// dllmain.cpp : DLL 애플리케이션의 진입점을 정의합니다. #include "pch.h" #define MSG_MAP_COUNT 5 static HMODULE s_hInst = NULL; static WCHAR s_wzDllPath[MAX_PATH]; string s_current_path_; static CServiceControl* service_ = NULL; CInterface* interface_ = NULL; static CReporter* report_ = NULL; static HANDLE s_completion = NULL; BS1FLT_USER_MESSAGE pMsgMap[MSG_MAP_COUNT] = { NULL, }; static THREAD_CONTEXT s_context = { 0, }; static HANDLE s_exitevent = INVALID_HANDLE_VALUE; //static CProcessNotify* pCProcessNotify = NULL; #define BS1FLT_STATUS_SUCCESS 0x00000000L #define BS1FLT_STATUS_UNSUCCESSFUL 0x00000001L BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } BS1FLT_API DWORD WINAPI Bs1fltCleanup() { if (s_exitevent != INVALID_HANDLE_VALUE) { SetEvent(s_exitevent); CloseHandle(s_exitevent); s_exitevent = INVALID_HANDLE_VALUE; } if (s_completion != NULL) { CloseHandle(s_completion); s_completion = NULL; } if (report_ != NULL) { delete report_; report_ = NULL; } //if (pCProcessNotify != NULL) //{ // pCProcessNotify->FinishPrivate(); // delete pCProcessNotify; // pCProcessNotify = NULL; // CleanupExitPid(); //} Sleep(1000); if (interface_ != NULL) { interface_->Close(); delete interface_; interface_ = NULL; } if (service_ != NULL) { service_->Stop(); delete service_; service_ = NULL; } // CleanupProcessLst(); CleanupFileLst(); BSONE_DEBUG(_T("end\n")); return BS1FLT_STATUS_SUCCESS; } BS1FLT_API DWORD WINAPI Bs1fltInit(LPCWSTR lpcPath, fpCallBack logcb, fpCallBack opencb) { char logfile[1024] = { 0, }; string log_path; WCHAR syspath[1024] = { 0, }; DWORD state = BS1FLT_STATUS_SUCCESS; CLocalConf localconf; BSONE_DEBUGA("start!!"); GetModuleFileNameW(NULL, s_wzDllPath, ARRAYSIZE(s_wzDllPath)); WCHAR* ptr = wcsrchr(s_wzDllPath, L'\\'); if (!ptr) return 99; *ptr = '\0'; //if (!IsWow64()) //{ // StringCbPrintfW(syspath, sizeof(syspath), L"%s\\%s_x86.sys", lpcPath, DRIVERNAME); //} //else //{ StringCbPrintfW(syspath, sizeof(syspath), L"%s\\%s_x64.sys", lpcPath, DRIVERNAME); //} convert_unicode_to_ansi_string(s_current_path_, s_wzDllPath, wcslen(s_wzDllPath)); localconf.GetConfig(s_current_path_.c_str(), GetCurrentProcessId()); BSONE_DEBUG(L"syspath(%s)\n", syspath); service_ = new CServiceControl(syspath, DRIVERNAME); if (service_ == NULL) { BSONE_DEBUG(_T("service new fail\n")); state = 100; goto $cleanup; } interface_ = new CInterface; if (interface_ == NULL) { BSONE_DEBUG(_T("interface new fail\n")); state = 101; goto $cleanup; } service_->AcquirePrivilege(L"SeDebugPrivilege"); if (!interface_->Init()) { BSONE_DEBUG(L"interface init Fail GE(%d)\n", GetLastError()); state = 102; goto $cleanup; } BSONE_DEBUG(L"step 1.0\n"); if (!interface_->OpenEx(BS1FLT_PORTNAME)) { /// 드라이버 설치 DWORD status = 0; status = service_->Install(SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START); if (status != ERROR_SUCCESS && status != ERROR_SERVICE_EXISTS) { BSONE_DEBUG(_T("driver install fail %d\n"), status); //state = 103; goto $cleanup; } BSONE_DEBUG(L"step 1.1\n"); /// 미니 필터 설정 status = service_->SetMiniFltSetting(ALTITUDE_NAME, ALTITUDE, 0, localconf.bs1fltkernel); if (status != ERROR_SUCCESS) { BSONE_DEBUG(_T("SetMiniFltSeting status(%d)\n"), status); //state = 104; goto $cleanup; } // 드라이버 로드 status = service_->Start(); if (status != ERROR_SUCCESS && status != 0x420) { BSONE_DEBUG(_T("service start status(%x)\n"), status); //state = 105; goto $cleanup; } status = 0; BSONE_DEBUG(L"step 1.2\n"); if (!interface_->OpenEx(BS1FLT_PORTNAME)) { BSONE_DEBUG(_T("driver open fail (%x)\n"), status); state = 106; goto $cleanup; } BSONE_DEBUG(L"step 1.3\n"); } else { service_->SetMiniFltSetting(ALTITUDE_NAME, ALTITUDE, 0, localconf.bs1fltkernel); } report_ = new CReporter(s_wzDllPath, logcb); if (!report_) { BSONE_DEBUG(_T("report_ alloc fail ge(%d)\n"), GetLastError()); state = 107; goto $cleanup; } if (!report_->Init()) { BSONE_DEBUG(_T("report_ init fail\n")); state = 108; goto $cleanup; } if (service_->GetRegProcessCreate()) { BSONE_DEBUG(L"RegProcessCreate!!"); interface_->StartGetMessageThread(100, TRUE, opencb, TRUE); } state = BS1FLT_STATUS_SUCCESS; return state; $cleanup: Bs1fltCleanup(); return state; } BS1FLT_API DWORD WINAPI Bs1fltBegin(DWORD bIsBegin) { if (interface_ == NULL) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->StartAndStop(bIsBegin) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltDebug(ULONG flag) { if (interface_ == NULL) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->Debug(flag) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltStartShareWatch(DWORD watch) { if (interface_ == NULL) return BS1FLT_STATUS_UNSUCCESSFUL; if (watch) InitFileLst(); else CleanupFileLst(); return interface_->SetShareWatch(watch) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltSetPath(DWORD dwType, LPCWSTR lpcwPath) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->SetProtectPath(dwType, (WCHAR*)lpcwPath, wcslen(lpcwPath) * sizeof(WCHAR)) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltDelPath(DWORD dwType, LPCWSTR lpcwPath) { LPCWSTR lpath = NULL; DWORD len = 0; if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; if (lpcwPath == NULL || lpcwPath[0] == 0) { } else { lpath = lpcwPath; len = (DWORD)wcslen(lpath) * (DWORD)sizeof(WCHAR); } return interface_->DelProtectPath(dwType, (WCHAR*)lpath, len) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltSetFileName(DWORD dwType, LPCWSTR lpcwPath) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->SetFileName(dwType, (WCHAR*)lpcwPath, wcslen(lpcwPath) * sizeof(WCHAR)) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltSetPid(DWORD dwType, DWORD dwPid) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->SetPid(dwType, dwPid) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltDelPid(DWORD dwPid) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->RemovePid(dwPid) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltSetProcessPath(DWORD dwType, LPCWSTR lpcwPath) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->SetProcessPath(dwType, (WCHAR*)lpcwPath, wcslen(lpcwPath) * sizeof(WCHAR)) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltDelProcessPath(DWORD dwType, LPCWSTR lpcwPath) { LPCWSTR lpath = NULL; DWORD len = 0; if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; if (lpcwPath == NULL || lpcwPath[0] == 0) { } else { lpath = lpcwPath; len = (DWORD)wcslen(lpath) * (DWORD)sizeof(WCHAR); } return interface_->DelProcessPath(dwType, (WCHAR*)lpath, len) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltFolderProtectControl(DWORD enable) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->SetFolderProtect(enable) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltDeleteFile(LPWSTR path) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->SetDeleteFile(path) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltTerminateProcess(DWORD pid) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->SetTerminiateProcess(pid) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltSetHook(DWORD type, DWORD enable) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->SetHook(type, enable) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltSetDeviceProtect(DWORD enable) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; BSONE_DEBUG(_T("enable(%d)\n"), enable); return interface_->SetDeviceProtect(enable) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltSetUsbException(LPCWSTR vid, LPCWSTR pid, LPCWSTR productrevisionlevel, LPCWSTR vendorspecific) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->SetUsbDiskException(STATE_SET, vid, pid, productrevisionlevel, vendorspecific) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltDelUsbException(LPCWSTR vid, LPCWSTR pid, LPCWSTR productrevisionlevel, LPCWSTR vendorspecific) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->SetUsbDiskException(STATE_DEL, vid, pid, productrevisionlevel, vendorspecific) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltClearUsbException() { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->SetUsbDiskException(STATE_CLEAR, NULL, NULL, NULL, NULL) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltSetPolicy(DWORD devcie_type, DWORD state, DWORD islog) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; BSONE_DEBUG(_T("devcie_type(%x), state(%x), islog(%x)\n"), devcie_type, state, islog); return interface_->SetPolicy((enum_devicetype)devcie_type, (enum_devicestate)state, islog) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltProcessProtect(DWORD enable) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; BSONE_DEBUG(_T("enable(%d)\n"), enable); return interface_->SetProcessProtect(enable) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltSetProcessProtectName(LPCWSTR name) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; BSONE_DEBUG(_T("name(%s)\n"), name); return interface_->SetProcessProtectName(PG_PID_PROTECT, name) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltDelProcessProtectName(LPCWSTR name) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; BSONE_DEBUG(_T("name(%s)\n"), name); return interface_->DelProcessProtectName(PG_PID_PROTECT, name) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltSetProcessProtectId(DWORD pid) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; BSONE_DEBUG(_T("pid(%d)\n"), pid); return interface_->SetProcessProtectId(PG_PID_PROTECT, pid) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltDelProcessProtectId(DWORD pid) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; BSONE_DEBUG(_T("pid(%d)\n"), pid); return interface_->DelProcessProtectId(PG_PID_PROTECT, pid) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltSetRegProtect(DWORD enable) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; BSONE_DEBUG(_T("enable(%d)\n"), enable); return interface_->SetRegProtect(enable) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltSetRegProtectName(LPCWSTR regkey) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; BSONE_DEBUG(_T("regkey(%s)\n"), regkey); return interface_->SetRegProtectName(regkey) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltDelRegProtectName(LPCWSTR regkey) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; BSONE_DEBUG(_T("regkey(%s)\n"), regkey); return interface_->DelRegProtectName(regkey) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltSetUsbPortException(DWORD vid, DWORD pid, DWORD bcddevice, LPCWSTR serial) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->SetUsbPortException(STATE_SET, vid, pid, bcddevice, serial) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltDelUsbPortException(DWORD vid, DWORD pid, DWORD bcddevice, LPCWSTR serial) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->SetUsbPortException(STATE_DEL, vid, pid, bcddevice, serial) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } BS1FLT_API DWORD WINAPI Bs1fltSetLogType(DWORD type) { if (!interface_) return BS1FLT_STATUS_UNSUCCESSFUL; return interface_->SetLogtype(type) ? BS1FLT_STATUS_SUCCESS : BS1FLT_STATUS_UNSUCCESSFUL; } //