dEEpEst
☣☣ In The Depths ☣☣
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
- Joined
- Mar 29, 2018
- Messages
- 13,861
- Solutions
- 4
- Reputation
- 32
- Reaction score
- 45,552
- Points
- 1,813
- Credits
- 55,350
7 Years of Service
56%
Hey guys can you with this code a driver (.sys) via VB6 code laden.Noch to this snippet uses Native Apis
[LENGUAJE=vb]Option Explicit
Private Declare Sub RtlInitUnicodeString Lib "NTDLL.DLL" (DestinationString As Any, ByVal SourceString As Long)
Private Declare Function NtLoadDriver Lib "NTDLL.DLL" (ByVal DriverServiceName As Long) As Long
Private Declare Function NtUnloadDriver Lib "NTDLL.DLL" (ByVal DriverServiceName As Long) As Long
Private Declare Function RegCreateKeyEx Lib "advapi32.dll" Alias "RegCreateKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal Reserved As Long, ByVal lpClass As String, ByVal dwOptions As Long, ByVal samDesired As Long, lpSecurityAttributes As Any, phkResult As Long, lpdwDisposition As Long) As Long
Private Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Private Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
Private Declare Function lstrlen Lib "kernel32" Alias "lstrlenA" (ByVal lpString As String) As Long
Private Const TheDrivername As String = "dBlaze"
Private Const STATUS_IMAGE_ALREADY_LOADED = &HC000010E
Private Const HKEY_LOCAL_MACHINE = &H80000002
Private Const REG_EXPAND_SZ = 2
Private Const REG_DWORD = 4
Private Const READ_CONTROL = &H20000
Private Const KEY_QUERY_VALUE = &H1
Private Const KEY_SET_VALUE = &H2
Private Const KEY_CREATE_SUB_KEY = &H4
Private Const KEY_ENUMERATE_SUB_KEYS = &H8
Private Const KEY_NOTIFY = &H10
Private Const KEY_CREATE_LINK = &H20
Private Const KEY_ALL_ACCESS = KEY_QUERY_VALUE + KEY_SET_VALUE + KEY_CREATE_SUB_KEY + KEY_ENUMERATE_SUB_KEYS + KEY_NOTIFY + KEY_CREATE_LINK + READ_CONTROL
Private Type UNICODE_STRING
uLength As Integer
uMaximumLength As Integer
pBuffer As Long
End Type
Public Function CHLoadDriver(ByVal lpDriverPath As String, mstrDriverName As String) As Boolean
Dim lngSuccess As Long
Dim hKey As Long
Dim DriverPath As UNICODE_STRING
lpDriverPath = "\??\" & lpDriverPath
lngSuccess = RegCreateKeyEx(HKEY_LOCAL_MACHINE, "System\CurrentControlSet\Services\" & mstrDriverName, 0, vbNullString, 0, KEY_ALL_ACCESS, ByVal 0&, hKey, ByVal 0&
If lngSuccess 0 Then
Exit Function
End If
lngSuccess = RegSetValueEx(hKey, "Type", 0, REG_DWORD, 1, 4)
If lngSuccess 0 Then
RegCloseKey hKey
Exit Function
End If
lngSuccess = RegSetValueEx(hKey, "ErrorControl", 0, REG_DWORD, 1, 4)
If lngSuccess 0 Then
RegCloseKey hKey
Exit Function
End If
lngSuccess = RegSetValueEx(hKey, "Start", 0, REG_DWORD, 3, 4)
If lngSuccess 0 Then
RegCloseKey hKey
Exit Function
End If
lngSuccess = RegSetValueEx(hKey, "ImagePath", 0, REG_EXPAND_SZ, ByVal lpDriverPath, lstrlen(lpDriverPath)) 'Len(lpDriverPath) '?????len????lenb???????????
If lngSuccess 0 Then
RegCloseKey hKey
Exit Function
End If
RtlInitUnicodeString DriverPath, StrPtr("\Registry\Machine\System\CurrentControlSet\Services\" & mstrDriverName)
lngSuccess = NtLoadDriver(VarPtr(DriverPath))
If lngSuccess = STATUS_IMAGE_ALREADY_LOADED Or lngSuccess = 0 Then
CHLoadDriver = True
End If
RegCloseKey hKey
End Function
Public Function CHUnLoadDriver(TheDrivername As String) As Boolean
Dim lngSuccess As Long
Dim DriverPath As UNICODE_STRING
RtlInitUnicodeString DriverPath, StrPtr("\Registry\Machine\System\CurrentControlSet\Services\" & TheDrivername)
lngSuccess = NtUnloadDriver(VarPtr(DriverPath))
lngSuccess = RegDeleteKey(HKEY_LOCAL_MACHINE, "System\CurrentControlSet\Services\" & TheDrivername & "\Enum")
If lngSuccess 0 Then
Exit Function
End If
lngSuccess = RegDeleteKey(HKEY_LOCAL_MACHINE, "System\CurrentControlSet\Services\" & TheDrivername)
CHUnLoadDriver = lngSuccess = 0
End Function[/LENGUAJE]
[LENGUAJE=vb]Option Explicit
Private Declare Sub RtlInitUnicodeString Lib "NTDLL.DLL" (DestinationString As Any, ByVal SourceString As Long)
Private Declare Function NtLoadDriver Lib "NTDLL.DLL" (ByVal DriverServiceName As Long) As Long
Private Declare Function NtUnloadDriver Lib "NTDLL.DLL" (ByVal DriverServiceName As Long) As Long
Private Declare Function RegCreateKeyEx Lib "advapi32.dll" Alias "RegCreateKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal Reserved As Long, ByVal lpClass As String, ByVal dwOptions As Long, ByVal samDesired As Long, lpSecurityAttributes As Any, phkResult As Long, lpdwDisposition As Long) As Long
Private Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long
Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Private Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long
Private Declare Function lstrlen Lib "kernel32" Alias "lstrlenA" (ByVal lpString As String) As Long
Private Const TheDrivername As String = "dBlaze"
Private Const STATUS_IMAGE_ALREADY_LOADED = &HC000010E
Private Const HKEY_LOCAL_MACHINE = &H80000002
Private Const REG_EXPAND_SZ = 2
Private Const REG_DWORD = 4
Private Const READ_CONTROL = &H20000
Private Const KEY_QUERY_VALUE = &H1
Private Const KEY_SET_VALUE = &H2
Private Const KEY_CREATE_SUB_KEY = &H4
Private Const KEY_ENUMERATE_SUB_KEYS = &H8
Private Const KEY_NOTIFY = &H10
Private Const KEY_CREATE_LINK = &H20
Private Const KEY_ALL_ACCESS = KEY_QUERY_VALUE + KEY_SET_VALUE + KEY_CREATE_SUB_KEY + KEY_ENUMERATE_SUB_KEYS + KEY_NOTIFY + KEY_CREATE_LINK + READ_CONTROL
Private Type UNICODE_STRING
uLength As Integer
uMaximumLength As Integer
pBuffer As Long
End Type
Public Function CHLoadDriver(ByVal lpDriverPath As String, mstrDriverName As String) As Boolean
Dim lngSuccess As Long
Dim hKey As Long
Dim DriverPath As UNICODE_STRING
lpDriverPath = "\??\" & lpDriverPath
lngSuccess = RegCreateKeyEx(HKEY_LOCAL_MACHINE, "System\CurrentControlSet\Services\" & mstrDriverName, 0, vbNullString, 0, KEY_ALL_ACCESS, ByVal 0&, hKey, ByVal 0&
If lngSuccess 0 Then
Exit Function
End If
lngSuccess = RegSetValueEx(hKey, "Type", 0, REG_DWORD, 1, 4)
If lngSuccess 0 Then
RegCloseKey hKey
Exit Function
End If
lngSuccess = RegSetValueEx(hKey, "ErrorControl", 0, REG_DWORD, 1, 4)
If lngSuccess 0 Then
RegCloseKey hKey
Exit Function
End If
lngSuccess = RegSetValueEx(hKey, "Start", 0, REG_DWORD, 3, 4)
If lngSuccess 0 Then
RegCloseKey hKey
Exit Function
End If
lngSuccess = RegSetValueEx(hKey, "ImagePath", 0, REG_EXPAND_SZ, ByVal lpDriverPath, lstrlen(lpDriverPath)) 'Len(lpDriverPath) '?????len????lenb???????????
If lngSuccess 0 Then
RegCloseKey hKey
Exit Function
End If
RtlInitUnicodeString DriverPath, StrPtr("\Registry\Machine\System\CurrentControlSet\Services\" & mstrDriverName)
lngSuccess = NtLoadDriver(VarPtr(DriverPath))
If lngSuccess = STATUS_IMAGE_ALREADY_LOADED Or lngSuccess = 0 Then
CHLoadDriver = True
End If
RegCloseKey hKey
End Function
Public Function CHUnLoadDriver(TheDrivername As String) As Boolean
Dim lngSuccess As Long
Dim DriverPath As UNICODE_STRING
RtlInitUnicodeString DriverPath, StrPtr("\Registry\Machine\System\CurrentControlSet\Services\" & TheDrivername)
lngSuccess = NtUnloadDriver(VarPtr(DriverPath))
lngSuccess = RegDeleteKey(HKEY_LOCAL_MACHINE, "System\CurrentControlSet\Services\" & TheDrivername & "\Enum")
If lngSuccess 0 Then
Exit Function
End If
lngSuccess = RegDeleteKey(HKEY_LOCAL_MACHINE, "System\CurrentControlSet\Services\" & TheDrivername)
CHUnLoadDriver = lngSuccess = 0
End Function[/LENGUAJE]