C / C++ / MFC

"One must learn from the bite of the fire to leave it alone." - Native American Proverb

"One must learn from the bite of the fire to leave it alone." - Native American Proverb

<br />
#include "stdafx.h"<br />
#include <windows.h><br />
#include <stdio.h><br />
#include <psapi.h><br />
#include <conio.h><br />
<br />
#pragma comment (lib,"psapi.lib")<br />
LPCTSTR GetDriverFromFilePath(LPTSTR FilePath, LPTSTR DriverName);<br />
LPCTSTR ErrorMessage(DWORD ErrorId);<br />
typedef struct _ActivateInfo<br />
{<br />
    BOOLEAN  bActivate;<br />
} ACTIVATE_INFO, *PACTIVATE_INFO;<br />
<br />
typedef struct _CallbackInfo<br />
{<br />
    HANDLE  hParentId;<br />
    HANDLE  hProcessId;<br />
    BOOLEAN bCreate;<br />
}CALLBACK_INFO, *PCALLBACK_INFO;<br />
<br />
DWORD WINAPI Opreste(LPVOID pParam);<br />
<br />
HANDLE kmev;<br />
bool out;<br />
#define FILE_DEVICE_UNKNOWN             0x00000022<br />
#define IOCTL_UNKNOWN_BASE              FILE_DEVICE_UNKNOWN<br />
#define IOCTL_PROCOBSRV_ACTIVATE_MONITORING    \<br />
	CTL_CODE(IOCTL_UNKNOWN_BASE, 0x0800, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)<br />
#define IOCTL_PROCOBSRV_GET_PROCINFO    \<br />
	CTL_CODE(IOCTL_UNKNOWN_BASE, 0x0801, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)<br />
<br />
/*********************************************************<br />
 *   Main Function Entry<br />
 *<br />
 *********************************************************/<br />
int _cdecl main(void)<br />
{<br />
			<br />
	<br />
	<br />
WIN32_FIND_DATA fd;<br />
<br />
	SC_HANDLE hSCManager;<br />
    SC_HANDLE hService;<br />
<br />
					<br />
<br />
FindFirstFile("*.sys",&fd);<br />
char path[1024];<br />
GetModuleFileName(0,path,sizeof(path));<br />
MessageBox(0,ErrorMessage(GetLastError()),"GetModuleFileName",MB_ICONINFORMATION);<br />
char DriverName[1024];<br />
strcpy(DriverName,GetDriverFromFilePath(path,fd.cFileName));<br />
<br />
    hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);<br />
 MessageBox(0,ErrorMessage(GetLastError()),"OpenSCManager",MB_ICONINFORMATION);<br />
    printf("Load Driver\n");<br />
<br />
    if(hSCManager!=NULL)<br />
    {<br />
<br />
        printf("Create Service\n");<br />
		<br />
<br />
hService = CreateService(hSCManager,fd.cFileName,fd.cFileName,SERVICE_ALL_ACCESS,SERVICE_KERNEL_DRIVER,SERVICE_DEMAND_START,SERVICE_ERROR_NORMAL,DriverName,NULL,NULL,NULL,NULL,NULL);<br />
MessageBox(0,ErrorMessage(GetLastError()),"CreateService",MB_ICONINFORMATION);<br />
<br />
if (hService==NULL)   hService=OpenService(hSCManager, fd.cFileName,SERVICE_ALL_ACCESS);<br />
MessageBox(0,ErrorMessage(GetLastError()),"OpenService",MB_ICONINFORMATION);<br />
printf("Start Service\n");<br />
<br />
    if(StartService(hService, 0, NULL)==0)<br />
		   {<br />
MessageBox(0,ErrorMessage(GetLastError()),"Start Service",MB_ICONINFORMATION);<br />
DeleteService(hService);<br />
CloseServiceHandle(hService);<br />
<br />
		   }<br />
		   else<br />
		   {<br />
			   <br />
	SERVICE_STATUS ss;<br />
	while (1)<br />
	{<br />
QueryServiceStatus(hService,&ss);<br />
if (ss.dwCurrentState!=SERVICE_RUNNING)<br />
{<br />
if (ss.dwWaitHint<1000) Sleep(1000);<br />
else <br />
if (ss.dwWaitHint>10000) Sleep(10000);<br />
else Sleep(ss.dwWaitHint);<br />
<br />
}<br />
else<br />
goto out;<br />
<br />
}<br />
<br />
<br />
<br />
		   }<br />
	}<br />
	  <br />
out:<br />
	<br />
MessageBox(NULL,"Service running","",MB_OK);<br />
<br />
<br />
DWORD ret;<br />
HANDLE hDrv;<br />
char pth[1024];<br />
char DrvPath[1024];<br />
<br />
GetModuleFileName(GetModuleHandle(0),pth,sizeof(pth));<br />
<br />
strcpy(DrvPath,GetDriverFromFilePath(pth,fd.cFileName));<br />
MessageBox(0,DrvPath,"",MB_OK);<br />
<br />
<br />
hDrv=CreateFile(DrvPath,<br />
				   GENERIC_READ | GENERIC_WRITE,<br />
				   FILE_SHARE_READ | FILE_SHARE_WRITE,<br />
				   0,<br />
				   OPEN_EXISTING,<br />
				   FILE_FLAG_OVERLAPPED,<br />
				   0);<br />
MessageBox(0,ErrorMessage(GetLastError()),"CreateFile",MB_ICONINFORMATION);<br />
<br />
<br />
out=false;<br />
CALLBACK_INFO call;<br />
ACTIVATE_INFO activateInfo;<br />
activateInfo.bActivate=TRUE;<br />
bool active=false;<br />
CreateThread(0,0,Opreste,0,0,0);<br />
<br />
<br />
kmev=OpenEvent(SYNCHRONIZE,FALSE,"ProcObsrvProcessEvent");<br />
MessageBox(0,ErrorMessage(GetLastError()),"OpenEvent kmev",MB_ICONINFORMATION);<br />
int st=DeviceIoControl(hDrv,<br />
					   IOCTL_PROCOBSRV_ACTIVATE_MONITORING,<br />
					   &activateInfo,<br />
					   sizeof(activateInfo),<br />
					   NULL,<br />
					   0,<br />
					   &ret,<br />
					   NULL<br />
					   );<br />
<br />
MessageBox(0,ErrorMessage(GetLastError()),"DeviceIoControl",MB_ICONINFORMATION);<br />
<br />
<br />
<br />
<br />
<br />
       while(!kbhit())<br />
	   {<br />
		   call.hProcessId=NULL;<br />
		   if (kmev==0) MessageBox(0,"Wait Failed: kmev==0","",MB_OK);<br />
<br />
		   if(WaitForSingleObject(kmev,INFINITE)==WAIT_FAILED)<br />
			   MessageBox(0,"Wait Failed=Wait","",MB_OK);<br />
		   OVERLAPPED ov          = { 0 };<br />
		   ov.hEvent=CreateEvent(0,1,0,0);<br />
<br />
	int stat;<br />
	stat=DeviceIoControl(hDrv,<br />
		IOCTL_PROCOBSRV_GET_PROCINFO,<br />
		0,<br />
		0,<br />
		&call,<br />
		sizeof(call),<br />
		&ret,<br />
		0);<br />
MessageBox(0,ErrorMessage(GetLastError()),"DeviceIoControl",MB_ICONINFORMATION);<br />
	/*if (stat!=0)<br />
	{<br />
	GetOverlappedResult(<br />
		hDrv,<br />
		&ov,<br />
		&ret,<br />
		TRUE);<br />
	MessageBox(0,ErrorMessage(GetLastError()),"GetOverLappedResult",MB_ICONINFORMATION);<br />
	}<br />
	*/<br />
	<br />
<br />
<br />
<br />
if (call.hProcessId!=NULL)<br />
{<br />
DWORD need;<br />
HMODULE mods[1000];<br />
char nume[1024];<br />
<br />
	EnumProcessModules(OpenProcess(PROCESS_ALL_ACCESS,FALSE,(DWORD)call.hProcessId),mods,sizeof(mods),&need);<br />
	GetModuleFileName(mods[0],nume,sizeof(nume));<br />
	if(call.bCreate==TRUE)<br />
	MessageBox(NULL,nume,"Process Created",MB_OK);<br />
	else<br />
		MessageBox(NULL,nume,"Process Terminated",MB_OK);<br />
}<br />
	CloseHandle(ov.hEvent);<br />
	Sleep(100);<br />
	   }<br />
<br />
getch();<br />
printf("%s","Unloading driver");<br />
ACTIVATE_INFO ac;<br />
	   ac.bActivate=FALSE;<br />
DeviceIoControl(hDrv,IOCTL_PROCOBSRV_ACTIVATE_MONITORING,&ac,sizeof(ac),NULL, 0,&ret,NULL);<br />
MessageBox(0,ErrorMessage(GetLastError()),"DeviceIoControl",MB_ICONINFORMATION);<br />
ControlService(hService,SERVICE_CONTROL_STOP,0);<br />
DeleteService(hService);<br />
<br />
    <br />
    return 0;<br />
}<br />
<br />
DWORD WINAPI Opreste(LPVOID pParam)<br />
{<br />
	bool x;<br />
	x=false;<br />
	while(x==false)<br />
	{<br />
	if(GetAsyncKeyState(VK_ESCAPE)<0)<br />
		{<br />
			<br />
	x=true;<br />
	out=true;<br />
		}<br />
		Sleep(1);<br />
	}<br />
<br />
_exit(0);<br />
ExitThread(0);<br />
return 0;<br />
}<br />
<br />
<br />
<br />
LPCTSTR GetDriverFromFilePath(LPTSTR FilePath, LPTSTR DriverName)<br />
{<br />
char file[1024];<br />
char file1[1024];<br />
strcpy(file,_strrev(FilePath));<br />
char slesh[2]={'\\','\0'};<br />
<br />
<br />
for (int i=0; i<=strlen(file); i++)<br />
{<br />
	char fl[2]={'\0','\0'};<br />
<br />
	fl[0]=file[i];<br />
	fl[1]='\0';<br />
if (strcmp(fl,slesh)==0) break;<br />
<br />
}<br />
<br />
strcpy(file1,_strrev(file));<br />
file1[strlen(file1)-i]='\0';<br />
strcat(file1,DriverName);<br />
<br />
return file1;<br />
}<br />
LPCTSTR ErrorMessage(DWORD ErrorId)<br />
{<br />
<br />
LPVOID lpMsgBuf;<br />
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |FORMAT_MESSAGE_FROM_SYSTEM |FORMAT_MESSAGE_IGNORE_INSERTS,<br />
			  NULL,<br />
			  ErrorId,<br />
			  MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),<br />
			  (LPTSTR) &lpMsgBuf,<br />
			  0,<br />
			  NULL<br />
			  );<br />
<br />
return LPCTSTR(lpMsgBuf);<br />
<br />
}<br />

void CMyFrame::OnUpdateViewMychild(CCmdUI * pCmdUI)
{
    // Assumed m_pMyChild is the pointer to the modeless dialog:
    pCmdUI->Enable(!m_pMyChild->IsWindowVisible());
}