ScDetective驱动

界面开发：VS2008 MFC

驱动开发：VS2005 ddkwizard

DDK版本：7600.16385.1

调试工具：Windbg VirtualKD VMware

测试版本：xpsp3 windows7

完成时间：2010.12

软件作者：kedebug sunweiqq@gmail.com

驱动包括6大模块：

1、SSDT/ShadowSSDT检测与恢复模块

2、活动进程信息检测与判别模块

3、驱动模块检测与判别模块

4、HookEngine? 模块（部分代码逆向自cnnic流氓驱动）

5、自我保护模块（借鉴FUTo rootkit，采用了大量而又肮脏DKOM技术）

6、文件过滤模块（基于微软sfilter库）（雏形）

// Page1.cpp : 实现文件
//

#include “stdafx.h“
#include “Page1.h“
#include “ScDetective.h“
#include 

extern CDriver theDriver;
extern CStatic* theStatus;

// CPage1 对话框

IMPLEMENT_DYNAMIC（CPage1 CDialog）

CPage1::CPage1（CWnd* pParent /*=NULL*/）
: CDialog（CPage1::IDD pParent）
{
    pSsdtName = NULL;
    pSsdtNativeAddress = NULL;
    NumOfFunName = 0;
    NumOfNativeAddress = 0;
    memset（StatusBuffer 0 128 * 2）;
    pSsdtName = GetSsdtNativeFunNames（&NumOfFunName）;
    pSsdtNativeAddress = GetSsdtNativeFunAddresses（&NumOfNativeAddress）;
}

CPage1::~CPage1（）
{
    if （pSsdtNativeAddress）  GlobalFree（pSsdtNativeAddress）;
    if （pSsdtName）  GlobalFree（pSsdtName）;
}

void CPage1::DoDataExchange（CDataExchange* pDX）
{
    CDialog::DoDataExchange（pDX）;
    DDX_Control（pDX IDC_LIS

 属性            大小     日期    时间   名称
----------- ---------  ---------- -----  ----
     目录           0  2014-04-18 07:56  ScDetective-master\
     目录           0  2014-04-18 07:56  ScDetective-master\Common\
     文件        1778  2014-04-18 07:56  ScDetective-master\Common\DataStruct.h
     文件        1930  2014-04-18 07:56  ScDetective-master\Common\IoControlCmd.h
     文件         798  2014-04-18 07:56  ScDetective-master\Common\MajorFunctionName.h
     文件       23021  2014-04-18 07:56  ScDetective-master\Common\VistaShadowSSDT.h
     文件       19177  2014-04-18 07:56  ScDetective-master\Common\W2K3ShadowSSDT.h
     文件       34052  2014-04-18 07:56  ScDetective-master\Common\W2KShadowSSDT.h
     文件       24969  2014-04-18 07:56  ScDetective-master\Common\Win7ShadowSSDT.h
     文件       19203  2014-04-18 07:56  ScDetective-master\Common\XPShadowSSDT.h
     文件         491  2014-04-18 07:56  ScDetective-master\Common\ring3common.h
     文件        1878  2014-04-18 07:56  ScDetective-master\README.md
     目录           0  2014-04-18 07:56  ScDetective-master\ScDetective\
     文件         879  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective.sln
     目录           0  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\
     目录           0  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\Function\
     目录           0  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\Function\Driver\
     文件        5301  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\Function\Driver\Driver.cpp
     文件        1262  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\Function\Driver\Driver.h
     目录           0  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\Function\File\
     文件        4621  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\Function\File\File.cpp
     文件         524  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\Function\File\File.h
     目录           0  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\Function\OS\
     文件        4861  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\Function\OS\OS.cpp
     文件         462  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\Function\OS\OS.h
     目录           0  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\Function\PE\
     文件        3668  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\Function\PE\PE.cpp
     文件         443  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\Function\PE\PE.h
     目录           0  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\Function\module\
     文件        6312  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\Function\module\Module.cpp
     文件         579  2014-04-18 07:56  ScDetective-master\ScDetective\ScDetective\Function\module\Module.h
............此处省略105个文件信息