API tools faq
paste
Advertisement
xSpeTz-

driver.c

xSpeTz-
Nov 26th, 2016
150
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 1.15 KB | None | 0 0
raw download clone embed print report
  1. #include <ntddk.h>
  2.  
  3. #include "InterruptDescriptorTable.h"
  4.  
  5. const WCHAR deviceNameBuffer[] = L"\\Device\\MyDevice";
  6.  
  7. PDEVICE_OBJECT g_RootkitDevice; // pointer to device object
  8.  
  9. NTSTATUS
  10. //STDCALL
  11. _DriverDispatch(IN PDEVICE_OBJECT DeviceObject,
  12.                IN PIRP Irp)
  13. {
  14.     return STATUS_SUCCESS;
  15. }
  16.  
  17. VOID
  18. //STDCALL
  19. _DriverUnload(IN PDRIVER_OBJECT DriverObject)
  20. {
  21.     DbgPrint("DriverUnload() !\n");
  22.     return;
  23. }
  24.  
  25. NTSTATUS
  26. _DriverEntry(IN PDRIVER_OBJECT DriverObject,
  27.              IN PUNICODE_STRING RegistryPath)
  28. {
  29.     DbgPrint("DriverEntry() !\n");
  30.  
  31.     s_idt_info idt_info;        // returned by sidt
  32.     s_idt_entry *idt_entries;   // obtained from idt_info
  33.     unsigned int count;
  34.     unsigned long addr;
  35.  
  36.     // load idt_info
  37.     __asm ("sidt %0" : "=w" (idt_info));
  38.  
  39.     idt_entries = (s_idt_entry*) idt_info.Base;
  40.  
  41.     for(count = 0; count < MAX_IDT_ENTRIES; ++count)
  42.     {
  43.         s_idt_entry *i = &idt_entries[count];
  44.  
  45.         addr = MAKELL(i->HighOffset, i->LowOffset);
  46.  
  47.         DbgPrint("Interrupt %d, %llu", count, addr);
  48.     }
  49.  
  50.     DriverObject->DriverUnload = _DriverUnload;
  51.  
  52.     return STATUS_SUCCESS;
  53. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!