//StartService时调用
NTSTATUS DriverEntry( IN PDRIVER_OBJECT theDriverObject, IN PUNICODE_STRING theRegistryPath )
{
NTSTATUS status=STATUS_SUCCESS;
ULONG i;
__asm
{
pushad
xor eax, ebx
sub ebx, ecx
add ecx, edx
xor ebx, eax
popad
}
for(i= 0;i<IRP_MJ_MAXIMUM_FUNCTION;++i)
theDriverObject->MajorFunction[i] = DisPatchCreateClose;
theDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]=DispatchDeviceControl;
theDriverObject->DriverUnload=DriverUnload;
RtlInitUnicodeString(&DerName,L"\\Device\\RESSDT");
status=IoCreateDevice(theDriverObject,0,&DerName,FILE_DEVICE_UNKNOWN,0,FALSE,&pDevObj);
if(!NT_SUCCESS(status))
{
//DbgPrint("IoCreateDevice Fail!");
return status;
}
RtlInitUnicodeString(&DerName2,L"\\??\\RESSDTDOS");
status=IoCreateSymbolicLink(&DerName2,&DerName);
// if(!NT_SUCCESS(status))
// DbgPrint("IoCreateSymbolicLink fail!");
return status;
}
NTSTATUS CreateDevice(IN PDRIVER_OBJECT pDriverObject)
{
// 创建设备名称
UNICODE_STRING devName;
RtlInitUnicodeString(&devName, L"\\Device\\SSDTDriver");
// 创建设备
PDEVICE_OBJECT pDevObj;
NTSTATUS status = IoCreateDevice(pDriverObject,
sizeof(DEVICE_EXTENSION),
&devName,
FILE_DEVICE_UNKNOWN,
0,
TRUE,
&pDevObj);
if (!NT_SUCCESS(status))
{
return status;
}
PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)pDevObj->DeviceExtension;
//创建符号链接
UNICODE_STRING symLinkName;
RtlInitUnicodeString(&symLinkName, L"\\??\\SSDTDriver");
status = IoCreateSymbolicLink(&symLinkName, &devName);
if (!NT_SUCCESS(status))
{
IoDeleteDevice(pDevObj);
return status;
}
return STATUS_SUCCESS;
}
NTSTATUS
NdasPortExtRegisterExternalTypes(
__in PCUNICODE_STRING DeviceName,
__in CONST GUID* ExternalTypeGuid,
__inout PUNICODE_STRING SymbolicLinkName)
{
NTSTATUS status;
status = NdasPortExtBuildSymbolicLinkName(
SymbolicLinkName,
ExternalTypeGuid);
if (!NT_SUCCESS(status))
{
return status;
}
status = IoCreateSymbolicLink(
SymbolicLinkName,
(PUNICODE_STRING) DeviceName);
if (!NT_SUCCESS(status))
{
return status;
}
return STATUS_SUCCESS;
}
//#######################################################################################
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
//@@@@@@@@ D R I V E R E N T R Y P O I N T @@@@@@@@
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
//#######################################################################################
NTSTATUS
DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryString)
{
NTSTATUS Status;
UNICODE_STRING uniDeviceName;
UNICODE_STRING uniLinkName;
ULONG_PTR i = 0;
PDEVICE_OBJECT DeviceObject = NULL;
RtlInitUnicodeString(&uniDeviceName,DEVICE_NAME);
RtlInitUnicodeString(&uniLinkName,LINK_NAME);
for (i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++)
{
DriverObject->MajorFunction[i] = DefaultDispatchFunction;
}
DriverObject->DriverUnload = UnloadDriver;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchControl;
//创建设备对象
Status = IoCreateDevice(DriverObject,0,&uniDeviceName,FILE_DEVICE_UNKNOWN,0,FALSE,&DeviceObject);
if (!NT_SUCCESS(Status))
{
return STATUS_UNSUCCESSFUL;
}
Status = IoCreateSymbolicLink(&uniLinkName,&uniDeviceName);
if (!NT_SUCCESS(Status))
{
IoDeleteDevice(DeviceObject);
return STATUS_UNSUCCESSFUL;
}
g_DriverObject = DriverObject;
return STATUS_SUCCESS;
}
//----------------------------------------------------------------------
//
// DriverEntry
//
// Installable driver initialization. Here we just set ourselves up.
//
//----------------------------------------------------------------------
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath )
{
PDEVICE_OBJECT GUIDevice;
NTSTATUS ntStatus;
WCHAR deviceNameBuffer[] = L"\\Device\\Secsys";
UNICODE_STRING deviceNameUnicodeString;
WCHAR deviceLinkBuffer[] = L"\\DosDevices\\Secsys";
UNICODE_STRING deviceLinkUnicodeString;
DbgPrint (("Secsys.sys: entering DriverEntry\n"));
//
// setup our name
//
RtlInitUnicodeString (&deviceNameUnicodeString,
deviceNameBuffer );
//
// set up the device used for GUI communications
ntStatus = IoCreateDevice ( DriverObject,
0,
&deviceNameUnicodeString,
FILE_DEVICE_SECDEMO,
0,
FALSE,
&GUIDevice );
if (NT_SUCCESS(ntStatus)) {
//
// Create a symbolic link that the GUI can specify to gain access
// to this driver/device
//
RtlInitUnicodeString (&deviceLinkUnicodeString,
deviceLinkBuffer );
ntStatus = IoCreateSymbolicLink (&deviceLinkUnicodeString,
&deviceNameUnicodeString );
if (!NT_SUCCESS(ntStatus))
DbgPrint (("Secsys.sys: IoCreateSymbolicLink failed\n"));
//
// Create dispatch points for all routines that must be Secsysd
//
DriverObject->MajorFunction[IRP_MJ_CREATE] =
DriverObject->MajorFunction[IRP_MJ_CLOSE] =
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = SecsysDispatch;
DriverObject->DriverUnload = SecsysUnload;
} else {
DbgPrint(("Secsys: Failed to create our device!\n"));
//
// Something went wrong, so clean up (free resources etc)
//
if( GUIDevice ) IoDeleteDevice( GUIDevice );
return ntStatus;
}
return ntStatus;
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObj , PUNICODE_STRING pRegistryPath)
{
DWORD i = 0;
NTSTATUS status;
UNICODE_STRING deviceName = {0}, symlinkName = {0};
PDEVICE_OBJECT pDevice = NULL;
pDriverObj->DriverUnload = Unload;
DbgPrint("[ Loading.. ]\r\n");
RtlInitUnicodeString(&deviceName, L"\\Device\\2");
RtlInitUnicodeString(&symlinkName, L"\\DosDevices\\2");
DbgPrint("[ Creating the device...]\n");
IoCreateDevice(
pDriverObj,
0,
&deviceName,
FILE_DEVICE_UNKNOWN,
FILE_DEVICE_SECURE_OPEN,
FALSE,
&pDevice
);
DbgPrint("[ Linking...]\n");
IoCreateSymbolicLink(&symlinkName, &deviceName);
for(; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
pDriverObj->MajorFunction[i] = handleIRP;
pDriverObj->MajorFunction[IRP_MJ_DEVICE_CONTROL] = handleIOCTLs;
return STATUS_SUCCESS;
}
static HRESULT xbox_io_mount(char *szDrive, char *szDevice)
{
#ifndef IS_SALAMANDER
bool original_verbose = g_extern.verbose;
g_extern.verbose = true;
#endif
char szSourceDevice[48];
char szDestinationDrive[16];
snprintf(szSourceDevice, sizeof(szSourceDevice), "\\Device\\%s", szDevice);
snprintf(szDestinationDrive, sizeof(szDestinationDrive), "\\??\\%s", szDrive);
RARCH_LOG("xbox_io_mount() - source device: %s.\n", szSourceDevice);
RARCH_LOG("xbox_io_mount() - destination drive: %s.\n", szDestinationDrive);
STRING DeviceName =
{
strlen(szSourceDevice),
strlen(szSourceDevice) + 1,
szSourceDevice
};
STRING LinkName =
{
strlen(szDestinationDrive),
strlen(szDestinationDrive) + 1,
szDestinationDrive
};
IoCreateSymbolicLink(&LinkName, &DeviceName);
#ifndef IS_SALAMANDER
g_extern.verbose = original_verbose;
#endif
return S_OK;
}
NTSTATUS DriverEntry( IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING theRegistryPath )
{
NTSTATUS ntStatus;
PDEVICE_OBJECT mnhmod;
UNICODE_STRING uDriverName;
UNICODE_STRING uSymLink;
RtlInitUnicodeString(&uDriverName,driverName);
RtlInitUnicodeString(&uSymLink,symLink);
ntStatus = IoCreateDevice(pDriverObject,
0,
&uDriverName,
MANHATAN_MOD,
0,
TRUE,
&mnhmod);
if(ntStatus != STATUS_SUCCESS)
{
DbgPrint("ManhatanMod error");
return 0;
}
DbgPrint("ManhatanMod loaded successful");
//create symlink
IoCreateSymbolicLink(&uSymLink,&uDriverName);
pDriverObject->DriverUnload = OnUnload;
pDriverObject->MajorFunction[IRP_MJ_SHUTDOWN] =
pDriverObject->MajorFunction[IRP_MJ_CREATE] =
pDriverObject->MajorFunction[IRP_MJ_CLOSE] =
pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = Dispatch_IRP_Routine;
return ntStatus;
}
NTSTATUS CreateDevice (IN PDRIVER_OBJECT pDriverObject)
{
NTSTATUS status;
PDEVICE_OBJECT pDevObj;
PDEVICE_EXTENSION pdx;
UNICODE_STRING devName;
RtlInitUnicodeString(&devName,DEVICE_NAME);
status = IoCreateDevice( pDriverObject,sizeof(DEVICE_EXTENSION),&(UNICODE_STRING)devName,FILE_DEVICE_ACPI,0, TRUE,&pDevObj );
if (!NT_SUCCESS(status))
{
////KdPrint(("IoCreateDevice Failed EC=0x%lX\n",status));
}else
{
////KdPrint(("IoCreateDevice OK\n"));
pDevObj->Flags |= DO_BUFFERED_IO;
pdx = (PDEVICE_EXTENSION)pDevObj->DeviceExtension;
g_pdx=pdx;
RtlZeroMemory(pdx,sizeof(DEVICE_EXTENSION));
pdx->pDevice = pDevObj;
pdx->ustrDeviceName = devName;
UNICODE_STRING symLinkName;
RtlInitUnicodeString(&symLinkName,SYMBOLINK_NAME);
pdx->ustrSymLinkName = symLinkName;
status = IoCreateSymbolicLink( &symLinkName,&devName );
if (!NT_SUCCESS(status))
{
////KdPrint(("IoCreateSymbolicLink Failed EC=0x%lX\n",status));
IoDeleteDevice( pDevObj );
}else
{
////KdPrint(("IoCreateSymbolicLink OK\n"));
}
}
return status;
}
NTSTATUS DriverEntry( PDRIVER_OBJECT pDriverObject,
PUNICODE_STRING pRegistryPath )
{
PDEVICE_OBJECT pdo = NULL;
NTSTATUS s = STATUS_SUCCESS;
UNICODE_STRING usDriverName, usDosDeviceName;
RtlInitUnicodeString( &usDriverName, DRIVER_NAME );
RtlInitUnicodeString( &usDosDeviceName, DEVICE_NAME );
s = IoCreateDevice( pDriverObject, 0, &usDriverName, \
FILE_DRIVER_SSDT, FILE_DEVICE_SECURE_OPEN, \
FALSE, &pdo );
if( STATUS_SUCCESS == s )
{
pDriverObject->MajorFunction[IRP_MJ_CREATE] = SSDTCreate;
pDriverObject->DriverUnload = SSDTUnload;
pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] \
= SSDTDeviceIoCtl;
IoCreateSymbolicLink( &usDosDeviceName, &usDriverName );
DbgPrint( "SSDT: Load Success!" );
DbgPrint( "SSDT: Hook ZwCreateFile Prepare!" );
////////////////////////////////////////////////////////////////////
// 开始HOOK ZwWriteFile
//去掉内存保护
__asm
{
cli ;//关中断
mov eax, cr0
and eax, ~0x10000
mov cr0, eax
}
//保存原始值
(ULONG)OldZwCreateFile = \
*( (PULONG)(KeServiceDescriptorTable->pvSSDTBase) + \
(ULONG)HOOK_SSDT_NUMBER );
//修改SSDT中的 ZwWriteFile 指向新函数
*( (PULONG)(KeServiceDescriptorTable->pvSSDTBase) + \
(ULONG)HOOK_SSDT_NUMBER ) \
= (ULONG)NewZwCreateFile;
//开中断,把内存保护加上
__asm
{
mov eax, cr0
or eax, 0x10000
mov cr0, eax
sti ;//开中断
}
///////////////////////////////// HOOK 完成
DbgPrint( "SSDT: Hook ZwCreateFile Success!" );
}
NTSTATUS DriverEntry(PDRIVER_OBJECT driverObject, PUNICODE_STRING registryPath)
{
PDEVICE_OBJECT pDeviceObject = NULL;
UNICODE_STRING DeviceName;
UNICODE_STRING DosDeviceName;
NTSTATUS NtStatus;
DbgPrint("DriverEntry ...");
RtlInitUnicodeString(&DeviceName, deviceNameBuffer);
RtlInitUnicodeString(&DosDeviceName,deviceLinkBuffer);
NtStatus = IoCreateDevice(driverObject, 0, &DeviceName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
if(!NT_SUCCESS(NtStatus)) return NtStatus;
NtStatus = IoCreateSymbolicLink(&DosDeviceName, &DeviceName);
if(!NT_SUCCESS(NtStatus))
{
IoDeleteDevice(driverObject->DeviceObject);
return NtStatus;
}
driverObject->MajorFunction[IRP_MJ_CREATE] = Irp_Nil;
driverObject->MajorFunction[IRP_MJ_CLOSE] = Irp_Nil;
driverObject->MajorFunction[IRP_MJ_WRITE] = Irp_Write;
driverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = Irp_Nil;
driverObject->MajorFunction[IRP_MJ_SHUTDOWN] = Irp_Nil;
driverObject->DriverUnload = DriverUnload;
return STATUS_SUCCESS;
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath)
{
UNICODE_STRING ntDeviceName;
UNICODE_STRING win32DeviceName;
NTSTATUS status;
RtlInitUnicodeString(&ntDeviceName,NT_DEVICE_NAME);
if (!NT_SUCCESS(status = IoCreateDevice(DriverObject,0,&ntDeviceName,
FILE_DEVICE_UNKNOWN,0,FALSE,
&HwndNameDriverDeviceObject)))
return STATUS_NO_SUCH_DEVICE;
HwndNameDriverDeviceObject->Flags |= DO_BUFFERED_IO;
RtlInitUnicodeString(&win32DeviceName,DOS_DEVICE_NAME);
if (!NT_SUCCESS(status = IoCreateSymbolicLink(&win32DeviceName,
&ntDeviceName)))
return STATUS_NO_SUCH_DEVICE;
DriverObject->MajorFunction[IRP_MJ_CREATE ] = HwndNameDriverIO;
DriverObject->MajorFunction[IRP_MJ_CLOSE ] = HwndNameDriverIO;
DriverObject->MajorFunction[IRP_MJ_READ ] = HwndNameDriverIO;
DriverObject->MajorFunction[IRP_MJ_WRITE ] = HwndNameDriverIO;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = HwndNameDriverIOControl;
DriverObject->DriverUnload = HwndNameDriverUnload;
return STATUS_SUCCESS;
}
static HRESULT xbox_io_mount(char *szDrive, char *szDevice)
{
char szSourceDevice[48];
char szDestinationDrive[16];
snprintf(szSourceDevice, sizeof(szSourceDevice), "\\Device\\%s", szDevice);
snprintf(szDestinationDrive, sizeof(szDestinationDrive), "\\??\\%s", szDrive);
RARCH_LOG("xbox_io_mount() - source device: %s.\n", szSourceDevice);
RARCH_LOG("xbox_io_mount() - destination drive: %s.\n", szDestinationDrive);
STRING DeviceName =
{
strlen(szSourceDevice),
strlen(szSourceDevice) + 1,
szSourceDevice
};
STRING LinkName =
{
strlen(szDestinationDrive),
strlen(szDestinationDrive) + 1,
szDestinationDrive
};
IoCreateSymbolicLink(&LinkName, &DeviceName);
return S_OK;
}
NTSTATUS DriverEntry(PDRIVER_OBJECT driverObject, PUNICODE_STRING registryPath)
{
UNICODE_STRING deviceName = {0};
UNICODE_STRING deviceDosName = {0};
NTSTATUS status = STATUS_SUCCESS;
driverObject->DriverUnload = DriverUnload;
RtlInitUnicodeString( &deviceName,DEVICE_NAME );
status = IoCreateDevice( driverObject,
0,
&deviceName,
FILE_DEVICE_NETWORK,
0,
FALSE,
&gDevObj );
if( !NT_SUCCESS(status))
{
DbgPrint("[WFP_TEST]IoCreateDevice failed!\n");
return STATUS_UNSUCCESSFUL;
}
RtlInitUnicodeString( &deviceDosName,DEVICE_DOSNAME );
status = IoCreateSymbolicLink( &deviceDosName,&deviceName );
if( !NT_SUCCESS( status ))
{
DbgPrint("[WFP_TEST]Create Symbolink name failed!\n");
return STATUS_UNSUCCESSFUL;
}
status = WallRegisterCallouts();
if( !NT_SUCCESS( status ))
{
DbgPrint("[WFP_TEST]WallRegisterCallouts failed!\n");
return STATUS_UNSUCCESSFUL;
}
DbgPrint("[WFP_TEST] loaded! WallRegisterCallouts() success!\n");
return status;
}
/** Creates a communication device for the driver. The device is then used
* by user mode application in order to collect snapshots of drivers and
* devices present in the system. The routine also sets up the DriverUnload
* procedure.
*
* @param DriverObject Address of Driver Object structure, passed by the
* system into DriverEntry.
*
* @return
* Returns NTSTATUS value indicating success or failure of the operation.
*/
static NTSTATUS DriverInit(PDRIVER_OBJECT DriverObject)
{
UNICODE_STRING uDeviceName;
NTSTATUS status = STATUS_UNSUCCESSFUL;
DEBUG_ENTER_FUNCTION("DriverObject=0x%p", DriverObject);
RtlInitUnicodeString(&uDeviceName, DRIVER_DEVICE);
status = IoCreateDevice(DriverObject, 0, &uDeviceName, FILE_DEVICE_UNKNOWN, 0, FALSE, &DriverObject->DeviceObject);
if (NT_SUCCESS(status)) {
UNICODE_STRING uLinkName;
RtlInitUnicodeString(&uLinkName, DRIVER_SYMLINK);
status = IoCreateSymbolicLink(&uLinkName, &uDeviceName);
if (NT_SUCCESS(status)) {
DriverObject->DriverUnload = DriverUnload;
DriverObject->MajorFunction[IRP_MJ_CREATE] = DriverCreateClose;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = DriverCreateClose;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DriverDeviceControl;
}
if (!NT_SUCCESS(status))
IoDeleteDevice(DriverObject->DeviceObject);
}
DEBUG_EXIT_FUNCTION("0x%x", status);
return status;
}
NTSTATUS DriverEntry (IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath)
{
UNICODE_STRING DeviceNameUnicodeString;
UNICODE_STRING DeviceLinkUnicodeString;
NTSTATUS ntStatus;
PDEVICE_OBJECT DeviceObject = NULL;
OutputDebugString ("Entering DriverEntry");
RtlInitUnicodeString (&DeviceNameUnicodeString, L"\\Device\\WinIo");
// Create an EXCLUSIVE device object (only 1 thread at a time
// can make requests to this device).
ntStatus = IoCreateDevice (DriverObject,
0,
&DeviceNameUnicodeString,
FILE_DEVICE_WINIO,
0,
TRUE,
&DeviceObject);
if (NT_SUCCESS(ntStatus))
{
// Create dispatch points for device control, create, close.
DriverObject->MajorFunction[IRP_MJ_CREATE] =
DriverObject->MajorFunction[IRP_MJ_CLOSE] =
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = WinIoDispatch;
DriverObject->DriverUnload = WinIoUnload;
// Create a symbolic link, e.g. a name that a Win32 app can specify
// to open the device.
RtlInitUnicodeString (&DeviceLinkUnicodeString, L"\\DosDevices\\WinIo");
ntStatus = IoCreateSymbolicLink (&DeviceLinkUnicodeString,
&DeviceNameUnicodeString);
if (!NT_SUCCESS(ntStatus))
{
// Symbolic link creation failed- note this & then delete the
// device object (it's useless if a Win32 app can't get at it).
OutputDebugString ("ERROR: IoCreateSymbolicLink failed");
IoDeleteDevice (DeviceObject);
}
}
else
{
OutputDebugString ("ERROR: IoCreateDevice failed");
}
OutputDebugString ("Leaving DriverEntry");
return ntStatus;
}
NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING registrypath)
{
UNICODE_STRING devicename;
PDEVICE_OBJECT device=NULL;
NTSTATUS status;
DbgPrint("pbfilter: > Entering DriverEntry()\n");
DbgPrint("pbfilter: setting up devicename\n");
RtlInitUnicodeString(&devicename, NT_DEVICE_NAME);
DbgPrint("pbfilter: creating device\n");
status=IoCreateDevice(driver, sizeof(PBINTERNAL), &devicename, FILE_DEVICE_PEERBLOCK, 0, FALSE, &device);
if(NT_SUCCESS(status))
{
UNICODE_STRING devicelink;
DbgPrint("pbfilter: created device, initting internal data\n");
DbgPrint("pbfilter: ... creating symbolic link\n");
RtlInitUnicodeString(&devicelink, DOS_DEVICE_NAME);
status=IoCreateSymbolicLink(&devicelink, &devicename);
DbgPrint("pbfilter: ... setting up irp-handling functions\n");
driver->MajorFunction[IRP_MJ_CREATE]=
driver->MajorFunction[IRP_MJ_CLOSE]=drv_create;
driver->MajorFunction[IRP_MJ_CLEANUP]=drv_cleanup;
driver->MajorFunction[IRP_MJ_DEVICE_CONTROL]=drv_control;
driver->DriverUnload=drv_unload;
device->Flags|=DO_BUFFERED_IO;
DbgPrint("pbfilter: ... setting up device extension\n");
g_internal=device->DeviceExtension;
DbgPrint("pbfilter: ... initializing lock and queue\n");
KeInitializeSpinLock(&g_internal->rangeslock);
KeInitializeSpinLock(&g_internal->destinationportslock);
KeInitializeSpinLock(&g_internal->sourceportslock);
InitNotificationQueue(&g_internal->queue);
DbgPrint("pbfilter: ... resetting counters\n");
g_internal->blockedcount = 0;
g_internal->allowedcount = 0;
g_internal->destinationportcount = 0;
g_internal->sourceportcount = 0;
DbgPrint("pbfilter: internal data initted\n");
}
if(!NT_SUCCESS(status))
{
DbgPrint("pbfilter: * ERROR: couldn't create device, status:[0x%lX] . . . unloading\n", status);
drv_unload(driver);
}
DbgPrint("pbfilter: < Leaving DriverEntry(), status:[0x%lX]\n", status);
return status;
}
NTSTATUS myAddDevice(IN PDRIVER_OBJECT DriverObject,IN PDEVICE_OBJECT pdo)
{
PDEVICE_OBJECT fdo;
PDEVICE_EXTENSION dve;
NTSTATUS status;
DbgPrint("myAddDevice routine begin");
//Oni(h1, p85) dynamic name if device more than 1
/*static LONG lastindex = -1;
LONG devindex = InterlockedIncrement(&lastindex);
WCHAR name[32]
_snwprintf(name, arraysize(name), L"\\Device\\RAMHDD%2.2d", devindex);
RtlInitUnicodeString(&devname, name);*/
//??
RtlInitUnicodeString(&DeviceName, L"\\Device\\RAMHDD");
//creating DeviceObject
status = IoCreateDevice(DriverObject, sizeof(DEVICE_EXTENSION), &DeviceName, FILE_DEVICE_UNKNOWN, 0, FALSE, &fdo);
dve = (PDEVICE_EXTENSION) fdo->DeviceExtension;
dve->DeviceObject = fdo;
dve->Pdo = pdo;
DbgPrint("=RAMHDD= FDO %d, DevExt=%d",fdo,dve);
RtlInitUnicodeString(&SymbolicLinkName, L"\\Device\\RAMHDD");
dve->ifname = SymbolicLinkName;
status = IoCreateSymbolicLink(&SymbolicLinkName, &DeviceName);
//IoInitializeRemoveLock(&dve->RemoveLock, 0, 0, 0);
//dve->devstate = STATE_INITIALIZED;
//IoInitializeDpcRequest(fdo, DpcForIsr);
fdo->Flags = DO_DIRECT_IO | DO_POWER_PAGABLE;
dve->LowerDeviceObject = IoAttachDeviceToDeviceStack(fdo, pdo);
fdo->Flags &= ~DO_DEVICE_INITIALIZING;
DbgPrint("myAddDevice routine end");
return STATUS_SUCCESS;
}
NTSTATUS create_device(PDRIVER_OBJECT driverObject, PCWSTR name, PCWSTR dosName) {
NTSTATUS status = STATUS_SUCCESS;
PDEVICE_OBJECT deviceObject = NULL;
UNICODE_STRING deviceName;
RtlInitUnicodeString(&deviceName, name);
status = IoCreateDevice(driverObject,
0,
&deviceName,
FILE_DEVICE_UNKNOWN,
FILE_DEVICE_SECURE_OPEN,
FALSE,
&deviceObject);
if (status != STATUS_SUCCESS) {
DbgPrint("Cannot create device\n");
goto cleanup;
}
DbgPrint("%wZ: 0x%08X\n", &deviceName, deviceObject);
deviceObject->Flags |= DO_BUFFERED_IO;
deviceObject->Flags &= (~DO_DEVICE_INITIALIZING);
UNICODE_STRING dosDeviceName;
RtlInitUnicodeString(&dosDeviceName, dosName);
IoCreateSymbolicLink(&dosDeviceName, &deviceName);
cleanup:
if (status != STATUS_SUCCESS) {
if (deviceObject) {
IoDeleteDevice(deviceObject);
}
}
return status;
}
NTSTATUS
WdmAudRegisterDeviceInterface(
IN PDEVICE_OBJECT PhysicalDeviceObject,
IN PWDMAUD_DEVICE_EXTENSION DeviceExtension)
{
NTSTATUS Status;
UNICODE_STRING SymlinkName = RTL_CONSTANT_STRING(L"\\DosDevices\\wdmaud");
UNICODE_STRING DeviceName = RTL_CONSTANT_STRING(L"\\Device\\wdmaud");
UNICODE_STRING SymbolicLinkName;
Status = IoRegisterDeviceInterface(PhysicalDeviceObject, &KSCATEGORY_WDMAUD, NULL, &SymbolicLinkName);
if (NT_SUCCESS(Status))
{
IoSetDeviceInterfaceState(&SymbolicLinkName, TRUE);
RtlFreeUnicodeString(&SymbolicLinkName);
DeviceExtension->DeviceInterfaceSupport = TRUE;
return Status;
}
/* failed to register device interface
* create a symbolic link instead
*/
DeviceExtension->DeviceInterfaceSupport = FALSE;
Status = IoCreateSymbolicLink(&SymlinkName, &DeviceName);
if (!NT_SUCCESS(Status))
{
IoDeleteDevice(PhysicalDeviceObject); //FIXME
DPRINT("Failed to create wdmaud symlink!\n");
return Status;
}
return Status;
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath)
{
UNICODE_STRING deadDriverName;
UNICODE_STRING deadDosDriverName;
PDEVICE_OBJECT pDeviceObject;
NTSTATUS retValue;
unsigned int i;
DbgPrint("Welcome to DeadLands");
DbgPrint("DeadLands Offset -> PID: 0x%X, ELIST: 0x%X, IMAGENAME: 0x%X", EPROCESS_OFFSET_PID, EPROCESS_OFFSET_ELIST, EPROCESS_OFFSET_IMAGENAME);
RtlInitUnicodeString(&deadDriverName, L"\\Device\\DeadLands");
RtlInitUnicodeString(&deadDosDriverName, L"\\DosDevices\\DeadLands");
retValue = IoCreateDevice(pDriverObject, 0, &deadDriverName, FILE_DEVICE_DEADLANDS, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
if (NT_SUCCESS(retValue)) {
// Assign deadlands functions to all MajorFunction
for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
pDriverObject->MajorFunction[i] = DeadLands_NotImplemented;
pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DeadLands_IOCTL;
pDriverObject->MajorFunction[IRP_MJ_CREATE] = DeadLands_Open;
pDriverObject->MajorFunction[IRP_MJ_CLOSE] = DeadLands_Close;
pDriverObject->MajorFunction[IRP_MJ_READ] = DeadLands_Read;
pDriverObject->MajorFunction[IRP_MJ_WRITE] = DeadLands_Write;
pDriverObject->DriverUnload = CleanUp;
// Create link to deadlands driver
IoCreateSymbolicLink(&deadDosDriverName, &deadDriverName);
}
return (retValue);
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObj, PUNICODE_STRING pRegistryString)
{
NTSTATUS status = STATUS_SUCCESS;
UNICODE_STRING ustrLinkName;
UNICODE_STRING ustrDevName;
PDEVICE_OBJECT pDevObj;
pDriverObj->MajorFunction[IRP_MJ_CREATE] = DispatchCreate;
pDriverObj->MajorFunction[IRP_MJ_CLOSE] = DispatchClose;
pDriverObj->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchIoctl;
pDriverObj->DriverUnload = DriverUnload;
RtlInitUnicodeString(&ustrDevName, DEVICE_NAME);
status = IoCreateDevice(pDriverObj, 0, &ustrDevName, FILE_DEVICE_UNKNOWN, 0, FALSE, &pDevObj);
if(!NT_SUCCESS(status)) return status;
if(IoIsWdmVersionAvailable(1, 0x10))
RtlInitUnicodeString(&ustrLinkName, LINK_GLOBAL_NAME);
else
RtlInitUnicodeString(&ustrLinkName, LINK_NAME);
status = IoCreateSymbolicLink(&ustrLinkName, &ustrDevName);
if(!NT_SUCCESS(status))
{
IoDeleteDevice(pDevObj);
return status;
}
//test
KeServiceDescriptorTableShadow = (PSYSTEM_SERVICE_TABLE)GetKeServiceDescriptorTableShadow64();
//DbgPrint("SSSDT: %llx[TA's method]",(ULONG64)KeServiceDescriptorTableShadow);
//test
return STATUS_SUCCESS;
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath){
UNICODE_STRING usDriverName, usDosDeviceName;
PDEVICE_OBJECT pDeviceObject;
NTSTATUS ntStatus;
UINT uiIndex;
DbgPrint("HideProc DriverEntry Called\n");
RtlInitUnicodeString(&usDriverName, L"\\Device\\HideProc");
RtlInitUnicodeString(&usDosDeviceName, L"\\DosDevices\\HideProc");
ntStatus = IoCreateDevice(pDriverObject, 0, &usDriverName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
if(NT_SUCCESS(ntStatus)){
for(uiIndex = 0; uiIndex < IRP_MJ_MAXIMUM_FUNCTION; uiIndex++)
pDriverObject->MajorFunction[uiIndex] = HideProc_Unsupported;
pDriverObject->MajorFunction[IRP_MJ_CREATE] = HideProc_Create;
pDriverObject->MajorFunction[IRP_MJ_WRITE] = HideProc_Write;
pDriverObject->MajorFunction[IRP_MJ_CLOSE] = HideProc_Close;
pDriverObject->DriverUnload = HideProc_Unload;
pDeviceObject->Flags |= DO_DIRECT_IO;
pDeviceObject->Flags &= (~DO_DEVICE_INITIALIZING);
IoCreateSymbolicLink(&usDosDeviceName, &usDriverName);
}
return ntStatus;
}
static NTSTATUS set_up_device(DRIVER_OBJECT *driver_object, int i)
{
NTSTATUS status = STATUS_SUCCESS;
RtlInitUnicodeString(&devices[i].path, devices_info[i].path);
RtlInitUnicodeString(&devices[i].symlink, devices_info[i].symlink);
status = IoCreateDevice(
driver_object,
0,
&devices[i].path,
FILE_DEVICE_UNKNOWN,
FILE_DEVICE_SECURE_OPEN,
FALSE,
&devices[i].object);
if (!NT_SUCCESS(status))
return status;
devices[i].object->Flags |= DO_BUFFERED_IO;
devices[i].object->Flags &= ~DO_DEVICE_INITIALIZING;
if (!NT_SUCCESS(status = IoCreateSymbolicLink(
&devices[i].symlink, &devices[i].path)))
goto delete_device;
return status;
delete_device:
IoDeleteDevice(devices[i].object);
return status;
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObj, PUNICODE_STRING pRegistryString)
{
NTSTATUS status = STATUS_SUCCESS;
UNICODE_STRING ustrLinkName;
UNICODE_STRING ustrDevName;
PDEVICE_OBJECT pDevObj;
DbgPrint("[x64Drv] DriverEntry: %S\n",pRegistryString->Buffer);
pDriverObj->MajorFunction[IRP_MJ_CREATE] = DispatchCreate;
pDriverObj->MajorFunction[IRP_MJ_CLOSE] = DispatchClose;
pDriverObj->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchIoctl;
pDriverObj->DriverUnload = DriverUnload;
RtlInitUnicodeString(&ustrDevName, DEVICE_NAME);
status = IoCreateDevice(pDriverObj, 0,&ustrDevName, FILE_DEVICE_UNKNOWN,0,FALSE,&pDevObj);
DbgPrint("[x64Drv] Device Name %S",ustrDevName.Buffer);
if(!NT_SUCCESS(status))
{
DbgPrint("[x64Drv] IoCreateDevice = 0x%x\n", status);
return status;
}
RtlInitUnicodeString(&ustrLinkName, LINK_NAME);
status = IoCreateSymbolicLink(&ustrLinkName, &ustrDevName);
if(!NT_SUCCESS(status))
{
DbgPrint("[x64Drv] IoCreateSymbolicLink = 0x%x\n", status);
IoDeleteDevice(pDevObj);
return status;
}
DbgPrint("[x64Drv] SymbolicLink:%S",ustrLinkName.Buffer);
return STATUS_SUCCESS;
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pUnicodeString)
{
UNICODE_STRING ntDeviceName;
UNICODE_STRING dosDeviceName;
ULONG i;
NTSTATUS status = STATUS_SUCCESS;
gsfmSysFreezerDriverObject = pDriverObject;
#ifdef DBG
//pDriverObject->DriverUnload = DriverUnload;
#endif
for(i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; ++i)
{
pDriverObject->MajorFunction[i] = SSFPassThrough;
}
pDriverObject->FastIoDispatch = &gFastIoDispatch;
// Создадим объект устройства для общения с нашим драйвером
RtlInitUnicodeString(&ntDeviceName, NT_DEVICE_NAME);
RtlInitUnicodeString(&dosDeviceName, DOS_DEVICE_NAME);
status = IoCreateDevice(pDriverObject,
sizeof(SYS_FREEZER_DEVICE_EXTENSTION),
&ntDeviceName,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&gGuiDevice);
if(!NT_SUCCESS(status))
{
DBG_PRINT_ERR(L"Cannot create gui device");
return status;
}
((PSYS_FREEZER_DEVICE_EXTENSION)gGuiDevice->DeviceExtension)->Type = GUIINTERFACE;
status = IoCreateSymbolicLink(&dosDeviceName, &ntDeviceName);
if(!NT_SUCCESS(status))
{
DBG_PRINT_ERR(L"cannot create symbolic link");
IoDeleteDevice(&gGuiDevice);
return status;
}
for(i = 0; i < 26; ++i)
{
gDriveHookDevices[i] = NULL;
}
HookDriveSet(4, gsfmSysFreezerDriverObject);
return STATUS_SUCCESS;
}
NTSTATUS WINAPI DriverEntry(DRIVER_OBJECT *driver, PUNICODE_STRING registry)
{
UNICODE_STRING nameW, linkW;
DEVICE_OBJECT *device;
NTSTATUS status;
DbgPrint("loading driver\n");
/* Allow unloading of the driver */
driver->DriverUnload = driver_Unload;
/* Set driver functions */
driver->MajorFunction[IRP_MJ_CREATE] = driver_Create;
driver->MajorFunction[IRP_MJ_DEVICE_CONTROL] = driver_IoControl;
driver->MajorFunction[IRP_MJ_CLOSE] = driver_Close;
RtlInitUnicodeString(&nameW, driver_device);
RtlInitUnicodeString(&linkW, driver_link);
if (!(status = IoCreateDevice(driver, 0, &nameW, FILE_DEVICE_UNKNOWN,
FILE_DEVICE_SECURE_OPEN, FALSE, &device)))
status = IoCreateSymbolicLink(&linkW, &nameW);
return status;
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObj, PUNICODE_STRING pRegistryString)
{
NTSTATUS status = STATUS_SUCCESS;
UNICODE_STRING ustrLinkName;
UNICODE_STRING ustrDevName;
PDEVICE_OBJECT pDevObj;
pDriverObj->MajorFunction[IRP_MJ_CREATE] = DispatchCreate;
pDriverObj->MajorFunction[IRP_MJ_CLOSE] = DispatchClose;
pDriverObj->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchIoctl;
pDriverObj->DriverUnload = DriverUnload;
RtlInitUnicodeString(&ustrDevName, DEVICE_NAME);
status = IoCreateDevice(pDriverObj, 0, &ustrDevName, FILE_DEVICE_UNKNOWN, 0, FALSE, &pDevObj);
if(!NT_SUCCESS(status)) return status;
if(IoIsWdmVersionAvailable(1, 0x10))
RtlInitUnicodeString(&ustrLinkName, LINK_GLOBAL_NAME);
else
RtlInitUnicodeString(&ustrLinkName, LINK_NAME);
status = IoCreateSymbolicLink(&ustrLinkName, &ustrDevName);
if(!NT_SUCCESS(status))
{
IoDeleteDevice(pDevObj);
return status;
}
//独占“程序兼容性助手”防弹框
OccupyTaskhost();
//初始化反汇编引擎
LDE_init();
return STATUS_SUCCESS;
}
NTSTATUS HelloWDMAddDevice(IN PDRIVER_OBJECT DriverObject,
IN PDEVICE_OBJECT PhysicalDeviceObject)
{
PAGED_CODE();
KdPrint(("Enter HelloWDMAddDevice\n"));
NTSTATUS status;
PDEVICE_OBJECT fdo;
UNICODE_STRING devName;
RtlInitUnicodeString(&devName, L"\\Device\\MyWDMDevice");
status = IoCreateDevice(
DriverObject,
sizeof(DEVICE_EXTENSION),
&devName,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&fdo);
if (!NT_SUCCESS(status))
return status;
PDEVICE_EXTENSION pdx = (PDEVICE_EXTENSION)fdo->DeviceExtension;
pdx->fdo = fdo;
pdx->NextStackDevice = IoAttachDeviceToDeviceStack(fdo, PhysicalDeviceObject);
UNICODE_STRING symLinkName;
RtlInitUnicodeString(&symLinkName, L"\\DosDevices\\HelloWDM");
pdx->ustrDeviceName = devName;
pdx->ustrSymLinkName = symLinkName;
status = IoCreateSymbolicLink(&symLinkName, &devName);
if (!NT_SUCCESS(status))
{
IoDeleteSymbolicLink(&pdx->ustrSymLinkName);
status = IoCreateSymbolicLink(&symLinkName, &devName);
if (!NT_SUCCESS(status))
{
return status;
}
}
fdo->Flags |= DO_BUFFERED_IO | DO_POWER_PAGABLE;
fdo->Flags &= ~DO_DEVICE_INITIALIZING;
KdPrint(("Leave HelloWDMAddDevice\n"));
return STATUS_SUCCESS;
}
NTSTATUS
Ex2ProcessMountPoint(
IN PEXT2_IRP_CONTEXT IrpContext,
IN PEXT2_MOUNT_POINT MountPoint,
IN ULONG Length
)
{
UNICODE_STRING Link;
UNICODE_STRING Target;
WCHAR Buffer[] = L"\\DosDevices\\Global\\Z:";
NTSTATUS status = STATUS_SUCCESS;
PDEVICE_OBJECT DeviceObject = NULL;
__try {
ASSERT(IrpContext != NULL);
ASSERT((IrpContext->Identifier.Type == EXT2ICX) &&
(IrpContext->Identifier.Size == sizeof(EXT2_IRP_CONTEXT)));
DeviceObject = IrpContext->DeviceObject;
if (!IsExt2FsDevice(DeviceObject)) {
status = STATUS_INVALID_PARAMETER;
__leave;
}
if (Length != sizeof(EXT2_MOUNT_POINT) ||
MountPoint->Magic != EXT2_APP_MOUNTPOINT_MAGIC) {
status = STATUS_INVALID_PARAMETER;
__leave;
}
RtlInitUnicodeString(&Link, Buffer);
Buffer[12] = MountPoint->Link[0];
switch (MountPoint->Command) {
case APP_CMD_ADD_DOS_SYMLINK:
RtlInitUnicodeString(&Target, &MountPoint->Name[0]);
status = IoCreateSymbolicLink(&Link, &Target);
break;
case APP_CMD_DEL_DOS_SYMLINK:
status = IoDeleteSymbolicLink(&Link);
break;
default:
status = STATUS_INVALID_PARAMETER;
}
} __finally {
if (!IrpContext->ExceptionInProgress) {
Ext2CompleteIrpContext(IrpContext, status);
}
}
return status;
}
