mirror of
https://github.com/JKornev/hidden
synced 2024-06-16 03:58:04 +00:00
Added tests for ps protection\exclusion
This commit is contained in:
parent
98014e750e
commit
127c0b9c86
@ -461,14 +461,12 @@ void do_psmon_prot_tests(HidContext context)
|
||||
//TODO:
|
||||
// test 1: create proc, protect, check, unprotect
|
||||
|
||||
wcout << L"Test 1: create process, protect, check, unprotect" << endl;
|
||||
wcout << L"Test 1: attach, test, detach protection" << endl;
|
||||
|
||||
memset(&si, 0, sizeof(si));
|
||||
memset(&pi, 0, sizeof(pi));
|
||||
si.cb = sizeof(si);
|
||||
|
||||
wcout << L"step" << 1 << endl;
|
||||
|
||||
hid_status = Hid_GetProtectedState(context, GetCurrentProcessId(), &state, &inheritType);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
{
|
||||
@ -482,7 +480,6 @@ void do_psmon_prot_tests(HidContext context)
|
||||
throw exception();
|
||||
}
|
||||
|
||||
wcout << L"step" << 2 << endl;
|
||||
hid_status = Hid_AttachProtectedState(context, GetCurrentProcessId(), HidPsInheritTypes::WithoutInherit);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
{
|
||||
@ -503,34 +500,6 @@ void do_psmon_prot_tests(HidContext context)
|
||||
throw exception();
|
||||
}
|
||||
|
||||
wcout << L"step" << 3 << endl;
|
||||
hid_status = Hid_AddProtectedImage(context, path, HidPsInheritTypes::WithoutInherit, &objId[1]);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
{
|
||||
wcout << L"Error, can't protect image, code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
wcout << L"step" << 3 << endl;
|
||||
//hid_status = Hid_AttachProtectedState(context, 420, HidPsInheritTypes::WithoutInherit);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
{
|
||||
wcout << L"Error, can't protect csrss image, code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
|
||||
wcout << L"step" << 4 << endl;
|
||||
if (!CreateProcessW(NULL, path, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi))
|
||||
{
|
||||
error_code = GetLastError();
|
||||
wcout << L"Error, CreateProcessW() failed with code: " << error_code << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
wcout << L"step" << 5 << endl;
|
||||
CloseHandle(pi.hThread);
|
||||
|
||||
hid_status = Hid_RemoveProtectedState(context, GetCurrentProcessId());
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
{
|
||||
@ -538,7 +507,46 @@ void do_psmon_prot_tests(HidContext context)
|
||||
throw exception();
|
||||
}
|
||||
|
||||
wcout << L"step" << 6 << endl;
|
||||
hid_status = Hid_GetProtectedState(context, GetCurrentProcessId(), &state, &inheritType);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
{
|
||||
wcout << L"Error, can't get self state, code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
if (state != HidActiveState::StateDisabled)
|
||||
{
|
||||
wcout << L"Error, state isn't StateDisabled, state: " << state << " " << inheritType << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
wcout << L" successful!" << endl;
|
||||
|
||||
wcout << L"Test 2: create process, protect, check, unprotect" << endl;
|
||||
|
||||
hid_status = Hid_AddProtectedImage(context, path, HidPsInheritTypes::WithoutInherit, &objId[1]);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
{
|
||||
wcout << L"Error, can't protect image, code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
if (!CreateProcessW(NULL, path, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi))
|
||||
{
|
||||
error_code = GetLastError();
|
||||
wcout << L"Error, CreateProcessW() failed with code: " << error_code << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
CloseHandle(pi.hThread);
|
||||
|
||||
if (!VirtualAllocEx(pi.hProcess, 0, 0x1000, MEM_COMMIT, PAGE_EXECUTE_READWRITE))
|
||||
{
|
||||
error_code = GetLastError();
|
||||
wcout << L"Error, VirtualAllocEx() failed with code: " << error_code << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
hproc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pi.dwProcessId);
|
||||
if (!hproc)
|
||||
{
|
||||
@ -547,7 +555,6 @@ void do_psmon_prot_tests(HidContext context)
|
||||
throw exception();
|
||||
}
|
||||
|
||||
wcout << L"step" << 7 << endl;
|
||||
if (VirtualAllocEx(hproc, 0, 0x1000, MEM_COMMIT, PAGE_EXECUTE_READWRITE))
|
||||
{
|
||||
wcout << L"Error, process protection doesn't work" << endl;
|
||||
@ -557,7 +564,31 @@ void do_psmon_prot_tests(HidContext context)
|
||||
CloseHandle(hproc);
|
||||
hproc = 0;
|
||||
|
||||
wcout << L"step" << 8 << endl;
|
||||
hid_status = Hid_AttachProtectedState(context, GetCurrentProcessId(), HidPsInheritTypes::WithoutInherit);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
{
|
||||
wcout << L"Error, can't protect self image, code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
hproc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pi.dwProcessId);
|
||||
if (!hproc)
|
||||
{
|
||||
error_code = GetLastError();
|
||||
wcout << L"Error, OpenProcess() failed with code: " << error_code << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
if (!VirtualAllocEx(hproc, 0, 0x1000, MEM_COMMIT, PAGE_EXECUTE_READWRITE))
|
||||
{
|
||||
error_code = GetLastError();
|
||||
wcout << L"Error, VirtualAllocEx() failed with code: " << error_code << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
CloseHandle(hproc);
|
||||
hproc = 0;
|
||||
|
||||
hid_status = Hid_RemoveProtectedImage(context, objId[1]);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
{
|
||||
@ -592,7 +623,6 @@ void do_psmon_prot_tests(HidContext context)
|
||||
|
||||
wcout << L" successful!" << endl;
|
||||
|
||||
|
||||
}
|
||||
catch (exception&)
|
||||
{
|
||||
@ -608,12 +638,17 @@ void do_psmon_prot_tests(HidContext context)
|
||||
TerminateProcess(pi.hProcess, 0);
|
||||
}
|
||||
|
||||
Hid_RemoveProtectedState(context, GetCurrentProcessId());
|
||||
Hid_RemoveAllProtectedImages(context);
|
||||
}
|
||||
|
||||
void do_psmon_excl_tests(HidContext context)
|
||||
{
|
||||
//HidStatus hid_status;
|
||||
HidStatus hid_status;
|
||||
wstring file_path;
|
||||
HidObjId objId[3];
|
||||
HidActiveState state;
|
||||
HidPsInheritTypes inheritType;
|
||||
|
||||
wcout << L"--------------------------------" << endl;
|
||||
wcout << L"Process monitor excl tests result:" << endl;
|
||||
@ -621,14 +656,103 @@ void do_psmon_excl_tests(HidContext context)
|
||||
|
||||
try
|
||||
{
|
||||
wcout << L"Test 1: hide file, add excluded process, check file" << endl;
|
||||
|
||||
gen_temp_path(file_path);
|
||||
|
||||
CHandle hfile(
|
||||
::CreateFileW(
|
||||
file_path.c_str(),
|
||||
FILE_READ_ACCESS | FILE_WRITE_ACCESS,
|
||||
FILE_SHARE_READ | FILE_SHARE_WRITE,
|
||||
NULL,
|
||||
CREATE_ALWAYS,
|
||||
FILE_FLAG_DELETE_ON_CLOSE,
|
||||
NULL
|
||||
)
|
||||
);
|
||||
if (hfile.get() == INVALID_HANDLE_VALUE)
|
||||
{
|
||||
wcout << L"Error, CreateFileW() failed with code: " << hfile.error() << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
hid_status = Hid_AddHiddenFile(context, file_path.c_str(), &objId[0]);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
{
|
||||
wcout << L"Error, Hid_AddHiddenFile() failed with code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
if (::GetFileAttributesW(file_path.c_str()) != INVALID_FILE_ATTRIBUTES)
|
||||
{
|
||||
wcout << L"Error, hidden file has been found" << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
hid_status = Hid_GetExcludedState(context, GetCurrentProcessId(), &state, &inheritType);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
{
|
||||
wcout << L"Error, can't get self state, code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
if (state != HidActiveState::StateDisabled)
|
||||
{
|
||||
wcout << L"Error, state isn't StateDisabled, state: " << state << " " << inheritType << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
hid_status = Hid_AttachExcludedState(context, GetCurrentProcessId(), HidPsInheritTypes::WithoutInherit);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
{
|
||||
wcout << L"Error, can't exclude self image, code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
hid_status = Hid_GetExcludedState(context, GetCurrentProcessId(), &state, &inheritType);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
{
|
||||
wcout << L"Error, can't get self state, code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
if (state != HidActiveState::StateEnabled)
|
||||
{
|
||||
wcout << L"Error, state isn't StateEnabled, state: " << state << " " << inheritType << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
if (::GetFileAttributesW(file_path.c_str()) == INVALID_FILE_ATTRIBUTES)
|
||||
{
|
||||
wcout << L"Error, can't find hidden file" << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
hid_status = Hid_RemoveExcludedState(context, GetCurrentProcessId());
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
{
|
||||
wcout << L"Error, can't remove exclude state from self image, code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
if (::GetFileAttributesW(file_path.c_str()) != INVALID_FILE_ATTRIBUTES)
|
||||
{
|
||||
wcout << L"Error, hidden file has been found" << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
wcout << L" successful!" << endl;
|
||||
|
||||
//TODO: add tests for other API
|
||||
}
|
||||
catch (exception&)
|
||||
{
|
||||
wcout << L" failed!" << endl;
|
||||
}
|
||||
|
||||
|
||||
Hid_RemoveAllHiddenFiles(context);
|
||||
Hid_RemoveAllExcludedImages(context);
|
||||
}
|
||||
|
||||
int wmain(int argc, wchar_t* argv[])
|
||||
@ -642,7 +766,7 @@ int wmain(int argc, wchar_t* argv[])
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
{
|
||||
cout << "Error, HiddenLib initialization failed with code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
// return 1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
do_fsmon_tests(hid_context);
|
||||
@ -650,7 +774,7 @@ int wmain(int argc, wchar_t* argv[])
|
||||
do_psmon_prot_tests(hid_context);
|
||||
do_psmon_excl_tests(hid_context);
|
||||
|
||||
//Hid_Destroy(hid_context);
|
||||
Hid_Destroy(hid_context);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user