青青草原综合久久大伊人导航_色综合久久天天综合_日日噜噜夜夜狠狠久久丁香五月_热久久这里只有精品

elva

文件加密標識 -隱藏文件頭的黑客代碼

文件加密標識 -隱藏文件頭的黑客代碼

//This module hooks:
// IRP_MJ_READ, IRP_MJ_WRITE, IRP_MJ_QUERY_INFORMATION,
// IRP_MJ_SET_INFORMATION, IRP_MJ_DIRECTORY_CONTROL,
// FASTIO_QUERY_STANDARD_INFO FASTIO_QUERY_BASIC_INFO FASTIO_READ(WRITE)
//to hide first N bytes of given file

extern "C" {
#include <ntddk.h>
}
#pragma hdrstop("InterceptIO.pch")

/////////////////////////////////////////////////////////////////////
// Undocumented structures missing in ntddk.h

typedef struct _FILE_INTERNAL_INFORMATION { // Information Class 6
  LARGE_INTEGER FileId;
} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;

typedef struct _FILE_EA_INFORMATION { // Information Class 7
  ULONG EaInformationLength;
} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;

typedef struct _FILE_ACCESS_INFORMATION { // Information Class 8
  ACCESS_MASK GrantedAccess;
} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;

typedef struct _FILE_MODE_INFORMATION { // Information Class 16
  ULONG Mode;
} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;

typedef struct _FILE_ALLOCATION_INFORMATION { // Information Class 19
  LARGE_INTEGER AllocationSize;
} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;

typedef struct _FILE_DIRECTORY_INFORMATION {
  ULONG NextEntryOffset;
  ULONG FileIndex;
  LARGE_INTEGER CreationTime;
  LARGE_INTEGER LastAccessTime;
  LARGE_INTEGER LastWriteTime;
  LARGE_INTEGER ChangeTime;
  LARGE_INTEGER EndOfFile;
  LARGE_INTEGER AllocationSize;
  ULONG FileAttributes;
  ULONG FileNameLength;
  WCHAR FileName[1];
} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;

typedef struct _FILE_ALL_INFORMATION { // Information Class 18
  FILE_BASIC_INFORMATION BasicInformation;
  FILE_STANDARD_INFORMATION StandardInformation;
  FILE_INTERNAL_INFORMATION InternalInformation;
  FILE_EA_INFORMATION EaInformation;
  FILE_ACCESS_INFORMATION AccessInformation;
  FILE_POSITION_INFORMATION PositionInformation;
  FILE_MODE_INFORMATION ModeInformation;
  FILE_ALIGNMENT_INFORMATION AlignmentInformation;
  FILE_NAME_INFORMATION NameInformation;
} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;

typedef struct tag_QUERY_DIRECTORY
{
  ULONG Length;
  PUNICODE_STRING FileName;
  FILE_INFORMATION_CLASS FileInformationClass;
  ULONG FileIndex;
} QUERY_DIRECTORY, *PQUERY_DIRECTORY;

#pragma pack(push, 4)

typedef struct tag_FQD_SmallCommonBlock
{
  ULONG NextEntryOffset;
  ULONG FileIndex;
} FQD_SmallCommonBlock, *PFQD_SmallCommonBlock;

typedef struct tag_FQD_FILE_ATTR
{
  TIME CreationTime;
  TIME LastAccessTime;
  TIME LastWriteTime;
  TIME ChangeTime;
  LARGE_INTEGER EndOfFile;
  LARGE_INTEGER AllocationSize;
  ULONG FileAttributes;
} FQD_FILE_ATTR, *PFQD_FILE_ATTR;

typedef struct tag_FQD_CommonBlock
{
  FQD_SmallCommonBlock SmallCommonBlock;
  FQD_FILE_ATTR FileAttr;
  ULONG FileNameLength;
} FQD_CommonBlock, *PFQD_CommonBlock;

typedef struct _KFILE_DIRECTORY_INFORMATION
{
  FQD_CommonBlock CommonBlock;
 
  WCHAR FileName[ANYSIZE_ARRAY];
} KFILE_DIRECTORY_INFORMATION, *PKFILE_DIRECTORY_INFORMATION;

typedef struct _KFILE_FULL_DIR_INFORMATION
{
  FQD_CommonBlock CommonBlock;
 
  ULONG EaSize;
  WCHAR FileName[ANYSIZE_ARRAY];
} KFILE_FULL_DIR_INFORMATION, *PKFILE_FULL_DIR_INFORMATION;

typedef struct _KFILE_BOTH_DIR_INFORMATION
{
  FQD_CommonBlock CommonBlock;
 
  ULONG EaSize;
  USHORT ShortFileNameLength;
  WCHAR ShortFileName[12];
  WCHAR FileName[ANYSIZE_ARRAY];
} KFILE_BOTH_DIR_INFORMATION, *PKFILE_BOTH_DIR_INFORMATION;

#pragma pack(pop)

/////////////////////////////////////////////////////////////////////
// Global variables
PDRIVER_OBJECT pDriverObject;
PDRIVER_DISPATCH OldReadDisp, OldWriteDisp, OldQueryDisp, OldSetInfoDisp, OldDirCtlDisp;
PFAST_IO_READ OldFastIoReadDisp;
PFAST_IO_WRITE OldFastIoWriteDisp;
PFAST_IO_QUERY_STANDARD_INFO OldFastIoQueryStandartInfoDisp;

//Size of our file's Invisible Part (in bytes)
ULONG InvisiblePartSize = 10;
//File, part of which we want to hide
wchar_t OurFileName[] = L"testing.fil";

//Size of OurFileName in bytes, excluding null terminator
ULONG OurFileNameLen = sizeof(OurFileName) - sizeof(wchar_t);


/////////////////////////////////////////////////////////////////////
// Functions

//Function returns true if FN matches OurFileName
bool ThisIsOurFile(PUNICODE_STRING FN)
{
  return ((FN->Buffer) &&
    (FN->Length >= OurFileNameLen) &&
    _wcsnicmp((wchar_t*)((char*)FN->Buffer + FN->Length - OurFileNameLen),
    OurFileName, OurFileNameLen/2)==0);
}

//Structure used to track IRPs which completion must be handled
struct s_ComplRtnTrack
{
  PIO_COMPLETION_ROUTINE CompletionRoutine;
  PVOID Context;
  //When CompletionRoutine is called, flags corresponds to InvokeOn*
  UCHAR Control;
  PIO_STACK_LOCATION CISL;
  FILE_INFORMATION_CLASS FileInformationClass;
  PVOID Buffer;
};

//Function set new CompletionRoutine, InvokeOnSuccess flag,
//and copies original fields to Context
void HookIrpCompletion(PIO_STACK_LOCATION CISL,
              PIO_COMPLETION_ROUTINE CompletionRoutine,
              PVOID Buffer,
              FILE_INFORMATION_CLASS FileInformationClass)
{
  s_ComplRtnTrack* NewContext =
    (s_ComplRtnTrack*)ExAllocatePool(NonPagedPool, sizeof(s_ComplRtnTrack));
  NewContext->CompletionRoutine = CISL->CompletionRoutine;
  NewContext->Context = CISL->Context;
  NewContext->Control = CISL->Control;
  NewContext->CISL = CISL;
  //Since CISL.Parameters unavailabile in IrpCompletion handler,
  //let's save all necessary data in Context structure
  NewContext->FileInformationClass = FileInformationClass;
  NewContext->Buffer = Buffer;
  CISL->CompletionRoutine = CompletionRoutine;
  CISL->Context = NewContext;
  CISL->Control |= SL_INVOKE_ON_SUCCESS;
}

//Function handles IRP completion
NTSTATUS NewComplRtn (
              IN PDEVICE_OBJECT DeviceObject,
              IN PIRP Irp,
              s_ComplRtnTrack* CXT)
{
  //Handle different types of IRP
  switch (CXT->CISL->MajorFunction)
  {
  case IRP_MJ_QUERY_INFORMATION:
    _asm int 3;
    //ThisIsOurFile is already tested
    switch (CXT->FileInformationClass)
    {
        //In all cases modify CurrentByteOffset and/or size (EndOfFile)
        //to hide first InvisiblePartSize bytes
    case FilePositionInformation:
        ((PFILE_POSITION_INFORMATION)CXT->Buffer)->CurrentByteOffset.QuadPart -= InvisiblePartSize;
        break;
    case FileEndOfFileInformation:
        ((PFILE_END_OF_FILE_INFORMATION)CXT->Buffer)->EndOfFile.QuadPart -= InvisiblePartSize;
        break;
    case FileStandardInformation:
        ((PFILE_STANDARD_INFORMATION)CXT->Buffer)->EndOfFile.QuadPart -= InvisiblePartSize;
        break;
    case FileAllocationInformation:
        ((PFILE_ALLOCATION_INFORMATION)CXT->Buffer)->AllocationSize.QuadPart -= InvisiblePartSize;
        break;
    case FileAllInformation:
        ((PFILE_ALL_INFORMATION)CXT->Buffer)->PositionInformation.CurrentByteOffset.QuadPart -= InvisiblePartSize;
        ((PFILE_ALL_INFORMATION)CXT->Buffer)->StandardInformation.EndOfFile.QuadPart -= InvisiblePartSize;
        break;
    }
    case IRP_MJ_DIRECTORY_CONTROL:
        //Get a pointer to first directory entries
        PFQD_SmallCommonBlock pQueryDirWin32 = (PFQD_SmallCommonBlock)CXT->Buffer;
        //Cycle through directory entries
        while (1)
        {
          PWCHAR pFileName = 0;
          ULONG dwFileNameLength = 0;
          switch (CXT->FileInformationClass)
          {
            //In all cases get pointer to FileName and FileNameLength
          case FileDirectoryInformation:
            dwFileNameLength = ((PKFILE_DIRECTORY_INFORMATION)pQueryDirWin32)->CommonBlock.FileNameLength;
            pFileName = ((PKFILE_DIRECTORY_INFORMATION)pQueryDirWin32)->FileName;
            break;
          case FileFullDirectoryInformation:
            dwFileNameLength = ((PKFILE_FULL_DIR_INFORMATION)pQueryDirWin32)->CommonBlock.FileNameLength;
            pFileName = ((PKFILE_FULL_DIR_INFORMATION)pQueryDirWin32)->FileName;
            break;
          case FileBothDirectoryInformation:
            dwFileNameLength = ((PKFILE_BOTH_DIR_INFORMATION)pQueryDirWin32)->CommonBlock.FileNameLength;
            pFileName = ((PKFILE_BOTH_DIR_INFORMATION)pQueryDirWin32)->FileName;
            break;
          }
          //_asm int 3;
          //Is this file that we want?
          if ((dwFileNameLength == OurFileNameLen) &&
            _wcsnicmp(pFileName, OurFileName, OurFileNameLen/2)==0)
          {
            //_asm int 3;
            //Hide first InvisiblePartSize bytes
            ((PFQD_CommonBlock)pQueryDirWin32)->FileAttr.EndOfFile.QuadPart -= InvisiblePartSize;
            break;
          }
          //Quit if no more directory entries
          if (!pQueryDirWin32->NextEntryOffset) break;
          //Continue with next directory entry
          pQueryDirWin32 = (PFQD_SmallCommonBlock)((CHAR*)pQueryDirWin32 + pQueryDirWin32->NextEntryOffset);
        }
       
  }
  //If appropriate Control flag was set,...
  if (
    ((CXT->Control == SL_INVOKE_ON_SUCCESS)&&(NT_SUCCESS(Irp->IoStatus.Status)))
    || ((CXT->Control == SL_INVOKE_ON_ERROR)&&(NT_ERROR(Irp->IoStatus.Status)))
    || ((CXT->Control == SL_INVOKE_ON_CANCEL)&&(Irp->IoStatus.Status == STATUS_CANCELLED)) )
    //...call original CompletionRoutine
    return CXT->CompletionRoutine(
    DeviceObject,
    Irp,
    CXT->Context);
  else return STATUS_SUCCESS;
}

//Filename IRP handler deal with
#define FName &(CISL->FileObject->FileName)

//Function handles IRP_MJ_READ and IRP_MJ_WRITE
NTSTATUS NewReadWriteDisp (
                  IN PDEVICE_OBJECT DeviceObject,
                  IN PIRP Irp)
{
  //_asm int 3;
  PIO_STACK_LOCATION CISL = IoGetCurrentIrpStackLocation(Irp);
  if (CISL->FileObject &&
    //Don't mess with swaping
    !(Irp->Flags & IRP_PAGING_IO) && !(Irp->Flags & IRP_SYNCHRONOUS_PAGING_IO))
  {
    if (ThisIsOurFile(FName))
    {
        //_asm int 3;
        CISL->Parameters.Write.ByteOffset.QuadPart += InvisiblePartSize;
        //Write and Read has the same structure, thus handled together
    }
  }
  //Call corresponding original handler
  switch (CISL->MajorFunction)
  {
  case IRP_MJ_READ:
    return OldReadDisp(DeviceObject, Irp);
  case IRP_MJ_WRITE:
    return OldWriteDisp(DeviceObject, Irp);
  }
}

//Function handles IRP_MJ_QUERY_INFORMATION
NTSTATUS NewQueryDisp (
              IN PDEVICE_OBJECT DeviceObject,
              IN PIRP Irp)
{
  //_asm int 3;
  PIO_STACK_LOCATION CISL = IoGetCurrentIrpStackLocation(Irp);
  if ((CISL->MajorFunction == IRP_MJ_QUERY_INFORMATION) &&
    ThisIsOurFile(FName))
  {
    //_asm int 3;
    switch (CISL->Parameters.QueryFile.FileInformationClass)
    {
        //Information types that contains file size or current offset
    case FilePositionInformation:
    case FileEndOfFileInformation:
    case FileStandardInformation:
    case FileAllocationInformation:
    case FileAllInformation:
        //_asm int 3;
        HookIrpCompletion(CISL, (PIO_COMPLETION_ROUTINE)NewComplRtn, Irp->AssociatedIrp.SystemBuffer, CISL->Parameters.QueryFile.FileInformationClass);
    }
  }
  //Call original handler
  return OldQueryDisp(DeviceObject, Irp);
}

//Function handles IRP_MJ_SET_INFORMATION
NTSTATUS NewSetInfoDisp (
                IN PDEVICE_OBJECT DeviceObject,
                IN PIRP Irp)
{
  //_asm int 3;
  PIO_STACK_LOCATION CISL = IoGetCurrentIrpStackLocation(Irp);
  if (CISL->FileObject && ThisIsOurFile(FName))
  {
    //_asm int 3;
    switch (CISL->Parameters.QueryFile.FileInformationClass)
    {
        //Information types that contains file size or current offset.
        //In all cases modify CurrentByteOffset and/or size (EndOfFile)
        //to hide first InvisiblePartSize bytes
    case FilePositionInformation:
        ((PFILE_POSITION_INFORMATION)Irp->AssociatedIrp.SystemBuffer)->CurrentByteOffset.QuadPart += InvisiblePartSize;
        break;
    case FileEndOfFileInformation:
        ((PFILE_END_OF_FILE_INFORMATION)Irp->AssociatedIrp.SystemBuffer)->EndOfFile.QuadPart += InvisiblePartSize;
        break;
    case FileStandardInformation:
        ((PFILE_STANDARD_INFORMATION)Irp->AssociatedIrp.SystemBuffer)->EndOfFile.QuadPart += InvisiblePartSize;
        break;
    case FileAllocationInformation:
        //_asm int 3;
        ((PFILE_ALLOCATION_INFORMATION)Irp->AssociatedIrp.SystemBuffer)->AllocationSize.QuadPart += InvisiblePartSize;
        break;
    case FileAllInformation:
        ((PFILE_ALL_INFORMATION)Irp->AssociatedIrp.SystemBuffer)->PositionInformation.CurrentByteOffset.QuadPart += InvisiblePartSize;
        ((PFILE_ALL_INFORMATION)Irp->AssociatedIrp.SystemBuffer)->StandardInformation.EndOfFile.QuadPart += InvisiblePartSize;
        break;
    }
  }
  //Call original handler
  return OldSetInfoDisp(DeviceObject, Irp);
}

//Function handles IRP_MJ_DIRECTORY_CONTROL
NTSTATUS NewDirCtlDisp (
                IN PDEVICE_OBJECT DeviceObject,
                IN PIRP Irp)
{
  void *pBuffer;
  PIO_STACK_LOCATION CISL = IoGetCurrentIrpStackLocation(Irp);
  //_asm int 3;
  if ((CISL->MajorFunction == IRP_MJ_DIRECTORY_CONTROL) &&
    (CISL->MinorFunction == IRP_MN_QUERY_DIRECTORY))
  {
    //Handle both ways of passing user supplied buffer
    if (Irp->MdlAddress)
        pBuffer = MmGetSystemAddressForMdl(Irp->MdlAddress);
    else
        pBuffer = Irp->UserBuffer;
    HookIrpCompletion(CISL, (PIO_COMPLETION_ROUTINE)NewComplRtn, pBuffer, ((PQUERY_DIRECTORY)(&CISL->Parameters))->FileInformationClass);
  }
  //Call original handler
  return OldDirCtlDisp(DeviceObject, Irp);
}

#undef FName

//Function handles FastIoRead
BOOLEAN NewFastIoRead(
              IN PFILE_OBJECT FileObject,
              IN PLARGE_INTEGER FileOffset,
              IN ULONG Length,
              IN BOOLEAN Wait,
              IN ULONG LockKey,
              OUT PVOID Buffer,
              OUT PIO_STATUS_BLOCK IoStatus,
              IN PDEVICE_OBJECT DeviceObject
              )
{
  LARGE_INTEGER NewFileOffset;
  //_asm int 3;
  if ((FileObject) && (ThisIsOurFile(&FileObject->FileName)))
  {
    //_asm int 3;
    //Modify FileOffset to hide first InvisiblePartSize bytes
    NewFileOffset.QuadPart = FileOffset->QuadPart + InvisiblePartSize;
    return OldFastIoReadDisp(FileObject, &NewFileOffset, Length, Wait, LockKey, Buffer,
        IoStatus, DeviceObject);
  }
  //Call original handler
  return OldFastIoReadDisp(FileObject, FileOffset, Length, Wait, LockKey, Buffer,
    IoStatus, DeviceObject);
}

//Function handles FastIoWrite
BOOLEAN NewFastIoWrite(
              IN PFILE_OBJECT FileObject,
              IN PLARGE_INTEGER FileOffset,
              IN ULONG Length,
              IN BOOLEAN Wait,
              IN ULONG LockKey,
              OUT PVOID Buffer,
              OUT PIO_STATUS_BLOCK IoStatus,
              IN PDEVICE_OBJECT DeviceObject
              )
{
  LARGE_INTEGER NewFileOffset;
  //_asm int 3;
  if ((FileObject) && (ThisIsOurFile(&FileObject->FileName)))
  {
    //_asm int 3;
    //Modify FileOffset to hide first InvisiblePartSize bytes
    NewFileOffset.QuadPart = FileOffset->QuadPart + InvisiblePartSize;
    return OldFastIoWriteDisp(FileObject, &NewFileOffset, Length, Wait, LockKey, Buffer,
        IoStatus, DeviceObject);
  }
  return OldFastIoWriteDisp(FileObject, FileOffset, Length, Wait, LockKey, Buffer,
    IoStatus, DeviceObject);
}

//Function handles FastIoQueryStandartInfo
BOOLEAN NewFastIoQueryStandartInfo(
                      IN struct _FILE_OBJECT *FileObject,
                      IN BOOLEAN Wait,
                      OUT PFILE_STANDARD_INFORMATION Buffer,
                      OUT PIO_STATUS_BLOCK IoStatus,
                      IN struct _DEVICE_OBJECT *DeviceObject
                      )
{
  //Call original handler
  BOOLEAN status = OldFastIoQueryStandartInfoDisp(FileObject, Wait, Buffer, IoStatus, DeviceObject);
  if ((FileObject) && (ThisIsOurFile(&FileObject->FileName)))
  {
    //_asm int 3;
    //Modify EndOfFile to hide first InvisiblePartSize bytes
    Buffer->EndOfFile.QuadPart -= InvisiblePartSize;
  }
  return status;
}

extern "C"
NTSYSAPI
NTSTATUS
NTAPI
ObReferenceObjectByName(
                IN PUNICODE_STRING ObjectPath,
                IN ULONG Attributes,
                IN PACCESS_STATE PassedAccessState OPTIONAL,
                IN ACCESS_MASK DesiredAccess OPTIONAL,
                IN POBJECT_TYPE ObjectType,
                IN KPROCESSOR_MODE AccessMode,
                IN OUT PVOID ParseContext OPTIONAL,
                OUT PVOID *ObjectPtr
                );

extern "C" PVOID IoDriverObjectType;

//Function hooks given dispatch function (MajorFunction)
VOID InterceptFunction(UCHAR MajorFunction,
              PDRIVER_OBJECT pDriverObject,
              OPTIONAL PDRIVER_DISPATCH *OldFunctionPtr,
              OPTIONAL PDRIVER_DISPATCH NewFunctionPtr)
{
  PDRIVER_DISPATCH *TargetFn;
 
  TargetFn = &(pDriverObject->MajorFunction[MajorFunction]);
  //hook only if handler exists
  if (*TargetFn)
  {
    if (OldFunctionPtr) *OldFunctionPtr = *TargetFn;
    if (NewFunctionPtr) *TargetFn = NewFunctionPtr;
  }
}

//Function hooks given driver's dispatch functions
NTSTATUS Intercept(PWSTR pwszDeviceName)
{
  UNICODE_STRING DeviceName;
  NTSTATUS status;
  KIRQL OldIrql;
 
  _asm int 3;
 
  pDriverObject = NULL;
  RtlInitUnicodeString(&DeviceName, pwszDeviceName);
  status = ObReferenceObjectByName(&DeviceName, OBJ_CASE_INSENSITIVE, NULL, 0, (POBJECT_TYPE)IoDriverObjectType, KernelMode, NULL, (PVOID*)&pDriverObject);
  if (pDriverObject)
  {
    //Raise IRQL to avoid context switch
    //when some pointer is semi-modified
    KeRaiseIrql(HIGH_LEVEL, &OldIrql);
    //hook dispatch functions
    InterceptFunction(IRP_MJ_READ, pDriverObject, &OldReadDisp, NewReadWriteDisp);
    InterceptFunction(IRP_MJ_WRITE, pDriverObject, &OldWriteDisp, NewReadWriteDisp);
    InterceptFunction(IRP_MJ_QUERY_INFORMATION, pDriverObject, &OldQueryDisp, NewQueryDisp);
    InterceptFunction(IRP_MJ_SET_INFORMATION, pDriverObject, &OldSetInfoDisp, NewSetInfoDisp);
    InterceptFunction(IRP_MJ_DIRECTORY_CONTROL, pDriverObject, &OldDirCtlDisp, NewDirCtlDisp);
    //hook FastIo dispatch functions if FastIo table exists
    if (pDriverObject->FastIoDispatch)
    {
        //It would be better to copy FastIo table to avoid
        //messing with kernel memory protection, but it works as it is
        OldFastIoReadDisp = pDriverObject->FastIoDispatch->FastIoRead;
        pDriverObject->FastIoDispatch->FastIoRead = NewFastIoRead;
        OldFastIoWriteDisp = pDriverObject->FastIoDispatch->FastIoWrite;
        pDriverObject->FastIoDispatch->FastIoWrite = NewFastIoWrite;
        OldFastIoQueryStandartInfoDisp = pDriverObject->FastIoDispatch->FastIoQueryStandardInfo;
        pDriverObject->FastIoDispatch->FastIoQueryStandardInfo = NewFastIoQueryStandartInfo;
    }
    KeLowerIrql(OldIrql);
  }
 
  return status;
}

//Function cancels hooking
VOID UnIntercept()
{
  KIRQL OldIrql;
  if (pDriverObject)
  {
    KeRaiseIrql(HIGH_LEVEL, &OldIrql);
    InterceptFunction(IRP_MJ_READ, pDriverObject, NULL, OldReadDisp);
    InterceptFunction(IRP_MJ_WRITE, pDriverObject, NULL, OldWriteDisp);
    InterceptFunction(IRP_MJ_QUERY_INFORMATION, pDriverObject, NULL, OldQueryDisp);
    InterceptFunction(IRP_MJ_SET_INFORMATION, pDriverObject, NULL, OldSetInfoDisp);
    InterceptFunction(IRP_MJ_DIRECTORY_CONTROL, pDriverObject, NULL, OldDirCtlDisp);
    if (pDriverObject->FastIoDispatch)
    {
        pDriverObject->FastIoDispatch->FastIoRead = OldFastIoReadDisp;
        pDriverObject->FastIoDispatch->FastIoWrite = OldFastIoWriteDisp;
        pDriverObject->FastIoDispatch->FastIoQueryStandardInfo = OldFastIoQueryStandartInfoDisp;
    }
    KeLowerIrql(OldIrql);
    ObDereferenceObject(pDriverObject);
  }
}

posted on 2007-05-07 23:51 葉子 閱讀(3353) 評論(2)  編輯 收藏 引用 所屬分類: 驅動開發

Feedback

# re: 文件加密標識 -隱藏文件頭的黑客代碼 2008-07-18 20:14 文件加密

http://www.ldsafe.com
這個文件加密軟件不錯!  回復  更多評論   

# re: 文件加密標識 -隱藏文件頭的黑客代碼[未登錄] 2009-03-20 13:27 jack

感謝你的分享,但下戴編譯后,卻有錯誤,不能編譯,是否有完整代碼

謝謝  回復  更多評論   

青青草原综合久久大伊人导航_色综合久久天天综合_日日噜噜夜夜狠狠久久丁香五月_热久久这里只有精品

    • <ins id="pjuwb"></ins>
    <blockquote id="pjuwb"><pre id="pjuwb"></pre></blockquote>

    <noscript id="pjuwb"></noscript>
          <sup id="pjuwb"><pre id="pjuwb"></pre></sup>

            <dd id="pjuwb"></dd>
            <abbr id="pjuwb"></abbr>
            
一本色道久久加勒比88综合|
亚洲精品国产无天堂网2021|
中文亚洲欧美|
亚洲国产精品成人久久综合一区|
久久久www成人免费无遮挡大片
|
久久久久久**毛片大全|
亚洲一级影院|
欧美专区一区二区三区|
久久九九精品99国产精品|
亚洲欧美日韩综合国产aⅴ|
亚洲一区国产视频|
久久精品国产99国产精品澳门|
欧美亚洲视频一区二区|
欧美在线观看一区二区三区|
欧美一区二区三区电影在线观看|
久久精品视频在线看|
美女精品国产|
亚洲美女啪啪|
欧美一区免费视频|
欧美成人午夜剧场免费观看|
欧美日本一区|
国产日韩欧美一区二区三区在线观看|
国产一区二区三区精品欧美日韩一区二区三区
|
亚洲午夜精品视频|
狠狠色综合播放一区二区|
亚洲丶国产丶欧美一区二区三区
|
亚洲婷婷综合久久一本伊一区|
国产精品久久激情|
黄色国产精品一区二区三区|
亚洲国产一区二区三区在线播
|
模特精品在线|
国产精品国产精品|
蜜桃av一区|
亚洲成色精品|
欧美成人网在线|
模特精品裸拍一区|
亚洲黄色尤物视频|
欧美韩日视频|
亚洲一区二区三区在线看|
在线视频你懂得一区二区三区|
亚洲啪啪91|
欧美不卡在线视频|
亚洲一区二区三区免费观看|
欧美一级视频免费在线观看|
亚洲高清激情|
香蕉精品999视频一区二区|
久久久国产成人精品|
国产精品久久久久久久久久ktv
|
精品69视频一区二区三区|
av成人免费在线观看|
久久亚洲私人国产精品va|
亚洲天堂久久|
欧美日韩岛国|
日韩亚洲国产欧美|
欧美11—12娇小xxxx|
欧美在线一区二区三区|
国产欧美精品一区二区色综合|
一本久久青青|
亚洲精品1区2区|
免费成年人欧美视频|
国产精品网站在线播放|
亚洲一二三区精品|
欧美日韩在线一区|
在线亚洲+欧美+日本专区|
欧美大片第1页|
久久精品视频在线看|
亚洲激情啪啪|
午夜国产精品视频免费体验区|
亚洲欧洲久久|
久久久亚洲午夜电影|
国产在线播放一区二区三区
|
亚洲午夜性刺激影院|
亚洲黄网站在线观看|
欧美成在线视频|
亚洲毛片视频|
99视频热这里只有精品免费|
亚洲欧洲一区|
午夜精品一区二区三区电影天堂|
欧美国产日韩精品免费观看|
欧美一区91|
国产精品一二三四区|
亚洲伦伦在线|
麻豆精品视频在线|
美腿丝袜亚洲色图|
久久精品日产第一区二区|
亚洲第一精品电影|
欧美激情在线观看|
欧美片网站免费|
一区二区高清在线观看|
一区二区三区国产|
国产精品欧美精品|
久久久亚洲国产天美传媒修理工|
亚洲欧美日韩精品在线|
国产日韩欧美中文|
久久久久国产精品麻豆ai换脸|
久久精品亚洲一区|
麻豆成人综合网|
日韩视频在线观看一区二区|
亚洲精品一区二区三区不|
欧美色一级片|
久久久高清一区二区三区|
欧美一级久久久久久久大片|
国产亚洲一区在线播放|
久久国产婷婷国产香蕉|
麻豆精品国产91久久久久久|
91久久精品日日躁夜夜躁欧美
|
麻豆av福利av久久av|
美女主播一区|
欧美国产综合|
国产精品久久久久久久久久久久久久
|
欧美日韩国产成人在线91|
亚洲欧美精品在线观看|
另类春色校园亚洲|
亚洲视频1区|
久久这里有精品视频|
国产精品99久久久久久久vr|
亚洲欧美日韩国产精品|
av成人动漫|
羞羞色国产精品|
亚洲狼人综合|
校园春色国产精品|
亚洲在线1234|
欧美电影资源|
久久国产福利|
久久国产精品99精品国产|
亚洲人成网站777色婷婷|
一本大道久久精品懂色aⅴ|
亚洲国产精品欧美一二99|
亚洲视频二区|
亚洲综合色激情五月|
麻豆成人av|
欧美激情一区二区三区四区|
欧美成年人视频网站欧美|
久久天堂av综合合色|
美女被久久久|
免费成人在线观看视频|
亚洲一区二区三区四区五区黄|
久热综合在线亚洲精品|
久久久精品欧美丰满|
欧美日韩亚洲高清|
欧美激情精品久久久久久|
国产日韩欧美不卡|
这里只有精品视频|
日韩一级视频免费观看在线|
猛男gaygay欧美视频|
久久久久久网址|
国精品一区二区三区|
亚洲欧美在线另类|
亚洲免费影视|
久久一区二区精品|
免费久久精品视频|
国产自产v一区二区三区c|
亚洲在线国产日韩欧美|
亚洲字幕一区二区|
欧美色精品天天在线观看视频|
久久久噜久噜久久综合|
国产日韩精品一区二区三区在线|
亚洲天堂黄色|
亚洲乱码久久|
欧美日韩视频一区二区三区|
91久久久久|
亚洲精品一区久久久久久|
男人插女人欧美|
亚洲国产毛片完整版|
亚洲一区二区三区精品动漫|
欧美日韩亚洲不卡|
亚洲性色视频|
久久精品二区三区|
欧美激情一区二区三区|
一区二区高清视频在线观看|
亚洲小视频在线观看|
欧美视频在线看|
亚洲欧美国产精品专区久久|
韩国自拍一区|
亚洲女人天堂av|
欧美一区二区在线看|
中文av一区二区|
亚洲精品视频免费观看|
亚洲韩国青草视频|
99精品国产99久久久久久福利|
欧美粗暴jizz性欧美20|
亚洲精品少妇30p|
一区二区三区高清在线|
欧美日韩视频免费播放|
一区二区三区福利|
欧美伊人久久大香线蕉综合69|
国产精品久久夜|
午夜精品久久久久久久99热浪潮
|
亚洲看片网站|
国产欧美亚洲视频|
久久久久九九九|
在线天堂一区av电影|
黄色小说综合网站|
女生裸体视频一区二区三区|
这里只有精品在线播放|
免费观看日韩av|
欧美一级免费视频|
亚洲国产一区在线|
国产午夜精品美女视频明星a级
|
亚洲无线观看|