mirror of
https://github.com/JKornev/hidden
synced 2024-06-16 12:08:05 +00:00
Fixed issue with avoiding parent process checking and etc
This commit is contained in:
parent
fbbb57c346
commit
146af98691
@ -285,7 +285,7 @@ VOID CreateProcessNotifyCallback(PEPROCESS Process, HANDLE ProcessId, PPS_CREATE
|
||||
return;
|
||||
}
|
||||
|
||||
CheckProcessFlags(&entry, &normalized, CreateInfo->ParentProcessId);
|
||||
CheckProcessFlags(&entry, &normalized, PsGetCurrentProcessId()/*CreateInfo->ParentProcessId*/);
|
||||
|
||||
if (entry.excluded)
|
||||
DbgPrint("FsFilter1!" __FUNCTION__ ": excluded process:%d\n", ProcessId);
|
||||
|
@ -17,6 +17,9 @@ Connection::Connection(Arguments& args) :
|
||||
args.SwitchToNext();
|
||||
if (!args.GetNext(m_deviceName))
|
||||
throw WException(-2, L"Error, mismatched argument for command 'gate'");
|
||||
|
||||
if (m_deviceName.compare(0, 1, L"\\") != 0)
|
||||
m_deviceName.insert(0, L"\\\\.\\");
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -7,6 +7,77 @@
|
||||
|
||||
using namespace std;
|
||||
|
||||
bool PrintUsage(Arguments& args)
|
||||
{
|
||||
wstring command;
|
||||
|
||||
if (!args.Probe(command))
|
||||
return false;
|
||||
|
||||
if (command != L"/help" && command != L"/?")
|
||||
return false;
|
||||
|
||||
wchar_t message[] =
|
||||
L"hiddencli [connection] <command>\n"
|
||||
L"hiddencli /help\n"
|
||||
L"\n"
|
||||
L"connection:\n"
|
||||
L"\n"
|
||||
L" gate <%name%>\n"
|
||||
L" Set specific connection gate name (driver device name)\n"
|
||||
L"\n"
|
||||
L"commands:\n"
|
||||
L"\n"
|
||||
L" state <on|off>\n"
|
||||
//L" Enable or disable hidden\n"
|
||||
L" Doesn't implemented yet\n"
|
||||
L"\n"
|
||||
L" hide <file|dir|regval|regkey> <%path%>\n"
|
||||
L" Hide filesystem or registry object by path\n"
|
||||
L"\n"
|
||||
L" unhide <file|dir|regval|regkey> all\n"
|
||||
L" Unhide all filesystem or registry object by selected type\n"
|
||||
L"\n"
|
||||
L" unhide <file|dir|regval|regkey> <%ruleid%>\n"
|
||||
L" Unhide all filesystem or registry object by selected type and rule ID\n"
|
||||
L"\n"
|
||||
L" ignore image [inherit:<none|always|once>] [apply:<fornew|forall>] <%path%>\n"
|
||||
L" Set rule that allows to see hidden filesystem and registry objects for processes with specific image path\n"
|
||||
L"\n"
|
||||
L" unignore <%ruleid%>\n"
|
||||
L" Remove rule that allows to see hidden filesystem and registry objects by rule ID\n"
|
||||
L"\n"
|
||||
L" unignore all\n"
|
||||
L" Remove all rules that allow to see hidden filesystem and registry objects\n"
|
||||
L"\n"
|
||||
L" ignore pid [inherit:<none|always|once>] <%pid%>\n"
|
||||
L" Turn on abillity to see hidden filesystem and registry objects for specific process by PID\n"
|
||||
L"\n"
|
||||
L" unignore pid <%pid%>\n"
|
||||
L" Turn off abillity to see hidden filesystem and registry objects for specific process by PID\n"
|
||||
L"\n"
|
||||
L" protect image [inherit:<none|always|once>] [apply:<fornew|forall>] <%path%>\n"
|
||||
L" Set rule that allows to enable process protection for processes with specific image path\n"
|
||||
L"\n"
|
||||
L" unprotect <%ruleid%>\n"
|
||||
L" Remove rule that enables process protection by rule ID\n"
|
||||
L"\n"
|
||||
L" unprotect all\n"
|
||||
L" Remove all rules that enable process protection\n"
|
||||
L"\n"
|
||||
L" protect pid [inherit:<none|always|once>] <%pid%>\n"
|
||||
L" Turn on protection for specific process by PID\n"
|
||||
L"\n"
|
||||
L" unprotect pid <%pid%>\n"
|
||||
L" Turn off protection for specific process by PID\n"
|
||||
L"\n"
|
||||
L" query process <%pid%>\n"
|
||||
L" Query information about state of the process by PID\n";
|
||||
|
||||
wcout << message << endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
int wmain(int argc, wchar_t* argv[])
|
||||
{
|
||||
try
|
||||
@ -20,6 +91,7 @@ int wmain(int argc, wchar_t* argv[])
|
||||
L"Welcome to HiddenCLI, please use 'hiddencli /help'"
|
||||
);
|
||||
|
||||
if (!PrintUsage(arguments))
|
||||
{
|
||||
Commands commands(arguments);
|
||||
|
||||
|
@ -79,7 +79,7 @@ void CommandHide::PerformCommand(Connection& connection)
|
||||
throw WException(HID_STATUS_CODE(status), L"Error, command 'hide' rejected");
|
||||
|
||||
wcerr << L"Command 'hide' successful" << endl;
|
||||
wcout << L"status:ok;objid:" << objId << endl;
|
||||
wcout << L"status:ok;ruleid:" << objId << endl;
|
||||
}
|
||||
|
||||
// =================
|
||||
|
@ -83,7 +83,7 @@ void CommandIgnore::PerformCommand(Connection& connection)
|
||||
if (m_procType == EProcTypes::TypeProcessId)
|
||||
wcout << L"status:ok" << endl;
|
||||
else
|
||||
wcout << L"status:ok;objid:" << objId << endl;
|
||||
wcout << L"status:ok;ruleid:" << objId << endl;
|
||||
}
|
||||
|
||||
// =================
|
||||
|
@ -83,7 +83,7 @@ void CommandProtect::PerformCommand(Connection& connection)
|
||||
if (m_procType == EProcTypes::TypeProcessId)
|
||||
wcout << L"status:ok" << endl;
|
||||
else
|
||||
wcout << L"status:ok;objid:" << objId << endl;
|
||||
wcout << L"status:ok;ruleid:" << objId << endl;
|
||||
}
|
||||
|
||||
// =================
|
||||
|
@ -1,5 +1,6 @@
|
||||
|
||||
hiddencli [connection] <command>
|
||||
hiddencli /help
|
||||
|
||||
connection:
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user