├── ShitDrv ├── ThreadMonitor.h ├── InjectApcThread.h ├── README.md ├── ObjectHookThread.c ├── UtilsApi.c ├── UtilsApi.h ├── GetProcAddr.h ├── ShitDrv.vcproj ├── FileSystemCheck.c ├── FileSystemCheck.h ├── InjectInitialize.c ├── InjectKtrapFrame.h ├── InjectShellCode.h ├── RiSingShellCode.c ├── RiSingShellCode.h ├── RegisterOperation.c ├── MiniFilterOperation.c ├── InitializeInjectRelevantInfo.c ├── Communication.h ├── InjectInitialize.h ├── Dispatch.h ├── DrvFunction.h ├── ProcessNotify.h ├── RegisterCallBack.h ├── ThreadMonitor.c ├── RegisterOperation.h ├── ProcessList.h ├── RegisterMiniFilter.h ├── LoadPlugin.h ├── IoCtlCode.h ├── global.h ├── InjectApcThread.c ├── md5.h ├── MiniFilterOperation.h ├── ObjectHookThread.h ├── RecordInfo.h ├── ShitDrv.h ├── InitializeInjectRelevantInfo.h ├── ContextOperation.h ├── RegisterCallBack.c ├── DrvFunction.c ├── RegisterMiniFilter.c ├── RecordInfo.c ├── Dispatch.c ├── ProcessList.c ├── DrvEntry.c ├── Communication.c ├── ProcessNotify.c ├── nn.h ├── GetProcAddr.c ├── md5c.c ├── LoadPlugin.c ├── rsaeuro.h └── nn.c ├── .gitattributes ├── InjectShell ├── targetver.h ├── InjectShell.vcproj ├── InjectShell.h ├── InjectShell.c └── InjectShell.vcproj.PassP-PC.PassP.user ├── ShitDrvInterface ├── dllmain.c ├── ShitDrvInterface.vcproj ├── ShitDrvInterface.def ├── DllCfg.h ├── Callback.h ├── Record.h ├── ShitDrvInterface.vcproj.PassP-PC.PassP.user ├── ShitDrvInterface.vcproj.SEH_CRACKER.Seh_Cracker.user ├── ShitDrvInterface.vcproj.Seh_Cracker-PC.Seh_Cracker.user ├── ShitDrvInterface.vcproj.USER-88A3BRF2CP.Administrator.user ├── ShitDrvInterface.vcproj.WIN-NOI20UV8BRP.DriverTest.user └── Callback.c ├── TestInterface ├── TestInterface.vcproj ├── TestInterfaceCfg.h ├── TestInterface.vcproj.PassP-PC.PassP.user ├── TestInterface.vcproj.SEH_CRACKER.Seh_Cracker.user ├── TestInterface.vcproj.Seh_Cracker-PC.Seh_Cracker.user ├── TestInterface.vcproj.USER-88A3BRF2CP.Administrator.user ├── TestInterface.vcproj.WIN-NOI20UV8BRP.DriverTest.user ├── global.h ├── md5.h ├── TestInterface.c ├── nn.h ├── md5c.c └── rsaeuro.h ├── ShellCode ├── Buildx64Inject.Bat ├── Buildx86Inject.Bat ├── x86Inject.Asm └── x64Inject.Asm ├── .gitignore └── ShitDrv.sln /ShitDrv/ThreadMonitor.h: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /ShitDrv/InjectApcThread.h: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /ShitDrv/README.md: -------------------------------------------------------------------------------- 1 | # ShitDrv 2 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto -------------------------------------------------------------------------------- /ShitDrv/ObjectHookThread.c: -------------------------------------------------------------------------------- 1 | #include "ShitDrv.h" 2 | #include "ObjectHookThread.h" 3 | -------------------------------------------------------------------------------- /ShitDrv/UtilsApi.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/ShitDrv/UtilsApi.c -------------------------------------------------------------------------------- /ShitDrv/UtilsApi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/ShitDrv/UtilsApi.h -------------------------------------------------------------------------------- /ShitDrv/GetProcAddr.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/ShitDrv/GetProcAddr.h -------------------------------------------------------------------------------- /InjectShell/targetver.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/InjectShell/targetver.h -------------------------------------------------------------------------------- /ShitDrv/ShitDrv.vcproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/ShitDrv/ShitDrv.vcproj -------------------------------------------------------------------------------- /ShitDrv/FileSystemCheck.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/ShitDrv/FileSystemCheck.c -------------------------------------------------------------------------------- /ShitDrv/FileSystemCheck.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/ShitDrv/FileSystemCheck.h -------------------------------------------------------------------------------- /ShitDrv/InjectInitialize.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/ShitDrv/InjectInitialize.c -------------------------------------------------------------------------------- /ShitDrv/InjectKtrapFrame.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/ShitDrv/InjectKtrapFrame.h -------------------------------------------------------------------------------- /ShitDrv/InjectShellCode.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/ShitDrv/InjectShellCode.h -------------------------------------------------------------------------------- /ShitDrv/RiSingShellCode.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/ShitDrv/RiSingShellCode.c -------------------------------------------------------------------------------- /ShitDrv/RiSingShellCode.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/ShitDrv/RiSingShellCode.h -------------------------------------------------------------------------------- /ShitDrvInterface/dllmain.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/ShitDrvInterface/dllmain.c -------------------------------------------------------------------------------- /ShitDrv/RegisterOperation.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/ShitDrv/RegisterOperation.c -------------------------------------------------------------------------------- /InjectShell/InjectShell.vcproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/InjectShell/InjectShell.vcproj -------------------------------------------------------------------------------- /ShitDrv/MiniFilterOperation.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/ShitDrv/MiniFilterOperation.c -------------------------------------------------------------------------------- /TestInterface/TestInterface.vcproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/TestInterface/TestInterface.vcproj -------------------------------------------------------------------------------- /InjectShell/InjectShell.h: -------------------------------------------------------------------------------- 1 | #ifndef __INJECT_SHELL_H__ 2 | #define __INJECT_SHELL_H__ 3 | 4 | #include 5 | 6 | #endif 7 | -------------------------------------------------------------------------------- /ShitDrv/InitializeInjectRelevantInfo.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/ShitDrv/InitializeInjectRelevantInfo.c -------------------------------------------------------------------------------- /ShitDrvInterface/ShitDrvInterface.vcproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeviceObject/ShitDrv/HEAD/ShitDrvInterface/ShitDrvInterface.vcproj -------------------------------------------------------------------------------- /ShitDrv/Communication.h: -------------------------------------------------------------------------------- 1 | #ifndef __COMMUNICATION_H__ 2 | #define __COMMUNICATION_H__ 3 | 4 | NTSTATUS InitializeCommunication(PFLT_FILTER pFltHandle); 5 | 6 | #endif -------------------------------------------------------------------------------- /ShitDrv/InjectInitialize.h: -------------------------------------------------------------------------------- 1 | 2 | BOOLEAN InitializeInjectApiList(PINJECT_OBJECT_INFORMATION pInjectObjInfo,PINJECT_API_LIST pInjectApiList); 3 | BOOLEAN InitializeInjectDllPath(PINJECT_OBJECT_INFORMATION pInjectObjInfo,CHAR *InjectDllPath); -------------------------------------------------------------------------------- /ShitDrv/Dispatch.h: -------------------------------------------------------------------------------- 1 | #ifndef __DISPATCH_H__ 2 | #define __DISPATCH_H__ 3 | 4 | NTSTATUS Dispatch(PDEVICE_OBJECT pDevObj,PIRP pIrp); 5 | NTSTATUS ReadDispatch(PDEVICE_OBJECT pDevObj,PIRP pIrp); 6 | NTSTATUS DispatchIoCtl(PDEVICE_OBJECT pDevObj,PIRP pIrp); 7 | #endif -------------------------------------------------------------------------------- /ShitDrvInterface/ShitDrvInterface.def: -------------------------------------------------------------------------------- 1 | LIBRARY ShitDrvInterface.dll 2 | 3 | EXPORTS 4 | SetRecordCallback 5 | ReleaseRecordCallback 6 | SetFltCtl 7 | SetCurClientPath 8 | SetSandBoxProcName 9 | StartInterface 10 | SetCurrentProcess 11 | GetFileMd5Sum 12 | InjectKtrapFrame -------------------------------------------------------------------------------- /ShellCode/Buildx64Inject.Bat: -------------------------------------------------------------------------------- 1 | @echo ******************************************************************** 2 | echo Start Build x64InjectShellCode 3 | nasm -f bin x64Inject.Asm -o x64InjectShellCode.Bin 4 | echo x64InjectShellCode Build Success 5 | @echo ******************************************************************** 6 | pause -------------------------------------------------------------------------------- /ShellCode/Buildx86Inject.Bat: -------------------------------------------------------------------------------- 1 | @echo ******************************************************************** 2 | echo Start Build x86InjectShellCode 3 | nasm -f bin x86Inject.Asm -o x86InjectShellCode.Bin 4 | echo x86InjectShellCode Build Success 5 | @echo ******************************************************************** 6 | pause -------------------------------------------------------------------------------- /ShitDrv/DrvFunction.h: -------------------------------------------------------------------------------- 1 | #ifndef __DRV_FUNCTION_H__ 2 | #define __DRV_FUNCTION_H__ 3 | 4 | BOOLEAN SetCurrentProcess(HANDLE Pid); 5 | BOOLEAN SetCurClientPath(WCHAR *wPath); 6 | BOOLEAN SetSandboxPath(PWCHAR pSandboxPath); 7 | BOOLEAN SetSandBoxProcName(PCHAR pImagName); 8 | BOOLEAN GetFileMd5Sum(PWCHAR pFilePath,PUCHAR pOutMd5Sum); 9 | 10 | #endif -------------------------------------------------------------------------------- /InjectShell/InjectShell.c: -------------------------------------------------------------------------------- 1 | #include "InjectShell.h" 2 | 3 | BOOL APIENTRY DllMain(HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved) 4 | { 5 | switch (ul_reason_for_call) 6 | { 7 | case DLL_PROCESS_ATTACH: 8 | MessageBox(NULL,L"InjectShell",L"Inject",MB_OK); 9 | break; 10 | case DLL_PROCESS_DETACH: 11 | break; 12 | } 13 | return TRUE; 14 | } 15 | -------------------------------------------------------------------------------- /ShitDrv/ProcessNotify.h: -------------------------------------------------------------------------------- 1 | #ifndef __PROCESS_NOTIFY_H__ 2 | #define __PROCESS_NOTIFY_H__ 3 | 4 | BOOLEAN IsFltParentProcess(HANDLE hParentId); 5 | VOID ProcessNotify(HANDLE ParentId,HANDLE ProcessId,BOOLEAN bCreate); 6 | BOOLEAN IsSandboxProcess(HANDLE hProcessId); 7 | void ProcessParentProcessId(HANDLE hProcessId); 8 | void ProcessChildProcessId(HANDLE hProcessId); 9 | 10 | #endif 11 | -------------------------------------------------------------------------------- /ShitDrvInterface/DllCfg.h: -------------------------------------------------------------------------------- 1 | #ifndef __DLL_CFG_H__ 2 | #define __DLL_CFG_H__ 3 | 4 | #include 5 | #include "../ShitDrv/IoCtlCode.h" 6 | #include 7 | #include 8 | #include 9 | 10 | #pragma comment(lib,"fltLib.lib") 11 | #pragma comment(lib,"fltMgr.lib") 12 | 13 | extern HANDLE g_hShitDrvDevObj; 14 | extern HANDLE g_hWorkRecv; 15 | extern HANDLE g_hServerPort; 16 | extern HANDLE g_hEventWaitKrl; 17 | 18 | 19 | 20 | #endif -------------------------------------------------------------------------------- /ShitDrv/RegisterCallBack.h: -------------------------------------------------------------------------------- 1 | #ifndef __REGISTER_CALLBACK_H__ 2 | #define __REGISTER_CALLBACK_H__ 3 | 4 | typedef struct _REGISTER_CALLBACK 5 | { 6 | LARGE_INTEGER CmHandleCookie; 7 | PVOID pMyProc; 8 | }REGISTER_CALLBACK,*PREGISTER_CALLBACK; 9 | 10 | NTSTATUS InitializeCmCallBack(PDRIVER_OBJECT pDrvObj, \ 11 | PUNICODE_STRING pUniAltitude, \ 12 | PVOID pContext, \ 13 | BOOLEAN bRemove); 14 | NTSTATUS RegistryCallback(PVOID CallbackContext,PVOID Argument1,PVOID Argument2); 15 | 16 | extern PREGISTER_CALLBACK g_pRegisterCallBack; 17 | #endif -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | *.d 3 | 4 | # Object files 5 | *.o 6 | *.ko 7 | *.obj 8 | *.elf 9 | 10 | # Linker output 11 | *.ilk 12 | *.map 13 | *.exp 14 | 15 | # Precompiled Headers 16 | *.gch 17 | *.pch 18 | 19 | # Libraries 20 | *.lib 21 | *.a 22 | *.la 23 | *.lo 24 | 25 | # Shared objects (inc. Windows DLLs) 26 | *.dll 27 | *.so 28 | *.so.* 29 | *.dylib 30 | 31 | # Executables 32 | *.exe 33 | *.out 34 | *.app 35 | *.i*86 36 | *.x86_64 37 | *.hex 38 | 39 | # Debug files 40 | *.dSYM/ 41 | *.su 42 | *.idb 43 | *.pdb 44 | 45 | # Kernel Module Compile Results 46 | *.mod* 47 | *.cmd 48 | modules.order 49 | Module.symvers 50 | Mkfile.old 51 | dkms.conf 52 | -------------------------------------------------------------------------------- /TestInterface/TestInterfaceCfg.h: -------------------------------------------------------------------------------- 1 | #ifndef __TEST_INTERFACE_CFG_H__ 2 | #define __TEST_INTERFACE_CFG_H__ 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include "../ShitDrvInterface/Record.h" 11 | #include "../ShitDrv/IoCtlCode.h" 12 | #include "../ShitDrvInterface/Callback.h" 13 | #include "global.h" 14 | #include "md5.h" 15 | 16 | #pragma comment(lib,"../../bin/ShitDrvInterface.lib") 17 | #pragma comment(lib,"fltLib.lib") 18 | #pragma comment(lib,"fltMgr.lib") 19 | 20 | 21 | ULONG UnicodeToAnsi(PWCHAR pSrc,PCHAR pDst,ULONG ulSize); 22 | 23 | #endif -------------------------------------------------------------------------------- /ShitDrv/ThreadMonitor.c: -------------------------------------------------------------------------------- 1 | #include "ShitDrv.h" 2 | #include "ThreadMonitor.h" 3 | 4 | VOID ThreadMonitor(HANDLE ProcessId,HANDLE ThreadId,BOOLEAN bCreate) 5 | { 6 | if (bCreate) 7 | { 8 | 9 | } 10 | else 11 | { 12 | 13 | } 14 | } 15 | 16 | NTSTATUS RegisterThreadMonitor(ULONG_PTR *ulMonitorRoutine,BOOLEAN bIsUnload) 17 | { 18 | NTSTATUS Status; 19 | 20 | Status = STATUS_UNSUCCESSFUL; 21 | 22 | do 23 | { 24 | if (bIsUnload) 25 | { 26 | Status = PsRemoveCreateThreadNotifyRoutine(ThreadMonitor); 27 | break; 28 | } 29 | else 30 | { 31 | Status = PsSetCreateThreadNotifyRoutine(ThreadMonitor); 32 | break; 33 | } 34 | } while (0); 35 | return Status; 36 | } -------------------------------------------------------------------------------- /ShitDrv/RegisterOperation.h: -------------------------------------------------------------------------------- 1 | #ifndef __REGISTER_OPERATION_H__ 2 | #define __REGISTER_OPERATION_H__ 3 | 4 | NTSTATUS FilterPreCreateKeyEx(PVOID pCallbackContext,PVOID Argument2,ULONG ulType); 5 | NTSTATUS FilterPreCreateKey(PVOID pCallbackContext,PVOID Argument2); 6 | NTSTATUS FilterPost(PREG_POST_OPERATION_INFORMATION pPostInfo,ULONG ulOperationType); 7 | NTSTATUS FilterPostSetKey(PVOID pCallbackContext,PVOID Argument2,ULONG ulType); 8 | NTSTATUS FilterPostSetInformationKey(PVOID pCallbackContext,PVOID Argument2,ULONG ulType); 9 | NTSTATUS FilterPostRenNameKey(PVOID pCallbackContext,PVOID Argument2,ULONG ulType); 10 | NTSTATUS FilterPostDeleteKey(PVOID pCallbackContext,PVOID Argument2,ULONG ulType); 11 | NTSTATUS FilterPostDeleteValueKey(PVOID pCallbackContext,PVOID Argument2,ULONG ulType); 12 | 13 | #endif -------------------------------------------------------------------------------- /ShellCode/x86Inject.Asm: -------------------------------------------------------------------------------- 1 | USE32 2 | 3 | x86InjectShellCode_Start: 4 | pushad 5 | call GetCurrentAddress 6 | GetCurrentAddress: 7 | BASE_OFFSET_CURRENT_ADDRESS equ (GetCurrentAddress - x86InjectShellCode_Start) 8 | pop ebp 9 | sub ebp,BASE_OFFSET_CURRENT_ADDRESS 10 | 11 | mov eax,0x11111111 12 | lea ecx,[ebp + x86_InjectDll_Path] 13 | push ecx 14 | call eax 15 | popad 16 | ;jmp ds:0x40404040 17 | db 0xEA 18 | dd 0x40404040 19 | db 0x1B 20 | db 0x00 21 | retn 22 | x86_InjectDll_Path: 23 | dd 0x80808080 24 | dd 0x00000000 25 | dd 0x00000000 26 | dd 0x00000000 27 | dd 0x00000000 28 | dd 0x00000000 29 | dd 0x00000000 30 | dd 0x00000000 31 | dd 0x00000000 32 | dd 0x00000000 33 | dd 0x00000000 34 | dd 0x00000000 35 | dd 0x00000000 36 | dd 0x00000000 37 | dd 0x00000000 38 | dd 0x00000000 39 | dd 0x00000000 40 | x86InjectShellCode_End: -------------------------------------------------------------------------------- /ShellCode/x64Inject.Asm: -------------------------------------------------------------------------------- 1 | USE64 2 | 3 | x64InjectShellCode_Start: 4 | nop 5 | nop 6 | push rax 7 | push rcx 8 | push r15 9 | push rbp 10 | 11 | mov rbp,rsp 12 | call GetCurrentAddress 13 | GetCurrentAddress: 14 | BASE_OFFSET_CURRENT_ADDRESS equ (GetCurrentAddress - x64InjectShellCode_Start) 15 | pop r15 16 | sub r15,BASE_OFFSET_CURRENT_ADDRESS 17 | 18 | mov rax,0x1111111111111111 19 | lea rcx,[r15 + x64_InjectDll_Path] 20 | call rax 21 | 22 | mov rsp,rbp 23 | pop rbp 24 | pop r15 25 | pop rcx 26 | pop rax 27 | mov rcx,0x4040404040404040 28 | jmp rcx 29 | ;db 0x00 30 | ;retn 31 | x64_InjectDll_Path: 32 | dq 0x8080808080808080 33 | dq 0x0000000000000000 34 | dq 0x0000000000000000 35 | dq 0x0000000000000000 36 | dq 0x0000000000000000 37 | dq 0x0000000000000000 38 | dq 0x0000000000000000 39 | dq 0x0000000000000000 40 | dq 0x0000000000000000 41 | dq 0x0000000000000000 42 | dq 0x0000000000000000 43 | dq 0x0000000000000000 44 | dq 0x0000000000000000 45 | dq 0x0000000000000000 46 | dq 0x0000000000000000 47 | dq 0x0000000000000000 48 | dq 0x0000000000000000 49 | 50 | x64InjectShellCode_End: -------------------------------------------------------------------------------- /ShitDrvInterface/Callback.h: -------------------------------------------------------------------------------- 1 | #ifndef __CALL_BACK_H__ 2 | #define __CALL_BACK_H__ 3 | 4 | 5 | #define MAX_CALLBACK 32 6 | 7 | typedef void (*DOSHITDRVRECORD)(PRECORD_INFORMATION pRecordDat); 8 | 9 | typedef struct _RECORD_CALLBACK 10 | { 11 | ULONG ulRecordCallbackCount; 12 | DOSHITDRVRECORD RecordCallBack[MAX_CALLBACK]; 13 | CRITICAL_SECTION CriticalSection; 14 | }RECORD_CALLBACK,*PRECORD_CALLBACK; 15 | 16 | extern PRECORD_CALLBACK g_pRecordDrvCallBack; 17 | 18 | 19 | HRESULT SetFltCtl(FILTER_DAT_CONTROL FltDatCtlInfo); 20 | BOOLEAN InitializeRecordCallback(); 21 | BOOLEAN SetRecordCallback(DOSHITDRVRECORD RecordCallback); 22 | void ReleaseRecordCallback(DOSHITDRVRECORD RecordCallback); 23 | DWORD DoRecvWork(LPVOID lpParamter); 24 | BOOLEAN SetCurClientPath(PWCHAR pClientPath); 25 | BOOLEAN SetSandBoxProcName(PCHAR pImagName); 26 | BOOLEAN SetCurrentProcess(HANDLE hProcessId); 27 | BOOLEAN GetFileMd5Sum(PWCHAR pFilePath,PUCHAR pOutMd5Sum); 28 | HANDLE StartInterface(); 29 | 30 | 31 | BOOLEAN InjectKtrapFrame(PCHAR pInjectProcessName,ULONG ulPid,PCHAR pInjectDllPath); 32 | 33 | #endif -------------------------------------------------------------------------------- /ShitDrv/ProcessList.h: -------------------------------------------------------------------------------- 1 | #ifndef __PROCESS_LIST_H__ 2 | #define __PROCESS_LIST_H__ 3 | 4 | #define SANDBOX_PROCESS_TAG 'tpdS' 5 | #define SANDBOX_PROC_RES_TAG 'srdS' 6 | #define SANDBOX_PROC_STR_TAG 'tsdS' 7 | typedef struct _SANDBOX_PROCESS_LIST 8 | { 9 | LIST_ENTRY Next; 10 | HANDLE hProcessId; 11 | UNICODE_STRING UniProcessName; 12 | }SANDBOX_PROCESS_LIST,*PSANDBOX_PROCESS_LIST; 13 | 14 | 15 | void InitializeSandboxProcList(); 16 | PERESOURCE AllocateResource(VOID); 17 | VOID FreeResource(PERESOURCE Resource); 18 | PSANDBOX_PROCESS_LIST AllocateSandboxProcList(); 19 | NTSTATUS AllocateUnicodeString(PUNICODE_STRING String); 20 | VOID FreeUnicodeString(PUNICODE_STRING String); 21 | VOID AcquireResourceExclusive(PERESOURCE pResource); 22 | VOID AcquireResourceShared(PERESOURCE pResource); 23 | VOID ReleaseResource(PERESOURCE pResource); 24 | BOOLEAN FreeSandboxProcList(PSANDBOX_PROCESS_LIST pSandboxProcList); 25 | 26 | KIRQL GetSandboxLock(PKSPIN_LOCK pKspinLock); 27 | void ReleaseSandboxLock(PKSPIN_LOCK pKspinLock,KIRQL Irql); 28 | 29 | 30 | extern LIST_ENTRY g_SandboxProcList; 31 | extern KSPIN_LOCK g_SandboxSpinLock; 32 | 33 | #endif -------------------------------------------------------------------------------- /ShitDrv/RegisterMiniFilter.h: -------------------------------------------------------------------------------- 1 | #ifndef __REGISTER_MINIFILTER_H__ 2 | #define __REGISTER_MINIFILTER_H__ 3 | 4 | 5 | typedef struct _INSTANCE_CONTEXT { 6 | // FILE_DEVICE_CD_ROM_FILE_SYSTEM 7 | // FILE_DEVICE_DISK_FILE_SYSTEM 8 | // FILE_DEVICE_NETWORK_FILE_SYSTEM 9 | ULONG m_DeviceType; 10 | // FILE_READ_ONLY_DEVICE 11 | // FILE_FLOPPY_DISKETTE 12 | // FILE_REMOTE_DEVICE 13 | // FILE_REMOVABLE_MEDIA 14 | ULONG m_DeviceCharacteristics; 15 | // FLT_FSTYPE_UNKNOWN 16 | // FLT_FSTYPE_NTFS 17 | // FLT_FSTYPE_FAT 18 | // FLT_FSTYPE_CDFS 19 | // FLT_FSTYPE_NFS 20 | ULONG m_FSType; 21 | ULONG m_SectorSize; 22 | WCHAR m_VolumeName[MAX_PATH]; 23 | 24 | }INSTANCE_CONTEXT ,*PINSTANCE_CONTEXT ; 25 | 26 | NTSTATUS MiniFilterUnload(FLT_FILTER_UNLOAD_FLAGS Flags); 27 | 28 | NTSTATUS MiniFilterInstanceSetup(PCFLT_RELATED_OBJECTS FltObjects, \ 29 | FLT_INSTANCE_SETUP_FLAGS Flags, \ 30 | DEVICE_TYPE VolumeDeviceType, \ 31 | FLT_FILESYSTEM_TYPE VolumeFilesystemType); 32 | 33 | VOID MiniFilterInstanceTeardownStart(PCFLT_RELATED_OBJECTS FltObjects, \ 34 | FLT_INSTANCE_TEARDOWN_FLAGS Reason); 35 | NTSTATUS InitializeMiniFilter(PDRIVER_OBJECT pDrvObj); 36 | 37 | #endif -------------------------------------------------------------------------------- /ShitDrv/LoadPlugin.h: -------------------------------------------------------------------------------- 1 | #ifndef __LOAD_PLUGIN_H__ 2 | #define __LOAD_PLUGIN_H__ 3 | 4 | #define MAX_PATH 260 5 | #define LDR_PLUGIN_TAG 'GPDL' 6 | #pragma pack(1) 7 | typedef struct _LOAD_MODE_CONTROL 8 | { 9 | ULONG IsBootLoad:1; 10 | ULONG IsGeneralLoad:1; 11 | ULONG IsShutdownLoad:1; 12 | ULONG ulReserved:29; 13 | } LOAD_MODE_CONTROL,*PLOAD_MODE_CONTROL; 14 | typedef struct _CHECK_FILE_SIGNATURE 15 | { 16 | PUNICODE_STRING pUniRegPath; 17 | LOAD_MODE_CONTROL LdrCtl; 18 | WCHAR wPluginName[MAX_PATH]; 19 | WCHAR wPluginFileFullPath[MAX_PATH]; 20 | } CHECK_FILE_SIGNATURE,*PCHECK_FILE_SIGNATURE; 21 | typedef struct _LDR_PLUGIN_LIST 22 | { 23 | LIST_ENTRY List; 24 | CHECK_FILE_SIGNATURE CheckFileSignature; 25 | PDRIVER_INITIALIZE PluginDriverEntry; 26 | } LDR_PLUGIN_LIST,*PLDR_PLUGIN_LIST; 27 | #pragma pack() 28 | 29 | extern LIST_ENTRY g_LdrPluginList; 30 | #define DRV_REGISTER_ROOT_KEY L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\" 31 | 32 | NTSTATUS GetPluginRootPath(PUNICODE_STRING pUniDrvRegPath, \ 33 | PUNICODE_STRING pUniPluginPath); 34 | NTSTATUS EnumPlugin(PUNICODE_STRING pUniDrvPlugin); 35 | VOID LoadBootPlugin(PVOID StartContext); 36 | PLDR_PLUGIN_LIST AllocateLdrPlugin(); 37 | NTSTATUS GetDrvPluginInfo(PLDR_PLUGIN_LIST pLdrPluginList,WCHAR *wDrvPluginPath); 38 | #endif -------------------------------------------------------------------------------- /ShitDrvInterface/Record.h: -------------------------------------------------------------------------------- 1 | #ifndef __RECORD_H__ 2 | #define __RECORD_H__ 3 | 4 | typedef enum _RECORD_TYPE 5 | { 6 | IsFsFile, 7 | IsRegister 8 | }RECORD_TYPE,*PRECORD_TYPE; 9 | 10 | #define SHIT_DRV_SIGNATURE_FS 'PaFs' 11 | #define SHIT_DRV_SIGNATURE_RG 'PsRg' 12 | 13 | typedef enum _FILE_OPERATIONS 14 | { 15 | IsOpenFile, 16 | IsCreateFile, 17 | IsReadFile, 18 | IsWriteFile, 19 | IsSetFileSize, 20 | IsDeleteFile, 21 | IsRenNameFile 22 | }FILE_OPERATIONS,*PFILE_OPERATIONS; 23 | 24 | typedef struct _RECORD_INFORMATION 25 | { 26 | ULONG ulSignature; 27 | WCHAR wProcessFullPath[MAX_PATH]; 28 | WCHAR wTargetPath[MAX_PATH]; 29 | WCHAR wBakPath[MAX_PATH]; 30 | CHAR Md5Sum[100]; 31 | ULONG ulOperType; 32 | WCHAR wOperation[50]; 33 | HANDLE hProcessId; 34 | ULONG ulCreateCount; 35 | ULONG ulOpenCount; 36 | ULONG ulWriteCount; 37 | ULONG ulCleanupCount; 38 | ULONG ulCloseCount; 39 | LARGE_INTEGER OperationTime; 40 | }RECORD_INFORMATION,*PRECORD_INFORMATION; 41 | 42 | #pragma pack(1) 43 | typedef struct _FILTER_DAT_CONTROL 44 | { 45 | ULONG ulIsStartFilter:1; 46 | ULONG ulIsFilterWrite:1; 47 | ULONG ulIsFilterDelete:1; 48 | ULONG ulIsFilterRenName:1; 49 | ULONG ulIsFilterSetSize:1; 50 | ULONG ulIsFilterSetInfo:1; 51 | ULONG ulReserved:26; 52 | } FILTER_DAT_CONTROL,*PFILTER_DAT_CONTROL; 53 | #pragma pack() 54 | 55 | #endif -------------------------------------------------------------------------------- /ShitDrv/IoCtlCode.h: -------------------------------------------------------------------------------- 1 | #ifndef __IO_CTL_CODE_H__ 2 | #define __IO_CTL_CODE_H__ 3 | 4 | 5 | #define MAX_PATH 260 6 | #define SHITDRV_BASENAME L"ShitDrv" 7 | #define SHITDRV_DEVNAME L"\\Device\\" SHITDRV_BASENAME 8 | #define SHITDRV_LINKNAME L"\\DosDevices\\" SHITDRV_BASENAME 9 | #define SHITDRV_USERLINK L"\\\\.\\" SHITDRV_BASENAME 10 | 11 | #define SERVER_PORT L"\\ShitDrvFltPort" 12 | #define EVENT_NAME_WAIT_KERNEL L"\\BaseNamedObjects\\ShitDrvWaitKernel" 13 | 14 | 15 | #define IOCTL(n) CTL_CODE(FILE_DEVICE_UNKNOWN, n, METHOD_BUFFERED, 0) 16 | 17 | #define IOC(ops) IOCTL_ ## ops 18 | #define IOP(ops) struct ops ## _params 19 | #define IOR(ops) struct ops ## _returns 20 | #define IOS(ops) struct ops ## _shared 21 | 22 | enum 23 | { 24 | IOC(SetCurrentProcess) = IOCTL('SPCS') 25 | }; 26 | 27 | IOP(SetCurrentProcess) 28 | { 29 | HANDLE ProcessId; 30 | }; 31 | 32 | enum 33 | { 34 | IOC(SetCurClientPath) = IOCTL('PCCS') 35 | }; 36 | 37 | IOP(SetCurClientPath) 38 | { 39 | WCHAR wCurClientPath[MAX_PATH]; 40 | }; 41 | enum 42 | { 43 | IOC(SetSandBoxProcName) = IOCTL('NPSS') 44 | }; 45 | IOP(SetSandBoxProcName) 46 | { 47 | CHAR ImageName[MAX_PATH]; 48 | }; 49 | enum 50 | { 51 | IOC(GetFileMd5Sum) = IOCTL('SMFG') 52 | }; 53 | IOP(GetFileMd5Sum) 54 | { 55 | WCHAR wImageName[MAX_PATH]; 56 | UCHAR Md5Sum[16]; 57 | }; 58 | enum 59 | { 60 | IOC(InjectKtrapFrame) = IOCTL('IjkF') 61 | }; 62 | 63 | IOP(InjectKtrapFrame) 64 | { 65 | ULONG ulPid; 66 | char pInjectProcessName[260]; 67 | char pInjectDllPath[260]; 68 | }; 69 | #endif -------------------------------------------------------------------------------- /InjectShell/InjectShell.vcproj.PassP-PC.PassP.user: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 11 | 35 | 36 | 39 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /ShitDrvInterface/ShitDrvInterface.vcproj.PassP-PC.PassP.user: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 11 | 35 | 36 | 39 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /ShitDrvInterface/ShitDrvInterface.vcproj.SEH_CRACKER.Seh_Cracker.user: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 11 | 35 | 36 | 39 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /TestInterface/TestInterface.vcproj.PassP-PC.PassP.user: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 11 | 35 | 36 | 39 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /ShitDrvInterface/ShitDrvInterface.vcproj.Seh_Cracker-PC.Seh_Cracker.user: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 11 | 35 | 36 | 39 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /ShitDrvInterface/ShitDrvInterface.vcproj.USER-88A3BRF2CP.Administrator.user: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 11 | 35 | 36 | 39 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /ShitDrvInterface/ShitDrvInterface.vcproj.WIN-NOI20UV8BRP.DriverTest.user: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 11 | 35 | 36 | 39 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /TestInterface/TestInterface.vcproj.SEH_CRACKER.Seh_Cracker.user: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 11 | 35 | 36 | 39 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /TestInterface/TestInterface.vcproj.Seh_Cracker-PC.Seh_Cracker.user: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 11 | 35 | 36 | 39 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /TestInterface/TestInterface.vcproj.USER-88A3BRF2CP.Administrator.user: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 11 | 35 | 36 | 39 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /TestInterface/TestInterface.vcproj.WIN-NOI20UV8BRP.DriverTest.user: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 11 | 35 | 36 | 39 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /ShitDrv/global.h: -------------------------------------------------------------------------------- 1 | /* 2 | GLOBAL.H - RSAEURO types and constants 3 | 4 | Copyright (c) J.S.A.Kapp 1994 - 1996. 5 | 6 | RSAEURO - RSA Library compatible with RSAREF 2.0. 7 | 8 | All functions prototypes are the Same as for RSAREF. 9 | To aid compatiblity the source and the files follow the 10 | same naming comventions that RSAREF uses. This should aid 11 | direct importing to your applications. 12 | 13 | This library is legal everywhere outside the US. And should 14 | NOT be imported to the US and used there. 15 | 16 | Global types and contants file. 17 | 18 | Revision 1.00 - JSAK. 19 | */ 20 | 21 | #ifndef _GLOBAL_H_ 22 | #define _GLOBAL_H_ 23 | 24 | /* PROTOTYPES should be set to one if and only if the compiler supports 25 | function argument prototyping. 26 | The following makes PROTOTYPES default to 1 if it has not already been 27 | defined as 0 with C compiler flags. */ 28 | 29 | #ifndef PROTOTYPES 30 | #define PROTOTYPES 1 31 | #endif 32 | 33 | /* POINTER defines a generic pointer type */ 34 | typedef unsigned char *POINTER; 35 | 36 | /* UINT2 defines a two byte word */ 37 | typedef unsigned short int UINT2; 38 | 39 | /* UINT4 defines a four byte word */ 40 | typedef unsigned long int UINT4; 41 | 42 | /* BYTE defines a unsigned character */ 43 | typedef unsigned char BYTE; 44 | 45 | /* internal signed value */ 46 | typedef signed long int signeddigit; 47 | 48 | #ifndef NULL_PTR 49 | #define NULL_PTR ((POINTER)0) 50 | #endif 51 | 52 | #ifndef UNUSED_ARG 53 | #define UNUSED_ARG(x) x = *(&x); 54 | #endif 55 | 56 | /* PROTO_LIST is defined depending on how PROTOTYPES is defined above. 57 | If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it 58 | returns an empty list. */ 59 | 60 | #if PROTOTYPES 61 | #define PROTO_LIST(list) list 62 | #else 63 | #define PROTO_LIST(list) () 64 | #endif 65 | 66 | #endif /* _GLOBAL_H_ */ 67 | -------------------------------------------------------------------------------- /TestInterface/global.h: -------------------------------------------------------------------------------- 1 | /* 2 | GLOBAL.H - RSAEURO types and constants 3 | 4 | Copyright (c) J.S.A.Kapp 1994 - 1996. 5 | 6 | RSAEURO - RSA Library compatible with RSAREF 2.0. 7 | 8 | All functions prototypes are the Same as for RSAREF. 9 | To aid compatiblity the source and the files follow the 10 | same naming comventions that RSAREF uses. This should aid 11 | direct importing to your applications. 12 | 13 | This library is legal everywhere outside the US. And should 14 | NOT be imported to the US and used there. 15 | 16 | Global types and contants file. 17 | 18 | Revision 1.00 - JSAK. 19 | */ 20 | 21 | #ifndef _GLOBAL_H_ 22 | #define _GLOBAL_H_ 23 | 24 | /* PROTOTYPES should be set to one if and only if the compiler supports 25 | function argument prototyping. 26 | The following makes PROTOTYPES default to 1 if it has not already been 27 | defined as 0 with C compiler flags. */ 28 | 29 | #ifndef PROTOTYPES 30 | #define PROTOTYPES 1 31 | #endif 32 | 33 | /* POINTER defines a generic pointer type */ 34 | typedef unsigned char *POINTER; 35 | 36 | /* UINT2 defines a two byte word */ 37 | typedef unsigned short int UINT2; 38 | 39 | /* UINT4 defines a four byte word */ 40 | typedef unsigned long int UINT4; 41 | 42 | /* BYTE defines a unsigned character */ 43 | typedef unsigned char BYTE; 44 | 45 | /* internal signed value */ 46 | typedef signed long int signeddigit; 47 | 48 | #ifndef NULL_PTR 49 | #define NULL_PTR ((POINTER)0) 50 | #endif 51 | 52 | #ifndef UNUSED_ARG 53 | #define UNUSED_ARG(x) x = *(&x); 54 | #endif 55 | 56 | /* PROTO_LIST is defined depending on how PROTOTYPES is defined above. 57 | If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it 58 | returns an empty list. */ 59 | 60 | #if PROTOTYPES 61 | #define PROTO_LIST(list) list 62 | #else 63 | #define PROTO_LIST(list) () 64 | #endif 65 | 66 | #endif /* _GLOBAL_H_ */ 67 | -------------------------------------------------------------------------------- /ShitDrv/InjectApcThread.c: -------------------------------------------------------------------------------- 1 | //#include 2 | //#include "InjectApcThread.h" 3 | // 4 | //BOOLEAN InjectApcThread() 5 | //{ 6 | // NTSTATUS Status; 7 | // PSYSTEM_PROCESS_INFORMATION pSystemProcessInfo; 8 | // ULONG_PTR ulLength; 9 | // 10 | // pSystemProcessInfo = NULL; 11 | // ulLength = 0; 12 | // 13 | // while (TRUE) 14 | // { 15 | // Status = ZwQuerySystemInformation(SystemProcessInformation,pSystemProcessInfo,ulLength,&ulLength); 16 | // if (Status == STATUS_INFO_LENGTH_MISMATCH && ulLength) 17 | // { 18 | // if (pSystemProcessInfo) 19 | // { 20 | // ExFreePoolWithTag(pSystemProcessInfo,INJECTOR_APC_TAG); 21 | // } 22 | // pSystemProcessInfo = ExAllocatePoolWithTag(NonPagedPool,ulLength,INJECTOR_APC_TAG); 23 | // do 24 | // { 25 | // pSystemProcessInfo = ExAllocatePoolWithTag(NonPagedPool,ulLength,INJECTOR_APC_TAG); 26 | // } while (NULL == pSystemProcessInfo); 27 | // } 28 | // else 29 | // { 30 | // break; 31 | // } 32 | // } 33 | // do { 34 | // if (info->UniqueProcessId == pid) 35 | // { 36 | // PSYSTEM_THREAD_INFORMATION thread_info; 37 | // thread_info = (void *)(info + 1); 38 | // 39 | // if (thread_info->ThreadState == 14) 40 | // { 41 | // Status = PsLookupThreadByThreadId(thread_info->ClientId.UniqueThread, &thread); 42 | // if (NT_SUCCESS(ns)) 43 | // { 44 | // rc = insert_thread_apc(remote_path, thread, is_wow64); 45 | // break; 46 | // } 47 | // } 48 | // 49 | // while (i < info->NumberOfThreads) 50 | // { 51 | // Status = PsLookupThreadByThreadId(thread_info->ClientId.UniqueThread, &thread); 52 | // if (NT_SUCCESS(ns)) 53 | // { 54 | // rc |= insert_thread_apc(remote_path, thread, is_wow64); 55 | // } 56 | // i++; 57 | // thread_info++; 58 | // } 59 | // } 60 | // info = (info->NextEntryOffset == 0) ? NULL : (void *)((char *)info + info->NextEntryOffset); 61 | // } while (info); 62 | // 63 | //} -------------------------------------------------------------------------------- /ShitDrv/md5.h: -------------------------------------------------------------------------------- 1 | /* Modifications Copyright (c) J.S.A.Kapp 1994 - 1996. 2 | 3 | MD5 Component Of RSAEURO using RSA Data Security, Inc. 4 | MD5 Message Digest Algorithm. 5 | 6 | All Trademarks Acknowledged. 7 | 8 | Future versions may not use this modified RSADSI implementation 9 | of MD5. 10 | */ 11 | 12 | 13 | /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All 14 | rights reserved. 15 | 16 | License to copy and use this software is granted provided that it 17 | is identified as the "RSA Data Security, Inc. MD5 Message-Digest 18 | Algorithm" in all material mentioning or referencing this software 19 | or this function. 20 | 21 | License is also granted to make and use derivative works provided 22 | that such works are identified as "derived from the RSA Data 23 | Security, Inc. MD5 Message-Digest Algorithm" in all material 24 | mentioning or referencing the derived work. 25 | 26 | RSA Data Security, Inc. makes no representations concerning either 27 | the merchantability of this software or the suitability of this 28 | software for any particular purpose. It is provided "as is" 29 | without express or implied warranty of any kind. 30 | 31 | These notices must be retained in any copies of any part of this 32 | documentation and/or software. 33 | */ 34 | 35 | #ifndef _MD5_H_ 36 | #define _MD5_H_ 37 | 38 | #ifdef __cplusplus 39 | extern "C" { 40 | #endif 41 | 42 | /* MD5 context. */ 43 | typedef struct _MD5_CTX 44 | { 45 | UINT4 state[4]; /* state (ABCD) */ 46 | UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ 47 | unsigned char buffer[64]; /* input buffer */ 48 | } MD5_CTX,*PMD5_CTX; 49 | 50 | void MD5Init PROTO_LIST ((MD5_CTX *)); 51 | void MD5Update PROTO_LIST 52 | ((MD5_CTX *, unsigned char *, unsigned int)); 53 | void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *)); 54 | 55 | #ifdef __cplusplus 56 | } 57 | #endif 58 | 59 | #endif /* _MD5_H_ */ 60 | -------------------------------------------------------------------------------- /TestInterface/md5.h: -------------------------------------------------------------------------------- 1 | /* Modifications Copyright (c) J.S.A.Kapp 1994 - 1996. 2 | 3 | MD5 Component Of RSAEURO using RSA Data Security, Inc. 4 | MD5 Message Digest Algorithm. 5 | 6 | All Trademarks Acknowledged. 7 | 8 | Future versions may not use this modified RSADSI implementation 9 | of MD5. 10 | */ 11 | 12 | 13 | /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All 14 | rights reserved. 15 | 16 | License to copy and use this software is granted provided that it 17 | is identified as the "RSA Data Security, Inc. MD5 Message-Digest 18 | Algorithm" in all material mentioning or referencing this software 19 | or this function. 20 | 21 | License is also granted to make and use derivative works provided 22 | that such works are identified as "derived from the RSA Data 23 | Security, Inc. MD5 Message-Digest Algorithm" in all material 24 | mentioning or referencing the derived work. 25 | 26 | RSA Data Security, Inc. makes no representations concerning either 27 | the merchantability of this software or the suitability of this 28 | software for any particular purpose. It is provided "as is" 29 | without express or implied warranty of any kind. 30 | 31 | These notices must be retained in any copies of any part of this 32 | documentation and/or software. 33 | */ 34 | 35 | #ifndef _MD5_H_ 36 | #define _MD5_H_ 37 | 38 | #ifdef __cplusplus 39 | extern "C" { 40 | #endif 41 | 42 | /* MD5 context. */ 43 | typedef struct _MD5_CTX 44 | { 45 | UINT4 state[4]; /* state (ABCD) */ 46 | UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ 47 | unsigned char buffer[64]; /* input buffer */ 48 | } MD5_CTX,*PMD5_CTX; 49 | 50 | void MD5Init PROTO_LIST ((MD5_CTX *)); 51 | void MD5Update PROTO_LIST 52 | ((MD5_CTX *, unsigned char *, unsigned int)); 53 | void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *)); 54 | 55 | #ifdef __cplusplus 56 | } 57 | #endif 58 | 59 | #endif /* _MD5_H_ */ 60 | -------------------------------------------------------------------------------- /ShitDrv/MiniFilterOperation.h: -------------------------------------------------------------------------------- 1 | #ifndef __MINIFILTER_OPERATION_H__ 2 | #define __MINIFILTER_OPERATION_H__ 3 | 4 | FLT_PREOP_CALLBACK_STATUS FltPreCreateFiles(PFLT_CALLBACK_DATA Data, \ 5 | PCFLT_RELATED_OBJECTS FltObjects, \ 6 | PVOID *CompletionContext); 7 | 8 | FLT_POSTOP_CALLBACK_STATUS FltPostCreateFiles(PFLT_CALLBACK_DATA Data, \ 9 | PCFLT_RELATED_OBJECTS FltObjects, \ 10 | PVOID CompletionContext, \ 11 | FLT_POST_OPERATION_FLAGS Flags); 12 | 13 | FLT_PREOP_CALLBACK_STATUS FltPreSetFileformationFiles(PFLT_CALLBACK_DATA Data, \ 14 | PCFLT_RELATED_OBJECTS FltObjects, \ 15 | PVOID *CompletionContext); 16 | 17 | FLT_POSTOP_CALLBACK_STATUS FltPostSetFileInformationFiles(PFLT_CALLBACK_DATA Data, \ 18 | PCFLT_RELATED_OBJECTS FltObjects, \ 19 | PVOID CompletionContext, \ 20 | FLT_POST_OPERATION_FLAGS Flags); 21 | 22 | FLT_PREOP_CALLBACK_STATUS FltPreReadFiles(PFLT_CALLBACK_DATA Data, \ 23 | PCFLT_RELATED_OBJECTS FltObjects, \ 24 | PVOID *CompletionContext); 25 | 26 | FLT_POSTOP_CALLBACK_STATUS FltPostReadFiles(PFLT_CALLBACK_DATA Data, \ 27 | PCFLT_RELATED_OBJECTS FltObjects, \ 28 | PVOID CompletionContext, \ 29 | FLT_POST_OPERATION_FLAGS Flags); 30 | 31 | FLT_PREOP_CALLBACK_STATUS FltPreWriteFiles(PFLT_CALLBACK_DATA Data, \ 32 | PCFLT_RELATED_OBJECTS FltObjects, \ 33 | PVOID *CompletionContext); 34 | 35 | FLT_POSTOP_CALLBACK_STATUS FltPostWriteFiles(PFLT_CALLBACK_DATA Data, \ 36 | PCFLT_RELATED_OBJECTS FltObjects, \ 37 | PVOID CompletionContext, \ 38 | FLT_POST_OPERATION_FLAGS Flags); 39 | 40 | FLT_PREOP_CALLBACK_STATUS FltPreClose(PFLT_CALLBACK_DATA Data, \ 41 | PCFLT_RELATED_OBJECTS FltObjects, \ 42 | PVOID *CompletionContext); 43 | 44 | FLT_POSTOP_CALLBACK_STATUS FltPreClose(PFLT_CALLBACK_DATA Data, \ 45 | PCFLT_RELATED_OBJECTS FltObjects, \ 46 | PVOID *CompletionContext); 47 | 48 | #endif -------------------------------------------------------------------------------- /ShitDrv/ObjectHookThread.h: -------------------------------------------------------------------------------- 1 | 2 | #define OBJECT_TO_OBJECT_HEADER(o)\ 3 | CONTAINING_RECORD((o),OBJECT_HEADER,Body) 4 | 5 | typedef struct _OBJECT_TYPE_INITIALIZER 6 | { 7 | USHORT Length; 8 | BOOLEAN UseDefaultObject; 9 | BOOLEAN CaseInsensitive; 10 | ULONG InvalidAttributes; 11 | GENERIC_MAPPING GenericMapping; 12 | ULONG ValidAccessMask; 13 | BOOLEAN SecurityRequired; 14 | BOOLEAN MaintainHandleCount; 15 | BOOLEAN MaintainTypeList; 16 | POOL_TYPE PoolType; 17 | ULONG DefaultPagedPoolCharge; 18 | ULONG DefaultNonPagedPoolCharge; 19 | PVOID DumpProcedure; 20 | PVOID OpenProcedure; 21 | PVOID CloseProcedure; 22 | PVOID DeleteProcedure; 23 | PVOID ParseProcedure; 24 | PVOID SecurityProcedure; 25 | PVOID QueryNameProcedure; 26 | PVOID OkayToCloseProcedure; 27 | } OBJECT_TYPE_INITIALIZER,*POBJECT_TYPE_INITIALIZER; 28 | typedef struct _OBJECT_TYPE 29 | { 30 | ERESOURCE Mutex; 31 | LIST_ENTRY TypeList; 32 | UNICODE_STRING Name; 33 | PVOID DefaultObject; 34 | ULONG Index; 35 | ULONG TotalNumberOfObjects; 36 | ULONG TotalNumberOfHandles; 37 | ULONG HighWaterNumberOfObjects; 38 | ULONG HighWaterNumberOfHandles; 39 | OBJECT_TYPE_INITIALIZER TypeInfo; 40 | #ifdef POOL_TAGGING 41 | ULONG Key; 42 | #endif 43 | } OBJECT_TYPE,*POBJECT_TYPE; 44 | 45 | typedef struct _OBJECT_CREATE_INFORMATION 46 | { 47 | ULONG Attributes; 48 | HANDLE RootDirectory; 49 | PVOID ParseContext; 50 | KPROCESSOR_MODE ProbeMode; 51 | ULONG PagedPoolCharge; 52 | ULONG NonPagedPoolCharge; 53 | ULONG SecurityDescriptorCharge; 54 | PSECURITY_DESCRIPTOR SecurityDescriptor; 55 | PSECURITY_QUALITY_OF_SERVICE SecurityQos; 56 | SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService; 57 | } OBJECT_CREATE_INFORMATION,*POBJECT_CREATE_INFORMATION; 58 | 59 | typedef struct _OBJECT_HEADER 60 | { 61 | LONG PointerCount; 62 | union { 63 | LONG HandleCount; 64 | PSINGLE_LIST_ENTRY SEntry; 65 | }; 66 | POBJECT_TYPE Type; 67 | UCHAR NameInfoOffset; 68 | UCHAR HandleInfoOffset; 69 | UCHAR QuotaInfoOffset; 70 | UCHAR Flags; 71 | union 72 | { 73 | POBJECT_CREATE_INFORMATION ObjectCreateInfo; 74 | PVOID QuotaBlockCharged; 75 | }; 76 | 77 | PSECURITY_DESCRIPTOR SecurityDescriptor; 78 | QUAD Body; 79 | } OBJECT_HEADER,*POBJECT_HEADER; -------------------------------------------------------------------------------- /ShitDrv/RecordInfo.h: -------------------------------------------------------------------------------- 1 | #ifndef __RECORD_INFO_H__ 2 | #define __RECORD_INFO_H__ 3 | 4 | #define SHIT_DRV_RECORD 'drDS' 5 | typedef enum _RECORD_TYPE 6 | { 7 | IsFsFile, 8 | IsRegister 9 | }RECORD_TYPE,*PRECORD_TYPE; 10 | #define SHIT_DRV_SIGNATURE_FS 'PaFs' 11 | #define SHIT_DRV_SIGNATURE_RG 'PsRg' 12 | typedef enum _FILE_OPERATIONS 13 | { 14 | IsOpenFile, 15 | IsCreateFile, 16 | IsReadFile, 17 | IsWriteFile, 18 | IsSetFileSize, 19 | IsDeleteFile, 20 | IsRenNameFile 21 | }FILE_OPERATIONS,*PFILE_OPERATIONS; 22 | 23 | typedef struct _RECORD_INFORMATION 24 | { 25 | ULONG ulSignature; 26 | WCHAR wProcessFullPath[MAX_PATH]; 27 | WCHAR wTargetPath[MAX_PATH]; 28 | WCHAR wBakPath[MAX_PATH]; 29 | CHAR Md5Sum[100]; 30 | ULONG ulOperType; 31 | WCHAR wOperation[50]; 32 | HANDLE hProcessId; 33 | ULONG ulCreateCount; 34 | ULONG ulOpenCount; 35 | ULONG ulWriteCount; 36 | ULONG ulCleanupCount; 37 | ULONG ulCloseCount; 38 | LARGE_INTEGER OperationTime; 39 | }RECORD_INFORMATION,*PRECORD_INFORMATION; 40 | 41 | typedef struct _RECORD_LIST 42 | { 43 | LIST_ENTRY RecordList; 44 | RECORD_INFORMATION RecordDat; 45 | }RECORD_LIST,*PRECORD_LIST; 46 | 47 | extern LIST_ENTRY g_RecordListHead; 48 | 49 | extern KSPIN_LOCK g_RecordSpinLock; 50 | 51 | 52 | VOID SendRecordThread(PVOID StartContext); 53 | void InitializeRecordInfo(); 54 | PRECORD_LIST AllocateRecordListDat(); 55 | void FreeRecordListDat(PRECORD_LIST pRecordList); 56 | BOOLEAN InitializeRecordDat(PRECORD_LIST pRecordList, \ 57 | WCHAR *wProcessFullPath, \ 58 | ULONG ulFullPathLength, \ 59 | WCHAR *wTargetPath, \ 60 | ULONG ulTargetPathLength, \ 61 | WCHAR *wOperation, 62 | ULONG ulOperationLength, 63 | HANDLE hProcessId, \ 64 | ULONG ulOperType, \ 65 | ULONG ulCreateCount, \ 66 | ULONG ulOpenCount, \ 67 | ULONG ulWriteCount, \ 68 | ULONG ulCleanupCount, \ 69 | ULONG ulCloseCount, \ 70 | ULONG ulType); 71 | 72 | #endif -------------------------------------------------------------------------------- /ShitDrv/ShitDrv.h: -------------------------------------------------------------------------------- 1 | #ifndef __SHIT_DRV_H__ 2 | #define __SHIT_DRV_H__ 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "IoCtlCode.h" 9 | #include 10 | #include 11 | #include 12 | 13 | #define SHITDRV_TAG 'PaSD' 14 | #define MAX_PATH 260 15 | #define MAX_OBJNAME_LENGTH 1024 16 | #define MAX_VOLUME_CHARS 26 17 | 18 | #define UNICODE_STRING_CONST(x) \ 19 | {sizeof(L##x)-2, sizeof(L##x), L##x} 20 | 21 | #pragma pack(1) 22 | typedef struct _FILTER_ACCESS_CONTROL 23 | { 24 | ULONG ulIsInitialize:1; 25 | ULONG ulIsStartFilter:1; 26 | ULONG ulIsFilterRead:1; 27 | ULONG ulIsFilterWrite:1; 28 | ULONG ulIsFilterCreate:1; 29 | ULONG ulIsFilterOpen:1; 30 | ULONG ulIsFilterDelete:1; 31 | ULONG ulIsFilterRenName:1; 32 | ULONG ulIsFilterSetSize:1; 33 | ULONG ulIsFilterSetInfo:1; 34 | ULONG ulReserved:22; 35 | }FILTER_ACCESS_CONTROL,*PFILTER_ACCESS_CONTROL; 36 | 37 | typedef struct _FILTER_DAT_CONTROL 38 | { 39 | ULONG ulIsStartFilter:1; 40 | ULONG ulIsFilterWrite:1; 41 | ULONG ulIsFilterDelete:1; 42 | ULONG ulIsFilterRenName:1; 43 | ULONG ulIsFilterSetSize:1; 44 | ULONG ulIsFilterSetInfo:1; 45 | ULONG ulReserved:26; 46 | } FILTER_DAT_CONTROL,*PFILTER_DAT_CONTROL; 47 | 48 | typedef struct _MY_FILTER_CONTROL 49 | { 50 | FILTER_ACCESS_CONTROL FileFltAccessCtl; 51 | PFLT_FILTER pFilterHandle; 52 | PFLT_INSTANCE pFltInstance; 53 | PFLT_PORT ServerPort; 54 | PFLT_PORT ClientPort; 55 | PVOID pMyProc; 56 | UNICODE_STRING UniCurPath; 57 | UNICODE_STRING UniSandBoxPath; 58 | UNICODE_STRING UniFloppy; 59 | PFLT_INSTANCE pFltSandboxVolInstance; 60 | 61 | HANDLE hFltProcessId; 62 | 63 | 64 | }MY_FILTER_CONTROL,*PMY_FILTER_CONTROL; 65 | #pragma pack() 66 | extern PMY_FILTER_CONTROL g_pFilterCtl; 67 | extern USHORT *NtBuildNumber; 68 | 69 | extern PKEVENT g_pEventWaitKrl; 70 | extern HANDLE g_hEventWaitKrl; 71 | 72 | 73 | UCHAR *PsGetProcessImageFileName(IN PEPROCESS Process); 74 | NTSTATUS 75 | NTAPI 76 | ZwQueryInformationProcess(HANDLE ProcessHandle, \ 77 | PROCESSINFOCLASS ProcessInformationClass, \ 78 | PVOID ProcessInformation, \ 79 | ULONG ProcessInformationLength, \ 80 | PULONG ReturnLength); 81 | 82 | #endif -------------------------------------------------------------------------------- /ShitDrv/InitializeInjectRelevantInfo.h: -------------------------------------------------------------------------------- 1 | #ifndef __INITIALIZE_INJECT_RELEVANT_INFO__ 2 | #define __INITIALIZE_INJECT_RELEVANT_INFO__ 3 | 4 | typedef struct _SYSTEM_VERSION 5 | { 6 | ULONG ulMajorVersion; 7 | ULONG ulMinorVersion; 8 | ULONG ulBuildNumber; 9 | PUNICODE_STRING unStrCSDVersion; 10 | }SYSTEM_VERSION,*PSYSTEM_VERSION; 11 | typedef struct _WINDOWS_VERSION 12 | { 13 | #ifndef _WIN64 14 | ULONG_PTR ulReserved:20; 15 | #else 16 | ULONG_PTR ulReserved:52; 17 | #endif 18 | ULONG_PTR bIsUnknow:1; 19 | ULONG_PTR bIsWindows2000:1; 20 | ULONG_PTR bIsWindowsXp:1; 21 | ULONG_PTR bIsWindows2003:1; 22 | ULONG_PTR bIsWindowsVista:1; 23 | ULONG_PTR bIsWindows7:1; 24 | ULONG_PTR bIsWindows2008:1; 25 | ULONG_PTR bIsWindows8:1; 26 | ULONG_PTR bIsWindows81:1; 27 | ULONG_PTR bIsWindows10:1; 28 | ULONG_PTR bIsWindows2012:1; 29 | ULONG_PTR bIs64Bit:1; 30 | }WINDOWS_VERSION,*PWINDOWS_VERSION; 31 | typedef struct _INJECT_RELEVANT_OFFSET 32 | { 33 | //Process 34 | ULONG_PTR ulOffsetPeb; 35 | ULONG_PTR ulOffsetName; 36 | ULONG_PTR ulOffsetFlink; 37 | ULONG_PTR ulOffsetResv; 38 | ULONG_PTR ulOffsetThreadListHead; 39 | ULONG_PTR ulOffsetPid; 40 | 41 | //Thread 42 | ULONG_PTR ulOffsetThreadListEntry; 43 | ULONG_PTR ulOffsetSuspendCount; 44 | ULONG_PTR ulOffsetCrossThreadFlags; 45 | ULONG_PTR ulOffsetCid; 46 | ULONG_PTR ulOffsetTrapFrame; 47 | ULONG_PTR ulOffsetTeb; 48 | 49 | //PEB 50 | ULONG_PTR ulOffsetPebLdr; 51 | ULONG_PTR ulOffsetPebModuleListEntry; 52 | 53 | //Teb 54 | ULONG_PTR ulOffsetActivationContextStackPointer; 55 | 56 | WINDOWS_VERSION WindowsVersion; 57 | }INJECT_RELEVANT_OFFSET,*PINJECT_RELEVANT_OFFSET; 58 | #define NT_SYSTEM_NAME "System" 59 | 60 | extern INJECT_RELEVANT_OFFSET g_InjectRelevantOffset; 61 | 62 | ULONG GetProcessNameOffset(); 63 | BOOLEAN InitializeWindows2k(PINJECT_RELEVANT_OFFSET pInjectRelevantOffset); 64 | BOOLEAN InitializeWindowsXp(PINJECT_RELEVANT_OFFSET pInjectRelevantOffset); 65 | BOOLEAN InitializeWindows2003(PINJECT_RELEVANT_OFFSET pInjectRelevantOffset); 66 | NTSTATUS InitializeWindows7(PINJECT_RELEVANT_OFFSET pInjectRelevantOffset); 67 | NTSTATUS InitializeWindows8(PINJECT_RELEVANT_OFFSET pInjectRelevantOffset); 68 | NTSTATUS InitializeWindows8_1(PINJECT_RELEVANT_OFFSET pInjectRelevantOffset); 69 | NTSTATUS InitializeWindows10(PINJECT_RELEVANT_OFFSET pInjectRelevantOffset); 70 | BOOLEAN InitializeInjectInformation(PINJECT_RELEVANT_OFFSET pInjectRelevantOffset); 71 | 72 | PVOID x64GetKeServiceDescriptorTable(); 73 | 74 | #endif 75 | -------------------------------------------------------------------------------- /ShitDrv.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 10.00 3 | # Visual Studio 2008 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ShitDrv", "ShitDrv\ShitDrv.vcproj", "{B17ABD76-4287-4C6C-B519-448E0E1E389D}" 5 | EndProject 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ShitDrvInterface", "ShitDrvInterface\ShitDrvInterface.vcproj", "{3560F119-9FAB-42BD-B2A0-A9B6F1D668A7}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TestInterface", "TestInterface\TestInterface.vcproj", "{81794950-4647-4297-A418-3C2307168691}" 9 | EndProject 10 | Global 11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 12 | Debug|Win32 = Debug|Win32 13 | Debug|x64 = Debug|x64 14 | Release|Win32 = Release|Win32 15 | Release|x64 = Release|x64 16 | EndGlobalSection 17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 18 | {B17ABD76-4287-4C6C-B519-448E0E1E389D}.Debug|Win32.ActiveCfg = Debug|Win32 19 | {B17ABD76-4287-4C6C-B519-448E0E1E389D}.Debug|Win32.Build.0 = Debug|Win32 20 | {B17ABD76-4287-4C6C-B519-448E0E1E389D}.Debug|x64.ActiveCfg = Debug|x64 21 | {B17ABD76-4287-4C6C-B519-448E0E1E389D}.Debug|x64.Build.0 = Debug|x64 22 | {B17ABD76-4287-4C6C-B519-448E0E1E389D}.Release|Win32.ActiveCfg = Release|Win32 23 | {B17ABD76-4287-4C6C-B519-448E0E1E389D}.Release|Win32.Build.0 = Release|Win32 24 | {B17ABD76-4287-4C6C-B519-448E0E1E389D}.Release|x64.ActiveCfg = Release|x64 25 | {B17ABD76-4287-4C6C-B519-448E0E1E389D}.Release|x64.Build.0 = Release|x64 26 | {3560F119-9FAB-42BD-B2A0-A9B6F1D668A7}.Debug|Win32.ActiveCfg = Debug|Win32 27 | {3560F119-9FAB-42BD-B2A0-A9B6F1D668A7}.Debug|Win32.Build.0 = Debug|Win32 28 | {3560F119-9FAB-42BD-B2A0-A9B6F1D668A7}.Debug|x64.ActiveCfg = Debug|Win32 29 | {3560F119-9FAB-42BD-B2A0-A9B6F1D668A7}.Release|Win32.ActiveCfg = Release|Win32 30 | {3560F119-9FAB-42BD-B2A0-A9B6F1D668A7}.Release|Win32.Build.0 = Release|Win32 31 | {3560F119-9FAB-42BD-B2A0-A9B6F1D668A7}.Release|x64.ActiveCfg = Release|Win32 32 | {81794950-4647-4297-A418-3C2307168691}.Debug|Win32.ActiveCfg = Debug|Win32 33 | {81794950-4647-4297-A418-3C2307168691}.Debug|Win32.Build.0 = Debug|Win32 34 | {81794950-4647-4297-A418-3C2307168691}.Debug|x64.ActiveCfg = Debug|Win32 35 | {81794950-4647-4297-A418-3C2307168691}.Release|Win32.ActiveCfg = Release|Win32 36 | {81794950-4647-4297-A418-3C2307168691}.Release|Win32.Build.0 = Release|Win32 37 | {81794950-4647-4297-A418-3C2307168691}.Release|x64.ActiveCfg = Release|Win32 38 | EndGlobalSection 39 | GlobalSection(SolutionProperties) = preSolution 40 | HideSolutionNode = FALSE 41 | EndGlobalSection 42 | EndGlobal 43 | -------------------------------------------------------------------------------- /ShitDrv/ContextOperation.h: -------------------------------------------------------------------------------- 1 | #ifndef __CONTEXT_OPERATION_H__ 2 | #define __CONTEXT_OPERATION_H__ 3 | 4 | 5 | #define SHITDRV_RESOURCE_TAG 'cRdS' 6 | #define SHITDRV_STRING_TAG 'iSdS' 7 | #define SHITDRV_STREAM_CONTEXT_TAG 'cSdS' 8 | #define SHITDRV_STREAM_HANDLE_TAG 'cHsS' 9 | 10 | typedef struct _SHITDRV_STREAM_CONTEXT 11 | { 12 | BOOLEAN bIsInit; 13 | BOOLEAN bIsPreModifyCopied; 14 | BOOLEAN bIsPostModifyCopied; 15 | CHAR PreModifyCopiedMd5Sum[100]; 16 | CHAR PostModifyCopiedMd5Sum[100]; 17 | UNICODE_STRING UniFileName; 18 | UNICODE_STRING UniVolumeName; 19 | ULONG ulCreateCount; 20 | ULONG ulOpenedCount; 21 | ULONG ulWriteCount; 22 | ULONG ulCleanupCount; 23 | ULONG ulCloseCount; 24 | HANDLE hProcessId; 25 | PERESOURCE pResource; 26 | } SHITDRV_STREAM_CONTEXT,*PSHITDRV_STREAM_CONTEXT; 27 | 28 | typedef struct _SHITDRV_STREAMHANDLE_CONTEXT 29 | { 30 | ULONG ulType; 31 | UNICODE_STRING UniSrcFileName; 32 | UNICODE_STRING UniDstFileName; 33 | PERESOURCE pResource; 34 | } SHITDRV_STREAMHANDLE_CONTEXT,*PSHITDRV_STREAMHANDLE_CONTEXT; 35 | 36 | #define SHITDRV_STREAM_CONTEXT_SIZE sizeof(SHITDRV_STREAM_CONTEXT) 37 | #define SHITDRV_STREAMHANDLE_CONTEXT_SIZE sizeof(SHITDRV_STREAMHANDLE_CONTEXT) 38 | 39 | 40 | 41 | PERESOURCE ShitDrvAllocateResource(VOID); 42 | VOID ShitDrvFreeResource(PERESOURCE Resource); 43 | NTSTATUS CreateStreamContext(PSHITDRV_STREAM_CONTEXT *pArgStreamContext); 44 | NTSTATUS FindOrCreateStreamContext(PFLT_CALLBACK_DATA Cbd, \ 45 | BOOLEAN CreateIfNotFound, \ 46 | PSHITDRV_STREAM_CONTEXT *pArgStreamContext, \ 47 | PBOOLEAN pContextCreated); 48 | 49 | NTSTATUS ShitDrvAllocateUnicodeString(PUNICODE_STRING String); 50 | VOID ShitDrvFreeUnicodeString(PUNICODE_STRING String); 51 | VOID ShitDrvAcquireResourceExclusive(PERESOURCE pResource); 52 | VOID ShitDrvAcquireResourceShared(PERESOURCE pResource); 53 | VOID ShitDrvReleaseResource(PERESOURCE pResource); 54 | 55 | VOID ShitDrvContextCleanup(PFLT_CONTEXT Context,FLT_CONTEXT_TYPE ContextType); 56 | NTSTATUS UpdateNameInStreamContext(PUNICODE_STRING DirectoryName, \ 57 | PSHITDRV_STREAM_CONTEXT pArgStreamContext); 58 | 59 | NTSTATUS UpdateNameInStreamHandleContext(PUNICODE_STRING UniSrcFileName, \ 60 | PUNICODE_STRING UniDstFileName, \ 61 | PSHITDRV_STREAMHANDLE_CONTEXT pArgStreamHandleContext); 62 | NTSTATUS CreateStreamHandleContext(PSHITDRV_STREAMHANDLE_CONTEXT *pArgStreamHandleContext); 63 | #endif -------------------------------------------------------------------------------- /ShitDrv/RegisterCallBack.c: -------------------------------------------------------------------------------- 1 | #include "ShitDrv.h" 2 | #include "UtilsApi.h" 3 | #include "RegisterOperation.h" 4 | #include "RegisterCallBack.h" 5 | 6 | PREGISTER_CALLBACK g_pRegisterCallBack = NULL; 7 | 8 | NTSTATUS RegistryCallback(PVOID CallbackContext,PVOID Argument1,PVOID Argument2) 9 | { 10 | NTSTATUS Status; 11 | REG_NOTIFY_CLASS RegNotifyClass; 12 | 13 | RegNotifyClass = (LONG)Argument1; 14 | Status = STATUS_SUCCESS; 15 | 16 | 17 | switch(RegNotifyClass) 18 | { 19 | case RegNtPreCreateKey: 20 | Status = FilterPreCreateKey(CallbackContext,Argument2); 21 | break; 22 | case RegNtPreCreateKeyEx: 23 | Status = FilterPreCreateKeyEx(CallbackContext,Argument2,RegNotifyClass); 24 | break; 25 | case RegNtPostSetValueKey: 26 | Status = FilterPostSetKey(CallbackContext,Argument2,RegNotifyClass); 27 | break; 28 | case RegNtPostSetInformationKey: 29 | Status = FilterPostSetInformationKey(CallbackContext,Argument2,RegNotifyClass); 30 | break; 31 | case RegNtPostRenameKey: 32 | Status = FilterPostRenNameKey(CallbackContext,Argument2,RegNotifyClass); 33 | break; 34 | case RegNtPostDeleteKey: 35 | Status = FilterPostDeleteKey(CallbackContext,Argument2,RegNotifyClass); 36 | break; 37 | case RegNtPostDeleteValueKey: 38 | Status = FilterPostDeleteValueKey(CallbackContext,Argument2,RegNotifyClass); 39 | break; 40 | default: 41 | break; 42 | } 43 | return Status; 44 | } 45 | NTSTATUS InitializeCmCallBack(PDRIVER_OBJECT pDrvObj, \ 46 | PUNICODE_STRING pUniAltitude, \ 47 | PVOID pContext, \ 48 | BOOLEAN bRemove) 49 | { 50 | NTSTATUS Status; 51 | 52 | Status = STATUS_UNSUCCESSFUL; 53 | if (g_pRegisterCallBack == NULL) 54 | { 55 | do 56 | { 57 | g_pRegisterCallBack = ExAllocatePoolWithTag(NonPagedPool,sizeof(REGISTER_CALLBACK),SHITDRV_TAG); 58 | } while (NULL == g_pRegisterCallBack); 59 | RtlZeroMemory(g_pRegisterCallBack,sizeof(REGISTER_CALLBACK)); 60 | } 61 | 62 | if (bRemove) 63 | { 64 | if (g_pRegisterCallBack->CmHandleCookie.QuadPart != 0) 65 | { 66 | Status = CmUnRegisterCallback(g_pRegisterCallBack->CmHandleCookie); 67 | if (NT_SUCCESS(Status)) 68 | { 69 | DbgPrint("CmUnRegisterCallback Success\n"); 70 | g_pRegisterCallBack->CmHandleCookie.QuadPart = 0; 71 | } 72 | else 73 | { 74 | DbgPrint("CmUnRegisterCallback Failed\n"); 75 | } 76 | } 77 | } 78 | else 79 | { 80 | if (g_pRegisterCallBack->CmHandleCookie.QuadPart == 0) 81 | { 82 | Status = CmRegisterCallbackEx(RegistryCallback, \ 83 | pUniAltitude, \ 84 | pDrvObj, \ 85 | pContext, \ 86 | &g_pRegisterCallBack->CmHandleCookie, \ 87 | NULL); 88 | if (NT_SUCCESS(Status)) 89 | { 90 | DbgPrint("CmRegisterCallback Success\n"); 91 | } 92 | else 93 | { 94 | DbgPrint("CmRegisterCallback Failed\n"); 95 | } 96 | } 97 | } 98 | return Status; 99 | } -------------------------------------------------------------------------------- /ShitDrv/DrvFunction.c: -------------------------------------------------------------------------------- 1 | #include "ShitDrv.h" 2 | #include "ProcessList.h" 3 | #include "UtilsApi.h" 4 | #include "DrvFunction.h" 5 | 6 | BOOLEAN GetFileMd5Sum(PWCHAR pFilePath,PUCHAR pOutMd5Sum) 7 | { 8 | BOOLEAN bRet; 9 | UNICODE_STRING UniFileName; 10 | NTSTATUS Status; 11 | 12 | Status = STATUS_UNSUCCESSFUL; 13 | bRet = FALSE; 14 | 15 | RtlInitUnicodeString(&UniFileName,pFilePath); 16 | if (g_pFilterCtl->FileFltAccessCtl.ulIsStartFilter && \ 17 | NULL != g_pFilterCtl->pFltInstance) 18 | { 19 | Status = FltCalcFileDatMd5(g_pFilterCtl->pFilterHandle, \ 20 | g_pFilterCtl->pFltInstance, \ 21 | &UniFileName, \ 22 | pOutMd5Sum); 23 | if (NT_SUCCESS(Status)) 24 | { 25 | bRet = TRUE; 26 | } 27 | } 28 | else 29 | { 30 | Status = CalcFileDatMd5(&UniFileName, \ 31 | pOutMd5Sum); 32 | if (NT_SUCCESS(Status)) 33 | { 34 | bRet = TRUE; 35 | } 36 | } 37 | return bRet; 38 | } 39 | BOOLEAN SetCurrentProcess(HANDLE Pid) 40 | { 41 | PVOID pProcess; 42 | 43 | pProcess = NULL; 44 | 45 | if (0 == Pid) 46 | { 47 | return FALSE; 48 | } 49 | if (g_pFilterCtl->FileFltAccessCtl.ulIsInitialize) 50 | { 51 | if (NT_SUCCESS(PsLookupProcessByProcessId(Pid,(PEPROCESS*)&pProcess))) 52 | { 53 | g_pFilterCtl->pMyProc = pProcess; 54 | ObDereferenceObject(pProcess); 55 | return TRUE; 56 | } 57 | } 58 | return FALSE; 59 | } 60 | BOOLEAN SetCurClientPath(WCHAR *wPath) 61 | { 62 | if (NULL == wPath) 63 | { 64 | return FALSE; 65 | } 66 | if (g_pFilterCtl->FileFltAccessCtl.ulIsInitialize) 67 | { 68 | RtlInitUnicodeString(&g_pFilterCtl->UniCurPath,wPath); 69 | return TRUE; 70 | } 71 | return FALSE; 72 | } 73 | BOOLEAN SetSandboxPath(PWCHAR pSandboxPath) 74 | { 75 | if (NULL == pSandboxPath) 76 | { 77 | if (g_pFilterCtl->FileFltAccessCtl.ulIsInitialize) 78 | { 79 | RtlInitUnicodeString(&g_pFilterCtl->UniSandBoxPath,pSandboxPath); 80 | return TRUE; 81 | } 82 | } 83 | return FALSE; 84 | } 85 | BOOLEAN SetSandBoxProcName(PCHAR pImagName) 86 | { 87 | NTSTATUS Status; 88 | ANSI_STRING AnsiName; 89 | PSANDBOX_PROCESS_LIST pSandboxList; 90 | UNICODE_STRING UniProcName; 91 | //KIRQL OldIrql; 92 | 93 | pSandboxList = NULL; 94 | UniProcName.Buffer = NULL; 95 | Status = STATUS_SUCCESS; 96 | 97 | RtlInitAnsiString(&AnsiName,pImagName); 98 | RtlAnsiStringToUnicodeString(&UniProcName,&AnsiName,TRUE); 99 | pSandboxList = AllocateSandboxProcList(); 100 | if (NULL == pSandboxList) 101 | { 102 | if (UniProcName.Buffer) 103 | { 104 | RtlFreeUnicodeString(&UniProcName); 105 | UniProcName.Buffer = NULL; 106 | } 107 | return FALSE; 108 | } 109 | RtlZeroMemory(pSandboxList,sizeof(SANDBOX_PROCESS_LIST)); 110 | pSandboxList->UniProcessName.MaximumLength = UniProcName.MaximumLength; 111 | Status = AllocateUnicodeString(&pSandboxList->UniProcessName); 112 | if (NT_ERROR(Status)) 113 | { 114 | if (UniProcName.Buffer) 115 | { 116 | RtlFreeUnicodeString(&UniProcName); 117 | UniProcName.Buffer = NULL; 118 | } 119 | return FALSE; 120 | } 121 | RtlCopyMemory(pSandboxList->UniProcessName.Buffer, \ 122 | UniProcName.Buffer, \ 123 | UniProcName.Length); 124 | pSandboxList->UniProcessName.Length = UniProcName.Length; 125 | InitializeListHead(&pSandboxList->Next); 126 | //OldIrql = GetSandboxLock(&g_SandboxSpinLock); 127 | //InsertTailList(&g_SandboxProcList,&pParentProcList->Next); 128 | //InsertHeadList(&g_SandboxProcList,&pParentProcList->Next); 129 | ExInterlockedInsertHeadList(&g_SandboxProcList,&pSandboxList->Next,&g_SandboxSpinLock); 130 | //ReleaseSandboxLock(&g_SandboxSpinLock,OldIrql); 131 | if (UniProcName.Buffer) 132 | { 133 | RtlFreeUnicodeString(&UniProcName); 134 | UniProcName.Buffer = NULL; 135 | } 136 | return TRUE; 137 | } -------------------------------------------------------------------------------- /ShitDrv/RegisterMiniFilter.c: -------------------------------------------------------------------------------- 1 | #include "ShitDrv.h" 2 | #include "MiniFilterOperation.h" 3 | #include "UtilsApi.h" 4 | #include "RegisterMiniFilter.h" 5 | #include "ContextOperation.h" 6 | 7 | PMY_FILTER_CONTROL g_pFilterCtl = NULL; 8 | 9 | const FLT_CONTEXT_REGISTRATION MiniMonitorContext[] = 10 | { 11 | 12 | { 13 | FLT_STREAM_CONTEXT, 14 | 0, 15 | ShitDrvContextCleanup, 16 | SHITDRV_STREAM_CONTEXT_SIZE, 17 | SHITDRV_STREAM_CONTEXT_TAG 18 | }, 19 | { 20 | FLT_STREAMHANDLE_CONTEXT, 21 | 0, 22 | ShitDrvContextCleanup, 23 | SHITDRV_STREAMHANDLE_CONTEXT_SIZE, 24 | SHITDRV_STREAM_HANDLE_TAG 25 | }, 26 | { 27 | FLT_CONTEXT_END 28 | } 29 | }; 30 | const FLT_OPERATION_REGISTRATION MiniFilterCallbacks[] = 31 | { 32 | { 33 | IRP_MJ_CREATE, 34 | 0, 35 | NULL, 36 | FltPostCreateFiles 37 | }, 38 | { 39 | IRP_MJ_WRITE, 40 | 0, 41 | FltPreWriteFiles, 42 | FltPostWriteFiles 43 | }, 44 | { 45 | IRP_MJ_SET_INFORMATION, 46 | 0, 47 | FltPreSetFileformationFiles, 48 | FltPostSetFileInformationFiles 49 | }, 50 | { 51 | IRP_MJ_CLOSE, 52 | 0, 53 | FltPreClose, 54 | NULL 55 | }, 56 | { 57 | IRP_MJ_OPERATION_END 58 | } 59 | }; 60 | 61 | const FLT_REGISTRATION MiniMonitorRegistration = { 62 | 63 | sizeof(FLT_REGISTRATION), // Size 64 | FLT_REGISTRATION_VERSION, // Version 65 | 0, // Flags 66 | MiniMonitorContext, // ContextRegistration 67 | //NULL, 68 | MiniFilterCallbacks, // Operation callbacks 69 | MiniFilterUnload, // FilterUnload 70 | MiniFilterInstanceSetup, // InstanceSetup 71 | NULL, // InstanceQueryTeardown 72 | MiniFilterInstanceTeardownStart, // InstanceTeardownStart 73 | NULL, // InstanceTeardownComplete 74 | NULL, // GenerateFileName 75 | NULL, // GenerateDestinationFileName 76 | NULL // NormalizeNameComponent 77 | }; 78 | 79 | 80 | NTSTATUS InitializeMiniFilter(PDRIVER_OBJECT pDrvObj) 81 | { 82 | NTSTATUS Status; 83 | UNICODE_STRING UniSymLinkName; 84 | 85 | Status = STATUS_UNSUCCESSFUL; 86 | 87 | do 88 | { 89 | g_pFilterCtl = (PMY_FILTER_CONTROL)ExAllocatePoolWithTag(NonPagedPool, \ 90 | sizeof(MY_FILTER_CONTROL), \ 91 | SHITDRV_TAG); 92 | } while (NULL == g_pFilterCtl); 93 | RtlZeroMemory(g_pFilterCtl,sizeof(MY_FILTER_CONTROL)); 94 | 95 | RtlInitUnicodeString(&UniSymLinkName,L"\\??\\c:"); 96 | Status = QuerySymbolicLink(&UniSymLinkName,&g_pFilterCtl->UniSandBoxPath); 97 | if (NT_SUCCESS(Status)) 98 | { 99 | RtlUnicodeStringCatString(&g_pFilterCtl->UniSandBoxPath,L"\\sandbox"); 100 | } 101 | else 102 | { 103 | RtlInitUnicodeString(&g_pFilterCtl->UniSandBoxPath, L"\\Device\\HarddiskVolume1\\sandbox"); 104 | } 105 | RtlInitUnicodeString(&g_pFilterCtl->UniFloppy,L"\\Device\\Floppy"); 106 | g_pFilterCtl->FileFltAccessCtl.ulIsInitialize = TRUE; 107 | if (g_pFilterCtl->FileFltAccessCtl.ulIsInitialize) 108 | { 109 | Status = FltRegisterFilter(pDrvObj,&MiniMonitorRegistration,&g_pFilterCtl->pFilterHandle); 110 | } 111 | return Status; 112 | } 113 | NTSTATUS MiniFilterInstanceSetup(PCFLT_RELATED_OBJECTS FltObjects, \ 114 | FLT_INSTANCE_SETUP_FLAGS Flags, \ 115 | DEVICE_TYPE VolumeDeviceType, \ 116 | FLT_FILESYSTEM_TYPE VolumeFilesystemType) 117 | { 118 | return STATUS_SUCCESS; 119 | } 120 | NTSTATUS MiniFilterUnload(FLT_FILTER_UNLOAD_FLAGS Flags) 121 | { 122 | return STATUS_SUCCESS; 123 | } 124 | VOID MiniFilterInstanceTeardownStart(PCFLT_RELATED_OBJECTS FltObjects, \ 125 | FLT_INSTANCE_TEARDOWN_FLAGS Reason) 126 | { 127 | 128 | } 129 | -------------------------------------------------------------------------------- /ShitDrv/RecordInfo.c: -------------------------------------------------------------------------------- 1 | #include "ShitDrv.h" 2 | #include "UtilsApi.h" 3 | #include "RecordInfo.h" 4 | #include "RegisterCallBack.h" 5 | 6 | LIST_ENTRY g_RecordListHead; 7 | 8 | KSPIN_LOCK g_RecordSpinLock; 9 | 10 | void InitializeRecordInfo() 11 | { 12 | InitializeListHead(&g_RecordListHead); 13 | KeInitializeSpinLock(&g_RecordSpinLock); 14 | } 15 | BOOLEAN InitializeRecordDat(PRECORD_LIST pRecordList, \ 16 | WCHAR *wProcessFullPath, \ 17 | ULONG ulFullPathLength, \ 18 | WCHAR *wTargetPath, \ 19 | ULONG ulTargetPathLength, \ 20 | WCHAR *wOperation, 21 | ULONG ulOperationLength, 22 | HANDLE hProcessId, \ 23 | ULONG ulOperType, \ 24 | ULONG ulCreateCount, \ 25 | ULONG ulOpenCount, \ 26 | ULONG ulWriteCount, \ 27 | ULONG ulCleanupCount, \ 28 | ULONG ulCloseCount, \ 29 | ULONG ulType) 30 | { 31 | if (NULL == pRecordList || \ 32 | NULL == wProcessFullPath) 33 | { 34 | return FALSE; 35 | } 36 | if (wProcessFullPath && ulFullPathLength) 37 | { 38 | RtlZeroMemory(pRecordList->RecordDat.wProcessFullPath, \ 39 | MAX_PATH * sizeof(WCHAR)); 40 | 41 | RtlCopyMemory(pRecordList->RecordDat.wProcessFullPath, \ 42 | wProcessFullPath, \ 43 | ulFullPathLength); 44 | } 45 | if (wTargetPath && ulTargetPathLength) 46 | { 47 | RtlZeroMemory(pRecordList->RecordDat.wTargetPath, \ 48 | MAX_PATH * sizeof(WCHAR)); 49 | 50 | RtlCopyMemory(pRecordList->RecordDat.wTargetPath, \ 51 | wTargetPath, \ 52 | ulTargetPathLength); 53 | } 54 | if (ulOperationLength && wOperation) 55 | { 56 | RtlCopyMemory(pRecordList->RecordDat.wOperation, \ 57 | wOperation, \ 58 | ulOperationLength); 59 | } 60 | if (hProcessId) 61 | { 62 | pRecordList->RecordDat.hProcessId = hProcessId; 63 | } 64 | if (ulOperType) 65 | { 66 | pRecordList->RecordDat.ulOperType = ulOperType; 67 | } 68 | KeQuerySystemTime(&pRecordList->RecordDat.OperationTime); 69 | if (ulType == IsFsFile) 70 | { 71 | pRecordList->RecordDat.ulSignature = SHIT_DRV_SIGNATURE_FS; 72 | } 73 | else if (ulType == IsRegister) 74 | { 75 | pRecordList->RecordDat.ulSignature = SHIT_DRV_SIGNATURE_RG; 76 | } 77 | else 78 | { 79 | 80 | } 81 | 82 | return TRUE; 83 | } 84 | PRECORD_LIST AllocateRecordListDat() 85 | { 86 | PRECORD_LIST pRecordList; 87 | 88 | pRecordList = NULL; 89 | 90 | do 91 | { 92 | pRecordList = (PRECORD_LIST)ExAllocatePoolWithTag(NonPagedPool, \ 93 | sizeof(RECORD_LIST), \ 94 | SHIT_DRV_RECORD); 95 | } while (NULL == pRecordList); 96 | RtlZeroMemory(pRecordList,sizeof(RECORD_LIST)); 97 | return pRecordList; 98 | } 99 | void FreeRecordListDat(PRECORD_LIST pRecordList) 100 | { 101 | if (pRecordList) 102 | { 103 | ExFreePoolWithTag(pRecordList,SHIT_DRV_RECORD); 104 | } 105 | return; 106 | } 107 | VOID SendRecordThread(PVOID StartContext) 108 | { 109 | while (TRUE) 110 | { 111 | if (!IsListEmpty(&g_RecordListHead)) 112 | { 113 | if (g_pFilterCtl->FileFltAccessCtl.ulIsStartFilter == FALSE) 114 | { 115 | KeSetEvent(g_pEventWaitKrl,IO_NO_INCREMENT,FALSE); 116 | KeClearEvent(g_pEventWaitKrl); 117 | } 118 | } 119 | System_Sleep(1); 120 | } 121 | PsTerminateSystemThread(STATUS_SUCCESS); 122 | return; 123 | } -------------------------------------------------------------------------------- /ShitDrv/Dispatch.c: -------------------------------------------------------------------------------- 1 | #include "ShitDrv.h" 2 | #include "InjectKtrapFrame.h" 3 | #include "DrvFunction.h" 4 | #include "Dispatch.h" 5 | 6 | NTSTATUS Dispatch(PDEVICE_OBJECT pDevObj,PIRP pIrp) 7 | { 8 | pIrp->IoStatus.Status = STATUS_SUCCESS; 9 | pIrp->IoStatus.Information = 0; 10 | 11 | IoCompleteRequest(pIrp,IO_NO_INCREMENT); 12 | return STATUS_SUCCESS; 13 | } 14 | NTSTATUS ReadDispatch(PDEVICE_OBJECT pDevObj,PIRP pIrp) 15 | { 16 | pIrp->IoStatus.Status = STATUS_SUCCESS; 17 | pIrp->IoStatus.Information = 0; 18 | 19 | IoCompleteRequest(pIrp,IO_NO_INCREMENT); 20 | return STATUS_SUCCESS; 21 | } 22 | NTSTATUS DispatchIoCtl(PDEVICE_OBJECT pDevObj,PIRP pIrp) 23 | { 24 | NTSTATUS Status; 25 | PIO_STACK_LOCATION pIrpStack; 26 | PUCHAR pInBuffer,pOutBuffer; 27 | ULONG ulInLength,ulOutLength,ulIoCtlCode,ulInfo; 28 | 29 | Status = STATUS_UNSUCCESSFUL; 30 | ulInfo = 0; 31 | 32 | pIrpStack = IoGetCurrentIrpStackLocation(pIrp); 33 | ulInLength = pIrpStack->Parameters.DeviceIoControl.InputBufferLength; 34 | pInBuffer = pIrp->AssociatedIrp.SystemBuffer; 35 | ulOutLength = pIrpStack->Parameters.DeviceIoControl.OutputBufferLength; 36 | pOutBuffer = pIrp->AssociatedIrp.SystemBuffer; 37 | ulIoCtlCode = pIrpStack->Parameters.DeviceIoControl.IoControlCode; 38 | 39 | switch(ulIoCtlCode) 40 | { 41 | case IOC(SetCurrentProcess): 42 | { 43 | IOP(SetCurrentProcess) *Params; 44 | 45 | if (ulInLength < sizeof(*Params)) 46 | { 47 | break; 48 | } 49 | Params = (IOP(SetCurrentProcess)*)pIrp->AssociatedIrp.SystemBuffer; 50 | if (SetCurrentProcess(Params->ProcessId)) 51 | { 52 | Status = STATUS_SUCCESS; 53 | } 54 | } 55 | break; 56 | case IOC(SetCurClientPath): 57 | { 58 | IOP(SetCurClientPath) *Params; 59 | 60 | if (ulInLength < sizeof(*Params)) 61 | { 62 | break; 63 | } 64 | Params = (IOP(SetCurClientPath)*)pIrp->AssociatedIrp.SystemBuffer; 65 | if (SetCurClientPath(Params->wCurClientPath)) 66 | { 67 | Status = STATUS_SUCCESS; 68 | } 69 | } 70 | break; 71 | case IOC(SetSandBoxProcName): 72 | { 73 | IOP(SetSandBoxProcName) *Params; 74 | 75 | if (ulInLength < sizeof(*Params)) 76 | { 77 | break; 78 | } 79 | Params = (IOP(SetSandBoxProcName)*)pIrp->AssociatedIrp.SystemBuffer; 80 | if (SetSandBoxProcName(Params->ImageName)) 81 | { 82 | Status = STATUS_SUCCESS; 83 | } 84 | } 85 | break; 86 | case IOC(GetFileMd5Sum): 87 | { 88 | IOP(GetFileMd5Sum) *Params; 89 | 90 | if (ulInLength < sizeof(*Params)) 91 | { 92 | break; 93 | } 94 | Params = (IOP(GetFileMd5Sum)*)pIrp->AssociatedIrp.SystemBuffer; 95 | if (GetFileMd5Sum(Params->wImageName,Params->Md5Sum)) 96 | { 97 | Status = STATUS_SUCCESS; 98 | ulInfo = sizeof(*Params); 99 | } 100 | } 101 | break; 102 | case IOC(InjectKtrapFrame): 103 | { 104 | IOP(InjectKtrapFrame) *Params; 105 | PINJECT_PROCESS_INFORMATION pInjectProcessInfo; 106 | 107 | if (ulInLength < sizeof(*Params)) 108 | { 109 | break; 110 | } 111 | do 112 | { 113 | pInjectProcessInfo = ExAllocatePoolWithTag(NonPagedPool,sizeof(INJECT_PROCESS_INFORMATION) + 260,'PasP'); 114 | } while (NULL == pInjectProcessInfo); 115 | RtlZeroMemory(pInjectProcessInfo,sizeof(INJECT_PROCESS_INFORMATION) + 260); 116 | Params = (IOP(InjectKtrapFrame) *)pIrp->AssociatedIrp.SystemBuffer; 117 | if (Params->ulPid) 118 | { 119 | pInjectProcessInfo->ulPid = Params->ulPid; 120 | } 121 | else 122 | { 123 | RtlCopyMemory(pInjectProcessInfo->pInjectProcessName,Params->pInjectProcessName,strlen(Params->pInjectProcessName)); 124 | } 125 | Status = InjectKtrapFrame(pInjectProcessInfo,Params->pInjectDllPath); 126 | if (pInjectProcessInfo) 127 | { 128 | ExFreePoolWithTag(pInjectProcessInfo,'PasP'); 129 | } 130 | } 131 | default: 132 | Status = STATUS_INVALID_DEVICE_REQUEST; 133 | break; 134 | } 135 | pIrp->IoStatus.Status = Status; 136 | pIrp->IoStatus.Information = ulInfo; 137 | IoCompleteRequest(pIrp,IO_NO_INCREMENT); 138 | return Status; 139 | } -------------------------------------------------------------------------------- /ShitDrv/ProcessList.c: -------------------------------------------------------------------------------- 1 | #include "ShitDrv.h" 2 | #include "ProcessList.h" 3 | 4 | LIST_ENTRY g_SandboxProcList; 5 | KSPIN_LOCK g_SandboxSpinLock; 6 | 7 | void InitializeSandboxProcList() 8 | { 9 | InitializeListHead(&g_SandboxProcList); 10 | KeInitializeSpinLock(&g_SandboxSpinLock); 11 | } 12 | KIRQL GetSandboxLock(PKSPIN_LOCK pKspinLock) 13 | { 14 | KIRQL OldIrql,LowerIrql; 15 | 16 | if (KeGetCurrentIrql() <= DISPATCH_LEVEL) 17 | { 18 | KeAcquireSpinLock(pKspinLock,&OldIrql); 19 | } 20 | else 21 | { 22 | KeRaiseIrql(DISPATCH_LEVEL,&LowerIrql); 23 | if (KeGetCurrentIrql() <= DISPATCH_LEVEL) 24 | { 25 | KeAcquireSpinLock(pKspinLock,&OldIrql); 26 | } 27 | KeLowerIrql(LowerIrql); 28 | } 29 | return OldIrql; 30 | } 31 | void ReleaseSandboxLock(PKSPIN_LOCK pKspinLock,KIRQL Irql) 32 | { 33 | KIRQL LowerIrql; 34 | if (KeGetCurrentIrql() <= DISPATCH_LEVEL) 35 | { 36 | KeReleaseSpinLock(pKspinLock,Irql); 37 | } 38 | else 39 | { 40 | KeRaiseIrql(DISPATCH_LEVEL,&LowerIrql); 41 | if (KeGetCurrentIrql() <= DISPATCH_LEVEL) 42 | { 43 | KeReleaseSpinLock(pKspinLock,Irql); 44 | } 45 | KeLowerIrql(LowerIrql); 46 | } 47 | return; 48 | } 49 | PERESOURCE AllocateResource(VOID) 50 | { 51 | return ExAllocatePoolWithTag(NonPagedPool,sizeof(ERESOURCE),SANDBOX_PROC_RES_TAG); 52 | } 53 | VOID FreeResource(PERESOURCE Resource) 54 | { 55 | ExFreePoolWithTag(Resource,SANDBOX_PROC_RES_TAG); 56 | } 57 | NTSTATUS AllocateUnicodeString(PUNICODE_STRING String) 58 | /*++ 59 | Routine Description: 60 | This routine allocates a unicode string 61 | Arguments: 62 | String - supplies the size of the string to be allocated in the MaximumLength field 63 | return the unicode string 64 | Return Value: 65 | STATUS_SUCCESS - success 66 | STATUS_INSUFFICIENT_RESOURCES - failure 67 | --*/ 68 | { 69 | PAGED_CODE(); 70 | 71 | String->Buffer = ExAllocatePoolWithTag(NonPagedPool,String->MaximumLength,SANDBOX_PROC_STR_TAG); 72 | if (String->Buffer == NULL) 73 | { 74 | return STATUS_INSUFFICIENT_RESOURCES; 75 | } 76 | RtlZeroMemory(String->Buffer,String->MaximumLength); 77 | String->Length = 0; 78 | return STATUS_SUCCESS; 79 | } 80 | 81 | VOID FreeUnicodeString(PUNICODE_STRING String) 82 | /*++ 83 | Routine Description: 84 | This routine frees a unicode string 85 | Arguments: 86 | String - supplies the string to be freed 87 | Return Value: 88 | None 89 | --*/ 90 | { 91 | PAGED_CODE(); 92 | ExFreePoolWithTag(String->Buffer,SANDBOX_PROC_STR_TAG); 93 | String->Length = String->MaximumLength = 0; 94 | String->Buffer = NULL; 95 | } 96 | PSANDBOX_PROCESS_LIST AllocateSandboxProcList() 97 | { 98 | PSANDBOX_PROCESS_LIST pSandboxProcList; 99 | 100 | pSandboxProcList = NULL; 101 | 102 | do 103 | { 104 | pSandboxProcList = (PSANDBOX_PROCESS_LIST)ExAllocatePoolWithTag(NonPagedPool, \ 105 | sizeof(SANDBOX_PROCESS_LIST), \ 106 | SANDBOX_PROCESS_TAG); 107 | } while (NULL == pSandboxProcList); 108 | RtlZeroMemory(pSandboxProcList,sizeof(SANDBOX_PROCESS_LIST)); 109 | pSandboxProcList->UniProcessName.Buffer = NULL; 110 | pSandboxProcList->UniProcessName.Length = 0; 111 | InitializeListHead(&pSandboxProcList->Next); 112 | return pSandboxProcList; 113 | } 114 | VOID AcquireResourceExclusive(PERESOURCE pResource) 115 | { 116 | ASSERT(KeGetCurrentIrql() <= APC_LEVEL); 117 | ASSERT(ExIsResourceAcquiredExclusiveLite(pResource) || \ 118 | !ExIsResourceAcquiredSharedLite(pResource)); 119 | 120 | KeEnterCriticalRegion(); 121 | 122 | (VOID)ExAcquireResourceExclusiveLite(pResource,TRUE); 123 | } 124 | VOID AcquireResourceShared(PERESOURCE pResource) 125 | { 126 | ASSERT(KeGetCurrentIrql() <= APC_LEVEL); 127 | 128 | KeEnterCriticalRegion(); 129 | 130 | (VOID)ExAcquireResourceSharedLite(pResource,TRUE); 131 | } 132 | VOID ReleaseResource(PERESOURCE pResource) 133 | { 134 | ASSERT(KeGetCurrentIrql() <= APC_LEVEL); 135 | ASSERT(ExIsResourceAcquiredExclusiveLite(pResource) || 136 | ExIsResourceAcquiredSharedLite(pResource)); 137 | 138 | ExReleaseResourceLite(pResource); 139 | 140 | KeLeaveCriticalRegion(); 141 | } 142 | BOOLEAN FreeSandboxProcList(PSANDBOX_PROCESS_LIST pSandboxProcList) 143 | { 144 | if (NULL == pSandboxProcList) 145 | { 146 | return FALSE; 147 | } 148 | if (NULL != pSandboxProcList->UniProcessName.Buffer) 149 | { 150 | FreeUnicodeString(&pSandboxProcList->UniProcessName); 151 | } 152 | return TRUE; 153 | } 154 | 155 | -------------------------------------------------------------------------------- /ShitDrv/DrvEntry.c: -------------------------------------------------------------------------------- 1 | #include "ShitDrv.h" 2 | #include "RegisterMiniFilter.h" 3 | #include "Dispatch.h" 4 | #include "RegisterCallBack.h" 5 | #include "RecordInfo.h" 6 | #include "UtilsApi.h" 7 | #include "ProcessList.h" 8 | #include "ProcessNotify.h" 9 | #include "Communication.h" 10 | 11 | PKEVENT g_pEventWaitKrl = NULL; 12 | HANDLE g_hEventWaitKrl = NULL; 13 | 14 | 15 | void DrvUnLoad(PDRIVER_OBJECT pDrvObj) 16 | { 17 | UNICODE_STRING UniSymName; 18 | 19 | g_pFilterCtl->FileFltAccessCtl.ulIsStartFilter = FALSE; 20 | PsSetCreateProcessNotifyRoutine(ProcessNotify,TRUE); 21 | if (g_pFilterCtl->ServerPort) 22 | { 23 | FltCloseCommunicationPort(g_pFilterCtl->ServerPort); 24 | } 25 | InitializeCmCallBack(pDrvObj,NULL,NULL,TRUE); 26 | if (g_pFilterCtl->pFilterHandle) 27 | { 28 | FltUnregisterFilter(g_pFilterCtl->pFilterHandle); 29 | g_pFilterCtl->pFilterHandle = NULL; 30 | } 31 | if (pDrvObj->DeviceObject) 32 | { 33 | RtlInitUnicodeString(&UniSymName,SHITDRV_LINKNAME); 34 | IoDeleteSymbolicLink(&UniSymName); 35 | IoDeleteDevice(pDrvObj->DeviceObject); 36 | } 37 | if (g_hEventWaitKrl) 38 | { 39 | ZwClose(g_hEventWaitKrl); 40 | } 41 | if (g_pFilterCtl->UniSandBoxPath.Buffer) 42 | { 43 | ExFreePoolWithTag(g_pFilterCtl->UniSandBoxPath.Buffer,'SOD'); 44 | } 45 | if (g_pRegisterCallBack) 46 | { 47 | ExFreePoolWithTag(g_pRegisterCallBack,SHITDRV_TAG); 48 | } 49 | if (g_pFilterCtl) 50 | { 51 | ExFreePoolWithTag(g_pFilterCtl,SHITDRV_TAG); 52 | } 53 | return; 54 | } 55 | 56 | NTSTATUS DriverEntry(PDRIVER_OBJECT pDrvObj,PUNICODE_STRING pUniRegPath) 57 | { 58 | NTSTATUS Status; 59 | UNICODE_STRING UniDevName; 60 | UNICODE_STRING UniSymName; 61 | UNICODE_STRING UniAltitude; 62 | PDEVICE_OBJECT pDevObj; 63 | 64 | Status = STATUS_UNSUCCESSFUL; 65 | 66 | do 67 | { 68 | if (*NtBuildNumber < 2600) 69 | { 70 | Status = STATUS_NOT_SUPPORTED; 71 | break; 72 | } 73 | RtlInitUnicodeString(&UniDevName,SHITDRV_DEVNAME); 74 | RtlInitUnicodeString(&UniSymName,SHITDRV_LINKNAME); 75 | 76 | Status = IoCreateDevice(pDrvObj, \ 77 | (ULONG)NULL, \ 78 | &UniDevName, \ 79 | FILE_DEVICE_UNKNOWN, \ 80 | 0, \ 81 | FALSE, \ 82 | &pDevObj); 83 | if (NT_ERROR(Status)) 84 | { 85 | break; 86 | } 87 | 88 | Status = IoCreateSymbolicLink(&UniSymName,&UniDevName); 89 | if (NT_ERROR(Status)) 90 | { 91 | IoDeleteDevice(pDevObj); 92 | break; 93 | } 94 | 95 | pDrvObj->MajorFunction[IRP_MJ_CREATE] = (PDRIVER_DISPATCH)Dispatch; 96 | pDrvObj->MajorFunction[IRP_MJ_CLOSE] = (PDRIVER_DISPATCH)Dispatch; 97 | pDrvObj->MajorFunction[IRP_MJ_READ] = (PDRIVER_DISPATCH)Dispatch; 98 | pDrvObj->MajorFunction[IRP_MJ_WRITE] = (PDRIVER_DISPATCH)Dispatch; 99 | pDrvObj->MajorFunction[IRP_MJ_DEVICE_CONTROL] = (PDRIVER_DISPATCH)DispatchIoCtl; 100 | pDrvObj->DriverUnload = DrvUnLoad; 101 | 102 | Status = InitializeMiniFilter(pDrvObj); 103 | if (NT_ERROR(Status)) 104 | { 105 | break; 106 | } 107 | //if (g_pFilterCtl && \ 108 | // g_pFilterCtl->FileFltAccessCtl.ulIsInitialize) 109 | //{ 110 | // RtlCopyMemory(g_pFilterCtl->wDrvRegPath,pUniRegPath->Buffer,pUniRegPath->Length); 111 | // RtlInitUnicodeString(&g_pFilterCtl->UniDrvPath,g_pFilterCtl->wDrvRegPath); 112 | //} 113 | Status = FltStartFiltering(g_pFilterCtl->pFilterHandle); 114 | if (NT_ERROR(Status)) 115 | { 116 | if (g_pFilterCtl->pFilterHandle) 117 | { 118 | FltUnregisterFilter(g_pFilterCtl->pFilterHandle); 119 | g_pFilterCtl->pFilterHandle = NULL; 120 | } 121 | break; 122 | } 123 | Status = InitializeCommunication(g_pFilterCtl->pFilterHandle); 124 | if (NT_SUCCESS(Status)) 125 | { 126 | //g_pFilterCtl->FileFltAccessCtl.ulIsStartFilter = 1; 127 | } 128 | RtlInitUnicodeString(&UniAltitude,L"370090"); 129 | InitializeCmCallBack(pDrvObj,&UniAltitude,NULL,FALSE); 130 | 131 | InitializeRecordInfo(); 132 | InitializeSandboxProcList(); 133 | PsSetCreateProcessNotifyRoutine(ProcessNotify,FALSE); 134 | 135 | } while (0); 136 | if (NT_ERROR(Status)) 137 | { 138 | if (pDrvObj->DeviceObject) 139 | { 140 | if (1 == g_pFilterCtl->FileFltAccessCtl.ulIsStartFilter && g_pFilterCtl->pFilterHandle) 141 | { 142 | FltUnregisterFilter(g_pFilterCtl->pFilterHandle); 143 | g_pFilterCtl->pFilterHandle = NULL; 144 | g_pFilterCtl->FileFltAccessCtl.ulIsStartFilter = 0; 145 | } 146 | RtlInitUnicodeString(&UniSymName,SHITDRV_LINKNAME); 147 | IoDeleteSymbolicLink(&UniSymName); 148 | IoDeleteDevice(pDrvObj->DeviceObject); 149 | } 150 | } 151 | return Status; 152 | } 153 | -------------------------------------------------------------------------------- /ShitDrv/Communication.c: -------------------------------------------------------------------------------- 1 | #include "ShitDrv.h" 2 | #include "RecordInfo.h" 3 | #include "Communication.h" 4 | 5 | NTSTATUS CommuniConnect(PFLT_PORT ClientPort, \ 6 | PVOID ServerPortCookie, \ 7 | PVOID ConnectionContext, \ 8 | ULONG SizeOfContext, \ 9 | PVOID *ConnectionPortCookie) 10 | { 11 | NTSTATUS Status; 12 | 13 | Status = STATUS_SUCCESS; 14 | if (ClientPort && \ 15 | g_pFilterCtl->FileFltAccessCtl.ulIsInitialize && \ 16 | NULL == g_pFilterCtl->ClientPort) 17 | { 18 | g_pFilterCtl->ClientPort = ClientPort; 19 | } 20 | return Status; 21 | } 22 | VOID CommunDisConnect(PVOID ConnectionCookie) 23 | { 24 | if (ConnectionCookie && \ 25 | g_pFilterCtl->ClientPort) 26 | { 27 | FltCloseClientPort(g_pFilterCtl->pFilterHandle, \ 28 | &g_pFilterCtl->ClientPort); 29 | g_pFilterCtl->ClientPort = NULL; 30 | } 31 | return; 32 | } 33 | void SetFilterFlag(PFILTER_DAT_CONTROL pFltDatCtl) 34 | { 35 | g_pFilterCtl->FileFltAccessCtl.ulIsFilterWrite = pFltDatCtl->ulIsFilterWrite; 36 | g_pFilterCtl->FileFltAccessCtl.ulIsFilterDelete = pFltDatCtl->ulIsFilterDelete; 37 | g_pFilterCtl->FileFltAccessCtl.ulIsFilterRenName = pFltDatCtl->ulIsFilterRenName; 38 | g_pFilterCtl->FileFltAccessCtl.ulIsFilterSetSize = pFltDatCtl->ulIsFilterSetSize; 39 | g_pFilterCtl->FileFltAccessCtl.ulIsFilterSetInfo = pFltDatCtl->ulIsFilterSetInfo; 40 | g_pFilterCtl->FileFltAccessCtl.ulIsStartFilter = pFltDatCtl->ulIsStartFilter; 41 | 42 | } 43 | NTSTATUS CommunMsgNotify(PVOID PortCookie, \ 44 | PVOID InputBuffer, \ 45 | ULONG InputBufferLength, \ 46 | PVOID OutputBuffer, \ 47 | ULONG OutputBufferLength, \ 48 | PULONG ReturnOutputBufferLength) 49 | { 50 | NTSTATUS Status; 51 | KIRQL OldIrql; 52 | PRECORD_LIST pRecordList; 53 | PFILTER_DAT_CONTROL pFltDatCtl; 54 | 55 | Status = STATUS_UNSUCCESSFUL; 56 | *ReturnOutputBufferLength = 0; 57 | if (InputBufferLength == sizeof(FILTER_DAT_CONTROL)) 58 | { 59 | pFltDatCtl = (PFILTER_DAT_CONTROL)InputBuffer; 60 | SetFilterFlag(pFltDatCtl); 61 | } 62 | if (OutputBufferLength == sizeof(RECORD_INFORMATION)) 63 | { 64 | pRecordList = NULL; 65 | if (!IsListEmpty(&g_RecordListHead)) 66 | { 67 | KeAcquireSpinLock(&g_RecordSpinLock,&OldIrql); 68 | pRecordList = (PRECORD_LIST)RemoveHeadList(&g_RecordListHead); 69 | KeReleaseSpinLock(&g_RecordSpinLock,OldIrql); 70 | if (pRecordList && \ 71 | OutputBuffer && OutputBufferLength >= sizeof(RECORD_INFORMATION)) 72 | { 73 | RtlCopyMemory(OutputBuffer,&pRecordList->RecordDat,sizeof(RECORD_INFORMATION)); 74 | *ReturnOutputBufferLength = sizeof(RECORD_INFORMATION); 75 | Status = STATUS_SUCCESS; 76 | KeClearEvent(g_pEventWaitKrl); 77 | } 78 | if (pRecordList) 79 | { 80 | FreeRecordListDat(pRecordList); 81 | } 82 | } 83 | } 84 | return Status; 85 | } 86 | NTSTATUS InitializeCommunication(PFLT_FILTER pFltHandle) 87 | { 88 | NTSTATUS Status; 89 | PSECURITY_DESCRIPTOR pSecurityDesc; 90 | OBJECT_ATTRIBUTES ObjectAttributes; 91 | UNICODE_STRING UniFltPort; 92 | UNICODE_STRING UniEventNameWaitKernel; 93 | 94 | 95 | Status = STATUS_UNSUCCESSFUL; 96 | pSecurityDesc = NULL; 97 | RtlInitUnicodeString(&UniEventNameWaitKernel,EVENT_NAME_WAIT_KERNEL); 98 | do 99 | { 100 | g_pEventWaitKrl = IoCreateNotificationEvent(&UniEventNameWaitKernel,&g_hEventWaitKrl); 101 | if (g_pEventWaitKrl != NULL) 102 | { 103 | KeClearEvent(g_pEventWaitKrl); 104 | } 105 | Status = FltBuildDefaultSecurityDescriptor(&pSecurityDesc,FLT_PORT_ALL_ACCESS); 106 | if (NT_ERROR(Status)) 107 | { 108 | break; 109 | } 110 | RtlInitUnicodeString(&UniFltPort,SERVER_PORT); 111 | InitializeObjectAttributes(&ObjectAttributes, \ 112 | &UniFltPort, \ 113 | OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, \ 114 | NULL, \ 115 | pSecurityDesc); 116 | Status = FltCreateCommunicationPort(pFltHandle, \ 117 | &g_pFilterCtl->ServerPort, \ 118 | &ObjectAttributes, \ 119 | NULL, \ 120 | CommuniConnect, \ 121 | CommunDisConnect, \ 122 | CommunMsgNotify, \ 123 | 1); 124 | if (NT_ERROR(Status)) 125 | { 126 | break; 127 | } 128 | Status = STATUS_SUCCESS; 129 | } while (0); 130 | if (pSecurityDesc) 131 | { 132 | FltFreeSecurityDescriptor(pSecurityDesc); 133 | } 134 | return Status; 135 | } -------------------------------------------------------------------------------- /ShitDrv/ProcessNotify.c: -------------------------------------------------------------------------------- 1 | #include "ShitDrv.h" 2 | #include "ProcessList.h" 3 | #include "UtilsApi.h" 4 | #include "ProcessNotify.h" 5 | 6 | BOOLEAN IsSandboxProcess(HANDLE hProcessId) 7 | { 8 | BOOLEAN bRet; 9 | PLIST_ENTRY pCurList; 10 | PSANDBOX_PROCESS_LIST pSandboxProcList; 11 | 12 | bRet = FALSE; 13 | pCurList = NULL; 14 | pSandboxProcList = NULL; 15 | 16 | if (!IsListEmpty(&g_SandboxProcList)) 17 | { 18 | pCurList = g_SandboxProcList.Flink; 19 | while (&g_SandboxProcList != pCurList) 20 | { 21 | pSandboxProcList = CONTAINING_RECORD(pCurList,SANDBOX_PROCESS_LIST,Next); 22 | if (pSandboxProcList->hProcessId != NULL) 23 | { 24 | if (hProcessId == pSandboxProcList->hProcessId) 25 | { 26 | bRet = TRUE; 27 | break; 28 | } 29 | } 30 | pCurList = pCurList->Flink; 31 | } 32 | } 33 | return bRet; 34 | } 35 | BOOLEAN IsFltParentProcess(HANDLE hParentId) 36 | { 37 | BOOLEAN bRet; 38 | PLIST_ENTRY pCurList; 39 | PSANDBOX_PROCESS_LIST pSandboxProcList; 40 | 41 | bRet = FALSE; 42 | pCurList = NULL; 43 | pSandboxProcList = NULL; 44 | 45 | if (!IsListEmpty(&g_SandboxProcList)) 46 | { 47 | pCurList = g_SandboxProcList.Flink; 48 | while (&g_SandboxProcList != pCurList) 49 | { 50 | pSandboxProcList = CONTAINING_RECORD(pCurList,SANDBOX_PROCESS_LIST,Next); 51 | if (pSandboxProcList->hProcessId != NULL) 52 | { 53 | if (hParentId == pSandboxProcList->hProcessId) 54 | { 55 | bRet = TRUE; 56 | break; 57 | } 58 | } 59 | pCurList = pCurList->Flink; 60 | } 61 | } 62 | return bRet; 63 | } 64 | void ProcessChildProcessId(HANDLE hProcessId) 65 | { 66 | PVOID pEProc; 67 | NTSTATUS Status; 68 | UNICODE_STRING UniProcName; 69 | PLIST_ENTRY pCurList; 70 | PSANDBOX_PROCESS_LIST pSandboxProcList; 71 | PWCHAR pExist; 72 | 73 | UniProcName.Buffer = NULL; 74 | UniProcName.MaximumLength = 0; 75 | pCurList = NULL; 76 | pExist = NULL; 77 | pSandboxProcList = NULL; 78 | pEProc = NULL; 79 | 80 | do 81 | { 82 | Status = PsLookupProcessByProcessId(hProcessId,(PEPROCESS *)&pEProc); 83 | if (NT_ERROR(Status)) 84 | { 85 | break; 86 | } 87 | Status = GetProcessPath(pEProc,&UniProcName); 88 | if (NT_ERROR(Status)) 89 | { 90 | break; 91 | } 92 | if (!IsListEmpty(&g_SandboxProcList)) 93 | { 94 | pCurList = g_SandboxProcList.Flink; 95 | while (&g_SandboxProcList != pCurList) 96 | { 97 | pSandboxProcList = (PSANDBOX_PROCESS_LIST)pCurList; 98 | pExist = wcsstr(UniProcName.Buffer,pSandboxProcList->UniProcessName.Buffer); 99 | if (pExist) 100 | { 101 | if (!pSandboxProcList->hProcessId || \ 102 | pSandboxProcList->hProcessId != hProcessId) 103 | { 104 | pSandboxProcList->hProcessId = hProcessId; 105 | } 106 | break; 107 | } 108 | pCurList = pCurList->Flink; 109 | } 110 | } 111 | } while (0); 112 | if (pEProc) 113 | { 114 | ObDereferenceObject(pEProc); 115 | pEProc = NULL; 116 | } 117 | if (UniProcName.Buffer) 118 | { 119 | ExFreePool(UniProcName.Buffer); 120 | } 121 | } 122 | void ProcessParentProcessId(HANDLE hProcessId) 123 | { 124 | PVOID pEProc; 125 | NTSTATUS Status; 126 | UNICODE_STRING UniProcName; 127 | PLIST_ENTRY pCurList; 128 | PSANDBOX_PROCESS_LIST pSandboxProcList; 129 | BOOLEAN bIsExist; 130 | 131 | UniProcName.Buffer = NULL; 132 | UniProcName.MaximumLength = 0; 133 | pCurList = NULL; 134 | bIsExist = FALSE; 135 | pSandboxProcList = NULL; 136 | pEProc = NULL; 137 | 138 | 139 | do 140 | { 141 | Status = PsLookupProcessByProcessId(hProcessId,(PEPROCESS *)&pEProc); 142 | if (NT_ERROR(Status)) 143 | { 144 | break; 145 | } 146 | Status = GetProcessPath(pEProc,&UniProcName); 147 | if (NT_SUCCESS(Status)) 148 | { 149 | break; 150 | } 151 | 152 | pSandboxProcList->UniProcessName.MaximumLength = UniProcName.MaximumLength; 153 | Status = AllocateUnicodeString(&pSandboxProcList->UniProcessName); 154 | if(NT_SUCCESS(Status)) 155 | { 156 | break; 157 | } 158 | RtlCopyMemory(pSandboxProcList->UniProcessName.Buffer, \ 159 | UniProcName.Buffer, \ 160 | UniProcName.Length); 161 | pSandboxProcList->UniProcessName.Length = UniProcName.Length; 162 | pSandboxProcList->hProcessId = hProcessId; 163 | InitializeListHead(&pSandboxProcList->Next); 164 | ExInterlockedInsertHeadList(&g_SandboxProcList,&pSandboxProcList->Next,&g_SandboxSpinLock); 165 | } while (0); 166 | if (pEProc) 167 | { 168 | ObDereferenceObject(pEProc); 169 | pEProc = NULL; 170 | } 171 | if (UniProcName.Buffer) 172 | { 173 | ExFreePool(UniProcName.Buffer); 174 | } 175 | } 176 | VOID ProcessNotify(HANDLE ParentId,HANDLE ProcessId,BOOLEAN bCreate) 177 | { 178 | if (bCreate) 179 | { 180 | if (g_pFilterCtl->FileFltAccessCtl.ulIsStartFilter != TRUE || \ 181 | g_pFilterCtl->FileFltAccessCtl.ulIsInitialize != TRUE) 182 | { 183 | return; 184 | } 185 | if (IsFltParentProcess(ParentId) && \ 186 | FALSE == IsSandboxProcess(ProcessId)) 187 | { 188 | ProcessParentProcessId(ProcessId); 189 | } 190 | else 191 | { 192 | ProcessChildProcessId(ProcessId); 193 | } 194 | } 195 | } 196 | 197 | -------------------------------------------------------------------------------- /TestInterface/TestInterface.c: -------------------------------------------------------------------------------- 1 | #include "TestInterfaceCfg.h" 2 | 3 | static ULONG ulRecordCount = 0; 4 | 5 | HANDLE GetPid(wchar_t *proc_name) 6 | { 7 | HANDLE hSnapshot; 8 | PROCESSENTRY32W pe32; 9 | 10 | hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); 11 | if (hSnapshot == INVALID_HANDLE_VALUE) 12 | { 13 | return NULL; 14 | } 15 | pe32.dwSize = sizeof(PROCESSENTRY32W); 16 | if (!Process32FirstW(hSnapshot,&pe32)) 17 | { 18 | CloseHandle(hSnapshot); 19 | return NULL; 20 | } 21 | do 22 | { 23 | if (_wcsnicmp(pe32.szExeFile,proc_name,wcslen(proc_name)) == 0) 24 | { 25 | CloseHandle(hSnapshot); 26 | return (HANDLE)pe32.th32ProcessID; 27 | } 28 | } while (Process32NextW(hSnapshot,&pe32)); 29 | CloseHandle(hSnapshot); 30 | return NULL; 31 | } 32 | ULONG UnicodeToAnsi(PWCHAR pSrc,PCHAR pDst,ULONG ulSize) 33 | { 34 | ULONG ulNeedSize; 35 | 36 | ulNeedSize = 0; 37 | if (ulSize) 38 | { 39 | ulNeedSize = WideCharToMultiByte(CP_OEMCP, \ 40 | 0, \ 41 | pSrc, \ 42 | -1, \ 43 | pDst, \ 44 | ulSize, \ 45 | NULL, \ 46 | FALSE); 47 | } 48 | else 49 | { 50 | ulNeedSize = WideCharToMultiByte(CP_OEMCP, \ 51 | 0, \ 52 | pSrc, \ 53 | -1, \ 54 | NULL, \ 55 | 0, \ 56 | NULL, \ 57 | FALSE); 58 | } 59 | return ulNeedSize; 60 | } 61 | void DoRecord(PRECORD_INFORMATION pRecordInfo) 62 | { 63 | PCHAR pShowInfo; 64 | ULONG ulNeedSize; 65 | 66 | pShowInfo = NULL; 67 | ulNeedSize = 0; 68 | 69 | printf("%d\n",ulRecordCount); 70 | if (pRecordInfo->wProcessFullPath) 71 | { 72 | ulNeedSize = UnicodeToAnsi(pRecordInfo->wProcessFullPath,pShowInfo,0); 73 | if (ulNeedSize) 74 | { 75 | pShowInfo = (PCHAR)malloc(ulNeedSize); 76 | RtlZeroMemory(pShowInfo,ulNeedSize); 77 | } 78 | ulNeedSize = UnicodeToAnsi(pRecordInfo->wProcessFullPath,pShowInfo,ulNeedSize); 79 | if (ulNeedSize) 80 | { 81 | printf("%s\n",pShowInfo); 82 | } 83 | } 84 | if (pShowInfo) 85 | { 86 | free(pShowInfo); 87 | pShowInfo = NULL; 88 | ulNeedSize = 0; 89 | } 90 | 91 | if (pRecordInfo->wOperation) 92 | { 93 | ulNeedSize = UnicodeToAnsi(pRecordInfo->wOperation,pShowInfo,0); 94 | if (ulNeedSize) 95 | { 96 | pShowInfo = (PCHAR)malloc(ulNeedSize); 97 | RtlZeroMemory(pShowInfo,ulNeedSize); 98 | } 99 | ulNeedSize = UnicodeToAnsi(pRecordInfo->wOperation,pShowInfo,ulNeedSize); 100 | if (ulNeedSize) 101 | { 102 | printf("%s\n",pShowInfo); 103 | } 104 | } 105 | if (pShowInfo) 106 | { 107 | free(pShowInfo); 108 | pShowInfo = NULL; 109 | ulNeedSize = 0; 110 | } 111 | if (pRecordInfo->wTargetPath) 112 | { 113 | ulNeedSize = UnicodeToAnsi(pRecordInfo->wTargetPath,pShowInfo,0); 114 | if (ulNeedSize) 115 | { 116 | pShowInfo = (PCHAR)malloc(ulNeedSize); 117 | RtlZeroMemory(pShowInfo,ulNeedSize); 118 | } 119 | ulNeedSize = UnicodeToAnsi(pRecordInfo->wTargetPath,pShowInfo,ulNeedSize); 120 | if (ulNeedSize) 121 | { 122 | printf("%s\n",pShowInfo); 123 | } 124 | } 125 | if (pShowInfo) 126 | { 127 | free(pShowInfo); 128 | pShowInfo = NULL; 129 | ulNeedSize = 0; 130 | } 131 | 132 | if (pRecordInfo->ulOperType == IsRenNameFile) 133 | { 134 | if (pRecordInfo->wBakPath) 135 | { 136 | ulNeedSize = UnicodeToAnsi(pRecordInfo->wBakPath,pShowInfo,0); 137 | if (ulNeedSize) 138 | { 139 | pShowInfo = (PCHAR)malloc(ulNeedSize); 140 | RtlZeroMemory(pShowInfo,ulNeedSize); 141 | } 142 | ulNeedSize = UnicodeToAnsi(pRecordInfo->wBakPath,pShowInfo,ulNeedSize); 143 | if (ulNeedSize) 144 | { 145 | printf("%s\n",pShowInfo); 146 | } 147 | } 148 | if (pShowInfo) 149 | { 150 | free(pShowInfo); 151 | pShowInfo = NULL; 152 | ulNeedSize = 0; 153 | } 154 | } 155 | printf("%s\n",pRecordInfo->Md5Sum); 156 | printf("=========================================================\n"); 157 | ulRecordCount++; 158 | } 159 | 160 | int _cdecl main(int argc, CHAR* argv[]) 161 | { 162 | BOOLEAN bRet; 163 | FILTER_DAT_CONTROL FltDatCtl; 164 | WCHAR wCurPath[MAX_PATH]; 165 | UCHAR Md5Sum[16]; 166 | CHAR FormatMd5Sum[MAX_PATH]; 167 | 168 | bRet = FALSE; 169 | RtlZeroMemory(&FltDatCtl,sizeof(FILTER_DAT_CONTROL)); 170 | RtlZeroMemory(FormatMd5Sum,MAX_PATH); 171 | 172 | RtlZeroMemory(wCurPath,sizeof(WCHAR) * MAX_PATH); 173 | GetCurrentDirectoryW(MAX_PATH,wCurPath); 174 | bRet = SetCurClientPath(wCurPath); 175 | 176 | bRet = SetCurrentProcess((HANDLE)GetCurrentProcessId()); 177 | 178 | bRet = SetSandBoxProcName("Trojans.exe"); 179 | 180 | bRet = SetRecordCallback(DoRecord); 181 | FltDatCtl.ulIsStartFilter = 1; 182 | FltDatCtl.ulIsFilterRenName = 1; 183 | FltDatCtl.ulIsFilterDelete = 1; 184 | SetFltCtl(FltDatCtl); 185 | StartInterface(); 186 | GetFileMd5Sum(L"\\??\\c:\\windows\\system32\\calc.exe",Md5Sum); 187 | sprintf_s(FormatMd5Sum,MAX_PATH,"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",Md5Sum[0], \ 188 | Md5Sum[1],Md5Sum[2], Md5Sum[3],Md5Sum[4],Md5Sum[5],Md5Sum[6],Md5Sum[7],Md5Sum[8], \ 189 | Md5Sum[9],Md5Sum[10],Md5Sum[11],Md5Sum[12],Md5Sum[13],Md5Sum[14],Md5Sum[15]); 190 | printf("\n\n\n"); 191 | printf("%s",FormatMd5Sum); 192 | printf("\n\n\n"); 193 | 194 | InjectKtrapFrame("calc.exe",(ULONG)GetPid(L"calc.exe"),"crypt32.dll"); 195 | system("pause"); 196 | return 0; 197 | } 198 | 199 | -------------------------------------------------------------------------------- /ShitDrv/nn.h: -------------------------------------------------------------------------------- 1 | /* 2 | NN.H - header file for NN.C 3 | 4 | Copyright (c) J.S.A.Kapp 1994 - 1996. 5 | 6 | RSAEURO - RSA Library compatible with RSAREF 2.0. 7 | 8 | All functions prototypes are the Same as for RSAREF. 9 | To aid compatiblity the source and the files follow the 10 | same naming comventions that RSAREF uses. This should aid 11 | direct importing to your applications. 12 | 13 | This library is legal everywhere outside the US. And should 14 | NOT be imported to the US and used there. 15 | 16 | Math Library Routines Header File. 17 | 18 | Revision 1.00 - JSAK. 19 | */ 20 | 21 | #ifndef _NN_H_ 22 | #define _NN_H_ 23 | 24 | #ifdef __cplusplus 25 | extern "C" { 26 | #endif 27 | 28 | /* Type definitions. */ 29 | 30 | typedef UINT4 NN_DIGIT; 31 | typedef UINT2 NN_HALF_DIGIT; 32 | 33 | /* Constants. 34 | 35 | Note: MAX_NN_DIGITS is long enough to hold any RSA modulus, plus 36 | one more digit as required by R_GeneratePEMKeys (for n and phiN, 37 | whose lengths must be even). All natural numbers have at most 38 | MAX_NN_DIGITS digits, except for double-length intermediate values 39 | in NN_Mult (t), NN_ModMult (t), NN_ModInv (w), and NN_Div (c). 40 | */ 41 | 42 | /* Length of digit in bits */ 43 | #define NN_DIGIT_BITS 32 44 | #define NN_HALF_DIGIT_BITS 16 45 | /* Length of digit in bytes */ 46 | #define NN_DIGIT_LEN (NN_DIGIT_BITS / 8) 47 | /* Maximum length in digits */ 48 | #define MAX_NN_DIGITS \ 49 | ((MAX_RSA_MODULUS_LEN + NN_DIGIT_LEN - 1) / NN_DIGIT_LEN + 1) 50 | /* Maximum digits */ 51 | #define MAX_NN_DIGIT 0xffffffff 52 | #define MAX_NN_HALF_DIGIT 0xffff 53 | 54 | #define NN_LT -1 55 | #define NN_EQ 0 56 | #define NN_GT 1 57 | 58 | /* Macros. */ 59 | 60 | #define LOW_HALF(x) ((x) & MAX_NN_HALF_DIGIT) 61 | #define HIGH_HALF(x) (((x) >> NN_HALF_DIGIT_BITS) & MAX_NN_HALF_DIGIT) 62 | #define TO_HIGH_HALF(x) (((NN_DIGIT)(x)) << NN_HALF_DIGIT_BITS) 63 | #define DIGIT_MSB(x) (unsigned int)(((x) >> (NN_DIGIT_BITS - 1)) & 1) 64 | #define DIGIT_2MSB(x) (unsigned int)(((x) >> (NN_DIGIT_BITS - 2)) & 3) 65 | 66 | /* CONVERSIONS 67 | NN_Decode (a, digits, b, len) Decodes character string b into a. 68 | NN_Encode (a, len, b, digits) Encodes a into character string b. 69 | 70 | ASSIGNMENTS 71 | NN_Assign (a, b, digits) Assigns a = b. 72 | NN_ASSIGN_DIGIT (a, b, digits) Assigns a = b, where b is a digit. 73 | NN_AssignZero (a, b, digits) Assigns a = 0. 74 | NN_Assign2Exp (a, b, digits) Assigns a = 2^b. 75 | 76 | ARITHMETIC OPERATIONS 77 | NN_Add (a, b, c, digits) Computes a = b + c. 78 | NN_Sub (a, b, c, digits) Computes a = b - c. 79 | NN_Mult (a, b, c, digits) Computes a = b * c. 80 | NN_LShift (a, b, c, digits) Computes a = b * 2^c. 81 | NN_RShift (a, b, c, digits) Computes a = b / 2^c. 82 | NN_Div (a, b, c, cDigits, d, dDigits) Computes a = c div d and b = c mod d. 83 | 84 | NUMBER THEORY 85 | NN_Mod (a, b, bDigits, c, cDigits) Computes a = b mod c. 86 | NN_ModMult (a, b, c, d, digits) Computes a = b * c mod d. 87 | NN_ModExp (a, b, c, cDigits, d, dDigits) Computes a = b^c mod d. 88 | NN_ModInv (a, b, c, digits) Computes a = 1/b mod c. 89 | NN_Gcd (a, b, c, digits) Computes a = gcd (b, c). 90 | 91 | OTHER OPERATIONS 92 | NN_EVEN (a, digits) Returns 1 iff a is even. 93 | NN_Cmp (a, b, digits) Returns sign of a - b. 94 | NN_EQUAL (a, digits) Returns 1 iff a = b. 95 | NN_Zero (a, digits) Returns 1 iff a = 0. 96 | NN_Digits (a, digits) Returns significant length of a in digits. 97 | NN_Bits (a, digits) Returns significant length of a in bits. 98 | */ 99 | void NN_Decode(NN_DIGIT *, unsigned int, unsigned char *, unsigned int); 100 | void NN_Encode(unsigned char *, unsigned int, NN_DIGIT *, unsigned int); 101 | 102 | void NN_Assign(NN_DIGIT *, NN_DIGIT *, unsigned int); 103 | void NN_AssignZero(NN_DIGIT *, unsigned int); 104 | void NN_Assign2Exp(NN_DIGIT *, unsigned int, unsigned int); 105 | 106 | NN_DIGIT NN_Add(NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, unsigned int); 107 | NN_DIGIT NN_Sub(NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, unsigned int); 108 | void NN_Mult(NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, unsigned int); 109 | void NN_Div(NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, unsigned int, NN_DIGIT *,unsigned int); 110 | NN_DIGIT NN_LShift(NN_DIGIT *, NN_DIGIT *, unsigned int, unsigned int); 111 | NN_DIGIT NN_RShift(NN_DIGIT *, NN_DIGIT *, unsigned int, unsigned int); 112 | NN_DIGIT NN_LRotate(NN_DIGIT *, NN_DIGIT *, unsigned int, unsigned int); 113 | void NN_Mod(NN_DIGIT *, NN_DIGIT *, unsigned int, NN_DIGIT *, unsigned int); 114 | void NN_ModMult(NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, unsigned int); 115 | void NN_ModExp(NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, unsigned int, NN_DIGIT *,unsigned int); 116 | void NN_ModInv(NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, unsigned int); 117 | void NN_Gcd(NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, unsigned int); 118 | int NN_Cmp(NN_DIGIT *, NN_DIGIT *, unsigned int); 119 | int NN_Zero(NN_DIGIT *, unsigned int); 120 | unsigned int NN_Bits(NN_DIGIT *, unsigned int); 121 | unsigned int NN_Digits(NN_DIGIT *, unsigned int); 122 | 123 | #define NN_ASSIGN_DIGIT(a, b, digits) {NN_AssignZero (a, digits); a[0] = b;} 124 | #define NN_EQUAL(a, b, digits) (! NN_Cmp (a, b, digits)) 125 | #define NN_EVEN(a, digits) (((digits) == 0) || ! (a[0] & 1)) 126 | 127 | #ifdef __cplusplus 128 | } 129 | #endif 130 | 131 | #endif /* _NN_H_ */ 132 | -------------------------------------------------------------------------------- /TestInterface/nn.h: -------------------------------------------------------------------------------- 1 | /* 2 | NN.H - header file for NN.C 3 | 4 | Copyright (c) J.S.A.Kapp 1994 - 1996. 5 | 6 | RSAEURO - RSA Library compatible with RSAREF 2.0. 7 | 8 | All functions prototypes are the Same as for RSAREF. 9 | To aid compatiblity the source and the files follow the 10 | same naming comventions that RSAREF uses. This should aid 11 | direct importing to your applications. 12 | 13 | This library is legal everywhere outside the US. And should 14 | NOT be imported to the US and used there. 15 | 16 | Math Library Routines Header File. 17 | 18 | Revision 1.00 - JSAK. 19 | */ 20 | 21 | #ifndef _NN_H_ 22 | #define _NN_H_ 23 | 24 | #ifdef __cplusplus 25 | extern "C" { 26 | #endif 27 | 28 | /* Type definitions. */ 29 | 30 | typedef UINT4 NN_DIGIT; 31 | typedef UINT2 NN_HALF_DIGIT; 32 | 33 | /* Constants. 34 | 35 | Note: MAX_NN_DIGITS is long enough to hold any RSA modulus, plus 36 | one more digit as required by R_GeneratePEMKeys (for n and phiN, 37 | whose lengths must be even). All natural numbers have at most 38 | MAX_NN_DIGITS digits, except for double-length intermediate values 39 | in NN_Mult (t), NN_ModMult (t), NN_ModInv (w), and NN_Div (c). 40 | */ 41 | 42 | /* Length of digit in bits */ 43 | #define NN_DIGIT_BITS 32 44 | #define NN_HALF_DIGIT_BITS 16 45 | /* Length of digit in bytes */ 46 | #define NN_DIGIT_LEN (NN_DIGIT_BITS / 8) 47 | /* Maximum length in digits */ 48 | #define MAX_NN_DIGITS \ 49 | ((MAX_RSA_MODULUS_LEN + NN_DIGIT_LEN - 1) / NN_DIGIT_LEN + 1) 50 | /* Maximum digits */ 51 | #define MAX_NN_DIGIT 0xffffffff 52 | #define MAX_NN_HALF_DIGIT 0xffff 53 | 54 | #define NN_LT -1 55 | #define NN_EQ 0 56 | #define NN_GT 1 57 | 58 | /* Macros. */ 59 | 60 | #define LOW_HALF(x) ((x) & MAX_NN_HALF_DIGIT) 61 | #define HIGH_HALF(x) (((x) >> NN_HALF_DIGIT_BITS) & MAX_NN_HALF_DIGIT) 62 | #define TO_HIGH_HALF(x) (((NN_DIGIT)(x)) << NN_HALF_DIGIT_BITS) 63 | #define DIGIT_MSB(x) (unsigned int)(((x) >> (NN_DIGIT_BITS - 1)) & 1) 64 | #define DIGIT_2MSB(x) (unsigned int)(((x) >> (NN_DIGIT_BITS - 2)) & 3) 65 | 66 | /* CONVERSIONS 67 | NN_Decode (a, digits, b, len) Decodes character string b into a. 68 | NN_Encode (a, len, b, digits) Encodes a into character string b. 69 | 70 | ASSIGNMENTS 71 | NN_Assign (a, b, digits) Assigns a = b. 72 | NN_ASSIGN_DIGIT (a, b, digits) Assigns a = b, where b is a digit. 73 | NN_AssignZero (a, b, digits) Assigns a = 0. 74 | NN_Assign2Exp (a, b, digits) Assigns a = 2^b. 75 | 76 | ARITHMETIC OPERATIONS 77 | NN_Add (a, b, c, digits) Computes a = b + c. 78 | NN_Sub (a, b, c, digits) Computes a = b - c. 79 | NN_Mult (a, b, c, digits) Computes a = b * c. 80 | NN_LShift (a, b, c, digits) Computes a = b * 2^c. 81 | NN_RShift (a, b, c, digits) Computes a = b / 2^c. 82 | NN_Div (a, b, c, cDigits, d, dDigits) Computes a = c div d and b = c mod d. 83 | 84 | NUMBER THEORY 85 | NN_Mod (a, b, bDigits, c, cDigits) Computes a = b mod c. 86 | NN_ModMult (a, b, c, d, digits) Computes a = b * c mod d. 87 | NN_ModExp (a, b, c, cDigits, d, dDigits) Computes a = b^c mod d. 88 | NN_ModInv (a, b, c, digits) Computes a = 1/b mod c. 89 | NN_Gcd (a, b, c, digits) Computes a = gcd (b, c). 90 | 91 | OTHER OPERATIONS 92 | NN_EVEN (a, digits) Returns 1 iff a is even. 93 | NN_Cmp (a, b, digits) Returns sign of a - b. 94 | NN_EQUAL (a, digits) Returns 1 iff a = b. 95 | NN_Zero (a, digits) Returns 1 iff a = 0. 96 | NN_Digits (a, digits) Returns significant length of a in digits. 97 | NN_Bits (a, digits) Returns significant length of a in bits. 98 | */ 99 | void NN_Decode(NN_DIGIT *, unsigned int, unsigned char *, unsigned int); 100 | void NN_Encode(unsigned char *, unsigned int, NN_DIGIT *, unsigned int); 101 | 102 | void NN_Assign(NN_DIGIT *, NN_DIGIT *, unsigned int); 103 | void NN_AssignZero(NN_DIGIT *, unsigned int); 104 | void NN_Assign2Exp(NN_DIGIT *, unsigned int, unsigned int); 105 | 106 | NN_DIGIT NN_Add(NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, unsigned int); 107 | NN_DIGIT NN_Sub(NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, unsigned int); 108 | void NN_Mult(NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, unsigned int); 109 | void NN_Div(NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, unsigned int, NN_DIGIT *,unsigned int); 110 | NN_DIGIT NN_LShift(NN_DIGIT *, NN_DIGIT *, unsigned int, unsigned int); 111 | NN_DIGIT NN_RShift(NN_DIGIT *, NN_DIGIT *, unsigned int, unsigned int); 112 | NN_DIGIT NN_LRotate(NN_DIGIT *, NN_DIGIT *, unsigned int, unsigned int); 113 | void NN_Mod(NN_DIGIT *, NN_DIGIT *, unsigned int, NN_DIGIT *, unsigned int); 114 | void NN_ModMult(NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, unsigned int); 115 | void NN_ModExp(NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, unsigned int, NN_DIGIT *,unsigned int); 116 | void NN_ModInv(NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, unsigned int); 117 | void NN_Gcd(NN_DIGIT *, NN_DIGIT *, NN_DIGIT *, unsigned int); 118 | int NN_Cmp(NN_DIGIT *, NN_DIGIT *, unsigned int); 119 | int NN_Zero(NN_DIGIT *, unsigned int); 120 | unsigned int NN_Bits(NN_DIGIT *, unsigned int); 121 | unsigned int NN_Digits(NN_DIGIT *, unsigned int); 122 | 123 | #define NN_ASSIGN_DIGIT(a, b, digits) {NN_AssignZero (a, digits); a[0] = b;} 124 | #define NN_EQUAL(a, b, digits) (! NN_Cmp (a, b, digits)) 125 | #define NN_EVEN(a, digits) (((digits) == 0) || ! (a[0] & 1)) 126 | 127 | #ifdef __cplusplus 128 | } 129 | #endif 130 | 131 | #endif /* _NN_H_ */ 132 | -------------------------------------------------------------------------------- /ShitDrvInterface/Callback.c: -------------------------------------------------------------------------------- 1 | #include "DllCfg.h" 2 | #include "Record.h" 3 | #include "Callback.h" 4 | 5 | 6 | 7 | PRECORD_CALLBACK g_pRecordDrvCallBack = NULL; 8 | 9 | BOOLEAN GetFileMd5Sum(PWCHAR pFilePath,PUCHAR pOutMd5Sum) 10 | { 11 | ULONG ulBytesReturned; 12 | BOOLEAN bRet; 13 | IOP(GetFileMd5Sum) Params; 14 | 15 | 16 | bRet = FALSE; 17 | RtlZeroMemory(&Params,sizeof(Params)); 18 | RtlCopyMemory(Params.wImageName,pFilePath,wcslen(pFilePath) * sizeof(WCHAR)); 19 | 20 | if (NULL == pOutMd5Sum) 21 | { 22 | return bRet; 23 | } 24 | bRet = DeviceIoControl(g_hShitDrvDevObj, \ 25 | IOC(GetFileMd5Sum), \ 26 | &Params, \ 27 | sizeof(Params), \ 28 | &Params, \ 29 | sizeof(Params), \ 30 | &ulBytesReturned, \ 31 | NULL); 32 | if (bRet) 33 | { 34 | RtlCopyMemory(pOutMd5Sum,Params.Md5Sum,16); 35 | } 36 | return bRet; 37 | } 38 | BOOLEAN SetCurrentProcess(HANDLE hProcessId) 39 | { 40 | ULONG ulBytesReturned; 41 | IOP(SetCurrentProcess) Params; 42 | 43 | RtlZeroMemory(&Params,sizeof(Params)); 44 | Params.ProcessId = hProcessId; 45 | return DeviceIoControl(g_hShitDrvDevObj, \ 46 | IOC(SetCurrentProcess), \ 47 | &Params, \ 48 | sizeof(Params), \ 49 | NULL, \ 50 | 0, \ 51 | &ulBytesReturned, \ 52 | NULL); 53 | } 54 | BOOLEAN InjectKtrapFrame(PCHAR pInjectProcessName,ULONG ulPid,PCHAR pInjectDllPath) 55 | { 56 | ULONG ulBytesReturned; 57 | IOP(InjectKtrapFrame) Params; 58 | 59 | if (NULL == pInjectDllPath) 60 | { 61 | return 0; 62 | } 63 | Params.ulPid = 0; 64 | RtlZeroMemory(Params.pInjectProcessName,MAX_PATH); 65 | RtlZeroMemory(Params.pInjectDllPath,MAX_PATH); 66 | 67 | if (ulPid) 68 | { 69 | Params.ulPid = ulPid; 70 | } 71 | if (pInjectProcessName) 72 | { 73 | RtlCopyMemory(Params.pInjectProcessName,pInjectProcessName,strlen(pInjectProcessName)); 74 | } 75 | RtlCopyMemory(Params.pInjectDllPath,pInjectDllPath,strlen(pInjectDllPath)); 76 | return DeviceIoControl(g_hShitDrvDevObj, \ 77 | IOC(InjectKtrapFrame), \ 78 | &Params, \ 79 | sizeof(Params), \ 80 | NULL, \ 81 | 0, \ 82 | &ulBytesReturned, \ 83 | NULL); 84 | } 85 | BOOLEAN SetSandBoxProcName(PCHAR pImagName) 86 | { 87 | ULONG ulBytesReturned; 88 | IOP(SetSandBoxProcName) Params; 89 | 90 | RtlZeroMemory(&Params,sizeof(Params)); 91 | StringCchCopyA(Params.ImageName,MAX_PATH,pImagName); 92 | return DeviceIoControl(g_hShitDrvDevObj, \ 93 | IOC(SetSandBoxProcName), \ 94 | &Params, \ 95 | sizeof(Params), \ 96 | NULL, \ 97 | 0, \ 98 | &ulBytesReturned, \ 99 | NULL); 100 | } 101 | BOOLEAN SetCurClientPath(PWCHAR pClientPath) 102 | { 103 | ULONG ulBytesReturned; 104 | IOP(SetCurClientPath) Params; 105 | 106 | RtlZeroMemory(&Params,sizeof(Params)); 107 | StringCchCopyW(Params.wCurClientPath,MAX_PATH,pClientPath); 108 | return DeviceIoControl(g_hShitDrvDevObj, \ 109 | IOC(SetCurClientPath), \ 110 | &Params, \ 111 | sizeof(Params), \ 112 | NULL, \ 113 | 0, \ 114 | &ulBytesReturned, \ 115 | NULL); 116 | } 117 | HRESULT SetFltCtl(FILTER_DAT_CONTROL FltDatCtlInfo) 118 | { 119 | ULONG ulBytesReturned; 120 | HRESULT hResult; 121 | hResult = FilterSendMessage(g_hServerPort, \ 122 | &FltDatCtlInfo, \ 123 | sizeof(FltDatCtlInfo), \ 124 | NULL, \ 125 | 0, \ 126 | &ulBytesReturned); 127 | if (hResult != S_OK) 128 | { 129 | return hResult; 130 | } 131 | return hResult; 132 | } 133 | DWORD DoRecvWork(LPVOID lpParamter) 134 | { 135 | HRESULT hResult; 136 | BOOLEAN bFind; 137 | ULONG uli; 138 | DOSHITDRVRECORD RecordCallBack; 139 | ULONG ulBytesReturned = 0; 140 | PRECORD_INFORMATION pRecordInfo = NULL; 141 | bFind = FALSE; 142 | 143 | pRecordInfo = (PRECORD_INFORMATION)malloc(sizeof(RECORD_INFORMATION)); 144 | if (NULL == pRecordInfo) 145 | { 146 | return -1; 147 | } 148 | while (WaitForSingleObject(g_hEventWaitKrl,INFINITE)) 149 | { 150 | RtlZeroMemory(pRecordInfo,sizeof(RECORD_INFORMATION)); 151 | hResult = FilterSendMessage(g_hServerPort, \ 152 | L"Test", \ 153 | 8, \ 154 | pRecordInfo, \ 155 | sizeof(RECORD_INFORMATION), \ 156 | &ulBytesReturned); 157 | if (hResult != S_OK || \ 158 | ulBytesReturned == 0) 159 | { 160 | continue; 161 | } 162 | if (g_pRecordDrvCallBack->ulRecordCallbackCount > 0) 163 | { 164 | for (uli = 0;uli < MAX_CALLBACK;uli++) 165 | { 166 | if (g_pRecordDrvCallBack->RecordCallBack[uli] != NULL) 167 | { 168 | RecordCallBack = g_pRecordDrvCallBack->RecordCallBack[uli]; 169 | RecordCallBack(pRecordInfo); 170 | } 171 | } 172 | } 173 | } 174 | return 0; 175 | } 176 | BOOLEAN InitializeRecordCallback() 177 | { 178 | BOOLEAN bRet; 179 | 180 | do 181 | { 182 | if (NULL == g_pRecordDrvCallBack) 183 | { 184 | g_pRecordDrvCallBack = (PRECORD_CALLBACK)VirtualAlloc(NULL, \ 185 | sizeof(RECORD_CALLBACK), \ 186 | MEM_COMMIT | MEM_RESERVE, \ 187 | PAGE_READWRITE); 188 | if (NULL == g_pRecordDrvCallBack) 189 | { 190 | bRet = FALSE; 191 | } 192 | RtlZeroMemory(g_pRecordDrvCallBack,sizeof(RECORD_CALLBACK)); 193 | } 194 | InitializeCriticalSection(&g_pRecordDrvCallBack->CriticalSection); 195 | bRet = TRUE; 196 | } while (0); 197 | return bRet; 198 | } 199 | BOOLEAN SetRecordCallback(DOSHITDRVRECORD RecordCallback) 200 | { 201 | BOOLEAN bRet; 202 | ULONG uli; 203 | 204 | bRet = FALSE; 205 | 206 | do 207 | { 208 | if (NULL == RecordCallback) 209 | { 210 | break; 211 | } 212 | for (uli = 0;uli < MAX_CALLBACK;uli++) 213 | { 214 | if (g_pRecordDrvCallBack->RecordCallBack[uli] == RecordCallback) 215 | { 216 | break; 217 | } 218 | } 219 | for (uli = 0;uli < MAX_CALLBACK;uli++) 220 | { 221 | if (g_pRecordDrvCallBack->RecordCallBack[uli] == NULL) 222 | { 223 | EnterCriticalSection(&g_pRecordDrvCallBack->CriticalSection); 224 | g_pRecordDrvCallBack->RecordCallBack[uli] = RecordCallback; 225 | g_pRecordDrvCallBack->ulRecordCallbackCount++; 226 | LeaveCriticalSection(&g_pRecordDrvCallBack->CriticalSection); 227 | bRet = TRUE; 228 | break; 229 | } 230 | } 231 | } while (0); 232 | return bRet; 233 | } 234 | void ReleaseRecordCallback(DOSHITDRVRECORD RecordCallback) 235 | { 236 | ULONG uli; 237 | if (RecordCallback) 238 | { 239 | for (uli = 0;uli < MAX_CALLBACK;uli++) 240 | { 241 | if (g_pRecordDrvCallBack->RecordCallBack[uli] == RecordCallback) 242 | { 243 | EnterCriticalSection(&g_pRecordDrvCallBack->CriticalSection); 244 | g_pRecordDrvCallBack->RecordCallBack[uli] = NULL; 245 | g_pRecordDrvCallBack->ulRecordCallbackCount--; 246 | LeaveCriticalSection(&g_pRecordDrvCallBack->CriticalSection); 247 | } 248 | } 249 | } 250 | else 251 | { 252 | for (uli = 0;uli < MAX_CALLBACK;uli++) 253 | { 254 | if (g_pRecordDrvCallBack->RecordCallBack[uli]) 255 | { 256 | EnterCriticalSection(&g_pRecordDrvCallBack->CriticalSection); 257 | g_pRecordDrvCallBack->RecordCallBack[uli] = NULL; 258 | g_pRecordDrvCallBack->ulRecordCallbackCount--; 259 | LeaveCriticalSection(&g_pRecordDrvCallBack->CriticalSection); 260 | } 261 | } 262 | DeleteCriticalSection(&g_pRecordDrvCallBack->CriticalSection); 263 | } 264 | } -------------------------------------------------------------------------------- /ShitDrv/GetProcAddr.c: -------------------------------------------------------------------------------- 1 | #include "ShitDrv.h" 2 | #include "InitializeInjectRelevantInfo.h" 3 | #include "InjectKtrapFrame.h" 4 | #include "GetProcAddr.h" 5 | 6 | ULONG_PTR GetModuleBaseFromPeb(PINJECT_OBJECT_INFORMATION pInjectObjInfo,PCHAR pModuleName) 7 | { 8 | PPEB Peb; 9 | PPEB_LDR_DATA pPebLdrDat; 10 | PLDR_MODULE pLdrModule; 11 | PLIST_ENTRY pCurListEntry; 12 | PLIST_ENTRY pHeaderListEntry; 13 | ANSI_STRING aStrModuleName; 14 | UNICODE_STRING unStrModuleName; 15 | 16 | if (NULL == pInjectObjInfo || \ 17 | NULL == pModuleName) 18 | { 19 | return (ULONG_PTR)NULL; 20 | } 21 | RtlInitAnsiString(&aStrModuleName,pModuleName); 22 | RtlAnsiStringToUnicodeString(&unStrModuleName,&aStrModuleName,TRUE); 23 | Peb = (PPEB)*(ULONG_PTR*)((ULONG_PTR)pInjectObjInfo->pInjectProcess + g_InjectRelevantOffset.ulOffsetPeb); 24 | if (NULL == Peb) 25 | { 26 | RtlFreeUnicodeString(&unStrModuleName); 27 | return (ULONG_PTR)NULL; 28 | } 29 | pPebLdrDat = (PPEB_LDR_DATA)*(ULONG_PTR*)((ULONG_PTR)Peb + g_InjectRelevantOffset.ulOffsetPebLdr); 30 | if (NULL == pPebLdrDat) 31 | { 32 | RtlFreeUnicodeString(&unStrModuleName); 33 | return (ULONG_PTR)NULL; 34 | } 35 | pHeaderListEntry = pCurListEntry = pPebLdrDat->InLoadOrderModuleList.Flink; 36 | while (pHeaderListEntry != pCurListEntry->Flink) 37 | { 38 | pLdrModule = (PLDR_MODULE)pCurListEntry; 39 | if (NULL == pLdrModule) 40 | { 41 | continue; 42 | } 43 | if (RtlCompareUnicodeString(&pLdrModule->BaseDllName,&unStrModuleName,TRUE) == 0) 44 | { 45 | RtlFreeUnicodeString(&unStrModuleName); 46 | return (ULONG_PTR)pLdrModule->BaseAddress; 47 | } 48 | pCurListEntry = pCurListEntry->Flink; 49 | } 50 | RtlFreeUnicodeString(&unStrModuleName); 51 | return (ULONG_PTR)NULL; 52 | } 53 | ULONG_PTR GetExportFunction(PVOID pBaseAddress,PCHAR pFunctionName) 54 | { 55 | PIMAGE_DOS_HEADER pDosHeader; 56 | PIMAGE_NT_HEADERS pNtHeader; 57 | PIMAGE_EXPORT_DIRECTORY pEat; 58 | BOOLEAN bIsWow64Bits; 59 | ULONG ulNumberOfNames,uli; 60 | ULONG *ulAddressOfNames; 61 | ULONG *ulAddressOfFunctions; 62 | USHORT *ulAddressOfNameOrdinals; 63 | USHORT ulFunctionsOrdinals; 64 | PCHAR pTargetApiName,pTargetApiAddress; 65 | 66 | if (NULL == pBaseAddress || \ 67 | NULL == pFunctionName) 68 | { 69 | return (ULONG_PTR)NULL; 70 | } 71 | pDosHeader = (PIMAGE_DOS_HEADER)pBaseAddress; 72 | if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) 73 | { 74 | return (ULONG_PTR)NULL; 75 | } 76 | pNtHeader = (PIMAGE_NT_HEADERS)((ULONG_PTR)pDosHeader + pDosHeader->e_lfanew); 77 | if (pNtHeader->Signature != IMAGE_NT_SIGNATURE) 78 | { 79 | return (ULONG_PTR)NULL; 80 | } 81 | if (pNtHeader->FileHeader.Machine == IMAGE_FILE_MACHINE_I386) 82 | { 83 | PIMAGE_OPTIONAL_HEADER32 pOptHeader32; 84 | 85 | pOptHeader32 = (PIMAGE_OPTIONAL_HEADER32)((ULONG)pNtHeader + sizeof(ULONG) + sizeof(IMAGE_FILE_HEADER)); 86 | pEat = (PIMAGE_EXPORT_DIRECTORY)((ULONG)pBaseAddress + pOptHeader32->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress); 87 | bIsWow64Bits = FALSE; 88 | } 89 | else if (pNtHeader->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 || \ 90 | pNtHeader->FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64) 91 | { 92 | PIMAGE_OPTIONAL_HEADER64 pOptHeader64; 93 | 94 | pOptHeader64 = (PIMAGE_OPTIONAL_HEADER64)((ULONG64)pNtHeader + sizeof(ULONG) + sizeof(IMAGE_FILE_HEADER)); 95 | pEat = (PIMAGE_EXPORT_DIRECTORY)((ULONGLONG)pBaseAddress + pOptHeader64->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress); 96 | bIsWow64Bits = TRUE; 97 | } 98 | else 99 | { 100 | bIsWow64Bits = FALSE; 101 | } 102 | ulNumberOfNames = pEat->NumberOfFunctions; 103 | ulAddressOfNames = (ULONG *)((ULONG_PTR)pBaseAddress + pEat->AddressOfNames); 104 | ulAddressOfFunctions = (ULONG *)((ULONG_PTR)pBaseAddress + pEat->AddressOfFunctions); 105 | ulAddressOfNameOrdinals = (USHORT *)((ULONG_PTR)pBaseAddress + pEat->AddressOfNameOrdinals); 106 | for (uli = 0;uli < ulNumberOfNames;uli++) 107 | { 108 | pTargetApiName = (PCHAR)((ULONG_PTR)pBaseAddress + ulAddressOfNames[uli]); 109 | if (_strnicmp(pTargetApiName,pFunctionName,strlen(pFunctionName)) == 0) 110 | { 111 | ulFunctionsOrdinals = (USHORT)(ulAddressOfNameOrdinals[uli] + pEat->Base - 1); 112 | pTargetApiAddress = (PCHAR)((ULONG_PTR)pBaseAddress + ulAddressOfFunctions[ulFunctionsOrdinals]); 113 | return (ULONG_PTR)pTargetApiAddress; 114 | } 115 | } 116 | return (ULONG_PTR)NULL; 117 | } 118 | ULONG_PTR SearchApiFromPeb(PINJECT_OBJECT_INFORMATION pInjectObjInfo,PCHAR pModuleName,PCHAR pApiName) 119 | { 120 | PPEB Peb; 121 | PPEB_LDR_DATA pPebLdrDat; 122 | PLDR_MODULE pLdrModule; 123 | PLIST_ENTRY pCurListEntry; 124 | PLIST_ENTRY pHeaderListEntry; 125 | ANSI_STRING aStrModuleName; 126 | UNICODE_STRING unStrModuleName; 127 | 128 | if (NULL == pInjectObjInfo || \ 129 | NULL == pModuleName || \ 130 | NULL == pApiName) 131 | { 132 | return (ULONG_PTR)NULL; 133 | } 134 | RtlInitAnsiString(&aStrModuleName,pModuleName); 135 | RtlAnsiStringToUnicodeString(&unStrModuleName,&aStrModuleName,TRUE); 136 | Peb = (PPEB)*(ULONG_PTR*)((ULONG_PTR)pInjectObjInfo->pInjectProcess + g_InjectRelevantOffset.ulOffsetPeb); 137 | if (NULL == Peb) 138 | { 139 | RtlFreeUnicodeString(&unStrModuleName); 140 | return (ULONG_PTR)NULL; 141 | } 142 | pPebLdrDat = (PPEB_LDR_DATA)*(ULONG_PTR*)((ULONG_PTR)Peb + g_InjectRelevantOffset.ulOffsetPebLdr); 143 | if (NULL == pPebLdrDat) 144 | { 145 | RtlFreeUnicodeString(&unStrModuleName); 146 | return (ULONG_PTR)NULL; 147 | } 148 | pHeaderListEntry = pCurListEntry = pPebLdrDat->InLoadOrderModuleList.Flink; 149 | while (pHeaderListEntry != pCurListEntry->Flink) 150 | { 151 | pLdrModule = (PLDR_MODULE)pCurListEntry; 152 | if (NULL == pLdrModule) 153 | { 154 | continue; 155 | } 156 | if (RtlCompareUnicodeString(&pLdrModule->BaseDllName,&unStrModuleName,TRUE) == 0) 157 | { 158 | g_InjectAplList.ulLoadLibrary = GetExportFunction(pLdrModule->BaseAddress,pApiName); 159 | RtlFreeUnicodeString(&unStrModuleName); 160 | return g_InjectAplList.ulLoadLibrary; 161 | } 162 | pCurListEntry = pCurListEntry->Flink; 163 | } 164 | RtlFreeUnicodeString(&unStrModuleName); 165 | return (ULONG_PTR)NULL; 166 | } 167 | ULONG_PTR GetDllFunctionAddress(PCHAR pFunctionName,PUNICODE_STRING pDllName) 168 | { 169 | NTSTATUS Status; 170 | USHORT uMachine; 171 | HANDLE hSection,hFile; 172 | OBJECT_ATTRIBUTES ObjectAttributes; 173 | PIMAGE_DOS_HEADER pDosHeader; 174 | PIMAGE_EXPORT_DIRECTORY pEat; 175 | IO_STATUS_BLOCK IoStatusBlock; 176 | ULONG* ulAddressOfFunctions; 177 | ULONG* ulAddressOfNames; 178 | SHORT* AddressOfNameOrdinals; 179 | ULONG ulFunctionOrdinal; 180 | ULONG uli,FunctionAddress; 181 | PCHAR FunctionName; 182 | STRING ntFunctionName,ntFunctionNameSearch; 183 | PVOID pBaseAddress; 184 | SIZE_T Size; 185 | 186 | Size = 0; 187 | pBaseAddress = NULL; 188 | InitializeObjectAttributes(&ObjectAttributes,pDllName,OBJ_CASE_INSENSITIVE,NULL,0); 189 | 190 | Status = ZwOpenFile(&hFile, \ 191 | FILE_EXECUTE | SYNCHRONIZE, \ 192 | &ObjectAttributes, \ 193 | &IoStatusBlock, \ 194 | FILE_SHARE_READ, \ 195 | FILE_SYNCHRONOUS_IO_NONALERT); 196 | if (NT_ERROR(Status)) 197 | { 198 | return Status; 199 | } 200 | Status = ZwCreateSection(&hSection, \ 201 | SECTION_MAP_READ, \ 202 | NULL/*&ObjectAttributes*/, \ 203 | NULL, \ 204 | PAGE_READONLY, \ 205 | SEC_IMAGE, \ 206 | hFile); 207 | if (NT_ERROR(Status)) 208 | { 209 | ZwClose(hFile); 210 | return Status; 211 | } 212 | Status = ZwMapViewOfSection(hSection, \ 213 | NtCurrentProcess(), \ 214 | &pBaseAddress, \ 215 | 0, \ 216 | 0, \ 217 | 0, \ 218 | &Size, \ 219 | ViewShare, \ 220 | 0, \ 221 | PAGE_READONLY); 222 | if (NT_ERROR(Status)) 223 | { 224 | if (Status == STATUS_IMAGE_NOT_AT_BASE && \ 225 | Size > 0) 226 | { 227 | 228 | } 229 | else 230 | { 231 | ZwClose(hFile); 232 | return Status; 233 | } 234 | } 235 | ZwClose(hFile); 236 | pDosHeader = (PIMAGE_DOS_HEADER)pBaseAddress; 237 | uMachine = ((PIMAGE_NT_HEADERS)((PCHAR)pDosHeader + pDosHeader->e_lfanew))->FileHeader.Machine; 238 | if (IMAGE_FILE_MACHINE_AMD64 == uMachine || \ 239 | IMAGE_FILE_MACHINE_IA64 == uMachine) 240 | { 241 | PIMAGE_NT_HEADERS64 pNtHeaders64; 242 | 243 | pNtHeaders64 = (PIMAGE_NT_HEADERS64)((PCHAR)pDosHeader + pDosHeader->e_lfanew); 244 | pEat = (PIMAGE_EXPORT_DIRECTORY)((PCHAR)pBaseAddress + \ 245 | pNtHeaders64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress); 246 | } 247 | else 248 | { 249 | PIMAGE_NT_HEADERS32 pNtHeaders32; 250 | 251 | pNtHeaders32 = (PIMAGE_NT_HEADERS32)((PCHAR)pDosHeader + pDosHeader->e_lfanew); 252 | pEat = (PIMAGE_EXPORT_DIRECTORY)((PCHAR)pBaseAddress + \ 253 | pNtHeaders32->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress); 254 | DbgPrint("%p",pEat); 255 | } 256 | ulAddressOfFunctions = (ULONG *)((PCHAR)pBaseAddress + pEat->AddressOfFunctions); 257 | ulAddressOfNames = (ULONG *)((PCHAR)pBaseAddress + pEat->AddressOfNames); 258 | AddressOfNameOrdinals = (SHORT*)pEat->AddressOfNameOrdinals; 259 | 260 | RtlInitString(&ntFunctionNameSearch,pFunctionName); 261 | 262 | for(uli = 0;uli < pEat->NumberOfFunctions;uli++) 263 | { 264 | FunctionName = (PCHAR)((PCHAR)pBaseAddress + ulAddressOfNames[uli]); 265 | RtlInitString(&ntFunctionName,FunctionName); 266 | ulFunctionOrdinal = AddressOfNameOrdinals[uli] + pEat->Base - 1; 267 | FunctionAddress = (ULONG)((PCHAR)pBaseAddress + ulAddressOfFunctions[ulFunctionOrdinal]); 268 | if (RtlCompareString(&ntFunctionName,&ntFunctionNameSearch,TRUE) == 0) 269 | { 270 | ZwClose(hSection); 271 | return FunctionAddress; 272 | } 273 | } 274 | ZwClose(hSection); 275 | Status = STATUS_UNSUCCESSFUL; 276 | return Status; 277 | } -------------------------------------------------------------------------------- /ShitDrv/md5c.c: -------------------------------------------------------------------------------- 1 | /* Modifications Copyright (c) J.S.A.Kapp 1994 - 1996. 2 | 3 | MD5 Component Of RSAEURO using RSA Data Security, Inc. 4 | MD5 Message Digest Algorithm. 5 | 6 | All Trademarks Acknowledged. 7 | 8 | Future versions may not use this modified RSADSI implementation 9 | of MD5. 10 | */ 11 | 12 | /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All 13 | rights reserved. 14 | 15 | License to copy and use this software is granted provided that it 16 | is identified as the "RSA Data Security, Inc. MD5 Message-Digest 17 | Algorithm" in all material mentioning or referencing this software 18 | or this function. 19 | 20 | License is also granted to make and use derivative works provided 21 | that such works are identified as "derived from the RSA Data 22 | Security, Inc. MD5 Message-Digest Algorithm" in all material 23 | mentioning or referencing the derived work. 24 | 25 | RSA Data Security, Inc. makes no representations concerning either 26 | the merchantability of this software or the suitability of this 27 | software for any particular purpose. It is provided "as is" 28 | without express or implied warranty of any kind. 29 | 30 | These notices must be retained in any copies of any part of this 31 | documentation and/or software. 32 | */ 33 | 34 | #include "rsaeuro.h" 35 | #include "md5.h" 36 | 37 | /* Constants for MD5Transform routine. */ 38 | #define S11 7 39 | #define S12 12 40 | #define S13 17 41 | #define S14 22 42 | #define S21 5 43 | #define S22 9 44 | #define S23 14 45 | #define S24 20 46 | #define S31 4 47 | #define S32 11 48 | #define S33 16 49 | #define S34 23 50 | #define S41 6 51 | #define S42 10 52 | #define S43 15 53 | #define S44 21 54 | 55 | void MD5Transform PROTO_LIST ((UINT4 [4], unsigned char [64])); 56 | void Encode PROTO_LIST((unsigned char *, UINT4 *, unsigned int)); 57 | void Decode PROTO_LIST((UINT4 *, unsigned char *, unsigned int)); 58 | 59 | unsigned char PADDING[64] = { 60 | 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 61 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 62 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 63 | }; 64 | 65 | /* F, G, H and I are basic MD5 functions. 66 | */ 67 | #define F(x, y, z) (((x) & (y)) | ((~x) & (z))) 68 | #define G(x, y, z) (((x) & (z)) | ((y) & (~z))) 69 | #define H(x, y, z) ((x) ^ (y) ^ (z)) 70 | #define I(x, y, z) ((y) ^ ((x) | (~z))) 71 | 72 | /* ROTATE_LEFT rotates x left n bits. 73 | */ 74 | #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) 75 | 76 | /* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. 77 | Rotation is separate from addition to prevent recomputation. 78 | */ 79 | #define FF(a, b, c, d, x, s, ac) { \ 80 | (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ 81 | (a) = ROTATE_LEFT ((a), (s)); \ 82 | (a) += (b); \ 83 | } 84 | #define GG(a, b, c, d, x, s, ac) { \ 85 | (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ 86 | (a) = ROTATE_LEFT ((a), (s)); \ 87 | (a) += (b); \ 88 | } 89 | #define HH(a, b, c, d, x, s, ac) { \ 90 | (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ 91 | (a) = ROTATE_LEFT ((a), (s)); \ 92 | (a) += (b); \ 93 | } 94 | #define II(a, b, c, d, x, s, ac) { \ 95 | (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ 96 | (a) = ROTATE_LEFT ((a), (s)); \ 97 | (a) += (b); \ 98 | } 99 | 100 | /* MD5 initialization. Begins an MD5 operation, writing a new context. */ 101 | 102 | void MD5Init ( MD5_CTX *context ) /* context */ 103 | { 104 | context->count[0] = context->count[1] = 0; 105 | 106 | /* Load magic initialization constants. 107 | */ 108 | context->state[0] = 0x67452301; 109 | context->state[1] = 0xefcdab89; 110 | context->state[2] = 0x98badcfe; 111 | context->state[3] = 0x10325476; 112 | } 113 | 114 | /* MD5 block update operation. Continues an MD5 message-digest 115 | operation, processing another message block, and updating the 116 | context. */ 117 | 118 | void MD5Update( 119 | MD5_CTX *context, /* context */ 120 | unsigned char *input, /* input block */ 121 | unsigned int inputLen ) /* length of input block */ 122 | { 123 | unsigned int i, index, partLen; 124 | 125 | /* Compute number of bytes mod 64 */ 126 | index = (unsigned int)((context->count[0] >> 3) & 0x3F); 127 | 128 | /* Update number of bits */ 129 | if((context->count[0] += ((UINT4)inputLen << 3)) < ((UINT4)inputLen << 3)) 130 | context->count[1]++; 131 | 132 | context->count[1] += ((UINT4)inputLen >> 29); 133 | 134 | partLen = 64 - index; 135 | 136 | /* Transform as many times as possible. 137 | */ 138 | if(inputLen >= partLen) { 139 | R_memcpy((POINTER)&context->buffer[index], (POINTER)input, partLen); 140 | MD5Transform(context->state, context->buffer); 141 | 142 | for(i = partLen; i + 63 < inputLen; i += 64) 143 | MD5Transform(context->state, &input[i]); 144 | 145 | index = 0; 146 | } 147 | else 148 | i = 0; 149 | 150 | /* Buffer remaining input */ 151 | R_memcpy((POINTER)&context->buffer[index], (POINTER)&input[i], inputLen-i); 152 | } 153 | 154 | /* MD5 finalization. Ends an MD5 message-digest operation, writing the 155 | the message digest and zeroizing the context. */ 156 | 157 | void MD5Final( unsigned char digest[16], /* message digest */ 158 | MD5_CTX *context ) /* context */ 159 | { 160 | unsigned char bits[8]; 161 | unsigned int index, padLen; 162 | 163 | /* Save number of bits */ 164 | Encode(bits, context->count, 8); 165 | 166 | /* Pad out to 56 mod 64. 167 | */ 168 | index = (unsigned int)((context->count[0] >> 3) & 0x3f); 169 | padLen = (index < 56) ? (56 - index) : (120 - index); 170 | MD5Update(context, PADDING, padLen); 171 | 172 | /* Append length (before padding) */ 173 | MD5Update(context, bits, 8); 174 | 175 | /* Store state in digest */ 176 | Encode(digest, context->state, 16); 177 | 178 | /* Zeroize sensitive information. */ 179 | 180 | R_memset((POINTER)context, 0, sizeof(*context)); 181 | } 182 | 183 | /* MD5 basic transformation. Transforms state based on block. */ 184 | 185 | void MD5Transform ( UINT4 state[4], unsigned char block[64] ) 186 | { 187 | UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; 188 | 189 | Decode(x, block, 64); 190 | 191 | /* Round 1 */ 192 | FF(a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ 193 | FF(d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ 194 | FF(c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ 195 | FF(b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ 196 | FF(a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ 197 | FF(d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ 198 | FF(c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ 199 | FF(b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ 200 | FF(a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ 201 | FF(d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ 202 | FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ 203 | FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ 204 | FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ 205 | FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ 206 | FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ 207 | FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ 208 | 209 | /* Round 2 */ 210 | GG(a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ 211 | GG(d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ 212 | GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ 213 | GG(b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ 214 | GG(a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ 215 | GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */ 216 | GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ 217 | GG(b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ 218 | GG(a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ 219 | GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ 220 | GG(c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ 221 | GG(b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ 222 | GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ 223 | GG(d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ 224 | GG(c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ 225 | GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ 226 | 227 | /* Round 3 */ 228 | HH(a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ 229 | HH(d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ 230 | HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ 231 | HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ 232 | HH(a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ 233 | HH(d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ 234 | HH(c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ 235 | HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ 236 | HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ 237 | HH(d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ 238 | HH(c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ 239 | HH(b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ 240 | HH(a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ 241 | HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ 242 | HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ 243 | HH(b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ 244 | 245 | /* Round 4 */ 246 | II(a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ 247 | II(d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ 248 | II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ 249 | II(b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ 250 | II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ 251 | II(d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ 252 | II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ 253 | II(b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ 254 | II(a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ 255 | II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ 256 | II(c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ 257 | II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ 258 | II(a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ 259 | II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ 260 | II(c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ 261 | II(b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ 262 | 263 | state[0] += a; 264 | state[1] += b; 265 | state[2] += c; 266 | state[3] += d; 267 | 268 | /* Zeroize sensitive information. */ 269 | 270 | R_memset((POINTER)x, 0, sizeof(x)); 271 | } 272 | 273 | /* Encodes input (UINT4) into output (unsigned char). Assumes len is 274 | a multiple of 4. */ 275 | 276 | void Encode( unsigned char *output, UINT4 *input, unsigned int len ) 277 | { 278 | unsigned int i, j; 279 | 280 | for(i = 0, j = 0; j < len; i++, j += 4) { 281 | output[j] = (unsigned char)(input[i] & 0xff); 282 | output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); 283 | output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); 284 | output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); 285 | } 286 | } 287 | 288 | /* Decodes input (unsigned char) into output (UINT4). Assumes len is 289 | a multiple of 4. */ 290 | 291 | void Decode( UINT4 *output, unsigned char *input, unsigned int len ) 292 | { 293 | unsigned int i, j; 294 | 295 | for(i = 0, j = 0; j < len; i++, j += 4) 296 | output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | 297 | (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); 298 | } 299 | -------------------------------------------------------------------------------- /TestInterface/md5c.c: -------------------------------------------------------------------------------- 1 | /* Modifications Copyright (c) J.S.A.Kapp 1994 - 1996. 2 | 3 | MD5 Component Of RSAEURO using RSA Data Security, Inc. 4 | MD5 Message Digest Algorithm. 5 | 6 | All Trademarks Acknowledged. 7 | 8 | Future versions may not use this modified RSADSI implementation 9 | of MD5. 10 | */ 11 | 12 | /* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All 13 | rights reserved. 14 | 15 | License to copy and use this software is granted provided that it 16 | is identified as the "RSA Data Security, Inc. MD5 Message-Digest 17 | Algorithm" in all material mentioning or referencing this software 18 | or this function. 19 | 20 | License is also granted to make and use derivative works provided 21 | that such works are identified as "derived from the RSA Data 22 | Security, Inc. MD5 Message-Digest Algorithm" in all material 23 | mentioning or referencing the derived work. 24 | 25 | RSA Data Security, Inc. makes no representations concerning either 26 | the merchantability of this software or the suitability of this 27 | software for any particular purpose. It is provided "as is" 28 | without express or implied warranty of any kind. 29 | 30 | These notices must be retained in any copies of any part of this 31 | documentation and/or software. 32 | */ 33 | 34 | #include "rsaeuro.h" 35 | #include "md5.h" 36 | 37 | /* Constants for MD5Transform routine. */ 38 | #define S11 7 39 | #define S12 12 40 | #define S13 17 41 | #define S14 22 42 | #define S21 5 43 | #define S22 9 44 | #define S23 14 45 | #define S24 20 46 | #define S31 4 47 | #define S32 11 48 | #define S33 16 49 | #define S34 23 50 | #define S41 6 51 | #define S42 10 52 | #define S43 15 53 | #define S44 21 54 | 55 | void MD5Transform PROTO_LIST ((UINT4 [4], unsigned char [64])); 56 | void Encode PROTO_LIST((unsigned char *, UINT4 *, unsigned int)); 57 | void Decode PROTO_LIST((UINT4 *, unsigned char *, unsigned int)); 58 | 59 | unsigned char PADDING[64] = { 60 | 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 61 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 62 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 63 | }; 64 | 65 | /* F, G, H and I are basic MD5 functions. 66 | */ 67 | #define F(x, y, z) (((x) & (y)) | ((~x) & (z))) 68 | #define G(x, y, z) (((x) & (z)) | ((y) & (~z))) 69 | #define H(x, y, z) ((x) ^ (y) ^ (z)) 70 | #define I(x, y, z) ((y) ^ ((x) | (~z))) 71 | 72 | /* ROTATE_LEFT rotates x left n bits. 73 | */ 74 | #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) 75 | 76 | /* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. 77 | Rotation is separate from addition to prevent recomputation. 78 | */ 79 | #define FF(a, b, c, d, x, s, ac) { \ 80 | (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ 81 | (a) = ROTATE_LEFT ((a), (s)); \ 82 | (a) += (b); \ 83 | } 84 | #define GG(a, b, c, d, x, s, ac) { \ 85 | (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ 86 | (a) = ROTATE_LEFT ((a), (s)); \ 87 | (a) += (b); \ 88 | } 89 | #define HH(a, b, c, d, x, s, ac) { \ 90 | (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ 91 | (a) = ROTATE_LEFT ((a), (s)); \ 92 | (a) += (b); \ 93 | } 94 | #define II(a, b, c, d, x, s, ac) { \ 95 | (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ 96 | (a) = ROTATE_LEFT ((a), (s)); \ 97 | (a) += (b); \ 98 | } 99 | 100 | /* MD5 initialization. Begins an MD5 operation, writing a new context. */ 101 | 102 | void MD5Init ( MD5_CTX *context ) /* context */ 103 | { 104 | context->count[0] = context->count[1] = 0; 105 | 106 | /* Load magic initialization constants. 107 | */ 108 | context->state[0] = 0x67452301; 109 | context->state[1] = 0xefcdab89; 110 | context->state[2] = 0x98badcfe; 111 | context->state[3] = 0x10325476; 112 | } 113 | 114 | /* MD5 block update operation. Continues an MD5 message-digest 115 | operation, processing another message block, and updating the 116 | context. */ 117 | 118 | void MD5Update( 119 | MD5_CTX *context, /* context */ 120 | unsigned char *input, /* input block */ 121 | unsigned int inputLen ) /* length of input block */ 122 | { 123 | unsigned int i, index, partLen; 124 | 125 | /* Compute number of bytes mod 64 */ 126 | index = (unsigned int)((context->count[0] >> 3) & 0x3F); 127 | 128 | /* Update number of bits */ 129 | if((context->count[0] += ((UINT4)inputLen << 3)) < ((UINT4)inputLen << 3)) 130 | context->count[1]++; 131 | 132 | context->count[1] += ((UINT4)inputLen >> 29); 133 | 134 | partLen = 64 - index; 135 | 136 | /* Transform as many times as possible. 137 | */ 138 | if(inputLen >= partLen) { 139 | R_memcpy((POINTER)&context->buffer[index], (POINTER)input, partLen); 140 | MD5Transform(context->state, context->buffer); 141 | 142 | for(i = partLen; i + 63 < inputLen; i += 64) 143 | MD5Transform(context->state, &input[i]); 144 | 145 | index = 0; 146 | } 147 | else 148 | i = 0; 149 | 150 | /* Buffer remaining input */ 151 | R_memcpy((POINTER)&context->buffer[index], (POINTER)&input[i], inputLen-i); 152 | } 153 | 154 | /* MD5 finalization. Ends an MD5 message-digest operation, writing the 155 | the message digest and zeroizing the context. */ 156 | 157 | void MD5Final( unsigned char digest[16], /* message digest */ 158 | MD5_CTX *context ) /* context */ 159 | { 160 | unsigned char bits[8]; 161 | unsigned int index, padLen; 162 | 163 | /* Save number of bits */ 164 | Encode(bits, context->count, 8); 165 | 166 | /* Pad out to 56 mod 64. 167 | */ 168 | index = (unsigned int)((context->count[0] >> 3) & 0x3f); 169 | padLen = (index < 56) ? (56 - index) : (120 - index); 170 | MD5Update(context, PADDING, padLen); 171 | 172 | /* Append length (before padding) */ 173 | MD5Update(context, bits, 8); 174 | 175 | /* Store state in digest */ 176 | Encode(digest, context->state, 16); 177 | 178 | /* Zeroize sensitive information. */ 179 | 180 | R_memset((POINTER)context, 0, sizeof(*context)); 181 | } 182 | 183 | /* MD5 basic transformation. Transforms state based on block. */ 184 | 185 | void MD5Transform ( UINT4 state[4], unsigned char block[64] ) 186 | { 187 | UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; 188 | 189 | Decode(x, block, 64); 190 | 191 | /* Round 1 */ 192 | FF(a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ 193 | FF(d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ 194 | FF(c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ 195 | FF(b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ 196 | FF(a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ 197 | FF(d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ 198 | FF(c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ 199 | FF(b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ 200 | FF(a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ 201 | FF(d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ 202 | FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ 203 | FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ 204 | FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ 205 | FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ 206 | FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ 207 | FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ 208 | 209 | /* Round 2 */ 210 | GG(a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ 211 | GG(d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ 212 | GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ 213 | GG(b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ 214 | GG(a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ 215 | GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */ 216 | GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ 217 | GG(b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ 218 | GG(a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ 219 | GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ 220 | GG(c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ 221 | GG(b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ 222 | GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ 223 | GG(d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ 224 | GG(c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ 225 | GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ 226 | 227 | /* Round 3 */ 228 | HH(a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ 229 | HH(d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ 230 | HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ 231 | HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ 232 | HH(a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ 233 | HH(d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ 234 | HH(c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ 235 | HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ 236 | HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ 237 | HH(d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ 238 | HH(c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ 239 | HH(b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ 240 | HH(a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ 241 | HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ 242 | HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ 243 | HH(b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ 244 | 245 | /* Round 4 */ 246 | II(a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ 247 | II(d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ 248 | II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ 249 | II(b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ 250 | II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ 251 | II(d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ 252 | II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ 253 | II(b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ 254 | II(a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ 255 | II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ 256 | II(c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ 257 | II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ 258 | II(a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ 259 | II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ 260 | II(c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ 261 | II(b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ 262 | 263 | state[0] += a; 264 | state[1] += b; 265 | state[2] += c; 266 | state[3] += d; 267 | 268 | /* Zeroize sensitive information. */ 269 | 270 | R_memset((POINTER)x, 0, sizeof(x)); 271 | } 272 | 273 | /* Encodes input (UINT4) into output (unsigned char). Assumes len is 274 | a multiple of 4. */ 275 | 276 | void Encode( unsigned char *output, UINT4 *input, unsigned int len ) 277 | { 278 | unsigned int i, j; 279 | 280 | for(i = 0, j = 0; j < len; i++, j += 4) { 281 | output[j] = (unsigned char)(input[i] & 0xff); 282 | output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); 283 | output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); 284 | output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); 285 | } 286 | } 287 | 288 | /* Decodes input (unsigned char) into output (UINT4). Assumes len is 289 | a multiple of 4. */ 290 | 291 | void Decode( UINT4 *output, unsigned char *input, unsigned int len ) 292 | { 293 | unsigned int i, j; 294 | 295 | for(i = 0, j = 0; j < len; i++, j += 4) 296 | output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | 297 | (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); 298 | } 299 | -------------------------------------------------------------------------------- /ShitDrv/LoadPlugin.c: -------------------------------------------------------------------------------- 1 | #include "ShitDrv.h" 2 | #include 3 | #include "LoadPlugin.h" 4 | 5 | LIST_ENTRY g_LdrPluginList; 6 | 7 | PLDR_PLUGIN_LIST AllocateLdrPlugin() 8 | { 9 | PLDR_PLUGIN_LIST pLdrPluginList; 10 | 11 | pLdrPluginList = NULL; 12 | do 13 | { 14 | pLdrPluginList = (PLDR_PLUGIN_LIST)ExAllocatePoolWithTag(NonPagedPool, \ 15 | sizeof(LDR_PLUGIN_LIST), \ 16 | LDR_PLUGIN_TAG); 17 | } while (NULL == pLdrPluginList); 18 | RtlZeroMemory(pLdrPluginList,sizeof(LDR_PLUGIN_LIST)); 19 | return pLdrPluginList; 20 | } 21 | NTSTATUS GetDrvPluginInfo(PLDR_PLUGIN_LIST pLdrPluginList,WCHAR *wDrvPluginPath) 22 | { 23 | OBJECT_ATTRIBUTES ObjectSubPlugin; 24 | UNICODE_STRING UniNewPluginRegPath; 25 | UNICODE_STRING UniValueKeyName; 26 | PKEY_VALUE_PARTIAL_INFORMATION pValuePartialInfo; 27 | HANDLE hSubPluginKey; 28 | NTSTATUS Status; 29 | WCHAR wPluginRegPath[MAX_PATH]; 30 | ULONG ulNeedSize; 31 | 32 | hSubPluginKey = NULL; 33 | UniNewPluginRegPath.Buffer = NULL; 34 | UniNewPluginRegPath.Length = 0; 35 | UniNewPluginRegPath.MaximumLength = 0; 36 | ulNeedSize = 0; 37 | pValuePartialInfo = NULL; 38 | Status = STATUS_SUCCESS; 39 | 40 | RtlZeroMemory(wPluginRegPath,sizeof(WCHAR) * MAX_PATH); 41 | 42 | do 43 | { 44 | StringCchCopyW(wPluginRegPath,MAX_PATH,wDrvPluginPath); 45 | RtlInitUnicodeString(&UniNewPluginRegPath,wPluginRegPath); 46 | InitializeObjectAttributes(&ObjectSubPlugin, \ 47 | &UniNewPluginRegPath, \ 48 | OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, \ 49 | NULL, \ 50 | 0); 51 | Status = ZwOpenKey(&hSubPluginKey, \ 52 | KEY_READ | KEY_QUERY_VALUE, \ 53 | &ObjectSubPlugin); 54 | if (NT_ERROR(Status)) 55 | { 56 | break; 57 | } 58 | RtlInitUnicodeString(&UniValueKeyName,L"Path"); 59 | Status = ZwQueryValueKey(hSubPluginKey, \ 60 | &UniValueKeyName, \ 61 | KeyValueFullInformation, \ 62 | NULL, \ 63 | 0, \ 64 | &ulNeedSize); 65 | if (Status == STATUS_BUFFER_OVERFLOW || \ 66 | Status == STATUS_BUFFER_TOO_SMALL) 67 | { 68 | pValuePartialInfo = (PKEY_VALUE_PARTIAL_INFORMATION)ExAllocatePoolWithTag(NonPagedPool, \ 69 | ulNeedSize, \ 70 | LDR_PLUGIN_TAG); 71 | if (NULL == pValuePartialInfo) 72 | { 73 | break; 74 | } 75 | RtlZeroMemory(pValuePartialInfo,ulNeedSize); 76 | Status = ZwQueryValueKey(hSubPluginKey, \ 77 | &UniValueKeyName, \ 78 | KeyValueFullInformation, \ 79 | pValuePartialInfo, \ 80 | ulNeedSize, \ 81 | &ulNeedSize); 82 | if (NT_SUCCESS(Status)) 83 | { 84 | RtlCopyMemory(pLdrPluginList->CheckFileSignature.wPluginFileFullPath, \ 85 | pValuePartialInfo->Data, \ 86 | pValuePartialInfo->DataLength); 87 | } 88 | if (pValuePartialInfo) 89 | { 90 | ExFreePoolWithTag(pValuePartialInfo,LDR_PLUGIN_TAG); 91 | pValuePartialInfo = NULL; 92 | } 93 | } 94 | RtlInitUnicodeString(&UniValueKeyName,L"LdrCtl"); 95 | Status = ZwQueryValueKey(hSubPluginKey, \ 96 | &UniValueKeyName, \ 97 | KeyValueFullInformation, \ 98 | NULL, \ 99 | 0, \ 100 | &ulNeedSize); 101 | if (Status == STATUS_BUFFER_OVERFLOW || \ 102 | Status == STATUS_BUFFER_TOO_SMALL) 103 | { 104 | pValuePartialInfo = (PKEY_VALUE_PARTIAL_INFORMATION)ExAllocatePoolWithTag(NonPagedPool, \ 105 | ulNeedSize, \ 106 | LDR_PLUGIN_TAG); 107 | if (NULL == pValuePartialInfo) 108 | { 109 | break; 110 | } 111 | RtlZeroMemory(pValuePartialInfo,ulNeedSize); 112 | Status = ZwQueryValueKey(hSubPluginKey, \ 113 | &UniValueKeyName, \ 114 | KeyValueFullInformation, \ 115 | pValuePartialInfo, \ 116 | ulNeedSize, \ 117 | &ulNeedSize); 118 | if (NT_SUCCESS(Status)) 119 | { 120 | RtlCopyMemory(&pLdrPluginList->CheckFileSignature.LdrCtl, \ 121 | pValuePartialInfo->Data, \ 122 | pValuePartialInfo->DataLength); 123 | } 124 | if (pValuePartialInfo) 125 | { 126 | ExFreePoolWithTag(pValuePartialInfo,LDR_PLUGIN_TAG); 127 | pValuePartialInfo = NULL; 128 | } 129 | } 130 | } while (0); 131 | if (pValuePartialInfo) 132 | { 133 | ExFreePoolWithTag(pValuePartialInfo,LDR_PLUGIN_TAG); 134 | pValuePartialInfo = NULL; 135 | } 136 | if (hSubPluginKey) 137 | { 138 | ZwClose(hSubPluginKey); 139 | } 140 | return Status; 141 | } 142 | NTSTATUS EnumPlugin(PUNICODE_STRING pUniDrvPlugin) 143 | { 144 | NTSTATUS Status; 145 | HANDLE hKey; 146 | OBJECT_ATTRIBUTES ObjectAttributes; 147 | ULONG uli; 148 | PKEY_FULL_INFORMATION pKeyFullInfo; 149 | PKEY_BASIC_INFORMATION pKeyBasicInfo; 150 | PLDR_PLUGIN_LIST pLdrPluginList; 151 | ULONG ulNeedSize; 152 | WCHAR wPluginRegPath[MAX_PATH]; 153 | WCHAR wPluginSubRegPath[MAX_PATH]; 154 | 155 | hKey = NULL; 156 | Status = STATUS_SUCCESS; 157 | uli = 0; 158 | pKeyFullInfo = NULL; 159 | pKeyBasicInfo = NULL; 160 | ulNeedSize = 0; 161 | pLdrPluginList = NULL; 162 | 163 | RtlZeroMemory(wPluginRegPath,sizeof(WCHAR) * MAX_PATH); 164 | RtlZeroMemory(wPluginSubRegPath,sizeof(WCHAR) * MAX_PATH); 165 | 166 | do 167 | { 168 | if (NULL == pUniDrvPlugin) 169 | { 170 | break; 171 | } 172 | InitializeObjectAttributes(&ObjectAttributes, \ 173 | pUniDrvPlugin, \ 174 | OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, \ 175 | NULL, \ 176 | 0); 177 | Status = ZwOpenKey(&hKey,KEY_READ | KEY_QUERY_VALUE,&ObjectAttributes); 178 | if (NT_ERROR(Status)) 179 | { 180 | break; 181 | } 182 | Status = ZwQueryKey(hKey,KeyFullInformation,NULL,0,&ulNeedSize); 183 | if (Status == STATUS_BUFFER_OVERFLOW || \ 184 | Status == STATUS_BUFFER_TOO_SMALL) 185 | { 186 | pKeyFullInfo = ExAllocatePool(NonPagedPool,ulNeedSize); 187 | if (NULL == pKeyFullInfo) 188 | { 189 | break; 190 | } 191 | RtlZeroMemory(pKeyFullInfo,ulNeedSize); 192 | Status = ZwQueryKey(hKey,KeyFullInformation,pKeyFullInfo,ulNeedSize,&ulNeedSize); 193 | if (NT_SUCCESS(Status)) 194 | { 195 | for (uli = 0;uli < pKeyFullInfo->SubKeys;uli++) 196 | { 197 | Status = ZwEnumerateKey(hKey,uli,KeyBasicInformation,NULL,0,&ulNeedSize); 198 | if (Status == STATUS_BUFFER_OVERFLOW || \ 199 | Status == STATUS_BUFFER_TOO_SMALL) 200 | { 201 | pKeyBasicInfo = ExAllocatePool(NonPagedPool,ulNeedSize); 202 | if (NULL == pKeyBasicInfo) 203 | { 204 | Status = STATUS_BUFFER_TOO_SMALL; 205 | break; 206 | } 207 | RtlZeroMemory(pKeyBasicInfo,ulNeedSize); 208 | Status = ZwEnumerateKey(hKey,uli,KeyBasicInformation,pKeyBasicInfo,ulNeedSize,&ulNeedSize); 209 | if (NT_SUCCESS(Status)) 210 | { 211 | pLdrPluginList = AllocateLdrPlugin(); 212 | 213 | RtlCopyMemory(pLdrPluginList->CheckFileSignature.wPluginName, \ 214 | pKeyBasicInfo->Name, \ 215 | pKeyBasicInfo->NameLength); 216 | 217 | RtlZeroMemory(wPluginRegPath,sizeof(WCHAR) * MAX_PATH); 218 | RtlZeroMemory(wPluginSubRegPath,sizeof(WCHAR) * MAX_PATH); 219 | 220 | StringCchCopyW(wPluginRegPath,MAX_PATH,pUniDrvPlugin->Buffer); 221 | StringCchPrintfW(wPluginSubRegPath, \ 222 | MAX_PATH, \ 223 | L"%ws\\%ws\\", \ 224 | wPluginRegPath, \ 225 | pLdrPluginList->CheckFileSignature.wPluginName); 226 | 227 | if (NT_SUCCESS(GetDrvPluginInfo(pLdrPluginList,wPluginSubRegPath))) 228 | { 229 | InitializeListHead(&pLdrPluginList->List); 230 | InsertTailList(&g_LdrPluginList,&pLdrPluginList->List); 231 | } 232 | if (pKeyBasicInfo) 233 | { 234 | ExFreePool(pKeyBasicInfo); 235 | pKeyBasicInfo = NULL; 236 | } 237 | } 238 | } 239 | } 240 | } 241 | } 242 | } while (0); 243 | if (pKeyFullInfo) 244 | { 245 | ExFreePool(pKeyFullInfo); 246 | pKeyFullInfo = NULL; 247 | } 248 | if (hKey) 249 | { 250 | ZwClose(hKey); 251 | } 252 | return Status; 253 | } 254 | NTSTATUS GetPluginRootPath(PUNICODE_STRING pUniDrvRegPath, \ 255 | PUNICODE_STRING pUniPluginPath) 256 | { 257 | NTSTATUS Status; 258 | UNICODE_STRING UniDrvRootKey; 259 | //UNICODE_STRING UniRetPluginPath; 260 | WCHAR wOutPluginRootPath[MAX_PATH]; 261 | ULONG ulLength; 262 | 263 | 264 | RtlZeroMemory(wOutPluginRootPath,sizeof(WCHAR) * MAX_PATH); 265 | Status = STATUS_SUCCESS; 266 | ulLength = 0; 267 | 268 | do 269 | { 270 | if (NULL == pUniDrvRegPath) 271 | { 272 | Status = STATUS_INVALID_PARAMETER; 273 | break; 274 | } 275 | if (pUniDrvRegPath->Length <= 0 || \ 276 | pUniDrvRegPath->Buffer == NULL) 277 | { 278 | Status = STATUS_INVALID_PARAMETER; 279 | break; 280 | } 281 | RtlInitUnicodeString(&UniDrvRootKey,DRV_REGISTER_ROOT_KEY); 282 | if (!RtlCompareUnicodeString(pUniDrvRegPath,&UniDrvRootKey,TRUE)) 283 | { 284 | break; 285 | } 286 | //StringCchCopyW(wOutPluginRootPath,MAX_PATH,pUniDrvRegPath->Buffer); 287 | //RtlCopyMemory(wOutPluginRootPath,pUniDrvRegPath->Buffer,pUniDrvRegPath->Length); 288 | //StringCchCatW(wOutPluginRootPath,MAX_PATH,L"\\Plugin\\"); 289 | //RtlInitUnicodeString(pUniPluginPath,wOutPluginRootPath); 290 | 291 | RtlCopyUnicodeString(pUniPluginPath,pUniDrvRegPath); 292 | RtlAppendUnicodeToString(pUniPluginPath,L"\\Plugin\\"); 293 | 294 | 295 | } while (0); 296 | return Status; 297 | } 298 | VOID LoadBootPlugin(PVOID StartContext) 299 | { 300 | PUNICODE_STRING pUniRegPath; 301 | UNICODE_STRING UniDrvPluginPath; 302 | UNICODE_STRING UniIoCreateDriver; 303 | NTSTATUS Status; 304 | 305 | Status = STATUS_SUCCESS; 306 | pUniRegPath = (PUNICODE_STRING)StartContext; 307 | 308 | do 309 | { 310 | if (g_pFilterCtl->FileFltAccessCtl.ulIsFileSystemInit == 1) 311 | { 312 | if (NULL == g_pFilterCtl->ulIoCreateDriver) 313 | { 314 | RtlInitUnicodeString(&UniIoCreateDriver,L"IoCreateDriver"); 315 | g_pFilterCtl->ulIoCreateDriver = MmGetSystemRoutineAddress(&UniIoCreateDriver); 316 | InitializeListHead(&g_LdrPluginList); 317 | } 318 | Status = GetPluginRootPath(pUniRegPath,&UniDrvPluginPath); 319 | if (NT_SUCCESS(Status)) 320 | { 321 | Status = EnumPlugin(&UniDrvPluginPath); 322 | if (NT_SUCCESS(Status)) 323 | { 324 | 325 | } 326 | } 327 | } 328 | } while (TRUE); 329 | PsTerminateSystemThread(Status); 330 | } 331 | -------------------------------------------------------------------------------- /ShitDrv/rsaeuro.h: -------------------------------------------------------------------------------- 1 | /* 2 | RSAEURO.H - header file for RSAEURO cryptographic toolkit 3 | 4 | Copyright (c) J.S.A.Kapp 1994 - 1996. 5 | 6 | RSAEURO - RSA Library compatible with RSAREF(tm) 2.0. 7 | 8 | All functions prototypes are the Same as for RSAREF(tm). 9 | To aid compatibility the source and the files follow the 10 | same naming conventions that RSAREF(tm) uses. This should aid 11 | direct importing to your applications. 12 | 13 | This library is legal everywhere outside the US. And should 14 | NOT be imported to the US and used there. 15 | 16 | This header file contains prototypes, and other definitions used 17 | in and by RSAEURO. 18 | 19 | Revision history 20 | 0.90 First revision, implements all of RSAREF.H plus some minor 21 | changes. 22 | 23 | 0.91 Second revision, Fixed a couple of problems. SHS support 24 | added to header file, digest contexts altered. 25 | 26 | 0.92 Third revision, add support at this level for the assembler 27 | routines and the implementation of some routines using the ANSI C 28 | equivalent. 29 | 30 | 0.93 Fourth revision, Library details section added, MD4 details 31 | added to header file, digest contexts altered. 32 | 33 | 1.03 Fifth revision, RSA key structures altered. 34 | 35 | 1.04 Sixth revision, New error types added, fix under windows 36 | regarding IDOK define. RSAEUROINFO release stuff added. 37 | 38 | */ 39 | 40 | #ifndef _RSAEURO_H_ 41 | #define _RSAEURO_H_ 42 | 43 | #define USE_ANSI 44 | 45 | #include 46 | 47 | #include "global.h" 48 | #include "md5.h" 49 | #include "nn.h" 50 | 51 | #ifdef __cplusplus 52 | extern "C" { 53 | #endif 54 | 55 | /* Message-digest algorithms. */ 56 | 57 | #define DA_MD2 2 58 | #define DA_MD4 4 59 | #define DA_MD5 5 60 | #define DA_SHS 3 61 | 62 | /* Encryption algorithms to be ored with digest algorithm in Seal and Open. */ 63 | 64 | #define EA_DES_CBC 1 65 | #define EA_DES_EDE2_CBC 2 66 | #define EA_DES_EDE3_CBC 3 67 | #define EA_DESX_CBC 4 68 | 69 | 70 | /* RSA key lengths. */ 71 | 72 | #define MIN_RSA_MODULUS_BITS 124 73 | /* 74 | PGP 2.6.2 Now allows 2048-bit keys changing below will allow this. 75 | It does lengthen key generation slightly if the value is increased. 76 | */ 77 | #define MAX_RSA_MODULUS_BITS 1024 78 | #define MAX_RSA_MODULUS_LEN ((MAX_RSA_MODULUS_BITS + 7) / 8) 79 | #define MAX_RSA_PRIME_BITS ((MAX_RSA_MODULUS_BITS + 1) / 2) 80 | #define MAX_RSA_PRIME_LEN ((MAX_RSA_PRIME_BITS + 7) / 8) 81 | 82 | /* Maximum lengths of encoded and encrypted content, as a function of 83 | content length len. Also, inverse functions. */ 84 | 85 | #define ENCODED_CONTENT_LEN(len) (4*(len)/3 + 3) 86 | #define ENCRYPTED_CONTENT_LEN(len) ENCODED_CONTENT_LEN ((len)+8) 87 | #define DECODED_CONTENT_LEN(len) (3*(len)/4 + 1) 88 | #define DECRYPTED_CONTENT_LEN(len) (DECODED_CONTENT_LEN (len) - 1) 89 | 90 | /* Maximum lengths of signatures, encrypted keys, encrypted 91 | signatures, and message digests. */ 92 | 93 | #define MAX_SIGNATURE_LEN MAX_RSA_MODULUS_LEN 94 | #define MAX_PEM_SIGNATURE_LEN ENCODED_CONTENT_LEN(MAX_SIGNATURE_LEN) 95 | #define MAX_ENCRYPTED_KEY_LEN MAX_RSA_MODULUS_LEN 96 | #define MAX_PEM_ENCRYPTED_KEY_LEN ENCODED_CONTENT_LEN(MAX_ENCRYPTED_KEY_LEN) 97 | #define MAX_PEM_ENCRYPTED_SIGNATURE_LEN ENCRYPTED_CONTENT_LEN(MAX_SIGNATURE_LEN) 98 | #define MAX_DIGEST_LEN 20 99 | 100 | /* Maximum length of Diffie-Hellman parameters. */ 101 | 102 | #define DH_PRIME_LEN(bits) (((bits) + 7) / 8) 103 | 104 | /* Error codes. */ 105 | 106 | #define RE_CONTENT_ENCODING 0x0400 107 | #define RE_DATA 0x0401 108 | #define RE_DIGEST_ALGORITHM 0x0402 109 | #define RE_ENCODING 0x0403 110 | #define RE_KEY 0x0404 111 | #define RE_KEY_ENCODING 0x0405 112 | #define RE_LEN 0x0406 113 | #define RE_MODULUS_LEN 0x0407 114 | #define RE_NEED_RANDOM 0x0408 115 | #define RE_PRIVATE_KEY 0x0409 116 | #define RE_PUBLIC_KEY 0x040a 117 | #define RE_SIGNATURE 0x040b 118 | #define RE_SIGNATURE_ENCODING 0x040c 119 | #define RE_ENCRYPTION_ALGORITHM 0x040d 120 | #define RE_FILE 0x040e 121 | 122 | /* Library details. */ 123 | 124 | #define RSAEURO_VER_MAJ 1 125 | #define RSAEURO_VER_MIN 04 126 | #define RSAEURO_IDENT "RSAEURO Toolkit" 127 | #define RSAEURO_DATE "21/08/94" 128 | 129 | /* Internal Error Codes */ 130 | 131 | /* IDOK and IDERROR changed to ID_OK and ID_ERROR */ 132 | 133 | #define ID_OK 0 134 | #define ID_ERROR 1 135 | 136 | /* Internal defs. */ 137 | 138 | #define TRUE 1 139 | #define FALSE 0 140 | 141 | /* Algorithm IDs */ 142 | 143 | #define IA_MD2 0x00000001 144 | #define IA_MD4 0x00000002 145 | #define IA_MD5 0x00000004 146 | #define IA_SHS 0x00000008 147 | #define IA_DES_CBC 0x00000010 148 | #define IA_DES_EDE2_CBC 0x00000020 149 | #define IA_DES_EDE3_CBC 0x00000040 150 | #define IA_DESX_CBC 0x00000080 151 | #define IA_RSA 0x00010000 152 | #define IA_DH 0x00020000 153 | 154 | #define IA_FLAGS (IA_MD2|IA_MD4|IA_MD5|IA_SHS|IA_DES_CBC|IA_DES_EDE2_CBC|IA_DES_EDE3_CBC|IA_DESX_CBC|IA_RSA|IA_DH) 155 | 156 | /* RSAEuro Info Structure */ 157 | 158 | typedef struct { 159 | unsigned short int Version; /* RSAEuro Version */ 160 | unsigned int flags; /* Version Flags */ 161 | unsigned char ManufacturerID[32]; /* Toolkit ID */ 162 | unsigned int Algorithms; /* Algorithms Supported */ 163 | } RSAEUROINFO; 164 | 165 | /* Random structure. */ 166 | 167 | typedef struct { 168 | unsigned int bytesNeeded; /* seed bytes required */ 169 | unsigned char state[16]; /* state of object */ 170 | unsigned int outputAvailable; /* number byte available */ 171 | unsigned char output[16]; /* output bytes */ 172 | } R_RANDOM_STRUCT; 173 | 174 | /* RSA public and private key. */ 175 | 176 | typedef struct { 177 | unsigned short int bits; /* length in bits of modulus */ 178 | unsigned char modulus[MAX_RSA_MODULUS_LEN]; /* modulus */ 179 | unsigned char exponent[MAX_RSA_MODULUS_LEN]; /* public exponent */ 180 | } R_RSA_PUBLIC_KEY; 181 | 182 | typedef struct { 183 | unsigned short int bits; /* length in bits of modulus */ 184 | unsigned char modulus[MAX_RSA_MODULUS_LEN]; /* modulus */ 185 | unsigned char publicExponent[MAX_RSA_MODULUS_LEN]; /* public exponent */ 186 | unsigned char exponent[MAX_RSA_MODULUS_LEN]; /* private exponent */ 187 | unsigned char prime[2][MAX_RSA_PRIME_LEN]; /* prime factors */ 188 | unsigned char primeExponent[2][MAX_RSA_PRIME_LEN]; /* exponents for CRT */ 189 | unsigned char coefficient[MAX_RSA_PRIME_LEN]; /* CRT coefficient */ 190 | } R_RSA_PRIVATE_KEY; 191 | 192 | /* RSA prototype key. */ 193 | 194 | typedef struct { 195 | unsigned int bits; /* length in bits of modulus */ 196 | int useFermat4; /* public exponent (1 = F4, 0 = 3) */ 197 | } R_RSA_PROTO_KEY; 198 | // 199 | ///* Diffie-Hellman parameters. */ 200 | // 201 | //typedef struct { 202 | // unsigned char *prime; /* prime */ 203 | // unsigned int primeLen; /* length of prime */ 204 | // unsigned char *generator; /* generator */ 205 | // unsigned int generatorLen; /* length of generator */ 206 | //} R_DH_PARAMS; 207 | // 208 | ///* digest algorithm context */ 209 | // 210 | //typedef struct { 211 | // int digestAlgorithm; /* digest type */ 212 | // union { /* digest sub-context */ 213 | // MD2_CTX md2; 214 | // MD4_CTX md4; 215 | // MD5_CTX md5; 216 | // SHS_CTX shs; 217 | // } context; 218 | //} R_DIGEST_CTX; 219 | // 220 | ///* signature context */ 221 | // 222 | //typedef struct { 223 | // R_DIGEST_CTX digestContext; 224 | //} R_SIGNATURE_CTX; 225 | // 226 | ///* envelope context */ 227 | // 228 | //typedef struct { 229 | // int encryptionAlgorithm; /* encryption type */ 230 | // union { /* encryption sub-context */ 231 | // DES_CBC_CTX des; 232 | // DES3_CBC_CTX des3; 233 | // DESX_CBC_CTX desx; 234 | // } cipherContext; 235 | // 236 | // unsigned char buffer[8]; /* data buffer */ 237 | // unsigned int bufferLen; /* buffer length */ 238 | //} R_ENVELOPE_CTX; 239 | 240 | /* Random Structures Routines. */ 241 | 242 | int R_RandomInit PROTO_LIST ((R_RANDOM_STRUCT *)); 243 | int R_RandomUpdate PROTO_LIST ((R_RANDOM_STRUCT *, unsigned char *, unsigned int)); 244 | int R_GetRandomBytesNeeded PROTO_LIST ((unsigned int *, R_RANDOM_STRUCT *)); 245 | void R_RandomFinal PROTO_LIST ((R_RANDOM_STRUCT *)); 246 | //void R_RandomCreate PROTO_LIST ((R_RANDOM_STRUCT *random)); 247 | //void R_RandomMix PROTO_LIST ((R_RANDOM_STRUCT *random)); 248 | int R_GenerateBytes(unsigned char *block, unsigned int len, 249 | R_RANDOM_STRUCT *random); 250 | 251 | /* Cryptographic procedures. */ 252 | // 253 | //int R_DigestInit PROTO_LIST ((R_DIGEST_CTX *, int)); 254 | //int R_DigestUpdate PROTO_LIST ((R_DIGEST_CTX *, unsigned char *, 255 | // unsigned int)); 256 | //int R_DigestFinal PROTO_LIST ((R_DIGEST_CTX *, unsigned char *, 257 | // unsigned int *)); 258 | //int R_SignInit PROTO_LIST ((R_SIGNATURE_CTX *, int)); 259 | //int R_SignUpdate PROTO_LIST ((R_SIGNATURE_CTX *, unsigned char *, 260 | // unsigned int)); 261 | //int R_SignFinal PROTO_LIST ((R_SIGNATURE_CTX *, unsigned char *, 262 | // unsigned int *, R_RSA_PRIVATE_KEY *)); 263 | //int R_VerifyInit PROTO_LIST ((R_SIGNATURE_CTX *, int)); 264 | //int R_VerifyUpdate PROTO_LIST ((R_SIGNATURE_CTX *, unsigned char *, 265 | // unsigned int)); 266 | //int R_VerifyFinal PROTO_LIST ((R_SIGNATURE_CTX *, unsigned char *, 267 | // unsigned int, R_RSA_PUBLIC_KEY *)); 268 | //int R_SealInit PROTO_LIST ((R_ENVELOPE_CTX *, unsigned char **, unsigned int *, unsigned char [8], 269 | // unsigned int, R_RSA_PUBLIC_KEY **, int, R_RANDOM_STRUCT *)); 270 | //int R_SealUpdate PROTO_LIST ((R_ENVELOPE_CTX *, unsigned char *, 271 | // unsigned int *, unsigned char *, unsigned int)); 272 | //int R_SealFinal PROTO_LIST ((R_ENVELOPE_CTX *, unsigned char *, 273 | // unsigned int *)); 274 | //int R_OpenInit PROTO_LIST ((R_ENVELOPE_CTX *, int, unsigned char *, 275 | // unsigned int, unsigned char [8], R_RSA_PRIVATE_KEY *)); 276 | //int R_OpenUpdate PROTO_LIST ((R_ENVELOPE_CTX *, unsigned char *, 277 | // unsigned int *, unsigned char *, unsigned int)); 278 | //int R_OpenFinal PROTO_LIST ((R_ENVELOPE_CTX *, unsigned char *, 279 | // unsigned int *)); 280 | // 281 | ///* Cryptographic enhancements. */ 282 | // 283 | //int R_SignPEMBlock PROTO_LIST ((unsigned char *, unsigned int *, unsigned char *, unsigned int *, 284 | // unsigned char *, unsigned int, int, int, R_RSA_PRIVATE_KEY *)); 285 | //int R_SignBlock PROTO_LIST ((unsigned char *, unsigned int *, unsigned char *, unsigned int, int, 286 | // R_RSA_PRIVATE_KEY *)); 287 | //int R_VerifyPEMSignature PROTO_LIST ((unsigned char *, unsigned int *, unsigned char *, unsigned int, 288 | // unsigned char *, unsigned int, int, int, R_RSA_PUBLIC_KEY *)); 289 | //int R_VerifyBlockSignature PROTO_LIST ((unsigned char *, unsigned int, 290 | // unsigned char *, unsigned int, int, R_RSA_PUBLIC_KEY *)); 291 | //int R_SealPEMBlock PROTO_LIST ((unsigned char *, unsigned int *, unsigned char *, unsigned int *, 292 | // unsigned char *, unsigned int *, unsigned char [8], unsigned char *, 293 | // unsigned int, int, R_RSA_PUBLIC_KEY *, R_RSA_PRIVATE_KEY *, 294 | // R_RANDOM_STRUCT *)); 295 | //int R_OpenPEMBlock PROTO_LIST ((unsigned char *, unsigned int *, unsigned char *, unsigned int, 296 | // unsigned char *, unsigned int, unsigned char *, unsigned int, 297 | // unsigned char [8], int, R_RSA_PRIVATE_KEY *, R_RSA_PUBLIC_KEY *)); 298 | //int R_DigestBlock PROTO_LIST ((unsigned char *, unsigned int *, 299 | // unsigned char *, unsigned int, int)); 300 | // 301 | //int R_DecryptOpenPEMBlock PROTO_LIST ((R_ENVELOPE_CTX *, unsigned char *, 302 | // unsigned int *, unsigned char *, unsigned int)); 303 | //int R_EncryptOpenPEMBlock PROTO_LIST ((R_ENVELOPE_CTX *, unsigned char *, 304 | // unsigned int *, unsigned char *, unsigned int)); 305 | // 306 | ///* Printable ASCII encoding and decoding. */ 307 | // 308 | //int R_EncodePEMBlock PROTO_LIST ((unsigned char *, unsigned int *, 309 | // unsigned char *, unsigned int)); 310 | //int R_DecodePEMBlock PROTO_LIST ((unsigned char *, unsigned int *, 311 | // unsigned char *, unsigned int)); 312 | 313 | /* Key-pair generation. */ 314 | 315 | int R_GeneratePEMKeys PROTO_LIST ((R_RSA_PUBLIC_KEY *, R_RSA_PRIVATE_KEY *, 316 | R_RSA_PROTO_KEY *, R_RANDOM_STRUCT *)); 317 | 318 | /* Diffie-Hellman key agreement. */ 319 | 320 | //int R_GenerateDHParams PROTO_LIST ((R_DH_PARAMS *, unsigned int, 321 | // unsigned int, R_RANDOM_STRUCT *)); 322 | //int R_SetupDHAgreement PROTO_LIST ((unsigned char *, unsigned char *, 323 | // unsigned int, R_DH_PARAMS *, R_RANDOM_STRUCT *)); 324 | //int R_ComputeDHAgreedKey PROTO_LIST ((unsigned char *, unsigned char *, 325 | // unsigned char *, unsigned int, R_DH_PARAMS *)); 326 | 327 | /* Standard library routines. */ 328 | 329 | #ifdef USE_ANSI 330 | #define R_memset(x, y, z) memset(x, y, z) 331 | #define R_memcpy(x, y, z) memcpy(x, y, z) 332 | #define R_memcmp(x, y, z) memcmp(x, y, z) 333 | #else 334 | void R_memset PROTO_LIST ((POINTER, int, unsigned int)); 335 | void R_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int)); 336 | int R_memcmp PROTO_LIST ((POINTER, POINTER, unsigned int)); 337 | #endif 338 | 339 | #ifdef __cplusplus 340 | } 341 | #endif 342 | 343 | #endif /* _RSAEURO_H_ */ 344 | -------------------------------------------------------------------------------- /TestInterface/rsaeuro.h: -------------------------------------------------------------------------------- 1 | /* 2 | RSAEURO.H - header file for RSAEURO cryptographic toolkit 3 | 4 | Copyright (c) J.S.A.Kapp 1994 - 1996. 5 | 6 | RSAEURO - RSA Library compatible with RSAREF(tm) 2.0. 7 | 8 | All functions prototypes are the Same as for RSAREF(tm). 9 | To aid compatibility the source and the files follow the 10 | same naming conventions that RSAREF(tm) uses. This should aid 11 | direct importing to your applications. 12 | 13 | This library is legal everywhere outside the US. And should 14 | NOT be imported to the US and used there. 15 | 16 | This header file contains prototypes, and other definitions used 17 | in and by RSAEURO. 18 | 19 | Revision history 20 | 0.90 First revision, implements all of RSAREF.H plus some minor 21 | changes. 22 | 23 | 0.91 Second revision, Fixed a couple of problems. SHS support 24 | added to header file, digest contexts altered. 25 | 26 | 0.92 Third revision, add support at this level for the assembler 27 | routines and the implementation of some routines using the ANSI C 28 | equivalent. 29 | 30 | 0.93 Fourth revision, Library details section added, MD4 details 31 | added to header file, digest contexts altered. 32 | 33 | 1.03 Fifth revision, RSA key structures altered. 34 | 35 | 1.04 Sixth revision, New error types added, fix under windows 36 | regarding IDOK define. RSAEUROINFO release stuff added. 37 | 38 | */ 39 | 40 | #ifndef _RSAEURO_H_ 41 | #define _RSAEURO_H_ 42 | 43 | #define USE_ANSI 44 | 45 | #include 46 | 47 | #include "global.h" 48 | #include "md5.h" 49 | #include "nn.h" 50 | 51 | #ifdef __cplusplus 52 | extern "C" { 53 | #endif 54 | 55 | /* Message-digest algorithms. */ 56 | 57 | #define DA_MD2 2 58 | #define DA_MD4 4 59 | #define DA_MD5 5 60 | #define DA_SHS 3 61 | 62 | /* Encryption algorithms to be ored with digest algorithm in Seal and Open. */ 63 | 64 | #define EA_DES_CBC 1 65 | #define EA_DES_EDE2_CBC 2 66 | #define EA_DES_EDE3_CBC 3 67 | #define EA_DESX_CBC 4 68 | 69 | 70 | /* RSA key lengths. */ 71 | 72 | #define MIN_RSA_MODULUS_BITS 124 73 | /* 74 | PGP 2.6.2 Now allows 2048-bit keys changing below will allow this. 75 | It does lengthen key generation slightly if the value is increased. 76 | */ 77 | #define MAX_RSA_MODULUS_BITS 1024 78 | #define MAX_RSA_MODULUS_LEN ((MAX_RSA_MODULUS_BITS + 7) / 8) 79 | #define MAX_RSA_PRIME_BITS ((MAX_RSA_MODULUS_BITS + 1) / 2) 80 | #define MAX_RSA_PRIME_LEN ((MAX_RSA_PRIME_BITS + 7) / 8) 81 | 82 | /* Maximum lengths of encoded and encrypted content, as a function of 83 | content length len. Also, inverse functions. */ 84 | 85 | #define ENCODED_CONTENT_LEN(len) (4*(len)/3 + 3) 86 | #define ENCRYPTED_CONTENT_LEN(len) ENCODED_CONTENT_LEN ((len)+8) 87 | #define DECODED_CONTENT_LEN(len) (3*(len)/4 + 1) 88 | #define DECRYPTED_CONTENT_LEN(len) (DECODED_CONTENT_LEN (len) - 1) 89 | 90 | /* Maximum lengths of signatures, encrypted keys, encrypted 91 | signatures, and message digests. */ 92 | 93 | #define MAX_SIGNATURE_LEN MAX_RSA_MODULUS_LEN 94 | #define MAX_PEM_SIGNATURE_LEN ENCODED_CONTENT_LEN(MAX_SIGNATURE_LEN) 95 | #define MAX_ENCRYPTED_KEY_LEN MAX_RSA_MODULUS_LEN 96 | #define MAX_PEM_ENCRYPTED_KEY_LEN ENCODED_CONTENT_LEN(MAX_ENCRYPTED_KEY_LEN) 97 | #define MAX_PEM_ENCRYPTED_SIGNATURE_LEN ENCRYPTED_CONTENT_LEN(MAX_SIGNATURE_LEN) 98 | #define MAX_DIGEST_LEN 20 99 | 100 | /* Maximum length of Diffie-Hellman parameters. */ 101 | 102 | #define DH_PRIME_LEN(bits) (((bits) + 7) / 8) 103 | 104 | /* Error codes. */ 105 | 106 | #define RE_CONTENT_ENCODING 0x0400 107 | #define RE_DATA 0x0401 108 | #define RE_DIGEST_ALGORITHM 0x0402 109 | #define RE_ENCODING 0x0403 110 | #define RE_KEY 0x0404 111 | #define RE_KEY_ENCODING 0x0405 112 | #define RE_LEN 0x0406 113 | #define RE_MODULUS_LEN 0x0407 114 | #define RE_NEED_RANDOM 0x0408 115 | #define RE_PRIVATE_KEY 0x0409 116 | #define RE_PUBLIC_KEY 0x040a 117 | #define RE_SIGNATURE 0x040b 118 | #define RE_SIGNATURE_ENCODING 0x040c 119 | #define RE_ENCRYPTION_ALGORITHM 0x040d 120 | #define RE_FILE 0x040e 121 | 122 | /* Library details. */ 123 | 124 | #define RSAEURO_VER_MAJ 1 125 | #define RSAEURO_VER_MIN 04 126 | #define RSAEURO_IDENT "RSAEURO Toolkit" 127 | #define RSAEURO_DATE "21/08/94" 128 | 129 | /* Internal Error Codes */ 130 | 131 | /* IDOK and IDERROR changed to ID_OK and ID_ERROR */ 132 | 133 | #define ID_OK 0 134 | #define ID_ERROR 1 135 | 136 | /* Internal defs. */ 137 | 138 | #define TRUE 1 139 | #define FALSE 0 140 | 141 | /* Algorithm IDs */ 142 | 143 | #define IA_MD2 0x00000001 144 | #define IA_MD4 0x00000002 145 | #define IA_MD5 0x00000004 146 | #define IA_SHS 0x00000008 147 | #define IA_DES_CBC 0x00000010 148 | #define IA_DES_EDE2_CBC 0x00000020 149 | #define IA_DES_EDE3_CBC 0x00000040 150 | #define IA_DESX_CBC 0x00000080 151 | #define IA_RSA 0x00010000 152 | #define IA_DH 0x00020000 153 | 154 | #define IA_FLAGS (IA_MD2|IA_MD4|IA_MD5|IA_SHS|IA_DES_CBC|IA_DES_EDE2_CBC|IA_DES_EDE3_CBC|IA_DESX_CBC|IA_RSA|IA_DH) 155 | 156 | /* RSAEuro Info Structure */ 157 | 158 | typedef struct { 159 | unsigned short int Version; /* RSAEuro Version */ 160 | unsigned int flags; /* Version Flags */ 161 | unsigned char ManufacturerID[32]; /* Toolkit ID */ 162 | unsigned int Algorithms; /* Algorithms Supported */ 163 | } RSAEUROINFO; 164 | 165 | /* Random structure. */ 166 | 167 | typedef struct { 168 | unsigned int bytesNeeded; /* seed bytes required */ 169 | unsigned char state[16]; /* state of object */ 170 | unsigned int outputAvailable; /* number byte available */ 171 | unsigned char output[16]; /* output bytes */ 172 | } R_RANDOM_STRUCT; 173 | 174 | /* RSA public and private key. */ 175 | 176 | typedef struct { 177 | unsigned short int bits; /* length in bits of modulus */ 178 | unsigned char modulus[MAX_RSA_MODULUS_LEN]; /* modulus */ 179 | unsigned char exponent[MAX_RSA_MODULUS_LEN]; /* public exponent */ 180 | } R_RSA_PUBLIC_KEY; 181 | 182 | typedef struct { 183 | unsigned short int bits; /* length in bits of modulus */ 184 | unsigned char modulus[MAX_RSA_MODULUS_LEN]; /* modulus */ 185 | unsigned char publicExponent[MAX_RSA_MODULUS_LEN]; /* public exponent */ 186 | unsigned char exponent[MAX_RSA_MODULUS_LEN]; /* private exponent */ 187 | unsigned char prime[2][MAX_RSA_PRIME_LEN]; /* prime factors */ 188 | unsigned char primeExponent[2][MAX_RSA_PRIME_LEN]; /* exponents for CRT */ 189 | unsigned char coefficient[MAX_RSA_PRIME_LEN]; /* CRT coefficient */ 190 | } R_RSA_PRIVATE_KEY; 191 | 192 | /* RSA prototype key. */ 193 | 194 | typedef struct { 195 | unsigned int bits; /* length in bits of modulus */ 196 | int useFermat4; /* public exponent (1 = F4, 0 = 3) */ 197 | } R_RSA_PROTO_KEY; 198 | // 199 | ///* Diffie-Hellman parameters. */ 200 | // 201 | //typedef struct { 202 | // unsigned char *prime; /* prime */ 203 | // unsigned int primeLen; /* length of prime */ 204 | // unsigned char *generator; /* generator */ 205 | // unsigned int generatorLen; /* length of generator */ 206 | //} R_DH_PARAMS; 207 | // 208 | ///* digest algorithm context */ 209 | // 210 | //typedef struct { 211 | // int digestAlgorithm; /* digest type */ 212 | // union { /* digest sub-context */ 213 | // MD2_CTX md2; 214 | // MD4_CTX md4; 215 | // MD5_CTX md5; 216 | // SHS_CTX shs; 217 | // } context; 218 | //} R_DIGEST_CTX; 219 | // 220 | ///* signature context */ 221 | // 222 | //typedef struct { 223 | // R_DIGEST_CTX digestContext; 224 | //} R_SIGNATURE_CTX; 225 | // 226 | ///* envelope context */ 227 | // 228 | //typedef struct { 229 | // int encryptionAlgorithm; /* encryption type */ 230 | // union { /* encryption sub-context */ 231 | // DES_CBC_CTX des; 232 | // DES3_CBC_CTX des3; 233 | // DESX_CBC_CTX desx; 234 | // } cipherContext; 235 | // 236 | // unsigned char buffer[8]; /* data buffer */ 237 | // unsigned int bufferLen; /* buffer length */ 238 | //} R_ENVELOPE_CTX; 239 | 240 | /* Random Structures Routines. */ 241 | 242 | int R_RandomInit PROTO_LIST ((R_RANDOM_STRUCT *)); 243 | int R_RandomUpdate PROTO_LIST ((R_RANDOM_STRUCT *, unsigned char *, unsigned int)); 244 | int R_GetRandomBytesNeeded PROTO_LIST ((unsigned int *, R_RANDOM_STRUCT *)); 245 | void R_RandomFinal PROTO_LIST ((R_RANDOM_STRUCT *)); 246 | //void R_RandomCreate PROTO_LIST ((R_RANDOM_STRUCT *random)); 247 | //void R_RandomMix PROTO_LIST ((R_RANDOM_STRUCT *random)); 248 | int R_GenerateBytes(unsigned char *block, unsigned int len, 249 | R_RANDOM_STRUCT *random); 250 | 251 | /* Cryptographic procedures. */ 252 | // 253 | //int R_DigestInit PROTO_LIST ((R_DIGEST_CTX *, int)); 254 | //int R_DigestUpdate PROTO_LIST ((R_DIGEST_CTX *, unsigned char *, 255 | // unsigned int)); 256 | //int R_DigestFinal PROTO_LIST ((R_DIGEST_CTX *, unsigned char *, 257 | // unsigned int *)); 258 | //int R_SignInit PROTO_LIST ((R_SIGNATURE_CTX *, int)); 259 | //int R_SignUpdate PROTO_LIST ((R_SIGNATURE_CTX *, unsigned char *, 260 | // unsigned int)); 261 | //int R_SignFinal PROTO_LIST ((R_SIGNATURE_CTX *, unsigned char *, 262 | // unsigned int *, R_RSA_PRIVATE_KEY *)); 263 | //int R_VerifyInit PROTO_LIST ((R_SIGNATURE_CTX *, int)); 264 | //int R_VerifyUpdate PROTO_LIST ((R_SIGNATURE_CTX *, unsigned char *, 265 | // unsigned int)); 266 | //int R_VerifyFinal PROTO_LIST ((R_SIGNATURE_CTX *, unsigned char *, 267 | // unsigned int, R_RSA_PUBLIC_KEY *)); 268 | //int R_SealInit PROTO_LIST ((R_ENVELOPE_CTX *, unsigned char **, unsigned int *, unsigned char [8], 269 | // unsigned int, R_RSA_PUBLIC_KEY **, int, R_RANDOM_STRUCT *)); 270 | //int R_SealUpdate PROTO_LIST ((R_ENVELOPE_CTX *, unsigned char *, 271 | // unsigned int *, unsigned char *, unsigned int)); 272 | //int R_SealFinal PROTO_LIST ((R_ENVELOPE_CTX *, unsigned char *, 273 | // unsigned int *)); 274 | //int R_OpenInit PROTO_LIST ((R_ENVELOPE_CTX *, int, unsigned char *, 275 | // unsigned int, unsigned char [8], R_RSA_PRIVATE_KEY *)); 276 | //int R_OpenUpdate PROTO_LIST ((R_ENVELOPE_CTX *, unsigned char *, 277 | // unsigned int *, unsigned char *, unsigned int)); 278 | //int R_OpenFinal PROTO_LIST ((R_ENVELOPE_CTX *, unsigned char *, 279 | // unsigned int *)); 280 | // 281 | ///* Cryptographic enhancements. */ 282 | // 283 | //int R_SignPEMBlock PROTO_LIST ((unsigned char *, unsigned int *, unsigned char *, unsigned int *, 284 | // unsigned char *, unsigned int, int, int, R_RSA_PRIVATE_KEY *)); 285 | //int R_SignBlock PROTO_LIST ((unsigned char *, unsigned int *, unsigned char *, unsigned int, int, 286 | // R_RSA_PRIVATE_KEY *)); 287 | //int R_VerifyPEMSignature PROTO_LIST ((unsigned char *, unsigned int *, unsigned char *, unsigned int, 288 | // unsigned char *, unsigned int, int, int, R_RSA_PUBLIC_KEY *)); 289 | //int R_VerifyBlockSignature PROTO_LIST ((unsigned char *, unsigned int, 290 | // unsigned char *, unsigned int, int, R_RSA_PUBLIC_KEY *)); 291 | //int R_SealPEMBlock PROTO_LIST ((unsigned char *, unsigned int *, unsigned char *, unsigned int *, 292 | // unsigned char *, unsigned int *, unsigned char [8], unsigned char *, 293 | // unsigned int, int, R_RSA_PUBLIC_KEY *, R_RSA_PRIVATE_KEY *, 294 | // R_RANDOM_STRUCT *)); 295 | //int R_OpenPEMBlock PROTO_LIST ((unsigned char *, unsigned int *, unsigned char *, unsigned int, 296 | // unsigned char *, unsigned int, unsigned char *, unsigned int, 297 | // unsigned char [8], int, R_RSA_PRIVATE_KEY *, R_RSA_PUBLIC_KEY *)); 298 | //int R_DigestBlock PROTO_LIST ((unsigned char *, unsigned int *, 299 | // unsigned char *, unsigned int, int)); 300 | // 301 | //int R_DecryptOpenPEMBlock PROTO_LIST ((R_ENVELOPE_CTX *, unsigned char *, 302 | // unsigned int *, unsigned char *, unsigned int)); 303 | //int R_EncryptOpenPEMBlock PROTO_LIST ((R_ENVELOPE_CTX *, unsigned char *, 304 | // unsigned int *, unsigned char *, unsigned int)); 305 | // 306 | ///* Printable ASCII encoding and decoding. */ 307 | // 308 | //int R_EncodePEMBlock PROTO_LIST ((unsigned char *, unsigned int *, 309 | // unsigned char *, unsigned int)); 310 | //int R_DecodePEMBlock PROTO_LIST ((unsigned char *, unsigned int *, 311 | // unsigned char *, unsigned int)); 312 | 313 | /* Key-pair generation. */ 314 | 315 | int R_GeneratePEMKeys PROTO_LIST ((R_RSA_PUBLIC_KEY *, R_RSA_PRIVATE_KEY *, 316 | R_RSA_PROTO_KEY *, R_RANDOM_STRUCT *)); 317 | 318 | /* Diffie-Hellman key agreement. */ 319 | 320 | //int R_GenerateDHParams PROTO_LIST ((R_DH_PARAMS *, unsigned int, 321 | // unsigned int, R_RANDOM_STRUCT *)); 322 | //int R_SetupDHAgreement PROTO_LIST ((unsigned char *, unsigned char *, 323 | // unsigned int, R_DH_PARAMS *, R_RANDOM_STRUCT *)); 324 | //int R_ComputeDHAgreedKey PROTO_LIST ((unsigned char *, unsigned char *, 325 | // unsigned char *, unsigned int, R_DH_PARAMS *)); 326 | 327 | /* Standard library routines. */ 328 | 329 | #ifdef USE_ANSI 330 | #define R_memset(x, y, z) memset(x, y, z) 331 | #define R_memcpy(x, y, z) memcpy(x, y, z) 332 | #define R_memcmp(x, y, z) memcmp(x, y, z) 333 | #else 334 | void R_memset PROTO_LIST ((POINTER, int, unsigned int)); 335 | void R_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int)); 336 | int R_memcmp PROTO_LIST ((POINTER, POINTER, unsigned int)); 337 | #endif 338 | 339 | #ifdef __cplusplus 340 | } 341 | #endif 342 | 343 | #endif /* _RSAEURO_H_ */ 344 | -------------------------------------------------------------------------------- /ShitDrv/nn.c: -------------------------------------------------------------------------------- 1 | /* 2 | NN.C - natural numbers routines 3 | 4 | Copyright (c) J.S.A.Kapp 1994 - 1996. 5 | 6 | RSAEURO - RSA Library compatible with RSAREF(tm) 2.0. 7 | 8 | All functions prototypes are the Same as for RSAREF(tm). 9 | To aid compatiblity the source and the files follow the 10 | same naming comventions that RSAREF(tm) uses. This should aid 11 | direct importing to you applications. 12 | 13 | This library is legal everywhere outside the US. And should 14 | NOT be imported to the US and used there. 15 | 16 | All Trademarks Acknowledged. 17 | 18 | Revision hisitory 19 | 0.90 First revision, this revision was the basic routines. 20 | Routines slower than final revision. 21 | 22 | 0.91 Second revision, this is the current revision, all 23 | routines have been altered for speed increases. Also the 24 | addition of assembler equivalents. 25 | 26 | 1.02 Third revision, minor bug fixes. 27 | dmult bug fix, Bug reported by Anders Heerfordt . 28 | 29 | 1.03 Fourth revision, SunCompiler patch 30 | 31 | 1.04 Fifth revision, Fix to fix problem with NN_Encode 32 | and NN_Decode when running with MS Visual C++ 4.x. 33 | */ 34 | 35 | #include "rsaeuro.h" 36 | #include "nn.h" 37 | 38 | /* internal functions */ 39 | 40 | NN_DIGIT subdigitmult PROTO_LIST 41 | ((NN_DIGIT *, NN_DIGIT *, NN_DIGIT, NN_DIGIT *, unsigned int)); 42 | 43 | void dmult PROTO_LIST ((NN_DIGIT, NN_DIGIT, NN_DIGIT *, NN_DIGIT *)); 44 | 45 | unsigned int NN_DigitBits PROTO_LIST ((NN_DIGIT)); 46 | 47 | #ifndef USEASM 48 | /* Decodes character string b into a, where character string is ordered 49 | from most to least significant. 50 | 51 | Lengths: a[digits], b[len]. 52 | Assumes b[i] = 0 for i < len - digits * NN_DIGIT_LEN. (Otherwise most 53 | significant bytes are truncated.) 54 | */ 55 | void NN_Decode( NN_DIGIT *a, unsigned int digits, unsigned char *b,unsigned int len) 56 | { 57 | NN_DIGIT t; 58 | unsigned int i, u; 59 | int j; 60 | 61 | /* @##$ unsigned/signed bug fix added JSAK - Fri 31/05/96 18:09:11 */ 62 | for (i = 0, j = len - 1; i < digits && j >= 0; i++) { 63 | t = 0; 64 | for (u = 0; j >= 0 && u < NN_DIGIT_BITS; j--, u += 8) 65 | t |= ((NN_DIGIT)b[j]) << u; 66 | a[i] = t; 67 | } 68 | 69 | for (; i < digits; i++) 70 | a[i] = 0; 71 | } 72 | 73 | /* Encodes b into character string a, where character string is ordered 74 | from most to least significant. 75 | 76 | Lengths: a[len], b[digits]. 77 | Assumes NN_Bits (b, digits) <= 8 * len. (Otherwise most significant 78 | digits are truncated.) 79 | */ 80 | void NN_Encode( unsigned char *a, unsigned int len, NN_DIGIT *b, unsigned int digits ) 81 | { 82 | NN_DIGIT t; 83 | unsigned int i, u; 84 | int j; 85 | 86 | /* @##$ unsigned/signed bug fix added JSAK - Fri 31/05/96 18:09:11 */ 87 | for (i = 0, j = len - 1; i < digits && j >= 0; i++) { 88 | t = b[i]; 89 | for (u = 0; j >= 0 && u < NN_DIGIT_BITS; j--, u += 8) 90 | a[j] = (unsigned char)(t >> u); 91 | } 92 | 93 | for (; j >= 0; j--) 94 | a[j] = 0; 95 | } 96 | 97 | /* Assigns a = 0. */ 98 | 99 | void NN_AssignZero( NN_DIGIT *a, unsigned int digits ) 100 | { 101 | if(digits) { 102 | do { 103 | *a++ = 0; 104 | }while(--digits); 105 | } 106 | } 107 | 108 | #endif 109 | 110 | /* Assigns a = 2^b. 111 | 112 | Lengths: a[digits]. 113 | Requires b < digits * NN_DIGIT_BITS. 114 | */ 115 | void NN_Assign2Exp (NN_DIGIT *a, unsigned int b, unsigned int digits ) 116 | { 117 | NN_AssignZero (a, digits); 118 | 119 | if (b >= digits * NN_DIGIT_BITS) 120 | return; 121 | 122 | a[b / NN_DIGIT_BITS] = (NN_DIGIT)1 << (b % NN_DIGIT_BITS); 123 | } 124 | 125 | /* Computes a = b - c. Returns borrow. 126 | 127 | Lengths: a[digits], b[digits], c[digits]. 128 | */ 129 | NN_DIGIT NN_Sub ( NN_DIGIT *a, NN_DIGIT *b, NN_DIGIT *c, unsigned int digits ) 130 | { 131 | NN_DIGIT temp, borrow = 0; 132 | 133 | if(digits) 134 | do { 135 | /* Bug fix 16/10/95 - JSK, code below removed, caused bug with 136 | Sun Compiler SC4. 137 | 138 | if((temp = (*b++) - borrow) == MAX_NN_DIGIT) 139 | temp = MAX_NN_DIGIT - *c++; 140 | */ 141 | 142 | temp = *b - borrow; 143 | b++; 144 | if(temp == MAX_NN_DIGIT) { 145 | temp = MAX_NN_DIGIT - *c; 146 | c++; 147 | }else { /* Patch to prevent bug for Sun CC */ 148 | if((temp -= *c) > (MAX_NN_DIGIT - *c)) 149 | borrow = 1; 150 | else 151 | borrow = 0; 152 | c++; 153 | } 154 | *a++ = temp; 155 | }while(--digits); 156 | 157 | return(borrow); 158 | } 159 | 160 | /* Computes a = b * c. 161 | 162 | Lengths: a[2*digits], b[digits], c[digits]. 163 | Assumes digits < MAX_NN_DIGITS. 164 | */ 165 | 166 | void NN_Mult ( NN_DIGIT *a, NN_DIGIT *b, NN_DIGIT *c , unsigned int digits ) 167 | { 168 | NN_DIGIT t[2*MAX_NN_DIGITS]; 169 | NN_DIGIT dhigh, dlow, carry; 170 | unsigned int bDigits, cDigits, i, j; 171 | 172 | NN_AssignZero (t, 2 * digits); 173 | 174 | bDigits = NN_Digits (b, digits); 175 | cDigits = NN_Digits (c, digits); 176 | 177 | for (i = 0; i < bDigits; i++) { 178 | carry = 0; 179 | if(*(b+i) != 0) { 180 | for(j = 0; j < cDigits; j++) { 181 | dmult(*(b+i), *(c+j), &dhigh, &dlow); 182 | if((*(t+(i+j)) = *(t+(i+j)) + carry) < carry) 183 | carry = 1; 184 | else 185 | carry = 0; 186 | if((*(t+(i+j)) += dlow) < dlow) 187 | carry++; 188 | carry += dhigh; 189 | } 190 | } 191 | *(t+(i+cDigits)) += carry; 192 | } 193 | 194 | 195 | NN_Assign(a, t, 2 * digits); 196 | } 197 | 198 | /* Computes a = b * 2^c (i.e., shifts left c bits), returning carry. 199 | 200 | Requires c < NN_DIGIT_BITS. */ 201 | 202 | NN_DIGIT NN_LShift ( NN_DIGIT *a, NN_DIGIT *b, unsigned int c, unsigned int digits ) 203 | { 204 | NN_DIGIT temp, carry = 0; 205 | unsigned int t; 206 | 207 | if(c < NN_DIGIT_BITS) 208 | if(digits) { 209 | 210 | t = NN_DIGIT_BITS - c; 211 | 212 | do { 213 | temp = *b++; 214 | *a++ = (temp << c) | carry; 215 | carry = c ? (temp >> t) : 0; 216 | }while(--digits); 217 | } 218 | 219 | return (carry); 220 | } 221 | 222 | /* Computes a = c div 2^c (i.e., shifts right c bits), returning carry. 223 | 224 | Requires: c < NN_DIGIT_BITS. */ 225 | 226 | NN_DIGIT NN_RShift ( NN_DIGIT *a, NN_DIGIT *b, unsigned int c, unsigned int digits ) 227 | { 228 | NN_DIGIT temp, carry = 0; 229 | unsigned int t; 230 | 231 | if(c < NN_DIGIT_BITS) 232 | if(digits) { 233 | 234 | t = NN_DIGIT_BITS - c; 235 | 236 | do { 237 | digits--; 238 | temp = *(b+digits); 239 | *(a+digits) = (temp >> c) | carry; 240 | carry = c ? (temp << t) : 0; 241 | }while(digits); 242 | } 243 | 244 | return (carry); 245 | } 246 | 247 | /* Computes a = c div d and b = c mod d. 248 | 249 | Lengths: a[cDigits], b[dDigits], c[cDigits], d[dDigits]. 250 | Assumes d > 0, cDigits < 2 * MAX_NN_DIGITS, 251 | dDigits < MAX_NN_DIGITS. 252 | */ 253 | void NN_Div ( NN_DIGIT *a, NN_DIGIT *b, NN_DIGIT *c, unsigned int cDigits, NN_DIGIT *d, unsigned int dDigits ) 254 | { 255 | NN_DIGIT ai, cc[2*MAX_NN_DIGITS+1], dd[MAX_NN_DIGITS], s; 256 | NN_DIGIT t[2], u, v, *ccptr; 257 | NN_HALF_DIGIT aHigh, aLow, cHigh, cLow; 258 | int i; 259 | unsigned int ddDigits, shift; 260 | 261 | ddDigits = NN_Digits (d, dDigits); 262 | if(ddDigits == 0) 263 | return; 264 | 265 | shift = NN_DIGIT_BITS - NN_DigitBits (d[ddDigits-1]); 266 | NN_AssignZero (cc, ddDigits); 267 | cc[cDigits] = NN_LShift (cc, c, shift, cDigits); 268 | NN_LShift (dd, d, shift, ddDigits); 269 | s = dd[ddDigits-1]; 270 | 271 | NN_AssignZero (a, cDigits); 272 | 273 | for (i = cDigits-ddDigits; i >= 0; i--) { 274 | if (s == MAX_NN_DIGIT) 275 | ai = cc[i+ddDigits]; 276 | else { 277 | ccptr = &cc[i+ddDigits-1]; 278 | 279 | s++; 280 | cHigh = (NN_HALF_DIGIT)HIGH_HALF (s); 281 | cLow = (NN_HALF_DIGIT)LOW_HALF (s); 282 | 283 | *t = *ccptr; 284 | *(t+1) = *(ccptr+1); 285 | 286 | if (cHigh == MAX_NN_HALF_DIGIT) 287 | aHigh = (NN_HALF_DIGIT)HIGH_HALF (*(t+1)); 288 | else 289 | aHigh = (NN_HALF_DIGIT)(*(t+1) / (cHigh + 1)); 290 | u = (NN_DIGIT)aHigh * (NN_DIGIT)cLow; 291 | v = (NN_DIGIT)aHigh * (NN_DIGIT)cHigh; 292 | if ((*t -= TO_HIGH_HALF (u)) > (MAX_NN_DIGIT - TO_HIGH_HALF (u))) 293 | t[1]--; 294 | *(t+1) -= HIGH_HALF (u); 295 | *(t+1) -= v; 296 | 297 | while ((*(t+1) > cHigh) || 298 | ((*(t+1) == cHigh) && (*t >= TO_HIGH_HALF (cLow)))) { 299 | if ((*t -= TO_HIGH_HALF (cLow)) > MAX_NN_DIGIT - TO_HIGH_HALF (cLow)) 300 | t[1]--; 301 | *(t+1) -= cHigh; 302 | aHigh++; 303 | } 304 | 305 | if (cHigh == MAX_NN_HALF_DIGIT) 306 | aLow = (NN_HALF_DIGIT)LOW_HALF (*(t+1)); 307 | else 308 | aLow = 309 | (NN_HALF_DIGIT)((TO_HIGH_HALF (*(t+1)) + HIGH_HALF (*t)) / (cHigh + 1)); 310 | u = (NN_DIGIT)aLow * (NN_DIGIT)cLow; 311 | v = (NN_DIGIT)aLow * (NN_DIGIT)cHigh; 312 | if ((*t -= u) > (MAX_NN_DIGIT - u)) 313 | t[1]--; 314 | if ((*t -= TO_HIGH_HALF (v)) > (MAX_NN_DIGIT - TO_HIGH_HALF (v))) 315 | t[1]--; 316 | *(t+1) -= HIGH_HALF (v); 317 | 318 | while ((*(t+1) > 0) || ((*(t+1) == 0) && *t >= s)) { 319 | if ((*t -= s) > (MAX_NN_DIGIT - s)) 320 | t[1]--; 321 | aLow++; 322 | } 323 | 324 | ai = TO_HIGH_HALF (aHigh) + aLow; 325 | s--; 326 | } 327 | 328 | cc[i+ddDigits] -= subdigitmult(&cc[i], &cc[i], ai, dd, ddDigits); 329 | 330 | while (cc[i+ddDigits] || (NN_Cmp (&cc[i], dd, ddDigits) >= 0)) { 331 | ai++; 332 | cc[i+ddDigits] -= NN_Sub (&cc[i], &cc[i], dd, ddDigits); 333 | } 334 | 335 | a[i] = ai; 336 | } 337 | 338 | NN_AssignZero (b, dDigits); 339 | NN_RShift (b, cc, shift, ddDigits); 340 | } 341 | 342 | 343 | /* Computes a = b mod c. 344 | 345 | Lengths: a[cDigits], b[bDigits], c[cDigits]. 346 | Assumes c > 0, bDigits < 2 * MAX_NN_DIGITS, cDigits < MAX_NN_DIGITS. 347 | */ 348 | void NN_Mod ( NN_DIGIT *a, NN_DIGIT *b, unsigned int bDigits, NN_DIGIT *c, unsigned int cDigits ) 349 | { 350 | NN_DIGIT t[2 * MAX_NN_DIGITS]; 351 | 352 | NN_Div (t, a, b, bDigits, c, cDigits); 353 | } 354 | 355 | /* Computes a = b * c mod d. 356 | 357 | Lengths: a[digits], b[digits], c[digits], d[digits]. 358 | Assumes d > 0, digits < MAX_NN_DIGITS. 359 | */ 360 | void NN_ModMult ( NN_DIGIT *a, NN_DIGIT *b, NN_DIGIT *c, NN_DIGIT *d, unsigned int digits ) 361 | { 362 | NN_DIGIT t[2*MAX_NN_DIGITS]; 363 | 364 | NN_Mult (t, b, c, digits); 365 | NN_Mod (a, t, 2 * digits, d, digits); 366 | } 367 | 368 | /* Computes a = b^c mod d. 369 | 370 | Lengths: a[dDigits], b[dDigits], c[cDigits], d[dDigits]. 371 | Assumes d > 0, cDigits > 0, dDigits < MAX_NN_DIGITS. 372 | */ 373 | void NN_ModExp ( NN_DIGIT *a, NN_DIGIT *b, NN_DIGIT *c, unsigned int cDigits, NN_DIGIT *d, unsigned int dDigits ) 374 | { 375 | NN_DIGIT bPower[3][MAX_NN_DIGITS], ci, t[MAX_NN_DIGITS]; 376 | int i; 377 | unsigned int ciBits, j, s; 378 | 379 | /* Store b, b^2 mod d, and b^3 mod d. 380 | */ 381 | NN_Assign (bPower[0], b, dDigits); 382 | NN_ModMult (bPower[1], bPower[0], b, d, dDigits); 383 | NN_ModMult (bPower[2], bPower[1], b, d, dDigits); 384 | 385 | NN_ASSIGN_DIGIT (t, 1, dDigits); 386 | 387 | cDigits = NN_Digits (c, cDigits); 388 | for (i = cDigits - 1; i >= 0; i--) { 389 | ci = c[i]; 390 | ciBits = NN_DIGIT_BITS; 391 | 392 | /* Scan past leading zero bits of most significant digit. 393 | */ 394 | if (i == (int)(cDigits - 1)) { 395 | while (! DIGIT_2MSB (ci)) { 396 | ci <<= 2; 397 | ciBits -= 2; 398 | } 399 | } 400 | 401 | for (j = 0; j < ciBits; j += 2, ci <<= 2) { 402 | /* Compute t = t^4 * b^s mod d, where s = two MSB's of ci. */ 403 | NN_ModMult (t, t, t, d, dDigits); 404 | NN_ModMult (t, t, t, d, dDigits); 405 | if ((s = DIGIT_2MSB (ci)) != 0) 406 | NN_ModMult (t, t, bPower[s-1], d, dDigits); 407 | } 408 | } 409 | 410 | NN_Assign (a, t, dDigits); 411 | } 412 | 413 | /* Compute a = 1/b mod c, assuming inverse exists. 414 | 415 | Lengths: a[digits], b[digits], c[digits]. 416 | Assumes gcd (b, c) = 1, digits < MAX_NN_DIGITS. 417 | */ 418 | void NN_ModInv (NN_DIGIT *a, NN_DIGIT *b, NN_DIGIT *c, unsigned int digits ) 419 | { 420 | NN_DIGIT q[MAX_NN_DIGITS], t1[MAX_NN_DIGITS], t3[MAX_NN_DIGITS], 421 | u1[MAX_NN_DIGITS], u3[MAX_NN_DIGITS], v1[MAX_NN_DIGITS], 422 | v3[MAX_NN_DIGITS], w[2*MAX_NN_DIGITS]; 423 | int u1Sign; 424 | 425 | /* Apply extended Euclidean algorithm, modified to avoid negative 426 | numbers. 427 | */ 428 | NN_ASSIGN_DIGIT (u1, 1, digits); 429 | NN_AssignZero (v1, digits); 430 | NN_Assign (u3, b, digits); 431 | NN_Assign (v3, c, digits); 432 | u1Sign = 1; 433 | 434 | while (! NN_Zero (v3, digits)) { 435 | NN_Div (q, t3, u3, digits, v3, digits); 436 | NN_Mult (w, q, v1, digits); 437 | NN_Add (t1, u1, w, digits); 438 | NN_Assign (u1, v1, digits); 439 | NN_Assign (v1, t1, digits); 440 | NN_Assign (u3, v3, digits); 441 | NN_Assign (v3, t3, digits); 442 | u1Sign = -u1Sign; 443 | } 444 | 445 | /* Negate result if sign is negative. */ 446 | if (u1Sign < 0) 447 | NN_Sub (a, c, u1, digits); 448 | else 449 | NN_Assign (a, u1, digits); 450 | } 451 | 452 | /* Computes a = gcd(b, c). 453 | 454 | Assumes b > c, digits < MAX_NN_DIGITS. 455 | */ 456 | 457 | #define iplus1 ( i==2 ? 0 : i+1 ) /* used by Euclid algorithms */ 458 | #define iminus1 ( i==0 ? 2 : i-1 ) /* used by Euclid algorithms */ 459 | #define g(i) ( &(t[i][0]) ) 460 | 461 | void NN_Gcd( NN_DIGIT *a, NN_DIGIT *b, NN_DIGIT *c, unsigned int digits ) 462 | { 463 | short i; 464 | NN_DIGIT t[3][MAX_NN_DIGITS]; 465 | 466 | NN_Assign(g(0), c, digits); 467 | NN_Assign(g(1), b, digits); 468 | 469 | i=1; 470 | 471 | while(!NN_Zero(g(i),digits)) { 472 | NN_Mod(g(iplus1), g(iminus1), digits, g(i), digits); 473 | i = iplus1; 474 | } 475 | 476 | NN_Assign(a , g(iminus1), digits); 477 | } 478 | 479 | /* Returns the significant length of a in bits. 480 | 481 | Lengths: a[digits]. */ 482 | 483 | unsigned int NN_Bits ( NN_DIGIT *a, unsigned int digits ) 484 | { 485 | if ((digits = NN_Digits (a, digits)) == 0) 486 | return (0); 487 | 488 | return ((digits - 1) * NN_DIGIT_BITS + NN_DigitBits (a[digits-1])); 489 | } 490 | 491 | #ifndef USEASM 492 | 493 | /* Returns sign of a - b. */ 494 | 495 | int NN_Cmp ( NN_DIGIT *a, NN_DIGIT *b, unsigned int digits ) 496 | { 497 | if(digits) { 498 | do { 499 | digits--; 500 | if(*(a+digits) > *(b+digits)) 501 | return(1); 502 | if(*(a+digits) < *(b+digits)) 503 | return(-1); 504 | }while(digits); 505 | } 506 | 507 | return (0); 508 | } 509 | 510 | /* Returns nonzero iff a is zero. */ 511 | 512 | int NN_Zero ( NN_DIGIT *a, unsigned int digits ) 513 | { 514 | if(digits) { 515 | do { 516 | if(*a++) 517 | return(0); 518 | }while(--digits); 519 | } 520 | 521 | return (1); 522 | } 523 | 524 | /* Assigns a = b. */ 525 | 526 | void NN_Assign( NN_DIGIT *a, NN_DIGIT *b, unsigned int digits ) 527 | { 528 | if(digits) { 529 | do { 530 | *a++ = *b++; 531 | }while(--digits); 532 | } 533 | } 534 | 535 | /* Returns the significant length of a in digits. */ 536 | 537 | unsigned int NN_Digits ( NN_DIGIT *a, unsigned int digits ) 538 | { 539 | 540 | if(digits) { 541 | digits--; 542 | 543 | do { 544 | if(*(a+digits)) 545 | break; 546 | }while(digits--); 547 | 548 | return(digits + 1); 549 | } 550 | 551 | return(digits); 552 | } 553 | 554 | /* Computes a = b + c. Returns carry. 555 | 556 | Lengths: a[digits], b[digits], c[digits]. 557 | */ 558 | NN_DIGIT NN_Add ( NN_DIGIT *a, NN_DIGIT *b, NN_DIGIT *c, unsigned int digits ) 559 | { 560 | NN_DIGIT temp, carry = 0; 561 | 562 | if(digits) 563 | do { 564 | if((temp = (*b++) + carry) < carry) 565 | temp = *c++; 566 | else { /* Patch to prevent bug for Sun CC */ 567 | if((temp += *c) < *c) 568 | carry = 1; 569 | else 570 | carry = 0; 571 | c++; 572 | } 573 | *a++ = temp; 574 | }while(--digits); 575 | 576 | return (carry); 577 | } 578 | 579 | #endif 580 | 581 | NN_DIGIT subdigitmult(NN_DIGIT *a, NN_DIGIT *b, NN_DIGIT c, NN_DIGIT *d, unsigned int digits ) 582 | { 583 | NN_DIGIT borrow, thigh, tlow; 584 | unsigned int i; 585 | 586 | borrow = 0; 587 | 588 | if(c != 0) { 589 | for(i = 0; i < digits; i++) { 590 | dmult(c, d[i], &thigh, &tlow); 591 | if((a[i] = b[i] - borrow) > (MAX_NN_DIGIT - borrow)) 592 | borrow = 1; 593 | else 594 | borrow = 0; 595 | if((a[i] -= tlow) > (MAX_NN_DIGIT - tlow)) 596 | borrow++; 597 | borrow += thigh; 598 | } 599 | } 600 | 601 | return (borrow); 602 | } 603 | 604 | /* Returns the significant length of a in bits, where a is a digit. */ 605 | 606 | unsigned int NN_DigitBits ( NN_DIGIT a ) 607 | { 608 | unsigned int i; 609 | 610 | for (i = 0; i < NN_DIGIT_BITS; i++, a >>= 1) 611 | if (a == 0) 612 | break; 613 | 614 | return (i); 615 | } 616 | 617 | /* Computes a * b, result stored in high and low. */ 618 | 619 | void dmult( NN_DIGIT a, NN_DIGIT b, NN_DIGIT *high, NN_DIGIT *low ) 620 | { 621 | NN_HALF_DIGIT al, ah, bl, bh; 622 | NN_DIGIT m1, m2, m, ml, mh, carry = 0; 623 | 624 | al = (NN_HALF_DIGIT)LOW_HALF(a); 625 | ah = (NN_HALF_DIGIT)HIGH_HALF(a); 626 | bl = (NN_HALF_DIGIT)LOW_HALF(b); 627 | bh = (NN_HALF_DIGIT)HIGH_HALF(b); 628 | 629 | *low = (NN_DIGIT) al*bl; 630 | *high = (NN_DIGIT) ah*bh; 631 | 632 | m1 = (NN_DIGIT) al*bh; 633 | m2 = (NN_DIGIT) ah*bl; 634 | m = m1 + m2; 635 | 636 | if(m < m1) 637 | carry = 1L << (NN_DIGIT_BITS / 2); 638 | 639 | ml = (m & MAX_NN_HALF_DIGIT) << (NN_DIGIT_BITS / 2); 640 | mh = m >> (NN_DIGIT_BITS / 2); 641 | 642 | *low += ml; 643 | 644 | if(*low < ml) 645 | carry++; 646 | 647 | *high += carry + mh; 648 | } 649 | 650 | --------------------------------------------------------------------------------