API tools faq
paste
Guest User

IovUnloadDrivers source code

a guest
Jan 31st, 2017
178
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.97 KB | None | 0 0
raw download clone embed print report
  1. NTSTATUS __stdcall IovUnloadDrivers()
  2. {
  3.   NTSTATUS result; // er12@3
  4.   PDRIVER_OBJECT driverObject; // rdi@4 MAPDST
  5.   _DEVICE_OBJECT *DeviceObject; // rsi@7 MAPDST
  6.   char have_next_driver; // bp@16
  7.   char have_next_device; // al@16
  8.   PBOOLEAN unloadDriver; // [sp+30h] [bp-78h]@8
  9.   _LARGE_INTEGER Interval; // [sp+38h] [bp-70h]@22
  10.   struct _WORK_QUEUE_ITEM WorkItem; // [sp+40h] [bp-68h]@12
  11.   PVOID Object; // [sp+60h] [bp-48h]@12
  12.   __int64 v16; // [sp+68h] [bp-40h]@12
  13.   __int64 v17; // [sp+70h] [bp-38h]@12
  14.  
  15.   if ( !PopShutdownCleanly )
  16.     return 0xC0000001;                          // STATUS_UNSUCCESSFUL
  17.   IovDriverListHead = 0i64;
  18.   driverObject = 0i64;
  19.   result = ObEnumerateObjectsByType(IoDriverObjectType, IovpBuildDriverObjectList, 0i64);
  20.   while ( 1 )
  21.   {
  22.     driverObject = IovDriverListHead;
  23.     if ( IovDriverListHead )
  24.       IovDriverListHead = *IovDriverListHead;
  25.     if ( !driverObject )
  26.       break;
  27.     DeviceObject = driverObject->DeviceObject;
  28.     if ( !DeviceObject->Queue.Wcb.DeviceRoutine )
  29.       goto LABEL_14;
  30.     ObfReferenceObject(driverObject->DeviceObject);
  31.     if ( IopCheckUnloadDriver(DeviceObject, &unloadDriver) < 0 && (ObfDereferenceObject(DeviceObject), unloadDriver) )
  32.     {
  33.       if ( *(*MK_FP(__GS__, 392i64) + 104i64) == PsInitialSystemProcess )// IovpUnloadDriver(driverObject)
  34.       {
  35.         (DeviceObject->Queue.Wcb.DeviceRoutine)(DeviceObject);
  36.       }
  37.       else
  38.       {
  39.         v17 = &v16;
  40.         LOBYTE(Object) = 0;
  41.         v16 = &v16;
  42.         BYTE2(Object) = 6;
  43.         HIDWORD(Object) = 0;
  44.         WorkItem.WorkerRoutine = IopLoadUnloadDriver;
  45.         WorkItem.Parameter = &WorkItem;
  46.         WorkItem.List.Flink = 0i64;
  47.         ExQueueWorkItem(&WorkItem, DelayedWorkQueue);
  48.         KeWaitForSingleObject(&Object, 0, 0, 0, 0i64);
  49.       }
  50.       ObMakeTemporaryObject(DeviceObject);
  51.       ObfDereferenceObject(DeviceObject);
  52. LABEL_14:
  53.       ObfDereferenceObject(driverObject->DeviceObject);
  54.       ExFreePoolWithTag(driverObject, 0);
  55.     }
  56.     else
  57.     {
  58.       *&driverObject->Type = driverObject;
  59.     }
  60.   }
  61.   do
  62.   {
  63.     have_next_driver = 0;
  64.     driverObject = 0i64;
  65.     have_next_device = 0;
  66.     while ( driverObject )
  67.     {
  68.       DeviceObject = driverObject->DeviceObject;
  69.       driverObject = *&driverObject->Type;
  70.       if ( DeviceObject->NextDevice & 1 )
  71.       {
  72.         ObfDereferenceObject(DeviceObject);
  73.         ExFreePoolWithTag(driverObject, 0);
  74.         have_next_device = 1;
  75.       }
  76.       else
  77.       {
  78.         *&driverObject->Type = driverObject;
  79.       }
  80.     }
  81.     if ( have_next_device )
  82.     {
  83.       Interval.QuadPart = -100000000i64;
  84.       ZwDelayExecution(0i64, &Interval);
  85.       have_next_driver = 1;
  86.     }
  87.   }
  88.   while ( have_next_driver == 1 && driverObject );
  89.   while ( driverObject )
  90.   {
  91.     DeviceObject = driverObject->DeviceObject;
  92.     driverObject = *&driverObject->Type;
  93.     ObfDereferenceObject(DeviceObject);
  94.     ExFreePoolWithTag(driverObject, 0);
  95.   }
  96.   return result;
  97. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!