mirror of https://github.com/JKornev/hidden
HiddenCLI first steps
This commit is contained in:
parent
241e8bb296
commit
96c5e6eb40
|
@ -33,3 +33,5 @@
|
|||
/HiddenLib/x64/Release
|
||||
/HiddenTests/x64/Release/HiddenTests.tlog
|
||||
/HiddenTests/x64/Release
|
||||
/Hidden/Debug
|
||||
/Hidden/x64/Debug
|
||||
|
|
|
@ -58,7 +58,6 @@ Global
|
|||
{D6C8BE8B-D2E2-40BA-ADAC-E23FD8062E93}.Release|x64.Deploy.0 = Release|x64
|
||||
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|Win32.ActiveCfg = Debug|Win32
|
||||
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|Win32.Build.0 = Debug|Win32
|
||||
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|Win32.Deploy.0 = Debug|Win32
|
||||
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|x64.ActiveCfg = Debug|x64
|
||||
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|x64.Build.0 = Debug|x64
|
||||
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Debug|x64.Deploy.0 = Debug|x64
|
||||
|
@ -70,7 +69,6 @@ Global
|
|||
{EFECF76B-C3A8-4444-9314-70F72A0A48D8}.Release|x64.Deploy.0 = Release|x64
|
||||
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|Win32.ActiveCfg = Debug|Win32
|
||||
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|Win32.Build.0 = Debug|Win32
|
||||
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|Win32.Deploy.0 = Debug|Win32
|
||||
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|x64.ActiveCfg = Debug|x64
|
||||
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|x64.Build.0 = Debug|x64
|
||||
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Debug|x64.Deploy.0 = Debug|x64
|
||||
|
@ -82,7 +80,6 @@ Global
|
|||
{E6A7AAAD-4877-4F05-A5A1-F42707895996}.Release|x64.Deploy.0 = Release|x64
|
||||
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|Win32.ActiveCfg = Debug|Win32
|
||||
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|Win32.Build.0 = Debug|Win32
|
||||
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|Win32.Deploy.0 = Debug|Win32
|
||||
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|x64.ActiveCfg = Debug|x64
|
||||
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|x64.Build.0 = Debug|x64
|
||||
{023C63A1-726C-48D9-AA17-E62A7EFD862D}.Debug|x64.Deploy.0 = Debug|x64
|
||||
|
|
|
@ -42,10 +42,10 @@
|
|||
+ Реализовать usermode библиотеку для работы с IOCTL API
|
||||
+ Слинковать с IOCTL API lib
|
||||
+ Добавить поддержку флага автоприсвоение состояния существующим процессам для Hid_AddExcludedImage\Hid_AddProtectedImage
|
||||
- Проверить как ведёт себя файловый фильтр с файлами открытыми по ID или по короткому пути
|
||||
+ Проверить как ведёт себя файловый фильтр с файлами открытыми по ID или по короткому пути
|
||||
- Реализовать HiddenCLI
|
||||
+ Портировать драйвер под архитектуру x64
|
||||
- Портировать под версии Windows 8, 8.1, 10
|
||||
+ Портировать под версии Windows 8, 8.1, 10
|
||||
+ Залить проект на Git
|
||||
+ Переименовать проект драйвера в Hidden
|
||||
+ Привести в порядок все версии билда Release, Debug, ...
|
||||
|
@ -56,5 +56,6 @@
|
|||
- Отреверсить установщик VMBox tools
|
||||
- Реализовать поддержку вкл\выкл драйвера
|
||||
- Реализовать steals mode
|
||||
- Реализовать поддержку загрузки дефольтных конфигов из реестра
|
||||
- Насодить на ETL и DbgPrintEx
|
||||
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
#include "Commands.h"
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
#pragma once
|
||||
|
||||
#include "Helper.h"
|
||||
|
||||
class Commands
|
||||
{
|
||||
public:
|
||||
Commands(Arguments& args){}
|
||||
};
|
|
@ -0,0 +1,2 @@
|
|||
#include "Connection.h"
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
#pragma once
|
||||
|
||||
#include "Helper.h"
|
||||
|
||||
class Connection
|
||||
{
|
||||
public:
|
||||
Connection(Arguments& args){}
|
||||
};
|
|
@ -0,0 +1,69 @@
|
|||
#include "helper.h"
|
||||
|
||||
using namespace std;
|
||||
|
||||
WException::WException(unsigned int Code, wchar_t* Format, ...) :
|
||||
m_errorCode(Code)
|
||||
{
|
||||
wchar_t buffer[256];
|
||||
|
||||
va_list args;
|
||||
va_start(args, Format);
|
||||
_vsnwprintf_s(buffer, _countof(buffer), _TRUNCATE, Format, args);
|
||||
va_end(args);
|
||||
|
||||
m_errorMessage = buffer;
|
||||
}
|
||||
|
||||
const wchar_t* WException::What()
|
||||
{
|
||||
return m_errorMessage.c_str();
|
||||
}
|
||||
|
||||
unsigned int WException::Code()
|
||||
{
|
||||
return m_errorCode;
|
||||
}
|
||||
|
||||
Arguments::Arguments(int argc, wchar_t* argv[]) :
|
||||
m_argPointer(0)
|
||||
{
|
||||
for (int i = 1; i < argc; i++)
|
||||
m_arguments.push_back(argv[i]);
|
||||
}
|
||||
|
||||
size_t Arguments::ArgsCount()
|
||||
{
|
||||
return m_arguments.size();
|
||||
}
|
||||
|
||||
bool Arguments::GetNext(wstring& arg)
|
||||
{
|
||||
if (m_argPointer >= m_arguments.size())
|
||||
return false;
|
||||
|
||||
arg = m_arguments[m_argPointer++];
|
||||
return true;
|
||||
}
|
||||
|
||||
Handle::Handle(HANDLE handle) :
|
||||
m_handle(handle),
|
||||
m_error(::GetLastError())
|
||||
{
|
||||
}
|
||||
|
||||
Handle::~Handle()
|
||||
{
|
||||
if (m_handle != INVALID_HANDLE_VALUE)
|
||||
::CloseHandle(m_handle);
|
||||
}
|
||||
|
||||
HANDLE Handle::Get()
|
||||
{
|
||||
return m_handle;
|
||||
}
|
||||
|
||||
DWORD Handle::Error()
|
||||
{
|
||||
return m_error;
|
||||
}
|
|
@ -0,0 +1,51 @@
|
|||
#pragma once
|
||||
|
||||
#include <string>
|
||||
#include <vector>
|
||||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
#include <Windows.h>
|
||||
|
||||
class WException
|
||||
{
|
||||
std::wstring m_errorMessage;
|
||||
unsigned int m_errorCode;
|
||||
|
||||
public:
|
||||
|
||||
WException(unsigned int Code, wchar_t* Format, ...);
|
||||
|
||||
const wchar_t* What();
|
||||
unsigned int Code();
|
||||
};
|
||||
|
||||
class Arguments
|
||||
{
|
||||
std::vector<std::wstring> m_arguments;
|
||||
unsigned int m_argPointer;
|
||||
|
||||
public:
|
||||
|
||||
Arguments(int argc, wchar_t* argv[]);
|
||||
|
||||
size_t ArgsCount();
|
||||
|
||||
bool ProbNext(std::wstring& arg);
|
||||
bool GetNext(std::wstring& arg);
|
||||
};
|
||||
|
||||
class Handle
|
||||
{
|
||||
private:
|
||||
DWORD m_error;
|
||||
HANDLE m_handle;
|
||||
|
||||
public:
|
||||
|
||||
Handle(HANDLE handle);
|
||||
~Handle();
|
||||
|
||||
HANDLE Get();
|
||||
DWORD Error();
|
||||
|
||||
};
|
|
@ -1,150 +1,40 @@
|
|||
#include <Windows.h>
|
||||
#include <iostream>
|
||||
#include <stdio.h>
|
||||
#include "Helper.h"
|
||||
#include "Connection.h"
|
||||
#include "Commands.h"
|
||||
|
||||
#include "../HiddenLib/HiddenLib.h"
|
||||
|
||||
using namespace std;
|
||||
|
||||
// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
// !!!!! HiddenCLI ISN'T IMPLEMENTED YET, IT CONTAINS TEST CODE !!!!!
|
||||
// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
|
||||
CONST PWCHAR g_excludeFiles[] = {
|
||||
// L"c:\\Windows\\System32\\calc.exe",
|
||||
// L"c:\\test.txt",
|
||||
// L"c:\\abcd\\test.txt",
|
||||
//L"\\Device\\HarddiskVolume1\\Windows\\System32\\calc.exe",
|
||||
L"\\??\\C:\\test.txt",
|
||||
//L"c:\\Program Files\\VMware",
|
||||
};
|
||||
|
||||
CONST PWCHAR g_excludeDirs[] = {
|
||||
L"c:\\Program Files\\VMware",
|
||||
L"c:\\ProgramData\\VMware",
|
||||
L"c:\\Windows\\Temp\\vmware-SYSTEM",
|
||||
L"c:\\Program Files\\Common Files\\VMware",
|
||||
};
|
||||
|
||||
typedef struct _RegEntry {
|
||||
HidRegRootTypes root;
|
||||
LPWSTR path;
|
||||
} RegEntry, *PRegEntry;
|
||||
|
||||
CONST RegEntry g_excludeRegKeys[] = {
|
||||
{ RegHKLM, L"Software\\VMware, Inc." },
|
||||
{ RegHKLM, L"System\\ControlSet001\\Control\\Print\\Monitors\\ThinPrint Print Port Monitor for VMWare" },
|
||||
{ RegHKLM, L"System\\ControlSet002\\Control\\Print\\Monitors\\ThinPrint Print Port Monitor for VMWare" },
|
||||
{ RegHKLM, L"System\\CurrentControlSet\\Control\\Print\\Monitors\\ThinPrint Print Port Monitor for VMWare" },
|
||||
{ RegHKCU, L"Software\\VMware, Inc." },
|
||||
};
|
||||
|
||||
CONST RegEntry g_excludeRegValues[] = {
|
||||
{ RegHKLM, L"Hardware\\Description\\System\\BIOS\\SystemManufacturer" },
|
||||
{ RegHKLM, L"Hardware\\Description\\System\\BIOS\\SystemProductName" },
|
||||
};
|
||||
|
||||
CONST PWCHAR g_protectProcesses[] = {
|
||||
L"c:\\Windows\\System32\\calc.exe",
|
||||
L"c:\\Windows\\System32\\calc2.exe",
|
||||
};
|
||||
|
||||
CONST PWCHAR g_excludeProcesses[] = {
|
||||
L"C:\\Windows\\System32\\Services.exe",
|
||||
L"C:\\Windows\\System32\\csrss.exe",
|
||||
L"C:\\Windows\\System32\\vssvc.exe",
|
||||
L"C:\\Windows\\System32\\spoolsv.exe",
|
||||
L"C:\\Program Files\\VMware\\VMware Tools\\vmtoolsd.exe",
|
||||
L"C:\\Program Files\\VMware\\VMware Tools\\TPAutoConnSvc.exe",
|
||||
L"C:\\Program Files\\VMware\\VMware Tools\\rpctool.exe",
|
||||
L"C:\\Program Files\\VMware\\VMware Tools\\rvmSetup.exe",
|
||||
L"C:\\Program Files\\VMware\\VMware Tools\\TPAutoConnect.exe",
|
||||
L"C:\\Program Files\\VMware\\VMware Tools\\TPVCGateway.exe",
|
||||
L"C:\\Program Files\\VMware\\VMware Tools\\VMwareHgfsClient.exe",
|
||||
L"C:\\Program Files\\VMware\\VMware Tools\\VMwareHostOpen.exe",
|
||||
L"C:\\Program Files\\VMware\\VMware Tools\\VMwareResolutionSet.exe",
|
||||
L"C:\\Program Files\\VMware\\VMware Tools\\VMwareToolboxCmd.exe",
|
||||
L"C:\\Program Files\\VMware\\VMware Tools\\VMwareXferlogs.exe",
|
||||
L"C:\\Program Files\\VMware\\VMware Tools\\zip.exe",
|
||||
};
|
||||
|
||||
int wmain(int argc, wchar_t* argv[])
|
||||
{
|
||||
HidContext hid_context;
|
||||
HidStatus hid_status;
|
||||
int count;
|
||||
|
||||
cout << "Start!" << endl;
|
||||
|
||||
hid_status = Hid_Initialize(&hid_context);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
try
|
||||
{
|
||||
cout << "Error, HiddenLib initialization failed with code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
return 1;
|
||||
}
|
||||
Arguments arguments(argc, argv);
|
||||
|
||||
// Load Reg Keys
|
||||
count = _countof(g_excludeRegKeys);
|
||||
for (int i = 0; i < count; i++)
|
||||
if (!arguments.ArgsCount())
|
||||
throw WException(
|
||||
-2,
|
||||
L"Welcome to HiddenCLI, please use 'hiddencli help'"
|
||||
);
|
||||
|
||||
Connection connection(arguments);
|
||||
Commands commands(arguments);
|
||||
|
||||
}
|
||||
catch (WException& exception)
|
||||
{
|
||||
HidObjId objId;
|
||||
hid_status = Hid_AddHiddenRegKey(hid_context, g_excludeRegKeys[i].root, g_excludeRegKeys[i].path, &objId);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
cout << "Error, Hid_AddHiddenRegKey failed with code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
wcerr << exception.What() << endl;
|
||||
return exception.Code();
|
||||
}
|
||||
|
||||
// Load Reg Values
|
||||
count = _countof(g_excludeRegValues);
|
||||
for (int i = 0; i < count; i++)
|
||||
catch (exception& exception)
|
||||
{
|
||||
HidObjId objId;
|
||||
hid_status = Hid_AddHiddenRegValue(hid_context, g_excludeRegValues[i].root, g_excludeRegValues[i].path, &objId);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
cout << "Error, Hid_AddHiddenRegValue failed with code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
cerr << exception.what() << endl;
|
||||
return -1;
|
||||
}
|
||||
|
||||
// Load Files
|
||||
count = _countof(g_excludeFiles);
|
||||
for (int i = 0; i < count; i++)
|
||||
{
|
||||
HidObjId objId;
|
||||
hid_status = Hid_AddHiddenFile(hid_context, g_excludeFiles[i], &objId);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
cout << "Error, Hid_AddHiddenFile failed with code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
}
|
||||
|
||||
// Load Dirs
|
||||
count = _countof(g_excludeDirs);
|
||||
for (int i = 0; i < count; i++)
|
||||
{
|
||||
HidObjId objId;
|
||||
hid_status = Hid_AddHiddenDir(hid_context, g_excludeDirs[i], &objId);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
cout << "Error, Hid_AddHiddenDir failed with code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
}
|
||||
|
||||
// Load excluded processes
|
||||
count = _countof(g_excludeProcesses);
|
||||
for (int i = 0; i < count; i++)
|
||||
{
|
||||
HidObjId objId;
|
||||
hid_status = Hid_AddExcludedImage(hid_context, g_excludeProcesses[i], WithoutInherit, TRUE, &objId);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
cout << "Error, Hid_AddExcludedImage failed with code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
}
|
||||
|
||||
// Load protected processes
|
||||
count = _countof(g_protectProcesses);
|
||||
for (int i = 0; i < count; i++)
|
||||
{
|
||||
HidObjId objId;
|
||||
hid_status = Hid_AddProtectedImage(hid_context, g_protectProcesses[i], WithoutInherit, TRUE, &objId);
|
||||
if (!HID_STATUS_SUCCESSFUL(hid_status))
|
||||
cout << "Error, Hid_AddProtectedImage failed with code: " << HID_STATUS_CODE(hid_status) << endl;
|
||||
}
|
||||
|
||||
Hid_Destroy(hid_context);
|
||||
cout << "Completed!" << endl;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -151,8 +151,19 @@
|
|||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="Commands.cpp" />
|
||||
<ClCompile Include="Connection.cpp" />
|
||||
<ClCompile Include="Helper.cpp" />
|
||||
<ClCompile Include="HiddenCLI.cpp" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="Commands.h" />
|
||||
<ClInclude Include="Connection.h" />
|
||||
<ClInclude Include="Helper.h" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<Text Include="cli.txt" />
|
||||
</ItemGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
</ImportGroup>
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
|
||||
hiddencli [connection] <command>
|
||||
|
||||
connection:
|
||||
|
||||
commands:
|
||||
|
||||
hide <file|dir|regval|regkey> <%path%>
|
||||
Hide filesystem or registry object by path
|
||||
|
||||
unhide <file|dir|regval|regkey> all
|
||||
Unhide all filesystem or registry object by selected type
|
||||
|
||||
unhide <file|dir|regval|regkey> <%ruleid%>
|
||||
Unhide all filesystem or registry object by selected type and rule ID
|
||||
|
||||
|
||||
ignore image [inherit:<none|always|once>] [apply:<fornew|forall>] <%path%>
|
||||
Set rule that allows to see hidden filesystem and registry objects for processes with specific image path
|
||||
|
||||
unignore <%ruleid%>
|
||||
Remove rule that allows to see hidden filesystem and registry objects by rule ID
|
||||
|
||||
unignore all
|
||||
Remove all rules that allow to see hidden filesystem and registry objects
|
||||
|
||||
ignore pid [inherit:<none|always|once>] <%pid%>
|
||||
Turn on abillity to see hidden filesystem and registry objects for specific process by PID
|
||||
|
||||
unignore pid <%pid%>
|
||||
Turn off abillity to see hidden filesystem and registry objects for specific process by PID
|
||||
|
||||
|
||||
protect image [inherit:<none|always|once>] [apply:<fornew|forall>] <%path%>
|
||||
Set rule that allows to enable process protection for processes with specific image path
|
||||
|
||||
unprotect <%ruleid%>
|
||||
Remove rule that enables process protection by rule ID
|
||||
|
||||
unprotect all
|
||||
Remove all rules that enable process protection
|
||||
|
||||
protect pid [inherit:<none|always|once>] <%pid%>
|
||||
Turn on protection for specific process by PID
|
||||
|
||||
unprotect pid <%pid%>
|
||||
Turn off protection for specific process by PID
|
||||
|
||||
query <%pid%>
|
||||
Query information about state of the process by PID
|
Loading…
Reference in New Issue