diff --git a/Hidden.sln b/Hidden.sln index b7d2bb0..0d1eeae 100644 --- a/Hidden.sln +++ b/Hidden.sln @@ -7,6 +7,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Hidden", "Hidden\Hidden.vcx EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Hidden Package", "Hidden Package\Hidden Package.vcxproj", "{D6C8BE8B-D2E2-40BA-ADAC-E23FD8062E93}" ProjectSection(ProjectDependencies) = postProject + {023C63A1-726C-48D9-AA17-E62A7EFD862D} = {023C63A1-726C-48D9-AA17-E62A7EFD862D} + {E6A7AAAD-4877-4F05-A5A1-F42707895996} = {E6A7AAAD-4877-4F05-A5A1-F42707895996} {3E4BBCD0-DC35-4825-9A8D-8686CDFAA6A8} = {3E4BBCD0-DC35-4825-9A8D-8686CDFAA6A8} EndProjectSection EndProject diff --git a/HiddenCLI/HiddenCLI.cpp b/HiddenCLI/HiddenCLI.cpp index 025c165..f67e68e 100644 --- a/HiddenCLI/HiddenCLI.cpp +++ b/HiddenCLI/HiddenCLI.cpp @@ -6,6 +6,10 @@ using namespace std; +// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +// !!!!! HiddenCLI ISN'T IMPLEMENTED YET, IT CONTAINS TEST CODE !!!!! +// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + CONST PWCHAR g_excludeFiles[] = { // L"c:\\Windows\\System32\\calc.exe", // L"c:\\test.txt", @@ -16,26 +20,28 @@ CONST PWCHAR g_excludeFiles[] = { }; CONST PWCHAR g_excludeDirs[] = { -// L"\\Device\\HarddiskVolume1\\abc", -// L"\\Device\\HarddiskVolume1\\abcd\\abc", -// L"\\Device\\HarddiskVolume1\\New folder", - //L"\\Device\\HarddiskVolume1\\abc", - //L"\\??\\C:\\abcd\\abc", L"c:\\Program Files\\VMware", + L"c:\\ProgramData\\VMware", + L"c:\\Windows\\Temp\\vmware-SYSTEM", + L"c:\\Program Files\\Common Files\\VMware", }; -CONST PWCHAR g_excludeRegKeys[] = { - L"SOFTWARE\\test", - L"SOFTWARE\\test2", +typedef struct _RegEntry { + HidRegRootTypes root; + LPWSTR path; +} RegEntry, *PRegEntry; + +CONST RegEntry g_excludeRegKeys[] = { + { RegHKLM, L"Software\\VMware, Inc." }, + { RegHKLM, L"System\\ControlSet001\\Control\\Print\\Monitors\\ThinPrint Print Port Monitor for VMWare" }, + { RegHKLM, L"System\\ControlSet002\\Control\\Print\\Monitors\\ThinPrint Print Port Monitor for VMWare" }, + { RegHKLM, L"System\\CurrentControlSet\\Control\\Print\\Monitors\\ThinPrint Print Port Monitor for VMWare" }, + { RegHKCU, L"Software\\VMware, Inc." }, }; -CONST PWCHAR g_excludeRegValues[] = { - L"SOFTWARE\\aaa", - L"SOFTWARE\\xxx", - L"SOFTWARE\\aa", - L"SOFTWARE\\aaa", - L"SOFTWARE\\aaaa", - L"SOFTWARE\\zz", +CONST RegEntry g_excludeRegValues[] = { + { RegHKLM, L"Hardware\\Description\\System\\BIOS\\SystemManufacturer" }, + { RegHKLM, L"Hardware\\Description\\System\\BIOS\\SystemProductName" }, }; CONST PWCHAR g_protectProcesses[] = { @@ -45,6 +51,9 @@ CONST PWCHAR g_protectProcesses[] = { CONST PWCHAR g_excludeProcesses[] = { L"C:\\Windows\\System32\\Services.exe", + L"C:\\Windows\\System32\\csrss.exe", + L"C:\\Windows\\System32\\vssvc.exe", + L"C:\\Windows\\System32\\spoolsv.exe", L"C:\\Program Files\\VMware\\VMware Tools\\vmtoolsd.exe", L"C:\\Program Files\\VMware\\VMware Tools\\TPAutoConnSvc.exe", L"C:\\Program Files\\VMware\\VMware Tools\\rpctool.exe", @@ -57,7 +66,6 @@ CONST PWCHAR g_excludeProcesses[] = { L"C:\\Program Files\\VMware\\VMware Tools\\VMwareToolboxCmd.exe", L"C:\\Program Files\\VMware\\VMware Tools\\VMwareXferlogs.exe", L"C:\\Program Files\\VMware\\VMware Tools\\zip.exe", - L"c:\\Windows\\System32\\vssvc.exe", }; int wmain(int argc, wchar_t *argv[]) @@ -80,7 +88,7 @@ int wmain(int argc, wchar_t *argv[]) for (int i = 0; i < count; i++) { HidObjId objId; - hid_status = Hid_AddHiddenRegKey(hid_context, RegHKLM, g_excludeRegKeys[i], &objId); + hid_status = Hid_AddHiddenRegKey(hid_context, g_excludeRegKeys[i].root, g_excludeRegKeys[i].path, &objId); if (!HID_STATUS_SUCCESSFUL(hid_status)) cout << "Error, Hid_AddHiddenRegKey failed with code: " << HID_STATUS_CODE(hid_status) << endl; } @@ -90,7 +98,7 @@ int wmain(int argc, wchar_t *argv[]) for (int i = 0; i < count; i++) { HidObjId objId; - hid_status = Hid_AddHiddenRegValue(hid_context, RegHKLM, g_excludeRegValues[i], &objId); + hid_status = Hid_AddHiddenRegValue(hid_context, g_excludeRegValues[i].root, g_excludeRegValues[i].path, &objId); if (!HID_STATUS_SUCCESSFUL(hid_status)) cout << "Error, Hid_AddHiddenRegValue failed with code: " << HID_STATUS_CODE(hid_status) << endl; } @@ -135,10 +143,6 @@ int wmain(int argc, wchar_t *argv[]) cout << "Error, Hid_AddProtectedImage failed with code: " << HID_STATUS_CODE(hid_status) << endl; } - //hid_status = Hid_AttachExcludedState(hid_context, 528, WithoutInherit); - //if (!HID_STATUS_SUCCESSFUL(hid_status)) - // cout << "Error, Hid_AttachExcludedState failed with code: " << HID_STATUS_CODE(hid_status) << endl; - Hid_Destroy(hid_context); cout << "Completed!" << endl;