├── A-Protect.sln
├── A-Protect.suo
├── A-Protect
├── A-Protect.cpp
├── A-Protect.h
├── A-Protect.rc
├── A-Protect.vcxproj
├── A-Protect.vcxproj.filters
├── A-Protect.vcxproj.user
├── A-ProtectDoc.cpp
├── A-ProtectDoc.h
├── A-ProtectView.cpp
├── A-ProtectView.h
├── AboutDlg.cpp
├── AboutDlg.h
├── Atapi.cpp
├── Atapi.h
├── C3600Splash.cpp
├── C3600Splash.h
├── CProcessSearch.cpp
├── CProcessSearch.h
├── DLLModule.cpp
├── DLLModule.h
├── DisplayDecvice.cpp
├── DpcTimer.cpp
├── DpcTimer.h
├── EnumSymbols.cpp
├── EnumSymbols.h
├── FilterDriver.cpp
├── FilterDriver.h
├── FsdHook.cpp
├── FsdHook.h
├── HipsLog.cpp
├── HipsLog.h
├── Install.cpp
├── Install.h
├── IoTimer.cpp
├── IoTimer.h
├── Kbdclass.cpp
├── Kbdclass.h
├── KernelHook.cpp
├── KernelHook.h
├── KernelModule.cpp
├── KernelModule.h
├── KernelThread.cpp
├── KernelThread.h
├── LookUpKernelData.cpp
├── LookUpKernelData.h
├── MainFrm.cpp
├── MainFrm.h
├── Md5.cpp
├── Md5.h
├── MessageHook.cpp
├── MessageHook.h
├── Mouclass.cpp
├── Mouclass.h
├── MyList.cpp
├── MyList.h
├── Nsiproxy.cpp
├── Nsiproxy.h
├── ObjectHook.cpp
├── ObjectHook.h
├── Process.cpp
├── Process.h
├── ProcessHandle.cpp
├── ProcessHandle.h
├── ProcessThread.cpp
├── ProcessThread.h
├── ProtectSetting.cpp
├── ProtectSetting.h
├── ReadMe.txt
├── ReportCtrl.cpp
├── ReportCtrl.h
├── SSDT.cpp
├── SSDT.h
├── SelectAnyModule.cpp
├── SelectAnyModule.h
├── SelectKernelModuleHook.cpp
├── SelectKernelModuleHook.h
├── Services.cpp
├── Services.h
├── ShadowSSDT.cpp
├── ShadowSSDT.h
├── SnifferSetting.cpp
├── SnifferSetting.h
├── StackThread.cpp
├── StackThread.h
├── Startup.cpp
├── Startup.h
├── SubModule.cpp
├── SubModule.h
├── SystemNotify.cpp
├── SystemNotify.h
├── SystemThread.cpp
├── SystemThread.h
├── TcpView.cpp
├── TcpView.h
├── Tcpip.cpp
├── Tcpip.h
├── UnloadDllModule.h
├── UserImages.bmp
├── Windows2003SP1_CN.h
├── Windows2003SP2_CN.h
├── Windows7Home_CN.h
├── Windows7SP1_CN.h
├── WindowsXPSP2_CN.h
├── WindowsXPSP3_CN.h
├── WorkQueue.cpp
├── WorkQueue.h
├── ms.cpp
├── ndis5hlp.cpp
├── ndis5hlp.h
├── ntdll.lib
├── res
│ ├── A-Protect.bmp
│ ├── A-Protect.ico
│ ├── A-Protect1.ico
│ ├── A-ProtectDoc.ico
│ ├── AProteaaact.rc2
│ ├── DPC定时器.ico
│ ├── Dispatch.ico
│ ├── Eye.ico
│ ├── GDriver.ico
│ ├── Hips.ico
│ ├── IO定时器.ico
│ ├── KernelHook.ico
│ ├── KernelModule.ico
│ ├── KernelThread.ico
│ ├── MyAProtect.rc2
│ ├── Nsiproxy.ico
│ ├── ObjectHook.ico
│ ├── Other.ico
│ ├── Process.ico
│ ├── ProtectSetting.ico
│ ├── Services.ico
│ ├── ShadowSSDT.ico
│ ├── Ssdt.ico
│ ├── TcpSniffer.ico
│ ├── Tcpview.ico
│ ├── Toolbar.bmp
│ ├── Toolbar256.bmp
│ ├── atapi.ico
│ ├── new.ico
│ ├── ntfs-Fsd.ico
│ ├── null.ico
│ ├── tcpip.ico
│ ├── 内核钩子.ico
│ ├── 启动项.ico
│ ├── 工作队列线程.ico
│ ├── 开启监控-刷新.ico
│ ├── 本机所有数据.ico
│ ├── 监控设置.ico
│ ├── 系统回调.ico
│ ├── 系统线程.ico
│ ├── 线程创建.ico
│ ├── 键盘.ico
│ └── 鼠标.ico
├── resource.h
├── stdafx.cpp
├── stdafx.h
├── targetver.h
├── tcpdump.cpp
├── tcpdump.h
├── uninstall360.cpp
└── uninstall360.h
├── CLEAN.BAT
├── Driver
├── AntiInlineHook.c
├── AntiInlineHook.h
├── Atapi.c
├── Atapi.h
├── Common.h
├── Control.c
├── Control.h
├── DeleteFile.c
├── DeleteFile.h
├── DpcTimer.c
├── DpcTimer.h
├── DriverHips.c
├── DriverHips.h
├── FileSystem.c
├── FileSystem.h
├── Fixrelocation.c
├── Fixrelocation.h
├── FuncAddrValid.c
├── FuncAddrValid.h
├── Function.c
├── Function.h
├── InitWindowsVersion.c
├── InitWindowsVersion.h
├── InlineHook.c
├── InlineHook.h
├── IoTimer.c
├── IoTimer.h
├── KernelFilterDriver.c
├── KernelFilterDriver.h
├── KernelHookCheck.c
├── KernelHookCheck.h
├── KernelReload.c
├── KernelReload.h
├── KernelThread.c
├── KernelThread.h
├── KillProcess.c
├── KillProcess.h
├── LookupKernelData.c
├── LookupKernelData.h
├── Mouclass.c
├── Mouclass.h
├── NetworkDefense.c
├── NetworkDefense.h
├── Ntfs.c
├── Ntfs.h
├── ObjectHookCheck.c
├── ObjectHookCheck.h
├── Port.c
├── Port.h
├── Process.c
├── Process.h
├── ProcessModule.c
├── ProcessModule.h
├── Protect.c
├── Protect.h
├── ReLoadSSDTTableHook.c
├── ReLoadSSDTTableHook.h
├── ReLoadShadowSSDTTableHook.c
├── ReLoadShadowSSDTTableHook.h
├── Release
│ └── SafeSystem.lastbuildstate
├── SDTShadowRestore.h
├── SSDT.c
├── SSDT.h
├── SafeSystem.c
├── SafeSystem.h
├── SafeSystem.sln
├── SafeSystem.vcxproj
├── SafeSystem.vcxproj.filters
├── SafeSystem.vcxproj.user
├── SelectModuleHook.c
├── Services.c
├── Services.h
├── ShadowSSDT.c
├── ShadowSSDT.h
├── Startup.c
├── Startup.h
├── SysModule.c
├── SysModule.h
├── SystemNotify.c
├── SystemNotify.h
├── SystemThread.c
├── SystemThread.h
├── Tcpip.c
├── Tcpip.h
├── WorkQueue.c
├── WorkQueue.h
├── buildchk_win7_x86.wrn
├── dump.c
├── dump.h
├── file.c
├── file.h
├── kbdclass.c
├── kbdclass.h
├── ldasm.c
├── ldasm.h
├── libdasm.c
├── libdasm.h
├── makefile
├── msghook.c
├── msghook.h
├── nsiproxy.c
├── nsiproxy.h
├── ntifs.h
├── ntos.c
├── ntos.h
├── objchk_win7_x86
│ └── i386
│ │ ├── a.bat
│ │ └── bin2c.exe
├── sources
├── tables.h
├── win32k.c
└── win32k.h
├── README.md
├── Release
├── A-Protect.exe
├── A-Protect.txt
├── dbghelp.dll
├── symsrv.dll
└── symsrv.yes
├── TcpSnifferDriver
├── SOURCES
├── ndis5pkt.c
├── ndis5pkt.h
├── ndis5pkt.vcxproj
├── ndis5pkt.vcxproj.filters
├── ndis5pkt.vcxproj.user
├── objchk_win7_x86
│ └── i386
│ │ ├── _objects.mac
│ │ ├── a.bat
│ │ ├── bin2c.exe
│ │ ├── ndis5pkt.obj.oacr.root.x86chk.pft.xml
│ │ ├── ndis5pkt.sys
│ │ ├── ndis5pkt.vmp.sys
│ │ ├── read.obj.oacr.root.x86chk.pft.xml
│ │ ├── readfast.obj.oacr.root.x86chk.pft.xml
│ │ ├── tcpsniffer.h
│ │ └── write.obj.oacr.root.x86chk.pft.xml
├── openclos.c
├── packet.h
├── read.c
├── readfast.c
├── readme.txt
└── write.c
└── share
├── adapter.h
├── assert.h
├── netdef.h
└── netstd.h
/A-Protect.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 11.00
3 | # Visual Studio 2010
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "A-Protect", "A-Protect\A-Protect.vcxproj", "{323E89DB-C7C2-441D-8A8D-CE6F688F96AB}"
5 | EndProject
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SafeSystem", "Driver\SafeSystem.vcxproj", "{6FA69ACB-E01A-C60C-24FB-EFEE345AAE72}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Win32 = Debug|Win32
11 | Release|Win32 = Release|Win32
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {323E89DB-C7C2-441D-8A8D-CE6F688F96AB}.Debug|Win32.ActiveCfg = Debug|Win32
15 | {323E89DB-C7C2-441D-8A8D-CE6F688F96AB}.Debug|Win32.Build.0 = Debug|Win32
16 | {323E89DB-C7C2-441D-8A8D-CE6F688F96AB}.Release|Win32.ActiveCfg = Release|Win32
17 | {323E89DB-C7C2-441D-8A8D-CE6F688F96AB}.Release|Win32.Build.0 = Release|Win32
18 | {6FA69ACB-E01A-C60C-24FB-EFEE345AAE72}.Debug|Win32.ActiveCfg = Debug|Win32
19 | {6FA69ACB-E01A-C60C-24FB-EFEE345AAE72}.Debug|Win32.Build.0 = Debug|Win32
20 | {6FA69ACB-E01A-C60C-24FB-EFEE345AAE72}.Release|Win32.ActiveCfg = Release|Win32
21 | {6FA69ACB-E01A-C60C-24FB-EFEE345AAE72}.Release|Win32.Build.0 = Release|Win32
22 | EndGlobalSection
23 | GlobalSection(SolutionProperties) = preSolution
24 | HideSolutionNode = FALSE
25 | EndGlobalSection
26 | EndGlobal
27 |
--------------------------------------------------------------------------------
/A-Protect.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect.suo
--------------------------------------------------------------------------------
/A-Protect/A-Protect.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/A-Protect.cpp
--------------------------------------------------------------------------------
/A-Protect/A-Protect.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/A-Protect.h
--------------------------------------------------------------------------------
/A-Protect/A-Protect.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/A-Protect.rc
--------------------------------------------------------------------------------
/A-Protect/A-Protect.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/A-Protect/A-ProtectDoc.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/A-ProtectDoc.cpp
--------------------------------------------------------------------------------
/A-Protect/A-ProtectDoc.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/A-ProtectDoc.h
--------------------------------------------------------------------------------
/A-Protect/A-ProtectView.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/A-ProtectView.cpp
--------------------------------------------------------------------------------
/A-Protect/A-ProtectView.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/A-ProtectView.h
--------------------------------------------------------------------------------
/A-Protect/AboutDlg.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/AboutDlg.cpp
--------------------------------------------------------------------------------
/A-Protect/AboutDlg.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/AboutDlg.h
--------------------------------------------------------------------------------
/A-Protect/Atapi.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/Atapi.cpp
--------------------------------------------------------------------------------
/A-Protect/Atapi.h:
--------------------------------------------------------------------------------
1 | #include "stdafx.h"
2 |
3 | #define IRP_MJ_MAXIMUM_FUNCTION 0x1b
4 |
5 | //IRP_MJ_MAXIMUM_FUNCTION
6 |
7 | typedef struct _ATAPIDISPATCH {
8 | ULONG ulNumber;
9 | ULONG ulAtapiDispatch;
10 | ULONG ulCurrentAtapiDispatch;
11 | CHAR lpszBaseModule[256];
12 | ULONG ulModuleSize;
13 | ULONG ulModuleBase;
14 | WCHAR lpwzAtapiDispatchName[256];
15 | int Hooked;
16 | } ATAPIDISPATCH, *PATAPIDISPATCH;
17 |
18 | typedef struct _ATAPIDISPATCHBAKUP {
19 | ULONG ulCount;
20 | ATAPIDISPATCH AtapiDispatch[1];
21 | } ATAPIDISPATCHBAKUP, *PATAPIDISPATCHBAKUP;
22 |
23 | PATAPIDISPATCHBAKUP AtapiDispatchBakUp;
24 |
25 | CHAR* setClipboardText(CHAR* str);
26 |
27 | CImageList AtapiImg;
28 |
29 | extern BOOL bIsPhysicalCheck;
30 | extern WCHAR PhysicalFile[260];
31 | extern void SaveToFile(CHAR *lpszBuffer,WCHAR *lpwzFilePath);
--------------------------------------------------------------------------------
/A-Protect/C3600Splash.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/C3600Splash.cpp
--------------------------------------------------------------------------------
/A-Protect/C3600Splash.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 |
4 | // C3600Splash
5 |
6 | class C3600Splash : public CWnd
7 | {
8 | DECLARE_DYNAMIC(C3600Splash)
9 |
10 | public:
11 | C3600Splash();
12 | virtual ~C3600Splash();
13 |
14 | protected:
15 | DECLARE_MESSAGE_MAP()
16 | public:
17 | CBitmap m_bitmap;
18 | void Create(UINT nBitmapID);
19 | afx_msg void OnPaint();
20 | afx_msg void OnTimer(UINT_PTR nIDEvent);
21 | };
22 |
23 |
24 |
--------------------------------------------------------------------------------
/A-Protect/CProcessSearch.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/CProcessSearch.cpp
--------------------------------------------------------------------------------
/A-Protect/CProcessSearch.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/CProcessSearch.h
--------------------------------------------------------------------------------
/A-Protect/DLLModule.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/DLLModule.cpp
--------------------------------------------------------------------------------
/A-Protect/DLLModule.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/DLLModule.h
--------------------------------------------------------------------------------
/A-Protect/DisplayDecvice.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | unsigned char szQueryValue[256];
5 |
6 | BOOL MyRegQueryValue(char *strKey,char *strValue,char *VenKey,char *lpDecviceKey)
7 | {
8 | HKEY hKey,hKey1;
9 | DWORD size;
10 | char data[256];
11 | int i=0;
12 | char szQueryKey[256];
13 | DWORD dwBufSize = 256;
14 | DWORD dwDataType = REG_SZ;
15 |
16 | if(RegOpenKeyExA(HKEY_LOCAL_MACHINE,strKey,0,KEY_ENUMERATE_SUB_KEYS,&hKey)==ERROR_SUCCESS)
17 | {
18 | size = sizeof(data);
19 | while(RegEnumKeyExA(hKey,i,data,&size,NULL,NULL,NULL,NULL)!=ERROR_NO_MORE_ITEMS)
20 | {
21 | memset(szQueryKey,0,sizeof(szQueryKey));
22 | strcat(szQueryKey,strKey);
23 | strcat(szQueryKey,"\\");
24 | strcat(szQueryKey,data);
25 |
26 | if (RegOpenKeyExA(HKEY_LOCAL_MACHINE,szQueryKey,NULL,KEY_QUERY_VALUE,&hKey1) == ERROR_SUCCESS)
27 | {
28 | memset(szQueryValue,0,sizeof(szQueryValue));
29 | RegQueryValueExA(hKey1,strValue,NULL,&dwDataType,szQueryValue,&dwBufSize);
30 | RegCloseKey(hKey1);
31 | }
32 | if (strcmp((char *)szQueryValue,"Display") == 0){
33 | memset(lpDecviceKey,0,sizeof(lpDecviceKey));
34 | wsprintfA(lpDecviceKey,"@\"PCI\\%s\\%s\"",VenKey,data);
35 | //MessageBoxA(0,lpDecviceKey,0,0);
36 | //printf("Key2:%s %s\r\n",lpDecviceKey,szQueryValue);
37 | }
38 | i++;
39 | size = sizeof(data);
40 | memset(data,0,sizeof(data));
41 | }
42 | RegCloseKey(hKey);
43 | }
44 | return FALSE;
45 | }
46 | BOOL QueryDisplayDecvicePath(char *lpDecviceKey)
47 | {
48 | HKEY hKey;
49 | char *strKey = "SYSTEM\\CurrentControlSet\\Enum\\PCI";
50 | DWORD size;
51 | char data[260];
52 | int i=0;
53 | char szQueryKey[260];
54 |
55 | if(RegOpenKeyExA(HKEY_LOCAL_MACHINE,strKey,0,KEY_ENUMERATE_SUB_KEYS,&hKey)==ERROR_SUCCESS)
56 | {
57 | size = sizeof(data);
58 | while(RegEnumKeyExA(hKey,i,data,&size,NULL,NULL,NULL,NULL)!=ERROR_NO_MORE_ITEMS)
59 | {
60 | memset(szQueryKey,0,sizeof(szQueryKey));
61 | strcat(szQueryKey,strKey);
62 | strcat(szQueryKey,"\\");
63 | strcat(szQueryKey,data);
64 | //printf("Key:%s\r\n",szQueryKey);
65 | MyRegQueryValue(szQueryKey,"Class",data,lpDecviceKey);
66 | i++;
67 | size = sizeof(data);
68 | memset(data,0,sizeof(data));
69 | }
70 | RegCloseKey(hKey);
71 | }
72 | return FALSE;
73 | }
74 | /*
75 | int main()
76 | {
77 | QueryDisplayDecvicePath();
78 | return 0;
79 | }
80 | */
--------------------------------------------------------------------------------
/A-Protect/DpcTimer.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/DpcTimer.cpp
--------------------------------------------------------------------------------
/A-Protect/DpcTimer.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/DpcTimer.h
--------------------------------------------------------------------------------
/A-Protect/EnumSymbols.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/EnumSymbols.cpp
--------------------------------------------------------------------------------
/A-Protect/EnumSymbols.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/EnumSymbols.h
--------------------------------------------------------------------------------
/A-Protect/FilterDriver.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/FilterDriver.cpp
--------------------------------------------------------------------------------
/A-Protect/FilterDriver.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/FilterDriver.h
--------------------------------------------------------------------------------
/A-Protect/FsdHook.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/FsdHook.cpp
--------------------------------------------------------------------------------
/A-Protect/FsdHook.h:
--------------------------------------------------------------------------------
1 | #include "stdafx.h"
2 |
3 | #define IRP_MJ_MAXIMUM_FUNCTION 0x1b
4 |
5 | typedef struct _NTFSDISPATCH {
6 | ULONG ulNumber;
7 | ULONG ulNtfsDispatch;
8 | ULONG ulCurrentNtfsDispatch;
9 | CHAR lpszBaseModule[256];
10 | ULONG ulModuleSize;
11 | ULONG ulModuleBase;
12 | WCHAR lpwzNtfsDispatchName[256];
13 | int Hooked; //0 no hook 1 fsd hook 2 fsd inline hook
14 | } NTFSDISPATCH, *PNTFSDISPATCH;
15 |
16 | typedef struct NTFSDISPATCHBAKU {
17 | ULONG ulCount;
18 | NTFSDISPATCH NtfsDispatch[1];
19 | } NTFSDISPATCHBAKU, *PNTFSDISPATCHBAKUP;
20 |
21 | PNTFSDISPATCHBAKUP NtfsDispatchBakUp;
22 |
23 | CHAR* setClipboardText(CHAR* str);
24 |
25 | CImageList NtfsImg;
26 |
27 | extern BOOL bIsPhysicalCheck;
28 | extern WCHAR PhysicalFile[260];
29 | extern void SaveToFile(CHAR *lpszBuffer,WCHAR *lpwzFilePath);
--------------------------------------------------------------------------------
/A-Protect/HipsLog.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/HipsLog.cpp
--------------------------------------------------------------------------------
/A-Protect/HipsLog.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/HipsLog.h
--------------------------------------------------------------------------------
/A-Protect/Install.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/Install.cpp
--------------------------------------------------------------------------------
/A-Protect/Install.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/Install.h
--------------------------------------------------------------------------------
/A-Protect/IoTimer.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/IoTimer.cpp
--------------------------------------------------------------------------------
/A-Protect/IoTimer.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/IoTimer.h
--------------------------------------------------------------------------------
/A-Protect/Kbdclass.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/Kbdclass.cpp
--------------------------------------------------------------------------------
/A-Protect/Kbdclass.h:
--------------------------------------------------------------------------------
1 | #include "stdafx.h"
2 |
3 | #define IRP_MJ_MAXIMUM_FUNCTION 0x1b
4 |
5 | //IRP_MJ_MAXIMUM_FUNCTION
6 |
7 | typedef struct _KBDCLASSDISPATCH {
8 | ULONG ulNumber;
9 | ULONG ulKbdclassDispatch;
10 | ULONG ulCurrentKbdclassDispatch;
11 | CHAR lpszBaseModule[256];
12 | ULONG ulModuleSize;
13 | ULONG ulModuleBase;
14 | WCHAR lpwzKbdclassDispatchName[256];
15 | int Hooked;
16 | } KBDCLASSDISPATCH, *PKBDCLASSDISPATCH;
17 |
18 | typedef struct _KBDCLASSDISPATCHBAKUP {
19 | ULONG ulCount;
20 | KBDCLASSDISPATCH KbdclassDispatch[1];
21 | } KBDCLASSDISPATCHBAKUP, *PKBDCLASSDISPATCHBAKUP;
22 |
23 | PKBDCLASSDISPATCHBAKUP KbdclassDispatchBakUp;
24 |
25 | CHAR* setClipboardText(CHAR* str);
26 |
27 | CImageList KdbclassImg;
28 |
29 | extern BOOL bIsPhysicalCheck;
30 | extern WCHAR PhysicalFile[260];
31 | extern void SaveToFile(CHAR *lpszBuffer,WCHAR *lpwzFilePath);
--------------------------------------------------------------------------------
/A-Protect/KernelHook.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/KernelHook.cpp
--------------------------------------------------------------------------------
/A-Protect/KernelHook.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/KernelHook.h
--------------------------------------------------------------------------------
/A-Protect/KernelModule.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/KernelModule.cpp
--------------------------------------------------------------------------------
/A-Protect/KernelModule.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/KernelModule.h
--------------------------------------------------------------------------------
/A-Protect/KernelThread.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/KernelThread.cpp
--------------------------------------------------------------------------------
/A-Protect/KernelThread.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/KernelThread.h
--------------------------------------------------------------------------------
/A-Protect/LookUpKernelData.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/LookUpKernelData.cpp
--------------------------------------------------------------------------------
/A-Protect/LookUpKernelData.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/LookUpKernelData.h
--------------------------------------------------------------------------------
/A-Protect/MainFrm.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/MainFrm.cpp
--------------------------------------------------------------------------------
/A-Protect/MainFrm.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/MainFrm.h
--------------------------------------------------------------------------------
/A-Protect/Md5.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/Md5.cpp
--------------------------------------------------------------------------------
/A-Protect/Md5.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/Md5.h
--------------------------------------------------------------------------------
/A-Protect/MessageHook.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/MessageHook.cpp
--------------------------------------------------------------------------------
/A-Protect/MessageHook.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/MessageHook.h
--------------------------------------------------------------------------------
/A-Protect/Mouclass.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/Mouclass.cpp
--------------------------------------------------------------------------------
/A-Protect/Mouclass.h:
--------------------------------------------------------------------------------
1 | #include "stdafx.h"
2 |
3 | #define IRP_MJ_MAXIMUM_FUNCTION 0x1b
4 |
5 | //IRP_MJ_MAXIMUM_FUNCTION
6 |
7 | typedef struct _MOUCLASSDISPATCH {
8 | ULONG ulNumber;
9 | ULONG ulMouclassDispatch;
10 | ULONG ulCurrentMouclassDispatch;
11 | CHAR lpszBaseModule[256];
12 | ULONG ulModuleSize;
13 | ULONG ulModuleBase;
14 | WCHAR lpwzMouclassDispatchName[256];
15 | int Hooked;
16 | } MOUCLASSDISPATCH, *PMOUCLASSDISPATCH;
17 |
18 | typedef struct _MOUCLASSDISPATCHBAKUP {
19 | ULONG ulCount;
20 | MOUCLASSDISPATCH MouclassDispatch[1];
21 | } MOUCLASSDISPATCHBAKUP, *PMOUCLASSDISPATCHBAKUP;
22 |
23 | PMOUCLASSDISPATCHBAKUP MouclassDispatchBakUp;
24 |
25 | CHAR* setClipboardText(CHAR* str);
26 |
27 | CImageList MouclassImg;
28 |
29 | extern BOOL bIsPhysicalCheck;
30 | extern WCHAR PhysicalFile[260];
31 | extern void SaveToFile(CHAR *lpszBuffer,WCHAR *lpwzFilePath);
--------------------------------------------------------------------------------
/A-Protect/MyList.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/MyList.cpp
--------------------------------------------------------------------------------
/A-Protect/MyList.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/MyList.h
--------------------------------------------------------------------------------
/A-Protect/Nsiproxy.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/Nsiproxy.cpp
--------------------------------------------------------------------------------
/A-Protect/Nsiproxy.h:
--------------------------------------------------------------------------------
1 | #include "stdafx.h"
2 |
3 | #define IRP_MJ_MAXIMUM_FUNCTION 0x1b
4 |
5 | typedef struct _NSIPROXYDISPATCH {
6 | ULONG ulNumber;
7 | ULONG ulNsiproxyDispatch;
8 | ULONG ulCurrentNsiproxyDispatch;
9 | CHAR lpszBaseModule[256];
10 | ULONG ulModuleSize;
11 | ULONG ulModuleBase;
12 | WCHAR lpwzNsiproxyDispatchName[256];
13 | int Hooked;
14 | } NSIPROXYDISPATCH, *PNSIPROXYDISPATCH;
15 |
16 | typedef struct _NSIPROXYDISPATCHBAKUP {
17 | ULONG ulCount;
18 | NSIPROXYDISPATCH NsiproxyDispatch[1];
19 | } NSIPROXYDISPATCHBAKUP, *PNSIPROXYDISPATCHBAKUP;
20 |
21 | PNSIPROXYDISPATCHBAKUP NsiproxyDispatchBakUp;
22 |
23 | CHAR* setClipboardText(CHAR* str);
24 | BOOL IsWindows7();
25 |
26 | CImageList NsiproxyImg;
27 |
28 | extern BOOL bIsPhysicalCheck;
29 | extern WCHAR PhysicalFile[260];
30 | extern void SaveToFile(CHAR *lpszBuffer,WCHAR *lpwzFilePath);
--------------------------------------------------------------------------------
/A-Protect/ObjectHook.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/ObjectHook.cpp
--------------------------------------------------------------------------------
/A-Protect/ObjectHook.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/ObjectHook.h
--------------------------------------------------------------------------------
/A-Protect/Process.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/Process.cpp
--------------------------------------------------------------------------------
/A-Protect/Process.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/Process.h
--------------------------------------------------------------------------------
/A-Protect/ProcessHandle.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/ProcessHandle.cpp
--------------------------------------------------------------------------------
/A-Protect/ProcessHandle.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/ProcessHandle.h
--------------------------------------------------------------------------------
/A-Protect/ProcessThread.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/ProcessThread.cpp
--------------------------------------------------------------------------------
/A-Protect/ProcessThread.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/ProcessThread.h
--------------------------------------------------------------------------------
/A-Protect/ProtectSetting.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/ProtectSetting.cpp
--------------------------------------------------------------------------------
/A-Protect/ProtectSetting.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/ProtectSetting.h
--------------------------------------------------------------------------------
/A-Protect/ReadMe.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/ReadMe.txt
--------------------------------------------------------------------------------
/A-Protect/SSDT.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/SSDT.cpp
--------------------------------------------------------------------------------
/A-Protect/SSDT.h:
--------------------------------------------------------------------------------
1 | #include "StdAfx.h"
2 |
3 | typedef struct _SSDT_INFORMATION { //SSDT_INFORMATION
4 | ULONG ulNumber;
5 | ULONG ulMemoryFunctionBase;
6 | ULONG ulRealFunctionBase;
7 | CHAR lpszFunction[256];
8 | CHAR lpszHookModuleImage[256];
9 | ULONG ulHookModuleBase;
10 | ULONG ulHookModuleSize;
11 | int IntHookType; //
12 | } SSDT_INFORMATION, *PSSDT_INFORMATION;
13 | typedef struct _SSDTINFO { //SSDT
14 | ULONG ulCount;
15 | SSDT_INFORMATION SSDT[1];
16 | } SSDTINFO, *PSSDTINFO;
17 |
18 | PSSDTINFO SSDTInfo;
19 |
20 | char lpOpenUrl[260];
21 |
22 | CHAR* setClipboardText(CHAR* str);
23 |
24 | CImageList SSDTImg;
25 |
26 | extern BOOL bIsPhysicalCheck;
27 | extern WCHAR PhysicalFile[260];
28 | extern void SaveToFile(CHAR *lpszBuffer,WCHAR *lpwzFilePath);
29 | extern void RunAProcess(char *comline);
--------------------------------------------------------------------------------
/A-Protect/SelectAnyModule.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/SelectAnyModule.cpp
--------------------------------------------------------------------------------
/A-Protect/SelectAnyModule.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/SelectAnyModule.h
--------------------------------------------------------------------------------
/A-Protect/SelectKernelModuleHook.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/SelectKernelModuleHook.cpp
--------------------------------------------------------------------------------
/A-Protect/SelectKernelModuleHook.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/SelectKernelModuleHook.h
--------------------------------------------------------------------------------
/A-Protect/Services.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/Services.cpp
--------------------------------------------------------------------------------
/A-Protect/Services.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/Services.h
--------------------------------------------------------------------------------
/A-Protect/ShadowSSDT.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/ShadowSSDT.cpp
--------------------------------------------------------------------------------
/A-Protect/ShadowSSDT.h:
--------------------------------------------------------------------------------
1 | #include "StdAfx.h"
2 | //---------------------------------------------------------------------------------------
3 | //ShadowSSDT
4 | //---------------------------------------------------------------------------------------
5 | typedef struct _SHADOWSSDTINFO_INFORMATION { //SHADOWSSDTINFO_INFORMATION
6 | ULONG ulNumber;
7 | ULONG ulMemoryFunctionBase;
8 | ULONG ulRealFunctionBase;
9 | CHAR lpszFunction[256];
10 | CHAR lpszHookModuleImage[256];
11 | ULONG ulHookModuleBase;
12 | ULONG ulHookModuleSize;
13 | int IntHookType; //
14 | } SHADOWSSDTINFO_INFORMATION, *PSHADOWSSDTINFO_INFORMATION;
15 |
16 | typedef struct _SHADOWSSDTINFO { //SSDT
17 | ULONG ulCount;
18 | SHADOWSSDTINFO_INFORMATION SSDT[1];
19 | } SHADOWSSDTINFO, *PSHADOWSSDTINFO;
20 |
21 | //---------------------------------------------------------------------------------------
22 | PSHADOWSSDTINFO ShadowSSDTInfo;
23 |
24 | CHAR* setClipboardText(CHAR* str);
25 |
26 | CImageList ShadowSSDTImg;
27 |
28 | extern BOOL bIsPhysicalCheck;
29 | extern WCHAR PhysicalFile[260];
30 | extern void SaveToFile(CHAR *lpszBuffer,WCHAR *lpwzFilePath);
--------------------------------------------------------------------------------
/A-Protect/SnifferSetting.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/SnifferSetting.cpp
--------------------------------------------------------------------------------
/A-Protect/SnifferSetting.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/SnifferSetting.h
--------------------------------------------------------------------------------
/A-Protect/StackThread.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/StackThread.cpp
--------------------------------------------------------------------------------
/A-Protect/StackThread.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/StackThread.h
--------------------------------------------------------------------------------
/A-Protect/Startup.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/Startup.cpp
--------------------------------------------------------------------------------
/A-Protect/Startup.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/Startup.h
--------------------------------------------------------------------------------
/A-Protect/SubModule.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/SubModule.cpp
--------------------------------------------------------------------------------
/A-Protect/SubModule.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/SubModule.h
--------------------------------------------------------------------------------
/A-Protect/SystemNotify.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/SystemNotify.cpp
--------------------------------------------------------------------------------
/A-Protect/SystemNotify.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/SystemNotify.h
--------------------------------------------------------------------------------
/A-Protect/SystemThread.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/SystemThread.cpp
--------------------------------------------------------------------------------
/A-Protect/SystemThread.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/SystemThread.h
--------------------------------------------------------------------------------
/A-Protect/TcpView.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/TcpView.cpp
--------------------------------------------------------------------------------
/A-Protect/TcpView.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/TcpView.h
--------------------------------------------------------------------------------
/A-Protect/Tcpip.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/Tcpip.cpp
--------------------------------------------------------------------------------
/A-Protect/Tcpip.h:
--------------------------------------------------------------------------------
1 | #include "stdafx.h"
2 |
3 | #define IRP_MJ_MAXIMUM_FUNCTION 0x1b
4 |
5 | typedef struct _TCPDISPATCH {
6 |
7 | ULONG ulNumber;
8 | ULONG ulTcpDispatch;
9 | ULONG ulCurrentTcpDispatch;
10 | CHAR lpszBaseModule[256];
11 | ULONG ulModuleSize;
12 | ULONG ulModuleBase;
13 | WCHAR lpwzTcpDispatchName[256];
14 | int Hooked; //0 no hook 1 fsd hook 2 fsd inline hook
15 |
16 | } TCPDISPATCH, *PTCPDISPATCH;
17 |
18 | typedef struct _TCPDISPATCHBAKUP {
19 | ULONG ulCount;
20 | TCPDISPATCH TcpDispatch[1];
21 | } TCPDISPATCHBAKUP, *PTCPDISPATCHBAKUP;
22 |
23 | PTCPDISPATCHBAKUP TcpDispatchBakUp;
24 |
25 | CHAR* setClipboardText(CHAR* str);
26 | BOOL IsWindows7();
27 |
28 | CImageList TcpipImg;
29 |
30 | extern BOOL bIsPhysicalCheck;
31 | extern WCHAR PhysicalFile[260];
32 | extern void SaveToFile(CHAR *lpszBuffer,WCHAR *lpwzFilePath);
--------------------------------------------------------------------------------
/A-Protect/UnloadDllModule.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/UnloadDllModule.h
--------------------------------------------------------------------------------
/A-Protect/UserImages.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/UserImages.bmp
--------------------------------------------------------------------------------
/A-Protect/WindowsXPSP3_CN.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/WindowsXPSP3_CN.h
--------------------------------------------------------------------------------
/A-Protect/WorkQueue.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/WorkQueue.cpp
--------------------------------------------------------------------------------
/A-Protect/WorkQueue.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/WorkQueue.h
--------------------------------------------------------------------------------
/A-Protect/ms.cpp:
--------------------------------------------------------------------------------
1 | BOOL CheckFileTrust( LPCWSTR lpFileName )
2 | {
3 | BOOL bRet = FALSE;
4 | WINTRUST_DATA wd = { 0 };
5 | WINTRUST_FILE_INFO wfi = { 0 };
6 | WINTRUST_CATALOG_INFO wci = { 0 };
7 | CATALOG_INFO ci = { 0 };
8 |
9 | HCATADMIN hCatAdmin = NULL;
10 | if ( !CryptCATAdminAcquireContext( &hCatAdmin, NULL, 0 ) )
11 | {
12 | return FALSE;
13 | }
14 |
15 | HANDLE hFile = CreateFileW( lpFileName, GENERIC_READ, FILE_SHARE_READ,
16 | NULL, OPEN_EXISTING, 0, NULL );
17 | if ( INVALID_HANDLE_VALUE == hFile )
18 | {
19 | CryptCATAdminReleaseContext( hCatAdmin, 0 );
20 | return FALSE;
21 | }
22 |
23 | DWORD dwCnt = 100;
24 | BYTE byHash[100];
25 | CryptCATAdminCalcHashFromFileHandle( hFile, &dwCnt, byHash, 0 );
26 | CloseHandle( hFile );
27 |
28 | LPWSTR pszMemberTag = new WCHAR[dwCnt * 2 + 1];
29 | for ( DWORD dw = 0; dw < dwCnt; ++dw )
30 | {
31 | wsprintfW( &pszMemberTag[dw * 2], L"%02X", byHash[dw] );
32 | }
33 |
34 | HCATINFO hCatInfo = CryptCATAdminEnumCatalogFromHash( hCatAdmin,
35 | byHash, dwCnt, 0, NULL );
36 | if ( NULL == hCatInfo )
37 | {
38 | wfi.cbStruct = sizeof( WINTRUST_FILE_INFO );
39 | wfi.pcwszFilePath = lpFileName;
40 | wfi.hFile = NULL;
41 | wfi.pgKnownSubject = NULL;
42 |
43 | wd.cbStruct = sizeof( WINTRUST_DATA );
44 | wd.dwUnionChoice = WTD_CHOICE_FILE;
45 | wd.pFile = &wfi;
46 | wd.dwUIChoice = WTD_UI_NONE;
47 | wd.fdwRevocationChecks = WTD_REVOKE_NONE;
48 | wd.dwStateAction = WTD_STATEACTION_IGNORE;
49 | wd.dwProvFlags = WTD_SAFER_FLAG;
50 | wd.hWVTStateData = NULL;
51 | wd.pwszURLReference = NULL;
52 | }
53 | else
54 | {
55 | CryptCATCatalogInfoFromContext( hCatInfo, &ci, 0 );
56 | wci.cbStruct = sizeof( WINTRUST_CATALOG_INFO );
57 | wci.pcwszCatalogFilePath = ci.wszCatalogFile;
58 | wci.pcwszMemberFilePath = lpFileName;
59 | wci.pcwszMemberTag = pszMemberTag;
60 |
61 | wd.cbStruct = sizeof( WINTRUST_DATA );
62 | wd.dwUnionChoice = WTD_CHOICE_CATALOG;
63 | wd.pCatalog = &wci;
64 | wd.dwUIChoice = WTD_UI_NONE;
65 | wd.fdwRevocationChecks = WTD_STATEACTION_VERIFY;
66 | wd.dwProvFlags = 0;
67 | wd.hWVTStateData = NULL;
68 | wd.pwszURLReference = NULL;
69 | }
70 | GUID action = WINTRUST_ACTION_GENERIC_VERIFY_V2;
71 | HRESULT hr = WinVerifyTrust( NULL, &action, &wd );
72 | bRet = SUCCEEDED( hr );
73 |
74 | delete[] pszMemberTag;
75 | return bRet;
76 | }
--------------------------------------------------------------------------------
/A-Protect/ndis5hlp.cpp:
--------------------------------------------------------------------------------
1 | #include "stdafx.h"
2 | #include "ndis5hlp.h"
3 |
4 | HANDLE PacketOpenAdapter(LPCSTR lpAdapterName, BOOL bOverlapped)
5 | {
6 | HANDLE hDevice;
7 | DWORD dwReturn;
8 | BOOL bResult;
9 | DWORD dwFlag;
10 |
11 | if (bOverlapped == TRUE)
12 | dwFlag = FILE_FLAG_OVERLAPPED;
13 | else
14 | dwFlag = 0;
15 |
16 | char szAdapterDevice[MAX_ADAPTER_NAME_LENGTH + 16] = "\\Device\\";
17 | strcat(szAdapterDevice, lpAdapterName);
18 |
19 | hDevice = CreateFileA(NDIS5PKT_DEVICE_NAME_WIN32,
20 | GENERIC_READ|GENERIC_WRITE, 0, 0, OPEN_EXISTING, dwFlag, 0);
21 | if (hDevice == INVALID_HANDLE_VALUE)
22 | return hDevice;
23 |
24 | bResult = DeviceIoControl(hDevice, IOCTL_NDIS5PKT_BIND_ADAPTER,
25 | szAdapterDevice, strlen(szAdapterDevice)+1, 0, 0, &dwReturn, 0);
26 | ASSERT(bResult == TRUE);
27 |
28 | dwReturn = GetLastError();
29 |
30 | if (!bResult)
31 | {
32 | CloseHandle(hDevice);
33 | hDevice = INVALID_HANDLE_VALUE;
34 |
35 | SetLastError(dwReturn);
36 | }
37 |
38 | return hDevice;
39 | }
40 |
41 | void PacketCloseAdapter(HANDLE hDevice)
42 | {
43 | CloseHandle(hDevice);
44 | }
45 |
46 | BOOL PacketQueryStatistics(HANDLE hDevice, STATISTICS_DATA *sd)
47 | {
48 | DWORD dwReturn;
49 | return DeviceIoControl(hDevice, IOCTL_NDIS5PKT_QUERY_STATISTICS,
50 | NULL, 0, sd, sizeof(STATISTICS_DATA), &dwReturn, 0);
51 | }
52 |
53 | /*
54 | //
55 | // Ndis Packet Filter Bits (OID_GEN_CURRENT_PACKET_FILTER).
56 | //
57 | #define NDIS_PACKET_TYPE_DIRECTED 0x00000001
58 | #define NDIS_PACKET_TYPE_MULTICAST 0x00000002
59 | #define NDIS_PACKET_TYPE_ALL_MULTICAST 0x00000004
60 | #define NDIS_PACKET_TYPE_BROADCAST 0x00000008
61 | #define NDIS_PACKET_TYPE_SOURCE_ROUTING 0x00000010
62 | #define NDIS_PACKET_TYPE_PROMISCUOUS 0x00000020
63 | #define NDIS_PACKET_TYPE_SMT 0x00000040
64 | #define NDIS_PACKET_TYPE_ALL_LOCAL 0x00000080
65 | #define NDIS_PACKET_TYPE_GROUP 0x00001000
66 | #define NDIS_PACKET_TYPE_ALL_FUNCTIONAL 0x00002000
67 | #define NDIS_PACKET_TYPE_FUNCTIONAL 0x00004000
68 | #define NDIS_PACKET_TYPE_MAC_FRAME 0x00008000
69 | */
70 |
71 | BOOL PacketSetPacketFilter(HANDLE hDevice, DWORD dwFilter)
72 | {
73 | DWORD dwReturn;
74 | PACKET_OID_DATA pod;
75 | pod.Oid = OID_GEN_CURRENT_PACKET_FILTER;
76 | *((PLONG)pod.Data) = dwFilter;
77 | return DeviceIoControl(hDevice, IOCTL_NDIS5PKT_SET_OID_VALUE,
78 | &pod, sizeof(pod), &pod, sizeof(pod), &dwReturn, 0);
79 | }
80 |
81 | /*
82 | VOID PacketCloseAdapter(LPADAPTER lpAdapter)
83 | {
84 | CloseHandle(lpAdapter->hFile);
85 | }
86 |
87 | BOOLEAN PacketSetReadTimeout(LPADAPTER AdapterObject,int timeout)
88 | {
89 | return TRUE;
90 | }
91 |
92 | BOOLEAN PacketSetMinToCopy(LPADAPTER AdapterObject,int nbytes)
93 | {
94 | return TRUE;
95 | }
96 |
97 | BOOLEAN PacketSetBuff(LPADAPTER AdapterObject,int dim)
98 | {
99 | return TRUE;
100 | }
101 |
102 | VOID PacketInitPacket(LPPACKET lpPacket,PVOID Buffer,UINT Length)
103 | {
104 | }
105 |
106 | LPPACKET PacketAllocatePacket(void)
107 | {
108 | return new PACKET;
109 | }
110 |
111 | BOOLEAN PacketSetHwFilter(LPADAPTER AdapterObject,ULONG Filter)
112 | {
113 | }
114 |
115 | BOOLEAN PacketGetNetType (LPADAPTER AdapterObject,NetType *type)
116 | {
117 | return TRUE;
118 | }
119 |
120 | LPADAPTER PacketOpenAdapter(PCHAR AdapterName)
121 | {
122 | DWORD dwReturn;
123 | LPADAPTER adapter = new ADAPTER;
124 | adapter->hFile = CreateFile(NDIS5PKT_DEVICE_NAME_WIN32,
125 | GENERIC_READ|GENERIC_WRITE, 0, 0, OPEN_EXISTING, 0, 0);
126 | DeviceIoControl(adapter->hFile, IOCTL_NDIS5PKT_BIND_ADAPTER,
127 | AdapterName, strlen(AdapterName)+1, 0, 0, &dwReturn, 0);
128 | DeviceIoControl(adapter->hFile, IOCTL_NDIS5PKT_OPEN_DEVICE,
129 | AdapterName, strlen(AdapterName)+1, 0, 0, &dwReturn, 0);
130 |
131 | return adapter;
132 | }
133 |
134 | BOOLEAN PacketReceivePacket(LPADAPTER AdapterObject,LPPACKET lpPacket,BOOLEAN Sync)
135 | {
136 | return ReadFile(AdapterObject->hFile, lpPacket->Buffer, lpPacket->Length, &lpPacket->ulBytesReceived, 0);
137 | }
138 |
139 | BOOLEAN PacketSetBpf(LPADAPTER AdapterObject,struct bpf_program *fp)
140 | {
141 | return TRUE;
142 | }
143 |
144 | int main2(int argc, char* argv[])
145 | {
146 | DWORD dwReturn;
147 |
148 | HANDLE hDevice = CreateFile(NDIS5PKT_DEVICE_NAME_WIN32,
149 | GENERIC_READ|GENERIC_WRITE, 0, 0, OPEN_EXISTING, 0, 0);
150 | DeviceIoControl(hDevice, IOCTL_NDIS5PKT_BIND_ADAPTER, L"\\Device\\{CCFB71CF-D487-464B-9A23-7A4586853F38}",
151 | sizeof(L"\\Device\\{CCFB71CF-D487-464B-9A23-7A4586853F38}"), 0, 0, &dwReturn, 0);
152 | DeviceIoControl(hDevice, IOCTL_NDIS5PKT_OPEN_DEVICE, L"\\Device\\{CCFB71CF-D487-464B-9A23-7A4586853F38}",
153 | sizeof(L"\\Device\\{CCFB71CF-D487-464B-9A23-7A4586853F38}"), 0, 0, &dwReturn, 0);
154 |
155 | PACKET_OID_DATA pod;
156 | pod.Oid = OID_GEN_CURRENT_PACKET_FILTER;
157 | *((PLONG)pod.Data) = NDIS_PACKET_TYPE_PROMISCUOUS; //NDIS_PACKET_TYPE_ALL_LOCAL; //NDIS_PACKET_TYPE_DIRECTED; //;
158 | dwReturn = DeviceIoControl(hDevice, IOCTL_NDIS5PKT_SET_OID_VALUE,
159 | &pod, sizeof(pod), &pod, sizeof(pod), &dwReturn, 0);
160 |
161 | pod.Oid = OID_GEN_MAXIMUM_TOTAL_SIZE;
162 | dwReturn = DeviceIoControl(hDevice, IOCTL_NDIS5PKT_QUERY_OID_VALUE,
163 | &pod, sizeof(pod), &pod, sizeof(pod), &dwReturn, 0);
164 |
165 | pod.Oid = OID_GEN_MAXIMUM_FRAME_SIZE;
166 | dwReturn = DeviceIoControl(hDevice, IOCTL_NDIS5PKT_QUERY_OID_VALUE,
167 | &pod, sizeof(pod), &pod, sizeof(pod), &dwReturn, 0);
168 |
169 | if (hDevice != INVALID_HANDLE_VALUE)
170 | {
171 | BYTE buf[1514];
172 | // OVERLAPPED overlapped[16];
173 | // HANDLE e[16];
174 | LONGLONG count = 0;
175 | //
176 | // for (int i=0; i<16; i++)
177 | // {
178 | // overlapped[i].Offset = 0;
179 | // overlapped[i].OffsetHigh = 0;
180 | // e[i] = overlapped[i].hEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
181 | // ReadFile(hDevice, buf[i], 1514, NULL, &overlapped[i]);
182 | // }
183 |
184 | while (1)
185 | {
186 | // DWORD ret = WaitForMultipleObjects(16, e, FALSE, 1000);
187 | // if (ret >= WAIT_OBJECT_0 && ret < WAIT_OBJECT_0 + 16)
188 | // {
189 | // count++;
190 | // ResetEvent(e[i]);
191 | // ReadFile(hDevice, buf[ret - WAIT_OBJECT_0], 1514, NULL, &overlapped[ret - WAIT_OBJECT_0]);
192 | //
193 | // BYTE *p = buf[ret - WAIT_OBJECT_0];
194 | // printf("%d: %02X:%02X:%02X:%02X:%02X:%02X -> %02X:%02X:%02X:%02X:%02X:%02X\n",
195 | // ret - WAIT_OBJECT_0,
196 | // p[6], p[7], p[8], p[9], p[10], p[11],
197 | // p[0], p[1], p[2], p[3], p[4], p[5]);
198 | // }
199 | if (ReadFile(hDevice, buf, 1514, &dwReturn, 0))
200 | {
201 | // printf("P: %02X:%02X:%02X:%02X:%02X:%02X -> %02X:%02X:%02X:%02X:%02X:%02X\n",
202 | // buf[6], buf[7], buf[8], buf[9], buf[10], buf[11],
203 | // buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
204 | }
205 | count++;
206 | if (count%100000 == 0)
207 | {
208 | STATISTICS_DATA stat;
209 | DeviceIoControl(hDevice, IOCTL_NDIS5PKT_QUERY_STATISTICS,
210 | NULL, 0, &stat, sizeof(stat), &dwReturn, 0);
211 | printf("Rx: %I64d, Drop: %I64d\n", stat.ReceivedPackets, stat.DroppedPackets);
212 | }
213 | }
214 | // while (1)
215 | // {
216 | // DWORD dwRead;
217 | // BYTE buf[1514];
218 | // if (ReadFile(hDevice, buf, 1514, &dwRead, 0))
219 | // {
220 | // printf("P: %02X:%02X:%02X:%02X:%02X:%02X -> %02X:%02X:%02X:%02X:%02X:%02X\n",
221 | // buf[6], buf[7], buf[8], buf[9], buf[10], buf[11],
222 | // buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
223 | // }
224 | // }
225 | }
226 | //CloseHandle(hDevice);
227 | return 0;
228 | }
229 |
230 | */
--------------------------------------------------------------------------------
/A-Protect/ndis5hlp.h:
--------------------------------------------------------------------------------
1 | #ifndef _NDIS5HLP_H
2 | #define _NDIS5HLP_H 1
3 |
4 | #include
5 |
6 | #pragma comment(lib, "ws2_32.lib")
7 |
8 | #include "..\TcpSnifferDriver\ndis5pkt.h"
9 |
10 | HANDLE PacketOpenAdapter(LPCSTR lpAdapterName, BOOL bOverlapped = FALSE);
11 | void PacketCloseAdapter(HANDLE hDevice);
12 | BOOL PacketSetPacketFilter(HANDLE hDevice, DWORD dwFilter);
13 | BOOL PacketQueryStatistics(HANDLE hDevice, STATISTICS_DATA *sd);
14 |
15 | inline
16 | BOOL PacketRead(HANDLE hDevice, LPVOID lpBuffer, LPDWORD lpLength, LPOVERLAPPED lpOverlapped = NULL)
17 | {
18 | return ReadFile(hDevice, lpBuffer, *lpLength, lpLength, lpOverlapped);
19 | // return DeviceIoControl(hDevice, IOCTL_NDIS5PKT_READ, NULL, 0, lpBuffer, *lpLength, lpLength, lpOverlapped);
20 | }
21 |
22 | inline
23 | BOOL PacketWrite(HANDLE hDevice, LPVOID lpBuffer, LPDWORD lpLength, LPOVERLAPPED lpOverlapped = NULL)
24 | {
25 | return WriteFile(hDevice, lpBuffer, *lpLength, lpLength, lpOverlapped);
26 | }
27 |
28 | #endif
--------------------------------------------------------------------------------
/A-Protect/ntdll.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/ntdll.lib
--------------------------------------------------------------------------------
/A-Protect/res/A-Protect.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/A-Protect.bmp
--------------------------------------------------------------------------------
/A-Protect/res/A-Protect.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/A-Protect.ico
--------------------------------------------------------------------------------
/A-Protect/res/A-Protect1.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/A-Protect1.ico
--------------------------------------------------------------------------------
/A-Protect/res/A-ProtectDoc.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/A-ProtectDoc.ico
--------------------------------------------------------------------------------
/A-Protect/res/AProteaaact.rc2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/AProteaaact.rc2
--------------------------------------------------------------------------------
/A-Protect/res/DPC定时器.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/DPC定时器.ico
--------------------------------------------------------------------------------
/A-Protect/res/Dispatch.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/Dispatch.ico
--------------------------------------------------------------------------------
/A-Protect/res/Eye.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/Eye.ico
--------------------------------------------------------------------------------
/A-Protect/res/GDriver.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/GDriver.ico
--------------------------------------------------------------------------------
/A-Protect/res/Hips.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/Hips.ico
--------------------------------------------------------------------------------
/A-Protect/res/IO定时器.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/IO定时器.ico
--------------------------------------------------------------------------------
/A-Protect/res/KernelHook.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/KernelHook.ico
--------------------------------------------------------------------------------
/A-Protect/res/KernelModule.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/KernelModule.ico
--------------------------------------------------------------------------------
/A-Protect/res/KernelThread.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/KernelThread.ico
--------------------------------------------------------------------------------
/A-Protect/res/MyAProtect.rc2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/MyAProtect.rc2
--------------------------------------------------------------------------------
/A-Protect/res/Nsiproxy.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/Nsiproxy.ico
--------------------------------------------------------------------------------
/A-Protect/res/ObjectHook.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/ObjectHook.ico
--------------------------------------------------------------------------------
/A-Protect/res/Other.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/Other.ico
--------------------------------------------------------------------------------
/A-Protect/res/Process.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/Process.ico
--------------------------------------------------------------------------------
/A-Protect/res/ProtectSetting.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/ProtectSetting.ico
--------------------------------------------------------------------------------
/A-Protect/res/Services.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/Services.ico
--------------------------------------------------------------------------------
/A-Protect/res/ShadowSSDT.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/ShadowSSDT.ico
--------------------------------------------------------------------------------
/A-Protect/res/Ssdt.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/Ssdt.ico
--------------------------------------------------------------------------------
/A-Protect/res/TcpSniffer.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/TcpSniffer.ico
--------------------------------------------------------------------------------
/A-Protect/res/Tcpview.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/Tcpview.ico
--------------------------------------------------------------------------------
/A-Protect/res/Toolbar.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/Toolbar.bmp
--------------------------------------------------------------------------------
/A-Protect/res/Toolbar256.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/Toolbar256.bmp
--------------------------------------------------------------------------------
/A-Protect/res/atapi.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/atapi.ico
--------------------------------------------------------------------------------
/A-Protect/res/new.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/new.ico
--------------------------------------------------------------------------------
/A-Protect/res/ntfs-Fsd.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/ntfs-Fsd.ico
--------------------------------------------------------------------------------
/A-Protect/res/null.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/null.ico
--------------------------------------------------------------------------------
/A-Protect/res/tcpip.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/tcpip.ico
--------------------------------------------------------------------------------
/A-Protect/res/内核钩子.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/内核钩子.ico
--------------------------------------------------------------------------------
/A-Protect/res/启动项.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/启动项.ico
--------------------------------------------------------------------------------
/A-Protect/res/工作队列线程.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/工作队列线程.ico
--------------------------------------------------------------------------------
/A-Protect/res/开启监控-刷新.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/开启监控-刷新.ico
--------------------------------------------------------------------------------
/A-Protect/res/本机所有数据.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/本机所有数据.ico
--------------------------------------------------------------------------------
/A-Protect/res/监控设置.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/监控设置.ico
--------------------------------------------------------------------------------
/A-Protect/res/系统回调.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/系统回调.ico
--------------------------------------------------------------------------------
/A-Protect/res/系统线程.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/系统线程.ico
--------------------------------------------------------------------------------
/A-Protect/res/线程创建.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/线程创建.ico
--------------------------------------------------------------------------------
/A-Protect/res/键盘.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/键盘.ico
--------------------------------------------------------------------------------
/A-Protect/res/鼠标.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/res/鼠标.ico
--------------------------------------------------------------------------------
/A-Protect/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/resource.h
--------------------------------------------------------------------------------
/A-Protect/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/stdafx.cpp
--------------------------------------------------------------------------------
/A-Protect/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/stdafx.h
--------------------------------------------------------------------------------
/A-Protect/targetver.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/targetver.h
--------------------------------------------------------------------------------
/A-Protect/tcpdump.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/tcpdump.cpp
--------------------------------------------------------------------------------
/A-Protect/tcpdump.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/tcpdump.h
--------------------------------------------------------------------------------
/A-Protect/uninstall360.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/A-Protect/uninstall360.cpp
--------------------------------------------------------------------------------
/A-Protect/uninstall360.h:
--------------------------------------------------------------------------------
1 | #include
2 | #include "stdafx.h"
3 | #include
4 | #include
5 | #include
6 |
7 | #pragma comment(lib,"shlwapi.lib")
8 |
9 | void enum_path(char *cpath);
10 | BOOL GetAntiVirusBin(char *lpszKey,char *lpszValue,char *lpDirectory);
11 | VOID Uninstall360();
--------------------------------------------------------------------------------
/CLEAN.BAT:
--------------------------------------------------------------------------------
1 | @echo off
2 | echo ----------------------------------------------------
3 | echo Press any key to delete all files with ending:
4 | echo *.aps *.idb *.ncp *.obj *.pch *.tmp *.sbr
5 | echo Visual c++/.Net junk
6 | echo ----------------------------------------------------
7 |
8 | del /F /Q /S *.aps *.idb *.ncp *.obj *.ipch *.log *.pch *.sbr *.tmp *.pdb *.bsc *.map *.ilk *.res *.ncb *.opt *.suo *.manifest *.dep *.tlog *.sdf *.plg *.unsuccessfulbuild *.successfulbuild *.exp
9 |
10 | rmdir /S /Q ipch
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/Driver/AntiInlineHook.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/AntiInlineHook.c
--------------------------------------------------------------------------------
/Driver/AntiInlineHook.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/AntiInlineHook.h
--------------------------------------------------------------------------------
/Driver/Atapi.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/Atapi.c
--------------------------------------------------------------------------------
/Driver/Atapi.h:
--------------------------------------------------------------------------------
1 | #ifndef _ATAPI_H_
2 | #define _ATAPI_H_
3 |
4 | #include "ntifs.h"
5 | #include
6 | #include "InitWindowsVersion.h"
7 | #include "ntos.h"
8 |
9 | BOOL PeLoad(
10 | WCHAR *FileFullPath,
11 | BYTE **ImageModeleBase,
12 | PDRIVER_OBJECT DeviceObject,
13 | DWORD ExistImageBase
14 | );
15 |
16 | NTSTATUS GetDriverObject(
17 | WCHAR *lpwzDevice,
18 | PDRIVER_OBJECT *PDriverObject
19 | );
20 |
21 | //IRP_MJ_MAXIMUM_FUNCTION
22 |
23 | typedef struct _ATAPIDISPATCH {
24 | ULONG ulNumber;
25 | ULONG ulAtapiDispatch;
26 | ULONG ulCurrentAtapiDispatch;
27 | CHAR lpszBaseModule[256];
28 | ULONG ulModuleSize;
29 | ULONG ulModuleBase;
30 | WCHAR lpwzAtapiDispatchName[256];
31 | int Hooked;
32 | } ATAPIDISPATCH, *PATAPIDISPATCH;
33 |
34 | typedef struct _ATAPIDISPATCHBAKUP {
35 | ULONG ulCount;
36 | ATAPIDISPATCH AtapiDispatch[1];
37 | } ATAPIDISPATCHBAKUP, *PATAPIDISPATCHBAKUP;
38 |
39 | PATAPIDISPATCHBAKUP AtapiDispatchBakUp;
40 |
41 | ULONG ulAtapiModuleBase;
42 | ULONG ulAtapiModuleSize;
43 |
44 | ULONG ulReLoadAtapiModuleBase;
45 |
46 | extern BOOL DebugOn;
47 |
48 | PDRIVER_OBJECT PAtapiDriverObjectBakup;
49 |
50 | ULONG ulReal_ATAPI_IRP_MJ_CREATE;
51 | ULONG ulReal_ATAPI_IRP_MJ_CLOSE;
52 |
53 | ULONG ulReal_ATAPI_IRP_MJ_DEVICE_CONTROL;
54 | ULONG ulReal_ATAPI_IRP_MJ_INTERNAL_DEVICE_CONTROL;
55 |
56 | ULONG ulReal_ATAPI_IRP_MJ_POWER;
57 | ULONG ulReal_ATAPI_IRP_MJ_SYSTEM_CONTROL;
58 |
59 | ULONG ulReal_ATAPI_IRP_MJ_PNP_POWER;
60 | ULONG ulReal_DriverStartIo;
61 |
62 |
63 | ULONG IRP_DRIVER_START_IO;
64 |
65 | BOOL PeLoad(
66 | WCHAR *FileFullPath,
67 | BYTE **ImageModeleBase,
68 | PDRIVER_OBJECT DeviceObject,
69 | DWORD ExistImageBase
70 | );
71 |
72 | NTSTATUS GetDriverObject(
73 | WCHAR *lpwzDevice,
74 | PDRIVER_OBJECT *PDriverObject
75 | );
76 |
77 | BOOL IsAddressInSystem(
78 | ULONG ulDriverBase,
79 | ULONG *ulSysModuleBase,
80 | ULONG *ulSize,
81 | char *lpszSysModuleImage
82 | );
83 |
84 | unsigned long __fastcall GetFunctionCodeSize(
85 | void *Proc
86 | );
87 |
88 | PIMAGE_NT_HEADERS RtlImageNtHeader(PVOID ImageBase);
89 |
90 | HANDLE MapFileAsSection(PUNICODE_STRING FileName,PVOID *ModuleBase);
91 |
92 | BOOL GetDriverEntryPoint(PVOID ImageBase,DWORD *pOutDriverEntry);
93 |
94 | #endif
--------------------------------------------------------------------------------
/Driver/Common.h:
--------------------------------------------------------------------------------
1 | #ifndef _COMMON_H_
2 | #define _COMMON_H_
3 |
4 | #include "ntiologc.h"
5 | #include "ntimage.h"
6 | ///////////////////////////////////////////////
7 |
8 | typedef struct _PROCESS_MODULE_INFORMATION {
9 | ULONG ModuleBase;
10 | ULONG ModuleLength;
11 | WCHAR szFilePath[256];
12 | }PROCESS_MODULE_INFORMATION,*PPROCESS_MODULE_INFORMATION;
13 |
14 | typedef struct _PROCESS_MEMORY_CONTROL_THUNK{
15 | PEPROCESS Process;
16 | PVOID Address;
17 | ULONG isWrite; //if equal to 0, means read
18 | PVOID Buffer;
19 | ULONG Length;
20 | }PROCESS_MEMORY_CONTROL_THUNK,*PPROCESS_MEMORY_CONTROL_THUNK;
21 |
22 | typedef struct _PROCESS_UNLOAD_MODULE{
23 | PEPROCESS Process;
24 | PVOID ModuleBase;
25 | }PROCESS_UNLOAD_MODULE,*PPROCESS_UNLOAD_MODULE;
26 |
27 | typedef struct _DRIVER_FUNCTION_CALL_INFORMATION
28 | {
29 | ULONG FunctionCode;
30 | PVOID InUserBuffer;
31 | ULONG InUserBufferLength;
32 | PVOID OutUserBuffer;
33 | ULONG OutUserBufferLength;
34 | ULONG LengthReturned;
35 | ULONG LengthRequired;
36 | NTSTATUS ReturnStatus;
37 | }DRIVER_FUNCTION_CALL_INFORMATION,*PDRIVER_FUNCTION_CALL_INFORMATION;
38 |
39 | ///////////////////////////////////////////////
40 |
41 | typedef struct _OBJECT_TYPE_INITIALIZER {
42 | USHORT Length;
43 | BOOLEAN UseDefaultObject;
44 | BOOLEAN CaseInsensitive;
45 | ULONG InvalidAttributes;
46 | GENERIC_MAPPING GenericMapping;
47 | ULONG ValidAccessMask;
48 | BOOLEAN SecurityRequired;
49 | BOOLEAN MaintainHandleCount;
50 | BOOLEAN MaintainTypeList;
51 | POOL_TYPE PoolType;
52 | ULONG DefaultPagedPoolCharge;
53 | ULONG DefaultNonPagedPoolCharge;
54 | PVOID DumpProcedure;
55 | PVOID OpenProcedure;
56 | PVOID CloseProcedure;
57 | PVOID DeleteProcedure;
58 | PVOID ParseProcedure;
59 | PVOID SecurityProcedure;
60 | PVOID QueryNameProcedure;
61 | PVOID OkayToCloseProcedure;
62 | } OBJECT_TYPE_INITIALIZER, *POBJECT_TYPE_INITIALIZER;
63 |
64 | typedef struct _OBJECT_TYPE {
65 | ERESOURCE Mutex;
66 | LIST_ENTRY TypeList;
67 | UNICODE_STRING Name; // Copy from object header for convenience
68 | PVOID DefaultObject;
69 | ULONG Index;
70 | ULONG TotalNumberOfObjects;
71 | ULONG TotalNumberOfHandles;
72 | ULONG HighWaterNumberOfObjects;
73 | ULONG HighWaterNumberOfHandles;
74 | OBJECT_TYPE_INITIALIZER TypeInfo;
75 | #ifdef POOL_TAGGING
76 | ULONG Key;
77 | #endif //POOL_TAGGING
78 | } OBJECT_TYPE, *POBJECT_TYPE;
79 |
80 | typedef struct _OBJECT_HEADER
81 | {
82 | LONG_PTR PointerCount;
83 | union
84 | {
85 | LONG_PTR HandleCount;
86 | PVOID NextToFree;
87 | };
88 | POBJECT_TYPE Type;
89 | UCHAR NameInfoOffset;
90 | UCHAR HandleInfoOffset;
91 | UCHAR QuotaInfoOffset;
92 | UCHAR Flags;
93 | union
94 | {
95 | PVOID ObjectCreateInfo;
96 | PVOID QuotaBlockCharged;
97 | };
98 | PSECURITY_DESCRIPTOR SecurityDescriptor;
99 | QUAD Body;
100 | } OBJECT_HEADER, *POBJECT_HEADER;
101 |
102 | #define RVATOVA(base,rva) ((ULONG)rva-(ULONG)base)
103 |
104 | typedef struct _RTL_PROCESS_MODULE_INFORMATION {
105 | HANDLE Section; // Not filled in
106 | PVOID MappedBase;
107 | PVOID ImageBase;
108 | ULONG ImageSize;
109 | ULONG Flags;
110 | USHORT LoadOrderIndex;
111 | USHORT InitOrderIndex;
112 | USHORT LoadCount;
113 | USHORT OffsetToFileName;
114 | CHAR FullPathName[ 256 ];
115 | } RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION;
116 |
117 | typedef struct _RTL_PROCESS_MODULES {
118 | ULONG NumberOfModules;
119 | RTL_PROCESS_MODULE_INFORMATION Modules[ 1 ];
120 | } RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES;
121 |
122 |
123 | typedef struct _CONTROL_AREA // 0x30
124 | {
125 | PVOID Segment; // +0x0(0x4)
126 | LIST_ENTRY DereferenceList; // +0x4(0x8)
127 | ULONG NumberOfSectionReferences; // +0xc(0x4)
128 | ULONG NumberOfPfnReferences; // +0x10(0x4)
129 | ULONG NumberOfMappedViews; // +0x14(0x4)
130 | USHORT NumberOfSubsections; // +0x18(0x2)
131 | USHORT FlushInProgressCount; // +0x1a(0x2)
132 | ULONG NumberOfUserReferences; // +0x1c(0x4)
133 | ULONG Flags;
134 | PFILE_OBJECT FilePointer; // +0x24(0x4)
135 | PVOID WaitingForDeletion; // +0x28(0x4)
136 | USHORT ModifiedWriteCount; // +0x2c(0x2)
137 | USHORT NumberOfSystemCacheViews; // +0x2e(0x2)
138 | }CONTROL_AREA,*PCONTROL_AREA;
139 |
140 | typedef struct _SEGMENT_OBJECT // 0x30
141 | {
142 | PVOID BaseAddress; // +0x0(0x4)
143 | ULONG TotalNumberOfPtes; // +0x4(0x4)
144 | LARGE_INTEGER SizeOfSegment; // +0x8(0x8)
145 | ULONG NonExtendedPtes; // +0x10(0x4)
146 | ULONG ImageCommitment; // +0x14(0x4)
147 | PCONTROL_AREA ControlArea; // +0x18(0x4)
148 | PVOID Subsection; // +0x1c(0x4)
149 | PVOID LargeControlArea; // +0x20(0x4)
150 | PVOID MmSectionFlags; // +0x24(0x4)
151 | PVOID MmSubSectionFlags; // +0x28(0x4)
152 | }SEGMENT_OBJECT,*PSEGMENT_OBJECT;
153 |
154 | typedef struct _SECTION_OBJECT // 0x18
155 | {
156 | PVOID StartingVa; // +0x0(0x4)
157 | PVOID EndingVa; // +0x4(0x4)
158 | PVOID Parent; // +0x8(0x4)
159 | PVOID LeftChild; // +0xc(0x4)
160 | PVOID RightChild; // +0x10(0x4)
161 | PSEGMENT_OBJECT Segment; // +0x14(0x4)
162 | }SECTION_OBJECT, *PSECTION_OBJECT;
163 |
164 | typedef struct _SEGMENT_FLAGS {
165 | ULONG_PTR TotalNumberOfPtes4132 : 10;
166 | ULONG_PTR ExtraSharedWowSubsections : 1;
167 | ULONG_PTR LargePages : 1;
168 | #if defined (_WIN64)
169 | ULONG_PTR Spare : 52;
170 | #else
171 | ULONG_PTR Spare : 20;
172 | #endif
173 | } SEGMENT_FLAGS, *PSEGMENT_FLAGS;
174 |
175 | typedef struct _SEGMENT {
176 | PCONTROL_AREA ControlArea;
177 | ULONG TotalNumberOfPtes;
178 | ULONG NonExtendedPtes;
179 | ULONG Spare0;
180 | //...
181 | } SEGMENT, *PSEGMENT;
182 |
183 | typedef struct _MMADDRESS_NODE {
184 | union {
185 | LONG_PTR Balance : 2;
186 | struct _MMADDRESS_NODE *Parent;
187 | } u1;
188 | struct _MMADDRESS_NODE *LeftChild;
189 | struct _MMADDRESS_NODE *RightChild;
190 | ULONG_PTR StartingVpn;
191 | ULONG_PTR EndingVpn;
192 | } MMADDRESS_NODE, *PMMADDRESS_NODE;
193 |
194 | typedef struct _MMSECTION_FLAGS {
195 | unsigned BeingDeleted : 1;
196 | unsigned BeingCreated : 1;
197 | unsigned BeingPurged : 1;
198 | unsigned NoModifiedWriting : 1;
199 |
200 | unsigned FailAllIo : 1;
201 | unsigned Image : 1;
202 | unsigned Based : 1;
203 | unsigned File : 1;
204 |
205 | unsigned Networked : 1;
206 | unsigned NoCache : 1;
207 | unsigned PhysicalMemory : 1;
208 | unsigned CopyOnWrite : 1;
209 |
210 | unsigned Reserve : 1; // not a spare bit!
211 | unsigned Commit : 1;
212 | unsigned FloppyMedia : 1;
213 | unsigned WasPurged : 1;
214 |
215 | unsigned UserReference : 1;
216 | unsigned GlobalMemory : 1;
217 | unsigned DeleteOnClose : 1;
218 | unsigned FilePointerNull : 1;
219 |
220 | unsigned DebugSymbolsLoaded : 1;
221 | unsigned SetMappedFileIoComplete : 1;
222 | unsigned CollidedFlush : 1;
223 | unsigned NoChange : 1;
224 |
225 | unsigned filler0 : 1;
226 | unsigned ImageMappedInSystemSpace : 1;
227 | unsigned UserWritable : 1;
228 | unsigned Accessed : 1;
229 |
230 | unsigned GlobalOnlyPerSession : 1;
231 | unsigned Rom : 1;
232 | unsigned WriteCombined : 1;
233 | unsigned filler : 1;
234 | } MMSECTION_FLAGS;
235 |
236 | typedef ULONG MM_PROTECTION_MASK;
237 |
238 | typedef struct _SECTION {
239 | MMADDRESS_NODE Address;
240 | PSEGMENT Segment;
241 | LARGE_INTEGER SizeOfSection;
242 | union {
243 | ULONG LongFlags;
244 | MMSECTION_FLAGS Flags;
245 | } u;
246 | MM_PROTECTION_MASK InitialPageProtection;
247 | } SECTION, *PSECTION;
248 |
249 | struct _KPRCB // 0xc50
250 | {
251 | USHORT MinorVersion; // +0x0(0x2)
252 | USHORT MajorVersion; // +0x2(0x2)
253 | PETHREAD CurrentThread; // +0x4(0x4)
254 | PETHREAD NextThread; // +0x8(0x4)
255 | PETHREAD IdleThread; // +0xc(0x4)
256 | CHAR Number; // +0x10(0x1)
257 | CHAR Reserved; // +0x11(0x1)
258 | USHORT BuildType; // +0x12(0x2)
259 | ULONG SetMember; // +0x14(0x4)
260 | CHAR CpuType; // +0x18(0x1)
261 | CHAR CpuID; // +0x19(0x1)
262 | USHORT CpuStep; // +0x1a(0x2)
263 | }KPRCB,*PKPRCB;
264 |
265 | typedef struct _HANDLE_TABLE_ENTRY_INFO {
266 | ACCESS_MASK AuditMask;
267 | } HANDLE_TABLE_ENTRY_INFO, *PHANDLE_TABLE_ENTRY_INFO;
268 |
269 | typedef struct _HANDLE_TABLE_ENTRY {
270 | union {
271 | PVOID Object;
272 | ULONG ObAttributes;
273 | PHANDLE_TABLE_ENTRY_INFO InfoTable;
274 | ULONG_PTR Value;
275 | };
276 | union {
277 | union {
278 | ACCESS_MASK GrantedAccess;
279 | struct {
280 |
281 | USHORT GrantedAccessIndex;
282 | USHORT CreatorBackTraceIndex;
283 | };
284 | };
285 | LONG NextFreeTableEntry;
286 | };
287 | } HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY;
288 |
289 | typedef struct _AUX_ACCESS_DATA {
290 | PPRIVILEGE_SET PrivilegesUsed;
291 | GENERIC_MAPPING GenericMapping;
292 | ACCESS_MASK AccessesToAudit;
293 | ACCESS_MASK MaximumAuditMask;
294 | ULONG Unknown[41];
295 | } AUX_ACCESS_DATA, *PAUX_ACCESS_DATA;
296 |
297 | extern POBJECT_TYPE *LpcPortObjectType;
298 | extern POBJECT_TYPE *PsProcessType;
299 |
300 | NTKERNELAPI
301 | NTSTATUS
302 | SeCreateAccessState(
303 | PACCESS_STATE AccessState,
304 | PAUX_ACCESS_DATA AuxData,
305 | ACCESS_MASK DesiredAccess,
306 | PGENERIC_MAPPING GenericMapping
307 | );
308 |
309 | NTKERNELAPI
310 | VOID
311 | SeDeleteAccessState(
312 | PACCESS_STATE AccessState
313 | );
314 |
315 | NTKERNELAPI
316 | NTSTATUS
317 | ObCreateObject(
318 | IN KPROCESSOR_MODE ProbeMode,
319 | IN POBJECT_TYPE ObjectType,
320 | IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
321 | IN KPROCESSOR_MODE OwnershipMode,
322 | IN OUT PVOID ParseContext OPTIONAL,
323 | IN ULONG ObjectBodySize,
324 | IN ULONG PagedPoolCharge,
325 | IN ULONG NonPagedPoolCharge,
326 | OUT PVOID *Object
327 | );
328 |
329 | #endif
--------------------------------------------------------------------------------
/Driver/Control.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/Control.c
--------------------------------------------------------------------------------
/Driver/Control.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/Control.h
--------------------------------------------------------------------------------
/Driver/DeleteFile.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/DeleteFile.c
--------------------------------------------------------------------------------
/Driver/DeleteFile.h:
--------------------------------------------------------------------------------
1 | #ifndef _DELETE_FILE_H_
2 | #define _DELETE_FILE_H_
3 |
4 | #include "ntifs.h"
5 | #include "ntos.h"
6 |
7 | ULONG ulImageSectionObject;
8 | ULONG ulDataSectionObject;
9 | ULONG ulSharedCacheMap;
10 |
11 | BOOLEAN
12 | SKillDeleteFile(
13 | IN HANDLE FileHandle
14 | );
15 |
16 | HANDLE
17 | SkillIoOpenFile(
18 | IN PCWSTR FileName,
19 | IN ACCESS_MASK DesiredAccess,
20 | IN ULONG ShareAccess
21 | );
22 | #endif
--------------------------------------------------------------------------------
/Driver/DpcTimer.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/DpcTimer.c
--------------------------------------------------------------------------------
/Driver/DpcTimer.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/DpcTimer.h
--------------------------------------------------------------------------------
/Driver/DriverHips.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/DriverHips.c
--------------------------------------------------------------------------------
/Driver/DriverHips.h:
--------------------------------------------------------------------------------
1 | #ifndef _DRIVER_HIPS_H_
2 | #define _DRIVER_HIPS_H_
3 |
4 | #include "ntifs.h"
5 | #include "ntos.h"
6 | #include "ldasm.h"
7 |
8 | typedef BOOLEAN (__stdcall *SeSinglePrivilegeCheck_1)(
9 | __in LUID PrivilegeValue,
10 | __in KPROCESSOR_MODE PreviousMode
11 | );
12 |
13 | SeSinglePrivilegeCheck_1 OldSeSinglePrivilegeCheck;
14 |
15 | int SeSinglePrivilegeCheckPatchCodeLen = 0;
16 | PVOID SeSinglePrivilegeCheckRet;
17 |
18 | int SeSinglePrivilegeCheckHooked = FALSE;
19 |
20 | ULONG ulNtLoadDriverBase,ulReloadNtLoadDriverBase,ulNtLoadDriverSize;
21 | ULONG ulZwSetSystemInformationBase,ulReloadZwSetSystemInformationBase,ulZwSetSystemInformationSize;
22 |
23 | ULONG ulSeSinglePrivilegeCheck;
24 | ULONG ulReloadSeSinglePrivilegeCheck;
25 |
26 | extern BYTE *ImageModuleBase;
27 | extern ULONG SystemKernelModuleBase;
28 | extern ULONG SystemKernelModuleSize;
29 |
30 | extern PEPROCESS ProtectEProcess;
31 |
32 | extern BOOL bKernelSafeModule;
33 |
34 | ULONG GetSystemRoutineAddress(
35 | int IntType,
36 | PVOID lpwzFunction
37 | );
38 |
39 | NTSTATUS SafeCopyMemory(PVOID SrcAddr, PVOID DstAddr, ULONG Size);
40 |
41 | #endif
--------------------------------------------------------------------------------
/Driver/FileSystem.h:
--------------------------------------------------------------------------------
1 | // from: http://blog.csdn.net/cooblily/archive/2008/02/04/2080822.aspx
2 |
3 | #ifndef _FILESYSTEM_H_
4 | #define _FILESYSTEM_H_
5 |
6 | extern BOOL DebugOn;
7 |
8 | //
9 | // IoCompletionRoutine
10 | //
11 | // This routine is used to handle I/O (read OR write) completion
12 | //
13 | // Inputs:
14 | // DeviceObject - not used
15 | // Irp - the I/O operation being completed
16 | // Context - not used
17 | //
18 | // Outputs:
19 | // None.
20 | //
21 | // Returns:
22 | // STATUS_MORE_PROCESSING_REQUIRED
23 | //
24 | // Notes:
25 | // The purpose of this routine is to do "cleanup" on I/O operations
26 | // so we don''t constantly throw away perfectly good MDLs as part of
27 | // completion processing.
28 | //
29 | NTSTATUS
30 | IoCompletionRoutine(
31 | IN PDEVICE_OBJECT DeviceObject,
32 | IN PIRP Irp,
33 | IN PVOID Context
34 | );
35 | //
36 | // IrpCreateFile
37 | //
38 | // This routine is used as NtCreateFile but first and third parameter.
39 | //
40 | // Inputs:
41 | // DesiredAccess - Specifies an ACCESS_MASK value that determines
42 | // the requested access to the object.
43 | // FilePath - Path of file to create,as L"C:\\Windows"(Unicode).
44 | // AllocationSize - Pointer to a LARGE_INTEGER that contains the initial allocation
45 | // size, in bytes, for a file that is created or overwritten.
46 | // FileAttributes - Specifies one or more FILE_ATTRIBUTE_XXX flags, which represent
47 | // the file attributes to set if you are creating or overwriting a file.
48 | // ShareAccess - Type of share access.
49 | // CreateDisposition - Specifies the action to perform if the file does or does not exist.
50 | // CreateOptions - Specifies the options to apply when creating or opening the file.
51 | // EaBuffer - For device and intermediate drivers, this parameter must be a NULL pointer.
52 | // EaLength - For device and intermediate drivers, this parameter must be zero.
53 | //
54 | // Ouputs:
55 | // FileObject - Pointer to a PFILE_OBJECT variable that receives a PFILE_OBJECT to the file.
56 | // IoStatusBlock - Pointer to an IO_STATUS_BLOCK structure that receives the final
57 | // completion status and information about the requested read operation.
58 | //
59 | // Returns:
60 | // The IRP send status.
61 | //
62 | // Notes:
63 | // This is equivalent to NtCreateFile,but return FILE_OBJECT not HANDLE.
64 | //
65 | NTSTATUS
66 | IrpCreateFile(
67 | IN PUNICODE_STRING FilePath,
68 | IN ACCESS_MASK DesiredAccess,
69 | IN ULONG FileAttributes,
70 | IN ULONG ShareAccess,
71 | IN ULONG CreateDisposition,
72 | IN ULONG CreateOptions,
73 | IN PDEVICE_OBJECT DeviceObject,
74 | IN PDEVICE_OBJECT RealDevice,
75 | OUT PFILE_OBJECT *FileObject
76 | );
77 | //
78 | // IrpClose
79 | //
80 | // This routine is used as ObDereferenceObject.
81 | //
82 | // Inputs:
83 | // FileObject - Pointer to a PFILE_OBJECT variable that will close
84 | //
85 | // Ouputs:
86 | // IoStatusBlock - Pointer to an IO_STATUS_BLOCK structure that receives the final
87 | // completion status and information about the requested read operation.
88 | //
89 | // Returns:
90 | // The IRP send status.
91 | //
92 | // Notes:
93 | // This is equivalent to ObDereferenceObject
94 | //
95 | NTSTATUS
96 | IrpClose(
97 | IN PFILE_OBJECT FileObject
98 | );
99 | //
100 | // IrpQueryDirectoryFile
101 | //
102 | // This routine is used as NtQueryDirectoryFile.
103 | //
104 | // Inputs:
105 | // FileObject - Pointer to a PFILE_OBJECT.
106 | // Length - Size, in bytes, of the buffer pointed to by FileInformation. The caller
107 | // should set this parameter according to the given FileInformationClass.
108 | // FileInformationClass - Type of information to be returned about files in the directory.
109 | // FileName - Pointer to a caller-allocated Unicode string containing the name of a file
110 | // (or multiple files, if wildcards are used) within the directory specified by FileHandle.
111 | // This parameter is optional and can be NULL.
112 | //
113 | // Ouputs:
114 | // IoStatusBlock - Pointer to an IO_STATUS_BLOCK structure that receives the final
115 | // completion status and information about the requested read operation.
116 | // FileInformation - Pointer to a buffer that receives the desired
117 | // information about the file.
118 | //
119 | // Returns:
120 | // The IRP send status.
121 | //
122 | // Notes:
123 | // This is equivalent to NtQueryDirectoryFile, but no ApcRoutine.
124 | //
125 | NTSTATUS
126 | IrpQueryDirectoryFile(
127 | IN PFILE_OBJECT FileObject,
128 | OUT PIO_STATUS_BLOCK IoStatusBlock,
129 | OUT PVOID FileInformation,
130 | IN ULONG Length,
131 | IN FILE_INFORMATION_CLASS FileInformationClass,
132 | IN PUNICODE_STRING FileName OPTIONAL
133 | );
134 | //
135 | // IrpQueryInformationFile
136 | //
137 | // This routine is used as NtQueryInformationFile.
138 | //
139 | // Inputs:
140 | // FileObject - Pointer to a PFILE_OBJECT.
141 | // Length - Size, in bytes, of the buffer pointed to by FileInformation. The caller
142 | // should set this parameter according to the given FileInformationClass.
143 | // FileInformationClass - Type of information to be returned about files in the directory.
144 | //
145 | // Ouputs:
146 | // IoStatusBlock - Pointer to an IO_STATUS_BLOCK structure that receives the final
147 | // completion status and information about the requested read operation.
148 | // FileInformation - Pointer to a buffer that receives the desired
149 | // information about the file.
150 | //
151 | // Returns:
152 | // The IRP send status.
153 | //
154 | // Notes:
155 | // This is equivalent to NtQueryInformationFile.
156 | //
157 | NTSTATUS
158 | IrpQueryInformationFile(
159 | IN PFILE_OBJECT FileObject,
160 | IN PDEVICE_OBJECT DeviceObject,
161 | OUT PVOID FileInformation,
162 | IN ULONG Length,
163 | IN FILE_INFORMATION_CLASS FileInformationClass);
164 | //
165 | // IrpSetInformationFile
166 | //
167 | // This routine is used as NtSetInformationFile.
168 | //
169 | // Inputs:
170 | // FileObject - Pointer to a PFILE_OBJECT.
171 | // FileInformation - Pointer to a buffer that contains the information to set for the file.
172 | // Length - Size, in bytes, of the buffer pointed to by FileInformation. The caller
173 | // should set this parameter according to the given FileInformationClass.
174 | // FileInformationClass - Type of information to be returned about files in the directory.
175 | // ReplaceIfExists - Set to TRUE to specify that if a file with the same name already exists,
176 | // it should be replaced with the given file. Set to FALSE if the rename
177 | // operation should fail if a file with the given name already exists.
178 | //
179 | // Ouputs:
180 | // IoStatusBlock - Pointer to an IO_STATUS_BLOCK structure that receives the final
181 | // completion status and information about the requested read operation.
182 | //
183 | // Returns:
184 | // The IRP send status.
185 | //
186 | // Notes:
187 | // This is equivalent to NtSetInformationFile.
188 | //
189 | NTSTATUS
190 | IrpSetInformationFile(
191 | IN PFILE_OBJECT FileObject,
192 | OUT PIO_STATUS_BLOCK IoStatusBlock,
193 | IN PVOID FileInformation,
194 | IN ULONG Length,
195 | IN FILE_INFORMATION_CLASS FileInformationClass,
196 | IN BOOLEAN ReplaceIfExists
197 | );
198 | //
199 | // IrpReadFile
200 | //
201 | // This routine is used as NtReadFile.
202 | //
203 | // Inputs:
204 | // FileObject - Pointer to a PFILE_OBJECT.
205 | // Buffer - Pointer to a caller-allocated buffer that receives the data read from the file.
206 | // Length - The size, in bytes, of the buffer pointed to by Buffer.
207 | // ByteOffset - Pointer to a variable that specifies the starting byte offset
208 | // in the file where the read operation will begin.
209 | //
210 | // Ouputs:
211 | // IoStatusBlock - Pointer to an IO_STATUS_BLOCK structure that receives the final
212 | // completion status and information about the requested read operation.
213 | //
214 | // Returns:
215 | // The IRP send status.
216 | //
217 | // Notes:
218 | // This is equivalent to NtReadFile, but no ApcRoutine.
219 | //
220 | NTSTATUS
221 | IrpReadFile(
222 | IN PFILE_OBJECT FileObject,
223 | IN PDEVICE_OBJECT DeviceObject,
224 | OUT PIO_STATUS_BLOCK IoStatusBlock,
225 | OUT PVOID Buffer,
226 | IN ULONG Length,
227 | IN PLARGE_INTEGER ByteOffset OPTIONAL);
228 | //
229 | // IrpReadFile
230 | //
231 | // This routine is used as NtReadFile.
232 | //
233 | // Inputs:
234 | // FileObject - Pointer to a PFILE_OBJECT.
235 | // Buffer - Pointer to a caller-allocated buffer that contains the data to write to the file.
236 | // Length - The size, in bytes, of the buffer pointed to by Buffer.
237 | // ByteOffset - Pointer to a variable that specifies the starting byte offset
238 | // in the file for beginning the write operation.
239 | //
240 | // Ouputs:
241 | // IoStatusBlock - Pointer to an IO_STATUS_BLOCK structure that receives the final
242 | // completion status and information about the requested read operation.
243 | //
244 | // Returns:
245 | // The IRP send status.
246 | //
247 | // Notes:
248 | // This is equivalent to NtReadFile, but no ApcRoutine.
249 | //
250 | NTSTATUS
251 | IrpWriteFile(
252 | IN PFILE_OBJECT FileObject,
253 | OUT PIO_STATUS_BLOCK IoStatusBlock,
254 | IN PVOID Buffer,
255 | IN ULONG Length,
256 | IN PLARGE_INTEGER ByteOffset OPTIONAL
257 | );
258 |
259 |
260 |
261 | #endif
--------------------------------------------------------------------------------
/Driver/Fixrelocation.h:
--------------------------------------------------------------------------------
1 | #include "ntifs.h"
2 | #include
3 |
4 | #define LDR_DATAFILE_TO_VIEW(x) ((PVOID)(((ULONG_PTR)(x)) & ~(ULONG_PTR)1))
5 | #define LDR_IS_DATAFILE(x) (((ULONG_PTR)(x)) & (ULONG_PTR)1)
6 |
7 | // Mark a HIGHADJ entry as needing an increment if reprocessing.
8 | //
9 | #define LDRP_RELOCATION_INCREMENT 0x1
10 |
11 | //
12 | // Mark a HIGHADJ entry as not suitable for reprocessing.
13 | //
14 | #define LDRP_RELOCATION_FINAL 0x2
15 |
16 | PIMAGE_BASE_RELOCATION LdrProcessRelocationBlockLongLong(
17 | IN ULONG_PTR VA,
18 | IN ULONG SizeOfBlock,
19 | IN PUSHORT NextOffset,
20 | IN LONGLONG Diff
21 | );
22 |
23 | #define RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK (0x00000001)
24 |
25 |
26 | PVOID A_Protect_RtlImageDirectoryEntryToData (
27 | IN PVOID Base,
28 | IN BOOLEAN MappedAsImage,
29 | IN USHORT DirectoryEntry,
30 | OUT PULONG Size
31 | );
32 |
33 | NTSTATUS
34 | NTAPI
35 | RtlImageNtHeaderEx(
36 | ULONG Flags,
37 | PVOID Base,
38 | ULONG64 Size,
39 | OUT PIMAGE_NT_HEADERS * OutHeaders
40 | );
41 |
42 |
43 | PIMAGE_NT_HEADERS
44 | NTAPI
45 | RtlImageNtHeader(
46 | PVOID Base
47 | );
48 |
49 | BOOL
50 | FixBaseRelocTable (
51 | PVOID NewImageBase,
52 | DWORD ExistImageBase
53 | );
54 |
55 |
--------------------------------------------------------------------------------
/Driver/FuncAddrValid.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/FuncAddrValid.c
--------------------------------------------------------------------------------
/Driver/FuncAddrValid.h:
--------------------------------------------------------------------------------
1 | #include "ntifs.h"
2 |
3 | typedef struct _MMPTE_SOFTWARE {
4 | ULONG Valid : 1;
5 | ULONG PageFileLow : 4;
6 | ULONG Protection : 5;
7 | ULONG Prototype : 1;
8 | ULONG Transition : 1;
9 | ULONG PageFileHigh : 20;
10 | } MMPTE_SOFTWARE;
11 |
12 | typedef struct _MMPTE_TRANSITION {
13 | ULONG Valid : 1;
14 | ULONG Write : 1;
15 | ULONG Owner : 1;
16 | ULONG WriteThrough : 1;
17 | ULONG CacheDisable : 1;
18 | ULONG Protection : 5;
19 | ULONG Prototype : 1;
20 | ULONG Transition : 1;
21 | ULONG PageFrameNumber : 20;
22 | } MMPTE_TRANSITION;
23 |
24 | typedef struct _MMPTE_PROTOTYPE {
25 | ULONG Valid : 1;
26 | ULONG ProtoAddressLow : 7;
27 | ULONG ReadOnly : 1; // if set allow read only access.
28 | ULONG WhichPool : 1;
29 | ULONG Prototype : 1;
30 | ULONG ProtoAddressHigh : 21;
31 | } MMPTE_PROTOTYPE;
32 |
33 | typedef struct _MMPTE_HARDWARE {
34 | ULONG Valid : 1;
35 | ULONG Write : 1; // UP version
36 | ULONG Owner : 1;
37 | ULONG WriteThrough : 1;
38 | ULONG CacheDisable : 1;
39 | ULONG Accessed : 1;
40 | ULONG Dirty : 1;
41 | ULONG LargePage : 1;
42 | ULONG Global : 1;
43 | ULONG CopyOnWrite : 1; // software field
44 | ULONG Prototype : 1; // software field
45 | ULONG reserved : 1; // software field
46 | ULONG PageFrameNumber : 20;
47 | } MMPTE_HARDWARE, *PMMPTE_HARDWARE;
48 |
49 | typedef struct _MMPTE {
50 | union {
51 | ULONG Long;
52 | MMPTE_HARDWARE Hard;
53 | MMPTE_PROTOTYPE Proto;
54 | MMPTE_SOFTWARE Soft;
55 | MMPTE_TRANSITION Trans;
56 | } u;
57 | } MMPTE, *PMMPTE;
58 |
59 | typedef struct _MMPTE_SOFTWARE_PAE {
60 | ULONGLONG Valid : 1;
61 | ULONGLONG PageFileLow : 4;
62 | ULONGLONG Protection : 5;
63 | ULONGLONG Prototype : 1;
64 | ULONGLONG Transition : 1;
65 | ULONGLONG Unused : 20;
66 | ULONGLONG PageFileHigh : 32;
67 | } MMPTE_SOFTWARE_PAE;
68 |
69 | typedef struct _MMPTE_TRANSITION_PAE {
70 | ULONGLONG Valid : 1;
71 | ULONGLONG Write : 1;
72 | ULONGLONG Owner : 1;
73 | ULONGLONG WriteThrough : 1;
74 | ULONGLONG CacheDisable : 1;
75 | ULONGLONG Protection : 5;
76 | ULONGLONG Prototype : 1;
77 | ULONGLONG Transition : 1;
78 | ULONGLONG PageFrameNumber : 24;
79 | ULONGLONG Unused : 28;
80 | } MMPTE_TRANSITION_PAE;
81 |
82 | typedef struct _MMPTE_PROTOTYPE_PAE {
83 | ULONGLONG Valid : 1;
84 | ULONGLONG Unused0: 7;
85 | ULONGLONG ReadOnly : 1; // if set allow read only access. LWFIX: remove
86 | ULONGLONG Unused1: 1;
87 | ULONGLONG Prototype : 1;
88 | ULONGLONG Protection : 5;
89 | ULONGLONG Unused: 16;
90 | ULONGLONG ProtoAddress: 32;
91 | } MMPTE_PROTOTYPE_PAE;
92 |
93 | typedef struct _MMPTE_HARDWARE_PAE {
94 | ULONGLONG Valid : 1;
95 | ULONGLONG Write : 1; // UP version
96 | ULONGLONG Owner : 1;
97 | ULONGLONG WriteThrough : 1;
98 | ULONGLONG CacheDisable : 1;
99 | ULONGLONG Accessed : 1;
100 | ULONGLONG Dirty : 1;
101 | ULONGLONG LargePage : 1;
102 | ULONGLONG Global : 1;
103 | ULONGLONG CopyOnWrite : 1; // software field
104 | ULONGLONG Prototype : 1; // software field
105 | ULONGLONG reserved0 : 1; // software field
106 | ULONGLONG PageFrameNumber : 24;
107 | ULONGLONG reserved1 : 28; // software field
108 | } MMPTE_HARDWARE_PAE, *PMMPTE_HARDWARE_PAE;
109 |
110 | typedef struct _MMPTE_PAE {
111 | union {
112 | LARGE_INTEGER Long;
113 | MMPTE_HARDWARE_PAE Hard;
114 | MMPTE_PROTOTYPE_PAE Proto;
115 | MMPTE_SOFTWARE_PAE Soft;
116 | MMPTE_TRANSITION_PAE Trans;
117 | } u;
118 | } MMPTE_PAE;
119 |
120 | typedef MMPTE_PAE *PMMPTE_PAE;
121 |
122 | #define PTE_BASE 0xC0000000
123 | #define PDE_BASE 0xC0300000
124 | #define PDE_BASE_PAE 0xc0600000
125 |
126 | #define MiGetPdeAddress(va) ((MMPTE*)(((((ULONG)(va)) >> 22) << 2) + PDE_BASE))
127 | #define MiGetPteAddress(va) ((MMPTE*)(((((ULONG)(va)) >> 12) << 2) + PTE_BASE))
128 |
129 | #define MiGetPdeAddressPae(va) ((PMMPTE_PAE)(PDE_BASE_PAE + ((((ULONG)(va)) >> 21) << 3)))
130 | #define MiGetPteAddressPae(va) ((PMMPTE_PAE)(PTE_BASE + ((((ULONG)(va)) >> 12) << 3)))
131 |
132 | #define MM_ZERO_PTE 0
133 | #define MM_ZERO_KERNEL_PTE 0
134 |
135 |
136 | #define MM_ZERO_ACCESS 0 // this value is not used.
137 | #define MM_READONLY 1
138 | #define MM_EXECUTE 2
139 | #define MM_EXECUTE_READ 3
140 | #define MM_READWRITE 4 // bit 2 is set if this is writable.
141 | #define MM_WRITECOPY 5
142 | #define MM_EXECUTE_READWRITE 6
143 | #define MM_EXECUTE_WRITECOPY 7
144 | #define MM_NOCACHE 8
145 |
146 | #define PAE_ON (1<<5)
147 |
148 | typedef enum VALIDITY_CHECK_STATUS{
149 | VCS_INVALID,
150 | VCS_VALID,
151 | VCS_TRANSITION,
152 | VCS_PAGEDOUT,
153 | VCS_DEMANDZERO,
154 | VCS_PROTOTYPE
155 | }VALIDITY_CHECK_STATUS;
156 |
157 | PCHAR MiProtectionToString[] = {
158 | "MM_ZERO_ACCESS", // 0 // this value is not used.
159 | "MM_READONLY", // 1
160 | "MM_EXECUTE", // 2
161 | "MM_EXECUTE_READ", // 3
162 | "MM_READWRITE", // 4 // bit 2 is set if this is writable.
163 | "MM_WRITECOPY", // 5
164 | "MM_EXECUTE_READWRITE", // 6
165 | "MM_EXECUTE_WRITECOPY", // 7
166 | "MM_NOCACHE" // 8
167 | };
--------------------------------------------------------------------------------
/Driver/Function.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/Function.c
--------------------------------------------------------------------------------
/Driver/Function.h:
--------------------------------------------------------------------------------
1 | #ifndef _FUNCTION_H_
2 | #define _FUNCTION_H_
3 |
4 | #include "ntifs.h"
5 | #include "ntos.h"
6 |
7 | extern PSERVICE_DESCRIPTOR_TABLE OriginalServiceDescriptorTable;
8 |
9 | #define SystemModuleInformation 11
10 |
11 | #define SEC_IMAGE 0x1000000
12 | #define MEM_IMAGE SEC_IMAGE
13 |
14 | extern BOOL DebugOn;
15 |
16 | typedef enum _MEMORY_INFORMATION_CLASS
17 | {
18 | MemoryBasicInformation,
19 | MemoryWorkingSetList,
20 | MemorySectionName
21 | }MEMORY_INFORMATION_CLASS;
22 |
23 | typedef struct _MEMORY_BASIC_INFORMATION {
24 | PVOID BaseAddress;
25 | PVOID AllocationBase;
26 | DWORD AllocationProtect;
27 | DWORD RegionSize;
28 | DWORD State;
29 | DWORD Protect;
30 | DWORD Type;
31 | } MEMORY_BASIC_INFORMATION,*PMEMORY_BASIC_INFORMATION;
32 |
33 | extern POBJECT_TYPE *PsProcessType;
34 |
35 |
36 | NTSTATUS ZwOpenProcess(
37 | __out PHANDLE ProcessHandle,
38 | __in ACCESS_MASK DesiredAccess,
39 | __in POBJECT_ATTRIBUTES ObjectAttributes,
40 | __in_opt PCLIENT_ID ClientId
41 | );
42 |
43 | NTSTATUS KillProcess(
44 | ULONG ulEprocess
45 | );
46 |
47 | NTSTATUS SafeCopyMemory(
48 | PVOID SrcAddr,
49 | PVOID DstAddr,
50 | ULONG Size
51 | );
52 |
53 | BOOLEAN ValidateUnicodeString(
54 | PUNICODE_STRING usStr
55 | );
56 |
57 | //ULONG KeGetPreviousMode();
58 | BOOL MmIsAddressRangeValid(
59 | IN PVOID Address,
60 | IN ULONG Size
61 | );
62 |
63 | BOOL ZeroProcessMemory(ULONG eprocess);
64 |
65 | #endif
--------------------------------------------------------------------------------
/Driver/InitWindowsVersion.c:
--------------------------------------------------------------------------------
1 | #include "InitWindowsVersion.h"
2 |
3 | WIN_VER_DETAIL GetWindowsVersion()
4 | {
5 | RTL_OSVERSIONINFOEXW osverinfo;
6 |
7 | if (WinVersion)
8 | return WinVersion;
9 |
10 |
11 | memset(&osverinfo,0,sizeof(RTL_OSVERSIONINFOEXW));
12 | osverinfo.dwOSVersionInfoSize = sizeof(RTL_OSVERSIONINFOEXW);
13 | if (RtlGetVersion((RTL_OSVERSIONINFOW*)&osverinfo) != STATUS_SUCCESS){
14 | return WINDOWS_VERSION_NONE;
15 | }
16 |
17 | // KdPrint(("[xxxxxxxx] OSVersion NT %d.%d:%d sp%d.%d\n",
18 | // osverinfo.dwMajorVersion, osverinfo.dwMinorVersion, osverinfo.dwBuildNumber,
19 | // osverinfo.wServicePackMajor, osverinfo.wServicePackMinor));
20 |
21 | if (osverinfo.dwMajorVersion == 5 && osverinfo.dwMinorVersion == 0){
22 | WinVersion = WINDOWS_VERSION_2K;
23 | }
24 | else if (osverinfo.dwMajorVersion == 5 && osverinfo.dwMinorVersion == 1){
25 | WinVersion = WINDOWS_VERSION_XP;
26 | }
27 | else if (osverinfo.dwMajorVersion == 5 && osverinfo.dwMinorVersion == 2){
28 | if (osverinfo.wServicePackMajor==0){
29 | WinVersion = WINDOWS_VERSION_2K3;
30 | }
31 | else{
32 | WinVersion = WINDOWS_VERSION_2K3_SP1_SP2;
33 | }
34 | }
35 | else if (osverinfo.dwMajorVersion == 6 && osverinfo.dwMinorVersion == 0){
36 | WinVersion = WINDOWS_VERSION_2K3_SP1_SP2;
37 | }
38 | else if (osverinfo.dwMajorVersion == 6 && osverinfo.dwMinorVersion == 1 && osverinfo.dwBuildNumber == 7000){
39 | WinVersion = WINDOWS_VERSION_7_7000;
40 | }
41 | else if (osverinfo.dwMajorVersion == 6 && osverinfo.dwMinorVersion == 1 && osverinfo.dwBuildNumber >= 7600){
42 | WinVersion = WINDOWS_VERSION_7_7600_UP;
43 | }
44 | return WinVersion;
45 | }
46 |
--------------------------------------------------------------------------------
/Driver/InitWindowsVersion.h:
--------------------------------------------------------------------------------
1 |
2 | #ifndef _SYSTEM_H
3 | #define _SYSTEM_H
4 |
5 | #include "ntifs.h"
6 |
7 | typedef enum WIN_VER_DETAIL {
8 | WINDOWS_VERSION_NONE, // 0
9 | WINDOWS_VERSION_2K,
10 | WINDOWS_VERSION_XP,
11 | WINDOWS_VERSION_2K3,
12 | WINDOWS_VERSION_2K3_SP1_SP2,
13 | WINDOWS_VERSION_VISTA_2008,
14 | WINDOWS_VERSION_7_7600_UP,
15 | WINDOWS_VERSION_7_7000
16 | } WIN_VER_DETAIL;
17 |
18 | WIN_VER_DETAIL WinVersion;
19 |
20 | WIN_VER_DETAIL GetWindowsVersion();
21 | #endif
--------------------------------------------------------------------------------
/Driver/InlineHook.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/InlineHook.c
--------------------------------------------------------------------------------
/Driver/InlineHook.h:
--------------------------------------------------------------------------------
1 | #include "ntifs.h"
2 |
3 | extern BOOL DebugOn;
4 |
5 | typedef struct _CODE_LINE
6 | {
7 | int CodeLength;
8 | BYTE Code[20];
9 | }CODE_LINE,*PCODE_LINE;
10 |
11 | typedef struct _CODE_INFO
12 | {
13 | int LineCount;
14 | CODE_LINE CodeLine[1];
15 |
16 | }CODE_INFO,*PCODE_INFO;
17 |
18 | BOOL HookFunctionHeader(DWORD NewFunctionAddress,WCHAR *FunctionName,BOOL bSsdt,DWORD index,PVOID HookZone,int *patchCodeLen,PVOID *lpRet);
19 |
20 | void UnHookFunctionHeader(WCHAR *FunctionName,BOOL bSsdt,DWORD index, PVOID HookZone, int patchCodeLen);
21 |
22 | BOOL HookFunctionMiddle(BYTE *StartAddress,int MaxLength,DWORD ToAddress,PCODE_INFO CodeInfo,PVOID HookZone,int *patchCodeLen,PVOID *lpRet);
23 |
24 | VOID UnHookFunctionMiddle(DWORD PatchAddress,PVOID HookZone,int PatchCodeLen);
25 |
26 | BOOL HookFunctionByHeaderAddress(DWORD NewFunctionAddress,DWORD oldFunctionAddress,PVOID HookZone,int *patchCodeLen,PVOID *lpRet);
27 |
28 | void UnHookFunctionByHeaderAddress(DWORD oldFunctionAddress,PVOID HookZone, int patchCodeLen);
29 |
30 | BOOL GetFunctionIndexByName(CHAR *lpszFunctionName,int *Index);
--------------------------------------------------------------------------------
/Driver/IoTimer.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/IoTimer.c
--------------------------------------------------------------------------------
/Driver/IoTimer.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/IoTimer.h
--------------------------------------------------------------------------------
/Driver/KernelFilterDriver.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/KernelFilterDriver.c
--------------------------------------------------------------------------------
/Driver/KernelFilterDriver.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/KernelFilterDriver.h
--------------------------------------------------------------------------------
/Driver/KernelHookCheck.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/KernelHookCheck.c
--------------------------------------------------------------------------------
/Driver/KernelHookCheck.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/KernelHookCheck.h
--------------------------------------------------------------------------------
/Driver/KernelReload.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/KernelReload.c
--------------------------------------------------------------------------------
/Driver/KernelReload.h:
--------------------------------------------------------------------------------
1 | #include "ntifs.h"
2 | #include "FileSystem.h"
3 | #include "InitWindowsVersion.h"
4 | #include "fixrelocation.h"
5 |
6 | extern POBJECT_TYPE *IoDriverObjectType;
7 |
8 | #define SystemModuleInformation 11
9 |
10 | extern BOOL DebugOn;
11 |
12 | NTSTATUS
13 | ObReferenceObjectByName (
14 | IN PUNICODE_STRING ObjectName,
15 | IN ULONG Attributes,
16 | IN PACCESS_STATE AccessState OPTIONAL,
17 | IN ACCESS_MASK DesiredAccess OPTIONAL,
18 | IN POBJECT_TYPE ObjectType,
19 | IN KPROCESSOR_MODE AccessMode,
20 | IN OUT PVOID ParseContext OPTIONAL,
21 | OUT PVOID *Object
22 | ) ;
23 |
24 |
25 | NTSTATUS ZwQuerySystemInformation(
26 | __in ULONG SystemInformationClass,
27 | __inout PVOID SystemInformation,
28 | __in ULONG SystemInformationLength,
29 | __out_opt PULONG ReturnLength
30 | );
31 |
32 | BOOL
33 | FixBaseRelocTable (
34 | PVOID NewImageBase,
35 | DWORD ExistImageBase
36 | );
37 |
38 | BOOL MmIsAddressValidEx(
39 | IN PVOID Pointer
40 | );
--------------------------------------------------------------------------------
/Driver/KernelThread.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/KernelThread.c
--------------------------------------------------------------------------------
/Driver/KernelThread.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/KernelThread.h
--------------------------------------------------------------------------------
/Driver/KillProcess.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/KillProcess.c
--------------------------------------------------------------------------------
/Driver/KillProcess.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/KillProcess.h
--------------------------------------------------------------------------------
/Driver/LookupKernelData.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/LookupKernelData.c
--------------------------------------------------------------------------------
/Driver/LookupKernelData.h:
--------------------------------------------------------------------------------
1 | #ifndef _LOOKUPKERNELDATA_H_
2 | #define _LOOKUPKERNELDATA_H_
3 |
4 | #include "ntifs.h"
5 | #include
6 | #include
7 | #include "ntos.h"
8 |
9 | typedef struct _KERNEL_DATA {
10 |
11 | ULONG ulAddress;
12 |
13 | ULONG ulStack1;
14 | ULONG ulStack2;
15 | ULONG ulStack3;
16 | ULONG ulStack4;
17 |
18 | } KERNEL_DATA, *PKERNEL_DATA;
19 |
20 | typedef struct _LOOKUP_KERNEL_DATA { //KernelData
21 | ULONG ulCount;
22 | KERNEL_DATA KernelData[1];
23 | } LOOKUP_KERNEL_DATA, *PLOOKUP_KERNEL_DATA;
24 |
25 | PLOOKUP_KERNEL_DATA LookupKernelData;
26 |
27 | #endif
--------------------------------------------------------------------------------
/Driver/Mouclass.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/Mouclass.c
--------------------------------------------------------------------------------
/Driver/Mouclass.h:
--------------------------------------------------------------------------------
1 | #ifndef _MOUCLASS_H_
2 | #define _MOUCLASS_H_
3 |
4 | #include "ntifs.h"
5 | #include
6 | #include "InitWindowsVersion.h"
7 | #include "ntos.h"
8 |
9 | BOOL PeLoad(
10 | WCHAR *FileFullPath,
11 | BYTE **ImageModeleBase,
12 | PDRIVER_OBJECT DeviceObject,
13 | DWORD ExistImageBase
14 | );
15 |
16 | NTSTATUS GetDriverObject(
17 | WCHAR *lpwzDevice,
18 | PDRIVER_OBJECT *PDriverObject
19 | );
20 |
21 | //IRP_MJ_MAXIMUM_FUNCTION
22 |
23 | typedef struct _MOUCLASSDISPATCH {
24 | ULONG ulNumber;
25 | ULONG ulMouclassDispatch;
26 | ULONG ulCurrentMouclassDispatch;
27 | CHAR lpszBaseModule[256];
28 | ULONG ulModuleSize;
29 | ULONG ulModuleBase;
30 | WCHAR lpwzMouclassDispatchName[256];
31 | int Hooked;
32 | } MOUCLASSDISPATCH, *PMOUCLASSDISPATCH;
33 |
34 | typedef struct _MOUCLASSDISPATCHBAKUP {
35 | ULONG ulCount;
36 | MOUCLASSDISPATCH MouclassDispatch[1];
37 | } MOUCLASSDISPATCHBAKUP, *PMOUCLASSDISPATCHBAKUP;
38 |
39 | PMOUCLASSDISPATCHBAKUP MouclassDispatchBakUp;
40 |
41 | ULONG ulMouclassModuleBase;
42 | ULONG ulMouclassModuleSize;
43 |
44 | ULONG ulReLoadMouclassModuleBase;
45 |
46 | extern BOOL DebugOn;
47 |
48 | PDRIVER_OBJECT PMouclassDriverObjectBakup;
49 |
50 | ULONG ulReal_MOUCLASS_IRP_MJ_CREATE;
51 | ULONG ulReal_MOUCLASS_IRP_MJ_CLOSE;
52 | ULONG ulReal_MOUCLASS_IRP_MJ_READ;
53 | ULONG ulReal_MOUCLASS_IRP_MJ_FLUSH_BUFFERS;
54 | ULONG ulReal_MOUCLASS_IRP_MJ_DEVICE_CONTROL;
55 | ULONG ulReal_MOUCLASS_IRP_MJ_INTERNAL_DEVICE_CONTROL;
56 | ULONG ulReal_MOUCLASS_IRP_MJ_CLEANUP;
57 | ULONG ulReal_MOUCLASS_IRP_MJ_POWER;
58 | ULONG ulReal_MOUCLASS_IRP_MJ_SYSTEM_CONTROL;
59 | ULONG ulReal_MOUCLASS_IRP_MJ_PNP_POWER;
60 |
61 | BOOL PeLoad(
62 | WCHAR *FileFullPath,
63 | BYTE **ImageModeleBase,
64 | PDRIVER_OBJECT DeviceObject,
65 | DWORD ExistImageBase
66 | );
67 |
68 | NTSTATUS GetDriverObject(
69 | WCHAR *lpwzDevice,
70 | PDRIVER_OBJECT *PDriverObject
71 | );
72 |
73 | BOOL IsAddressInSystem(
74 | ULONG ulDriverBase,
75 | ULONG *ulSysModuleBase,
76 | ULONG *ulSize,
77 | char *lpszSysModuleImage
78 | );
79 |
80 | unsigned long __fastcall GetFunctionCodeSize(
81 | void *Proc
82 | );
83 |
84 | PIMAGE_NT_HEADERS RtlImageNtHeader(PVOID ImageBase);
85 |
86 | HANDLE MapFileAsSection(PUNICODE_STRING FileName,PVOID *ModuleBase);
87 |
88 | BOOL GetDriverEntryPoint(PVOID ImageBase,DWORD *pOutDriverEntry);
89 |
90 | #endif
--------------------------------------------------------------------------------
/Driver/NetworkDefense.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/NetworkDefense.c
--------------------------------------------------------------------------------
/Driver/NetworkDefense.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/NetworkDefense.h
--------------------------------------------------------------------------------
/Driver/Ntfs.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/Ntfs.c
--------------------------------------------------------------------------------
/Driver/Ntfs.h:
--------------------------------------------------------------------------------
1 | #ifndef _NTFS_H_
2 | #define _NTFS_H_
3 |
4 | #include "ntifs.h"
5 | #include
6 | #include "ntos.h"
7 | #include "InitWindowsVersion.h"
8 | //IRP_MJ_MAXIMUM_FUNCTION
9 |
10 | typedef struct _NTFSDISPATCH {
11 | ULONG ulNumber;
12 | ULONG ulNtfsDispatch;
13 | ULONG ulCurrentNtfsDispatch;
14 | CHAR lpszBaseModule[256];
15 | ULONG ulModuleSize;
16 | ULONG ulModuleBase;
17 | WCHAR lpwzNtfsDispatchName[256];
18 | int Hooked; //0 no hook 1 fsd hook 2 fsd inline hook
19 | } NTFSDISPATCH, *PNTFSDISPATCH;
20 |
21 | typedef struct NTFSDISPATCHBAKU {
22 | ULONG ulCount;
23 | NTFSDISPATCH NtfsDispatch[1];
24 | } NTFSDISPATCHBAKU, *PNTFSDISPATCHBAKUP;
25 |
26 | PNTFSDISPATCHBAKUP NtfsDispatchBakUp;
27 |
28 | PDRIVER_OBJECT PNtfsDriverObjectBakup;
29 |
30 | ULONG ulReLoadNtfsModuleBase;
31 |
32 | ULONG ulNtfsModuleBase;
33 | ULONG ulNtfsModuleSize;
34 |
35 | ULONG ulReal_IRP_MJ_CREATE;
36 | ULONG ulReal_IRP_MJ_CLOSE;
37 | ULONG ulReal_IRP_MJ_READ;
38 | ULONG ulReal_IRP_MJ_WRITE;
39 | ULONG ulReal_IRP_MJ_QUERY_INFORMATION;
40 | ULONG ulReal_IRP_MJ_SET_INFORMATION;
41 | ULONG ulReal_IRP_MJ_QUERY_EA;
42 | ULONG ulReal_IRP_MJ_SET_EA;
43 | ULONG ulReal_IRP_MJ_FLUSH_BUFFERS;
44 | ULONG ulReal_IRP_MJ_QUERY_VOLUME_INFORMATION;
45 | ULONG ulReal_IRP_MJ_SET_VOLUME_INFORMATION;
46 | ULONG ulReal_IRP_MJ_DIRECTORY_CONTROL;
47 | ULONG ulReal_IRP_MJ_FILE_SYSTEM_CONTROL;
48 | ULONG ulReal_IRP_MJ_DEVICE_CONTROL;
49 | ULONG ulReal_IRP_MJ_SHUTDOWN;
50 | ULONG ulReal_IRP_MJ_LOCK_CONTROL;
51 | ULONG ulReal_IRP_MJ_CLEANUP;
52 | ULONG ulReal_IRP_MJ_QUERY_SECURITY;
53 | ULONG ulReal_IRP_MJ_SET_SECURITY;
54 | ULONG ulReal_IRP_MJ_QUERY_QUOTA;
55 | ULONG ulReal_IRP_MJ_SET_QUOTA;
56 | ULONG ulReal_IRP_MJ_PNP_POWER;
57 |
58 |
59 | extern BOOL DebugOn;
60 |
61 | BOOL PeLoad(
62 | WCHAR *FileFullPath,
63 | BYTE **ImageModeleBase,
64 | PDRIVER_OBJECT DeviceObject,
65 | DWORD ExistImageBase
66 | );
67 |
68 | NTSTATUS GetDriverObject(
69 | WCHAR *lpwzDevice,
70 | PDRIVER_OBJECT *PDriverObject
71 | );
72 |
73 | BOOL IsAddressInSystem(
74 | ULONG ulDriverBase,
75 | ULONG *ulSysModuleBase,
76 | ULONG *ulSize,
77 | char *lpszSysModuleImage
78 | );
79 |
80 | unsigned long __fastcall GetFunctionCodeSize(
81 | void *Proc
82 | );
83 |
84 | PIMAGE_NT_HEADERS RtlImageNtHeader(PVOID ImageBase);
85 |
86 | HANDLE MapFileAsSection(PUNICODE_STRING FileName,PVOID *ModuleBase);
87 |
88 | BOOL GetDriverEntryPoint(PVOID ImageBase,DWORD *pOutDriverEntry);
89 |
90 | #endif
--------------------------------------------------------------------------------
/Driver/ObjectHookCheck.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/ObjectHookCheck.c
--------------------------------------------------------------------------------
/Driver/ObjectHookCheck.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/ObjectHookCheck.h
--------------------------------------------------------------------------------
/Driver/Port.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/Port.c
--------------------------------------------------------------------------------
/Driver/Port.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/Port.h
--------------------------------------------------------------------------------
/Driver/Process.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/Process.c
--------------------------------------------------------------------------------
/Driver/Process.h:
--------------------------------------------------------------------------------
1 | #ifndef _PROCESS_H_
2 | #define _PROCESS_H_
3 |
4 | #include "ntifs.h"
5 | #include "ntos.h"
6 |
7 | #define SystemProcessesAndThreadsInformation 5
8 |
9 | typedef struct _SYSTEM_THREADS {
10 | LARGE_INTEGER KernelTime;
11 | LARGE_INTEGER UserTime;
12 | LARGE_INTEGER CreateTime;
13 | ULONG WaitTime;
14 | PVOID StartAddress;
15 | CLIENT_ID ClientIs;
16 | KPRIORITY Priority;
17 | KPRIORITY BasePriority;
18 | ULONG ContextSwitchCount;
19 | ULONG ThreadState;
20 | KWAIT_REASON WaitReason;
21 | }SYSTEM_THREADS;
22 |
23 | typedef struct _SYSTEM_PROCESSES {
24 | ULONG NextEntryDelta;
25 | ULONG ThreadCount;
26 | ULONG Reserved[6];
27 | LARGE_INTEGER CreateTime;
28 | LARGE_INTEGER UserTime;
29 | LARGE_INTEGER KernelTime;
30 | UNICODE_STRING ProcessName;
31 | KPRIORITY BasePriority;
32 | ULONG ProcessId;
33 | ULONG InheritedFromProcessId;
34 | ULONG HandleCount;
35 | ULONG Reserved2[2];
36 | VM_COUNTERS VmCounters;
37 | IO_COUNTERS IoCounters; //windows 2000 only
38 | struct _SYSTEM_THREADS Threads[1];
39 | }SYSTEM_PROCESSES;
40 |
41 | //--------------------------------------------------------------------------
42 | //
43 | // NTSTATUS ZwQuerySystemInformation(
44 | // __in ULONG SystemInformationClass,
45 | // __inout PVOID SystemInformation,
46 | // __in ULONG SystemInformationLength,
47 | // __out_opt PULONG ReturnLength
48 | // );
49 |
50 | extern BOOL DebugOn;
51 | extern PEPROCESS ProtectEProcess;
52 | extern PEPROCESS SystemEProcess;
53 |
54 | extern BOOL bPaused;
55 |
56 | typedef NTSTATUS (__stdcall *NTSUSPENDPROCESS)(
57 | IN HANDLE hProcess
58 | );
59 |
60 | typedef NTSTATUS (__stdcall *NTRESUMEPROCESS)(
61 | IN HANDLE hProcess
62 | );
63 |
64 | ///////////////////////////////////////////////////////////////////////////////////////
65 | NTKERNELAPI VOID KeSetSystemAffinityThread (KAFFINITY Affinity );
66 | NTKERNELAPI VOID KeRevertToUserAffinityThread (VOID);
67 |
68 | BOOL GetProcessFullImagePath(
69 | IN PEPROCESS Eprocess,
70 | OUT WCHAR *FullProcessImagePath
71 | );
72 |
73 | NTSTATUS LookupProcessByPid(
74 | IN HANDLE hProcessPid,
75 | OUT PEPROCESS *pEprocess
76 | );
77 |
78 | NTSTATUS SafeCopyMemory(PVOID SrcAddr, PVOID DstAddr, ULONG Size);
79 |
80 | BOOL IsExitProcess(PEPROCESS Eprocess);
81 | BOOL KernelStatus(HANDLE hPid);
82 | ULONG GetInheritedProcessPid(PEPROCESS Eprocess);
83 | NTSTATUS SafeQueryFileDosDeviceName(__in WCHAR *wzNtImageName,__out WCHAR *wzDosFullPath);
84 |
85 | #endif
--------------------------------------------------------------------------------
/Driver/ProcessModule.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/ProcessModule.c
--------------------------------------------------------------------------------
/Driver/ProcessModule.h:
--------------------------------------------------------------------------------
1 | #ifndef _PROCESS_FULL_PATH_H
2 | #define _PROCESS_FULL_PATH_H
3 |
4 | #include "ntifs.h"
5 | #include "InitWindowsVersion.h"
6 | #include "Function.h"
7 | #include "ntos.h"
8 |
9 | #define SEC_IMAGE 0x1000000
10 |
11 |
12 | extern BOOL DebugOn;
13 |
14 | typedef struct _PEB_LDR_DATA
15 | {
16 | ULONG Length;
17 | BOOLEAN Initialized;
18 | PVOID SsHandle;
19 | LIST_ENTRY InLoadOrderModuleList;
20 | LIST_ENTRY InMemoryOrderModuleList;
21 | LIST_ENTRY InInitializationOrderModuleList;
22 | } PEB_LDR_DATA, *PPEB_LDR_DATA;
23 | //
24 | // typedef struct _EX_FAST_REF {
25 | // union {
26 | // PVOID Object;
27 | // ULONG RefCnt : 3;
28 | // ULONG Value;
29 | // };
30 | // } EX_FAST_REF, *PEX_FAST_REF;
31 |
32 |
33 | typedef struct _CONTROL_AREA {
34 | //CONTROL_AREA Strutct for winxp
35 | PVOID Segment; //PSEGMENT
36 | LIST_ENTRY DereferenceList;
37 | ULONG NumberOfSectionReferences; // All section refs & image flushes
38 | ULONG NumberOfPfnReferences; // valid + transition prototype PTEs
39 | ULONG NumberOfMappedViews; // total # mapped views, including
40 | // system cache & system space views
41 | USHORT NumberOfSubsections; // system cache views only
42 | USHORT FlushInProgressCount;
43 | ULONG NumberOfUserReferences; // user section & view references
44 | ULONG LongFlags;
45 | PFILE_OBJECT FilePointer;
46 | PVOID WaitingForDeletion; //PEVENT_COUNTER
47 | USHORT ModifiedWriteCount;
48 | USHORT NumberOfSystemCacheViews;
49 | } CONTROL_AREA, *PCONTROL_AREA;
50 |
51 |
52 | typedef struct _MMVAD {
53 | //MMVAD Struct for winxp
54 | ULONG_PTR StartingVpn;
55 | ULONG_PTR EndingVpn;
56 | struct _MMVAD *Parent;
57 | struct _MMVAD *LeftChild;
58 | struct _MMVAD *RightChild;
59 | ULONG_PTR LongFlags;
60 | PCONTROL_AREA ControlArea;
61 | PVOID FirstPrototypePte; //PMMPTE
62 | PVOID LastContiguousPte;//PMMPTE
63 | ULONG LongFlags2;
64 | } MMVAD, *PMMVAD;
65 |
66 | //---------------------------------------------------------------------------------------
67 | //dll
68 | //---------------------------------------------------------------------------------------
69 | typedef struct _DLL_INFORMATION { //DLL_INFORMATION
70 | ULONG ulBase;
71 | WCHAR lpwzDllModule[256]; //
72 | } DLL_INFORMATION, *PDLL_INFORMATION;
73 |
74 | typedef struct _DLLINFO { //DLL
75 | ULONG ulCount;
76 | DLL_INFORMATION DllInfo[1];
77 | } DLLINFO, *PDLLINFO;
78 |
79 | //---------------------------------------------------------------------------------------
80 | PDLLINFO PDll;
81 | int ModuleCount;
82 |
83 | VOID EunmProcessModule(
84 | ULONG Eprocess,
85 | PDLLINFO PDll
86 | );
87 |
88 | DWORD CsGetFileSize(HANDLE FileHandle,PDWORD HightLength);
89 |
90 | PVOID GetZwQueryVirtualMemoryAddress();
91 |
92 | #endif
--------------------------------------------------------------------------------
/Driver/Protect.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/Protect.c
--------------------------------------------------------------------------------
/Driver/Protect.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/Protect.h
--------------------------------------------------------------------------------
/Driver/ReLoadSSDTTableHook.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/ReLoadSSDTTableHook.c
--------------------------------------------------------------------------------
/Driver/ReLoadSSDTTableHook.h:
--------------------------------------------------------------------------------
1 | #ifndef _RELOAD_SSDT_HOOK_H_
2 | #define _RELOAD_SSDT_HOOK_H_
3 |
4 | #include "ntifs.h"
5 |
6 | BOOL SystemCallEntryTableHook(char *FunctionName,int *Index,DWORD NewFuctionAddress);
7 | BOOL SystemCallEntryTableUnHook(int Index);
8 |
9 | BOOL GetFunctionIndexByName(CHAR *lpszFunctionName,int *Index);
10 |
11 | BOOL MmIsAddressValidEx(
12 | IN PVOID Pointer
13 | );
14 |
15 | #endif
--------------------------------------------------------------------------------
/Driver/ReLoadShadowSSDTTableHook.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/ReLoadShadowSSDTTableHook.c
--------------------------------------------------------------------------------
/Driver/ReLoadShadowSSDTTableHook.h:
--------------------------------------------------------------------------------
1 | #ifndef __RELOAD_SHADOWSSDT_HOOK_H_
2 | #define __RELOAD_SHADOWSSDT_HOOK_H_
3 |
4 | #include "ntifs.h"
5 | #include "InitWindowsVersion.h"
6 |
7 | extern CHAR XPProcName[][40];
8 | extern CHAR Win2003ProcName[][50];
9 | extern CHAR Win7ProcName[][50];
10 |
11 | BOOL MmIsAddressValidEx(
12 | IN PVOID Pointer
13 | );
14 |
15 | #endif
--------------------------------------------------------------------------------
/Driver/Release/SafeSystem.lastbuildstate:
--------------------------------------------------------------------------------
1 | #v4.0:v100
2 | Release|Win32|D:\TempCode\A-Protect\|
3 |
--------------------------------------------------------------------------------
/Driver/SSDT.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/SSDT.c
--------------------------------------------------------------------------------
/Driver/SSDT.h:
--------------------------------------------------------------------------------
1 | #ifndef _SSDT_H_
2 | #define _SSDT_H_
3 |
4 | #include "ntifs.h"
5 | #include
6 | #include "ntos.h"
7 | #include "ldasm.h"
8 | #include "libdasm.h"
9 |
10 | extern BYTE *ImageModuleBase;
11 | extern ULONG SystemKernelModuleBase;
12 | extern ULONG SystemKernelModuleSize;
13 | extern DWORD OriginalKiServiceTable;
14 |
15 |
16 | extern BOOL DebugOn;
17 | extern BOOL bKrnlPDBSuccess;
18 | //---------------------------------------------------------------------------------------
19 | //SSDT
20 | //---------------------------------------------------------------------------------------
21 | typedef struct _SSDT_INFORMATION { //SSDT_INFORMATION
22 | ULONG ulNumber;
23 | ULONG ulMemoryFunctionBase;
24 | ULONG ulRealFunctionBase;
25 | CHAR lpszFunction[256];
26 | CHAR lpszHookModuleImage[256];
27 | ULONG ulHookModuleBase;
28 | ULONG ulHookModuleSize;
29 | int IntHookType; //
30 | } SSDT_INFORMATION, *PSSDT_INFORMATION;
31 |
32 | typedef struct _SSDTINFO { //SSDT
33 | ULONG ulCount;
34 | SSDT_INFORMATION SSDT[1];
35 | } SSDTINFO, *PSSDTINFO;
36 |
37 | //---------------------------------------------------------------------------------------
38 |
39 | extern BOOL bSSDTAll;
40 | //int SSDTIndex;
41 |
42 | ULONG GetSystemRoutineAddress(
43 | int IntType,
44 | PVOID lpwzFunction
45 | );
46 |
47 | unsigned long __fastcall GetFunctionCodeSize(
48 | void *Proc
49 | );
50 |
51 | BOOL IsAddressInSystem(
52 | ULONG ulDriverBase,
53 | ULONG *ulSysModuleBase,
54 | ULONG *ulSize,
55 | char *lpszSysModuleImage
56 | );
57 |
58 | BOOL GetFunctionNameByIndex(
59 | ULONG ulNtDllModuleBase,
60 | int *Index,
61 | CHAR *lpszFunctionName
62 | );
63 |
64 | HANDLE MapFileAsSection(
65 | PUNICODE_STRING FileName,
66 | PVOID *ModuleBase
67 | );
68 |
69 | #endif
--------------------------------------------------------------------------------
/Driver/SafeSystem.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/SafeSystem.c
--------------------------------------------------------------------------------
/Driver/SafeSystem.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/SafeSystem.h
--------------------------------------------------------------------------------
/Driver/SafeSystem.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 11.00
3 | # Visual Studio 2010
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SafeSystem", "SafeSystem.vcxproj", "{E0507432-39E2-3BD9-F263-87B69AB2BD2D}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {E0507432-39E2-3BD9-F263-87B69AB2BD2D}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {E0507432-39E2-3BD9-F263-87B69AB2BD2D}.Debug|Win32.Build.0 = Debug|Win32
14 | {E0507432-39E2-3BD9-F263-87B69AB2BD2D}.Release|Win32.ActiveCfg = Release|Win32
15 | {E0507432-39E2-3BD9-F263-87B69AB2BD2D}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/Driver/SafeSystem.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 | Win32Proj
15 |
16 |
17 |
18 | Application
19 | true
20 |
21 |
22 | Application
23 | false
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 | true
37 |
38 |
39 | true
40 |
41 |
42 |
43 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
44 | MultiThreadedDebugDLL
45 | Level3
46 | ProgramDatabase
47 | Disabled
48 |
49 |
50 | MachineX86
51 | true
52 | Windows
53 |
54 |
55 |
56 |
57 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
58 | MultiThreadedDLL
59 | Level3
60 | ProgramDatabase
61 |
62 |
63 | MachineX86
64 | true
65 | Windows
66 | true
67 | true
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
123 |
124 |
125 |
126 |
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 |
161 |
162 |
163 |
164 |
165 |
166 |
167 |
168 |
169 |
170 |
171 |
172 |
173 |
174 |
175 |
176 |
--------------------------------------------------------------------------------
/Driver/SafeSystem.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/Driver/SelectModuleHook.c:
--------------------------------------------------------------------------------
1 | #include "SelectModuleHook.h"
2 |
3 |
--------------------------------------------------------------------------------
/Driver/Services.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/Services.c
--------------------------------------------------------------------------------
/Driver/Services.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/Services.h
--------------------------------------------------------------------------------
/Driver/ShadowSSDT.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/ShadowSSDT.c
--------------------------------------------------------------------------------
/Driver/ShadowSSDT.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/ShadowSSDT.h
--------------------------------------------------------------------------------
/Driver/Startup.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/Startup.c
--------------------------------------------------------------------------------
/Driver/Startup.h:
--------------------------------------------------------------------------------
1 | #ifndef _STARTUP_H_
2 | #define _STARTUP_H_
3 |
4 | #include "ntifs.h"
5 | #include
6 | #include
7 | #include "ntos.h"
8 |
9 | typedef struct _STARTUP_INFORMATION {
10 |
11 | WCHAR lpwzName[256];
12 | WCHAR lpwzKeyPath[256];
13 | WCHAR lpwzKeyValue[256];
14 |
15 | } STARTUP_INFORMATION, *PSTARTUP_INFORMATION;
16 |
17 | typedef struct _STARTUP_INFO { //InlineHook
18 | ULONG ulCount;
19 | STARTUP_INFORMATION Startup[1];
20 | } STARTUP_INFO, *PSTARTUP_INFO;
21 |
22 | PSTARTUP_INFO StartupInfo;
23 |
24 | NTSTATUS SafeCopyMemory(PVOID SrcAddr, PVOID DstAddr, ULONG Size);
25 |
26 | #endif
--------------------------------------------------------------------------------
/Driver/SysModule.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/SysModule.c
--------------------------------------------------------------------------------
/Driver/SysModule.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/SysModule.h
--------------------------------------------------------------------------------
/Driver/SystemNotify.h:
--------------------------------------------------------------------------------
1 | #ifndef _SYSTEM_NOTIFY_H_
2 | #define _SYSTEM_NOTIFY_H_
3 |
4 | #include "ntifs.h"
5 | #include "InitWindowsVersion.h"
6 | #include "ntos.h"
7 | #include "ldasm.h"
8 | #include
9 |
10 | #define PNPNOTIFY_DEVICE_INTERFACE_INCLUDE_EXISTING_INTERFACES 0x00000001
11 |
12 | //---------------------------------------------------------------------------------------
13 | //system notify
14 | //---------------------------------------------------------------------------------------
15 | typedef struct _SYSTEM_NOTIFY_INFORMATION { //SYSTEM_NOTIFY_INFORMATION
16 | WCHAR lpwzType[256];
17 | ULONG ulNotifyBase;
18 | CHAR lpszModule[256];
19 | WCHAR lpwzObject[256];
20 | ULONG ulObject;
21 | } SYSTEM_NOTIFY_INFORMATION, *PSYSTEM_NOTIFY_INFORMATION;
22 |
23 | typedef struct _SYSTEM_NOTIFY { //Notify
24 | ULONG ulCount;
25 | SYSTEM_NOTIFY_INFORMATION NotifyInfo[1];
26 | } SYSTEM_NOTIFY, *PSYSTEM_NOTIFY;
27 |
28 | PSYSTEM_NOTIFY SystemNotify;
29 |
30 | //链表结构
31 | typedef struct _NOTIFICATION_PACKET {
32 | LIST_ENTRY ListEntry;
33 | PDRIVER_OBJECT DriverObject;
34 | ULONG NotificationRoutine;
35 | } NOTIFICATION_PACKET, *PNOTIFICATION_PACKET;
36 |
37 | #pragma pack(push)
38 | #pragma pack(1)
39 | // typedef struct _EX_FAST_REF
40 | // {
41 | // union
42 | // {
43 | // PVOID Object;
44 | // ULONG_PTR RefCnt:3;
45 | // ULONG_PTR Value;
46 | // };
47 | // } EX_FAST_REF, *PEX_FAST_REF;
48 |
49 | typedef struct _EX_CALLBACK_ROUTINE_BLOCK
50 | {
51 | EX_RUNDOWN_REF RundownProtect;
52 | //PEX_CALLBACK_FUNCTION Function;
53 | PVOID Function;
54 | PVOID Context;
55 | } EX_CALLBACK_ROUTINE_BLOCK, *PEX_CALLBACK_ROUTINE_BLOCK;
56 |
57 | #pragma pack(pop)
58 |
59 | typedef struct _SHUTDOWN_PACKET {
60 | LIST_ENTRY ListEntry;
61 | PDEVICE_OBJECT DeviceObject;
62 | } SHUTDOWN_PACKET, *PSHUTDOWN_PACKET;
63 |
64 | typedef enum _IO_NOTIFICATION_EVENT_CATEGORY {
65 | EventCategoryReserved,
66 | EventCategoryHardwareProfileChange,
67 | EventCategoryDeviceInterfaceChange,
68 | EventCategoryTargetDeviceChange
69 | } IO_NOTIFICATION_EVENT_CATEGORY;
70 |
71 |
72 | typedef NTSTATUS (*PDRIVER_NOTIFICATION_CALLBACK_ROUTINE) (
73 | IN PVOID NotificationStructure,
74 | IN PVOID Context
75 | );
76 |
77 | typedef struct _PNP_NOTIFY_ENTRY
78 | {
79 | LIST_ENTRY PnpNotifyList;
80 | IO_NOTIFICATION_EVENT_CATEGORY EventCategory;
81 | PVOID Context;
82 | UNICODE_STRING Guid;
83 | PFILE_OBJECT FileObject;
84 | PDRIVER_NOTIFICATION_CALLBACK_ROUTINE PnpNotificationProc;
85 | } PNP_NOTIFY_ENTRY, *PPNP_NOTIFY_ENTRY;
86 |
87 |
88 | typedef NTSTATUS (*PSE_LOGON_SESSION_TERMINATED_ROUTINE) (
89 | IN PLUID LogonId
90 | );
91 | typedef struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION {
92 | struct _SEP_LOGON_SESSION_TERMINATED_NOTIFICATION *Next;
93 | PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine;
94 | } SEP_LOGON_SESSION_TERMINATED_NOTIFICATION, *PSEP_LOGON_SESSION_TERMINATED_NOTIFICATION;
95 |
96 | NTSTATUS
97 | SeRegisterLogonSessionTerminatedRoutine(
98 | IN PSE_LOGON_SESSION_TERMINATED_ROUTINE CallbackRoutine
99 | );
100 |
101 | NTSTATUS IoUnregisterPlugPlayNotification(
102 | __in PVOID NotificationEntry
103 | );
104 |
105 | NTSTATUS IoRegisterPlugPlayNotification(
106 | __in IO_NOTIFICATION_EVENT_CATEGORY EventCategory,
107 | __in ULONG EventCategoryFlags,
108 | __in_opt PVOID EventCategoryData,
109 | __in PDRIVER_OBJECT DriverObject,
110 | __in PDRIVER_NOTIFICATION_CALLBACK_ROUTINE CallbackRoutine,
111 | __in_opt PVOID Context,
112 | __out PVOID *NotificationEntry
113 | );
114 |
115 | VOID IoUnregisterFsRegistrationChange(
116 | __in PDRIVER_OBJECT DriverObject,
117 | __in PDRIVER_FS_NOTIFICATION DriverNotificationRoutine
118 | );
119 |
120 | ULONG PsSetLegoNotifyRoutine(PVOID notifyroutine);
121 | VOID GetListHeadAddr();
122 |
123 | DEFINE_GUID(GUID_CLASS_USBKEY,0x36FC9E60, 0xC465, 0x11CF, 0x80, 0x56, 0x44, 0x45, 0x53, 0x54, 0x000, 0x00);
124 |
125 | PVOID NotificationEntry;
126 |
127 | ULONG FsNotifyNum;//文件系统回调个数
128 | ULONG ShutDownNum;//关机回调个数
129 | ULONG CreateThreadNum;//创建线程回调个数
130 | ULONG CreateProcessNum;//创建进程回调个数
131 | ULONG LoadImageNum;//加载模块回调个数
132 | ULONG LegoNum;//Lego回调个数
133 | ULONG LeaveSessionNum;//注销回调个数
134 | ULONG BugCheckNum;//BugCheck回调个数
135 | ULONG RegNum;//注册表回调个数
136 | ULONG PlugPlayNum;//PlugPlay回调个数
137 |
138 | //------------------------------------------------------------------------------------------//文件系统回调
139 | ULONG FileSystemRoutine;//回调函数地址
140 | //文件系统回调链表头
141 | //__declspec(dllimport) LIST_ENTRY IopFsNotifyChangeQueueHead; //全局变量
142 | ULONG IopFsNotifyChangeQueueHead;
143 |
144 | ULONG ulModuleBase;
145 | ULONG ulModuleSize;
146 |
147 | extern BOOL DebugOn;
148 |
149 | BOOL IsAddressInSystem(ULONG ulDriverBase,ULONG *ulSysModuleBase,ULONG *ulSize,char *lpszSysModuleImage);
150 |
151 | #endif
--------------------------------------------------------------------------------
/Driver/SystemThread.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/SystemThread.c
--------------------------------------------------------------------------------
/Driver/SystemThread.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/SystemThread.h
--------------------------------------------------------------------------------
/Driver/Tcpip.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/Tcpip.c
--------------------------------------------------------------------------------
/Driver/Tcpip.h:
--------------------------------------------------------------------------------
1 | #ifndef _TCPIP_H_
2 | #define _TCPIP_H_
3 |
4 | #include "ntifs.h"
5 | #include
6 | #include "InitWindowsVersion.h"
7 | #include "ntos.h"
8 |
9 | BOOL PeLoad(
10 | WCHAR *FileFullPath,
11 | BYTE **ImageModeleBase,
12 | PDRIVER_OBJECT DeviceObject,
13 | DWORD ExistImageBase
14 | );
15 |
16 | NTSTATUS GetDriverObject(
17 | WCHAR *lpwzDevice,
18 | PDRIVER_OBJECT *PDriverObject
19 | );
20 |
21 | BOOL GetDriverEntryPoint(PVOID ImageBase,DWORD *pOutDriverEntry);
22 | HANDLE MapFileAsSection(PUNICODE_STRING FileName,PVOID *ModuleBase);
23 |
24 |
25 | //IRP_MJ_MAXIMUM_FUNCTION
26 |
27 | typedef struct _TCPDISPATCH {
28 |
29 | ULONG ulNumber;
30 | ULONG ulTcpDispatch;
31 | ULONG ulCurrentTcpDispatch;
32 | CHAR lpszBaseModule[256];
33 | ULONG ulModuleSize;
34 | ULONG ulModuleBase;
35 | WCHAR lpwzTcpDispatchName[256];
36 | int Hooked; //0 no hook 1 fsd hook 2 fsd inline hook
37 |
38 | } TCPDISPATCH, *PTCPDISPATCH;
39 |
40 | typedef struct _TCPDISPATCHBAKUP {
41 | ULONG ulCount;
42 | TCPDISPATCH TcpDispatch[1];
43 | } TCPDISPATCHBAKUP, *PTCPDISPATCHBAKUP;
44 |
45 | PTCPDISPATCHBAKUP TcpDispatchBakUp;
46 |
47 | ULONG ulTcpipModuleBase;
48 | ULONG ulTcpipModuleSize;
49 |
50 | ULONG ulReLoadTcpipModuleBase;
51 |
52 | PDRIVER_OBJECT PTcpDriverObjectBakup;
53 |
54 | ULONG ulReal_TCP_IRP_MJ_CREATE;
55 | ULONG ulReal_TCP_IRP_MJ_CREATE_NAMED_PIPE;
56 | ULONG ulReal_TCP_IRP_MJ_CLOSE;
57 | ULONG ulReal_TCP_IRP_MJ_READ;
58 | ULONG ulReal_TCP_IRP_MJ_WRITE;
59 | ULONG ulReal_TCP_IRP_MJ_QUERY_INFORMATION;
60 | ULONG ulReal_TCP_IRP_MJ_SET_INFORMATION;
61 | ULONG ulReal_TCP_IRP_MJ_QUERY_EA;
62 | ULONG ulReal_TCP_IRP_MJ_SET_EA;
63 | ULONG ulReal_TCP_IRP_MJ_FLUSH_BUFFERS;
64 | ULONG ulReal_TCP_IRP_MJ_QUERY_VOLUME_INFORMATION;
65 | ULONG ulReal_TCP_IRP_MJ_SET_VOLUME_INFORMATION;
66 | ULONG ulReal_TCP_IRP_MJ_DIRECTORY_CONTROL;
67 | ULONG ulReal_TCP_IRP_MJ_FILE_SYSTEM_CONTROL;
68 | ULONG ulReal_TCP_IRP_MJ_DEVICE_CONTROL;
69 | ULONG ulReal_TCP_IRP_MJ_SHUTDOWN;
70 | ULONG ulReal_TCP_IRP_MJ_LOCK_CONTROL;
71 | ULONG ulReal_TCP_IRP_MJ_CLEANUP;
72 | ULONG ulReal_TCP_IRP_MJ_CREATE_MAILSLOT;
73 | ULONG ulReal_TCP_IRP_MJ_QUERY_SECURITY;
74 | ULONG ulReal_TCP_IRP_MJ_SET_SECURITY;
75 | ULONG ulReal_TCP_IRP_MJ_POWER;
76 | ULONG ulReal_TCP_IRP_MJ_SYSTEM_CONTROL;
77 | ULONG ulReal_TCP_IRP_MJ_DEVICE_CHANGE;
78 | ULONG ulReal_TCP_IRP_MJ_QUERY_QUOTA;
79 | ULONG ulReal_TCP_IRP_MJ_SET_QUOTA;
80 | ULONG ulReal_TCP_IRP_MJ_PNP_POWER;
81 |
82 | extern BOOL DebugOn;
83 |
84 | BOOL IsAddressInSystem(
85 | ULONG ulDriverBase,
86 | ULONG *ulSysModuleBase,
87 | ULONG *ulSize,
88 | char *lpszSysModuleImage
89 | );
90 |
91 | unsigned long __fastcall GetFunctionCodeSize(
92 | void *Proc
93 | );
94 |
95 | #endif
--------------------------------------------------------------------------------
/Driver/WorkQueue.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/WorkQueue.c
--------------------------------------------------------------------------------
/Driver/WorkQueue.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/WorkQueue.h
--------------------------------------------------------------------------------
/Driver/dump.c:
--------------------------------------------------------------------------------
1 | #include "dump.h"
2 |
3 | //if (DumpMemory((PVOID)ulDumpKernelBase,KernelBuffer,ulDumpKernelSize) == STATUS_SUCCESS)
4 |
5 | NTSTATUS DumpMemory(PUCHAR SrcAddr, PUCHAR DstAddr, ULONG Size)
6 | {
7 | ULONG Remaining, Temp;
8 |
9 | __try
10 | {
11 | Remaining = Size;
12 | Temp = 0x1000 - (((ULONG)SrcAddr) & 0xfff);
13 | if (Remaining < Temp) Temp = Remaining;
14 |
15 | if (Temp != 0x1000)
16 | {
17 | if (MmIsAddressValidEx(SrcAddr)) SafeCopyMemory(SrcAddr, DstAddr, Temp);
18 | SrcAddr += Temp;
19 | DstAddr += Temp;
20 | Remaining -= Temp;
21 | }
22 |
23 | while (Remaining > 0x1000)
24 | {
25 | if (MmIsAddressValidEx(SrcAddr)) SafeCopyMemory(SrcAddr, DstAddr, 0x1000);
26 | SrcAddr += 0x1000;
27 | DstAddr += 0x1000;
28 | Remaining -= 0x1000;
29 | }
30 |
31 | if (Remaining != 0)
32 | if (MmIsAddressValidEx(SrcAddr)) SafeCopyMemory(SrcAddr, DstAddr, Remaining);
33 |
34 | }__except(EXCEPTION_EXECUTE_HANDLER){
35 |
36 | }
37 | return STATUS_SUCCESS;
38 | }
39 |
40 |
--------------------------------------------------------------------------------
/Driver/dump.h:
--------------------------------------------------------------------------------
1 | #ifndef _DUMP_H_
2 | #define _DUMP_H_
3 |
4 | #include "ntifs.h"
5 | #include "ntos.h"
6 |
7 | NTSTATUS SafeCopyMemory(PVOID SrcAddr, PVOID DstAddr, ULONG Size);
8 | #endif
--------------------------------------------------------------------------------
/Driver/file.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/file.c
--------------------------------------------------------------------------------
/Driver/file.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/file.h
--------------------------------------------------------------------------------
/Driver/kbdclass.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/kbdclass.c
--------------------------------------------------------------------------------
/Driver/kbdclass.h:
--------------------------------------------------------------------------------
1 | #ifndef _KBDCLASS_H_
2 | #define _KBDCLASS_H_
3 |
4 | #include "ntifs.h"
5 | #include
6 | #include "InitWindowsVersion.h"
7 | #include "ntos.h"
8 |
9 | BOOL PeLoad(
10 | WCHAR *FileFullPath,
11 | BYTE **ImageModeleBase,
12 | PDRIVER_OBJECT DeviceObject,
13 | DWORD ExistImageBase
14 | );
15 |
16 | NTSTATUS GetDriverObject(
17 | WCHAR *lpwzDevice,
18 | PDRIVER_OBJECT *PDriverObject
19 | );
20 |
21 | //IRP_MJ_MAXIMUM_FUNCTION
22 |
23 | typedef struct _KBDCLASSDISPATCH {
24 | ULONG ulNumber;
25 | ULONG ulKbdclassDispatch;
26 | ULONG ulCurrentKbdclassDispatch;
27 | CHAR lpszBaseModule[256];
28 | ULONG ulModuleSize;
29 | ULONG ulModuleBase;
30 | WCHAR lpwzKbdclassDispatchName[256];
31 | int Hooked;
32 | } KBDCLASSDISPATCH, *PKBDCLASSDISPATCH;
33 |
34 | typedef struct _KBDCLASSDISPATCHBAKUP {
35 | ULONG ulCount;
36 | KBDCLASSDISPATCH KbdclassDispatch[1];
37 | } KBDCLASSDISPATCHBAKUP, *PKBDCLASSDISPATCHBAKUP;
38 |
39 | PKBDCLASSDISPATCHBAKUP KbdclassDispatchBakUp;
40 |
41 | ULONG ulKbdclassModuleBase;
42 | ULONG ulKbdclassModuleSize;
43 |
44 | ULONG ulReLoadKbdclassModuleBase;
45 |
46 | extern BOOL DebugOn;
47 |
48 | PDRIVER_OBJECT PKbdclassDriverObjectBakup;
49 |
50 | ULONG ulReal_KBDCLASS_IRP_MJ_CREATE;
51 | ULONG ulReal_KBDCLASS_IRP_MJ_CLOSE;
52 | ULONG ulReal_KBDCLASS_IRP_MJ_READ;
53 | ULONG ulReal_KBDCLASS_IRP_MJ_FLUSH_BUFFERS;
54 | ULONG ulReal_KBDCLASS_IRP_MJ_DEVICE_CONTROL;
55 | ULONG ulReal_KBDCLASS_IRP_MJ_INTERNAL_DEVICE_CONTROL;
56 | ULONG ulReal_KBDCLASS_IRP_MJ_CLEANUP;
57 | ULONG ulReal_KBDCLASS_IRP_MJ_POWER;
58 | ULONG ulReal_KBDCLASS_IRP_MJ_SYSTEM_CONTROL;
59 | ULONG ulReal_KBDCLASS_IRP_MJ_PNP_POWER;
60 |
61 | BOOL PeLoad(
62 | WCHAR *FileFullPath,
63 | BYTE **ImageModeleBase,
64 | PDRIVER_OBJECT DeviceObject,
65 | DWORD ExistImageBase
66 | );
67 |
68 | NTSTATUS GetDriverObject(
69 | WCHAR *lpwzDevice,
70 | PDRIVER_OBJECT *PDriverObject
71 | );
72 |
73 | BOOL IsAddressInSystem(
74 | ULONG ulDriverBase,
75 | ULONG *ulSysModuleBase,
76 | ULONG *ulSize,
77 | char *lpszSysModuleImage
78 | );
79 |
80 | unsigned long __fastcall GetFunctionCodeSize(
81 | void *Proc
82 | );
83 |
84 | PIMAGE_NT_HEADERS RtlImageNtHeader(PVOID ImageBase);
85 |
86 | HANDLE MapFileAsSection(PUNICODE_STRING FileName,PVOID *ModuleBase);
87 |
88 | BOOL GetDriverEntryPoint(PVOID ImageBase,DWORD *pOutDriverEntry);
89 |
90 | #endif
--------------------------------------------------------------------------------
/Driver/ldasm.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/ldasm.c
--------------------------------------------------------------------------------
/Driver/ldasm.h:
--------------------------------------------------------------------------------
1 | #ifndef _LDASM_
2 | #define _LDASM_
3 |
4 | #ifdef __cplusplus
5 | extern "C" {
6 | #endif
7 |
8 | unsigned long __fastcall SizeOfCode(void *Code, unsigned char **pOpcode);
9 |
10 | unsigned long __fastcall SizeOfProc(void *Proc);
11 |
12 | char __fastcall IsRelativeCmd(unsigned char *pOpcode);
13 |
14 | #ifdef __cplusplus
15 | }
16 | #endif
17 |
18 | #endif
--------------------------------------------------------------------------------
/Driver/makefile:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
3 | # file to this component. This file merely indirects to the real make file
4 | # that is shared by all the components of the Windows NT DDK
5 | #
6 |
7 | !INCLUDE $(NTMAKEENV)\makefile.def
8 |
--------------------------------------------------------------------------------
/Driver/msghook.c:
--------------------------------------------------------------------------------
1 | #include "msghook.h"
--------------------------------------------------------------------------------
/Driver/msghook.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/msghook.h
--------------------------------------------------------------------------------
/Driver/nsiproxy.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/nsiproxy.c
--------------------------------------------------------------------------------
/Driver/nsiproxy.h:
--------------------------------------------------------------------------------
1 | #ifndef _NSIPROXYIP_H_
2 | #define _NSIPROXYIP_H_
3 |
4 | #include "ntifs.h"
5 | #include
6 | #include "InitWindowsVersion.h"
7 | #include "ntos.h"
8 |
9 | BOOL PeLoad(
10 | WCHAR *FileFullPath,
11 | BYTE **ImageModeleBase,
12 | PDRIVER_OBJECT DeviceObject,
13 | DWORD ExistImageBase
14 | );
15 |
16 | NTSTATUS GetDriverObject(
17 | WCHAR *lpwzDevice,
18 | PDRIVER_OBJECT *PDriverObject
19 | );
20 |
21 | //IRP_MJ_MAXIMUM_FUNCTION
22 |
23 | typedef struct _NSIPROXYDISPATCH {
24 | ULONG ulNumber;
25 | ULONG ulNsiproxyDispatch;
26 | ULONG ulCurrentNsiproxyDispatch;
27 | CHAR lpszBaseModule[256];
28 | ULONG ulModuleSize;
29 | ULONG ulModuleBase;
30 | WCHAR lpwzNsiproxyDispatchName[256];
31 | int Hooked;
32 | } NSIPROXYDISPATCH, *PNSIPROXYDISPATCH;
33 |
34 | typedef struct _NSIPROXYDISPATCHBAKUP {
35 | ULONG ulCount;
36 | NSIPROXYDISPATCH NsiproxyDispatch[1];
37 | } NSIPROXYDISPATCHBAKUP, *PNSIPROXYDISPATCHBAKUP;
38 |
39 | PNSIPROXYDISPATCHBAKUP NsiproxyDispatchBakUp;
40 |
41 | ULONG ulNsiproxyModuleBase;
42 | ULONG ulNsiproxyModuleSize;
43 |
44 | ULONG ulReLoadNsiproxyModuleBase;
45 |
46 | extern BOOL DebugOn;
47 |
48 | PDRIVER_OBJECT PNsiproxyDriverObjectBakup;
49 |
50 | ULONG ulReal_NSIPROXY_IRP_MJ_CREATE;
51 | ULONG ulReal_NSIPROXY_IRP_MJ_CREATE_NAMED_PIPE;
52 | ULONG ulReal_NSIPROXY_IRP_MJ_CLOSE;
53 | ULONG ulReal_NSIPROXY_IRP_MJ_READ;
54 | ULONG ulReal_NSIPROXY_IRP_MJ_WRITE;
55 | ULONG ulReal_NSIPROXY_IRP_MJ_QUERY_INFORMATION;
56 | ULONG ulReal_NSIPROXY_IRP_MJ_SET_INFORMATION;
57 | ULONG ulReal_NSIPROXY_IRP_MJ_QUERY_EA;
58 | ULONG ulReal_NSIPROXY_IRP_MJ_SET_EA;
59 | ULONG ulReal_NSIPROXY_IRP_MJ_FLUSH_BUFFERS;
60 | ULONG ulReal_NSIPROXY_IRP_MJ_QUERY_VOLUME_INFORMATION;
61 | ULONG ulReal_NSIPROXY_IRP_MJ_SET_VOLUME_INFORMATION;
62 | ULONG ulReal_NSIPROXY_IRP_MJ_DIRECTORY_CONTROL;
63 | ULONG ulReal_NSIPROXY_IRP_MJ_FILE_SYSTEM_CONTROL;
64 | ULONG ulReal_NSIPROXY_IRP_MJ_DEVICE_CONTROL;
65 | ULONG ulReal_NSIPROXY_IRP_MJ_SHUTDOWN;
66 | ULONG ulReal_NSIPROXY_IRP_MJ_LOCK_CONTROL;
67 | ULONG ulReal_NSIPROXY_IRP_MJ_CLEANUP;
68 | ULONG ulReal_NSIPROXY_IRP_MJ_CREATE_MAILSLOT;
69 | ULONG ulReal_NSIPROXY_IRP_MJ_QUERY_SECURITY;
70 | ULONG ulReal_NSIPROXY_IRP_MJ_SET_SECURITY;
71 | ULONG ulReal_NSIPROXY_IRP_MJ_POWER;
72 | ULONG ulReal_NSIPROXY_IRP_MJ_SYSTEM_CONTROL;
73 | ULONG ulReal_NSIPROXY_IRP_MJ_DEVICE_CHANGE;
74 | ULONG ulReal_NSIPROXY_IRP_MJ_QUERY_QUOTA;
75 | ULONG ulReal_NSIPROXY_IRP_MJ_SET_QUOTA;
76 | ULONG ulReal_NSIPROXY_IRP_MJ_PNP_POWER;
77 |
78 | NTSTATUS GetDriverObject(WCHAR *lpwzDevice,PDRIVER_OBJECT *PDriverObject);
79 | BOOL GetDriverEntryPoint(PVOID ImageBase,DWORD *pOutDriverEntry);
80 |
81 | BOOL IsAddressInSystem(
82 | ULONG ulDriverBase,
83 | ULONG *ulSysModuleBase,
84 | ULONG *ulSize,
85 | char *lpszSysModuleImage
86 | );
87 |
88 | unsigned long __fastcall GetFunctionCodeSize(
89 | void *Proc
90 | );
91 |
92 | #endif
--------------------------------------------------------------------------------
/Driver/ntifs.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/ntifs.h
--------------------------------------------------------------------------------
/Driver/ntos.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/ntos.c
--------------------------------------------------------------------------------
/Driver/ntos.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/ntos.h
--------------------------------------------------------------------------------
/Driver/objchk_win7_x86/i386/a.bat:
--------------------------------------------------------------------------------
1 | bin2c A-Protect.sys KernelModule.h lpszKernelModule
--------------------------------------------------------------------------------
/Driver/objchk_win7_x86/i386/bin2c.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/objchk_win7_x86/i386/bin2c.exe
--------------------------------------------------------------------------------
/Driver/sources:
--------------------------------------------------------------------------------
1 | # $Id$
2 | TARGETNAME=A-Protect
3 | TARGETPATH=obj
4 | TARGETTYPE=DRIVER
5 |
6 | SOURCES=SafeSystem.c \
7 | ntos.c\
8 | Ntfs.c\
9 | kbdclass.c\
10 | FileSystem.c \
11 | InlineHook.c \
12 | InitWindowsVersion.c \
13 | KernelReload.c\
14 | Control.c\
15 | ReLoadSSDTTableHook.c\
16 | SSDT.c\
17 | ShadowSSDT.c\
18 | ldasm.c\
19 | libdasm.c\
20 | SysModule.c\
21 | Port.c\
22 | Tcpip.c\
23 | nsiproxy.c\
24 | KillProcess.c\
25 | Process.c\
26 | Services.c\
27 | DeleteFile.c\
28 | ProcessModule.c\
29 | KernelHookCheck.c\
30 | AntiInlineHook.c\
31 | Protect.c\
32 | Function.c\
33 | win32k.c\
34 | NetworkDefense.c\
35 | dump.c\
36 | file.c\
37 | DriverHips.c\
38 | ObjectHookCheck.c\
39 | KernelFilterDriver.c\
40 | SystemThread.c\
41 | KernelThread.c\
42 | fixrelocation.c\
43 | Mouclass.c \
44 | Atapi.c \
45 | DpcTimer.c \
46 | SystemNotify.c \
47 | Startup.c \
48 | WorkQueue.c \
49 | LookupKernelData.c \
50 | FuncAddrValid.c \
51 | ReLoadShadowSSDTTableHook.c \
52 | IoTimer.c \
53 | msghook.c
54 |
--------------------------------------------------------------------------------
/Driver/win32k.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Driver/win32k.c
--------------------------------------------------------------------------------
/Driver/win32k.h:
--------------------------------------------------------------------------------
1 | #ifndef _WIN32K_H_
2 | #define _WIN32K_H_
3 |
4 | #include "ntifs.h"
5 | #include
6 | #include "ldasm.h"
7 | #include "ShadowSSDT.h"
8 |
9 | extern BYTE *ImageModuleBase;
10 | extern ULONG SystemKernelModuleBase;
11 | extern BOOL DebugOn;
12 | extern PDRIVER_OBJECT PDriverObject;
13 |
14 | PSERVICE_DESCRIPTOR_TABLE OriginalShadowServiceDescriptorTable;
15 | PSERVICE_DESCRIPTOR_TABLE Safe_ServiceDescriptorShadowSSDTTable;
16 |
17 | BYTE *Win32kImageModuleBase;
18 | ULONG ulWin32kBase;
19 | ULONG ulWin32kSize;
20 |
21 | PSERVICE_DESCRIPTOR_TABLE ShadowSSDTTable;
22 |
23 | ULONG ShadowTable;
24 |
25 |
26 | PVOID LookupKernelModuleByName(PDRIVER_OBJECT DriverObject,char *KernelModuleName,DWORD *ulWin32kSize);
27 |
28 | NTSTATUS LookupProcessByName(
29 | IN PCHAR pcProcessName,
30 | OUT PEPROCESS *pEprocess
31 | );
32 |
33 | BOOL PeLoad(
34 | WCHAR *FileFullPath,
35 | BYTE **ImageModeleBase,
36 | PDRIVER_OBJECT DeviceObject,
37 | DWORD ExistImageBase
38 | );
39 |
40 | PVOID
41 | MiFindExportedRoutine (
42 | IN PVOID DllBase,
43 | BOOL ByName,
44 | IN char *RoutineName,
45 | DWORD Ordinal
46 | );
47 |
48 | ULONG GetSystemRoutineAddress(
49 | int IntType,
50 | PVOID lpwzFunction
51 | );
52 |
53 | BOOLEAN
54 | KeAddSystemServiceTable(
55 | IN PVOID ServiceTableBase,
56 | IN PVOID ServiceCounterTableBase,
57 | IN ULONG NumberOfService,
58 | IN PVOID ParamTableBase,
59 | IN ULONG InsertServiceTableIndex
60 | );
61 |
62 | UINT AlignSize(UINT nSize, UINT nAlign);
63 |
64 |
65 | PIMAGE_NT_HEADERS RtlImageNtHeader(PVOID ImageBase);
66 |
67 | VOID InitShadowSSDTHook();
68 |
69 | #endif
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/README.md
--------------------------------------------------------------------------------
/Release/A-Protect.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Release/A-Protect.exe
--------------------------------------------------------------------------------
/Release/A-Protect.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Release/A-Protect.txt
--------------------------------------------------------------------------------
/Release/dbghelp.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Release/dbghelp.dll
--------------------------------------------------------------------------------
/Release/symsrv.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Release/symsrv.dll
--------------------------------------------------------------------------------
/Release/symsrv.yes:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/Release/symsrv.yes
--------------------------------------------------------------------------------
/TcpSnifferDriver/SOURCES:
--------------------------------------------------------------------------------
1 | TARGETNAME=ndis5pkt
2 | TARGETPATH=obj
3 | TARGETTYPE=DRIVER
4 |
5 | C_DEFINES=$(C_DEFINES) -DNDIS_MINIPORT_DRIVER -DNDIS_WDM=1
6 |
7 | C_DEFINES=$(C_DEFINES) -DNDIS51_MINIPORT=1
8 | C_DEFINES=$(C_DEFINES) -DNDIS51=1
9 |
10 | TARGETLIBS=$(DDK_LIB_PATH)\ndis.lib
11 |
12 | MSC_WARING_LEVEL=/W3
13 |
14 | SOURCES=ndis5pkt.c \
15 | openclos.c \
16 | read.c \
17 | readfast.c \
18 | write.c
19 |
--------------------------------------------------------------------------------
/TcpSnifferDriver/ndis5pkt.h:
--------------------------------------------------------------------------------
1 | /*
2 |
3 | ndis5pkt.h
4 |
5 | Author: Chunhua Liu
6 | Last Updated: 2004-04-24
7 |
8 | This framework is generated by QuickSYS 0.2.4
9 |
10 | */
11 |
12 | #ifndef _NDIS5PKT_H
13 | #define _NDIS5PKT_H 1
14 |
15 | #include
16 | #ifdef _NTDDK_
17 | #include
18 | #else
19 | #include
20 | #endif
21 |
22 | //
23 | // Define the various device type values. Note that values used by Microsoft
24 | // Corporation are in the range 0-0x7FFF(32767), and 0x8000(32768)-0xFFFF(65535)
25 | // are reserved for use by customers.
26 | //
27 |
28 | #define FILE_DEVICE_NDIS5PKT 0x8000
29 |
30 | //
31 | // Macro definition for defining IOCTL and FSCTL function control codes. Note
32 | // that function codes 0-0x7FF(2047) are reserved for Microsoft Corporation,
33 | // and 0x800(2048)-0xFFF(4095) are reserved for customers.
34 | //
35 |
36 | #define NDIS5PKT_IOCTL_BASE 0x800
37 |
38 | //
39 | // The device driver IOCTLs
40 | //
41 |
42 | #define CTL_CODE_NDIS5PKT(i) CTL_CODE(FILE_DEVICE_NDIS5PKT, NDIS5PKT_IOCTL_BASE+i, METHOD_BUFFERED, FILE_ANY_ACCESS)
43 |
44 | #define IOCTL_NDIS5PKT_BIND_ADAPTER CTL_CODE_NDIS5PKT(0)
45 | #define IOCTL_NDIS5PKT_UNBIND_ADAPTER CTL_CODE_NDIS5PKT(1)
46 | #define IOCTL_NDIS5PKT_QUERY_STATISTICS CTL_CODE_NDIS5PKT(2)
47 | #define IOCTL_NDIS5PKT_OPEN_DEVICE CTL_CODE_NDIS5PKT(3)
48 | #define IOCTL_NDIS5PKT_QUERY_OID_VALUE CTL_CODE_NDIS5PKT(4)
49 | #define IOCTL_NDIS5PKT_SET_OID_VALUE CTL_CODE_NDIS5PKT(5)
50 | #define IOCTL_NDIS5PKT_BIND_WAIT CTL_CODE_NDIS5PKT(6)
51 |
52 | #define IOCTL_NDIS5PKT_READ CTL_CODE(FILE_DEVICE_NDIS5PKT, NDIS5PKT_IOCTL_BASE+20, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
53 |
54 | typedef struct _STATISTICS_DATA
55 | {
56 | LONGLONG ReceivedPackets;
57 | LONGLONG DroppedPackets;
58 | } STATISTICS_DATA, *PSTATISTICS_DATA;
59 |
60 | //
61 | // Structure to go with IOCTL_NDIS5PKT_SET_OID_VALUE
62 | // and IOCTL_NDIS5PKT_QUERY_OID_VALUE.
63 | // The Data part is of variable length, determined
64 | // by the input buffer length passed to DeviceIoControl.
65 | //
66 | typedef struct _PACKET_OID_DATA
67 | {
68 | NDIS_OID Oid;
69 | UCHAR Data[sizeof(ULONG)];
70 | } PACKET_OID_DATA, *PPACKET_OID_DATA;
71 |
72 | #include
73 | #pragma warning(disable:4200)
74 | typedef struct _PACKET_GROUP
75 | {
76 | LONG Length;
77 | UCHAR Data[0];
78 | } PACKET_GROUP, *PPACKET_GROUP;
79 | #pragma warning(default:4200)
80 | #include
81 |
82 | //
83 | // Name that Win32 front end will use to open the ndis5pkt device
84 | //
85 |
86 | #define NDIS5PKT_DEVICE_NAME_WIN32 "\\\\.\\ndis5pkt"
87 |
88 | #endif
89 |
--------------------------------------------------------------------------------
/TcpSnifferDriver/ndis5pkt.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 | Application
22 | false
23 |
24 |
25 | Application
26 | false
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 | .\Release\
42 | .\Release\
43 | false
44 |
45 |
46 | .\Debug\
47 | .\Debug\
48 | false
49 |
50 |
51 |
52 | MultiThreaded
53 | OnlyExplicitInline
54 | true
55 | true
56 | MaxSpeed
57 | true
58 | Level3
59 | true
60 | $(ddkroot)\inc\ddk;$(ddkroot)\inc;%(AdditionalIncludeDirectories)
61 | WIN32=100;STD_CALL;CONDITION_HANDLING=1;NT_UP=1;NT_INST=0;_NT1X_=100;WINNT=1;_WIN32_WINNT=0x0400;WIN32_LEAN_AND_MEAN=1;DEVL=1;FPO=1;_IDWBUILD;NDEBUG;_DLL=1;_X86_=1;i386=1;NDIS50=1;%(PreprocessorDefinitions)
62 | All
63 | .\Release\
64 | true
65 | .\Release\ndis5pkt.pch
66 | .\Release\
67 | .\Release\
68 | /Oxs /Zel -cbstring /QIfdiv- /QIf
69 | StdCall
70 |
71 |
72 | "$(DRIVERWORKS)\bin\nmsym.exe" /translate:source,package,always Release\ndis5pkt.sys
73 | Generating SoftICE Symbol file ndis5pkt.nms
74 |
75 |
76 | true
77 | NDEBUG;%(PreprocessorDefinitions)
78 | .\Release\ndis5pkt.tlb
79 | true
80 | NUL
81 | Win32
82 |
83 |
84 | 0x0409
85 | $(ddkroot)\inc;%(AdditionalIncludeDirectories)
86 | NDEBUG;%(PreprocessorDefinitions)
87 |
88 |
89 | true
90 | .\Release\ndis5pkt.bsc
91 |
92 |
93 | true
94 | false
95 | true
96 | Release\ndis5pkt.sys
97 | $(ddkroot)\libfre\i386;$(ddkroot)\lib\i386\free;%(AdditionalLibraryDirectories)
98 | /DRIVER /debug:notmapped,MINIMAL /IGNORE:4001,4037,4039,4065,4070,4078,4087,4089,4096 /SECTION:INIT,d /FULLBUI /SECTION:INIT,d /FULLBUILD /FORCE:MULTIPLE /OPT:REF /OPTIDATA /osversion:4.00 /subsystem:nati /FULLBUILD /FORCE:MULTIPLE /OPT:REF /OPTIDATA /osversion:4.00 /subsystem:native /FORCE:MULTIPLE /OPT:REF /OPTIDATA /osversion:4.00 /subsystem:native /OPTIDATA /osversion:4.00 /subsystem:native /osversion:4.00 /subsystem:native /subsystem:native
99 | true
100 | .rdata=.text
101 | 0x10000
102 | int64.lib;ntoskrnl.lib;hal.lib;ndis.lib;%(AdditionalDependencies)
103 | true
104 | 4.0
105 | DriverEntry
106 |
107 |
108 |
109 |
110 | MultiThreadedDebug
111 | Default
112 | true
113 | Disabled
114 | true
115 | Level3
116 | OldStyle
117 | true
118 | true
119 | $(ddkroot)\inc\ddk;$(ddkroot)\inc;%(AdditionalIncludeDirectories)
120 | WIN32=100;STD_CALL;CONDITION_HANDLING=1;NT_UP=1;NT_INST=0;_NT1X_=100;WINNT=1;_WIN32_WINNT=0x0400;WIN32_LEAN_AND_MEAN=1;DBG=1;DEVL=1;FPO=0;_DEBUG;_DLL=1;_X86_=1;i386=1;NDIS50=1;%(PreprocessorDefinitions)
121 | .\Debug\
122 | true
123 | .\Debug\ndis5pkt.pch
124 | .\Debug\
125 | .\Debug\
126 | /Zel -cbstring /QIfdiv- /QIf
127 | StdCall
128 |
129 |
130 | "$(DRIVERWORKS)\bin\nmsym.exe" /translate:source,package,always Debug\ndis5pkt.sys
131 | Generating SoftICE Symbol file ndis5pkt.nms
132 |
133 |
134 | true
135 | .\Debug\ndis5pkt.tlb
136 | true
137 | NUL
138 | Win32
139 |
140 |
141 | 0x0409
142 | $(ddkroot)\inc;%(AdditionalIncludeDirectories)
143 |
144 |
145 | true
146 | .\Debug\ndis5pkt.bsc
147 |
148 |
149 | true
150 | true
151 | true
152 | Debug\ndis5pkt.sys
153 | $(ddkroot)\libchk\i386;$(ddkroot)\lib\i386\checked;%(AdditionalLibraryDirectories)
154 | /DRIVER /debug:notmapped,FULL /IGNORE:4001,4037,4039,4065,4078,4087,4089,4096 /SECTION:INIT,d /FULL /SECTION:INIT,d /FULLBUILD /FORCE:MULTIPLE /OPT:REF /OPTIDATA /osversion:4.00 /subsys /FULLBUILD /FORCE:MULTIPLE /OPT:REF /OPTIDATA /osversion:4.00 /subsystem:native /FORCE:MULTIPLE /OPT:REF /OPTIDATA /osversion:4.00 /subsystem:native /OPTIDATA /osversion:4.00 /subsystem:native /osversion:4.00 /subsystem:native /subsystem:native
155 | true
156 | .rdata=.text
157 | 0x10000
158 | int64.lib;ntoskrnl.lib;hal.lib;ndis.lib;%(AdditionalDependencies)
159 | true
160 | 4.0
161 | DriverEntry
162 |
163 |
164 |
165 |
166 | /Oxs /Zel -cbstring /QIfdiv- /QIf /Oxs /Zel -cbstring /QIfdiv- /QIf
167 | /Zel -cbstring /QIfdiv- /QIf /Zel -cbstring /QIfdiv- /QIf
168 |
169 |
170 | /Oxs /Zel -cbstring /QIfdiv- /QIf /Oxs /Zel -cbstring /QIfdiv- /QIf
171 | /Zel -cbstring /QIfdiv- /QIf /Zel -cbstring /QIfdiv- /QIf
172 |
173 |
174 | /Oxs /Zel -cbstring /QIfdiv- /QIf /Oxs /Zel -cbstring /QIfdiv- /QIf
175 | /Zel -cbstring /QIfdiv- /QIf /Zel -cbstring /QIfdiv- /QIf
176 |
177 |
178 | /Oxs /Zel -cbstring /QIfdiv- /QIf /Oxs /Zel -cbstring /QIfdiv- /QIf
179 | /Zel -cbstring /QIfdiv- /QIf /Zel -cbstring /QIfdiv- /QIf
180 |
181 |
182 | /Oxs /Zel -cbstring /QIfdiv- /QIf /Oxs /Zel -cbstring /QIfdiv- /QIf
183 | /Zel -cbstring /QIfdiv- /QIf /Zel -cbstring /QIfdiv- /QIf
184 |
185 |
186 |
187 |
188 |
189 |
190 |
191 |
192 |
193 |
194 |
195 |
196 |
--------------------------------------------------------------------------------
/TcpSnifferDriver/ndis5pkt.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {b3691aa3-204a-478f-b885-4d6ea158de3c}
6 | cpp;c;cxx;rc;def;r;odl;idl;hpj;bat
7 |
8 |
9 | {6aa37e89-32fe-4732-93ec-d3a972728ce3}
10 | h;hpp;hxx;hm;inl
11 |
12 |
13 | {2b1abca7-a38d-4962-8865-b6a62dd663e0}
14 | ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 | Source Files
23 |
24 |
25 | Source Files
26 |
27 |
28 | Source Files
29 |
30 |
31 | Source Files
32 |
33 |
34 |
35 |
36 | Header Files
37 |
38 |
39 | Header Files
40 |
41 |
42 |
43 |
44 |
45 |
--------------------------------------------------------------------------------
/TcpSnifferDriver/ndis5pkt.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/TcpSnifferDriver/objchk_win7_x86/i386/_objects.mac:
--------------------------------------------------------------------------------
1 |
2 |
3 | 386_OBJECTS=\
4 | $(OBJ_PATH)\$O\ndis5pkt.obj \
5 | $(OBJ_PATH)\$O\openclos.obj \
6 | $(OBJ_PATH)\$O\read.obj \
7 | $(OBJ_PATH)\$O\readfast.obj \
8 | $(OBJ_PATH)\$O\write.obj \
9 |
10 |
11 |
12 |
13 |
14 | # lowercased
15 | BASEDIR=c:\winddk\7600.16385.0
16 | OBJECT_ROOT=c:\winddk\7600.16385.0
17 | MAKEDIR_LOWERCASE=c:\faefafaf\a-protect\tcpsnifferdriver
18 | OBJ_PATH=c:\faefafaf\a-protect\tcpsnifferdriver
19 | CONCURRENT_MIDL=0
20 | CONCURRENT_MANIFEST_BUILD=0
21 |
--------------------------------------------------------------------------------
/TcpSnifferDriver/objchk_win7_x86/i386/a.bat:
--------------------------------------------------------------------------------
1 | bin2c ndis5pkt.vmp.sys tcpsniffer.h lpszTcpsniffer
--------------------------------------------------------------------------------
/TcpSnifferDriver/objchk_win7_x86/i386/bin2c.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/TcpSnifferDriver/objchk_win7_x86/i386/bin2c.exe
--------------------------------------------------------------------------------
/TcpSnifferDriver/objchk_win7_x86/i386/ndis5pkt.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/TcpSnifferDriver/objchk_win7_x86/i386/ndis5pkt.sys
--------------------------------------------------------------------------------
/TcpSnifferDriver/objchk_win7_x86/i386/ndis5pkt.vmp.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sin5678/A-Protect/653c97c80b3465834715011c3578c84c2b4b2e41/TcpSnifferDriver/objchk_win7_x86/i386/ndis5pkt.vmp.sys
--------------------------------------------------------------------------------
/TcpSnifferDriver/objchk_win7_x86/i386/read.obj.oacr.root.x86chk.pft.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | 3
4 | 0
5 | 868read.cc:\faefafaf\a-protect\tcpsnifferdriver\28155The function being assigned or passed should be a DRIVER_CANCEL function: Add the declaration 'DRIVER_CANCEL NdisuioCancelRead;' before the current first declaration of NdisuioCancelRead.NdisuioRead_old7
6 | 13627read.cc:\faefafaf\a-protect\tcpsnifferdriver\28107The CancelSpinLock '#CancelSpinLock' must be held when calling 'IoReleaseCancelSpinLock'.NdisuioCancelRead11013232read.cc:\faefafaf\a-protect\tcpsnifferdriver\13332read.cc:\faefafaf\a-protect\tcpsnifferdriver\13432read.cc:\faefafaf\a-protect\tcpsnifferdriver\13627read.cc:\faefafaf\a-protect\tcpsnifferdriver\
7 | 1100read.cc:\faefafaf\a-protect\tcpsnifferdriver\28167The function 'NdisuioCancelRead' changes the IRQL and does not restore the IRQL before it exits. It should be annotated to reflect the change or the IRQL should be restored. IRQL was last set at line 136.NdisuioCancelRead11013232read.cc:\faefafaf\a-protect\tcpsnifferdriver\13332read.cc:\faefafaf\a-protect\tcpsnifferdriver\13432read.cc:\faefafaf\a-protect\tcpsnifferdriver\13627read.cc:\faefafaf\a-protect\tcpsnifferdriver\13810read.cc:\faefafaf\a-protect\tcpsnifferdriver\14017read.cc:\faefafaf\a-protect\tcpsnifferdriver\1414read.cc:\faefafaf\a-protect\tcpsnifferdriver\1434read.cc:\faefafaf\a-protect\tcpsnifferdriver\14819read.cc:\faefafaf\a-protect\tcpsnifferdriver\14919read.cc:\faefafaf\a-protect\tcpsnifferdriver\15217read.cc:\faefafaf\a-protect\tcpsnifferdriver\15019read.cc:\faefafaf\a-protect\tcpsnifferdriver\14919read.cc:\faefafaf\a-protect\tcpsnifferdriver\15217read.cc:\faefafaf\a-protect\tcpsnifferdriver\15019read.cc:\faefafaf\a-protect\tcpsnifferdriver\14919read.cc:\faefafaf\a-protect\tcpsnifferdriver\1634read.cc:\faefafaf\a-protect\tcpsnifferdriver\1658read.cc:\faefafaf\a-protect\tcpsnifferdriver\
8 |
9 |
--------------------------------------------------------------------------------
/TcpSnifferDriver/objchk_win7_x86/i386/readfast.obj.oacr.root.x86chk.pft.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | 3
4 | 0
5 | 39011readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\28193'pGroup' holds a value that must be examined.NdisuioTransferDataComplete33636228readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\36328readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\36345readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\36410readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\36517readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\36817readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\3694readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\3716readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\3725readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\37421readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\37618readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\3816readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\38716readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\3909readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\39517readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\39621readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\40325readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\40430readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\4070readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\4102readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\44023readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\45032readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\4522readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\
6 | 6730readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\28167The function 'NdisuioRead' changes the IRQL and does not restore the IRQL before it exits. It should be annotated to reflect the change or the IRQL should be restored. IRQL was last set to 2 at line 731.NdisuioRead67369428readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\69528readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\69628readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\69811readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\69917readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\70325readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\7108readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\71229readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\72379readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\7318readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\73312readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\74011readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\74115readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\7433readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\
7 | 7588readfast.cc:\faefafaf\a-protect\tcpsnifferdriver\28155The function being assigned or passed should be a DRIVER_CANCEL function: Add the declaration 'DRIVER_CANCEL NdisuioCancelRead;' before the current first declaration of NdisuioCancelRead.NdisuioRead673
8 |
9 |
--------------------------------------------------------------------------------
/TcpSnifferDriver/objchk_win7_x86/i386/write.obj.oacr.root.x86chk.pft.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | 3
4 | 0
5 | 1908write.cc:\faefafaf\a-protect\tcpsnifferdriver\28155The function being assigned or passed should be a DRIVER_CANCEL function: Add the declaration 'DRIVER_CANCEL NdisuioCancelWrite;' before the current first declaration of NdisuioCancelWrite.NdisuioWrite7
6 | 26527write.cc:\faefafaf\a-protect\tcpsnifferdriver\28107The CancelSpinLock '#CancelSpinLock' must be held when calling 'IoReleaseCancelSpinLock'.NdisuioCancelWrite24026132write.cc:\faefafaf\a-protect\tcpsnifferdriver\26232write.cc:\faefafaf\a-protect\tcpsnifferdriver\26332write.cc:\faefafaf\a-protect\tcpsnifferdriver\26527write.cc:\faefafaf\a-protect\tcpsnifferdriver\
7 | 2400write.cc:\faefafaf\a-protect\tcpsnifferdriver\28167The function 'NdisuioCancelWrite' changes the IRQL and does not restore the IRQL before it exits. It should be annotated to reflect the change or the IRQL should be restored. IRQL was last set at line 265.NdisuioCancelWrite24026132write.cc:\faefafaf\a-protect\tcpsnifferdriver\26232write.cc:\faefafaf\a-protect\tcpsnifferdriver\26332write.cc:\faefafaf\a-protect\tcpsnifferdriver\26527write.cc:\faefafaf\a-protect\tcpsnifferdriver\27016write.cc:\faefafaf\a-protect\tcpsnifferdriver\27217write.cc:\faefafaf\a-protect\tcpsnifferdriver\2734write.cc:\faefafaf\a-protect\tcpsnifferdriver\2794write.cc:\faefafaf\a-protect\tcpsnifferdriver\28119write.cc:\faefafaf\a-protect\tcpsnifferdriver\28219write.cc:\faefafaf\a-protect\tcpsnifferdriver\28517write.cc:\faefafaf\a-protect\tcpsnifferdriver\28319write.cc:\faefafaf\a-protect\tcpsnifferdriver\28219write.cc:\faefafaf\a-protect\tcpsnifferdriver\28517write.cc:\faefafaf\a-protect\tcpsnifferdriver\28319write.cc:\faefafaf\a-protect\tcpsnifferdriver\28219write.cc:\faefafaf\a-protect\tcpsnifferdriver\2984write.cc:\faefafaf\a-protect\tcpsnifferdriver\30020write.cc:\faefafaf\a-protect\tcpsnifferdriver\
8 |
9 |
--------------------------------------------------------------------------------
/TcpSnifferDriver/openclos.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | #include "packet.h"
5 |
6 | NTSTATUS
7 | NdisuioOpen(
8 | IN PDEVICE_OBJECT pDeviceObject,
9 | IN PIRP pIrp
10 | )
11 | /*++
12 |
13 | Routine Description:
14 |
15 | This is the dispatch routine for handling IRP_MJ_CREATE.
16 | We simply succeed this.
17 |
18 | Arguments:
19 |
20 | pDeviceObject - Pointer to the device object.
21 |
22 | pIrp - Pointer to the request packet.
23 |
24 | Return Value:
25 |
26 | Status is returned.
27 |
28 | --*/
29 | {
30 | PIO_STACK_LOCATION pIrpSp;
31 | NTSTATUS NtStatus = STATUS_SUCCESS;
32 |
33 | pIrpSp = IoGetCurrentIrpStackLocation(pIrp);
34 | pIrpSp->FileObject->FsContext = NULL;
35 |
36 | DEBUGP(DL_INFO, ("Open: FileObject %p\n", pIrpSp->FileObject));
37 |
38 | pIrp->IoStatus.Information = 0;
39 | pIrp->IoStatus.Status = NtStatus;
40 | IoCompleteRequest(pIrp, IO_NO_INCREMENT);
41 |
42 | return NtStatus;
43 | }
44 |
45 | NTSTATUS
46 | NdisuioClose(
47 | IN PDEVICE_OBJECT pDeviceObject,
48 | IN PIRP pIrp
49 | )
50 | /*++
51 |
52 | Routine Description:
53 |
54 | This is the dispatch routine for handling IRP_MJ_CLOSE.
55 | We simply succeed this.
56 |
57 | Arguments:
58 |
59 | pDeviceObject - Pointer to the device object.
60 |
61 | pIrp - Pointer to the request packet.
62 |
63 | Return Value:
64 |
65 | Status is returned.
66 |
67 | --*/
68 | {
69 | NTSTATUS NtStatus;
70 | PIO_STACK_LOCATION pIrpSp;
71 | PNDISUIO_OPEN_CONTEXT pOpenContext;
72 |
73 | pIrpSp = IoGetCurrentIrpStackLocation(pIrp);
74 | pOpenContext = pIrpSp->FileObject->FsContext;
75 |
76 | DEBUGP(DL_INFO, ("Close: FileObject %p\n",
77 | IoGetCurrentIrpStackLocation(pIrp)->FileObject));
78 |
79 | if (pOpenContext != NULL)
80 | {
81 | NUIO_STRUCT_ASSERT(pOpenContext, oc);
82 |
83 | //
84 | // Deref the endpoint
85 | //
86 | NUIO_DEREF_OPEN(pOpenContext); // Close
87 | }
88 |
89 | pIrpSp->FileObject->FsContext = NULL;
90 | NtStatus = STATUS_SUCCESS;
91 | pIrp->IoStatus.Information = 0;
92 | pIrp->IoStatus.Status = NtStatus;
93 | IoCompleteRequest(pIrp, IO_NO_INCREMENT);
94 |
95 | return NtStatus;
96 | }
97 |
98 | NTSTATUS
99 | NdisuioCleanup(
100 | IN PDEVICE_OBJECT pDeviceObject,
101 | IN PIRP pIrp
102 | )
103 | /*++
104 |
105 | Routine Description:
106 |
107 | This is the dispatch routine for handling IRP_MJ_CLEANUP.
108 |
109 | Arguments:
110 |
111 | pDeviceObject - Pointer to the device object.
112 |
113 | pIrp - Pointer to the request packet.
114 |
115 | Return Value:
116 |
117 | Status is returned.
118 |
119 | --*/
120 | {
121 | PIO_STACK_LOCATION pIrpSp;
122 | NTSTATUS NtStatus;
123 | NDIS_STATUS NdisStatus;
124 | PNDISUIO_OPEN_CONTEXT pOpenContext;
125 | ULONG PacketFilter;
126 | ULONG BytesProcessed;
127 |
128 | pIrpSp = IoGetCurrentIrpStackLocation(pIrp);
129 | pOpenContext = pIrpSp->FileObject->FsContext;
130 |
131 | DEBUGP(DL_VERY_LOUD, ("Cleanup: FileObject %p, Open %p\n",
132 | pIrpSp->FileObject, pOpenContext));
133 |
134 | if (pOpenContext != NULL)
135 | {
136 | NUIO_STRUCT_ASSERT(pOpenContext, oc);
137 |
138 | //
139 | // Mark this endpoint.
140 | //
141 | NUIO_ACQUIRE_LOCK(&pOpenContext->Lock);
142 |
143 | NUIO_SET_FLAGS(pOpenContext->Flags, NUIOO_OPEN_FLAGS, NUIOO_OPEN_IDLE);
144 | pOpenContext->pFileObject = NULL;
145 |
146 | NUIO_RELEASE_LOCK(&pOpenContext->Lock);
147 |
148 | //
149 | // Set the packet filter to 0, telling NDIS that we aren't
150 | // interested in any more receives.
151 | //
152 | PacketFilter = 0;
153 | NdisStatus = ndisuioValidateOpenAndDoRequest(
154 | pOpenContext,
155 | NdisRequestSetInformation,
156 | OID_GEN_CURRENT_PACKET_FILTER,
157 | &PacketFilter,
158 | sizeof(PacketFilter),
159 | &BytesProcessed,
160 | FALSE // Don't wait for device to be powered on
161 | );
162 |
163 | if (NdisStatus != NDIS_STATUS_SUCCESS)
164 | {
165 | DEBUGP(DL_INFO, ("Cleanup: Open %p, set packet filter (%x) failed: %x\n",
166 | pOpenContext, PacketFilter, NdisStatus));
167 | //
168 | // Ignore the result. If this failed, we may continue
169 | // to get indicated receives, which will be handled
170 | // appropriately.
171 | //
172 | NdisStatus = NDIS_STATUS_SUCCESS;
173 | }
174 |
175 | //
176 | // Cancel any pending reads.
177 | //
178 | ndisuioCancelPendingReads(pOpenContext);
179 |
180 | // no file linked to it, so unbind it.
181 | NdisuioUnbindAdapter(&NdisStatus, pOpenContext, 0);
182 | }
183 |
184 | NtStatus = STATUS_SUCCESS;
185 |
186 | pIrp->IoStatus.Information = 0;
187 | pIrp->IoStatus.Status = NtStatus;
188 | IoCompleteRequest(pIrp, IO_NO_INCREMENT);
189 |
190 | DEBUGP(DL_INFO, ("Cleanup: OpenContext %p\n", pOpenContext));
191 |
192 | return (NtStatus);
193 | }
194 |
195 |
--------------------------------------------------------------------------------
/TcpSnifferDriver/readme.txt:
--------------------------------------------------------------------------------
1 | A Fast Protocol Driver for NT/2K/XP/2K3
2 | Original source code from MS DDK sample ndisuio.
3 |
4 | Chunhua Liu
5 | 2004-04-23
--------------------------------------------------------------------------------
/share/adapter.h:
--------------------------------------------------------------------------------
1 | #ifndef _ADAPTER_H
2 | #define _ADAPTER_H 1
3 |
4 | #ifndef __IPHLPAPI_H__
5 | #include
6 | #pragma comment(lib, "Iphlpapi.lib")
7 | #endif
8 |
9 | #ifndef _ASSERT_H
10 | #include "assert.h"
11 | #endif
12 |
13 | /*
14 | //
15 | // ADAPTER_INFO - per-adapter information. All IP addresses are stored as
16 | // strings
17 | //
18 |
19 | typedef struct _IP_ADAPTER_INFO {
20 | struct _IP_ADAPTER_INFO* Next;
21 | DWORD ComboIndex;
22 | char AdapterName[MAX_ADAPTER_NAME_LENGTH + 4];
23 | char Description[MAX_ADAPTER_DESCRIPTION_LENGTH + 4];
24 | UINT AddressLength;
25 | BYTE Address[MAX_ADAPTER_ADDRESS_LENGTH];
26 | DWORD Index;
27 | UINT Type;
28 | UINT DhcpEnabled;
29 | PIP_ADDR_STRING CurrentIpAddress;
30 | IP_ADDR_STRING IpAddressList;
31 | IP_ADDR_STRING GatewayList;
32 | IP_ADDR_STRING DhcpServer;
33 | BOOL HaveWins;
34 | IP_ADDR_STRING PrimaryWinsServer;
35 | IP_ADDR_STRING SecondaryWinsServer;
36 | time_t LeaseObtained;
37 | time_t LeaseExpires;
38 | } IP_ADAPTER_INFO, *PIP_ADAPTER_INFO;
39 | */
40 |
41 | class CAdapter
42 | {
43 | // Constructor
44 | public:
45 | CAdapter();
46 | BOOL Create();
47 |
48 | // Attributes
49 | private:
50 | PIP_ADAPTER_INFO m_pAdapterInfo;
51 | int m_iAdapterCount;
52 |
53 | // Operations
54 | public:
55 | void Destroy();
56 | PIP_ADAPTER_INFO operator [](int i) const;
57 | PIP_ADAPTER_INFO GetAt(int i) const;
58 | int GetCount() const;
59 |
60 | // Overridable callbacks
61 | protected:
62 |
63 | // Implementation
64 | public:
65 | ~CAdapter();
66 | };
67 |
68 | inline
69 | CAdapter::CAdapter()
70 | {
71 | m_pAdapterInfo = NULL;
72 | m_iAdapterCount = 0;
73 | }
74 |
75 | inline
76 | CAdapter::~CAdapter()
77 | {
78 | Destroy();
79 | }
80 |
81 | inline
82 | BOOL CAdapter::Create()
83 | {
84 | ASSERT(m_pAdapterInfo == NULL);
85 |
86 | ULONG OutBufLen = 0;
87 |
88 | if (GetAdaptersInfo(NULL, &OutBufLen) != ERROR_BUFFER_OVERFLOW)
89 | return FALSE;
90 |
91 | m_pAdapterInfo = (PIP_ADAPTER_INFO)new char[OutBufLen];
92 | if (m_pAdapterInfo == NULL)
93 | {
94 | SetLastError(ERROR_NOT_ENOUGH_MEMORY);
95 | return FALSE;
96 | }
97 |
98 | GetAdaptersInfo(m_pAdapterInfo, &OutBufLen);
99 |
100 | PIP_ADAPTER_INFO temp = m_pAdapterInfo;
101 | while (temp)
102 | {
103 | m_iAdapterCount++;
104 | temp = temp->Next;
105 | }
106 | return TRUE;
107 | }
108 |
109 | inline
110 | void CAdapter::Destroy()
111 | {
112 | if (m_pAdapterInfo)
113 | {
114 | delete[] m_pAdapterInfo;
115 | m_pAdapterInfo = NULL;
116 | }
117 | m_iAdapterCount = 0;
118 | }
119 |
120 | inline
121 | PIP_ADAPTER_INFO CAdapter::GetAt(int i) const
122 | {
123 | ASSERT(i < m_iAdapterCount);
124 |
125 | PIP_ADAPTER_INFO temp = m_pAdapterInfo;
126 | while (i--)
127 | temp = temp->Next;
128 |
129 | return temp;
130 | }
131 |
132 | inline PIP_ADAPTER_INFO CAdapter::operator [](int i) const
133 | { return GetAt(i); }
134 |
135 | inline int CAdapter::GetCount() const
136 | { return m_iAdapterCount; }
137 |
138 | #endif
139 |
--------------------------------------------------------------------------------
/share/assert.h:
--------------------------------------------------------------------------------
1 | #ifndef _ASSERT_H
2 | #define _ASSERT_H 1
3 |
4 | #ifndef _INC_CRTDBG
5 | #include
6 | #endif
7 |
8 | #pragma warning(disable: 4127) // constant expression for TRACE/ASSERT
9 | #pragma warning(disable: 4201) // nameless unions are part of C++
10 |
11 | #ifndef ASSERT
12 | #define ASSERT _ASSERTE
13 | #endif
14 |
15 | #ifndef VERIFY
16 | #ifdef _DEBUG
17 | #define VERIFY _ASSERTE
18 | #else
19 | #define VERIFY(f) ((void)(f))
20 | #endif
21 | #endif
22 |
23 | #endif
24 |
25 |
--------------------------------------------------------------------------------
/share/netdef.h:
--------------------------------------------------------------------------------
1 | #ifndef _NETDEF_H
2 | #define _NETDEF_H
3 |
4 | #ifdef _M_IX86
5 | #ifndef __LITTLE_ENDIAN_BITFIELD
6 | #define __LITTLE_ENDIAN_BITFIELD
7 | #endif
8 | #endif
9 |
10 | /*
11 | * IEEE 802.3 Ethernet magic constants. The frame sizes omit the preamble
12 | * and FCS/CRC (frame check sequence).
13 | */
14 |
15 | #define ETH_ALEN 6 /* Octets in one ethernet addr */
16 | #define ETH_HLEN 14 /* Total octets in header. */
17 | #define ETH_ZLEN 60 /* Min. octets in frame sans FCS */
18 | #define ETH_DATA_LEN 1500 /* Max. octets in payload */
19 | #define ETH_FRAME_LEN 1514 /* Max. octets in frame sans FCS */
20 |
21 | /*
22 | * These are the defined Ethernet Protocol ID's.
23 | */
24 |
25 | #define ETH_P_LOOP 0x0060 /* Ethernet Loopback packet */
26 | #define ETH_P_ECHO 0x0200 /* Ethernet Echo packet */
27 | #define ETH_P_PUP 0x0400 /* Xerox PUP packet */
28 | #define ETH_P_IP 0x0800 /* Internet Protocol packet */
29 | #define ETH_P_X25 0x0805 /* CCITT X.25 */
30 | #define ETH_P_ARP 0x0806 /* Address Resolution packet */
31 | #define ETH_P_BPQ 0x08FF /* G8BPQ AX.25 Ethernet Packet [ NOT AN OFFICIALLY REGISTERED ID ] */
32 | #define ETH_P_DEC 0x6000 /* DEC Assigned proto */
33 | #define ETH_P_DNA_DL 0x6001 /* DEC DNA Dump/Load */
34 | #define ETH_P_DNA_RC 0x6002 /* DEC DNA Remote Console */
35 | #define ETH_P_DNA_RT 0x6003 /* DEC DNA Routing */
36 | #define ETH_P_LAT 0x6004 /* DEC LAT */
37 | #define ETH_P_DIAG 0x6005 /* DEC Diagnostics */
38 | #define ETH_P_CUST 0x6006 /* DEC Customer use */
39 | #define ETH_P_SCA 0x6007 /* DEC Systems Comms Arch */
40 | #define ETH_P_RARP 0x8035 /* Reverse Addr Res packet */
41 | #define ETH_P_ATALK 0x809B /* Appletalk DDP */
42 | #define ETH_P_AARP 0x80F3 /* Appletalk AARP */
43 | #define ETH_P_IPX 0x8137 /* IPX over DIX */
44 | #define ETH_P_IPV6 0x86DD /* IPv6 over bluebook */
45 | #define ETH_P_ATMMPOA 0x884c /* MultiProtocol Over ATM */
46 | #define ETH_P_ATMFATE 0x8884 /* Frame-based ATM Transport over Ethernet */
47 |
48 | /*
49 | * Non DIX types. Won't clash for 1500 types.
50 | */
51 |
52 | #define ETH_P_802_3 0x0001 /* Dummy type for 802.3 frames */
53 | #define ETH_P_AX25 0x0002 /* Dummy protocol id for AX.25 */
54 | #define ETH_P_ALL 0x0003 /* Every packet (be careful!!!) */
55 | #define ETH_P_802_2 0x0004 /* 802.2 frames */
56 | #define ETH_P_SNAP 0x0005 /* Internal only */
57 | #define ETH_P_DDCMP 0x0006 /* DEC DDCMP: Internal only */
58 | #define ETH_P_WAN_PPP 0x0007 /* Dummy type for WAN PPP frames*/
59 | #define ETH_P_PPP_MP 0x0008 /* Dummy type for PPP MP frames */
60 | #define ETH_P_LOCALTALK 0x0009 /* Localtalk pseudo type */
61 | #define ETH_P_PPPTALK 0x0010 /* Dummy type for Atalk over PPP*/
62 | #define ETH_P_TR_802_2 0x0011 /* 802.2 frames */
63 | #define ETH_P_MOBITEX 0x0015 /* Mobitex (kaz@cafe.net) */
64 | #define ETH_P_CONTROL 0x0016 /* Card specific control frames */
65 | #define ETH_P_IRDA 0x0017 /* Linux/IR */
66 |
67 | /* ARP protocol HARDWARE identifiers. */
68 | #define ARPHRD_NETROM 0 /* from KA9Q: NET/ROM pseudo */
69 | #define ARPHRD_ETHER 1 /* Ethernet 10Mbps */
70 | #define ARPHRD_EETHER 2 /* Experimental Ethernet */
71 | #define ARPHRD_AX25 3 /* AX.25 Level 2 */
72 | #define ARPHRD_PRONET 4 /* PROnet token ring */
73 | #define ARPHRD_CHAOS 5 /* Chaosnet */
74 | #define ARPHRD_IEEE802 6 /* IEEE 802.2 Ethernet/TR/TB */
75 | #define ARPHRD_ARCNET 7 /* ARCnet */
76 | #define ARPHRD_APPLETLK 8 /* APPLEtalk */
77 | #define ARPHRD_DLCI 15 /* Frame Relay DLCI */
78 | #define ARPHRD_ATM 19 /* ATM */
79 | #define ARPHRD_METRICOM 23 /* Metricom STRIP (new IANA id) */
80 | #define ARPHRD_IEEE1394 24 /* IEEE 1394 IPv4 - RFC 2734 */
81 | #define ARPHRD_EUI64 27 /* EUI-64 */
82 |
83 | /* Dummy types for non ARP hardware */
84 | #define ARPHRD_SLIP 256
85 | #define ARPHRD_CSLIP 257
86 | #define ARPHRD_SLIP6 258
87 | #define ARPHRD_CSLIP6 259
88 | #define ARPHRD_RSRVD 260 /* Notional KISS type */
89 | #define ARPHRD_ADAPT 264
90 | #define ARPHRD_ROSE 270
91 | #define ARPHRD_X25 271 /* CCITT X.25 */
92 | #define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */
93 | #define ARPHRD_PPP 512
94 | #define ARPHRD_CISCO 513 /* Cisco HDLC */
95 | #define ARPHRD_HDLC ARPHRD_CISCO
96 | #define ARPHRD_LAPB 516 /* LAPB */
97 | #define ARPHRD_DDCMP 517 /* Digital's DDCMP protocol */
98 | #define ARPHRD_RAWHDLC 518 /* Raw HDLC */
99 |
100 | #define ARPHRD_TUNNEL 768 /* IPIP tunnel */
101 | #define ARPHRD_TUNNEL6 769 /* IPIP6 tunnel */
102 | #define ARPHRD_FRAD 770 /* Frame Relay Access Device */
103 | #define ARPHRD_SKIP 771 /* SKIP vif */
104 | #define ARPHRD_LOOPBACK 772 /* Loopback device */
105 | #define ARPHRD_LOCALTLK 773 /* Localtalk device */
106 | #define ARPHRD_FDDI 774 /* Fiber Distributed Data Interface */
107 | #define ARPHRD_BIF 775 /* AP1000 BIF */
108 | #define ARPHRD_SIT 776 /* sit0 device - IPv6-in-IPv4 */
109 | #define ARPHRD_IPDDP 777 /* IP over DDP tunneller */
110 | #define ARPHRD_IPGRE 778 /* GRE over IP */
111 | #define ARPHRD_PIMREG 779 /* PIMSM register interface */
112 | #define ARPHRD_HIPPI 780 /* High Performance Parallel Interface */
113 | #define ARPHRD_ASH 781 /* Nexus 64Mbps Ash */
114 | #define ARPHRD_ECONET 782 /* Acorn Econet */
115 | #define ARPHRD_IRDA 783 /* Linux-IrDA */
116 | /* ARP works differently on different FC media .. so */
117 | #define ARPHRD_FCPP 784 /* Point to point fibrechannel */
118 | #define ARPHRD_FCAL 785 /* Fibrechannel arbitrated loop */
119 | #define ARPHRD_FCPL 786 /* Fibrechannel public loop */
120 | #define ARPHRD_FCFABRIC 787 /* Fibrechannel fabric */
121 | /* 787->799 reserved for fibrechannel media types */
122 | #define ARPHRD_IEEE802_TR 800 /* Magic type ident for TR */
123 | #define ARPHRD_IEEE80211 801 /* IEEE 802.11 */
124 | #define ARPHRD_IEEE80211_PRISM 802 /* IEEE 802.11 + Prism2 header */
125 |
126 | #define ARPHRD_VOID 0xFFFF /* Void type, nothing is known */
127 |
128 | /* ARP protocol opcodes. */
129 | #define ARPOP_REQUEST 1 /* ARP request */
130 | #define ARPOP_REPLY 2 /* ARP reply */
131 | #define ARPOP_RREQUEST 3 /* RARP request */
132 | #define ARPOP_RREPLY 4 /* RARP reply */
133 |
134 | /* ICMP protocol */
135 | #define ICMP_ECHOREPLY 0 /* Echo Reply */
136 | #define ICMP_DEST_UNREACH 3 /* Destination Unreachable */
137 | #define ICMP_SOURCE_QUENCH 4 /* Source Quench */
138 | #define ICMP_REDIRECT 5 /* Redirect (change route) */
139 | #define ICMP_ECHO 8 /* Echo Request */
140 | #define ICMP_TIME_EXCEEDED 11 /* Time Exceeded */
141 | #define ICMP_PARAMETERPROB 12 /* Parameter Problem */
142 | #define ICMP_TIMESTAMP 13 /* Timestamp Request */
143 | #define ICMP_TIMESTAMPREPLY 14 /* Timestamp Reply */
144 | #define ICMP_INFO_REQUEST 15 /* Information Request */
145 | #define ICMP_INFO_REPLY 16 /* Information Reply */
146 | #define ICMP_ADDRESS 17 /* Address Mask Request */
147 | #define ICMP_ADDRESSREPLY 18 /* Address Mask Reply */
148 | #define NR_ICMP_TYPES 18
149 |
150 |
151 | /* Codes for UNREACH. */
152 | #define ICMP_NET_UNREACH 0 /* Network Unreachable */
153 | #define ICMP_HOST_UNREACH 1 /* Host Unreachable */
154 | #define ICMP_PROT_UNREACH 2 /* Protocol Unreachable */
155 | #define ICMP_PORT_UNREACH 3 /* Port Unreachable */
156 | #define ICMP_FRAG_NEEDED 4 /* Fragmentation Needed/DF set */
157 | #define ICMP_SR_FAILED 5 /* Source Route failed */
158 | #define ICMP_NET_UNKNOWN 6
159 | #define ICMP_HOST_UNKNOWN 7
160 | #define ICMP_HOST_ISOLATED 8
161 | #define ICMP_NET_ANO 9
162 | #define ICMP_HOST_ANO 10
163 | #define ICMP_NET_UNR_TOS 11
164 | #define ICMP_HOST_UNR_TOS 12
165 | #define ICMP_PKT_FILTERED 13 /* Packet filtered */
166 | #define ICMP_PREC_VIOLATION 14 /* Precedence violation */
167 | #define ICMP_PREC_CUTOFF 15 /* Precedence cut off */
168 | #define NR_ICMP_UNREACH 15 /* instead of hardcoding immediate value */
169 |
170 | /* Codes for REDIRECT. */
171 | #define ICMP_REDIR_NET 0 /* Redirect Net */
172 | #define ICMP_REDIR_HOST 1 /* Redirect Host */
173 | #define ICMP_REDIR_NETTOS 2 /* Redirect Net for TOS */
174 | #define ICMP_REDIR_HOSTTOS 3 /* Redirect Host for TOS */
175 |
176 | /* Codes for TIME_EXCEEDED. */
177 | #define ICMP_EXC_TTL 0 /* TTL count exceeded */
178 | #define ICMP_EXC_FRAGTIME 1 /* Fragment Reass time exceeded */
179 |
180 | #define ETHADDR_BROADCAST "\xFF\xFF\xFF\xFF\xFF\xFF"
181 | #define ETHADDR_BROADCAST2 "\x00\x00\x00\x00\x00\x00"
182 |
183 | #endif
184 |
--------------------------------------------------------------------------------
/share/netstd.h:
--------------------------------------------------------------------------------
1 | #ifndef _NETSTD_H
2 | #define _NETSTD_H 1
3 |
4 | #ifndef _NETDEF_H
5 | #include "netdef.h"
6 | #endif
7 |
8 | typedef unsigned char __u8;
9 | typedef unsigned short __u16;
10 | typedef unsigned long __u32;
11 |
12 | /*
13 | * This is an Ethernet frame header. (linux/if_ether.h)
14 | */
15 |
16 | struct ethhdr
17 | {
18 | unsigned char h_dest[ETH_ALEN]; /* destination eth addr */
19 | unsigned char h_source[ETH_ALEN]; /* source ether addr */
20 | unsigned short h_proto; /* packet type ID field */
21 | };
22 |
23 | /*
24 | * This structure defines an ethernet arp header.
25 | */
26 |
27 | struct arphdr
28 | {
29 | unsigned short ar_hrd; /* format of hardware address */
30 | unsigned short ar_pro; /* format of protocol address */
31 | unsigned char ar_hln; /* length of hardware address */
32 | unsigned char ar_pln; /* length of protocol address */
33 | unsigned short ar_op; /* ARP opcode (command) */
34 |
35 | #if 1
36 | /*
37 | * Ethernet looks like this : This bit is variable sized however...
38 | */
39 | unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */
40 | unsigned char ar_sip[4]; /* sender IP address */
41 | unsigned char ar_tha[ETH_ALEN]; /* target hardware address */
42 | unsigned char ar_tip[4]; /* target IP address */
43 | #endif
44 | };
45 |
46 | /* IP flags. */
47 | #define IP_CE 0x8000 /* Flag: "Congestion" */
48 | #define IP_DF 0x4000 /* Flag: "Don't Fragment" */
49 | #define IP_MF 0x2000 /* Flag: "More Fragments" */
50 | #define IP_OFFSET 0x1FFF /* "Fragment Offset" part */
51 |
52 | struct iphdr
53 | {
54 | #if defined(__LITTLE_ENDIAN_BITFIELD)
55 | __u8 ihl:4,
56 | version:4;
57 | #elif defined (__BIG_ENDIAN_BITFIELD)
58 | __u8 version:4,
59 | ihl:4;
60 | #else
61 | #error "No endian type defined"
62 | #endif
63 | __u8 tos;
64 | __u16 tot_len;
65 | __u16 id;
66 | __u16 frag_off; /* IP flags. */
67 | __u8 ttl;
68 | __u8 protocol;
69 | __u16 check;
70 | __u32 saddr;
71 | __u32 daddr;
72 | /*The options start here. */
73 | };
74 |
75 | /* (linux/tcp.h) */
76 | struct tcphdr
77 | {
78 | __u16 source;
79 | __u16 dest;
80 | __u32 seq;
81 | __u32 ack_seq;
82 | #if defined(__LITTLE_ENDIAN_BITFIELD)
83 | __u16 res1:4,
84 | doff:4,
85 | fin:1,
86 | syn:1,
87 | rst:1,
88 | psh:1,
89 | ack:1,
90 | urg:1,
91 | res2:2;
92 | #elif defined(__BIG_ENDIAN_BITFIELD)
93 | __u16 doff:4,
94 | res1:4,
95 | res2:2,
96 | urg:1,
97 | ack:1,
98 | psh:1,
99 | rst:1,
100 | syn:1,
101 | fin:1;
102 | #else
103 | #error "No endian type defined"
104 | #endif
105 | __u16 window;
106 | __u16 check;
107 | __u16 urg_ptr;
108 | };
109 |
110 | struct tcp /* BSD style */
111 | {
112 | __u16 th_sport; /* source port */
113 | __u16 th_dport; /* destination port */
114 | __u32 th_seq; /* sequence number */
115 | __u32 th_ack; /* acknowledgement number */
116 | #if defined(__LITTLE_ENDIAN_BITFIELD)
117 | __u8 th_x2:4; /* (unused) */
118 | __u8 th_off:4; /* data offset */
119 | #elif defined(__BIG_ENDIAN_BITFIELD)
120 | __u8 th_off:4; /* data offset */
121 | __u8 th_x2:4; /* (unused) */
122 | #else
123 | #error "No endian type defined"
124 | #endif
125 | __u8 th_flags;
126 | #define TH_FIN 0x01
127 | #define TH_SYN 0x02
128 | #define TH_RST 0x04
129 | #define TH_PUSH 0x08
130 | #define TH_ACK 0x10
131 | #define TH_URG 0x20
132 | __u16 th_win; /* window */
133 | __u16 th_sum; /* checksum */
134 | __u16 th_urp; /* urgent pointer */
135 | };
136 |
137 | struct pseudo_tcphdr
138 | {
139 | __u32 saddr, daddr;
140 | __u8 zero;
141 | __u8 ptcl; // protocol
142 | __u16 tcpl; // tcp length
143 | }; /* RFC 793 */
144 | /*
145 | The TCP Length is the TCP header length plus the data length in
146 | octets (this is not an explicitly transmitted quantity, but is
147 | computed), and it does not count the 12 octets of the pseudo header.
148 | */
149 |
150 | /* (linux/udp.h) */
151 | struct udphdr
152 | {
153 | __u16 source;
154 | __u16 dest;
155 | __u16 len;
156 | __u16 check;
157 | }; /* RFC 768 */
158 |
159 | /* (linux/icmp.h) */
160 | /*
161 | struct icmphdr
162 | {
163 | __u8 type;
164 | __u8 code;
165 | __u16 checksum;
166 | union
167 | {
168 | struct
169 | {
170 | __u16 id;
171 | __u16 sequence;
172 | } echo;
173 | __u32 gateway;
174 | struct
175 | {
176 | __u16 __unused;
177 | __u16 mtu;
178 | } frag;
179 | } un;
180 | };
181 | */
182 |
183 | struct icmphdr
184 | {
185 | __u8 type;
186 | __u8 code;
187 | __u16 checksum;
188 | union
189 | {
190 | struct
191 | {
192 | __u16 id;
193 | __u16 sequence;
194 | };
195 | __u32 gateway;
196 | struct
197 | {
198 | __u16 __unused;
199 | __u16 mtu;
200 | };
201 | };
202 | };
203 |
204 | #define NIPQUAD(ip) ((ip)&0xff), (((ip)>>8)&0xff), (((ip)>>16)&0xff), (((ip)>>24)&0xff)
205 |
206 | #define ___swab16(x) \
207 | ((__u16)( \
208 | (((__u16)(x) & (__u16)0x00ffU) << 8) | \
209 | (((__u16)(x) & (__u16)0xff00U) >> 8) ))
210 | #define ___swab32(x) \
211 | ((__u32)( \
212 | (((__u32)(x) & (__u32)0x000000ffUL) << 24) | \
213 | (((__u32)(x) & (__u32)0x0000ff00UL) << 8) | \
214 | (((__u32)(x) & (__u32)0x00ff0000UL) >> 8) | \
215 | (((__u32)(x) & (__u32)0xff000000UL) >> 24) ))
216 | #define ___swab64(x) \
217 | ((__u64)( \
218 | (__u64)(((__u64)(x) & (__u64)0x00000000000000ffULL) << 56) | \
219 | (__u64)(((__u64)(x) & (__u64)0x000000000000ff00ULL) << 40) | \
220 | (__u64)(((__u64)(x) & (__u64)0x0000000000ff0000ULL) << 24) | \
221 | (__u64)(((__u64)(x) & (__u64)0x00000000ff000000ULL) << 8) | \
222 | (__u64)(((__u64)(x) & (__u64)0x000000ff00000000ULL) >> 8) | \
223 | (__u64)(((__u64)(x) & (__u64)0x0000ff0000000000ULL) >> 24) | \
224 | (__u64)(((__u64)(x) & (__u64)0x00ff000000000000ULL) >> 40) | \
225 | (__u64)(((__u64)(x) & (__u64)0xff00000000000000ULL) >> 56) ))
226 |
227 | #if defined(__LITTLE_ENDIAN_BITFIELD)
228 | #define __constant_htonl(x) ___swab32((x))
229 | #define __constant_ntohl(x) ___swab32((x))
230 | #define __constant_htons(x) ___swab16((x))
231 | #define __constant_ntohs(x) ___swab16((x))
232 | #elif defined(__BIG_ENDIAN_BITFIELD)
233 | #define __constant_htonl(x) ((__u32)(x))
234 | #define __constant_ntohl(x) ((__u32)(x))
235 | #define __constant_htons(x) ((__u16)(x))
236 | #define __constant_ntohs(x) ((__u16)(x))
237 | #else
238 | #error "No endian type defines"
239 | #endif
240 |
241 | #define _htonl(x) __constant_htonl(x)
242 | #define _ntohl(x) __constant_ntohl(x)
243 | #define _htons(x) __constant_htons(x)
244 | #define _ntohs(x) __constant_ntohs(x)
245 |
246 | #endif
247 |
--------------------------------------------------------------------------------