Load driver

Discussion in 'С/С++, C#, Rust, Swift, Go, Java, Perl, Ruby' started by n3ls0n, 28 Apr 2010.

  1. n3ls0n

    n3ls0n New Member

    Joined:
    12 Apr 2010
    Messages:
    11
    Likes Received:
    0
    Reputations:
    0
    какие есть варианты загрузки дров
    помимо :

    - NtloadDriver
    - NtSetSystemInformation (старый без реестра
    SYSTEM_LOAD_AND_CALL_IMAGE )
    - SCM (стандартных)
    юзаю след.
    Code:
        

// some my services
#define KERNEL_MEM_DRIVER_FILENAME_EX      L"direct.sys"
#define KERNEL_MEM_DRIVER_FILENAME_EXA     "direct.sys"
#define KERNEL_MEM_SERVICE_NAME_EX         L"KrlSysData"

#define KERNEL_MEM_DRIVER_SERVICE_NAME_EX  L"KernelMemDriver Service"

#define MAGIC_IOCTL 0x00088004

typedef struct _tagLOAD
{
  WORD Len;
  WCHAR ServiceName[512];
} LOAD ,*PLOAD;

BOOL InstallRegKeys4Driver()
{
  BOOL bRet = FALSE;
  WCHAR szDriverPath[MAX_PATH] = {'\0'};
  GetModuleFileNameW(GetModuleHandle(0),szDriverPath,sizeof(szDriverPath));
  PathRemoveFileSpecW(szDriverPath);
  PathAppendW(szDriverPath,KERNEL_MEM_DRIVER_FILENAME_EX);
  WCHAR szImgPath[MAX_PATH] = {'\0'};
  wsprintfW(szImgPath,L"%s%s",L"\\??\\",szDriverPath);
  HKEY hKey;
  WCHAR szRegPath[MAX_PATH] = {0};
  wsprintfW(szRegPath,L"%s%s",L"SYSTEM\\CurrentControlSet\\Services\\",KERNEL_MEM_SERVICE_NAME_EX);
  if( RegCreateKeyExW(HKEY_LOCAL_MACHINE,szRegPath,0,NULL,0,KEY_READ | KEY_WRITE,NULL,&hKey,NULL) == ERROR_SUCCESS )
  {
     RegSetValueExW(hKey,L"DisplayName",0,REG_SZ,(LPBYTE)KERNEL_MEM_DRIVER_SERVICE_NAME_EX,(DWORD)lstrlenW(KERNEL_MEM_DRIVER_SERVICE_NAME_EX)*2);
     RegSetValueExW(hKey,L"ImagePath",0,REG_EXPAND_SZ,(LPBYTE)szImgPath,(DWORD)lstrlenW(szImgPath)*2);
     DWORD dwType = SERVICE_KERNEL_DRIVER; 
     DWORD dwStart = SERVICE_DEMAND_START;   
     RegSetValueExW(hKey,L"Type",0,REG_DWORD,(LPBYTE)&dwType,(DWORD)sizeof(dwType));
     RegSetValueExW(hKey,L"Start",0,REG_DWORD,(LPBYTE)&dwStart,(DWORD)sizeof(dwStart) );
	 bRet = TRUE;
  }   
  return bRet;
}

BOOL GetPrivilege (PCHAR pPrivilegeName)
{
  HANDLE hToken;
  LUID Luid;
  BOOL bReturn = FALSE;
  TOKEN_PRIVILEGES TokenPrivileges;
  ZeroMemory(&TokenPrivileges,sizeof(TokenPrivileges));
  if (OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken))
  {
	if (LookupPrivilegeValue(NULL,pPrivilegeName,&Luid))
	{
 	   TokenPrivileges.PrivilegeCount = 0x01;
 	   TokenPrivileges.Privileges[0x00].Luid = Luid;
 	   TokenPrivileges.Privileges[0x00].Attributes = SE_PRIVILEGE_ENABLED;
 	   if (AdjustTokenPrivileges(hToken,0x00,&TokenPrivileges,sizeof(TokenPrivileges),NULL,NULL))
	   {
	     bReturn = TRUE;
	   }
	}
  }
  CloseHandle(hToken);
  return bReturn;
}

BOOL LoadKernelMemDriverEx()
{ 
 BOOL bRet = FALSE;
 if (InstallRegKeys4Driver())
 {
   HANDLE hDevice = CreateFile ("\\\\.\\FltMgr" , GENERIC_READ | GENERIC_WRITE , FILE_SHARE_READ | FILE_SHARE_WRITE , NULL , OPEN_EXISTING , FILE_ATTRIBUTE_NORMAL , NULL );
   if( hDevice != INVALID_HANDLE_VALUE )
   {
      LOAD service_to_load;
      DWORD dwRet=0;
	  lstrcpyW(service_to_load.ServiceName ,KERNEL_MEM_SERVICE_NAME_EX);
      service_to_load.Len = wcslen( service_to_load.ServiceName )*sizeof(WCHAR);
	  if (GetPrivilege(SE_LOAD_DRIVER_NAME)) 
	  {
		 if (DeviceIoControl( hDevice , MAGIC_IOCTL , &service_to_load , sizeof(service_to_load) , NULL , 0 , &dwRet , NULL ))
	     {
		  bRet = TRUE;
         }
	  }
   }
 }
 return bRet;
}
     
    #1 n3ls0n, 28 Apr 2010
(You must log in or sign up to post here.)