//StartService时调用 NTSTATUS DriverEntry( IN PDRIVER_OBJECT theDriverObject, IN PUNICODE_STRING theRegistryPath ) { NTSTATUS status=STATUS_SUCCESS; ULONG i; __asm { pushad xor eax, ebx sub ebx, ecx add ecx, edx xor ebx, eax popad } for(i= 0;i<IRP_MJ_MAXIMUM_FUNCTION;++i) theDriverObject->MajorFunction[i] = DisPatchCreateClose; theDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]=DispatchDeviceControl; theDriverObject->DriverUnload=DriverUnload; RtlInitUnicodeString(&DerName,L"\\Device\\RESSDT"); status=IoCreateDevice(theDriverObject,0,&DerName,FILE_DEVICE_UNKNOWN,0,FALSE,&pDevObj); if(!NT_SUCCESS(status)) { //DbgPrint("IoCreateDevice Fail!"); return status; } RtlInitUnicodeString(&DerName2,L"\\??\\RESSDTDOS"); status=IoCreateSymbolicLink(&DerName2,&DerName); // if(!NT_SUCCESS(status)) // DbgPrint("IoCreateSymbolicLink fail!"); return status; }
NTSTATUS CreateDevice(IN PDRIVER_OBJECT pDriverObject) { // 创建设备名称 UNICODE_STRING devName; RtlInitUnicodeString(&devName, L"\\Device\\SSDTDriver"); // 创建设备 PDEVICE_OBJECT pDevObj; NTSTATUS status = IoCreateDevice(pDriverObject, sizeof(DEVICE_EXTENSION), &devName, FILE_DEVICE_UNKNOWN, 0, TRUE, &pDevObj); if (!NT_SUCCESS(status)) { return status; } PDEVICE_EXTENSION pDevExt = (PDEVICE_EXTENSION)pDevObj->DeviceExtension; //创建符号链接 UNICODE_STRING symLinkName; RtlInitUnicodeString(&symLinkName, L"\\??\\SSDTDriver"); status = IoCreateSymbolicLink(&symLinkName, &devName); if (!NT_SUCCESS(status)) { IoDeleteDevice(pDevObj); return status; } return STATUS_SUCCESS; }
NTSTATUS NdasPortExtRegisterExternalTypes( __in PCUNICODE_STRING DeviceName, __in CONST GUID* ExternalTypeGuid, __inout PUNICODE_STRING SymbolicLinkName) { NTSTATUS status; status = NdasPortExtBuildSymbolicLinkName( SymbolicLinkName, ExternalTypeGuid); if (!NT_SUCCESS(status)) { return status; } status = IoCreateSymbolicLink( SymbolicLinkName, (PUNICODE_STRING) DeviceName); if (!NT_SUCCESS(status)) { return status; } return STATUS_SUCCESS; }
//####################################################################################### //@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ //@@@@@@@@ D R I V E R E N T R Y P O I N T @@@@@@@@ //@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ //####################################################################################### NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryString) { NTSTATUS Status; UNICODE_STRING uniDeviceName; UNICODE_STRING uniLinkName; ULONG_PTR i = 0; PDEVICE_OBJECT DeviceObject = NULL; RtlInitUnicodeString(&uniDeviceName,DEVICE_NAME); RtlInitUnicodeString(&uniLinkName,LINK_NAME); for (i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++) { DriverObject->MajorFunction[i] = DefaultDispatchFunction; } DriverObject->DriverUnload = UnloadDriver; DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchControl; //创建设备对象 Status = IoCreateDevice(DriverObject,0,&uniDeviceName,FILE_DEVICE_UNKNOWN,0,FALSE,&DeviceObject); if (!NT_SUCCESS(Status)) { return STATUS_UNSUCCESSFUL; } Status = IoCreateSymbolicLink(&uniLinkName,&uniDeviceName); if (!NT_SUCCESS(Status)) { IoDeleteDevice(DeviceObject); return STATUS_UNSUCCESSFUL; } g_DriverObject = DriverObject; return STATUS_SUCCESS; }
//---------------------------------------------------------------------- // // DriverEntry // // Installable driver initialization. Here we just set ourselves up. // //---------------------------------------------------------------------- NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ) { PDEVICE_OBJECT GUIDevice; NTSTATUS ntStatus; WCHAR deviceNameBuffer[] = L"\\Device\\Secsys"; UNICODE_STRING deviceNameUnicodeString; WCHAR deviceLinkBuffer[] = L"\\DosDevices\\Secsys"; UNICODE_STRING deviceLinkUnicodeString; DbgPrint (("Secsys.sys: entering DriverEntry\n")); // // setup our name // RtlInitUnicodeString (&deviceNameUnicodeString, deviceNameBuffer ); // // set up the device used for GUI communications ntStatus = IoCreateDevice ( DriverObject, 0, &deviceNameUnicodeString, FILE_DEVICE_SECDEMO, 0, FALSE, &GUIDevice ); if (NT_SUCCESS(ntStatus)) { // // Create a symbolic link that the GUI can specify to gain access // to this driver/device // RtlInitUnicodeString (&deviceLinkUnicodeString, deviceLinkBuffer ); ntStatus = IoCreateSymbolicLink (&deviceLinkUnicodeString, &deviceNameUnicodeString ); if (!NT_SUCCESS(ntStatus)) DbgPrint (("Secsys.sys: IoCreateSymbolicLink failed\n")); // // Create dispatch points for all routines that must be Secsysd // DriverObject->MajorFunction[IRP_MJ_CREATE] = DriverObject->MajorFunction[IRP_MJ_CLOSE] = DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = SecsysDispatch; DriverObject->DriverUnload = SecsysUnload; } else { DbgPrint(("Secsys: Failed to create our device!\n")); // // Something went wrong, so clean up (free resources etc) // if( GUIDevice ) IoDeleteDevice( GUIDevice ); return ntStatus; } return ntStatus; }
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObj , PUNICODE_STRING pRegistryPath) { DWORD i = 0; NTSTATUS status; UNICODE_STRING deviceName = {0}, symlinkName = {0}; PDEVICE_OBJECT pDevice = NULL; pDriverObj->DriverUnload = Unload; DbgPrint("[ Loading.. ]\r\n"); RtlInitUnicodeString(&deviceName, L"\\Device\\2"); RtlInitUnicodeString(&symlinkName, L"\\DosDevices\\2"); DbgPrint("[ Creating the device...]\n"); IoCreateDevice( pDriverObj, 0, &deviceName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDevice ); DbgPrint("[ Linking...]\n"); IoCreateSymbolicLink(&symlinkName, &deviceName); for(; i < IRP_MJ_MAXIMUM_FUNCTION; i++) pDriverObj->MajorFunction[i] = handleIRP; pDriverObj->MajorFunction[IRP_MJ_DEVICE_CONTROL] = handleIOCTLs; return STATUS_SUCCESS; }
static HRESULT xbox_io_mount(char *szDrive, char *szDevice) { #ifndef IS_SALAMANDER bool original_verbose = g_extern.verbose; g_extern.verbose = true; #endif char szSourceDevice[48]; char szDestinationDrive[16]; snprintf(szSourceDevice, sizeof(szSourceDevice), "\\Device\\%s", szDevice); snprintf(szDestinationDrive, sizeof(szDestinationDrive), "\\??\\%s", szDrive); RARCH_LOG("xbox_io_mount() - source device: %s.\n", szSourceDevice); RARCH_LOG("xbox_io_mount() - destination drive: %s.\n", szDestinationDrive); STRING DeviceName = { strlen(szSourceDevice), strlen(szSourceDevice) + 1, szSourceDevice }; STRING LinkName = { strlen(szDestinationDrive), strlen(szDestinationDrive) + 1, szDestinationDrive }; IoCreateSymbolicLink(&LinkName, &DeviceName); #ifndef IS_SALAMANDER g_extern.verbose = original_verbose; #endif return S_OK; }
NTSTATUS DriverEntry( IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING theRegistryPath ) { NTSTATUS ntStatus; PDEVICE_OBJECT mnhmod; UNICODE_STRING uDriverName; UNICODE_STRING uSymLink; RtlInitUnicodeString(&uDriverName,driverName); RtlInitUnicodeString(&uSymLink,symLink); ntStatus = IoCreateDevice(pDriverObject, 0, &uDriverName, MANHATAN_MOD, 0, TRUE, &mnhmod); if(ntStatus != STATUS_SUCCESS) { DbgPrint("ManhatanMod error"); return 0; } DbgPrint("ManhatanMod loaded successful"); //create symlink IoCreateSymbolicLink(&uSymLink,&uDriverName); pDriverObject->DriverUnload = OnUnload; pDriverObject->MajorFunction[IRP_MJ_SHUTDOWN] = pDriverObject->MajorFunction[IRP_MJ_CREATE] = pDriverObject->MajorFunction[IRP_MJ_CLOSE] = pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = Dispatch_IRP_Routine; return ntStatus; }
NTSTATUS CreateDevice (IN PDRIVER_OBJECT pDriverObject) { NTSTATUS status; PDEVICE_OBJECT pDevObj; PDEVICE_EXTENSION pdx; UNICODE_STRING devName; RtlInitUnicodeString(&devName,DEVICE_NAME); status = IoCreateDevice( pDriverObject,sizeof(DEVICE_EXTENSION),&(UNICODE_STRING)devName,FILE_DEVICE_ACPI,0, TRUE,&pDevObj ); if (!NT_SUCCESS(status)) { ////KdPrint(("IoCreateDevice Failed EC=0x%lX\n",status)); }else { ////KdPrint(("IoCreateDevice OK\n")); pDevObj->Flags |= DO_BUFFERED_IO; pdx = (PDEVICE_EXTENSION)pDevObj->DeviceExtension; g_pdx=pdx; RtlZeroMemory(pdx,sizeof(DEVICE_EXTENSION)); pdx->pDevice = pDevObj; pdx->ustrDeviceName = devName; UNICODE_STRING symLinkName; RtlInitUnicodeString(&symLinkName,SYMBOLINK_NAME); pdx->ustrSymLinkName = symLinkName; status = IoCreateSymbolicLink( &symLinkName,&devName ); if (!NT_SUCCESS(status)) { ////KdPrint(("IoCreateSymbolicLink Failed EC=0x%lX\n",status)); IoDeleteDevice( pDevObj ); }else { ////KdPrint(("IoCreateSymbolicLink OK\n")); } } return status; }
NTSTATUS DriverEntry( PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath ) { PDEVICE_OBJECT pdo = NULL; NTSTATUS s = STATUS_SUCCESS; UNICODE_STRING usDriverName, usDosDeviceName; RtlInitUnicodeString( &usDriverName, DRIVER_NAME ); RtlInitUnicodeString( &usDosDeviceName, DEVICE_NAME ); s = IoCreateDevice( pDriverObject, 0, &usDriverName, \ FILE_DRIVER_SSDT, FILE_DEVICE_SECURE_OPEN, \ FALSE, &pdo ); if( STATUS_SUCCESS == s ) { pDriverObject->MajorFunction[IRP_MJ_CREATE] = SSDTCreate; pDriverObject->DriverUnload = SSDTUnload; pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] \ = SSDTDeviceIoCtl; IoCreateSymbolicLink( &usDosDeviceName, &usDriverName ); DbgPrint( "SSDT: Load Success!" ); DbgPrint( "SSDT: Hook ZwCreateFile Prepare!" ); //////////////////////////////////////////////////////////////////// // 开始HOOK ZwWriteFile //去掉内存保护 __asm { cli ;//关中断 mov eax, cr0 and eax, ~0x10000 mov cr0, eax } //保存原始值 (ULONG)OldZwCreateFile = \ *( (PULONG)(KeServiceDescriptorTable->pvSSDTBase) + \ (ULONG)HOOK_SSDT_NUMBER ); //修改SSDT中的 ZwWriteFile 指向新函数 *( (PULONG)(KeServiceDescriptorTable->pvSSDTBase) + \ (ULONG)HOOK_SSDT_NUMBER ) \ = (ULONG)NewZwCreateFile; //开中断,把内存保护加上 __asm { mov eax, cr0 or eax, 0x10000 mov cr0, eax sti ;//开中断 } ///////////////////////////////// HOOK 完成 DbgPrint( "SSDT: Hook ZwCreateFile Success!" ); }
NTSTATUS DriverEntry(PDRIVER_OBJECT driverObject, PUNICODE_STRING registryPath) { PDEVICE_OBJECT pDeviceObject = NULL; UNICODE_STRING DeviceName; UNICODE_STRING DosDeviceName; NTSTATUS NtStatus; DbgPrint("DriverEntry ..."); RtlInitUnicodeString(&DeviceName, deviceNameBuffer); RtlInitUnicodeString(&DosDeviceName,deviceLinkBuffer); NtStatus = IoCreateDevice(driverObject, 0, &DeviceName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject); if(!NT_SUCCESS(NtStatus)) return NtStatus; NtStatus = IoCreateSymbolicLink(&DosDeviceName, &DeviceName); if(!NT_SUCCESS(NtStatus)) { IoDeleteDevice(driverObject->DeviceObject); return NtStatus; } driverObject->MajorFunction[IRP_MJ_CREATE] = Irp_Nil; driverObject->MajorFunction[IRP_MJ_CLOSE] = Irp_Nil; driverObject->MajorFunction[IRP_MJ_WRITE] = Irp_Write; driverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = Irp_Nil; driverObject->MajorFunction[IRP_MJ_SHUTDOWN] = Irp_Nil; driverObject->DriverUnload = DriverUnload; return STATUS_SUCCESS; }
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) { UNICODE_STRING ntDeviceName; UNICODE_STRING win32DeviceName; NTSTATUS status; RtlInitUnicodeString(&ntDeviceName,NT_DEVICE_NAME); if (!NT_SUCCESS(status = IoCreateDevice(DriverObject,0,&ntDeviceName, FILE_DEVICE_UNKNOWN,0,FALSE, &HwndNameDriverDeviceObject))) return STATUS_NO_SUCH_DEVICE; HwndNameDriverDeviceObject->Flags |= DO_BUFFERED_IO; RtlInitUnicodeString(&win32DeviceName,DOS_DEVICE_NAME); if (!NT_SUCCESS(status = IoCreateSymbolicLink(&win32DeviceName, &ntDeviceName))) return STATUS_NO_SUCH_DEVICE; DriverObject->MajorFunction[IRP_MJ_CREATE ] = HwndNameDriverIO; DriverObject->MajorFunction[IRP_MJ_CLOSE ] = HwndNameDriverIO; DriverObject->MajorFunction[IRP_MJ_READ ] = HwndNameDriverIO; DriverObject->MajorFunction[IRP_MJ_WRITE ] = HwndNameDriverIO; DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = HwndNameDriverIOControl; DriverObject->DriverUnload = HwndNameDriverUnload; return STATUS_SUCCESS; }
static HRESULT xbox_io_mount(char *szDrive, char *szDevice) { char szSourceDevice[48]; char szDestinationDrive[16]; snprintf(szSourceDevice, sizeof(szSourceDevice), "\\Device\\%s", szDevice); snprintf(szDestinationDrive, sizeof(szDestinationDrive), "\\??\\%s", szDrive); RARCH_LOG("xbox_io_mount() - source device: %s.\n", szSourceDevice); RARCH_LOG("xbox_io_mount() - destination drive: %s.\n", szDestinationDrive); STRING DeviceName = { strlen(szSourceDevice), strlen(szSourceDevice) + 1, szSourceDevice }; STRING LinkName = { strlen(szDestinationDrive), strlen(szDestinationDrive) + 1, szDestinationDrive }; IoCreateSymbolicLink(&LinkName, &DeviceName); return S_OK; }
NTSTATUS DriverEntry(PDRIVER_OBJECT driverObject, PUNICODE_STRING registryPath) { UNICODE_STRING deviceName = {0}; UNICODE_STRING deviceDosName = {0}; NTSTATUS status = STATUS_SUCCESS; driverObject->DriverUnload = DriverUnload; RtlInitUnicodeString( &deviceName,DEVICE_NAME ); status = IoCreateDevice( driverObject, 0, &deviceName, FILE_DEVICE_NETWORK, 0, FALSE, &gDevObj ); if( !NT_SUCCESS(status)) { DbgPrint("[WFP_TEST]IoCreateDevice failed!\n"); return STATUS_UNSUCCESSFUL; } RtlInitUnicodeString( &deviceDosName,DEVICE_DOSNAME ); status = IoCreateSymbolicLink( &deviceDosName,&deviceName ); if( !NT_SUCCESS( status )) { DbgPrint("[WFP_TEST]Create Symbolink name failed!\n"); return STATUS_UNSUCCESSFUL; } status = WallRegisterCallouts(); if( !NT_SUCCESS( status )) { DbgPrint("[WFP_TEST]WallRegisterCallouts failed!\n"); return STATUS_UNSUCCESSFUL; } DbgPrint("[WFP_TEST] loaded! WallRegisterCallouts() success!\n"); return status; }
/** Creates a communication device for the driver. The device is then used * by user mode application in order to collect snapshots of drivers and * devices present in the system. The routine also sets up the DriverUnload * procedure. * * @param DriverObject Address of Driver Object structure, passed by the * system into DriverEntry. * * @return * Returns NTSTATUS value indicating success or failure of the operation. */ static NTSTATUS DriverInit(PDRIVER_OBJECT DriverObject) { UNICODE_STRING uDeviceName; NTSTATUS status = STATUS_UNSUCCESSFUL; DEBUG_ENTER_FUNCTION("DriverObject=0x%p", DriverObject); RtlInitUnicodeString(&uDeviceName, DRIVER_DEVICE); status = IoCreateDevice(DriverObject, 0, &uDeviceName, FILE_DEVICE_UNKNOWN, 0, FALSE, &DriverObject->DeviceObject); if (NT_SUCCESS(status)) { UNICODE_STRING uLinkName; RtlInitUnicodeString(&uLinkName, DRIVER_SYMLINK); status = IoCreateSymbolicLink(&uLinkName, &uDeviceName); if (NT_SUCCESS(status)) { DriverObject->DriverUnload = DriverUnload; DriverObject->MajorFunction[IRP_MJ_CREATE] = DriverCreateClose; DriverObject->MajorFunction[IRP_MJ_CLOSE] = DriverCreateClose; DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DriverDeviceControl; } if (!NT_SUCCESS(status)) IoDeleteDevice(DriverObject->DeviceObject); } DEBUG_EXIT_FUNCTION("0x%x", status); return status; }
NTSTATUS DriverEntry (IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) { UNICODE_STRING DeviceNameUnicodeString; UNICODE_STRING DeviceLinkUnicodeString; NTSTATUS ntStatus; PDEVICE_OBJECT DeviceObject = NULL; OutputDebugString ("Entering DriverEntry"); RtlInitUnicodeString (&DeviceNameUnicodeString, L"\\Device\\WinIo"); // Create an EXCLUSIVE device object (only 1 thread at a time // can make requests to this device). ntStatus = IoCreateDevice (DriverObject, 0, &DeviceNameUnicodeString, FILE_DEVICE_WINIO, 0, TRUE, &DeviceObject); if (NT_SUCCESS(ntStatus)) { // Create dispatch points for device control, create, close. DriverObject->MajorFunction[IRP_MJ_CREATE] = DriverObject->MajorFunction[IRP_MJ_CLOSE] = DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = WinIoDispatch; DriverObject->DriverUnload = WinIoUnload; // Create a symbolic link, e.g. a name that a Win32 app can specify // to open the device. RtlInitUnicodeString (&DeviceLinkUnicodeString, L"\\DosDevices\\WinIo"); ntStatus = IoCreateSymbolicLink (&DeviceLinkUnicodeString, &DeviceNameUnicodeString); if (!NT_SUCCESS(ntStatus)) { // Symbolic link creation failed- note this & then delete the // device object (it's useless if a Win32 app can't get at it). OutputDebugString ("ERROR: IoCreateSymbolicLink failed"); IoDeleteDevice (DeviceObject); } } else { OutputDebugString ("ERROR: IoCreateDevice failed"); } OutputDebugString ("Leaving DriverEntry"); return ntStatus; }
NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING registrypath) { UNICODE_STRING devicename; PDEVICE_OBJECT device=NULL; NTSTATUS status; DbgPrint("pbfilter: > Entering DriverEntry()\n"); DbgPrint("pbfilter: setting up devicename\n"); RtlInitUnicodeString(&devicename, NT_DEVICE_NAME); DbgPrint("pbfilter: creating device\n"); status=IoCreateDevice(driver, sizeof(PBINTERNAL), &devicename, FILE_DEVICE_PEERBLOCK, 0, FALSE, &device); if(NT_SUCCESS(status)) { UNICODE_STRING devicelink; DbgPrint("pbfilter: created device, initting internal data\n"); DbgPrint("pbfilter: ... creating symbolic link\n"); RtlInitUnicodeString(&devicelink, DOS_DEVICE_NAME); status=IoCreateSymbolicLink(&devicelink, &devicename); DbgPrint("pbfilter: ... setting up irp-handling functions\n"); driver->MajorFunction[IRP_MJ_CREATE]= driver->MajorFunction[IRP_MJ_CLOSE]=drv_create; driver->MajorFunction[IRP_MJ_CLEANUP]=drv_cleanup; driver->MajorFunction[IRP_MJ_DEVICE_CONTROL]=drv_control; driver->DriverUnload=drv_unload; device->Flags|=DO_BUFFERED_IO; DbgPrint("pbfilter: ... setting up device extension\n"); g_internal=device->DeviceExtension; DbgPrint("pbfilter: ... initializing lock and queue\n"); KeInitializeSpinLock(&g_internal->rangeslock); KeInitializeSpinLock(&g_internal->destinationportslock); KeInitializeSpinLock(&g_internal->sourceportslock); InitNotificationQueue(&g_internal->queue); DbgPrint("pbfilter: ... resetting counters\n"); g_internal->blockedcount = 0; g_internal->allowedcount = 0; g_internal->destinationportcount = 0; g_internal->sourceportcount = 0; DbgPrint("pbfilter: internal data initted\n"); } if(!NT_SUCCESS(status)) { DbgPrint("pbfilter: * ERROR: couldn't create device, status:[0x%lX] . . . unloading\n", status); drv_unload(driver); } DbgPrint("pbfilter: < Leaving DriverEntry(), status:[0x%lX]\n", status); return status; }
NTSTATUS myAddDevice(IN PDRIVER_OBJECT DriverObject,IN PDEVICE_OBJECT pdo) { PDEVICE_OBJECT fdo; PDEVICE_EXTENSION dve; NTSTATUS status; DbgPrint("myAddDevice routine begin"); //Oni(h1, p85) dynamic name if device more than 1 /*static LONG lastindex = -1; LONG devindex = InterlockedIncrement(&lastindex); WCHAR name[32] _snwprintf(name, arraysize(name), L"\\Device\\RAMHDD%2.2d", devindex); RtlInitUnicodeString(&devname, name);*/ //?? RtlInitUnicodeString(&DeviceName, L"\\Device\\RAMHDD"); //creating DeviceObject status = IoCreateDevice(DriverObject, sizeof(DEVICE_EXTENSION), &DeviceName, FILE_DEVICE_UNKNOWN, 0, FALSE, &fdo); dve = (PDEVICE_EXTENSION) fdo->DeviceExtension; dve->DeviceObject = fdo; dve->Pdo = pdo; DbgPrint("=RAMHDD= FDO %d, DevExt=%d",fdo,dve); RtlInitUnicodeString(&SymbolicLinkName, L"\\Device\\RAMHDD"); dve->ifname = SymbolicLinkName; status = IoCreateSymbolicLink(&SymbolicLinkName, &DeviceName); //IoInitializeRemoveLock(&dve->RemoveLock, 0, 0, 0); //dve->devstate = STATE_INITIALIZED; //IoInitializeDpcRequest(fdo, DpcForIsr); fdo->Flags = DO_DIRECT_IO | DO_POWER_PAGABLE; dve->LowerDeviceObject = IoAttachDeviceToDeviceStack(fdo, pdo); fdo->Flags &= ~DO_DEVICE_INITIALIZING; DbgPrint("myAddDevice routine end"); return STATUS_SUCCESS; }
NTSTATUS create_device(PDRIVER_OBJECT driverObject, PCWSTR name, PCWSTR dosName) { NTSTATUS status = STATUS_SUCCESS; PDEVICE_OBJECT deviceObject = NULL; UNICODE_STRING deviceName; RtlInitUnicodeString(&deviceName, name); status = IoCreateDevice(driverObject, 0, &deviceName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &deviceObject); if (status != STATUS_SUCCESS) { DbgPrint("Cannot create device\n"); goto cleanup; } DbgPrint("%wZ: 0x%08X\n", &deviceName, deviceObject); deviceObject->Flags |= DO_BUFFERED_IO; deviceObject->Flags &= (~DO_DEVICE_INITIALIZING); UNICODE_STRING dosDeviceName; RtlInitUnicodeString(&dosDeviceName, dosName); IoCreateSymbolicLink(&dosDeviceName, &deviceName); cleanup: if (status != STATUS_SUCCESS) { if (deviceObject) { IoDeleteDevice(deviceObject); } } return status; }
NTSTATUS WdmAudRegisterDeviceInterface( IN PDEVICE_OBJECT PhysicalDeviceObject, IN PWDMAUD_DEVICE_EXTENSION DeviceExtension) { NTSTATUS Status; UNICODE_STRING SymlinkName = RTL_CONSTANT_STRING(L"\\DosDevices\\wdmaud"); UNICODE_STRING DeviceName = RTL_CONSTANT_STRING(L"\\Device\\wdmaud"); UNICODE_STRING SymbolicLinkName; Status = IoRegisterDeviceInterface(PhysicalDeviceObject, &KSCATEGORY_WDMAUD, NULL, &SymbolicLinkName); if (NT_SUCCESS(Status)) { IoSetDeviceInterfaceState(&SymbolicLinkName, TRUE); RtlFreeUnicodeString(&SymbolicLinkName); DeviceExtension->DeviceInterfaceSupport = TRUE; return Status; } /* failed to register device interface * create a symbolic link instead */ DeviceExtension->DeviceInterfaceSupport = FALSE; Status = IoCreateSymbolicLink(&SymlinkName, &DeviceName); if (!NT_SUCCESS(Status)) { IoDeleteDevice(PhysicalDeviceObject); //FIXME DPRINT("Failed to create wdmaud symlink!\n"); return Status; } return Status; }
NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath) { UNICODE_STRING deadDriverName; UNICODE_STRING deadDosDriverName; PDEVICE_OBJECT pDeviceObject; NTSTATUS retValue; unsigned int i; DbgPrint("Welcome to DeadLands"); DbgPrint("DeadLands Offset -> PID: 0x%X, ELIST: 0x%X, IMAGENAME: 0x%X", EPROCESS_OFFSET_PID, EPROCESS_OFFSET_ELIST, EPROCESS_OFFSET_IMAGENAME); RtlInitUnicodeString(&deadDriverName, L"\\Device\\DeadLands"); RtlInitUnicodeString(&deadDosDriverName, L"\\DosDevices\\DeadLands"); retValue = IoCreateDevice(pDriverObject, 0, &deadDriverName, FILE_DEVICE_DEADLANDS, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject); if (NT_SUCCESS(retValue)) { // Assign deadlands functions to all MajorFunction for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++) pDriverObject->MajorFunction[i] = DeadLands_NotImplemented; pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DeadLands_IOCTL; pDriverObject->MajorFunction[IRP_MJ_CREATE] = DeadLands_Open; pDriverObject->MajorFunction[IRP_MJ_CLOSE] = DeadLands_Close; pDriverObject->MajorFunction[IRP_MJ_READ] = DeadLands_Read; pDriverObject->MajorFunction[IRP_MJ_WRITE] = DeadLands_Write; pDriverObject->DriverUnload = CleanUp; // Create link to deadlands driver IoCreateSymbolicLink(&deadDosDriverName, &deadDriverName); } return (retValue); }
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObj, PUNICODE_STRING pRegistryString) { NTSTATUS status = STATUS_SUCCESS; UNICODE_STRING ustrLinkName; UNICODE_STRING ustrDevName; PDEVICE_OBJECT pDevObj; pDriverObj->MajorFunction[IRP_MJ_CREATE] = DispatchCreate; pDriverObj->MajorFunction[IRP_MJ_CLOSE] = DispatchClose; pDriverObj->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchIoctl; pDriverObj->DriverUnload = DriverUnload; RtlInitUnicodeString(&ustrDevName, DEVICE_NAME); status = IoCreateDevice(pDriverObj, 0, &ustrDevName, FILE_DEVICE_UNKNOWN, 0, FALSE, &pDevObj); if(!NT_SUCCESS(status)) return status; if(IoIsWdmVersionAvailable(1, 0x10)) RtlInitUnicodeString(&ustrLinkName, LINK_GLOBAL_NAME); else RtlInitUnicodeString(&ustrLinkName, LINK_NAME); status = IoCreateSymbolicLink(&ustrLinkName, &ustrDevName); if(!NT_SUCCESS(status)) { IoDeleteDevice(pDevObj); return status; } //test KeServiceDescriptorTableShadow = (PSYSTEM_SERVICE_TABLE)GetKeServiceDescriptorTableShadow64(); //DbgPrint("SSSDT: %llx[TA's method]",(ULONG64)KeServiceDescriptorTableShadow); //test return STATUS_SUCCESS; }
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath){ UNICODE_STRING usDriverName, usDosDeviceName; PDEVICE_OBJECT pDeviceObject; NTSTATUS ntStatus; UINT uiIndex; DbgPrint("HideProc DriverEntry Called\n"); RtlInitUnicodeString(&usDriverName, L"\\Device\\HideProc"); RtlInitUnicodeString(&usDosDeviceName, L"\\DosDevices\\HideProc"); ntStatus = IoCreateDevice(pDriverObject, 0, &usDriverName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject); if(NT_SUCCESS(ntStatus)){ for(uiIndex = 0; uiIndex < IRP_MJ_MAXIMUM_FUNCTION; uiIndex++) pDriverObject->MajorFunction[uiIndex] = HideProc_Unsupported; pDriverObject->MajorFunction[IRP_MJ_CREATE] = HideProc_Create; pDriverObject->MajorFunction[IRP_MJ_WRITE] = HideProc_Write; pDriverObject->MajorFunction[IRP_MJ_CLOSE] = HideProc_Close; pDriverObject->DriverUnload = HideProc_Unload; pDeviceObject->Flags |= DO_DIRECT_IO; pDeviceObject->Flags &= (~DO_DEVICE_INITIALIZING); IoCreateSymbolicLink(&usDosDeviceName, &usDriverName); } return ntStatus; }
static NTSTATUS set_up_device(DRIVER_OBJECT *driver_object, int i) { NTSTATUS status = STATUS_SUCCESS; RtlInitUnicodeString(&devices[i].path, devices_info[i].path); RtlInitUnicodeString(&devices[i].symlink, devices_info[i].symlink); status = IoCreateDevice( driver_object, 0, &devices[i].path, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &devices[i].object); if (!NT_SUCCESS(status)) return status; devices[i].object->Flags |= DO_BUFFERED_IO; devices[i].object->Flags &= ~DO_DEVICE_INITIALIZING; if (!NT_SUCCESS(status = IoCreateSymbolicLink( &devices[i].symlink, &devices[i].path))) goto delete_device; return status; delete_device: IoDeleteDevice(devices[i].object); return status; }
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObj, PUNICODE_STRING pRegistryString) { NTSTATUS status = STATUS_SUCCESS; UNICODE_STRING ustrLinkName; UNICODE_STRING ustrDevName; PDEVICE_OBJECT pDevObj; DbgPrint("[x64Drv] DriverEntry: %S\n",pRegistryString->Buffer); pDriverObj->MajorFunction[IRP_MJ_CREATE] = DispatchCreate; pDriverObj->MajorFunction[IRP_MJ_CLOSE] = DispatchClose; pDriverObj->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchIoctl; pDriverObj->DriverUnload = DriverUnload; RtlInitUnicodeString(&ustrDevName, DEVICE_NAME); status = IoCreateDevice(pDriverObj, 0,&ustrDevName, FILE_DEVICE_UNKNOWN,0,FALSE,&pDevObj); DbgPrint("[x64Drv] Device Name %S",ustrDevName.Buffer); if(!NT_SUCCESS(status)) { DbgPrint("[x64Drv] IoCreateDevice = 0x%x\n", status); return status; } RtlInitUnicodeString(&ustrLinkName, LINK_NAME); status = IoCreateSymbolicLink(&ustrLinkName, &ustrDevName); if(!NT_SUCCESS(status)) { DbgPrint("[x64Drv] IoCreateSymbolicLink = 0x%x\n", status); IoDeleteDevice(pDevObj); return status; } DbgPrint("[x64Drv] SymbolicLink:%S",ustrLinkName.Buffer); return STATUS_SUCCESS; }
NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pUnicodeString) { UNICODE_STRING ntDeviceName; UNICODE_STRING dosDeviceName; ULONG i; NTSTATUS status = STATUS_SUCCESS; gsfmSysFreezerDriverObject = pDriverObject; #ifdef DBG //pDriverObject->DriverUnload = DriverUnload; #endif for(i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; ++i) { pDriverObject->MajorFunction[i] = SSFPassThrough; } pDriverObject->FastIoDispatch = &gFastIoDispatch; // Создадим объект устройства для общения с нашим драйвером RtlInitUnicodeString(&ntDeviceName, NT_DEVICE_NAME); RtlInitUnicodeString(&dosDeviceName, DOS_DEVICE_NAME); status = IoCreateDevice(pDriverObject, sizeof(SYS_FREEZER_DEVICE_EXTENSTION), &ntDeviceName, FILE_DEVICE_UNKNOWN, 0, FALSE, &gGuiDevice); if(!NT_SUCCESS(status)) { DBG_PRINT_ERR(L"Cannot create gui device"); return status; } ((PSYS_FREEZER_DEVICE_EXTENSION)gGuiDevice->DeviceExtension)->Type = GUIINTERFACE; status = IoCreateSymbolicLink(&dosDeviceName, &ntDeviceName); if(!NT_SUCCESS(status)) { DBG_PRINT_ERR(L"cannot create symbolic link"); IoDeleteDevice(&gGuiDevice); return status; } for(i = 0; i < 26; ++i) { gDriveHookDevices[i] = NULL; } HookDriveSet(4, gsfmSysFreezerDriverObject); return STATUS_SUCCESS; }
NTSTATUS WINAPI DriverEntry(DRIVER_OBJECT *driver, PUNICODE_STRING registry) { UNICODE_STRING nameW, linkW; DEVICE_OBJECT *device; NTSTATUS status; DbgPrint("loading driver\n"); /* Allow unloading of the driver */ driver->DriverUnload = driver_Unload; /* Set driver functions */ driver->MajorFunction[IRP_MJ_CREATE] = driver_Create; driver->MajorFunction[IRP_MJ_DEVICE_CONTROL] = driver_IoControl; driver->MajorFunction[IRP_MJ_CLOSE] = driver_Close; RtlInitUnicodeString(&nameW, driver_device); RtlInitUnicodeString(&linkW, driver_link); if (!(status = IoCreateDevice(driver, 0, &nameW, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &device))) status = IoCreateSymbolicLink(&linkW, &nameW); return status; }
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObj, PUNICODE_STRING pRegistryString) { NTSTATUS status = STATUS_SUCCESS; UNICODE_STRING ustrLinkName; UNICODE_STRING ustrDevName; PDEVICE_OBJECT pDevObj; pDriverObj->MajorFunction[IRP_MJ_CREATE] = DispatchCreate; pDriverObj->MajorFunction[IRP_MJ_CLOSE] = DispatchClose; pDriverObj->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchIoctl; pDriverObj->DriverUnload = DriverUnload; RtlInitUnicodeString(&ustrDevName, DEVICE_NAME); status = IoCreateDevice(pDriverObj, 0, &ustrDevName, FILE_DEVICE_UNKNOWN, 0, FALSE, &pDevObj); if(!NT_SUCCESS(status)) return status; if(IoIsWdmVersionAvailable(1, 0x10)) RtlInitUnicodeString(&ustrLinkName, LINK_GLOBAL_NAME); else RtlInitUnicodeString(&ustrLinkName, LINK_NAME); status = IoCreateSymbolicLink(&ustrLinkName, &ustrDevName); if(!NT_SUCCESS(status)) { IoDeleteDevice(pDevObj); return status; } //独占“程序兼容性助手”防弹框 OccupyTaskhost(); //初始化反汇编引擎 LDE_init(); return STATUS_SUCCESS; }
NTSTATUS HelloWDMAddDevice(IN PDRIVER_OBJECT DriverObject, IN PDEVICE_OBJECT PhysicalDeviceObject) { PAGED_CODE(); KdPrint(("Enter HelloWDMAddDevice\n")); NTSTATUS status; PDEVICE_OBJECT fdo; UNICODE_STRING devName; RtlInitUnicodeString(&devName, L"\\Device\\MyWDMDevice"); status = IoCreateDevice( DriverObject, sizeof(DEVICE_EXTENSION), &devName, FILE_DEVICE_UNKNOWN, 0, FALSE, &fdo); if (!NT_SUCCESS(status)) return status; PDEVICE_EXTENSION pdx = (PDEVICE_EXTENSION)fdo->DeviceExtension; pdx->fdo = fdo; pdx->NextStackDevice = IoAttachDeviceToDeviceStack(fdo, PhysicalDeviceObject); UNICODE_STRING symLinkName; RtlInitUnicodeString(&symLinkName, L"\\DosDevices\\HelloWDM"); pdx->ustrDeviceName = devName; pdx->ustrSymLinkName = symLinkName; status = IoCreateSymbolicLink(&symLinkName, &devName); if (!NT_SUCCESS(status)) { IoDeleteSymbolicLink(&pdx->ustrSymLinkName); status = IoCreateSymbolicLink(&symLinkName, &devName); if (!NT_SUCCESS(status)) { return status; } } fdo->Flags |= DO_BUFFERED_IO | DO_POWER_PAGABLE; fdo->Flags &= ~DO_DEVICE_INITIALIZING; KdPrint(("Leave HelloWDMAddDevice\n")); return STATUS_SUCCESS; }
NTSTATUS Ex2ProcessMountPoint( IN PEXT2_IRP_CONTEXT IrpContext, IN PEXT2_MOUNT_POINT MountPoint, IN ULONG Length ) { UNICODE_STRING Link; UNICODE_STRING Target; WCHAR Buffer[] = L"\\DosDevices\\Global\\Z:"; NTSTATUS status = STATUS_SUCCESS; PDEVICE_OBJECT DeviceObject = NULL; __try { ASSERT(IrpContext != NULL); ASSERT((IrpContext->Identifier.Type == EXT2ICX) && (IrpContext->Identifier.Size == sizeof(EXT2_IRP_CONTEXT))); DeviceObject = IrpContext->DeviceObject; if (!IsExt2FsDevice(DeviceObject)) { status = STATUS_INVALID_PARAMETER; __leave; } if (Length != sizeof(EXT2_MOUNT_POINT) || MountPoint->Magic != EXT2_APP_MOUNTPOINT_MAGIC) { status = STATUS_INVALID_PARAMETER; __leave; } RtlInitUnicodeString(&Link, Buffer); Buffer[12] = MountPoint->Link[0]; switch (MountPoint->Command) { case APP_CMD_ADD_DOS_SYMLINK: RtlInitUnicodeString(&Target, &MountPoint->Name[0]); status = IoCreateSymbolicLink(&Link, &Target); break; case APP_CMD_DEL_DOS_SYMLINK: status = IoDeleteSymbolicLink(&Link); break; default: status = STATUS_INVALID_PARAMETER; } } __finally { if (!IrpContext->ExceptionInProgress) { Ext2CompleteIrpContext(IrpContext, status); } } return status; }