杀毒

开发平台：
Visual C++

AntiEvilToolsDlg.cpp：源码内容
							// AntiEvilToolsDlg.cpp : implementation file
//
#include "stdafx.h"
#include "AntiEvilTools.h"
#include "AntiEvilToolsDlg.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
/////////////////////////////////////////////////////////////////////////////
// CAboutDlg dialog used for App About
BOOL InstallDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName, IN LPCTSTR ServiceExe )
{
    SC_HANDLE  schService;
    //
    // NOTE: This creates an entry for a standalone driver. If this
    //       is modified for use with a driver that requires a Tag,
    //       Group, and/or Dependencies, it may be necessary to
    //       query the registry for existing driver information
    //       (in order to determine a unique Tag, etc.).
    //
    schService = CreateService( SchSCManager,          // SCManager database
                                DriverName,           // name of service
                                DriverName,           // name to display
                                SERVICE_ALL_ACCESS,    // desired access
                                SERVICE_KERNEL_DRIVER, // service type
                                SERVICE_BOOT_START ,  // start type
                                SERVICE_ERROR_NORMAL,  // error control type
                                ServiceExe,            // service's binary
                                NULL,                  // no load ordering group
                                NULL,                  // no tag identifier
                                NULL,                  // no dependencies
                                NULL,                  // LocalSystem account
                                NULL                   // no password
                                );
    if ( schService == NULL )
    {
 		return FALSE;
	}
    CloseServiceHandle( schService );
    return TRUE;
}
/****************************************************************************
*
*    FUNCTION: StartDriver( IN SC_HANDLE, IN LPCTSTR)
*
*    PURPOSE: Starts the driver service.
*
****************************************************************************/
BOOL StartDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName )
{
    SC_HANDLE  schService;
    BOOL       ret;
    schService = OpenService( SchSCManager,
                              DriverName,
                              SERVICE_ALL_ACCESS
                              );
    if ( schService == NULL )
    {
 		return FALSE;
	}
    ret = StartService( schService, 0, NULL )
       || GetLastError() == ERROR_SERVICE_ALREADY_RUNNING 
	   || GetLastError() == ERROR_SERVICE_DISABLED;
		
	CloseServiceHandle( schService );
    return ret;
}
/****************************************************************************
*
*    FUNCTION: StopDriver( IN SC_HANDLE, IN LPCTSTR)
*
*    PURPOSE: Has the configuration manager stop the driver (unload it)
*
****************************************************************************/
BOOL StopDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName )
{
    SC_HANDLE       schService;
    BOOL            ret;
    SERVICE_STATUS  serviceStatus;
    schService = OpenService( SchSCManager, DriverName, SERVICE_ALL_ACCESS );
    if ( schService == NULL )
        return FALSE;
    ret = ControlService( schService, SERVICE_CONTROL_STOP, &serviceStatus );
    CloseServiceHandle( schService );
    return ret;
}
/****************************************************************************
*
*    FUNCTION: RemoveDriver( IN SC_HANDLE, IN LPCTSTR)
*
*    PURPOSE: Deletes the driver service.
*
****************************************************************************/
BOOL RemoveDriver( IN SC_HANDLE SchSCManager, IN LPCTSTR DriverName )
{
    SC_HANDLE  schService;
    BOOL       ret;
    schService = OpenService( SchSCManager,
                              DriverName,
                              SERVICE_ALL_ACCESS
                              );
    if ( schService == NULL )
        return FALSE;
    ret = DeleteService( schService );
    CloseServiceHandle( schService );
    return ret;
}
/****************************************************************************
*
*    FUNCTION: UnloadDeviceDriver( const TCHAR *)
*
*    PURPOSE: Stops the driver and has the configuration manager unload it.
*
****************************************************************************/
BOOL UnloadDeviceDriver( const TCHAR * Name )
{
	SC_HANDLE	schSCManager;
	schSCManager = OpenSCManager(	NULL,                 // machine (NULL == local)
                              		NULL,                 // database (NULL == default)
									SC_MANAGER_ALL_ACCESS // access required
								);
	StopDriver( schSCManager, Name );
	RemoveDriver( schSCManager, Name );
	 
	CloseServiceHandle( schSCManager );
	return TRUE;
}
/****************************************************************************
*
*    FUNCTION: LoadDeviceDriver( const TCHAR, const TCHAR, HANDLE *)
*
*    PURPOSE: Registers a driver with the system configuration manager 
*	 and then loads it.
*
****************************************************************************/
BOOL LoadDeviceDriver( const TCHAR * Name, const TCHAR * Path, PDWORD Error )
{
	SC_HANDLE	schSCManager;
	BOOL		okay;
	schSCManager = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
	if(schSCManager)
	{
		// Remove previous instance
		// RemoveDriver( schSCManager, Name );
		// Ignore success of installation: it may already be installed.
		InstallDriver( schSCManager, Name, Path );
		// Ignore success of start: it may already be started.
		okay = StartDriver( schSCManager, Name );
		*Error = GetLastError();
  		CloseServiceHandle( schSCManager );
	}
	return okay;
}
class CAboutDlg : public CDialog
{
public:
	CAboutDlg();
// Dialog Data
	//{{AFX_DATA(CAboutDlg)
	enum { IDD = IDD_ABOUTBOX };
	//}}AFX_DATA
	// ClassWizard generated virtual function overrides
	//{{AFX_VIRTUAL(CAboutDlg)
	protected:
	virtual void DoDataExchange(CDataExchange* pDX);    // DDX/DDV support
	//}}AFX_VIRTUAL
// Implementation
protected:
	//{{AFX_MSG(CAboutDlg)
	//}}AFX_MSG
	DECLARE_MESSAGE_MAP()
};
CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
	//{{AFX_DATA_INIT(CAboutDlg)
	//}}AFX_DATA_INIT
}
void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CAboutDlg)
	//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
	//{{AFX_MSG_MAP(CAboutDlg)
		// No message handlers
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CAntiEvilToolsDlg dialog
CAntiEvilToolsDlg::CAntiEvilToolsDlg(CWnd* pParent /*=NULL*/)
	: CDialog(CAntiEvilToolsDlg::IDD, pParent)
{
	//{{AFX_DATA_INIT(CAntiEvilToolsDlg)
		// NOTE: the ClassWizard will add member initialization here
	//}}AFX_DATA_INIT
	// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
	m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void CAntiEvilToolsDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CAntiEvilToolsDlg)
		// NOTE: the ClassWizard will add DDX and DDV calls here
	//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CAntiEvilToolsDlg, CDialog)
	//{{AFX_MSG_MAP(CAntiEvilToolsDlg)
	ON_WM_SYSCOMMAND()
	ON_WM_PAINT()
	ON_WM_QUERYDRAGICON()
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CAntiEvilToolsDlg message handlers
BOOL CAntiEvilToolsDlg::OnInitDialog()
{
	CDialog::OnInitDialog();
    ULONG   bytesReturned;
	// Add "About..." menu item to system menu.
	// IDM_ABOUTBOX must be in the system command range.
	ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
	ASSERT(IDM_ABOUTBOX < 0xF000);
	CMenu* pSysMenu = GetSystemMenu(FALSE);
	if (pSysMenu != NULL)
	{
		CString strAboutMenu;
		strAboutMenu.LoadString(IDS_ABOUTBOX);
		if (!strAboutMenu.IsEmpty())
		{
			pSysMenu->AppendMenu(MF_SEPARATOR);
			pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
		}
	}
	// Set the icon for this dialog.  The framework does this automatically
	//  when the application's main window is not a dialog
	SetIcon(m_hIcon, TRUE);			// Set big icon
	SetIcon(m_hIcon, FALSE);		// Set small icon
	CString str;
	srand(GetTickCount());
	DWORD a=rand();
	DWORD b=rand();
	str.Format("%04x%04x",a,b);
	SetWindowText(str);
	m_sheet.AddPage(&m_MenuPage);
	m_sheet.AddPage(&m_ShaDuPage);
	m_sheet.AddPage(&m_ProcessPage);
	m_sheet.AddPage(&m_FilePage);
	m_sheet.AddPage(&m_ServicePage);
	m_sheet.AddPage(&m_ModulePage);
	m_sheet.AddPage(&m_NetPage);
	m_sheet.AddPage(&m_ProcessViewPage);
	m_sheet.Create(this, WS_CHILD | WS_VISIBLE, WS_EX_CONTROLPARENT);
	m_sheet.SetWindowPos(NULL,0, 0, 0, 0, SWP_NOSIZE | SWP_NOZORDER | SWP_NOACTIVATE);
	/*hDevice = CreateFile( "\\.\AntiEvilTools",
                          GENERIC_READ | GENERIC_WRITE,
                          0,
                          NULL,
                          OPEN_EXISTING,
                          FILE_ATTRIBUTE_NORMAL,
                          NULL
                          );*/
	LoadDriver();
	m_FilePage.SetHandle(hDevice);
	m_ProcessPage.SetHandle(hDevice);
	m_ShaDuPage.SetHandle(hDevice);
	// TODO: Add extra initialization here
	DeviceIoControl(hDevice,(DWORD)IOCTL_MT_PROTECTME,NULL,0,NULL,0,&bytesReturned,NULL);
	return TRUE;  // return TRUE  unless you set the focus to a control
}
void CAntiEvilToolsDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
	if ((nID & 0xFFF0) == IDM_ABOUTBOX)
	{
		CAboutDlg dlgAbout;
		dlgAbout.DoModal();
	}
	else
	{
		CDialog::OnSysCommand(nID, lParam);
	}
}
// If you add a minimize button to your dialog, you will need the code below
//  to draw the icon.  For MFC applications using the document/view model,
//  this is automatically done for you by the framework.
void CAntiEvilToolsDlg::OnPaint() 
{
	if (IsIconic())
	{
		CPaintDC dc(this); // device context for painting
		SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);
		// Center icon in client rectangle
		int cxIcon = GetSystemMetrics(SM_CXICON);
		int cyIcon = GetSystemMetrics(SM_CYICON);
		CRect rect;
		GetClientRect(&rect);
		int x = (rect.Width() - cxIcon + 1) / 2;
		int y = (rect.Height() - cyIcon + 1) / 2;
		// Draw the icon
		dc.DrawIcon(x, y, m_hIcon);
	}
	else
	{
		CDialog::OnPaint();
	}
}
// The system calls this to obtain the cursor to display while the user drags
//  the minimized window.
HCURSOR CAntiEvilToolsDlg::OnQueryDragIcon()
{
	return (HCURSOR) m_hIcon;
}
LRESULT CAntiEvilToolsDlg::WindowProc(UINT message, WPARAM wParam, LPARAM lParam) 
{
	// TODO: Add your specialized code here and/or call the base class
	switch ( message )
	case WM_CLOSE:
	{
		if(AfxMessageBox("确定退出吗?",MB_OK|MB_OKCANCEL,0)!=IDOK)
			return 0;
		else
		{
			ULONG    bytesReturned;
			DeviceIoControl(hDevice,(DWORD)IOCTL_MT_UNPROTECTME,NULL,0,NULL,0,&bytesReturned,NULL);
		    CloseHandle(hDevice);
			//UnloadDeviceDriver("AntiEvilTools");
		}
	}
	return CDialog::WindowProc(message, wParam, lParam);
}
void CAntiEvilToolsDlg::LoadDriver()
{
    DWORD dwError;
	TCHAR Path[MAX_PATH];
    DWORD dwRet;
    dwRet = GetCurrentDirectory(MAX_PATH, Path);
	wsprintf(Path+lstrlen(Path), _T("\%s"), _T("AntiEvilTools.sys") );
    if(!LoadDeviceDriver( "AntiEvilTools",Path, &dwError) )
	{
		MessageBox("加载内核失败");
	}
	hDevice = CreateFile( "\\.\AntiEvilTools",
                          GENERIC_READ | GENERIC_WRITE,
                          0,
                          NULL,
                          OPEN_EXISTING,
                          FILE_ATTRIBUTE_NORMAL,
                          NULL
                          );
    if ( hDevice == ((HANDLE)-1) )
    {		
 		return ;
	}
}

						