首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>本站原创>windows原创>文章内容
控制台下修改系统驱动状态的程序(源代码)
来源:www.safechina.net 作者:CDrea 发布时间:2004-11-02  

控制台下修改系统驱动状态的程序(源代码)


论坛登陆名: CDrea
提交者邮件地址: CDrea@safechina.net
提交者QQ号码: 51714608
标题: 控制台下修改系统驱动状态的程序(源代码)
内容:
最近在sinister大哥的指点下,学习一些驱动方面的东西。最近在调一个程序很头痛...于是写了小东西,可以安装,卸载,启动和停止驱动(别指望它能把NDIS给停了,功能还没那么强,呵呵),也可以查询当前系统加载驱动的状况。
最近版面不振,我还是有一定责任的...什么事都做做停停的...也怪对不起大家的...唉,跑题了,发点牢骚。
使用方法:
svcs 查询系统中已运行的驱动
svcs [服务名] 查询指定驱动的状态
svcs -install [服务名] [驱动程序] 安装一个驱动程序,必须指定驱动程序的全路径名
svcs -remove [服务名] 卸载相应的驱动
svcs -start [服务名] 启动一个驱动
svcs -stop [服务名] 停止一个驱动
eg.
svcs -install fw c:\firewall.sys
svcs -start fw
svcs -stop fw
svcs -remove fw
主要是调用了Winsvc.h头文件中的API,没什么高难的技术。
VC 6.0 + SP5 + win2k pro
代码有点乱,不好意思...

#include &l!
t;stdio.h>
#include <windows.h>
#include <Winsvc.h>

LPENUM_SERVICE_STATUS EnumServices(SC_HANDLE, LPDWORD);
BOOL InstallService(SC_HANDLE hSCManager, LPCTSTR ServiceName, LPCTSTR ServiceExe);
BOOL RemoveService(SC_HANDLE hSCManager, LPCTSTR ServiceName);
BOOL StartService(SC_HANDLE hSCManager, LPCTSTR ServiceName);
BOOL StopService(SC_HANDLE hSCManager, LPCTSTR ServiceName);
BOOL IsAdmin(void);
void err_show(char*);
void Usage(char*);

int main(int argc, char* argv[])
{
SC_HANDLE hSCManager = NULL;
int nRet = 0;

nRet = IsAdmin();
if(!nRet)
{
printf("Must administrator privilege!\n");
}

//
// 打开服务控制管理器
//
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if(hSCManager == NULL)
{
fprintf(stderr, "OpenSCManager() failed. --err: %d\n", GetLastError());
return -1;
}

//
// 调用EnumServices列举系统中的服务
//
!
LPENUM_SERVICE_STATUS lpServices = NULL;
DWORD dwServicesRe!
turned =
0;
lpServices = EnumServices(hSCManager, &dwServicesReturned);
if(lpServices == 0)
{
free(lpServices);
CloseServiceHandle(hSCManager);
return -1;
}

//
// 显示服务信息
//

if(argc == 2)
{
//
// 显示帮助信息
//
if(!stricmp(argv[1], "-h") ││ !stricmp(argv[1], "-help"))
{
Usage(argv[0]);
return 0;
}

for(DWORD i = 0; i < dwServicesReturned; i++, lpServices++)
{
if(!stricmp(lpServices->lpServiceName, argv[1]))
break;
}

if(i == dwServicesReturned)
{
printf("Service not found!\n");
free(lpServices);
CloseServiceHandle(hSCManager);
return -1;
}

printf("[%s]\n", lpServices->lpDisplayName);
printf("\tService Name: %s\n", lpServices->lpServiceName);
printf("\tService Type: ");
switch(lpServices->ServiceStatus.dwServiceType)
{
case SERVICE_FILE_SYSTEM_DRIVER: printf("File System Driver\n!
");
break;
case SERVICE_KERNEL_DRIVER: printf("Device Driver\n");
break;
default: printf("User-Mode Service\n");
break;
}

printf("\tState: ");
switch(lpServices->ServiceStatus.dwCurrentState)
{
case SERVICE_PAUSED: printf("PAUSED\n");
break;
case SERVICE_RUNNING: printf("RUNNING\n");
break;
case SERVICE_STOPPED: printf("STOPPED\n");
break;
default: printf("PENDING\n");
break;
}

free(lpServices);
CloseServiceHandle(hSCManager);
return 0;
}
if(argc == 1)
{
for(DWORD i = 0; i < dwServicesReturned; i++, lpServices++)
printf("%s [%s]\n", lpServices->lpServiceName,
lpServices->lpDisplayName);
printf("\n\t\tTotal %d Service(s).\n\n", dwServicesReturned);

free(lpServices);
CloseServiceHandle(hSCManager);
return 0;
}

// ------------------------
// !
分析命令行参数
// ------------------------

//
// !
安装服务

//
if(!stricmp(argv[1], "-install"))
{
if(argc != 4)
{
Usage(argv[0]);
return 0;
}
nRet = InstallService(hSCManager, argv[2], argv[3]);
if(!nRet)
{
printf("Install service failed.\n");
return -1;
}
}

//
// 卸载服务
//
if(!stricmp(argv[1], "-remove"))
{
if(argc != 3)
{
Usage(argv[0]);
return 0;
}
nRet = RemoveService(hSCManager, argv[2]);
if(!nRet)
{
printf("Remove service failed.\n");
return -1;
}
}

//
// 启动服务
//
if(!stricmp(argv[1], "-start"))
{
if(argc != 3)
{
Usage(argv[0]);
return 0;
}
nRet = StartService(hSCManager, argv[2]);
if(!nRet)
{
printf("Start service failed.\n");
return -1;
}
}

//
// 停止服务
//
if(!stricmp(argv[1], "-stop"))
{
if(argc != 3)
{
Usage(argv[0]);
return 0;
}
nRet = StopService(hSCManage!
r, argv[2]);
if(!nRet)
{
printf("Stop service failed.\n");
return -1;
}
}
// -----------------------------------------------------

CloseServiceHandle(hSCManager);
return 0;
}

//
// EnumServices
// 列举系统的驱动
// ----------------------
// 参数:
// [IN] SC_HANDLE hSCManager 服务管理器句柄
// [OUT] LPDWORD lpdwServices 系统中安装的驱动的数量
// 返回值:
//成功返回ENUM_SERVICE_STATUS结构的指针,否则返回NULL
//
LPENUM_SERVICE_STATUS EnumServices(SC_HANDLE hSCManager, LPDWORD lpdwServices)
{
DWORD cbBytesNeeded = 0;
DWORD cbBufSize = 0;
DWORD dwServicesReturned = 0;

int nRet = 0;

//
// 首次调用EnumServicesStatus确定缓冲区的大小,由cbBytesNeeded?
祷?br>//
nRet = EnumServicesStatus(
hSCManager,
SERV!
ICE_DRIV
ER,
SERVICE_STATE_ALL,
NULL,
0,
&cbBytesNeeded,
lpdwServices,
0);

LPENUM_SERVICE_STATUS lpServices = (LPENUM_SERVICE_STATUS) malloc(cbBytesNeeded);

cbBufSize = cbBytesNeeded;

nRet = EnumServicesStatus(
hSCManager,
SERVICE_DRIVER,
SERVICE_STATE_ALL,
lpServices,
cbBufSize,
&cbBytesNeeded,
lpdwServices,
0);
if(nRet == 0)
{
err_show("EnumServicesStatus()");
return NULL;
}

return lpServices;
}

//
// InstallService
// 安装服务
// 参数:
// [IN] SC_HANDLE hSCManager 服务管理器句柄
// [IN] LPCTSTR ServiceName 服务名称
// [IN] LPCTSTR ServiceExe 可执行文件(需全路径)
// 输出:
// 成功:返回TRUE,否则返回FALSE
//
BOOL InstallService(SC_HA!
NDLE hSCManager, LPCTSTR ServiceName, LPCTSTR ServiceExe)
{
SC_HANDLE schService;

//
// so #$%@! ...:)
//
printf("Install %s... ", ServiceExe);
schService = CreateService( hSCManager, // SCManager database
ServiceName, // name of service
ServiceName, // name to display
&nb!
sp; !
; &
nbsp; SERVICE_ALL_ACCESS, // desired access
SERVICE_KERNEL_DRIVER, // service type
SERVICE_DEMAND_START, // start type
SERVICE_ERROR_NORMAL, // error control type
&n!
bsp; ServiceExe, // service's binary
NULL, // no load ordering group
NULL, // no tag identifier
!
; &!
nbsp;&nb
sp; NULL, // no dependencies
NULL, // LocalSystem account
NULL // no password
!
; );
if (schService == NULL)
{
if(GetLastError() == ERROR_SERVICE_EXISTS)
{
printf("Service has already installed!\n");
}
err_show("CreateService()");
return FALSE;
}
printf("Ok!\n");

CloseServiceHandle(schService);
return TRUE;
}

//
// StartService
// 启动服务
// ----------------
// 参数:
// [IN] SC_HANDLE hSCManager 服务管理器句柄
// [IN] LPCTSTR ServiceName 驱动名称
// 返回值:
// 成功返回TRUE,否则返回FALSE
//
BOOL StartService(SC_HANDLE hSCManager, LPCTSTR ServiceName)
{
SC_HANDLE schService = NULL;
&!
nbsp; int !
&n
bsp;nRet = 0;

schService = OpenService(hSCManager, ServiceName, SERVICE_ALL_ACCESS);
if(schService == NULL)
{
if(GetLastError() == ERROR_SERVICE_DOES_NOT_EXIST)
{
printf("Service is not exist!\n");
return FALSE;
}
err_show("OpenService()");
return FALSE;
}

nRet = StartService(schService, 0, NULL);
if(!nRet)
{
if(GetLastError() == ERROR_SERVICE_ALREADY_RUNNING)
{
printf("Service is already running!\n");
return nRet;
}
err_show("StartService()");
}

CloseServiceHandle(schService);
return nRet;
}

//
// StopService
// 停止驱动
// ---------------
// 参数:
// [IN] SC_HANDLE hSCManager !
;服务管理器句柄
// [IN] LPCTSTR ServiceName 服务名称
// 返回值:
// 成功返回TRUE,否则返回FALSE
//
BOOL StopService(SC_HANDLE hSCManager, LPCTSTR ServiceName)
{
SC_HANDLE schService = NULL;
SERVICE_STATUS ServiceStatus;
int nRet = 0;

schService = OpenService(hSCManager, ServiceName, SERVICE_ALL_ACCESS);
if(schService == NULL)
return FALSE;

nRet = ControlService(schService, SERVICE_CONTROL_STOP, &ServiceStatus);
if(!nRet)
{
switch(GetLastError())
{
case ERROR_SERVICE_NOT_ACTIVE:
printf("Service has stopped!\n");
return nRet;

case E!
RROR_INVALID_SERVICE_CONTROL:
printf("The requested co!
ntrol co
de is not valid!\n");
return nRet;
}
err_show("ControlService()");
}

CloseServiceHandle(schService);
return nRet;
}

//
// RemoveService
// 卸载服务
// ------------
// 参数:
// [IN] SC_HANDLE hSCManager 服务管理器句柄
// [IN] LPCTSTR ServiceName 服务名称
// 返回值:
// 成功返回TRUE,否则返回FALSE
//
BOOL RemoveService(SC_HANDLE hSCManager, LPCTSTR ServiceName)
{
SC_HANDLE schService;
int nRet = 0;

schService = OpenService(hSCManager, ServiceName, SERVICE_ALL_ACCESS);
if(schService == NULL)<!
br>return FALSE;

nRet = DeleteService(schService);
if(!nRet)
{
err_show("DeleteService()");
}

CloseServiceHandle(schService);

return nRet;
}

//
// IsAdmin
// 判断当前用户是否有Administrator的权限
// -----------------------------------------
// 参数:
// N/A
// 返回值:
// 若具有权限返回TRUE,否则返回FALSE
//
BOOL IsAdmin(void)
{
HANDLE hAccessToken;
BYTE *InfoBuffer;
PTOKEN_GROUPS &nbs!
p; ptgGroups;
&nbs!
p;
DWORD dwInfoBufferSize;
PSID psidAdministrators;
SID_IDENTIFIER_AUTHORITY siaNtAuthority = SECURITY_NT_AUTHORITY;
UINT i;
BOOL bRet = FALSE;

if(!OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY,&hAccessToken))
goto cleanup;

InfoBuffer = new BYTE[1024];
if(!InfoBuffer)
goto cleanup;

!
; bRet = GetTokenInformation(hAccessToken,
TokenGroups,
InfoBuffer,
1024,
&dwInfoBufferSize);

CloseHandle(hAccessToken);

if(!bRet)
goto cleanup;<!
br>
if( !AllocateAndInitializeSid(&!
siaNtAut
hority,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0,0,0,0,0,0,
&nbs!
p; &psidAdministrators) )
goto cleanup;

bRet = FALSE;

ptgGroups = (PTOKEN_GROUPS)InfoBuffer;

for(i = 0; i < ptgGroups->GroupCount; i++)
{
if(EqualSid(psidAdministrators,ptgGroups->Groups[i].Sid))
{
bRet = TRUE;
break;
}
}

FreeSid(psidAdministrators);

cleanup:

if(InfoBuffer)
delete InfoBuffer;

return bRet;
}

void er!
r_show(char* msg)
{
fprintf(stderr, "%s failed. --e!
rr: %d\n
", msg, GetLastError());
}

void Usage(char* msg)
{
printf("+------------------------------+\n");
printf("│ Services tool v0.1 │\n");
printf("│ Write By CDrea │\n");
printf("│ 2004-11-1 │\n");
printf("│ thx to sinister │\n");
printf("│ http://www.safechina.net │\n");
printf("+------------------------------+\n");
printf("USAGE:\n");
printf(" %s [[-install srv exe] │ [-remove srv] │ [-start srv] │ [-stop srv]] [srv]\n\n", msg);
printf(&!
quot; %s Show all service\n", msg);
printf(" %s srv Show status of srv_name\n", msg);
printf(" -install srv exe Install a service, and must full path of exe\n");
printf(" -remove srv Remove a service\n");
printf(" -start srv Start a service\n");
printf(" -stop srv Stop a service\n");
printf("eg.\n");
printf(" %s -install fw c:\\fw.sys", msg);
}



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·突破网关限制上qq
·windows下用openssh、ant、vss控
·Win平台上如何写ShellCode
·用AdminScripts下的vbs工具在80
·IPSec Filer
·netserve安全缺陷
·安装windows2000
  相关文章
·用AdminScripts下的vbs工具在80
·netserve安全缺陷
·IPSec Filer
·Win平台上如何写ShellCode
·突破网关限制上qq
·安装windows2000
·windows下用openssh、ant、vss控
  推荐广告
CopyRight © 2002-2018 VFocuS.Net All Rights Reserved