1 static UNICODE_STRING StringSrcDriver = RTL_CONSTANT_STRING(L"\\??\\C:\\Users\\Administrator\\Desktop\\PCHunter64as.sys");
2 static UNICODE_STRING StringDstDriver = RTL_CONSTANT_STRING(L"\\??\\C:\\Users\\Administrator\\Desktop\\PCHunter64as.sys.bak");
3
4 #define PAGE_SIZE_MM (4096)
5 #define MYDRIVER_TAG ('hack')
6
7 static NTSTATUS CopyFile(PUNICODE_STRING dst, PUNICODE_STRING src)
8 {
9 HANDLE FileHandle1,FileHandle2;
10 IO_STATUS_BLOCK block1, block2;
11 OBJECT_ATTRIBUTES ot1, ot2;
12 NTSTATUS status;
13 //block1
14 char *Buff;
15 LARGE_INTEGER ByteOffset1, ByteOffset2;
16
17 if(KeGetCurrentIrql() != PASSIVE_LEVEL) {
18 kprintf("[+] infinityhook: STATUS_INVALID_DEVICE_STATE\n");
19 return STATUS_INVALID_DEVICE_STATE;
20 }
21
22 Buff = (char *)ExAllocatePoolWithTag(PagedPool, PAGE_SIZE_MM, MYDRIVER_TAG);
23 if (Buff == NULL) {
24 return STATUS_INVALID_DEVICE_STATE;
25 }
26 block1.Pointer = NULL;
27 block1.Information = NULL;
28 block2.Pointer = NULL;
29 block2.Information = NULL;
30
31 InitializeObjectAttributes(&ot1, dst, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
32 InitializeObjectAttributes(&ot2, src, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
33
34 status = ZwCreateFile( &FileHandle1,
35 GENERIC_WRITE,
36 &ot1, &block1,
37 NULL, FILE_ATTRIBUTE_NORMAL ,0,
38 FILE_OVERWRITE_IF,
39 FILE_SYNCHRONOUS_IO_NONALERT,
40 NULL, 0);
41 if (!NT_SUCCESS(status)) {
42 kprintf("ZwCreateFile File %wZ Error:%d\n", dst, status);
43 goto out;
44 }
45 status = ZwCreateFile( &FileHandle2,
46 GENERIC_READ,
47 &ot2, &block2,
48 NULL, FILE_ATTRIBUTE_NORMAL, 0,
49 FILE_OPEN,
50 FILE_SYNCHRONOUS_IO_NONALERT,
51 NULL, 0);
52 if (!NT_SUCCESS(status)) {
53 kprintf("ZwCreateFile File %wZ Error:%d\n", src, status);
54 goto out_2;
55 }
56 kprintf("ZwCreateFile Tow File Ok, Next to Read and Write!!!!\n");
57
58 ByteOffset1.QuadPart = 0;
59 ByteOffset2.QuadPart = 0;
60
61 do {
62 status = ZwReadFile(FileHandle2,
63 NULL,
64 NULL,
65 NULL,
66 &block2,
67 Buff,
68 PAGE_SIZE_MM,
69 &ByteOffset2,
70 NULL);
71 if (!NT_SUCCESS(status)) {
72 kprintf("ZwReadFile Error!!!");
73 goto out_1;
74 }
75 if (block2.Information == 0) {
76 kprintf("ZwReadFile Zero byte!!!");
77 goto out_1;
78 }
79 kprintf("ZwReadFile block2 Information : %d", (int)block2.Information);
80
81 ByteOffset2.QuadPart += block2.Information;
82
83 status = ZwWriteFile( FileHandle1,
84 NULL,
85 NULL,
86 NULL,
87 &block1,
88 Buff,
89 (ULONG)block2.Information,
90 &ByteOffset1,
91 NULL);
92 if (!NT_SUCCESS(status)) {
93 kprintf("ZwWriteFile Error!!!");
94 goto out_1;
95 }
96 ByteOffset1.QuadPart += block1.Information;
97 kprintf("ZwWriteFile block1 Information : %d", (int)block1.Information);
98 } while(1);
99
100 out_1:
101 ZwClose(FileHandle2);
102 out_2:
103 ZwClose(FileHandle1);
104 out:
105 ExFreePool(Buff);
106 return status;
107 }
浙公网安备 33010602011771号