/*++
Copyright (c) AntiDebugLIB Corporation. All rights reserved.
Module Name:
install.cpp
--*/
#include "stdafx.h"
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <strsafe.h>
#include "install.h"
static char *sLinkName = "\\\\.\\GjgllyDevice0";
static bool IsWinNT_via()
{
OSVERSIONINFO OSVersionInfo;
OSVersionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&OSVersionInfo);
return OSVersionInfo.dwPlatformId == VER_PLATFORM_WIN32_NT;
}
static HANDLE OpenADLdriver()
{
// Create a handle to the driver
return CreateFileA(sLinkName,
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
0,
NULL);
}
static void CloseSYSIfOpen(HANDLE* hDevice)
{
if (*hDevice != INVALID_HANDLE_VALUE)
{
// Close the handle to the driver
if (!CloseHandle(*hDevice))
{
MessageBoxA(NULL,"ERROR: CloseHandle","ERROR: CloseHandle",MB_OK);
}
*hDevice = INVALID_HANDLE_VALUE;
}
}
BOOL GJ_IsAntidebugWorking()
{
HANDLE hDevice = INVALID_HANDLE_VALUE;// Handle to device opened in driver.
hDevice = OpenADLdriver();
if (hDevice == INVALID_HANDLE_VALUE)
{
#ifdef _DEBUG
MessageBox(NULL,"ERROR opening device","ERROR opening device",MB_OK);
#endif
return FALSE;
}
else
{
#ifdef _DEBUG
MessageBox(NULL,"Device found, handle open.","Device found, handle open.",MB_OK);
#endif
//Sleep(28);
CloseHandle(hDevice);
//Sleep(28);
return TRUE;
}
}
BOOLEAN
InstallDriver(
__in SC_HANDLE SchSCManager,
__in LPCTSTR DriverName,
__in LPCTSTR ServiceExe
)
/*++
Routine Description:
Arguments:
Return Value:
--*/
{
char Sys_Dir[MAX_PATH];
//GetCurrentDirectory(MAX_PATH,Sys_Dir);
GetModuleFileNameA(GetModuleHandle(NULL), Sys_Dir, sizeof(Sys_Dir));
char* pszSlash = strrchr(Sys_Dir, '\\');
pszSlash[0]=0;
HKEY hkey=NULL;
DWORD dwDisposition;
LONG lErr;
RegCreateKeyExA(HKEY_LOCAL_MACHINE,
"SYSTEM\\CurrentControlSet\\Services\\Gjglly_Parameters\\Parameters",
0,
"Sys_Dir",
REG_OPTION_NON_VOLATILE,
KEY_ALL_ACCESS,
NULL,
&hkey,
&dwDisposition);
RegSetValueExA( hkey,
"Sys_Dir",
0,
REG_SZ,
(BYTE*)Sys_Dir,
strlen(Sys_Dir)+1
);
SC_HANDLE schService;
DWORD err;
//
// NOTE: This creates an entry for a standalone driver. If this
// is modified for use with a driver that requires a Tag,
// Group, and/or Dependencies, it may be necessary to
// query the registry for existing driver information
// (in order to determine a unique Tag, etc.).
//
//
// Create a new a service object.
//
schService = CreateService(SchSCManager, // handle of service control manager database
DriverName, // address of name of service to start
DriverName, // address of display name
SERVICE_ALL_ACCESS, // type of access to service
SERVICE_KERNEL_DRIVER, // type of service
SERVICE_BOOT_START, // when to start service !!!!!!!! SERVICE_DEMAND_START SERVICE_AUTO_START
SERVICE_ERROR_NORMAL, // severity if service fails to start
ServiceExe, // address of name of binary file
NULL, // service does not belong to a group
NULL, // no tag requested
NULL, // no dependency names
NULL, // use LocalSystem account
NULL // no password for service account
);
if (schService == NULL) {
err = GetLastError();
if (err == ERROR_SERVICE_EXISTS) {
//
// Ignore this error.
//
return TRUE;
} else {
//printf("CreateService failed! Error = %d \n", err );
//
// Indicate an error.
//
return FALSE;
}
}
//
// Close the service object.
//
if (schService) {
CloseServiceHandle(schService);
}
//
// Indicate success.
//
return TRUE;
} // InstallDriver
BOOLEAN
ManageDriver(
__in LPCTSTR DriverName,
__in LPCTSTR ServiceName,
__in USHORT Function
)
{
SC_HANDLE schSCManager;
BOOLEAN rCode = TRUE;
//
// Insure (somewhat) that the driver and service names are valid.
//
if (!DriverName || !ServiceName) {
//printf("Invalid Driver or Service provided to ManageDriver() \n");
return FALSE;
}
//
// Connect to the Service Control Manager and open the Services database.
//
schSCManager = OpenSCManagerA(NULL, // local machine
NULL, // local database
SC_MANAGER_ALL_ACCESS // access required
);
if (!schSCManager) {
//printf("Open SC Manager failed! Error = %d \n", GetLastError());
return FALSE;
}
//
// Do the requested function.
//
switch( Function ) {
case DRIVER_FUNC_INSTALL:
//
// Install the driver service.
//
if (InstallDriver(schSCManager,
DriverName,
ServiceName
)) {
//
// Start the driver service (i.e. start the driver).
//
rCode = StartDriver(schSCManager,
DriverName
);
} else {
//
// Indicate an error.
//
rCode = FALSE;
}
break;
case DRIVER_FUNC_REMOVE:
//
// Stop the driver.
//
StopDriver(schSCManager,
DriverName
);
//
// Remove the driver service.
//
RemoveDriver(schSCManager,
DriverName
);
//
// Ignore all errors.
//
rCode = TRUE;
break;
default:
//printf("Unknown ManageDriver() function. \n");
rCode = FALSE;
break;
}
//
// Close handle to service control manager.
//
if (schSCManager) {
CloseServiceHandle(schSCManager);
}
return rCode;
} // ManageDriver
BOOLEAN
RemoveDriver(
__in SC_HANDLE SchSCManager,
__in LPCTSTR DriverName
)
{
SC_HANDLE schService;
BOOLEAN rCode;
//
// Open the handle to the existing service.
//
schService = OpenServiceA(SchSCManager,
(LPCSTR)DriverName,
SERVICE_ALL_ACCESS
);
if (schService == NULL) {
//printf("OpenService failed! Error = %d \n", GetLastError());
//
// Indicate error.
//
return FALSE;
}
//
// Mark the service for deletion from the service control manager database.
//
if (DeleteService(schService)) {
//
// Indicate success.
//
rCode = TRUE;
} else {
//printf("DeleteService failed! Error = %d \n", GetLastError());
//
// Indicate failure. Fall through to properly close the service handle.
//
rCode = FALSE;
}
//
// Close the service object.
//
if (schService) {
CloseServiceHandle(schService);
}
return rCode;
} // RemoveDriver
BOOLEAN
StartDriver(
__in SC_HANDLE SchSCManager,
__in LPCTSTR DriverName
)
{
SC_HANDLE schService;
DWORD err;
//
// Open the handle to the existing service.
//
schService = OpenServiceA(SchSCManager,
(LPCSTR)DriverName,
SERVICE_ALL_ACCESS
);
if (schService == NULL) {
//printf("OpenService failed! Error = %d \n", GetLastError());
//
// Indicate failure.
//
return FALSE;
}
//
// Start the execution of the service (i.e. start the driver).
//
if (!StartServiceA(schService, // service identifier
0, // number of arguments
NULL // pointer to arguments
)) {
err = GetLastError();
if (err == ERROR_SERVICE_ALREADY_RUNNING) {
//
// Ignore this error.
//
return TRUE;
} else {
//printf("StartService failure! Error = %d \n", err );
//
// Indicate failure. Fall through to properly close the service handle.
//
return FALSE;
}
}
//
// Close the service object.
//
if (schService) {
CloseServiceHandle(schService);
}
return TRUE;
} // StartDriver
BOOLEAN
StopDriver(
__in SC_HANDLE SchSCManager,
__in LPCTSTR DriverName
)
{
BOOLEAN rCode = TRUE;
SC_HANDLE schService;
SERVICE_STATUS serviceStatus;
//
// Open the handle to the existing service.
//
schService = OpenServiceA(SchSCManager,
(LPCSTR)DriverName,
SERVICE_ALL_ACCESS
);
if (schService == NULL) {
//printf("OpenService failed! Error = %d \n", GetLastError());
return FALSE;
}
//
// Request that the service stop.
//
if (ControlService(schService,
SERVICE_CONTROL_STOP,
&serviceStatus
)) {
//
// Indicate success.
//
rCode = TRUE;
} else {
//printf("ControlService failed! Error = %d \n", GetLastError() );
//
// Indicate failure. Fall through to properly close the service handle.
//
rCode = FALSE;
}
//
// Close the service object.
//
if (schService) {
CloseServiceHandle (schService);
}
return rCode;
} // StopDriver
BOOLEAN
SetupDriverName(
__inout_bcount_full(BufferLength) PCHAR DriverLocation,
__in ULONG BufferLength
)
{
HANDLE fileHandle;
DWORD driverLocLen = 0;
//Because if the current OS is 64bit,gjglly.sys must copy to "C:\\Windows\\System32\\drivers",
//so we use "C:\\Windows\\System32\\drivers" instead of current directory.
/* //Get the current directory.
GetModuleFileNameA(GetModuleHandle(NULL), DriverLocation, BufferLength);
char* pszSlash = strrchr(DriverLocation, '\\');
pszSlash[0]=0;
*///Get the current directory.
GetSystemDirectory(DriverLocation, BufferLength);//"C:\\Windows\\System32\\drivers"
//
// Setup path name to driver file.
//
//if (FAILED( StringCbCatA(DriverLocation, BufferLength, "\\"DRIVER_NAME".sys") )) //Get the current directory.
if (FAILED( StringCbCatA(DriverLocation, BufferLength, "\\drivers\\"DRIVER_NAME".sys") ))
{
return FALSE;
}
//Following code will failed in 64bit OS
/*
//
// Insure driver file is in the specified directory.
//
if ((fileHandle = CreateFileA(DriverLocation,
GENERIC_READ,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL
)) == INVALID_HANDLE_VALUE) {
//printf("%s.sys is not loaded.\n", DRIVER_NAME);
//
// Indicate failure.
//
return FALSE;
}
//
// Close open file handle.
//
if (fileHandle) {
CloseHandle(fileHandle);
}
//
// Indicate success.
//
*/
return TRUE;
} // SetupDriverName
BOOL GJ_Install_ADL_Driver_BOOT_START()
{
if(!IsWinNT_via())
{
MessageBoxA(NULL,"This software can't be run in Win9x OS !","Operation System",MB_OK|MB_ICONWARNING);
ExitProcess(0);
}
if(!GJ_IsAntidebugWorking())
{
UCHAR driverLocation[MAX_PATH];
//
// The driver is not started yet so let us the install the driver.
// First setup full path to driver name.
//
if (!SetupDriverName((PCHAR)driverLocation, sizeof(driverLocation)))
{
return false;
}
if (!ManageDriver(DRIVER_NAME,
(LPCTSTR)driverLocation,
DRIVER_FUNC_INSTALL
))
{
//printf("Unable to install driver. \n");
//
// Error - remove driver.
//
ManageDriver(DRIVER_NAME,
(LPCTSTR)driverLocation,
DRIVER_FUNC_REMOVE
);
return false;
}
else
{
return true;
}
}
return true;
}
void GJ_Uninstall_ADL_Driver()
{
int current_user_num=0;
//////////////////////////////////////////////////////
/*
//
HANDLE hDevice = INVALID_HANDLE_VALUE;// Handle to device opened in driver.
hDevice = OpenADLdriver();
if (hDevice == INVALID_HANDLE_VALUE)
{
#ifdef _DEBUG
//AfxMessageBox("ERROR opening device");
#endif
return;
}
else
{
#ifdef _DEBUG
//AfxMessageBox("Device found, handle open.");
#endif
DWORD bytesReturned;
if (!DeviceIoControl ( hDevice,
IOCTL_GET_CURRENT_USER_NUM,
¤t_user_num,
sizeof(int),
¤t_user_num,
sizeof(int),
&bytesReturned,
NULL
)
)
{
return;
}
CloseHandle(hDevice);
}
//
*/
//if(current_user_num==1)
{
// Unload the driver. Ignore any errors.
//
UCHAR driverLocation[MAX_PATH];
ManageDriver(DRIVER_NAME,
(LPCTSTR)driverLocation,
DRIVER_FUNC_REMOVE
);
//
// close the handle to the device.
}
}
Submit an article or tip