mirror-ac/driver/driver.c

#include "driver.h"

#include "common.h"
#include "ioctl.h"
#include "callbacks.h"

#include "hv.h"
#include "pool.h"
#include "thread.h"
#include "modules.h"
#include "integrity.h"


DRIVER_CONFIG driver_config = { 0 };
PROCESS_CONFIG process_config = { 0 };

VOID ReadProcessInitialisedConfigFlag(
	_Out_ PBOOLEAN Flag
)
{
	KeAcquireGuardedMutex( &process_config.lock );
	*Flag = process_config.initialised;
	KeReleaseGuardedMutex( &process_config.lock );
}

VOID GetProtectedProcessEProcess( 
	_Out_ PEPROCESS* Process 
)
{
	KeAcquireGuardedMutex( &process_config.lock );
	*Process = process_config.protected_process_eprocess;
	KeReleaseGuardedMutex( &process_config.lock );
}

VOID GetProtectedProcessId(
	_Out_ PLONG ProcessId
)
{
	KeAcquireGuardedMutex( &process_config.lock );
	*ProcessId = process_config.protected_process_id;
	KeReleaseGuardedMutex( &process_config.lock );
}

VOID ClearProcessConfigOnProcessTermination()
{
	DEBUG_LOG( "Process closed, clearing driver process_configuration" );
	KeAcquireGuardedMutex( &process_config.lock );
	process_config.protected_process_id = NULL;
	process_config.protected_process_eprocess = NULL;
	process_config.initialised = FALSE;
	KeReleaseGuardedMutex( &process_config.lock );
}

VOID GetDriverName(
	_In_ LPCSTR* DriverName
)
{
	KeAcquireGuardedMutex( &driver_config.lock );
	*DriverName = driver_config.ansi_driver_name.Buffer;
	KeReleaseGuardedMutex( &driver_config.lock );
}

VOID GetDriverPath(
	_In_ PUNICODE_STRING DriverPath
)
{
	KeAcquireGuardedMutex( &driver_config.lock );
	RtlCopyUnicodeString( DriverPath, &driver_config.driver_path );
	KeReleaseGuardedMutex( &driver_config.lock );
}

VOID GetDriverRegistryPath(
	_In_ PUNICODE_STRING RegistryPath
)
{
	KeAcquireGuardedMutex( &driver_config.lock );
	RtlCopyUnicodeString( RegistryPath, &driver_config.registry_path );
	KeReleaseGuardedMutex( &driver_config.lock );
}

VOID GetDriverDeviceName(
	_In_ PUNICODE_STRING DeviceName
)
{
	KeAcquireGuardedMutex( &driver_config.lock );
	RtlCopyUnicodeString( DeviceName, &driver_config.device_name );
	KeReleaseGuardedMutex( &driver_config.lock );
}

VOID GetDriverSymbolicLink(
	_In_ PUNICODE_STRING DeviceSymbolicLink
)
{
	KeAcquireGuardedMutex( &driver_config.lock );
	RtlCopyUnicodeString( DeviceSymbolicLink, &driver_config.device_symbolic_link );
	KeReleaseGuardedMutex( &driver_config.lock );
}

NTSTATUS RegistryPathQueryCallbackRoutine(
	IN PWSTR ValueName,
	IN ULONG ValueType,
	IN PVOID ValueData,
	IN ULONG ValueLength,
	IN PVOID Context,
	IN PVOID EntryContext
)
{
	UNICODE_STRING value_name;
	BOOLEAN result;
	RtlInitUnicodeString( &value_name, ValueName );

	UNICODE_STRING image_path = RTL_CONSTANT_STRING( L"ImagePath" );
	UNICODE_STRING display_name = RTL_CONSTANT_STRING( L"DisplayName" );

	if ( RtlCompareUnicodeString(&value_name, &image_path, FALSE) == FALSE )
	{
		DEBUG_LOG( "Value type image path given" );
		driver_config.driver_path.Buffer = ExAllocatePool2( POOL_FLAG_NON_PAGED, ValueLength, DRIVER_PATH_POOL_TAG );
		driver_config.driver_path.Length = ValueLength;
		driver_config.driver_path.MaximumLength = ValueLength;

		if ( !driver_config.driver_path.Buffer )
			return STATUS_ABANDONED;

		RtlCopyMemory( 
			driver_config.driver_path.Buffer, 
			ValueData, 
			ValueLength 
		);
	}

	if ( RtlCompareUnicodeString( &value_name, &display_name, FALSE ) == FALSE )
	{
		DEBUG_LOG( "Value type image path given" );
		driver_config.unicode_driver_name.Buffer = ExAllocatePool2( POOL_FLAG_NON_PAGED, ValueLength, DRIVER_PATH_POOL_TAG );
		driver_config.unicode_driver_name.Length = ValueLength;
		driver_config.unicode_driver_name.MaximumLength = ValueLength;

		if ( !driver_config.unicode_driver_name.Buffer )
			return STATUS_ABANDONED;

		RtlCopyMemory(
			driver_config.unicode_driver_name.Buffer,
			ValueData,
			ValueLength
		);
	}

	return STATUS_SUCCESS;
}

VOID FreeDriverConfigurationStringBuffers()
{
	if ( driver_config.unicode_driver_name.Buffer )
		ExFreePoolWithTag( driver_config.unicode_driver_name.Buffer, DRIVER_PATH_POOL_TAG );

	if ( driver_config.driver_path.Buffer )
		ExFreePoolWithTag( driver_config.driver_path.Buffer, DRIVER_PATH_POOL_TAG );

	if (driver_config.ansi_driver_name.Buffer )
		RtlFreeAnsiString( &driver_config.ansi_driver_name );
}

NTSTATUS InitialiseDriverConfigOnDriverEntry(
	_In_ PUNICODE_STRING RegistryPath
)
{
	NTSTATUS status;
	RTL_QUERY_REGISTRY_TABLE query_table[ 2 ] = { 0 };

	KeInitializeGuardedMutex( &driver_config.lock );
	
	RtlInitUnicodeString( &driver_config.device_name, L"\\Device\\DonnaAC" );
	RtlInitUnicodeString( &driver_config.device_symbolic_link, L"\\??\\DonnaAC" );
	RtlCopyUnicodeString( &driver_config.registry_path, RegistryPath );

	query_table[ 0 ].Flags = RTL_QUERY_REGISTRY_NOEXPAND;
	query_table[ 0 ].Name = L"ImagePath";
	query_table[ 0 ].DefaultType = REG_MULTI_SZ;
	query_table[ 0 ].DefaultLength = 0;
	query_table[ 0 ].DefaultData = NULL;
	query_table[ 0 ].EntryContext = NULL;
	query_table[ 0 ].QueryRoutine = RegistryPathQueryCallbackRoutine;

	query_table[ 1 ].Flags = RTL_QUERY_REGISTRY_NOEXPAND;
	query_table[ 1 ].Name = L"DisplayName";
	query_table[ 1 ].DefaultType = REG_SZ;
	query_table[ 1 ].DefaultLength = 0;
	query_table[ 1 ].DefaultData = NULL;
	query_table[ 1 ].EntryContext = NULL;
	query_table[ 1 ].QueryRoutine = RegistryPathQueryCallbackRoutine;

	status = RtlxQueryRegistryValues(
		RTL_REGISTRY_ABSOLUTE,
		RegistryPath->Buffer,
		&query_table,
		NULL,
		NULL
	);

	if ( !NT_SUCCESS( status ) )
	{
		FreeDriverConfigurationStringBuffers();
		return status;
	}

	status = RtlUnicodeStringToAnsiString(
		&driver_config.ansi_driver_name,
		&driver_config.unicode_driver_name,
		TRUE
	);

	if ( !NT_SUCCESS( status ) )
	{
		DEBUG_ERROR( "Failed to convert unicode string to ansi string" );
		FreeDriverConfigurationStringBuffers();
		return status;
	}

	return status;
}


NTSTATUS InitialiseDriverConfigOnProcessLaunch(
	_In_ PIRP Irp
)
{
	NTSTATUS status;
	PDRIVER_INITIATION_INFORMATION information;
	PEPROCESS eprocess;

	information = ( PDRIVER_INITIATION_INFORMATION )Irp->AssociatedIrp.SystemBuffer;

	status = PsLookupProcessByProcessId( information->protected_process_id, &eprocess );

	if ( !NT_SUCCESS( status ) )
		return status;

	/*
	* acquire the mutex here to prevent a race condition if an unknown party trys 
	* to fuzz our IOCTL codes whilst the target process launches.
	*/
	KeAcquireGuardedMutex( &process_config.lock );

	process_config.protected_process_eprocess = eprocess;
	process_config.protected_process_id = information->protected_process_id;
	process_config.initialised = TRUE;

	KeReleaseGuardedMutex( &process_config.lock );

	Irp->IoStatus.Status = status;

	return status;
}

VOID CleanupDriverConfigOnUnload()
{
	FreeDriverConfigurationStringBuffers();
	IoDeleteSymbolicLink( &driver_config.device_symbolic_link );
}

VOID DriverUnload(
	_In_ PDRIVER_OBJECT DriverObject
)
{
	//PsSetCreateProcessNotifyRoutine( ProcessCreateNotifyRoutine, TRUE );
	CleanupDriverConfigOnUnload();
	IoDeleteDevice( DriverObject->DeviceObject );
}

VOID TerminateProtectedProcessOnViolation()
{
	NTSTATUS status;
	ULONG process_id;

	GetProtectedProcessId( &process_id );

	if ( !process_id )
	{
		DEBUG_ERROR( "Failed to terminate process as process id is null" );
		return;
	}

	status = ZwTerminateProcess( process_id, STATUS_SYSTEM_INTEGRITY_POLICY_VIOLATION );

	if ( !NT_SUCCESS( status ) )
		DEBUG_ERROR( "ZwTerminateProcess failed with status %x", status );

	ClearProcessConfigOnProcessTermination();
}

NTSTATUS DriverEntry(
	_In_ PDRIVER_OBJECT DriverObject,
	_In_ PUNICODE_STRING RegistryPath
)
{
	UNREFERENCED_PARAMETER( RegistryPath );

	BOOLEAN flag = FALSE;
	NTSTATUS status;

	status = InitialiseDriverConfigOnDriverEntry( RegistryPath );

	if ( !NT_SUCCESS( status ) )
		return STATUS_ABANDONED;
		

	status = IoCreateDevice(
		DriverObject,
		NULL,
		&driver_config.device_name,
		FILE_DEVICE_UNKNOWN,
		FILE_DEVICE_SECURE_OPEN,
		FALSE,
		&DriverObject->DeviceObject
	);

	if ( !NT_SUCCESS( status ) )
	{
		FreeDriverConfigurationStringBuffers();
		return STATUS_FAILED_DRIVER_ENTRY;
	}

	status = IoCreateSymbolicLink(
		&driver_config.device_symbolic_link,
		&driver_config.device_name
	);

	if ( !NT_SUCCESS( status ) )
	{
		DEBUG_ERROR( "failed to create symbolic link" );
		FreeDriverConfigurationStringBuffers();
		IoDeleteDevice( DriverObject->DeviceObject );
		return STATUS_FAILED_DRIVER_ENTRY;
	}

	DriverObject->MajorFunction[ IRP_MJ_CREATE ] = DeviceCreate;
	DriverObject->MajorFunction[ IRP_MJ_CLOSE ] = DeviceClose;
	DriverObject->MajorFunction[ IRP_MJ_DEVICE_CONTROL ] = DeviceControl;
	DriverObject->DriverUnload = DriverUnload;

	InitCallbackReportQueue(&flag);

	if ( !flag )
	{
		DEBUG_ERROR( "failed to init report queue" );
		FreeDriverConfigurationStringBuffers();
		IoDeleteSymbolicLink( &driver_config.device_symbolic_link );
		IoDeleteDevice( DriverObject->DeviceObject );
		return STATUS_FAILED_DRIVER_ENTRY;
	} 

	DEBUG_LOG( "DonnaAC Driver Entry Complete" );

	//HANDLE handle;
	//PsCreateSystemThread(
	//	&handle,
	//	PROCESS_ALL_ACCESS,
	//	NULL,
	//	NULL,
	//	NULL,
	//	VerifyInMemoryImageVsDiskImage,
	//	NULL
	//);

	//ZwClose( handle );

	return STATUS_SUCCESS;
}
e 2023-08-17 10:45:50 +02:00			`#include "driver.h"`

			`#include "common.h"`
			`#include "ioctl.h"`
excellent progress :) 2023-08-20 16:12:04 +02:00			`#include "callbacks.h"`

e 2023-08-21 14:40:40 +02:00			`#include "hv.h"`
oh yea 2023-08-28 11:17:38 +02:00			`#include "pool.h"`
bed time c: 2023-08-29 19:36:58 +02:00			`#include "thread.h"`
FINMALLY got fukin file 2 map 2023-08-31 12:33:26 +02:00			`#include "modules.h"`
AAAAAA 2023-08-22 19:32:25 +02:00			`#include "integrity.h"`

excellent progress :) 2023-08-20 16:12:04 +02:00
config stuff wip 2023-09-01 14:30:32 +02:00			`DRIVER_CONFIG driver_config = { 0 };`
			`PROCESS_CONFIG process_config = { 0 };`
eee 2023-08-20 17:04:53 +02:00
config stuff wip 2023-09-01 14:30:32 +02:00			`VOID ReadProcessInitialisedConfigFlag(`
			`_Out_ PBOOLEAN Flag`
break time C: 2023-09-01 13:46:31 +02:00			`)`
			`{`
config stuff wip 2023-09-01 14:30:32 +02:00			`KeAcquireGuardedMutex( &process_config.lock );`
			`*Flag = process_config.initialised;`
			`KeReleaseGuardedMutex( &process_config.lock );`
break time C: 2023-09-01 13:46:31 +02:00			`}`

config stuff wip 2023-09-01 14:30:32 +02:00			`VOID GetProtectedProcessEProcess(`
			`_Out_ PEPROCESS* Process`
BLAH 2023-08-24 17:10:40 +02:00			`)`
			`{`
config stuff wip 2023-09-01 14:30:32 +02:00			`KeAcquireGuardedMutex( &process_config.lock );`
			`*Process = process_config.protected_process_eprocess;`
			`KeReleaseGuardedMutex( &process_config.lock );`
BLAH 2023-08-24 17:10:40 +02:00			`}`

config stuff wip 2023-09-01 14:30:32 +02:00			`VOID GetProtectedProcessId(`
			`_Out_ PLONG ProcessId`
			`)`
			`{`
			`KeAcquireGuardedMutex( &process_config.lock );`
			`*ProcessId = process_config.protected_process_id;`
			`KeReleaseGuardedMutex( &process_config.lock );`
			`}`

			`VOID ClearProcessConfigOnProcessTermination()`
			`{`
			`DEBUG_LOG( "Process closed, clearing driver process_configuration" );`
			`KeAcquireGuardedMutex( &process_config.lock );`
			`process_config.protected_process_id = NULL;`
			`process_config.protected_process_eprocess = NULL;`
			`process_config.initialised = FALSE;`
			`KeReleaseGuardedMutex( &process_config.lock );`
			`}`

			`VOID GetDriverName(`
			`_In_ LPCSTR* DriverName`
excellent progress :) 2023-08-20 16:12:04 +02:00			`)`
			`{`
config stuff wip 2023-09-01 14:30:32 +02:00			`KeAcquireGuardedMutex( &driver_config.lock );`
time 4 sleep c: 2023-09-01 18:45:06 +02:00			`*DriverName = driver_config.ansi_driver_name.Buffer;`
config stuff wip 2023-09-01 14:30:32 +02:00			`KeReleaseGuardedMutex( &driver_config.lock );`
excellent progress :) 2023-08-20 16:12:04 +02:00			`}`

config stuff wip 2023-09-01 14:30:32 +02:00			`VOID GetDriverPath(`
			`_In_ PUNICODE_STRING DriverPath`
excellent progress :) 2023-08-20 16:12:04 +02:00			`)`
			`{`
config stuff wip 2023-09-01 14:30:32 +02:00			`KeAcquireGuardedMutex( &driver_config.lock );`
			`RtlCopyUnicodeString( DriverPath, &driver_config.driver_path );`
			`KeReleaseGuardedMutex( &driver_config.lock );`
excellent progress :) 2023-08-20 16:12:04 +02:00			`}`

config stuff wip 2023-09-01 14:30:32 +02:00			`VOID GetDriverRegistryPath(`
			`_In_ PUNICODE_STRING RegistryPath`
			`)`
excellent progress :) 2023-08-20 16:12:04 +02:00			`{`
config stuff wip 2023-09-01 14:30:32 +02:00			`KeAcquireGuardedMutex( &driver_config.lock );`
			`RtlCopyUnicodeString( RegistryPath, &driver_config.registry_path );`
			`KeReleaseGuardedMutex( &driver_config.lock );`
excellent progress :) 2023-08-20 16:12:04 +02:00			`}`

config stuff wip 2023-09-01 14:30:32 +02:00			`VOID GetDriverDeviceName(`
			`_In_ PUNICODE_STRING DeviceName`
			`)`
			`{`
			`KeAcquireGuardedMutex( &driver_config.lock );`
			`RtlCopyUnicodeString( DeviceName, &driver_config.device_name );`
			`KeReleaseGuardedMutex( &driver_config.lock );`
			`}`

			`VOID GetDriverSymbolicLink(`
			`_In_ PUNICODE_STRING DeviceSymbolicLink`
			`)`
			`{`
			`KeAcquireGuardedMutex( &driver_config.lock );`
			`RtlCopyUnicodeString( DeviceSymbolicLink, &driver_config.device_symbolic_link );`
			`KeReleaseGuardedMutex( &driver_config.lock );`
			`}`

time 4 sleep c: 2023-09-01 18:45:06 +02:00			`NTSTATUS RegistryPathQueryCallbackRoutine(`
			`IN PWSTR ValueName,`
			`IN ULONG ValueType,`
			`IN PVOID ValueData,`
			`IN ULONG ValueLength,`
			`IN PVOID Context,`
			`IN PVOID EntryContext`
			`)`
			`{`
			`UNICODE_STRING value_name;`
			`BOOLEAN result;`
			`RtlInitUnicodeString( &value_name, ValueName );`

			`UNICODE_STRING image_path = RTL_CONSTANT_STRING( L"ImagePath" );`
			`UNICODE_STRING display_name = RTL_CONSTANT_STRING( L"DisplayName" );`

			`if ( RtlCompareUnicodeString(&value_name, &image_path, FALSE) == FALSE )`
			`{`
			`DEBUG_LOG( "Value type image path given" );`
			`driver_config.driver_path.Buffer = ExAllocatePool2( POOL_FLAG_NON_PAGED, ValueLength, DRIVER_PATH_POOL_TAG );`
			`driver_config.driver_path.Length = ValueLength;`
			`driver_config.driver_path.MaximumLength = ValueLength;`

			`if ( !driver_config.driver_path.Buffer )`
			`return STATUS_ABANDONED;`

			`RtlCopyMemory(`
			`driver_config.driver_path.Buffer,`
			`ValueData,`
			`ValueLength`
			`);`
			`}`

			`if ( RtlCompareUnicodeString( &value_name, &display_name, FALSE ) == FALSE )`
			`{`
			`DEBUG_LOG( "Value type image path given" );`
			`driver_config.unicode_driver_name.Buffer = ExAllocatePool2( POOL_FLAG_NON_PAGED, ValueLength, DRIVER_PATH_POOL_TAG );`
			`driver_config.unicode_driver_name.Length = ValueLength;`
			`driver_config.unicode_driver_name.MaximumLength = ValueLength;`

			`if ( !driver_config.unicode_driver_name.Buffer )`
			`return STATUS_ABANDONED;`

			`RtlCopyMemory(`
			`driver_config.unicode_driver_name.Buffer,`
			`ValueData,`
			`ValueLength`
			`);`
			`}`

			`return STATUS_SUCCESS;`
			`}`

			`VOID FreeDriverConfigurationStringBuffers()`
			`{`
			`if ( driver_config.unicode_driver_name.Buffer )`
			`ExFreePoolWithTag( driver_config.unicode_driver_name.Buffer, DRIVER_PATH_POOL_TAG );`

			`if ( driver_config.driver_path.Buffer )`
			`ExFreePoolWithTag( driver_config.driver_path.Buffer, DRIVER_PATH_POOL_TAG );`

			`if (driver_config.ansi_driver_name.Buffer )`
			`RtlFreeAnsiString( &driver_config.ansi_driver_name );`
			`}`

			`NTSTATUS InitialiseDriverConfigOnDriverEntry(`
config stuff wip 2023-09-01 14:30:32 +02:00			`_In_ PUNICODE_STRING RegistryPath`
			`)`
			`{`
time 4 sleep c: 2023-09-01 18:45:06 +02:00			`NTSTATUS status;`
			`RTL_QUERY_REGISTRY_TABLE query_table[ 2 ] = { 0 };`

config stuff wip 2023-09-01 14:30:32 +02:00			`KeInitializeGuardedMutex( &driver_config.lock );`

			`RtlInitUnicodeString( &driver_config.device_name, L"\\Device\\DonnaAC" );`
			`RtlInitUnicodeString( &driver_config.device_symbolic_link, L"\\??\\DonnaAC" );`
			`RtlCopyUnicodeString( &driver_config.registry_path, RegistryPath );`

time 4 sleep c: 2023-09-01 18:45:06 +02:00			`query_table[ 0 ].Flags = RTL_QUERY_REGISTRY_NOEXPAND;`
			`query_table[ 0 ].Name = L"ImagePath";`
			`query_table[ 0 ].DefaultType = REG_MULTI_SZ;`
			`query_table[ 0 ].DefaultLength = 0;`
			`query_table[ 0 ].DefaultData = NULL;`
			`query_table[ 0 ].EntryContext = NULL;`
			`query_table[ 0 ].QueryRoutine = RegistryPathQueryCallbackRoutine;`

			`query_table[ 1 ].Flags = RTL_QUERY_REGISTRY_NOEXPAND;`
			`query_table[ 1 ].Name = L"DisplayName";`
			`query_table[ 1 ].DefaultType = REG_SZ;`
			`query_table[ 1 ].DefaultLength = 0;`
			`query_table[ 1 ].DefaultData = NULL;`
			`query_table[ 1 ].EntryContext = NULL;`
			`query_table[ 1 ].QueryRoutine = RegistryPathQueryCallbackRoutine;`

			`status = RtlxQueryRegistryValues(`
			`RTL_REGISTRY_ABSOLUTE,`
			`RegistryPath->Buffer,`
			`&query_table,`
			`NULL,`
			`NULL`
			`);`
break time C: 2023-09-01 13:46:31 +02:00
time 4 sleep c: 2023-09-01 18:45:06 +02:00			`if ( !NT_SUCCESS( status ) )`
break time C: 2023-09-01 13:46:31 +02:00			`{`
time 4 sleep c: 2023-09-01 18:45:06 +02:00			`FreeDriverConfigurationStringBuffers();`
			`return status;`
break time C: 2023-09-01 13:46:31 +02:00			`}`

time 4 sleep c: 2023-09-01 18:45:06 +02:00			`status = RtlUnicodeStringToAnsiString(`
			`&driver_config.ansi_driver_name,`
			`&driver_config.unicode_driver_name,`
			`TRUE`
			`);`
break time C: 2023-09-01 13:46:31 +02:00
			`if ( !NT_SUCCESS( status ) )`
			`{`
time 4 sleep c: 2023-09-01 18:45:06 +02:00			`DEBUG_ERROR( "Failed to convert unicode string to ansi string" );`
			`FreeDriverConfigurationStringBuffers();`
			`return status;`
break time C: 2023-09-01 13:46:31 +02:00			`}`

time 4 sleep c: 2023-09-01 18:45:06 +02:00			`return status;`
break time C: 2023-09-01 13:46:31 +02:00			`}`

time 4 sleep c: 2023-09-01 18:45:06 +02:00
e 2023-08-24 15:12:49 +02:00			`NTSTATUS InitialiseDriverConfigOnProcessLaunch(`
			`_In_ PIRP Irp`
excellent progress :) 2023-08-20 16:12:04 +02:00			`)`
			`{`
e 2023-08-24 15:12:49 +02:00			`NTSTATUS status;`
			`PDRIVER_INITIATION_INFORMATION information;`
			`PEPROCESS eprocess;`

			`information = ( PDRIVER_INITIATION_INFORMATION )Irp->AssociatedIrp.SystemBuffer;`

			`status = PsLookupProcessByProcessId( information->protected_process_id, &eprocess );`

			`if ( !NT_SUCCESS( status ) )`
			`return status;`

BLAH 2023-08-24 17:10:40 +02:00			`/*`
			`* acquire the mutex here to prevent a race condition if an unknown party trys`
			`* to fuzz our IOCTL codes whilst the target process launches.`
			`*/`
config stuff wip 2023-09-01 14:30:32 +02:00			`KeAcquireGuardedMutex( &process_config.lock );`
BLAH 2023-08-24 17:10:40 +02:00
config stuff wip 2023-09-01 14:30:32 +02:00			`process_config.protected_process_eprocess = eprocess;`
			`process_config.protected_process_id = information->protected_process_id;`
			`process_config.initialised = TRUE;`
e 2023-08-24 15:12:49 +02:00
config stuff wip 2023-09-01 14:30:32 +02:00			`KeReleaseGuardedMutex( &process_config.lock );`
BLAH 2023-08-24 17:10:40 +02:00
e 2023-08-24 15:12:49 +02:00			`Irp->IoStatus.Status = status;`

			`return status;`
excellent progress :) 2023-08-20 16:12:04 +02:00			`}`
e 2023-08-17 10:45:50 +02:00
config stuff wip 2023-09-01 14:30:32 +02:00			`VOID CleanupDriverConfigOnUnload()`
			`{`
time 4 sleep c: 2023-09-01 18:45:06 +02:00			`FreeDriverConfigurationStringBuffers();`
config stuff wip 2023-09-01 14:30:32 +02:00			`IoDeleteSymbolicLink( &driver_config.device_symbolic_link );`
			`}`

e 2023-08-17 10:45:50 +02:00			`VOID DriverUnload(`
			`_In_ PDRIVER_OBJECT DriverObject`
			`)`
			`{`
e 2023-08-24 15:12:49 +02:00			`//PsSetCreateProcessNotifyRoutine( ProcessCreateNotifyRoutine, TRUE );`
config stuff wip 2023-09-01 14:30:32 +02:00			`CleanupDriverConfigOnUnload();`
e 2023-08-19 05:36:21 +02:00			`IoDeleteDevice( DriverObject->DeviceObject );`
e 2023-08-17 10:45:50 +02:00			`}`

time 4 sleep c: 2023-09-01 18:45:06 +02:00			`VOID TerminateProtectedProcessOnViolation()`
			`{`
			`NTSTATUS status;`
			`ULONG process_id;`

			`GetProtectedProcessId( &process_id );`

			`if ( !process_id )`
			`{`
			`DEBUG_ERROR( "Failed to terminate process as process id is null" );`
			`return;`
			`}`

			`status = ZwTerminateProcess( process_id, STATUS_SYSTEM_INTEGRITY_POLICY_VIOLATION );`

			`if ( !NT_SUCCESS( status ) )`
			`DEBUG_ERROR( "ZwTerminateProcess failed with status %x", status );`

			`ClearProcessConfigOnProcessTermination();`
			`}`

e 2023-08-17 10:45:50 +02:00			`NTSTATUS DriverEntry(`
			`_In_ PDRIVER_OBJECT DriverObject,`
			`_In_ PUNICODE_STRING RegistryPath`
			`)`
			`{`
			`UNREFERENCED_PARAMETER( RegistryPath );`

yeet 2023-08-21 11:45:00 +02:00			`BOOLEAN flag = FALSE;`
e 2023-08-17 10:45:50 +02:00			`NTSTATUS status;`
e 2023-08-24 15:12:49 +02:00
time 4 sleep c: 2023-09-01 18:45:06 +02:00			`status = InitialiseDriverConfigOnDriverEntry( RegistryPath );`

			`if ( !NT_SUCCESS( status ) )`
			`return STATUS_ABANDONED;`

thread validation check 2023-08-30 13:15:57 +02:00
e 2023-08-17 10:45:50 +02:00			`status = IoCreateDevice(`
			`DriverObject,`
			`NULL,`
config stuff wip 2023-09-01 14:30:32 +02:00			`&driver_config.device_name,`
e 2023-08-17 10:45:50 +02:00			`FILE_DEVICE_UNKNOWN,`
			`FILE_DEVICE_SECURE_OPEN,`
			`FALSE,`
			`&DriverObject->DeviceObject`
			`);`

			`if ( !NT_SUCCESS( status ) )`
time 4 sleep c: 2023-09-01 18:45:06 +02:00			`{`
			`FreeDriverConfigurationStringBuffers();`
e 2023-08-17 10:45:50 +02:00			`return STATUS_FAILED_DRIVER_ENTRY;`
time 4 sleep c: 2023-09-01 18:45:06 +02:00			`}`
e 2023-08-17 10:45:50 +02:00
			`status = IoCreateSymbolicLink(`
config stuff wip 2023-09-01 14:30:32 +02:00			`&driver_config.device_symbolic_link,`
			`&driver_config.device_name`
e 2023-08-17 10:45:50 +02:00			`);`

			`if ( !NT_SUCCESS( status ) )`
			`{`
working but with critical error xD 2023-08-20 18:06:21 +02:00			`DEBUG_ERROR( "failed to create symbolic link" );`
time 4 sleep c: 2023-09-01 18:45:06 +02:00			`FreeDriverConfigurationStringBuffers();`
e 2023-08-19 05:36:21 +02:00			`IoDeleteDevice( DriverObject->DeviceObject );`
e 2023-08-17 10:45:50 +02:00			`return STATUS_FAILED_DRIVER_ENTRY;`
			`}`

			`DriverObject->MajorFunction[ IRP_MJ_CREATE ] = DeviceCreate;`
			`DriverObject->MajorFunction[ IRP_MJ_CLOSE ] = DeviceClose;`
			`DriverObject->MajorFunction[ IRP_MJ_DEVICE_CONTROL ] = DeviceControl;`
			`DriverObject->DriverUnload = DriverUnload;`

excellent progress :) 2023-08-20 16:12:04 +02:00			`InitCallbackReportQueue(&flag);`

			`if ( !flag )`
			`{`
working but with critical error xD 2023-08-20 18:06:21 +02:00			`DEBUG_ERROR( "failed to init report queue" );`
time 4 sleep c: 2023-09-01 18:45:06 +02:00			`FreeDriverConfigurationStringBuffers();`
config stuff wip 2023-09-01 14:30:32 +02:00			`IoDeleteSymbolicLink( &driver_config.device_symbolic_link );`
excellent progress :) 2023-08-20 16:12:04 +02:00			`IoDeleteDevice( DriverObject->DeviceObject );`
			`return STATUS_FAILED_DRIVER_ENTRY;`
thread validation check 2023-08-30 13:15:57 +02:00			`}`
excellent progress :) 2023-08-20 16:12:04 +02:00
thread validation check 2023-08-30 13:15:57 +02:00			`DEBUG_LOG( "DonnaAC Driver Entry Complete" );`
e 2023-08-17 10:45:50 +02:00
time 4 sleep c: 2023-09-01 18:45:06 +02:00			`//HANDLE handle;`
			`//PsCreateSystemThread(`
			`// &handle,`
			`// PROCESS_ALL_ACCESS,`
			`// NULL,`
			`// NULL,`
			`// NULL,`
			`// VerifyInMemoryImageVsDiskImage,`
			`// NULL`
			`//);`

			`//ZwClose( handle );`
FINMALLY got fukin file 2 map 2023-08-31 12:33:26 +02:00
thread validation check 2023-08-30 13:15:57 +02:00			`return STATUS_SUCCESS;`
e 2023-08-17 10:45:50 +02:00			`}`