/* * DriverInitialize * * Purpose: * * Driver main. * */ NTSTATUS DriverInitialize( _In_ struct _DRIVER_OBJECT *DriverObject, _In_ PUNICODE_STRING RegistryPath ) { NTSTATUS status; UNICODE_STRING SymLink, DevName; PDEVICE_OBJECT devobj; ULONG t; //RegistryPath is unused UNREFERENCED_PARAMETER(RegistryPath); g_NotifySet = FALSE; g_VBoxDD.Chains = NULL; g_VBoxDD.ChainsLength = 0; KeInitializeMutex(&g_VBoxDD.Lock, 0); RtlInitUnicodeString(&DevName, TSUGUMI_DEV_OBJECT); status = IoCreateDevice(DriverObject, 0, &DevName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, TRUE, &devobj); if (!NT_SUCCESS(status)) { return status; } RtlInitUnicodeString(&SymLink, TSUGUMI_SYM_LINK); status = IoCreateSymbolicLink(&SymLink, &DevName); if (!NT_SUCCESS(status)) { IoDeleteDevice(devobj); return status; } devobj->Flags |= DO_BUFFERED_IO; for (t = 0; t <= IRP_MJ_MAXIMUM_FUNCTION; t++) DriverObject->MajorFunction[t] = &UnsupportedDispatch; DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = &DevioctlDispatch; DriverObject->MajorFunction[IRP_MJ_CREATE] = &CreateCloseDispatch; DriverObject->MajorFunction[IRP_MJ_CLOSE] = &CreateCloseDispatch; #ifndef _SIGNED_BUILD DriverObject->DriverUnload = NULL; devobj->Flags &= ~DO_DEVICE_INITIALIZING; #else DriverObject->DriverUnload = &DriverUnload; status = TsmiLoadParameters(); if (NT_SUCCESS(status)) { status = PsSetLoadImageNotifyRoutine(TsmiPsImageHandler); if (NT_SUCCESS(status)) { g_NotifySet = TRUE; } } #endif return STATUS_SUCCESS; }
/* * DevioctlDispatch * * Purpose: * * IRP_MJ_DEVICE_CONTROL dispatch. * */ NTSTATUS DevioctlDispatch( _In_ struct _DEVICE_OBJECT *DeviceObject, _Inout_ struct _IRP *Irp ) { NTSTATUS status = STATUS_SUCCESS; PIO_STACK_LOCATION stack; ULONG_PTR bytesIO = 0; UNREFERENCED_PARAMETER(DeviceObject); stack = IoGetCurrentIrpStackLocation(Irp); if (stack != NULL) { switch (stack->Parameters.DeviceIoControl.IoControlCode) { case TSUGUMI_IOCTL_REFRESH_LIST: status = TsmiLoadParameters(); if (g_NotifySet == FALSE) { if (NT_SUCCESS(status)) { status = PsSetLoadImageNotifyRoutine(TsmiPsImageHandler); if (NT_SUCCESS(status)) { g_NotifySet = TRUE; #ifdef _DEBUGMSG DbgPrint("[TSMI] DevioctlDispatch:NotifySet=%lx\n", g_NotifySet); #endif } } } #ifdef _DEBUGMSG else { DbgPrint("[TSMI] DevioctlDispatch:Notify already installed\n"); } #endif bytesIO = g_NotifySet; break; case TSUGUMI_IOCTL_MONITOR_STOP: bytesIO = 0; if (g_NotifySet) { status = PsRemoveLoadImageNotifyRoutine(TsmiPsImageHandler); if (NT_SUCCESS(status)) { g_NotifySet = FALSE; bytesIO = 1; } } break; default: status = STATUS_INVALID_PARAMETER; }; } else { status = STATUS_INTERNAL_ERROR; } Irp->IoStatus.Status = status; Irp->IoStatus.Information = bytesIO; IoCompleteRequest(Irp, IO_NO_INCREMENT); return status; }