|
|
@@ -1,1513 +0,0 @@
|
|
|
-#include "precompile.h"
|
|
|
-#include "app.h"
|
|
|
-#include "osutil.h"
|
|
|
-#include "memtrace.h"
|
|
|
-#include "sp_def.h"
|
|
|
-#include "sp_dbg.h"
|
|
|
-#include <DbgHelp.h>
|
|
|
-#include <TlHelp32.h>
|
|
|
-#include "fileutil.h"
|
|
|
-#include "iniutil.h"
|
|
|
-#include "SimpleString.h"
|
|
|
-#include "md5file.h"
|
|
|
-#include <io.h>
|
|
|
-#include <map>
|
|
|
-#include <iterator>
|
|
|
-#include <fstream>
|
|
|
-using namespace std;
|
|
|
-
|
|
|
-#pragma comment(lib, "dbghelp.lib")
|
|
|
-
|
|
|
-#define DRIVER_NAME "HelloDDK"
|
|
|
-#define DRIVER_PATH "InterceptDll.sys"
|
|
|
-#define SET_EVENT CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
|
-#define GET_SHARE_ADD CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
|
-
|
|
|
-HANDLE g_hEvent = NULL;
|
|
|
-bool g_bMD5Exist = false;
|
|
|
-bool g_bWow64 = false;
|
|
|
-CSimpleStringA g_strMD5ListPath;
|
|
|
-
|
|
|
-static void SetEnvPath()
|
|
|
-{
|
|
|
- char path[MAX_PATH];
|
|
|
- char *buf;
|
|
|
- DWORD size;
|
|
|
- const char *var = "PATH";
|
|
|
-
|
|
|
- // set current path
|
|
|
- GetModuleFileNameA(NULL, path, MAX_PATH);
|
|
|
- *strrchr(path, '\\') = 0;
|
|
|
- *strrchr(path, '\\') = 0;
|
|
|
- SetCurrentDirectoryA(path);
|
|
|
-
|
|
|
- // append dep subdir to %PATH%
|
|
|
- strcat(path, "\\dep");
|
|
|
- size = GetEnvironmentVariableA(var, NULL, 0);
|
|
|
- buf = (char*)malloc(size+MAX_PATH*3);
|
|
|
- size = GetEnvironmentVariableA(var, buf, size);
|
|
|
- strcpy(buf+size, ";");
|
|
|
- strcat(buf+size, path);
|
|
|
-
|
|
|
- *strrchr(path, '\\') = 0;
|
|
|
- strcat(path, "\\bin");
|
|
|
- strcat(buf+size, ";");
|
|
|
- strcat(buf+size, path);
|
|
|
-
|
|
|
- *strrchr(path, '\\') = 0;
|
|
|
- strcat(path, "\\dev");
|
|
|
- strcat(buf+size, ";");
|
|
|
- strcat(buf+size, path);
|
|
|
-
|
|
|
- *strrchr(path, '\\') = 0;
|
|
|
- strcat(path, "\\imdep");
|
|
|
- strcat(buf + size, ";");
|
|
|
- strcat(buf + size, path);
|
|
|
-
|
|
|
-
|
|
|
- SetEnvironmentVariableA(var, buf);
|
|
|
- free(buf);
|
|
|
-}
|
|
|
-
|
|
|
-static void SetWorkingSet()
|
|
|
-{
|
|
|
- SIZE_T dwMinSize, dwMaxSize;
|
|
|
- HANDLE hCurrProcess = GetCurrentProcess();
|
|
|
- GetProcessWorkingSetSize(hCurrProcess, &dwMinSize, &dwMaxSize);
|
|
|
- if (dwMaxSize < (2<<20))
|
|
|
- dwMaxSize = 2<<20;
|
|
|
- SetProcessWorkingSetSize(hCurrProcess, dwMinSize, dwMaxSize);
|
|
|
-}
|
|
|
-
|
|
|
-static LONG WINAPI SuppressError(struct _EXCEPTION_POINTERS* ExceptionInfo)
|
|
|
-{
|
|
|
- char tmp[MAX_PATH];
|
|
|
- HANDLE hDumpFile;
|
|
|
-
|
|
|
- wsprintfA(tmp, ".\\expt.spshell.%d.%d.dmp", GetCurrentThreadId(), GetCurrentProcessId());
|
|
|
- hDumpFile = CreateFileA( tmp, GENERIC_READ | GENERIC_WRITE,
|
|
|
- 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL );
|
|
|
- if( ( hDumpFile != NULL ) && ( hDumpFile != INVALID_HANDLE_VALUE ) )
|
|
|
- {
|
|
|
- MINIDUMP_EXCEPTION_INFORMATION mdei;
|
|
|
- MINIDUMP_TYPE mdt;
|
|
|
-
|
|
|
- mdei.ThreadId = GetCurrentThreadId();
|
|
|
- mdei.ExceptionPointers = ExceptionInfo;
|
|
|
- mdei.ClientPointers = FALSE;
|
|
|
-
|
|
|
- mdt = MiniDumpNormal;
|
|
|
-
|
|
|
- MiniDumpWriteDump( GetCurrentProcess(), GetCurrentProcessId(),
|
|
|
- hDumpFile, mdt, (ExceptionInfo != 0) ? &mdei : 0, 0, 0 );
|
|
|
-
|
|
|
- CloseHandle( hDumpFile );
|
|
|
- }
|
|
|
-
|
|
|
- ExitProcess(Error_Exception); // exit process to suppress reporting exception
|
|
|
-
|
|
|
- return EXCEPTION_EXECUTE_HANDLER;
|
|
|
-}
|
|
|
-
|
|
|
-static void DisableSetUnhandledExceptionFilter()
|
|
|
-{
|
|
|
- void* addr = (void*)GetProcAddress(LoadLibrary("kernel32.dll"), "SetUnhandledExceptionFilter");
|
|
|
- if (addr) {
|
|
|
- DWORD dwOldFlag, dwTempFlag;
|
|
|
- unsigned char code[] = {0x33, 0xC0, 0xC2, 0x04, 0x00}; // xor eax,eax; ret 4;
|
|
|
- //VirtualProtect(addr, sizeof(code), PAGE_READWRITE, &dwOldFlag);
|
|
|
- VirtualProtectEx(GetCurrentProcess(), addr, sizeof(code), PAGE_EXECUTE_READWRITE, &dwOldFlag);
|
|
|
- WriteProcessMemory(GetCurrentProcess(), addr, code, sizeof(code), NULL);
|
|
|
- VirtualProtect(addr, sizeof(code), dwOldFlag, &dwTempFlag);
|
|
|
- }
|
|
|
-}
|
|
|
-
|
|
|
-__declspec(dllimport) bool DisableCharmbar();
|
|
|
-__declspec(dllimport) bool EnableCharmbar();
|
|
|
-
|
|
|
-static HANDLE create_process(const char *app)
|
|
|
-{
|
|
|
- //BOOL bRet;
|
|
|
- STARTUPINFOA si = { sizeof(STARTUPINFOA) };
|
|
|
- si.wShowWindow = SW_SHOWMAXIMIZED;
|
|
|
- si.dwFlags = STARTF_USESHOWWINDOW;
|
|
|
- PROCESS_INFORMATION pi;
|
|
|
- DWORD dwSessionId;
|
|
|
- HANDLE hUserTokenDup, hThisToken;
|
|
|
- HANDLE hProcess = NULL;
|
|
|
-
|
|
|
- dwSessionId = WTSGetActiveConsoleSessionId();
|
|
|
- if (OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hThisToken)) {
|
|
|
- LUID luid;
|
|
|
- TOKEN_PRIVILEGES tp;
|
|
|
- LPVOID pEnv = NULL;
|
|
|
- LookupPrivilegeValueA(NULL, SE_DEBUG_NAME, &luid);
|
|
|
- tp.PrivilegeCount = 1;
|
|
|
- tp.Privileges[0].Luid = luid;
|
|
|
- tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
|
|
- DuplicateTokenEx(hThisToken, MAXIMUM_ALLOWED, NULL,
|
|
|
- SecurityIdentification, TokenPrimary, &hUserTokenDup);
|
|
|
- SetTokenInformation(hUserTokenDup,
|
|
|
- TokenSessionId, (void*)&dwSessionId, sizeof(DWORD));
|
|
|
- AdjustTokenPrivileges(hUserTokenDup, FALSE, &tp, sizeof(TOKEN_PRIVILEGES),
|
|
|
- (PTOKEN_PRIVILEGES)NULL, NULL);
|
|
|
- //CreateEnvironmentBlock(&pEnv,hUserTokenDup,TRUE);
|
|
|
- if (CreateProcessAsUserA(hUserTokenDup, NULL,
|
|
|
- (LPSTR)app, // "D:\\Source\\RVC\\RVCProject\\Release\\version\\1.0.0.1\\bin\\MetroWatcher64.exe 732",
|
|
|
- NULL, NULL, FALSE, 0, pEnv, NULL, &si, &pi))
|
|
|
- {
|
|
|
- CloseHandle(pi.hThread);
|
|
|
- hProcess = pi.hProcess;
|
|
|
- }
|
|
|
- else
|
|
|
- sp_dbg_warn("create process failed! Error : ", GetLastError());
|
|
|
-
|
|
|
- //if (pEnv)
|
|
|
- //DestroyEnvironmentBlock(pEnv);
|
|
|
- CloseHandle(hUserTokenDup);
|
|
|
- CloseHandle(hThisToken);
|
|
|
- }
|
|
|
- else {
|
|
|
- sp_dbg_warn("open process token failed! Error : ", GetLastError());
|
|
|
- }
|
|
|
-
|
|
|
- return hProcess;
|
|
|
-}
|
|
|
-
|
|
|
-static void AutoHideTaskBar(bool bHide)
|
|
|
-{
|
|
|
- APPBARDATA apBar;
|
|
|
- memset(&apBar, 0, sizeof(apBar));
|
|
|
- apBar.cbSize = sizeof(apBar);
|
|
|
- apBar.lParam = bHide ? ABS_AUTOHIDE : ABS_ALWAYSONTOP;
|
|
|
- apBar.hWnd = FindWindow("Shell_TrayWnd", NULL);
|
|
|
-
|
|
|
- if (apBar.hWnd != NULL)
|
|
|
- {
|
|
|
- SHAppBarMessage(ABM_SETSTATE, &apBar);
|
|
|
- }
|
|
|
-}
|
|
|
-
|
|
|
-//static bool AddRegStrValue(HKEY hKey, const char *szSubKey, const char *szKeyName, const char *szValue, bool bWin64)
|
|
|
-//{
|
|
|
-// HKEY hSubKey;
|
|
|
-// LONG nRet = ::RegCreateKeyEx(hKey,
|
|
|
-// szSubKey,
|
|
|
-// 0,
|
|
|
-// NULL,
|
|
|
-// 0,
|
|
|
-// bWin64 ? (KEY_ALL_ACCESS | KEY_WOW64_64KEY) : (KEY_ALL_ACCESS | KEY_WOW64_32KEY),
|
|
|
-// NULL,
|
|
|
-// &hSubKey,
|
|
|
-// NULL);
|
|
|
-// if (nRet != ERROR_SUCCESS)
|
|
|
-// return false;
|
|
|
-//
|
|
|
-// nRet = RegSetValueExA(hSubKey, szKeyName, 0, REG_SZ, (BYTE*)szValue, strlen(szValue)+1);
|
|
|
-// RegCloseKey(hSubKey);
|
|
|
-// return (nRet == ERROR_SUCCESS);
|
|
|
-//}
|
|
|
-
|
|
|
-
|
|
|
-static bool AddRegIntValue(HKEY hKey, const char *szSubKey, const char *szKeyName, DWORD dwValue, bool bWin64)
|
|
|
-{
|
|
|
- HKEY hSubKey;
|
|
|
- LONG nRet = ::RegCreateKeyEx(hKey,
|
|
|
- szSubKey,
|
|
|
- 0,
|
|
|
- NULL,
|
|
|
- 0,
|
|
|
- bWin64 ? (KEY_ALL_ACCESS | KEY_WOW64_64KEY) : (KEY_ALL_ACCESS | KEY_WOW64_32KEY),
|
|
|
- NULL,
|
|
|
- &hSubKey,
|
|
|
- NULL);
|
|
|
- if (nRet != ERROR_SUCCESS)
|
|
|
- return false;
|
|
|
-
|
|
|
- nRet = RegSetValueExA(hSubKey, szKeyName, 0, REG_DWORD, (BYTE*)&dwValue, sizeof(DWORD));
|
|
|
- RegCloseKey(hSubKey);
|
|
|
- return (nRet == ERROR_SUCCESS);
|
|
|
-}
|
|
|
-
|
|
|
-
|
|
|
-//static bool DeleteRegValue(HKEY hKey, const char *szSubKey, const char *szKeyName, bool bWin64)
|
|
|
-//{
|
|
|
-// HKEY hSubKey;
|
|
|
-// LONG nRet = ::RegCreateKeyEx(hKey,
|
|
|
-// szSubKey,
|
|
|
-// 0,
|
|
|
-// NULL,
|
|
|
-// 0,
|
|
|
-// bWin64 ? (KEY_ALL_ACCESS | KEY_WOW64_64KEY) : (KEY_ALL_ACCESS | KEY_WOW64_32KEY),
|
|
|
-// NULL,
|
|
|
-// &hSubKey,
|
|
|
-// NULL);
|
|
|
-// if (nRet != ERROR_SUCCESS)
|
|
|
-// return false;
|
|
|
-//
|
|
|
-// nRet = RegDeleteValueA(hSubKey, szKeyName);
|
|
|
-// RegCloseKey(hSubKey);
|
|
|
-// return (nRet == ERROR_SUCCESS);
|
|
|
-//}
|
|
|
-
|
|
|
-static bool AddFirewallRules()
|
|
|
-{
|
|
|
- char szBinDir[MAX_PATH] = {};
|
|
|
- GetModuleFileNameA(NULL, szBinDir, MAX_PATH);
|
|
|
- *strrchr(szBinDir, '\\') = 0;
|
|
|
-
|
|
|
- int nRet = (int)ShellExecute(NULL, "open", "cmd.exe", "/s /c \"netsh advfirewall firewall delete rule name=\"\"SpShell\"\"", NULL, SW_HIDE);
|
|
|
- nRet = (int)ShellExecute(NULL, "open", "cmd.exe", "/s /c \"netsh advfirewall firewall delete rule name=\"\"SpShell\"\"", NULL, SW_HIDE);
|
|
|
- nRet = (int)ShellExecute(NULL, "open", "cmd.exe", "/s /c \"netsh advfirewall firewall delete rule name=\"\"SpHost\"\"", NULL, SW_HIDE);
|
|
|
- nRet = (int)ShellExecute(NULL, "open", "cmd.exe", "/s /c \"netsh advfirewall firewall delete rule name=\"\"SpGuardian\"\"", NULL, SW_HIDE);
|
|
|
-
|
|
|
- char szParam[1024] = {};
|
|
|
- sprintf_s(szParam, 1024, "/s /c \"netsh advfirewall firewall add rule name=\"\"SpShell\"\" dir=out program=\"\"%s\\spshell.exe\"\" action=allow\"", szBinDir);
|
|
|
- nRet = (int)ShellExecute(NULL, "open", "cmd.exe", szParam, NULL, SW_HIDE);
|
|
|
-
|
|
|
- sprintf_s(szParam, 1024, "/s /c \"netsh advfirewall firewall add rule name=\"\"SpHost\"\" dir=out program=\"\"%s\\sphost.exe\"\" action=allow\"", szBinDir);
|
|
|
- nRet = (int)ShellExecute(NULL, "open", "cmd.exe", szParam, NULL, SW_HIDE);
|
|
|
-
|
|
|
- sprintf_s(szParam, 1024, "/s /c \"netsh advfirewall firewall add rule name=\"\"SpGuardian\"\" dir=out program=\"\"%s\\guardian.exe\"\" action=allow\"", szBinDir);
|
|
|
- nRet = (int)ShellExecute(NULL, "open", "cmd.exe", szParam, NULL, SW_HIDE);
|
|
|
-
|
|
|
- return nRet > 32;
|
|
|
-}
|
|
|
-
|
|
|
-//static bool DisableWebBrowserRenderMode(bool bX64)
|
|
|
-//{
|
|
|
-// // 此设置会引起SL页面滚动条
|
|
|
-// bool bRet = true;
|
|
|
-// if (bX64)
|
|
|
-// {
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BROWSER_EMULATION", "sphost.exe", true);
|
|
|
-// bRet = bRet && DeleteRegValue(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_GPU_RENDERING", "sphost.exe", true);
|
|
|
-// }
|
|
|
-//
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BROWSER_EMULATION", "sphost.exe", false);
|
|
|
-// bRet = bRet && DeleteRegValue(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_GPU_RENDERING", "sphost.exe", false);
|
|
|
-// return bRet;
|
|
|
-//}
|
|
|
-//
|
|
|
-//static bool EnableWebBrowserRenderMode(bool bX64)
|
|
|
-//{
|
|
|
-// bool bRet = true;
|
|
|
-// if (bX64)
|
|
|
-// {
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BROWSER_EMULATION", "sphost.exe", 9000, true);
|
|
|
-// bRet = bRet && AddRegIntValue(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_GPU_RENDERING", "sphost.exe", 1, true);
|
|
|
-// }
|
|
|
-//
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BROWSER_EMULATION", "sphost.exe", 9000, false);
|
|
|
-// bRet = bRet && AddRegIntValue(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_GPU_RENDERING", "sphost.exe", 1, false);
|
|
|
-// return bRet;
|
|
|
-//}
|
|
|
-//
|
|
|
-//static bool EnablePressAndHold(bool bX64)
|
|
|
-//{
|
|
|
-// bool bRet = true;
|
|
|
-// if (bX64)
|
|
|
-// {
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchModeN_DtapTime", true);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "Friction", true);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "Bouncing", true);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchModeN_DtapDist", true);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchMode_hold", true);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchModeN_HoldTime_Animation", true);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchUI", true);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "Inertia", true);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchModeN_HoldTime_BeforeAnimation", true);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "PanningDisabled", true);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchGate", true);
|
|
|
-// }
|
|
|
-//
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchModeN_DtapTime", false);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "Friction", false);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "Bouncing", false);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchModeN_DtapDist", false);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchMode_hold", false);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchModeN_HoldTime_Animation", false);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchUI", false);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "Inertia", false);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchModeN_HoldTime_BeforeAnimation", false);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "PanningDisabled", false);
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchGate", false);
|
|
|
-//
|
|
|
-// return bRet;
|
|
|
-//}
|
|
|
-//
|
|
|
-//static bool DisablePressAndHold(bool bX64)
|
|
|
-//{
|
|
|
-// bool bRet = true;
|
|
|
-// if (bX64)
|
|
|
-// {
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchModeN_DtapTime", 0x32, true);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "Friction", 0x32, true);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "Bouncing", 1, true);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchModeN_DtapDist", 0x32, true);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchMode_hold", 0, true);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchModeN_HoldTime_Animation", 0x32, true);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchUI", 0, true);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "Inertia", 1, true);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchModeN_HoldTime_BeforeAnimation", 0x32, true);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "PanningDisabled", 0, true);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchGate", 1, true);
|
|
|
-// }
|
|
|
-//
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchModeN_DtapTime", 0x32, false);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "Friction", 0x32, false);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "Bouncing", 1, false);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchModeN_DtapDist", 0x32, false);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchMode_hold", 0, false);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchModeN_HoldTime_Animation", 0x32, false);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchUI", 0, false);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "Inertia", 1, false);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchModeN_HoldTime_BeforeAnimation", 0x32, false);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "PanningDisabled", 0, false);
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Microsoft\\Wisp\\Touch", "TouchGate", 1, false);
|
|
|
-//
|
|
|
-// return bRet;
|
|
|
-//}
|
|
|
-//
|
|
|
-//static bool EnableIEUserZoom(bool bX64)
|
|
|
-//{
|
|
|
-// bool bRet = true;
|
|
|
-// if (bX64)
|
|
|
-// {
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_CURRENT_USER, "Software\\Policies\\Microsoft\\Internet Explorer\\ZOOM", "ZoomDisabled", true);
|
|
|
-// }
|
|
|
-//
|
|
|
-// bRet = bRet &&DeleteRegValue(HKEY_LOCAL_MACHINE, "Software\\Policies\\Microsoft\\Internet Explorer\\ZOOM", "ZoomDisabled", false);
|
|
|
-// return bRet;
|
|
|
-//}
|
|
|
-//
|
|
|
-//static bool disableIEUserZoom(bool bX64)
|
|
|
-//{
|
|
|
-// bool bRet = true;
|
|
|
-// if (bX64)
|
|
|
-// {
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_CURRENT_USER, "Software\\Policies\\Microsoft\\Internet Explorer\\ZOOM", "ZoomDisabled", 1, true);
|
|
|
-// }
|
|
|
-//
|
|
|
-// bRet = bRet &&AddRegIntValue(HKEY_LOCAL_MACHINE, "Software\\Policies\\Microsoft\\Internet Explorer\\ZOOM", "ZoomDisabled", 1, false);
|
|
|
-// return bRet;
|
|
|
-//}
|
|
|
-
|
|
|
-static bool DisableWindowsCharmBar(bool bX64)
|
|
|
-{
|
|
|
- if (!bX64)
|
|
|
- {
|
|
|
- if (DisableCharmbar())
|
|
|
- {
|
|
|
- sp_dbg_info("disable windows 8 charmbar succ");
|
|
|
- return true;
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- sp_dbg_error("disable windows 8 charmbar fail: %x", GetLastError());
|
|
|
- return false;
|
|
|
- }
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- // 由于64位Windows Hook需要64位进程和64位dll,需要独立启动MetroWatcher64注入
|
|
|
- char path[MAX_PATH] = {};
|
|
|
- GetModuleFileNameA(NULL, path, MAX_PATH);
|
|
|
- *strrchr(path, '\\') = 0;
|
|
|
-
|
|
|
- char app[MAX_PATH] = {};
|
|
|
- sprintf(app, "%s\\MetroWatcher64.exe %d", path, GetCurrentProcessId());
|
|
|
-
|
|
|
- if (create_process(app) != NULL)
|
|
|
- {
|
|
|
- sp_dbg_info("disable windows 8 (64bit) charmbar succ");
|
|
|
- return true;
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- sp_dbg_error("disable windows 8 (64bit) charmbar fail: %x", GetLastError());
|
|
|
- return false;
|
|
|
- }
|
|
|
- }
|
|
|
-}
|
|
|
-
|
|
|
-bool IsProcessRunAsAdmin()
|
|
|
-{
|
|
|
- SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
|
|
|
- PSID AdministratorsGroup = NULL;
|
|
|
-
|
|
|
- BOOL bAdmin = FALSE;
|
|
|
- if (AllocateAndInitializeSid(
|
|
|
- &NtAuthority,
|
|
|
- 2,
|
|
|
- SECURITY_BUILTIN_DOMAIN_RID,
|
|
|
- DOMAIN_ALIAS_RID_ADMINS,
|
|
|
- 0, 0, 0, 0, 0, 0,
|
|
|
- &AdministratorsGroup))
|
|
|
- {
|
|
|
- CheckTokenMembership(NULL, AdministratorsGroup, &bAdmin);
|
|
|
- FreeSid(AdministratorsGroup);
|
|
|
- }
|
|
|
-
|
|
|
- return bAdmin == TRUE;
|
|
|
-}
|
|
|
-
|
|
|
-const char *GetMachineType()
|
|
|
-{
|
|
|
- auto env = sp_get_env();
|
|
|
- if (env == NULL)
|
|
|
- {
|
|
|
- sp_dbg_error("sp_get_env return null");
|
|
|
- return NULL;
|
|
|
- }
|
|
|
-
|
|
|
- return env->cfg->root_ini->machine_type;
|
|
|
-}
|
|
|
-
|
|
|
-const char *GetCenterSettingNameBySite(const char *pszSite)
|
|
|
-{
|
|
|
- if ((stricmp(pszSite, "CMB.LIB") == 0) // 行内大堂
|
|
|
- || (stricmp(pszSite, "CMB.SSB") == 0))// 自助网点
|
|
|
- {
|
|
|
- return "CenterSetting.LAN.ini";
|
|
|
- }
|
|
|
- else if ((stricmp(pszSite, "CMB.LSS") == 0) // 生活销售机
|
|
|
- || (stricmp(pszSite, "CMB.FLB") == 0) // 离行机器
|
|
|
- || (stricmp(pszSite, "CMB.OSB") == 0) // 外拓PAD
|
|
|
- || (stricmp(pszSite, "CMB.SMM") == 0)) // 商户终端
|
|
|
- {
|
|
|
- return "CenterSetting.DMZ.ini";
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- return "CenterSetting.DMZ.ini";
|
|
|
- }
|
|
|
-}
|
|
|
-
|
|
|
-const char *GetWebSiteFromConfig()
|
|
|
-{
|
|
|
- auto env = sp_get_env();
|
|
|
- if (env == NULL)
|
|
|
- {
|
|
|
- sp_dbg_error("sp_get_env return null");
|
|
|
- return NULL;
|
|
|
- }
|
|
|
-
|
|
|
- auto pszCenterSettingName = GetCenterSettingNameBySite(env->cfg->root_ini->site);
|
|
|
-
|
|
|
- char szCfgFile[256] = {};
|
|
|
- sprintf_s(szCfgFile, sizeof(szCfgFile), "%s\\%s", env->dir->cfg_path, pszCenterSettingName);
|
|
|
-
|
|
|
- // 判断对应集中配置文件是否存在,不存在则重命名CenterSetting.ini
|
|
|
- if (!ExistsFileA(szCfgFile))
|
|
|
- {
|
|
|
- char szBackupCfgFile[256] = {};
|
|
|
- sprintf_s(szBackupCfgFile, sizeof(szCfgFile), "%s\\CenterSetting.ini", env->dir->cfg_path);
|
|
|
- if (ExistsFileA(szBackupCfgFile))
|
|
|
- {
|
|
|
- //CopyFileA(szBackupCfgFile, szCfgFile, FALSE);
|
|
|
- rename(szBackupCfgFile, szCfgFile);
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- //auto pCfgPath = env->dir->cfg_path;
|
|
|
- //char szCfgFile[256] = {};
|
|
|
- //sprintf(szCfgFile, "%s\\%s", pCfgPath, "CenterSetting.ini");
|
|
|
-
|
|
|
- // get machine type
|
|
|
- auto pMachineType = env->cfg->root_ini->machine_type;
|
|
|
- char szKeyName[256] = {};
|
|
|
- sprintf(szKeyName, "IEBrowser.%s.URL", pMachineType);
|
|
|
- auto pWebSite = inifile_read_str(szCfgFile, "HealthManager", szKeyName, NULL);
|
|
|
- if (pWebSite == NULL || strlen(pWebSite)==0)
|
|
|
- {
|
|
|
- sp_dbg_error("read %s from %s return null", szKeyName, pszCenterSettingName);
|
|
|
- return NULL;
|
|
|
- }
|
|
|
-
|
|
|
- // http://99.1.100.217/RVC.Web/default.aspx http://99.1.100.217/RVC.Web/default2.aspx
|
|
|
- // get root url
|
|
|
- auto p = strchr(pWebSite + 7, '/');
|
|
|
- if (p != NULL)
|
|
|
- *p = 0;
|
|
|
-
|
|
|
- p = strchr(pWebSite + 7, ':');
|
|
|
- if (p == NULL)
|
|
|
- strcat(pWebSite, ":80");
|
|
|
-
|
|
|
- return pWebSite;
|
|
|
-}
|
|
|
-
|
|
|
-static bool WebcamMicrophoneAuthorize(bool bWin64)
|
|
|
-{
|
|
|
- const char *pWetSite = GetWebSiteFromConfig();
|
|
|
-
|
|
|
- TCHAR szSubKey[1024] = { 0 };
|
|
|
- sprintf(szSubKey, "Software\\AppDataLow\\Software\\Microsoft\\Silverlight\\Permissions\\%s", pWetSite);
|
|
|
-
|
|
|
- if (!AddRegIntValue(HKEY_CURRENT_USER, szSubKey, "WebcamAndMicrophone", 0x00000011, bWin64))
|
|
|
- {
|
|
|
- sp_dbg_error("创建SL摄像机麦克风权限注册表项失败!");
|
|
|
- return false;
|
|
|
- }
|
|
|
-
|
|
|
- sp_dbg_info("add silverlight webcam and microphone permission succeed");
|
|
|
- return true;
|
|
|
-}
|
|
|
-
|
|
|
-static bool SpTerminateProcess(HANDLE hProc, DWORD dwProcID)
|
|
|
-{
|
|
|
- if (!TerminateProcess(hProc, -1))
|
|
|
- {
|
|
|
- char szCmd[256];
|
|
|
- int nRet = 0;
|
|
|
- sp_dbg_debug("terminate process %d fail: 0x%X, retry with taskkill", dwProcID, GetLastError());
|
|
|
-
|
|
|
- sprintf_s(szCmd, 256, "TASKKILL /PID %d /F", dwProcID);
|
|
|
- nRet = system(szCmd);
|
|
|
- return nRet != -1;
|
|
|
- }
|
|
|
-
|
|
|
- return true;
|
|
|
-}
|
|
|
-
|
|
|
-static bool DetectDuplicateInstance(char **pNames, int nNum)
|
|
|
-{
|
|
|
- DWORD dwCurProcID = GetCurrentProcessId();
|
|
|
- HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
|
|
|
-
|
|
|
- if (hSnapshot)
|
|
|
- {
|
|
|
- PROCESSENTRY32 pe = {};
|
|
|
- pe.dwSize = sizeof(pe);
|
|
|
- if (Process32First(hSnapshot, &pe))
|
|
|
- {
|
|
|
- do
|
|
|
- {
|
|
|
- for (int i = 0; i < nNum; i++)
|
|
|
- {
|
|
|
- if (stricmp(&pe.szExeFile[0], pNames[i]) == 0 && pe.th32ProcessID != dwCurProcID)
|
|
|
- {
|
|
|
- HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe.th32ProcessID);
|
|
|
- if (hProc == NULL)
|
|
|
- {
|
|
|
- sp_dbg_error("find duplicated process: %s, id: %d", pNames[i], pe.th32ProcessID);
|
|
|
- CloseHandle(hSnapshot);
|
|
|
- return false;
|
|
|
- }
|
|
|
-
|
|
|
- if (!SpTerminateProcess(hProc, pe.th32ProcessID))
|
|
|
- {
|
|
|
- sp_dbg_error("terminate duplicated process %s fail, id: %d, error: %d", pNames[i], pe.th32ProcessID, GetLastError());
|
|
|
- CloseHandle(hSnapshot);
|
|
|
- return false;
|
|
|
- }
|
|
|
-
|
|
|
- sp_dbg_info("terminate duplicated process: %s, id: %d", pNames[i], pe.th32ProcessID);
|
|
|
- }
|
|
|
- }
|
|
|
- } while (Process32Next(hSnapshot, &pe));
|
|
|
- }
|
|
|
-
|
|
|
- CloseHandle(hSnapshot);
|
|
|
- }
|
|
|
-
|
|
|
- return true;
|
|
|
-}
|
|
|
-
|
|
|
-//装载DLL拦截驱动程序
|
|
|
-static bool LoadInterceptDllDriver(char* lpszDriverName,char* lpszDriverPath)
|
|
|
-{
|
|
|
- /************************ 加载DLL监控驱动的代码*******************************
|
|
|
- ① 调用OpenSCManager,打开SCM管理器.如果返回NULL,则返回失败,否则继续
|
|
|
- ② 调用CreateService,创建服务,创建成功则转步骤 ⑥
|
|
|
- ③ 用GetLastError的得到错误返回值
|
|
|
- ④ 返回值为ERROR_IO_PENDING,说明服务已经创建过,用OpenService打开此服务.
|
|
|
- ⑤ 返回值为其他值, 创建武服务失败,返回失败.
|
|
|
- ⑥ 调用StartService开启服务
|
|
|
- ⑦ 成功返回
|
|
|
- ************************************************************************/
|
|
|
-
|
|
|
- //得到完整的驱动路径
|
|
|
- CSimpleStringA strDriverPath;
|
|
|
- TCHAR szPath[MAX_PATH] = {0};
|
|
|
- GetModuleFileNameA(NULL, szPath, MAX_PATH);
|
|
|
- *strrchr(szPath, '\\') = 0;
|
|
|
-
|
|
|
- strDriverPath = szPath;
|
|
|
- if (g_bWow64)
|
|
|
- {
|
|
|
- strDriverPath += "\\InterceptDll_64.sys";
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- strDriverPath += "\\InterceptDll_32.sys";
|
|
|
- }
|
|
|
-
|
|
|
- sp_dbg_info("strDriverPath[%s]",strDriverPath);
|
|
|
-
|
|
|
- bool bRet = false;
|
|
|
-
|
|
|
- SC_HANDLE hServiceMgr=NULL;// SCM管理器的句柄
|
|
|
- SC_HANDLE hServiceDDK=NULL;// NT驱动程序的服务句柄
|
|
|
-
|
|
|
- //打开服务控制管理器
|
|
|
- hServiceMgr = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
|
|
|
-
|
|
|
- if(hServiceMgr == NULL)
|
|
|
- {
|
|
|
- // OpenSCManager失败
|
|
|
- sp_dbg_fatal("OpenSCManager() Failed %d!", GetLastError());
|
|
|
- bRet = false;
|
|
|
- goto BeforeLeave;
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- // OpenSCManager成功
|
|
|
- sp_dbg_info("OpenSCManager() ok\n");
|
|
|
- }
|
|
|
-
|
|
|
-
|
|
|
- //创建驱动所对应的服务
|
|
|
- hServiceDDK = CreateService(hServiceMgr,
|
|
|
- lpszDriverName, // 驱动程序的在注册表中的名字
|
|
|
- lpszDriverName, // 注册表驱动程序的 DisplayName 值
|
|
|
- SERVICE_ALL_ACCESS, // 加载驱动程序的访问权限
|
|
|
- SERVICE_KERNEL_DRIVER, // 表示加载的服务是驱动程序
|
|
|
- SERVICE_DEMAND_START, // 注册表驱动程序的 Start 值
|
|
|
- SERVICE_ERROR_IGNORE, // 注册表驱动程序的 ErrorControl 值
|
|
|
- //szDriverImagePath, // 注册表驱动程序的 ImagePath 值
|
|
|
- strDriverPath.GetData(),
|
|
|
- //"C:\\Run\\version\\1.10.0.0\\bin\\InterceptDll.sys",
|
|
|
- NULL,
|
|
|
- NULL,
|
|
|
- NULL,
|
|
|
- NULL,
|
|
|
- NULL);
|
|
|
-
|
|
|
- DWORD dwRtn;
|
|
|
- if(hServiceDDK == NULL) // 判断服务是否失败
|
|
|
- {
|
|
|
- dwRtn = GetLastError();
|
|
|
- if(dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_EXISTS)
|
|
|
- {
|
|
|
- //由于其他原因创建服务失败
|
|
|
- sp_dbg_fatal("CreateService() Faild %d !", dwRtn);
|
|
|
- bRet = false;
|
|
|
- goto BeforeLeave;
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- //服务创建失败,是由于服务已经创立过
|
|
|
- sp_dbg_info("CreateService() Faild Service is ERROR_IO_PENDING or ERROR_SERVICE_EXISTS!");
|
|
|
- }
|
|
|
-
|
|
|
- // 驱动程序已经加载,只需要打开
|
|
|
- hServiceDDK = OpenService(hServiceMgr, lpszDriverName, SERVICE_ALL_ACCESS);
|
|
|
- if(hServiceDDK == NULL)
|
|
|
- {
|
|
|
- // 如果打开服务也失败,则意味错误
|
|
|
- dwRtn = GetLastError();
|
|
|
- sp_dbg_fatal("OpenService() Faild %d!", dwRtn);
|
|
|
- bRet = false;
|
|
|
- goto BeforeLeave;
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- sp_dbg_info("OpenService() ok!");
|
|
|
- }
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- sp_dbg_info("CrateService() ok !");
|
|
|
- }
|
|
|
-
|
|
|
- // 开启此项服务
|
|
|
- bRet= StartService(hServiceDDK, NULL, NULL);
|
|
|
- if(!bRet)
|
|
|
- {
|
|
|
- DWORD dwRtn = GetLastError();
|
|
|
- if(dwRtn != ERROR_IO_PENDING && dwRtn != ERROR_SERVICE_ALREADY_RUNNING)
|
|
|
- {
|
|
|
- sp_dbg_fatal("StartService() Faild %d !", dwRtn);
|
|
|
- bRet = false;
|
|
|
- goto BeforeLeave;
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- if(dwRtn == ERROR_IO_PENDING)
|
|
|
- {
|
|
|
- // 设备被挂住
|
|
|
- sp_dbg_fatal("StartService() Faild ERROR_IO_PENDING!");
|
|
|
- bRet = false;
|
|
|
- goto BeforeLeave;
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- // 服务已经开启
|
|
|
- sp_dbg_fatal("StartService() Faild ERROR_SERVICE_ALREADY_RUNNING!");
|
|
|
-
|
|
|
- bRet = true;
|
|
|
- goto BeforeLeave;
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- sp_dbg_info("StartService() ok!");
|
|
|
- }
|
|
|
- bRet = true;
|
|
|
-
|
|
|
- // 离开前关闭句柄
|
|
|
-BeforeLeave:
|
|
|
- if(hServiceDDK)
|
|
|
- {
|
|
|
- CloseServiceHandle(hServiceDDK); // 服务句柄
|
|
|
- }
|
|
|
-
|
|
|
- if(hServiceMgr)
|
|
|
- {
|
|
|
- CloseServiceHandle(hServiceMgr); // SCM句柄
|
|
|
- }
|
|
|
- return bRet;
|
|
|
-}
|
|
|
-
|
|
|
-// 卸载驱动程序
|
|
|
-static bool UnloadInterceptDllDriver(char* szSvrName)
|
|
|
-{
|
|
|
- /************************* 卸载NT驱动的代码******************************
|
|
|
- ① 调用OpenSCManager,打开SCM管理器,如果返回NULL,则返回失败,否则继续.
|
|
|
- ② 调用OpenService.如果返回NULL,则返回失败,否则继续
|
|
|
- ③ 调用DeleteService卸载此项服务.
|
|
|
- ④ 成功返回.
|
|
|
- ************************************************************************/
|
|
|
-
|
|
|
- bool bRet = false;
|
|
|
- SC_HANDLE hServiceMgr=NULL;// SCM管理器的句柄
|
|
|
- SC_HANDLE hServiceDDK=NULL;// NT驱动程序的服务句柄
|
|
|
- SERVICE_STATUS SvrSta;
|
|
|
-
|
|
|
- // 打开SCM管理器
|
|
|
- hServiceMgr = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
|
|
|
- if( hServiceMgr == NULL )
|
|
|
- {
|
|
|
- // 打开SCM管理器失败
|
|
|
- sp_dbg_info("OpenSCManager() Failed %d!", GetLastError());
|
|
|
- bRet = false;
|
|
|
- goto BeforeLeave;
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- // 打开SCM管理器失败成功
|
|
|
- sp_dbg_info("OpenSCManager() ok !");
|
|
|
- }
|
|
|
-
|
|
|
- // 打开驱动所对应的服务
|
|
|
- hServiceDDK = OpenService(hServiceMgr, szSvrName, SERVICE_ALL_ACCESS);
|
|
|
- if(hServiceDDK == NULL)
|
|
|
- {
|
|
|
- // 打开驱动所对应的服务失败
|
|
|
- sp_dbg_info("OpenService() Failed %d!", GetLastError());
|
|
|
- bRet = false;
|
|
|
- goto BeforeLeave;
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- sp_dbg_info("OpenService() ok !");
|
|
|
- }
|
|
|
-
|
|
|
- // 停止驱动程序,如果停止失败,只有重新启动才能,再动态加载。
|
|
|
- if(!ControlService(hServiceDDK, SERVICE_CONTROL_STOP , &SvrSta ))
|
|
|
- {
|
|
|
- sp_dbg_info("ControlService() Failed %d!", GetLastError());
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- sp_dbg_info("ControlService() ok !");
|
|
|
- }
|
|
|
-
|
|
|
- // 动态卸载驱动程序。
|
|
|
- if(!DeleteService(hServiceDDK))
|
|
|
- {
|
|
|
- // 卸载失败
|
|
|
- sp_dbg_info("DeleteSrevice() Failed %d!", GetLastError());
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- // 卸载成功
|
|
|
- sp_dbg_info("DelServer:DeleteSrevice() ok !");
|
|
|
- }
|
|
|
- bRet = true;
|
|
|
-
|
|
|
-BeforeLeave:
|
|
|
- // 离开前关闭打开的句柄
|
|
|
- if(hServiceDDK)
|
|
|
- {
|
|
|
- CloseServiceHandle(hServiceDDK); // 服务句柄
|
|
|
- }
|
|
|
- if(hServiceMgr)
|
|
|
- {
|
|
|
- CloseServiceHandle(hServiceMgr); // SCM 句柄
|
|
|
- }
|
|
|
-
|
|
|
- return bRet;
|
|
|
-}
|
|
|
-
|
|
|
-BOOL NTPathToDosPath(char* pszNtPath, char* pszDosPath)
|
|
|
-{
|
|
|
- CHAR szDriveStr[500];
|
|
|
- CHAR szDrive[3];
|
|
|
- CHAR szDevName[100];
|
|
|
- INT cchDevName;
|
|
|
- INT i;
|
|
|
-
|
|
|
- //检查参数
|
|
|
- if(!pszNtPath || !pszDosPath )
|
|
|
- return FALSE;
|
|
|
-
|
|
|
- //获取本地磁盘字符串
|
|
|
- if(GetLogicalDriveStrings(sizeof(szDriveStr), szDriveStr))
|
|
|
- {
|
|
|
- for(i = 0; szDriveStr[i]; i += 4)
|
|
|
- {
|
|
|
- if(!lstrcmpi(&(szDriveStr[i]), "A:\\") || !lstrcmpi(&(szDriveStr[i]), "B:\\"))
|
|
|
- continue;
|
|
|
-
|
|
|
- szDrive[0] = szDriveStr[i];
|
|
|
- szDrive[1] = szDriveStr[i + 1];
|
|
|
- szDrive[2] = '\0';
|
|
|
- if(!QueryDosDevice(szDrive, szDevName, 100))//查询 Dos设备名
|
|
|
- return FALSE;
|
|
|
-
|
|
|
- cchDevName = lstrlen(szDevName);
|
|
|
- if(strnicmp(pszNtPath, szDevName, cchDevName) == 0)//命中
|
|
|
- {
|
|
|
- lstrcpy(pszDosPath, szDrive);//复制驱动器
|
|
|
- lstrcat(pszDosPath, pszNtPath + cchDevName);//复制路径
|
|
|
-
|
|
|
- return TRUE;
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- lstrcpy(pszDosPath, pszNtPath);
|
|
|
-
|
|
|
- return FALSE;
|
|
|
-}
|
|
|
-
|
|
|
-//计算文件MD5值
|
|
|
-static bool MD5File(CSimpleStringA strToSignFilePath, CSimpleStringA strMD5FilePath)
|
|
|
-{
|
|
|
- FILE* m_Md5List = NULL;
|
|
|
-
|
|
|
- char* pMd5 = MD5_file((char*)strToSignFilePath.GetData(), 16);
|
|
|
- if (NULL == pMd5)
|
|
|
- {
|
|
|
- sp_dbg_fatal("计算[%s]MD5值失败", strToSignFilePath);
|
|
|
- return false;
|
|
|
- }
|
|
|
-
|
|
|
- string strTemp = strToSignFilePath;
|
|
|
- int nPos = strTemp.find_last_of("\\");
|
|
|
- string strFileName = strTemp.substr(nPos+1, strTemp.length()-nPos-1);
|
|
|
-
|
|
|
- CSimpleStringA line = strToSignFilePath;
|
|
|
- line += ",";
|
|
|
- line += pMd5;
|
|
|
- line += "\r\n";
|
|
|
-
|
|
|
- //写MD5
|
|
|
- if (NULL == m_Md5List)
|
|
|
- {
|
|
|
- fopen_s(&m_Md5List, strMD5FilePath.GetData(),"a+"); //创建文件
|
|
|
- if(NULL==m_Md5List)
|
|
|
- {
|
|
|
- sp_dbg_fatal("打开[%s]失败",strMD5FilePath);
|
|
|
- return false;
|
|
|
- }
|
|
|
-
|
|
|
- fprintf(m_Md5List,"%s", line);
|
|
|
- sp_dbg_info("%sMD5值[%s]", strToSignFilePath.GetData(), pMd5);
|
|
|
-
|
|
|
- fclose(m_Md5List);
|
|
|
- m_Md5List = NULL;
|
|
|
- }
|
|
|
-
|
|
|
- return true;
|
|
|
-}
|
|
|
-
|
|
|
-//计算文件夹MD5列表
|
|
|
-static bool MD5Folder(CSimpleStringA strFolderPath, CSimpleStringA strMD5FilePath)
|
|
|
-{
|
|
|
- //遍历文件夹及子文件夹
|
|
|
- if (strFolderPath.IsNullOrEmpty() || strMD5FilePath.IsNullOrEmpty())
|
|
|
- {
|
|
|
- sp_dbg_fatal("MD5Folder input param is null or empty");
|
|
|
- return false;
|
|
|
- }
|
|
|
-
|
|
|
- CSimpleStringA newPath;
|
|
|
- _finddata_t FileInfo;
|
|
|
- CSimpleStringA strfind = strFolderPath + "\\*";
|
|
|
- long Handle = _findfirst(strfind, &FileInfo);
|
|
|
-
|
|
|
- if (-1L == Handle)
|
|
|
- {
|
|
|
- _findclose(Handle);
|
|
|
- sp_dbg_fatal("%s文件夹为空", strFolderPath);
|
|
|
- return false;
|
|
|
- }
|
|
|
-
|
|
|
- do{
|
|
|
- if (FileInfo.attrib & _A_SUBDIR)
|
|
|
- {
|
|
|
- //不是当前路径或者父目录的快捷方式
|
|
|
- if ((strcmp(FileInfo.name, ".") != 0) && (strcmp(FileInfo.name, "..") != 0))
|
|
|
- {
|
|
|
- newPath = strFolderPath + "\\" + FileInfo.name;
|
|
|
- MD5Folder(newPath, strMD5FilePath);
|
|
|
- }
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- CSimpleStringA strFindName = FileInfo.name;
|
|
|
- {
|
|
|
- //sp_dbg_info("文件名[%s]", strFindName);
|
|
|
- if (strFindName.GetLength() < 5)
|
|
|
- {
|
|
|
- continue;
|
|
|
- }
|
|
|
-
|
|
|
- if (strFindName.IsEndWith(".dll", true))
|
|
|
- {
|
|
|
- CSimpleStringA strFilePath = strFolderPath + "\\" + strFindName;
|
|
|
- MD5File(strFilePath, strMD5FilePath);
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- } while (_findnext(Handle, &FileInfo) == 0);
|
|
|
-
|
|
|
- _findclose(Handle);
|
|
|
-
|
|
|
- return true;
|
|
|
-}
|
|
|
-
|
|
|
-typedef BOOL (WINAPI *LPFN_ISWOW64PROCESS)(HANDLE, PBOOL);
|
|
|
-LPFN_ISWOW64PROCESS fnIsWow64Process = (LPFN_ISWOW64PROCESS)GetProcAddress(GetModuleHandle("kernel32"),"IsWow64Process");
|
|
|
-BOOL IsWow64()
|
|
|
-{
|
|
|
- BOOL bIsWow64 = FALSE;
|
|
|
- if (NULL != fnIsWow64Process)
|
|
|
- {
|
|
|
- if (!fnIsWow64Process(GetCurrentProcess(),&bIsWow64))
|
|
|
- {
|
|
|
- // handle error
|
|
|
- //MessageBox(NULL,"判断当前操作系统是否是64位系统失败", NULL,0);
|
|
|
- sp_dbg_fatal("判断当前操作系统是否是64位系统失败");
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- return bIsWow64;
|
|
|
-}
|
|
|
-
|
|
|
-int ThreadFuncVerifySign(void* param)
|
|
|
-{
|
|
|
- bool bExit = false;
|
|
|
- WCHAR wfilePath[MAX_PATH] = {0};
|
|
|
- char cfilePath[MAX_PATH] = {0};
|
|
|
- DWORD uRetBytes = 0;
|
|
|
- ULONG_PTR add = 0;
|
|
|
- char pszDosPath[MAX_PATH] = {0};
|
|
|
- PVOID* pShareMem = NULL;
|
|
|
- unsigned int nWaitCount = 0;
|
|
|
- HANDLE hDevice = NULL;
|
|
|
-
|
|
|
- hDevice = param;
|
|
|
-
|
|
|
- //获取系统盘符
|
|
|
- char cSysDir[MAX_PATH] = {0};
|
|
|
- GetSystemDirectory(cSysDir, MAX_PATH);
|
|
|
- sp_dbg_info("GetSystemDirectory:%s", cSysDir);
|
|
|
-
|
|
|
- //加载MD5文件到内存
|
|
|
- //用Vector加载,文件路径<-->MD5值
|
|
|
- ifstream pfDM5;
|
|
|
- string strNameAndValue;
|
|
|
- map<string,string> mapMD5;
|
|
|
-
|
|
|
- //改成同步生成MD5列表,无需等待
|
|
|
- //while (!g_bMD5Exist)
|
|
|
- //{
|
|
|
- // //如果MD5文件不存在,可能是MD5列表正在生成,继续等待
|
|
|
- // Sleep(5000);
|
|
|
- // nWaitCount++;
|
|
|
-
|
|
|
- // if (nWaitCount >= 60)
|
|
|
- // {
|
|
|
- // sp_dbg_fatal("MD5.txt文件不存在, 等待超过5分钟");
|
|
|
- // return -1;
|
|
|
- // }
|
|
|
- //}
|
|
|
-
|
|
|
- pfDM5.open(g_strMD5ListPath.GetData());
|
|
|
- if (!pfDM5.is_open())
|
|
|
- {
|
|
|
- sp_dbg_fatal("MD5.txt open failed");
|
|
|
- return -1;
|
|
|
- }
|
|
|
-
|
|
|
- while(!pfDM5.eof())
|
|
|
- {
|
|
|
- pfDM5>>strNameAndValue;
|
|
|
- int nPos = strNameAndValue.find_first_of(",");
|
|
|
- if (nPos < 0)
|
|
|
- {
|
|
|
- sp_dbg_info("%s白名单记录中没有找到分隔符",strNameAndValue);
|
|
|
- continue;
|
|
|
- }
|
|
|
-
|
|
|
- string strDllName = strNameAndValue.substr(0,nPos);
|
|
|
- string strDllMd5 = strNameAndValue.substr(nPos+1, strNameAndValue.length()-nPos-1);
|
|
|
- mapMD5.insert(pair<string,string>(strDllName,strDllMd5));
|
|
|
- }
|
|
|
- pfDM5.close();
|
|
|
-
|
|
|
- while(!bExit)
|
|
|
- {
|
|
|
- WaitForSingleObject(g_hEvent,INFINITE);
|
|
|
-
|
|
|
- // 获得ring 0 的共享内存
|
|
|
- if (NULL == hDevice)
|
|
|
- {
|
|
|
- sp_dbg_fatal("hDevice is null");
|
|
|
- break;
|
|
|
- }
|
|
|
-
|
|
|
- if (0 == DeviceIoControl(hDevice,
|
|
|
- GET_SHARE_ADD,
|
|
|
- NULL,
|
|
|
- 0,
|
|
|
- &add,
|
|
|
- sizeof(ULONG_PTR),
|
|
|
- &uRetBytes,
|
|
|
- NULL))
|
|
|
- {
|
|
|
- sp_dbg_fatal("DeviceIoControl GET_SHARE_ADD failed %d",GetLastError());
|
|
|
- return -1;
|
|
|
- }
|
|
|
-
|
|
|
- //sp_dbg_info("FilePathLen:%d", uRetBytes);
|
|
|
- pShareMem = (PVOID *)add;//映射的共享内存
|
|
|
- PWCHAR pPath = (PWCHAR)pShareMem;//映射共享内存
|
|
|
-
|
|
|
- //处理分析共享内存
|
|
|
- if (NULL != pShareMem)
|
|
|
- {
|
|
|
- memset(wfilePath, 0, MAX_PATH);
|
|
|
- memcpy(wfilePath, pPath, MAX_PATH);
|
|
|
-
|
|
|
- //宽字符转多字符
|
|
|
- DWORD dwNum = WideCharToMultiByte(CP_OEMCP,NULL,wfilePath,-1,NULL,0,NULL,FALSE);
|
|
|
- WideCharToMultiByte(CP_OEMCP,NULL,wfilePath,-1,cfilePath,dwNum,NULL,FALSE);
|
|
|
-
|
|
|
- //NT路径转DOS路径
|
|
|
- CSimpleStringA strPath;
|
|
|
- memset(pszDosPath, 0, MAX_PATH);
|
|
|
- //sp_dbg_info("NTFilePath:%s", cfilePath);
|
|
|
- if (!NTPathToDosPath(cfilePath, pszDosPath))
|
|
|
- {
|
|
|
- if ('\\' == cfilePath[0])
|
|
|
- {
|
|
|
- strPath.Append(cSysDir, 1);
|
|
|
- strPath += ":";
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- strPath += pszDosPath;
|
|
|
-
|
|
|
- //计算MD5值
|
|
|
- PVOID OldValue = NULL;
|
|
|
- if (g_bWow64)
|
|
|
- {
|
|
|
- if(!Wow64DisableWow64FsRedirection(&OldValue) )
|
|
|
- {
|
|
|
- sp_dbg_error("64位系统时,调用Wow64DisableWow64FsRedirection文件重定向失败");
|
|
|
- continue;
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- char* pMd5 = MD5_file((char*)strPath.GetData(), 16);
|
|
|
- if (NULL == pMd5)
|
|
|
- {
|
|
|
- sp_dbg_error("计算[%s]MD5值失败", strPath);
|
|
|
- continue;
|
|
|
- }
|
|
|
-
|
|
|
- if (g_bWow64)
|
|
|
- {
|
|
|
- if (FALSE == Wow64RevertWow64FsRedirection(OldValue) )
|
|
|
- {
|
|
|
- sp_dbg_error("64位系统时,调用Wow64RevertWow64FsRedirection恢复文件重定向失败");
|
|
|
- continue;
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- //比较MD5值
|
|
|
- string strMD5 = pMd5;
|
|
|
- string temp = strPath;
|
|
|
- map<string,string>::iterator it = mapMD5.find(temp);
|
|
|
- if(it != mapMD5.end())
|
|
|
- {
|
|
|
- if (0 != strcmp(it->second.c_str(), strMD5.c_str()))
|
|
|
- {
|
|
|
- sp_dbg_fatal("%s校验不通过, 计算值[%s]不等于原有值[%s]",strPath, strMD5.c_str(),it->second.c_str());
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- sp_dbg_info("%sMD5校验通过",strPath);
|
|
|
- }
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- sp_dbg_error("在MD5列表中不存在%s签名值",strPath);
|
|
|
- }
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- sp_dbg_fatal("Get share mem from ring 0 failed");
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- return 0;
|
|
|
-}
|
|
|
-
|
|
|
-//int ThreadFuncGenMD5(void* param)
|
|
|
-//{
|
|
|
-// //获取系统盘符
|
|
|
-// char cSysDir[MAX_PATH] = {0};
|
|
|
-// GetSystemDirectory(cSysDir, MAX_PATH);
|
|
|
-//
|
|
|
-// CSimpleStringA strSysPath;
|
|
|
-// strSysPath.Append(cSysDir, 1);
|
|
|
-//
|
|
|
-// if (IsWow64())
|
|
|
-// {
|
|
|
-// //64位系统会同时调用System32和SysWOW64目录下dll
|
|
|
-// sp_dbg_info("64位系统");
|
|
|
-// CSimpleStringA strSys32Path = strSysPath;
|
|
|
-// strSys32Path += ":\\Windows\\System32";
|
|
|
-// MD5Folder(strSys32Path, g_strMD5ListPath);
|
|
|
-//
|
|
|
-// strSysPath += ":\\Windows\\SysWOW64";
|
|
|
-// g_bMD5Exist = MD5Folder(strSysPath, g_strMD5ListPath);
|
|
|
-// }
|
|
|
-// else
|
|
|
-// {
|
|
|
-// sp_dbg_info("32位系统");
|
|
|
-// strSysPath = ":\\Windows\\System32";
|
|
|
-// g_bMD5Exist = MD5Folder(strSysPath, g_strMD5ListPath);
|
|
|
-// }
|
|
|
-//
|
|
|
-// return 0;
|
|
|
-//}
|
|
|
-
|
|
|
-//生成MD5列表
|
|
|
-static bool GenMD5List()
|
|
|
-{
|
|
|
- CSimpleStringA strMD5ListPath;
|
|
|
- CSimpleStringA strMD5Dir;
|
|
|
- TCHAR szPath[MAX_PATH] = {0};
|
|
|
- GetModuleFileNameA(NULL, szPath, MAX_PATH);
|
|
|
- *strrchr(szPath, '\\') = 0;
|
|
|
-
|
|
|
- CSimpleStringA strDir = szPath;
|
|
|
- strMD5Dir = strDir.SubString(0,1);
|
|
|
- strMD5Dir += ":\\RVC";
|
|
|
-
|
|
|
- //创建文件目录
|
|
|
- DWORD dwAttr = GetFileAttributes(strMD5Dir.GetData());
|
|
|
- if(0xFFFFFFFF == dwAttr) //目录不存在则创建
|
|
|
- {
|
|
|
- if(!CreateDirectory("C:\\RVC",NULL))
|
|
|
- {
|
|
|
- sp_dbg_info("Create %s dir failed!", strMD5Dir);
|
|
|
- return false;
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- strMD5Dir += "\\MD5";
|
|
|
- dwAttr=GetFileAttributes(strMD5Dir.GetData());
|
|
|
- if(dwAttr==0xFFFFFFFF) //目录不存在则创建
|
|
|
- {
|
|
|
- if(!CreateDirectory(strMD5Dir.GetData(),NULL))
|
|
|
- {
|
|
|
- sp_dbg_info("Create %s dir failed!", strMD5Dir);
|
|
|
- return false;
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- strMD5ListPath = strMD5Dir;
|
|
|
- strMD5ListPath += "\\MD5.txt";
|
|
|
-
|
|
|
- g_strMD5ListPath = strMD5ListPath;
|
|
|
- //sp_dbg_info("g_strMD5ListPath[%s]",g_strMD5ListPath);
|
|
|
-
|
|
|
- //不存在则生成;想要重新生成,则先删除再生成
|
|
|
- if(-1 == (_access(g_strMD5ListPath, 0)))
|
|
|
- {
|
|
|
- sp_dbg_info("%s not exist,start to generate it", g_strMD5ListPath);
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- sp_dbg_info("%s already exist", g_strMD5ListPath);
|
|
|
- g_bMD5Exist = true;
|
|
|
- return true;
|
|
|
- }
|
|
|
-
|
|
|
- //获取系统盘符
|
|
|
- char cSysDir[MAX_PATH] = {0};
|
|
|
- GetSystemDirectory(cSysDir, MAX_PATH);
|
|
|
-
|
|
|
- CSimpleStringA strSysPath;
|
|
|
- strSysPath.Append(cSysDir, 1);
|
|
|
-
|
|
|
- if (g_bWow64)
|
|
|
- {
|
|
|
- PVOID OldValue = NULL;
|
|
|
- if(!Wow64DisableWow64FsRedirection(&OldValue) )
|
|
|
- {
|
|
|
- sp_dbg_error("64位系统时,调用Wow64DisableWow64FsRedirection文件重定向失败");
|
|
|
- return false;
|
|
|
- }
|
|
|
-
|
|
|
- //64位系统会同时调用System32和SysWOW64目录下dll
|
|
|
- sp_dbg_info("64位系统");
|
|
|
- CSimpleStringA strSys32Path = strSysPath;
|
|
|
- strSys32Path += ":\\Windows\\System32";
|
|
|
- MD5Folder(strSys32Path, g_strMD5ListPath);
|
|
|
-
|
|
|
- strSysPath += ":\\Windows\\SysWOW64";
|
|
|
- g_bMD5Exist = MD5Folder(strSysPath, g_strMD5ListPath);
|
|
|
-
|
|
|
- if (FALSE == Wow64RevertWow64FsRedirection(OldValue) )
|
|
|
- {
|
|
|
- sp_dbg_error("64位系统时,调用Wow64RevertWow64FsRedirection恢复文件重定向失败");
|
|
|
- return false;
|
|
|
- }
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- sp_dbg_info("32位系统");
|
|
|
- strSysPath = ":\\Windows\\System32";
|
|
|
- g_bMD5Exist = MD5Folder(strSysPath, g_strMD5ListPath);
|
|
|
- }
|
|
|
-
|
|
|
- sp_dbg_info("%s is generated success", g_strMD5ListPath);
|
|
|
- ////创建生成MD5列表线程
|
|
|
- //HANDLE hHandle = (HANDLE)_beginthreadex(0, 0, (unsigned int (__stdcall *)(void *))ThreadFuncGenMD5, 0, 0, 0);
|
|
|
- //if (NULL == hHandle)
|
|
|
- //{
|
|
|
- // sp_dbg_error("_beginthreadex MD5 list failed, %d! \n", GetLastError());
|
|
|
- // return false;
|
|
|
- //}
|
|
|
-
|
|
|
- return true;
|
|
|
-}
|
|
|
-
|
|
|
-//开始Dll监控
|
|
|
-static bool StartInterceptDllSevice()
|
|
|
-{
|
|
|
- DWORD uRetBytes = 0;
|
|
|
-
|
|
|
- //加载驱动前,先卸载一次,但失败不处理
|
|
|
- bool bRet = UnloadInterceptDllDriver(DRIVER_NAME);
|
|
|
- if (!bRet)
|
|
|
- {
|
|
|
- sp_dbg_error("卸载Dll监控驱动失败!!!");
|
|
|
- }
|
|
|
-
|
|
|
- //加载监控dll驱动
|
|
|
- bRet = LoadInterceptDllDriver(DRIVER_NAME,DRIVER_PATH);
|
|
|
- if (!bRet)
|
|
|
- {
|
|
|
- sp_dbg_fatal("加载Dll监控驱动失败!!!");
|
|
|
- return false;
|
|
|
- }
|
|
|
-
|
|
|
- HANDLE hDevice = CreateFile("\\\\.\\HelloDDK",
|
|
|
- GENERIC_WRITE | GENERIC_READ,
|
|
|
- 0,
|
|
|
- NULL,
|
|
|
- OPEN_EXISTING,
|
|
|
- 0,
|
|
|
- NULL);
|
|
|
- if( hDevice != INVALID_HANDLE_VALUE )
|
|
|
- {
|
|
|
- sp_dbg_info("Create HelloDDK Device ok !");
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- sp_dbg_error("Create HelloDDK Device faild %d ! \n", GetLastError());
|
|
|
- return false;
|
|
|
- }
|
|
|
-
|
|
|
- HANDLE hEvent = CreateEvent(NULL,FALSE,FALSE,NULL);// 创建事件
|
|
|
- g_hEvent = hEvent;
|
|
|
-
|
|
|
- // 发事件给ring 0
|
|
|
- ULONG_PTR ptrHandle = (ULONG_PTR)hEvent;
|
|
|
- if (0 == DeviceIoControl(hDevice,
|
|
|
- SET_EVENT,
|
|
|
- &ptrHandle,
|
|
|
- sizeof(ptrHandle),
|
|
|
- NULL,
|
|
|
- 0,
|
|
|
- &uRetBytes,
|
|
|
- NULL))
|
|
|
- {
|
|
|
- CloseHandle(hDevice);
|
|
|
- CloseHandle(g_hEvent);
|
|
|
- hDevice = NULL;
|
|
|
- g_hEvent = NULL;
|
|
|
- sp_dbg_error("DeviceIoControl HelloDDK faild %d ! \n", GetLastError());
|
|
|
- return false;
|
|
|
- }
|
|
|
-
|
|
|
- //创建签名验证线程
|
|
|
- HANDLE hHandle = (HANDLE)_beginthreadex(0, 0, (unsigned int (__stdcall *)(void *))ThreadFuncVerifySign, hDevice, 0, 0);
|
|
|
- if (NULL == hHandle)
|
|
|
- {
|
|
|
- CloseHandle(hDevice);
|
|
|
- //CloseHandle(g_hEvent);
|
|
|
- hDevice = NULL;
|
|
|
- //g_hEvent = NULL;
|
|
|
- sp_dbg_error("_beginthreadex faild %d ! \n", GetLastError());
|
|
|
- return false;
|
|
|
- }
|
|
|
-
|
|
|
- return true;
|
|
|
-}
|
|
|
-
|
|
|
-
|
|
|
-int main(int argc, char **argv)
|
|
|
-{
|
|
|
- //MessageBoxA(0, 0, 0, 0);
|
|
|
- _CrtSetDebugFillThreshold(0);
|
|
|
-
|
|
|
- // 启动视频柜台框架
|
|
|
- sp_dbg_init("SpShell");
|
|
|
- //sp_dbg_start_console("可视柜台终端运行监控");
|
|
|
-
|
|
|
- sp_dbg_info("===================SpShell start=====================");
|
|
|
-
|
|
|
- char *arrProcName[] = { "SpShell.exe", "SpHost.exe" };
|
|
|
- if (!DetectDuplicateInstance(&arrProcName[0], sizeof(arrProcName) / sizeof(arrProcName[0])))
|
|
|
- {
|
|
|
- sp_dbg_fatal("检测到重复spshell/sphost进程,系统启动失败!!!");
|
|
|
- Sleep(10000);
|
|
|
- return -200;
|
|
|
- }
|
|
|
-
|
|
|
- // 判断是否管理员权限运行
|
|
|
- if (!IsProcessRunAsAdmin())
|
|
|
- {
|
|
|
- sp_dbg_fatal("需要以管理员权限运行!!!");
|
|
|
- Sleep(10000);
|
|
|
- return -201;
|
|
|
- }
|
|
|
-
|
|
|
- g_bWow64 = IsWow64();
|
|
|
-
|
|
|
- //生成MD5列表
|
|
|
- GenMD5List();
|
|
|
-
|
|
|
- //启动DLL监控服务
|
|
|
- StartInterceptDllSevice();
|
|
|
-
|
|
|
- // 设置防火墙注册表配置
|
|
|
- if (!AddFirewallRules())
|
|
|
- {
|
|
|
- sp_dbg_fatal("设置Windows防火墙策略失败!!!");
|
|
|
- Sleep(10000);
|
|
|
- return -101;
|
|
|
- }
|
|
|
-
|
|
|
- // 自动隐藏状态栏
|
|
|
- //AutoHideTaskBar(true);
|
|
|
-
|
|
|
- setlocale(LC_ALL, "chs");
|
|
|
- SetEnvPath();
|
|
|
- SetWorkingSet();
|
|
|
- SetUnhandledExceptionFilter(&SuppressError);
|
|
|
- DisableSetUnhandledExceptionFilter();
|
|
|
-
|
|
|
- // 检测是否Win8及64位
|
|
|
- OSVERSIONINFO ver = {};
|
|
|
- ver.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
|
|
|
- GetVersionEx(&ver);
|
|
|
- bool bWin8 = (ver.dwMajorVersion >= 7 || (ver.dwMajorVersion == 6 && ver.dwMinorVersion >= 2));
|
|
|
-
|
|
|
- SYSTEM_INFO sysInfo = {};
|
|
|
- GetNativeSystemInfo(&sysInfo);
|
|
|
- bool bX64 = (sysInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64);
|
|
|
-
|
|
|
- sp_dbg_info("OS version: %s %d.%d.%d ", bX64 ? "windows 64" : "windows 32",
|
|
|
- ver.dwMajorVersion, ver.dwMinorVersion, ver.dwBuildNumber);
|
|
|
-
|
|
|
- // 关闭WebBrowser渲染模式
|
|
|
- //DisableWebBrowserRenderMode(bX64);
|
|
|
-
|
|
|
- // 屏蔽CharmBar
|
|
|
- if (bWin8 && !DisableWindowsCharmBar(bX64))
|
|
|
- {
|
|
|
- Sleep(10000);
|
|
|
- return -300;
|
|
|
- }
|
|
|
-
|
|
|
-//#ifndef _DEBUG
|
|
|
- SetErrorMode(SEM_FAILCRITICALERRORS);
|
|
|
-//#endif
|
|
|
-
|
|
|
- auto rc = app_init();
|
|
|
- if (rc == 0)
|
|
|
- {
|
|
|
- //// 打印扩展框需打开WebBrowser渲染模式
|
|
|
- //const char *pMachineType = GetMachineType();
|
|
|
- //if (pMachineType!= NULL && strnicmp(pMachineType, "RPM.", 4) ==0)
|
|
|
- //{
|
|
|
- // sp_dbg_info("machine type: %s, set webbrowser render mode", pMachineType);
|
|
|
- // EnableWebBrowserRenderMode(bX64);
|
|
|
- //}
|
|
|
-
|
|
|
- // 打开SL摄像机麦克风权限
|
|
|
- WebcamMicrophoneAuthorize(bX64);
|
|
|
-
|
|
|
- rc = app_run();
|
|
|
- app_term();
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- sp_dbg_error("======================================================");
|
|
|
- sp_dbg_error("!!!!!! 启动失败,请检查dbg\\spshell日志排除故障 !!!!!!");
|
|
|
- sp_dbg_error("======================================================");
|
|
|
-
|
|
|
- // 初始化失败
|
|
|
- Sleep(10000);
|
|
|
- }
|
|
|
-
|
|
|
- if (bWin8 && !bX64)
|
|
|
- {
|
|
|
- EnableCharmbar();
|
|
|
- }
|
|
|
-
|
|
|
- // 显示状态栏
|
|
|
- //AutoHideTaskBar(false);
|
|
|
-
|
|
|
- return rc;
|
|
|
-}
|
|
|
-
|
|
|
-int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd )
|
|
|
-{
|
|
|
- return main(__argc, __argv);
|
|
|
-}
|
|
|
-
|
80374463