加载驱动的步骤

FU_rootkit中的就很好,用的时候就吧驱动加进去,通过创建服务,再次调用的时候也没问题,,,开始的时候自己弄的不对,把创建的过程贴整理出来,把FU_rootkit中的相关的文件也带上 //创建服务,加载驱动 GetCurrentDirectory(1024,currentdir); sprintf(pAth,"%s//%s",currentdir,"hideprocess.sys"); hSCMAnAger = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS); //remove old instAnces hSCHAndle = OpenService(hSCMAnAger, "hideprocess.sys", SERVICE_ALL_ACCESS ); if (hSCHAndle == NULL){ //throw } DeleteService(hSCHAndle); CloseServiceHandle(hSCHAndle); //ignore success of instAllAtion:it mAy AlreAdy be instAlled hSCHAndle = CreateService(hSCMAnAger, "hideprocess.sys", "hideprocess.sys", SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, pAth, NULL, NULL, NULL, NULL, NULL ); if (hSCHAndle == NULL){ //throw } CloseServiceHandle(hSCHAndle); //ignore success of stArt: it mAy ALreAdy be stAarted hSCHAndle = OpenService(hSCMAnAger, "hideprocess.sys", SERVICE_ALL_ACCESS ); if (hSCHAndle == NULL){ //throw } StartService(hSCHAndle,0,NULL); CloseServiceHandle(hSCHAndle); //do mAke sure we cAn open it. hAndle = CreateFile(".//utyDriver", GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL ); if (hAndle == ((HANDLE)-1)){ //throw } CloseServiceHandle(hSCMAnAger); 过程就是这样, instdrv.cpp /// // Filename Instdrv.cpp // // Author: Sysinternals who adapted it from Microsoft's DDK then stolen by Fuzen. // No really, buy Mark Russinovich's book because he rocks. // // Date: 5/27/2003 // Version: 1.0 #include #include #include #include BOOL LoadDeviceDriver( const char * Name, const char * Path, HANDLE * lphDevice, PDWORD Error ); BOOL UnloadDeviceDriver( const char * Name ); BOOL InstallDriver( IN SC_HANDLE, IN LPCTSTR, IN LPCTSTR); BOOL StartDriver( IN SC_HANDLE, IN LPCTSTR); BOOL OpenDevice( IN LPCTSTR, HANDLE *); BOOL StopDriver( IN SC_HANDLE, IN LPCTSTR); BOOL RemoveDriver( IN SC_HANDLE, IN LPCTSTR); /**************************************************************************** * * FUNCTION: InstallDriver( IN SC_HANDLE, IN LPCTSTR, IN LPCTSTR) * * PURPOSE: Creates a driver service. * ****************************************************************************/ BOOL InstallDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName, IN LPCTSTR ServiceExe ) { SC_HANDLE schService; // // NOTE: This creates an entry for a standalone driver. If this // is modified for use with a driver that requires a Tag, // Group, and/or Dependencies, it may be necessary to // query the registry for existing driver information // (in order to determine a unique Tag, etc.). // schService = CreateService( SchSCManager, // SCManager database DriverName, // name of service DriverName, // name to display SERVICE_ALL_ACCESS, // desired access SERVICE_KERNEL_DRIVER, // service type SERVICE_DEMAND_START, // start type SERVICE_ERROR_NORMAL, // error control type ServiceExe, // service's binary NULL, // no load ordering group NULL, // no tag identifier NULL, // no dependencies NULL, // LocalSystem account NULL // no password ); if ( schService == NULL ) return FALSE; CloseServiceHandle( schService ); return TRUE; } /**************************************************************************** * * FUNCTION: StartDriver( IN SC_HANDLE, IN LPCTSTR) * * PURPOSE: Starts the driver service. * ****************************************************************************/ BOOL StartDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName ) { SC_HANDLE schService; BOOL ret; schService = OpenService( SchSCManager, DriverName, SERVICE_ALL_ACCESS ); if ( schService == NULL ) return FALSE; ret = StartService( schService, 0, NULL ) || GetLastError() == ERROR_SERVICE_ALREADY_RUNNING || GetLastError() == ERROR_SERVICE_DISABLED; CloseServiceHandle( schService ); return ret; } /**************************************************************************** * * FUNCTION: OpenDevice( IN LPCTSTR, HANDLE *) * * PURPOSE: Opens the device and returns a handle if desired. * ****************************************************************************/ BOOL OpenDevice( IN LPCTSTR DriverName, HANDLE * lphDevice ) { TCHAR completeDeviceName[64]; HANDLE hDevice; // // Create a //./XXX device name that CreateFile can use // // NOTE: We're making an assumption here that the driver // has created a symbolic link using it's own name // (i.e. if the driver has the name "XXX" we assume // that it used IoCreateSymbolicLink to create a // symbolic link "/DosDevices/XXX". Usually, there // is this understanding between related apps/drivers. // // An application might also peruse the DEVICEMAP // section of the registry, or use the QueryDosDevice // API to enumerate the existing symbolic links in the // system. // if( (GetVersion() & 0xFF) >= 5 ) { // // We reference the global name so that the application can // be executed in Terminal Services sessions on Win2K // wsprintf( completeDeviceName, TEXT(".//Global//%s"), DriverName ); } else { wsprintf( completeDeviceName, TEXT(".//%s"), DriverName ); } hDevice = CreateFile( completeDeviceName, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL ); if ( hDevice == ((HANDLE)-1) ) return FALSE; // If user wants handle, give it to them. Otherwise, just close it. if ( lphDevice ) *lphDevice = hDevice; else CloseHandle( hDevice ); return TRUE; } /**************************************************************************** * * FUNCTION: StopDriver( IN SC_HANDLE, IN LPCTSTR) * * PURPOSE: Has the configuration manager stop the driver (unload it) * ****************************************************************************/ BOOL StopDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName ) { SC_HANDLE schService; BOOL ret; SERVICE_STATUS serviceStatus; schService = OpenService( SchSCManager, DriverName, SERVICE_ALL_ACCESS ); if ( schService == NULL ) return FALSE; ret = ControlService( schService, SERVICE_CONTROL_STOP, &serviceStatus ); CloseServiceHandle( schService ); return ret; } /**************************************************************************** * * FUNCTION: RemoveDriver( IN SC_HANDLE, IN LPCTSTR) * * PURPOSE: Deletes the driver service. * ****************************************************************************/ BOOL RemoveDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName ) { SC_HANDLE schService; BOOL ret; schService = OpenService( SchSCManager, DriverName, SERVICE_ALL_ACCESS ); if ( schService == NULL ) return FALSE; ret = DeleteService( schService ); CloseServiceHandle( schService ); return ret; } /**************************************************************************** * * FUNCTION: UnloadDeviceDriver( const TCHAR *) * * PURPOSE: Stops the driver and has the configuration manager unload it. * ****************************************************************************/ BOOL UnloadDeviceDriver( const TCHAR * Name ) { SC_HANDLE schSCManager; schSCManager = OpenSCManager( NULL, // machine (NULL == local) NULL, // database (NULL == default) SC_MANAGER_ALL_ACCESS // access required ); StopDriver( schSCManager, Name ); RemoveDriver( schSCManager, Name ); CloseServiceHandle( schSCManager ); return TRUE; } /**************************************************************************** * * FUNCTION: LoadDeviceDriver( const TCHAR, const TCHAR, HANDLE *) * * PURPOSE: Registers a driver with the system configuration manager * and then loads it. * ****************************************************************************/ BOOL LoadDeviceDriver( const TCHAR * Name, const TCHAR * Path, HANDLE * lphDevice, PDWORD Error ) { SC_HANDLE schSCManager; BOOL okay; schSCManager = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS ); // Remove old instances RemoveDriver( schSCManager, Name ); // Ignore success of installation: it may already be installed. InstallDriver( schSCManager, Name, Path ); // Ignore success of start: it may already be started. StartDriver( schSCManager, Name ); // Do make sure we can open it. okay = OpenDevice( Name, lphDevice ); *Error = GetLastError(); CloseServiceHandle( schSCManager ); return okay; }