mirror of
https://github.com/JKornev/hidden
synced 2024-06-16 03:58:04 +00:00
Added new process exclusion tests
This commit is contained in:
parent
127c0b9c86
commit
6b0777c4de
@ -96,7 +96,7 @@ OB_PREOP_CALLBACK_STATUS ProcessPreCallback(PVOID RegistrationContext, POB_PRE_O
|
||||
|
||||
if (!CheckProtectedOperation(PsGetCurrentProcessId(), PsGetProcessId(OperationInformation->Object)))
|
||||
{
|
||||
DbgPrint("FsFilter1!" __FUNCTION__ ": !!!!! allow protected process %d\n", PsGetCurrentProcessId());
|
||||
//DbgPrint("FsFilter1!" __FUNCTION__ ": !!!!! allow protected process %d\n", PsGetCurrentProcessId());
|
||||
return OB_PREOP_SUCCESS;
|
||||
}
|
||||
|
||||
@ -125,7 +125,7 @@ OB_PREOP_CALLBACK_STATUS ThreadPreCallback(PVOID RegistrationContext, POB_PRE_OP
|
||||
|
||||
if (!CheckProtectedOperation(PsGetCurrentProcessId(), PsGetProcessId(OperationInformation->Object)))
|
||||
{
|
||||
DbgPrint("FsFilter1!" __FUNCTION__ ": !!!!! allow protected thread %d\n", PsGetCurrentProcessId());
|
||||
//DbgPrint("FsFilter1!" __FUNCTION__ ": !!!!! allow protected thread %d\n", PsGetCurrentProcessId());
|
||||
return OB_PREOP_SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -20,7 +20,8 @@
|
||||
- Реализовать тесты в проекте HiddenTest
|
||||
+ FS monitor
|
||||
+ Reg filter
|
||||
- Ps filter
|
||||
+ Ps filter
|
||||
+ Добавить код тестирования для add\remove excluded image
|
||||
+ Добавить в Reg filter поддержку всех возможных операций над value
|
||||
+ set value
|
||||
+ delete value
|
||||
@ -38,10 +39,10 @@
|
||||
+ Реализовать все ф-и Ps monitor
|
||||
+ Добавить в библиотеку поддержку get\set state
|
||||
+ Решить проблему с protected (возможно разрешить создавать такие процессы только из protected\system)
|
||||
- Реализовать IOCTL протокол управления
|
||||
+ Реализовать IOCTL протокол управления
|
||||
+ Реализовать usermode библиотеку для работы с IOCTL API
|
||||
- Реализовать программу управления драйвером, средствами IOCTL API
|
||||
+ Слинковать с IOCTL API lib
|
||||
- Реализовать HiddenCLI
|
||||
- Портировать драйвер под архитектуру x64
|
||||
- Залить проект на Git
|
||||
+ Переименовать проект драйвера в Hidden
|
||||
|
@ -634,8 +634,8 @@ void do_psmon_prot_tests(HidContext context)
|
||||
|
||||
if (pi.hProcess)
|
||||
{
|
||||
CloseHandle(hproc);
|
||||
TerminateProcess(pi.hProcess, 0);
|
||||
CloseHandle(pi.hProcess);
|
||||
}
|
||||
|
||||
Hid_RemoveProtectedState(context, GetCurrentProcessId());
|
||||
@ -649,11 +649,20 @@ void do_psmon_excl_tests(HidContext context)
|
||||
HidObjId objId[3];
|
||||
HidActiveState state;
|
||||
HidPsInheritTypes inheritType;
|
||||
STARTUPINFOW si;
|
||||
PROCESS_INFORMATION pi;
|
||||
wstring exepath;
|
||||
HANDLE hproc = 0;
|
||||
DWORD error_code, exit_code;
|
||||
|
||||
wcout << L"--------------------------------" << endl;
|
||||
wcout << L"Process monitor excl tests result:" << endl;
|
||||
wcout << L"--------------------------------" << endl;
|
||||
|
||||
memset(&si, 0, sizeof(si));
|
||||
memset(&pi, 0, sizeof(pi));
|
||||
si.cb = sizeof(si);
|
||||
|
||||
try
|
||||
{
|
||||
wcout << L"Test 1: hide file, add excluded process, check file" << endl;
|
||||
@ -663,11 +672,11 @@ void do_psmon_excl_tests(HidContext context)
|
||||
CHandle hfile(
|
||||
::CreateFileW(
|
||||
file_path.c_str(),
|
||||
FILE_READ_ACCESS | FILE_WRITE_ACCESS,
|
||||
GENERIC_READ | GENERIC_WRITE,
|
||||
FILE_SHARE_READ | FILE_SHARE_WRITE,
|
||||
NULL,
|
||||
CREATE_ALWAYS,
|
||||
FILE_FLAG_DELETE_ON_CLOSE,
|
||||
0,
|
||||
NULL
|
||||
)
|
||||
);
|
||||
@ -744,15 +753,93 @@ void do_psmon_excl_tests(HidContext context)
|
||||
|
||||
wcout << L" successful!" << endl;
|
||||
|
||||
//TODO: add tests for other API
|
||||
wcout << L"Test 2: " << endl;
|
||||
|
||||
exepath = L"c:\\windows\\system32\\cmd.exe /c type \"";
|
||||
exepath += file_path.c_str();
|
||||
exepath += L"\"";
|
||||
if (!CreateProcessW(NULL, (LPWSTR)exepath.c_str(), NULL, NULL, FALSE, CREATE_NEW_CONSOLE /*| CREATE_SUSPENDED*/, NULL, NULL, &si, &pi))
|
||||
{
|
||||
error_code = GetLastError();
|
||||
wcout << L"Error, CreateProcessW() failed with code: " << error_code << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
CloseHandle(pi.hThread);
|
||||
|
||||
WaitForSingleObject(pi.hProcess, INFINITE);
|
||||
|
||||
exit_code = 0;
|
||||
if (!GetExitCodeProcess(pi.hProcess, &exit_code))
|
||||
{
|
||||
error_code = GetLastError();
|
||||
wcout << L"Error, GetExitCodeProcess() failed with code: " << error_code << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
if (exit_code == 0)
|
||||
{
|
||||
wcout << L"Error, hidden file has been found" << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
CloseHandle(pi.hProcess);
|
||||
memset(&pi, 0, sizeof(pi));
|
||||
|
||||
hid_status = Hid_AddExcludedImage(context, L"c:\\windows\\system32\\cmd.exe", HidPsInheritTypes::InheritOnce, &objId[1]);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
{
|
||||
wcout << L"Error, can't add excluded image, code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
exepath = L"c:\\windows\\system32\\cmd.exe /c type \"";
|
||||
exepath += file_path.c_str();
|
||||
exepath += L"\"";
|
||||
if (!CreateProcessW(NULL, (LPWSTR)exepath.c_str(), NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi))
|
||||
{
|
||||
error_code = GetLastError();
|
||||
wcout << L"Error, CreateProcessW() failed with code: " << error_code << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
CloseHandle(pi.hThread);
|
||||
|
||||
WaitForSingleObject(pi.hProcess, INFINITE);
|
||||
|
||||
if (!GetExitCodeProcess(pi.hProcess, &exit_code))
|
||||
{
|
||||
error_code = GetLastError();
|
||||
wcout << L"Error, GetExitCodeProcess() failed with code: " << error_code << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
if (exit_code != 0)
|
||||
{
|
||||
wcout << L"Error, process exclusion doesn't work, termination code: " << exit_code << endl;
|
||||
throw exception();
|
||||
}
|
||||
|
||||
CloseHandle(pi.hProcess);
|
||||
memset(&pi, 0, sizeof(pi));
|
||||
|
||||
wcout << L" successful!" << endl;
|
||||
}
|
||||
catch (exception&)
|
||||
{
|
||||
wcout << L" failed!" << endl;
|
||||
}
|
||||
|
||||
if (pi.hProcess)
|
||||
{
|
||||
TerminateProcess(pi.hProcess, 0);
|
||||
CloseHandle(pi.hProcess);
|
||||
}
|
||||
|
||||
Hid_RemoveAllHiddenFiles(context);
|
||||
Hid_RemoveAllExcludedImages(context);
|
||||
|
||||
DeleteFileW(file_path.c_str());
|
||||
}
|
||||
|
||||
int wmain(int argc, wchar_t* argv[])
|
||||
|
Loading…
Reference in New Issue
Block a user