mirror-ac/driver/driver.c

183 lines
3.9 KiB
C
Raw Normal View History

2023-08-17 10:45:50 +02:00
#include "driver.h"
#include "common.h"
#include "ioctl.h"
2023-08-20 16:12:04 +02:00
#include "callbacks.h"
2023-08-21 14:40:40 +02:00
#include "hv.h"
2023-08-28 11:17:38 +02:00
#include "pool.h"
2023-08-29 19:36:58 +02:00
#include "thread.h"
2023-08-31 12:33:26 +02:00
#include "modules.h"
2023-08-22 19:32:25 +02:00
#include "integrity.h"
2023-08-24 15:12:49 +02:00
DRIVER_CONFIG config = { 0 };
2023-08-20 16:12:04 +02:00
2023-08-20 17:04:53 +02:00
UNICODE_STRING DEVICE_NAME = RTL_CONSTANT_STRING( L"\\Device\\DonnaAC" );
UNICODE_STRING DEVICE_SYMBOLIC_LINK = RTL_CONSTANT_STRING( L"\\??\\DonnaAC" );
2023-08-24 17:10:40 +02:00
VOID ReadInitialisedConfigFlag(
_Out_ PBOOLEAN Flag
)
{
KeAcquireGuardedMutex( &config.lock );
*Flag = config.initialised;
KeReleaseGuardedMutex( &config.lock );
}
2023-08-24 15:12:49 +02:00
VOID GetProtectedProcessEProcess(
2023-08-30 15:23:04 +02:00
_Out_ PEPROCESS* Process
2023-08-20 16:12:04 +02:00
)
{
2023-08-24 15:12:49 +02:00
KeAcquireGuardedMutex( &config.lock );
2023-08-30 15:23:04 +02:00
*Process = config.protected_process_eprocess;
2023-08-24 15:12:49 +02:00
KeReleaseGuardedMutex( &config.lock );
2023-08-20 16:12:04 +02:00
}
2023-08-24 15:12:49 +02:00
VOID GetProtectedProcessId(
2023-08-24 17:10:40 +02:00
_Out_ PLONG ProcessId
2023-08-20 16:12:04 +02:00
)
{
2023-08-24 15:12:49 +02:00
KeAcquireGuardedMutex( &config.lock );
*ProcessId = config.protected_process_id;
KeReleaseGuardedMutex( &config.lock );
2023-08-20 16:12:04 +02:00
}
2023-08-24 15:25:56 +02:00
VOID ClearDriverConfigOnProcessTermination()
2023-08-20 16:12:04 +02:00
{
2023-08-24 17:10:40 +02:00
DEBUG_LOG( "Process closed, clearing driver configuration" );
2023-08-24 15:12:49 +02:00
KeAcquireGuardedMutex( &config.lock );
config.protected_process_id = NULL;
config.protected_process_eprocess = NULL;
config.initialised = FALSE;
KeReleaseGuardedMutex( &config.lock );
2023-08-20 16:12:04 +02:00
}
2023-08-24 15:12:49 +02:00
NTSTATUS InitialiseDriverConfigOnProcessLaunch(
_In_ PIRP Irp
2023-08-20 16:12:04 +02:00
)
{
2023-08-24 15:12:49 +02:00
NTSTATUS status;
PDRIVER_INITIATION_INFORMATION information;
PEPROCESS eprocess;
information = ( PDRIVER_INITIATION_INFORMATION )Irp->AssociatedIrp.SystemBuffer;
status = PsLookupProcessByProcessId( information->protected_process_id, &eprocess );
if ( !NT_SUCCESS( status ) )
return status;
2023-08-24 17:10:40 +02:00
/*
* acquire the mutex here to prevent a race condition if an unknown party trys
* to fuzz our IOCTL codes whilst the target process launches.
*/
KeAcquireGuardedMutex( &config.lock );
2023-08-24 15:12:49 +02:00
config.protected_process_eprocess = eprocess;
config.protected_process_id = information->protected_process_id;
config.initialised = TRUE;
2023-08-24 17:10:40 +02:00
KeReleaseGuardedMutex( &config.lock );
2023-08-24 15:12:49 +02:00
Irp->IoStatus.Status = status;
return status;
2023-08-20 16:12:04 +02:00
}
2023-08-17 10:45:50 +02:00
VOID DriverUnload(
_In_ PDRIVER_OBJECT DriverObject
)
{
2023-08-24 15:12:49 +02:00
//PsSetCreateProcessNotifyRoutine( ProcessCreateNotifyRoutine, TRUE );
2023-08-17 10:45:50 +02:00
IoDeleteSymbolicLink( &DEVICE_SYMBOLIC_LINK );
2023-08-19 05:36:21 +02:00
IoDeleteDevice( DriverObject->DeviceObject );
2023-08-17 10:45:50 +02:00
}
NTSTATUS DriverEntry(
_In_ PDRIVER_OBJECT DriverObject,
_In_ PUNICODE_STRING RegistryPath
)
{
UNREFERENCED_PARAMETER( RegistryPath );
2023-08-21 11:45:00 +02:00
BOOLEAN flag = FALSE;
2023-08-17 10:45:50 +02:00
NTSTATUS status;
2023-08-24 15:12:49 +02:00
KeInitializeGuardedMutex( &config.lock );
2023-08-17 10:45:50 +02:00
2023-08-24 17:10:40 +02:00
config.initialised = FALSE;
config.protected_process_eprocess = NULL;
config.protected_process_id = NULL;
2023-08-30 15:23:04 +02:00
//HANDLE handle;
//PsCreateSystemThread(
// &handle,
// PROCESS_ALL_ACCESS,
// NULL,
// NULL,
// NULL,
// ValidateKPCRBThreads,
// NULL
//);
//ZwClose( handle );
2023-08-30 13:15:57 +02:00
2023-08-17 10:45:50 +02:00
status = IoCreateDevice(
DriverObject,
NULL,
&DEVICE_NAME,
FILE_DEVICE_UNKNOWN,
FILE_DEVICE_SECURE_OPEN,
FALSE,
&DriverObject->DeviceObject
);
if ( !NT_SUCCESS( status ) )
return STATUS_FAILED_DRIVER_ENTRY;
status = IoCreateSymbolicLink(
&DEVICE_SYMBOLIC_LINK,
&DEVICE_NAME
);
if ( !NT_SUCCESS( status ) )
{
2023-08-20 18:06:21 +02:00
DEBUG_ERROR( "failed to create symbolic link" );
2023-08-19 05:36:21 +02:00
IoDeleteDevice( DriverObject->DeviceObject );
2023-08-17 10:45:50 +02:00
return STATUS_FAILED_DRIVER_ENTRY;
}
DriverObject->MajorFunction[ IRP_MJ_CREATE ] = DeviceCreate;
DriverObject->MajorFunction[ IRP_MJ_CLOSE ] = DeviceClose;
DriverObject->MajorFunction[ IRP_MJ_DEVICE_CONTROL ] = DeviceControl;
DriverObject->DriverUnload = DriverUnload;
2023-08-20 16:12:04 +02:00
InitCallbackReportQueue(&flag);
if ( !flag )
{
2023-08-20 18:06:21 +02:00
DEBUG_ERROR( "failed to init report queue" );
2023-08-20 16:12:04 +02:00
IoDeleteSymbolicLink( &DEVICE_SYMBOLIC_LINK );
IoDeleteDevice( DriverObject->DeviceObject );
return STATUS_FAILED_DRIVER_ENTRY;
2023-08-30 13:15:57 +02:00
}
2023-08-20 16:12:04 +02:00
2023-08-30 13:15:57 +02:00
DEBUG_LOG( "DonnaAC Driver Entry Complete" );
2023-08-17 10:45:50 +02:00
2023-08-31 12:33:26 +02:00
HANDLE handle;
PsCreateSystemThread(
&handle,
PROCESS_ALL_ACCESS,
NULL,
NULL,
NULL,
MapDiskImageIntoVirtualAddressSpace,
NULL
);
ZwClose( handle );
2023-08-30 13:15:57 +02:00
return STATUS_SUCCESS;
2023-08-17 10:45:50 +02:00
}