- #include "ntddk.h"
- #define INITCODE code_seg("INIT")
- #define PAGECODE code_seg("PAGE")
- NTKERNELAPI
- NTSTATUS
- ObReferenceObjectByName(
- IN PUNICODE_STRING ObjectName,
- IN ULONG Attributes,
- IN PACCESS_STATE PassedAccessState OPTIONAL,
- IN ACCESS_MASK DesiredAccess OPTIONAL,
- IN POBJECT_TYPE ObjectType,
- IN KPROCESSOR_MODE AccessMode,
- IN OUT PVOID ParseContext OPTIONAL,
- OUT PVOID *Object
- );
- extern POBJECT_TYPE *IoDriverObjectType;
- PDRIVER_OBJECT g_DriverObject;
- PDRIVER_DISPATCH gfn_OrigReadCompleteRoutine;
- #pragma PAGECODE
- NTSTATUS FilterReadCompleteRoutine(PDEVICE_OBJECT pDeviceObj, PIRP pIrp)
- {
- KdPrint(("IRP_MJ_DEVICE_CONTROL comming!"));
- return gfn_OrigReadCompleteRoutine(pDeviceObj, pIrp);
- }
- #pragma PAGECODE
- void UnFilterDriverQuery()
- {
- if (MmIsAddressValid(g_DriverObject))
- {
- g_DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = gfn_OrigReadCompleteRoutine;
- }
- }
- #pragma PAGECODE
- NTSTATUS FilterDriverQuery()
- {
- UNICODE_STRING ObjectName;
- NTSTATUS Status;
- RtlInitUnicodeString(&ObjectName, L"\\Driver\\XueTr-火眼合作版本");
- Status = ObReferenceObjectByName(&ObjectName, OBJ_CASE_INSENSITIVE, NULL, 0,
- *IoDriverObjectType, KernelMode, NULL, (PVOID *)&g_DriverObject);
- if (!NT_SUCCESS(Status))
- {
- return Status;
- }
- gfn_OrigReadCompleteRoutine = g_DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL];
- g_DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = FilterReadCompleteRoutine;
- ObDereferenceObject(g_DriverObject);
- return STATUS_SUCCESS;
- }
- #pragma PAGECODE
- void MyDriverUnload(PDRIVER_OBJECT pDriverObject)
- {
- UNICODE_STRING symName;
- RtlInitUnicodeString(&symName, L"\\??\\FirstDeviceLinkName");
- UnFilterDriverQuery();
- if (pDriverObject->DeviceObject != NULL)
- {
- IoDeleteSymbolicLink(&symName);
- IoDeleteDevice(pDriverObject->DeviceObject);
- KdPrint(("Delete device success!"));
- }
- }
- #pragma INITCODE
- NTSTATUS CreateMyDevice(PDRIVER_OBJECT pDriverObject)
- {
- NTSTATUS Status;
- PDEVICE_OBJECT pDevObj;
- UNICODE_STRING DevName;
- UNICODE_STRING symName;
- RtlInitUnicodeString(&DevName, L"\\Device\\FirstDevice");
- Status = IoCreateDevice(pDriverObject, 0, &DevName, FILE_DEVICE_UNKNOWN,
- 0, TRUE, &pDevObj);
- if (!NT_SUCCESS(Status))
- {
- return Status;
- }
-
- pDevObj->Flags |= DO_BUFFERED_IO;
- RtlInitUnicodeString(&symName, L"\\??\\FirstDeviceLinkName");
- Status = IoCreateSymbolicLink(&symName, &DevName);
- if (!NT_SUCCESS(Status))
- {
- IoDeleteDevice(pDevObj);
- return Status;
- }
- return STATUS_SUCCESS;
- }
- #pragma PAGECODE
- NTSTATUS CreateCompleteRoutine(PDEVICE_OBJECT pDeviceObj, PIRP pIrp)
- {
- NTSTATUS Status;
- Status = STATUS_SUCCESS;
- KdPrint(("Create"));
- pIrp->IoStatus.Status = Status;
- pIrp->IoStatus.Information = 0;
- IoCompleteRequest(pIrp, IO_NO_INCREMENT);
- return Status;
- }
- #pragma PAGECODE
- NTSTATUS CloseCompleteRoutine(PDEVICE_OBJECT pDeviceObj, PIRP pIrp)
- {
- NTSTATUS Status;
- Status = STATUS_SUCCESS;
- KdPrint(("Close"));
- pIrp->IoStatus.Status = Status;
- pIrp->IoStatus.Information = 0;
- IoCompleteRequest(pIrp, IO_NO_INCREMENT);
- return Status;
- }
- #pragma PAGECODE
- NTSTATUS ReadCompleteRoutine(PDEVICE_OBJECT pDeviceObj, PIRP pIrp)
- {
- NTSTATUS Status;
- Status = STATUS_SUCCESS;
- KdPrint(("Read"));
- pIrp->IoStatus.Status = Status;
- pIrp->IoStatus.Information = 0;
- IoCompleteRequest(pIrp, IO_NO_INCREMENT);
- return Status;
- }
- #pragma PAGECODE
- NTSTATUS WriteCompleteRoutine(PDEVICE_OBJECT pDeviceObj, PIRP pIrp)
- {
- NTSTATUS Status;
- Status = STATUS_SUCCESS;
- KdPrint(("Write"));
- pIrp->IoStatus.Status = Status;
- pIrp->IoStatus.Information = 0;
- IoCompleteRequest(pIrp, IO_NO_INCREMENT);
- return Status;
- }
- #pragma INITCODE
- NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
- {
- NTSTATUS Status;
- Status = CreateMyDevice(pDriverObject);
- if (!NT_SUCCESS(Status))
- {
- KdPrint(("Create device failed!"));
- }
- else
- {
- KdPrint(("Create device success!"));
- KdPrint(("%wZ", pRegistryPath));
- }
- pDriverObject->MajorFunction[IRP_MJ_CREATE] = CreateCompleteRoutine;
- pDriverObject->MajorFunction[IRP_MJ_CLOSE] = CloseCompleteRoutine;
- pDriverObject->MajorFunction[IRP_MJ_READ] = ReadCompleteRoutine;
- pDriverObject->MajorFunction[IRP_MJ_WRITE] = WriteCompleteRoutine;
- pDriverObject->DriverUnload = MyDriverUnload;
- FilterDriverQuery();
- return STATUS_SUCCESS;
- }
复制代码 |