Added 'ignore' command to hiddencli

2024-06-16 03:58:04 +00:00 · 2016-12-07 02:19:49 +03:00 · 2016-12-07 02:19:49 +03:00 · eceaaf829f
commit eceaaf829f
parent 93a78b2680
8 changed files with 226 additions and 53 deletions
--- a/Hidden/todo.txt
+++ b/Hidden/todo.txt
@ -44,6 +44,13 @@
 + Добавить поддержку флага автоприсвоение состояния существующим процессам для Hid_AddExcludedImage\Hid_AddProtectedImage
 + Проверить как ведёт себя файловый фильтр с файлами открытыми по ID или по короткому пути
 - Реализовать HiddenCLI
+	- ignore
+	- unignore
+	- protect
+	- unprotect
+	- query
+- Проверить чтобы все ObjId генерировались начиная с 1
+- Написать тест HiddenCLITests
 - Реализовать функционал вкл\выкл драйвера через IOCTL
 + Портировать драйвер под архитектуру x64
 + Портировать под версии Windows 8, 8.1, 10
--- a/HiddenCLI/Helper.cpp
+++ b/HiddenCLI/Helper.cpp
@ -85,3 +85,19 @@ DWORD Handle::Error()
 {
 	return m_error;
 }
+
+HidRegRootTypes GetRegType(wstring& path)
+{
+	static wchar_t regHKLM[] = L"HKLM\\";
+	static wchar_t regHKCU[] = L"HKCU\\";
+	static wchar_t regHKU[] = L"HKU\\";
+
+	if (path.compare(0, _countof(regHKLM) - 1, regHKLM) == 0)
+		return HidRegRootTypes::RegHKLM;
+	else if (path.compare(0, _countof(regHKCU) - 1, regHKCU) == 0)
+		return HidRegRootTypes::RegHKCU;
+	else if (path.compare(0, _countof(regHKU) - 1, regHKU) == 0)
+		return HidRegRootTypes::RegHKU;
+	else
+		throw WException(-2, L"Error, invalid registry prefix");
+}
--- a/HiddenCLI/Helper.h
+++ b/HiddenCLI/Helper.h
@ -6,6 +6,8 @@
 #include <stdarg.h>
 #include <Windows.h>

+#include "../HiddenLib/HiddenLib.h"
+
 class WException
 {
 	std::wstring m_errorMessage;
@ -50,3 +52,19 @@ public:
 	DWORD Error();

 };
+
+enum EObjTypes {
+	TypeFile,
+	TypeDir,
+	TypeRegKey,
+	TypeRegVal,
+	TypeUnknown,
+};
+
+enum EProcTypes {
+	TypeProcessId,
+	TypeImage,
+	TypeUnknown,
+};
+
+HidRegRootTypes GetRegType(std::wstring& path);
--- a/HiddenCLI/HiddenCLI.cpp
+++ b/HiddenCLI/HiddenCLI.cpp
@ -5,8 +5,6 @@
 #include "Connection.h"
 #include "Commands.h"

-#include "../HiddenLib/HiddenLib.h"
-
 using namespace std;

 int wmain(int argc, wchar_t* argv[])
--- a/HiddenCLI/Hide.cpp
+++ b/HiddenCLI/Hide.cpp
@ -30,27 +30,26 @@ void CommandHide::LoadArgs(Arguments& args)

 	if (object == L"file")
 	{
-		m_hideType = EHideTypes::TypeFile;
+		m_hideType = EObjTypes::TypeFile;
 	}
 	else if (object == L"dir")
 	{
-		m_hideType = EHideTypes::TypeDir;
+		m_hideType = EObjTypes::TypeDir;
 	}
 	else if (object == L"regkey")
 	{
-		m_hideType = EHideTypes::TypeRegKey;
+		m_hideType = EObjTypes::TypeRegKey;
 		m_regRootType = GetRegType(m_path);
 	}
 	else if (object == L"regval")
 	{
-		m_hideType = EHideTypes::TypeRegVal;
+		m_hideType = EObjTypes::TypeRegVal;
 		m_regRootType = GetRegType(m_path);
 	}
 	else
 	{
 		throw WException(-2, L"Error, invalid argument for command 'hide'");
 	}
-
 }

 void CommandHide::PerformCommand(Connection& connection)
@ -60,16 +59,16 @@ void CommandHide::PerformCommand(Connection& connection)

 	switch (m_hideType)
 	{
-	case EHideTypes::TypeFile:
+	case EObjTypes::TypeFile:
 		status = Hid_AddHiddenFile(connection.GetContext(), m_path.c_str(), &objId);
 		break;
-	case EHideTypes::TypeDir:
+	case EObjTypes::TypeDir:
 		status = Hid_AddHiddenDir(connection.GetContext(), m_path.c_str(), &objId);
 		break;
-	case EHideTypes::TypeRegKey:
+	case EObjTypes::TypeRegKey:
 		status = Hid_AddHiddenRegKey(connection.GetContext(), m_regRootType, m_path.c_str(), &objId);
 		break;
-	case EHideTypes::TypeRegVal:
+	case EObjTypes::TypeRegVal:
 		status = Hid_AddHiddenRegValue(connection.GetContext(), m_regRootType, m_path.c_str(), &objId);
 		break;
 	default:
@ -80,23 +79,7 @@ void CommandHide::PerformCommand(Connection& connection)
 		throw WException(HID_STATUS_CODE(status), L"Error, command 'hide' rejected");

 	wcerr << L"Command 'hide' successful" << endl;
-	wcout << L"status:ok;id:" << objId << endl;
-}
-
-HidRegRootTypes CommandHide::GetRegType(wstring& path)
-{
-	static wchar_t regHKLM[] = L"HKLM\\";
-	static wchar_t regHKCU[] = L"HKCU\\";
-	static wchar_t regHKU[]  = L"HKU\\";
-
-	if (path.compare(0, _countof(regHKLM) - 1, regHKLM) == 0)
-		return HidRegRootTypes::RegHKLM;
-	else if (path.compare(0, _countof(regHKCU) - 1, regHKCU) == 0)
-		return HidRegRootTypes::RegHKCU;
-	else if (path.compare(0, _countof(regHKU) - 1, regHKU) == 0)
-		return HidRegRootTypes::RegHKU;
-	else
-		throw WException(-2, L"Error, invalid registry prefix");
+	wcout << L"status:ok;objid:" << objId << endl;
 }

 // =================
@ -127,19 +110,19 @@ void CommandUnhide::LoadArgs(Arguments& args)

 	if (object == L"file")
 	{
-		m_hideType = EHideTypes::TypeFile;
+		m_hideType = EObjTypes::TypeFile;
 	}
 	else if (object == L"dir")
 	{
-		m_hideType = EHideTypes::TypeDir;
+		m_hideType = EObjTypes::TypeDir;
 	}
 	else if (object == L"regkey")
 	{
-		m_hideType = EHideTypes::TypeRegKey;
+		m_hideType = EObjTypes::TypeRegKey;
 	}
 	else if (object == L"regval")
 	{
-		m_hideType = EHideTypes::TypeRegVal;
+		m_hideType = EObjTypes::TypeRegVal;
 	}
 	else
 	{
@ -151,7 +134,7 @@ void CommandUnhide::LoadArgs(Arguments& args)
 	{
 		m_targetId = _wtoll(target.c_str());
 		if (!m_targetId)
-			throw WException(-2, L"Error, invalid target id for command 'unhide'");
+			throw WException(-2, L"Error, invalid target objid for command 'unhide'");
 	}
 }

@ -163,16 +146,16 @@ void CommandUnhide::PerformCommand(Connection& connection)
 	{
 		switch (m_hideType)
 		{
-		case EHideTypes::TypeFile:
+		case EObjTypes::TypeFile:
 			status = Hid_RemoveAllHiddenFiles(connection.GetContext());
 			break;
-		case EHideTypes::TypeDir:
+		case EObjTypes::TypeDir:
 			status = Hid_RemoveAllHiddenDirs(connection.GetContext());
 			break;
-		case EHideTypes::TypeRegKey:
+		case EObjTypes::TypeRegKey:
 			status = Hid_RemoveAllHiddenRegKeys(connection.GetContext());
 			break;
-		case EHideTypes::TypeRegVal:
+		case EObjTypes::TypeRegVal:
 			status = Hid_RemoveAllHiddenRegValues(connection.GetContext());
 			break;
 		default:
@ -183,16 +166,16 @@ void CommandUnhide::PerformCommand(Connection& connection)
 	{
 		switch (m_hideType)
 		{
-		case EHideTypes::TypeFile:
+		case EObjTypes::TypeFile:
 			status = Hid_RemoveHiddenFile(connection.GetContext(), m_targetId);
 			break;
-		case EHideTypes::TypeDir:
+		case EObjTypes::TypeDir:
 			status = Hid_RemoveHiddenDir(connection.GetContext(), m_targetId);
 			break;
-		case EHideTypes::TypeRegKey:
+		case EObjTypes::TypeRegKey:
 			status = Hid_RemoveHiddenRegKey(connection.GetContext(), m_targetId);
 			break;
-		case EHideTypes::TypeRegVal:
+		case EObjTypes::TypeRegVal:
 			status = Hid_RemoveHiddenRegValue(connection.GetContext(), m_targetId);
 			break;
 		default:
--- a/HiddenCLI/Hide.h
+++ b/HiddenCLI/Hide.h
@ -2,24 +2,14 @@

 #include "Commands.h"

-enum EHideTypes {
-	TypeFile,
-	TypeDir,
-	TypeRegKey,
-	TypeRegVal,
-	TypeUnknown,
-};
-
 class CommandHide : public ICommand
 {
 	const wchar_t* m_command = nullptr;

-	EHideTypes      m_hideType;
+	EObjTypes       m_hideType;
 	HidRegRootTypes m_regRootType;
 	std::wstring    m_path;

-	HidRegRootTypes GetRegType(std::wstring& path);
-
 public:

 	CommandHide();
@ -34,9 +24,10 @@ class CommandUnhide : public ICommand
 {
 	const wchar_t* m_command = nullptr;

-	EHideTypes      m_hideType;
+	EObjTypes       m_hideType;
 	HidObjId        m_targetId;
 	bool            m_targetAll;
+
 public:

 	CommandUnhide();
--- a/HiddenCLI/Ignore.cpp
+++ b/HiddenCLI/Ignore.cpp
@ -0,0 +1,120 @@
+#include "Ignore.h"
+#include <iostream>
+
+using namespace std;
+
+// =================
+
+CommandIgnore::CommandIgnore() : m_command(L"/ignore")
+{
+}
+
+CommandIgnore::~CommandIgnore()
+{
+}
+
+bool CommandIgnore::CompareCommand(std::wstring& command)
+{
+	return (command == m_command);
+}
+
+void CommandIgnore::LoadArgs(Arguments& args)
+{
+	wstring object, target;
+
+	if (!args.GetNext(object))
+		throw WException(-2, L"Error, mismatched argument #1 for command 'ignore'");
+
+	if (object == L"image")
+	{
+		m_procType = EProcTypes::TypeImage;
+	}
+	else if (object == L"pid")
+	{
+		m_procType = EProcTypes::TypeProcessId;
+	}
+	else
+	{
+		throw WException(-2, L"Error, invalid object type in command 'ignore'");
+	}
+
+	m_inheritType = LoadInheritOption(args, HidPsInheritTypes::WithoutInherit);
+
+	m_applyByDefault = false;
+	if (m_procType == EProcTypes::TypeImage)
+		m_applyByDefault = LoadApplyOption(args, m_applyByDefault);
+
+	if (!args.GetNext(target))
+		throw WException(-2, L"Error, mismatched argument #2 for command 'ignore'");
+
+	if (m_procType == EProcTypes::TypeImage)
+	{
+		m_targetImage = target;
+	}
+	else
+	{
+		m_targetProcId = _wtoll(target.c_str());
+		if (!m_targetProcId)
+			throw WException(-2, L"Error, invalid target pid for command 'ignore'");
+	}
+}
+
+void CommandIgnore::PerformCommand(Connection& connection)
+{
+	HidStatus status;
+	HidObjId objId;
+
+	switch (m_procType)
+	{
+	case EProcTypes::TypeProcessId:
+		status = Hid_AttachExcludedState(connection.GetContext(), m_targetProcId, m_inheritType);
+		break;
+	case EProcTypes::TypeImage:
+		status = Hid_AddExcludedImage(connection.GetContext(), m_targetImage.c_str(), m_inheritType, m_applyByDefault, &objId);
+		break;
+	default:
+		throw WException(-2, L"Internal error, invalid type for command 'ignore'");
+	}
+
+	if (!HID_STATUS_SUCCESSFUL(status))
+		throw WException(HID_STATUS_CODE(status), L"Error, command 'ignore' rejected");
+
+	wcerr << L"Command 'unhide' successful" << endl;
+	if (EProcTypes::TypeProcessId)
+		wcout << L"status:ok" << endl;
+	else
+		wcout << L"status:ok;objid:" << objId << endl;
+}
+
+HidPsInheritTypes CommandIgnore::LoadInheritOption(Arguments& args, HidPsInheritTypes default)
+{
+	return default;
+}
+
+bool CommandIgnore::LoadApplyOption(Arguments& args, bool applyByDefault)
+{
+	return applyByDefault;
+}
+
+// =================
+
+CommandUnignore::CommandUnignore() : m_command(L"/unignore")
+{
+}
+
+CommandUnignore::~CommandUnignore()
+{
+}
+
+bool CommandUnignore::CompareCommand(std::wstring& command)
+{
+	return (command == m_command);
+}
+
+void CommandUnignore::LoadArgs(Arguments& args)
+{
+}
+
+void CommandUnignore::PerformCommand(Connection& connection)
+{
+}
--- a/HiddenCLI/Ignore.h
+++ b/HiddenCLI/Ignore.h
@ -0,0 +1,40 @@
+#pragma once
+
+#include "Commands.h"
+
+class CommandIgnore : public ICommand
+{
+	const wchar_t* m_command = nullptr;
+
+	EProcTypes   m_procType;
+	std::wstring m_targetImage;
+	HidProcId    m_targetProcId;
+	HidPsInheritTypes m_inheritType;
+	bool         m_applyByDefault;
+
+	HidPsInheritTypes LoadInheritOption(Arguments& args, HidPsInheritTypes default);
+	bool LoadApplyOption(Arguments& args, bool applyByDefault);
+
+public:
+
+	CommandIgnore();
+	virtual ~CommandIgnore();
+
+	virtual bool CompareCommand(std::wstring& command);
+	virtual void LoadArgs(Arguments& args);
+	virtual void PerformCommand(Connection& connection);
+};
+
+class CommandUnignore : public ICommand
+{
+	const wchar_t* m_command = nullptr;
+
+public:
+
+	CommandUnignore();
+	virtual ~CommandUnignore();
+
+	virtual bool CompareCommand(std::wstring& command);
+	virtual void LoadArgs(Arguments& args);
+	virtual void PerformCommand(Connection& connection);
+};