/* Add default services for network cards */
static DWORD
InstallAdditionalServices(
IN HWND hWnd)
{
BOOL ret;
UNICODE_STRING TcpipServicePath = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Tcpip");
/* Install TCP/IP protocol */
ret = InstallInfSection(
hWnd,
L"nettcpip.inf",
L"MS_TCPIP.PrimaryInstall",
L"MS_TCPIP.PrimaryInstall.Services");
if (!ret && GetLastError() != ERROR_FILE_NOT_FOUND)
{
DPRINT("InstallInfSection() failed with error 0x%lx\n", GetLastError());
return GetLastError();
}
else if (ret)
{
/* Start the TCP/IP driver */
ret = NtLoadDriver(&TcpipServicePath);
if (ret)
{
/* This isn't really fatal but we want to warn anyway */
DPRINT1("NtLoadDriver(TCPIP) failed with NTSTATUS 0x%lx\n", (NTSTATUS)ret);
}
}
/* You can add here more clients (SMB...) and services (DHCP server...) */
return ERROR_SUCCESS;
}
static
DWORD
ScmLoadDriver(PSERVICE lpService)
{
NTSTATUS Status = STATUS_SUCCESS;
BOOLEAN WasPrivilegeEnabled = FALSE;
PWSTR pszDriverPath;
UNICODE_STRING DriverPath;
/* Build the driver path */
/* 52 = wcslen(L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\") */
pszDriverPath = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
(52 + wcslen(lpService->lpServiceName) + 1) * sizeof(WCHAR));
if (pszDriverPath == NULL)
return ERROR_NOT_ENOUGH_MEMORY;
wcscpy(pszDriverPath,
L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\");
wcscat(pszDriverPath,
lpService->lpServiceName);
RtlInitUnicodeString(&DriverPath,
pszDriverPath);
DPRINT(" Path: %wZ\n", &DriverPath);
/* Acquire driver-loading privilege */
Status = RtlAdjustPrivilege(SE_LOAD_DRIVER_PRIVILEGE,
TRUE,
FALSE,
&WasPrivilegeEnabled);
if (!NT_SUCCESS(Status))
{
/* We encountered a failure, exit properly */
DPRINT1("SERVICES: Cannot acquire driver-loading privilege, Status = 0x%08lx\n", Status);
goto done;
}
Status = NtLoadDriver(&DriverPath);
/* Release driver-loading privilege */
RtlAdjustPrivilege(SE_LOAD_DRIVER_PRIVILEGE,
WasPrivilegeEnabled,
FALSE,
&WasPrivilegeEnabled);
done:
HeapFree(GetProcessHeap(), 0, pszDriverPath);
return RtlNtStatusToDosError(Status);
}
VOID StartSys(LPCSTR chSysPath)
{
NTSTATUS St;
BOOL bRet = FALSE;
HKEY hKey;
CHAR chRegPath[MAX_PATH];
WCHAR wcLoadDrv[MAX_PATH];
CHAR chImagePath[MAX_PATH] = "\\??\\";
UNICODE_STRING usStr;
DWORD dwType;
GetPrivilege(SE_LOAD_DRIVER_PRIVILEGE);
DbgPrint(__FUNCTION__"(): driver path '%s'\n",chSysPath);
DWORD dwId = GetTickCount();
_snprintf(chRegPath,RTL_NUMBER_OF(chRegPath)-1,"system\\currentcontrolset\\services\\%x", dwId);
_snwprintf(wcLoadDrv,RTL_NUMBER_OF(wcLoadDrv)-1,L"\\registry\\machine\\system\\currentcontrolset\\services\\%x", dwId);
strncat(chImagePath,chSysPath,sizeof(chImagePath));
if (RegCreateKey(HKEY_LOCAL_MACHINE,chRegPath,&hKey) == ERROR_SUCCESS)
{
RegSetValueEx(hKey,"ImagePath",0,REG_SZ,(LPBYTE)&chImagePath,strlen(chImagePath)+1);
dwType = SERVICE_KERNEL_DRIVER;
RegSetValueEx(hKey,"Type",0,REG_DWORD,(LPBYTE)&dwType,sizeof(DWORD));
dwType = SERVICE_DEMAND_START;
RegSetValueEx(hKey,"Start",0,REG_DWORD,(LPBYTE)&dwType,sizeof(DWORD));
RegCloseKey(hKey);
RtlInitUnicodeString(&usStr,wcLoadDrv);
St = NtLoadDriver(&usStr);
DbgPrint(__FUNCTION__"(): NtLoadDriver status %x\n",St);
}
else
{
DbgPrint(__FUNCTION__"(): RegCreateKey last error %x\n",GetLastError());
}
}
//--------------------------------------------------------------------------
// Read/write a model specific register using the driver provided by WinDbg.
// The following requirements are imposed by this code:
// - debugger module should be run with admin privileges
// - System must be loaded with /debug switch (use bcdedit.exe to turn it on)
// - Windbg local kernel debugging should be used at least once
// This code is based on a sample kindly provided by Alex Ionescu.
int win32_debmod_t::kldbgdrv_access_msr(SYSDBG_MSR *msr, bool write)
{
NTSTATUS code;
IO_STATUS_BLOCK IoStatusBlock;
if ( DriverHandle == NULL )
{
//
// Acquire 'load driver' privilege
//
BOOLEAN Old;
code = RtlAdjustPrivilege(SE_LOAD_DRIVER_PRIVILEGE, TRUE, FALSE, &Old);
if ( FAILED(code) )
{
dwarning("AUTOHIDE NONE\n"
"Failed to acquire 'load driver' privilege, please run as admin!\n"
"Error: %s\n", winerr(code));
return code;
}
//
// And need this for the driver to accept our commands
// Additionally, system must be booted in /DEBUG mode
//
code = RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, FALSE, &Old);
if ( FAILED(code) )
{
dwarning("AUTOHIDE NONE\n"
"Failed to acquire 'debug' privilege, is system booted in /debug mode?\n"
"Error: %s\n", winerr(code));
return code;
}
//
// Now load the driver
//
code = NtLoadDriver(&DriverPath);
if ( FAILED(code) && code != STATUS_IMAGE_ALREADY_LOADED )
{
dwarning("AUTOHIDE NONE\n"
"Failed to load 'kldbgdrv', please use local kernel debugging at least once!\n"
"Error: %s\n", winerr(code));
return code;
}
//
// Open a handle to it
//
OBJECT_ATTRIBUTES ObjectAttributes;
InitializeObjectAttributes(&ObjectAttributes, &DriverName, OBJ_CASE_INSENSITIVE, NULL, NULL);
code = NtCreateFile(&DriverHandle,
GENERIC_READ | GENERIC_WRITE,
&ObjectAttributes,
&IoStatusBlock,
NULL,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_CREATE,
FILE_NON_DIRECTORY_FILE,
NULL,
0);
if ( FAILED(code) )
{
dwarning("AUTOHIDE NONE\n"
"Failed to open 'kldbgdrv'\n"
"Error: %s\n", winerr(code));
return code;
}
}
//
// Package the input parameters into the private structure
//
KLDD_DATA_DEBUG_CONTROL KldDebugCommand;
KldDebugCommand.Command = write ? SysDbgWriteMsr : SysDbgReadMsr;
KldDebugCommand.InputBuffer = msr;
KldDebugCommand.InputBufferLength = sizeof(*msr);
//
// Send the request -- output isn't packaged, just specify directly the buffer
//
code = NtDeviceIoControlFile(DriverHandle,
NULL,
NULL,
NULL,
&IoStatusBlock,
KLDD_CODE_DEBUG_CONTROL,
&KldDebugCommand,
sizeof(KldDebugCommand),
msr,
sizeof(*msr));
if ( FAILED(code) )
{
dwarning("AUTOHIDE NONE\n"
"Failed to access model specific register, is system booted in /debug mode?\n"
"Error: %s\n", winerr(code));
return code;
}
// all ok!
return code;
}
DWORD InstallByZwLoadDriver(LPSTR Path,LPSTR lpszServiceName)
{
DWORD Status, Ret=1, Value=SERVICE_KERNEL_DRIVER;
UNICODE_STRING usKey;
HKEY hk;
char lpszSrvForMat[MAX_PATH] = {0};
WCHAR lpwzServiceName[MAX_PATH] = {0};
WCHAR lpwzLoadDriverForMat[MAX_PATH] = {0};
sprintf(lpszSrvForMat,
"SYSTEM\\CurrentControlSet\\Services\\%s",
lpszServiceName);
if(RegCreateKeyExA(HKEY_LOCAL_MACHINE,
lpszSrvForMat,
0,
NULL,
REG_OPTION_NON_VOLATILE,
KEY_ALL_ACCESS,
NULL,
&hk,
NULL)!=ERROR_SUCCESS)
{
printf("Error with RegCreateKeyEx : %d\n", GetLastError());
Ret=0;
goto cleanup;
}
if(RegSetValueExA(
hk,
"Type",
0,
REG_DWORD,
(LPBYTE)&Value,
sizeof(DWORD))!=ERROR_SUCCESS)
{
printf("Error with RegSetValueEx : %d\n", GetLastError());
Ret=0;
goto cleanup;
}
/*
If dwType is the REG_SZ, REG_MULTI_SZ, or REG_EXPAND_SZ type and the ANSI version of this function is used
(either by explicitly calling RegSetValueExA or by not defining UNICODE before including the Windows.h file),
the data pointed to by the lpData parameter must be an ANSI character string.
The string is converted to Unicode before it is stored in the registry
*/
if(RegSetValueExA(hk, "ImagePath", 0, REG_EXPAND_SZ, (const PBYTE)Path, lstrlenA(Path))!=ERROR_SUCCESS)
{
printf("Error with RegSetValueEx : %d\n", GetLastError());
Ret=0;
goto cleanup;
}
Value=SERVICE_DEMAND_START;
if(RegSetValueExA(hk, "Start", 0, REG_DWORD, (LPBYTE)&Value, sizeof(DWORD))!=ERROR_SUCCESS)
{
printf("Error with RegSetValueEx : %d\n", GetLastError());
Ret=0;
goto cleanup;
}
MultiByteToWideChar (CP_ACP,
0,
lpszServiceName,
-1,
lpwzServiceName,
strlen(lpszServiceName)
);
wcscat(lpwzLoadDriverForMat,L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\");
wcscat(lpwzLoadDriverForMat,lpwzServiceName);
RtlInitUnicodeString(&usKey,lpwzLoadDriverForMat);
Status=NtLoadDriver(&usKey);
if(Status!=STATUS_SUCCESS)
{
//printf("Error with NtLoadDriver : 0x%x : %d \n", Status, RtlNtStatusToDosError(Status));
Ret=0;
}
cleanup:
RegCloseKey(hk);
return Ret;
}
