void UnloadVulnerableDriver( VOID ) { SC_HANDLE schSCManager; // // If there is no VBox installed simple remove driver. // if (g_VBoxInstalled != TRUE) { scmUnloadDeviceDriver(VBoxDrvSvc); } // // VBox was installed, stop our and restore actual driver. // else { // // Stop our VBoxDrv service. // schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS ); if (schSCManager) { scmStopDriver(schSCManager, VBoxDrvSvc); CloseServiceHandle(schSCManager); } // // Restore saved backup. // supBackupVBoxDrv(TRUE); } }
/* * ldrSetMonitor * * Purpose: * * Install Tsugumi monitoring driver. * */ BOOL ldrSetMonitor( VOID ) { BOOL bResult; SC_HANDLE schSCManager; HANDLE hFile; DWORD bytesIO; WCHAR szDriverBuffer[MAX_PATH * 2]; bResult = FALSE; // // Combine full path name for our driver. // RtlSecureZeroMemory(szDriverBuffer, MAX_PATH * 2); if (!GetSystemDirectory(szDriverBuffer, MAX_PATH)) { return bResult; } _strcat(szDriverBuffer, TEXT("\\drivers\\tsugumi.sys")); // // Drop our driver file to the disk. // hFile = CreateFile(szDriverBuffer, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL); if (hFile == INVALID_HANDLE_VALUE) { return bResult; } bytesIO = 0; WriteFile(hFile, TsmiData, sizeof(TsmiData), &bytesIO, NULL); CloseHandle(hFile); // // Check if file dropped OK. // if (bytesIO != sizeof(TsmiData)) { return bResult; } // // Load Tsugumi device driver. // schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (schSCManager) { // Unload any previous versions. scmStopDriver(schSCManager, TsmiDrvName); scmRemoveDriver(schSCManager, TsmiDrvName); // Install and run monitor driver. if (scmInstallDriver(schSCManager, TsmiDrvName, szDriverBuffer)) { ldrSetTsmiParams(); bResult = scmStartDriver(schSCManager, TsmiDrvName); } CloseServiceHandle(schSCManager); } // // Driver file is no longer needed. // DeleteFile(szDriverBuffer); return bResult; }