mirror of https://github.com/JKornev/hidden
HiddenCLI first steps
This commit is contained in:
parent
241e8bb296
commit
96c5e6eb40
|
@ -33,3 +33,5 @@
|
||||||
/HiddenLib/x64/Release
|
/HiddenLib/x64/Release
|
||||||
/HiddenTests/x64/Release/HiddenTests.tlog
|
/HiddenTests/x64/Release/HiddenTests.tlog
|
||||||
/HiddenTests/x64/Release
|
/HiddenTests/x64/Release
|
||||||
|
/Hidden/Debug
|
||||||
|
/Hidden/x64/Debug
|
||||||
|
|
|
@ -58,7 +58,6 @@ Global
|
||||||
{D6C8BE8B-D2E2-40BA-ADAC-E23FD8062E93}.Release|x64.Deploy.0 = Release|x64
|
{D6C8BE8B-D2E2-40BA-ADAC-E23FD8062E93}.Release|x64.Deploy.0 = Release|x64
|
||||||
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|Win32.ActiveCfg = Debug|Win32
|
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|Win32.ActiveCfg = Debug|Win32
|
||||||
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|Win32.Build.0 = Debug|Win32
|
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|Win32.Build.0 = Debug|Win32
|
||||||
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|Win32.Deploy.0 = Debug|Win32
|
|
||||||
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|x64.ActiveCfg = Debug|x64
|
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|x64.ActiveCfg = Debug|x64
|
||||||
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|x64.Build.0 = Debug|x64
|
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|x64.Build.0 = Debug|x64
|
||||||
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|x64.Deploy.0 = Debug|x64
|
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|x64.Deploy.0 = Debug|x64
|
||||||
|
@ -70,7 +69,6 @@ Global
|
||||||
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Release|x64.Deploy.0 = Release|x64
|
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Release|x64.Deploy.0 = Release|x64
|
||||||
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|Win32.ActiveCfg = Debug|Win32
|
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|Win32.ActiveCfg = Debug|Win32
|
||||||
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|Win32.Build.0 = Debug|Win32
|
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|Win32.Build.0 = Debug|Win32
|
||||||
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|Win32.Deploy.0 = Debug|Win32
|
|
||||||
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|x64.ActiveCfg = Debug|x64
|
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|x64.ActiveCfg = Debug|x64
|
||||||
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|x64.Build.0 = Debug|x64
|
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|x64.Build.0 = Debug|x64
|
||||||
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|x64.Deploy.0 = Debug|x64
|
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|x64.Deploy.0 = Debug|x64
|
||||||
|
@ -82,7 +80,6 @@ Global
|
||||||
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Release|x64.Deploy.0 = Release|x64
|
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Release|x64.Deploy.0 = Release|x64
|
||||||
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|Win32.ActiveCfg = Debug|Win32
|
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|Win32.ActiveCfg = Debug|Win32
|
||||||
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|Win32.Build.0 = Debug|Win32
|
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|Win32.Build.0 = Debug|Win32
|
||||||
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|Win32.Deploy.0 = Debug|Win32
|
|
||||||
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|x64.ActiveCfg = Debug|x64
|
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|x64.ActiveCfg = Debug|x64
|
||||||
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|x64.Build.0 = Debug|x64
|
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|x64.Build.0 = Debug|x64
|
||||||
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|x64.Deploy.0 = Debug|x64
|
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|x64.Deploy.0 = Debug|x64
|
||||||
|
|
|
@ -42,10 +42,10 @@
|
||||||
+ Реализовать usermode библиотеку для работы с IOCTL API
|
+ Реализовать usermode библиотеку для работы с IOCTL API
|
||||||
+ Слинковать с IOCTL API lib
|
+ Слинковать с IOCTL API lib
|
||||||
+ Добавить поддержку флага автоприсвоение состояния существующим процессам для Hid_AddExcludedImage\Hid_AddProtectedImage
|
+ Добавить поддержку флага автоприсвоение состояния существующим процессам для Hid_AddExcludedImage\Hid_AddProtectedImage
|
||||||
- Проверить как ведёт себя файловый фильтр с файлами открытыми по ID или по короткому пути
|
+ Проверить как ведёт себя файловый фильтр с файлами открытыми по ID или по короткому пути
|
||||||
- Реализовать HiddenCLI
|
- Реализовать HiddenCLI
|
||||||
+ Портировать драйвер под архитектуру x64
|
+ Портировать драйвер под архитектуру x64
|
||||||
- Портировать под версии Windows 8, 8.1, 10
|
+ Портировать под версии Windows 8, 8.1, 10
|
||||||
+ Залить проект на Git
|
+ Залить проект на Git
|
||||||
+ Переименовать проект драйвера в Hidden
|
+ Переименовать проект драйвера в Hidden
|
||||||
+ Привести в порядок все версии билда Release, Debug, ...
|
+ Привести в порядок все версии билда Release, Debug, ...
|
||||||
|
@ -56,5 +56,6 @@
|
||||||
- Отреверсить установщик VMBox tools
|
- Отреверсить установщик VMBox tools
|
||||||
- Реализовать поддержку вкл\выкл драйвера
|
- Реализовать поддержку вкл\выкл драйвера
|
||||||
- Реализовать steals mode
|
- Реализовать steals mode
|
||||||
|
- Реализовать поддержку загрузки дефольтных конфигов из реестра
|
||||||
- Насодить на ETL и DbgPrintEx
|
- Насодить на ETL и DbgPrintEx
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
#include "Commands.h"
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
#pragma once
|
||||||
|
|
||||||
|
#include "Helper.h"
|
||||||
|
|
||||||
|
class Commands
|
||||||
|
{
|
||||||
|
public:
|
||||||
|
Commands(Arguments& args){}
|
||||||
|
};
|
|
@ -0,0 +1,2 @@
|
||||||
|
#include "Connection.h"
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
#pragma once
|
||||||
|
|
||||||
|
#include "Helper.h"
|
||||||
|
|
||||||
|
class Connection
|
||||||
|
{
|
||||||
|
public:
|
||||||
|
Connection(Arguments& args){}
|
||||||
|
};
|
|
@ -0,0 +1,69 @@
|
||||||
|
#include "helper.h"
|
||||||
|
|
||||||
|
using namespace std;
|
||||||
|
|
||||||
|
WException::WException(unsigned int Code, wchar_t* Format, ...) :
|
||||||
|
m_errorCode(Code)
|
||||||
|
{
|
||||||
|
wchar_t buffer[256];
|
||||||
|
|
||||||
|
va_list args;
|
||||||
|
va_start(args, Format);
|
||||||
|
_vsnwprintf_s(buffer, _countof(buffer), _TRUNCATE, Format, args);
|
||||||
|
va_end(args);
|
||||||
|
|
||||||
|
m_errorMessage = buffer;
|
||||||
|
}
|
||||||
|
|
||||||
|
const wchar_t* WException::What()
|
||||||
|
{
|
||||||
|
return m_errorMessage.c_str();
|
||||||
|
}
|
||||||
|
|
||||||
|
unsigned int WException::Code()
|
||||||
|
{
|
||||||
|
return m_errorCode;
|
||||||
|
}
|
||||||
|
|
||||||
|
Arguments::Arguments(int argc, wchar_t* argv[]) :
|
||||||
|
m_argPointer(0)
|
||||||
|
{
|
||||||
|
for (int i = 1; i < argc; i++)
|
||||||
|
m_arguments.push_back(argv[i]);
|
||||||
|
}
|
||||||
|
|
||||||
|
size_t Arguments::ArgsCount()
|
||||||
|
{
|
||||||
|
return m_arguments.size();
|
||||||
|
}
|
||||||
|
|
||||||
|
bool Arguments::GetNext(wstring& arg)
|
||||||
|
{
|
||||||
|
if (m_argPointer >= m_arguments.size())
|
||||||
|
return false;
|
||||||
|
|
||||||
|
arg = m_arguments[m_argPointer++];
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
Handle::Handle(HANDLE handle) :
|
||||||
|
m_handle(handle),
|
||||||
|
m_error(::GetLastError())
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
Handle::~Handle()
|
||||||
|
{
|
||||||
|
if (m_handle != INVALID_HANDLE_VALUE)
|
||||||
|
::CloseHandle(m_handle);
|
||||||
|
}
|
||||||
|
|
||||||
|
HANDLE Handle::Get()
|
||||||
|
{
|
||||||
|
return m_handle;
|
||||||
|
}
|
||||||
|
|
||||||
|
DWORD Handle::Error()
|
||||||
|
{
|
||||||
|
return m_error;
|
||||||
|
}
|
|
@ -0,0 +1,51 @@
|
||||||
|
#pragma once
|
||||||
|
|
||||||
|
#include <string>
|
||||||
|
#include <vector>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdarg.h>
|
||||||
|
#include <Windows.h>
|
||||||
|
|
||||||
|
class WException
|
||||||
|
{
|
||||||
|
std::wstring m_errorMessage;
|
||||||
|
unsigned int m_errorCode;
|
||||||
|
|
||||||
|
public:
|
||||||
|
|
||||||
|
WException(unsigned int Code, wchar_t* Format, ...);
|
||||||
|
|
||||||
|
const wchar_t* What();
|
||||||
|
unsigned int Code();
|
||||||
|
};
|
||||||
|
|
||||||
|
class Arguments
|
||||||
|
{
|
||||||
|
std::vector<std::wstring> m_arguments;
|
||||||
|
unsigned int m_argPointer;
|
||||||
|
|
||||||
|
public:
|
||||||
|
|
||||||
|
Arguments(int argc, wchar_t* argv[]);
|
||||||
|
|
||||||
|
size_t ArgsCount();
|
||||||
|
|
||||||
|
bool ProbNext(std::wstring& arg);
|
||||||
|
bool GetNext(std::wstring& arg);
|
||||||
|
};
|
||||||
|
|
||||||
|
class Handle
|
||||||
|
{
|
||||||
|
private:
|
||||||
|
DWORD m_error;
|
||||||
|
HANDLE m_handle;
|
||||||
|
|
||||||
|
public:
|
||||||
|
|
||||||
|
Handle(HANDLE handle);
|
||||||
|
~Handle();
|
||||||
|
|
||||||
|
HANDLE Get();
|
||||||
|
DWORD Error();
|
||||||
|
|
||||||
|
};
|
|
@ -1,150 +1,40 @@
|
||||||
#include <Windows.h>
|
#include <Windows.h>
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
#include "Helper.h"
|
||||||
|
#include "Connection.h"
|
||||||
|
#include "Commands.h"
|
||||||
|
|
||||||
#include "../HiddenLib/HiddenLib.h"
|
#include "../HiddenLib/HiddenLib.h"
|
||||||
|
|
||||||
using namespace std;
|
using namespace std;
|
||||||
|
|
||||||
// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
int wmain(int argc, wchar_t* argv[])
|
||||||
// !!!!! HiddenCLI ISN'T IMPLEMENTED YET, IT CONTAINS TEST CODE !!!!!
|
|
||||||
// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
|
||||||
|
|
||||||
CONST PWCHAR g_excludeFiles[] = {
|
|
||||||
// L"c:\\Windows\\System32\\calc.exe",
|
|
||||||
// L"c:\\test.txt",
|
|
||||||
// L"c:\\abcd\\test.txt",
|
|
||||||
//L"\\Device\\HarddiskVolume1\\Windows\\System32\\calc.exe",
|
|
||||||
L"\\??\\C:\\test.txt",
|
|
||||||
//L"c:\\Program Files\\VMware",
|
|
||||||
};
|
|
||||||
|
|
||||||
CONST PWCHAR g_excludeDirs[] = {
|
|
||||||
L"c:\\Program Files\\VMware",
|
|
||||||
L"c:\\ProgramData\\VMware",
|
|
||||||
L"c:\\Windows\\Temp\\vmware-SYSTEM",
|
|
||||||
L"c:\\Program Files\\Common Files\\VMware",
|
|
||||||
};
|
|
||||||
|
|
||||||
typedef struct _RegEntry {
|
|
||||||
HidRegRootTypes root;
|
|
||||||
LPWSTR path;
|
|
||||||
} RegEntry, *PRegEntry;
|
|
||||||
|
|
||||||
CONST RegEntry g_excludeRegKeys[] = {
|
|
||||||
{ RegHKLM, L"Software\\VMware, Inc." },
|
|
||||||
{ RegHKLM, L"System\\ControlSet001\\Control\\Print\\Monitors\\ThinPrint Print Port Monitor for VMWare" },
|
|
||||||
{ RegHKLM, L"System\\ControlSet002\\Control\\Print\\Monitors\\ThinPrint Print Port Monitor for VMWare" },
|
|
||||||
{ RegHKLM, L"System\\CurrentControlSet\\Control\\Print\\Monitors\\ThinPrint Print Port Monitor for VMWare" },
|
|
||||||
{ RegHKCU, L"Software\\VMware, Inc." },
|
|
||||||
};
|
|
||||||
|
|
||||||
CONST RegEntry g_excludeRegValues[] = {
|
|
||||||
{ RegHKLM, L"Hardware\\Description\\System\\BIOS\\SystemManufacturer" },
|
|
||||||
{ RegHKLM, L"Hardware\\Description\\System\\BIOS\\SystemProductName" },
|
|
||||||
};
|
|
||||||
|
|
||||||
CONST PWCHAR g_protectProcesses[] = {
|
|
||||||
L"c:\\Windows\\System32\\calc.exe",
|
|
||||||
L"c:\\Windows\\System32\\calc2.exe",
|
|
||||||
};
|
|
||||||
|
|
||||||
CONST PWCHAR g_excludeProcesses[] = {
|
|
||||||
L"C:\\Windows\\System32\\Services.exe",
|
|
||||||
L"C:\\Windows\\System32\\csrss.exe",
|
|
||||||
L"C:\\Windows\\System32\\vssvc.exe",
|
|
||||||
L"C:\\Windows\\System32\\spoolsv.exe",
|
|
||||||
L"C:\\Program Files\\VMware\\VMware Tools\\vmtoolsd.exe",
|
|
||||||
L"C:\\Program Files\\VMware\\VMware Tools\\TPAutoConnSvc.exe",
|
|
||||||
L"C:\\Program Files\\VMware\\VMware Tools\\rpctool.exe",
|
|
||||||
L"C:\\Program Files\\VMware\\VMware Tools\\rvmSetup.exe",
|
|
||||||
L"C:\\Program Files\\VMware\\VMware Tools\\TPAutoConnect.exe",
|
|
||||||
L"C:\\Program Files\\VMware\\VMware Tools\\TPVCGateway.exe",
|
|
||||||
L"C:\\Program Files\\VMware\\VMware Tools\\VMwareHgfsClient.exe",
|
|
||||||
L"C:\\Program Files\\VMware\\VMware Tools\\VMwareHostOpen.exe",
|
|
||||||
L"C:\\Program Files\\VMware\\VMware Tools\\VMwareResolutionSet.exe",
|
|
||||||
L"C:\\Program Files\\VMware\\VMware Tools\\VMwareToolboxCmd.exe",
|
|
||||||
L"C:\\Program Files\\VMware\\VMware Tools\\VMwareXferlogs.exe",
|
|
||||||
L"C:\\Program Files\\VMware\\VMware Tools\\zip.exe",
|
|
||||||
};
|
|
||||||
|
|
||||||
int wmain(int argc, wchar_t *argv[])
|
|
||||||
{
|
{
|
||||||
HidContext hid_context;
|
try
|
||||||
HidStatus hid_status;
|
|
||||||
int count;
|
|
||||||
|
|
||||||
cout << "Start!" << endl;
|
|
||||||
|
|
||||||
hid_status = Hid_Initialize(&hid_context);
|
|
||||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
|
||||||
{
|
{
|
||||||
cout << "Error, HiddenLib initialization failed with code: " << HID_STATUS_CODE(hid_status) << endl;
|
Arguments arguments(argc, argv);
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Load Reg Keys
|
if (!arguments.ArgsCount())
|
||||||
count = _countof(g_excludeRegKeys);
|
throw WException(
|
||||||
for (int i = 0; i < count; i++)
|
-2,
|
||||||
|
L"Welcome to HiddenCLI, please use 'hiddencli help'"
|
||||||
|
);
|
||||||
|
|
||||||
|
Connection connection(arguments);
|
||||||
|
Commands commands(arguments);
|
||||||
|
|
||||||
|
}
|
||||||
|
catch (WException& exception)
|
||||||
{
|
{
|
||||||
HidObjId objId;
|
wcerr << exception.What() << endl;
|
||||||
hid_status = Hid_AddHiddenRegKey(hid_context, g_excludeRegKeys[i].root, g_excludeRegKeys[i].path, &objId);
|
return exception.Code();
|
||||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
|
||||||
cout << "Error, Hid_AddHiddenRegKey failed with code: " << HID_STATUS_CODE(hid_status) << endl;
|
|
||||||
}
|
}
|
||||||
|
catch (exception& exception)
|
||||||
// Load Reg Values
|
|
||||||
count = _countof(g_excludeRegValues);
|
|
||||||
for (int i = 0; i < count; i++)
|
|
||||||
{
|
{
|
||||||
HidObjId objId;
|
cerr << exception.what() << endl;
|
||||||
hid_status = Hid_AddHiddenRegValue(hid_context, g_excludeRegValues[i].root, g_excludeRegValues[i].path, &objId);
|
return -1;
|
||||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
|
||||||
cout << "Error, Hid_AddHiddenRegValue failed with code: " << HID_STATUS_CODE(hid_status) << endl;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Load Files
|
|
||||||
count = _countof(g_excludeFiles);
|
|
||||||
for (int i = 0; i < count; i++)
|
|
||||||
{
|
|
||||||
HidObjId objId;
|
|
||||||
hid_status = Hid_AddHiddenFile(hid_context, g_excludeFiles[i], &objId);
|
|
||||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
|
||||||
cout << "Error, Hid_AddHiddenFile failed with code: " << HID_STATUS_CODE(hid_status) << endl;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Load Dirs
|
|
||||||
count = _countof(g_excludeDirs);
|
|
||||||
for (int i = 0; i < count; i++)
|
|
||||||
{
|
|
||||||
HidObjId objId;
|
|
||||||
hid_status = Hid_AddHiddenDir(hid_context, g_excludeDirs[i], &objId);
|
|
||||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
|
||||||
cout << "Error, Hid_AddHiddenDir failed with code: " << HID_STATUS_CODE(hid_status) << endl;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Load excluded processes
|
|
||||||
count = _countof(g_excludeProcesses);
|
|
||||||
for (int i = 0; i < count; i++)
|
|
||||||
{
|
|
||||||
HidObjId objId;
|
|
||||||
hid_status = Hid_AddExcludedImage(hid_context, g_excludeProcesses[i], WithoutInherit, TRUE, &objId);
|
|
||||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
|
||||||
cout << "Error, Hid_AddExcludedImage failed with code: " << HID_STATUS_CODE(hid_status) << endl;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Load protected processes
|
|
||||||
count = _countof(g_protectProcesses);
|
|
||||||
for (int i = 0; i < count; i++)
|
|
||||||
{
|
|
||||||
HidObjId objId;
|
|
||||||
hid_status = Hid_AddProtectedImage(hid_context, g_protectProcesses[i], WithoutInherit, TRUE, &objId);
|
|
||||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
|
||||||
cout << "Error, Hid_AddProtectedImage failed with code: " << HID_STATUS_CODE(hid_status) << endl;
|
|
||||||
}
|
|
||||||
|
|
||||||
Hid_Destroy(hid_context);
|
|
||||||
cout << "Completed!" << endl;
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -151,8 +151,19 @@
|
||||||
</Link>
|
</Link>
|
||||||
</ItemDefinitionGroup>
|
</ItemDefinitionGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
|
<ClCompile Include="Commands.cpp" />
|
||||||
|
<ClCompile Include="Connection.cpp" />
|
||||||
|
<ClCompile Include="Helper.cpp" />
|
||||||
<ClCompile Include="HiddenCLI.cpp" />
|
<ClCompile Include="HiddenCLI.cpp" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<ClInclude Include="Commands.h" />
|
||||||
|
<ClInclude Include="Connection.h" />
|
||||||
|
<ClInclude Include="Helper.h" />
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<Text Include="cli.txt" />
|
||||||
|
</ItemGroup>
|
||||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||||
<ImportGroup Label="ExtensionTargets">
|
<ImportGroup Label="ExtensionTargets">
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
|
|
|
@ -0,0 +1,50 @@
|
||||||
|
|
||||||
|
hiddencli [connection] <command>
|
||||||
|
|
||||||
|
connection:
|
||||||
|
|
||||||
|
commands:
|
||||||
|
|
||||||
|
hide <file|dir|regval|regkey> <%path%>
|
||||||
|
Hide filesystem or registry object by path
|
||||||
|
|
||||||
|
unhide <file|dir|regval|regkey> all
|
||||||
|
Unhide all filesystem or registry object by selected type
|
||||||
|
|
||||||
|
unhide <file|dir|regval|regkey> <%ruleid%>
|
||||||
|
Unhide all filesystem or registry object by selected type and rule ID
|
||||||
|
|
||||||
|
|
||||||
|
ignore image [inherit:<none|always|once>] [apply:<fornew|forall>] <%path%>
|
||||||
|
Set rule that allows to see hidden filesystem and registry objects for processes with specific image path
|
||||||
|
|
||||||
|
unignore <%ruleid%>
|
||||||
|
Remove rule that allows to see hidden filesystem and registry objects by rule ID
|
||||||
|
|
||||||
|
unignore all
|
||||||
|
Remove all rules that allow to see hidden filesystem and registry objects
|
||||||
|
|
||||||
|
ignore pid [inherit:<none|always|once>] <%pid%>
|
||||||
|
Turn on abillity to see hidden filesystem and registry objects for specific process by PID
|
||||||
|
|
||||||
|
unignore pid <%pid%>
|
||||||
|
Turn off abillity to see hidden filesystem and registry objects for specific process by PID
|
||||||
|
|
||||||
|
|
||||||
|
protect image [inherit:<none|always|once>] [apply:<fornew|forall>] <%path%>
|
||||||
|
Set rule that allows to enable process protection for processes with specific image path
|
||||||
|
|
||||||
|
unprotect <%ruleid%>
|
||||||
|
Remove rule that enables process protection by rule ID
|
||||||
|
|
||||||
|
unprotect all
|
||||||
|
Remove all rules that enable process protection
|
||||||
|
|
||||||
|
protect pid [inherit:<none|always|once>] <%pid%>
|
||||||
|
Turn on protection for specific process by PID
|
||||||
|
|
||||||
|
unprotect pid <%pid%>
|
||||||
|
Turn off protection for specific process by PID
|
||||||
|
|
||||||
|
query <%pid%>
|
||||||
|
Query information about state of the process by PID
|
Loading…
Reference in New Issue