#include <ntifs.h>#include <ntddk.h>#include "ThreadData.h"#define DRIVE

1. #include <ntifs.h>
2. #include <ntddk.h>
3. #include "ThreadData.h"
4.  
5. #define DRIVER_TAG 'dcba'
6.  
7. UNICODE_STRING g_RegistryPath;
8.  
9. NTSTATUS CreateClose(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp);
10. NTSTATUS DeviceControl(IN PDEVICE_OBJECT, IN PIRP Irp);
11. void SampleUnload(IN PDRIVER_OBJECT DriverObject);
12.  
13. extern "C"
14. NTSTATUS
15. DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) {
16. DriverObject->DriverUnload = SampleUnload;
17.  
18. g_RegistryPath.Buffer = (WCHAR*)ExAllocatePool2(
19. PagedPool,
20. RegistryPath->Length,
21. DRIVER_TAG);
22.  
23. if (g_RegistryPath.Buffer == nullptr) {
24. KdPrint(("Failed to allocate memory: %u\n", RegistryPath->Length));
25. return STATUS_INSUFFICIENT_RESOURCES;
26. }
27.  
28. g_RegistryPath.MaximumLength = RegistryPath->Length;
29.  
30. RtlCopyUnicodeString(&g_RegistryPath, RegistryPath);
31.  
32. KdPrint(("Sample driver initialized successfully\n"));
33.  
34. KdPrint(("Copied registry path: %wZ\n", &g_RegistryPath));
35.  
36. DriverObject->MajorFunction[IRP_MJ_CREATE] = CreateClose;
37. DriverObject->MajorFunction[IRP_MJ_CLOSE] = CreateClose;
38. DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DeviceControl;
39.  
40. UNICODE_STRING devName = RTL_CONSTANT_STRING(L"\\Device\\Sample");
41.  
42. PDEVICE_OBJECT DeviceObject;
43.  
44. NTSTATUS status = IoCreateDevice(
45. DriverObject,
46. 0,
47. &devName,
48. FILE_DEVICE_UNKNOWN,
49. 0,
50. FALSE,
51. &DeviceObject);
52.  
53. if (!NT_SUCCESS(status)) {
54. KdPrint(("Failed to create device object (0x%08X)\n", status));
55. return status;
56. }
57.  
58. UNICODE_STRING symLink = RTL_CONSTANT_STRING(L"\\??\\Sample");
59. status = IoCreateSymbolicLink(&symLink, &devName);
60. if (!NT_SUCCESS(status)) {
61. KdPrint(("Failed to create symbolic link (0x%08X)\n", status));
62. IoDeleteDevice(DeviceObject);
63. return status;
64. }
65.  
66. return STATUS_SUCCESS;
67. }
68.  
69. NTSTATUS CreateClose(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) {
70. UNREFERENCED_PARAMETER(DeviceObject);
71. Irp->IoStatus.Status = STATUS_SUCCESS;
72. Irp->IoStatus.Information = 0;
73. IoCompleteRequest(Irp, IO_NO_INCREMENT);
74. return STATUS_SUCCESS;
75. }
76.  
77.  
78. NTSTATUS DeviceControl(IN PDEVICE_OBJECT, IN PIRP Irp) {
79. auto stack = IoGetCurrentIrpStackLocation(Irp);
80. auto status = STATUS_SUCCESS;
81.  
82. switch (stack->Parameters.DeviceIoControl.IoControlCode) {
83. case IOCTL_SET_PRIORITY: {
84. auto len = stack->Parameters.DeviceIoControl.InputBufferLength;
85. if (len < sizeof(ThreadData)) {
86. status = STATUS_BUFFER_TOO_SMALL;
87. break;
88. }
89. auto data = (ThreadData*)stack->Parameters.DeviceIoControl.Type3InputBuffer;
90. if (data == nullptr) {
91. status = STATUS_INVALID_PARAMETER;
92. break;
93. }
94. if (data->Priority < 1 || data->Priority > 31) {
95. status = STATUS_INVALID_PARAMETER;
96. break;
97. }
98.  
99. PETHREAD Thread;
100.  
101. status = PsLookupThreadByThreadId(ULongToHandle(data->ThreadId), &Thread);
102. if (!NT_SUCCESS(status))
103. break;
104.  
105. KeSetPriorityThread((PKTHREAD)Thread, data->Priority);
106.  
107. ObDereferenceObject(Thread);
108.  
109. KdPrint(("Thread Priority change for %d to %d succeeded!\n",
110. data->ThreadId, data->Priority));
111.  
112. break;
113. }
114. default:
115. status = STATUS_INVALID_DEVICE_REQUEST;
116. break;
117. }
118.  
119. Irp->IoStatus.Status = status;
120. Irp->IoStatus.Information = 0;
121.  
122. IoCompleteRequest(Irp, IO_NO_INCREMENT);
123.  
124. return status;
125. }
126.  
127. void SampleUnload(IN PDRIVER_OBJECT DriverObject) {
128. ExFreePool(g_RegistryPath.Buffer);
129.  
130. UNICODE_STRING symLink = RTL_CONSTANT_STRING(L"\\??\\Sample");
131. IoDeleteSymbolicLink(&symLink);
132.  
133. IoDeleteDevice(DriverObject->DeviceObject);
134.  
135. KdPrint(("Sample driver Unload called\n"));
136. }