2023-08-17 10:45:50 +02:00
|
|
|
#include "driver.h"
|
|
|
|
|
|
|
|
#include "common.h"
|
|
|
|
#include "ioctl.h"
|
2023-08-20 16:12:04 +02:00
|
|
|
#include "callbacks.h"
|
|
|
|
|
2023-08-21 14:40:40 +02:00
|
|
|
#include "hv.h"
|
|
|
|
|
2023-08-22 19:32:25 +02:00
|
|
|
#include "integrity.h"
|
|
|
|
|
2023-08-24 15:12:49 +02:00
|
|
|
DRIVER_CONFIG config = { 0 };
|
2023-08-20 16:12:04 +02:00
|
|
|
|
2023-08-20 17:04:53 +02:00
|
|
|
UNICODE_STRING DEVICE_NAME = RTL_CONSTANT_STRING( L"\\Device\\DonnaAC" );
|
|
|
|
UNICODE_STRING DEVICE_SYMBOLIC_LINK = RTL_CONSTANT_STRING( L"\\??\\DonnaAC" );
|
|
|
|
|
2023-08-24 17:10:40 +02:00
|
|
|
VOID ReadInitialisedConfigFlag(
|
|
|
|
_Out_ PBOOLEAN Flag
|
|
|
|
)
|
|
|
|
{
|
|
|
|
KeAcquireGuardedMutex( &config.lock );
|
|
|
|
*Flag = config.initialised;
|
|
|
|
KeReleaseGuardedMutex( &config.lock );
|
|
|
|
}
|
|
|
|
|
2023-08-24 15:12:49 +02:00
|
|
|
VOID GetProtectedProcessEProcess(
|
2023-08-24 17:10:40 +02:00
|
|
|
_Out_ PEPROCESS Process
|
2023-08-20 16:12:04 +02:00
|
|
|
)
|
|
|
|
{
|
2023-08-24 15:12:49 +02:00
|
|
|
KeAcquireGuardedMutex( &config.lock );
|
|
|
|
Process = config.protected_process_eprocess;
|
|
|
|
KeReleaseGuardedMutex( &config.lock );
|
2023-08-20 16:12:04 +02:00
|
|
|
}
|
|
|
|
|
2023-08-24 15:12:49 +02:00
|
|
|
VOID GetProtectedProcessId(
|
2023-08-24 17:10:40 +02:00
|
|
|
_Out_ PLONG ProcessId
|
2023-08-20 16:12:04 +02:00
|
|
|
)
|
|
|
|
{
|
2023-08-24 15:12:49 +02:00
|
|
|
KeAcquireGuardedMutex( &config.lock );
|
|
|
|
*ProcessId = config.protected_process_id;
|
|
|
|
KeReleaseGuardedMutex( &config.lock );
|
2023-08-20 16:12:04 +02:00
|
|
|
}
|
|
|
|
|
2023-08-24 15:25:56 +02:00
|
|
|
VOID ClearDriverConfigOnProcessTermination()
|
2023-08-20 16:12:04 +02:00
|
|
|
{
|
2023-08-24 17:10:40 +02:00
|
|
|
DEBUG_LOG( "Process closed, clearing driver configuration" );
|
2023-08-24 15:12:49 +02:00
|
|
|
KeAcquireGuardedMutex( &config.lock );
|
|
|
|
config.protected_process_id = NULL;
|
|
|
|
config.protected_process_eprocess = NULL;
|
|
|
|
config.initialised = FALSE;
|
|
|
|
KeReleaseGuardedMutex( &config.lock );
|
2023-08-20 16:12:04 +02:00
|
|
|
}
|
|
|
|
|
2023-08-24 15:12:49 +02:00
|
|
|
NTSTATUS InitialiseDriverConfigOnProcessLaunch(
|
|
|
|
_In_ PIRP Irp
|
2023-08-20 16:12:04 +02:00
|
|
|
)
|
|
|
|
{
|
2023-08-24 15:12:49 +02:00
|
|
|
NTSTATUS status;
|
|
|
|
PDRIVER_INITIATION_INFORMATION information;
|
|
|
|
PEPROCESS eprocess;
|
|
|
|
|
|
|
|
information = ( PDRIVER_INITIATION_INFORMATION )Irp->AssociatedIrp.SystemBuffer;
|
|
|
|
|
|
|
|
status = PsLookupProcessByProcessId( information->protected_process_id, &eprocess );
|
|
|
|
|
|
|
|
if ( !NT_SUCCESS( status ) )
|
|
|
|
return status;
|
|
|
|
|
2023-08-24 17:10:40 +02:00
|
|
|
/*
|
|
|
|
* acquire the mutex here to prevent a race condition if an unknown party trys
|
|
|
|
* to fuzz our IOCTL codes whilst the target process launches.
|
|
|
|
*/
|
|
|
|
KeAcquireGuardedMutex( &config.lock );
|
|
|
|
|
2023-08-24 15:12:49 +02:00
|
|
|
config.protected_process_eprocess = eprocess;
|
|
|
|
config.protected_process_id = information->protected_process_id;
|
|
|
|
config.initialised = TRUE;
|
|
|
|
|
2023-08-24 17:10:40 +02:00
|
|
|
KeReleaseGuardedMutex( &config.lock );
|
|
|
|
|
2023-08-24 15:12:49 +02:00
|
|
|
Irp->IoStatus.Status = status;
|
|
|
|
|
|
|
|
return status;
|
2023-08-20 16:12:04 +02:00
|
|
|
}
|
2023-08-17 10:45:50 +02:00
|
|
|
|
|
|
|
VOID DriverUnload(
|
|
|
|
_In_ PDRIVER_OBJECT DriverObject
|
|
|
|
)
|
|
|
|
{
|
2023-08-24 15:12:49 +02:00
|
|
|
//PsSetCreateProcessNotifyRoutine( ProcessCreateNotifyRoutine, TRUE );
|
2023-08-21 11:45:00 +02:00
|
|
|
FreeQueueObjectsAndCleanup();
|
2023-08-17 10:45:50 +02:00
|
|
|
IoDeleteSymbolicLink( &DEVICE_SYMBOLIC_LINK );
|
2023-08-19 05:36:21 +02:00
|
|
|
IoDeleteDevice( DriverObject->DeviceObject );
|
2023-08-17 10:45:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
NTSTATUS DriverEntry(
|
|
|
|
_In_ PDRIVER_OBJECT DriverObject,
|
|
|
|
_In_ PUNICODE_STRING RegistryPath
|
|
|
|
)
|
|
|
|
{
|
|
|
|
UNREFERENCED_PARAMETER( RegistryPath );
|
|
|
|
|
2023-08-21 11:45:00 +02:00
|
|
|
BOOLEAN flag = FALSE;
|
2023-08-17 10:45:50 +02:00
|
|
|
NTSTATUS status;
|
2023-08-24 15:12:49 +02:00
|
|
|
|
|
|
|
KeInitializeGuardedMutex( &config.lock );
|
2023-08-17 10:45:50 +02:00
|
|
|
|
2023-08-24 17:10:40 +02:00
|
|
|
config.initialised = FALSE;
|
|
|
|
config.protected_process_eprocess = NULL;
|
|
|
|
config.protected_process_id = NULL;
|
|
|
|
|
2023-08-27 07:49:59 +02:00
|
|
|
HANDLE handle;
|
|
|
|
PsCreateSystemThread(
|
|
|
|
&handle,
|
|
|
|
PROCESS_ALL_ACCESS,
|
|
|
|
NULL,
|
|
|
|
NULL,
|
|
|
|
NULL,
|
|
|
|
WalkKernelPageTables,
|
|
|
|
NULL
|
|
|
|
);
|
2023-08-26 14:07:06 +02:00
|
|
|
|
2023-08-17 10:45:50 +02:00
|
|
|
status = IoCreateDevice(
|
|
|
|
DriverObject,
|
|
|
|
NULL,
|
|
|
|
&DEVICE_NAME,
|
|
|
|
FILE_DEVICE_UNKNOWN,
|
|
|
|
FILE_DEVICE_SECURE_OPEN,
|
|
|
|
FALSE,
|
|
|
|
&DriverObject->DeviceObject
|
|
|
|
);
|
|
|
|
|
|
|
|
if ( !NT_SUCCESS( status ) )
|
|
|
|
return STATUS_FAILED_DRIVER_ENTRY;
|
|
|
|
|
|
|
|
status = IoCreateSymbolicLink(
|
|
|
|
&DEVICE_SYMBOLIC_LINK,
|
|
|
|
&DEVICE_NAME
|
|
|
|
);
|
|
|
|
|
|
|
|
if ( !NT_SUCCESS( status ) )
|
|
|
|
{
|
2023-08-20 18:06:21 +02:00
|
|
|
DEBUG_ERROR( "failed to create symbolic link" );
|
2023-08-19 05:36:21 +02:00
|
|
|
IoDeleteDevice( DriverObject->DeviceObject );
|
2023-08-17 10:45:50 +02:00
|
|
|
return STATUS_FAILED_DRIVER_ENTRY;
|
|
|
|
}
|
|
|
|
|
|
|
|
DriverObject->MajorFunction[ IRP_MJ_CREATE ] = DeviceCreate;
|
|
|
|
DriverObject->MajorFunction[ IRP_MJ_CLOSE ] = DeviceClose;
|
|
|
|
DriverObject->MajorFunction[ IRP_MJ_DEVICE_CONTROL ] = DeviceControl;
|
|
|
|
DriverObject->DriverUnload = DriverUnload;
|
|
|
|
|
2023-08-20 16:12:04 +02:00
|
|
|
InitCallbackReportQueue(&flag);
|
|
|
|
|
|
|
|
if ( !flag )
|
|
|
|
{
|
2023-08-20 18:06:21 +02:00
|
|
|
DEBUG_ERROR( "failed to init report queue" );
|
2023-08-20 16:12:04 +02:00
|
|
|
IoDeleteSymbolicLink( &DEVICE_SYMBOLIC_LINK );
|
|
|
|
IoDeleteDevice( DriverObject->DeviceObject );
|
|
|
|
return STATUS_FAILED_DRIVER_ENTRY;
|
|
|
|
}
|
|
|
|
|
2023-08-19 17:12:25 +02:00
|
|
|
DEBUG_LOG( "DonnaAC Driver Entry Complete. type: %lx", DriverObject->DeviceObject->DeviceType );
|
2023-08-17 10:45:50 +02:00
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|