Click here to Skip to main content
15,889,808 members
Search within:


Articles / Programming Languages / C++
 

Driver to Hide Processes and Files. Second Edition: Splicing

,
Rate me:
Please Sign up or sign in to vote.
4.93/5 (33 votes)
11 Mar 2011CPOL9 min read 69.4K   8.8K   115  
This article describes a driver that hides processes and files using the method of splicing.
 
#pragma once

#include <string>
#include "wchar.h"
namespace utils
{
/*

http://en.wikipedia.org/wiki/Wildmat

wildmat is a pattern matching library developed by Rich Salz. 
Based on the wildcard syntax already used in the Bourne shell,
wildmat provides a uniform mechanism for matching patterns across 
applications with simpler syntax than that typically offered by regular expressions. 
Patterns are implicitly anchored at the beginning and end of each string when testing for a match.

*/

#define MATCH_TRUE	1
#define MATCH_FALSE 0
#define MATCH_ABORT -1

/* What character marks an inverted character class? */
#define NEGATE_CLASS           '^'

int DoMatch(const wchar_t *text, const wchar_t *p)
{
	int last;
	int matched;
	int reverse;
	for ( ; *p; text++, p++) 
	{
		if (*text == L'\0' && *p != L'*')
			return MATCH_ABORT;
		switch (*p) 
		{
		default:
			if ( _wcsnicmp(text,p,1) != 0 )
				return MATCH_FALSE;
			continue;
		case L'?':
			/* Match anything. */
			continue;
		case L'*':
			while (*++p == L'*')
				/* Consecutive stars act just like one. */
				continue;
			if (*p == L'\0')
				/* Trailing star matches everything. */
				return MATCH_TRUE;
			while (*text)
				if ((matched = DoMatch(text++, p)) != MATCH_FALSE)
					return matched;
			return MATCH_ABORT;
		case L'[':
			reverse = p[1] == NEGATE_CLASS ? MATCH_TRUE : MATCH_FALSE;
			if (reverse)
				/* Inverted character class. */
				p++;
			for (last = 0400, matched = MATCH_FALSE; *++p && *p != L']'; last = *p)
				/* This next line requires a good C compiler. */
				if (*p == L'-' ? *text <= *++p && *text >= last : *text == *p)
					matched = MATCH_TRUE;
			if (matched == reverse)
				return MATCH_FALSE;
			continue;
		}
	}

	return *text == L'\0';
}

bool wildmat(const wchar_t *text, const wchar_t *p)
{
	if (p[0] == L'*' && p[1] == L'\0')
		return MATCH_TRUE;

	return DoMatch(text, p) == MATCH_TRUE;
} 

inline bool
EqualWString(const wchar_t* mask, size_t maskSize,
			 const wchar_t* target, size_t targetSize)
{
	if(maskSize != targetSize)
		return false;

	return ( _wcsnicmp(mask,target,maskSize) == 0 );
}
inline bool
ApplyWildCards(const wchar_t* mask, size_t maskSize,
			   const wchar_t* target, size_t targetSize)
{
	if(maskSize == 0)
		throw std::exception(__FUNCTION__"Mask string can't be empty");

	if(targetSize == 0)
		throw std::exception(__FUNCTION__"Target string can't be empty");

	if(EqualWString(mask,maskSize,target,targetSize)) 
		return true;

	return wildmat(target,mask);
	//return WildCardsAlgorithm(mask,maskSize,target,targetSize);
}
inline bool
ApplyWildCards(const std::wstring& maskStr,const std::wstring& targetStr)
{
    return ApplyWildCards(&maskStr.at(0),maskStr.size(),&targetStr.at(0),targetStr.size());
}

}//namespace utils

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Apriorit Inc
Chief Technology Officer Apriorit Inc.
United States United States
ApriorIT is a software research and development company specializing in cybersecurity and data management technology engineering. We work for a broad range of clients from Fortune 500 technology leaders to small innovative startups building unique solutions.

As Apriorit offers integrated research&development services for the software projects in such areas as endpoint security, network security, data security, embedded Systems, and virtualization, we have strong kernel and driver development skills, huge system programming expertise, and are reals fans of research projects.

Our specialty is reverse engineering, we apply it for security testing and security-related projects.

A separate department of Apriorit works on large-scale business SaaS solutions, handling tasks from business analysis, data architecture design, and web development to performance optimization and DevOps.

Official site: https://www.apriorit.com
Clutch profile: https://clutch.co/profile/apriorit
This is a Organisation

33 members

Written By
Sergii Bratus
Technical Lead Apriorit Inc.
Ukraine Ukraine
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 11 Mar 2011

Article Copyright 2011 by Apriorit Inc, Sergii Bratus
Everything else Copyright © CodeProject, 1999-2024

Web04 2.8:2024-04-02:1