?? header.h
字號:
#ifndef _HEADER_H_
#define _HEADER_H_
//#define NDIS_WDM 1
//#define BINARY_COMPATIBLE 0
/*****************************************************************
*
* Reversed By yykingking (yykingking@126.com)
* 僅供學習交流使用
*****************************************************************/
#include <ntddk.h>
#include <ndis.h>
#define PKAFFINITY ULONG
#define true 1
#define false 0
typedef unsigned char BYTE;
typedef unsigned long DWORD;
typedef unsigned short WORD;
typedef char bool;
typedef long BOOL;
#pragma pack(1)
typedef struct _LOCK_LIST
{
LIST_ENTRY pList;
KSPIN_LOCK Lock;
}LOCK_LIST, *PLOCK_LIST;
typedef struct _idtr
{
//定義中斷描述符表的限制,長度兩字節;
short IDTLimit;
//定義中斷描述服表的基址,長度四字節;
unsigned int IDTBase;
}IDTR,*PIDTR;
typedef struct
{
unsigned short LowOffset;
unsigned short selector;
unsigned char unused_lo;
unsigned char segment_type:4; //0x0E is an interrupt gate
unsigned char system_segment_flag:1;
unsigned char DPL:2; // descriptor privilege level
unsigned char P:1; /* present */
unsigned short HiOffset;
} IDTENTRY,*PIDTENTRY;
typedef struct _STRUCT_TWO
{
DWORD Pid; // 0x0
PVOID StartAddress; // 0x4
PMDL pMdl; // 0x8
DWORD Reserved4; // 0xc
LOCK_LIST pLockList; // 0x10
DWORD Reserved5; // 0x18
}STRUCT_TWO, *PSTRUCT_TWO;
typedef struct _STRUCT_THREE
{
int Reserved1; // 始終為0..??
int Reserved2; // hash結構,索引
}STRUCT_THREE,*PSTRUCT_THREE;
typedef struct _STRUCT_FOUR
{
bool bFirst; // 0x0
bool bSecond; // 0x1
DWORD Array[9]; // 0x2
}STRUCT_FOUR, *PSTRUCT_FOUR;
typedef struct _STRUCT_12H_
{
bool Reserved1; // 0x0
bool ConvertEditCtrl; // 0x1 可以轉換 HOME PGUP 等鍵
bool ShiftDown; // 0x2 當shift按下時為1
bool Reserved4; // 0x3
bool Reserved5; // 0x4
bool Reserved6; // 0x5
bool Reserved7; // 0x6
bool Reserved8; // 0x7
bool Reserved9; // 0x8
bool Reserveda; // 0x9
bool bDoletter; // 0xa 為1時才能夠處理字母鍵盤掃描碼
bool Reservedc; // 0xb
bool Reservedd; // 0xc
bool Reservede; // 0xd
bool Reservedf; // 0xe
bool Reserved10; // 0xf
bool Reserved11; // 0x10
bool Reserved12; // 0x11
// bool Reserved10; // 0x12
// DWORD Reserved11; // 0x13
// bool Reserved12; // 0x14
}STRUCT_12H,*PSTRUCT_12H;
typedef struct _STRUCT_17H_
{
bool CanReHookKBInt; // 0x0 使得能重復hook鍵盤中斷
bool Reserved2; // 0x1
bool Reserved3; // 0x2
bool DoUnhookKBInt; // 0x3 在UNLOAD時間能調用UnHookKBInt
bool DoDetach; // 0x4 在UNLOAD時間能調用DetachAndDeleteDevice
bool Reserved6; // 0x5
DWORD Reserved7; // 0x6
DWORD Reserved8; // 0xa
DWORD IntEntry; // 0xe keyboard 的中斷入口
bool Reserved10; // 0x12
DWORD Reserved11; // 0x13
bool Reserved12; // 0x14
}STRUCT_17H,*PSTRUCT_17H;
typedef struct _ATTACH_INFO_
{
PDEVICE_OBJECT pSourceDeviceObjArray[10];
PDEVICE_OBJECT pDeviceObjArray[10];
int intArray1[10];
PDEVICE_OBJECT pAttachDeviceObjArray[10];
}ATTACH_INFO, *PATTACH_INFO;
typedef struct _STRUCT_FIVE_
{
bool bReserved0; //0x0
bool bReserved1; //0x1
WORD WReserved2; //0x2
DWORD Reserved3; //0x4
DWORD Reserved4; //0x8
}STRUCT_FIVE,*PSTRUCT_FIVE;
typedef struct _STRUCT_SIX_
{
char bReserved0; //0x0
bool bReserved1; //0x1
bool bReserved2; //0x2
bool bReserved3; //0x3
}STRUCT_SIX,*PSTRUCT_SIX;
#pragma pop()
void ChangeHexToBin( IN char* VirtualAddress, OUT char* OutAddress);
void ConvertCharArray( char* param1, char* param2);
NTSTATUS SaveKBIntEntryOnce( PDEVICE_OBJECT pDeviceObj, PIRP pIrp);
NTSTATUS DoNothing( PDEVICE_OBJECT param1, PIRP param2);
NTSTATUS DeleteAllStructByPid( PDEVICE_OBJECT pDeviceObj, PIRP pIrp);
void TimerFunction (IN PVOID SystemSpecific1,IN PDEVICE_OBJECT pDeviceObj,IN PVOID SystemSpecific2,IN PVOID SystemSpecific3);
NTSTATUS MyIoCallDriver( PDEVICE_OBJECT pDeviceObject, PIRP pIrp);
NTSTATUS MD5String( PDEVICE_OBJECT pDeviceObj, PIRP pIrp);
DWORD HookKBInt();
DWORD GetKeyBoardIntEntry();
PSTRUCT_TWO FindAndCreateStruct( int Num);
void CopyStructFour( PSTRUCT_FOUR pDest);
void CopyDataToCArray( PDEVICE_OBJECT pDeviceObj, PIRP pIrp);
NTSTATUS OpenEventHandle( PIRP pIrp, PIO_STACK_LOCATION pIrpStack);
DWORD HookAndSaveKBInt();
NTSTATUS SetTwoBoolFalse( PDEVICE_OBJECT pDriverObj, PIRP pIrp);
NTSTATUS AddDevice( IN PDRIVER_OBJECT pDriverObj,IN PDEVICE_OBJECT PhysicalDeviceObject);
NTSTATUS DispatchFun2( PDEVICE_OBJECT pDeviceObj, PIRP pIrp);
void CopyDataToPVoidUnknown1( PDEVICE_OBJECT pDeviceObj, PIRP pIrp);
DWORD DispatchNewInt( DWORD param);
bool IsLetterCode( char code);
bool IsEditCtrlKey( char code);
char ConvertLetter( char code);
bool IsInputPlusCode( char code);
bool IsInputCode( char code);
int LookUpAsciiByIndex( int code);
int LookUpAsciiByIndex2( int code);
char NotAndSHR7(char code);
int DoHash( int* pNum);
void DetachAndDeleteDevice();
void ClearLinkDevice();
DWORD UnHookKBInt();
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObj, PUNICODE_STRING pRegPath);
//void NewIntEntry();
#endif?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -