Created
May 17, 2022 16:34
-
-
Save joshfinley/5531e31e348d62d7b60e9232aab1fe6d to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <ntddk.h> | |
| CONST WCHAR g_wzDeviceName[] = L"\\Device\\DriverDeviceName"; | |
| CONST WCHAR g_wzDosDeviceName[] = L"\\DosDevices\\DriverDosDeviceName"; | |
| UNICODE_STRING g_usDeviceName = { 0 }; | |
| UNICODE_STRING g_usDeviceLink = { 0 }; | |
| PDEVICE_OBJECT g_pDevObj = NULL; | |
| VOID DriverUnload( | |
| IN PDRIVER_OBJECT DriverObject | |
| ); | |
| NTSTATUS DispatchNotImplemented( | |
| IN PDEVICE_OBJECT DeviceObject, | |
| IN PIRP Irp | |
| ); | |
| NTSTATUS DeviceControl( | |
| IN PDEVICE_OBJECT DeviceObject, | |
| IN PIRP Irp | |
| ); | |
| NTSTATUS DriverENtry( | |
| IN PDRIVER_OBJECT DriverObject, | |
| IN PUNICODE_STRING RegistryPath | |
| ) | |
| { | |
| UNREFERENCED_PARAMETER(RegistryPath); | |
| ULONG i = 0; | |
| NTSTATUS status = STATUS_INTERNAL_ERROR; | |
| KdPrint(("HypervisorExplorer DriverEntry called\n")); | |
| RtlInitUnicodeString(&g_usDeviceName, g_wzDeviceName); | |
| status = IoCreateDevice( | |
| DriverObject, | |
| 0, | |
| &g_usDeviceName, | |
| FILE_DEVICE_UNKNOWN, | |
| 0, | |
| FALSE, | |
| &g_pDevObj | |
| ); | |
| if (!NT_SUCCESS(status)) | |
| { | |
| KdPrint(("Failed to create device object (0x%08X)\n", status)); | |
| // Check if the device object was actually created | |
| if (g_pDevObj != NULL) | |
| { | |
| IoDeleteDevice(g_pDevObj); | |
| } | |
| return status; | |
| } | |
| RtlInitUnicodeString(&g_usDeviceLink, g_wzDosDeviceName); | |
| status = IoCreateSymbolicLink(&g_usDeviceLink, &g_usDeviceName); | |
| if (!NT_SUCCESS(status)) | |
| { | |
| KdPrint(("Failed to create symbolic link (0x%08X)\n", status)); | |
| IoDeleteDevice(g_pDevObj); | |
| return status; | |
| } | |
| for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++) | |
| { | |
| DriverObject->MajorFunction[i] = DispatchNotImplemented; | |
| } | |
| } | |
| NTSTATUS DispatchNotImplemented( | |
| IN PDEVICE_OBJECT DeviceObject, | |
| IN PIRP Irp | |
| ) | |
| { | |
| UNREFERENCED_PARAMETER(DeviceObject); | |
| Irp->IoStatus.Information = 0; | |
| Irp->IoStatus.Status = STATUS_SUCCESS; | |
| IoCompleteRequest(Irp, IO_NO_INCREMENT); | |
| return STATUS_SUCCESS; | |
| } | |
| VOID DriverUnload( | |
| IN PDRIVER_OBJECT DriverObject | |
| ) | |
| { | |
| UNICODE_STRING usDeviceLink = { 0 }; | |
| RtlInitUnicodeString(&usDeviceLink, g_wzDosDeviceName); | |
| // delete symbolic link | |
| IoDeleteSymbolicLink(&usDeviceLink); | |
| // delete device object | |
| IoDeleteDevice(DriverObject->DeviceObject); | |
| } | |
| NTSTATUS DeviceControl( | |
| IN PDEVICE_OBJECT DeviceObject, | |
| IN PIRP Irp | |
| ) | |
| { | |
| UNREFERENCED_PARAMETER(DeviceObject); | |
| PIO_STACK_LOCATION pStack = IoGetCurrentIrpStackLocation(Irp); | |
| NTSTATUS status = STATUS_INTERNAL_ERROR; | |
| ULONG ioctl = pStack->Parameters.DeviceIoControl.IoControlCode; | |
| switch (ioctl) | |
| { | |
| case | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment