#include <ntddk.h>const int BUFF_SIZE = 512;NTSTATUS DriverEntry (IN PDRI

1. #include <ntddk.h>
2. const int BUFF_SIZE = 512;
3.  
4. NTSTATUS DriverEntry  (IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath);
5. NTSTATUS MyCreate (IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);
6. NTSTATUS MyClose (IN PDEVICE_OBJECT pDevObj, IN PIRP pIrp);
7. NTSTATUS MyRead (IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);
8. NTSTATUS MyWrite (IN PDEVICE_OBJECT pDevObj, IN PIRP pIrp);
9. NTSTATUS MyIoEvent (IN PDEVICE_OBJECT pDevObj,IN PIRP pIrp);
10.  
11. VOID MyDriverUnload(PDRIVER_OBJECT DriverObject) {
12.     UNICODE_STRING aux;
13.  
14.     DbgPrint("Unload");
15.    
16.     RtlInitUnicodeString (&aux, L"\\DosDevices\\Djok");
17.     IoDeleteSymbolicLink (&aux);
18.     IoDeleteDevice(DriverObject->DeviceObject);
19. }
20.  
21. NTSTATUS MyCreate (PDEVICE_OBJECT pDevObj, PIRP pIrp) {
22.     DbgPrint("Create");
23.  
24.     IoCompleteRequest(pIrp, IO_NO_INCREMENT);
25.     return STATUS_SUCCESS;    
26. }
27.  
28. NTSTATUS MyRead (PDEVICE_OBJECT pDevObj,PIRP pIrp) {
29.     DbgPrint("Read");
30.    
31.     IoCompleteRequest(pIrp, IO_NO_INCREMENT);
32.     return STATUS_SUCCESS;
33. }
34.  
35. NTSTATUS MyClose (PDEVICE_OBJECT pDevObj, PIRP pIrp) {
36.     DbgPrint("Close");
37.  
38.     IoCompleteRequest(pIrp, IO_NO_INCREMENT);
39.     return STATUS_SUCCESS;
40. }
41.  
42. NTSTATUS MyIoEvent (PDEVICE_OBJECT DeviceObject, PIRP pIrp) {
43.     DbgPrint("IoEvent");
44.    
45.     IoCompleteRequest(pIrp, IO_NO_INCREMENT);
46.     return STATUS_SUCCESS;
47. }
48.  
49. int parseNext(LPSTR s, int maxSize, int from) {
50.     int final = from;
51.     while (final < maxSize && s[final] != '#') ++final;
52.     s[final] = 0;
53.     return final;
54. }
55.  
56. #define __WRITE 0
57. #define __DELETE 1
58. #define __READ 2
59.  
60. VOID executeCommand(int op, LPCSTR path, PVOID buff, ULONG len) {
61.     HANDLE h;
62.     NTSTATUS status;
63.     FILE_DISPOSITION_INFORMATION fdi;
64.     UNICODE_STRING unicodeString;
65.     ANSI_STRING ansiString;
66.     OBJECT_ATTRIBUTES objAttr;
67.     IO_STATUS_BLOCK ioStatusBlock;
68.    
69.     RtlInitUnicodeString(&unicodeString, 0);
70.     RtlInitAnsiString(&ansiString, path);
71.     RtlAnsiStringToUnicodeString(&unicodeString, &ansiString, TRUE);
72.    
73.     InitializeObjectAttributes(&objAttr, &unicodeString, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, 0, 0);
74.    
75.     status = ZwCreateFile(
76.         &h, GENERIC_WRITE, &objAttr, &ioStatusBlock, 0, FILE_ATTRIBUTE_NORMAL,
77.         0, FILE_OVERWRITE_IF, FILE_SYNCHRONOUS_IO_NONALERT, 0, 0
78.     );
79.    
80.     if (!NT_SUCCESS(status)) {
81.         DbgPrint("error CreateFile");
82.         RtlFreeUnicodeString(&unicodeString);
83.         return ;
84.     }
85.    
86.     if (op == __WRITE) {
87.         status = ZwWriteFile(h, 0, 0, 0, &ioStatusBlock, buff, len, 0, 0);
88.         if (!NT_SUCCESS(status)) {
89.             DbgPrint("error Write");
90.             ZwClose(h);
91.             RtlFreeUnicodeString(&unicodeString);
92.             return ;
93.         }
94.     }
95.    
96.     if (op == __DELETE) {
97.         fdi.DeleteFile = TRUE;
98.         ZwSetInformationFile(h, &ioStatusBlock, &fdi, sizeof(fdi), FileDispositionInformation);
99.     }
100.    
101.     if (op == __READ) {
102.         DbgPrint(buff);
103.     }
104.    
105.     ZwClose(h);
106.     RtlFreeUnicodeString(&unicodeString);
107. }
108.  
109. VOID solve(PVOID command) {
110.     int actionPoz = parseNext((LPSTR)command, BUFF_SIZE, 0);
111.     int pathPoz = parseNext((LPSTR)command, BUFF_SIZE, actionPoz + 1);
112.     int paramsPoz = parseNext((LPSTR)command, BUFF_SIZE, pathPoz + 1);
113.    
114.     LPCSTR path = ((LPCSTR)command) + actionPoz + 1;
115.     PVOID params = (PVOID)(((LPCSTR )command) + pathPoz + 1);
116.     int paramSize = paramsPoz - pathPoz - 1;
117.     DbgPrint(path);
118.     DbgPrint((LPCSTR)params);
119.     DbgPrint((LPCSTR)command);
120.    
121.     if(((LPCSTR)command)[0] == 'C') executeCommand(__WRITE, path, (PVOID)"", 0);
122.     if(((LPCSTR)command)[0] == 'W') executeCommand(__WRITE, path, params, paramSize);
123.     if(((LPCSTR)command)[0] == 'D') executeCommand(__DELETE, path, (PVOID)"", 0);
124.     if(((LPCSTR)command)[0] == 'R') executeCommand(__READ, path, (PVOID)params, paramSize);
125. }
126.  
127. NTSTATUS MyWrite (PDEVICE_OBJECT pDevObj, PIRP pIrp) {
128.     DbgPrint("Write");
129.  
130.     if(pIrp->AssociatedIrp.SystemBuffer!=NULL) {
131.         DbgPrint(pIrp->AssociatedIrp.SystemBuffer);
132.         solve(pIrp->AssociatedIrp.SystemBuffer);
133.     }
134.  
135.     IoCompleteRequest(pIrp, IO_NO_INCREMENT);
136.     return STATUS_SUCCESS;
137. }
138.  
139. NTSTATUS DriverEntry(PDRIVER_OBJECT driverObj, PUNICODE_STRING regPath) {
140.     NTSTATUS status;
141.     UNICODE_STRING usDriverName;
142.     UNICODE_STRING usDosDeviceName;
143.     PDEVICE_OBJECT pDeviceObj = 0;
144.    
145.     RtlInitUnicodeString(&usDriverName, L"\\Device\\Djok");
146.     RtlInitUnicodeString(&usDosDeviceName, L"\\DosDevices\\Djok");
147.    
148.     status = IoCreateDevice(driverObj, 0, &usDriverName, FILE_DEVICE_UNKNOWN, 0, 0, &pDeviceObj);
149.     if(!NT_SUCCESS(status))
150.         return status;
151.    
152.     pDeviceObj->Flags |= DO_BUFFERED_IO;
153.     pDeviceObj->Flags &= ~DO_DEVICE_INITIALIZING;
154.    
155.     status = IoCreateSymbolicLink(&usDosDeviceName, &usDriverName);
156.     if(!NT_SUCCESS(status)) {
157.         IoDeleteDevice(driverObj->DeviceObject);
158.         return status;
159.     }
160.    
161.     driverObj->MajorFunction[IRP_MJ_CREATE] = MyCreate;
162.     driverObj->MajorFunction[IRP_MJ_CLOSE] = MyClose;
163.     driverObj->MajorFunction[IRP_MJ_READ] = MyRead;
164.     driverObj->MajorFunction[IRP_MJ_WRITE] = MyWrite;
165.     driverObj->MajorFunction[IRP_MJ_DEVICE_CONTROL] = MyIoEvent;
166.     driverObj->DriverUnload = MyDriverUnload;
167.    
168.     DbgPrint("Hello");
169.     return STATUS_SUCCESS;
170. }