noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

refactor driver.c

Browse source
This commit is contained in:
donnaskiez 2024-07-13 20:32:00 +10:00
parent 0e6f4def14
commit 8e68e4e4cc
1 changed files with 89 additions and 146 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

235
driver/driver.c
View file

@ -132,6 +132,14 @@ UINT64 g_DeviceExtensionKey;
*/ */
PDRIVER_CONFIG g_DriverConfig = NULL; PDRIVER_CONFIG g_DriverConfig = NULL;
DECLSPEC_NOINLINE
PDRIVER_CONFIG
GetDecryptedDriverConfig()
{
return (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64(
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
}
#define POOL_TAG_CONFIG 'conf' #define POOL_TAG_CONFIG 'conf'
STATIC STATIC
@ -166,215 +174,178 @@ STATIC
VOID VOID
SetDriverLoadedFlag() SetDriverLoadedFlag()
{ {
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PAGED_CODE();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey); GetDecryptedDriverConfig()->has_driver_loaded = TRUE;
cfg->has_driver_loaded = TRUE;
} }
BCRYPT_ALG_HANDLE* BCRYPT_ALG_HANDLE*
GetCryptHandle_Sha256() GetCryptHandle_Sha256()
{ {
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PAGED_CODE();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey); return &GetDecryptedDriverConfig()->sha256_hash;
return &cfg->sha256_hash;
} }
PRTL_HASHMAP PRTL_HASHMAP
GetProcessHashmap() GetProcessHashmap()
{ {
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PAGED_CODE();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey); return &GetDecryptedDriverConfig()->process_hashmap;
return &cfg->process_hashmap;
} }
BCRYPT_ALG_HANDLE* BCRYPT_ALG_HANDLE*
GetCryptHandle_AES() GetCryptHandle_AES()
{ {
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PAGED_CODE();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey); return &GetDecryptedDriverConfig()->aes_hash;
return &cfg->aes_hash;
} }
BOOLEAN BOOLEAN
HasDriverLoaded() HasDriverLoaded()
{ {
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PAGED_CODE();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey); return GetDecryptedDriverConfig()->has_driver_loaded;
return cfg->has_driver_loaded;
} }
VOID VOID
UnsetNmiInProgressFlag() UnsetNmiInProgressFlag()
{ {
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PAGED_CODE();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey); InterlockedDecrement(&GetDecryptedDriverConfig()->nmi_status);
InterlockedDecrement(&cfg->nmi_status);
} }
BOOLEAN BOOLEAN
IsNmiInProgress() IsNmiInProgress()
{ {
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PAGED_CODE();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey); return InterlockedCompareExchange(
return InterlockedCompareExchange(&cfg->nmi_status, TRUE, FALSE) == 0 &GetDecryptedDriverConfig()->nmi_status, TRUE, FALSE) != 0;
? FALSE
: TRUE;
} }
PSHARED_MAPPING PSHARED_MAPPING
GetSharedMappingConfig() GetSharedMappingConfig()
{ {
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PAGED_CODE();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey); return &GetDecryptedDriverConfig()->mapping;
return &cfg->mapping;
} }
VOID VOID
AcquireDriverConfigLock() AcquireDriverConfigLock()
{ {
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PAGED_CODE();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey); ImpKeAcquireGuardedMutex(&GetDecryptedDriverConfig()->lock);
ImpKeAcquireGuardedMutex(&cfg->lock);
} }
VOID VOID
ReleaseDriverConfigLock() ReleaseDriverConfigLock()
{ {
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PAGED_CODE();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey); ImpKeReleaseGuardedMutex(&GetDecryptedDriverConfig()->lock);
ImpKeReleaseGuardedMutex(&cfg->lock);
} }
PUINT64 PUINT64
GetApcContextArray() GetApcContextArray()
{ {
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PAGED_CODE();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey); return (PUINT64)GetDecryptedDriverConfig()->apc_contexts;
return (PUINT64)cfg->apc_contexts;
} }
BOOLEAN BOOLEAN
IsDriverUnloading() IsDriverUnloading()
{ {
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PAGED_CODE();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey); return InterlockedExchange(&GetDecryptedDriverConfig()->unload_in_progress,
return InterlockedExchange(&cfg->unload_in_progress, GetDecryptedDriverConfig()->unload_in_progress);
cfg->unload_in_progress);
} }
PACTIVE_SESSION PACTIVE_SESSION
GetActiveSession() GetActiveSession()
{ {
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PAGED_CODE();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey); return &GetDecryptedDriverConfig()->session_information;
return &cfg->session_information;
} }
LPCSTR LPCSTR
GetDriverName() GetDriverName()
{ {
PAGED_CODE(); PAGED_CODE();
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( return GetDecryptedDriverConfig()->ansi_driver_name.Buffer;
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
return cfg->ansi_driver_name.Buffer;
} }
PDEVICE_OBJECT PDEVICE_OBJECT
GetDriverDeviceObject() GetDriverDeviceObject()
{ {
PAGED_CODE(); PAGED_CODE();
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( return GetDecryptedDriverConfig()->device_object;
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
return cfg->device_object;
} }
PDRIVER_OBJECT PDRIVER_OBJECT
GetDriverObject() GetDriverObject()
{ {
PAGED_CODE(); PAGED_CODE();
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( return GetDecryptedDriverConfig()->driver_object;
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
return cfg->driver_object;
} }
PIRP_QUEUE_HEAD PIRP_QUEUE_HEAD
GetIrpQueueHead() GetIrpQueueHead()
{ {
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PAGED_CODE();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey); return &GetDecryptedDriverConfig()->irp_queue;
return &cfg->irp_queue;
} }
PSYS_MODULE_VAL_CONTEXT PSYS_MODULE_VAL_CONTEXT
GetSystemModuleValidationContext() GetSystemModuleValidationContext()
{ {
PAGED_CODE(); PAGED_CODE();
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( return &GetDecryptedDriverConfig()->sys_val_context;
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
return &cfg->sys_val_context;
} }
PUNICODE_STRING PUNICODE_STRING
GetDriverPath() GetDriverPath()
{ {
PAGED_CODE(); PAGED_CODE();
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( return &GetDecryptedDriverConfig()->driver_path;
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
return &cfg->driver_path;
} }
PUNICODE_STRING PUNICODE_STRING
GetDriverRegistryPath() GetDriverRegistryPath()
{ {
PAGED_CODE(); PAGED_CODE();
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( return &GetDecryptedDriverConfig()->registry_path;
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
return &cfg->registry_path;
} }
PUNICODE_STRING PUNICODE_STRING
GetDriverDeviceName() GetDriverDeviceName()
{ {
PAGED_CODE(); PAGED_CODE();
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( return &GetDecryptedDriverConfig()->device_name;
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
return &cfg->device_name;
} }
PUNICODE_STRING PUNICODE_STRING
GetDriverSymbolicLink() GetDriverSymbolicLink()
{ {
PAGED_CODE(); PAGED_CODE();
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( return &GetDecryptedDriverConfig()->device_symbolic_link;
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
return &cfg->device_symbolic_link;
} }
PSYSTEM_INFORMATION PSYSTEM_INFORMATION
GetDriverConfigSystemInformation() GetDriverConfigSystemInformation()
{ {
PAGED_CODE(); PAGED_CODE();
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( return &GetDecryptedDriverConfig()->system_information;
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
return &cfg->system_information;
} }
PRB_TREE PRB_TREE
GetThreadTree() GetThreadTree()
{ {
PAGED_CODE(); PAGED_CODE();
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( return &GetDecryptedDriverConfig()->thread_tree;
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
return &cfg->thread_tree;
} }
PDRIVER_LIST_HEAD PDRIVER_LIST_HEAD
GetDriverList() GetDriverList()
{ {
PAGED_CODE(); PAGED_CODE();
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( return &GetDecryptedDriverConfig()->driver_list;
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
return &cfg->driver_list;
} }
/* /*
@ -400,8 +371,7 @@ DrvUnloadFreeConfigStrings()
{ {
PAGED_CODE(); PAGED_CODE();
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PDRIVER_CONFIG cfg = GetDecryptedDriverConfig();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
if (cfg->unicode_driver_name.Buffer) if (cfg->unicode_driver_name.Buffer)
ImpExFreePoolWithTag(cfg->unicode_driver_name.Buffer, POOL_TAG_STRINGS); ImpExFreePoolWithTag(cfg->unicode_driver_name.Buffer, POOL_TAG_STRINGS);
@ -417,11 +387,9 @@ STATIC
VOID VOID
DrvUnloadDeleteSymbolicLink() DrvUnloadDeleteSymbolicLink()
{ {
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( if (GetDecryptedDriverConfig()->device_symbolic_link)
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey); ImpIoDeleteSymbolicLink(
GetDecryptedDriverConfig()->device_symbolic_link);
if (cfg->device_symbolic_link)
ImpIoDeleteSymbolicLink(cfg->device_symbolic_link);
} }
STATIC STATIC
@ -445,9 +413,7 @@ VOID
DrvUnloadFreeTimerObject() DrvUnloadFreeTimerObject()
{ {
PAGED_CODE(); PAGED_CODE();
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( CleanupDriverTimerObjects(&GetDecryptedDriverConfig()->timer);
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
CleanupDriverTimerObjects(&cfg->timer);
} }
STATIC STATIC
@ -463,9 +429,8 @@ VOID
DrvUnloadFreeModuleValidationContext() DrvUnloadFreeModuleValidationContext()
{ {
PAGED_CODE(); PAGED_CODE();
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( CleanupValidationContextOnUnload(
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey); &GetDecryptedDriverConfig()->sys_val_context);
CleanupValidationContextOnUnload(&cfg->sys_val_context);
} }
STATIC STATIC
@ -482,10 +447,7 @@ DriverUnload(_In_ PDRIVER_OBJECT DriverObject)
{ {
DEBUG_VERBOSE("Unloading..."); DEBUG_VERBOSE("Unloading...");
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( InterlockedExchange(&GetDecryptedDriverConfig()->unload_in_progress, TRUE);
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
InterlockedExchange(&cfg->unload_in_progress, TRUE);
while (DrvUnloadFreeAllApcContextStructures() == FALSE) while (DrvUnloadFreeAllApcContextStructures() == FALSE)
YieldProcessor(); YieldProcessor();
@ -623,8 +585,7 @@ RegistryPathQueryCallbackRoutine(IN PWSTR ValueName,
ImpRtlInitUnicodeString(&value_name, ValueName); ImpRtlInitUnicodeString(&value_name, ValueName);
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PDRIVER_CONFIG cfg = GetDecryptedDriverConfig();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
if (ImpRtlCompareUnicodeString(&value_name, &image_path, FALSE) == FALSE) { if (ImpRtlCompareUnicodeString(&value_name, &image_path, FALSE) == FALSE) {
temp_buffer = temp_buffer =
@ -679,8 +640,7 @@ NTSTATUS
GetSystemProcessorType() GetSystemProcessorType()
{ {
UINT32 cpuid[4] = {0}; UINT32 cpuid[4] = {0};
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PDRIVER_CONFIG cfg = GetDecryptedDriverConfig();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
__cpuid(cpuid, 0); __cpuid(cpuid, 0);
@ -715,8 +675,7 @@ NTSTATUS
ParseSmbiosForGivenSystemEnvironment() ParseSmbiosForGivenSystemEnvironment()
{ {
NTSTATUS status = STATUS_UNSUCCESSFUL; NTSTATUS status = STATUS_UNSUCCESSFUL;
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PDRIVER_CONFIG cfg = GetDecryptedDriverConfig();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
status = ParseSMBIOSTable(&cfg->system_information.vendor, status = ParseSMBIOSTable(&cfg->system_information.vendor,
VENDOR_STRING_MAX_LENGTH, VENDOR_STRING_MAX_LENGTH,
@ -769,8 +728,7 @@ NTSTATUS
DrvLoadGatherSystemEnvironmentSettings() DrvLoadGatherSystemEnvironmentSettings()
{ {
NTSTATUS status = STATUS_UNSUCCESSFUL; NTSTATUS status = STATUS_UNSUCCESSFUL;
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PDRIVER_CONFIG cfg = GetDecryptedDriverConfig();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
if (APERFMsrTimingCheck()) if (APERFMsrTimingCheck())
cfg->system_information.virtualised_environment = TRUE; cfg->system_information.virtualised_environment = TRUE;
@ -826,29 +784,28 @@ STATIC
NTSTATUS NTSTATUS
DrvLoadRetrieveDriverNameFromRegistry(_In_ PUNICODE_STRING RegistryPath) DrvLoadRetrieveDriverNameFromRegistry(_In_ PUNICODE_STRING RegistryPath)
{ {
NTSTATUS status = STATUS_UNSUCCESSFUL; NTSTATUS status = STATUS_UNSUCCESSFUL;
RTL_QUERY_REGISTRY_TABLE query_table[3] = {0}; PDRIVER_CONFIG cfg = GetDecryptedDriverConfig();
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( RTL_QUERY_REGISTRY_TABLE query[3] = {0};
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
query_table[0].Flags = RTL_QUERY_REGISTRY_NOEXPAND; query[0].Flags = RTL_QUERY_REGISTRY_NOEXPAND;
query_table[0].Name = L"ImagePath"; query[0].Name = L"ImagePath";
query_table[0].DefaultType = REG_MULTI_SZ; query[0].DefaultType = REG_MULTI_SZ;
query_table[0].DefaultLength = 0; query[0].DefaultLength = 0;
query_table[0].DefaultData = NULL; query[0].DefaultData = NULL;
query_table[0].EntryContext = NULL; query[0].EntryContext = NULL;
query_table[0].QueryRoutine = RegistryPathQueryCallbackRoutine; query[0].QueryRoutine = RegistryPathQueryCallbackRoutine;
query_table[1].Flags = RTL_QUERY_REGISTRY_NOEXPAND; query[1].Flags = RTL_QUERY_REGISTRY_NOEXPAND;
query_table[1].Name = L"DisplayName"; query[1].Name = L"DisplayName";
query_table[1].DefaultType = REG_SZ; query[1].DefaultType = REG_SZ;
query_table[1].DefaultLength = 0; query[1].DefaultLength = 0;
query_table[1].DefaultData = NULL; query[1].DefaultData = NULL;
query_table[1].EntryContext = NULL; query[1].EntryContext = NULL;
query_table[1].QueryRoutine = RegistryPathQueryCallbackRoutine; query[1].QueryRoutine = RegistryPathQueryCallbackRoutine;
status = RtlxQueryRegistryValues( status = RtlxQueryRegistryValues(
RTL_REGISTRY_ABSOLUTE, RegistryPath->Buffer, &query_table, NULL, NULL); RTL_REGISTRY_ABSOLUTE, RegistryPath->Buffer, &query, NULL, NULL);
if (!NT_SUCCESS(status)) { if (!NT_SUCCESS(status)) {
DEBUG_ERROR("RtlxQueryRegistryValues failed with status %x", status); DEBUG_ERROR("RtlxQueryRegistryValues failed with status %x", status);
@ -881,8 +838,7 @@ DrvLoadInitialiseDriverConfig(_In_ PDRIVER_OBJECT DriverObject,
DEBUG_VERBOSE("Initialising driver configuration"); DEBUG_VERBOSE("Initialising driver configuration");
NTSTATUS status = STATUS_UNSUCCESSFUL; NTSTATUS status = STATUS_UNSUCCESSFUL;
PDRIVER_CONFIG cfg = (PDRIVER_CONFIG)CryptDecryptPointerOutOfPlace64( PDRIVER_CONFIG cfg = GetDecryptedDriverConfig();
(PUINT64)&g_DriverConfig, g_DeviceExtensionKey);
ImpKeInitializeGuardedMutex(&cfg->lock); ImpKeInitializeGuardedMutex(&cfg->lock);
@ -950,7 +906,6 @@ DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath)
{ {
BOOLEAN flag = FALSE; BOOLEAN flag = FALSE;
NTSTATUS status = STATUS_UNSUCCESSFUL; NTSTATUS status = STATUS_UNSUCCESSFUL;
UINT64 temp = 0;
DriverObject->MajorFunction[IRP_MJ_CREATE] = DeviceCreate; DriverObject->MajorFunction[IRP_MJ_CREATE] = DeviceCreate;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = DeviceClose; DriverObject->MajorFunction[IRP_MJ_CLOSE] = DeviceClose;
@ -993,9 +948,7 @@ DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath)
DEBUG_ERROR("InitialiseDriverConfigOnDriverEntry failed with status %x", DEBUG_ERROR("InitialiseDriverConfigOnDriverEntry failed with status %x",
status); status);
DrvUnloadFreeConfigStrings(); DrvUnloadFreeConfigStrings();
UINT64 temp = CryptDecryptPointerOutOfPlace64((PUINT64)&g_DriverConfig, ImpIoDeleteDevice(GetDecryptedDriverConfig()->device_object);
g_DeviceExtensionKey);
ImpIoDeleteDevice(((PDRIVER_CONFIG)temp)->device_object);
return status; return status;
} }
@ -1005,23 +958,19 @@ DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath)
DEBUG_ERROR("SessionInitialiseStructure failed with status %x", status); DEBUG_ERROR("SessionInitialiseStructure failed with status %x", status);
DrvUnloadFreeConfigStrings(); DrvUnloadFreeConfigStrings();
DrvUnloadFreeTimerObject(); DrvUnloadFreeTimerObject();
UINT64 temp = CryptDecryptPointerOutOfPlace64((PUINT64)&g_DriverConfig, ImpIoDeleteDevice(GetDecryptedDriverConfig()->device_object);
g_DeviceExtensionKey);
ImpIoDeleteDevice(((PDRIVER_CONFIG)temp)->device_object);
return status; return status;
} }
temp = CryptDecryptPointerOutOfPlace64((PUINT64)&g_DriverConfig, status =
g_DeviceExtensionKey); IoCreateSymbolicLink(GetDecryptedDriverConfig()->device_symbolic_link,
GetDecryptedDriverConfig()->device_name);
status = IoCreateSymbolicLink(((PDRIVER_CONFIG)temp)->device_symbolic_link,
((PDRIVER_CONFIG)temp)->device_name);
if (!NT_SUCCESS(status)) { if (!NT_SUCCESS(status)) {
DEBUG_ERROR("IoCreateSymbolicLink failed with status %x", status); DEBUG_ERROR("IoCreateSymbolicLink failed with status %x", status);
DrvUnloadFreeConfigStrings(); DrvUnloadFreeConfigStrings();
DrvUnloadFreeTimerObject(); DrvUnloadFreeTimerObject();
ImpIoDeleteDevice(((PDRIVER_CONFIG)temp)->device_object); ImpIoDeleteDevice(GetDecryptedDriverConfig()->device_object);
return status; return status;
} }
@ -1032,9 +981,7 @@ DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath)
DrvUnloadFreeConfigStrings(); DrvUnloadFreeConfigStrings();
DrvUnloadFreeTimerObject(); DrvUnloadFreeTimerObject();
DrvUnloadDeleteSymbolicLink(); DrvUnloadDeleteSymbolicLink();
temp = CryptDecryptPointerOutOfPlace64((PUINT64)&g_DriverConfig, ImpIoDeleteDevice(GetDecryptedDriverConfig()->device_object);
g_DeviceExtensionKey);
ImpIoDeleteDevice(((PDRIVER_CONFIG)temp)->device_object);
return status; return status;
} }
@ -1046,9 +993,7 @@ DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath)
DrvUnloadFreeConfigStrings(); DrvUnloadFreeConfigStrings();
DrvUnloadFreeTimerObject(); DrvUnloadFreeTimerObject();
DrvUnloadDeleteSymbolicLink(); DrvUnloadDeleteSymbolicLink();
temp = CryptDecryptPointerOutOfPlace64((PUINT64)&g_DriverConfig, ImpIoDeleteDevice(GetDecryptedDriverConfig()->device_object);
g_DeviceExtensionKey);
ImpIoDeleteDevice(((PDRIVER_CONFIG)temp)->device_object);
return status; return status;
} }
@ -1060,9 +1005,7 @@ DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath)
DrvUnloadFreeConfigStrings(); DrvUnloadFreeConfigStrings();
DrvUnloadFreeTimerObject(); DrvUnloadFreeTimerObject();
DrvUnloadDeleteSymbolicLink(); DrvUnloadDeleteSymbolicLink();
temp = CryptDecryptPointerOutOfPlace64((PUINT64)&g_DriverConfig, ImpIoDeleteDevice(GetDecryptedDriverConfig()->device_object);
g_DeviceExtensionKey);
ImpIoDeleteDevice(((PDRIVER_CONFIG)temp)->device_object);
return status; return status;
} }