void UnloadVulnerableDriver(
VOID
)
{
SC_HANDLE schSCManager;
//
// If there is no VBox installed simple remove driver.
//
if (g_VBoxInstalled != TRUE) {
scmUnloadDeviceDriver(VBoxDrvSvc);
}
//
// VBox was installed, stop our and restore actual driver.
//
else {
//
// Stop our VBoxDrv service.
//
schSCManager = OpenSCManager(NULL,
NULL,
SC_MANAGER_ALL_ACCESS
);
if (schSCManager) {
scmStopDriver(schSCManager, VBoxDrvSvc);
CloseServiceHandle(schSCManager);
}
//
// Restore saved backup.
//
supBackupVBoxDrv(TRUE);
}
}
/*
* ldrSetMonitor
*
* Purpose:
*
* Install Tsugumi monitoring driver.
*
*/
BOOL ldrSetMonitor(
VOID
)
{
BOOL bResult;
SC_HANDLE schSCManager;
HANDLE hFile;
DWORD bytesIO;
WCHAR szDriverBuffer[MAX_PATH * 2];
bResult = FALSE;
//
// Combine full path name for our driver.
//
RtlSecureZeroMemory(szDriverBuffer, MAX_PATH * 2);
if (!GetSystemDirectory(szDriverBuffer, MAX_PATH)) {
return bResult;
}
_strcat(szDriverBuffer, TEXT("\\drivers\\tsugumi.sys"));
//
// Drop our driver file to the disk.
//
hFile = CreateFile(szDriverBuffer, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL);
if (hFile == INVALID_HANDLE_VALUE) {
return bResult;
}
bytesIO = 0;
WriteFile(hFile, TsmiData, sizeof(TsmiData), &bytesIO, NULL);
CloseHandle(hFile);
//
// Check if file dropped OK.
//
if (bytesIO != sizeof(TsmiData)) {
return bResult;
}
//
// Load Tsugumi device driver.
//
schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (schSCManager) {
// Unload any previous versions.
scmStopDriver(schSCManager, TsmiDrvName);
scmRemoveDriver(schSCManager, TsmiDrvName);
// Install and run monitor driver.
if (scmInstallDriver(schSCManager, TsmiDrvName, szDriverBuffer)) {
ldrSetTsmiParams();
bResult = scmStartDriver(schSCManager, TsmiDrvName);
}
CloseServiceHandle(schSCManager);
}
//
// Driver file is no longer needed.
//
DeleteFile(szDriverBuffer);
return bResult;
}
