Delphi版驱动进ring0代码-编程技术-看雪-安全社区|安全招聘|kanxue.com

Delphi版驱动进ring0代码

2005-4-18 14:51 9280

Delphi版驱动进ring0代码

kongfoo

2005-4-18 14:51

9280

附件中包含全部源码及使用示例。

unit miniDriver;
//kongfoo/2005.4.16

interface

uses
  Windows, WinSvc, SysUtils;

type
  aCallGate = packed record
aDword : Dword;
aWord : Word;
  end;

var
  NewCallGate : aCallGate;

  //this driver is from MGF
  drvFile : array [0..$5FF] of byte =
  (
  $4D,$5A,$90,$00,$03,$00,$00,$00,$04,$00,$00,$00,$FF,$FF,$00,$00,
  $B8,$00,$00,$00,$00,$00,$00,$00,$40,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$A8,$00,$00,$00,
  $0E,$1F,$BA,$0E,$00,$B4,$09,$CD,$21,$B8,$01,$4C,$CD,$21,$54,$68,
  $69,$73,$20,$70,$72,$6F,$67,$72,$61,$6D,$20,$63,$61,$6E,$6E,$6F,
  $74,$20,$62,$65,$20,$72,$75,$6E,$20,$69,$6E,$20,$44,$4F,$53,$20,
  $6D,$6F,$64,$65,$2E,$0D,$0D,$0A,$24,$00,$00,$00,$00,$00,$00,$00,
  $5D,$17,$1D,$DB,$19,$76,$73,$88,$19,$76,$73,$88,$19,$76,$73,$88,
  $E5,$56,$61,$88,$18,$76,$73,$88,$52,$69,$63,$68,$19,$76,$73,$88,
  $00,$00,$00,$00,$00,$00,$00,$00,$50,$45,$00,$00,$4C,$01,$02,$00,
  $91,$C8,$2B,$42,$00,$00,$00,$00,$00,$00,$00,$00,$E0,$00,$0E,$01,
  $0B,$01,$05,$0C,$00,$02,$00,$00,$00,$02,$00,$00,$00,$00,$00,$00,
  $00,$10,$00,$00,$00,$10,$00,$00,$00,$20,$00,$00,$00,$00,$40,$00,
  $00,$10,$00,$00,$00,$02,$00,$00,$04,$00,$00,$00,$00,$00,$00,$00,
  $04,$00,$00,$00,$00,$00,$00,$00,$00,$30,$00,$00,$00,$02,$00,$00,
  $A9,$75,$00,$00,$02,$00,$00,$20,$00,$00,$10,$00,$00,$10,$00,$00,
  $00,$00,$10,$00,$00,$10,$00,$00,$00,$00,$00,$00,$10,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$20,$00,$00,$08,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $2E,$74,$65,$78,$74,$00,$00,$00,$4C,$00,$00,$00,$00,$10,$00,$00,
  $00,$02,$00,$00,$00,$02,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$20,$00,$00,$60,$2E,$72,$65,$6C,$6F,$63,$00,$00,
  $0C,$00,$00,$00,$00,$20,$00,$00,$00,$02,$00,$00,$00,$04,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$40,$00,$00,$42,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $90,$90,$90,$90,$9C,$60,$52,$0F,$01,$44,$24,$FE,$5A,$8B,$C2,$B9,
  $E0,$03,$00,$00,$81,$7C,$11,$02,$E8,$03,$00,$EC,$74,$27,$C6,$02,
  $C3,$66,$89,$04,$11,$C1,$E8,$10,$66,$89,$44,$11,$06,$C7,$44,$11,
  $02,$E8,$03,$00,$EC,$C7,$44,$11,$08,$FF,$FF,$00,$00,$C7,$44,$11,
  $0C,$00,$9A,$CF,$00,$61,$9D,$33,$C0,$C2,$08,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$08,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,
  $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
  );

  procedure ExtractTheDriver;
  procedure LoadService;

implementation

procedure LoadService;
var hSCM,hSvc:SC_HANDLE;
begin
  NewCallGate.aDword:=0;
  NewCallGate.aWord:=$3e3;
  hSCM:=OpenSCManager(0,0,SC_MANAGER_CREATE_SERVICE);
  hSvc:=CreateService(hSCM,'Matrix1.0','Matrix service 1.0',$00010030,1,3,0,
                  PChar(ExtractFilePath(GetModuleName(0))+'Matrix.sys'),
                  0,0,0,0,0);//00010030=SERVICE_START OR SERVICE_STOP OR DELETE
  if GetLastError=ERROR_SERVICE_EXISTS then
  begin
hSvc:=OpenService(hSCM,'Matrix1.0',SERVICE_ALL_ACCESS);
DeleteService(hSvc);
CloseServiceHandle(hSvc);
hSvc:=CreateService(hSCM,'Matrix1.0','Matrix service 1.0',$00010030,1,3,0,
                     PChar(ExtractFilePath(GetModuleName(0))+'Matrix.sys'),0,0,0,0,0);
  end;
  asm
push 0
push 0
push hSvc
call StartService
  end;
  DeleteService(hSvc);
  CloseServiceHandle(hSvc);
  CloseServiceHandle(hSCM);
  DeleteFile('Matrix.sys');
end;

procedure ExtractTheDriver;
var hFile:THandle;
rtn:dword;
begin
  hFile:=CreateFile(PChar(ExtractFilePath(GetModuleName(0))+'Matrix.sys'),
                  GENERIC_WRITE,FILE_SHARE_WRITE,nil,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0);
  WriteFile(hFile,drvFile,$600,rtn,0);
  CloseHandle(hFile);
end;

end.

附件:driver.rar

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・1

点赞・7

打赏

最新回复 (14)
netsowell 雪币： 340 活跃值： (323) 能力值： ( LV9，RANK：450 ) 在线值：发帖 77 回帖 551 粉丝 5 关注私信	netsowell 11 2005-4-18 16:23 2 楼 0 好文啊....
hefei2 雪币： 223 能力值： (RANK：130 ) 在线值：发帖 10 回帖 77 粉丝 0 关注私信	hefei2 3 2005-4-18 17:01 3 楼 0 哪位大哥能解释一下啊
datm 雪币： 209 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 106 粉丝 1 关注私信	datm 2005-4-18 19:01 4 楼 0 一大堆DB，实在是看不懂，楼主解释一下吧
softworm 雪币： 494 活跃值： (629) 能力值： ( LV9，RANK：1210 ) 在线值：发帖 57 回帖 1043 粉丝 11 关注私信	softworm 30 2005-4-18 20:25 5 楼 0 大堆DB是个编译好的驱动程序, 作用是创建调用门
kongfoo 雪币： 369 活跃值： (790) 能力值： ( LV12，RANK：570 ) 在线值：发帖 28 回帖 161 粉丝 1 关注私信	kongfoo 14 2005-4-19 08:09 6 楼 0 最初由 softworm 发布大堆DB是个编译好的驱动程序, 作用是创建调用门 YES :)
jims 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 14 粉丝 0 关注私信	jims 2005-4-19 17:36 7 楼 0 ExtractTheDriver; LoadService; asm mov dx, $61 mov al, $FF out dx, al end; MessageBox(0,'see the new call gate use IceSword please :)','info...',0); ExitProcess(1); winxp sp2可否？
凌晨雪币： 201 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 33 粉丝 0 关注私信	凌晨 2005-4-20 01:23 8 楼 0 好文。
kongfoo 雪币： 369 活跃值： (790) 能力值： ( LV12，RANK：570 ) 在线值：发帖 28 回帖 161 粉丝 1 关注私信	kongfoo 14 2005-4-20 08:17 9 楼 0 我的XP没打过SP，不清楚SP2下面的情况
xIkUg 雪币： 116 活跃值： (220) 能力值： ( LV12，RANK：370 ) 在线值：发帖 27 回帖 679 粉丝 4 关注私信	xIkUg 9 2005-4-20 09:03 10 楼 0 看看。。。
xIkUg 雪币： 116 活跃值： (220) 能力值： ( LV12，RANK：370 ) 在线值：发帖 27 回帖 679 粉丝 4 关注私信	xIkUg 9 2005-4-20 09:08 11 楼 0 Matrix.sys不是delphi编的 delphi只是调用一下
netsowell 雪币： 340 活跃值： (323) 能力值： ( LV9，RANK：450 ) 在线值：发帖 77 回帖 551 粉丝 5 关注私信	netsowell 11 2005-4-20 11:40 12 楼 0 最初由 xIkUg 发布 Matrix.sys不是delphi编的 delphi只是调用一下直接用delphi写.sys好象不容易啊.
bjork 雪币： 206 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 52 粉丝 0 关注私信	bjork 2005-4-20 20:40 13 楼 0 SO GOOD
Pr0Zel 雪币： 288 活跃值： (415) 能力值： ( LV9，RANK：290 ) 在线值：发帖 37 回帖 384 粉丝 0 关注私信	Pr0Zel 7 2005-4-21 01:13 14 楼 0 哪位高人可以把DB转回ASM啊(这个是可能的吗?)
kongfoo 雪币： 369 活跃值： (790) 能力值： ( LV12，RANK：570 ) 在线值：发帖 28 回帖 161 粉丝 1 关注私信	kongfoo 14 2005-4-21 08:03 15 楼 0 用百度搜一下，这个驱动的源码是有的 :)
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复

kongfoo

发帖

161

回帖

570

RANK

关注

私信

他的文章

[原创]简单字符串加解密函数提取

[原创]补区段工具

OD plugin-DelphiHelper test

Crack的思想解决程序开发问题

关于我们

联系我们

企业服务

看雪公众号

最新回复 (14)
netsowell 雪币： 340 活跃值： (323) 能力值： ( LV9，RANK：450 ) 在线值：发帖 77 回帖 551 粉丝 5 关注私信	netsowell 11 2005-4-18 16:23 2 楼 0 好文啊....
hefei2 雪币： 223 能力值： (RANK：130 ) 在线值：发帖 10 回帖 77 粉丝 0 关注私信	hefei2 3 2005-4-18 17:01 3 楼 0 哪位大哥能解释一下啊
datm 雪币： 209 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 106 粉丝 1 关注私信	datm 2005-4-18 19:01 4 楼 0 一大堆DB，实在是看不懂，楼主解释一下吧
softworm 雪币： 494 活跃值： (629) 能力值： ( LV9，RANK：1210 ) 在线值：发帖 57 回帖 1043 粉丝 11 关注私信	softworm 30 2005-4-18 20:25 5 楼 0 大堆DB是个编译好的驱动程序, 作用是创建调用门
kongfoo 雪币： 369 活跃值： (790) 能力值： ( LV12，RANK：570 ) 在线值：发帖 28 回帖 161 粉丝 1 关注私信	kongfoo 14 2005-4-19 08:09 6 楼 0 最初由 softworm 发布大堆DB是个编译好的驱动程序, 作用是创建调用门 YES :)
jims 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 14 粉丝 0 关注私信	jims 2005-4-19 17:36 7 楼 0 ExtractTheDriver; LoadService; asm mov dx, $61 mov al, $FF out dx, al end; MessageBox(0,'see the new call gate use IceSword please :)','info...',0); ExitProcess(1); winxp sp2可否？
凌晨雪币： 201 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 33 粉丝 0 关注私信	凌晨 2005-4-20 01:23 8 楼 0 好文。
kongfoo 雪币： 369 活跃值： (790) 能力值： ( LV12，RANK：570 ) 在线值：发帖 28 回帖 161 粉丝 1 关注私信	kongfoo 14 2005-4-20 08:17 9 楼 0 我的XP没打过SP，不清楚SP2下面的情况
xIkUg 雪币： 116 活跃值： (220) 能力值： ( LV12，RANK：370 ) 在线值：发帖 27 回帖 679 粉丝 4 关注私信	xIkUg 9 2005-4-20 09:03 10 楼 0 看看。。。
xIkUg 雪币： 116 活跃值： (220) 能力值： ( LV12，RANK：370 ) 在线值：发帖 27 回帖 679 粉丝 4 关注私信	xIkUg 9 2005-4-20 09:08 11 楼 0 Matrix.sys不是delphi编的 delphi只是调用一下
netsowell 雪币： 340 活跃值： (323) 能力值： ( LV9，RANK：450 ) 在线值：发帖 77 回帖 551 粉丝 5 关注私信	netsowell 11 2005-4-20 11:40 12 楼 0 最初由 xIkUg 发布 Matrix.sys不是delphi编的 delphi只是调用一下直接用delphi写.sys好象不容易啊.
bjork 雪币： 206 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 52 粉丝 0 关注私信	bjork 2005-4-20 20:40 13 楼 0 SO GOOD
Pr0Zel 雪币： 288 活跃值： (415) 能力值： ( LV9，RANK：290 ) 在线值：发帖 37 回帖 384 粉丝 0 关注私信	Pr0Zel 7 2005-4-21 01:13 14 楼 0 哪位高人可以把DB转回ASM啊(这个是可能的吗?)
kongfoo 雪币： 369 活跃值： (790) 能力值： ( LV12，RANK：570 ) 在线值：发帖 28 回帖 161 粉丝 1 关注私信	kongfoo 14 2005-4-21 08:03 15 楼 0 用百度搜一下，这个驱动的源码是有的 :)
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复