├── .gitignore
├── Shell.suo
├── bin
    ├── main.obj
    ├── main.res
    ├── vc60.idb
    ├── vc60.pdb
    ├── ProcMon.sys
    ├── RegMon.sys
    ├── Rules.dat
    ├── Shell.exe
    ├── Shell.pdb
    ├── Myminifilter.sys
    └── Myminifilter.inf
├── Shell
    ├── Common.h
    ├── Log.cpp
    ├── Proc.cpp
    ├── Reg.cpp
    ├── Rules.cpp
    ├── Rules.dat
    ├── hash.cpp
    ├── main.cpp
    ├── main.rc
    ├── res
    │   ├── all.ico
    │   ├── on_.bmp
    │   ├── back.bmp
    │   ├── back_1.bmp
    │   ├── off_.bmp
    │   ├── off_s.bmp
    │   ├── on_s.bmp
    │   ├── 按钮.卸载.bmp
    │   ├── 按钮.日志.bmp
    │   ├── 按钮.规则.bmp
    │   ├── 按钮.进程.bmp
    │   ├── 按钮.卸载.hit.bmp
    │   ├── 按钮.日志.hit.bmp
    │   ├── 按钮.规则.hit.bmp
    │   └── 按钮.进程.hit.bmp
    ├── resource.h
    ├── ProcessInfo.cpp
    ├── DriverControl.cpp
    ├── Shell.vcxproj.user
    ├── File.cpp
    ├── Shell.vcxproj.filters
    └── Shell.vcxproj
├── Tools
    ├── DebugView.zip
    ├── KmdManager.exe
    └── 64Signer V1.2.exe
├── Driver
    ├── FileFilter
    │   ├── Base.c
    │   ├── Myminifilter.c
    │   ├── Myminifilter.h
    │   ├── objchk_win7_amd64
    │   │   └── amd64
    │   │   │   ├── Myminifilter.pdb
    │   │   │   ├── Myminifilter.sys
    │   │   │   └── Myminifilter.inf
    │   ├── sources
    │   ├── Myminifilter.rc
    │   ├── makefile
    │   └── Myminifilter.inf
    ├── ProcessMonitor
    │   ├── ProcessMonitor.cpp
    │   ├── ProcessMonitor.h
    │   ├── SOURCES
    │   ├── objchk_win7_amd64
    │   │   └── amd64
    │   │   │   ├── ProcMon.pdb
    │   │   │   └── ProcMon.sys
    │   └── makefile
    └── RegistryMonitor
    │   ├── RegisterMonitor.h
    │   ├── RegisterMonitor.cpp
    │   ├── objchk_win7_amd64
    │       └── amd64
    │       │   ├── RegMon.pdb
    │       │   └── RegMon.sys
    │   └── SOURCES
├── README.md
└── Shell.sln


/.gitignore:
--------------------------------------------------------------------------------
1 | Debug
2 | Release
3 | *.aps


--------------------------------------------------------------------------------
/Shell.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell.suo


--------------------------------------------------------------------------------
/bin/main.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/bin/main.obj


--------------------------------------------------------------------------------
/bin/main.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/bin/main.res


--------------------------------------------------------------------------------
/bin/vc60.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/bin/vc60.idb


--------------------------------------------------------------------------------
/bin/vc60.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/bin/vc60.pdb


--------------------------------------------------------------------------------
/Shell/Common.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/Common.h


--------------------------------------------------------------------------------
/Shell/Log.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/Log.cpp


--------------------------------------------------------------------------------
/Shell/Proc.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/Proc.cpp


--------------------------------------------------------------------------------
/Shell/Reg.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/Reg.cpp


--------------------------------------------------------------------------------
/Shell/Rules.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/Rules.cpp


--------------------------------------------------------------------------------
/Shell/Rules.dat:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/Rules.dat


--------------------------------------------------------------------------------
/Shell/hash.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/hash.cpp


--------------------------------------------------------------------------------
/Shell/main.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/main.cpp


--------------------------------------------------------------------------------
/Shell/main.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/main.rc


--------------------------------------------------------------------------------
/bin/ProcMon.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/bin/ProcMon.sys


--------------------------------------------------------------------------------
/bin/RegMon.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/bin/RegMon.sys


--------------------------------------------------------------------------------
/bin/Rules.dat:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/bin/Rules.dat


--------------------------------------------------------------------------------
/bin/Shell.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/bin/Shell.exe


--------------------------------------------------------------------------------
/bin/Shell.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/bin/Shell.pdb


--------------------------------------------------------------------------------
/Shell/res/all.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/res/all.ico


--------------------------------------------------------------------------------
/Shell/res/on_.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/res/on_.bmp


--------------------------------------------------------------------------------
/Shell/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/resource.h


--------------------------------------------------------------------------------
/Shell/res/back.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/res/back.bmp


--------------------------------------------------------------------------------
/Shell/res/back_1.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/res/back_1.bmp


--------------------------------------------------------------------------------
/Shell/res/off_.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/res/off_.bmp


--------------------------------------------------------------------------------
/Shell/res/off_s.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/res/off_s.bmp


--------------------------------------------------------------------------------
/Shell/res/on_s.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/res/on_s.bmp


--------------------------------------------------------------------------------
/Shell/res/按钮.卸载.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/res/按钮.卸载.bmp


--------------------------------------------------------------------------------
/Shell/res/按钮.日志.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/res/按钮.日志.bmp


--------------------------------------------------------------------------------
/Shell/res/按钮.规则.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/res/按钮.规则.bmp


--------------------------------------------------------------------------------
/Shell/res/按钮.进程.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/res/按钮.进程.bmp


--------------------------------------------------------------------------------
/Tools/DebugView.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Tools/DebugView.zip


--------------------------------------------------------------------------------
/Tools/KmdManager.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Tools/KmdManager.exe


--------------------------------------------------------------------------------
/bin/Myminifilter.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/bin/Myminifilter.sys


--------------------------------------------------------------------------------
/Shell/ProcessInfo.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/ProcessInfo.cpp


--------------------------------------------------------------------------------
/Driver/FileFilter/Base.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Driver/FileFilter/Base.c


--------------------------------------------------------------------------------
/Shell/DriverControl.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/DriverControl.cpp


--------------------------------------------------------------------------------
/Shell/res/按钮.卸载.hit.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/res/按钮.卸载.hit.bmp


--------------------------------------------------------------------------------
/Shell/res/按钮.日志.hit.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/res/按钮.日志.hit.bmp


--------------------------------------------------------------------------------
/Shell/res/按钮.规则.hit.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/res/按钮.规则.hit.bmp


--------------------------------------------------------------------------------
/Shell/res/按钮.进程.hit.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Shell/res/按钮.进程.hit.bmp


--------------------------------------------------------------------------------
/Tools/64Signer V1.2.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Tools/64Signer V1.2.exe


--------------------------------------------------------------------------------
/Driver/FileFilter/Myminifilter.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Driver/FileFilter/Myminifilter.c


--------------------------------------------------------------------------------
/Driver/FileFilter/Myminifilter.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Driver/FileFilter/Myminifilter.h


--------------------------------------------------------------------------------
/Driver/ProcessMonitor/ProcessMonitor.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Driver/ProcessMonitor/ProcessMonitor.cpp


--------------------------------------------------------------------------------
/Driver/ProcessMonitor/ProcessMonitor.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Driver/ProcessMonitor/ProcessMonitor.h


--------------------------------------------------------------------------------
/Driver/RegistryMonitor/RegisterMonitor.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Driver/RegistryMonitor/RegisterMonitor.h


--------------------------------------------------------------------------------
/Driver/RegistryMonitor/RegisterMonitor.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Driver/RegistryMonitor/RegisterMonitor.cpp


--------------------------------------------------------------------------------
/Driver/ProcessMonitor/SOURCES:
--------------------------------------------------------------------------------
1 | TARGETNAME=ProcMon
2 | TARGETTYPE=DRIVER
3 | TARGETPATH=OBJ
4 | 
5 | INCLUDES=.\
6 | 
7 | SOURCES=ProcessMonitor.cpp


--------------------------------------------------------------------------------
/Driver/ProcessMonitor/objchk_win7_amd64/amd64/ProcMon.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Driver/ProcessMonitor/objchk_win7_amd64/amd64/ProcMon.pdb


--------------------------------------------------------------------------------
/Driver/ProcessMonitor/objchk_win7_amd64/amd64/ProcMon.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Driver/ProcessMonitor/objchk_win7_amd64/amd64/ProcMon.sys


--------------------------------------------------------------------------------
/Driver/RegistryMonitor/objchk_win7_amd64/amd64/RegMon.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Driver/RegistryMonitor/objchk_win7_amd64/amd64/RegMon.pdb


--------------------------------------------------------------------------------
/Driver/RegistryMonitor/objchk_win7_amd64/amd64/RegMon.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Driver/RegistryMonitor/objchk_win7_amd64/amd64/RegMon.sys


--------------------------------------------------------------------------------
/Driver/FileFilter/objchk_win7_amd64/amd64/Myminifilter.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Driver/FileFilter/objchk_win7_amd64/amd64/Myminifilter.pdb


--------------------------------------------------------------------------------
/Driver/FileFilter/objchk_win7_amd64/amd64/Myminifilter.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kerisa/HIPS-Light/HEAD/Driver/FileFilter/objchk_win7_amd64/amd64/Myminifilter.sys


--------------------------------------------------------------------------------
/Shell/Shell.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 | </Project>


--------------------------------------------------------------------------------
/Driver/RegistryMonitor/SOURCES:
--------------------------------------------------------------------------------
1 | TARGETNAME=RegMon
2 | TARGETTYPE=DRIVER
3 | TARGETPATH=OBJ
4 | 
5 | INCLUDES=$(BASEDIR)\inc; \
6 | 		 $(BASEDIR)\inc\ddk;
7 | 
8 | SOURCES=RegisterMonitor.cpp


--------------------------------------------------------------------------------
/Driver/FileFilter/sources:
--------------------------------------------------------------------------------
 1 | TARGETNAME=Myminifilter
 2 | TARGETTYPE=DRIVER
 3 | DRIVERTYPE=FS
 4 | 
 5 | 
 6 | TARGETLIBS= $(TARGETLIBS) \
 7 |             $(IFSKIT_LIB_PATH)\fltMgr.lib
 8 | 
 9 | SOURCES=Myminifilter.c \
10 |         Myminifilter.rc \
11 |         Base.c
12 | 


--------------------------------------------------------------------------------
/Driver/ProcessMonitor/makefile:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!!  Edit .\sources. if you want to add a new source
3 | # file to this component.  This file merely indirects to the real make file
4 | # that is shared by all the components of NT OS/2
5 | #
6 | !INCLUDE $(NTMAKEENV)\makefile.def


--------------------------------------------------------------------------------
/Driver/FileFilter/Myminifilter.rc:
--------------------------------------------------------------------------------
 1 | #include <windows.h>
 2 | 
 3 | #include <ntverp.h>
 4 | 
 5 | #define VER_FILETYPE    VFT_DRV
 6 | #define VER_FILESUBTYPE VFT2_DRV_SYSTEM
 7 | #define VER_FILEDESCRIPTION_STR     "Myminifilter Filter Driver"
 8 | #define VER_INTERNALNAME_STR        "Myminifilter.sys"
 9 | 
10 | #include "common.ver"
11 | 
12 | 


--------------------------------------------------------------------------------
/Driver/FileFilter/makefile:
--------------------------------------------------------------------------------
 1 | !IF 0
 2 | 
 3 | Copyright (C) Microsoft Corporation, 1999 - 2002
 4 | 
 5 | Module Name:
 6 | 
 7 |     makefile.
 8 | 
 9 | Notes:
10 | 
11 |     DO NOT EDIT THIS FILE!!!  Edit .\sources. if you want to add a new source
12 |     file to this component.  This file merely indirects to the real make file
13 |     that is shared by all the components of Windows NT (DDK)
14 | 
15 | !ENDIF
16 | 
17 | !INCLUDE $(NTMAKEENV)\makefile.def
18 | 
19 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## HIPS-Light
 2 | 一款基于wddk7600 + vs2010开发的用于win7 x64的驱动级HIPS系统
 3 | 
 4 | # 驱动部分
 5 | 分为进程、文件、注册表三个驱动，其中文件为使用minifilter的过滤驱动，其他两个是普通的NT式驱动
 6 | 
 7 | 
 8 | #应用程序部分
 9 | 	应用程序启动时自动加载驱动
10 | 
11 | ##功能：
12 | ------------------
13 |  **1)**控制监视功能的开启与关闭
14 | 
15 |  **2)**增/删规则
16 | 
17 |  **3)**查看日志
18 | 
19 |  **4)**枚举当前进程，及其线程和模块信息
20 | 
21 |  **5)**禁止进/线程创建
22 | 
23 |  **6)**还有个卸载驱动的按钮
24 | 
25 |  **7)**进程监控在规则匹配不到时弹出确认放行的对话框，文件和注册表都是直接设置黑名单进行拦截(注册表有个白名单，只是让操作记录不出现在日志中而已)
26 | 


--------------------------------------------------------------------------------
/Shell.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 11.00
 3 | # Visual Studio 2010
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Shell", "Shell\Shell.vcxproj", "{E9154A6A-02BC-4397-A56C-3CFAD8056D73}"
 5 | EndProject
 6 | Global
 7 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 8 | 		Debug|Win32 = Debug|Win32
 9 | 		Release|Win32 = Release|Win32
10 | 	EndGlobalSection
11 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | 		{E9154A6A-02BC-4397-A56C-3CFAD8056D73}.Debug|Win32.ActiveCfg = Debug|Win32
13 | 		{E9154A6A-02BC-4397-A56C-3CFAD8056D73}.Debug|Win32.Build.0 = Debug|Win32
14 | 		{E9154A6A-02BC-4397-A56C-3CFAD8056D73}.Release|Win32.ActiveCfg = Release|Win32
15 | 		{E9154A6A-02BC-4397-A56C-3CFAD8056D73}.Release|Win32.Build.0 = Release|Win32
16 | 	EndGlobalSection
17 | 	GlobalSection(SolutionProperties) = preSolution
18 | 		HideSolutionNode = FALSE
19 | 	EndGlobalSection
20 | EndGlobal
21 | 


--------------------------------------------------------------------------------
/Shell/File.cpp:
--------------------------------------------------------------------------------
 1 | 
 2 | #include "Common.h"
 3 | 
 4 | 
 5 | 
 6 | extern HINSTANCE     g_Inst;
 7 | extern HWND          g_hMainDlg;
 8 | extern RULES         Rules;
 9 | extern DRIVERCONTROL DriCtl;
10 | 
11 | 
12 | unsigned int WINAPI WaitFileEvent(PVOID pv)
13 | {
14 |     DWORD R;
15 |     bool first = true;
16 | 
17 |     SendMessage(GetDlgItem(g_hMainDlg, IDC_LOGEDIT), EM_LIMITTEXT, -1, 0);
18 | 
19 | 
20 |     while (DriCtl.FileMonitoringOn)
21 |     {
22 |         PFILEINFO pfi = new FILEINFO;
23 |         memset(pfi, 0, sizeof(FILEINFO));
24 | 
25 |         WaitForSingleObject(DriCtl.hFileEvent, INFINITE);
26 | 
27 | 
28 |         if (!DriCtl.FileMonitoringOn) break;
29 | 
30 |         FILTER_MESSAGE fm;
31 |         fm.Cmd = ENUM_GET_FILE_INFO;
32 |         int ret = FilterSendMessage(DriCtl.hFileFilterPort, &fm, sizeof(fm), pfi, sizeof(FILEINFO), &R);
33 |         
34 | 
35 |         if (ret == S_OK)
36 |         {
37 |             AppendRecordToLog(pfi, EnumFileType);
38 |         }
39 |         else
40 |             ResetEvent(DriCtl.hFileEvent);
41 | 
42 |         delete pfi;
43 |         
44 |     }
45 |     
46 |     return 0;
47 | }


--------------------------------------------------------------------------------
/bin/Myminifilter.inf:
--------------------------------------------------------------------------------
 1 | ;;;
 2 | ;;; Myminifilter
 3 | ;;;
 4 | ;;;
 5 | ;;; Copyright (c) 1999 - 2001, Microsoft Corporation
 6 | ;;;
 7 | 
 8 | [Version]
 9 | Signature   = "$Windows NT$"
10 | Class       = "ActivityMonitor"                         ;This is determined by the work this filter driver does
11 | ClassGuid   = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}    ;This value is determined by the Class
12 | Provider    = %Msft%
13 | DriverVer   = 06/16/2007,1.0.0.1
14 | CatalogFile = Myminifilter.cat
15 | 
16 | 
17 | [DestinationDirs]
18 | DefaultDestDir          = 12
19 | MiniFilter.DriverFiles  = 12            ;%windir%\system32\drivers
20 | 
21 | ;;
22 | ;; Default install sections
23 | ;;
24 | 
25 | [DefaultInstall]
26 | OptionDesc          = %ServiceDescription%
27 | CopyFiles           = MiniFilter.DriverFiles
28 | 
29 | [DefaultInstall.Services]
30 | AddService          = %ServiceName%,,MiniFilter.Service
31 | 
32 | ;;
33 | ;; Default uninstall sections
34 | ;;
35 | 
36 | [DefaultUninstall]
37 | DelFiles   = MiniFilter.DriverFiles
38 | 
39 | [DefaultUninstall.Services]
40 | DelService = %ServiceName%,0x200      ;Ensure service is stopped before deleting
41 | 
42 | ;
43 | ; Services Section
44 | ;
45 | 
46 | [MiniFilter.Service]
47 | DisplayName      = %ServiceName%
48 | Description      = %ServiceDescription%
49 | ServiceBinary    = %12%\%DriverName%.sys        ;%windir%\system32\drivers\
50 | Dependencies     = "FltMgr"
51 | ServiceType      = 2                            ;SERVICE_FILE_SYSTEM_DRIVER
52 | StartType        = 3                            ;SERVICE_DEMAND_START
53 | ErrorControl     = 1                            ;SERVICE_ERROR_NORMAL
54 | LoadOrderGroup   = "FSFilter Activity Monitor"
55 | AddReg           = MiniFilter.AddRegistry
56 | 
57 | ;
58 | ; Registry Modifications
59 | ;
60 | 
61 | [MiniFilter.AddRegistry]
62 | HKR,,"DebugFlags",0x00010001 ,0x0
63 | HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
64 | HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
65 | HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
66 | 
67 | ;
68 | ; Copy Files
69 | ;
70 | 
71 | [MiniFilter.DriverFiles]
72 | %DriverName%.sys
73 | 
74 | [SourceDisksFiles]
75 | Myminifilter.sys = 1,,
76 | 
77 | [SourceDisksNames]
78 | 1 = %DiskId1%,,,
79 | 
80 | ;;
81 | ;; String Section
82 | ;;
83 | 
84 | [Strings]
85 | Msft                    = "Microsoft Corporation"
86 | ServiceDescription      = "Myminifilter Mini-Filter Driver"
87 | ServiceName             = "Myminifilter"
88 | DriverName              = "Myminifilter"
89 | DiskId1                 = "Myminifilter Device Installation Disk"
90 | 
91 | ;Instances specific information.
92 | DefaultInstance         = "Myminifilter Instance"
93 | Instance1.Name          = "Myminifilter Instance"
94 | Instance1.Altitude      = "370030"
95 | Instance1.Flags         = 0x0              ; Allow all attachments
96 | 
97 | 


--------------------------------------------------------------------------------
/Driver/FileFilter/Myminifilter.inf:
--------------------------------------------------------------------------------
 1 | ;;;
 2 | ;;; Myminifilter
 3 | ;;;
 4 | ;;;
 5 | ;;; Copyright (c) 1999 - 2001, Microsoft Corporation
 6 | ;;;
 7 | 
 8 | [Version]
 9 | Signature   = "$Windows NT$"
10 | Class       = "ActivityMonitor"                         ;This is determined by the work this filter driver does
11 | ClassGuid   = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}    ;This value is determined by the Class
12 | Provider    = %Msft%
13 | DriverVer   = 06/16/2007,1.0.0.1
14 | CatalogFile = Myminifilter.cat
15 | 
16 | 
17 | [DestinationDirs]
18 | DefaultDestDir          = 12
19 | MiniFilter.DriverFiles  = 12            ;%windir%\system32\drivers
20 | 
21 | ;;
22 | ;; Default install sections
23 | ;;
24 | 
25 | [DefaultInstall]
26 | OptionDesc          = %ServiceDescription%
27 | CopyFiles           = MiniFilter.DriverFiles
28 | 
29 | [DefaultInstall.Services]
30 | AddService          = %ServiceName%,,MiniFilter.Service
31 | 
32 | ;;
33 | ;; Default uninstall sections
34 | ;;
35 | 
36 | [DefaultUninstall]
37 | DelFiles   = MiniFilter.DriverFiles
38 | 
39 | [DefaultUninstall.Services]
40 | DelService = %ServiceName%,0x200      ;Ensure service is stopped before deleting
41 | 
42 | ;
43 | ; Services Section
44 | ;
45 | 
46 | [MiniFilter.Service]
47 | DisplayName      = %ServiceName%
48 | Description      = %ServiceDescription%
49 | ServiceBinary    = %12%\%DriverName%.sys        ;%windir%\system32\drivers\
50 | Dependencies     = "FltMgr"
51 | ServiceType      = 2                            ;SERVICE_FILE_SYSTEM_DRIVER
52 | StartType        = 3                            ;SERVICE_DEMAND_START
53 | ErrorControl     = 1                            ;SERVICE_ERROR_NORMAL
54 | LoadOrderGroup   = "FSFilter Activity Monitor"
55 | AddReg           = MiniFilter.AddRegistry
56 | 
57 | ;
58 | ; Registry Modifications
59 | ;
60 | 
61 | [MiniFilter.AddRegistry]
62 | HKR,,"DebugFlags",0x00010001 ,0x0
63 | HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
64 | HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
65 | HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
66 | 
67 | ;
68 | ; Copy Files
69 | ;
70 | 
71 | [MiniFilter.DriverFiles]
72 | %DriverName%.sys
73 | 
74 | [SourceDisksFiles]
75 | Myminifilter.sys = 1,,
76 | 
77 | [SourceDisksNames]
78 | 1 = %DiskId1%,,,
79 | 
80 | ;;
81 | ;; String Section
82 | ;;
83 | 
84 | [Strings]
85 | Msft                    = "Microsoft Corporation"
86 | ServiceDescription      = "Myminifilter Mini-Filter Driver"
87 | ServiceName             = "Myminifilter"
88 | DriverName              = "Myminifilter"
89 | DiskId1                 = "Myminifilter Device Installation Disk"
90 | 
91 | ;Instances specific information.
92 | DefaultInstance         = "Myminifilter Instance"
93 | Instance1.Name          = "Myminifilter Instance"
94 | Instance1.Altitude      = "370030"
95 | Instance1.Flags         = 0x0              ; Allow all attachments
96 | 
97 | 


--------------------------------------------------------------------------------
/Driver/FileFilter/objchk_win7_amd64/amd64/Myminifilter.inf:
--------------------------------------------------------------------------------
 1 | ;;;
 2 | ;;; Myminifilter
 3 | ;;;
 4 | ;;;
 5 | ;;; Copyright (c) 1999 - 2001, Microsoft Corporation
 6 | ;;;
 7 | 
 8 | [Version]
 9 | Signature   = "$Windows NT$"
10 | Class       = "ActivityMonitor"                         ;This is determined by the work this filter driver does
11 | ClassGuid   = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}    ;This value is determined by the Class
12 | Provider    = %Msft%
13 | DriverVer   = 06/16/2007,1.0.0.1
14 | CatalogFile = Myminifilter.cat
15 | 
16 | 
17 | [DestinationDirs]
18 | DefaultDestDir          = 12
19 | MiniFilter.DriverFiles  = 12            ;%windir%\system32\drivers
20 | 
21 | ;;
22 | ;; Default install sections
23 | ;;
24 | 
25 | [DefaultInstall]
26 | OptionDesc          = %ServiceDescription%
27 | CopyFiles           = MiniFilter.DriverFiles
28 | 
29 | [DefaultInstall.Services]
30 | AddService          = %ServiceName%,,MiniFilter.Service
31 | 
32 | ;;
33 | ;; Default uninstall sections
34 | ;;
35 | 
36 | [DefaultUninstall]
37 | DelFiles   = MiniFilter.DriverFiles
38 | 
39 | [DefaultUninstall.Services]
40 | DelService = %ServiceName%,0x200      ;Ensure service is stopped before deleting
41 | 
42 | ;
43 | ; Services Section
44 | ;
45 | 
46 | [MiniFilter.Service]
47 | DisplayName      = %ServiceName%
48 | Description      = %ServiceDescription%
49 | ServiceBinary    = %12%\%DriverName%.sys        ;%windir%\system32\drivers\
50 | Dependencies     = "FltMgr"
51 | ServiceType      = 2                            ;SERVICE_FILE_SYSTEM_DRIVER
52 | StartType        = 3                            ;SERVICE_DEMAND_START
53 | ErrorControl     = 1                            ;SERVICE_ERROR_NORMAL
54 | LoadOrderGroup   = "FSFilter Activity Monitor"
55 | AddReg           = MiniFilter.AddRegistry
56 | 
57 | ;
58 | ; Registry Modifications
59 | ;
60 | 
61 | [MiniFilter.AddRegistry]
62 | HKR,,"DebugFlags",0x00010001 ,0x0
63 | HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
64 | HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
65 | HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
66 | 
67 | ;
68 | ; Copy Files
69 | ;
70 | 
71 | [MiniFilter.DriverFiles]
72 | %DriverName%.sys
73 | 
74 | [SourceDisksFiles]
75 | Myminifilter.sys = 1,,
76 | 
77 | [SourceDisksNames]
78 | 1 = %DiskId1%,,,
79 | 
80 | ;;
81 | ;; String Section
82 | ;;
83 | 
84 | [Strings]
85 | Msft                    = "Microsoft Corporation"
86 | ServiceDescription      = "Myminifilter Mini-Filter Driver"
87 | ServiceName             = "Myminifilter"
88 | DriverName              = "Myminifilter"
89 | DiskId1                 = "Myminifilter Device Installation Disk"
90 | 
91 | ;Instances specific information.
92 | DefaultInstance         = "Myminifilter Instance"
93 | Instance1.Name          = "Myminifilter Instance"
94 | Instance1.Altitude      = "370030"
95 | Instance1.Flags         = 0x0              ; Allow all attachments
96 | 
97 | 


--------------------------------------------------------------------------------
/Shell/Shell.vcxproj.filters:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup>
  4 |     <Filter Include="源文件">
  5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
  6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
  7 |     </Filter>
  8 |     <Filter Include="头文件">
  9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
 10 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
 11 |     </Filter>
 12 |     <Filter Include="资源文件">
 13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
 14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
 15 |     </Filter>
 16 |   </ItemGroup>
 17 |   <ItemGroup>
 18 |     <ClCompile Include="main.cpp">
 19 |       <Filter>源文件</Filter>
 20 |     </ClCompile>
 21 |     <ClCompile Include="Proc.cpp">
 22 |       <Filter>源文件</Filter>
 23 |     </ClCompile>
 24 |     <ClCompile Include="Reg.cpp">
 25 |       <Filter>源文件</Filter>
 26 |     </ClCompile>
 27 |     <ClCompile Include="File.cpp">
 28 |       <Filter>源文件</Filter>
 29 |     </ClCompile>
 30 |     <ClCompile Include="Log.cpp">
 31 |       <Filter>源文件</Filter>
 32 |     </ClCompile>
 33 |     <ClCompile Include="Rules.cpp">
 34 |       <Filter>源文件</Filter>
 35 |     </ClCompile>
 36 |     <ClCompile Include="DriverControl.cpp">
 37 |       <Filter>源文件</Filter>
 38 |     </ClCompile>
 39 |     <ClCompile Include="ProcessInfo.cpp">
 40 |       <Filter>源文件</Filter>
 41 |     </ClCompile>
 42 |     <ClCompile Include="hash.cpp">
 43 |       <Filter>源文件</Filter>
 44 |     </ClCompile>
 45 |     <ClCompile Include="match.cpp">
 46 |       <Filter>源文件</Filter>
 47 |     </ClCompile>
 48 |   </ItemGroup>
 49 |   <ItemGroup>
 50 |     <ClInclude Include="resource.h">
 51 |       <Filter>头文件</Filter>
 52 |     </ClInclude>
 53 |     <ClInclude Include="Common.h">
 54 |       <Filter>头文件</Filter>
 55 |     </ClInclude>
 56 |   </ItemGroup>
 57 |   <ItemGroup>
 58 |     <ResourceCompile Include="main.rc">
 59 |       <Filter>资源文件</Filter>
 60 |     </ResourceCompile>
 61 |   </ItemGroup>
 62 |   <ItemGroup>
 63 |     <None Include="res\back.bmp">
 64 |       <Filter>资源文件</Filter>
 65 |     </None>
 66 |     <None Include="res\all.ico">
 67 |       <Filter>资源文件</Filter>
 68 |     </None>
 69 |     <None Include="res\back_1.bmp">
 70 |       <Filter>资源文件</Filter>
 71 |     </None>
 72 |     <None Include="res\off_.bmp">
 73 |       <Filter>资源文件</Filter>
 74 |     </None>
 75 |     <None Include="res\off_s.bmp">
 76 |       <Filter>资源文件</Filter>
 77 |     </None>
 78 |     <None Include="res\on_.bmp">
 79 |       <Filter>资源文件</Filter>
 80 |     </None>
 81 |     <None Include="res\on_s.bmp">
 82 |       <Filter>资源文件</Filter>
 83 |     </None>
 84 |     <None Include="res\按钮.卸载.bmp">
 85 |       <Filter>资源文件</Filter>
 86 |     </None>
 87 |     <None Include="res\按钮.卸载.hit.bmp">
 88 |       <Filter>资源文件</Filter>
 89 |     </None>
 90 |     <None Include="res\按钮.日志.bmp">
 91 |       <Filter>资源文件</Filter>
 92 |     </None>
 93 |     <None Include="res\按钮.日志.hit.bmp">
 94 |       <Filter>资源文件</Filter>
 95 |     </None>
 96 |     <None Include="res\按钮.规则.bmp">
 97 |       <Filter>资源文件</Filter>
 98 |     </None>
 99 |     <None Include="res\按钮.规则.hit.bmp">
100 |       <Filter>资源文件</Filter>
101 |     </None>
102 |     <None Include="res\按钮.进程.bmp">
103 |       <Filter>资源文件</Filter>
104 |     </None>
105 |     <None Include="res\按钮.进程.hit.bmp">
106 |       <Filter>资源文件</Filter>
107 |     </None>
108 |   </ItemGroup>
109 | </Project>


--------------------------------------------------------------------------------
/Shell/Shell.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |   </ItemGroup>
 13 |   <PropertyGroup Label="Globals">
 14 |     <ProjectGuid>{E9154A6A-02BC-4397-A56C-3CFAD8056D73}</ProjectGuid>
 15 |     <RootNamespace>Shell</RootNamespace>
 16 |   </PropertyGroup>
 17 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 18 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 19 |     <ConfigurationType>Application</ConfigurationType>
 20 |     <UseDebugLibraries>true</UseDebugLibraries>
 21 |     <CharacterSet>Unicode</CharacterSet>
 22 |     <UseOfAtl>false</UseOfAtl>
 23 |   </PropertyGroup>
 24 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 25 |     <ConfigurationType>Application</ConfigurationType>
 26 |     <UseDebugLibraries>false</UseDebugLibraries>
 27 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 28 |     <CharacterSet>Unicode</CharacterSet>
 29 |   </PropertyGroup>
 30 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 31 |   <ImportGroup Label="ExtensionSettings">
 32 |   </ImportGroup>
 33 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 34 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 35 |   </ImportGroup>
 36 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 37 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 38 |   </ImportGroup>
 39 |   <PropertyGroup Label="UserMacros" />
 40 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 41 |     <LinkIncremental>false</LinkIncremental>
 42 |     <IncludePath>$(VCInstallDir)include;$(VCInstallDir)atlmfc\include;$(WindowsSdkDir)include;$(FrameworkSDKDir)\include;C:\WinDDK\7600.16385.1\inc\ddk;</IncludePath>
 43 |     <LibraryPath>$(VCInstallDir)lib;$(VCInstallDir)atlmfc\lib;$(WindowsSdkDir)lib;$(FrameworkSDKDir)\lib;C:\WinDDK\7600.16385.1\lib\wnet\i386;</LibraryPath>
 44 |   </PropertyGroup>
 45 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 46 |     <IncludePath>$(VCInstallDir)include;$(VCInstallDir)atlmfc\include;$(WindowsSdkDir)include;$(FrameworkSDKDir)\include;C:\WinDDK\7600.16385.1\inc\ddk;</IncludePath>
 47 |     <LibraryPath>$(VCInstallDir)lib;$(VCInstallDir)atlmfc\lib;$(WindowsSdkDir)lib;$(FrameworkSDKDir)\lib;C:\WinDDK\7600.16385.1\lib\wnet\i386;</LibraryPath>
 48 |   </PropertyGroup>
 49 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 50 |     <ClCompile>
 51 |       <WarningLevel>Level3</WarningLevel>
 52 |       <Optimization>Disabled</Optimization>
 53 |     </ClCompile>
 54 |     <Link>
 55 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 56 |     </Link>
 57 |   </ItemDefinitionGroup>
 58 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 59 |     <ClCompile>
 60 |       <WarningLevel>Level3</WarningLevel>
 61 |       <Optimization>MaxSpeed</Optimization>
 62 |       <FunctionLevelLinking>true</FunctionLevelLinking>
 63 |       <IntrinsicFunctions>true</IntrinsicFunctions>
 64 |     </ClCompile>
 65 |     <Link>
 66 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 67 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
 68 |       <OptimizeReferences>true</OptimizeReferences>
 69 |     </Link>
 70 |   </ItemDefinitionGroup>
 71 |   <ItemGroup>
 72 |     <ClCompile Include="DriverControl.cpp" />
 73 |     <ClCompile Include="File.cpp" />
 74 |     <ClCompile Include="hash.cpp" />
 75 |     <ClCompile Include="Log.cpp" />
 76 |     <ClCompile Include="main.cpp" />
 77 |     <ClCompile Include="match.cpp" />
 78 |     <ClCompile Include="Proc.cpp" />
 79 |     <ClCompile Include="ProcessInfo.cpp" />
 80 |     <ClCompile Include="Reg.cpp" />
 81 |     <ClCompile Include="Rules.cpp" />
 82 |   </ItemGroup>
 83 |   <ItemGroup>
 84 |     <ClInclude Include="Common.h" />
 85 |     <ClInclude Include="resource.h" />
 86 |   </ItemGroup>
 87 |   <ItemGroup>
 88 |     <ResourceCompile Include="main.rc" />
 89 |   </ItemGroup>
 90 |   <ItemGroup>
 91 |     <None Include="res\all.ico" />
 92 |     <None Include="res\back.bmp" />
 93 |     <None Include="res\back_1.bmp" />
 94 |     <None Include="res\off_.bmp" />
 95 |     <None Include="res\off_s.bmp" />
 96 |     <None Include="res\on_.bmp" />
 97 |     <None Include="res\on_s.bmp" />
 98 |     <None Include="res\按钮.卸载.bmp" />
 99 |     <None Include="res\按钮.卸载.hit.bmp" />
100 |     <None Include="res\按钮.日志.bmp" />
101 |     <None Include="res\按钮.日志.hit.bmp" />
102 |     <None Include="res\按钮.规则.bmp" />
103 |     <None Include="res\按钮.规则.hit.bmp" />
104 |     <None Include="res\按钮.进程.bmp" />
105 |     <None Include="res\按钮.进程.hit.bmp" />
106 |   </ItemGroup>
107 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
108 |   <ImportGroup Label="ExtensionTargets">
109 |   </ImportGroup>
110 | </Project>


--------------------------------------------------------------------------------