есть вот такой код но он неработает, драйвер подписан так что все должно быть норм... что не так? Код (C): #include <windows.h> #include <stdio.h> #define SE_LOAD_DRIVER_PRIVILEGE 10L #define _CRT_SECURE_NO_WARNINGS typedef struct _LSA_UNICODE_STRING { USHORT Length; USHORT MaximumLength; PVOID Buffer; } LSA_UNICODE_STRING, *PLSA_UNICODE_STRING; typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING; typedef DWORD(CALLBACK* RTLANSISTRINGTOUNICODESTRING)(PVOID, PVOID, DWORD); RTLANSISTRINGTOUNICODESTRING RtlAnsiStringToUnicodeString; typedef DWORD(CALLBACK* RTLFREEUNICODESTRING)(PVOID); RTLFREEUNICODESTRING RtlFreeUnicodeString; typedef DWORD(CALLBACK* ZWLOADDRIVER)(PVOID); ZWLOADDRIVER ZwLoadDriver; int LoadDriver(char * szDrvName, char * szDrvPath) { char szSubKey[MAX_PATH], szDrvFullPath[MAX_PATH]; LSA_UNICODE_STRING buf1; LSA_UNICODE_STRING buf2; int iBuffLen; HKEY hkResult; char val0[8] = "WinDrv"; //val0[8] = '\0'; char val1[4]; val1[0] = 1; val1[1] = 0; val1[2] = 0; val1[3] = 0; char val2[4]; val2[0] = 1; val2[1] = 0; val2[2] = 0; val2[3] = 0; char val3[4]; val3[0] = 3; val3[1] = 0; val3[2] = 0; val3[3] = 0; DWORD dwOK; iBuffLen = wsprintfA(szSubKey, "System\\CurrentControlSet\\Services\\%s", szDrvName); szSubKey[iBuffLen] = 0; dwOK = RegCreateKeyA(HKEY_LOCAL_MACHINE, (LPCSTR)szSubKey, &hkResult); if (dwOK != ERROR_SUCCESS) return false; iBuffLen = wsprintfA(szSubKey, "%s", "WinDrv"); szSubKey[iBuffLen] = 0; dwOK = RegSetValueExA(hkResult, (LPCSTR)"DisplayName", 0, 1, (BYTE*)szSubKey, iBuffLen); dwOK = RegSetValueExA(hkResult, "Type", 0, 4, (BYTE*)val1, 4); dwOK = RegSetValueExA(hkResult, "ErrorControl", 0, 4, (BYTE*)val2, 4); dwOK = RegSetValueExA(hkResult, "Start", 0, 4, (BYTE*)val3, 4); GetFullPathNameA((LPCSTR)szDrvPath, MAX_PATH, (LPSTR)szDrvFullPath, NULL); iBuffLen = wsprintfA(szSubKey, "\\??\\%s", szDrvFullPath); szSubKey[iBuffLen] = 0; dwOK = RegSetValueExA(hkResult, (LPCSTR)"ImagePath", 0, 1, (BYTE*)szSubKey, iBuffLen); if (dwOK != ERROR_SUCCESS) return false; RegCloseKey(hkResult); iBuffLen = wsprintfA(szSubKey, "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\%s", szDrvName); szSubKey[iBuffLen] = 0; buf2.Buffer = (PVOID)szSubKey; buf2.Length = iBuffLen; RtlAnsiStringToUnicodeString(&buf1, &buf2, 1); dwOK = ZwLoadDriver(&buf1); RtlFreeUnicodeString(&buf1); iBuffLen = wsprintfA(szSubKey, "%s%s\\Enum", "System\\CurrentControlSet\\Services\\", szDrvName); szSubKey[iBuffLen] = 0; RegDeleteKeyA(HKEY_LOCAL_MACHINE, (LPCSTR)szSubKey); iBuffLen = wsprintfA(szSubKey, "%s%s\\Security", "System\\CurrentControlSet\\Services\\", szDrvName); szSubKey[iBuffLen] = 0; RegDeleteKeyA(HKEY_LOCAL_MACHINE, (LPCSTR)szSubKey); iBuffLen = wsprintfA(szSubKey, "%s%s", "System\\CurrentControlSet\\Services\\", szDrvName); szSubKey[iBuffLen] = 0; RegDeleteKeyA(HKEY_LOCAL_MACHINE, (LPCSTR)szSubKey); iBuffLen = wsprintfA(szSubKey, "\\\\.\\%s", szDrvName); szSubKey[iBuffLen] = 0; return true; } BOOLEAN GetPrivilege(ULONG PrivilegeValue, BOOLEAN Enable) { BOOLEAN OldVal; typedef DWORD(WINAPI *pRtlAdjustPrivilege)(ULONG, BOOLEAN, BOOLEAN, PBOOLEAN); pRtlAdjustPrivilege RtlAdjustPrivilege = (pRtlAdjustPrivilege)GetProcAddress(GetModuleHandleA("ntdll.dll"), "RtlAdjustPrivilege"); if (RtlAdjustPrivilege) return (RtlAdjustPrivilege(PrivilegeValue, Enable, FALSE, &OldVal) == 0); else return FALSE; } int entry() { GetPrivilege(SE_LOAD_DRIVER_PRIVILEGE, TRUE); HMODULE hNtdll = NULL; hNtdll = LoadLibrary("ntdll.dll"); if (!hNtdll) { return false; } RtlAnsiStringToUnicodeString = (RTLANSISTRINGTOUNICODESTRING) GetProcAddress(hNtdll, "RtlAnsiStringToUnicodeString"); RtlFreeUnicodeString = (RTLFREEUNICODESTRING) GetProcAddress(hNtdll, "RtlFreeUnicodeString"); ZwLoadDriver = (ZWLOADDRIVER) GetProcAddress(hNtdll, "ZwLoadDriver"); if (LoadDriver("WinDrv", "C:\\Users\\Admin\\Desktop\\drv1.sys") == false) return false; return true; return 0; }
нате вам тру-код, хакиры Код (Text): sc create MyDriver1 type= kernel binPath= D:\MyDriver1.sys sc start MyDriver1 sc stop MyDriver1 sc delete MyDriver1
