6
0
mirror of https://github.com/JKornev/hidden synced 2024-06-16 03:58:04 +00:00

Added new process exclusion tests

This commit is contained in:
JKornev 2016-10-15 00:36:32 +03:00
parent 127c0b9c86
commit 6b0777c4de
3 changed files with 97 additions and 9 deletions

@ -96,7 +96,7 @@ OB_PREOP_CALLBACK_STATUS ProcessPreCallback(PVOID RegistrationContext, POB_PRE_O
if (!CheckProtectedOperation(PsGetCurrentProcessId(), PsGetProcessId(OperationInformation->Object)))
{
DbgPrint("FsFilter1!" __FUNCTION__ ": !!!!! allow protected process %d\n", PsGetCurrentProcessId());
//DbgPrint("FsFilter1!" __FUNCTION__ ": !!!!! allow protected process %d\n", PsGetCurrentProcessId());
return OB_PREOP_SUCCESS;
}
@ -125,7 +125,7 @@ OB_PREOP_CALLBACK_STATUS ThreadPreCallback(PVOID RegistrationContext, POB_PRE_OP
if (!CheckProtectedOperation(PsGetCurrentProcessId(), PsGetProcessId(OperationInformation->Object)))
{
DbgPrint("FsFilter1!" __FUNCTION__ ": !!!!! allow protected thread %d\n", PsGetCurrentProcessId());
//DbgPrint("FsFilter1!" __FUNCTION__ ": !!!!! allow protected thread %d\n", PsGetCurrentProcessId());
return OB_PREOP_SUCCESS;
}

@ -20,7 +20,8 @@
- Реализовать тесты в проекте HiddenTest
+ FS monitor
+ Reg filter
- Ps filter
+ Ps filter
+ Добавить код тестирования для add\remove excluded image
+ Добавить в Reg filter поддержку всех возможных операций над value
+ set value
+ delete value
@ -38,10 +39,10 @@
+ Реализовать все ф-и Ps monitor
+ Добавить в библиотеку поддержку get\set state
+ Решить проблему с protected (возможно разрешить создавать такие процессы только из protected\system)
- Реализовать IOCTL протокол управления
+ Реализовать IOCTL протокол управления
+ Реализовать usermode библиотеку для работы с IOCTL API
- Реализовать программу управления драйвером, средствами IOCTL API
+ Слинковать с IOCTL API lib
- Реализовать HiddenCLI
- Портировать драйвер под архитектуру x64
- Залить проект на Git
+ Переименовать проект драйвера в Hidden

@ -634,8 +634,8 @@ void do_psmon_prot_tests(HidContext context)
if (pi.hProcess)
{
CloseHandle(hproc);
TerminateProcess(pi.hProcess, 0);
CloseHandle(pi.hProcess);
}
Hid_RemoveProtectedState(context, GetCurrentProcessId());
@ -649,11 +649,20 @@ void do_psmon_excl_tests(HidContext context)
HidObjId objId[3];
HidActiveState state;
HidPsInheritTypes inheritType;
STARTUPINFOW si;
PROCESS_INFORMATION pi;
wstring exepath;
HANDLE hproc = 0;
DWORD error_code, exit_code;
wcout << L"--------------------------------" << endl;
wcout << L"Process monitor excl tests result:" << endl;
wcout << L"--------------------------------" << endl;
memset(&si, 0, sizeof(si));
memset(&pi, 0, sizeof(pi));
si.cb = sizeof(si);
try
{
wcout << L"Test 1: hide file, add excluded process, check file" << endl;
@ -663,11 +672,11 @@ void do_psmon_excl_tests(HidContext context)
CHandle hfile(
::CreateFileW(
file_path.c_str(),
FILE_READ_ACCESS | FILE_WRITE_ACCESS,
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
CREATE_ALWAYS,
FILE_FLAG_DELETE_ON_CLOSE,
0,
NULL
)
);
@ -744,15 +753,93 @@ void do_psmon_excl_tests(HidContext context)
wcout << L" successful!" << endl;
//TODO: add tests for other API
wcout << L"Test 2: " << endl;
exepath = L"c:\\windows\\system32\\cmd.exe /c type \"";
exepath += file_path.c_str();
exepath += L"\"";
if (!CreateProcessW(NULL, (LPWSTR)exepath.c_str(), NULL, NULL, FALSE, CREATE_NEW_CONSOLE /*| CREATE_SUSPENDED*/, NULL, NULL, &si, &pi))
{
error_code = GetLastError();
wcout << L"Error, CreateProcessW() failed with code: " << error_code << endl;
throw exception();
}
CloseHandle(pi.hThread);
WaitForSingleObject(pi.hProcess, INFINITE);
exit_code = 0;
if (!GetExitCodeProcess(pi.hProcess, &exit_code))
{
error_code = GetLastError();
wcout << L"Error, GetExitCodeProcess() failed with code: " << error_code << endl;
throw exception();
}
if (exit_code == 0)
{
wcout << L"Error, hidden file has been found" << endl;
throw exception();
}
CloseHandle(pi.hProcess);
memset(&pi, 0, sizeof(pi));
hid_status = Hid_AddExcludedImage(context, L"c:\\windows\\system32\\cmd.exe", HidPsInheritTypes::InheritOnce, &objId[1]);
if (!HID_STATUS_SUCCESSFUL(hid_status))
{
wcout << L"Error, can't add excluded image, code: " << HID_STATUS_CODE(hid_status) << endl;
throw exception();
}
exepath = L"c:\\windows\\system32\\cmd.exe /c type \"";
exepath += file_path.c_str();
exepath += L"\"";
if (!CreateProcessW(NULL, (LPWSTR)exepath.c_str(), NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi))
{
error_code = GetLastError();
wcout << L"Error, CreateProcessW() failed with code: " << error_code << endl;
throw exception();
}
CloseHandle(pi.hThread);
WaitForSingleObject(pi.hProcess, INFINITE);
if (!GetExitCodeProcess(pi.hProcess, &exit_code))
{
error_code = GetLastError();
wcout << L"Error, GetExitCodeProcess() failed with code: " << error_code << endl;
throw exception();
}
if (exit_code != 0)
{
wcout << L"Error, process exclusion doesn't work, termination code: " << exit_code << endl;
throw exception();
}
CloseHandle(pi.hProcess);
memset(&pi, 0, sizeof(pi));
wcout << L" successful!" << endl;
}
catch (exception&)
{
wcout << L" failed!" << endl;
}
if (pi.hProcess)
{
TerminateProcess(pi.hProcess, 0);
CloseHandle(pi.hProcess);
}
Hid_RemoveAllHiddenFiles(context);
Hid_RemoveAllExcludedImages(context);
DeleteFileW(file_path.c_str());
}
int wmain(int argc, wchar_t* argv[])