Click here to Skip to main content
15,896,379 members
Search within:


Articles / Desktop Programming / MFC
 

Driver to Hide Processes and Files

, ,
Rate me:
Please Sign up or sign in to vote.
4.57/5 (145 votes)
17 Aug 2009CPOL12 min read 661.1K   28.6K   369  
In this article, we describe the driver we created to hide processes and files in a system.
 
// FileForm.cpp : implementation file
//

#include "stdafx.h"
#include "GUI.h"
#include "FileForm.h"
#include "AddDlg.h"


// FileForm

IMPLEMENT_DYNCREATE(FileForm, CFormView)

FileForm::FileForm()
	: CFormView(FileForm::IDD)
{
}

FileForm::~FileForm()
{
}

void FileForm::DoDataExchange(CDataExchange* pDX)
{
	CFormView::DoDataExchange(pDX);
	DDX_Control(pDX, IDC_LIST_FILE, mListFile);
}

BEGIN_MESSAGE_MAP(FileForm, CFormView)
	ON_NOTIFY(NM_RCLICK, IDC_LIST_FILE, OnNMRclickListFile)
	ON_COMMAND(ID_MENU_DELEATE, OnMenuDeleate)
	ON_COMMAND(ID_MENU_ADD, OnMenuAdd)
	ON_COMMAND(ID_MENU_QUERY, OnMenuQuery)
	ON_COMMAND(ID_MENU_DELEATE_ALL, OnMenuDeleateAll)
END_MESSAGE_MAP()


// FileForm diagnostics

#ifdef _DEBUG
void FileForm::AssertValid() const
{
	CFormView::AssertValid();
}

void FileForm::Dump(CDumpContext& dc) const
{
	CFormView::Dump(dc);
}
#endif //_DEBUG


// FileForm message handlers

void FileForm::OnInitialUpdate()
{
	CFormView::OnInitialUpdate();

	mListFile.InsertColumn(0,_T("File path"),LVCFMT_LEFT,300,0);
	
	DWORD dwExStyle_f=mListFile.GetExtendedStyle();
	dwExStyle_f= (LVS_EX_FULLROWSELECT|LVS_EX_GRIDLINES);
	mListFile.SetExtendedStyle(dwExStyle_f);
}

void FileForm::OnNMRclickListFile(NMHDR *pNMHDR, LRESULT *pResult)
{
	CPoint point; 
	GetCursorPos( &point); 
	CMenu menu;
	menu.LoadMenu(IDR_MENU_LIST);

	POSITION pos = mListFile.GetFirstSelectedItemPosition();
	if(pos == NULL)
		menu.EnableMenuItem(ID_MENU_DELEATE,TRUE);

	if(mListFile.GetItemCount() == 0)
		menu.EnableMenuItem(ID_MENU_DELEATE_ALL,TRUE);

	menu.GetSubMenu(0)->TrackPopupMenu(TPM_LEFTALIGN|TPM_RIGHTBUTTON, point.x, point.y, this);	

	*pResult = 0;
}

void FileForm::OnMenuAdd()
{
	AddDlg dlg(TYPE_FILE);
	if( dlg.DoModal() != IDOK )
		return;

	CString strProcessName = dlg.mReturnData.Name;

	PWCHAR str = (PWCHAR)strProcessName.GetString();
	DWORD size = strProcessName.GetLength(); 
	WCHAR int_data;
	DWORD BytesReturned;
	size+=1; // Adding size of '\0' symbol
	size*=2; // Take into consideration UNICODE size of character

	BOOL res = mDrvWork.Exchange(IOCTL_ADD_FILE_NAME,
		str,					// Input string 
		size,					// Size of input string
		&int_data,				// Output string
		2 * sizeof(int_data),   // Size of buffer for output string
		&BytesReturned);
	if(!res) 
		AfxMessageBox(_T("Send error"));
	else
	{
		int nIndex = mListFile.GetItemCount();
		mListFile.InsertItem(nIndex,strProcessName);
	}
}

void FileForm::OnMenuDeleate()
{
	POSITION pos = mListFile.GetFirstSelectedItemPosition();
	if (pos == NULL)
		return;

	while (pos)
	{
		int nItem = mListFile.GetNextSelectedItem(pos);
		CString ProcessName = mListFile.GetItemText(nItem,0);

		PWCHAR str = (PWCHAR)ProcessName.GetString();
		WCHAR int_data;
		DWORD BytesReturned;
		DWORD size = ProcessName.GetLength(); 
		size+=1; // Adding size of '\0' symbol
		size*=2; // Take into consideration UNICODE size of character

		BOOL res = mDrvWork.Exchange(IOCTL_DEL_FILE_NAME,
			str,					// Input string 
			size,					// Size of input string
			&int_data,				// Output string
			2 * sizeof(int_data),   // Size of buffer for output string
			&BytesReturned);
		if(!res) 
			AfxMessageBox(_T("Send error"));
		else
		{
			LVFINDINFO info;
			int nIndex;

			info.flags = LVFI_PARTIAL|LVFI_STRING;
			info.psz = ProcessName;

			// Delete all of the items that begin with the string ProcessName.
			while ((nIndex=mListFile.FindItem(&info)) != -1)
			{
				mListFile.DeleteItem(nIndex);
			}
		}

	}
}

void FileForm::OnMenuDeleateAll()
{
	WCHAR Data;
	WCHAR int_data;
	DWORD BytesReturned;

	BOOL res = mDrvWork.Exchange(IOCTL_CLEAR_FILE_NAME,
		&Data,					// Input string 
		2 * sizeof(Data),		// Size of input string
		&int_data,				// Output string
		2 * sizeof(int_data),   // Size of buffer for output string
		&BytesReturned);
	if(!res) 
		AfxMessageBox(_T("Send error"));
	else
	{
		mListFile.DeleteAllItems();
	}
}

void FileForm::OnMenuQuery()
{
	WCHAR Data;
	WCHAR int_data[MAX_PATH];
	DWORD BytesReturned;

	BOOL res = mDrvWork.Exchange(IOCTL_QUERY_FILE_NAME,
		&Data,					// Input string 
		2 * sizeof(Data),		// Size of input string
		int_data,				// Output string
		2 * sizeof(int_data),	// Size of buffer for output string
		&BytesReturned);
	if(!res) 
		AfxMessageBox(_T("Send error"));
	else
	{
		mListFile.DeleteAllItems();

		CString str;
		str.Format(_T("%ws"),int_data);

		int LeftBorder=0;
		int RightBorder=0;
		while(true)
		{
			RightBorder = str.Find(_T("\n"),LeftBorder); 
			if(RightBorder == -1)
				break;

			CString ProcessName = str.Mid(LeftBorder,RightBorder - LeftBorder);
			LeftBorder = RightBorder + 1; 

			int nIndex = mListFile.GetItemCount();
			mListFile.InsertItem(nIndex,ProcessName);
		}
	}
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Apriorit Inc
Chief Technology Officer Apriorit Inc.
United States United States
ApriorIT is a software research and development company specializing in cybersecurity and data management technology engineering. We work for a broad range of clients from Fortune 500 technology leaders to small innovative startups building unique solutions.

As Apriorit offers integrated research&development services for the software projects in such areas as endpoint security, network security, data security, embedded Systems, and virtualization, we have strong kernel and driver development skills, huge system programming expertise, and are reals fans of research projects.

Our specialty is reverse engineering, we apply it for security testing and security-related projects.

A separate department of Apriorit works on large-scale business SaaS solutions, handling tasks from business analysis, data architecture design, and web development to performance optimization and DevOps.

Official site: https://www.apriorit.com
Clutch profile: https://clutch.co/profile/apriorit
This is a Organisation

33 members

Written By
Ivan Romanenko
Software Developer Codedgers Inc
Ukraine Ukraine
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Written By
Sergey Popenko
Software Developer (Junior) ApriorIT
Ukraine Ukraine
Sergey Popenko.
22 years old.
The Driver Team`s software developer.
Master of the Applied Math faculty, the Dnipropetrovsk National University, Ukraine.

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 21 Jan 2009

Article Copyright 2009 by Apriorit Inc, Ivan Romanenko, Sergey Popenko
Everything else Copyright © CodeProject, 1999-2024

Web03 2.8:2024-04-02:1