├── MSX-Release
├── Logs
│ └── Logs.log
├── MAIN.exe
├── MSX_DLL.dll
├── msx-svc.exe
├── stscae32.dll
├── stscae64.dll
├── stscae64.i64
├── stscae64.sys
├── InstDvr
│ ├── Dbgview.exe
│ ├── INSTDRV.EXE
│ ├── dbgview.chm
│ └── README.TXT
├── MAIN.exe.config
├── aaa.js
└── bbb.js
├── DLL
├── stsc_lua.h
├── main.cpp
├── Resource.aps
├── Resource.rc
├── resource.h
├── stsc_lua.cpp
├── warning.bmp
├── Release
│ ├── Resource.res
│ └── DLL.log
├── stsc_util.h
├── DLL.vcxproj.user
├── asm64.asm
├── main.h
├── DLL.vcxproj.filters
├── hook_api.h
├── stsc_util.cpp
├── wintoastlib.h
└── hook_api.cpp
├── patch.txt
├── IMAGES
├── 1.png
├── 2.png
└── 3.png
├── MAIN
├── ICON.ico
├── obj
│ ├── Release
│ │ ├── TemporaryGeneratedFile_036C0B5B-1481-4323-8D20-8F5ADCB23D92.cs
│ │ ├── TemporaryGeneratedFile_5937a670-0e60-4077-877b-f7221da3dda1.cs
│ │ ├── TemporaryGeneratedFile_E7A71F73-0F8D-4B9B-B56E-8E70B10BC5D3.cs
│ │ ├── MAIN.exe
│ │ ├── MAIN.Form1.resources
│ │ ├── MAIN.Form2.resources
│ │ ├── MAIN.csproj.GenerateResource.Cache
│ │ ├── MAIN.Properties.Resources.resources
│ │ ├── DesignTimeResolveAssemblyReferences.cache
│ │ ├── MAIN.csprojResolveAssemblyReference.cache
│ │ ├── TempPE
│ │ │ └── Properties.Resources.Designer.cs.dll
│ │ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ │ └── MAIN.csproj.FileListAbsolute.txt
│ └── Debug
│ │ ├── MAIN.exe
│ │ ├── MAIN.Form1.resources
│ │ ├── MAIN.Form2.resources
│ │ ├── MAIN.Properties.Resources.resources
│ │ ├── MAIN.csproj.GenerateResource.Cache
│ │ ├── MAIN.csprojResolveAssemblyReference.cache
│ │ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ │ └── MAIN.csproj.FileListAbsolute.txt
├── App.config
├── Properties
│ ├── Settings.settings
│ ├── Settings.Designer.cs
│ ├── AssemblyInfo.cs
│ ├── Resources.Designer.cs
│ ├── app.manifest
│ └── Resources.resx
├── MAIN.csproj.user
├── Form2.cs
├── Settings.cs
├── Program.cs
├── Form2.Designer.cs
├── Form2.resx
└── MAIN.csproj
├── MSX_DLL
├── Main.cpp
├── Loader.cpp
├── MSX_DLL.vcxproj.user
├── Loader.h
├── x64
│ └── Release
│ │ ├── MSX_DLL.log
│ │ └── MSX_DLL.Build.CppClean.log
├── MSX_DLL.vcxproj.filters
├── Win32
│ └── Release
│ │ └── MSX_DLL.log
└── MSX_DLL.vcxproj
├── msx-svc
├── main.cpp
├── Service.cpp
├── Release
│ ├── service.nativecodeanalysis.xml
│ ├── msx-svc.Build.CppClean.log
│ ├── vc.nativecodeanalysis.all.xml
│ ├── main.nativecodeanalysis.xml
│ └── msx-svc.log
├── Service.h
├── msx-svc.vcxproj.filters
├── main.h
└── msx-svc.vcxproj
├── LIB
├── MAD
│ ├── madCHook.h
│ ├── madCHook.lib
│ ├── madCHook32.lib
│ ├── madCHook64md.lib
│ ├── madCHook64mt.lib
│ ├── gcc++.readme.txt
│ ├── readme.txt
│ └── madCHook.def
├── lua-5.3.3_Win32_vc14_lib
│ ├── lua53.lib
│ └── include
│ │ ├── lua.hpp
│ │ ├── lualib.h
│ │ └── lauxlib.h
└── lua-5.3.4_Win64_vc14_lib
│ ├── lua53.lib
│ └── include
│ ├── lua.hpp
│ ├── lualib.h
│ └── lauxlib.h
├── SYS
├── x64
│ └── Release
│ │ ├── SYS.res
│ │ ├── inf2catOutput.log
│ │ ├── SYS.log
│ │ ├── SYS.inf
│ │ └── stscae64.Build.CppClean.log
├── SYS.rc
├── SYS.vcxproj.user
├── FLT.h
├── SYS.vcxproj.filters
├── ObCallBack.h
├── SYS.inf
├── Main.h
├── ObCallBack.c
├── FLT.c
├── Main.c
└── SYS.vcxproj
├── .gitignore
├── README.MD
└── MSX.sln
/MSX-Release/Logs/Logs.log:
--------------------------------------------------------------------------------
1 | AA
--------------------------------------------------------------------------------
/DLL/stsc_lua.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
--------------------------------------------------------------------------------
/patch.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/patch.txt
--------------------------------------------------------------------------------
/DLL/main.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/DLL/main.cpp
--------------------------------------------------------------------------------
/IMAGES/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/IMAGES/1.png
--------------------------------------------------------------------------------
/IMAGES/2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/IMAGES/2.png
--------------------------------------------------------------------------------
/IMAGES/3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/IMAGES/3.png
--------------------------------------------------------------------------------
/MAIN/ICON.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/ICON.ico
--------------------------------------------------------------------------------
/MAIN/obj/Release/TemporaryGeneratedFile_036C0B5B-1481-4323-8D20-8F5ADCB23D92.cs:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/MAIN/obj/Release/TemporaryGeneratedFile_5937a670-0e60-4077-877b-f7221da3dda1.cs:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/MAIN/obj/Release/TemporaryGeneratedFile_E7A71F73-0F8D-4B9B-B56E-8E70B10BC5D3.cs:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/DLL/Resource.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/DLL/Resource.aps
--------------------------------------------------------------------------------
/DLL/Resource.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/DLL/Resource.rc
--------------------------------------------------------------------------------
/DLL/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/DLL/resource.h
--------------------------------------------------------------------------------
/DLL/stsc_lua.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/DLL/stsc_lua.cpp
--------------------------------------------------------------------------------
/DLL/warning.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/DLL/warning.bmp
--------------------------------------------------------------------------------
/MSX_DLL/Main.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MSX_DLL/Main.cpp
--------------------------------------------------------------------------------
/msx-svc/main.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/msx-svc/main.cpp
--------------------------------------------------------------------------------
/LIB/MAD/madCHook.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/LIB/MAD/madCHook.h
--------------------------------------------------------------------------------
/MSX_DLL/Loader.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MSX_DLL/Loader.cpp
--------------------------------------------------------------------------------
/LIB/MAD/madCHook.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/LIB/MAD/madCHook.lib
--------------------------------------------------------------------------------
/MSX-Release/MAIN.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MSX-Release/MAIN.exe
--------------------------------------------------------------------------------
/msx-svc/Service.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/msx-svc/Service.cpp
--------------------------------------------------------------------------------
/LIB/MAD/madCHook32.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/LIB/MAD/madCHook32.lib
--------------------------------------------------------------------------------
/MAIN/obj/Debug/MAIN.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/obj/Debug/MAIN.exe
--------------------------------------------------------------------------------
/MSX-Release/MSX_DLL.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MSX-Release/MSX_DLL.dll
--------------------------------------------------------------------------------
/MSX-Release/msx-svc.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MSX-Release/msx-svc.exe
--------------------------------------------------------------------------------
/SYS/x64/Release/SYS.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/SYS/x64/Release/SYS.res
--------------------------------------------------------------------------------
/DLL/Release/Resource.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/DLL/Release/Resource.res
--------------------------------------------------------------------------------
/LIB/MAD/madCHook64md.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/LIB/MAD/madCHook64md.lib
--------------------------------------------------------------------------------
/LIB/MAD/madCHook64mt.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/LIB/MAD/madCHook64mt.lib
--------------------------------------------------------------------------------
/MAIN/obj/Release/MAIN.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/obj/Release/MAIN.exe
--------------------------------------------------------------------------------
/MSX-Release/stscae32.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MSX-Release/stscae32.dll
--------------------------------------------------------------------------------
/MSX-Release/stscae64.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MSX-Release/stscae64.dll
--------------------------------------------------------------------------------
/MSX-Release/stscae64.i64:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MSX-Release/stscae64.i64
--------------------------------------------------------------------------------
/MSX-Release/stscae64.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MSX-Release/stscae64.sys
--------------------------------------------------------------------------------
/msx-svc/Release/service.nativecodeanalysis.xml:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/MSX-Release/InstDvr/Dbgview.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MSX-Release/InstDvr/Dbgview.exe
--------------------------------------------------------------------------------
/MSX-Release/InstDvr/INSTDRV.EXE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MSX-Release/InstDvr/INSTDRV.EXE
--------------------------------------------------------------------------------
/MSX-Release/InstDvr/dbgview.chm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MSX-Release/InstDvr/dbgview.chm
--------------------------------------------------------------------------------
/MAIN/obj/Debug/MAIN.Form1.resources:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/obj/Debug/MAIN.Form1.resources
--------------------------------------------------------------------------------
/MAIN/obj/Debug/MAIN.Form2.resources:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/obj/Debug/MAIN.Form2.resources
--------------------------------------------------------------------------------
/LIB/lua-5.3.3_Win32_vc14_lib/lua53.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/LIB/lua-5.3.3_Win32_vc14_lib/lua53.lib
--------------------------------------------------------------------------------
/LIB/lua-5.3.4_Win64_vc14_lib/lua53.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/LIB/lua-5.3.4_Win64_vc14_lib/lua53.lib
--------------------------------------------------------------------------------
/MAIN/obj/Release/MAIN.Form1.resources:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/obj/Release/MAIN.Form1.resources
--------------------------------------------------------------------------------
/MAIN/obj/Release/MAIN.Form2.resources:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/obj/Release/MAIN.Form2.resources
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .vs/
2 | *.pdb
3 | *.ipdb
4 | *.iobj
5 | *.obj
6 | *.db
7 | *.VC.db
8 | *.opendb
9 | *.tlog
10 |
11 | *.cer
12 | *.pdb
--------------------------------------------------------------------------------
/LIB/MAD/gcc++.readme.txt:
--------------------------------------------------------------------------------
1 | you can use the "reimp.exe" tool (from the mingw package) to convert
2 | the Microsoft lib files to a format which is usable for you
--------------------------------------------------------------------------------
/MAIN/obj/Debug/MAIN.Properties.Resources.resources:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/obj/Debug/MAIN.Properties.Resources.resources
--------------------------------------------------------------------------------
/MAIN/obj/Debug/MAIN.csproj.GenerateResource.Cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/obj/Debug/MAIN.csproj.GenerateResource.Cache
--------------------------------------------------------------------------------
/MAIN/obj/Release/MAIN.csproj.GenerateResource.Cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/obj/Release/MAIN.csproj.GenerateResource.Cache
--------------------------------------------------------------------------------
/MAIN/obj/Release/MAIN.Properties.Resources.resources:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/obj/Release/MAIN.Properties.Resources.resources
--------------------------------------------------------------------------------
/MAIN/obj/Debug/MAIN.csprojResolveAssemblyReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/obj/Debug/MAIN.csprojResolveAssemblyReference.cache
--------------------------------------------------------------------------------
/LIB/MAD/readme.txt:
--------------------------------------------------------------------------------
1 | For 64bit hook dll projects use madCHook64mt.lib.
2 | For 64bit exe projects you can use either madCHook64md.lib or madCHook64mt.lib, whichever you prefer.
--------------------------------------------------------------------------------
/MAIN/obj/Release/DesignTimeResolveAssemblyReferences.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/obj/Release/DesignTimeResolveAssemblyReferences.cache
--------------------------------------------------------------------------------
/MAIN/obj/Release/MAIN.csprojResolveAssemblyReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/obj/Release/MAIN.csprojResolveAssemblyReference.cache
--------------------------------------------------------------------------------
/MAIN/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/MAIN/obj/Release/TempPE/Properties.Resources.Designer.cs.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/obj/Release/TempPE/Properties.Resources.Designer.cs.dll
--------------------------------------------------------------------------------
/MAIN/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/killvxk/Anti-Exploit/HEAD/MAIN/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/DLL/stsc_util.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #pragma comment (lib, "wintrust")
3 |
4 | BOOL VerifyEmbeddedSignature(LPCWSTR pwszSourceFile);
5 | int What_is_this_OS();
6 | DWORD GetParentProcessId();
--------------------------------------------------------------------------------
/DLL/DLL.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/DLL/asm64.asm:
--------------------------------------------------------------------------------
1 | .code
2 |
3 | get_ret64 PROC
4 | mov rax, [rsp+64]
5 | mov [rcx],rax
6 | mov bl,[rax-6]
7 | mov [rdx],bl
8 | ret
9 | get_ret64 ENDP
10 |
11 |
12 | END
--------------------------------------------------------------------------------
/MSX_DLL/MSX_DLL.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/MAIN/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/MAIN/Properties/Settings.settings:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/MSX-Release/MAIN.exe.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/SYS/x64/Release/inf2catOutput.log:
--------------------------------------------------------------------------------
1 | Inf2Cat Tool Output:
2 | ........................
3 | Signability test failed.
4 |
5 | Errors:
6 | 22.9.7: DriverVer set to a date in the future (postdated DriverVer not allowed) in \sys.inf.
7 |
8 | Warnings:
9 | None
10 |
--------------------------------------------------------------------------------
/MSX-Release/aaa.js:
--------------------------------------------------------------------------------
1 | var shell = new ActiveXObject("WScript.Shell");
2 | shell.Popup("text....");
3 |
4 | var objShell = new ActiveXObject("WScript.shell");
5 | objShell.run('calc.exe');
6 |
7 | var shell = new ActiveXObject("WScript.Shell");
8 | shell.Popup("text....");
--------------------------------------------------------------------------------
/LIB/lua-5.3.3_Win32_vc14_lib/include/lua.hpp:
--------------------------------------------------------------------------------
1 | // lua.hpp
2 | // Lua header files for C++
3 | // <> not supplied automatically because Lua also compiles as C++
4 |
5 | extern "C" {
6 | #include "lua.h"
7 | #include "lualib.h"
8 | #include "lauxlib.h"
9 | }
10 |
--------------------------------------------------------------------------------
/LIB/lua-5.3.4_Win64_vc14_lib/include/lua.hpp:
--------------------------------------------------------------------------------
1 | // lua.hpp
2 | // Lua header files for C++
3 | // <> not supplied automatically because Lua also compiles as C++
4 |
5 | extern "C" {
6 | #include "lua.h"
7 | #include "lualib.h"
8 | #include "lauxlib.h"
9 | }
10 |
--------------------------------------------------------------------------------
/SYS/SYS.rc:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | #include
4 |
5 | #define VER_FILETYPE VFT_DRV
6 | #define VER_FILESUBTYPE VFT2_DRV_SYSTEM
7 | #define VER_FILEDESCRIPTION_STR "stscaeFs64 Filter Driver"
8 | #define VER_INTERNALNAME_STR "stscaeFs64.sys"
9 |
10 | #include "common.ver"
11 |
--------------------------------------------------------------------------------
/MSX-Release/bbb.js:
--------------------------------------------------------------------------------
1 | var shell = new ActiveXObject("WScript.Shell");
2 | shell.Popup("text....");
3 |
4 | var objShell = new ActiveXObject("WScript.shell");
5 | objShell.run('C:\\Users\\Kang\\Desktop\\HT\\ProcessExplorer\\procexp.exe');
6 |
7 | var shell = new ActiveXObject("WScript.Shell");
8 | shell.Popup("text....");
--------------------------------------------------------------------------------
/SYS/SYS.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | CN="WDKTestCert Kang,131650638223576677" | A5D82221755E2BFBB942CB639283748F54134804
5 |
6 |
--------------------------------------------------------------------------------
/MAIN/MAIN.csproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | 게시\
5 |
6 |
7 |
8 |
9 |
10 | ko-KR
11 | false
12 |
13 |
--------------------------------------------------------------------------------
/README.MD:
--------------------------------------------------------------------------------
1 | To start the program, run Main.exe.
2 |
3 | - Require : .Net Framework 3.5
4 |
5 | - Support OS: Windows 7 x64, Windows 8 x64, Windows x64
6 |
7 | - Driver: Driver Test Signing
8 |
9 | [Change Log Link](https://github.com/Empier/Anti-Exploit/blob/master/patch.txt)
10 |
11 | [YouTube Link](https://www.youtube.com/watch?v=WshxiItLLew)
12 |
13 | ######################################
14 |
15 | ## Build
16 |
17 | ### Tools
18 |
19 | Use Visual Studio 2015 Pro
20 |
21 | Windows Driver Kit
22 |
23 | AcroEdit
24 |
25 | ### ScreenShot
26 |
27 | 
28 |
29 | 
30 |
31 | 
--------------------------------------------------------------------------------
/DLL/main.h:
--------------------------------------------------------------------------------
1 | //#pragma comment(lib,"Wininet.lib")
2 | #pragma comment(lib,"ws2_32.lib")
3 | //#pragma comment(lib,"libcurl_a.lib")
4 | #pragma comment(lib, "wldap32.lib")
5 |
6 | //#pragma comment(lib, "cryptlib.lib")
7 | //#pragma comment(lib, "VMProtectSDK32.lib")
8 | //#pragma comment(lib,"SecureEngineSDK32.lib")
9 | #pragma comment(lib,"iphlpapi.lib")
10 |
11 | #pragma comment(lib,"madCHook64mt.lib")
12 | #pragma comment(lib,"madCHook.lib")
13 |
14 |
15 | extern char detect_name[256];
16 |
17 | extern int OSver;
18 | extern BOOL bit;
19 | extern char FILE_NAME[MAX_PATH];
20 | extern char PROCESS_NAME[MAX_PATH];
21 | extern HMODULE g_hDLL;
22 |
23 |
24 | BOOL CALLBACK DialogProc(HWND hDlg, UINT iMessage, WPARAM wParam, LPARAM IParam);
--------------------------------------------------------------------------------
/msx-svc/Service.h:
--------------------------------------------------------------------------------
1 | // Service.h: interface for the util class.
2 | //
3 | //////////////////////////////////////////////////////////////////////
4 |
5 | #if !defined(AFX_UTIL_H__C882A393_2107_4BA9_AEC5_8E38A6616660__INCLUDED_)
6 | #define AFX_UTIL_H__C882A393_2107_4BA9_AEC5_8E38A6616660__INCLUDED_
7 |
8 | #if _MSC_VER > 1000
9 | #pragma once
10 | #endif // _MSC_VER > 1000
11 |
12 | #include
13 |
14 | DWORD ServiceInstall();
15 | DWORD ServiceUninstall();
16 |
17 | int _tmain_service(INT ARGC, LPSTR* ARGV);
18 | DWORD WINAPI _tmain_service_handler(DWORD fdwControl, DWORD dwEventType, LPVOID lpEventData, LPVOID lpContext);
19 | VOID SET_SERVICE_STATE(SERVICE_STATUS_HANDLE hd, DWORD dwState, DWORD dwAccept = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_PAUSE_CONTINUE);
20 | DWORD GET_SERVICE_STATE();
21 |
22 | #endif // !defined(AFX_UTIL_H__C882A393_2107_4BA9_AEC5_8E38A6616660__INCLUDED_)
23 |
--------------------------------------------------------------------------------
/SYS/FLT.h:
--------------------------------------------------------------------------------
1 | #ifndef _HEADER_HEAD_FILE
2 | #define _HEADER_HEAD_FILE
3 | #pragma once
4 | #include
5 | #include
6 | #include "util.h"
7 |
8 | #ifndef MAX_PATH
9 | #define MAX_PATH 260
10 | #endif
11 |
12 | typedef struct _SCANNER_NOTIFICATION {
13 |
14 | BOOLEAN bCreate;
15 | ULONG Reserved;
16 | UCHAR ProcessName[MAX_PATH];
17 | } SCANNER_NOTIFICATION, *PSCANNER_NOTIFICATION;
18 |
19 | typedef struct _SCANNER_REPLY {
20 |
21 | BOOLEAN SafeToOpen;
22 | UCHAR ReplyMsg[MAX_PATH];
23 | } SCANNER_REPLY, *PSCANNER_REPLY;
24 |
25 |
26 | VOID FLTUNLOAD();
27 | NTSTATUS FLTENTRY(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath);
28 | NTSTATUS PtUnload(__in FLT_FILTER_UNLOAD_FLAGS Flags);
29 |
30 | NTSTATUS PtInstanceQueryTeardown(__in PCFLT_RELATED_OBJECTS FltObjects, __in FLT_INSTANCE_QUERY_TEARDOWN_FLAGS Flags);
31 |
32 |
33 | #endif
--------------------------------------------------------------------------------
/MSX_DLL/Loader.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include
4 | #include
5 | #include
6 | #include
7 | #include
8 | #pragma comment(lib, "fltLib.lib")
9 |
10 | class Loader
11 | {
12 | public:
13 | protected:
14 | private:
15 | PTCHAR driverName;
16 |
17 | public:
18 | Loader(PTCHAR _driverName);
19 | virtual ~Loader(void);
20 |
21 | BOOLEAN InstallDriver(void);
22 | BOOLEAN UnInstallDriver(void);
23 |
24 | BOOLEAN StartDriver(void);
25 | BOOLEAN StopDriver(void);
26 |
27 | protected:
28 | private:
29 | // install step1
30 | BOOLEAN SetReg(void);
31 | BOOLEAN SetDriverReg(void);
32 | BOOLEAN SetDriverInstanceReg(void);
33 | BOOLEAN SetDriverInstanceSubReg(void);
34 | // install step2
35 | BOOLEAN SetDriverByService(void);
36 | // uninstall step1
37 | BOOLEAN ResetDriverByService(void);
38 |
39 | // start
40 | DWORD EnablePrivilege(TCHAR* privilegeStr);
41 | };
--------------------------------------------------------------------------------
/MAIN/obj/Debug/MAIN.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | C:\Users\Kang\Documents\Visual Studio 2015\Projects\MSX\MAIN\bin\Debug\MAIN.exe.config
2 | C:\Users\Kang\Documents\Visual Studio 2015\Projects\MSX\MAIN\bin\Debug\MAIN.exe
3 | C:\Users\Kang\Documents\Visual Studio 2015\Projects\MSX\MAIN\bin\Debug\MAIN.pdb
4 | C:\Users\Kang\Documents\Visual Studio 2015\Projects\MSX\MAIN\obj\Debug\MAIN.csprojResolveAssemblyReference.cache
5 | C:\Users\Kang\Documents\Visual Studio 2015\Projects\MSX\MAIN\obj\Debug\MAIN.Form1.resources
6 | C:\Users\Kang\Documents\Visual Studio 2015\Projects\MSX\MAIN\obj\Debug\MAIN.Form2.resources
7 | C:\Users\Kang\Documents\Visual Studio 2015\Projects\MSX\MAIN\obj\Debug\MAIN.Properties.Resources.resources
8 | C:\Users\Kang\Documents\Visual Studio 2015\Projects\MSX\MAIN\obj\Debug\MAIN.csproj.GenerateResource.Cache
9 | C:\Users\Kang\Documents\Visual Studio 2015\Projects\MSX\MAIN\obj\Debug\MAIN.exe
10 | C:\Users\Kang\Documents\Visual Studio 2015\Projects\MSX\MAIN\obj\Debug\MAIN.pdb
11 |
--------------------------------------------------------------------------------
/msx-svc/Release/msx-svc.Build.CppClean.log:
--------------------------------------------------------------------------------
1 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-svc\release\vc140.pdb
2 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-svc\release\service.obj
3 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-svc\release\main.obj
4 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-release\msx-svc.exe
5 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-svc\release\msx-svc.tlog\cl.command.1.tlog
6 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-svc\release\msx-svc.tlog\cl.read.1.tlog
7 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-svc\release\msx-svc.tlog\cl.write.1.tlog
8 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-svc\release\msx-svc.tlog\link.command.1.tlog
9 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-svc\release\msx-svc.tlog\link.read.1.tlog
10 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-svc\release\msx-svc.tlog\link.write.1.tlog
11 |
--------------------------------------------------------------------------------
/MSX_DLL/x64/Release/MSX_DLL.log:
--------------------------------------------------------------------------------
1 | C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\V140\Microsoft.CppBuild.targets(368,5): warning MSB8004: Output Directory does not end with a trailing slash. This build instance will add the slash as it is required to allow proper evaluation of the Output Directory.
2 | Loader.cpp
3 | Loader.cpp(355): warning C4996: 'strcat': This function or variable may be unsafe. Consider using strcat_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
4 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\string.h(90): note: 'strcat' 선언을 참조하십시오.
5 | Loader.cpp(343): warning C4101: 'windowsDir' :참조되지 않은 지역 변수입니다.
6 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MSX-Release\MSX_DLL.lib 라이브러리 및 C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MSX-Release\MSX_DLL.exp 개체를 생성하고 있습니다.
7 | 코드를 생성하고 있습니다.
8 | 코드를 생성했습니다.
9 | MSX_DLL.vcxproj -> C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MSX-Release\MSX_DLL.dll
10 |
--------------------------------------------------------------------------------
/MAIN/Form2.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.ComponentModel;
4 | using System.Data;
5 | using System.Drawing;
6 | using System.Linq;
7 | using System.Text;
8 | using System.Windows.Forms;
9 |
10 | namespace MAIN
11 | {
12 | public partial class Form2 : Form
13 | {
14 | ListViewItem ret_value;
15 | public ListViewItem addprocess
16 | {
17 | get { return this.ret_value; }
18 | set { this.ret_value=value; }
19 | }
20 | public Form2()
21 | {
22 | InitializeComponent();
23 | }
24 |
25 | private void button1_Click(object sender, EventArgs e)
26 | {
27 |
28 |
29 | string[] row = { textBox1.Text, textBox2.Text };
30 | var listViewItem = new ListViewItem(row);
31 |
32 | //Form1 KK = new Form1();
33 |
34 | addprocess = listViewItem;
35 | this.Close();
36 | }
37 |
38 | private void Form2_Load(object sender, EventArgs e)
39 | {
40 |
41 | }
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/SYS/x64/Release/SYS.log:
--------------------------------------------------------------------------------
1 | Building 'SYS' with toolset 'WindowsKernelModeDriver10.0' and the 'Desktop' target platform.
2 | C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\V140\Microsoft.CppBuild.targets(368,5): warning MSB8004: Output Directory does not end with a trailing slash. This build instance will add the slash as it is required to allow proper evaluation of the Output Directory.
3 | Stamping x64\Release\SYS.inf [Version] section with DriverVer=03/19/2018,0.1.51.811
4 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\SYS\SYS.inf(35-35): warning 2083: Section [defaultuninstall] not referenced or used.
5 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\SYS\SYS.inf(38-38): warning 2083: Section [defaultuninstall.services] not referenced or used.
6 | Main.c
7 | LINK : /LTCG를 지정했지만 코드를 생성할 필요가 없습니다. 명령줄에서 /LTCG를 제거하면 링커 성능이 향상됩니다.
8 | SYS.vcxproj -> C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MSX-Release\stscae64.sys
9 | Done Adding Additional Store
10 | Successfully signed: C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MSX-Release\stscae64.sys
11 |
12 |
--------------------------------------------------------------------------------
/msx-svc/Release/vc.nativecodeanalysis.all.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-svc\
4 | main.cpp
5 | 221
6 | 12
7 |
8 | 6278
9 | 'msg'이(가) 배열 new []를 사용해 할당되었지만 스칼라 delete로 삭제되었으므로 소멸자가 호출되지 않습니다.
10 | _tmain_service
11 | ?_tmain_service@@YAHHPAPAD@Z
12 | 133
13 |
14 |
15 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-svc\
16 | main.cpp
17 | 207
18 | 10
19 |
20 |
21 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-svc\
22 | main.cpp
23 | 221
24 | 12
25 |
26 |
27 |
--------------------------------------------------------------------------------
/MAIN/Properties/Settings.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // 이 코드는 도구를 사용하여 생성되었습니다.
4 | // 런타임 버전:4.0.30319.42000
5 | //
6 | // 파일 내용을 변경하면 잘못된 동작이 발생할 수 있으며, 코드를 다시 생성하면
7 | // 이러한 변경 내용이 손실됩니다.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace MAIN.Properties {
12 |
13 |
14 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
15 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "14.0.0.0")]
16 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase {
17 |
18 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
19 |
20 | public static Settings Default {
21 | get {
22 | return defaultInstance;
23 | }
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/msx-svc/Release/main.nativecodeanalysis.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-svc\
6 | main.cpp
7 | 221
8 | 12
9 |
10 | 6278
11 | 'msg'이(가) 배열 new []를 사용해 할당되었지만 스칼라 delete로 삭제되었으므로 소멸자가 호출되지 않습니다.
12 | _tmain_service
13 | ?_tmain_service@@YAHHPAPAD@Z
14 | 133
15 |
16 |
17 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-svc\
18 | main.cpp
19 | 207
20 | 10
21 |
22 |
23 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-svc\
24 | main.cpp
25 | 221
26 | 12
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/MAIN/Settings.cs:
--------------------------------------------------------------------------------
1 | namespace MAIN.Properties {
2 |
3 |
4 | // 이 클래스를 사용하여 설정 클래스에 대한 특정 이벤트를 처리할 수 있습니다.
5 | // SettingChanging 이벤트는 설정 값이 변경되기 전에 발생합니다.
6 | // PropertyChanged 이벤트는 설정 값이 변경된 후에 발생합니다.
7 | // SettingsLoaded 이벤트는 설정 값이 로드된 후에 발생합니다.
8 | // SettingsSaving 이벤트는 설정 값이 저장되기 전에 발생합니다.
9 | internal sealed partial class Settings {
10 |
11 | public Settings() {
12 | // // 설정을 저장 및 변경하기 위한 이벤트 처리기를 추가하려면 아래 줄에서 주석 처리를 제거하십시오.
13 | //
14 | // this.SettingChanging += this.SettingChangingEventHandler;
15 | //
16 | // this.SettingsSaving += this.SettingsSavingEventHandler;
17 | //
18 | }
19 |
20 | private void SettingChangingEventHandler(object sender, System.Configuration.SettingChangingEventArgs e) {
21 | // SettingChangingEvent 이벤트를 처리하는 코드를 여기에 추가하세요.
22 | }
23 |
24 | private void SettingsSavingEventHandler(object sender, System.ComponentModel.CancelEventArgs e) {
25 | // SettingsSaving 이벤트를 처리하는 코드를 여기에 추가하십시오.
26 | }
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/MAIN/obj/Release/MAIN.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MSX\MAIN.exe.config
2 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MSX\MAIN.exe
3 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MAIN\obj\Release\MAIN.Form1.resources
4 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MAIN\obj\Release\MAIN.Form2.resources
5 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MAIN\obj\Release\MAIN.Properties.Resources.resources
6 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MAIN\obj\Release\MAIN.csproj.GenerateResource.Cache
7 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MAIN\obj\Release\MAIN.exe
8 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MSX\Release\MAIN.exe.config
9 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MSX\Release\MAIN.exe
10 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MSX-Release\MAIN.exe.config
11 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MSX-Release\MAIN.exe
12 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MAIN\obj\Release\MAIN.csprojResolveAssemblyReference.cache
13 |
--------------------------------------------------------------------------------
/MAIN/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Windows.Forms;
5 | using System.Runtime.InteropServices;
6 | namespace MAIN
7 | {
8 | static class Program
9 | {
10 | ///
11 | /// 해당 응용 프로그램의 주 진입점입니다.
12 | ///
13 | ///
14 | [DllImport("kernel32.dll", EntryPoint = "LoadLibrary")]
15 | static extern IntPtr LoadLibrary([MarshalAs(UnmanagedType.LPStr)] String lpLibFileName);
16 |
17 | [DllImport("kernel32.dll", EntryPoint = "GetProcAddress")]
18 | static extern IntPtr GetProcAddress(int hModule, [MarshalAs(UnmanagedType.LPStr)] string lpProcName);
19 |
20 | [DllImport("kernel32.dll", EntryPoint = "FreeLibrary")]
21 | static extern IntPtr FreeLibrary(int hModule);
22 |
23 | [STAThread]
24 | static void Main()
25 | {
26 | Application.EnableVisualStyles();
27 | Application.SetCompatibleTextRenderingDefault(false);
28 |
29 | IntPtr hModule;
30 | hModule = LoadLibrary("MSX_DLL.dll");
31 |
32 | Application.Run(new Form1());
33 | }
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/MAIN/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // 어셈블리에 대한 일반 정보는 다음 특성 집합을 통해
6 | // 제어됩니다. 어셈블리와 관련된 정보를 수정하려면
7 | // 이러한 특성 값을 변경하세요.
8 | [assembly: AssemblyTitle("MAIN")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("MAIN")]
13 | [assembly: AssemblyCopyright("Copyright © 2017")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // ComVisible을 false로 설정하면 이 어셈블리의 형식이 COM 구성 요소에
18 | // 표시되지 않습니다. COM에서 이 어셈블리의 형식에 액세스하려면
19 | // 해당 형식에 대해 ComVisible 특성을 true로 설정하세요.
20 | [assembly: ComVisible(false)]
21 |
22 | // 이 프로젝트가 COM에 노출되는 경우 다음 GUID는 typelib의 ID를 나타냅니다.
23 | [assembly: Guid("c35ce52a-286b-4e59-85ac-fdff0993edf2")]
24 |
25 | // 어셈블리의 버전 정보는 다음 네 가지 값으로 구성됩니다.
26 | //
27 | // 주 버전
28 | // 부 버전
29 | // 빌드 번호
30 | // 수정 버전
31 | //
32 | // 모든 값을 지정하거나 아래와 같이 '*'를 사용하여 빌드 번호 및 수정 번호가 자동으로
33 | // 지정되도록 할 수 있습니다.
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/MSX_DLL/MSX_DLL.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | 소스 파일
20 |
21 |
22 | 소스 파일
23 |
24 |
25 |
26 |
27 | 헤더 파일
28 |
29 |
30 |
--------------------------------------------------------------------------------
/MSX_DLL/x64/Release/MSX_DLL.Build.CppClean.log:
--------------------------------------------------------------------------------
1 | c:\users\kang\documents\visual studio 2015\projects\msx\msx_dll\x64\release\vc140.pdb
2 | c:\users\kang\documents\visual studio 2015\projects\msx\msx_dll\x64\release\loader.obj
3 | c:\users\kang\documents\visual studio 2015\projects\msx\msx_dll\x64\release\main.obj
4 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-release\msx_dll.dll
5 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-release\msx_dll.lib
6 | c:\users\kang\documents\visual studio 2015\projects\msx\msx-release\msx_dll.exp
7 | c:\users\kang\documents\visual studio 2015\projects\msx\msx_dll\x64\release\msx_dll.tlog\cl.command.1.tlog
8 | c:\users\kang\documents\visual studio 2015\projects\msx\msx_dll\x64\release\msx_dll.tlog\cl.read.1.tlog
9 | c:\users\kang\documents\visual studio 2015\projects\msx\msx_dll\x64\release\msx_dll.tlog\cl.write.1.tlog
10 | c:\users\kang\documents\visual studio 2015\projects\msx\msx_dll\x64\release\msx_dll.tlog\link.command.1.tlog
11 | c:\users\kang\documents\visual studio 2015\projects\msx\msx_dll\x64\release\msx_dll.tlog\link.read.1.tlog
12 | c:\users\kang\documents\visual studio 2015\projects\msx\msx_dll\x64\release\msx_dll.tlog\link.write.1.tlog
13 | c:\users\kang\documents\visual studio 2015\projects\msx\msx_dll\x64\release\msx_dll.tlog\msx_dll.write.1u.tlog
14 |
--------------------------------------------------------------------------------
/msx-svc/msx-svc.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | 소스 파일
20 |
21 |
22 | 소스 파일
23 |
24 |
25 |
26 |
27 | 헤더 파일
28 |
29 |
30 | 헤더 파일
31 |
32 |
33 |
--------------------------------------------------------------------------------
/msx-svc/main.h:
--------------------------------------------------------------------------------
1 | #pragma pack(1)
2 |
3 | #pragma comment(lib,"FltLib")
4 | typedef struct _SCANNER_NOTIFICATION {
5 |
6 | BOOL bCreate;
7 | ULONG Reserved; // for quad-word alignement of the Contents structure
8 | UCHAR ProcessName[MAX_PATH];
9 |
10 | } SCANNER_NOTIFICATION, *PSCANNER_NOTIFICATION;
11 |
12 | typedef struct _SCANNER_REPLY {
13 |
14 | BOOLEAN SafeToOpen;
15 | UCHAR ReplyMsg[MAX_PATH];
16 |
17 | } SCANNER_REPLY, *PSCANNER_REPLY;
18 |
19 | typedef struct _SCANNER_MESSAGE
20 | {
21 |
22 | //
23 | // Required structure header.
24 | //
25 |
26 | FILTER_MESSAGE_HEADER MessageHeader;
27 |
28 |
29 | //
30 | // Private scanner-specific fields begin here.
31 | //
32 |
33 | SCANNER_NOTIFICATION Notification;
34 |
35 | //
36 | // Overlapped structure: this is not really part of the message
37 | // However we embed it instead of using a separately allocated overlap structure
38 | //
39 |
40 | OVERLAPPED Ovlp;
41 |
42 | } SCANNER_MESSAGE, *PSCANNER_MESSAGE;
43 |
44 | typedef struct _SCANNER_REPLY_MESSAGE {
45 |
46 | //
47 | // Required structure header.
48 | //
49 |
50 | FILTER_REPLY_HEADER ReplyHeader;
51 |
52 | //
53 | // Private scanner-specific fields begin here.
54 | //
55 |
56 | SCANNER_REPLY Reply;
57 |
58 | } SCANNER_REPLY_MESSAGE, *PSCANNER_REPLY_MESSAGE;
--------------------------------------------------------------------------------
/LIB/lua-5.3.3_Win32_vc14_lib/include/lualib.h:
--------------------------------------------------------------------------------
1 | /*
2 | ** $Id: lualib.h,v 1.44 2014/02/06 17:32:33 roberto Exp $
3 | ** Lua standard libraries
4 | ** See Copyright Notice in lua.h
5 | */
6 |
7 |
8 | #ifndef lualib_h
9 | #define lualib_h
10 |
11 | #include "lua.h"
12 |
13 |
14 |
15 | LUAMOD_API int (luaopen_base) (lua_State *L);
16 |
17 | #define LUA_COLIBNAME "coroutine"
18 | LUAMOD_API int (luaopen_coroutine) (lua_State *L);
19 |
20 | #define LUA_TABLIBNAME "table"
21 | LUAMOD_API int (luaopen_table) (lua_State *L);
22 |
23 | #define LUA_IOLIBNAME "io"
24 | LUAMOD_API int (luaopen_io) (lua_State *L);
25 |
26 | #define LUA_OSLIBNAME "os"
27 | LUAMOD_API int (luaopen_os) (lua_State *L);
28 |
29 | #define LUA_STRLIBNAME "string"
30 | LUAMOD_API int (luaopen_string) (lua_State *L);
31 |
32 | #define LUA_UTF8LIBNAME "utf8"
33 | LUAMOD_API int (luaopen_utf8) (lua_State *L);
34 |
35 | #define LUA_BITLIBNAME "bit32"
36 | LUAMOD_API int (luaopen_bit32) (lua_State *L);
37 |
38 | #define LUA_MATHLIBNAME "math"
39 | LUAMOD_API int (luaopen_math) (lua_State *L);
40 |
41 | #define LUA_DBLIBNAME "debug"
42 | LUAMOD_API int (luaopen_debug) (lua_State *L);
43 |
44 | #define LUA_LOADLIBNAME "package"
45 | LUAMOD_API int (luaopen_package) (lua_State *L);
46 |
47 |
48 | /* open all previous libraries */
49 | LUALIB_API void (luaL_openlibs) (lua_State *L);
50 |
51 |
52 |
53 | #if !defined(lua_assert)
54 | #define lua_assert(x) ((void)0)
55 | #endif
56 |
57 |
58 | #endif
59 |
--------------------------------------------------------------------------------
/LIB/lua-5.3.4_Win64_vc14_lib/include/lualib.h:
--------------------------------------------------------------------------------
1 | /*
2 | ** $Id: lualib.h,v 1.45 2017/01/12 17:14:26 roberto Exp $
3 | ** Lua standard libraries
4 | ** See Copyright Notice in lua.h
5 | */
6 |
7 |
8 | #ifndef lualib_h
9 | #define lualib_h
10 |
11 | #include "lua.h"
12 |
13 |
14 | /* version suffix for environment variable names */
15 | #define LUA_VERSUFFIX "_" LUA_VERSION_MAJOR "_" LUA_VERSION_MINOR
16 |
17 |
18 | LUAMOD_API int (luaopen_base) (lua_State *L);
19 |
20 | #define LUA_COLIBNAME "coroutine"
21 | LUAMOD_API int (luaopen_coroutine) (lua_State *L);
22 |
23 | #define LUA_TABLIBNAME "table"
24 | LUAMOD_API int (luaopen_table) (lua_State *L);
25 |
26 | #define LUA_IOLIBNAME "io"
27 | LUAMOD_API int (luaopen_io) (lua_State *L);
28 |
29 | #define LUA_OSLIBNAME "os"
30 | LUAMOD_API int (luaopen_os) (lua_State *L);
31 |
32 | #define LUA_STRLIBNAME "string"
33 | LUAMOD_API int (luaopen_string) (lua_State *L);
34 |
35 | #define LUA_UTF8LIBNAME "utf8"
36 | LUAMOD_API int (luaopen_utf8) (lua_State *L);
37 |
38 | #define LUA_BITLIBNAME "bit32"
39 | LUAMOD_API int (luaopen_bit32) (lua_State *L);
40 |
41 | #define LUA_MATHLIBNAME "math"
42 | LUAMOD_API int (luaopen_math) (lua_State *L);
43 |
44 | #define LUA_DBLIBNAME "debug"
45 | LUAMOD_API int (luaopen_debug) (lua_State *L);
46 |
47 | #define LUA_LOADLIBNAME "package"
48 | LUAMOD_API int (luaopen_package) (lua_State *L);
49 |
50 |
51 | /* open all previous libraries */
52 | LUALIB_API void (luaL_openlibs) (lua_State *L);
53 |
54 |
55 |
56 | #if !defined(lua_assert)
57 | #define lua_assert(x) ((void)0)
58 | #endif
59 |
60 |
61 | #endif
62 |
--------------------------------------------------------------------------------
/MSX_DLL/Win32/Release/MSX_DLL.log:
--------------------------------------------------------------------------------
1 | C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\V140\Microsoft.CppBuild.targets(368,5): warning MSB8004: Output Directory does not end with a trailing slash. This build instance will add the slash as it is required to allow proper evaluation of the Output Directory.
2 | Main.cpp
3 | Main.cpp(90): warning C4996: 'strcat': This function or variable may be unsafe. Consider using strcat_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
4 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\string.h(90): note: 'strcat' 선언을 참조하십시오.
5 | Main.cpp(221): warning C4996: 'wcscpy': This function or variable may be unsafe. Consider using wcscpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
6 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\corecrt_wstring.h(121): note: 'wcscpy' 선언을 참조하십시오.
7 | Main.cpp(233): warning C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
8 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\stdio.h(1769): note: 'sprintf' 선언을 참조하십시오.
9 | Main.cpp(260): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
10 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\string.h(119): note: 'strcpy' 선언을 참조하십시오.
11 | Loader.obj : /GL로 컴파일한 MSIL .netmodule 또는 모듈이 있습니다. /LTCG를 지정하여 링크를 다시 시작하십시오. /LTCG를 링크 명령줄에 추가하면 링커 성능이 향상됩니다.
12 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MSX-Release\MSX_DLL32.lib 라이브러리 및 C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MSX-Release\MSX_DLL32.exp 개체를 생성하고 있습니다.
13 | 코드를 생성하고 있습니다.
14 | 코드를 생성했습니다.
15 | MSX_DLL.vcxproj -> C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MSX-Release\MSX_DLL32.dll
16 |
--------------------------------------------------------------------------------
/MSX-Release/InstDvr/README.TXT:
--------------------------------------------------------------------------------
1 | Using InstDrv
2 | -------------
3 |
4 | InstDrv has an interactive mode and a command line mode. If you start InstDrv
5 | without parameters, you will run interactive mode.
6 |
7 | In the interactive mode, you can type the full path of the driver and then
8 | install it, start it, stop it or remove it. When installing the driver in
9 | interactive mode, the driver is installed as "start on demand", meaning that
10 | after a reboot, you must restart the driver manually. This is convenient during
11 | development of the driver.
12 |
13 | In command line mode, you pass the name of the driver (preferably including
14 | its full path) and one or more options on the command line. The options are:
15 | /i install the driver
16 | /u remove (uninstall) the driver
17 | /s silent: no popup messages case of errors
18 | /? shows a help screen and then exits; other command line
19 | parameters are ignored
20 |
21 | Example:
22 | instdrv /i /s c:\graphapp\drivers\vretrace.sys
23 |
24 | In command line mode with the "/i" option, InstDrv installs the driver in
25 | "auto start" mode, so that the driver is automatically started after each
26 | reboot.
27 |
28 | If an error occurs in command line mode, it switches to interactive mode,
29 | unless the option "/s" was set. If you do not give an "/i" or "/u" options,
30 | the utility also switches to command line mode --again, unless you set the
31 | "/s" options. The "/s" option is therefore useful for a silent installation
32 | of the driver.
33 |
34 |
35 | Acknowledgements
36 | ----------------
37 | InstDrv is a minor adaption from the LoadDrv utility that Paula Tomlinson
38 | published in the article "Dynamically Loading Drivers in Windows NT" in
39 | Windows Developer's Journal, May 1995. Source code for the LoadDrv utility
40 | is still available through www.wdj.com.
41 |
42 |
43 | License
44 | -------
45 | You are granted the right to use and distribute the InstDrv program in every
46 | way that you see fit, provided that you agree not to hold me responsible for
47 | any malfunction or damage that its use could cause.
48 |
49 |
--------------------------------------------------------------------------------
/DLL/DLL.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | 소스 파일
20 |
21 |
22 | 소스 파일
23 |
24 |
25 | 소스 파일
26 |
27 |
28 | 소스 파일
29 |
30 |
31 |
32 |
33 | 헤더 파일
34 |
35 |
36 | 헤더 파일
37 |
38 |
39 | 헤더 파일
40 |
41 |
42 | 헤더 파일
43 |
44 |
45 | 헤더 파일
46 |
47 |
48 |
49 |
50 | 리소스 파일
51 |
52 |
53 |
54 |
55 | 리소스 파일
56 |
57 |
58 |
59 |
60 | 소스 파일
61 |
62 |
63 |
--------------------------------------------------------------------------------
/SYS/SYS.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {8E41214B-6785-4CFE-B992-037D68949A14}
18 | inf;inv;inx;mof;mc;
19 |
20 |
21 |
22 |
23 | Source Files
24 |
25 |
26 | Source Files
27 |
28 |
29 | Source Files
30 |
31 |
32 | Source Files
33 |
34 |
35 |
36 |
37 | Header Files
38 |
39 |
40 | Header Files
41 |
42 |
43 | Header Files
44 |
45 |
46 | Header Files
47 |
48 |
49 | Header Files
50 |
51 |
52 |
53 |
54 | Driver Files
55 |
56 |
57 |
58 |
59 | Resource Files
60 |
61 |
62 |
--------------------------------------------------------------------------------
/msx-svc/Release/msx-svc.log:
--------------------------------------------------------------------------------
1 | C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\V140\Microsoft.CppBuild.targets(368,5): warning MSB8004: Output Directory does not end with a trailing slash. This build instance will add the slash as it is required to allow proper evaluation of the Output Directory.
2 | main.cpp
3 | main.cpp(103): warning C4995: 'sprintf': 이름이 #pragma deprecated로 표시되었습니다.
4 | main.cpp(103): warning C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
5 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\stdio.h(1769): note: 'sprintf' 선언을 참조하십시오.
6 | main.cpp(211): warning C4995: 'wcscpy': 이름이 #pragma deprecated로 표시되었습니다.
7 | main.cpp(211): warning C4996: 'wcscpy': This function or variable may be unsafe. Consider using wcscpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
8 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\corecrt_wstring.h(121): note: 'wcscpy' 선언을 참조하십시오.
9 | main.cpp(226): warning C4995: 'sprintf': 이름이 #pragma deprecated로 표시되었습니다.
10 | main.cpp(226): warning C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
11 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\stdio.h(1769): note: 'sprintf' 선언을 참조하십시오.
12 | main.cpp(257): warning C4995: 'strcpy': 이름이 #pragma deprecated로 표시되었습니다.
13 | main.cpp(257): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
14 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\string.h(119): note: 'strcpy' 선언을 참조하십시오.
15 | main.cpp(329): warning C4995: 'strcat': 이름이 #pragma deprecated로 표시되었습니다.
16 | main.cpp(329): warning C4996: 'strcat': This function or variable may be unsafe. Consider using strcat_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
17 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\string.h(90): note: 'strcat' 선언을 참조하십시오.
18 | 코드를 생성하고 있습니다.
19 | 코드를 생성했습니다.
20 | msx-svc.vcxproj -> C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MSX-Release\msx-svc.exe
21 |
--------------------------------------------------------------------------------
/SYS/ObCallBack.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include
4 | #include
5 | #include
6 | #include
7 |
8 | typedef struct _OBJECT_TYPE_INITIALIZER
9 | {
10 | UINT16 Length;
11 | union
12 | {
13 | UINT8 ObjectTypeFlags;
14 | struct
15 | {
16 | UINT8 CaseInsensitive : 1; UINT8 UnnamedObjectsOnly : 1; UINT8 UseDefaultObject : 1; UINT8 SecurityRequired : 1; UINT8 MaintainHandleCount : 1; UINT8 MaintainTypeList : 1; UINT8 SupportsObjectCallbacks : 1;
17 | };
18 | };
19 | ULONG32 ObjectTypeCode;
20 | ULONG32 InvalidAttributes;
21 | struct _GENERIC_MAPPING GenericMapping;
22 | ULONG32 ValidAccessMask;
23 | ULONG32 RetainAccess;
24 | enum _POOL_TYPE PoolType;
25 | ULONG32 DefaultPagedPoolCharge;
26 | ULONG32 DefaultNonPagedPoolCharge;
27 | PVOID DumpProcedure;
28 | PVOID OpenProcedure;
29 | PVOID CloseProcedure;
30 | PVOID DeleteProcedure;
31 | PVOID ParseProcedure;
32 | PVOID SecurityProcedure;
33 | PVOID QueryNameProcedure;
34 | PVOID OkayToCloseProcedure;
35 | }OBJECT_TYPE_INITIALIZER, *POBJECT_TYPE_INITIALIZER;
36 |
37 |
38 | typedef struct _OBJECT_TYPE_TEMP
39 | {
40 | struct _LIST_ENTRY TypeList;
41 | struct _UNICODE_STRING Name;
42 | VOID* DefaultObject;
43 | UINT8 Index;
44 | UINT8 _PADDING0_[0x3];
45 | ULONG32 TotalNumberOfObjects;
46 | ULONG32 TotalNumberOfHandles;
47 | ULONG32 HighWaterNumberOfObjects;
48 | ULONG32 HighWaterNumberOfHandles;
49 | UINT8 _PADDING1_[0x4];
50 | struct _OBJECT_TYPE_INITIALIZER TypeInfo;
51 | ULONG64 TypeLock;
52 | ULONG32 Key;
53 | UINT8 _PADDING2_[0x4];
54 | struct _LIST_ENTRY CallbackList;
55 | }OBJECT_TYPE_TEMP, *POBJECT_TYPE_TEMP;
56 |
57 | UNICODE_STRING GetFilePathByFileObject(PVOID FileObject);
58 | NTSTATUS UnOb();
--------------------------------------------------------------------------------
/MAIN/Properties/Resources.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // 이 코드는 도구를 사용하여 생성되었습니다.
4 | // 런타임 버전:4.0.30319.42000
5 | //
6 | // 파일 내용을 변경하면 잘못된 동작이 발생할 수 있으며, 코드를 다시 생성하면
7 | // 이러한 변경 내용이 손실됩니다.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace MAIN.Properties {
12 | using System;
13 |
14 |
15 | ///
16 | /// 지역화된 문자열 등을 찾기 위한 강력한 형식의 리소스 클래스입니다.
17 | ///
18 | // 이 클래스는 ResGen 또는 Visual Studio와 같은 도구를 통해 StronglyTypedResourceBuilder
19 | // 클래스에서 자동으로 생성되었습니다.
20 | // 멤버를 추가하거나 제거하려면 .ResX 파일을 편집한 다음 /str 옵션을 사용하여 ResGen을
21 | // 다시 실행하거나 VS 프로젝트를 다시 빌드하십시오.
22 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
23 | [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
24 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
25 | internal class Resources {
26 |
27 | private static global::System.Resources.ResourceManager resourceMan;
28 |
29 | private static global::System.Globalization.CultureInfo resourceCulture;
30 |
31 | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
32 | internal Resources() {
33 | }
34 |
35 | ///
36 | /// 이 클래스에서 사용하는 캐시된 ResourceManager 인스턴스를 반환합니다.
37 | ///
38 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
39 | internal static global::System.Resources.ResourceManager ResourceManager {
40 | get {
41 | if (object.ReferenceEquals(resourceMan, null)) {
42 | global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("MAIN.Properties.Resources", typeof(Resources).Assembly);
43 | resourceMan = temp;
44 | }
45 | return resourceMan;
46 | }
47 | }
48 |
49 | ///
50 | /// 이 강력한 형식의 리소스 클래스를 사용하여 모든 리소스 조회에 대한 현재 스레드의 CurrentUICulture
51 | /// 속성을 재정의합니다.
52 | ///
53 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
54 | internal static global::System.Globalization.CultureInfo Culture {
55 | get {
56 | return resourceCulture;
57 | }
58 | set {
59 | resourceCulture = value;
60 | }
61 | }
62 | }
63 | }
64 |
--------------------------------------------------------------------------------
/MAIN/Properties/app.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
48 |
55 |
56 |
70 |
--------------------------------------------------------------------------------
/SYS/SYS.inf:
--------------------------------------------------------------------------------
1 | ;;;
2 | ;;; stscae64
3 | ;;;
4 |
5 | [Version]
6 | Signature = "$Windows NT$"
7 | ; TODO - Change the Class and ClassGuid to match the Load Order Group value, see https://msdn.microsoft.com/en-us/windows/hardware/gg462963
8 | Class = "ActivityMonitor" ;This is determined by the work this filter driver does
9 | ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2} ;This value is determined by the Load Order Group value
10 | ;Class = "_TODO_Change_Class_appropriately_"
11 | ;ClassGuid = {_TODO_Change_ClassGuid_appropriately_}
12 | Provider = %ManufacturerName%
13 | DriverVer =
14 | CatalogFile = stscae64.cat
15 |
16 | [DestinationDirs]
17 | DefaultDestDir = 12
18 | MiniFilter.DriverFiles = 12 ;%windir%\system32\drivers
19 |
20 | ;;
21 | ;; Default install sections
22 | ;;
23 |
24 | [DefaultInstall]
25 | OptionDesc = %ServiceDescription%
26 | CopyFiles = MiniFilter.DriverFiles
27 |
28 | [DefaultInstall.Services]
29 | AddService = %ServiceName%,,MiniFilter.Service
30 |
31 | ;;
32 | ;; Default uninstall sections
33 | ;;
34 |
35 | [DefaultUninstall]
36 | DelFiles = MiniFilter.DriverFiles
37 |
38 | [DefaultUninstall.Services]
39 | DelService = %ServiceName%,0x200 ;Ensure service is stopped before deleting
40 |
41 | ;
42 | ; Services Section
43 | ;
44 |
45 | [MiniFilter.Service]
46 | DisplayName = %ServiceName%
47 | Description = %ServiceDescription%
48 | ServiceBinary = %12%\%DriverName%.sys ;%windir%\system32\drivers\
49 | Dependencies = "FltMgr"
50 | ServiceType = 2 ;SERVICE_FILE_SYSTEM_DRIVER
51 | StartType = 3 ;SERVICE_DEMAND_START
52 | ErrorControl = 1 ;SERVICE_ERROR_NORMAL
53 | ; TODO - Change the Load Order Group value
54 | ; LoadOrderGroup = "FSFilter Activity Monitor"
55 | LoadOrderGroup = "stscae64"
56 | AddReg = MiniFilter.AddRegistry
57 |
58 | ;
59 | ; Registry Modifications
60 | ;
61 |
62 | [MiniFilter.AddRegistry]
63 | HKR,,"DebugFlags",0x00010001 ,0x0
64 | HKR,,"SupportedFeatures",0x00010001,0x3
65 | HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
66 | HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
67 | HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
68 |
69 | ;
70 | ; Copy Files
71 | ;
72 |
73 | [MiniFilter.DriverFiles]
74 | %DriverName%.sys
75 |
76 | [SourceDisksFiles]
77 | stscae64.sys = 1,,
78 |
79 | [SourceDisksNames]
80 | 1 = %DiskId1%,,,
81 |
82 | ;;
83 | ;; String Section
84 | ;;
85 |
86 | [Strings]
87 | ; TODO - Add your manufacturer
88 | ManufacturerName = "Template"
89 | ServiceDescription = "stscae64 Mini-Filter Driver"
90 | ServiceName = "stscae64"
91 | DriverName = "stscae64"
92 | DiskId1 = "stscae64 Device Installation Disk"
93 |
94 | ;Instances specific information.
95 | DefaultInstance = "stscae64 Instance"
96 | Instance1.Name = "stscae64 Instance"
97 | ; TODO - Change the altitude value, see https://msdn.microsoft.com/en-us/windows/hardware/drivers/ifs/load-order-groups-and-altitudes-for-minifilter-drivers
98 | Instance1.Altitude = "370040"
99 | Instance1.Flags = 0x0 ; Allow all attachments
100 |
--------------------------------------------------------------------------------
/SYS/x64/Release/SYS.inf:
--------------------------------------------------------------------------------
1 | ;;;
2 | ;;; stscae64
3 | ;;;
4 |
5 | [Version]
6 | Signature = "$Windows NT$"
7 | ; TODO - Change the Class and ClassGuid to match the Load Order Group value, see https://msdn.microsoft.com/en-us/windows/hardware/gg462963
8 | Class = "ActivityMonitor" ;This is determined by the work this filter driver does
9 | ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2} ;This value is determined by the Load Order Group value
10 | ;Class = "_TODO_Change_Class_appropriately_"
11 | ;ClassGuid = {_TODO_Change_ClassGuid_appropriately_}
12 | Provider = %ManufacturerName%
13 | DriverVer = 03/19/2018,0.1.51.811
14 | CatalogFile = stscae64.cat
15 |
16 | [DestinationDirs]
17 | DefaultDestDir = 12
18 | MiniFilter.DriverFiles = 12 ;%windir%\system32\drivers
19 |
20 | ;;
21 | ;; Default install sections
22 | ;;
23 |
24 | [DefaultInstall]
25 | OptionDesc = %ServiceDescription%
26 | CopyFiles = MiniFilter.DriverFiles
27 |
28 | [DefaultInstall.Services]
29 | AddService = %ServiceName%,,MiniFilter.Service
30 |
31 | ;;
32 | ;; Default uninstall sections
33 | ;;
34 |
35 | [DefaultUninstall]
36 | DelFiles = MiniFilter.DriverFiles
37 |
38 | [DefaultUninstall.Services]
39 | DelService = %ServiceName%,0x200 ;Ensure service is stopped before deleting
40 |
41 | ;
42 | ; Services Section
43 | ;
44 |
45 | [MiniFilter.Service]
46 | DisplayName = %ServiceName%
47 | Description = %ServiceDescription%
48 | ServiceBinary = %12%\%DriverName%.sys ;%windir%\system32\drivers\
49 | Dependencies = "FltMgr"
50 | ServiceType = 2 ;SERVICE_FILE_SYSTEM_DRIVER
51 | StartType = 3 ;SERVICE_DEMAND_START
52 | ErrorControl = 1 ;SERVICE_ERROR_NORMAL
53 | ; TODO - Change the Load Order Group value
54 | ; LoadOrderGroup = "FSFilter Activity Monitor"
55 | LoadOrderGroup = "stscae64"
56 | AddReg = MiniFilter.AddRegistry
57 |
58 | ;
59 | ; Registry Modifications
60 | ;
61 |
62 | [MiniFilter.AddRegistry]
63 | HKR,,"DebugFlags",0x00010001 ,0x0
64 | HKR,,"SupportedFeatures",0x00010001,0x3
65 | HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
66 | HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
67 | HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
68 |
69 | ;
70 | ; Copy Files
71 | ;
72 |
73 | [MiniFilter.DriverFiles]
74 | %DriverName%.sys
75 |
76 | [SourceDisksFiles]
77 | stscae64.sys = 1,,
78 |
79 | [SourceDisksNames]
80 | 1 = %DiskId1%,,,
81 |
82 | ;;
83 | ;; String Section
84 | ;;
85 |
86 | [Strings]
87 | ; TODO - Add your manufacturer
88 | ManufacturerName = "Template"
89 | ServiceDescription = "stscae64 Mini-Filter Driver"
90 | ServiceName = "stscae64"
91 | DriverName = "stscae64"
92 | DiskId1 = "stscae64 Device Installation Disk"
93 |
94 | ;Instances specific information.
95 | DefaultInstance = "stscae64 Instance"
96 | Instance1.Name = "stscae64 Instance"
97 | ; TODO - Change the altitude value, see https://msdn.microsoft.com/en-us/windows/hardware/drivers/ifs/load-order-groups-and-altitudes-for-minifilter-drivers
98 | Instance1.Altitude = "370040"
99 | Instance1.Flags = 0x0 ; Allow all attachments
100 |
--------------------------------------------------------------------------------
/DLL/Release/DLL.log:
--------------------------------------------------------------------------------
1 | C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\V140\Microsoft.CppBuild.targets(368,5): warning MSB8004: Output Directory does not end with a trailing slash. This build instance will add the slash as it is required to allow proper evaluation of the Output Directory.
2 | hook_api.cpp
3 | hook_api.cpp(62): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
4 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\string.h(119): note: 'strcpy' 선언을 참조하십시오.
5 | hook_api.cpp(66): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
6 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\string.h(119): note: 'strcpy' 선언을 참조하십시오.
7 | hook_api.cpp(70): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
8 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\string.h(119): note: 'strcpy' 선언을 참조하십시오.
9 | hook_api.cpp(73): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
10 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\string.h(119): note: 'strcpy' 선언을 참조하십시오.
11 | main.cpp
12 | C:\Users\Kang\documents\visual studio 2015\Projects\MSX\LIB\MAD\madCHook.h : warning C4819: 현재 코드 페이지(949)에서 표시할 수 없는 문자가 파일에 들어 있습니다. 데이터가 손실되지 않게 하려면 해당 파일을 유니코드 형식으로 저장하십시오.
13 | main.cpp(31): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
14 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\stdio.h(205): note: 'fopen' 선언을 참조하십시오.
15 | main.cpp(76): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
16 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\string.h(119): note: 'strcpy' 선언을 참조하십시오.
17 | main.cpp(68): warning C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
18 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\stdio.h(1769): note: 'sprintf' 선언을 참조하십시오.
19 | stsc_lua.cpp
20 | stsc_lua.cpp(44): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
21 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\string.h(119): note: 'strcpy' 선언을 참조하십시오.
22 | stsc_lua.cpp(74): warning C4996: 'strcat': This function or variable may be unsafe. Consider using strcat_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
23 | C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\string.h(90): note: 'strcat' 선언을 참조하십시오.
24 | stsc_util.cpp
25 | stsc_util.cpp(118): warning C4996: 'GetVersionExW': deprecated로 선언되었습니다.
26 | C:\Program Files (x86)\Windows Kits\8.1\Include\um\sysinfoapi.h(442): note: 'GetVersionExW' 선언을 참조하십시오.
27 | 코드를 생성하고 있습니다.
28 | 코드를 생성했습니다.
29 | DLL.vcxproj -> C:\Users\Kang\documents\visual studio 2015\Projects\MSX\MSX-Release\stscae32.dll
30 |
--------------------------------------------------------------------------------
/DLL/hook_api.h:
--------------------------------------------------------------------------------
1 | #pragma comment(lib,"wininet.lib")
2 |
3 | #define SP 0 //Verbose
4 |
5 |
6 | #ifndef _HOOK_H_
7 | #define _HOOK_H_
8 |
9 |
10 | extern LPVOID(WINAPI *HeapAllocNext)(HANDLE hHeap,DWORD dwFlags,SIZE_T dwBytes);
11 | LPVOID WINAPI HeapAllocCallback(HANDLE hHeap,DWORD dwFlags,SIZE_T dwBytes);
12 |
13 | extern ULONG(WINAPI *CreateProcessWNext) (LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes,
14 | LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment,
15 | LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation);
16 | ULONG WINAPI CreateProcessWCallback(LPCWSTR lpApplicationName, LPWSTR lpCommandLine, LPSECURITY_ATTRIBUTES lpProcessAttributes,
17 | LPSECURITY_ATTRIBUTES lpThreadAttributes, BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment,
18 | LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation);
19 |
20 | extern UINT(WINAPI *WinExecNext)(LPCSTR lpCmdLine,UINT uCmdShow);
21 | UINT WINAPI WinExecCallback(LPCSTR lpCmdLine,UINT uCmdShow);
22 |
23 | extern HINSTANCE(WINAPI *ShellExecuteWNext)(HWND hwnd, LPCWSTR lpOperation, LPCWSTR lpFile, LPCWSTR lpParameters, LPCWSTR lpDirectory,INT nShowCmd);
24 | HINSTANCE ShellExecuteWCallback(HWND hwnd, LPCWSTR lpOperation, LPCWSTR lpFile, LPCWSTR lpParameters, LPCWSTR lpDirectory,INT nShowCmd);
25 |
26 | extern HMODULE(WINAPI *LoadLibraryExWNext)(LPCWSTR lpFileName, HANDLE hFile, DWORD dwFlags);
27 | HMODULE WINAPI LoadLibraryExWCallback(LPCWSTR lpFileName, HANDLE hFile, DWORD dwFlags);
28 |
29 | extern HMODULE (WINAPI *GetModuleHandleWNext)(LPCWSTR lpModuleName);
30 | HMODULE WINAPI GetModuleHandleWCallback(LPCWSTR lpModuleName);
31 |
32 | extern int (*systemNext)(const char *command);
33 | int systemCallback(const char *command);
34 |
35 | extern int (*_wsystemNext)(const wchar_t *command);
36 | int _wsystemCallback(const wchar_t *command);
37 |
38 | extern HRESULT (*URLDownloadToFileWNext)(LPUNKNOWN pCaller, LPCTSTR szURL, LPCWSTR szFileName, _Reserved_ DWORD dwReserved, LPBINDSTATUSCALLBACK lpfnCB);
39 | HRESULT URLDownloadToFileWCallback(LPUNKNOWN pCaller,LPCTSTR szURL,LPCWSTR szFileName,_Reserved_ DWORD dwReserved,LPBINDSTATUSCALLBACK lpfnCB);
40 |
41 | extern HRESULT (*URLDownloadToFileANext)(LPUNKNOWN pCaller, LPCTSTR szURL, LPCSTR szFileName, _Reserved_ DWORD dwReserved, LPBINDSTATUSCALLBACK lpfnCB);
42 | HRESULT URLDownloadToFileACallback(LPUNKNOWN pCaller, LPCTSTR szURL, LPCSTR szFileName, _Reserved_ DWORD dwReserved, LPBINDSTATUSCALLBACK lpfnCB);
43 |
44 | extern BOOL (WINAPI *InternetReadFileNext)(HINTERNET hFile, _Out_ LPVOID lpBuffer, DWORD dwNumberOfBytesToRead, _Out_ LPDWORD lpdwNumberOfBytesRead);
45 | BOOL WINAPI InternetReadFileCallback(HINTERNET hFile,_Out_ LPVOID lpBuffer, DWORD dwNumberOfBytesToRead,_Out_ LPDWORD lpdwNumberOfBytesRead);
46 |
47 | extern BOOL (WINAPI *InternetReadFileExWNext)( HINTERNET hFile, _Out_ LPINTERNET_BUFFERSW lpBuffersOut, DWORD dwFlags, DWORD_PTR dwContext);
48 | BOOL WINAPI InternetReadFileExWCallback( HINTERNET hFile,_Out_ LPINTERNET_BUFFERSW lpBuffersOut, DWORD dwFlags, DWORD_PTR dwContext);
49 |
50 | extern LPVOID(WINAPI *VirtualAllocNext)(LPVOID lpAddress,SIZE_T dwSize,DWORD flAllocationType,DWORD flProtect);
51 | LPVOID WINAPI VirtualAllocCallback(LPVOID lpAddress,SIZE_T dwSize,DWORD flAllocationType,DWORD flProtect);
52 |
53 | extern HANDLE (WINAPI *HeapCreateNext)(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize);
54 | HANDLE WINAPI HeapCreateCallback(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize);
55 |
56 | extern BOOL (WINAPI *WriteProcessMemoryNext)( HANDLE hProcess, LPVOID lpBaseAddress,LPCVOID lpBuffer, SIZE_T nSize,SIZE_T *lpNumberOfBytesWritten);
57 | BOOL WINAPI WriteProcessMemoryCallback(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesWritten);
58 |
59 | extern BOOL (WINAPI *VirtualProtectNext)(LPVOID lpAddress,SIZE_T dwSize, DWORD flNewProtect,PDWORD lpflOldProtect);
60 | BOOL WINAPI VirtualProtectCallback(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect);
61 |
62 | extern BOOL (WINAPI *SetProcessDEPPolicyNext)(DWORD dwFlags);
63 | BOOL WINAPI SetProcessDEPPolicyCallback(DWORD dwFlags);
64 |
65 | #endif
--------------------------------------------------------------------------------
/LIB/MAD/madCHook.def:
--------------------------------------------------------------------------------
1 | LIBRARY MADCHOOK.DLL
2 |
3 | EXPORTS
4 | HookCode@16 = HookCode @2;
5 | HookAPI@20 = HookAPI @3;
6 | UnhookCode@4 = UnhookCode @4;
7 | CreateProcessExA@44 = CreateProcessExA @5;
8 | AllocMemEx@8 = AllocMemEx @6;
9 | FreeMemEx@8 = FreeMemEx @7;
10 | CopyFunction@16 = CopyFunction @8;
11 | madCreateRemoteThread@28 = madCreateRemoteThread @9;
12 | InjectLibraryA@12 = InjectLibraryA @10;
13 | ProcessHandleToId@4 = ProcessHandleToId @11;
14 | CollectHooks@0 = CollectHooks @12;
15 | FlushHooks@0 = FlushHooks @13;
16 | CreateProcessExW@44 = CreateProcessExW @14;
17 | InjectLibraryW@12 = InjectLibraryW @15;
18 | UninjectLibraryA@12 = UninjectLibraryA @18;
19 | UninjectLibraryW@12 = UninjectLibraryW @19;
20 | AmUsingInputDesktop@0 = AmUsingInputDesktop @20;
21 | AmSystemProcess@0 = AmSystemProcess @21;
22 | RemoteExecute@20 = RemoteExecute @22;
23 | RenewHook@4 = RenewHook @23;
24 | GetCallingModule@4 = GetCallingModule @24;
25 | CreateGlobalMutex@4 = CreateGlobalMutex @27;
26 | OpenGlobalMutex@4 = OpenGlobalMutex @28;
27 | CreateGlobalFileMapping@8 = CreateGlobalFileMapping @29;
28 | OpenGlobalFileMapping@8 = OpenGlobalFileMapping @30;
29 | AnsiToWide@8 = AnsiToWide @31;
30 | WideToAnsi@8 = WideToAnsi @32;
31 | UnhookAPI@4 = UnhookAPI @33;
32 | CreateGlobalEvent@12 = CreateGlobalEvent @34;
33 | OpenGlobalEvent@4 = OpenGlobalEvent @35;
34 | CreateIpcQueue@8 = CreateIpcQueue @36;
35 | SendIpcMessage@28 = SendIpcMessage @37;
36 | DestroyIpcQueue@4 = DestroyIpcQueue @38;
37 | GetCurrentSessionId@0 = GetCurrentSessionId @40;
38 | GetInputSessionId@0 = GetInputSessionId @41;
39 | InjectLibrarySystemWideA@32 = InjectLibrarySystemWideA @42;
40 | InjectLibrarySystemWideW@32 = InjectLibrarySystemWideW @43;
41 | UninjectLibrarySystemWideA@32 = UninjectLibrarySystemWideA @44;
42 | UninjectLibrarySystemWideW@32 = UninjectLibrarySystemWideW @45;
43 | AddAccessForEveryone@8 = AddAccessForEveryone @46;
44 | CreateIpcQueueEx@16 = CreateIpcQueueEx @47;
45 | IsHookInUse@4 = IsHookInUse @48;
46 | AutoUnhook@4 = AutoUnhook @49;
47 | StaticLibHelper_Init@4 = StaticLibHelper_Init @52;
48 | StaticLibHelper_Final@4 = StaticLibHelper_Final @53;
49 | ThreadHandleToId@4 = ThreadHandleToId @54;
50 | SetMadCHookOption@8 = SetMadCHookOption @55;
51 | RestoreCode@4 = RestoreCode @56;
52 | ProcessIdToFileNameA@12 = ProcessIdToFileNameA @57;
53 | ProcessIdToFileNameW@12 = ProcessIdToFileNameW @58;
54 | InstallInjectionDriver@16 = InstallInjectionDriver @59;
55 | UninstallInjectionDriver@4 = UninstallInjectionDriver @60;
56 | LoadInjectionDriver@12 = LoadInjectionDriver @61;
57 | StopInjectionDriver@4 = StopInjectionDriver @62;
58 | StartInjectionDriver@4 = StartInjectionDriver @63;
59 | Is64bitOS@0 = Is64bitOS @64;
60 | Is64bitProcess@4 = Is64bitProcess @65;
61 | Is64bitModule@4 = Is64bitModule @66;
62 | IsInjectionDriverInstalled@4 = IsInjectionDriverInstalled @67;
63 | IsInjectionDriverRunning@4 = IsInjectionDriverRunning @68;
64 | UninjectAllLibrariesA@12 = UninjectAllLibrariesA @69;
65 | UninjectAllLibrariesW@12 = UninjectAllLibrariesW @70;
66 | SetInjectionMethod@8 = SetInjectionMethod @71;
67 |
--------------------------------------------------------------------------------
/MAIN/Form2.Designer.cs:
--------------------------------------------------------------------------------
1 | namespace MAIN
2 | {
3 | partial class Form2
4 | {
5 | ///
6 | /// Required designer variable.
7 | ///
8 | private System.ComponentModel.IContainer components = null;
9 |
10 | ///
11 | /// Clean up any resources being used.
12 | ///
13 | /// true if managed resources should be disposed; otherwise, false.
14 | protected override void Dispose(bool disposing)
15 | {
16 | if (disposing && (components != null))
17 | {
18 | components.Dispose();
19 | }
20 | base.Dispose(disposing);
21 | }
22 |
23 | #region Windows Form Designer generated code
24 |
25 | ///
26 | /// Required method for Designer support - do not modify
27 | /// the contents of this method with the code editor.
28 | ///
29 | private void InitializeComponent()
30 | {
31 | this.textBox1 = new System.Windows.Forms.TextBox();
32 | this.textBox2 = new System.Windows.Forms.TextBox();
33 | this.label1 = new System.Windows.Forms.Label();
34 | this.label2 = new System.Windows.Forms.Label();
35 | this.button1 = new System.Windows.Forms.Button();
36 | this.SuspendLayout();
37 | //
38 | // textBox1
39 | //
40 | this.textBox1.Location = new System.Drawing.Point(149, 50);
41 | this.textBox1.Name = "textBox1";
42 | this.textBox1.Size = new System.Drawing.Size(100, 25);
43 | this.textBox1.TabIndex = 0;
44 | //
45 | // textBox2
46 | //
47 | this.textBox2.Location = new System.Drawing.Point(149, 95);
48 | this.textBox2.Name = "textBox2";
49 | this.textBox2.Size = new System.Drawing.Size(100, 25);
50 | this.textBox2.TabIndex = 1;
51 | //
52 | // label1
53 | //
54 | this.label1.AutoSize = true;
55 | this.label1.Location = new System.Drawing.Point(12, 53);
56 | this.label1.Name = "label1";
57 | this.label1.Size = new System.Drawing.Size(134, 15);
58 | this.label1.TabIndex = 2;
59 | this.label1.Text = "Application Name : ";
60 | //
61 | // label2
62 | //
63 | this.label2.AutoSize = true;
64 | this.label2.Location = new System.Drawing.Point(27, 98);
65 | this.label2.Name = "label2";
66 | this.label2.Size = new System.Drawing.Size(118, 15);
67 | this.label2.TabIndex = 3;
68 | this.label2.Text = "Process Name : ";
69 | //
70 | // button1
71 | //
72 | this.button1.Location = new System.Drawing.Point(185, 141);
73 | this.button1.Name = "button1";
74 | this.button1.Size = new System.Drawing.Size(85, 43);
75 | this.button1.TabIndex = 4;
76 | this.button1.Text = "ADD";
77 | this.button1.UseVisualStyleBackColor = true;
78 | this.button1.Click += new System.EventHandler(this.button1_Click);
79 | //
80 | // Form2
81 | //
82 | this.AutoScaleDimensions = new System.Drawing.SizeF(8F, 15F);
83 | this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
84 | this.ClientSize = new System.Drawing.Size(282, 253);
85 | this.Controls.Add(this.button1);
86 | this.Controls.Add(this.label2);
87 | this.Controls.Add(this.label1);
88 | this.Controls.Add(this.textBox2);
89 | this.Controls.Add(this.textBox1);
90 | this.Name = "Form2";
91 | this.Text = "ADD_Form";
92 | this.Load += new System.EventHandler(this.Form2_Load);
93 | this.ResumeLayout(false);
94 | this.PerformLayout();
95 |
96 | }
97 |
98 | #endregion
99 |
100 | private System.Windows.Forms.TextBox textBox1;
101 | private System.Windows.Forms.TextBox textBox2;
102 | private System.Windows.Forms.Label label1;
103 | private System.Windows.Forms.Label label2;
104 | private System.Windows.Forms.Button button1;
105 | }
106 | }
--------------------------------------------------------------------------------
/SYS/Main.h:
--------------------------------------------------------------------------------
1 | #ifndef __MAIN__
2 | #define __MAIN__ 1
3 |
4 | #include
5 | #include
6 | #include
7 | //#include
8 | //#include /// Inc
9 | #include /// Inc
10 | //#include /// Inc
11 | //#include "memory_module.h"
12 |
13 |
14 | #define CALL_COMPLETE 0xC0371E7E
15 | #define POOL_TAG 'Inj'
16 | #define DPRINT(format, ...) DbgPrintEx(DPFLTR_IHVDRIVER_ID, DPFLTR_INFO_LEVEL, format, __VA_ARGS__)
17 |
18 |
19 | #define IOCTL_InitDriver CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2000, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
20 | #define IOCTL_Change_Target CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2001, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
21 | #define IOCTL_Clean_Target CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2002, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
22 | #define IOCTL_Power_OnOff CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2003, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
23 |
24 |
25 |
26 |
27 | LPSTR GetProcessNameFromPid(HANDLE pid);
28 |
29 | typedef NTSTATUS(*ZWREADVIRTUALMEMORY)(
30 | IN HANDLE ProcessHandle,
31 | IN PVOID BaseAddress,
32 | OUT PVOID Buffer,
33 | IN ULONG NumberOfBytesToRead,
34 | OUT PULONG NumberOfBytesReaded OPTIONAL
35 | );
36 |
37 |
38 |
39 | typedef NTSTATUS(NTAPI *ZwWriteVirtualMemory_t)(
40 | IN HANDLE ProcessHandle,
41 | IN PVOID BaseAddress,
42 | IN PVOID Buffer,
43 | IN ULONG NumberOfBytesToWrite,
44 | OUT PULONG NumberOfBytesWritten OPTIONAL);
45 |
46 |
47 | typedef NTSTATUS(NTAPI *ZwCreateProcess_t)(
48 | OUT PHANDLE ProcessHandle,
49 | IN ACCESS_MASK DesiredAccess,
50 | IN POBJECT_ATTRIBUTES ObjectAttributes,
51 | IN HANDLE InheriteFromProcessHandle,
52 | IN BOOLEAN InheritHandles,
53 | IN HANDLE SectionHandle OPTIONAL,
54 | IN HANDLE DebugPort OPTIONAL,
55 | IN HANDLE ExceptionPort OPTIONAL);
56 |
57 |
58 |
59 | typedef NTSTATUS(*QUERY_INFO_PROCESS) (
60 | __in HANDLE ProcessHandle,
61 | __in PROCESSINFOCLASS ProcessInformationClass,
62 | __out_bcount(ProcessInformationLength) PVOID ProcessInformation,
63 | __in ULONG ProcessInformationLength,
64 | __out_opt PULONG ReturnLength
65 | );
66 |
67 | typedef NTSTATUS(*PLDR_LOAD_DLL)(PWSTR, PULONG, PUNICODE_STRING, PVOID*);
68 |
69 |
70 |
71 | ZWREADVIRTUALMEMORY ZwReadVirtualMemory;
72 | ZwWriteVirtualMemory_t ZwWriteVirtualMemory;
73 | ZwCreateProcess_t ZwCreateProcess;
74 | PLDR_LOAD_DLL LdrLoadDll;
75 |
76 |
77 |
78 |
79 | #define PROCESS_TERMINATE 0x0001
80 | #define PROCESS_VM_OPERATION 0x0008
81 | #define PROCESS_VM_READ 0x0010
82 | #define PROCESS_VM_WRITE 0x0020
83 |
84 | NTSTATUS ProtectProcess(BOOLEAN Enable);
85 |
86 | OB_PREOP_CALLBACK_STATUS preCall(PVOID RegistrationContext, POB_PRE_OPERATION_INFORMATION pOperationInformation);
87 |
88 | typedef struct _LDR_DATA_TABLE_ENTRY64
89 | {
90 | LIST_ENTRY64 InLoadOrderLinks;
91 | LIST_ENTRY64 InMemoryOrderLinks;
92 | LIST_ENTRY64 InInitializationOrderLinks;
93 | PVOID DllBase;
94 | PVOID EntryPoint;
95 | ULONG SizeOfImage;
96 | UNICODE_STRING FullDllName;
97 | UNICODE_STRING BaseDllName;
98 | ULONG Flags;
99 | USHORT LoadCount;
100 | USHORT TlsIndex;
101 | PVOID SectionPointer;
102 | ULONG CheckSum;
103 | PVOID LoadedImports;
104 | PVOID EntryPointActivationContext;
105 | PVOID PatchInformation;
106 | LIST_ENTRY64 ForwarderLinks;
107 | LIST_ENTRY64 ServiceTagLinks;
108 | LIST_ENTRY64 StaticLinks;
109 | PVOID ContextInformation;
110 | ULONG64 OriginalBase;
111 | LARGE_INTEGER LoadTime;
112 | } LDR_DATA_TABLE_ENTRY64, *PLDR_DATA_TABLE_ENTRY64;
113 |
114 |
115 | NTKERNELAPI PVOID NTAPI PsGetCurrentProcessWow64Process();
116 |
117 |
118 | VOID EnableObType(POBJECT_TYPE ObjectType);
119 |
120 | OB_PREOP_CALLBACK_STATUS PreCallBack(PVOID RegistrationContext, POB_PRE_OPERATION_INFORMATION OperationInformation);
121 | NTSTATUS ProtectFileByObRegisterCallbacks();
122 |
123 |
124 | NTSTATUS UnLoadDriver(PDRIVER_OBJECT DriverObject);
125 | NTSTATUS DisPatchKMS(PDEVICE_OBJECT DeviceObject, PIRP pIrp);
126 |
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
137 | #endif // !__MAIN__
--------------------------------------------------------------------------------
/msx-svc/msx-svc.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 | {23B5594F-86DD-4D4F-B209-743671120F12}
15 | Win32Proj
16 | msxsvc
17 | 8.1
18 |
19 |
20 |
21 | Application
22 | true
23 | v140
24 | Unicode
25 |
26 |
27 | Application
28 | false
29 | v140
30 | true
31 | MultiByte
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 | true
47 |
48 |
49 | false
50 | $(SolutionDir)MSX-Release
51 |
52 |
53 |
54 |
55 |
56 | Level3
57 | Disabled
58 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
59 |
60 |
61 | Console
62 | true
63 |
64 |
65 |
66 |
67 | Level3
68 |
69 |
70 | MaxSpeed
71 | true
72 | true
73 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
74 | MultiThreaded
75 |
76 |
77 | Console
78 | true
79 | true
80 | false
81 | UseLinkTimeCodeGeneration
82 | RequireAdministrator
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
--------------------------------------------------------------------------------
/DLL/stsc_util.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 |
6 |
7 | BOOL VerifyEmbeddedSignature(LPCWSTR pwszSourceFile)
8 | {
9 | LONG lStatus;
10 | DWORD dwLastError;
11 | DWORD ret = -1;
12 | // Initialize the WINTRUST_FILE_INFO structure.
13 |
14 | WINTRUST_FILE_INFO FileData;
15 | memset(&FileData, 0, sizeof(FileData));
16 | FileData.cbStruct = sizeof(WINTRUST_FILE_INFO);
17 | FileData.pcwszFilePath = pwszSourceFile;
18 | FileData.hFile = NULL;
19 | FileData.pgKnownSubject = NULL;
20 |
21 |
22 | GUID WVTPolicyGUID = WINTRUST_ACTION_GENERIC_VERIFY_V2;
23 | WINTRUST_DATA WinTrustData;
24 |
25 |
26 | memset(&WinTrustData, 0, sizeof(WinTrustData));
27 |
28 | WinTrustData.cbStruct = sizeof(WinTrustData);
29 |
30 | // Use default code signing EKU.
31 | WinTrustData.pPolicyCallbackData = NULL;
32 |
33 | // No data to pass to SIP.
34 | WinTrustData.pSIPClientData = NULL;
35 |
36 | // Disable WVT UI.
37 | WinTrustData.dwUIChoice = WTD_UI_NONE;
38 |
39 | // No revocation checking.
40 | WinTrustData.fdwRevocationChecks = WTD_REVOKE_NONE;
41 |
42 | // Verify an embedded signature on a file.
43 | WinTrustData.dwUnionChoice = WTD_CHOICE_FILE;
44 |
45 | // Verify action.
46 | WinTrustData.dwStateAction = WTD_STATEACTION_VERIFY;
47 |
48 | // Verification sets this value.
49 | WinTrustData.hWVTStateData = NULL;
50 |
51 | // Not used.
52 | WinTrustData.pwszURLReference = NULL;
53 |
54 | // This is not applicable if there is no UI because it changes
55 | // the UI to accommodate running applications instead of
56 | // installing applications.
57 | WinTrustData.dwUIContext = 0;
58 |
59 | // Set pFile.
60 | WinTrustData.pFile = &FileData;
61 |
62 | // WinVerifyTrust verifies signatures as specified by the GUID
63 | // and Wintrust_Data.
64 | lStatus = WinVerifyTrust(
65 | NULL,
66 | &WVTPolicyGUID,
67 | &WinTrustData);
68 |
69 | switch (lStatus)
70 | {
71 | case ERROR_SUCCESS:
72 | ret = 0;
73 | //wprintf_s(L"The file \"%s\" is signed and the signature "L"was verified.\n",pwszSourceFile);
74 | break;
75 |
76 | case TRUST_E_NOSIGNATURE:
77 | dwLastError = GetLastError();
78 | if (TRUST_E_NOSIGNATURE == dwLastError ||
79 | TRUST_E_SUBJECT_FORM_UNKNOWN == dwLastError ||
80 | TRUST_E_PROVIDER_UNKNOWN == dwLastError)
81 | {
82 |
83 | }
84 | else
85 | {
86 |
87 | }
88 | break;
89 |
90 | case TRUST_E_EXPLICIT_DISTRUST:
91 | break;
92 |
93 | case TRUST_E_SUBJECT_NOT_TRUSTED:
94 | break;
95 |
96 | case CRYPT_E_SECURITY_SETTINGS:
97 | break;
98 |
99 | default:
100 | break;
101 | }
102 |
103 | WinTrustData.dwStateAction = WTD_STATEACTION_CLOSE;
104 |
105 | lStatus = WinVerifyTrust(
106 | NULL,
107 | &WVTPolicyGUID,
108 | &WinTrustData);
109 |
110 | return ret;
111 | }
112 |
113 | int What_is_this_OS()
114 | {
115 | OSVERSIONINFO osvi;
116 | ZeroMemory(&osvi, sizeof(OSVERSIONINFO));
117 | osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
118 | GetVersionEx(&osvi);
119 |
120 | if (osvi.dwMajorVersion == 6)
121 | {
122 | if (osvi.dwMinorVersion == 1)
123 | {
124 | return 1;
125 | }
126 | else if (osvi.dwMinorVersion == 2)
127 | {
128 | return 2;
129 | }
130 | }
131 | else if (osvi.dwMajorVersion == 10 && osvi.dwMinorVersion == 0)
132 | {
133 | return 3;
134 | }
135 | //Windows XP / 5
136 | //Windows Vista / 6 0
137 | //Windows 7 / 6 1
138 | //Windows 10 / 10 0
139 | return 0;
140 | }
141 |
142 | DWORD GetParentProcessId()
143 | {
144 | ULONG_PTR pbi[6];
145 | ULONG ulSize = 0;
146 |
147 | LONG(WINAPI *NtQueryInformationProcess)(HANDLE ProcessHandle, ULONG ProcessInformationClass,
148 | PVOID ProcessInformation, ULONG ProcessInformationLength, PULONG ReturnLength);
149 | *(FARPROC *)&NtQueryInformationProcess =
150 | GetProcAddress(LoadLibraryA("NTDLL.DLL"), "NtQueryInformationProcess");
151 | if (NtQueryInformationProcess) {
152 | if (NtQueryInformationProcess(GetCurrentProcess(), 0,
153 | &pbi, sizeof(pbi), &ulSize) >= 0 && ulSize == sizeof(pbi))
154 | {
155 | //printf("PID: %i; PPID: %i\n", pbi[4], pbi[5]);
156 | return pbi[5];
157 | }
158 | }
159 | return (ULONG_PTR)-1;
160 | }
161 |
162 | void GetProcessName(DWORD processID)
163 | {
164 | TCHAR szProcessName[MAX_PATH] = TEXT("unknown");
165 |
166 | HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |
167 | PROCESS_VM_READ,
168 | FALSE, processID);
169 |
170 |
171 | if (NULL != hProcess)
172 | {
173 | HMODULE hMod;
174 | DWORD cbNeeded;
175 |
176 | if (EnumProcessModules(hProcess, &hMod, sizeof(hMod),
177 | &cbNeeded))
178 | {
179 | GetModuleBaseName(hProcess, hMod, szProcessName,
180 | sizeof(szProcessName) / sizeof(TCHAR));
181 | }
182 | }
183 |
184 | //_tprintf(TEXT("%s (PID: %u)\n"), szProcessName, processID);
185 |
186 |
187 | CloseHandle(hProcess);
188 | }
--------------------------------------------------------------------------------
/MAIN/Properties/Resources.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 | text/microsoft-resx
107 |
108 |
109 | 2.0
110 |
111 |
112 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
113 |
114 |
115 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
--------------------------------------------------------------------------------
/MAIN/Form2.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 | text/microsoft-resx
110 |
111 |
112 | 2.0
113 |
114 |
115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
119 |
120 |
--------------------------------------------------------------------------------
/DLL/wintoastlib.h:
--------------------------------------------------------------------------------
1 | #ifndef WINTOASTLIB_H
2 | #define WINTOASTLIB_H
3 | #include
4 | #include
5 | #include
6 | #include
7 | #include
8 | #include
9 | #include
10 | #include
11 | #include
12 | #include
13 | #include
14 | #include
15 | #include
16 | #include
17 | #include
18 | #include
19 | #include
20 | #include