ripp3rdoc/simple-kernel-driver.cpp

## simple-kernel-driver.cpp
#include <ntddk.h>

void ProcessPowerUnload(PDRIVER_OBJECT);

NTSTATUS ProcessPowerCreateClose(PDEVICE_OBJECT, PIRP);
NTSTATUS ProcessPowerDeviceControl(PDEVICE_OBJECT, PIRP);

extern "C"
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
    KdPrint(("ProcessPower: DriverEntry\n"));
    KdPrint(("Registry path: %wZ\n", RegistryPath));

    DriverObject->DriverUnload = ProcessPowerUnload; // pointer to the Unload routine

    RTL_OSVERSIONINFOW vi = {
      sizeof(vi)
    }; // Setting needed structure for RtlGetVersion()
    NTSTATUS status = RtlGetVersion(&vi); // Get the version number of the Windows OS

    if (!NT_SUCCESS(status)) { // Check NT_SUCCESS return value
        KdPrint(("Failed in RtlGetVersion (0x%X)\n", status));
        return status;
    }

    KdPrint(("Windows version: %u.%u.%u\n", vi.dwMajorVersion, vi.dwMinorVersion, vi.dwBuildNumber));

    DriverObject->MajorFunction[IRP_MJ_CREATE] = ProcessPowerCreateClose;
    DriverObject->MajorFunction[IRP_MJ_CLOSE] = ProcessPowerCreateClose;
    DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = ProcessPowerDeviceControl;

    UNICODE_STRING devName = RTL_CONSTANT_STRING(L "\\Device\\ProcesPower"); // Device Name
    // RtlInitUnicodeString(&devName, L"\\Device\\ProcesPower");
    PDEVICE_OBJECT DeviceObject;
    status = IoCreateDevice(DriverObject, 0, &devName, FILE_DEVICE_UNKNOWN, 0, FALSE, &DeviceObject);
    if (!NT_SUCCESS(status)) { // Check NT_SUCCESS return value
        KdPrint(("Failed in IoCreateDevice (0x%X)\n", status));
        return status;
    }

    UNICODE_STRING symLink = RTL_CONSTANT— STRING(L "\\??\\ProcessPower");
    status = IoCreateSymbolicLink(&symLink, &devName);
    if (!NT_SUCCESS(status)) { // Check NT_SUCCESS return value
        IoDeleteDevice(DeviceObject);
        KdPrint(("Failed in IoCreateSymbolicLink (0x%X)\n", status));
        return status;
    }

    return STATUS_SUCCESS;

}

void ProcessPowerUnload(PDRIVER_OBJECT DriverObject) {
    KdPrint(("ProcessPower: Unload\n")); // Unloading the driver
    IoDeleteSymbolicLink(&symLink);
    IoDeleteDevice(DriverObject->DeviceObject);
}
	#include <ntddk.h>

	void ProcessPowerUnload(PDRIVER_OBJECT);

	NTSTATUS ProcessPowerCreateClose(PDEVICE_OBJECT, PIRP);
	NTSTATUS ProcessPowerDeviceControl(PDEVICE_OBJECT, PIRP);

	extern "C"
	NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
	KdPrint(("ProcessPower: DriverEntry\n"));
	KdPrint(("Registry path: %wZ\n", RegistryPath));

	DriverObject->DriverUnload = ProcessPowerUnload; // pointer to the Unload routine

	RTL_OSVERSIONINFOW vi = {
	sizeof(vi)
	}; // Setting needed structure for RtlGetVersion()
	NTSTATUS status = RtlGetVersion(&vi); // Get the version number of the Windows OS

	if (!NT_SUCCESS(status)) { // Check NT_SUCCESS return value
	KdPrint(("Failed in RtlGetVersion (0x%X)\n", status));
	return status;
	}

	KdPrint(("Windows version: %u.%u.%u\n", vi.dwMajorVersion, vi.dwMinorVersion, vi.dwBuildNumber));

	DriverObject->MajorFunction[IRP_MJ_CREATE] = ProcessPowerCreateClose;
	DriverObject->MajorFunction[IRP_MJ_CLOSE] = ProcessPowerCreateClose;
	DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = ProcessPowerDeviceControl;

	UNICODE_STRING devName = RTL_CONSTANT_STRING(L "\\Device\\ProcesPower"); // Device Name
	// RtlInitUnicodeString(&devName, L"\\Device\\ProcesPower");
	PDEVICE_OBJECT DeviceObject;
	status = IoCreateDevice(DriverObject, 0, &devName, FILE_DEVICE_UNKNOWN, 0, FALSE, &DeviceObject);
	if (!NT_SUCCESS(status)) { // Check NT_SUCCESS return value
	KdPrint(("Failed in IoCreateDevice (0x%X)\n", status));
	return status;
	}

	UNICODE_STRING symLink = RTL_CONSTANT— STRING(L "\\??\\ProcessPower");
	status = IoCreateSymbolicLink(&symLink, &devName);
	if (!NT_SUCCESS(status)) { // Check NT_SUCCESS return value
	IoDeleteDevice(DeviceObject);
	KdPrint(("Failed in IoCreateSymbolicLink (0x%X)\n", status));
	return status;
	}

	return STATUS_SUCCESS;

	}

	void ProcessPowerUnload(PDRIVER_OBJECT DriverObject) {
	KdPrint(("ProcessPower: Unload\n")); // Unloading the driver
	IoDeleteSymbolicLink(&symLink);
	IoDeleteDevice(DriverObject->DeviceObject);
	}