├── .gitignore
├── LICENSE
├── PFDLL
├── PFDLL.sln
└── PFDLL
│ ├── PFDLL.vcxproj
│ ├── PFDLL.vcxproj.filters
│ ├── dllmain.cpp
│ ├── framework.h
│ ├── pch.cpp
│ └── pch.h
├── PFSafetyGuard
├── .qmake.stash
├── PFSafetyGuard.pro
├── PFSafetyGuard.sln
├── PFSafetyGuard.vcxproj
├── PFSafetyGuard.vcxproj.filters
├── images
│ ├── cls.ico
│ ├── error.ico
│ ├── myQss.qss
│ ├── open.ico
│ ├── open.png
│ ├── safe.ico
│ ├── start.ico
│ └── warning.ico
├── main.cpp
├── mainwindow.cpp
├── mainwindow.h
├── mainwindow.ui
├── myThread.cpp
├── resource.cpp
└── resource.qrc
├── README.md
├── img
├── 1.png
├── 2.png
└── 3.png
├── syringe
├── syringe.sln
└── syringe
│ ├── Source.cpp
│ ├── syringe.vcxproj
│ └── syringe.vcxproj.filters
└── testCode
├── testCode.sln
└── testCode
├── Source.cpp
├── testCode.vcxproj
└── testCode.vcxproj.filters
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 | ##
4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
5 |
6 | # User-specific files
7 | *.rsuser
8 | *.suo
9 | *.user
10 | *.userosscache
11 | *.sln.docstates
12 |
13 | # User-specific files (MonoDevelop/Xamarin Studio)
14 | *.userprefs
15 |
16 | # Mono auto generated files
17 | mono_crash.*
18 |
19 | # Build results
20 | [Dd]ebug/
21 | [Dd]ebugPublic/
22 | [Rr]elease/
23 | [Rr]eleases/
24 | x64/
25 | x86/
26 | [Ww][Ii][Nn]32/
27 | [Aa][Rr][Mm]/
28 | [Aa][Rr][Mm]64/
29 | bld/
30 | [Bb]in/
31 | [Oo]bj/
32 | [Ll]og/
33 | [Ll]ogs/
34 |
35 | # Visual Studio 2015/2017 cache/options directory
36 | .vs/
37 | # Uncomment if you have tasks that create the project's static files in wwwroot
38 | #wwwroot/
39 |
40 | # Visual Studio 2017 auto generated files
41 | Generated\ Files/
42 |
43 | # MSTest test Results
44 | [Tt]est[Rr]esult*/
45 | [Bb]uild[Ll]og.*
46 |
47 | # NUnit
48 | *.VisualState.xml
49 | TestResult.xml
50 | nunit-*.xml
51 |
52 | # Build Results of an ATL Project
53 | [Dd]ebugPS/
54 | [Rr]eleasePS/
55 | dlldata.c
56 |
57 | # Benchmark Results
58 | BenchmarkDotNet.Artifacts/
59 |
60 | # .NET Core
61 | project.lock.json
62 | project.fragment.lock.json
63 | artifacts/
64 |
65 | # ASP.NET Scaffolding
66 | ScaffoldingReadMe.txt
67 |
68 | # StyleCop
69 | StyleCopReport.xml
70 |
71 | # Files built by Visual Studio
72 | *_i.c
73 | *_p.c
74 | *_h.h
75 | *.ilk
76 | *.meta
77 | *.obj
78 | *.iobj
79 | *.pch
80 | *.pdb
81 | *.ipdb
82 | *.pgc
83 | *.pgd
84 | *.rsp
85 | *.sbr
86 | *.tlb
87 | *.tli
88 | *.tlh
89 | *.tmp
90 | *.tmp_proj
91 | *_wpftmp.csproj
92 | *.log
93 | *.vspscc
94 | *.vssscc
95 | .builds
96 | *.pidb
97 | *.svclog
98 | *.scc
99 |
100 | # Chutzpah Test files
101 | _Chutzpah*
102 |
103 | # Visual C++ cache files
104 | ipch/
105 | *.aps
106 | *.ncb
107 | *.opendb
108 | *.opensdf
109 | *.sdf
110 | *.cachefile
111 | *.VC.db
112 | *.VC.VC.opendb
113 |
114 | # Visual Studio profiler
115 | *.psess
116 | *.vsp
117 | *.vspx
118 | *.sap
119 |
120 | # Visual Studio Trace Files
121 | *.e2e
122 |
123 | # TFS 2012 Local Workspace
124 | $tf/
125 |
126 | # Guidance Automation Toolkit
127 | *.gpState
128 |
129 | # ReSharper is a .NET coding add-in
130 | _ReSharper*/
131 | *.[Rr]e[Ss]harper
132 | *.DotSettings.user
133 |
134 | # TeamCity is a build add-in
135 | _TeamCity*
136 |
137 | # DotCover is a Code Coverage Tool
138 | *.dotCover
139 |
140 | # AxoCover is a Code Coverage Tool
141 | .axoCover/*
142 | !.axoCover/settings.json
143 |
144 | # Coverlet is a free, cross platform Code Coverage Tool
145 | coverage*.json
146 | coverage*.xml
147 | coverage*.info
148 |
149 | # Visual Studio code coverage results
150 | *.coverage
151 | *.coveragexml
152 |
153 | # NCrunch
154 | _NCrunch_*
155 | .*crunch*.local.xml
156 | nCrunchTemp_*
157 |
158 | # MightyMoose
159 | *.mm.*
160 | AutoTest.Net/
161 |
162 | # Web workbench (sass)
163 | .sass-cache/
164 |
165 | # Installshield output folder
166 | [Ee]xpress/
167 |
168 | # DocProject is a documentation generator add-in
169 | DocProject/buildhelp/
170 | DocProject/Help/*.HxT
171 | DocProject/Help/*.HxC
172 | DocProject/Help/*.hhc
173 | DocProject/Help/*.hhk
174 | DocProject/Help/*.hhp
175 | DocProject/Help/Html2
176 | DocProject/Help/html
177 |
178 | # Click-Once directory
179 | publish/
180 |
181 | # Publish Web Output
182 | *.[Pp]ublish.xml
183 | *.azurePubxml
184 | # Note: Comment the next line if you want to checkin your web deploy settings,
185 | # but database connection strings (with potential passwords) will be unencrypted
186 | *.pubxml
187 | *.publishproj
188 |
189 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
190 | # checkin your Azure Web App publish settings, but sensitive information contained
191 | # in these scripts will be unencrypted
192 | PublishScripts/
193 |
194 | # NuGet Packages
195 | *.nupkg
196 | # NuGet Symbol Packages
197 | *.snupkg
198 | # The packages folder can be ignored because of Package Restore
199 | **/[Pp]ackages/*
200 | # except build/, which is used as an MSBuild target.
201 | !**/[Pp]ackages/build/
202 | # Uncomment if necessary however generally it will be regenerated when needed
203 | #!**/[Pp]ackages/repositories.config
204 | # NuGet v3's project.json files produces more ignorable files
205 | *.nuget.props
206 | *.nuget.targets
207 |
208 | # Microsoft Azure Build Output
209 | csx/
210 | *.build.csdef
211 |
212 | # Microsoft Azure Emulator
213 | ecf/
214 | rcf/
215 |
216 | # Windows Store app package directories and files
217 | AppPackages/
218 | BundleArtifacts/
219 | Package.StoreAssociation.xml
220 | _pkginfo.txt
221 | *.appx
222 | *.appxbundle
223 | *.appxupload
224 |
225 | # Visual Studio cache files
226 | # files ending in .cache can be ignored
227 | *.[Cc]ache
228 | # but keep track of directories ending in .cache
229 | !?*.[Cc]ache/
230 |
231 | # Others
232 | ClientBin/
233 | ~$*
234 | *~
235 | *.dbmdl
236 | *.dbproj.schemaview
237 | *.jfm
238 | *.pfx
239 | *.publishsettings
240 | orleans.codegen.cs
241 |
242 | # Including strong name files can present a security risk
243 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
244 | #*.snk
245 |
246 | # Since there are multiple workflows, uncomment next line to ignore bower_components
247 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
248 | #bower_components/
249 |
250 | # RIA/Silverlight projects
251 | Generated_Code/
252 |
253 | # Backup & report files from converting an old project file
254 | # to a newer Visual Studio version. Backup files are not needed,
255 | # because we have git ;-)
256 | _UpgradeReport_Files/
257 | Backup*/
258 | UpgradeLog*.XML
259 | UpgradeLog*.htm
260 | ServiceFabricBackup/
261 | *.rptproj.bak
262 |
263 | # SQL Server files
264 | *.mdf
265 | *.ldf
266 | *.ndf
267 |
268 | # Business Intelligence projects
269 | *.rdl.data
270 | *.bim.layout
271 | *.bim_*.settings
272 | *.rptproj.rsuser
273 | *- [Bb]ackup.rdl
274 | *- [Bb]ackup ([0-9]).rdl
275 | *- [Bb]ackup ([0-9][0-9]).rdl
276 |
277 | # Microsoft Fakes
278 | FakesAssemblies/
279 |
280 | # GhostDoc plugin setting file
281 | *.GhostDoc.xml
282 |
283 | # Node.js Tools for Visual Studio
284 | .ntvs_analysis.dat
285 | node_modules/
286 |
287 | # Visual Studio 6 build log
288 | *.plg
289 |
290 | # Visual Studio 6 workspace options file
291 | *.opt
292 |
293 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
294 | *.vbw
295 |
296 | # Visual Studio LightSwitch build output
297 | **/*.HTMLClient/GeneratedArtifacts
298 | **/*.DesktopClient/GeneratedArtifacts
299 | **/*.DesktopClient/ModelManifest.xml
300 | **/*.Server/GeneratedArtifacts
301 | **/*.Server/ModelManifest.xml
302 | _Pvt_Extensions
303 |
304 | # Paket dependency manager
305 | .paket/paket.exe
306 | paket-files/
307 |
308 | # FAKE - F# Make
309 | .fake/
310 |
311 | # CodeRush personal settings
312 | .cr/personal
313 |
314 | # Python Tools for Visual Studio (PTVS)
315 | __pycache__/
316 | *.pyc
317 |
318 | # Cake - Uncomment if you are using it
319 | # tools/**
320 | # !tools/packages.config
321 |
322 | # Tabs Studio
323 | *.tss
324 |
325 | # Telerik's JustMock configuration file
326 | *.jmconfig
327 |
328 | # BizTalk build output
329 | *.btp.cs
330 | *.btm.cs
331 | *.odx.cs
332 | *.xsd.cs
333 |
334 | # OpenCover UI analysis results
335 | OpenCover/
336 |
337 | # Azure Stream Analytics local run output
338 | ASALocalRun/
339 |
340 | # MSBuild Binary and Structured Log
341 | *.binlog
342 |
343 | # NVidia Nsight GPU debugger configuration file
344 | *.nvuser
345 |
346 | # MFractors (Xamarin productivity tool) working folder
347 | .mfractor/
348 |
349 | # Local History for Visual Studio
350 | .localhistory/
351 |
352 | # BeatPulse healthcheck temp database
353 | healthchecksdb
354 |
355 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
356 | MigrationBackup/
357 |
358 | # Ionide (cross platform F# VS Code tools) working folder
359 | .ionide/
360 |
361 | # Fody - auto-generated XML schema
362 | FodyWeavers.xsd
363 |
364 | # C++ objects and libs
365 | *.slo
366 | *.lo
367 | *.o
368 | *.a
369 | *.la
370 | *.lai
371 | *.so
372 | *.so.*
373 | *.dll
374 | *.dylib
375 |
376 | # Qt-es
377 | object_script.*.Release
378 | object_script.*.Debug
379 | *_plugin_import.cpp
380 | /.qmake.cache
381 | /.qmake.stash
382 | *.pro.user
383 | *.pro.user.*
384 | *.qbs.user
385 | *.qbs.user.*
386 | *.moc
387 | moc_*.cpp
388 | moc_*.h
389 | qrc_*.cpp
390 | ui_*.h
391 | *.qmlc
392 | *.jsc
393 | Makefile*
394 | *build-*
395 | *.qm
396 | *.prl
397 |
398 | # Qt unit tests
399 | target_wrapper.*
400 |
401 | # QtCreator
402 | *.autosave
403 |
404 | # QtCreator Qml
405 | *.qmlproject.user
406 | *.qmlproject.user.*
407 |
408 | # QtCreator CMake
409 | CMakeLists.txt.user*
410 |
411 | # QtCreator 4.8< compilation database
412 | compile_commands.json
413 |
414 | # QtCreator local machine specific files for imported projects
415 | *creator.user*
416 |
417 | *_qmlcache.qrc
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2021 AgentGuo
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/PFDLL/PFDLL.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.30907.101
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "PFDLL", "PFDLL\PFDLL.vcxproj", "{242306A0-9DA6-4D65-9238-28136F04C973}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Debug|x86 = Debug|x86
12 | Release|x64 = Release|x64
13 | Release|x86 = Release|x86
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {242306A0-9DA6-4D65-9238-28136F04C973}.Debug|x64.ActiveCfg = Debug|x64
17 | {242306A0-9DA6-4D65-9238-28136F04C973}.Debug|x64.Build.0 = Debug|x64
18 | {242306A0-9DA6-4D65-9238-28136F04C973}.Debug|x86.ActiveCfg = Debug|Win32
19 | {242306A0-9DA6-4D65-9238-28136F04C973}.Debug|x86.Build.0 = Debug|Win32
20 | {242306A0-9DA6-4D65-9238-28136F04C973}.Release|x64.ActiveCfg = Release|x64
21 | {242306A0-9DA6-4D65-9238-28136F04C973}.Release|x64.Build.0 = Release|x64
22 | {242306A0-9DA6-4D65-9238-28136F04C973}.Release|x86.ActiveCfg = Release|Win32
23 | {242306A0-9DA6-4D65-9238-28136F04C973}.Release|x86.Build.0 = Release|Win32
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {7A556A79-222F-4D08-BB95-8C427EC289AB}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/PFDLL/PFDLL/PFDLL.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 16.0
23 | Win32Proj
24 | {242306a0-9da6-4d65-9238-28136f04c973}
25 | PFDLL
26 | 10.0
27 |
28 |
29 |
30 | DynamicLibrary
31 | true
32 | v142
33 | Unicode
34 |
35 |
36 | DynamicLibrary
37 | false
38 | v142
39 | true
40 | Unicode
41 |
42 |
43 | DynamicLibrary
44 | true
45 | v142
46 | Unicode
47 |
48 |
49 | DynamicLibrary
50 | false
51 | v142
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 | $(VC_IncludePath);$(WindowsSDK_IncludePath);E:\record\6th\softwareSecurity\Detours-master\include;D:\devSoftwareFile\boost_1_75_0;
76 | $(VC_LibraryPath_x86);$(WindowsSDK_LibraryPath_x86);E:\record\6th\softwareSecurity\Detours-master\lib.X86;D:\devSoftwareFile\boost_1_75_0\stage\lib;
77 |
78 |
79 | false
80 |
81 |
82 | true
83 |
84 |
85 | false
86 |
87 |
88 |
89 | Level3
90 | false
91 | WIN32;_DEBUG;PFDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
92 | true
93 | Use
94 | pch.h
95 |
96 |
97 | Windows
98 | true
99 | false
100 |
101 |
102 |
103 |
104 | Level3
105 | true
106 | true
107 | true
108 | WIN32;NDEBUG;PFDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
109 | true
110 | Use
111 | pch.h
112 |
113 |
114 | Windows
115 | true
116 | true
117 | true
118 | false
119 |
120 |
121 |
122 |
123 | Level3
124 | true
125 | _DEBUG;PFDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
126 | true
127 | Use
128 | pch.h
129 |
130 |
131 | Windows
132 | true
133 | false
134 |
135 |
136 |
137 |
138 | Level3
139 | true
140 | true
141 | true
142 | NDEBUG;PFDLL_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
143 | true
144 | Use
145 | pch.h
146 |
147 |
148 | Windows
149 | true
150 | true
151 | true
152 | false
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 |
161 |
162 | Create
163 | Create
164 | Create
165 | Create
166 |
167 |
168 |
169 |
170 |
171 |
--------------------------------------------------------------------------------
/PFDLL/PFDLL/PFDLL.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 | Header Files
23 |
24 |
25 |
26 |
27 | Source Files
28 |
29 |
30 | Source Files
31 |
32 |
33 |
--------------------------------------------------------------------------------
/PFDLL/PFDLL/dllmain.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AgentGuo/PFSafetyGuard/58a30d44040fe204daccf1cba3b0fc78d81ee0b4/PFDLL/PFDLL/dllmain.cpp
--------------------------------------------------------------------------------
/PFDLL/PFDLL/framework.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
4 | // Windows Header Files
5 | #include
6 |
--------------------------------------------------------------------------------
/PFDLL/PFDLL/pch.cpp:
--------------------------------------------------------------------------------
1 | // pch.cpp: source file corresponding to the pre-compiled header
2 |
3 | #include "pch.h"
4 |
5 | // When you are using pre-compiled headers, this source file is necessary for compilation to succeed.
6 |
--------------------------------------------------------------------------------
/PFDLL/PFDLL/pch.h:
--------------------------------------------------------------------------------
1 | // pch.h: This is a precompiled header file.
2 | // Files listed below are compiled only once, improving build performance for future builds.
3 | // This also affects IntelliSense performance, including code completion and many code browsing features.
4 | // However, files listed here are ALL re-compiled if any one of them is updated between builds.
5 | // Do not add files here that you will be updating frequently as this negates the performance advantage.
6 |
7 | #ifndef PCH_H
8 | #define PCH_H
9 |
10 | // add headers that you want to pre-compile here
11 | #include "framework.h"
12 |
13 | #endif //PCH_H
14 |
--------------------------------------------------------------------------------
/PFSafetyGuard/.qmake.stash:
--------------------------------------------------------------------------------
1 | QMAKE_CXX.INCDIRS = \
2 | "C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\INCLUDE" \
3 | "C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\ATLMFC\\INCLUDE" \
4 | "C:\\Program Files (x86)\\Windows Kits\\10\\include\\10.0.18362.0\\ucrt" \
5 | "C:\\Program Files (x86)\\Windows Kits\\NETFXSDK\\4.6.1\\include\\um" \
6 | "C:\\Program Files (x86)\\Windows Kits\\10\\include\\10.0.18362.0\\shared" \
7 | "C:\\Program Files (x86)\\Windows Kits\\10\\include\\10.0.18362.0\\um" \
8 | "C:\\Program Files (x86)\\Windows Kits\\10\\include\\10.0.18362.0\\winrt"
9 | QMAKE_CXX.LIBDIRS = \
10 | "C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\LIB" \
11 | "C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\ATLMFC\\LIB" \
12 | "C:\\Program Files (x86)\\Windows Kits\\10\\lib\\10.0.18362.0\\ucrt\\x86" \
13 | "C:\\Program Files (x86)\\Windows Kits\\NETFXSDK\\4.6.1\\lib\\um\\x86" \
14 | "C:\\Program Files (x86)\\Windows Kits\\10\\lib\\10.0.18362.0\\um\\x86"
15 | QMAKE_CXX.QT_COMPILER_STDCXX = 199711L
16 | QMAKE_CXX.QMAKE_MSC_VER = 1900
17 | QMAKE_CXX.QMAKE_MSC_FULL_VER = 190024215
18 | QMAKE_CXX.COMPILER_MACROS = \
19 | QT_COMPILER_STDCXX \
20 | QMAKE_MSC_VER \
21 | QMAKE_MSC_FULL_VER
22 |
--------------------------------------------------------------------------------
/PFSafetyGuard/PFSafetyGuard.pro:
--------------------------------------------------------------------------------
1 | QT += core gui
2 |
3 | greaterThan(QT_MAJOR_VERSION, 4): QT += widgets
4 |
5 | CONFIG += c++11
6 |
7 | # The following define makes your compiler emit warnings if you use
8 | # any Qt feature that has been marked deprecated (the exact warnings
9 | # depend on your compiler). Please consult the documentation of the
10 | # deprecated API in order to know how to port your code away from it.
11 | DEFINES += QT_DEPRECATED_WARNINGS
12 |
13 | # You can also make your code fail to compile if it uses deprecated APIs.
14 | # In order to do so, uncomment the following line.
15 | # You can also select to disable deprecated APIs only up to a certain version of Qt.
16 | #DEFINES += QT_DISABLE_DEPRECATED_BEFORE=0x060000 # disables all the APIs deprecated before Qt 6.0.0
17 |
18 | SOURCES += \
19 | main.cpp \
20 | mainwindow.cpp
21 |
22 | HEADERS += \
23 | mainwindow.h
24 |
25 | FORMS += \
26 | mainwindow.ui
27 |
28 | # Default rules for deployment.
29 | qnx: target.path = /tmp/$${TARGET}/bin
30 | else: unix:!android: target.path = /opt/$${TARGET}/bin
31 | !isEmpty(target.path): INSTALLS += target
32 |
33 | RESOURCES += \
34 | resource.qrc
35 |
--------------------------------------------------------------------------------
/PFSafetyGuard/PFSafetyGuard.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 14
4 | VisualStudioVersion = 14.0.25420.1
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "PFSafetyGuard", "PFSafetyGuard.vcxproj", "{FBF1A24C-1237-3B29-9B2D-828FB4A0B684}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x86 = Debug|x86
11 | Release|x86 = Release|x86
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {FBF1A24C-1237-3B29-9B2D-828FB4A0B684}.Debug|x86.ActiveCfg = Debug|Win32
15 | {FBF1A24C-1237-3B29-9B2D-828FB4A0B684}.Debug|x86.Build.0 = Debug|Win32
16 | {FBF1A24C-1237-3B29-9B2D-828FB4A0B684}.Release|x86.ActiveCfg = Release|Win32
17 | {FBF1A24C-1237-3B29-9B2D-828FB4A0B684}.Release|x86.Build.0 = Release|Win32
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | EndGlobal
23 |
--------------------------------------------------------------------------------
/PFSafetyGuard/PFSafetyGuard.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Release
6 | Win32
7 |
8 |
9 | Debug
10 | Win32
11 |
12 |
13 |
14 | {FBF1A24C-1237-3B29-9B2D-828FB4A0B684}
15 | PFSafetyGuard
16 | QtVS_v304
17 | 10.0.18362.0
18 | $(MSBuildProjectDirectory)\QtMsBuild
19 |
20 |
21 |
22 | v140
23 | release\
24 | false
25 | NotSet
26 | Application
27 | release\
28 | PFSafetyGuard
29 |
30 |
31 | v140
32 | debug\
33 | false
34 | NotSet
35 | Application
36 | debug\
37 | PFSafetyGuard
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 | debug\
56 | debug\
57 | PFSafetyGuard
58 | true
59 |
60 |
61 | release\
62 | release\
63 | PFSafetyGuard
64 | true
65 | false
66 |
67 |
68 | 5.9.9_msvc2015
69 | core;gui;widgets
70 |
71 |
72 | 5.9.9_msvc2015
73 | core;gui;widgets
74 |
75 |
76 |
77 |
78 |
79 |
80 | GeneratedFiles\$(ConfigurationName);GeneratedFiles;.;release;%(AdditionalIncludeDirectories)
81 | -Zc:rvalueCast -Zc:inline -Zc:strictStrings -Zc:throwingNew -w34100 -w34189 -w44996 -w44456 -w44457 -w44458 %(AdditionalOptions)
82 | release\
83 | false
84 | None
85 | 4577;4467;%(DisableSpecificWarnings)
86 | Sync
87 | release\
88 | MaxSpeed
89 | _WINDOWS;UNICODE;_UNICODE;WIN32;QT_DEPRECATED_WARNINGS;QT_NO_DEBUG;NDEBUG;%(PreprocessorDefinitions)
90 | false
91 |
92 |
93 | MultiThreadedDLL
94 | true
95 | true
96 | Level3
97 | true
98 |
99 |
100 | shell32.lib;%(AdditionalDependencies)
101 | C:\opensslx86\lib;C:\Utils\my_sql\my_sqlx86\lib;C:\Utils\postgresqlx86\pgsql\lib;%(AdditionalLibraryDirectories)
102 | "/MANIFESTDEPENDENCY:type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' publicKeyToken='6595b64144ccf1df' language='*' processorArchitecture='*'" %(AdditionalOptions)
103 | true
104 | false
105 | true
106 | false
107 | $(OutDir)\PFSafetyGuard.exe
108 | true
109 | Windows
110 | true
111 |
112 |
113 | Unsigned
114 | None
115 | 0
116 |
117 |
118 | _WINDOWS;UNICODE;_UNICODE;WIN32;QT_DEPRECATED_WARNINGS;QT_NO_DEBUG;QT_WIDGETS_LIB;QT_GUI_LIB;QT_CORE_LIB;%(PreprocessorDefinitions)
119 |
120 |
121 | msvc
122 | $(Configuration)/moc_predefs.h
123 | Moc'ing %(Identity)...
124 | output
125 | $(Configuration)
126 | moc_%(Filename).cpp
127 |
128 |
129 | resource
130 | default
131 | Rcc'ing %(Identity)...
132 | $(Configuration)
133 | qrc_%(Filename).cpp
134 |
135 |
136 | Uic'ing %(Identity)...
137 | $(ProjectDir)
138 | ui_%(Filename).h
139 |
140 |
141 |
142 |
143 | GeneratedFiles\$(ConfigurationName);GeneratedFiles;.;debug;%(AdditionalIncludeDirectories)
144 | -Zc:rvalueCast -Zc:inline -Zc:strictStrings -Zc:throwingNew -w34100 -w34189 -w44996 -w44456 -w44457 -w44458 %(AdditionalOptions)
145 | debug\
146 | false
147 | ProgramDatabase
148 | 4577;4467;%(DisableSpecificWarnings)
149 | Sync
150 | debug\
151 | Disabled
152 | _WINDOWS;UNICODE;_UNICODE;WIN32;QT_DEPRECATED_WARNINGS;%(PreprocessorDefinitions)
153 | false
154 | MultiThreadedDebugDLL
155 | true
156 | true
157 | Level3
158 | true
159 |
160 |
161 | shell32.lib;%(AdditionalDependencies)
162 | C:\opensslx86\lib;C:\Utils\my_sql\my_sqlx86\lib;C:\Utils\postgresqlx86\pgsql\lib;%(AdditionalLibraryDirectories)
163 | "/MANIFESTDEPENDENCY:type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' publicKeyToken='6595b64144ccf1df' language='*' processorArchitecture='*'" %(AdditionalOptions)
164 | true
165 | true
166 | true
167 | $(OutDir)\PFSafetyGuard.exe
168 | true
169 | Windows
170 | true
171 |
172 |
173 | Unsigned
174 | None
175 | 0
176 |
177 |
178 | _WINDOWS;UNICODE;_UNICODE;WIN32;QT_DEPRECATED_WARNINGS;QT_WIDGETS_LIB;QT_GUI_LIB;QT_CORE_LIB;_DEBUG;%(PreprocessorDefinitions)
179 |
180 |
181 | msvc
182 | $(Configuration)/moc_predefs.h
183 | Moc'ing %(Identity)...
184 | output
185 | $(Configuration)
186 | moc_%(Filename).cpp
187 |
188 |
189 | resource
190 | default
191 | Rcc'ing %(Identity)...
192 | $(Configuration)
193 | qrc_%(Filename).cpp
194 |
195 |
196 | Uic'ing %(Identity)...
197 | $(ProjectDir)
198 | ui_%(Filename).h
199 |
200 |
201 |
202 |
203 |
204 |
205 |
206 |
207 |
208 |
209 |
210 |
211 |
212 | Document
213 | true
214 | $(QTDIR)\mkspecs\features\data\dummy.cpp;%(AdditionalInputs)
215 | cl -Bx"$(QTDIR)\bin\qmake.exe" -nologo -Zc:wchar_t -FS -Zc:rvalueCast -Zc:inline -Zc:strictStrings -Zc:throwingNew -Zi -MDd -W3 -w34100 -w34189 -w44996 -w44456 -w44457 -w44458 -wd4577 -wd4467 -E $(QTDIR)\mkspecs\features\data\dummy.cpp 2>NUL >debug\moc_predefs.h
216 | Generate moc_predefs.h
217 | debug\moc_predefs.h;%(Outputs)
218 |
219 |
220 | Document
221 | $(QTDIR)\mkspecs\features\data\dummy.cpp;%(AdditionalInputs)
222 | cl -Bx"$(QTDIR)\bin\qmake.exe" -nologo -Zc:wchar_t -FS -Zc:rvalueCast -Zc:inline -Zc:strictStrings -Zc:throwingNew -O2 -MD -W3 -w34100 -w34189 -w44996 -w44456 -w44457 -w44458 -wd4577 -wd4467 -E $(QTDIR)\mkspecs\features\data\dummy.cpp 2>NUL >release\moc_predefs.h
223 | Generate moc_predefs.h
224 | release\moc_predefs.h;%(Outputs)
225 | true
226 |
227 |
228 |
229 |
230 |
231 |
232 |
233 |
234 |
235 |
236 |
237 |
238 |
239 |
240 |
241 |
242 |
--------------------------------------------------------------------------------
/PFSafetyGuard/PFSafetyGuard.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {99349809-55BA-4b9d-BF79-8FDBB0286EB3}
6 | ui
7 | false
8 |
9 |
10 | {99349809-55BA-4b9d-BF79-8FDBB0286EB3}
11 | ui
12 | false
13 |
14 |
15 | {71ED8ED8-ACB9-4CE9-BBE1-E00B30144E11}
16 | cpp;c;cxx;moc;h;def;odl;idl;res;
17 |
18 |
19 | {71ED8ED8-ACB9-4CE9-BBE1-E00B30144E11}
20 | cpp;c;cxx;moc;h;def;odl;idl;res;
21 |
22 |
23 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
24 | h;hpp;hxx;hm;inl;inc;xsd
25 |
26 |
27 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
28 | h;hpp;hxx;hm;inl;inc;xsd
29 |
30 |
31 | {D9D6E242-F8AF-46E4-B9FD-80ECBC20BA3E}
32 | qrc;*
33 | false
34 |
35 |
36 | {D9D6E242-F8AF-46E4-B9FD-80ECBC20BA3E}
37 | qrc;*
38 | false
39 |
40 |
41 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
42 | cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx
43 |
44 |
45 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
46 | cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx
47 |
48 |
49 |
50 |
51 | Source Files
52 |
53 |
54 | Source Files
55 |
56 |
57 | Source Files
58 |
59 |
60 |
61 |
62 | Header Files
63 |
64 |
65 |
66 |
67 | Generated Files
68 |
69 |
70 | Generated Files
71 |
72 |
73 |
74 |
75 | Form Files
76 |
77 |
78 |
79 |
80 | Resource Files
81 |
82 |
83 | Resource Files
84 |
85 |
86 |
--------------------------------------------------------------------------------
/PFSafetyGuard/images/cls.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AgentGuo/PFSafetyGuard/58a30d44040fe204daccf1cba3b0fc78d81ee0b4/PFSafetyGuard/images/cls.ico
--------------------------------------------------------------------------------
/PFSafetyGuard/images/error.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AgentGuo/PFSafetyGuard/58a30d44040fe204daccf1cba3b0fc78d81ee0b4/PFSafetyGuard/images/error.ico
--------------------------------------------------------------------------------
/PFSafetyGuard/images/myQss.qss:
--------------------------------------------------------------------------------
1 | QLabel {
2 | font-size: 12px;
3 | border-style: solid;
4 | border-width: 1px;
5 | border-color: #2E3648;
6 |
7 | }
8 | QTextEdit{
9 | border-style: solid;
10 | border-width: 1px;
11 | border-color: #2E3648;
12 | font-size: 12px;
13 | }
14 |
--------------------------------------------------------------------------------
/PFSafetyGuard/images/open.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AgentGuo/PFSafetyGuard/58a30d44040fe204daccf1cba3b0fc78d81ee0b4/PFSafetyGuard/images/open.ico
--------------------------------------------------------------------------------
/PFSafetyGuard/images/open.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AgentGuo/PFSafetyGuard/58a30d44040fe204daccf1cba3b0fc78d81ee0b4/PFSafetyGuard/images/open.png
--------------------------------------------------------------------------------
/PFSafetyGuard/images/safe.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AgentGuo/PFSafetyGuard/58a30d44040fe204daccf1cba3b0fc78d81ee0b4/PFSafetyGuard/images/safe.ico
--------------------------------------------------------------------------------
/PFSafetyGuard/images/start.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AgentGuo/PFSafetyGuard/58a30d44040fe204daccf1cba3b0fc78d81ee0b4/PFSafetyGuard/images/start.ico
--------------------------------------------------------------------------------
/PFSafetyGuard/images/warning.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AgentGuo/PFSafetyGuard/58a30d44040fe204daccf1cba3b0fc78d81ee0b4/PFSafetyGuard/images/warning.ico
--------------------------------------------------------------------------------
/PFSafetyGuard/main.cpp:
--------------------------------------------------------------------------------
1 | #include "mainwindow.h"
2 |
3 | #include
4 |
5 | int main(int argc, char *argv[])
6 | {
7 | QApplication a(argc, argv);
8 | QFile qss(":/images/images/myQss.qss");
9 | if (qss.open(QFile::ReadOnly))
10 | {
11 | qDebug("open success");
12 | QString style = QLatin1String(qss.readAll());
13 | a.setStyleSheet(style);
14 | qss.close();
15 | }
16 | else
17 | {
18 | qDebug("Open failed");
19 | }
20 | MainWindow w;
21 | w.show();
22 | return a.exec();
23 | }
24 |
--------------------------------------------------------------------------------
/PFSafetyGuard/mainwindow.cpp:
--------------------------------------------------------------------------------
1 | #include "mainwindow.h"
2 | #include "ui_mainwindow.h"
3 | char typeStr[20][20] = { "None", "MessageBoxA", "MessageBoxW",
4 | "CreateFile", "WriteFile", "ReadFile", "HeapCreate",
5 | "HeapDestory", "HeapFree", "RegCreateKeyEx", "RegSetValueEx",
6 | "RegCloseKey", "RegOpenKeyEx", "RegDeleteValue", "socket",
7 | "bind", "send", "connect", "recv" };
8 | info recvInfo;
9 | MainWindow::MainWindow(QWidget *parent)
10 | : QMainWindow(parent)
11 | , ui(new Ui::MainWindow)
12 | {
13 | ui->setupUi(this);
14 | initUI();
15 | }
16 |
17 | MainWindow::~MainWindow()
18 | {
19 | delete ui;
20 | }
21 | void MainWindow::initUI() {
22 | //QPixmap iconaaa(":/images/images/safe.ico");
23 | ////label->setPixmap(iconaaa);
24 | //ui->label_5->setPixmap(iconaaa);
25 | //ui->tempButton->setIcon
26 | //ui->label_5->setWindowIcon(QIcon(":/images/images/safe.ico"));
27 | //ui->infoButton->setDisabled(true);
28 | ui->infoButton->setIcon(QIcon(":/images/images/safe.ico"));
29 | connect(&threadA, SIGNAL(newInfo(QString, int)), this, SLOT(on_ThreadA_newInfo(QString, int)));
30 | connect(&threadA, SIGNAL(newProcessModules(QString)), this, SLOT(on_ThreadA_newProcessModules(QString)));
31 | connect(&threadA, SIGNAL(newProcessPriority(QString)), this, SLOT(on_ThreadA_newProcessPriority(QString)));
32 | connect(&threadA, SIGNAL(newProcessID(QString)), this, SLOT(on_ThreadA_newProcessID(QString)));
33 | connect(&threadA, SIGNAL(newProcessName(QString)), this, SLOT(on_ThreadA_newProcessName(QString)));
34 | //connect(&threadA, SIGNAL(newValue(QString)), this, SLOT(on_ThreadA_newValue(QString)));
35 | connect(&threadA, SIGNAL(newInfo()), this, SLOT(on_ThreadA_newInfo()));
36 | }
37 | void MainWindow::on_openFileButton_pressed() {
38 | QString fileName = QFileDialog::getOpenFileName(
39 | this, tr("open image file"),
40 | "./", tr("Image files(*.txt *.exe);;All files (*.*)"));
41 |
42 | if (fileName.isEmpty())
43 | {
44 | QMessageBox mesg;
45 | mesg.warning(this, "warning", "open file failed");
46 | return;
47 | }
48 | else
49 | {
50 | ui->filePathTextEdit->setText(fileName);
51 | }
52 | }
53 | void MainWindow::on_tempButton_pressed() {
54 | QByteArray temp = ui->filePathTextEdit->toPlainText().toLatin1();
55 | threadA.init(temp.data());
56 | threadA.start();
57 | }
58 |
59 | void MainWindow::on_clsButton_pressed() {
60 | ui->infoTree->clear();
61 | }
62 |
63 |
64 | void MainWindow::on_ThreadA_newValue(QString str) {
65 | //ui->tempLabel->setText(str);
66 | //ui->filePathTextEdit->setText(str);
67 | }
68 |
69 | void MainWindow::closeEvent(QCloseEvent *event) {
70 | if (threadA.isRunning()) {
71 | threadA.stopThread();
72 | threadA.wait();
73 | }
74 | event->accept();
75 | }
76 |
77 | void MainWindow::on_ThreadA_newInfo() {
78 | //QString temp = QString(QLatin1String(fileName));
79 | //emit newValue(QString(QLatin1String(fileName)));
80 | //msleep(1500);
81 | QTreeWidgetItem* item = new QTreeWidgetItem();
82 | char temp[128] = "";
83 | sprintf(temp, "%d-%d-%d %-02d:%-02d (%-d.%-ds)",
84 | recvInfo.st.wYear, recvInfo.st.wMonth, recvInfo.st.wDay,
85 | recvInfo.st.wHour, recvInfo.st.wMinute, recvInfo.st.wSecond,
86 | recvInfo.st.wMilliseconds);
87 | //QTreeWidgetItem* item2 = new QTreeWidgetItem();
88 | //item->setText(0, "1111");
89 | item->setData(0, 0, typeStr[recvInfo.type]);
90 | item->setData(1, 0, temp);
91 | for (int i = 0; i < recvInfo.argNum; i++) {
92 | QTreeWidgetItem* item2 = new QTreeWidgetItem();
93 | item2->setData(0, 0, recvInfo.argName[i]);
94 | item2->setData(1, 0, recvInfo.argValue[i]);
95 | item->addChild(item2);
96 | }
97 | //item->setData(1, 0, "2222");
98 | //item2->setData(0, 0, "3333");
99 | //item2->setData(1, 0, "4444");
100 | //item->addChild(item2);
101 | //item2->setData(0, 0, "5555");
102 | //item2->setData(1, 0, "6666");
103 | //item->addChild(item2);
104 | ui->infoTree->addTopLevelItem(item);
105 | }
106 | void MainWindow::on_ThreadA_newProcessName(QString str) {
107 | ui->processName->setText(str);
108 | }
109 | void MainWindow::on_ThreadA_newProcessID(QString str) {
110 | ui->processID->setText(str);
111 | }
112 | void MainWindow::on_ThreadA_newProcessPriority(QString str) {
113 | ui->processPriority->setText(str);
114 | }
115 | void MainWindow::on_ThreadA_newProcessModules(QString str) {
116 | ui->processModules->setText(str);
117 | }
118 | void MainWindow::on_ThreadA_newInfo(QString str, int status) {
119 | ui->info->setText(str);
120 | if (status == 2) {
121 | ui->infoButton->setIcon(QIcon(":/images/images/error.ico"));
122 | }
123 | else if (status == 1) {
124 | ui->infoButton->setIcon(QIcon(":/images/images/warning.ico"));
125 | }
126 | else {
127 | ui->infoButton->setIcon(QIcon(":/images/images/safe.ico"));
128 | }
129 | //ui->label_5->setWindowIcon(QIcon(":/images/images/safe.ico"));
130 | //ui->label_5->setWindowIcon
131 | //ui->info->setTextColor()
132 | }
--------------------------------------------------------------------------------
/PFSafetyGuard/mainwindow.h:
--------------------------------------------------------------------------------
1 | #ifndef MAINWINDOW_H
2 | #define MAINWINDOW_H
3 |
4 | #include
5 | #include
6 | #include
7 | #include
8 | #include
9 | #include
10 | #include
11 | #include "psapi.h"
12 | #include
13 |
14 | QT_BEGIN_NAMESPACE
15 | namespace Ui { class MainWindow; }
16 | QT_END_NAMESPACE
17 |
18 | using namespace std;
19 | #define MESSAGEBOXA 1
20 | #define MESSAGEBOXW 2
21 | #define CREATEFILE 3
22 | #define WRITEFILE 4
23 | #define READFILE 5
24 | #define HEAPCREATE 6
25 | #define HEAPDESTORY 7
26 | #define HEAPFREE 8
27 | #define REGCREATEKEYEX 9
28 | #define REGSETVALUEEX 10
29 | #define REGCLOSEKEY 11
30 | #define REGOPENKEYEX 12
31 | #define REGDELETEVALUE 13
32 | #define THESOCKET 14
33 | #define BIND 15
34 | #define SEND 16
35 | #define CONNECT 17
36 | #define RECV 18
37 | struct info {
38 | int type, argNum;
39 | SYSTEMTIME st;
40 | char argName[10][30] = { 0 };
41 | char argValue[10][70] = { 0 };
42 | };
43 |
44 | class myThread :public QThread {
45 | Q_OBJECT
46 | private:
47 | bool running;
48 | char filePath[256], fileName[128];
49 | unordered_set heapSet;
50 | unordered_set folderSet;
51 | protected:
52 | void run();
53 | public:
54 | void init(char * path);
55 | void getFileName(char *filePath, char *fileName);
56 | void stopThread();
57 | int GetProcessPriority(HANDLE hProcess);
58 | void checkFunc();
59 | void createFileCheck();
60 | void getLastFolder(char* filePath, string & folder);
61 | signals:
62 | void newValue(QString str);
63 | void newInfo();
64 | void newProcessName(QString str);
65 | void newProcessID(QString str);
66 | void newProcessPriority(QString str);
67 | void newProcessModules(QString str);
68 | void newInfo(QString str, int status);
69 | };
70 |
71 | class MainWindow : public QMainWindow
72 | {
73 | Q_OBJECT
74 | private:
75 | myThread threadA;
76 | protected:
77 | void closeEvent(QCloseEvent *event);
78 | private slots:
79 | void on_openFileButton_pressed();
80 | void on_tempButton_pressed();
81 | void on_clsButton_pressed();
82 | void on_ThreadA_newValue(QString str);
83 | void on_ThreadA_newInfo();
84 | void on_ThreadA_newProcessName(QString str);
85 | void on_ThreadA_newProcessID(QString str);
86 | void on_ThreadA_newProcessPriority(QString str);
87 | void on_ThreadA_newProcessModules(QString str);
88 | void on_ThreadA_newInfo(QString str, int status);
89 | public:
90 | MainWindow(QWidget *parent = nullptr);
91 | void initUI();
92 | ~MainWindow();
93 | private:
94 | Ui::MainWindow *ui;
95 | };
96 |
97 |
98 | #endif // MAINWINDOW_H
99 |
--------------------------------------------------------------------------------
/PFSafetyGuard/mainwindow.ui:
--------------------------------------------------------------------------------
1 |
2 |
3 | MainWindow
4 |
5 |
6 |
7 | 0
8 | 0
9 | 700
10 | 494
11 |
12 |
13 |
14 | MainWindow
15 |
16 |
17 |
18 |
19 |
20 | 10
21 | 10
22 | 681
23 | 31
24 |
25 |
26 |
27 | -
28 |
29 |
30 |
31 | 16777215
32 | 26
33 |
34 |
35 |
36 |
37 | 10
38 |
39 |
40 |
41 |
42 | -
43 |
44 |
45 |
46 | 10
47 |
48 |
49 |
50 | open file
51 |
52 |
53 |
54 | :/images/images/open.ico:/images/images/open.ico
55 |
56 |
57 |
58 | -
59 |
60 |
61 | start
62 |
63 |
64 |
65 | :/images/images/start.ico:/images/images/start.ico
66 |
67 |
68 |
69 | -
70 |
71 |
72 | cls
73 |
74 |
75 |
76 | :/images/images/cls.ico:/images/images/cls.ico
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 | 10
86 | 50
87 | 681
88 | 431
89 |
90 |
91 |
92 | -
93 |
94 |
95 |
96 | Name
97 |
98 |
99 |
100 | 10
101 |
102 |
103 |
104 |
105 |
106 | time/property
107 |
108 |
109 |
110 | 10
111 |
112 |
113 |
114 |
115 |
116 | -
117 |
118 |
-
119 |
120 |
-
121 |
122 |
123 | processName:
124 |
125 |
126 |
127 | -
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 | -
137 |
138 |
-
139 |
140 |
141 | processID
142 |
143 |
144 |
145 | -
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 | -
155 |
156 |
-
157 |
158 |
159 | Process priority
160 |
161 |
162 |
163 | -
164 |
165 |
166 |
167 |
168 |
169 |
170 |
171 |
172 | -
173 |
174 |
175 | Process Modules
176 |
177 |
178 |
179 | -
180 |
181 |
182 | -
183 |
184 |
185 | info
186 |
187 |
188 |
189 | 24
190 | 24
191 |
192 |
193 |
194 |
195 |
196 |
197 |
198 | -
199 |
200 |
201 |
202 |
203 |
204 |
205 |
206 |
207 |
208 |
209 |
210 |
211 |
212 |
--------------------------------------------------------------------------------
/PFSafetyGuard/myThread.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AgentGuo/PFSafetyGuard/58a30d44040fe204daccf1cba3b0fc78d81ee0b4/PFSafetyGuard/myThread.cpp
--------------------------------------------------------------------------------
/PFSafetyGuard/resource.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AgentGuo/PFSafetyGuard/58a30d44040fe204daccf1cba3b0fc78d81ee0b4/PFSafetyGuard/resource.cpp
--------------------------------------------------------------------------------
/PFSafetyGuard/resource.qrc:
--------------------------------------------------------------------------------
1 |
2 |
3 | images/open.ico
4 | images/myQss.qss
5 | images/start.ico
6 | images/cls.ico
7 | images/error.ico
8 | images/safe.ico
9 | images/warning.ico
10 |
11 |
12 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # [PFSafetyGuard](https://github.com/AgentGuo/PFSafetyGuard):sunflower:
2 |
3 | > 软件安全课设一等奖:trophy:
4 |
5 | ## 1. Get start
6 |
7 | ### 1.1 项目介绍
8 |
9 | 项目主要有四个部分:
10 |
11 | * [testCode](https://github.com/AgentGuo/PFSafetyGuard/tree/main/testCode):测试程序,主要包含一些我们需要抓取的API和异常操作
12 | * [PFDLL](https://github.com/AgentGuo/PFSafetyGuard/tree/main/PFDLL):定义了需要HOOK的winAPI和替换的函数
13 | * [syringe](https://github.com/AgentGuo/PFSafetyGuard/tree/main/syringe):注射器程序,主要将[PFDLL](https://github.com/AgentGuo/PFSafetyGuard/tree/main/PFDLL)程序中的替换函数替换测试程序[testCode](https://github.com/AgentGuo/PFSafetyGuard/tree/main/testCode)中的API
14 | * [PFSafetyGuard](https://github.com/AgentGuo/PFSafetyGuard/tree/main/PFSafetyGuard):图形界面程序,接收[PFDLL](https://github.com/AgentGuo/PFSafetyGuard/tree/main/PFDLL)程序勾取的信息,然后做一些行为异常分析
15 |
16 | ### 1.2 run it
17 |
18 | 项目运行环境:
19 |
20 | * detours库:[配置过程](https://blog.csdn.net/weixin_44338712/article/details/115261358)
21 | * QT 5.9
22 |
23 | 然后需要修改程序中硬编码的一些路径(懒得改了:laughing:)
24 |
25 | * [PFSafetyGuard/syringe/syringe/Source.cpp](https://github.com/AgentGuo/PFSafetyGuard/blob/main/syringe/syringe/Source.cpp):line34 - line39
26 | * [PFSafetyGuard/PFSafetyGuard/myThread.cpp](https://github.com/AgentGuo/PFSafetyGuard/blob/main/PFSafetyGuard/myThread.cpp):line24
27 |
28 | then run it
29 |
30 | ## 2. 简要展示
31 |
32 | 
33 |
34 | ## 3. 详细说明
35 |
36 | ### 3.1 整体思路
37 |
38 | 系统整体设计思路
39 |
40 | 
41 |
42 | ### 3.2 HOOK API
43 |
44 | 主要完成了以下18个winAPI的HOOK,主要涉及弹窗API、文件打开读写API、堆操作API、注册表操作API、网络通信API(socket)
45 |
46 | ~~~cpp
47 | DetourAttach(&(PVOID&)OldMessageBoxW, NewMessageBoxW);
48 | DetourAttach(&(PVOID&)OldMessageBoxA, NewMessageBoxA);
49 | DetourAttach(&(PVOID&)OldCreateFile, NewCreateFile);
50 | DetourAttach(&(PVOID&)OldWriteFile, NewWriteFile);
51 | DetourAttach(&(PVOID&)OldReadFile, NewReadFile);
52 | DetourAttach(&(PVOID&)OldHeapCreate, NewHeapCreate);
53 | DetourAttach(&(PVOID&)OldHeapDestory, NewHeapDestory);
54 | DetourAttach(&(PVOID&)OldHeapFree, NewHeapFree);
55 | DetourAttach(&(PVOID&)OldRegCreateKeyEx, NewRegCreateKeyEx);
56 | DetourAttach(&(PVOID&)OldRegSetValueEx, NewRegSetValueEx);
57 | DetourAttach(&(PVOID&)OldRegDeleteValue, NewRegDeleteValue);
58 | DetourAttach(&(PVOID&)OldRegCloseKey, NewRegCloseKey);
59 | DetourAttach(&(PVOID&)OldRegOpenKeyEx, NewRegOpenKeyEx);
60 | DetourAttach(&(PVOID&)Oldsocket, Newsocket);
61 | DetourAttach(&(PVOID&)Oldbind, Newbind);
62 | DetourAttach(&(PVOID&)Oldsend, Newsend);
63 | DetourAttach(&(PVOID&)Oldconnect, Newconnect);
64 | DetourAttach(&(PVOID&)Oldrecv, Newrecv);
65 | ~~~
66 |
67 | 举个栗子,比如成功勾取一次socket通信过程:
68 |
69 | 
70 |
71 | ### 3.3 异常行为分析
72 |
73 | 主要完成了五种软件行为分析
74 |
75 | * 修改可执行文件(.exe .dll .ocx)
76 | * 自我复制
77 | * 对多个文件夹下的文件进行读写
78 | * 堆重复释放
79 | * 修改注册表开机启动项
80 |
81 |
--------------------------------------------------------------------------------
/img/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AgentGuo/PFSafetyGuard/58a30d44040fe204daccf1cba3b0fc78d81ee0b4/img/1.png
--------------------------------------------------------------------------------
/img/2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AgentGuo/PFSafetyGuard/58a30d44040fe204daccf1cba3b0fc78d81ee0b4/img/2.png
--------------------------------------------------------------------------------
/img/3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AgentGuo/PFSafetyGuard/58a30d44040fe204daccf1cba3b0fc78d81ee0b4/img/3.png
--------------------------------------------------------------------------------
/syringe/syringe.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.30907.101
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "syringe", "syringe\syringe.vcxproj", "{E5C0E13C-2B07-4A9C-94A3-F0C92A14DDD9}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Debug|x86 = Debug|x86
12 | Release|x64 = Release|x64
13 | Release|x86 = Release|x86
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {E5C0E13C-2B07-4A9C-94A3-F0C92A14DDD9}.Debug|x64.ActiveCfg = Debug|x64
17 | {E5C0E13C-2B07-4A9C-94A3-F0C92A14DDD9}.Debug|x64.Build.0 = Debug|x64
18 | {E5C0E13C-2B07-4A9C-94A3-F0C92A14DDD9}.Debug|x86.ActiveCfg = Debug|Win32
19 | {E5C0E13C-2B07-4A9C-94A3-F0C92A14DDD9}.Debug|x86.Build.0 = Debug|Win32
20 | {E5C0E13C-2B07-4A9C-94A3-F0C92A14DDD9}.Release|x64.ActiveCfg = Release|x64
21 | {E5C0E13C-2B07-4A9C-94A3-F0C92A14DDD9}.Release|x64.Build.0 = Release|x64
22 | {E5C0E13C-2B07-4A9C-94A3-F0C92A14DDD9}.Release|x86.ActiveCfg = Release|Win32
23 | {E5C0E13C-2B07-4A9C-94A3-F0C92A14DDD9}.Release|x86.Build.0 = Release|Win32
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {9082B027-4B79-4700-ADC8-A94E0D60F571}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/syringe/syringe/Source.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AgentGuo/PFSafetyGuard/58a30d44040fe204daccf1cba3b0fc78d81ee0b4/syringe/syringe/Source.cpp
--------------------------------------------------------------------------------
/syringe/syringe/syringe.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 16.0
23 | Win32Proj
24 | {e5c0e13c-2b07-4a9c-94a3-f0c92a14ddd9}
25 | syringe
26 | 10.0
27 |
28 |
29 |
30 | Application
31 | true
32 | v142
33 | Unicode
34 |
35 |
36 | Application
37 | false
38 | v142
39 | true
40 | Unicode
41 |
42 |
43 | Application
44 | true
45 | v142
46 | Unicode
47 |
48 |
49 | Application
50 | false
51 | v142
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 | $(VC_IncludePath);$(WindowsSDK_IncludePath);E:\record\6th\softwareSecurity\Detours-master\include;
76 | $(VC_LibraryPath_x86);$(WindowsSDK_LibraryPath_x86);E:\record\6th\softwareSecurity\Detours-master\lib.X86;
77 |
78 |
79 | false
80 |
81 |
82 | true
83 |
84 |
85 | false
86 |
87 |
88 |
89 | Level3
90 | false
91 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
92 | true
93 |
94 |
95 | Console
96 | true
97 |
98 |
99 |
100 |
101 | Level3
102 | true
103 | true
104 | true
105 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
106 | true
107 |
108 |
109 | Console
110 | true
111 | true
112 | true
113 |
114 |
115 |
116 |
117 | Level3
118 | true
119 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
120 | true
121 |
122 |
123 | Console
124 | true
125 |
126 |
127 |
128 |
129 | Level3
130 | true
131 | true
132 | true
133 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
134 | true
135 |
136 |
137 | Console
138 | true
139 | true
140 | true
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
--------------------------------------------------------------------------------
/syringe/syringe/syringe.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Resource Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/testCode/testCode.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.30907.101
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testCode", "testCode\testCode.vcxproj", "{4FBD062F-A234-4690-8C21-AF4D8FD8057B}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Debug|x86 = Debug|x86
12 | Release|x64 = Release|x64
13 | Release|x86 = Release|x86
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {4FBD062F-A234-4690-8C21-AF4D8FD8057B}.Debug|x64.ActiveCfg = Debug|x64
17 | {4FBD062F-A234-4690-8C21-AF4D8FD8057B}.Debug|x64.Build.0 = Debug|x64
18 | {4FBD062F-A234-4690-8C21-AF4D8FD8057B}.Debug|x86.ActiveCfg = Debug|Win32
19 | {4FBD062F-A234-4690-8C21-AF4D8FD8057B}.Debug|x86.Build.0 = Debug|Win32
20 | {4FBD062F-A234-4690-8C21-AF4D8FD8057B}.Release|x64.ActiveCfg = Release|x64
21 | {4FBD062F-A234-4690-8C21-AF4D8FD8057B}.Release|x64.Build.0 = Release|x64
22 | {4FBD062F-A234-4690-8C21-AF4D8FD8057B}.Release|x86.ActiveCfg = Release|Win32
23 | {4FBD062F-A234-4690-8C21-AF4D8FD8057B}.Release|x86.Build.0 = Release|Win32
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {C8B8C6BB-B3B1-4AAE-96FB-02C618435299}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/testCode/testCode/Source.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AgentGuo/PFSafetyGuard/58a30d44040fe204daccf1cba3b0fc78d81ee0b4/testCode/testCode/Source.cpp
--------------------------------------------------------------------------------
/testCode/testCode/testCode.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 16.0
23 | Win32Proj
24 | {4fbd062f-a234-4690-8c21-af4d8fd8057b}
25 | testCode
26 | 10.0
27 |
28 |
29 |
30 | Application
31 | true
32 | v142
33 | Unicode
34 |
35 |
36 | Application
37 | false
38 | v142
39 | true
40 | Unicode
41 |
42 |
43 | Application
44 | true
45 | v142
46 | Unicode
47 |
48 |
49 | Application
50 | false
51 | v142
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | false
78 |
79 |
80 | true
81 |
82 |
83 | false
84 |
85 |
86 |
87 | Level3
88 | false
89 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
90 | true
91 |
92 |
93 | Console
94 | true
95 |
96 |
97 |
98 |
99 | Level3
100 | true
101 | true
102 | true
103 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
104 | true
105 |
106 |
107 | Console
108 | true
109 | true
110 | true
111 |
112 |
113 |
114 |
115 | Level3
116 | true
117 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
118 | true
119 |
120 |
121 | Console
122 | true
123 |
124 |
125 |
126 |
127 | Level3
128 | true
129 | true
130 | true
131 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
132 | true
133 |
134 |
135 | Console
136 | true
137 | true
138 | true
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
--------------------------------------------------------------------------------
/testCode/testCode/testCode.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Resource Files
20 |
21 |
22 |
--------------------------------------------------------------------------------