Skip to content

Instantly share code, notes, and snippets.

@iljavs
Created October 15, 2020 16:31
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save iljavs/5529eea9aa9a052f76cc730d9f72ad4d to your computer and use it in GitHub Desktop.
Save iljavs/5529eea9aa9a052f76cc730d9f72ad4d to your computer and use it in GitHub Desktop.
#include <ntddk.h>
#include <windef.h>
#define DEVNAME L"\\Device\\Zero"
#define LINKNAME L"\\??\\Zero"
void PrUnload(PDRIVER_OBJECT DriverObject) {
NTSTATUS status;
UNICODE_STRING sLinkName;
PDEVICE_OBJECT DevObj, t;
DbgPrint("PrUnload called \n");
RtlInitUnicodeString(&sLinkName, LINKNAME);
status = IoDeleteSymbolicLink(&sLinkName);
if (status != STATUS_SUCCESS) {
DbgPrint("IoDeleteSymbolicLink() failed ??!?\n");
}
DevObj = DriverObject->DeviceObject;
while (DevObj) {
t = DevObj->NextDevice;
IoDeleteDevice(DevObj);
DevObj = t;
}
DbgPrint("PrUnload is done, module unloaded \n");
return;
}
NTSTATUS CreateCloseDispatch(
PDEVICE_OBJECT DeviceObject,
PIRP Irp
) {
UNREFERENCED_PARAMETER(DeviceObject);
Irp->IoStatus.Information = 0;
Irp->IoStatus.Status = STATUS_SUCCESS;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS ReadWriteDispatch(
PDEVICE_OBJECT DeviceObject,
PIRP Irp
) {
PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp);
NTSTATUS status = STATUS_SUCCESS;
DWORD info = 0;
UNREFERENCED_PARAMETER(DeviceObject);
if (IrpSp->MajorFunction == IRP_MJ_WRITE) {
info = IrpSp->Parameters.Write.Length;
goto END;
}
// at this point we know we're IRP_MJ_READ
if (!Irp->MdlAddress) {
status = STATUS_INVALID_PARAMETER;
goto END;
}
// need to call MmProbeAndLockPages() before doing this? nope, looks like the IO Manager takes care of this.
unsigned char *p = MmGetSystemAddressForMdlSafe(Irp->MdlAddress, NormalPagePriority);
if (!p) {
status = STATUS_INSUFFICIENT_RESOURCES;
goto END;
}
memset(p, 0x00, IrpSp->Parameters.Read.Length);
info = IrpSp->Parameters.Read.Length;
// looks like there's no need to unmap p. the IO Manager will do this when it calls MmUnlockPages on the MDL.
END:
Irp->IoStatus.Information = info;
Irp->IoStatus.Status = status;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
PDEVICE_OBJECT DevObject;
UNICODE_STRING sDevName;
UNICODE_STRING sLinkName;
NTSTATUS status;
DbgPrint("Simple DriverEntry called: %wZ\n", RegistryPath);
DriverObject->DriverUnload = PrUnload;
RtlInitUnicodeString(&sDevName, DEVNAME);
RtlInitUnicodeString(&sLinkName, LINKNAME);
status = IoCreateDevice(DriverObject, 0, &sDevName, FILE_DEVICE_UNKNOWN, 0, FALSE, &DevObject);
if (status != STATUS_SUCCESS) {
DbgPrint("IoCreateDevice() failed\n");
return STATUS_UNSUCCESSFUL;
}
status = IoCreateSymbolicLink(&sLinkName, &sDevName);
if (status != STATUS_SUCCESS) {
DbgPrint("IoCreateSymbolicLink() failed\n");
IoDeleteDevice(DevObject);
return STATUS_UNSUCCESSFUL;
}
DriverObject->MajorFunction[IRP_MJ_CREATE] = CreateCloseDispatch;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = CreateCloseDispatch;
DriverObject->MajorFunction[IRP_MJ_READ] = ReadWriteDispatch;
DriverObject->MajorFunction[IRP_MJ_WRITE] = ReadWriteDispatch;
DevObject->Flags |= DO_DIRECT_IO;
DevObject->Flags &= ~DO_DEVICE_INITIALIZING;
DbgPrint("Driver is successfully loaded!\n");
return STATUS_SUCCESS;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment