; wcex.hIconSm = NULL; if( !RegisterClassEx(&wcex) ) return 1; if( !CreateWindowEx(WS_EX_TOOLWINDOW, g_szMainWnd, g_szWindowName, 0, 0, 0, 0, 0, NULL, NULL, g_hInst, NULL) ) return 1; // Main loop. // Get and send messages for the application. MSG msg; while (GetMessage(&msg, NULL, 0, 0)) { TranslateMessage(&msg); DispatchMessage(&msg); } return 0; }
VOID ParseVadTree(BYTE* VadNode,PDLLINFO PDll) { DWORD LeftChildOfsset=0,RightChildOffset=0; WIN_VER_DETAIL WinVer; WinVer=GetWindowsVersion(); switch (WinVer) { case WINDOWS_VERSION_XP: LeftChildOfsset=0x0c; RightChildOffset=0x10; break; case WINDOWS_VERSION_2K3: LeftChildOfsset=0x04; RightChildOffset=0x08; break; case WINDOWS_VERSION_2K3_SP1_SP2: LeftChildOfsset=0x04; RightChildOffset=0x08; break; case WINDOWS_VERSION_VISTA_2008: //vista + 2008 LeftChildOfsset=0x04; RightChildOffset=0x08; break; /*case 6002: //2008 LeftChildOfsset=0x04; RightChildOffset=0x08; break; */ case WINDOWS_VERSION_7_7000: case WINDOWS_VERSION_7_7600_UP: LeftChildOfsset=0x04; RightChildOffset=0x08; break; } if (LeftChildOfsset==0||RightChildOffset==0) { return; } if (MmIsAddressValidEx(VadNode)) { if (MmIsAddressValidEx((VadNode+LeftChildOfsset)) && MmIsAddressValidEx((VadNode+RightChildOffset))) { ParseVadTree((BYTE*)(*(DWORD*)(VadNode+LeftChildOfsset)),PDll); MyParseVadTreeRoutine(VadNode,PDll); ParseVadTree((BYTE*)(*(DWORD*)(VadNode+RightChildOffset)),PDll); } } }
std::vector<CStdString> SystemFolderInfo::GetUserProfiles( bool bIncludeProfilePath ) { CStdString sPath; switch (GetWindowsVersion()) { case WINDOWS_95: case WINDOWS_ME: case WINDOWS_98: if (HasWin98UserGotProfile()) sPath = GetProfilesRoot(); else sPath = GetProfilesRoot() + _T("\\Profiles"); break; default: sPath = GetProfilesRoot(); } std::vector<CStdString> vecUsers; if (sPath.empty()) return vecUsers; WIN32_FIND_DATA findData; HANDLE hFindHandle = INVALID_HANDLE_VALUE; hFindHandle = ::FindFirstFile(sPath + _T("\\*"), &findData); if (hFindHandle == INVALID_HANDLE_VALUE) return vecUsers; do { CStdString sFile(findData.cFileName); if (findData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY && sFile != _T(".") && sFile != _T("..")) { if( bIncludeProfilePath ) { vecUsers.push_back( sPath + _T("\\") + findData.cFileName); } else { vecUsers.push_back(findData.cFileName); } } } while (::FindNextFile(hFindHandle, &findData)); ::FindClose(hFindHandle); return vecUsers; }
int _tmain(int argc, _TCHAR* argv[]) { string verinfo = GetWindowsVersion() + "\r\n\r\n" + GetNetFrameworkVersion(); cout << endl << verinfo.c_str() << endl; cout << SaveToFile(verinfo).c_str() << endl << endl << endl; cout << "Нажмите любую клавишу..."; _getch(); return 0; }
std::string Sys::GetOSName() { #if defined( EE_PLATFORM_POSIX ) struct utsname os; if ( -1 != uname( &os ) ) { return std::string( os.sysname ) + " " + std::string( os.release ); } return "Unknown"; #elif EE_PLATFORM == EE_PLATFORM_WIN return GetWindowsVersion(); #else return "Unknown"; #endif }
NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING theRegistryPath ) { ULONG ulSize; ULONG ulKeServiceDescriptorTable; int i = 0; HANDLE HThreadHandle; HANDLE ThreadHandle; DriverObject->DriverUnload = DriverUnload; PDriverObject = DriverObject; RetAddress=*(DWORD*)((DWORD)&DriverObject-4); ulMyDriverBase = DriverObject->DriverStart; ulMyDriverSize = DriverObject->DriverSize; DebugOn = FALSE; //开启调式信息 KdPrint(("//***************************************//\r\n" "// A-Protect Anti-Rootkit Kernel Module //\r\n" "// Kernel Module Version LE 2012-0.4.3 //\r\n" "// website:http://www.3600safe.com //\r\n" "//***************************************//\r\n")); SystemEProcess = PsGetCurrentProcess(); WinVersion = GetWindowsVersion(); //初始化系统版本 if (WinVersion) KdPrint(("Init Windows version Success\r\n")); DepthServicesRegistry = NULL; //----------------------------------------- //创建一个系统线程做操作 //----------------------------------------- if (PsCreateSystemThread( &HThreadHandle, 0, NULL, NULL, NULL, IsKernelBooting, NULL) == STATUS_SUCCESS) { ZwClose(HThreadHandle); } return STATUS_SUCCESS; }
BOOL GetActiveSessionID(DWORD& sessionId) { PWTS_SESSION_INFO pSessionInfo = NULL; DWORD dwCountOfSessionInfo = 0; // WTS_CONNECTSTATE_CLASS state; BOOL ret = FALSE; //当终端服务被关闭时会导致WTSEnumerateSessions调用失败,这时采用默认session,vista下是1,xp,2k是0 if ( ::WTSEnumerateSessions(WTS_CURRENT_SERVER_HANDLE, 0, 1, &pSessionInfo, &dwCountOfSessionInfo) ) { for ( DWORD i = 0; i < dwCountOfSessionInfo; i++ ) { if ( pSessionInfo[i].State == WTSActive ) { sessionId = pSessionInfo[i].SessionId; ret = TRUE; break; } } } else { //获取windows版本 DWORD dwPlatformId = 0; DWORD dwMajorVersion = 0; DWORD dwMinorVersion = 0; BOOL bIsVista = false; ret = GetWindowsVersion(dwPlatformId, dwMajorVersion, dwMinorVersion); if (IsVistaSystem(dwPlatformId, dwMajorVersion, dwMinorVersion)) { sessionId = 1; } else { sessionId = 0; } } if (NULL != pSessionInfo) { ::WTSFreeMemory(pSessionInfo); pSessionInfo = NULL; } return ret; }
void CFilesHashDlg::OnBnClickedContext() { if(m_bLimited) { OSVERSIONINFOEX osvi; BOOL bOsVersionInfoEx; if(GetWindowsVersion(osvi, bOsVersionInfoEx) && osvi.dwMajorVersion >= 6) { if(ElevateProcess()) ExitProcess(0); } } // May not a limited process. CStatic* pWnd = (CStatic *)GetDlgItem(IDC_STATIC_ADDRESULT); CString buttonText = _T(""); m_btnContext.GetWindowText(buttonText); if(buttonText.Compare(MAINDLG_ADD_CONTEXT_MENU) == 0) { RemoveContextMenu(); // Try to delete all items related to fHash if(AddContextMenu()) { pWnd->SetWindowText(MAINDLG_ADD_SUCCEEDED); m_btnContext.SetWindowText(MAINDLG_REMOVE_CONTEXT_MENU); } else { pWnd->SetWindowText(MAINDLG_ADD_FAILED); } } else if(buttonText.Compare(MAINDLG_REMOVE_CONTEXT_MENU) == 0) { if(RemoveContextMenu()) { pWnd->SetWindowText(MAINDLG_REMOVE_SUCCEEDED); m_btnContext.SetWindowText(MAINDLG_ADD_CONTEXT_MENU); } else { pWnd->SetWindowText(MAINDLG_REMOVE_FAILED); } } }
BOOL HsInjectDll(BOOL Is32Bit, CString* strDllPath, ULONG_PTR ProcessID) { BOOL bResult = FALSE; if (ProcessID <= 0) { return FALSE; } if (PathFileExists(*strDllPath)) { WinVersion = GetWindowsVersion(); switch(WinVersion) { case Windows7: //注意我们这里针对的是64位的Win7 { WCHAR wzPath[MAX_PATH] = {0}; wcscpy_s(wzPath, strDllPath->GetBuffer()); strDllPath->ReleaseBuffer(); HsDebugPrivilege(SE_DEBUG_NAME, TRUE); bResult = HsInjectDllByRemoteThreadWin7(wzPath,ProcessID,Is32Bit); HsDebugPrivilege(SE_DEBUG_NAME, FALSE); break; } case WindowsXP: //这里是针对的32位的XP { WCHAR wzPath[MAX_PATH] = {0}; wcscpy_s(wzPath, strDllPath->GetBuffer()); strDllPath->ReleaseBuffer(); bResult = HsInjectDllByRemoteThreadWinXP(wzPath,ProcessID); break; } } } return bResult; }
int uname(struct utsname *info) { // get the system information. OSVERSIONINFOEX wininfo; SYSTEM_INFO si; Flux::string WindowsVer = GetWindowsVersion(); Flux::string cputype; char hostname[256] = "\0"; ZeroMemory(&wininfo, sizeof(OSVERSIONINFOEX)); ZeroMemory(&si, sizeof(SYSTEM_INFO)); wininfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX); if(!GetVersionEx(reinterpret_cast<OSVERSIONINFO *>(&wininfo))) return -1; GetSystemInfo(&si); // Get the hostname if(gethostname(hostname, sizeof(hostname)) == SOCKET_ERROR) return -1; if(si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64) cputype = "64-bit"; else if(si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL) cputype = "32-bit"; else if(si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_IA64) cputype = "Itanium 64-bit"; // Fill the utsname struct with the windows system info strcpy(info->sysname, "Windows"); strcpy(info->nodename, hostname); strcpy(info->release, WindowsVer.c_str()); strcpy(info->version, printfify("%ld.%ld-%ld", wininfo.dwMajorVersion, wininfo.dwMinorVersion, wininfo.dwBuildNumber).c_str()); strcpy(info->machine, cputype.c_str()); // Null-Terminate info->nodename[strlen(info->nodename) - 1] = '\0'; info->sysname[strlen(info->sysname) - 1] = '\0'; info->release[strlen(info->sysname) - 1] = '\0'; info->version[strlen(info->version) - 1] = '\0'; info->machine[strlen(info->machine) - 1] = '\0'; }
CStdString SystemFolderInfo::GetProfilesRoot() { CStdString sPath; switch (GetWindowsVersion()) { case WINDOWS_95: case WINDOWS_ME: case WINDOWS_98: { sPath = GetWindowsPath(); if (HasWin98UserGotProfile()) sPath += _T("\\Profiles"); } break; case WINDOWS_NT: { sPath = GetLocalUserAppDataPath(); int nPos = sPath.ReverseFind('\\'); sPath = sPath.Left(nPos); nPos = sPath.ReverseFind('\\'); sPath = sPath.Left(nPos); } break; case WINDOWS_2003SERVER: case WINDOWS_2K: case WINDOWS_XP: default: { sPath = GetProfilesDirectory(); } break; } return sPath; }
char * StrCpyN (char * str1, const char * str2, size_t nChars) { if (str1 == 0 || nChars <= 0) return 0; if (str2 == 0) str2 = ""; #if !defined (WIN32) && !defined (PLAT_UNIX) if (GetWindowsVersion () >= 0x30a) return (lstrcpyn (str1, (LPSTR)str2, nChars)); else #endif //!defined (WIN32) && !defined (PLAT_UNIX) { char * cursor = str1; while (*str2 != '\0') { size_t charSize = IsDBCSLeadByte (*str2) ? 2 : 1; if (nChars > charSize) { *cursor++ = *str2; --nChars; if (charSize == 2) { *cursor++ = *(str2 + 1); --nChars; } str2 = AnsiNext (str2); } else break; } *cursor = '\0'; return str1; } }
BOOL CCKAHGENApp::InitInstance() { // Standard initialization // If you are not using these features and wish to reduce the size // of your final executable, you should remove from the following // the specific initialization routines you do not need. #ifdef _AFXDLL Enable3dControls(); // Call this when using MFC in a shared DLL #else Enable3dControlsStatic(); // Call this when linking to MFC statically #endif WSADATA wsadata; WSAStartup (MAKEWORD (1, 1), &wsadata); GetWindowsVersion (); CCKAHGENDlg dlg; m_pMainWnd = &dlg; int nResponse = dlg.DoModal(); if (nResponse == IDOK) { // TODO: Place code here to handle when the dialog is // dismissed with OK } else if (nResponse == IDCANCEL) { // TODO: Place code here to handle when the dialog is // dismissed with Cancel } WSACleanup (); // Since the dialog has been closed, return FALSE so that we exit the // application, rather than start the application's message pump. return FALSE; }
CStdString SystemFolderInfo::GetProfilePath() { CStdString sPath; switch (GetWindowsVersion()) { case WINDOWS_95: case WINDOWS_ME: case WINDOWS_98: { if (HasWin98UserGotProfile()) { sPath = GetProfilesRoot() + _T("\\") + GetLoggedOnUser(); } else { sPath = GetProfilesRoot() + _T("\\All Users"); } } break; case WINDOWS_NT: sPath = GetProfilesRoot() + _T("\\") + GetLoggedOnUser(); break; case WINDOWS_2K: case WINDOWS_XP: case WINDOWS_2003SERVER: default: sPath = GetFolderPath(CSIDL_PROFILE, NULL); break; } ValidatePath(sPath, CSIDL_PROFILE); return sPath; }
CStdString SystemFolderInfo::GetWindowsPath() { switch (GetWindowsVersion()) { case WINDOWS_2K: case WINDOWS_XP: case WINDOWS_2003SERVER: case WINDOWS_VISTA_CLIENT: default: return GetFolderPath( CSIDL_WINDOWS, NULL ); case WINDOWS_95: case WINDOWS_ME: case WINDOWS_98: case WINDOWS_NT: { TCHAR szDir[_MAX_PATH] = {0}; GetWindowsDirectory(szDir, _MAX_PATH); return szDir; } } return _T(""); }
//得到文件系统回调链表头地址 VOID GetListHeadAddr() { PUCHAR Addr; PUCHAR x,i; UNICODE_STRING IoRegisterFsRegistrationChangeString={0}; PVOID EnumParameter; WIN_VER_DETAIL WinVer; ULONG ulIoRegisterFsRegistrationChangeMountAware; RtlInitUnicodeString(&IoRegisterFsRegistrationChangeString, L"IoRegisterFsRegistrationChange"); Addr=MmGetSystemRoutineAddress(&IoRegisterFsRegistrationChangeString); IopFsNotifyChangeQueueHead = NULL; WinVer = GetWindowsVersion(); switch(WinVer) { case WINDOWS_VERSION_2K3_SP1_SP2: case WINDOWS_VERSION_XP: case WINDOWS_VERSION_7_7000: // Addr=*(ULONG*)((BYTE*)Addr+25); // IopFsNotifyChangeQueueHead=Addr; for (i=(ULONG)Addr;i < i+SizeOfProc(Addr);i++) { if (*i == 0xbe) { IopFsNotifyChangeQueueHead = *(PULONG)(i+1); if (MmIsAddressValidEx(IopFsNotifyChangeQueueHead)) { return; } } } break; case WINDOWS_VERSION_7_7600_UP: for (i=(ULONG)Addr;i < i+SizeOfProc(Addr);i++) { if (*i == 0xe8) { ulIoRegisterFsRegistrationChangeMountAware = *(PULONG)(i+1)+(ULONG)(i+5); if (MmIsAddressValidEx(ulIoRegisterFsRegistrationChangeMountAware)) { if (DebugOn) KdPrint(("ulIoRegisterFsRegistrationChangeMountAware:%08x\r\n",ulIoRegisterFsRegistrationChangeMountAware)); for (x=(ULONG)ulIoRegisterFsRegistrationChangeMountAware;x < x+SizeOfProc(ulIoRegisterFsRegistrationChangeMountAware);x++) { if (*x == 0xbf) { if (DebugOn) KdPrint(("x:%08x\r\n",x)); IopFsNotifyChangeQueueHead = *(PULONG)(x+1); if (MmIsAddressValidEx(IopFsNotifyChangeQueueHead)) { return; } break; } } } break; } } break; } }