2 // Copyright (C) 2011 Suguru Kawamoto
\r
3 //
\83v
\83\8d\83Z
\83X
\82Ì
\95Û
\8cì
\r
5 #ifndef __PROTECTPROCESS_H__
\r
6 #define __PROTECTPROCESS_H__
\r
8 #define ENABLE_PROCESS_PROTECTION
\r
10 //
\8e\9f\82Ì
\92\86\82©
\82ç1
\8cÂ
\82Ì
\82Ý
\97L
\8cø
\82É
\82·
\82é
\r
11 //
\83t
\83b
\83N
\90æ
\82Ì
\8aÖ
\90\94\82Ì
\83R
\81[
\83h
\82ð
\8f\91\82«
\8a·
\82¦
\82é
\r
12 //
\91S
\82Ä
\82Ì
\8cÄ
\82Ñ
\8fo
\82µ
\82ð
\83t
\83b
\83N
\89Â
\94\
\82¾
\82ª
\8c´
\97\9d\93I
\82É
\93ñ
\8fd
\8cÄ
\82Ñ
\8fo
\82µ
\82É
\91Î
\89\9e\82Å
\82«
\82È
\82¢
\r
13 #define USE_CODE_HOOK
\r
14 //
\83t
\83b
\83N
\90æ
\82Ì
\8aÖ
\90\94\82Ì
\83C
\83\93\83|
\81[
\83g
\83A
\83h
\83\8c\83X
\83e
\81[
\83u
\83\8b\82ð
\8f\91\82«
\8a·
\82¦
\82é
\r
15 //
\93ñ
\8fd
\8cÄ
\82Ñ
\8fo
\82µ
\82ª
\89Â
\94\
\82¾
\82ª
\8cÄ
\82Ñ
\8fo
\82µ
\95û
\96@
\82É
\82æ
\82Á
\82Ä
\82Í
\83t
\83b
\83N
\82ð
\89ñ
\94ð
\82³
\82ê
\82é
\r
16 //#define USE_IAT_HOOK
\r
18 typedef HMODULE (WINAPI* _LoadLibraryA)(LPCSTR);
\r
19 typedef HMODULE (WINAPI* _LoadLibraryW)(LPCWSTR);
\r
20 typedef HMODULE (WINAPI* _LoadLibraryExA)(LPCSTR, HANDLE, DWORD);
\r
21 typedef HMODULE (WINAPI* _LoadLibraryExW)(LPCWSTR, HANDLE, DWORD);
\r
23 #ifndef DO_NOT_REPLACE
\r
27 //
\95Ï
\90\94\82Ì
\90é
\8c¾
\r
28 #define EXTERN_HOOK_FUNCTION_VAR(name) extern _##name p_##name;
\r
31 #define LoadLibraryA p_LoadLibraryA
\r
32 EXTERN_HOOK_FUNCTION_VAR(LoadLibraryA)
\r
34 #define LoadLibraryW p_LoadLibraryW
\r
35 EXTERN_HOOK_FUNCTION_VAR(LoadLibraryW)
\r
36 #undef LoadLibraryExA
\r
37 #define LoadLibraryExA p_LoadLibraryExA
\r
38 EXTERN_HOOK_FUNCTION_VAR(LoadLibraryExA)
\r
39 #undef LoadLibraryExW
\r
40 #define LoadLibraryExW p_LoadLibraryExW
\r
41 EXTERN_HOOK_FUNCTION_VAR(LoadLibraryExW)
\r
47 //
\83\8d\81[
\83h
\8dÏ
\82Ý
\82Ì
\83\82\83W
\83\85\81[
\83\8b\82Í
\8c\9f\8d¸
\82ð
\83p
\83X
\r
48 #define PROCESS_PROTECTION_LOADED 0x00000001
\r
49 //
\83\82\83W
\83\85\81[
\83\8b\82É
\96\84\82ß
\8d\9e\82Ü
\82ê
\82½Authenticode
\8f\90\96¼
\82ð
\8c\9f\8d¸
\r
50 #define PROCESS_PROTECTION_BUILTIN 0x00000002
\r
51 //
\83T
\83C
\83h
\83o
\83C
\83T
\83C
\83h
\82ÌAuthenticode
\8f\90\96¼
\82ð
\8c\9f\8d¸
\r
52 #define PROCESS_PROTECTION_SIDE_BY_SIDE 0x00000004
\r
53 // WFP
\82É
\82æ
\82é
\95Û
\8cì
\89º
\82É
\82 \82é
\82©
\82ð
\8c\9f\8d¸
\r
54 #define PROCESS_PROTECTION_SYSTEM_FILE 0x00000008
\r
55 // Authenticode
\8f\90\96¼
\82Ì
\97L
\8cø
\8aú
\8cÀ
\82ð
\96³
\8e\8b\r
56 #define PROCESS_PROTECTION_EXPIRED 0x00000010
\r
57 // Authenticode
\8f\90\96¼
\82Ì
\94
\8ds
\8c³
\82ð
\96³
\8e\8b\r
58 #define PROCESS_PROTECTION_UNAUTHORIZED 0x00000020
\r
60 #define PROCESS_PROTECTION_NONE 0
\r
61 #define PROCESS_PROTECTION_DEFAULT PROCESS_PROTECTION_HIGH
\r
62 #define PROCESS_PROTECTION_HIGH (PROCESS_PROTECTION_BUILTIN | PROCESS_PROTECTION_SIDE_BY_SIDE | PROCESS_PROTECTION_SYSTEM_FILE)
\r
63 #define PROCESS_PROTECTION_MEDIUM (PROCESS_PROTECTION_HIGH | PROCESS_PROTECTION_LOADED | PROCESS_PROTECTION_EXPIRED)
\r
64 #define PROCESS_PROTECTION_LOW (PROCESS_PROTECTION_MEDIUM | PROCESS_PROTECTION_UNAUTHORIZED)
\r
66 HMODULE System_LoadLibrary(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags);
\r
67 void SetProcessProtectionLevel(DWORD Level);
\r
68 BOOL GetSHA1HashOfFile(LPCWSTR Filename, void* pHash);
\r
69 BOOL RegisterTrustedModuleSHA1Hash(void* pHash);
\r
70 BOOL UnregisterTrustedModuleSHA1Hash(void* pHash);
\r
71 BOOL UnloadUntrustedModule();
\r
72 BOOL InitializeLoadLibraryHook();
\r
73 BOOL EnableLoadLibraryHook(BOOL bEnable);
\r
74 BOOL RestartProtectedProcess(LPCTSTR Keyword);
\r