API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 4th, 2016
88
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 4.09 KB | None | 0 0
raw download clone embed print report
  1. class DriverControl
  2. {
  3. public:
  4.     DriverControl(std::wstring serviceName, std::wstring deviceName, std::wstring binPath)
  5.         : _driverHandle(INVALID_HANDLE_VALUE), _serviceName(std::move(serviceName))
  6.     {
  7.         wchar_t pathBuffer[MAX_PATH];
  8.         _wfullpath(pathBuffer, std::data(binPath), MAX_PATH);
  9.  
  10.         _driverPath         = pathBuffer;
  11.         _registryKeyName    = L"SYSTEM\\CurrentControlSet\\Services\\" + _serviceName;
  12.         _registryKeyNtName  = L"\\registry\\machine\\SYSTEM\\CurrentControlSet\\Services\\" + _serviceName;
  13.         _symbolicName       = L"\\Device\\" + deviceName;
  14.     }
  15.  
  16.     ~DriverControl()
  17.     {
  18.         if(IsLoaded()) {
  19.             UnloadDriver();
  20.             _driverHandle = INVALID_HANDLE_VALUE;
  21.         }
  22.     }
  23.  
  24.     long LoadDriver()
  25.     {
  26.         BOOLEAN wasEnabled;
  27.         UNICODE_STRING ustr;
  28.         RtlInitUnicodeString(&ustr, std::data(_registryKeyNtName));
  29.        
  30.         auto status = RtlAdjustPrivilege(10L /*SE_LOAD_DRIVER_PRIVILEGE*/, TRUE, FALSE, &wasEnabled);
  31.  
  32.         if(!NT_SUCCESS(status)) {
  33.             return RtlNtStatusToDosError(status);
  34.         }
  35.  
  36.         auto hr = CreateRegistryEntry();
  37.        
  38.         if(FAILED(hr)) {
  39.             return hr;
  40.         }
  41.        
  42.         status = NtLoadDriver(&ustr);
  43.  
  44.         if(!NT_SUCCESS(status)) {
  45.             RemoveRegistryEntry();
  46.             return RtlNtStatusToDosError(status);
  47.         }
  48.  
  49.         return OpenDevice();
  50.     }
  51.     long UnloadDriver()
  52.     {
  53.         UNICODE_STRING ustr;
  54.         RtlInitUnicodeString(&ustr, std::data(_registryKeyNtName));
  55.        
  56.         auto status = NtUnloadDriver(&ustr);
  57.  
  58.         if(status < 0) {
  59.             return RtlNtStatusToDosError(status);
  60.         }
  61.  
  62.         return RemoveRegistryEntry();
  63.     }
  64.     long OpenDevice()
  65.     {
  66.         NTSTATUS status;
  67.         UNICODE_STRING symName;
  68.         OBJECT_ATTRIBUTES obj;
  69.         IO_STATUS_BLOCK ioStatus;
  70.         ULONG tryCount = 0;
  71.  
  72.         RtlInitUnicodeString(&symName, std::data(_symbolicName));
  73.  
  74.         InitializeObjectAttributes(&obj, &symName, 0, NULL, NULL);
  75.  
  76.         do {
  77.             status = NtOpenFile(
  78.                 &_driverHandle,
  79.                 GENERIC_READ | GENERIC_WRITE,
  80.                 &obj,
  81.                 &ioStatus,
  82.                 FILE_SHARE_READ | FILE_SHARE_WRITE,
  83.                 OPEN_EXISTING);
  84.  
  85.             if(NT_SUCCESS(status))
  86.                 break;
  87.             Sleep(100);
  88.         } while(tryCount++ < 5);
  89.  
  90.         return RtlNtStatusToDosError(status);
  91.     }
  92.     bool IsLoaded()
  93.     {
  94.         return _driverHandle != INVALID_HANDLE_VALUE;
  95.     }
  96.  
  97.     template<typename T, typename... Args>
  98.     BOOL KaDeviceIoControl(DWORD ioctl, Args... args)
  99.     {
  100.         T params = {args...};
  101.         return DeviceIoControl(_driverHandle, ioctl, &params, sizeof(params), nullptr, 0, nullptr, nullptr);
  102.     }
  103.  
  104. private:
  105.     HRESULT CreateRegistryEntry()
  106.     {
  107.         HRESULT      Status;
  108.         HKEY         KeyService;
  109.         ULONG        DriverType = 1;                     /*Kernel*/
  110.         std::wstring NtPath = L"\\??\\" + _driverPath;   /*Dos -> NT conversion*/
  111.        
  112.         Status = RegCreateKeyW(HKEY_LOCAL_MACHINE, std::data(_registryKeyName), &KeyService);
  113.  
  114.         if(FAILED(Status))
  115.             return Status;
  116.  
  117.         Status = RegSetValueExW(KeyService, L"ImagePath", 0, REG_EXPAND_SZ, reinterpret_cast<LPCBYTE>(std::data(NtPath)), NtPath.size() * sizeof(WCHAR));
  118.         if(FAILED(Status)) goto Cleanup;
  119.        
  120.         Status = RegSetValueExW(KeyService, L"Type", 0, REG_DWORD, reinterpret_cast<LPCBYTE>(&DriverType), sizeof(DriverType));
  121.         if(FAILED(Status)) goto Cleanup;
  122.  
  123.     Cleanup:
  124.         RegCloseKey(KeyService);
  125.         return Status;
  126.     }
  127.  
  128.     HRESULT RemoveRegistryEntry()
  129.     {
  130.         return RegDeleteKeyW(HKEY_LOCAL_MACHINE, std::data(_registryKeyName));
  131.     }
  132. private:
  133.     HANDLE          _driverHandle;
  134.     std::wstring    _serviceName;
  135.     std::wstring    _driverPath;
  136.     std::wstring    _registryKeyName;
  137.     std::wstring    _registryKeyNtName;
  138.     std::wstring    _symbolicName;
  139. };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!