API tools faq
paste
Advertisement
razvanth21

Untitled

razvanth21
Mar 3rd, 2020
331
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 5.12 KB | None | 0 0
raw download clone embed print report
  1. #include <ntddk.h>
  2.  
  3. VOID Unload(PDRIVER_OBJECT pDriverObject);
  4. NTSTATUS DriverDispatchWhaterverName(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp);
  5. NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath);
  6.  
  7. #ifdef ALLOC_PRAGMA
  8. #pragma alloc_text(init, DriverEntry)
  9. #pragma alloc_text(page, Unload)
  10. #pragma alloc_text(page, DriverDispatchWhaterverName)
  11. #endif
  12.  
  13. #define SIOCTL_TYPE 40000
  14. #define IOCTL_Func CTL_CODE(SIOCTL_TYPE, 0x800, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
  15.  
  16. VOID Unload(PDRIVER_OBJECT pDriverObject)
  17. {
  18.     UNREFERENCED_PARAMETER(pDriverObject);
  19.     DbgPrint("Unload routine called.\n");
  20.  
  21.     // trebuie sa stergi symbolic link-ul creat si device objectul
  22.     IoDeleteDevice(pDriverObject->DeviceObject);
  23.  
  24.     UNICODE_STRING SymbolicLinkName;
  25.     RtlInitUnicodeString(&SymbolicLinkName, L"\\DosDevices\\MyDevice");
  26.  
  27.  
  28.     NTSTATUS DeleteStatus;
  29.     DeleteStatus = IoDeleteSymbolicLink(&SymbolicLinkName);
  30.  
  31.     if (DeleteStatus != STATUS_SUCCESS)
  32.     {
  33.         return;
  34.     }
  35. }
  36.  
  37. NTSTATUS DriverDispatchWhaterverName(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp)
  38. {
  39.     (void)pDeviceObject;
  40.     (void)pIrp;
  41.     DbgPrint("Dispatch called\n");
  42.     return STATUS_SUCCESS;
  43. }
  44.  
  45. NTSTATUS DriverDispatchIRPMJCreate(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp)
  46. {
  47.     (void)pDeviceObject;
  48.     (void)pIrp;
  49.     DbgPrint("Create Dispatch called\n");
  50.     return STATUS_SUCCESS;
  51. }
  52.  
  53. NTSTATUS DriverDispatchIRPMJClose(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp)
  54. {
  55.     (void)pDeviceObject;
  56.     (void)pIrp;
  57.     DbgPrint("Close Dispatch called\n");
  58.     return STATUS_SUCCESS;
  59. }
  60.  
  61. NTSTATUS DriverDispatchIRPMJRead(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp)
  62. {
  63.     (void)pDeviceObject;
  64.     (void)pIrp;
  65.     DbgPrint("Read Dispatch called\n");
  66.     return STATUS_SUCCESS;
  67. }
  68.  
  69.  
  70. NTSTATUS DriverDispatchIRPMJWrite(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp)
  71. {
  72.     NTSTATUS NtStatus = STATUS_SUCCESS;
  73.     PIO_STACK_LOCATION pIoStackIrp = IoGetCurrentIrpStackLocation(pIrp);
  74.     PVOID pWriteDataBuffer = (PVOID)pIrp->AssociatedIrp.SystemBuffer;
  75.  
  76.     DbgPrint("DriverDispatchIRPMJWrite Called \r\n");
  77.     UNREFERENCED_PARAMETER(pDeviceObject);
  78.     /*
  79.     * Each time the IRP is passed down
  80.     * the driver stack a new stack location is added
  81.     * specifying certain parameters for the IRP to the driver.
  82.     */
  83.     pIoStackIrp = IoGetCurrentIrpStackLocation(pIrp);
  84.     if (pIoStackIrp)
  85.     {
  86.         pWriteDataBuffer = (PVOID)pIrp->AssociatedIrp.SystemBuffer;
  87.         if (pWriteDataBuffer)
  88.         {
  89.             /*
  90.             * Verification needs to be done on the data, bad things
  91.             * happen if we access memory not valid while in the Kernel
  92.             */
  93.             if ((unsigned char)pWriteDataBuffer <= 127)
  94.             {
  95.                 DbgPrint(pWriteDataBuffer);
  96.             }
  97.         }
  98.     }
  99.     return NtStatus;
  100. }
  101.  
  102.  
  103. NTSTATUS DriverDispatchIRPMJDeviceControl(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp)
  104. {
  105.     PIO_STACK_LOCATION pIoStackLocation;
  106.     PCHAR welcome = "Hello from kerneland.";
  107.     PVOID pBuf = pIrp->AssociatedIrp.SystemBuffer;
  108.     DbgPrint("DriverDispatchIRPMJDeviceControl function has been called \n");
  109.     UNREFERENCED_PARAMETER(pDeviceObject);
  110.     pIoStackLocation = IoGetCurrentIrpStackLocation(pIrp);
  111.     switch (pIoStackLocation->Parameters.DeviceIoControl.IoControlCode)
  112.     {
  113.         case IOCTL_Func:
  114.         {
  115.             DbgPrint("IOCTL HELLO.");
  116.             DbgPrint("Message received : %s", pBuf);
  117.             RtlZeroMemory(pBuf,
  118.                 pIoStackLocation->Parameters.DeviceIoControl.InputBufferLength
  119.                 );
  120.             RtlCopyMemory(pBuf, welcome, strlen(welcome));
  121.             break;
  122.         }
  123.     }
  124.     // Finish the I/O operation by simply completing the packet and returning
  125.     // the same status as in the packet itself.
  126.     pIrp->IoStatus.Status = STATUS_SUCCESS;
  127.     pIrp->IoStatus.Information = strlen(welcome);
  128.     IoCompleteRequest(pIrp, IO_NO_INCREMENT);
  129.     return STATUS_SUCCESS;
  130. }
  131.  
  132.  
  133. NTSTATUS
  134. DriverEntry(
  135. PDRIVER_OBJECT pDriverObject,
  136. PUNICODE_STRING pRegistryPath)
  137. {
  138.     DbgPrint("DriverEntry called\n");
  139.     DbgPrint("Registry Path: %wZ\n", pRegistryPath);
  140.  
  141.     pDriverObject->DriverUnload = Unload;
  142.     UNREFERENCED_PARAMETER(pRegistryPath);
  143.  
  144.     UNICODE_STRING DriverName, DosDeviceName;
  145.     PDEVICE_OBJECT pDeviceObject;
  146.  
  147.     RtlInitUnicodeString(&DriverName, L"\\Device\\MYDEVICE");
  148.     RtlInitUnicodeString(&DosDeviceName, L"\\DosDevices\\MyDevice");
  149.  
  150.     NTSTATUS NtStatus;
  151.     NtStatus = IoCreateDevice(pDriverObject, 0, &DriverName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
  152.  
  153.     pDeviceObject->Flags |= DO_BUFFERED_IO;
  154.     pDeviceObject->Flags &= (~DO_DEVICE_INITIALIZING);
  155.  
  156.     if (NtStatus == STATUS_SUCCESS)
  157.     {
  158.         NTSTATUS SymbolicLinkStatus = IoCreateSymbolicLink(&DosDeviceName, &DriverName);
  159.  
  160.         if (SymbolicLinkStatus != STATUS_SUCCESS)
  161.         {
  162.             return SymbolicLinkStatus;
  163.         }
  164.     }
  165.  
  166.     for (int i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
  167.     {
  168.         pDriverObject->MajorFunction[i] = DriverDispatchWhaterverName;
  169.     }
  170.  
  171.     pDriverObject->MajorFunction[IRP_MJ_CREATE] = DriverDispatchIRPMJCreate;
  172.     pDriverObject->MajorFunction[IRP_MJ_CLOSE] = DriverDispatchIRPMJClose;
  173.     pDriverObject->MajorFunction[IRP_MJ_READ] = DriverDispatchIRPMJRead;
  174.     pDriverObject->MajorFunction[IRP_MJ_WRITE] = DriverDispatchIRPMJWrite;
  175.     pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DriverDispatchIRPMJDeviceControl;
  176.  
  177.     return STATUS_SUCCESS;
  178. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!