ripp3rdoc · March 28, 2024 00:31
diff --git a/simple-kernel-driver.cpp b/simple-kernel-driver.cpp
 #include <ntddk.h>

 void ProcessPowerUnload(PDRIVER_OBJECT);

 NTSTATUS ProcessPowerCreateClose(PDEVICE_OBJECT, PIRP);
 NTSTATUS ProcessPowerDeviceControl(PDEVICE_OBJECT, PIRP);

 extern "C"
 NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
    KdPrint(("ProcessPower: DriverEntry\n"));
    KdPrint(("Registry path: %wZ\n", RegistryPath));

    DriverObject->DriverUnload = ProcessPowerUnload; // pointer to the Unload routine

    RTL_OSVERSIONINFOW vi = {
      sizeof(vi)
    }; // Setting needed structure for RtlGetVersion()
    NTSTATUS status = RtlGetVersion(&vi); // Get the version number of the Windows OS

    if (!NT_SUCCESS(status)) { // Check NT_SUCCESS return value 
        KdPrint(("Failed in RtlGetVersion (0x%X)\n", status));
        return status;
    }
  
    KdPrint(("Windows version: %u.%u.%u\n", vi.dwMajorVersion, vi.dwMinorVersion, vi.dwBuildNumber));

    DriverObject->MajorFunction[IRP_MJ_CREATE] = ProcessPowerCreateClose;
    DriverObject->MajorFunction[IRP_MJ_CLOSE] = ProcessPowerCreateClose;
    DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = ProcessPowerDeviceControl;

    UNICODE_STRING devName = RTL_CONSTANT_STRING(L "\\Device\\ProcesPower"); // Device Name
    // RtlInitUnicodeString(&devName, L"\\Device\\ProcesPower");
    PDEVICE_OBJECT DeviceObject;
    status = IoCreateDevice(DriverObject, 0, &devName, FILE_DEVICE_UNKNOWN, 0, FALSE, &DeviceObject);
    if (!NT_SUCCESS(status)) { // Check NT_SUCCESS return value 
        KdPrint(("Failed in IoCreateDevice (0x%X)\n", status));
        return status;
    }

    UNICODE_STRING symLink = RTL_CONSTANT— STRING(L "\\??\\ProcessPower");
    status = IoCreateSymbolicLink(&symLink, &devName);
    if (!NT_SUCCESS(status)) { // Check NT_SUCCESS return value 
        IoDeleteDevice(DeviceObject);
        KdPrint(("Failed in IoCreateSymbolicLink (0x%X)\n", status));
        return status;
    }

    return STATUS_SUCCESS;

 }

 void ProcessPowerUnload(PDRIVER_OBJECT DriverObject) {
    KdPrint(("ProcessPower: Unload\n")); // Unloading the driver
    IoDeleteSymbolicLink(&symLink);
    IoDeleteDevice(DriverObject->DeviceObject);
 }
	#include <ntddk.h>

	void ProcessPowerUnload(PDRIVER_OBJECT);

	NTSTATUS ProcessPowerCreateClose(PDEVICE_OBJECT, PIRP);
	NTSTATUS ProcessPowerDeviceControl(PDEVICE_OBJECT, PIRP);

	extern "C"
	NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
	KdPrint(("ProcessPower: DriverEntry\n"));
	KdPrint(("Registry path: %wZ\n", RegistryPath));

	DriverObject->DriverUnload = ProcessPowerUnload; // pointer to the Unload routine

	RTL_OSVERSIONINFOW vi = {
	sizeof(vi)
	}; // Setting needed structure for RtlGetVersion()
	NTSTATUS status = RtlGetVersion(&vi); // Get the version number of the Windows OS

	if (!NT_SUCCESS(status)) { // Check NT_SUCCESS return value
	KdPrint(("Failed in RtlGetVersion (0x%X)\n", status));
	return status;
	}

	KdPrint(("Windows version: %u.%u.%u\n", vi.dwMajorVersion, vi.dwMinorVersion, vi.dwBuildNumber));

	DriverObject->MajorFunction[IRP_MJ_CREATE] = ProcessPowerCreateClose;
	DriverObject->MajorFunction[IRP_MJ_CLOSE] = ProcessPowerCreateClose;
	DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = ProcessPowerDeviceControl;

	UNICODE_STRING devName = RTL_CONSTANT_STRING(L "\\Device\\ProcesPower"); // Device Name
	// RtlInitUnicodeString(&devName, L"\\Device\\ProcesPower");
	PDEVICE_OBJECT DeviceObject;
	status = IoCreateDevice(DriverObject, 0, &devName, FILE_DEVICE_UNKNOWN, 0, FALSE, &DeviceObject);
	if (!NT_SUCCESS(status)) { // Check NT_SUCCESS return value
	KdPrint(("Failed in IoCreateDevice (0x%X)\n", status));
	return status;
	}

	UNICODE_STRING symLink = RTL_CONSTANT— STRING(L "\\??\\ProcessPower");
	status = IoCreateSymbolicLink(&symLink, &devName);
	if (!NT_SUCCESS(status)) { // Check NT_SUCCESS return value
	IoDeleteDevice(DeviceObject);
	KdPrint(("Failed in IoCreateSymbolicLink (0x%X)\n", status));
	return status;
	}

	return STATUS_SUCCESS;

	}

	void ProcessPowerUnload(PDRIVER_OBJECT DriverObject) {
	KdPrint(("ProcessPower: Unload\n")); // Unloading the driver
	IoDeleteSymbolicLink(&symLink);
	IoDeleteDevice(DriverObject->DeviceObject);
	}