#include "stdafx.h"
void DriverUnload(IN PDRIVER_OBJECT DriverObject);
NTSTATUS DriverCreateClose(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp);
NTSTATUS DefaultHandler(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp);
NTSTATUS DriverRead(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp);
#ifdef __cplusplus
extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath);
#endif
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
UNICODE_STRING DeviceName,Win32Device;
PDEVICE_OBJECT DeviceObject = NULL;
NTSTATUS status;
unsigned i;
RtlInitUnicodeString(&DeviceName;,L"\\Device\\InfoDevice");
RtlInitUnicodeString(&Win32Device;,L"\\DosDevices\\InfoDevice");
for (i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
DriverObject->MajorFunction[i] = DefaultHandler;
DriverObject->MajorFunction[IRP_MJ_CREATE] = DriverCreateClose;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = DriverCreateClose;
DriverObject->MajorFunction[IRP_MJ_READ] = DriverRead;
DriverObject->DriverUnload = DriverUnload;
status = IoCreateDevice(DriverObject,
0,
&DeviceName;,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&DeviceObject;);
if (!NT_SUCCESS(status))
return status;
if (!DeviceObject)
return STATUS_UNEXPECTED_IO_ERROR;
DeviceObject->Flags |= DO_BUFFERED_IO;
DeviceObject->AlignmentRequirement = FILE_WORD_ALIGNMENT;
status = IoCreateSymbolicLink(&Win32Device;, &DeviceName;);
DeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;
return STATUS_SUCCESS;
}
typedef struct _FWORD
{
USHORT size;
ULONG addr;
}FWORD;
NTSTATUS DriverRead(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
FWORD regGDT;
PVOID mapMem=NULL;
PVOID output=Irp->AssociatedIrp.SystemBuffer;
PHYSICAL_ADDRESS ppt;
_asm
{
sgdt [regGDT]
}
ppt.LowPart=regGDT.addr;
ppt.HighPart=0x0;
mapMem=MmMapIoSpace(ppt,4096,MmNonCached);
if(mapMem!=NULL)
{
RtlCopyBytes(Irp->AssociatedIrp.SystemBuffer,mapMem,4096);
_asm
{
mov edx,output
movzx eax,[regGDT.size]
mov [edx+4088],eax
mov eax,[regGDT.addr]
mov [edx+4092],eax
}
Irp->IoStatus.Information=4096;
MmUnmapIoSpace(mapMem,4096);
}
Irp->IoStatus.Status = STATUS_SUCCESS;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
void DriverUnload(IN PDRIVER_OBJECT DriverObject)
{
UNICODE_STRING Win32Device;
RtlInitUnicodeString(&Win32Device;,L"\\DosDevices\\InfoDevice");
IoDeleteSymbolicLink(&Win32Device;);
IoDeleteDevice(DriverObject->DeviceObject);
}
NTSTATUS DriverCreateClose(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS DefaultHandler(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
Irp->IoStatus.Status = STATUS_NOT_SUPPORTED;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return Irp->IoStatus.Status;
}Add a code snippet to your website: www.paste.org