From eceaaf829f01e8912dc18fc1d425e714a531573a Mon Sep 17 00:00:00 2001 From: JKornev <8bit.dosninja@gmail.com> Date: Wed, 7 Dec 2016 02:19:49 +0300 Subject: [PATCH] Added 'ignore' command to hiddencli --- Hidden/todo.txt | 7 +++ HiddenCLI/Helper.cpp | 16 ++++++ HiddenCLI/Helper.h | 18 ++++++ HiddenCLI/HiddenCLI.cpp | 2 - HiddenCLI/Hide.cpp | 61 ++++++++------------ HiddenCLI/Hide.h | 15 +---- HiddenCLI/Ignore.cpp | 120 ++++++++++++++++++++++++++++++++++++++++ HiddenCLI/Ignore.h | 40 ++++++++++++++ 8 files changed, 226 insertions(+), 53 deletions(-) create mode 100644 HiddenCLI/Ignore.cpp create mode 100644 HiddenCLI/Ignore.h diff --git a/Hidden/todo.txt b/Hidden/todo.txt index 9ba3cb4..283ce63 100644 --- a/Hidden/todo.txt +++ b/Hidden/todo.txt @@ -44,6 +44,13 @@ + Добавить поддержку флага автоприсвоение состояния существующим процессам для Hid_AddExcludedImage\Hid_AddProtectedImage + Проверить как ведёт себя файловый фильтр с файлами открытыми по ID или по короткому пути - Реализовать HiddenCLI + - ignore + - unignore + - protect + - unprotect + - query +- Проверить чтобы все ObjId генерировались начиная с 1 +- Написать тест HiddenCLITests - Реализовать функционал вкл\выкл драйвера через IOCTL + Портировать драйвер под архитектуру x64 + Портировать под версии Windows 8, 8.1, 10 diff --git a/HiddenCLI/Helper.cpp b/HiddenCLI/Helper.cpp index e401211..17de364 100644 --- a/HiddenCLI/Helper.cpp +++ b/HiddenCLI/Helper.cpp @@ -85,3 +85,19 @@ DWORD Handle::Error() { return m_error; } + +HidRegRootTypes GetRegType(wstring& path) +{ + static wchar_t regHKLM[] = L"HKLM\\"; + static wchar_t regHKCU[] = L"HKCU\\"; + static wchar_t regHKU[] = L"HKU\\"; + + if (path.compare(0, _countof(regHKLM) - 1, regHKLM) == 0) + return HidRegRootTypes::RegHKLM; + else if (path.compare(0, _countof(regHKCU) - 1, regHKCU) == 0) + return HidRegRootTypes::RegHKCU; + else if (path.compare(0, _countof(regHKU) - 1, regHKU) == 0) + return HidRegRootTypes::RegHKU; + else + throw WException(-2, L"Error, invalid registry prefix"); +} diff --git a/HiddenCLI/Helper.h b/HiddenCLI/Helper.h index b617f8e..6a1cecb 100644 --- a/HiddenCLI/Helper.h +++ b/HiddenCLI/Helper.h @@ -6,6 +6,8 @@ #include #include +#include "../HiddenLib/HiddenLib.h" + class WException { std::wstring m_errorMessage; @@ -50,3 +52,19 @@ public: DWORD Error(); }; + +enum EObjTypes { + TypeFile, + TypeDir, + TypeRegKey, + TypeRegVal, + TypeUnknown, +}; + +enum EProcTypes { + TypeProcessId, + TypeImage, + TypeUnknown, +}; + +HidRegRootTypes GetRegType(std::wstring& path); diff --git a/HiddenCLI/HiddenCLI.cpp b/HiddenCLI/HiddenCLI.cpp index a50fcfe..0673b7c 100644 --- a/HiddenCLI/HiddenCLI.cpp +++ b/HiddenCLI/HiddenCLI.cpp @@ -5,8 +5,6 @@ #include "Connection.h" #include "Commands.h" -#include "../HiddenLib/HiddenLib.h" - using namespace std; int wmain(int argc, wchar_t* argv[]) diff --git a/HiddenCLI/Hide.cpp b/HiddenCLI/Hide.cpp index 501fd42..54fd34d 100644 --- a/HiddenCLI/Hide.cpp +++ b/HiddenCLI/Hide.cpp @@ -30,27 +30,26 @@ void CommandHide::LoadArgs(Arguments& args) if (object == L"file") { - m_hideType = EHideTypes::TypeFile; + m_hideType = EObjTypes::TypeFile; } else if (object == L"dir") { - m_hideType = EHideTypes::TypeDir; + m_hideType = EObjTypes::TypeDir; } else if (object == L"regkey") { - m_hideType = EHideTypes::TypeRegKey; + m_hideType = EObjTypes::TypeRegKey; m_regRootType = GetRegType(m_path); } else if (object == L"regval") { - m_hideType = EHideTypes::TypeRegVal; + m_hideType = EObjTypes::TypeRegVal; m_regRootType = GetRegType(m_path); } else { throw WException(-2, L"Error, invalid argument for command 'hide'"); } - } void CommandHide::PerformCommand(Connection& connection) @@ -60,16 +59,16 @@ void CommandHide::PerformCommand(Connection& connection) switch (m_hideType) { - case EHideTypes::TypeFile: + case EObjTypes::TypeFile: status = Hid_AddHiddenFile(connection.GetContext(), m_path.c_str(), &objId); break; - case EHideTypes::TypeDir: + case EObjTypes::TypeDir: status = Hid_AddHiddenDir(connection.GetContext(), m_path.c_str(), &objId); break; - case EHideTypes::TypeRegKey: + case EObjTypes::TypeRegKey: status = Hid_AddHiddenRegKey(connection.GetContext(), m_regRootType, m_path.c_str(), &objId); break; - case EHideTypes::TypeRegVal: + case EObjTypes::TypeRegVal: status = Hid_AddHiddenRegValue(connection.GetContext(), m_regRootType, m_path.c_str(), &objId); break; default: @@ -80,23 +79,7 @@ void CommandHide::PerformCommand(Connection& connection) throw WException(HID_STATUS_CODE(status), L"Error, command 'hide' rejected"); wcerr << L"Command 'hide' successful" << endl; - wcout << L"status:ok;id:" << objId << endl; -} - -HidRegRootTypes CommandHide::GetRegType(wstring& path) -{ - static wchar_t regHKLM[] = L"HKLM\\"; - static wchar_t regHKCU[] = L"HKCU\\"; - static wchar_t regHKU[] = L"HKU\\"; - - if (path.compare(0, _countof(regHKLM) - 1, regHKLM) == 0) - return HidRegRootTypes::RegHKLM; - else if (path.compare(0, _countof(regHKCU) - 1, regHKCU) == 0) - return HidRegRootTypes::RegHKCU; - else if (path.compare(0, _countof(regHKU) - 1, regHKU) == 0) - return HidRegRootTypes::RegHKU; - else - throw WException(-2, L"Error, invalid registry prefix"); + wcout << L"status:ok;objid:" << objId << endl; } // ================= @@ -127,19 +110,19 @@ void CommandUnhide::LoadArgs(Arguments& args) if (object == L"file") { - m_hideType = EHideTypes::TypeFile; + m_hideType = EObjTypes::TypeFile; } else if (object == L"dir") { - m_hideType = EHideTypes::TypeDir; + m_hideType = EObjTypes::TypeDir; } else if (object == L"regkey") { - m_hideType = EHideTypes::TypeRegKey; + m_hideType = EObjTypes::TypeRegKey; } else if (object == L"regval") { - m_hideType = EHideTypes::TypeRegVal; + m_hideType = EObjTypes::TypeRegVal; } else { @@ -151,7 +134,7 @@ void CommandUnhide::LoadArgs(Arguments& args) { m_targetId = _wtoll(target.c_str()); if (!m_targetId) - throw WException(-2, L"Error, invalid target id for command 'unhide'"); + throw WException(-2, L"Error, invalid target objid for command 'unhide'"); } } @@ -163,16 +146,16 @@ void CommandUnhide::PerformCommand(Connection& connection) { switch (m_hideType) { - case EHideTypes::TypeFile: + case EObjTypes::TypeFile: status = Hid_RemoveAllHiddenFiles(connection.GetContext()); break; - case EHideTypes::TypeDir: + case EObjTypes::TypeDir: status = Hid_RemoveAllHiddenDirs(connection.GetContext()); break; - case EHideTypes::TypeRegKey: + case EObjTypes::TypeRegKey: status = Hid_RemoveAllHiddenRegKeys(connection.GetContext()); break; - case EHideTypes::TypeRegVal: + case EObjTypes::TypeRegVal: status = Hid_RemoveAllHiddenRegValues(connection.GetContext()); break; default: @@ -183,16 +166,16 @@ void CommandUnhide::PerformCommand(Connection& connection) { switch (m_hideType) { - case EHideTypes::TypeFile: + case EObjTypes::TypeFile: status = Hid_RemoveHiddenFile(connection.GetContext(), m_targetId); break; - case EHideTypes::TypeDir: + case EObjTypes::TypeDir: status = Hid_RemoveHiddenDir(connection.GetContext(), m_targetId); break; - case EHideTypes::TypeRegKey: + case EObjTypes::TypeRegKey: status = Hid_RemoveHiddenRegKey(connection.GetContext(), m_targetId); break; - case EHideTypes::TypeRegVal: + case EObjTypes::TypeRegVal: status = Hid_RemoveHiddenRegValue(connection.GetContext(), m_targetId); break; default: diff --git a/HiddenCLI/Hide.h b/HiddenCLI/Hide.h index ea08b51..21a2cf5 100644 --- a/HiddenCLI/Hide.h +++ b/HiddenCLI/Hide.h @@ -2,24 +2,14 @@ #include "Commands.h" -enum EHideTypes { - TypeFile, - TypeDir, - TypeRegKey, - TypeRegVal, - TypeUnknown, -}; - class CommandHide : public ICommand { const wchar_t* m_command = nullptr; - EHideTypes m_hideType; + EObjTypes m_hideType; HidRegRootTypes m_regRootType; std::wstring m_path; - HidRegRootTypes GetRegType(std::wstring& path); - public: CommandHide(); @@ -34,9 +24,10 @@ class CommandUnhide : public ICommand { const wchar_t* m_command = nullptr; - EHideTypes m_hideType; + EObjTypes m_hideType; HidObjId m_targetId; bool m_targetAll; + public: CommandUnhide(); diff --git a/HiddenCLI/Ignore.cpp b/HiddenCLI/Ignore.cpp new file mode 100644 index 0000000..b6cc4e6 --- /dev/null +++ b/HiddenCLI/Ignore.cpp @@ -0,0 +1,120 @@ +#include "Ignore.h" +#include + +using namespace std; + +// ================= + +CommandIgnore::CommandIgnore() : m_command(L"/ignore") +{ +} + +CommandIgnore::~CommandIgnore() +{ +} + +bool CommandIgnore::CompareCommand(std::wstring& command) +{ + return (command == m_command); +} + +void CommandIgnore::LoadArgs(Arguments& args) +{ + wstring object, target; + + if (!args.GetNext(object)) + throw WException(-2, L"Error, mismatched argument #1 for command 'ignore'"); + + if (object == L"image") + { + m_procType = EProcTypes::TypeImage; + } + else if (object == L"pid") + { + m_procType = EProcTypes::TypeProcessId; + } + else + { + throw WException(-2, L"Error, invalid object type in command 'ignore'"); + } + + m_inheritType = LoadInheritOption(args, HidPsInheritTypes::WithoutInherit); + + m_applyByDefault = false; + if (m_procType == EProcTypes::TypeImage) + m_applyByDefault = LoadApplyOption(args, m_applyByDefault); + + if (!args.GetNext(target)) + throw WException(-2, L"Error, mismatched argument #2 for command 'ignore'"); + + if (m_procType == EProcTypes::TypeImage) + { + m_targetImage = target; + } + else + { + m_targetProcId = _wtoll(target.c_str()); + if (!m_targetProcId) + throw WException(-2, L"Error, invalid target pid for command 'ignore'"); + } +} + +void CommandIgnore::PerformCommand(Connection& connection) +{ + HidStatus status; + HidObjId objId; + + switch (m_procType) + { + case EProcTypes::TypeProcessId: + status = Hid_AttachExcludedState(connection.GetContext(), m_targetProcId, m_inheritType); + break; + case EProcTypes::TypeImage: + status = Hid_AddExcludedImage(connection.GetContext(), m_targetImage.c_str(), m_inheritType, m_applyByDefault, &objId); + break; + default: + throw WException(-2, L"Internal error, invalid type for command 'ignore'"); + } + + if (!HID_STATUS_SUCCESSFUL(status)) + throw WException(HID_STATUS_CODE(status), L"Error, command 'ignore' rejected"); + + wcerr << L"Command 'unhide' successful" << endl; + if (EProcTypes::TypeProcessId) + wcout << L"status:ok" << endl; + else + wcout << L"status:ok;objid:" << objId << endl; +} + +HidPsInheritTypes CommandIgnore::LoadInheritOption(Arguments& args, HidPsInheritTypes default) +{ + return default; +} + +bool CommandIgnore::LoadApplyOption(Arguments& args, bool applyByDefault) +{ + return applyByDefault; +} + +// ================= + +CommandUnignore::CommandUnignore() : m_command(L"/unignore") +{ +} + +CommandUnignore::~CommandUnignore() +{ +} + +bool CommandUnignore::CompareCommand(std::wstring& command) +{ + return (command == m_command); +} + +void CommandUnignore::LoadArgs(Arguments& args) +{ +} + +void CommandUnignore::PerformCommand(Connection& connection) +{ +} diff --git a/HiddenCLI/Ignore.h b/HiddenCLI/Ignore.h new file mode 100644 index 0000000..7eefb3a --- /dev/null +++ b/HiddenCLI/Ignore.h @@ -0,0 +1,40 @@ +#pragma once + +#include "Commands.h" + +class CommandIgnore : public ICommand +{ + const wchar_t* m_command = nullptr; + + EProcTypes m_procType; + std::wstring m_targetImage; + HidProcId m_targetProcId; + HidPsInheritTypes m_inheritType; + bool m_applyByDefault; + + HidPsInheritTypes LoadInheritOption(Arguments& args, HidPsInheritTypes default); + bool LoadApplyOption(Arguments& args, bool applyByDefault); + +public: + + CommandIgnore(); + virtual ~CommandIgnore(); + + virtual bool CompareCommand(std::wstring& command); + virtual void LoadArgs(Arguments& args); + virtual void PerformCommand(Connection& connection); +}; + +class CommandUnignore : public ICommand +{ + const wchar_t* m_command = nullptr; + +public: + + CommandUnignore(); + virtual ~CommandUnignore(); + + virtual bool CompareCommand(std::wstring& command); + virtual void LoadArgs(Arguments& args); + virtual void PerformCommand(Connection& connection); +};