[Rootkit] Hướng Dẫn Load Driver Lên Bộ Nhớ

Lập trình driver | Hướng Dẫn Load Driver Lên Bộ Nhớ

Sau khi lập trình xong 1 File Driver bạn đưa vào DDK để biên dịch ra FIle .sys,nhưng để có thể sử dụng File Driver đó bạn cần phải load nó lên bộ nhớ,chúng ta sử dụng hàm CreateServiceA + OpenServiceA + StartService để có thể khởi động Driver đó lên

sau đây là source

PHP Code:

---

//blackcoders....
#include
#include
#include
#pragma comment(lib,"Advapi32.lib")
//#pragma comment(linker, "/SUBSYSTEM:WINDOWS")
BOOL StartDriver(IN SC_HANDLE SchManager,IN LPCSTR DriverName)
{
SC_HANDLE schService;
BOOL ret;
int error;
schService=OpenServiceA(SchManager,
DriverName,
SERVICE_ALL_ACCESS
);
if(schService==NULL)
{
printf("[-]error OpenService!\n");
return false;
}
ret=StartService(schService,
0,
NULL);
if(ret)
{
printf("[+]StartService success!\n");
}
else
{
error=GetLastError();
if(error==ERROR_SERVICE_ALREADY_RUNNING)
{
printf("[-]Error:Start Service-already running!");
}
else
{
printf("Error:StartService!(0x%02x)\n",error);
}
}
CloseServiceHandle(schService);
return ret;
}

BOOL InstallDriver( IN SC_HANDLE SchManager,IN LPCSTR DriverName,IN LPCSTR Sexe)
{
SC_HANDLE schService;
DWORD err;
schService=CreateServiceA(SchManager,
DriverName,
DriverName,
SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER,
SERVICE_DEMAND_START,
SERVICE_ERROR_NORMAL,
Sexe,
NULL,
NULL,
NULL,
NULL,
NULL);
if(schService==NULL)
{
err=GetLastError();
if(err==ERROR_SERVICE_EXISTS)
{
printf("[-]Service already Exists!\n");
}
else
{
printf("[-]Error:CreateService:(0x%02x)\n",err);
}
return FALSE;
}
else
{
printf("[+]CreateService SUCCESS!\n");
}
CloseServiceHandle(schService);

}
BOOL StopDriver(IN SC_HANDLE SchManager,IN LPCSTR DriverName )
{
SC_HANDLE schService;
BOOL ret;
SERVICE_STATUS serviceStatus;
schService = OpenServiceA (SchManager,
DriverName,
SERVICE_ALL_ACCESS);
if(schService==NULL)
{
printf("[-]Error!OpenService(0x%02x)\n",GetLastError());
return FALSE;
}
ret=ControlService(schService,SERVICE_CONTROL_STOP,&serviceStatus);
if(ret)
{
printf("[+]Driver Stoped!\n");
}
else
{
printf("Error While Stoping!(0x%02x)\n",GetLastError());
}
CloseServiceHandle(schService);
return ret;
}
BOOL DeleteDriver(IN SC_HANDLE SchManager,IN LPCSTR DriverName )
{
SC_HANDLE schService;
BOOL ret;
schService = OpenServiceA (SchManager,
DriverName,
SERVICE_ALL_ACCESS);
if(schService==NULL)
{
printf("[-]Error!OpenService(0x%02x)\n",GetLastError());
return FALSE;
}
ret=DeleteService(schService);
if(ret)
{
printf("[+]Driver Deleted!\n");
}
else
{
printf("Error While Deleting!(0x%02x)\n",GetLastError());
}
CloseServiceHandle(schService);
return ret;
}



VOID _cdecl main(IN int argc,IN char *argv[])
{
char current[128];
SC_HANDLE sch;
GetCurrentDirectoryA(128,current);
sch=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
{
InstallDriver(sch,"abc","C:\\1.sys");
StartDriver(sch,"abc");
}
//StopDriver(sch,"abc");
//DeleteDriver(sch,"abc");
CloseServiceHandle(sch);
}