forked from zouxianyu/KernelHiddenExecute
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdlioctl.h
More file actions
43 lines (33 loc) · 976 Bytes
/
dlioctl.h
File metadata and controls
43 lines (33 loc) · 976 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#pragma once
#include <Windows.h>
#include <QString>
#define IOCTL_SAFE_READ CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_SAFE_EXEC CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_UNSAFE_READ CTL_CODE(FILE_DEVICE_UNKNOWN, 0x802, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_UNSAFE_EXEC CTL_CODE(FILE_DEVICE_UNKNOWN, 0x803, METHOD_BUFFERED, FILE_ANY_ACCESS)
class ProtectedDriverControl
{
public:
ProtectedDriverControl();
~ProtectedDriverControl();
bool open(QString deviceName);
void close();
QString safeRead();
QString safeExec();
QString unsafeRead();
QString unsafeExec();
private:
HANDLE hDevice;
};
#define IOCTL_ATTACK CTL_CODE(FILE_DEVICE_UNKNOWN, 0x810, METHOD_BUFFERED, FILE_ANY_ACCESS)
class MalwareDriverControl
{
public:
MalwareDriverControl();
~MalwareDriverControl();
bool open(QString deviceName);
void close();
bool attack();
private:
HANDLE hDevice;
};