C++ (Cpp) HookSSDT Examples

Programming Language: C++ (Cpp)

Method/Function: HookSSDT

Examples at hotexamples.com: 2

C++ (Cpp) HookSSDT - 2 examples found. These are the top rated real world C++ (Cpp) examples of HookSSDT extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: main.c Project: 0day29/zer0m0n

NTSTATUS DriverEntry(__in PDRIVER_OBJECT pDriverObject,
					__in PUNICODE_STRING pRegistryPath)
{
	NTSTATUS status = STATUS_SUCCESS;
	UNICODE_STRING usDriverName;
	PDEVICE_OBJECT pDeviceObject;
	ULONG i;

	Dbg("Driver entry\n");
	
	Resolve_FunctionsAddr();
	
	RtlInitUnicodeString(&usDriverName, L"\\Device\\" DRIVER_NAME);
	RtlInitUnicodeString(&usDosDeviceName, L"\\DosDevices\\" DRIVER_NAME);

	status = IoCreateDevice(pDriverObject, 0, &usDriverName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject); 
	if(!NT_SUCCESS(status))
		return status;

	status = IoCreateSymbolicLink(&usDosDeviceName, &usDriverName);
	if(!NT_SUCCESS(status))
		return status;


	pDeviceObject->Flags |= DO_BUFFERED_IO;
	pDeviceObject->Flags &= (~DO_DEVICE_INITIALIZING);
	for(i=0; i<IRP_MJ_MAXIMUM_FUNCTION; i++)
		pDriverObject->MajorFunction[i] = Ioctl_NotSupported;
	pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = Ioctl_DeviceControl;

	status = Init_LinkedLists();
	if(!NT_SUCCESS(status))
		return status;

	status = InitMinifilter(pDriverObject);
	if(!NT_SUCCESS(status))
		return status;

	KeInitializeMutex(&mutex, 0);
	HookSSDT();

	status = PsSetLoadImageNotifyRoutine(imageCallback);
	if(!NT_SUCCESS(status))
		return status;

	pDriverObject->DriverUnload = Unload;
	return status;
}

Example #2

Show file

File: Driver.cpp Project: Williamzuckerberg/chtmoneyhub

extern "C" NTSTATUS DriverEntry (
			IN PDRIVER_OBJECT pDriverObject,
			IN PUNICODE_STRING pRegistryPath	) 
{
 	NTSTATUS status ;
	KdPrint(("==> DriverEntry\n"));

	// 注册进程回调函数
	PsSetCreateProcessNotifyRoutine(OnProcessQuit, FALSE);

	pDriverObject->MajorFunction[IRP_MJ_CREATE] = DDKDispatchRoutine;
	pDriverObject->MajorFunction[IRP_MJ_CLOSE] = DDKDispatchRoutine;
	pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchDeviceControl;

	pDriverObject->MajorFunction[IRP_MJ_POWER] = DDKPower;
	pDriverObject->MajorFunction[IRP_MJ_SHUTDOWN] = DDKPower;
	
	status = CreateDevice(pDriverObject);
	::KeInitializeMutex(&g_DispatchMutex,0);
	
	getProcessNameOffset();
	InitializeFilterGoEvent();

	if(false == initializeLog())
		return STATUS_UNSUCCESSFUL;

	if(false == InitHardCode())
	{
		KdPrint(("init OS is error!\n"));
		return STATUS_UNSUCCESSFUL;
	}

	HookSSDT();

	initialMutex();//whiteTable
	initialMutexB();//blackTable
	initialMutexAddPID();

	KdPrint(("<== DriverEntry\n"));
	return status;
}