2 // Copyright (C) 2011 Suguru Kawamoto
3 //
\83v
\83\8d\83Z
\83X
\82Ì
\95Û
\8cì
5 #ifndef __PROTECTPROCESS_H__
6 #define __PROTECTPROCESS_H__
8 #define ENABLE_PROCESS_PROTECTION
10 //
\8e\9f\82Ì
\92\86\82©
\82ç1
\8cÂ
\82Ì
\82Ý
\97L
\8cø
\82É
\82·
\82é
11 //
\83t
\83b
\83N
\90æ
\82Ì
\8aÖ
\90\94\82Ì
\83R
\81[
\83h
\82ð
\8f\91\82«
\8a·
\82¦
\82é
12 //
\91S
\82Ä
\82Ì
\8cÄ
\82Ñ
\8fo
\82µ
\82ð
\83t
\83b
\83N
\89Â
\94\
\82¾
\82ª
\8c´
\97\9d\93I
\82É
\93ñ
\8fd
\8cÄ
\82Ñ
\8fo
\82µ
\82É
\91Î
\89\9e\82Å
\82«
\82È
\82¢
14 //
\83t
\83b
\83N
\90æ
\82Ì
\8aÖ
\90\94\82Ì
\83C
\83\93\83|
\81[
\83g
\83A
\83h
\83\8c\83X
\83e
\81[
\83u
\83\8b\82ð
\8f\91\82«
\8a·
\82¦
\82é
15 //
\93ñ
\8fd
\8cÄ
\82Ñ
\8fo
\82µ
\82ª
\89Â
\94\
\82¾
\82ª
\8cÄ
\82Ñ
\8fo
\82µ
\95û
\96@
\82É
\82æ
\82Á
\82Ä
\82Í
\83t
\83b
\83N
\82ð
\89ñ
\94ð
\82³
\82ê
\82é
16 //#define USE_IAT_HOOK
18 typedef HMODULE (WINAPI* _LoadLibraryA)(LPCSTR);
19 typedef HMODULE (WINAPI* _LoadLibraryW)(LPCWSTR);
20 typedef HMODULE (WINAPI* _LoadLibraryExA)(LPCSTR, HANDLE, DWORD);
21 typedef HMODULE (WINAPI* _LoadLibraryExW)(LPCWSTR, HANDLE, DWORD);
23 #ifndef DO_NOT_REPLACE
27 //
\95Ï
\90\94\82Ì
\90é
\8c¾
28 #define EXTERN_HOOK_FUNCTION_VAR(name) extern _##name p_##name;
31 #define LoadLibraryA p_LoadLibraryA
32 EXTERN_HOOK_FUNCTION_VAR(LoadLibraryA)
34 #define LoadLibraryW p_LoadLibraryW
35 EXTERN_HOOK_FUNCTION_VAR(LoadLibraryW)
37 #define LoadLibraryExA p_LoadLibraryExA
38 EXTERN_HOOK_FUNCTION_VAR(LoadLibraryExA)
40 #define LoadLibraryExW p_LoadLibraryExW
41 EXTERN_HOOK_FUNCTION_VAR(LoadLibraryExW)
47 //
\83\8d\81[
\83h
\8dÏ
\82Ý
\82Ì
\83\82\83W
\83\85\81[
\83\8b\82Í
\8c\9f\8d¸
\82ð
\83p
\83X
48 #define PROCESS_PROTECTION_LOADED 0x00000001
49 //
\83\82\83W
\83\85\81[
\83\8b\82É
\96\84\82ß
\8d\9e\82Ü
\82ê
\82½Authenticode
\8f\90\96¼
\82ð
\8c\9f\8d¸
50 #define PROCESS_PROTECTION_BUILTIN 0x00000002
51 //
\83T
\83C
\83h
\83o
\83C
\83T
\83C
\83h
\82ÌAuthenticode
\8f\90\96¼
\82ð
\8c\9f\8d¸
52 #define PROCESS_PROTECTION_SIDE_BY_SIDE 0x00000004
53 // WFP
\82É
\82æ
\82é
\95Û
\8cì
\89º
\82É
\82 \82é
\82©
\82ð
\8c\9f\8d¸
54 #define PROCESS_PROTECTION_SYSTEM_FILE 0x00000008
55 // Authenticode
\8f\90\96¼
\82Ì
\97L
\8cø
\8aú
\8cÀ
\82ð
\96³
\8e\8b
56 #define PROCESS_PROTECTION_EXPIRED 0x00000010
57 // Authenticode
\8f\90\96¼
\82Ì
\94
\8ds
\8c³
\82ð
\96³
\8e\8b
58 #define PROCESS_PROTECTION_UNAUTHORIZED 0x00000020
60 #define PROCESS_PROTECTION_NONE 0
61 #define PROCESS_PROTECTION_DEFAULT PROCESS_PROTECTION_HIGH
62 #define PROCESS_PROTECTION_HIGH (PROCESS_PROTECTION_BUILTIN | PROCESS_PROTECTION_SIDE_BY_SIDE | PROCESS_PROTECTION_SYSTEM_FILE)
63 #define PROCESS_PROTECTION_MEDIUM (PROCESS_PROTECTION_HIGH | PROCESS_PROTECTION_LOADED | PROCESS_PROTECTION_EXPIRED)
64 #define PROCESS_PROTECTION_LOW (PROCESS_PROTECTION_MEDIUM | PROCESS_PROTECTION_UNAUTHORIZED)
66 HMODULE System_LoadLibrary(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags);
67 void SetProcessProtectionLevel(DWORD Level);
68 BOOL GetSHA1HashOfFile(LPCWSTR Filename, void* pHash);
69 BOOL RegisterTrustedModuleSHA1Hash(void* pHash);
70 BOOL UnregisterTrustedModuleSHA1Hash(void* pHash);
71 BOOL UnloadUntrustedModule();
72 BOOL InitializeLoadLibraryHook();
73 BOOL EnableLoadLibraryHook(BOOL bEnable);
74 BOOL RestartProtectedProcess(LPCTSTR Keyword);