├── General.props
├── IntegrityCheck.props
├── README.md
├── RHGUI
├── HiddenRegistryKey.pas
├── MainForm.dfm
├── MainForm.pas
├── NewPseudoValueForm.dfm
├── NewPseudoValueForm.pas
├── PseudoRegistryValue.pas
├── RHGUI.dpr
├── RHGUI.dproj
├── RHGUI.res
└── Utils.pas
├── StaticLibrary.props
├── bin
├── Win32
│ └── Release
│ │ ├── RHGUI.exe
│ │ ├── ndisprot6-test.exe
│ │ ├── ndisprot6.sys
│ │ ├── reghider.dll
│ │ └── reghider.sys
└── x64
│ └── Release
│ ├── RHGUI.exe
│ ├── ndisprot6-test.exe
│ ├── ndisprot6.sys
│ ├── reghider.dll
│ └── reghider.sys
├── dllreghider
├── dllreghider.c
├── dllreghider.vcxproj
└── dllreghider.vcxproj.filters
├── hackerfest2015.sln
├── hackerfest2015.suo
├── hackerfest2015.v12.suo
├── hfdetector
├── FileSystemObject.h
├── hfdetector.cpp
├── hfdetector.vcxproj
├── hfdetector.vcxproj.filters
├── utils.cpp
└── utils.h
├── include
├── DllRegHider.pas
├── __history
│ ├── DllRegHider.pas.~37~
│ ├── DllRegHider.pas.~38~
│ ├── DllRegHider.pas.~39~
│ ├── DllRegHider.pas.~40~
│ ├── DllRegHider.pas.~41~
│ ├── DllRegHider.pas.~42~
│ ├── DllRegHider.pas.~43~
│ ├── DllRegHider.pas.~44~
│ ├── DllRegHider.pas.~45~
│ └── DllRegHider.pas.~46~
├── dllreghider.h
├── libreghider-types.h
├── libreghider.h
├── reghider-ioctl.h
└── reghider-types.h
├── libreghider
├── ReadMe.txt
├── libreghider.c
├── libreghider.vcxproj
└── libreghider.vcxproj.filters
├── ndisprot6-test
├── ip-headers.h
├── ndisprot6-test.vcxproj
├── ndisprot6-test.vcxproj.filters
└── prottest.c
├── ndisprot6
├── debug.c
├── debug.h
├── excallbk.c
├── macros.h
├── ndisbind.c
├── ndisprot.h
├── ndisprot.htm
├── ndisprot.inf
├── ndisprot.rc
├── ndisprot6.vcxproj
├── ndisprot6.vcxproj.filters
├── ntdisp.c
├── precomp.h
├── protuser.h
├── recv.c
└── send.c
├── ppt
├── hiding-things-on-windows-platform.odp
├── hiding-things-on-windows-platform.pdf
└── registry.avi
└── reghider
├── allocator.c
├── allocator.h
├── hash_table.c
├── hash_table.h
├── key-record.c
├── key-record.h
├── preprocessor.h
├── process-db.c
├── process-db.h
├── reghider.c
├── reghider.h
├── reghider.v12.suo
├── reghider.vcxproj
├── reghider.vcxproj.filters
├── registry-callback.c
├── registry-callback.h
├── string-hash-table.c
├── string-hash-table.h
├── um-services.c
├── um-services.h
├── utils-dym-array-types.h
├── utils-dym-array.c
└── utils-dym-array.h
/General.props:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | $(SolutionDir)bin\$(Platform)\$(Configuration)\
7 | $(SolutionDir)tmp\$(ProjectName)\$(Platform)\$(Configuration)\
8 |
9 |
10 |
11 | ..\include;%(AdditionalIncludeDirectories)
12 | 4100;4603;4627;4986;4987;4996;%(DisableSpecificWarnings)
13 |
14 |
15 | $(SolutionDir)lib\$(Platform)\$(Configuration);$(SolutionDir)lib\$(Platform);..\lib\$(Platform)\$(Configuration);..\lib\$(Platform);%(AdditionalLibraryDirectories)
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/IntegrityCheck.props:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 | /INTEGRITYCHECK %(AdditionalOptions)
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Hackerfest2015
2 | Demos presented on Hackerfest 2015
3 |
4 | * No driver files are digitally signed with trusted certificate so you either need to sign them by yourself, or sign them by a test signing certificate and configure your system to support this feature.
5 |
6 | * Rename dllreghider.dll to reghider.dll and the RHGUI.exe should work.
7 |
8 | * You should follow special instructions in order to install the ndisprot6 driver. Look into the ndisprot6\ndisprot.htm file for them.
9 | * After you install the driver, you also must update the ImageFIleName value in its service registry key to point to the ndisprot6.sys file, not the ndisprot.sys one (because it does not exist). I am probably missing something in the INF file.
10 |
--------------------------------------------------------------------------------
/RHGUI/HiddenRegistryKey.pas:
--------------------------------------------------------------------------------
1 | Unit HiddenRegistryKey;
2 |
3 | Interface
4 |
5 | Uses
6 | Windows, DllRegHider, Generics.Collections;
7 |
8 | Type
9 | THiddenRegistryKey = Class
10 | Private
11 | FName : WideString;
12 | Public
13 | Constructor Create(Var ARecord:REGHIDER_HIDDEN_KEY_RECORD); Reintroduce;
14 |
15 | Class Function Enumerate(AList:TList):Cardinal;
16 |
17 | Property Name : WideString Read FName;
18 | end;
19 |
20 | Implementation
21 |
22 | Uses
23 | Utils;
24 |
25 | Function _EnumCallback(Var ARecord:REGHIDER_HIDDEN_KEY_RECORD; AContext:Pointer):LongBool; StdCall;
26 | Var
27 | key : THiddenRegistryKey;
28 | list : TList;
29 | begin
30 | list := AContext;
31 | Try
32 | key := THiddenRegistryKey.Create(ARecord);
33 | Result := True;
34 | Except
35 | Result := False;
36 | End;
37 |
38 | If Result Then
39 | begin
40 | Try
41 | list.Add(key);
42 | Except
43 | key.Free;
44 | Result := False;
45 | end;
46 | end;
47 | end;
48 |
49 | Constructor THiddenRegistryKey.Create(Var ARecord:REGHIDER_HIDDEN_KEY_RECORD);
50 | begin
51 | Inherited Create;
52 | FName := WideCharToString(ARecord.KeyName);
53 | end;
54 |
55 | Class Function THiddenRegistryKey.Enumerate(AList:TList):Cardinal;
56 | Var
57 | key : THiddenRegistryKey;
58 | tmpList : TList;
59 | begin
60 | tmpList := TList.Create;
61 | Result := HiddenKeysEnum(_EnumCallback, tmpList);
62 | If Result = ERROR_SUCCESS Then
63 | begin
64 | For key In tmpList Do
65 | AList.Add(key);
66 | end;
67 |
68 | tmpList.Free;
69 | end;
70 |
71 |
72 |
73 | End.
74 |
75 |
--------------------------------------------------------------------------------
/RHGUI/MainForm.dfm:
--------------------------------------------------------------------------------
1 | object Form1: TForm1
2 | Left = 0
3 | Top = 0
4 | Caption = 'Registry Hider'
5 | ClientHeight = 362
6 | ClientWidth = 591
7 | Color = clBtnFace
8 | Font.Charset = DEFAULT_CHARSET
9 | Font.Color = clWindowText
10 | Font.Height = -11
11 | Font.Name = 'Tahoma'
12 | Font.Style = []
13 | OldCreateOrder = False
14 | Position = poScreenCenter
15 | OnClose = FormClose
16 | OnCreate = FormCreate
17 | PixelsPerInch = 96
18 | TextHeight = 13
19 | object HiddenRegistryKeysGroupBox: TGroupBox
20 | Left = 0
21 | Top = 0
22 | Width = 591
23 | Height = 169
24 | Align = alTop
25 | Anchors = [akLeft, akTop, akRight, akBottom]
26 | Caption = 'Hidden registry keys'
27 | TabOrder = 0
28 | object HiddenRegistryKeysPanel: TPanel
29 | Left = 2
30 | Top = 134
31 | Width = 587
32 | Height = 33
33 | Align = alBottom
34 | TabOrder = 0
35 | object HiddenKeysAddButton: TButton
36 | Left = 8
37 | Top = 8
38 | Width = 57
39 | Height = 21
40 | Caption = 'Add...'
41 | TabOrder = 0
42 | OnClick = AddButtonClick
43 | end
44 | object HiddenKeysDeleteButton: TButton
45 | Left = 71
46 | Top = 8
47 | Width = 57
48 | Height = 21
49 | Caption = 'Delete'
50 | TabOrder = 1
51 | OnClick = DeleteButtonClick
52 | end
53 | object HiddenKeysRefreshButton: TButton
54 | Left = 134
55 | Top = 8
56 | Width = 57
57 | Height = 21
58 | Caption = 'Refresh'
59 | TabOrder = 2
60 | OnClick = RefreshButtonClick
61 | end
62 | end
63 | object HiddenKeysListView: TListView
64 | Left = 2
65 | Top = 15
66 | Width = 587
67 | Height = 119
68 | Align = alClient
69 | Columns = <
70 | item
71 | AutoSize = True
72 | Caption = 'Name'
73 | end>
74 | OwnerData = True
75 | ReadOnly = True
76 | RowSelect = True
77 | ShowWorkAreas = True
78 | TabOrder = 1
79 | ViewStyle = vsReport
80 | OnData = ListViewData
81 | end
82 | end
83 | object PseudoRegistryValuesGroupBox: TGroupBox
84 | Left = 0
85 | Top = 169
86 | Width = 591
87 | Height = 193
88 | Align = alBottom
89 | Anchors = [akLeft, akTop, akRight, akBottom]
90 | Caption = 'Registry pseudo values'
91 | TabOrder = 1
92 | object PseudoRegistryValuesPanel: TPanel
93 | Left = 2
94 | Top = 158
95 | Width = 587
96 | Height = 33
97 | Align = alBottom
98 | TabOrder = 0
99 | ExplicitTop = 149
100 | object PseudoValuesAddButton: TButton
101 | Left = 8
102 | Top = 6
103 | Width = 57
104 | Height = 21
105 | Caption = 'Add...'
106 | TabOrder = 0
107 | OnClick = AddButtonClick
108 | end
109 | object PseudoValuesDeleteButton: TButton
110 | Left = 127
111 | Top = 6
112 | Width = 57
113 | Height = 21
114 | Caption = 'Delete'
115 | TabOrder = 1
116 | OnClick = DeleteButtonClick
117 | end
118 | object PseudoValuesRefreshButton: TButton
119 | Left = 190
120 | Top = 6
121 | Width = 57
122 | Height = 21
123 | Caption = 'Refresh'
124 | TabOrder = 2
125 | OnClick = RefreshButtonClick
126 | end
127 | object PseudoValueEditButton: TButton
128 | Left = 71
129 | Top = 6
130 | Width = 57
131 | Height = 21
132 | Caption = 'Edit...'
133 | TabOrder = 3
134 | OnClick = AddButtonClick
135 | end
136 | end
137 | object PseudoValuesListView: TListView
138 | Left = 2
139 | Top = 15
140 | Width = 587
141 | Height = 143
142 | Align = alClient
143 | Columns = <
144 | item
145 | AutoSize = True
146 | Caption = 'Key'
147 | end
148 | item
149 | Caption = 'Value'
150 | Width = 100
151 | end
152 | item
153 | Caption = 'Type'
154 | Width = 100
155 | end
156 | item
157 | Caption = 'Modes'
158 | Width = 100
159 | end
160 | item
161 | AutoSize = True
162 | Caption = 'Data'
163 | end
164 | item
165 | AutoSize = True
166 | Caption = 'Process'
167 | end>
168 | OwnerData = True
169 | ReadOnly = True
170 | RowSelect = True
171 | ShowWorkAreas = True
172 | TabOrder = 1
173 | ViewStyle = vsReport
174 | OnData = ListViewData
175 | ExplicitHeight = 134
176 | end
177 | end
178 | end
179 |
--------------------------------------------------------------------------------
/RHGUI/MainForm.pas:
--------------------------------------------------------------------------------
1 | Unit MainForm;
2 |
3 | Interface
4 |
5 | Uses
6 | Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants,
7 | System.Classes, Vcl.Graphics,
8 | Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Vcl.ExtCtrls,
9 | Vcl.ComCtrls,
10 | Generics.Collections, HiddenRegistryKey, PseudoRegistryValue;
11 |
12 | Type
13 | TForm1 = Class (TForm)
14 | HiddenRegistryKeysGroupBox: TGroupBox;
15 | PseudoRegistryValuesGroupBox: TGroupBox;
16 | HiddenRegistryKeysPanel: TPanel;
17 | PseudoRegistryValuesPanel: TPanel;
18 | HiddenKeysAddButton: TButton;
19 | HiddenKeysDeleteButton: TButton;
20 | HiddenKeysRefreshButton: TButton;
21 | PseudoValuesAddButton: TButton;
22 | PseudoValuesDeleteButton: TButton;
23 | PseudoValuesRefreshButton: TButton;
24 | HiddenKeysListView: TListView;
25 | PseudoValuesListView: TListView;
26 | PseudoValueEditButton: TButton;
27 | procedure FormCreate(Sender: TObject);
28 | procedure FormClose(Sender: TObject; var Action: TCloseAction);
29 | procedure AddButtonClick(Sender: TObject);
30 | procedure RefreshButtonClick(Sender: TObject);
31 | procedure DeleteButtonClick(Sender: TObject);
32 | procedure ListViewData(Sender: TObject; Item: TListItem);
33 | Private
34 | FHiddenkeyList : TList;
35 | FPSeudoValueList : TList;
36 |
37 | Procedure HiddenKeysRefresh;
38 | Procedure PseudoValuesRefresh;
39 | end;
40 |
41 | Var
42 | Form1: TForm1;
43 |
44 | Implementation
45 |
46 | Uses
47 | Utils, DllRegHider, NewPseudoValueForm;
48 |
49 | {$R *.DFM}
50 |
51 | Procedure TForm1.HiddenKeysRefresh;
52 | Var
53 | key : THiddenRegistryKey;
54 | err : Cardinal;
55 | tmpList : TList;
56 | tmpList2 : TList;
57 | begin
58 | tmpList := TList.Create;
59 | err := THiddenRegistryKey.Enumerate(tmpList);
60 | If err = ERROR_SUCCESS Then
61 | begin
62 | HiddenKeysListView.Items.Count := 0;
63 | tmpList2 := FHiddenKeyList;
64 | FHiddenKeyList := tmpList;
65 | tmpList := tmpList2;
66 | HiddenKeysListView.Items.Count := FHiddenKeyList.Count;
67 | end
68 | Else WindowsErrorMessage(err, 'Failed to enumerate hidden subkeys', []);
69 |
70 | For key In tmplist Do
71 | key.Free;
72 |
73 | tmpList.Free;
74 | end;
75 |
76 | Procedure TForm1.ListViewData(Sender: TObject; Item: TListItem);
77 | Var
78 | value : TPseudoRegistryValue;
79 | key : THiddenRegistryKey;
80 | begin
81 | If Sender = HiddenKeysListView Then
82 | begin
83 | With Item Do
84 | begin
85 | key := FHiddenkeyList[Index];
86 | Caption := key.Name;
87 | end;
88 | end
89 | Else If Sender = PseudoValuesListView Then
90 | begin
91 | With Item Do
92 | begin
93 | value := FPseudoValueList[Index];
94 | Caption := value.KeyName;
95 | SubItems.Add(value.ValueName);
96 | SubItems.Add(RegistryValueTypeToStr(value.ValueType));
97 | SubItems.Add(Format('%s | %s', [RegistryValueOpModeToStr(value.ChangeMode), RegistryValueOpModeToStr(value.DeleteMode)]));
98 | SubItems.Add('Not implemented');
99 | SubItems.Add(value.ProcessName);
100 | end;
101 | end;
102 | end;
103 |
104 | Procedure TForm1.PseudoValuesRefresh;
105 | Var
106 | value : TPseudoRegistryValue;
107 | err : Cardinal;
108 | tmpList : TList;
109 | tmpList2 : TList;
110 | begin
111 | tmpList := TList.Create;
112 | err := TPseudoRegistryValue.Enumerate(tmpList);
113 | If err = ERROR_SUCCESS Then
114 | begin
115 | PseudoValuesListView.Items.Count := 0;
116 | tmpList2 := FPseudoValueList;
117 | FPseudoValueList := tmpList;
118 | tmpList := tmpList2;
119 | PseudoValuesListView.Items.Count := FPseudoValueList.Count;
120 | end
121 | Else WindowsErrorMessage(err, 'Failed to enumerate pseudo values', []);
122 |
123 | For value In tmplist Do
124 | value.Free;
125 |
126 | tmpList.Free;
127 | end;
128 |
129 | Procedure TForm1.RefreshButtonClick(Sender: TObject);
130 | begin
131 | If Sender = HiddenKeysRefreshButton Then
132 | HiddenKeysRefresh
133 | Else If Sender = PseudoValuesRefreshButton Then
134 | PseudoValuesRefresh;
135 | end;
136 |
137 | Procedure TForm1.AddButtonClick(Sender: TObject);
138 | Var
139 | err : Cardinal;
140 | kn : WideString;
141 | L : TListItem;
142 | begin
143 | If Sender = HiddenKeysAddButton Then
144 | begin
145 | kn := InputBox('Hide a key', 'Full key name', '');
146 | If kn <> '' Then
147 | begin
148 | err := HiddenKeyAdd(PWideChar(kn));
149 | If err = ERROR_SUCCESS Then
150 | HiddenKeysRefresh;
151 |
152 | If err <> ERROR_SUCCESS Then
153 | WindowsErrorMessage(err, '', []);
154 | end;
155 | end
156 | Else If Sender = PseudoValuesAddButton Then
157 | begin
158 | With TNewPseudoValueFrm.Create(Application) Do
159 | begin
160 | ShowModal;
161 | If Not Cancelled Then
162 | begin
163 | err := PseudoValueAdd(PWideChar(KeyName), PWideChar(ValueName), ValueType, ValueData, ValueDataLength, DeleteMode, ChangeMode, PWideChar(ProcessName));
164 | If err = ERROR_SUCCESS Then
165 | PseudoValuesRefresh;
166 |
167 | If err <> ERROR_SUCCESS Then
168 | WindowsErrorMessage(err, '', []);
169 | end;
170 |
171 | Free;
172 | end;
173 | end
174 | Else If Sender = PseudoValueEditButton Then
175 | begin
176 | L := PseudoValuesListView.Selected;
177 | If Assigned(L) Then
178 | begin
179 | With TNewPseudoValueFrm.Create(Application, FPseudoValueList[L.Index]) Do
180 | begin
181 | ShowModal;
182 | If Not Cancelled Then
183 | begin
184 | err := PseudoValueSet(PWideChar(KeyName), PWideChar(ValueName), ValueType, ValueData, ValueDataLength, DeleteMode, ChangeMode, PWideChar(ProcessName));
185 | If err = ERROR_SUCCESS Then
186 | PseudoValuesRefresh;
187 |
188 | If err <> ERROR_SUCCESS Then
189 | WindowsErrorMessage(err, '', []);
190 | end;
191 |
192 | Free;
193 | end;
194 | end;
195 | end;
196 | end;
197 |
198 | Procedure TForm1.DeleteButtonClick(Sender: TObject);
199 | Var
200 | err : Cardinal;
201 | value : TPseudoRegistryValue;
202 | key : THiddenRegistryKey;
203 | L : TListItem;
204 | begin
205 | err := ERROR_SUCCESS;
206 | If Sender = HiddenKeysDeleteButton Then
207 | begin
208 | L := HiddenKeysListView.Selected;
209 | If Assigned(L) Then
210 | begin
211 | key := FHiddenKeyList[L.Index];
212 | err := HiddenKeyDelete(PWideChar(key.Name));
213 | If err = ERROR_SUCCESS Then
214 | HiddenKeysRefresh;
215 | end;
216 | end
217 | Else If Sender = PseudoValuesDeleteButton Then
218 | begin
219 | L := PseudoValuesListView.Selected;
220 | If Assigned(L) Then
221 | begin
222 | value := FPseudoValueList[L.Index];
223 | err := PseudoValueDelete(PWideChar(value.KeyName), PWideChar(value.ValueName));
224 | If err = ERROR_SUCCESS Then
225 | PseudoValuesRefresh;
226 | end;
227 | end;
228 |
229 | If err <> ERROR_SUCCESS Then
230 | WindowsErrorMessage(err, '', []);
231 | end;
232 |
233 | Procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
234 | Var
235 | key : THiddenRegistryKey;
236 | value : TPseudoRegistryValue;
237 | begin
238 | PseudoValuesListView.Items.Count := 0;
239 | For value In FPseudoValueList Do
240 | value.Free;
241 |
242 | FPseudoValueList.Free;
243 | HiddenKeysListView.Items.Count := 0;
244 | For key In FHiddenkeyList Do
245 | key.Free;
246 |
247 | FHiddenKeyList.Free;
248 | end;
249 |
250 | Procedure TForm1.FormCreate(Sender: TObject);
251 | begin
252 | FHiddenKeyList := TList.Create;
253 | FPseudoValueList := TList.Create;
254 | HiddenKeysRefresh;
255 | PseudoValuesRefresh;
256 | end;
257 |
258 | End.
259 |
260 |
--------------------------------------------------------------------------------
/RHGUI/NewPseudoValueForm.dfm:
--------------------------------------------------------------------------------
1 | object NewPseudoValueFrm: TNewPseudoValueFrm
2 | Left = 0
3 | Top = 0
4 | BorderIcons = [biSystemMenu]
5 | Caption = 'NewPseudoValueFrm'
6 | ClientHeight = 341
7 | ClientWidth = 333
8 | Color = clBtnFace
9 | Font.Charset = DEFAULT_CHARSET
10 | Font.Color = clWindowText
11 | Font.Height = -11
12 | Font.Name = 'Tahoma'
13 | Font.Style = []
14 | OldCreateOrder = False
15 | Position = poScreenCenter
16 | OnCreate = FormCreate
17 | OnDestroy = FormDestroy
18 | PixelsPerInch = 96
19 | TextHeight = 13
20 | object MainPanel: TPanel
21 | Left = 0
22 | Top = 0
23 | Width = 333
24 | Height = 306
25 | Align = alTop
26 | TabOrder = 0
27 | object ExtraInformationGroupBox: TGroupBox
28 | Left = 1
29 | Top = 188
30 | Width = 331
31 | Height = 111
32 | Align = alTop
33 | Caption = 'Extra information'
34 | TabOrder = 0
35 | object Label4: TLabel
36 | Left = 3
37 | Top = 20
38 | Width = 66
39 | Height = 13
40 | Caption = 'Process name'
41 | end
42 | object Label5: TLabel
43 | Left = 3
44 | Top = 43
45 | Width = 66
46 | Height = 13
47 | Caption = 'Change mode'
48 | end
49 | object Label6: TLabel
50 | Left = 3
51 | Top = 70
52 | Width = 60
53 | Height = 13
54 | Caption = 'Delete mode'
55 | end
56 | object ProcessNameEdit: TEdit
57 | Left = 72
58 | Top = 16
59 | Width = 184
60 | Height = 21
61 | TabOrder = 0
62 | end
63 | object ChangeModeComboBox: TComboBox
64 | Left = 72
65 | Top = 43
66 | Width = 105
67 | Height = 21
68 | Style = csDropDownList
69 | ItemIndex = 0
70 | TabOrder = 1
71 | Text = 'Deny'
72 | Items.Strings = (
73 | 'Deny'
74 | 'Allow'
75 | 'Pretend')
76 | end
77 | object DeleteModeComboBox: TComboBox
78 | Left = 72
79 | Top = 70
80 | Width = 105
81 | Height = 21
82 | Style = csDropDownList
83 | ItemIndex = 0
84 | TabOrder = 2
85 | Text = 'Deny'
86 | Items.Strings = (
87 | 'Deny'
88 | 'Allow'
89 | 'Pretend')
90 | end
91 | end
92 | object DataGroupBox: TGroupBox
93 | Left = 1
94 | Top = 105
95 | Width = 331
96 | Height = 83
97 | Align = alTop
98 | Caption = 'Data'
99 | TabOrder = 1
100 | object ValueDataRichEdit: TRichEdit
101 | Left = 2
102 | Top = 15
103 | Width = 327
104 | Height = 66
105 | Align = alClient
106 | Font.Charset = EASTEUROPE_CHARSET
107 | Font.Color = clWindowText
108 | Font.Height = -11
109 | Font.Name = 'Tahoma'
110 | Font.Style = []
111 | ParentFont = False
112 | PlainText = True
113 | TabOrder = 0
114 | end
115 | end
116 | object BasicInformationGroupBox: TGroupBox
117 | Left = 1
118 | Top = 1
119 | Width = 331
120 | Height = 104
121 | Align = alTop
122 | Caption = 'Basic information'
123 | TabOrder = 2
124 | object Label1: TLabel
125 | Left = 11
126 | Top = 19
127 | Width = 47
128 | Height = 13
129 | Caption = 'Key name'
130 | end
131 | object Label2: TLabel
132 | Left = 11
133 | Top = 46
134 | Width = 55
135 | Height = 13
136 | Caption = 'Value name'
137 | end
138 | object Label3: TLabel
139 | Left = 11
140 | Top = 70
141 | Width = 24
142 | Height = 13
143 | Caption = 'Type'
144 | end
145 | object KeyNameEdit: TEdit
146 | Left = 72
147 | Top = 16
148 | Width = 256
149 | Height = 21
150 | TabOrder = 0
151 | end
152 | object ValueNameEdit: TEdit
153 | Left = 72
154 | Top = 43
155 | Width = 256
156 | Height = 21
157 | TabOrder = 1
158 | end
159 | object ValueTypeComboBox: TComboBox
160 | Left = 72
161 | Top = 70
162 | Width = 105
163 | Height = 21
164 | Style = csDropDownList
165 | ItemIndex = 1
166 | TabOrder = 2
167 | Text = 'REG_BINARY'
168 | Items.Strings = (
169 | 'REG_NONE'
170 | 'REG_BINARY'
171 | 'REG_DWORD'
172 | 'REG_QWORD'
173 | 'REG_SZ'
174 | 'REG_EXPAND_SZ'
175 | 'REG_MULTI_SZ')
176 | end
177 | end
178 | end
179 | object OkButton: TButton
180 | Left = 192
181 | Top = 312
182 | Width = 65
183 | Height = 25
184 | Caption = 'Ok'
185 | TabOrder = 1
186 | OnClick = OkButtonClick
187 | end
188 | object StornoButton: TButton
189 | Left = 260
190 | Top = 312
191 | Width = 65
192 | Height = 25
193 | Caption = 'Storno'
194 | TabOrder = 2
195 | OnClick = StornoButtonClick
196 | end
197 | end
198 |
--------------------------------------------------------------------------------
/RHGUI/NewPseudoValueForm.pas:
--------------------------------------------------------------------------------
1 | Unit NewPseudoValueForm;
2 |
3 | Interface
4 |
5 | Uses
6 | Winapi.Windows, Winapi.Messages, System.SysUtils,
7 | System.Variants, System.Classes, Vcl.Graphics,
8 | Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.ExtCtrls,
9 | Vcl.StdCtrls, Vcl.ComCtrls, DllRegHider, PseudoRegistryValue;
10 |
11 | Type
12 | TNewPseudoValueFrm = Class (TForm)
13 | MainPanel: TPanel;
14 | OkButton: TButton;
15 | StornoButton: TButton;
16 | ExtraInformationGroupBox: TGroupBox;
17 | DataGroupBox: TGroupBox;
18 | BasicInformationGroupBox: TGroupBox;
19 | KeyNameEdit: TEdit;
20 | ValueNameEdit: TEdit;
21 | ProcessNameEdit: TEdit;
22 | ValueTypeComboBox: TComboBox;
23 | ChangeModeComboBox: TComboBox;
24 | DeleteModeComboBox: TComboBox;
25 | Label1: TLabel;
26 | Label2: TLabel;
27 | Label3: TLabel;
28 | Label4: TLabel;
29 | Label5: TLabel;
30 | Label6: TLabel;
31 | ValueDataRichEdit: TRichEdit;
32 | procedure FormCreate(Sender: TObject);
33 | procedure FormDestroy(Sender: TObject);
34 | procedure StornoButtonClick(Sender: TObject);
35 | procedure OkButtonClick(Sender: TObject);
36 | Private
37 | FCancelled : Boolean;
38 | FKeyName : WideString;
39 | FValueName : WideString;
40 | FValueType : Cardinal;
41 | FValueData : Pointer;
42 | FValueDataLength : Cardinal;
43 | FProcessName : WideString;
44 | FChangeMode : ERegistryValueOpMode;
45 | FDeleteMode : ERegistryValueOpMode;
46 | FPseudoValue : TPseudoRegistryValue;
47 | Public
48 | Constructor Create(AOwner:TComponent; AValue:TPseudoRegistryValue = Nil); Reintroduce;
49 |
50 | Property Cancelled : Boolean Read FCancelled;
51 | Property KeyName : WideString Read FKeyName;
52 | Property ValueName : WideString Read FValueName;
53 | Property ValueType : Cardinal Read FValueType;
54 | Property ValueData : Pointer Read FValueData;
55 | Property ValueDataLength : Cardinal Read FValueDataLength;
56 | Property ProcessName : WideString Read FProcessName;
57 | Property ChangeMode : ERegistryValueOpMode Read FChangeMode;
58 | Property DeleteMode : ERegistryValueOpMode Read FDeleteMode;
59 | end;
60 |
61 |
62 | Implementation
63 |
64 | {$R *.DFM}
65 |
66 | Uses
67 | Utils;
68 |
69 | Constructor TNewPseudoValueFrm.Create(AOwner:TComponent; AValue:TPseudoRegistryValue = Nil);
70 | begin
71 | FPseudoValue := AValue;
72 | Inherited Create(AOwner);
73 | end;
74 |
75 | Procedure TNewPseudoValueFrm.FormCreate(Sender: TObject);
76 | begin
77 | FValueData := Nil;
78 | FValueDataLength := 0;
79 | FCancelled := True;
80 | If Assigned(FPseudoValue) Then
81 | begin
82 | KeyNameEdit.Text := FPseudoValue.KeyName;
83 | ValueNameEdit.Text := FPseudoValue.ValueName;
84 | ValuetypeComboBox.ItemIndex := 0;
85 | Case FPseudoValue.ValueType Of
86 | REG_NONE : ValuetypeComboBox.ItemIndex := 0;
87 | REG_BINARY : ValuetypeComboBox.ItemIndex := 1;
88 | REG_DWORD : ValuetypeComboBox.ItemIndex := 2;
89 | 11 : ValuetypeComboBox.ItemIndex := 3;
90 | REG_SZ : ValuetypeComboBox.ItemIndex := 4;
91 | REG_EXPAND_SZ : ValuetypeComboBox.ItemIndex := 5;
92 | REG_MULTI_SZ : ValuetypeComboBox.ItemIndex := 6;
93 | end;
94 |
95 | Case FPseudoValue.ValueType Of
96 | REG_SZ,
97 | REG_EXPAND_SZ : ValueDataRichEdit.Text := WideCharToString(FPseudoValue.Data);
98 | REG_MULTI_SZ : MultiStringToStringList(FPseudoValue.Data, ValueDataRichEdit.Lines);
99 | REG_DWORD : begin
100 | If FPseudoValue.DataLength = SizeOf(Cardinal) THen
101 | ValueDataRichEdit.Text := IntToStr(PInteger(FPseudoValue.Data)^);
102 | end;
103 | 11 : begin
104 | If FPseudoValue.DataLength = SizeOf(Int64) THen
105 | ValueDataRichEdit.Text := IntToStr(PInt64(FPseudoValue.Data)^);
106 | end;
107 | Else ValueDataRichEdit.Text := BinaryDataToString(FPseudoValue.Data, FPseudoValue.DataLength);
108 | end;
109 |
110 | ChangeModeComboBox.ItemIndex := Ord(FPseudoValue.ChangeMode);
111 | DeleteModeComboBox.ItemIndex := Ord(FPseudoValue.DeleteMode);
112 | ProcessNameEdit.Text := FPseudoValue.ProcessName;
113 | end;
114 | end;
115 |
116 | Procedure TNewPseudoValueFrm.FormDestroy(Sender: TObject);
117 | begin
118 | If Assigned(FValueData) Then
119 | FreeMem(FValueData);
120 | end;
121 |
122 | Procedure TNewPseudoValueFrm.OkButtonClick(Sender: TObject);
123 | Var
124 | dw : Cardinal;
125 | qw : UInt64;
126 | begin
127 | FCancelled := False;
128 | FKeyName := KeyNameEdit.Text;
129 | FValueName := ValueNameEdit.Text;
130 | Case ValueTypeComboBox.ItemIndex Of
131 | 0 : FValueType := REG_NONE;
132 | 1 : FValueType := REG_BINARY;
133 | 2 : FValueType := REG_DWORD;
134 | 3 : FValueType := 11;
135 | 4 : FValueType := REG_SZ;
136 | 5 : FValueType := REG_EXPAND_SZ;
137 | 6 : FValueType := REG_MULTI_SZ;
138 | end;
139 |
140 | Case FValueType Of
141 | REG_SZ,
142 | REG_EXPAND_SZ : begin
143 | FValueDataLength := (Length(ValueDataRichEdit.Text) + 1)*Sizeof(WideChar);
144 | FValueData := AllocMem(FValueDataLength);
145 | FCancelled := Not Assigned(FValueData);
146 | If Not FCancelled Then
147 | CopyMemory(FValueData, PWideChar(ValueDataRichEdit.Text), FValueDataLength);
148 | end;
149 | REG_DWORD : begin
150 | FValueDataLength := SizeOf(Cardinal);
151 | FValueData := AllocMem(FValueDataLength);
152 | FCancelled := Not Assigned(FValueData);
153 | If Not FCancelled Then
154 | begin
155 | try
156 | dw := Cardinal(StrToInt64(ValueDataRichEdit.Text));
157 | CopyMemory(FValueData, @dw, FValueDataLength);
158 | Except
159 | FCancelled := True;
160 | end;
161 |
162 | If FCancelled Then
163 | FreeMem(FValueData);
164 | end;
165 | end;
166 | 11 : begin
167 | FValueDataLength := SizeOf(UInt64);
168 | FValueData := AllocMem(FValueDataLength);
169 | FCancelled := Not Assigned(FValueData);
170 | If Not FCancelled Then
171 | begin
172 | try
173 | qw := UInt64(StrToInt64(ValueDataRichEdit.Text));
174 | CopyMemory(FValueData, @qw, FValueDataLength);
175 | Except
176 | FCancelled := True;
177 | end;
178 |
179 | If FCancelled Then
180 | FreeMem(FValueData);
181 | end;
182 | end;
183 | REG_MULTI_SZ : begin
184 | FCancelled := Not StringListToMultiStringData(ValueDataRichEdit.Lines, FValueData, FValueDatalength)
185 | end;
186 | REG_BINARY,
187 | REG_NONE : begin
188 | FCancelled := Not StringToBinaryData(ValueDataRichEdit.Text, FValueData, FValueDataLength);
189 | end;
190 | end;
191 |
192 | FProcessName := ProcessnameEdit.Text;
193 | FChangeMode := ERegistryValueOpMode(ChangeModeComboBox.ItemIndex);
194 | FDeleteMode := ERegistryValueOpMode(DeleteModeComboBox.ItemIndex);
195 | If Not FCancelled Then
196 | Close
197 | Else begin
198 | FValuedata := Nil;
199 | FValueDataLength := 0;
200 | end;
201 | end;
202 |
203 | Procedure TNewPseudoValueFrm.StornoButtonClick(Sender: TObject);
204 | begin
205 | Close;
206 | end;
207 |
208 | End.
209 |
--------------------------------------------------------------------------------
/RHGUI/PseudoRegistryValue.pas:
--------------------------------------------------------------------------------
1 | Unit PseudoRegistryValue;
2 |
3 | Interface
4 |
5 | Uses
6 | Windows, DllRegHider, Generics.Collections;
7 |
8 | Type
9 | TPseudoRegistryValue = Class
10 | Private
11 | FKeyName : WideString;
12 | FValueName : WideString;
13 | FValueType : Cardinal;
14 | FData : Pointer;
15 | FDataLength : Cardinal;
16 | FChangeMode : ERegistryValueOpMode;
17 | FDeleteMode : ERegistryValueOpMode;
18 | FProcessName : WideString;
19 | Public
20 | Constructor Create(Var ARecord:REGHIDER_PSEUDO_VALUE_RECORD); Reintroduce;
21 | Destructor Destroy; Override;
22 |
23 | Class Function Enumerate(AList:TList):Cardinal;
24 |
25 | Property KeyName : WideString Read FKeyName;
26 | Property ValueName : WideString Read FValueName;
27 | Property ValueType : Cardinal Read FValueType;
28 | Property Data : Pointer Read FData;
29 | Property DataLength : Cardinal Read FDataLength;
30 | Property ChangeMode : ERegistryValueOpMode Read FChangeMode;
31 | Property DeleteMode : ERegistryValueOpMode Read FDeleteMode;
32 | Property ProcessName : WideString Read FProcessName;
33 | end;
34 |
35 |
36 | Implementation
37 |
38 | Uses
39 | SysUtils;
40 |
41 | Function _EnumCallback(Var ARecord:REGHIDER_PSEUDO_VALUE_RECORD; AContext:Pointer):LongBool; StdCall;
42 | Var
43 | value : TPseudoRegistryValue;
44 | list : TList;
45 | begin
46 | list := AContext;
47 | Try
48 | value := TPseudoRegistryValue.Create(ARecord);
49 | Result := True;
50 | Except
51 | Result := False;
52 | End;
53 |
54 | If Result Then
55 | begin
56 | Try
57 | list.Add(value);
58 | Except
59 | value.Free;
60 | Result := False;
61 | end;
62 | end;
63 | end;
64 |
65 | Constructor TPseudoRegistryValue.Create(Var ARecord:REGHIDER_PSEUDO_VALUE_RECORD);
66 | begin
67 | Inherited Create;
68 | FData := Nil;
69 | FKeyName := WideCharToString(ARecord.KeyName);
70 | FValueName := WideCharToString(ARecord.ValueName);
71 | FProcessName := WideCharToString(ARecord.ProcessName);
72 | FValueType := ARecord.ValueType;
73 | FChangeMode := ARecord.ChangeMode;
74 | FDeleteMode := ARecord.DeleteMode;
75 | FDataLength := ARecord.DataLength;
76 | If FDataLength > 0 Then
77 | begin
78 | FData := HeapAlloc(GetProcessHeap, HEAP_ZERO_MEMORY, FDataLength);
79 | If Not Assigned(FData) Then
80 | Raise Exception.Create('Out of memory');
81 |
82 | CopyMemory(FData, ARecord.Data, FDataLength);
83 | end;
84 | end;
85 |
86 | Destructor TPseudoRegistryValue.Destroy;
87 | begin
88 | If Assigned(FData) Then
89 | HeapFree(GetProcessHeap, 0, FData);
90 |
91 | Inherited Destroy;
92 | end;
93 |
94 |
95 |
96 | Class Function TPseudoRegistryValue.Enumerate(AList:TList):Cardinal;
97 | Var
98 | value : TPseudoRegistryValue;
99 | tmpList : TList;
100 | begin
101 | tmpList := TList.Create;
102 | Result := PseudoValuesEnum(_EnumCallback, tmpList);
103 | If Result = ERROR_SUCCESS Then
104 | begin
105 | For value In tmpList Do
106 | AList.Add(value);
107 | end;
108 |
109 | tmpList.Free;
110 | end;
111 |
112 |
113 |
114 | End.
115 |
--------------------------------------------------------------------------------
/RHGUI/RHGUI.dpr:
--------------------------------------------------------------------------------
1 | program RHGUI;
2 |
3 | uses
4 | Windows,
5 | Vcl.Forms,
6 | MainForm in 'MainForm.pas' {Form1},
7 | DllRegHider in '..\include\DllRegHider.pas',
8 | Utils in 'Utils.pas',
9 | HiddenRegistryKey in 'HiddenRegistryKey.pas',
10 | PseudoRegistryValue in 'PseudoRegistryValue.pas',
11 | NewPseudoValueForm in 'NewPseudoValueForm.pas' {NewPseudoValueFrm};
12 |
13 | {$R *.res}
14 |
15 | Var
16 | err : Cardinal;
17 | begin
18 | Application.Initialize;
19 | err := DLLregHider.Init;
20 | If err = ERROR_SUCCESS Then
21 | begin
22 | Application.MainFormOnTaskbar := True;
23 | Application.CreateForm(TForm1, Form1);
24 | Application.Run;
25 | DllRegHider.Finit;
26 | end
27 | Else WindowsErrorMessage(err, 'Failed to initialize reghider.dll', []);
28 | end.
29 |
30 |
--------------------------------------------------------------------------------
/RHGUI/RHGUI.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MartinDrab/Hackerfest2015/1a7ab4e917bec6c54c2e0257750315c3848f61e8/RHGUI/RHGUI.res
--------------------------------------------------------------------------------
/RHGUI/Utils.pas:
--------------------------------------------------------------------------------
1 | Unit Utils;
2 |
3 | Interface
4 |
5 | Uses
6 | Windows, DllRegHider, Classes;
7 |
8 | Function RegistryValueOpModeToStr(AMode:ERegistryValueOpMode):WideString;
9 | Function RegistryValueTypeToStr(AType:Cardinal):WideString;
10 | Function StringListToMultiStringData(AList:TStrings; Var AData:Pointer; Var ADataLength:Cardinal):Boolean;
11 | Procedure MultiStringToStringList(AM:PWideChar; AList:TStrings);
12 | Function StringToBinaryData(S:WideString; Var AData:Pointer; Var ADataLength:Cardinal):Boolean;
13 | Function BinaryDataToString(ABuffer:Pointer; ASize:Cardinal):WideString;
14 |
15 | Function WideCharToString(AWideChar:PWideChar):WideString;
16 | Procedure WindowsErrorMessage(AErrorCode:Cardinal; AMessage:WideString; AArgs:Array Of Const);
17 |
18 | Implementation
19 |
20 | Uses
21 | SysUtils;
22 |
23 | Function RegistryValueOpModeToStr(AMode:ERegistryValueOpMode):WideString;
24 | begin
25 | Case AMode Of
26 | rvdmDeny: Result := 'Deny';
27 | rvdmAllow: Result := 'Allow';
28 | rvdmPretend: Result := 'Pretend';
29 | Else Result := Format(' (%d)', [Ord(AMode)]);
30 | end;
31 | end;
32 |
33 | Function RegistryValueTypeToStr(AType:Cardinal):WideString;
34 | begin
35 | Case AType Of
36 | REG_NONE : Result := 'REG_NONE';
37 | REG_DWORD : Result := 'REG_DWORD';
38 | REG_SZ : Result := 'REG_SZ';
39 | REG_EXPAND_SZ : Result := 'REG_EXPAND_SZ';
40 | REG_MULTI_SZ : Result := 'REG_MULTI_SZ';
41 | REG_BINARY : Result := 'REG_BINARY';
42 | 11 : Result := 'REG_QWORD';
43 | Else Result := Format(' (%d)', [AType]);
44 | end;
45 | end;
46 |
47 | Function WideCharToString(AWideChar:PWideChar):WideString;
48 | begin
49 | Result := Copy(WideString(AWideChar), 1, StrLen(AWideChar));
50 | end;
51 |
52 | Procedure WindowsErrorMessage(AErrorCode:Cardinal; AMessage:WideString; AArgs:Array Of Const);
53 | Var
54 | wholeMsg : WideString;
55 | errString : WideString;
56 | begin
57 | errString := Format(': %s (%d)', [SysErrorMessage(AErrorCode), AErrorCode]);
58 | wholeMsg := Format(AMessage, AArgs) + errString;
59 | MessageBoxW(0, PWideChar(wholeMsg), 'Error', MB_OK Or MB_ICONERROR);
60 | end;
61 |
62 | Function StringListToMultiStringData(AList:TStrings; Var AData:Pointer; Var ADataLength:Cardinal):Boolean;
63 | Var
64 | len : Cardinal;
65 | tmp : PWideChar;
66 | I : Integer;
67 | begin
68 | ADataLength := SizeOf(WideChar);
69 | For I := 0 To AList.Count - 1 Do
70 | Inc(ADataLength, (Length(AList[I]) + 1)*SizeOf(WideChar));
71 |
72 | AData := AllocMem(ADataLength);
73 | Result := Assigned(AData);
74 | If Result Then
75 | begin
76 | tmp := AData;
77 | For I := 0 To AList.Count - 1 Do
78 | begin
79 | len := Length(AList[I]);
80 | CopyMemory(tmp, PWideChar(AList[I]), (len + 1)*SizeOf(WiDeChar));
81 | Inc(tmp, len + 1);
82 | end;
83 |
84 | tmp^ := #0;
85 | end;
86 | end;
87 |
88 | Procedure MultiStringToStringList(AM:PWideChar; AList:TStrings);
89 | Var
90 | len : Cardinal;
91 | tmp : PWideChar;
92 | begin
93 | tmp := AM;
94 | While tmp^ <> #0 Do
95 | begin
96 | len := Strlen(tmp);
97 | AList.Add(WideCharToString(tmp));
98 | Inc(tmp, len + 1);
99 | end;
100 | end;
101 |
102 | Function StringToBinaryData(S:WideString; Var AData:Pointer; Var ADataLength:Cardinal):Boolean;
103 | Var
104 | d : WideChar;
105 | b : Byte;
106 | value : Byte;
107 | p : PByte;
108 | I : Integer;
109 | begin
110 | Result := (Length(S) Mod 2) = 0;
111 | If Result Then
112 | begin
113 | For I := 1 To Length(S) Do
114 | begin
115 | Result := (
116 | ((S[I] >= '0') And (S[I] <= '9')) Or
117 | ((S[I] >= 'a') And (S[I] <= 'f')) Or
118 | ((S[I] >= 'A') And (S[I] <= 'F'))
119 | );
120 | If Not Result Then
121 | Break;
122 | end;
123 |
124 | If Result Then
125 | begin
126 | ADataLength := Length(S) Div 2;
127 | AData := AllocMem(ADataLength);
128 | If Assigned(AData) Then
129 | begin
130 | p := AData;
131 | For I := 0 To ADataLength - 1 Do
132 | begin
133 | d := S[2*I + 1];
134 | If ((d >= '0') And (d <= '9')) Then
135 | b := Ord(d) - Ord('0')
136 | Else If ((d >= 'a') And (d <= 'f')) Then
137 | b := Ord(d) - Ord('a') + 10
138 | Else b := Ord(d) - Ord('A') + 10;
139 |
140 | value := b;
141 |
142 | d := S[2*I+2];
143 | If ((d >= '0') And (d <= '9')) Then
144 | b := Ord(d) - Ord('0')
145 | Else If ((d >= 'a') And (d <= 'f')) Then
146 | b := Ord(d) - Ord('a') + 10
147 | Else b := Ord(d) - Ord('A') + 10;
148 |
149 | value := value + 16*b;
150 | p^ := value;
151 | Inc(p);
152 | end;
153 | end;
154 | end;
155 | end;
156 | end;
157 |
158 | Function BinaryDataToString(ABuffer:Pointer; ASize:Cardinal):WideString;
159 | Var
160 | p : PByte;
161 | I : Integer;
162 | begin
163 | Result := '';
164 | p := ABuffer;
165 | For I := 0 To ASize - 1 Do
166 | begin
167 | Result := Result + IntToHex(p^, 2);
168 | Inc(p);
169 | end;
170 | end;
171 |
172 | End.
173 |
174 |
--------------------------------------------------------------------------------
/StaticLibrary.props:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | $(SolutionDir)lib\$(Platform)\$(Configuration)\
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/bin/Win32/Release/RHGUI.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MartinDrab/Hackerfest2015/1a7ab4e917bec6c54c2e0257750315c3848f61e8/bin/Win32/Release/RHGUI.exe
--------------------------------------------------------------------------------
/bin/Win32/Release/ndisprot6-test.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MartinDrab/Hackerfest2015/1a7ab4e917bec6c54c2e0257750315c3848f61e8/bin/Win32/Release/ndisprot6-test.exe
--------------------------------------------------------------------------------
/bin/Win32/Release/ndisprot6.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MartinDrab/Hackerfest2015/1a7ab4e917bec6c54c2e0257750315c3848f61e8/bin/Win32/Release/ndisprot6.sys
--------------------------------------------------------------------------------
/bin/Win32/Release/reghider.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MartinDrab/Hackerfest2015/1a7ab4e917bec6c54c2e0257750315c3848f61e8/bin/Win32/Release/reghider.dll
--------------------------------------------------------------------------------
/bin/Win32/Release/reghider.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MartinDrab/Hackerfest2015/1a7ab4e917bec6c54c2e0257750315c3848f61e8/bin/Win32/Release/reghider.sys
--------------------------------------------------------------------------------
/bin/x64/Release/RHGUI.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MartinDrab/Hackerfest2015/1a7ab4e917bec6c54c2e0257750315c3848f61e8/bin/x64/Release/RHGUI.exe
--------------------------------------------------------------------------------
/bin/x64/Release/ndisprot6-test.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MartinDrab/Hackerfest2015/1a7ab4e917bec6c54c2e0257750315c3848f61e8/bin/x64/Release/ndisprot6-test.exe
--------------------------------------------------------------------------------
/bin/x64/Release/ndisprot6.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MartinDrab/Hackerfest2015/1a7ab4e917bec6c54c2e0257750315c3848f61e8/bin/x64/Release/ndisprot6.sys
--------------------------------------------------------------------------------
/bin/x64/Release/reghider.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MartinDrab/Hackerfest2015/1a7ab4e917bec6c54c2e0257750315c3848f61e8/bin/x64/Release/reghider.dll
--------------------------------------------------------------------------------
/bin/x64/Release/reghider.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MartinDrab/Hackerfest2015/1a7ab4e917bec6c54c2e0257750315c3848f61e8/bin/x64/Release/reghider.sys
--------------------------------------------------------------------------------
/dllreghider/dllreghider.c:
--------------------------------------------------------------------------------
1 |
2 | #include
3 | #include "reghider-types.h"
4 | #include "libreghider-types.h"
5 | #include "libreghider.h"
6 | #include "dllreghider.h"
7 |
8 | /************************************************************************/
9 | /* EXPORTED FUNCTIONS */
10 | /************************************************************************/
11 |
12 | /**************/
13 | /* HIDDEN KEY */
14 | /**************/
15 |
16 | REGHIDER_API DWORD WINAPI HiddenKeyAdd(PWCHAR KeyName)
17 | {
18 | return LibRegHiderHiddenKeyAdd(KeyName);
19 | }
20 |
21 | REGHIDER_API DWORD WINAPI HiddenKeyDelete(PWCHAR KeyName)
22 | {
23 | return LibRegHiderHiddenKeyDelete(KeyName);
24 | }
25 |
26 | REGHIDER_API DWORD WINAPI HiddenKeysEnum(REGHIDER_HIDDEN_KEY_CALLBACK *Callback, PVOID Context)
27 | {
28 | return LibRegHiderHiddenKeysEnum(Callback, Context);
29 | }
30 |
31 | /****************/
32 | /* PSEUDO VALUE */
33 | /****************/
34 |
35 | REGHIDER_API DWORD WINAPI PseudoValueAdd(PWCHAR KeyName, PWCHAR ValueName, ULONG Valuetype, PVOID Data, ULONG DataLength, ERegistryValueOpMode DeleteMode, ERegistryValueOpMode ChangeMode, PWCHAR ProcessName)
36 | {
37 | return LibRegHiderPseudoValueAdd(KeyName, ValueName, Valuetype, Data, DataLength, DeleteMode, ChangeMode, ProcessName);
38 | }
39 |
40 | REGHIDER_API DWORD WINAPI PseudoValueDelete(PWCHAR KeyName, PWCHAR ValueName)
41 | {
42 | return LibRegHiderPseudoValueDelete(KeyName, ValueName);
43 | }
44 |
45 | REGHIDER_API DWORD WINAPI PseudoValuesEnum(REGHIDER_PSEUDO_VALUE_CALLBACK *Callback, PVOID Context)
46 | {
47 | return LibRegHiderPseudoValuesEnum(Callback, Context);
48 | }
49 |
50 | REGHIDER_API DWORD WINAPI PseudoValueSet(PWCHAR KeyName, PWCHAR ValueName, ULONG ValueType, PVOID Data, ULONG DataLength, ERegistryValueOpMode DeleteMode, ERegistryValueOpMode ChangeMode, PWCHAR ProcessName)
51 | {
52 | return LibRegHiderPseudoValueSet(KeyName, ValueName, ValueType, Data, DataLength, DeleteMode, ChangeMode, ProcessName);
53 | }
54 |
55 |
56 | /******************/
57 | /* INIT AND FINIT */
58 | /******************/
59 |
60 | REGHIDER_API DWORD WINAPI Init(VOID)
61 | {
62 | return LibRegHiderInit();
63 | }
64 |
65 | REGHIDER_API VOID WINAPI Finit(VOID)
66 | {
67 | LibRegHiderFinit();
68 |
69 | return;
70 | }
71 |
72 |
73 |
74 | /************************************************************************/
75 | /* INITIALIZATION AND FINALIZATION */
76 | /************************************************************************/
77 |
78 | BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, PVOID lpReserved)
79 | {
80 | BOOL ret = FALSE;
81 |
82 | switch (dwReason) {
83 | case DLL_PROCESS_ATTACH:
84 | ret = DisableThreadLibraryCalls(hInstance);
85 | break;
86 | }
87 |
88 | return ret;
89 | }
90 |
--------------------------------------------------------------------------------
/dllreghider/dllreghider.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Header Files
25 |
26 |
27 | Header Files
28 |
29 |
30 | Header Files
31 |
32 |
33 | Header Files
34 |
35 |
36 |
--------------------------------------------------------------------------------
/hackerfest2015.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MartinDrab/Hackerfest2015/1a7ab4e917bec6c54c2e0257750315c3848f61e8/hackerfest2015.suo
--------------------------------------------------------------------------------
/hackerfest2015.v12.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MartinDrab/Hackerfest2015/1a7ab4e917bec6c54c2e0257750315c3848f61e8/hackerfest2015.v12.suo
--------------------------------------------------------------------------------
/hfdetector/FileSystemObject.h:
--------------------------------------------------------------------------------
1 |
2 | #ifndef __FILE_SYSTEM_OBJECT_H__
3 | #define __FILE_SYSTEM_OBJECT_H__
4 |
5 |
6 | #include
7 | #include