mirror-ac/driver/driver.c

#include "driver.h"

#include "common.h"
#include "ioctl.h"
#include "callbacks.h"

#include "hv.h"


PVOID callback_registration_handle;

LONG protected_process_id;
LONG protected_process_parent_id;
KGUARDED_MUTEX mutex;

UNICODE_STRING DEVICE_NAME = RTL_CONSTANT_STRING( L"\\Device\\DonnaAC" );
UNICODE_STRING DEVICE_SYMBOLIC_LINK = RTL_CONSTANT_STRING( L"\\??\\DonnaAC" );

VOID UpdateProtectedProcessId( 
	_In_ LONG NewProcessId 
)
{
	KeAcquireGuardedMutex( &mutex );
	protected_process_id = NewProcessId;
	KeReleaseGuardedMutex( &mutex );
}

VOID GetProtectedProcessId(
	_Out_ PLONG ProcessId
)
{
	KeAcquireGuardedMutex( &mutex );
	*ProcessId = protected_process_id;
	KeReleaseGuardedMutex( &mutex );
}

VOID GetProtectedProcessParentId( 
	_Out_ PLONG ProcessId 
)
{
	KeAcquireGuardedMutex( &mutex );
	*ProcessId = protected_process_parent_id;
	KeReleaseGuardedMutex( &mutex );
}

VOID UpdateProtectedProcessParentId( 
	_In_ LONG NewProcessId 
)
{
	KeAcquireGuardedMutex( &mutex );
	protected_process_parent_id = NewProcessId;
	KeReleaseGuardedMutex( &mutex );
}

VOID DriverUnload(
	_In_ PDRIVER_OBJECT DriverObject
)
{
	PsSetCreateProcessNotifyRoutine( ProcessCreateNotifyRoutine, TRUE );
	ObUnRegisterCallbacks( callback_registration_handle );
	FreeQueueObjectsAndCleanup();
	IoDeleteSymbolicLink( &DEVICE_SYMBOLIC_LINK );
	IoDeleteDevice( DriverObject->DeviceObject );
}

NTSTATUS InitiateDriverCallbacks()
{
	NTSTATUS status;

	OB_CALLBACK_REGISTRATION callback_registration = { 0 };
	OB_OPERATION_REGISTRATION operation_registration = { 0 };

	operation_registration.ObjectType = PsProcessType;
	operation_registration.Operations = OB_OPERATION_HANDLE_CREATE | OB_OPERATION_HANDLE_DUPLICATE;
	operation_registration.PreOperation = ObPreOpCallbackRoutine;
	operation_registration.PostOperation = ObPostOpCallbackRoutine;

	callback_registration.Version = OB_FLT_REGISTRATION_VERSION;
	callback_registration.OperationRegistration = &operation_registration;
	callback_registration.OperationRegistrationCount = 1;
	callback_registration.RegistrationContext = NULL;

	status = ObRegisterCallbacks(
		&callback_registration,
		&callback_registration_handle
	);

	if ( !NT_SUCCESS( status ) )
	{
		DEBUG_ERROR( "failed to launch obregisters with status %x", status );
		return status;
	}

	status = PsSetCreateProcessNotifyRoutine(
		ProcessCreateNotifyRoutine,
		FALSE
	);

	if ( !NT_SUCCESS( status ) )
		DEBUG_ERROR( "Failed to launch ps create notif routines with status %x", status );

	return status;
}

NTSTATUS DriverEntry(
	_In_ PDRIVER_OBJECT DriverObject,
	_In_ PUNICODE_STRING RegistryPath
)
{
	UNREFERENCED_PARAMETER( RegistryPath );

	BOOLEAN flag = FALSE;
	NTSTATUS status;
	HANDLE handle;

	status = IoCreateDevice(
		DriverObject,
		NULL,
		&DEVICE_NAME,
		FILE_DEVICE_UNKNOWN,
		FILE_DEVICE_SECURE_OPEN,
		FALSE,
		&DriverObject->DeviceObject
	);

	if ( !NT_SUCCESS( status ) )
		return STATUS_FAILED_DRIVER_ENTRY;

	status = IoCreateSymbolicLink(
		&DEVICE_SYMBOLIC_LINK,
		&DEVICE_NAME
	);

	if ( !NT_SUCCESS( status ) )
	{
		DEBUG_ERROR( "failed to create symbolic link" );
		IoDeleteDevice( DriverObject->DeviceObject );
		return STATUS_FAILED_DRIVER_ENTRY;
	}

	DriverObject->MajorFunction[ IRP_MJ_CREATE ] = DeviceCreate;
	DriverObject->MajorFunction[ IRP_MJ_CLOSE ] = DeviceClose;
	DriverObject->MajorFunction[ IRP_MJ_DEVICE_CONTROL ] = DeviceControl;
	DriverObject->DriverUnload = DriverUnload;

	KeInitializeGuardedMutex( &mutex );

	InitCallbackReportQueue(&flag);

	if ( !flag )
	{
		DEBUG_ERROR( "failed to init report queue" );
		IoDeleteSymbolicLink( &DEVICE_SYMBOLIC_LINK );
		IoDeleteDevice( DriverObject->DeviceObject );
		return STATUS_FAILED_DRIVER_ENTRY;
	}

	status = PsCreateSystemThread(
		&handle,
		PROCESS_ALL_ACCESS,
		NULL,
		NULL,
		NULL,
		InitiateDriverCallbacks,
		NULL
	);

	if ( !NT_SUCCESS( status ) )
	{
		DEBUG_ERROR( "failed to launch thread to start tings" );
		IoDeleteSymbolicLink( &DEVICE_SYMBOLIC_LINK );
		IoDeleteDevice( DriverObject->DeviceObject );
		return STATUS_FAILED_DRIVER_ENTRY;
	}

	ZwClose( handle );

	DEBUG_LOG( "DonnaAC Driver Entry Complete. type: %lx", DriverObject->DeviceObject->DeviceType );

	return status;
}
e 2023-08-17 10:45:50 +02:00			`#include "driver.h"`

			`#include "common.h"`
			`#include "ioctl.h"`
excellent progress :) 2023-08-20 16:12:04 +02:00			`#include "callbacks.h"`

e 2023-08-21 14:40:40 +02:00			`#include "hv.h"`


excellent progress :) 2023-08-20 16:12:04 +02:00			`PVOID callback_registration_handle;`

			`LONG protected_process_id;`
			`LONG protected_process_parent_id;`
			`KGUARDED_MUTEX mutex;`

eee 2023-08-20 17:04:53 +02:00			`UNICODE_STRING DEVICE_NAME = RTL_CONSTANT_STRING( L"\\Device\\DonnaAC" );`
			`UNICODE_STRING DEVICE_SYMBOLIC_LINK = RTL_CONSTANT_STRING( L"\\??\\DonnaAC" );`

excellent progress :) 2023-08-20 16:12:04 +02:00			`VOID UpdateProtectedProcessId(`
			`_In_ LONG NewProcessId`
			`)`
			`{`
			`KeAcquireGuardedMutex( &mutex );`
			`protected_process_id = NewProcessId;`
			`KeReleaseGuardedMutex( &mutex );`
			`}`

			`VOID GetProtectedProcessId(`
			`_Out_ PLONG ProcessId`
			`)`
			`{`
			`KeAcquireGuardedMutex( &mutex );`
			`*ProcessId = protected_process_id;`
			`KeReleaseGuardedMutex( &mutex );`
			`}`

			`VOID GetProtectedProcessParentId(`
			`_Out_ PLONG ProcessId`
			`)`
			`{`
			`KeAcquireGuardedMutex( &mutex );`
			`*ProcessId = protected_process_parent_id;`
			`KeReleaseGuardedMutex( &mutex );`
			`}`

			`VOID UpdateProtectedProcessParentId(`
			`_In_ LONG NewProcessId`
			`)`
			`{`
			`KeAcquireGuardedMutex( &mutex );`
			`protected_process_parent_id = NewProcessId;`
			`KeReleaseGuardedMutex( &mutex );`
			`}`
e 2023-08-17 10:45:50 +02:00
			`VOID DriverUnload(`
			`_In_ PDRIVER_OBJECT DriverObject`
			`)`
			`{`
GOT IT WORKING LOL 2023-08-21 06:08:57 +02:00			`PsSetCreateProcessNotifyRoutine( ProcessCreateNotifyRoutine, TRUE );`
			`ObUnRegisterCallbacks( callback_registration_handle );`
yeet 2023-08-21 11:45:00 +02:00			`FreeQueueObjectsAndCleanup();`
e 2023-08-17 10:45:50 +02:00			`IoDeleteSymbolicLink( &DEVICE_SYMBOLIC_LINK );`
e 2023-08-19 05:36:21 +02:00			`IoDeleteDevice( DriverObject->DeviceObject );`
e 2023-08-17 10:45:50 +02:00			`}`

working but with critical error xD 2023-08-20 18:06:21 +02:00			`NTSTATUS InitiateDriverCallbacks()`
			`{`
			`NTSTATUS status;`

			`OB_CALLBACK_REGISTRATION callback_registration = { 0 };`
			`OB_OPERATION_REGISTRATION operation_registration = { 0 };`

			`operation_registration.ObjectType = PsProcessType;`
			`operation_registration.Operations = OB_OPERATION_HANDLE_CREATE \| OB_OPERATION_HANDLE_DUPLICATE;`
			`operation_registration.PreOperation = ObPreOpCallbackRoutine;`
			`operation_registration.PostOperation = ObPostOpCallbackRoutine;`

			`callback_registration.Version = OB_FLT_REGISTRATION_VERSION;`
			`callback_registration.OperationRegistration = &operation_registration;`
			`callback_registration.OperationRegistrationCount = 1;`
			`callback_registration.RegistrationContext = NULL;`

			`status = ObRegisterCallbacks(`
			`&callback_registration,`
			`&callback_registration_handle`
			`);`

			`if ( !NT_SUCCESS( status ) )`
			`{`
			`DEBUG_ERROR( "failed to launch obregisters with status %x", status );`
			`return status;`
			`}`

			`status = PsSetCreateProcessNotifyRoutine(`
			`ProcessCreateNotifyRoutine,`
			`FALSE`
			`);`

			`if ( !NT_SUCCESS( status ) )`
			`DEBUG_ERROR( "Failed to launch ps create notif routines with status %x", status );`

			`return status;`
			`}`

e 2023-08-17 10:45:50 +02:00			`NTSTATUS DriverEntry(`
			`_In_ PDRIVER_OBJECT DriverObject,`
			`_In_ PUNICODE_STRING RegistryPath`
			`)`
			`{`
			`UNREFERENCED_PARAMETER( RegistryPath );`

yeet 2023-08-21 11:45:00 +02:00			`BOOLEAN flag = FALSE;`
e 2023-08-17 10:45:50 +02:00			`NTSTATUS status;`
working but with critical error xD 2023-08-20 18:06:21 +02:00			`HANDLE handle;`
e 2023-08-17 10:45:50 +02:00
			`status = IoCreateDevice(`
			`DriverObject,`
			`NULL,`
			`&DEVICE_NAME,`
			`FILE_DEVICE_UNKNOWN,`
			`FILE_DEVICE_SECURE_OPEN,`
			`FALSE,`
			`&DriverObject->DeviceObject`
			`);`

			`if ( !NT_SUCCESS( status ) )`
			`return STATUS_FAILED_DRIVER_ENTRY;`

			`status = IoCreateSymbolicLink(`
			`&DEVICE_SYMBOLIC_LINK,`
			`&DEVICE_NAME`
			`);`

			`if ( !NT_SUCCESS( status ) )`
			`{`
working but with critical error xD 2023-08-20 18:06:21 +02:00			`DEBUG_ERROR( "failed to create symbolic link" );`
e 2023-08-19 05:36:21 +02:00			`IoDeleteDevice( DriverObject->DeviceObject );`
e 2023-08-17 10:45:50 +02:00			`return STATUS_FAILED_DRIVER_ENTRY;`
			`}`

			`DriverObject->MajorFunction[ IRP_MJ_CREATE ] = DeviceCreate;`
			`DriverObject->MajorFunction[ IRP_MJ_CLOSE ] = DeviceClose;`
			`DriverObject->MajorFunction[ IRP_MJ_DEVICE_CONTROL ] = DeviceControl;`
			`DriverObject->DriverUnload = DriverUnload;`

excellent progress :) 2023-08-20 16:12:04 +02:00			`KeInitializeGuardedMutex( &mutex );`

			`InitCallbackReportQueue(&flag);`

			`if ( !flag )`
			`{`
working but with critical error xD 2023-08-20 18:06:21 +02:00			`DEBUG_ERROR( "failed to init report queue" );`
excellent progress :) 2023-08-20 16:12:04 +02:00			`IoDeleteSymbolicLink( &DEVICE_SYMBOLIC_LINK );`
			`IoDeleteDevice( DriverObject->DeviceObject );`
			`return STATUS_FAILED_DRIVER_ENTRY;`
			`}`

working but with critical error xD 2023-08-20 18:06:21 +02:00			`status = PsCreateSystemThread(`
			`&handle,`
			`PROCESS_ALL_ACCESS,`
			`NULL,`
			`NULL,`
			`NULL,`
			`InitiateDriverCallbacks,`
			`NULL`
excellent progress :) 2023-08-20 16:12:04 +02:00			`);`

			`if ( !NT_SUCCESS( status ) )`
			`{`
working but with critical error xD 2023-08-20 18:06:21 +02:00			`DEBUG_ERROR( "failed to launch thread to start tings" );`
excellent progress :) 2023-08-20 16:12:04 +02:00			`IoDeleteSymbolicLink( &DEVICE_SYMBOLIC_LINK );`
			`IoDeleteDevice( DriverObject->DeviceObject );`
			`return STATUS_FAILED_DRIVER_ENTRY;`
			`}`

working but with critical error xD 2023-08-20 18:06:21 +02:00			`ZwClose( handle );`

stupid fucking wdf drivers ruining evberything 2023-08-19 17:12:25 +02:00			`DEBUG_LOG( "DonnaAC Driver Entry Complete. type: %lx", DriverObject->DeviceObject->DeviceType );`
e 2023-08-17 10:45:50 +02:00
			`return status;`
			`}`