09-28-2011، 06:15 PM
در سورس زیر یک کرم میبینید که با سی پلاس پلاس نوشته شده است این کرم باری خودش درایور هم نصب میکند.
چیز جالبیه
چیز جالبیه
کد:
#include <windows.h>
#include <iostream>
using namespace std;
bool LoadDriver(char *DriverName, char *drivePath);
bool StopDriver(char *DriverName);
bool StartDriver(char *DriverName);
bool unLoadDriver(char *DriverName);
bool IfFileExists(char *filepath);
int main( int argc, const char* argv[])
{
if(!argv[1])
{
cout << "Format: program.exe -p process" << endl <<
"\tprogram.exe -start Driver Name" << endl <<
"\tprogram.exe -stop Driver Name" << endl <<
"\tprogram.exe -unload Driver Name" << endl <<
"\tprogram.exe -load Name Path-to-sys-file" << endl;
return 0;
}
if(!strcmp(argv[1], "-start"))
{
if(!argv[2])
{
cout << "Format: program.exe -start Driver Name";
return 0;
}
StartDriver((CHAR*)argv[2]);
return 0;
}
else if(!strcmp(argv[1], "-stop"))
{
if(!argv[2])
{
cout << "Format: program.exe -stop Driver Name";
return 0;
}
StopDriver((CHAR*)argv[2]);
return 0;
}
else if(!strcmp(argv[1], "-unload"))
{
if(!argv[2])
{
cout << "Format: program.exe -unload Driver Name";
return 0;
}
unLoadDriver((CHAR*)argv[2]);
return 0;
}
else if(!strcmp(argv[1], "-load"))
{
if(!argv[2])
{
cout << "Format: program.exe -load Name Path-to-sys-file" << endl;
return 0;
}
LoadDriver((CHAR*)argv[2], (CHAR*)argv[3]);
return 0;
}
return 0;
}
/*
int main()
{
// StartDriver("rootkit");
// StopDriver("rootkit");
// unLoadDriver("rootkit");
// LoadDriver("rootkit", "D:\\C++\\RootKitLoaderUtil\\rootkit.sys");
return 0;
} */
bool LoadDriver(char *DriverName, char *drivePath)
{
if(IfFileExists(drivePath)==FALSE)
{
cout << "Bad file path";
return 0;
}
DWORD error = NULL;
SC_HANDLE SCManager;
SC_HANDLE Service;
SCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
cout << "Loading service: " << DriverName << " at " << drivePath << endl;
Service = CreateService(SCManager, DriverName, DriverName, SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, drivePath, NULL, NULL, NULL, NULL, NULL);
error = GetLastError();
if(error == 1073)
{
cout << "Service already exists with that name";
CloseServiceHandle(Service);
CloseServiceHandle(SCManager);
return NULL;
}
if(error>0)
{
cout << "Error: " << error << endl;
CloseServiceHandle(SCManager);
CloseServiceHandle(Service);
return NULL;
}
if(!Service)
{
if(error == ERROR_SERVICE_EXISTS)
{
cout << "Service exists with that name already.";
CloseServiceHandle(SCManager);
CloseServiceHandle(Service);
return NULL;
}
else
{
CloseServiceHandle(SCManager);
CloseServiceHandle(Service);
cout << "Error: " << error;
return NULL;
}
}
CloseServiceHandle(SCManager);
CloseServiceHandle(Service);
return NULL;
}
bool StopDriver(char *DriverName)
{
SC_HANDLE SCManager;
SC_HANDLE Service;
SERVICE_STATUS proc;
DWORD error = NULL;
//ZeroMemory(proc, sizeof(SERVICE_STATUS_PROCESS));
SCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
Service = OpenService(SCManager, DriverName, SERVICE_ALL_ACCESS);
error = GetLastError();
if(error == 1060)
{
cout << "No service found by name";
CloseServiceHandle(SCManager);
CloseServiceHandle(Service);
return TRUE;
}
if(error>0)
{
cout << "Error: " << error << endl;
CloseServiceHandle(SCManager);
CloseServiceHandle(Service);
return NULL;
}
ControlService(Service, SERVICE_CONTROL_STOP, &proc);
error = GetLastError();
if(error>0)
{
cout << "Error: " << error << endl;
CloseServiceHandle(SCManager);
CloseServiceHandle(Service);
return NULL;
}
CloseServiceHandle(SCManager);
CloseServiceHandle(Service);
return FALSE;
}
bool StartDriver(char *DriverName)
{
SC_HANDLE SCManager;
SC_HANDLE Service;
DWORD error = NULL;
SCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
Service = OpenService(SCManager, DriverName, SERVICE_ALL_ACCESS);
error = GetLastError();
if(error == 1060)
{
cout << "No service found by name";
CloseServiceHandle(SCManager);
CloseServiceHandle(Service);
return NULL;
}
if(error>0)
{
cout << "Error: " << error << endl;
CloseServiceHandle(SCManager);
CloseServiceHandle(Service);
return NULL;
}
StartService(Service, 0, NULL);
error = GetLastError();
if(error>0)
{
cout << "Error: " << error << endl;
CloseServiceHandle(SCManager);
CloseServiceHandle(Service);
return NULL;
}
if(error == ERROR_SERVICE_ALREADY_RUNNING)
{
cout << "Service already running";
CloseServiceHandle(SCManager);
CloseServiceHandle(Service);
return NULL;
}
CloseServiceHandle(SCManager);
CloseServiceHandle(Service);
return NULL;
}
bool unLoadDriver(char *DriverName)
{
bool status = StopDriver(DriverName);
if(status == TRUE)
{
return NULL;
}
SC_HANDLE SCManager;
SC_HANDLE Service;
DWORD error = NULL;
SCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
Service = OpenService(SCManager, DriverName, DELETE);
error = GetLastError();
if(error>0)
{
cout << "Error: " << error << endl;
CloseServiceHandle(SCManager);
CloseServiceHandle(Service);
return NULL;
}
DeleteService(Service);
error = GetLastError();
if(error>0)
{
cout << "Error: " << error << endl;
CloseServiceHandle(SCManager);
CloseServiceHandle(Service);
return NULL;
}
CloseServiceHandle(SCManager);
CloseServiceHandle(Service);
return NULL;
}
bool IfFileExists(char *filepath)
{
FILE *file;
file=fopen(filepath, "r");
if(file==NULL)
{
return FALSE;
}
fclose(file);
return