hello,
i analysis the new version of the filemon and find that it hide the
drivers in the resource of the exe file,and load it dynamic when it runs,i
want to know how to do this,or give me some advice.
thanks
regards
ding hao
ÓëÁª»úµÄÅóÓѽøÐн»Á÷£¬ÇëʹÓà MSN Messenger: http://messenger.msn.com/cn
Open your user mode application’s resource file in Visual Studio IDE. Select
add resource and choose import. Point it to the binary you want to add in
the resource file. Once the binary is selected, it will ask you the resource
file, specify anything like bin, binary etc. This will add the particular
binary file in your .rc file.Compile the user mode application and it now
has your driver binary in its resources.
To extract, do a LoadResource for the binary resource and then do a
LockResource. LockResource will return the address of first byte of the
binary data of the file. After that do a “SizeofResource” to get the size of
the binary resource. After this you simply have to create a temporary file
in binary mode using fopen or CreateFile and write the number of bytes
returned by SizeOfResource starting from the address returned by
LockResource.
This will create your driver binary. After this do a CreateService on it to
install the driver dynamically and then do a StartService to start it. If
you want to Delete the this driver binary after the driver is stopped, then
call DeleteFile on it. Calling DeleteFile will make sure that once your
driver is unloaded, its binary is deleted.
–
Pankaj Garg
This posting is provided “AS IS” with no warranties and confers no rights.
“shark marian” wrote in message
news:xxxxx@ntfsd…
> hello,
> i analysis the new version of the filemon and find that it hide the
> drivers in the resource of the exe file,and load it dynamic when it runs,i
> want to know how to do this,or give me some advice.
> thanks
> regards
> ding hao
>
> _________________________________________________________________
> ÓëÁª»úµÄÅóÓѽøÐн»Á÷£¬ÇëʹÓà MSN Messenger: http://messenger.msn.com/cn
>
>
I would just do a delete of the file, either with DeleteFile or an open with
‘delete on close’ option after the driver has started. This will keep the
driver from being present if the system crashes or someone reboots during
this program’s execution. However, it is only a simple solution and not
secure. You should only use it to ensure that the executable and driver are
compatible. If you use Norton’s SystemsWorks and its recycle bin, the
driver can be retrieved from it after the program has finished. You can
also use a utility to extract resources from an executable.
You will need to be an administrator to use the ‘driver as resource’
technique.
“Pankaj Garg” wrote in message
news:xxxxx@ntfsd…
> Open your user mode application’s resource file in Visual Studio IDE.
> Select
> add resource and choose import. Point it to the binary you want to add in
> the resource file. Once the binary is selected, it will ask you the
> resource
> file, specify anything like bin, binary etc. This will add the particular
> binary file in your .rc file.Compile the user mode application and it now
> has your driver binary in its resources.
>
> To extract, do a LoadResource for the binary resource and then do a
> LockResource. LockResource will return the address of first byte of the
> binary data of the file. After that do a “SizeofResource” to get the size
> of
> the binary resource. After this you simply have to create a temporary file
> in binary mode using fopen or CreateFile and write the number of bytes
> returned by SizeOfResource starting from the address returned by
> LockResource.
>
> This will create your driver binary. After this do a CreateService on it
> to
> install the driver dynamically and then do a StartService to start it. If
> you want to Delete the this driver binary after the driver is stopped,
> then
> call DeleteFile on it. Calling DeleteFile will make sure that once your
> driver is unloaded, its binary is deleted.
>
> –
> Pankaj Garg
> This posting is provided “AS IS” with no warranties and confers no rights.
>
>
> “shark marian” wrote in message
> news:xxxxx@ntfsd…
>> hello,
>> i analysis the new version of the filemon and find that it hide the
>> drivers in the resource of the exe file,and load it dynamic when it
>> runs,i
>> want to know how to do this,or give me some advice.
>> thanks
>> regards
>> ding hao
>>
>> _________________________________________________________________
>> ÓëÁª»úµÄÅóÓѽøÐн»Á÷£¬ÇëʹÓà MSN Messenger: http://messenger.msn.com/cn
>>
>>
>
>
>
I don’t know which environment you use.
In Visual Studio, you may import
every binary file into the resources,
using right click on the resource
window and select “Import”.
In the application, use
FindResource\LockResource\SizeofResource
to manipulate with it.
L.
hello,
thanks for your answer.
but someone tell me the driver must be able to dynamic loading? Is that
right?
i do not what is the meaning,and how to make the driver dynamic
loadable?
could someone give me a sample code?
regards
ding hao
ÓëÁª»úµÄÅóÓѽøÐн»Á÷£¬ÇëʹÓà MSN Messenger: http://messenger.msn.com/cn
Create a legacy nt4 style device driver and from user mode use CreateService
to install it dynamically. The “Event” sample in DDK is a dynamically
loadable driver.
“shark marian” wrote in message
news:xxxxx@ntfsd…
> hello,
> thanks for your answer.
> but someone tell me the driver must be able to dynamic loading? Is that
> right?
> i do not what is the meaning,and how to make the driver dynamic
> loadable?
> could someone give me a sample code?
> regards
> ding hao
>
> _________________________________________________________________
> ÓëÁª»úµÄÅóÓѽøÐн»Á÷£¬ÇëʹÓà MSN Messenger: http://messenger.msn.com/cn
>
>