├── Callback
├── ModuleLoadCallback
│ ├── ModuleLoadCallback.sln
│ └── ModuleLoadCallback
│ │ ├── ModuleLoadCallback.c
│ │ ├── ModuleLoadCallback.vcproj
│ │ ├── Sources
│ │ ├── makefile
│ │ └── readme.txt
├── ProcessCallback
│ ├── ProcessCallback.sln
│ └── ProcessCallback
│ │ ├── ProcessCallback.c
│ │ ├── ProcessCallback.vcproj
│ │ ├── Sources
│ │ ├── makefile
│ │ └── readme.txt
└── RegFilter
│ ├── RegFilter.sln
│ └── RegFilter
│ ├── RegFilter.c
│ ├── RegFilter.vcproj
│ ├── Sources
│ ├── makefile
│ └── readme.txt
├── DP
├── DP.vcproj
├── DP.vcproj.7.10.old
├── DP.vcproj.MAC.xiao.yang.user
├── DP.vcproj.old
├── DPBitmap.c
├── DPBitmap.h
├── DPMain.c
├── DPMain.h
├── clean.bat
├── makefile
├── my_build.bat
├── my_clean.bat
└── sources
├── Hook
├── hook_smpls
│ ├── hook_smpls.sln
│ ├── hook_smpls.vcproj
│ ├── hook_smpls.vcproj.7.00.old
│ ├── hs_main.c
│ ├── makefile
│ ├── my_build.bat
│ ├── my_clean.bat
│ └── sources
├── lib
│ ├── ssdt_hook_chk_WNET.lib
│ └── xtbl_hook_chk_WNET.lib
├── ssdt_hook
│ ├── makefile
│ ├── my_build.bat
│ ├── my_clean.bat
│ ├── sh_ssdt_hook.c
│ ├── sh_ssdt_hook.h
│ ├── sources
│ ├── ssdt_hook.vcproj
│ └── ssdt_hook.vcproj.7.00.old
└── xtbl_hook
│ ├── makefile
│ ├── my_build.bat
│ ├── my_clean.bat
│ ├── sources
│ ├── xtbl_hook.c
│ ├── xtbl_hook.h
│ ├── xtbl_hook.vcproj
│ └── xtbl_hook.vcproj.7.00.old
├── Kb_sniff_Mp
├── KbRelated.c
├── KbRelated.h
├── Kb_sniffMp.c
├── Kb_sniffMp.h
├── Kb_sniffMp.sln
├── Kb_sniffMp.suo
├── Kb_sniffMp.vcproj
├── Kb_sniffMp.vcproj.7.10.old
├── Kb_sniffMp.vcproj.old
├── MAKEFILE
├── my_build.bat
├── my_clean.bat
└── sources
├── WfpSample
├── WfpSample
│ ├── MAKEFILE
│ ├── Rule.c
│ ├── Rule.h
│ ├── Sources
│ ├── WfpSample.c
│ ├── WfpSample.h
│ ├── WfpSample.vcproj
│ └── readme.txt
└── WfpSampleExe
│ └── WfpSampleExe
│ ├── ReadMe.txt
│ ├── WfpSampleExe.aps
│ ├── WfpSampleExe.cpp
│ ├── WfpSampleExe.h
│ ├── WfpSampleExe.rc
│ ├── WfpSampleExe.vcproj
│ ├── WfpSampleExeDlg.cpp
│ ├── WfpSampleExeDlg.h
│ ├── res
│ ├── WfpSampleExe.ico
│ └── WfpSampleExe.rc2
│ ├── resource.h
│ ├── stdafx.cpp
│ └── stdafx.h
├── comcap
├── comcap.c
├── comcap.h
├── comcap.vcproj
├── comcap.vcproj.7.10.old
├── comcap_tst.h
├── makefile
├── my_build.bat
├── my_clean.bat
└── sources
├── coworker
├── coworker.sln
├── coworker_sys
│ ├── coworker_sys.c
│ ├── coworker_wd.vcproj
│ ├── coworker_wd.vcproj.7.00.old
│ ├── makefile
│ ├── my_build.bat
│ ├── my_clean.bat
│ └── sources
└── coworker_user
│ ├── ReadMe.txt
│ ├── coworker_user.cpp
│ ├── coworker_user.vcproj
│ ├── coworker_user.vcproj.7.00.old
│ ├── stdafx.cpp
│ ├── stdafx.h
│ └── targetver.h
├── coworker2
├── coworker.sln
├── coworker_sys
│ ├── coworker_sys.c
│ ├── coworker_wd.vcproj
│ ├── makefile
│ ├── my_build.bat
│ ├── my_clean.bat
│ └── sources
└── coworker_user
│ ├── ReadMe.txt
│ ├── coworker_user.cpp
│ ├── coworker_user.vcproj
│ ├── stdafx.cpp
│ ├── stdafx.h
│ └── targetver.h
├── crypt_file
├── cf_create.c
├── cf_create.c.bak
├── cf_create.h
├── cf_file_irp.c
├── cf_file_irp.c.bak
├── cf_file_irp.h
├── cf_list.c
├── cf_list.h
├── cf_modify_irp.c
├── cf_modify_irp.c.bak
├── cf_modify_irp.h
├── cf_proc.c
├── cf_proc.c.bak
├── cf_proc.h
├── cf_sfilter.c
├── cf_sfilter.c.bak
├── crypt_file.vcproj
├── crypt_file.vcproj.7.10.old
├── fat_headers
│ ├── fat.h
│ ├── fatstruc.h
│ ├── lfn.h
│ └── nodetype.h
├── makefile
├── my_build.bat
├── my_clean.bat
├── readme.txt
└── sources
├── ctrl2cap
├── ctrl2cap.c
├── ctrl2cap.vcproj
├── ctrl2cap.vcproj.7.10.old
├── ctrl2cap
│ ├── buildfre_wnet_x86.log
│ ├── ctrl2cap.c
│ ├── ctrl2cap.h
│ ├── ctrl2cap.vcproj
│ ├── ctrl2cap.vcproj.7.10.old
│ ├── ctrl2cap.vcproj.NEC-9F096F6DE5D.admin.user
│ ├── ctrl2cap.vcproj.NECAS-SJL.wowocock.user
│ ├── makefile
│ ├── my_build.bat
│ ├── my_clean.bat
│ ├── readme.txt
│ └── sources
├── makefile
├── my_build.bat
├── my_clean.bat
├── readme.txt
└── sources
├── fir.sln
├── first
├── first.c
├── first.vcproj
├── first.vcproj.7.10.old
├── makefile
├── my_build.bat
├── my_clean.bat
├── readme.txt
└── sources
├── inc
├── sfilter
│ └── sfilter.h
└── tdi_fw
│ ├── conn_state.h
│ ├── dispatch.h
│ ├── events.h
│ ├── filter.h
│ ├── ipc.h
│ ├── memtrack.h
│ ├── ndis_hk_ioctl.h
│ ├── net.h
│ ├── obj_tbl.h
│ ├── packet.h
│ ├── pid_pname.h
│ ├── sids.h
│ ├── sock.h
│ ├── tdi_fw.h
│ └── tdi_fw_lib.h
├── lib
├── sfilter_chk_WNET.lib
├── sfilter_fre_WNET.lib
├── sfilter_fre_WXP.lib
├── tdi_fw_chk_WNET.lib
├── tdi_fw_chk_WXP.lib
└── tdi_fw_fre_WNET.lib
├── minifilter
├── NPminifilter.aps
├── NPminifilter.c
├── NPminifilter.h
├── NPminifilter.inf
├── NPminifilter.rc
├── makefile
├── minifilter.vcproj
├── minifilter.vcproj.7.10.old
├── minifilter.vcproj.old
├── my_build.bat
├── my_clean.bat
└── sources
├── minifilter_app
├── NPApp.vcproj
├── NPapp.cpp
├── NPapp.h
├── minifilter_app.vcproj
├── minifilter_app.vcproj.7.10.old
└── minifilter_app.vcproj.old
├── minifilter_dll
├── NPdll.cpp
├── NPdll.def
├── NPdll.h
├── NPminifilter.vcproj
├── minifilter_dll.vcproj
├── minifilter_dll.vcproj.7.10.old
└── minifilter_dll.vcproj.old
├── ndisedge
├── ExCallbk.c
├── Init.c
├── NdisWdm.c
├── NdisWdm.h
├── NdisWdm.rc
├── NuIoUser.h
├── Receive.c
├── Request.c
├── Send.c
├── makefile
├── makefile.inc
├── my_build.bat
├── my_clean.bat
├── ndisedge.inx
├── ndisedge.vcproj
├── ndisedge.vcproj.7.10.old
├── ndiswdm.htm
├── public.h
├── readme.txt
└── sources
├── ndisprot
├── debug.c
├── debug.h
├── excallbk.c
├── macros.h
├── makefile
├── my_build.bat
├── my_clean.bat
├── ndisbind.c
├── ndisprot.h
├── ndisprot.htm
├── ndisprot.inf
├── ndisprot.rc
├── ndisprot.sys
├── ndisprot.vcproj
├── ndisprot.vcproj.7.10.old
├── ntdisp.c
├── nuiouser.h
├── precomp.h
├── readme.txt
├── recv.c
├── send.c
├── sources
└── test
│ ├── buildchk_wnet_x86.log
│ ├── buildchk_wxp_x86.log
│ ├── buildfre_wnet_x86.log
│ ├── buildfre_wxp_x86.log
│ ├── makefile
│ ├── sources
│ └── uiotest.c
├── passthru
├── Hook.c
├── analysispacket.c
├── makefile
├── miniport.c
├── my_build.bat
├── my_clean.bat
├── netsf.inf
├── netsf_m.inf
├── passthru.c
├── passthru.h
├── passthru.htm
├── passthru.rc
├── passthru.suo
├── passthru.sys
├── passthru.vcproj
├── passthru.vcproj.7.10.old
├── passthru.vcproj.old
├── precomp.h
├── protocol.c
└── sources
├── ps2intcap
├── makefile
├── my_build.bat
├── my_clean.bat
├── ps2intcap.c
├── ps2intcap.vcproj
├── ps2intcap.vcproj.7.10.old
├── readme.txt
└── sources
├── ramdisk_wdf
├── makefile
├── makefile.inc
├── my_build.bat
├── my_clean.bat
├── ramdisk.c
├── ramdisk.h
├── ramdisk.htm
├── ramdisk.inx
├── ramdisk.rc
├── ramdisk_wdf.vcproj
├── ramdisk_wdf.vcproj.7.10.old
├── readme.txt
└── sources
├── readme.md
├── sfilter
├── makefile
├── my_build.bat
├── my_build64.bat
├── my_clean.bat
├── my_clean64.bat
├── readme.txt
├── sfilter.c
├── sfilter.h
├── sfilter.inf
├── sfilter.plg
├── sfilter.suo
├── sfilter.vcproj
├── sfilter.vcproj.7.10.old
├── sfilterInstall.cmd
├── sfilterUninstall.cmd
├── sfilterw2k.inf
└── sources
├── sflt_smpl
├── makefile
├── my_build.bat
├── my_clean.bat
├── readme.txt
├── sflt_smpl.c
├── sflt_smpl.vcproj
├── sflt_smpl.vcproj.7.10.old
└── sources
├── tdi_fw
├── MAKEFILE
├── SOURCES
├── conn_state.c
├── conn_state.h
├── disp_conn.c
├── disp_dg.c
├── disp_ev.c
├── disp_obj.c
├── disp_sr.c
├── dispatch.c
├── dispatch.h
├── ev_conn.c
├── ev_dg.c
├── ev_recv.c
├── events.c
├── events.h
├── filter.c
├── filter.h
├── ipc.c
├── ipc.h
├── memtrack.c
├── memtrack.h
├── my_build.bat
├── my_clean.bat
├── ndis_hk_ioctl.h
├── net.h
├── obj_tbl.c
├── obj_tbl.h
├── packet.c
├── packet.h
├── pid_pname.c
├── pid_pname.h
├── readme.txt
├── sids.c
├── sids.h
├── sock.c
├── sock.h
├── tdi_fw.c
├── tdi_fw.h
├── tdi_fw.vcproj
├── tdi_fw.vcproj.7.10.old
└── tdi_fw_lib.h
└── tdifw_smpl
├── makefile
├── my_build.bat
├── my_clean.bat
├── readme.txt
├── sources
├── tdifw_smpl.c
├── tdifw_smpl.vcproj
└── tdifw_smpl.vcproj.7.10.old
/Callback/ModuleLoadCallback/ModuleLoadCallback.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ModuleLoadCallback", "ModuleLoadCallback\ModuleLoadCallback.vcproj", "{F23B7D53-7091-4489-84EC-5677511EB0B3}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {F23B7D53-7091-4489-84EC-5677511EB0B3}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {F23B7D53-7091-4489-84EC-5677511EB0B3}.Debug|Win32.Build.0 = Debug|Win32
14 | {F23B7D53-7091-4489-84EC-5677511EB0B3}.Release|Win32.ActiveCfg = Release|Win32
15 | {F23B7D53-7091-4489-84EC-5677511EB0B3}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/Callback/ModuleLoadCallback/ModuleLoadCallback/ModuleLoadCallback.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/Callback/ModuleLoadCallback/ModuleLoadCallback/ModuleLoadCallback.c
--------------------------------------------------------------------------------
/Callback/ModuleLoadCallback/ModuleLoadCallback/ModuleLoadCallback.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
9 |
10 |
13 |
14 |
15 |
16 |
17 |
23 |
36 |
37 |
43 |
56 |
57 |
58 |
59 |
60 |
61 |
66 |
69 |
70 |
71 |
76 |
77 |
82 |
83 |
86 |
87 |
88 |
89 |
90 |
91 |
--------------------------------------------------------------------------------
/Callback/ModuleLoadCallback/ModuleLoadCallback/Sources:
--------------------------------------------------------------------------------
1 | TARGETTYPE=DRIVER
2 | TARGETNAME=ModuleLoadCallback
3 | SOURCES=ModuleLoadCallback.c
--------------------------------------------------------------------------------
/Callback/ModuleLoadCallback/ModuleLoadCallback/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1998
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | !ENDIF
10 |
11 | #
12 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
13 | # file to this component. This file merely indirects to the real make file
14 | # that is shared by all the components of Windows NT
15 | #
16 |
17 | #
18 | # if building in a DDK environment
19 | #
20 | !IF defined(DDK_TARGET_OS)
21 |
22 | #
23 | # ensure that said build environment is at least Windows XP
24 | # 0x500 == Windows 2000
25 | # 0x501 == Windows XP
26 | # 0x502 == Windows .NET
27 | #
28 | ! IF defined(_NT_TARGET_VERSION) && $(_NT_TARGET_VERSION)>=0x501
29 | ! INCLUDE $(NTMAKEENV)\makefile.def
30 | ! ELSE
31 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
32 | ! ENDIF
33 |
34 | !ELSE
35 |
36 | #
37 | # not a DDK environment, probably RAZZLE, so build
38 | #
39 | ! INCLUDE $(NTMAKEENV)\makefile.def
40 |
41 | !ENDIF
42 |
43 |
--------------------------------------------------------------------------------
/Callback/ModuleLoadCallback/ModuleLoadCallback/readme.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MAKEFILE PROJECT : ModuleLoadCallback Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this ModuleLoadCallback project for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your ModuleLoadCallback project.
9 |
10 |
11 | ModuleLoadCallback.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | This project allows you to build/clean/rebuild from within Visual Studio by calling the commands you have input
18 | in the wizard. The build command can be nmake or any other tool you use.
19 |
20 | This project does not contain any files, so there are none displayed in Solution Explorer.
21 |
22 | /////////////////////////////////////////////////////////////////////////////
23 |
--------------------------------------------------------------------------------
/Callback/ProcessCallback/ProcessCallback.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ProcessCallback", "ProcessCallback\ProcessCallback.vcproj", "{812AE33D-FE93-43E1-9949-EBC349506BCA}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {812AE33D-FE93-43E1-9949-EBC349506BCA}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {812AE33D-FE93-43E1-9949-EBC349506BCA}.Debug|Win32.Build.0 = Debug|Win32
14 | {812AE33D-FE93-43E1-9949-EBC349506BCA}.Release|Win32.ActiveCfg = Release|Win32
15 | {812AE33D-FE93-43E1-9949-EBC349506BCA}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/Callback/ProcessCallback/ProcessCallback/ProcessCallback.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/Callback/ProcessCallback/ProcessCallback/ProcessCallback.c
--------------------------------------------------------------------------------
/Callback/ProcessCallback/ProcessCallback/ProcessCallback.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
9 |
10 |
13 |
14 |
15 |
16 |
17 |
23 |
36 |
37 |
43 |
56 |
57 |
58 |
59 |
60 |
61 |
66 |
69 |
70 |
71 |
76 |
77 |
82 |
83 |
86 |
87 |
88 |
89 |
90 |
91 |
--------------------------------------------------------------------------------
/Callback/ProcessCallback/ProcessCallback/Sources:
--------------------------------------------------------------------------------
1 | TARGETTYPE=DRIVER
2 | LINKER_FLAGS=/integritycheck
3 | TARGETNAME=ProcessCallback
4 | SOURCES=ProcessCallback.c
--------------------------------------------------------------------------------
/Callback/ProcessCallback/ProcessCallback/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1998
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | !ENDIF
10 |
11 | #
12 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
13 | # file to this component. This file merely indirects to the real make file
14 | # that is shared by all the components of Windows NT
15 | #
16 |
17 | #
18 | # if building in a DDK environment
19 | #
20 | !IF defined(DDK_TARGET_OS)
21 |
22 | #
23 | # ensure that said build environment is at least Windows XP
24 | # 0x500 == Windows 2000
25 | # 0x501 == Windows XP
26 | # 0x502 == Windows .NET
27 | #
28 | ! IF defined(_NT_TARGET_VERSION) && $(_NT_TARGET_VERSION)>=0x501
29 | ! INCLUDE $(NTMAKEENV)\makefile.def
30 | ! ELSE
31 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
32 | ! ENDIF
33 |
34 | !ELSE
35 |
36 | #
37 | # not a DDK environment, probably RAZZLE, so build
38 | #
39 | ! INCLUDE $(NTMAKEENV)\makefile.def
40 |
41 | !ENDIF
42 |
43 |
--------------------------------------------------------------------------------
/Callback/ProcessCallback/ProcessCallback/readme.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MAKEFILE PROJECT : ProcessCallback Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this ProcessCallback project for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your ProcessCallback project.
9 |
10 |
11 | ProcessCallback.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | This project allows you to build/clean/rebuild from within Visual Studio by calling the commands you have input
18 | in the wizard. The build command can be nmake or any other tool you use.
19 |
20 | This project does not contain any files, so there are none displayed in Solution Explorer.
21 |
22 | /////////////////////////////////////////////////////////////////////////////
23 |
--------------------------------------------------------------------------------
/Callback/RegFilter/RegFilter.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "RegFilter", "RegFilter\RegFilter.vcproj", "{A0DD90D7-671D-4501-A9C0-F785A92D40BC}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {A0DD90D7-671D-4501-A9C0-F785A92D40BC}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {A0DD90D7-671D-4501-A9C0-F785A92D40BC}.Debug|Win32.Build.0 = Debug|Win32
14 | {A0DD90D7-671D-4501-A9C0-F785A92D40BC}.Release|Win32.ActiveCfg = Release|Win32
15 | {A0DD90D7-671D-4501-A9C0-F785A92D40BC}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/Callback/RegFilter/RegFilter/RegFilter.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/Callback/RegFilter/RegFilter/RegFilter.c
--------------------------------------------------------------------------------
/Callback/RegFilter/RegFilter/RegFilter.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
9 |
10 |
13 |
14 |
15 |
16 |
17 |
23 |
36 |
37 |
43 |
56 |
57 |
58 |
59 |
60 |
61 |
66 |
69 |
70 |
71 |
76 |
77 |
82 |
83 |
86 |
87 |
88 |
89 |
90 |
91 |
--------------------------------------------------------------------------------
/Callback/RegFilter/RegFilter/Sources:
--------------------------------------------------------------------------------
1 | TARGETTYPE=DRIVER
2 | TARGETNAME=RegFilter
3 | SOURCES=RegFilter.c
--------------------------------------------------------------------------------
/Callback/RegFilter/RegFilter/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1998
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | !ENDIF
10 |
11 | #
12 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
13 | # file to this component. This file merely indirects to the real make file
14 | # that is shared by all the components of Windows NT
15 | #
16 |
17 | #
18 | # if building in a DDK environment
19 | #
20 | !IF defined(DDK_TARGET_OS)
21 |
22 | #
23 | # ensure that said build environment is at least Windows XP
24 | # 0x500 == Windows 2000
25 | # 0x501 == Windows XP
26 | # 0x502 == Windows .NET
27 | #
28 | ! IF defined(_NT_TARGET_VERSION) && $(_NT_TARGET_VERSION)>=0x501
29 | ! INCLUDE $(NTMAKEENV)\makefile.def
30 | ! ELSE
31 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
32 | ! ENDIF
33 |
34 | !ELSE
35 |
36 | #
37 | # not a DDK environment, probably RAZZLE, so build
38 | #
39 | ! INCLUDE $(NTMAKEENV)\makefile.def
40 |
41 | !ENDIF
42 |
43 |
--------------------------------------------------------------------------------
/Callback/RegFilter/RegFilter/readme.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MAKEFILE PROJECT : RegFilter Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this RegFilter project for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your RegFilter project.
9 |
10 |
11 | RegFilter.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | This project allows you to build/clean/rebuild from within Visual Studio by calling the commands you have input
18 | in the wizard. The build command can be nmake or any other tool you use.
19 |
20 | This project does not contain any files, so there are none displayed in Solution Explorer.
21 |
22 | /////////////////////////////////////////////////////////////////////////////
23 |
--------------------------------------------------------------------------------
/DP/DP.vcproj.7.10.old:
--------------------------------------------------------------------------------
1 |
2 |
9 |
10 |
12 |
13 |
14 |
19 |
24 |
25 |
30 |
36 |
37 |
38 |
39 |
40 |
41 |
45 |
47 |
48 |
50 |
51 |
53 |
54 |
56 |
57 |
58 |
62 |
64 |
65 |
67 |
68 |
69 |
73 |
74 |
76 |
77 |
78 |
79 |
80 |
81 |
--------------------------------------------------------------------------------
/DP/DPBitmap.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/DP/DPBitmap.c
--------------------------------------------------------------------------------
/DP/DPBitmap.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/DP/DPBitmap.h
--------------------------------------------------------------------------------
/DP/DPMain.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/DP/DPMain.c
--------------------------------------------------------------------------------
/DP/DPMain.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/DP/DPMain.h
--------------------------------------------------------------------------------
/DP/clean.bat:
--------------------------------------------------------------------------------
1 | del BuildLog.htm
2 | del *.ncb
3 | del *.user
4 | del *.log
5 | del *.err
6 | del *.wrn
7 | attrib *.suo -h
8 | del *.suo
9 | rmdir /s /q objchk_w2k_x86
10 | rmdir /s /q objfre_w2k_x86
11 | rmdir /s /q objchk_wxp_x86
12 | rmdir /s /q objfre_wxp_x86
13 | rmdir /s /q objfre_wnet_amd64
14 | rmdir /s /q objchk_wnet_amd64
15 | rmdir /s /q objchk_wlh_x86
16 | rmdir /s /q objfre_wlh_x86
17 | rmdir /s /q objfre_wlh_amd64
18 | rmdir /s /q objchk_wlh_amd64
19 | rmdir /s /q "XP Checked"
20 | rmdir /s /q "XP Free"
21 | rmdir /s /q "VISTA Checked"
22 | rmdir /s /q "VISTA Free"
--------------------------------------------------------------------------------
/DP/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1998
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | !ENDIF
10 |
11 | #
12 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
13 | # file to this component. This file merely indirects to the real make file
14 | # that is shared by all the components of Windows NT
15 | #
16 |
17 | #
18 | # if building in a DDK environment
19 | #
20 | !IF defined(DDK_TARGET_OS)
21 |
22 | #
23 | # ensure that said build environment is at least Windows XP
24 | # 0x500 == Windows 2000
25 | # 0x501 == Windows XP
26 | # 0x502 == Windows .NET
27 | #
28 | ! IF defined(_NT_TARGET_VERSION) && $(_NT_TARGET_VERSION)>=0x501
29 | ! INCLUDE $(NTMAKEENV)\makefile.def
30 | ! ELSE
31 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
32 | ! ENDIF
33 |
34 | !ELSE
35 |
36 | #
37 | # not a DDK environment, probably RAZZLE, so build
38 | #
39 | ! INCLUDE $(NTMAKEENV)\makefile.def
40 |
41 | !ENDIF
42 |
43 |
--------------------------------------------------------------------------------
/DP/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%4"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | @echo on
11 | build
--------------------------------------------------------------------------------
/DP/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/DP/sources:
--------------------------------------------------------------------------------
1 | TARGETNAME=DP
2 | TARGETTYPE=DRIVER
3 |
4 | SOURCES=DPMain.c \
5 | DPBitmap.c
--------------------------------------------------------------------------------
/Hook/hook_smpls/hs_main.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/Hook/hook_smpls/hs_main.c
--------------------------------------------------------------------------------
/Hook/hook_smpls/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1998
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | !ENDIF
10 |
11 | #
12 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
13 | # file to this component. This file merely indirects to the real make file
14 | # that is shared by all the components of Windows NT
15 | #
16 |
17 | #
18 | # if building in a DDK environment
19 | #
20 | !IF defined(DDK_TARGET_OS)
21 |
22 | #
23 | # ensure that said build environment is at least Windows XP
24 | # 0x500 == Windows 2000
25 | # 0x501 == Windows XP
26 | # 0x502 == Windows .NET
27 | #
28 | ! IF defined(_NT_TARGET_VERSION) && $(_NT_TARGET_VERSION)>=0x501
29 | ! INCLUDE $(NTMAKEENV)\makefile.def
30 | ! ELSE
31 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
32 | ! ENDIF
33 |
34 | !ELSE
35 |
36 | #
37 | # not a DDK environment, probably RAZZLE, so build
38 | #
39 | ! INCLUDE $(NTMAKEENV)\makefile.def
40 |
41 | !ENDIF
42 |
43 |
--------------------------------------------------------------------------------
/Hook/hook_smpls/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo 64MOD: %1 is "chk" or "fre". %2 is "WXP" or "W2K" or "WNET". %3 is the module name.%4 is "AMD64" or "IA64". %5 is "\a".
3 | @echo 32MOD: %1 is "chk" or "fre". %2 is "WXP" or "W2K" or "WNET". %3 is the module name.%4 is "\a".
4 |
5 | if "%4"=="/a" call my_clean
6 | if "%5"=="/a" call my_clean
7 |
8 | pushd.
9 | if not "%4" == "/a" call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %4 %2
10 | if "%4" == "/a" call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
11 | popd
12 |
13 | set INCLUDE=%INCLUDE%;%BASEDIR%\inc\ddk\%2;%BASEDIR%\inc\ddk\wdm\%2;..\inc
14 |
15 | @echo on
16 | build
17 |
18 |
--------------------------------------------------------------------------------
/Hook/hook_smpls/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
2 | if exist objfre_wnet_x86 rd /s /q objfre_wnet_x86
3 | if exist objchk_wnet_x86 rd /s /q objchk_wnet_x86
4 | if exist objfre_wxp_x86 rd /s /q objfre_wxp_x86
5 | if exist objchk_wxp_x86 rd /s /q objchk_wxp_x86
6 | if exist objfre_w2k_x86 rd /s /q objfre_w2k_x86
7 | if exist objchk_w2k_x86 rd /s /q objchk_w2k_x86
8 | if exist objfre_wnet_amd64 rd /s /q objfre_wnet_amd64
9 | if exist objchk_wnet_amd64 rd /s /q objchk_wnet_amd64
10 | if exist objfre_wxp_amd64 rd /s /q objfre_wxp_amd64
11 | if exist objchk_wxp_amd64 rd /s /q objchk_wxp_amd64
12 | if exist objfre_w2k_amd64 rd /s /q objfre_w2k_amd64
13 | if exist objchk_w2k_amd64 rd /s /q objchk_w2k_amd64
14 | if exist Debug rd /s /q Debug
15 | if exist Release rd /s /q Release
--------------------------------------------------------------------------------
/Hook/hook_smpls/sources:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1999
4 |
5 | Module Name:
6 |
7 | sources.
8 |
9 | !ENDIF
10 |
11 | TARGETNAME=hook_smpls
12 | TARGETPATH=obj
13 | TARGETTYPE=DRIVER
14 | LINK_LIB_IGNORE=4210
15 |
16 | LIB_POST_FIX=WNET
17 |
18 | !if "$(DDK_TARGET_OS)"=="WinXP"
19 | LIB_POST_FIX=WXP
20 | !endif
21 |
22 | !if "$(DDK_TARGET_OS)"=="Win2K"
23 | LIB_POST_FIX=W2K
24 | !endif
25 |
26 | C_DEFINES = /D_TWCN_WD_
27 | !if "$(_BUILDARCH)"=="AMD64"
28 | C_DEFINES = /DCNTR64 /D_TWCN_WD_
29 | !endif
30 |
31 | INCLUDES=$(INCLUDES);$(IFSKIT_INC_PATH);..\inc;..\..\inc;..\..\..\indep\inc
32 |
33 | SOURCES =hs_main.c
34 |
35 | LIB_POST_FIX=WNET
36 |
37 | !if "$(DDK_TARGET_OS)"=="WinXP"
38 | LIB_POST_FIX=WXP
39 | !endif
40 |
41 | !if "$(DDK_TARGET_OS)"=="Win2K"
42 | LIB_POST_FIX=W2K
43 | !endif
44 |
45 | LIB_ARCH=
46 | !if "$(_BUILDARCH)"=="AMD64"
47 | LIB_ARCH=_AMD64
48 | !endif
49 |
50 | TARGETLIBS= ..\lib\ssdt_hook_$(DDKBUILDENV)_$(LIB_POST_FIX)$(LIB_ARCH).lib \
51 | ..\lib\xtbl_hook_$(DDKBUILDENV)_$(LIB_POST_FIX)$(LIB_ARCH).lib
--------------------------------------------------------------------------------
/Hook/lib/ssdt_hook_chk_WNET.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/Hook/lib/ssdt_hook_chk_WNET.lib
--------------------------------------------------------------------------------
/Hook/lib/xtbl_hook_chk_WNET.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/Hook/lib/xtbl_hook_chk_WNET.lib
--------------------------------------------------------------------------------
/Hook/ssdt_hook/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1998
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | !ENDIF
10 |
11 | #
12 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
13 | # file to this component. This file merely indirects to the real make file
14 | # that is shared by all the components of Windows NT
15 | #
16 |
17 | #
18 | # if building in a DDK environment
19 | #
20 | !IF defined(DDK_TARGET_OS)
21 |
22 | #
23 | # ensure that said build environment is at least Windows XP
24 | # 0x500 == Windows 2000
25 | # 0x501 == Windows XP
26 | # 0x502 == Windows .NET
27 | #
28 | ! IF defined(_NT_TARGET_VERSION) && $(_NT_TARGET_VERSION)>=0x501
29 | ! INCLUDE $(NTMAKEENV)\makefile.def
30 | ! ELSE
31 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
32 | ! ENDIF
33 |
34 | !ELSE
35 |
36 | #
37 | # not a DDK environment, probably RAZZLE, so build
38 | #
39 | ! INCLUDE $(NTMAKEENV)\makefile.def
40 |
41 | !ENDIF
42 |
43 |
--------------------------------------------------------------------------------
/Hook/ssdt_hook/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo 64MOD: %1 is "chk" or "fre". %2 is "WXP" or "W2K" or "WNET". %3 is the module name.%4 is "AMD64" or "IA64". %5 is "\a".
3 | @echo 32MOD: %1 is "chk" or "fre". %2 is "WXP" or "W2K" or "WNET". %3 is the module name.%4 is "\a".
4 |
5 | if "%4"=="/a" call my_clean
6 | if "%5"=="/a" call my_clean
7 |
8 | pushd.
9 | if not "%4" == "/a" call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %4 %2
10 | if "%4" == "/a" call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
11 | popd
12 |
13 | set INCLUDE=%INCLUDE%;%BASEDIR%\inc\ddk\%2;%BASEDIR%\inc\ddk\wdm\%2;..\inc
14 |
15 | @echo on
16 | build
17 |
18 | if not exist ..\inc mkdir ..\inc
19 | if not exist ..\inc\%3 mkdir ..\inc\%3
20 | if not exist ..\lib mkdir ..\lib
21 | copy *.h ..\inc\%3\
22 |
23 |
24 | if "%4"=="" copy .\obj%1_%2_x86\i386\%3.lib ..\lib\%3_%1_%2.lib
25 | if "%4"=="" goto :EOF
26 | if "%4"=="/a" copy .\obj%1_%2_x86\i386\%3.lib ..\lib\%3_%1_%2.lib
27 | if "%4"=="/a" goto :EOF
28 | copy .\obj%1_%2_%_BUILDARCH%\%_BUILDARCH%\%3.lib ..\lib\%3_%1_%2_%_BUILDARCH%.lib
29 |
--------------------------------------------------------------------------------
/Hook/ssdt_hook/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
2 | if exist objfre_wnet_x86 rd /s /q objfre_wnet_x86
3 | if exist objchk_wnet_x86 rd /s /q objchk_wnet_x86
4 | if exist objfre_wxp_x86 rd /s /q objfre_wxp_x86
5 | if exist objchk_wxp_x86 rd /s /q objchk_wxp_x86
6 | if exist objfre_w2k_x86 rd /s /q objfre_w2k_x86
7 | if exist objchk_w2k_x86 rd /s /q objchk_w2k_x86
8 | if exist objfre_wnet_amd64 rd /s /q objfre_wnet_amd64
9 | if exist objchk_wnet_amd64 rd /s /q objchk_wnet_amd64
10 | if exist objfre_wxp_amd64 rd /s /q objfre_wxp_amd64
11 | if exist objchk_wxp_amd64 rd /s /q objchk_wxp_amd64
12 | if exist objfre_w2k_amd64 rd /s /q objfre_w2k_amd64
13 | if exist objchk_w2k_amd64 rd /s /q objchk_w2k_amd64
14 | if exist Debug rd /s /q Debug
15 | if exist Release rd /s /q Release
--------------------------------------------------------------------------------
/Hook/ssdt_hook/sh_ssdt_hook.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/Hook/ssdt_hook/sh_ssdt_hook.c
--------------------------------------------------------------------------------
/Hook/ssdt_hook/sh_ssdt_hook.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/Hook/ssdt_hook/sh_ssdt_hook.h
--------------------------------------------------------------------------------
/Hook/ssdt_hook/sources:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1999
4 |
5 | Module Name:
6 |
7 | sources.
8 |
9 | !ENDIF
10 |
11 | TARGETNAME=ssdt_hook
12 | TARGETPATH=obj
13 | TARGETTYPE=LIBRARY
14 | LINK_LIB_IGNORE=4210
15 |
16 | LIB_POST_FIX=WNET
17 |
18 | !if "$(DDK_TARGET_OS)"=="WinXP"
19 | LIB_POST_FIX=WXP
20 | !endif
21 |
22 | !if "$(DDK_TARGET_OS)"=="Win2K"
23 | LIB_POST_FIX=W2K
24 | !endif
25 |
26 | C_DEFINES = /D_TWCN_WD_
27 | !if "$(_BUILDARCH)"=="AMD64"
28 | C_DEFINES = /DCNTR64 /D_TWCN_WD_
29 | !endif
30 |
31 | INCLUDES=$(INCLUDES);$(IFSKIT_INC_PATH);..\inc;..\..\inc;..\..\..\indep\inc
32 |
33 | SOURCES =sh_ssdt_hook.c
34 |
--------------------------------------------------------------------------------
/Hook/xtbl_hook/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1998
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | !ENDIF
10 |
11 | #
12 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
13 | # file to this component. This file merely indirects to the real make file
14 | # that is shared by all the components of Windows NT
15 | #
16 |
17 | #
18 | # if building in a DDK environment
19 | #
20 | !IF defined(DDK_TARGET_OS)
21 |
22 | #
23 | # ensure that said build environment is at least Windows XP
24 | # 0x500 == Windows 2000
25 | # 0x501 == Windows XP
26 | # 0x502 == Windows .NET
27 | #
28 | ! IF defined(_NT_TARGET_VERSION) && $(_NT_TARGET_VERSION)>=0x501
29 | ! INCLUDE $(NTMAKEENV)\makefile.def
30 | ! ELSE
31 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
32 | ! ENDIF
33 |
34 | !ELSE
35 |
36 | #
37 | # not a DDK environment, probably RAZZLE, so build
38 | #
39 | ! INCLUDE $(NTMAKEENV)\makefile.def
40 |
41 | !ENDIF
42 |
43 |
--------------------------------------------------------------------------------
/Hook/xtbl_hook/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo 64MOD: %1 is "chk" or "fre". %2 is "WXP" or "W2K" or "WNET". %3 is the module name.%4 is "AMD64" or "IA64". %5 is "\a".
3 | @echo 32MOD: %1 is "chk" or "fre". %2 is "WXP" or "W2K" or "WNET". %3 is the module name.%4 is "\a".
4 |
5 | if "%4"=="/a" call my_clean
6 | if "%5"=="/a" call my_clean
7 |
8 | pushd.
9 | if not "%4" == "/a" call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %4 %2
10 | if "%4" == "/a" call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
11 | popd
12 |
13 | set INCLUDE=%INCLUDE%;%BASEDIR%\inc\ddk\%2;%BASEDIR%\inc\ddk\wdm\%2;..\inc
14 |
15 | @echo on
16 | build
17 |
18 | if not exist ..\inc mkdir ..\inc
19 | if not exist ..\inc\%3 mkdir ..\inc\%3
20 | if not exist ..\lib mkdir ..\lib
21 | copy *.h ..\inc\%3\
22 |
23 |
24 | if "%4"=="" copy .\obj%1_%2_x86\i386\%3.lib ..\lib\%3_%1_%2.lib
25 | if "%4"=="" goto :EOF
26 | if "%4"=="/a" copy .\obj%1_%2_x86\i386\%3.lib ..\lib\%3_%1_%2.lib
27 | if "%4"=="/a" goto :EOF
28 | copy .\obj%1_%2_%_BUILDARCH%\%_BUILDARCH%\%3.lib ..\lib\%3_%1_%2_%_BUILDARCH%.lib
29 |
--------------------------------------------------------------------------------
/Hook/xtbl_hook/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
2 | if exist objfre_wnet_x86 rd /s /q objfre_wnet_x86
3 | if exist objchk_wnet_x86 rd /s /q objchk_wnet_x86
4 | if exist objfre_wxp_x86 rd /s /q objfre_wxp_x86
5 | if exist objchk_wxp_x86 rd /s /q objchk_wxp_x86
6 | if exist objfre_w2k_x86 rd /s /q objfre_w2k_x86
7 | if exist objchk_w2k_x86 rd /s /q objchk_w2k_x86
8 | if exist objfre_wnet_amd64 rd /s /q objfre_wnet_amd64
9 | if exist objchk_wnet_amd64 rd /s /q objchk_wnet_amd64
10 | if exist objfre_wxp_amd64 rd /s /q objfre_wxp_amd64
11 | if exist objchk_wxp_amd64 rd /s /q objchk_wxp_amd64
12 | if exist objfre_w2k_amd64 rd /s /q objfre_w2k_amd64
13 | if exist objchk_w2k_amd64 rd /s /q objchk_w2k_amd64
14 | if exist Debug rd /s /q Debug
15 | if exist Release rd /s /q Release
--------------------------------------------------------------------------------
/Hook/xtbl_hook/sources:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1999
4 |
5 | Module Name:
6 |
7 | sources.
8 |
9 | !ENDIF
10 |
11 | TARGETNAME=xtbl_hook
12 | TARGETPATH=obj
13 | TARGETTYPE=LIBRARY
14 | LINK_LIB_IGNORE=4210
15 |
16 | LIB_POST_FIX=WNET
17 |
18 | !if "$(DDK_TARGET_OS)"=="WinXP"
19 | LIB_POST_FIX=WXP
20 | !endif
21 |
22 | !if "$(DDK_TARGET_OS)"=="Win2K"
23 | LIB_POST_FIX=W2K
24 | !endif
25 |
26 | C_DEFINES = /D_TWCN_WD_
27 | !if "$(_BUILDARCH)"=="AMD64"
28 | C_DEFINES = /DCNTR64 /D_TWCN_WD_
29 | !endif
30 |
31 | INCLUDES=$(INCLUDES);$(IFSKIT_INC_PATH);..\inc;..\..\inc;..\..\..\indep\inc
32 |
33 | SOURCES=xtbl_hook.c
34 |
--------------------------------------------------------------------------------
/Hook/xtbl_hook/xtbl_hook.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/Hook/xtbl_hook/xtbl_hook.c
--------------------------------------------------------------------------------
/Hook/xtbl_hook/xtbl_hook.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/Hook/xtbl_hook/xtbl_hook.h
--------------------------------------------------------------------------------
/Kb_sniff_Mp/KbRelated.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/Kb_sniff_Mp/KbRelated.c
--------------------------------------------------------------------------------
/Kb_sniff_Mp/KbRelated.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #define MAX_CHARS 1024*4
4 | //#define MAKELONG(a, b) ((unsigned long) (((unsigned short) (a)) | ((unsigned long) ((unsigned short) (b))) << 16))
5 |
6 | // status register bits
7 | #define IBUFFER_FULL 0x02
8 | #define OBUFFER_FULL 0x01
9 |
10 | // flags for keyboard status
11 | #define S_SHIFT 1
12 | #define S_CAPS 2
13 | #define S_NUM 4
14 |
15 | #define REPLACE_MAKECODE 0x27 //';'
16 | void __stdcall print_keystroke();
--------------------------------------------------------------------------------
/Kb_sniff_Mp/Kb_sniffMp.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include
4 | #include
5 | #include
6 |
7 | #pragma pack (1)
8 | typedef struct _IOAPIC {
9 | UCHAR select;
10 | UCHAR _reserved[15]; // fill up the rest of the space
11 | ULONG data;
12 | } IOAPIC, *PIOAPIC;
13 |
14 | ///////////////////////////////////////////////////
15 | // IDT structures
16 | ///////////////////////////////////////////////////
17 | //#pragma pack(1)
18 |
19 | // entry in the IDT, this is sometimes called
20 | // an "interrupt gate"
21 | typedef struct
22 | {
23 | unsigned short LowOffset;
24 | unsigned short selector;
25 | unsigned char unused_lo;
26 | unsigned char segment_type:4; //0x0E is an interrupt gate
27 | unsigned char system_segment_flag:1;
28 | unsigned char DPL:2; // descriptor privilege level
29 | unsigned char P:1; /* present */
30 | unsigned short HiOffset;
31 | } IDTENTRY;
32 |
33 | /* sidt returns idt in this format */
34 | typedef struct
35 | {
36 | unsigned short IDTLimit;
37 | unsigned short LowIDTbase;
38 | unsigned short HiIDTbase;
39 | unsigned short reserved;
40 | } IDTINFO;
41 |
42 | #pragma pack()
43 | int set_irq1(int intNumber);
44 |
45 | #define PARAMETER_KEY L"\\Parameters"
46 | #define ENABLEWRITEPORT_VALUE L"EnableReplace"
47 | void ReadRegistery(IN PUNICODE_STRING RegistryPath);
48 |
49 | #define DELAY_ONE_MICROSECOND (-10)
50 | #define DELAY_ONE_MILLISECOND (DELAY_ONE_MICROSECOND*1000)
51 | #define DELAY_ONE_SECOND (DELAY_ONE_MILLISECOND*1000)
52 |
53 | #define DEVICE_NAME L"\\Device\\KbSniffMp"
54 | #define LINK_NAME L"\\DosDevices\\KbSniffMp"
55 |
--------------------------------------------------------------------------------
/Kb_sniff_Mp/Kb_sniffMp.sln:
--------------------------------------------------------------------------------
1 | Microsoft Visual Studio Solution File, Format Version 8.00
2 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Kb_sniffMp", "Kb_sniffMp.vcproj", "{5482DCA1-DD2C-4C35-B687-925F9EE42FD8}"
3 | ProjectSection(ProjectDependencies) = postProject
4 | EndProjectSection
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfiguration) = preSolution
8 | Win32 Checked = Win32 Checked
9 | Win32 Free = Win32 Free
10 | EndGlobalSection
11 | GlobalSection(ProjectConfiguration) = postSolution
12 | {5482DCA1-DD2C-4C35-B687-925F9EE42FD8}.Win32 Checked.ActiveCfg = Win32 Checked|Win32
13 | {5482DCA1-DD2C-4C35-B687-925F9EE42FD8}.Win32 Checked.Build.0 = Win32 Checked|Win32
14 | {5482DCA1-DD2C-4C35-B687-925F9EE42FD8}.Win32 Free.ActiveCfg = Win32 Free|Win32
15 | {5482DCA1-DD2C-4C35-B687-925F9EE42FD8}.Win32 Free.Build.0 = Win32 Free|Win32
16 | EndGlobalSection
17 | GlobalSection(ExtensibilityGlobals) = postSolution
18 | EndGlobalSection
19 | GlobalSection(ExtensibilityAddIns) = postSolution
20 | EndGlobalSection
21 | EndGlobal
22 |
--------------------------------------------------------------------------------
/Kb_sniff_Mp/Kb_sniffMp.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/Kb_sniff_Mp/Kb_sniffMp.suo
--------------------------------------------------------------------------------
/Kb_sniff_Mp/Kb_sniffMp.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
10 |
11 |
12 |
18 |
24 |
25 |
31 |
37 |
38 |
39 |
40 |
41 |
42 |
45 |
47 |
48 |
50 |
51 |
52 |
55 |
57 |
58 |
60 |
61 |
62 |
65 |
66 |
68 |
69 |
70 |
71 |
72 |
73 |
--------------------------------------------------------------------------------
/Kb_sniff_Mp/MAKEFILE:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
3 | # file to this component. This file merely indirects to the real make file
4 | # that is shared by all the driver components of the Windows NT DDK
5 | #
6 |
7 | !INCLUDE $(NTMAKEENV)\makefile.def
8 |
--------------------------------------------------------------------------------
/Kb_sniff_Mp/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%4"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | @echo on
11 | build
--------------------------------------------------------------------------------
/Kb_sniff_Mp/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/Kb_sniff_Mp/sources:
--------------------------------------------------------------------------------
1 | TARGETNAME=Kb_sniffMp
2 | TARGETTYPE=DRIVER
3 | SOURCES=Kb_sniffMp.c \
4 | KbRelated.c
5 |
--------------------------------------------------------------------------------
/WfpSample/WfpSample/MAKEFILE:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
3 | # file to this component. This file merely indirects to the real make file
4 | # that is shared by all the driver components of the Windows NT DDK
5 | #
6 |
7 | !INCLUDE $(NTMAKEENV)\makefile.def
8 |
9 | MSC_WARNING_LEVEL=/W3 /WX
10 |
11 |
--------------------------------------------------------------------------------
/WfpSample/WfpSample/Rule.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/WfpSample/WfpSample/Rule.h
--------------------------------------------------------------------------------
/WfpSample/WfpSample/Sources:
--------------------------------------------------------------------------------
1 | TARGETTYPE=DRIVER
2 | TARGETNAME=WfpSample
3 | INCLUDES=\
4 | $(DDK_INC_PATH);
5 |
6 | TARGETLIBS=\
7 | $(DDK_LIB_PATH)\ntoskrnl.lib \
8 | $(DDK_LIB_PATH)\ndis.lib \
9 | $(DDK_LIB_PATH)\fwpkclnt.lib \
10 | $(SDK_LIB_PATH)\uuid.lib
11 |
12 | C_DEFINES=$(C_DEFINES) -DBINARY_COMPATIBLE=0 -DNT -DUNICODE -D_UNICODE -DNDIS60 -DNDIS_SUPPORT_NDIS6
13 | SOURCES = WfpSample.c \
14 | Rule.c
--------------------------------------------------------------------------------
/WfpSample/WfpSample/WfpSample.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/WfpSample/WfpSample/WfpSample.c
--------------------------------------------------------------------------------
/WfpSample/WfpSample/WfpSample.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/WfpSample/WfpSample/WfpSample.h
--------------------------------------------------------------------------------
/WfpSample/WfpSample/readme.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MAKEFILE PROJECT : WfpSample Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this WfpSample project for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your WfpSample project.
9 |
10 |
11 | WfpSample.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | This project allows you to build/clean/rebuild from within Visual Studio by calling the commands you have input
18 | in the wizard. The build command can be nmake or any other tool you use.
19 |
20 | This project does not contain any files, so there are none displayed in Solution Explorer.
21 |
22 | /////////////////////////////////////////////////////////////////////////////
23 |
--------------------------------------------------------------------------------
/WfpSample/WfpSampleExe/WfpSampleExe/WfpSampleExe.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/WfpSample/WfpSampleExe/WfpSampleExe/WfpSampleExe.aps
--------------------------------------------------------------------------------
/WfpSample/WfpSampleExe/WfpSampleExe/WfpSampleExe.cpp:
--------------------------------------------------------------------------------
1 | // WfpSampleExe.cpp : Defines the class behaviors for the application.
2 | //
3 |
4 | #include "stdafx.h"
5 | #include "WfpSampleExe.h"
6 | #include "WfpSampleExeDlg.h"
7 |
8 | #ifdef _DEBUG
9 | #define new DEBUG_NEW
10 | #endif
11 |
12 |
13 | // CWfpSampleExeApp
14 |
15 | BEGIN_MESSAGE_MAP(CWfpSampleExeApp, CWinApp)
16 | ON_COMMAND(ID_HELP, &CWinApp::OnHelp)
17 | END_MESSAGE_MAP()
18 |
19 |
20 | // CWfpSampleExeApp construction
21 |
22 | CWfpSampleExeApp::CWfpSampleExeApp()
23 | {
24 | // TODO: add construction code here,
25 | // Place all significant initialization in InitInstance
26 | }
27 |
28 |
29 | // The one and only CWfpSampleExeApp object
30 |
31 | CWfpSampleExeApp theApp;
32 |
33 |
34 | // CWfpSampleExeApp initialization
35 |
36 | BOOL CWfpSampleExeApp::InitInstance()
37 | {
38 | // InitCommonControlsEx() is required on Windows XP if an application
39 | // manifest specifies use of ComCtl32.dll version 6 or later to enable
40 | // visual styles. Otherwise, any window creation will fail.
41 | INITCOMMONCONTROLSEX InitCtrls;
42 | InitCtrls.dwSize = sizeof(InitCtrls);
43 | // Set this to include all the common control classes you want to use
44 | // in your application.
45 | InitCtrls.dwICC = ICC_WIN95_CLASSES;
46 | InitCommonControlsEx(&InitCtrls);
47 |
48 | CWinApp::InitInstance();
49 |
50 | AfxEnableControlContainer();
51 |
52 | // Standard initialization
53 | // If you are not using these features and wish to reduce the size
54 | // of your final executable, you should remove from the following
55 | // the specific initialization routines you do not need
56 | // Change the registry key under which our settings are stored
57 | // TODO: You should modify this string to be something appropriate
58 | // such as the name of your company or organization
59 | SetRegistryKey(_T("Local AppWizard-Generated Applications"));
60 |
61 | CWfpSampleExeDlg dlg;
62 | m_pMainWnd = &dlg;
63 | INT_PTR nResponse = dlg.DoModal();
64 | if (nResponse == IDOK)
65 | {
66 | // TODO: Place code here to handle when the dialog is
67 | // dismissed with OK
68 | }
69 | else if (nResponse == IDCANCEL)
70 | {
71 | // TODO: Place code here to handle when the dialog is
72 | // dismissed with Cancel
73 | }
74 |
75 | // Since the dialog has been closed, return FALSE so that we exit the
76 | // application, rather than start the application's message pump.
77 | return FALSE;
78 | }
79 |
--------------------------------------------------------------------------------
/WfpSample/WfpSampleExe/WfpSampleExe/WfpSampleExe.h:
--------------------------------------------------------------------------------
1 | // WfpSampleExe.h : main header file for the PROJECT_NAME application
2 | //
3 |
4 | #pragma once
5 |
6 | #ifndef __AFXWIN_H__
7 | #error "include 'stdafx.h' before including this file for PCH"
8 | #endif
9 |
10 | #include "resource.h" // main symbols
11 |
12 |
13 | // CWfpSampleExeApp:
14 | // See WfpSampleExe.cpp for the implementation of this class
15 | //
16 |
17 | class CWfpSampleExeApp : public CWinApp
18 | {
19 | public:
20 | CWfpSampleExeApp();
21 |
22 | // Overrides
23 | public:
24 | virtual BOOL InitInstance();
25 |
26 | // Implementation
27 |
28 | DECLARE_MESSAGE_MAP()
29 | };
30 |
31 | extern CWfpSampleExeApp theApp;
--------------------------------------------------------------------------------
/WfpSample/WfpSampleExe/WfpSampleExe/WfpSampleExe.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/WfpSample/WfpSampleExe/WfpSampleExe/WfpSampleExe.rc
--------------------------------------------------------------------------------
/WfpSample/WfpSampleExe/WfpSampleExe/WfpSampleExeDlg.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/WfpSample/WfpSampleExe/WfpSampleExe/WfpSampleExeDlg.cpp
--------------------------------------------------------------------------------
/WfpSample/WfpSampleExe/WfpSampleExe/WfpSampleExeDlg.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/WfpSample/WfpSampleExe/WfpSampleExe/WfpSampleExeDlg.h
--------------------------------------------------------------------------------
/WfpSample/WfpSampleExe/WfpSampleExe/res/WfpSampleExe.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/WfpSample/WfpSampleExe/WfpSampleExe/res/WfpSampleExe.ico
--------------------------------------------------------------------------------
/WfpSample/WfpSampleExe/WfpSampleExe/res/WfpSampleExe.rc2:
--------------------------------------------------------------------------------
1 | //
2 | // WfpSampleExe.RC2 - resources Microsoft Visual C++ does not edit directly
3 | //
4 |
5 | #ifdef APSTUDIO_INVOKED
6 | #error this file is not editable by Microsoft Visual C++
7 | #endif //APSTUDIO_INVOKED
8 |
9 |
10 | /////////////////////////////////////////////////////////////////////////////
11 | // Add manually edited resources here...
12 |
13 | /////////////////////////////////////////////////////////////////////////////
14 |
--------------------------------------------------------------------------------
/WfpSample/WfpSampleExe/WfpSampleExe/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by WfpSampleExe.rc
4 | //
5 | #define IDM_ABOUTBOX 0x0010
6 | #define IDD_ABOUTBOX 100
7 | #define IDS_ABOUTBOX 101
8 | #define IDD_WFPSAMPLEEXE_DIALOG 102
9 | #define IDR_MAINFRAME 128
10 | #define IDC_EDIT1 1002
11 | #define IDC_EDIT_PORT 1002
12 |
13 | // Next default values for new objects
14 | //
15 | #ifdef APSTUDIO_INVOKED
16 | #ifndef APSTUDIO_READONLY_SYMBOLS
17 | #define _APS_NEXT_RESOURCE_VALUE 129
18 | #define _APS_NEXT_COMMAND_VALUE 32771
19 | #define _APS_NEXT_CONTROL_VALUE 1003
20 | #define _APS_NEXT_SYMED_VALUE 101
21 | #endif
22 | #endif
23 |
--------------------------------------------------------------------------------
/WfpSample/WfpSampleExe/WfpSampleExe/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // WfpSampleExe.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 |
8 |
--------------------------------------------------------------------------------
/comcap/comcap.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/comcap/comcap.c
--------------------------------------------------------------------------------
/comcap/comcap.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/comcap/comcap.h
--------------------------------------------------------------------------------
/comcap/comcap.vcproj.7.10.old:
--------------------------------------------------------------------------------
1 |
2 |
8 |
9 |
11 |
12 |
13 |
18 |
24 |
25 |
30 |
36 |
37 |
38 |
39 |
40 |
41 |
45 |
47 |
48 |
50 |
51 |
53 |
54 |
56 |
57 |
58 |
62 |
63 |
67 |
68 |
70 |
71 |
73 |
74 |
76 |
77 |
78 |
79 |
80 |
81 |
--------------------------------------------------------------------------------
/comcap/comcap_tst.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/comcap/comcap_tst.h
--------------------------------------------------------------------------------
/comcap/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1998
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | !ENDIF
10 |
11 | #
12 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
13 | # file to this component. This file merely indirects to the real make file
14 | # that is shared by all the components of Windows NT
15 | #
16 |
17 | #
18 | # if building in a DDK environment
19 | #
20 | !IF defined(DDK_TARGET_OS)
21 |
22 | #
23 | # ensure that said build environment is at least Windows XP
24 | # 0x500 == Windows 2000
25 | # 0x501 == Windows XP
26 | # 0x502 == Windows .NET
27 | #
28 | ! IF defined(_NT_TARGET_VERSION) && $(_NT_TARGET_VERSION)>=0x501
29 | ! INCLUDE $(NTMAKEENV)\makefile.def
30 | ! ELSE
31 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
32 | ! ENDIF
33 |
34 | !ELSE
35 |
36 | #
37 | # not a DDK environment, probably RAZZLE, so build
38 | #
39 | ! INCLUDE $(NTMAKEENV)\makefile.def
40 |
41 | !ENDIF
42 |
43 |
--------------------------------------------------------------------------------
/comcap/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%4"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | @echo on
11 | build
--------------------------------------------------------------------------------
/comcap/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/comcap/sources:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1999
4 |
5 | Module Name:
6 |
7 | sources.
8 |
9 | !ENDIF
10 |
11 | TARGETNAME=comcap
12 | TARGETPATH=obj
13 | TARGETTYPE=DRIVER
14 | SOURCES =comcap.c
15 |
16 | TARGETLIBS= $(DDK_LIB_PATH)\ntstrsafe.lib
--------------------------------------------------------------------------------
/coworker/coworker.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 10.00
3 | # Visual Studio 2008
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "coworker_user", "coworker_user\coworker_user.vcproj", "{2E6A4A91-61EB-4837-9D9E-4589EF82D833}"
5 | EndProject
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "coworker_wd", "coworker_sys\coworker_wd.vcproj", "{F042CD2F-8B78-4204-8F88-48ED5A686FF6}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Win32 = Debug|Win32
11 | Debug|x64 = Debug|x64
12 | Release|Win32 = Release|Win32
13 | Release|x64 = Release|x64
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {2E6A4A91-61EB-4837-9D9E-4589EF82D833}.Debug|Win32.ActiveCfg = Debug|Win32
17 | {2E6A4A91-61EB-4837-9D9E-4589EF82D833}.Debug|Win32.Build.0 = Debug|Win32
18 | {2E6A4A91-61EB-4837-9D9E-4589EF82D833}.Debug|x64.ActiveCfg = Debug|Win32
19 | {2E6A4A91-61EB-4837-9D9E-4589EF82D833}.Release|Win32.ActiveCfg = Release|Win32
20 | {2E6A4A91-61EB-4837-9D9E-4589EF82D833}.Release|Win32.Build.0 = Release|Win32
21 | {2E6A4A91-61EB-4837-9D9E-4589EF82D833}.Release|x64.ActiveCfg = Release|Win32
22 | {F042CD2F-8B78-4204-8F88-48ED5A686FF6}.Debug|Win32.ActiveCfg = Debug|Win32
23 | {F042CD2F-8B78-4204-8F88-48ED5A686FF6}.Debug|Win32.Build.0 = Debug|Win32
24 | {F042CD2F-8B78-4204-8F88-48ED5A686FF6}.Debug|x64.ActiveCfg = Debug|x64
25 | {F042CD2F-8B78-4204-8F88-48ED5A686FF6}.Debug|x64.Build.0 = Debug|x64
26 | {F042CD2F-8B78-4204-8F88-48ED5A686FF6}.Release|Win32.ActiveCfg = Release|Win32
27 | {F042CD2F-8B78-4204-8F88-48ED5A686FF6}.Release|Win32.Build.0 = Release|Win32
28 | {F042CD2F-8B78-4204-8F88-48ED5A686FF6}.Release|x64.ActiveCfg = Release|x64
29 | {F042CD2F-8B78-4204-8F88-48ED5A686FF6}.Release|x64.Build.0 = Release|x64
30 | EndGlobalSection
31 | GlobalSection(SolutionProperties) = preSolution
32 | HideSolutionNode = FALSE
33 | EndGlobalSection
34 | EndGlobal
35 |
--------------------------------------------------------------------------------
/coworker/coworker_sys/coworker_sys.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/coworker/coworker_sys/coworker_sys.c
--------------------------------------------------------------------------------
/coworker/coworker_sys/makefile:
--------------------------------------------------------------------------------
1 | #
2 | #DO NOT EDIT THIS FILE!!!EDIT .\SOURCES. IF YOU WANT TO ADD A NEW SOURCE
3 | #FILE TO THIS COMPONENT. THIS FILE MERELY INDIRECTS TO THE REAL MAKE FILE
4 | #THAT IS SHARED BY ALL THE DRIVER COMPONENTS OF THE WINDOWS NT DDK
5 | #
6 | !INCLUDE $(NTMAKEENV)\makefile.def
7 |
8 | MSC_WARNING_LEVEL=/W1
9 |
--------------------------------------------------------------------------------
/coworker/coworker_sys/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo 64MOD: %1 is "chk" or "fre". %2 is "WXP" or "W2K" or "WNET". %3 is the module name.%4 is "AMD64" or "IA64". %5 is "\a".
3 | @echo 32MOD: %1 is "chk" or "fre". %2 is "WXP" or "W2K" or "WNET". %3 is the module name.%4 is "\a".
4 |
5 | if "%4"=="/a" call my_clean
6 | if "%5"=="/a" call my_clean
7 |
8 | pushd.
9 | if not "%4" == "/a" call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %4 %2
10 | if "%4" == "/a" call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
11 | popd
12 |
13 | set INCLUDE=%INCLUDE%;%BASEDIR%\inc\ddk\%2;%BASEDIR%\inc\ddk\wdm\%2;..\..\inc;..\..\..\indep\inc
14 |
15 | @echo on
16 | build
17 |
--------------------------------------------------------------------------------
/coworker/coworker_sys/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
2 | if exist objfre_wnet_x86 rd /s /q objfre_wnet_x86
3 | if exist objchk_wnet_x86 rd /s /q objchk_wnet_x86
4 | if exist objfre_wxp_x86 rd /s /q objfre_wxp_x86
5 | if exist objchk_wxp_x86 rd /s /q objchk_wxp_x86
6 | if exist objfre_w2k_x86 rd /s /q objfre_w2k_x86
7 | if exist objchk_w2k_x86 rd /s /q objchk_w2k_x86
8 | if exist objfre_wnet_amd64 rd /s /q objfre_wnet_amd64
9 | if exist objchk_wnet_amd64 rd /s /q objchk_wnet_amd64
10 | if exist objfre_wxp_amd64 rd /s /q objfre_wxp_amd64
11 | if exist objchk_wxp_amd64 rd /s /q objchk_wxp_amd64
12 | if exist objfre_w2k_amd64 rd /s /q objfre_w2k_amd64
13 | if exist objchk_w2k_amd64 rd /s /q objchk_w2k_amd64
14 | if exist Debug rd /s /q Debug
15 | if exist Release rd /s /q Release
--------------------------------------------------------------------------------
/coworker/coworker_sys/sources:
--------------------------------------------------------------------------------
1 | TARGETNAME=coworker_sys
2 | TARGETPATH=obj
3 | TARGETTYPE=DRIVER
4 | INCLUDES=$(INCLUDES);$(IFSKIT_INC_PATH);..\inc
5 | SOURCES=coworker_sys.c
6 | LINK_LIB_IGNORE=4210
7 |
8 | C_DEFINES = /D_TWCN_WD_
9 |
10 | TARGETLIBS=$(DDK_LIB_PATH)\wdmsec.lib \
11 | $(DDK_LIB_PATH)\ntstrsafe.lib
12 |
--------------------------------------------------------------------------------
/coworker/coworker_user/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | 控制台应用程序:coworker_user 项目概述
3 | ========================================================================
4 |
5 | 应用程序向导已为您创建了此 coworker_user 应用程序。
6 |
7 | 本文件概要介绍组成 coworker_user 应用程序的
8 | 的每个文件的内容。
9 |
10 |
11 | coworker_user.vcproj
12 | 这是使用应用程序向导生成的 VC++ 项目的主项目文件,
13 | 其中包含生成该文件的 Visual C++ 的版本信息,以及有关使用应用程序向导选择的平台、配置和项目功能的信息。
14 |
15 | coworker_user.cpp
16 | 这是主应用程序源文件。
17 |
18 | /////////////////////////////////////////////////////////////////////////////
19 | 其他标准文件:
20 |
21 | StdAfx.h, StdAfx.cpp
22 | 这些文件用于生成名为 coworker_user.pch 的预编译头 (PCH) 文件和名为 StdAfx.obj 的预编译类型文件。
23 |
24 | /////////////////////////////////////////////////////////////////////////////
25 | 其他注释:
26 |
27 | 应用程序向导使用“TODO:”注释来指示应添加或自定义的源代码部分。
28 |
29 | /////////////////////////////////////////////////////////////////////////////
--------------------------------------------------------------------------------
/coworker/coworker_user/coworker_user.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/coworker/coworker_user/coworker_user.cpp
--------------------------------------------------------------------------------
/coworker/coworker_user/coworker_user.vcproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/coworker/coworker_user/coworker_user.vcproj
--------------------------------------------------------------------------------
/coworker/coworker_user/coworker_user.vcproj.7.00.old:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/coworker/coworker_user/coworker_user.vcproj.7.00.old
--------------------------------------------------------------------------------
/coworker/coworker_user/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/coworker/coworker_user/stdafx.cpp
--------------------------------------------------------------------------------
/coworker/coworker_user/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/coworker/coworker_user/stdafx.h
--------------------------------------------------------------------------------
/coworker/coworker_user/targetver.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/coworker/coworker_user/targetver.h
--------------------------------------------------------------------------------
/coworker2/coworker.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 10.00
3 | # Visual Studio 2008
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "coworker_user", "coworker_user\coworker_user.vcproj", "{2E6A4A91-61EB-4837-9D9E-4589EF82D833}"
5 | EndProject
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "coworker_wd", "coworker_sys\coworker_wd.vcproj", "{F042CD2F-8B78-4204-8F88-48ED5A686FF6}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Win32 = Debug|Win32
11 | Debug|x64 = Debug|x64
12 | Release|Win32 = Release|Win32
13 | Release|x64 = Release|x64
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {2E6A4A91-61EB-4837-9D9E-4589EF82D833}.Debug|Win32.ActiveCfg = Debug|Win32
17 | {2E6A4A91-61EB-4837-9D9E-4589EF82D833}.Debug|Win32.Build.0 = Debug|Win32
18 | {2E6A4A91-61EB-4837-9D9E-4589EF82D833}.Debug|x64.ActiveCfg = Debug|Win32
19 | {2E6A4A91-61EB-4837-9D9E-4589EF82D833}.Release|Win32.ActiveCfg = Release|Win32
20 | {2E6A4A91-61EB-4837-9D9E-4589EF82D833}.Release|Win32.Build.0 = Release|Win32
21 | {2E6A4A91-61EB-4837-9D9E-4589EF82D833}.Release|x64.ActiveCfg = Release|Win32
22 | {F042CD2F-8B78-4204-8F88-48ED5A686FF6}.Debug|Win32.ActiveCfg = Debug|Win32
23 | {F042CD2F-8B78-4204-8F88-48ED5A686FF6}.Debug|Win32.Build.0 = Debug|Win32
24 | {F042CD2F-8B78-4204-8F88-48ED5A686FF6}.Debug|x64.ActiveCfg = Debug|x64
25 | {F042CD2F-8B78-4204-8F88-48ED5A686FF6}.Debug|x64.Build.0 = Debug|x64
26 | {F042CD2F-8B78-4204-8F88-48ED5A686FF6}.Release|Win32.ActiveCfg = Release|Win32
27 | {F042CD2F-8B78-4204-8F88-48ED5A686FF6}.Release|Win32.Build.0 = Release|Win32
28 | {F042CD2F-8B78-4204-8F88-48ED5A686FF6}.Release|x64.ActiveCfg = Release|x64
29 | {F042CD2F-8B78-4204-8F88-48ED5A686FF6}.Release|x64.Build.0 = Release|x64
30 | EndGlobalSection
31 | GlobalSection(SolutionProperties) = preSolution
32 | HideSolutionNode = FALSE
33 | EndGlobalSection
34 | EndGlobal
35 |
--------------------------------------------------------------------------------
/coworker2/coworker_sys/coworker_sys.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/coworker2/coworker_sys/coworker_sys.c
--------------------------------------------------------------------------------
/coworker2/coworker_sys/makefile:
--------------------------------------------------------------------------------
1 | #
2 | #DO NOT EDIT THIS FILE!!!EDIT .\SOURCES. IF YOU WANT TO ADD A NEW SOURCE
3 | #FILE TO THIS COMPONENT. THIS FILE MERELY INDIRECTS TO THE REAL MAKE FILE
4 | #THAT IS SHARED BY ALL THE DRIVER COMPONENTS OF THE WINDOWS NT DDK
5 | #
6 | !INCLUDE $(NTMAKEENV)\makefile.def
7 |
8 | MSC_WARNING_LEVEL=/W1
9 |
--------------------------------------------------------------------------------
/coworker2/coworker_sys/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo 64MOD: %1 is "chk" or "fre". %2 is "WXP" or "W2K" or "WNET". %3 is the module name.%4 is "AMD64" or "IA64". %5 is "\a".
3 | @echo 32MOD: %1 is "chk" or "fre". %2 is "WXP" or "W2K" or "WNET". %3 is the module name.%4 is "\a".
4 |
5 | if "%4"=="/a" call my_clean
6 | if "%5"=="/a" call my_clean
7 |
8 | pushd.
9 | if not "%4" == "/a" call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %4 %2
10 | if "%4" == "/a" call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
11 | popd
12 |
13 | set INCLUDE=%INCLUDE%;%BASEDIR%\inc\ddk\%2;%BASEDIR%\inc\ddk\wdm\%2;..\..\inc;..\..\..\indep\inc
14 |
15 | @echo on
16 | build
17 |
--------------------------------------------------------------------------------
/coworker2/coworker_sys/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
2 | if exist objfre_wnet_x86 rd /s /q objfre_wnet_x86
3 | if exist objchk_wnet_x86 rd /s /q objchk_wnet_x86
4 | if exist objfre_wxp_x86 rd /s /q objfre_wxp_x86
5 | if exist objchk_wxp_x86 rd /s /q objchk_wxp_x86
6 | if exist objfre_w2k_x86 rd /s /q objfre_w2k_x86
7 | if exist objchk_w2k_x86 rd /s /q objchk_w2k_x86
8 | if exist objfre_wnet_amd64 rd /s /q objfre_wnet_amd64
9 | if exist objchk_wnet_amd64 rd /s /q objchk_wnet_amd64
10 | if exist objfre_wxp_amd64 rd /s /q objfre_wxp_amd64
11 | if exist objchk_wxp_amd64 rd /s /q objchk_wxp_amd64
12 | if exist objfre_w2k_amd64 rd /s /q objfre_w2k_amd64
13 | if exist objchk_w2k_amd64 rd /s /q objchk_w2k_amd64
14 | if exist Debug rd /s /q Debug
15 | if exist Release rd /s /q Release
--------------------------------------------------------------------------------
/coworker2/coworker_sys/sources:
--------------------------------------------------------------------------------
1 | TARGETNAME=coworker_sys
2 | TARGETPATH=obj
3 | TARGETTYPE=DRIVER
4 | INCLUDES=$(INCLUDES);$(IFSKIT_INC_PATH);..\inc
5 | SOURCES=coworker_sys.c
6 | LINK_LIB_IGNORE=4210
7 |
8 | C_DEFINES = /D_TWCN_WD_
9 |
10 | TARGETLIBS=$(DDK_LIB_PATH)\wdmsec.lib \
11 | $(DDK_LIB_PATH)\ntstrsafe.lib
12 |
--------------------------------------------------------------------------------
/coworker2/coworker_user/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | 控制台应用程序:coworker_user 项目概述
3 | ========================================================================
4 |
5 | 应用程序向导已为您创建了此 coworker_user 应用程序。
6 |
7 | 本文件概要介绍组成 coworker_user 应用程序的
8 | 的每个文件的内容。
9 |
10 |
11 | coworker_user.vcproj
12 | 这是使用应用程序向导生成的 VC++ 项目的主项目文件,
13 | 其中包含生成该文件的 Visual C++ 的版本信息,以及有关使用应用程序向导选择的平台、配置和项目功能的信息。
14 |
15 | coworker_user.cpp
16 | 这是主应用程序源文件。
17 |
18 | /////////////////////////////////////////////////////////////////////////////
19 | 其他标准文件:
20 |
21 | StdAfx.h, StdAfx.cpp
22 | 这些文件用于生成名为 coworker_user.pch 的预编译头 (PCH) 文件和名为 StdAfx.obj 的预编译类型文件。
23 |
24 | /////////////////////////////////////////////////////////////////////////////
25 | 其他注释:
26 |
27 | 应用程序向导使用“TODO:”注释来指示应添加或自定义的源代码部分。
28 |
29 | /////////////////////////////////////////////////////////////////////////////
--------------------------------------------------------------------------------
/coworker2/coworker_user/coworker_user.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/coworker2/coworker_user/coworker_user.cpp
--------------------------------------------------------------------------------
/coworker2/coworker_user/coworker_user.vcproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/coworker2/coworker_user/coworker_user.vcproj
--------------------------------------------------------------------------------
/coworker2/coworker_user/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/coworker2/coworker_user/stdafx.cpp
--------------------------------------------------------------------------------
/coworker2/coworker_user/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/coworker2/coworker_user/stdafx.h
--------------------------------------------------------------------------------
/coworker2/coworker_user/targetver.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/coworker2/coworker_user/targetver.h
--------------------------------------------------------------------------------
/crypt_file/cf_create.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/crypt_file/cf_create.c
--------------------------------------------------------------------------------
/crypt_file/cf_create.c.bak:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/crypt_file/cf_create.c.bak
--------------------------------------------------------------------------------
/crypt_file/cf_create.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/crypt_file/cf_create.h
--------------------------------------------------------------------------------
/crypt_file/cf_file_irp.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/crypt_file/cf_file_irp.c
--------------------------------------------------------------------------------
/crypt_file/cf_file_irp.c.bak:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/crypt_file/cf_file_irp.c.bak
--------------------------------------------------------------------------------
/crypt_file/cf_file_irp.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/crypt_file/cf_file_irp.h
--------------------------------------------------------------------------------
/crypt_file/cf_list.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/crypt_file/cf_list.c
--------------------------------------------------------------------------------
/crypt_file/cf_list.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/crypt_file/cf_list.h
--------------------------------------------------------------------------------
/crypt_file/cf_modify_irp.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/crypt_file/cf_modify_irp.c
--------------------------------------------------------------------------------
/crypt_file/cf_modify_irp.c.bak:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/crypt_file/cf_modify_irp.c.bak
--------------------------------------------------------------------------------
/crypt_file/cf_modify_irp.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/crypt_file/cf_modify_irp.h
--------------------------------------------------------------------------------
/crypt_file/cf_proc.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/crypt_file/cf_proc.c
--------------------------------------------------------------------------------
/crypt_file/cf_proc.c.bak:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/crypt_file/cf_proc.c.bak
--------------------------------------------------------------------------------
/crypt_file/cf_proc.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/crypt_file/cf_proc.h
--------------------------------------------------------------------------------
/crypt_file/cf_sfilter.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/crypt_file/cf_sfilter.c
--------------------------------------------------------------------------------
/crypt_file/cf_sfilter.c.bak:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/crypt_file/cf_sfilter.c.bak
--------------------------------------------------------------------------------
/crypt_file/fat_headers/lfn.h:
--------------------------------------------------------------------------------
1 | /*++
2 |
3 | Copyright (c) 1989-2000 Microsoft Corporation
4 |
5 | Module Name:
6 |
7 | Lfn.h
8 |
9 | Abstract:
10 |
11 | This module defines the on-disk structure of long file names on FAT.
12 |
13 |
14 | --*/
15 |
16 | #ifndef _LFN_
17 | #define _LFN_
18 |
19 | //
20 | // This strucure defines the on disk format on long file name dirents.
21 | //
22 |
23 | typedef struct _PACKED_LFN_DIRENT {
24 | UCHAR Ordinal; // offset = 0
25 | UCHAR Name1[10]; // offset = 1 (Really 5 chars, but not WCHAR aligned)
26 | UCHAR Attributes; // offset = 11
27 | UCHAR Type; // offset = 12
28 | UCHAR Checksum; // offset = 13
29 | WCHAR Name2[6]; // offset = 14
30 | USHORT MustBeZero; // offset = 26
31 | WCHAR Name3[2]; // offset = 28
32 | } PACKED_LFN_DIRENT; // sizeof = 32
33 | typedef PACKED_LFN_DIRENT *PPACKED_LFN_DIRENT;
34 |
35 | #define FAT_LAST_LONG_ENTRY 0x40 // Ordinal field
36 | #define FAT_LONG_NAME_COMP 0x0 // Type field
37 |
38 | //
39 | // A packed lfn dirent is already quadword aligned so simply declare a
40 | // lfn dirent as a packed lfn dirent.
41 | //
42 |
43 | typedef PACKED_LFN_DIRENT LFN_DIRENT;
44 | typedef LFN_DIRENT *PLFN_DIRENT;
45 |
46 | //
47 | // This is the largest size buffer we would ever need to read an Lfn
48 | //
49 |
50 | #define MAX_LFN_CHARACTERS 260
51 | #define MAX_LFN_DIRENTS 20
52 |
53 | #define FAT_LFN_DIRENTS_NEEDED(NAME) (((NAME)->Length/sizeof(WCHAR) + 12)/13)
54 |
55 | #endif // _LFN_
56 |
57 |
--------------------------------------------------------------------------------
/crypt_file/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1998
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | !ENDIF
10 |
11 | #
12 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
13 | # file to this component. This file merely indirects to the real make file
14 | # that is shared by all the components of Windows NT
15 | #
16 |
17 | #
18 | # if building in a DDK environment
19 | #
20 | !IF defined(DDK_TARGET_OS)
21 |
22 | #
23 | # ensure that said build environment is at least Windows XP
24 | # 0x500 == Windows 2000
25 | # 0x501 == Windows XP
26 | # 0x502 == Windows .NET
27 | #
28 | ! IF defined(_NT_TARGET_VERSION) && $(_NT_TARGET_VERSION)>=0x501
29 | ! INCLUDE $(NTMAKEENV)\makefile.def
30 | ! ELSE
31 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
32 | ! ENDIF
33 |
34 | !ELSE
35 |
36 | #
37 | # not a DDK environment, probably RAZZLE, so build
38 | #
39 | ! INCLUDE $(NTMAKEENV)\makefile.def
40 |
41 | !ENDIF
42 |
43 |
--------------------------------------------------------------------------------
/crypt_file/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%4"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | @echo on
11 | build
--------------------------------------------------------------------------------
/crypt_file/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/crypt_file/readme.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MAKEFILE PROJECT : crypt_file Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this crypt_file project for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your crypt_file project.
9 |
10 |
11 | crypt_file.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | This project allows you to build/clean/rebuild from within Visual Studio by calling the commands you have input
18 | in the wizard. The build command can be nmake or any other tool you use.
19 |
20 | This project does not contain any files, so there are none displayed in Solution Explorer.
21 |
22 | /////////////////////////////////////////////////////////////////////////////
23 |
--------------------------------------------------------------------------------
/crypt_file/sources:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1999
4 |
5 | Module Name:
6 |
7 | sources.
8 |
9 | !ENDIF
10 |
11 | TARGETNAME=crypt_file
12 | TARGETPATH=obj
13 | TARGETTYPE=DRIVER
14 | DRIVERTYPE=FS
15 | SOURCES=cf_sfilter.c cf_file_irp.c cf_list.c cf_proc.c cf_modify_irp.c cf_create.c
16 |
17 | LIB_POST_FIX=WNET
18 |
19 | !if "$(DDK_TARGET_OS)"=="WinXP"
20 | LIB_POST_FIX=WXP
21 | !endif
22 |
23 | !if "$(DDK_TARGET_OS)"=="Win2K"
24 | LIB_POST_FIX=W2K
25 | !endif
26 |
27 | TARGETLIBS= $(DDK_LIB_PATH)\wdmsec.lib \
28 | $(DDK_LIB_PATH)\ntstrsafe.lib \
29 | ..\lib\sfilter_$(DDKBUILDENV)_$(LIB_POST_FIX).lib
30 |
31 |
32 |
--------------------------------------------------------------------------------
/ctrl2cap/ctrl2cap.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/ctrl2cap/ctrl2cap.c
--------------------------------------------------------------------------------
/ctrl2cap/ctrl2cap.vcproj.7.10.old:
--------------------------------------------------------------------------------
1 |
2 |
8 |
9 |
11 |
12 |
13 |
18 |
24 |
25 |
30 |
36 |
37 |
38 |
39 |
40 |
41 |
45 |
47 |
48 |
50 |
51 |
53 |
54 |
55 |
59 |
60 |
64 |
65 |
67 |
68 |
70 |
71 |
72 |
73 |
74 |
75 |
--------------------------------------------------------------------------------
/ctrl2cap/ctrl2cap/buildfre_wnet_x86.log:
--------------------------------------------------------------------------------
1 | BUILD: Computing Include file dependencies:
2 | BUILD: Examining e:\security\hanjiangsrc\source_code\ctrl2cap directory for files to compile.
3 | oacr invalidate root:x86fre /autocleanqueue
4 | Compiling and Linking e:\security\hanjiangsrc\source_code\ctrl2cap *************
5 | 'nmake.exe /nologo BUILDMSG=Stop. -i BUILD_PASS=PASS2 LINKONLY=1 NOPASS0=1 MAKEDIR_RELATIVE_TO_BASEDIR='
6 | e:\security\hanjiangsrc\source_code\ctrl2cap: TARGETPATH is obj
7 | BUILDMSG: _NT_TARGET_VERSION SET TO WS03
8 |
--------------------------------------------------------------------------------
/ctrl2cap/ctrl2cap/ctrl2cap.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/ctrl2cap/ctrl2cap/ctrl2cap.c
--------------------------------------------------------------------------------
/ctrl2cap/ctrl2cap/ctrl2cap.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/ctrl2cap/ctrl2cap/ctrl2cap.h
--------------------------------------------------------------------------------
/ctrl2cap/ctrl2cap/ctrl2cap.vcproj.7.10.old:
--------------------------------------------------------------------------------
1 |
2 |
8 |
9 |
11 |
12 |
13 |
18 |
24 |
25 |
30 |
36 |
37 |
38 |
39 |
40 |
41 |
45 |
47 |
48 |
50 |
51 |
53 |
54 |
55 |
59 |
60 |
64 |
65 |
67 |
68 |
70 |
71 |
72 |
73 |
74 |
75 |
--------------------------------------------------------------------------------
/ctrl2cap/ctrl2cap/ctrl2cap.vcproj.NEC-9F096F6DE5D.admin.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/ctrl2cap/ctrl2cap/ctrl2cap.vcproj.NECAS-SJL.wowocock.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/ctrl2cap/ctrl2cap/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1998
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | !ENDIF
10 |
11 | #
12 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
13 | # file to this component. This file merely indirects to the real make file
14 | # that is shared by all the components of Windows NT
15 | #
16 |
17 | #
18 | # if building in a DDK environment
19 | #
20 | !IF defined(DDK_TARGET_OS)
21 |
22 | #
23 | # ensure that said build environment is at least Windows XP
24 | # 0x500 == Windows 2000
25 | # 0x501 == Windows XP
26 | # 0x502 == Windows .NET
27 | #
28 | ! IF defined(_NT_TARGET_VERSION) && $(_NT_TARGET_VERSION)>=0x501
29 | ! INCLUDE $(NTMAKEENV)\makefile.def
30 | ! ELSE
31 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
32 | ! ENDIF
33 |
34 | !ELSE
35 |
36 | #
37 | # not a DDK environment, probably RAZZLE, so build
38 | #
39 | ! INCLUDE $(NTMAKEENV)\makefile.def
40 |
41 | !ENDIF
42 |
43 |
--------------------------------------------------------------------------------
/ctrl2cap/ctrl2cap/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%4"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | @echo on
11 | build
--------------------------------------------------------------------------------
/ctrl2cap/ctrl2cap/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/ctrl2cap/ctrl2cap/readme.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MAKEFILE PROJECT : ctrl2cap Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this ctrl2cap project for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your ctrl2cap project.
9 |
10 |
11 | ctrl2cap.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | This project allows you to build/clean/rebuild from within Visual Studio by calling the commands you have input
18 | in the wizard. The build command can be nmake or any other tool you use.
19 |
20 | This project does not contain any files, so there are none displayed in Solution Explorer.
21 |
22 | /////////////////////////////////////////////////////////////////////////////
23 |
--------------------------------------------------------------------------------
/ctrl2cap/ctrl2cap/sources:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1999
4 |
5 | Module Name:
6 |
7 | sources.
8 |
9 | !ENDIF
10 |
11 | TARGETNAME=ctrl2cap
12 | TARGETPATH=obj
13 | TARGETTYPE=DRIVER
14 |
15 | SOURCES =ctrl2cap.c
--------------------------------------------------------------------------------
/ctrl2cap/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1998
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | !ENDIF
10 |
11 | #
12 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
13 | # file to this component. This file merely indirects to the real make file
14 | # that is shared by all the components of Windows NT
15 | #
16 |
17 | #
18 | # if building in a DDK environment
19 | #
20 | !IF defined(DDK_TARGET_OS)
21 |
22 | #
23 | # ensure that said build environment is at least Windows XP
24 | # 0x500 == Windows 2000
25 | # 0x501 == Windows XP
26 | # 0x502 == Windows .NET
27 | #
28 | ! IF defined(_NT_TARGET_VERSION) && $(_NT_TARGET_VERSION)>=0x501
29 | ! INCLUDE $(NTMAKEENV)\makefile.def
30 | ! ELSE
31 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
32 | ! ENDIF
33 |
34 | !ELSE
35 |
36 | #
37 | # not a DDK environment, probably RAZZLE, so build
38 | #
39 | ! INCLUDE $(NTMAKEENV)\makefile.def
40 |
41 | !ENDIF
42 |
43 |
--------------------------------------------------------------------------------
/ctrl2cap/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%4"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | @echo on
11 | build
--------------------------------------------------------------------------------
/ctrl2cap/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/ctrl2cap/readme.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MAKEFILE PROJECT : ctrl2cap Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this ctrl2cap project for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your ctrl2cap project.
9 |
10 |
11 | ctrl2cap.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | This project allows you to build/clean/rebuild from within Visual Studio by calling the commands you have input
18 | in the wizard. The build command can be nmake or any other tool you use.
19 |
20 | This project does not contain any files, so there are none displayed in Solution Explorer.
21 |
22 | /////////////////////////////////////////////////////////////////////////////
23 |
--------------------------------------------------------------------------------
/ctrl2cap/sources:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1999
4 |
5 | Module Name:
6 |
7 | sources.
8 |
9 | !ENDIF
10 |
11 | TARGETNAME=ctrl2cap
12 | TARGETPATH=obj
13 | TARGETTYPE=DRIVER
14 |
15 | SOURCES =ctrl2cap.c
--------------------------------------------------------------------------------
/first/first.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/first/first.c
--------------------------------------------------------------------------------
/first/first.vcproj.7.10.old:
--------------------------------------------------------------------------------
1 |
2 |
8 |
9 |
11 |
12 |
13 |
18 |
24 |
25 |
30 |
36 |
37 |
38 |
39 |
40 |
41 |
45 |
47 |
48 |
50 |
51 |
53 |
54 |
55 |
59 |
60 |
64 |
65 |
67 |
68 |
70 |
71 |
72 |
73 |
74 |
75 |
--------------------------------------------------------------------------------
/first/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1999 - 2002
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | Notes:
10 |
11 | DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
12 | file to this component. This file merely indirects to the real make file
13 | that is shared by all the components of Windows NT (DDK)
14 |
15 | !ENDIF
16 |
17 | !INCLUDE $(NTMAKEENV)\makefile.def
18 |
19 |
--------------------------------------------------------------------------------
/first/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%4"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | @echo on
11 | build
--------------------------------------------------------------------------------
/first/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/first/readme.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MAKEFILE PROJECT : first Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this first project for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your first project.
9 |
10 |
11 | first.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | This project allows you to build/clean/rebuild from within Visual Studio by calling the commands you have input
18 | in the wizard. The build command can be nmake or any other tool you use.
19 |
20 | This project does not contain any files, so there are none displayed in Solution Explorer.
21 |
22 | /////////////////////////////////////////////////////////////////////////////
23 |
--------------------------------------------------------------------------------
/first/sources:
--------------------------------------------------------------------------------
1 | TARGETNAME=first
2 | TARGETTYPE=DRIVER
3 | SOURCES=first.c
4 | TARGETPATH=obj
5 |
--------------------------------------------------------------------------------
/inc/sfilter/sfilter.h:
--------------------------------------------------------------------------------
1 | ///
2 | /// @file sfilter.h
3 | /// @author crazy_chu
4 | /// @date 2007-5-17
5 | ///
6 |
7 | #ifndef _TWCN_SFILTER_HEADER_
8 |
9 | #define _TWCN_SFILTER_HEADER_
10 |
11 | typedef enum{
12 | SF_IRP_GO_ON = 0,
13 | SF_IRP_COMPLETED = 1,
14 | SF_IRP_PASS = 2
15 | } SF_RET;
16 |
17 | extern SF_RET OnSfilterIrpPre(
18 | IN PDEVICE_OBJECT DeviceObject,
19 | IN PDEVICE_OBJECT NextObject,
20 | IN PVOID extension,
21 | IN PIRP Irp,
22 | OUT NTSTATUS *status,
23 | PVOID *context);
24 |
25 | extern VOID OnSfilterIrpPost(
26 | IN PDEVICE_OBJECT DeviceObject,
27 | IN PDEVICE_OBJECT NextObject,
28 | IN PVOID extension,
29 | IN PIRP Irp,
30 | IN NTSTATUS status,
31 | PVOID context);
32 |
33 | extern NTSTATUS OnSfilterDriverEntry(
34 | IN PDRIVER_OBJECT DriverObject,
35 | IN PUNICODE_STRING RegistryPath,
36 | OUT PUNICODE_STRING userNameString,
37 | OUT PUNICODE_STRING syblnkString,
38 | OUT PULONG extensionSize);
39 |
40 | extern VOID OnSfilterDriverUnload();
41 |
42 | extern NTSTATUS OnSfilterCDODispatch(
43 | IN PDEVICE_OBJECT DeviceObject,
44 | IN PIRP Irp);
45 |
46 | extern BOOLEAN OnSfilterAttachPre(
47 | IN PDEVICE_OBJECT ourDevice,
48 | IN PDEVICE_OBJECT theDeviceToAttach,
49 | IN PUNICODE_STRING DeviceName,
50 | IN PVOID extension);
51 |
52 | extern VOID OnSfilterAttachPost(
53 | IN PDEVICE_OBJECT ourDevice,
54 | IN PDEVICE_OBJECT theDeviceToAttach,
55 | IN PDEVICE_OBJECT theDeviceToAttached,
56 | IN PVOID extension,
57 | IN NTSTATUS status);
58 |
59 | extern BOOLEAN OnSfFastIoDeviceControl(
60 | IN PFILE_OBJECT FileObject,
61 | IN PVOID InputBuffer OPTIONAL,
62 | IN ULONG InputBufferLength,
63 | OUT PVOID OutputBuffer OPTIONAL,
64 | IN ULONG OutputBufferLength,
65 | IN ULONG IoControlCode,
66 | OUT PIO_STATUS_BLOCK IoStatus,
67 | IN PDEVICE_OBJECT DeviceObject);
68 |
69 | void sfilterSetCdoAccessForAll();
70 |
71 | #endif //_TWCN_SFILTER_HEADER_
--------------------------------------------------------------------------------
/inc/tdi_fw/conn_state.h:
--------------------------------------------------------------------------------
1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
2 | //
3 | // $Id: conn_state.h,v 1.1 2009/04/28 12:53:27 tanwen Exp $
4 |
5 | #ifndef _conn_state_h_
6 | #define _conn_state_h_
7 |
8 | #include "ipc.h"
9 |
10 | NTSTATUS conn_state_init(void);
11 | void conn_state_free(void);
12 |
13 | /* work with listening ports for all protocols */
14 |
15 | NTSTATUS add_listen(struct ot_entry *ote_addr);
16 |
17 | void del_listen_obj(struct listen_entry *le, BOOLEAN no_guard);
18 |
19 | BOOLEAN is_listen(ULONG addr, USHORT port, int ipproto);
20 |
21 | BOOLEAN is_bcast_listen(ULONG addr, USHORT port, int ipproto);
22 |
23 | NTSTATUS enum_listen(struct listen_nfo *buf, ULONG *buf_len, ULONG buf_size);
24 |
25 | /* work with TCP only connections */
26 |
27 | NTSTATUS add_tcp_conn(struct ot_entry *ote_conn, int tcp_state);
28 | void del_tcp_conn(PFILE_OBJECT connobj, BOOLEAN is_disconnect);
29 |
30 | void del_tcp_conn_obj(struct conn_entry *ce, BOOLEAN no_guard);
31 | void log_disconnect(struct ot_entry *ote_conn);
32 |
33 | NTSTATUS set_tcp_conn_state(PFILE_OBJECT connobj, int state);
34 | NTSTATUS set_tcp_conn_local(PFILE_OBJECT connobj, TA_ADDRESS *local);
35 |
36 | int get_tcp_conn_state(ULONG laddr, USHORT lport, ULONG raddr, USHORT rport);
37 | int get_tcp_conn_state_by_obj(PFILE_OBJECT connobj);
38 |
39 | NTSTATUS enum_tcp_conn(struct tcp_conn_nfo *buf, ULONG *buf_len, ULONG buf_size);
40 |
41 | #endif
42 |
--------------------------------------------------------------------------------
/inc/tdi_fw/dispatch.h:
--------------------------------------------------------------------------------
1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
2 | //
3 | // $Id: dispatch.h,v 1.1 2009/04/28 12:53:27 tanwen Exp $
4 |
5 | #ifndef _dispatch_h_
6 | #define _dispatch_h_
7 |
8 | // information about completion routine
9 | struct completion {
10 | PIO_COMPLETION_ROUTINE routine;
11 | PVOID context;
12 | };
13 |
14 | /*
15 | * TDI ioctl dispatcher function
16 | * returns FILTER_xxx
17 | */
18 | typedef int tdi_ioctl_fn_t(PIRP irp, PIO_STACK_LOCATION irps, struct completion *completion);
19 |
20 | // IRP_MJ_CREATE, IRP_MJ_CLEANUP dispatch routines
21 | extern tdi_ioctl_fn_t tdi_create, tdi_cleanup;
22 |
23 | // IRP_MJ_INTERNAL_DEVICE_CONTROL ioctl dispatch routines
24 | extern tdi_ioctl_fn_t
25 | tdi_associate_address,
26 | tdi_connect,
27 | tdi_disassociate_address,
28 | tdi_set_event_handler,
29 | tdi_send_datagram,
30 | tdi_receive_datagram,
31 | tdi_disconnect,
32 | tdi_send,
33 | tdi_receive,
34 | tdi_deny_stub;
35 |
36 | // helper struct for calling of TDI ioctls
37 | struct tdi_ioctl {
38 | UCHAR MinorFunction;
39 | tdi_ioctl_fn_t *fn;
40 |
41 | #if DBG
42 | // for debugging
43 | const char *desc;
44 | #endif
45 | };
46 |
47 | extern struct tdi_ioctl g_tdi_ioctls[];
48 |
49 | #endif
50 |
--------------------------------------------------------------------------------
/inc/tdi_fw/events.h:
--------------------------------------------------------------------------------
1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
2 | //
3 | // $Id: events.h,v 1.1 2009/04/28 12:53:27 tanwen Exp $
4 |
5 | #ifndef _events_h_
6 | #define _events_h_
7 |
8 | #include "obj_tbl.h"
9 |
10 | NTSTATUS tdi_event_connect(
11 | IN PVOID TdiEventContext,
12 | IN LONG RemoteAddressLength,
13 | IN PVOID RemoteAddress,
14 | IN LONG UserDataLength,
15 | IN PVOID UserData,
16 | IN LONG OptionsLength,
17 | IN PVOID Options,
18 | OUT CONNECTION_CONTEXT *ConnectionContext,
19 | OUT PIRP *AcceptIrp);
20 |
21 | NTSTATUS tdi_event_disconnect(
22 | IN PVOID TdiEventContext,
23 | IN CONNECTION_CONTEXT ConnectionContext,
24 | IN LONG DisconnectDataLength,
25 | IN PVOID DisconnectData,
26 | IN LONG DisconnectInformationLength,
27 | IN PVOID DisconnectInformation,
28 | IN ULONG DisconnectFlags);
29 |
30 | NTSTATUS tdi_event_receive_datagram(
31 | IN PVOID TdiEventContext,
32 | IN LONG SourceAddressLength,
33 | IN PVOID SourceAddress,
34 | IN LONG OptionsLength,
35 | IN PVOID Options,
36 | IN ULONG ReceiveDatagramFlags,
37 | IN ULONG BytesIndicated,
38 | IN ULONG BytesAvailable,
39 | OUT ULONG *BytesTaken,
40 | IN PVOID Tsdu,
41 | OUT PIRP *IoRequestPacket);
42 |
43 | NTSTATUS tdi_event_receive(
44 | IN PVOID TdiEventContext,
45 | IN CONNECTION_CONTEXT ConnectionContext,
46 | IN ULONG ReceiveFlags,
47 | IN ULONG BytesIndicated,
48 | IN ULONG BytesAvailable,
49 | OUT ULONG *BytesTaken,
50 | IN PVOID Tsdu,
51 | OUT PIRP *IoRequestPacket);
52 |
53 | NTSTATUS tdi_event_chained_receive(
54 | IN PVOID TdiEventContext,
55 | IN CONNECTION_CONTEXT ConnectionContext,
56 | IN ULONG ReceiveFlags,
57 | IN ULONG ReceiveLength,
58 | IN ULONG StartingOffset,
59 | IN PMDL Tsdu,
60 | IN PVOID TsduDescriptor);
61 |
62 | // helper struct for calling one of the handlers
63 | struct tdi_event_handler {
64 | LONG event;
65 | PVOID handler;
66 | };
67 |
68 | extern struct tdi_event_handler g_tdi_event_handlers[];
69 |
70 | #endif
71 |
--------------------------------------------------------------------------------
/inc/tdi_fw/filter.h:
--------------------------------------------------------------------------------
1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
2 | *
3 | * Redistribution and use in source forms, with and without modification,
4 | * are permitted provided that this entire comment appears intact.
5 | *
6 | * Redistribution in binary form may occur without any restrictions.
7 | *
8 | * This software is provided ``AS IS'' without any warranties of any kind.
9 | */
10 |
11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
12 | //
13 | // $Id: filter.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $
14 |
15 | #ifndef _filter_h_
16 | #define _filter_h_
17 |
18 | #include "ipc.h"
19 |
20 | NTSTATUS filter_init(void);
21 | NTSTATUS filter_init_2(void);
22 |
23 | void filter_free(void);
24 | void filter_free_2(void);
25 |
26 | NTSTATUS add_flt_rule(int chain, const struct flt_rule *rule);
27 | NTSTATUS clear_flt_chain(int chain);
28 | NTSTATUS activate_flt_chain(int chain);
29 | NTSTATUS set_chain_pname(int chain, char *pname);
30 | NTSTATUS set_pid_pname(ULONG pid, char *pname);
31 |
32 | BOOLEAN default_chain_only(void);
33 |
34 | int quick_filter(struct flt_request *request, struct flt_rule *rule);
35 |
36 | BOOLEAN log_request(struct flt_request *request);
37 | ULONG get_request(char *buf, ULONG buf_size);
38 |
39 | #endif
40 |
--------------------------------------------------------------------------------
/inc/tdi_fw/memtrack.h:
--------------------------------------------------------------------------------
1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
2 | *
3 | * Redistribution and use in source forms, with and without modification,
4 | * are permitted provided that this entire comment appears intact.
5 | *
6 | * Redistribution in binary form may occur without any restrictions.
7 | *
8 | * This software is provided ``AS IS'' without any warranties of any kind.
9 | */
10 |
11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
12 | //
13 | // $Id: memtrack.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $
14 |
15 | #ifndef _memtrack_h_
16 | #define _memtrack_h_
17 |
18 | #define MEM_TAG '1VRD'
19 |
20 | #if DBG
21 |
22 | void memtrack_init(void);
23 | void memtrack_free(void);
24 |
25 | void *mt_malloc(ULONG size, const char *file, ULONG line);
26 |
27 | // allocate memory from nonpaged pool
28 | #define malloc_np(size) mt_malloc((size), __FILE__, __LINE__)
29 |
30 | void free(void *ptr);
31 |
32 | // debug macro
33 | #define _TEST_ME_ __asm int 3
34 |
35 | #else /* DBG */
36 |
37 | #define memtrack_init()
38 | #define memtrack_free()
39 |
40 | #define malloc_np(size) ExAllocatePoolWithTag(NonPagedPool, (size), MEM_TAG)
41 | #define free(ptr) ExFreePool(ptr)
42 |
43 |
44 | #define _TEST_ME_
45 |
46 | #endif /* DBG */
47 |
48 | #endif
49 |
--------------------------------------------------------------------------------
/inc/tdi_fw/net.h:
--------------------------------------------------------------------------------
1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
2 | //
3 | // $Id: net.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $
4 |
5 | #ifndef _net_h_
6 | #define _net_h_
7 |
8 | /*
9 | * network definitions
10 | */
11 |
12 | #pragma pack(1)
13 |
14 | struct ether_hdr {
15 | UCHAR ether_dhost[6];
16 | UCHAR ether_shost[6];
17 | USHORT ether_type;
18 | };
19 |
20 | #define ETHERTYPE_IP 0x0800 /* IP protocol */
21 |
22 | #define IP_DF 0x4000 /* dont fragment flag */
23 | #define IP_MF 0x2000 /* more fragments flag */
24 | #define IP_OFFMASK 0x1fff /* mask for fragmenting bits */
25 |
26 | struct ip_hdr {
27 | UCHAR ip_hl:4; /* header length */
28 | UCHAR ip_v:4; /* version */
29 | UCHAR ip_tos; /* type of service */
30 | USHORT ip_len; /* total length */
31 | USHORT ip_id; /* identification */
32 | USHORT ip_off; /* fragment offset field */
33 | UCHAR ip_ttl; /* time to live */
34 | UCHAR ip_p; /* protocol */
35 | USHORT ip_sum; /* checksum */
36 | ULONG ip_src; /* source address */
37 | ULONG ip_dst; /* dest address */
38 | };
39 |
40 | struct icmp_hdr {
41 | UCHAR icmp_type; /* type of message */
42 | UCHAR icmp_code; /* type sub code */
43 | USHORT icmp_cksum; /* ones complement cksum of struct */
44 | };
45 |
46 | struct udp_hdr {
47 | USHORT uh_sport; /* source port */
48 | USHORT uh_dport; /* destination port */
49 | USHORT uh_ulen; /* udp length */
50 | USHORT uh_sum; /* udp checksum */
51 | };
52 |
53 | #define TH_FIN 0x01
54 | #define TH_SYN 0x02
55 | #define TH_RST 0x04
56 | #define TH_PUSH 0x08
57 | #define TH_ACK 0x10
58 | #define TH_URG 0x20
59 |
60 | struct tcp_hdr {
61 | USHORT th_sport; /* source port */
62 | USHORT th_dport; /* destination port */
63 | ULONG th_seq; /* sequence number */
64 | ULONG th_ack; /* acknowledgement number */
65 |
66 | UCHAR th_x2:4; /* (unused) */
67 | UCHAR th_off:4; /* data offset */
68 | UCHAR th_flags;
69 |
70 | USHORT th_win; /* window */
71 | USHORT th_sum; /* checksum */
72 | USHORT th_urp; /* urgent pointer */
73 | };
74 |
75 | #pragma pack()
76 |
77 | #endif
78 |
--------------------------------------------------------------------------------
/inc/tdi_fw/packet.h:
--------------------------------------------------------------------------------
1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
2 | //
3 | // $Id: packet.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $
4 |
5 | #ifndef _packet_h_
6 | #define _packet_h_
7 |
8 | NTSTATUS init_packet(void);
9 | void free_packet(void);
10 |
11 | #endif
12 |
--------------------------------------------------------------------------------
/inc/tdi_fw/pid_pname.h:
--------------------------------------------------------------------------------
1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
2 | //
3 | // $Id: pid_pname.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $
4 |
5 | #ifndef _pid_pname_h_
6 | #define _pid_pname_h_
7 |
8 | void pid_pname_init(void);
9 | void pid_pname_free(void);
10 |
11 | BOOLEAN pid_pname_resolve(ULONG pid, char *buf, int buf_size);
12 |
13 | NTSTATUS pid_pname_set_event(ULONG pid, KEVENT *event);
14 |
15 | NTSTATUS pid_pname_set(ULONG pid, const char *pname, int context);
16 | int pid_pname_get_context(ULONG pid);
17 |
18 | #endif
19 |
--------------------------------------------------------------------------------
/inc/tdi_fw/sids.h:
--------------------------------------------------------------------------------
1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
2 | *
3 | * Redistribution and use in source forms, with and without modification,
4 | * are permitted provided that this entire comment appears intact.
5 | *
6 | * Redistribution in binary form may occur without any restrictions.
7 | *
8 | * This software is provided ``AS IS'' without any warranties of any kind.
9 | */
10 |
11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
12 | //
13 | // $Id: sids.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $
14 |
15 | #ifndef _sids_h_
16 | #define _sids_h_
17 |
18 | /* SID stuff */
19 |
20 | struct _SID_AND_ATTRIBUTES *get_current_sid_a(ULONG *sid_a_size);
21 | struct _SID_AND_ATTRIBUTES *copy_sid_a(struct _SID_AND_ATTRIBUTES *sid_a, ULONG sid_a_size);
22 |
23 | void sids_init(void);
24 |
25 | int get_sid_id(struct _SID_AND_ATTRIBUTES *sid_a, ULONG sid_a_size);
26 |
27 | /* size can be NULL; buf is ULONG sid_len; SID ... */
28 | NTSTATUS set_sid_list(char *buf, ULONG size);
29 |
30 | #endif
31 |
--------------------------------------------------------------------------------
/inc/tdi_fw/tdi_fw_lib.h:
--------------------------------------------------------------------------------
1 | /**
2 | * @file tdi_fw_lib
3 | * @author tan wen
4 | * @brief I add this file to simplise the including of tdi_fw.lib's
5 | * header file. tdi_fw.lib is a library based on tdi_fw. You
6 | * can link this library to build a tdi filter driver easily.
7 | */
8 |
9 | #ifndef _TDI_FW_LIB_HEADER_
10 | #define _TDI_FW_LIB_HEADER_
11 |
12 | #include
13 | #include
14 | #include "net.h"
15 | #include "sock.h"
16 | #include "ipc.h"
17 |
18 | /** If you use tdi_fw.lib to build your tdi filter driver, you must write
19 | * tdifw_driver_entry(), tdifw_driver_unload(), tdifw_user_device_dispatch(),
20 | * tdifw_filter(). You can't change these function's name or use their name
21 | * to define other functions or vals. These functions' prototypes are as below.
22 | */
23 |
24 | /** tdifw_driver_entry is just like DriverEntry. tdi_fw.lib already havs the
25 | * function which named DriverEntry. So when you is using tdi_fw.lib to develop
26 | * a tdi neckwork filter, use tdifw_driver_entry instead. Don't to set driver's
27 | * dispatch function here. tdi_fw has used them. But if you create any device
28 | * here, you may use tdifw_register_user_device() to resigter them. When any
29 | * irp is sending to your devices, tdifw_user_device_dispatch() will be called.
30 | * You can dispatch your irp here.
31 | */
32 | extern NTSTATUS
33 | tdifw_driver_entry(
34 | IN PDRIVER_OBJECT theDriverObject,
35 | IN PUNICODE_STRING theRegistryPath);
36 |
37 | /** tdifw_driver_unload is just like DriverUnload. It will be called when this
38 | * driver is unloading. Delete all devices you created and free memory you
39 | * allocated here.
40 | */
41 | extern VOID
42 | tdifw_driver_unload(
43 | IN PDRIVER_OBJECT DriverObject);
44 |
45 | /** tdifw_user_device_dispatch() will be called when any device which you
46 | * have created and used tdifw_register_user_device() to register got any
47 | * irp. You should complete any such irp here. Don't passthru.
48 | */
49 | extern NTSTATUS tdifw_user_device_dispatch(
50 | IN PDEVICE_OBJECT DeviceObject, IN PIRP irp);
51 |
52 | /** These function will be call when any network event happends. You can choose
53 | * interested event to filter. return FLT_ALLOW to passthru or FLT_DENY to
54 | * refuse this event. See the strcut flt_request for more details.
55 | */
56 | extern int tdifw_filter(struct flt_request *request);
57 |
58 | BOOLEAN tdifw_register_user_device(PDEVICE_OBJECT dev);
59 |
60 | #endif // _TDI_FW_LIB_HEADER_
61 |
--------------------------------------------------------------------------------
/lib/sfilter_chk_WNET.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/lib/sfilter_chk_WNET.lib
--------------------------------------------------------------------------------
/lib/sfilter_fre_WNET.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/lib/sfilter_fre_WNET.lib
--------------------------------------------------------------------------------
/lib/sfilter_fre_WXP.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/lib/sfilter_fre_WXP.lib
--------------------------------------------------------------------------------
/lib/tdi_fw_chk_WNET.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/lib/tdi_fw_chk_WNET.lib
--------------------------------------------------------------------------------
/lib/tdi_fw_chk_WXP.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/lib/tdi_fw_chk_WXP.lib
--------------------------------------------------------------------------------
/lib/tdi_fw_fre_WNET.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/lib/tdi_fw_fre_WNET.lib
--------------------------------------------------------------------------------
/minifilter/NPminifilter.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/minifilter/NPminifilter.aps
--------------------------------------------------------------------------------
/minifilter/NPminifilter.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/minifilter/NPminifilter.c
--------------------------------------------------------------------------------
/minifilter/NPminifilter.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/minifilter/NPminifilter.h
--------------------------------------------------------------------------------
/minifilter/NPminifilter.rc:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | #include
4 |
5 | #define VER_FILETYPE VFT_DRV
6 | #define VER_FILESUBTYPE VFT2_DRV_SYSTEM
7 | #define VER_FILEDESCRIPTION_STR "NPminifilter Filter Driver"
8 | #define VER_INTERNALNAME_STR "NPminifilter.sys"
9 |
10 | #include "common.ver"
11 |
12 |
--------------------------------------------------------------------------------
/minifilter/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1999 - 2002
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | Notes:
10 |
11 | DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
12 | file to this component. This file merely indirects to the real make file
13 | that is shared by all the components of Windows NT (DDK)
14 |
15 | !ENDIF
16 |
17 | !INCLUDE $(NTMAKEENV)\makefile.def
18 |
19 |
--------------------------------------------------------------------------------
/minifilter/minifilter.vcproj.7.10.old:
--------------------------------------------------------------------------------
1 |
2 |
8 |
9 |
11 |
12 |
13 |
18 |
24 |
25 |
30 |
36 |
37 |
38 |
39 |
40 |
41 |
45 |
47 |
48 |
50 |
51 |
53 |
54 |
55 |
59 |
61 |
62 |
63 |
67 |
69 |
70 |
71 |
73 |
74 |
75 |
76 |
77 |
78 |
--------------------------------------------------------------------------------
/minifilter/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%4"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | @echo on
11 | build
--------------------------------------------------------------------------------
/minifilter/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/minifilter/sources:
--------------------------------------------------------------------------------
1 | TARGETNAME=NPminifilter
2 | TARGETTYPE=DRIVER
3 | DRIVERTYPE=FS
4 |
5 |
6 | TARGETLIBS= $(TARGETLIBS) \
7 | $(IFSKIT_LIB_PATH)\fltMgr.lib
8 |
9 | SOURCES=NPminifilter.c \
10 | NPminifilter.rc
11 |
--------------------------------------------------------------------------------
/minifilter_app/NPApp.vcproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/minifilter_app/NPApp.vcproj
--------------------------------------------------------------------------------
/minifilter_app/NPapp.cpp:
--------------------------------------------------------------------------------
1 | #include "NPapp.h"
2 | #include
3 | using namespace std;
4 |
5 | int (__stdcall* pNPSendMessage)(PVOID pInBuffer);
6 | int (__stdcall* pInitialCommunicationPort)(VOID);
7 |
8 | CNPApp::CNPApp()
9 | {
10 | m_hModule = NULL;
11 | LoadNPminifilterDll();
12 | }
13 |
14 | CNPApp::~CNPApp()
15 | {
16 | if (m_hModule) {
17 | FreeLibrary(m_hModule);
18 | }
19 | }
20 | bool CNPApp::LoadNPminifilterDll(void)
21 | {
22 | m_hModule = LoadLibrary("minifilter_dll.dll");
23 |
24 | if (m_hModule != NULL) {
25 |
26 | pNPSendMessage = (int (__stdcall*)(PVOID)) GetProcAddress(GetModuleHandle("minifilter_dll.dll"), "NPSendMessage");
27 | if (!pNPSendMessage) {
28 | return false;
29 | }
30 | return true;
31 | }
32 | return false;
33 | }
34 |
35 | void CNPApp::NPMessage(COMMAND_MESSAGE data)
36 | {
37 | if (m_hModule == NULL) {
38 | if (LoadNPminifilterDll() == false) {
39 | return;
40 | }
41 | }
42 | pNPSendMessage(&data);
43 | }
44 |
45 | void main(void)
46 | {
47 | CNPApp ControlObj;
48 | char input;
49 | while (true) {
50 | cout << "Enter 'a' for PASS MODE, 'b' for BLOCKMODE or 'q' to EXIT" << endl;
51 | cin >> input;
52 | if (input == 'a' || input == 'A') {
53 | COMMAND_MESSAGE data;
54 | data.Command = ENUM_PASS;
55 | ControlObj.NPMessage(data);
56 | printf("==>NOTEPAD.EXE PASS MODE\n");
57 | } else if (input == 'b' || input == 'B') {
58 | COMMAND_MESSAGE data;
59 | data.Command = ENUM_BLOCK;
60 | ControlObj.NPMessage(data);
61 | printf("==>NOTEPAD.EXE BLOCK MODE\n");
62 | } else if (input == 'q' || input == 'Q') {
63 | printf("EXIT\n");
64 | break;
65 | } else {
66 | printf("Wrong Parameter!!!\n");
67 | }
68 | };
69 |
70 | system("pause");
71 | }
--------------------------------------------------------------------------------
/minifilter_app/NPapp.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "windows.h"
4 | #include
5 | #include
6 | using namespace std;
7 |
8 | typedef enum _NPMINI_COMMAND {
9 | ENUM_PASS = 0,
10 | ENUM_BLOCK
11 | } NPMINI_COMMAND;
12 |
13 | typedef struct _COMMAND_MESSAGE {
14 | NPMINI_COMMAND Command;
15 | } COMMAND_MESSAGE, *PCOMMAND_MESSAGE;
16 |
17 | class CNPApp
18 | {
19 | public:
20 | CNPApp();
21 | virtual ~CNPApp();
22 | void NPMessage(COMMAND_MESSAGE data);
23 |
24 | private:
25 | HINSTANCE m_hModule;
26 | bool LoadNPminifilterDll(void);
27 | };
28 |
--------------------------------------------------------------------------------
/minifilter_dll/NPdll.cpp:
--------------------------------------------------------------------------------
1 | #include "NPdll.h"
2 |
3 | HANDLE g_hPort = INVALID_HANDLE_VALUE;
4 |
5 | #ifdef _MANAGED
6 | #pragma managed(push, off)
7 | #endif
8 |
9 | BOOL APIENTRY DllMain( HMODULE hModule,
10 | DWORD ul_reason_for_call,
11 | LPVOID lpReserved
12 | )
13 | {
14 | switch (ul_reason_for_call)
15 | {
16 | case DLL_PROCESS_ATTACH:
17 | InitialCommunicationPort();
18 | case DLL_THREAD_ATTACH:
19 | case DLL_THREAD_DETACH:
20 | case DLL_PROCESS_DETACH:
21 | break;
22 | }
23 | return TRUE;
24 | }
25 |
26 | #ifdef _MANAGED
27 | #pragma managed(pop)
28 | #endif
29 |
30 | int InitialCommunicationPort(void)
31 | {
32 | DWORD hResult = FilterConnectCommunicationPort(
33 | NPMINI_PORT_NAME,
34 | 0,
35 | NULL,
36 | 0,
37 | NULL,
38 | &g_hPort );
39 |
40 | if (hResult != S_OK) {
41 | return hResult;
42 | }
43 | return 0;
44 | }
45 |
46 | int NPSendMessage(PVOID InputBuffer)
47 | {
48 | DWORD bytesReturned = 0;
49 | DWORD hResult = 0;
50 | PCOMMAND_MESSAGE commandMessage = (PCOMMAND_MESSAGE) InputBuffer;
51 |
52 | hResult = FilterSendMessage(
53 | g_hPort,
54 | commandMessage,
55 | sizeof(COMMAND_MESSAGE),
56 | NULL,
57 | NULL,
58 | &bytesReturned );
59 |
60 | if (hResult != S_OK) {
61 | return hResult;
62 | }
63 | return 0;
64 | }
--------------------------------------------------------------------------------
/minifilter_dll/NPdll.def:
--------------------------------------------------------------------------------
1 | LIBRARY "NPdll"
2 | EXPORTS
3 | NPSendMessage
--------------------------------------------------------------------------------
/minifilter_dll/NPdll.h:
--------------------------------------------------------------------------------
1 | #include "windows.h"
2 | #include
3 | #include
4 |
5 | #pragma comment(lib, "user32.lib")
6 | #pragma comment(lib, "kernel32.lib")
7 | #pragma comment(lib, "fltLib.lib")
8 | #pragma comment(lib, "fltMgr.lib")
9 | #pragma comment(lib, "ntoskrnl.lib")
10 | #pragma comment(lib, "hal.lib")
11 |
12 | extern HANDLE g_hPort;
13 |
14 | #define NPMINI_NAME L"NPminifilter"
15 | #define NPMINI_PORT_NAME L"\\NPMiniPort"
16 |
17 | __declspec(dllexport) int InitialCommunicationPort(void);
18 | __declspec(dllexport) int NPSendMessage(PVOID InputBuffer);
19 |
20 | typedef enum _NPMINI_COMMAND {
21 | ENUM_PASS = 0,
22 | ENUM_BLOCK
23 | } NPMINI_COMMAND;
24 |
25 | typedef struct _COMMAND_MESSAGE {
26 | NPMINI_COMMAND Command;
27 | } COMMAND_MESSAGE, *PCOMMAND_MESSAGE;
28 |
--------------------------------------------------------------------------------
/minifilter_dll/NPminifilter.vcproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/minifilter_dll/NPminifilter.vcproj
--------------------------------------------------------------------------------
/ndisedge/Init.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/ndisedge/Init.c
--------------------------------------------------------------------------------
/ndisedge/NdisWdm.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/ndisedge/NdisWdm.c
--------------------------------------------------------------------------------
/ndisedge/NdisWdm.rc:
--------------------------------------------------------------------------------
1 | /*++
2 |
3 | Copyright (c) Microsoft Corporation. All rights reserved.
4 |
5 | THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
6 | KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
7 | IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR
8 | PURPOSE.
9 |
10 | Module Name:
11 |
12 | ndiswdm.rc
13 |
14 | Abstract:
15 |
16 | Internal resource file for driver.
17 |
18 | --*/
19 |
20 | #include
21 | #include
22 |
23 | #define VER_FILETYPE VFT_DRV
24 | #define VER_FILESUBTYPE VFT2_DRV_SYSTEM
25 | #define VER_FILEDESCRIPTION_STR "Microsoft Virtual NDIS-WDM Miniport Driver - Framework Version"
26 | #define VER_INTERNALNAME_STR "ndiswdm.sys"
27 | #define VER_ORIGINALFILENAME_STR "ndiswdm.sys"
28 |
29 | #define VER_FILEVERSION 1,00,00,0000
30 | #define VER_FILEVERSION_STR "1.00.00.0000"
31 |
32 | #undef VER_PRODUCTVERSION
33 | #define VER_PRODUCTVERSION VER_FILEVERSION
34 |
35 | #undef VER_PRODUCTVERSION_STR
36 | #define VER_PRODUCTVERSION_STR VER_FILEVERSION_STR
37 |
38 | #define VER_LEGALCOPYRIGHT_STR "Copyright (C) 2003 Microsoft Corporation"
39 | #ifdef VER_COMPANYNAME_STR
40 | #undef VER_COMPANYNAME_STR
41 | #define VER_COMPANYNAME_STR "Microsoft Corporation"
42 | #endif
43 |
44 | #undef VER_PRODUCTNAME_STR
45 | #define VER_PRODUCTNAME_STR "Microsoft Virtual Adapter"
46 |
47 | #include "common.ver"
48 |
49 |
50 |
--------------------------------------------------------------------------------
/ndisedge/Send.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/ndisedge/Send.c
--------------------------------------------------------------------------------
/ndisedge/makefile:
--------------------------------------------------------------------------------
1 | # Copyright (c) Microsoft Corporation. All rights reserved.
2 | #
3 | # DO NOT EDIT this file, which just invokes the real make file that is shared
4 | # by all the driver components of the Windows NT DDK. All component specific
5 | # build information belongs in the 'sources' file.
6 |
7 |
8 | !INCLUDE $(NTMAKEENV)\makefile.def
9 |
10 |
--------------------------------------------------------------------------------
/ndisedge/makefile.inc:
--------------------------------------------------------------------------------
1 | _LNG=$(LANGUAGE)
2 | _INX=.
3 | STAMP=stampinf -f $@ -a $(_BUILDARCH) -k $(KMDF_VERSION_MAJOR).$(KMDF_VERSION_MINOR)
4 |
5 |
6 |
7 | $(OBJ_PATH)\$(O)\$(INF_NAME).inf: $(_INX)\$(INF_NAME).inx
8 | copy $(_INX)\$(@B).inx $@
9 | $(STAMP)
10 |
11 |
--------------------------------------------------------------------------------
/ndisedge/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%3"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | @echo on
11 | build
12 |
--------------------------------------------------------------------------------
/ndisedge/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/ndisedge/ndisedge.vcproj.7.10.old:
--------------------------------------------------------------------------------
1 |
2 |
8 |
9 |
11 |
12 |
13 |
18 |
24 |
25 |
30 |
36 |
37 |
38 |
39 |
40 |
41 |
45 |
47 |
48 |
50 |
51 |
53 |
54 |
56 |
57 |
59 |
60 |
62 |
63 |
65 |
66 |
68 |
69 |
70 |
74 |
76 |
77 |
79 |
80 |
82 |
83 |
84 |
88 |
90 |
91 |
92 |
94 |
95 |
96 |
97 |
98 |
99 |
--------------------------------------------------------------------------------
/ndisedge/public.h:
--------------------------------------------------------------------------------
1 | /*++
2 | Copyright (c) Microsoft Corporation. All rights reserved.
3 |
4 | THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
5 | KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
6 | IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR
7 | PURPOSE.
8 |
9 | Module Name:
10 |
11 | public.h
12 |
13 | Abstract:
14 |
15 | This module contains the common declarations shared by driver
16 | and user applications.
17 |
18 | Environment:
19 |
20 | user and kernel
21 |
22 | --*/
23 |
24 | //
25 | // Define an Interface Guid for toaster device class.
26 | // This GUID is used to register (IoRegisterDeviceInterface)
27 | // an instance of an interface so that user application
28 | // can control the toaster device.
29 | //
30 |
31 | DEFINE_GUID (GUID_DEVINTERFACE_PCIDRV,
32 | 0xb74cfec2, 0x9366, 0x454a, 0xba, 0x71, 0x7c, 0x27, 0xb5, 0x14, 0x70, 0xa4);
33 | // {B74CFEC2-9366-454a-BA71-7C27B51470A4}
34 |
35 | //
36 | // Define a WMI GUID to get toaster device info.
37 | //
38 |
39 | DEFINE_GUID (PCIDRV_WMI_STD_DATA_GUID,
40 | 0x20e35e40, 0x7179, 0x4f89, 0xa2, 0x8c, 0x12, 0xed, 0x5a, 0x3c, 0xaa, 0xa5);
41 |
42 | // {20E35E40-7179-4f89-A28C-12ED5A3CAAA5}
43 |
44 | //
45 | // GUID definition are required to be outside of header inclusion pragma to avoid
46 | // error during precompiled headers.
47 | //
48 |
49 |
--------------------------------------------------------------------------------
/ndisedge/readme.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MAKEFILE PROJECT : ndisedge Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this ndisedge project for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your ndisedge project.
9 |
10 |
11 | ndisedge.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | This project allows you to build/clean/rebuild from within Visual Studio by calling the commands you have input
18 | in the wizard. The build command can be nmake or any other tool you use.
19 |
20 | This project does not contain any files, so there are none displayed in Solution Explorer.
21 |
22 | /////////////////////////////////////////////////////////////////////////////
23 |
--------------------------------------------------------------------------------
/ndisedge/sources:
--------------------------------------------------------------------------------
1 | # Copyright (c) Microsoft Corporation. All rights reserved.
2 | #
3 | # sources
4 | # Microsoft Virutal NDIS-WDM Miniport Driver
5 | # BUILD command sources file
6 | #
7 |
8 | TARGETNAME=ndisedge
9 | TARGETTYPE=DRIVER
10 | TARGETPATH=obj
11 |
12 |
13 | TARGETLIBS=$(DDK_LIB_PATH)\ndis.lib \
14 | $(DDK_LIB_PATH)\ntstrsafe.lib
15 |
16 | # System and NDIS wrapper definitions.
17 | C_DEFINES=$(C_DEFINES) -DNDIS_MINIPORT_DRIVER=1 -DNDIS_WDM=1
18 | C_DEFINES=$(C_DEFINES) -DINTERFACE_WITH_NDISPROT=1
19 |
20 | !if !defined(DDK_TARGET_OS) || "$(DDK_TARGET_OS)"=="Win2K"
21 | #
22 | # The driver is built in the Win2K build environment
23 | #
24 | C_DEFINES=$(C_DEFINES) -DNDIS50_MINIPORT=1
25 | !else
26 | #
27 | # The driver is built in the XP or .NET build environment
28 | # So let us build NDIS 5.1 version.
29 | #
30 | C_DEFINES=$(C_DEFINES) -DNDIS51_MINIPORT=1
31 | !endif
32 |
33 | KMDF_VERSION_MAJOR=1
34 |
35 | INF_NAME=ndisedge
36 |
37 | NTTARGETFILES=$(OBJ_PATH)\$(O)\$(INF_NAME).inf
38 |
39 |
40 |
41 | MISCFILES=$(NTTARGETFILES)
42 |
43 |
44 | C_DEFINES = $(C_DEFINES)
45 |
46 | NO_BINPLACE=1
47 |
48 | SOURCES = \
49 | ndiswdm.c \
50 | init.c \
51 | request.c \
52 | send.c \
53 | receive.c \
54 | ExCallbk.c\
55 | ndiswdm.rc
56 |
57 |
58 |
59 |
60 |
--------------------------------------------------------------------------------
/ndisprot/makefile:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
3 | # file to this component. This file merely indirects to the real make file
4 | # that is shared by all the components of NT OS/2
5 | #
6 |
7 | #! INCLUDE $(NTMAKEENV)\makefile.def
8 |
9 | !IF DEFINED(_NT_TARGET_VERSION)
10 | ! IF $(_NT_TARGET_VERSION)>=0x501
11 | ! INCLUDE $(NTMAKEENV)\makefile.def
12 | ! ELSE
13 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" for is not valid for the current Os target.
14 | ! ENDIF
15 | !ELSE
16 | ! INCLUDE $(NTMAKEENV)\makefile.def
17 | !ENDIF
18 |
19 |
20 |
--------------------------------------------------------------------------------
/ndisprot/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%3"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | @echo on
11 | build
12 | cd .\test
13 | build
--------------------------------------------------------------------------------
/ndisprot/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/ndisprot/ndisbind.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/ndisprot/ndisbind.c
--------------------------------------------------------------------------------
/ndisprot/ndisprot.htm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/ndisprot/ndisprot.htm
--------------------------------------------------------------------------------
/ndisprot/ndisprot.rc:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | /*-----------------------------------------------*/
5 | /* the following lines are specific to this file */
6 | /*-----------------------------------------------*/
7 |
8 | /* VER_FILETYPE, VER_FILESUBTYPE, VER_FILEDESCRIPTION_STR
9 | * and VER_INTERNALNAME_STR must be defined before including COMMON.VER
10 | * The strings don't need a '\0', since common.ver has them.
11 | */
12 | #define VER_FILETYPE VFT_DRV
13 | /* possible values: VFT_UNKNOWN
14 | VFT_APP
15 | VFT_DLL
16 | VFT_DRV
17 | VFT_FONT
18 | VFT_VXD
19 | VFT_STATIC_LIB
20 | */
21 | #define VER_FILESUBTYPE VFT2_DRV_NETWORK
22 | /* possible values VFT2_UNKNOWN
23 | VFT2_DRV_PRINTER
24 | VFT2_DRV_KEYBOARD
25 | VFT2_DRV_LANGUAGE
26 | VFT2_DRV_DISPLAY
27 | VFT2_DRV_MOUSE
28 | VFT2_DRV_NETWORK
29 | VFT2_DRV_SYSTEM
30 | VFT2_DRV_INSTALLABLE
31 | VFT2_DRV_SOUND
32 | VFT2_DRV_COMM
33 | */
34 | #define VER_FILEDESCRIPTION_STR "NDIS User mode I/O Driver"
35 | #define VER_INTERNALNAME_STR "NDISPROT.SYS"
36 | #define VER_ORIGINALFILENAME_STR "NDISPROT.SYS"
37 | #define VER_LANGNEUTRAL
38 |
39 | #include "common.ver"
40 |
41 |
42 |
43 |
--------------------------------------------------------------------------------
/ndisprot/ndisprot.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/ndisprot/ndisprot.sys
--------------------------------------------------------------------------------
/ndisprot/ntdisp.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/ndisprot/ntdisp.c
--------------------------------------------------------------------------------
/ndisprot/precomp.h:
--------------------------------------------------------------------------------
1 | #pragma warning(disable:4214) // bit field types other than int
2 |
3 | #pragma warning(disable:4201) // nameless struct/union
4 | #pragma warning(disable:4115) // named type definition in parentheses
5 | #pragma warning(disable:4127) // conditional expression is constant
6 | #pragma warning(disable:4054) // cast of function pointer to PVOID
7 | #pragma warning(disable:4244) // conversion from 'int' to 'BOOLEAN', possible loss of data
8 | #pragma warning(disable:4206) // nonstandard extension used : translation unit is empty
9 |
10 | #include "ndis.h"
11 | #include "ntddk.h"
12 | #include "debug.h"
13 | #include "ndisprot.h"
14 | #include "macros.h"
15 | #include "nuiouser.h"
16 | #include
17 |
18 |
--------------------------------------------------------------------------------
/ndisprot/readme.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MAKEFILE PROJECT : ndisprot Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this ndisprot project for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your ndisprot project.
9 |
10 |
11 | ndisprot.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | This project allows you to build/clean/rebuild from within Visual Studio by calling the commands you have input
18 | in the wizard. The build command can be nmake or any other tool you use.
19 |
20 | This project does not contain any files, so there are none displayed in Solution Explorer.
21 |
22 | /////////////////////////////////////////////////////////////////////////////
23 |
--------------------------------------------------------------------------------
/ndisprot/recv.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/ndisprot/recv.c
--------------------------------------------------------------------------------
/ndisprot/send.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/ndisprot/send.c
--------------------------------------------------------------------------------
/ndisprot/sources:
--------------------------------------------------------------------------------
1 | TARGETNAME=ndisprot
2 | TARGETTYPE=DRIVER
3 |
4 | C_DEFINES=$(C_DEFINES) -DNDIS_WDM=1
5 | # C_DEFINES=$(C_DEFINES) -DEX_CALLBACK=1
6 | # C_DEFINES=$(C_DEFINES) -DWIN9X=1
7 | # C_DEFINES = $(C_DEFINES) -DDBG_SPIN_LOCK=1
8 |
9 | # MSC_WARNING_LEVEL=/W4
10 |
11 | PRECOMPILED_INCLUDE=precomp.h
12 |
13 | TARGETLIBS=\
14 | $(DDK_LIB_PATH)\ndis.lib \
15 | $(DDK_LIB_PATH)\wdmsec.lib
16 |
17 |
18 | !if "$(DDK_TARGET_OS)"=="Win2K"
19 |
20 | C_DEFINES = $(C_DEFINES) -DNDIS50=1
21 |
22 | !else
23 | #
24 | # Comment the following line if you don't want software tracing
25 | #
26 | #C_DEFINES = $(C_DEFINES) -DNDIS51=1
27 |
28 | !endif
29 |
30 | SOURCES=\
31 | ndisprot.rc \
32 | ntdisp.c \
33 | ndisbind.c \
34 | recv.c \
35 | send.c \
36 | debug.c \
37 | ExCallbk.c
38 |
39 |
40 |
--------------------------------------------------------------------------------
/ndisprot/test/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1993 - 1998
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | !ENDIF
10 |
11 | #
12 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
13 | # file to this component. This file merely indirects to the real make file
14 | # that is shared by all the components of the Windows Driver Kit
15 | #
16 | !IF DEFINED(_NT_TARGET_VERSION)
17 |
18 | ! IF $(_NT_TARGET_VERSION)>=0x500
19 | ! INCLUDE $(NTMAKEENV)\makefile.def
20 | ! ELSE
21 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
22 | ! ENDIF
23 | !ELSE
24 | ! INCLUDE $(NTMAKEENV)\makefile.def
25 | !ENDIF
26 |
27 |
28 |
--------------------------------------------------------------------------------
/ndisprot/test/sources:
--------------------------------------------------------------------------------
1 | TARGETNAME=uiotest
2 | TARGETTYPE=PROGRAM
3 |
4 | C_DEFINES=$(C_DEFINES) -D_WIN32WIN_
5 |
6 | # MSC_WARNING_LEVEL=/W4
7 |
8 | UMTYPE=console
9 | USE_MSVCRT=1
10 |
11 | TARGETLIBS=\
12 | $(SDK_LIB_PATH)\user32.lib
13 |
14 | INCLUDES=..\sys
15 |
16 | SOURCES=\
17 | uiotest.c
18 |
19 |
20 |
--------------------------------------------------------------------------------
/ndisprot/test/uiotest.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/ndisprot/test/uiotest.c
--------------------------------------------------------------------------------
/passthru/Hook.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/passthru/Hook.c
--------------------------------------------------------------------------------
/passthru/analysispacket.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/passthru/analysispacket.c
--------------------------------------------------------------------------------
/passthru/makefile:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
3 | # file to this component. This file merely indirects to the real make file
4 | # that is shared by all the components of NT
5 | #
6 |
7 | #!INCLUDE $(NTMAKEENV)\makefile.def
8 |
9 |
10 | !IF DEFINED(_NT_TARGET_VERSION)
11 | ! IF $(_NT_TARGET_VERSION)>=0x501
12 | ! INCLUDE $(NTMAKEENV)\makefile.def
13 | ! ELSE
14 | # Only warn once per directory
15 | ! INCLUDE $(NTMAKEENV)\makefile.plt
16 | ! IF "$(BUILD_PASS)"=="PASS1"
17 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
18 | ! ENDIF
19 | ! ENDIF
20 | !ELSE
21 | ! INCLUDE $(NTMAKEENV)\makefile.def
22 | !ENDIF
23 |
--------------------------------------------------------------------------------
/passthru/miniport.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/passthru/miniport.c
--------------------------------------------------------------------------------
/passthru/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%4"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | set INCLUDE=%INCLUDE%
11 |
12 | @echo on
13 | build
--------------------------------------------------------------------------------
/passthru/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/passthru/passthru.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/passthru/passthru.c
--------------------------------------------------------------------------------
/passthru/passthru.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/passthru/passthru.h
--------------------------------------------------------------------------------
/passthru/passthru.htm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/passthru/passthru.htm
--------------------------------------------------------------------------------
/passthru/passthru.rc:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | /*-----------------------------------------------*/
5 | /* the following lines are specific to this file */
6 | /*-----------------------------------------------*/
7 |
8 | /* VER_FILETYPE, VER_FILESUBTYPE, VER_FILEDESCRIPTION_STR
9 | * and VER_INTERNALNAME_STR must be defined before including COMMON.VER
10 | * The strings don't need a '\0', since common.ver has them.
11 | */
12 | #define VER_FILETYPE VFT_DRV
13 | /* possible values: VFT_UNKNOWN
14 | VFT_APP
15 | VFT_DLL
16 | VFT_DRV
17 | VFT_FONT
18 | VFT_VXD
19 | VFT_STATIC_LIB
20 | */
21 | #define VER_FILESUBTYPE VFT2_DRV_NETWORK
22 | /* possible values VFT2_UNKNOWN
23 | VFT2_DRV_PRINTER
24 | VFT2_DRV_KEYBOARD
25 | VFT2_DRV_LANGUAGE
26 | VFT2_DRV_DISPLAY
27 | VFT2_DRV_MOUSE
28 | VFT2_DRV_NETWORK
29 | VFT2_DRV_SYSTEM
30 | VFT2_DRV_INSTALLABLE
31 | VFT2_DRV_SOUND
32 | VFT2_DRV_COMM
33 | */
34 | #define VER_FILEDESCRIPTION_STR "Sample NDIS 4.0 Intermediate Miniport Driver"
35 | #define VER_INTERNALNAME_STR "PASSTHRU.SYS"
36 | #define VER_ORIGINALFILENAME_STR "PASSTHRU.SYS"
37 | #define VER_LANGNEUTRAL
38 |
39 | #include "common.ver"
40 |
41 | �
42 |
--------------------------------------------------------------------------------
/passthru/passthru.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/passthru/passthru.suo
--------------------------------------------------------------------------------
/passthru/passthru.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/passthru/passthru.sys
--------------------------------------------------------------------------------
/passthru/passthru.vcproj.7.10.old:
--------------------------------------------------------------------------------
1 |
2 |
8 |
9 |
11 |
12 |
13 |
20 |
26 |
27 |
34 |
40 |
41 |
42 |
43 |
44 |
45 |
48 |
50 |
51 |
53 |
54 |
56 |
57 |
59 |
60 |
62 |
63 |
64 |
67 |
69 |
70 |
72 |
73 |
74 |
77 |
79 |
80 |
81 |
83 |
84 |
85 |
86 |
87 |
88 |
--------------------------------------------------------------------------------
/passthru/precomp.h:
--------------------------------------------------------------------------------
1 | #pragma warning(disable:4214) // bit field types other than int
2 |
3 | #pragma warning(disable:4201) // nameless struct/union
4 | #pragma warning(disable:4115) // named type definition in parentheses
5 | #pragma warning(disable:4127) // conditional expression is constant
6 | #pragma warning(disable:4054) // cast of function pointer to PVOID
7 | #pragma warning(disable:4244) // conversion from 'int' to 'BOOLEAN', possible loss of data
8 |
9 | #include
10 | #include "passthru.h"
11 |
12 |
--------------------------------------------------------------------------------
/passthru/protocol.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/passthru/protocol.c
--------------------------------------------------------------------------------
/passthru/sources:
--------------------------------------------------------------------------------
1 | TARGETNAME=passthru
2 | TARGETTYPE=DRIVER
3 |
4 | C_DEFINES=$(C_DEFINES) -DNDIS_MINIPORT_DRIVER -DNDIS_WDM=1
5 |
6 |
7 | !if "$(DDK_TARGET_OS)"=="Win2K"
8 | #
9 | # The driver is built in the Win2K build environment
10 | #
11 | C_DEFINES=$(C_DEFINES) -DNDIS40_MINIPORT=1
12 | C_DEFINES=$(C_DEFINES) -DNDIS40=1
13 | !else
14 | #
15 | # The driver is built in the XP or .NET build environment
16 | # So let us build NDIS 5.1 version.
17 | #
18 | C_DEFINES=$(C_DEFINES) -DNDIS51_MINIPORT=1
19 | C_DEFINES=$(C_DEFINES) -DNDIS51=1
20 | !endif
21 |
22 | # Uncomment the following to build for Win98/SE/WinMe
23 | # This causes several APIs that are not present in Win9X to be
24 | # ifdef'ed out.
25 | # C_DEFINES=$(C_DEFINES) -DWIN9X=1
26 |
27 | PRECOMPILED_INCLUDE=precomp.h
28 |
29 | TARGETLIBS=$(DDK_LIB_PATH)\ndis.lib
30 |
31 | INCLUDES=
32 |
33 | SOURCES=\
34 | miniport.c \
35 | passthru.c \
36 | passthru.rc \
37 | protocol.c\
38 | analysispacket.c\
39 | hook.c
40 |
41 |
--------------------------------------------------------------------------------
/ps2intcap/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1998
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | !ENDIF
10 |
11 | #
12 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
13 | # file to this component. This file merely indirects to the real make file
14 | # that is shared by all the components of Windows NT
15 | #
16 |
17 | #
18 | # if building in a DDK environment
19 | #
20 | !IF defined(DDK_TARGET_OS)
21 |
22 | #
23 | # ensure that said build environment is at least Windows XP
24 | # 0x500 == Windows 2000
25 | # 0x501 == Windows XP
26 | # 0x502 == Windows .NET
27 | #
28 | ! IF defined(_NT_TARGET_VERSION) && $(_NT_TARGET_VERSION)>=0x501
29 | ! INCLUDE $(NTMAKEENV)\makefile.def
30 | ! ELSE
31 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
32 | ! ENDIF
33 |
34 | !ELSE
35 |
36 | #
37 | # not a DDK environment, probably RAZZLE, so build
38 | #
39 | ! INCLUDE $(NTMAKEENV)\makefile.def
40 |
41 | !ENDIF
42 |
43 |
--------------------------------------------------------------------------------
/ps2intcap/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%4"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | @echo on
11 | build
--------------------------------------------------------------------------------
/ps2intcap/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/ps2intcap/ps2intcap.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/ps2intcap/ps2intcap.c
--------------------------------------------------------------------------------
/ps2intcap/ps2intcap.vcproj.7.10.old:
--------------------------------------------------------------------------------
1 |
2 |
8 |
9 |
11 |
12 |
13 |
18 |
24 |
25 |
30 |
36 |
37 |
38 |
39 |
40 |
41 |
45 |
47 |
48 |
50 |
51 |
53 |
54 |
55 |
59 |
60 |
64 |
65 |
67 |
68 |
70 |
71 |
72 |
73 |
74 |
75 |
--------------------------------------------------------------------------------
/ps2intcap/readme.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MAKEFILE PROJECT : ps2intcap Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this ps2intcap project for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your ps2intcap project.
9 |
10 |
11 | ps2intcap.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | This project allows you to build/clean/rebuild from within Visual Studio by calling the commands you have input
18 | in the wizard. The build command can be nmake or any other tool you use.
19 |
20 | This project does not contain any files, so there are none displayed in Solution Explorer.
21 |
22 | /////////////////////////////////////////////////////////////////////////////
23 |
--------------------------------------------------------------------------------
/ps2intcap/sources:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1999
4 |
5 | Module Name:
6 |
7 | sources.
8 |
9 | !ENDIF
10 |
11 | TARGETNAME=ps2intcap
12 | TARGETPATH=obj
13 | TARGETTYPE=DRIVER
14 |
15 | SOURCES=ps2intcap.c
--------------------------------------------------------------------------------
/ramdisk_wdf/makefile:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
3 | # file to this component. This file merely indirects to the real make file
4 | # that is shared by all the driver components of the Windows NT DDK
5 | #
6 | !INCLUDE $(NTMAKEENV)\makefile.def
7 |
8 |
--------------------------------------------------------------------------------
/ramdisk_wdf/makefile.inc:
--------------------------------------------------------------------------------
1 | _LNG=$(LANGUAGE)
2 | _INX=.
3 | STAMP=stampinf -f $@ -a $(_BUILDARCH) -k $(KMDF_VERSION_MAJOR).$(KMDF_VERSION_MINOR)
4 |
5 |
6 |
7 | $(OBJ_PATH)\$(O)\$(INF_NAME).inf: $(_INX)\$(INF_NAME).inx
8 | copy $(_INX)\$(@B).inx $@
9 | $(STAMP)
10 |
11 |
--------------------------------------------------------------------------------
/ramdisk_wdf/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%4"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | @echo on
11 | build
--------------------------------------------------------------------------------
/ramdisk_wdf/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/ramdisk_wdf/ramdisk.htm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/ramdisk_wdf/ramdisk.htm
--------------------------------------------------------------------------------
/ramdisk_wdf/ramdisk.rc:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | #include
4 |
5 | #define VER_FILETYPE VFT_DLL
6 | #define VER_FILESUBTYPE VFT2_UNKNOWN
7 | #define VER_FILEDESCRIPTION_STR "Driver Frameworks Ramdisk Driver"
8 | #define VER_INTERNALNAME_STR "ramdisk.sys"
9 | #define VER_ORIGINALFILENAME_STR "ramdisk.sys"
10 |
11 | #include "common.ver"
12 |
13 |
--------------------------------------------------------------------------------
/ramdisk_wdf/ramdisk_wdf.vcproj.7.10.old:
--------------------------------------------------------------------------------
1 |
2 |
8 |
9 |
11 |
12 |
13 |
18 |
24 |
25 |
30 |
36 |
37 |
38 |
39 |
40 |
41 |
45 |
47 |
48 |
50 |
51 |
53 |
54 |
55 |
59 |
61 |
62 |
64 |
65 |
66 |
70 |
72 |
73 |
74 |
76 |
77 |
78 |
79 |
80 |
81 |
--------------------------------------------------------------------------------
/ramdisk_wdf/readme.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MAKEFILE PROJECT : ramdisk_wdf Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this ramdisk_wdf project for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your ramdisk_wdf project.
9 |
10 |
11 | ramdisk_wdf.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | This project allows you to build/clean/rebuild from within Visual Studio by calling the commands you have input
18 | in the wizard. The build command can be nmake or any other tool you use.
19 |
20 | This project does not contain any files, so there are none displayed in Solution Explorer.
21 |
22 | /////////////////////////////////////////////////////////////////////////////
23 |
--------------------------------------------------------------------------------
/ramdisk_wdf/sources:
--------------------------------------------------------------------------------
1 | TARGETNAME=WdfRamdisk
2 | TARGETTYPE=DRIVER
3 | TARGETPATH=obj
4 |
5 |
6 |
7 | KMDF_VERSION_MAJOR=1
8 |
9 | INF_NAME=ramdisk
10 |
11 | TARGETLIBS=$(TARGETLIBS) \
12 | $(DDK_LIB_PATH)\ntstrsafe.lib
13 |
14 | NTTARGETFILES=$(OBJ_PATH)\$(O)\$(INF_NAME).inf
15 |
16 |
17 |
18 | MISCFILES=$(NTTARGETFILES)
19 |
20 |
21 | C_DEFINES=
22 |
23 | SOURCES=ramdisk.c \
24 | ramdisk.rc
25 |
26 |
--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/readme.md
--------------------------------------------------------------------------------
/sfilter/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1998
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | !ENDIF
10 |
11 | #
12 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
13 | # file to this component. This file merely indirects to the real make file
14 | # that is shared by all the components of Windows NT
15 | #
16 |
17 | #
18 | # if building in a DDK environment
19 | #
20 | !IF defined(DDK_TARGET_OS)
21 |
22 | #
23 | # ensure that said build environment is at least Windows XP
24 | # 0x500 == Windows 2000
25 | # 0x501 == Windows XP
26 | # 0x502 == Windows .NET
27 | #
28 | ! IF defined(_NT_TARGET_VERSION) && $(_NT_TARGET_VERSION)>=0x501
29 | ! INCLUDE $(NTMAKEENV)\makefile.def
30 | ! ELSE
31 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
32 | ! ENDIF
33 |
34 | !ELSE
35 |
36 | #
37 | # not a DDK environment, probably RAZZLE, so build
38 | #
39 | ! INCLUDE $(NTMAKEENV)\makefile.def
40 |
41 | !ENDIF
42 |
43 |
--------------------------------------------------------------------------------
/sfilter/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%3"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | set INCLUDE=%INCLUDE%;%BASEDIR%\inc\ddk\%2;%BASEDIR%\inc\ddk\wdm\%2;..\inc
11 |
12 | @echo on
13 | build
14 |
15 | if not exist ..\inc mkdir ..\inc
16 | if not exist ..\inc\sfilter mkdir ..\inc\sfilter
17 | if not exist ..\lib mkdir ..\lib
18 | copy *.h ..\inc\sfilter\
19 | copy .\obj%1_%2_x86\i386\sfilter.lib ..\lib\sfilter_%1_%2.lib
--------------------------------------------------------------------------------
/sfilter/my_build64.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 | if "%3"=="/a" call my_clean %1 %2
4 |
5 | pushd.
6 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 AMD64 %2
7 | popd
8 |
9 | set INCLUDE=%INCLUDE%;%BASEDIR%\inc\ddk\%2;%BASEDIR%\inc\ddk\wdm\%2;..\inc
10 |
11 | @echo on
12 | build
13 |
--------------------------------------------------------------------------------
/sfilter/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/sfilter/my_clean64.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/sfilter/readme.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MAKEFILE PROJECT : sfilter Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this sfilter project for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your sfilter project.
9 |
10 |
11 | sfilter.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | This project allows you to build/clean/rebuild from within Visual Studio by calling the commands you have input
18 | in the wizard. The build command can be nmake or any other tool you use.
19 |
20 | This project does not contain any files, so there are none displayed in Solution Explorer.
21 |
22 | /////////////////////////////////////////////////////////////////////////////
23 |
--------------------------------------------------------------------------------
/sfilter/sfilter.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/sfilter/sfilter.c
--------------------------------------------------------------------------------
/sfilter/sfilter.h:
--------------------------------------------------------------------------------
1 | ///
2 | /// @file sfilter.h
3 | /// @author crazy_chu
4 | /// @date 2007-5-17
5 | ///
6 |
7 | #ifndef _TWCN_SFILTER_HEADER_
8 |
9 | #define _TWCN_SFILTER_HEADER_
10 |
11 | typedef enum{
12 | SF_IRP_GO_ON = 0,
13 | SF_IRP_COMPLETED = 1,
14 | SF_IRP_PASS = 2
15 | } SF_RET;
16 |
17 | extern SF_RET OnSfilterIrpPre(
18 | IN PDEVICE_OBJECT DeviceObject,
19 | IN PDEVICE_OBJECT NextObject,
20 | IN PVOID extension,
21 | IN PIRP Irp,
22 | OUT NTSTATUS *status,
23 | PVOID *context);
24 |
25 | extern VOID OnSfilterIrpPost(
26 | IN PDEVICE_OBJECT DeviceObject,
27 | IN PDEVICE_OBJECT NextObject,
28 | IN PVOID extension,
29 | IN PIRP Irp,
30 | IN NTSTATUS status,
31 | PVOID context);
32 |
33 | extern NTSTATUS OnSfilterDriverEntry(
34 | IN PDRIVER_OBJECT DriverObject,
35 | IN PUNICODE_STRING RegistryPath,
36 | OUT PUNICODE_STRING userNameString,
37 | OUT PUNICODE_STRING syblnkString,
38 | OUT PULONG extensionSize);
39 |
40 | extern VOID OnSfilterDriverUnload();
41 |
42 | extern NTSTATUS OnSfilterCDODispatch(
43 | IN PDEVICE_OBJECT DeviceObject,
44 | IN PIRP Irp);
45 |
46 | extern BOOLEAN OnSfilterAttachPre(
47 | IN PDEVICE_OBJECT ourDevice,
48 | IN PDEVICE_OBJECT theDeviceToAttach,
49 | IN PUNICODE_STRING DeviceName,
50 | IN PVOID extension);
51 |
52 | extern VOID OnSfilterAttachPost(
53 | IN PDEVICE_OBJECT ourDevice,
54 | IN PDEVICE_OBJECT theDeviceToAttach,
55 | IN PDEVICE_OBJECT theDeviceToAttached,
56 | IN PVOID extension,
57 | IN NTSTATUS status);
58 |
59 | extern BOOLEAN OnSfFastIoDeviceControl(
60 | IN PFILE_OBJECT FileObject,
61 | IN PVOID InputBuffer OPTIONAL,
62 | IN ULONG InputBufferLength,
63 | OUT PVOID OutputBuffer OPTIONAL,
64 | IN ULONG OutputBufferLength,
65 | IN ULONG IoControlCode,
66 | OUT PIO_STATUS_BLOCK IoStatus,
67 | IN PDEVICE_OBJECT DeviceObject);
68 |
69 | void sfilterSetCdoAccessForAll();
70 |
71 | #endif //_TWCN_SFILTER_HEADER_
--------------------------------------------------------------------------------
/sfilter/sfilter.plg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/sfilter/sfilter.plg
--------------------------------------------------------------------------------
/sfilter/sfilter.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/sfilter/sfilter.suo
--------------------------------------------------------------------------------
/sfilter/sfilter.vcproj.7.10.old:
--------------------------------------------------------------------------------
1 |
2 |
10 |
11 |
13 |
14 |
15 |
22 |
28 |
29 |
36 |
42 |
43 |
44 |
45 |
46 |
47 |
50 |
52 |
53 |
55 |
56 |
58 |
59 |
60 |
63 |
65 |
66 |
67 |
70 |
71 |
73 |
74 |
76 |
77 |
78 |
79 |
80 |
81 |
--------------------------------------------------------------------------------
/sfilter/sfilterInstall.cmd:
--------------------------------------------------------------------------------
1 | @REM
2 | @REM Runs the DefaultInstall section of sfilter.inf
3 | @REM
4 |
5 | @echo off
6 |
7 | rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 .\sfilter.inf
8 |
9 |
--------------------------------------------------------------------------------
/sfilter/sfilterUninstall.cmd:
--------------------------------------------------------------------------------
1 | @REM
2 | @REM Runs the DefaultUninstall section of sfilter.inf
3 | @REM
4 |
5 | @echo off
6 |
7 | rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 .\sfilter.inf
8 |
9 |
--------------------------------------------------------------------------------
/sfilter/sources:
--------------------------------------------------------------------------------
1 | TARGETNAME=sfilter
2 | TARGETPATH=obj
3 | TARGETTYPE=LIBRARY
4 | DRIVERTYPE=FS
5 |
6 | SOURCES=sfilter.c
7 |
8 |
--------------------------------------------------------------------------------
/sflt_smpl/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1998
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | !ENDIF
10 |
11 | #
12 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
13 | # file to this component. This file merely indirects to the real make file
14 | # that is shared by all the components of Windows NT
15 | #
16 |
17 | #
18 | # if building in a DDK environment
19 | #
20 | !IF defined(DDK_TARGET_OS)
21 |
22 | #
23 | # ensure that said build environment is at least Windows XP
24 | # 0x500 == Windows 2000
25 | # 0x501 == Windows XP
26 | # 0x502 == Windows .NET
27 | #
28 | ! IF defined(_NT_TARGET_VERSION) && $(_NT_TARGET_VERSION)>=0x501
29 | ! INCLUDE $(NTMAKEENV)\makefile.def
30 | ! ELSE
31 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
32 | ! ENDIF
33 |
34 | !ELSE
35 |
36 | #
37 | # not a DDK environment, probably RAZZLE, so build
38 | #
39 | ! INCLUDE $(NTMAKEENV)\makefile.def
40 |
41 | !ENDIF
42 |
43 |
--------------------------------------------------------------------------------
/sflt_smpl/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%4"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | @echo on
11 | build
--------------------------------------------------------------------------------
/sflt_smpl/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/sflt_smpl/readme.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MAKEFILE PROJECT : sflt_smpl Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this sflt_smpl project for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your sflt_smpl project.
9 |
10 |
11 | sflt_smpl.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | This project allows you to build/clean/rebuild from within Visual Studio by calling the commands you have input
18 | in the wizard. The build command can be nmake or any other tool you use.
19 |
20 | This project does not contain any files, so there are none displayed in Solution Explorer.
21 |
22 | /////////////////////////////////////////////////////////////////////////////
23 |
--------------------------------------------------------------------------------
/sflt_smpl/sflt_smpl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/sflt_smpl/sflt_smpl.c
--------------------------------------------------------------------------------
/sflt_smpl/sflt_smpl.vcproj.7.10.old:
--------------------------------------------------------------------------------
1 |
2 |
8 |
9 |
11 |
12 |
13 |
18 |
24 |
25 |
30 |
36 |
37 |
38 |
39 |
40 |
41 |
45 |
47 |
48 |
50 |
51 |
53 |
54 |
55 |
59 |
60 |
64 |
65 |
67 |
68 |
70 |
71 |
73 |
74 |
75 |
76 |
77 |
78 |
--------------------------------------------------------------------------------
/sflt_smpl/sources:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1999
4 |
5 | Module Name:
6 |
7 | sources.
8 |
9 | !ENDIF
10 |
11 | TARGETNAME=sflt_smpl
12 | TARGETPATH=obj
13 | TARGETTYPE=DRIVER
14 | DRIVERTYPE=FS
15 | SOURCES=sflt_smpl.c
16 |
17 | LIB_POST_FIX=WNET
18 |
19 | !if "$(DDK_TARGET_OS)"=="WinXP"
20 | LIB_POST_FIX=WXP
21 | !endif
22 |
23 | !if "$(DDK_TARGET_OS)"=="Win2K"
24 | LIB_POST_FIX=W2K
25 | !endif
26 |
27 | TARGETLIBS= $(DDK_LIB_PATH)\wdmsec.lib \
28 | ..\lib\sfilter_$(DDKBUILDENV)_$(LIB_POST_FIX).lib
29 |
30 |
31 |
--------------------------------------------------------------------------------
/tdi_fw/MAKEFILE:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
3 | # file to this component. This file merely indirects to the real make file
4 | # that is shared by all the driver components of the Windows NT DDK
5 | #
6 |
7 | !INCLUDE $(NTMAKEENV)\makefile.def
8 |
--------------------------------------------------------------------------------
/tdi_fw/SOURCES:
--------------------------------------------------------------------------------
1 | TARGETNAME=tdi_fw
2 | TARGETPATH=obj
3 | TARGETTYPE=LIBRARY
4 |
5 | C_DEFINES=-DUSE_PACKET_ENGINE
6 | # You can specify this define too: -DUSE_TDI_HOOKING
7 |
8 | USER_INCLUDES=..;$(NTMAKEENV)\..\src\network\inc
9 |
10 | SOURCES= tdi_fw.c \
11 | dispatch.c \
12 | disp_conn.c \
13 | disp_dg.c \
14 | disp_ev.c \
15 | disp_obj.c \
16 | events.c \
17 | ev_conn.c \
18 | ev_dg.c \
19 | filter.c \
20 | memtrack.c \
21 | obj_tbl.c \
22 | sock.c \
23 | ipc.c \
24 | pid_pname.c \
25 | packet.c \
26 | conn_state.c \
27 | sids.c \
28 | disp_sr.c \
29 | ev_recv.c
30 |
31 | !if "$(NTDEBUG)"=="ntsdnodbg"
32 | NTDEBUG=
33 | !endif
34 |
35 | !ifndef NTDEBUG
36 | NTDEBUG=retail
37 | !endif
38 |
--------------------------------------------------------------------------------
/tdi_fw/conn_state.h:
--------------------------------------------------------------------------------
1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
2 | //
3 | // $Id: conn_state.h,v 1.1 2009/04/28 12:53:27 tanwen Exp $
4 |
5 | #ifndef _conn_state_h_
6 | #define _conn_state_h_
7 |
8 | #include "ipc.h"
9 |
10 | NTSTATUS conn_state_init(void);
11 | void conn_state_free(void);
12 |
13 | /* work with listening ports for all protocols */
14 |
15 | NTSTATUS add_listen(struct ot_entry *ote_addr);
16 |
17 | void del_listen_obj(struct listen_entry *le, BOOLEAN no_guard);
18 |
19 | BOOLEAN is_listen(ULONG addr, USHORT port, int ipproto);
20 |
21 | BOOLEAN is_bcast_listen(ULONG addr, USHORT port, int ipproto);
22 |
23 | NTSTATUS enum_listen(struct listen_nfo *buf, ULONG *buf_len, ULONG buf_size);
24 |
25 | /* work with TCP only connections */
26 |
27 | NTSTATUS add_tcp_conn(struct ot_entry *ote_conn, int tcp_state);
28 | void del_tcp_conn(PFILE_OBJECT connobj, BOOLEAN is_disconnect);
29 |
30 | void del_tcp_conn_obj(struct conn_entry *ce, BOOLEAN no_guard);
31 | void log_disconnect(struct ot_entry *ote_conn);
32 |
33 | NTSTATUS set_tcp_conn_state(PFILE_OBJECT connobj, int state);
34 | NTSTATUS set_tcp_conn_local(PFILE_OBJECT connobj, TA_ADDRESS *local);
35 |
36 | int get_tcp_conn_state(ULONG laddr, USHORT lport, ULONG raddr, USHORT rport);
37 | int get_tcp_conn_state_by_obj(PFILE_OBJECT connobj);
38 |
39 | NTSTATUS enum_tcp_conn(struct tcp_conn_nfo *buf, ULONG *buf_len, ULONG buf_size);
40 |
41 | #endif
42 |
--------------------------------------------------------------------------------
/tdi_fw/dispatch.c:
--------------------------------------------------------------------------------
1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
2 | *
3 | * Redistribution and use in source forms, with and without modification,
4 | * are permitted provided that this entire comment appears intact.
5 | *
6 | * Redistribution in binary form may occur without any restrictions.
7 | *
8 | * This software is provided ``AS IS'' without any warranties of any kind.
9 | */
10 |
11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
12 | //
13 | // $Id: dispatch.c,v 1.1 2009/04/28 12:53:27 tanwen Exp $
14 |
15 | /*
16 | * Dispatch routines for TDI ioctls
17 | */
18 |
19 | #include
20 | #include
21 | #include "sock.h"
22 |
23 | #include "dispatch.h"
24 |
25 | #if DBG
26 | # define ENTRY(code, fn) {code, fn, #code}
27 | # define LAST_ENTRY {0, NULL, NULL}
28 | #else
29 | # define ENTRY(code, fn) {code, fn}
30 | # define LAST_ENTRY {0, NULL}
31 | #endif
32 |
33 | struct tdi_ioctl g_tdi_ioctls[] = {
34 | ENTRY(TDI_ASSOCIATE_ADDRESS, tdi_associate_address),
35 | ENTRY(TDI_CONNECT, tdi_connect),
36 | ENTRY(TDI_DISASSOCIATE_ADDRESS, tdi_disassociate_address),
37 | ENTRY(TDI_SET_EVENT_HANDLER, tdi_set_event_handler),
38 | ENTRY(TDI_SEND_DATAGRAM, tdi_send_datagram),
39 | ENTRY(TDI_RECEIVE_DATAGRAM, tdi_receive_datagram),
40 | ENTRY(TDI_DISCONNECT, tdi_disconnect),
41 | ENTRY(TDI_SEND, tdi_send),
42 | ENTRY(TDI_RECEIVE, tdi_receive),
43 | #if 1 // for now only deny stubs for security reasons
44 | ENTRY(TDI_ACCEPT, tdi_deny_stub),
45 | ENTRY(TDI_LISTEN, tdi_deny_stub),
46 | #endif
47 | LAST_ENTRY
48 | };
49 |
--------------------------------------------------------------------------------
/tdi_fw/dispatch.h:
--------------------------------------------------------------------------------
1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
2 | //
3 | // $Id: dispatch.h,v 1.1 2009/04/28 12:53:27 tanwen Exp $
4 |
5 | #ifndef _dispatch_h_
6 | #define _dispatch_h_
7 |
8 | // information about completion routine
9 | struct completion {
10 | PIO_COMPLETION_ROUTINE routine;
11 | PVOID context;
12 | };
13 |
14 | /*
15 | * TDI ioctl dispatcher function
16 | * returns FILTER_xxx
17 | */
18 | typedef int tdi_ioctl_fn_t(PIRP irp, PIO_STACK_LOCATION irps, struct completion *completion);
19 |
20 | // IRP_MJ_CREATE, IRP_MJ_CLEANUP dispatch routines
21 | extern tdi_ioctl_fn_t tdi_create, tdi_cleanup;
22 |
23 | // IRP_MJ_INTERNAL_DEVICE_CONTROL ioctl dispatch routines
24 | extern tdi_ioctl_fn_t
25 | tdi_associate_address,
26 | tdi_connect,
27 | tdi_disassociate_address,
28 | tdi_set_event_handler,
29 | tdi_send_datagram,
30 | tdi_receive_datagram,
31 | tdi_disconnect,
32 | tdi_send,
33 | tdi_receive,
34 | tdi_deny_stub;
35 |
36 | // helper struct for calling of TDI ioctls
37 | struct tdi_ioctl {
38 | UCHAR MinorFunction;
39 | tdi_ioctl_fn_t *fn;
40 |
41 | #if DBG
42 | // for debugging
43 | const char *desc;
44 | #endif
45 | };
46 |
47 | extern struct tdi_ioctl g_tdi_ioctls[];
48 |
49 | #endif
50 |
--------------------------------------------------------------------------------
/tdi_fw/events.c:
--------------------------------------------------------------------------------
1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
2 | *
3 | * Redistribution and use in source forms, with and without modification,
4 | * are permitted provided that this entire comment appears intact.
5 | *
6 | * Redistribution in binary form may occur without any restrictions.
7 | *
8 | * This software is provided ``AS IS'' without any warranties of any kind.
9 | */
10 |
11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
12 | //
13 | // $Id: events.c,v 1.1 2009/04/28 12:53:27 tanwen Exp $
14 |
15 | /*
16 | * Replaced event handlers for TDI events
17 | */
18 |
19 | #include
20 | #include
21 | #include "sock.h"
22 |
23 | #include "events.h"
24 | #include "memtrack.h"
25 |
26 | // to simplify processing don't use chained handlers for datagrams
27 | struct tdi_event_handler g_tdi_event_handlers[]= {
28 | {TDI_EVENT_CONNECT, tdi_event_connect},
29 | {TDI_EVENT_DISCONNECT, tdi_event_disconnect},
30 | {TDI_EVENT_RECEIVE_DATAGRAM, tdi_event_receive_datagram},
31 | {TDI_EVENT_CHAINED_RECEIVE_DATAGRAM, NULL},
32 | {TDI_EVENT_RECEIVE, tdi_event_receive},
33 | {TDI_EVENT_RECEIVE_EXPEDITED, tdi_event_receive},
34 | {TDI_EVENT_CHAINED_RECEIVE, tdi_event_chained_receive},
35 | {TDI_EVENT_CHAINED_RECEIVE_EXPEDITED, tdi_event_chained_receive},
36 | {(ULONG)-1, NULL}
37 | };
38 |
--------------------------------------------------------------------------------
/tdi_fw/events.h:
--------------------------------------------------------------------------------
1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
2 | //
3 | // $Id: events.h,v 1.1 2009/04/28 12:53:27 tanwen Exp $
4 |
5 | #ifndef _events_h_
6 | #define _events_h_
7 |
8 | #include "obj_tbl.h"
9 |
10 | NTSTATUS tdi_event_connect(
11 | IN PVOID TdiEventContext,
12 | IN LONG RemoteAddressLength,
13 | IN PVOID RemoteAddress,
14 | IN LONG UserDataLength,
15 | IN PVOID UserData,
16 | IN LONG OptionsLength,
17 | IN PVOID Options,
18 | OUT CONNECTION_CONTEXT *ConnectionContext,
19 | OUT PIRP *AcceptIrp);
20 |
21 | NTSTATUS tdi_event_disconnect(
22 | IN PVOID TdiEventContext,
23 | IN CONNECTION_CONTEXT ConnectionContext,
24 | IN LONG DisconnectDataLength,
25 | IN PVOID DisconnectData,
26 | IN LONG DisconnectInformationLength,
27 | IN PVOID DisconnectInformation,
28 | IN ULONG DisconnectFlags);
29 |
30 | NTSTATUS tdi_event_receive_datagram(
31 | IN PVOID TdiEventContext,
32 | IN LONG SourceAddressLength,
33 | IN PVOID SourceAddress,
34 | IN LONG OptionsLength,
35 | IN PVOID Options,
36 | IN ULONG ReceiveDatagramFlags,
37 | IN ULONG BytesIndicated,
38 | IN ULONG BytesAvailable,
39 | OUT ULONG *BytesTaken,
40 | IN PVOID Tsdu,
41 | OUT PIRP *IoRequestPacket);
42 |
43 | NTSTATUS tdi_event_receive(
44 | IN PVOID TdiEventContext,
45 | IN CONNECTION_CONTEXT ConnectionContext,
46 | IN ULONG ReceiveFlags,
47 | IN ULONG BytesIndicated,
48 | IN ULONG BytesAvailable,
49 | OUT ULONG *BytesTaken,
50 | IN PVOID Tsdu,
51 | OUT PIRP *IoRequestPacket);
52 |
53 | NTSTATUS tdi_event_chained_receive(
54 | IN PVOID TdiEventContext,
55 | IN CONNECTION_CONTEXT ConnectionContext,
56 | IN ULONG ReceiveFlags,
57 | IN ULONG ReceiveLength,
58 | IN ULONG StartingOffset,
59 | IN PMDL Tsdu,
60 | IN PVOID TsduDescriptor);
61 |
62 | // helper struct for calling one of the handlers
63 | struct tdi_event_handler {
64 | LONG event;
65 | PVOID handler;
66 | };
67 |
68 | extern struct tdi_event_handler g_tdi_event_handlers[];
69 |
70 | #endif
71 |
--------------------------------------------------------------------------------
/tdi_fw/filter.h:
--------------------------------------------------------------------------------
1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
2 | *
3 | * Redistribution and use in source forms, with and without modification,
4 | * are permitted provided that this entire comment appears intact.
5 | *
6 | * Redistribution in binary form may occur without any restrictions.
7 | *
8 | * This software is provided ``AS IS'' without any warranties of any kind.
9 | */
10 |
11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
12 | //
13 | // $Id: filter.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $
14 |
15 | #ifndef _filter_h_
16 | #define _filter_h_
17 |
18 | #include "ipc.h"
19 |
20 | NTSTATUS filter_init(void);
21 | NTSTATUS filter_init_2(void);
22 |
23 | void filter_free(void);
24 | void filter_free_2(void);
25 |
26 | NTSTATUS add_flt_rule(int chain, const struct flt_rule *rule);
27 | NTSTATUS clear_flt_chain(int chain);
28 | NTSTATUS activate_flt_chain(int chain);
29 | NTSTATUS set_chain_pname(int chain, char *pname);
30 | NTSTATUS set_pid_pname(ULONG pid, char *pname);
31 |
32 | BOOLEAN default_chain_only(void);
33 |
34 | int quick_filter(struct flt_request *request, struct flt_rule *rule);
35 |
36 | BOOLEAN log_request(struct flt_request *request);
37 | ULONG get_request(char *buf, ULONG buf_size);
38 |
39 | #endif
40 |
--------------------------------------------------------------------------------
/tdi_fw/memtrack.h:
--------------------------------------------------------------------------------
1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
2 | *
3 | * Redistribution and use in source forms, with and without modification,
4 | * are permitted provided that this entire comment appears intact.
5 | *
6 | * Redistribution in binary form may occur without any restrictions.
7 | *
8 | * This software is provided ``AS IS'' without any warranties of any kind.
9 | */
10 |
11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
12 | //
13 | // $Id: memtrack.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $
14 |
15 | #ifndef _memtrack_h_
16 | #define _memtrack_h_
17 |
18 | #define MEM_TAG '1VRD'
19 |
20 | #if DBG
21 |
22 | void memtrack_init(void);
23 | void memtrack_free(void);
24 |
25 | void *mt_malloc(ULONG size, const char *file, ULONG line);
26 |
27 | // allocate memory from nonpaged pool
28 | #define malloc_np(size) mt_malloc((size), __FILE__, __LINE__)
29 |
30 | void free(void *ptr);
31 |
32 | // debug macro
33 | #define _TEST_ME_ __asm int 3
34 |
35 | #else /* DBG */
36 |
37 | #define memtrack_init()
38 | #define memtrack_free()
39 |
40 | #define malloc_np(size) ExAllocatePoolWithTag(NonPagedPool, (size), MEM_TAG)
41 | #define free(ptr) ExFreePool(ptr)
42 |
43 |
44 | #define _TEST_ME_
45 |
46 | #endif /* DBG */
47 |
48 | #endif
49 |
--------------------------------------------------------------------------------
/tdi_fw/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%3"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | set INCLUDE=%INCLUDE%;%BASEDIR%\inc\ddk\;%BASEDIR%\inc\%2\
11 |
12 | @echo on
13 | build
14 |
15 | if not exist ..\inc mkdir ..\inc
16 | if not exist ..\inc\tdi_fw mkdir ..\inc\tdi_fw
17 | if not exist ..\lib mkdir ..\lib
18 | copy *.h ..\inc\tdi_fw\
19 | copy .\obj%1_%2_x86\i386\tdi_fw.lib ..\lib\tdi_fw_%1_%2.lib
--------------------------------------------------------------------------------
/tdi_fw/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/tdi_fw/net.h:
--------------------------------------------------------------------------------
1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
2 | //
3 | // $Id: net.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $
4 |
5 | #ifndef _net_h_
6 | #define _net_h_
7 |
8 | /*
9 | * network definitions
10 | */
11 |
12 | #pragma pack(1)
13 |
14 | struct ether_hdr {
15 | UCHAR ether_dhost[6];
16 | UCHAR ether_shost[6];
17 | USHORT ether_type;
18 | };
19 |
20 | #define ETHERTYPE_IP 0x0800 /* IP protocol */
21 |
22 | #define IP_DF 0x4000 /* dont fragment flag */
23 | #define IP_MF 0x2000 /* more fragments flag */
24 | #define IP_OFFMASK 0x1fff /* mask for fragmenting bits */
25 |
26 | struct ip_hdr {
27 | UCHAR ip_hl:4; /* header length */
28 | UCHAR ip_v:4; /* version */
29 | UCHAR ip_tos; /* type of service */
30 | USHORT ip_len; /* total length */
31 | USHORT ip_id; /* identification */
32 | USHORT ip_off; /* fragment offset field */
33 | UCHAR ip_ttl; /* time to live */
34 | UCHAR ip_p; /* protocol */
35 | USHORT ip_sum; /* checksum */
36 | ULONG ip_src; /* source address */
37 | ULONG ip_dst; /* dest address */
38 | };
39 |
40 | struct icmp_hdr {
41 | UCHAR icmp_type; /* type of message */
42 | UCHAR icmp_code; /* type sub code */
43 | USHORT icmp_cksum; /* ones complement cksum of struct */
44 | };
45 |
46 | struct udp_hdr {
47 | USHORT uh_sport; /* source port */
48 | USHORT uh_dport; /* destination port */
49 | USHORT uh_ulen; /* udp length */
50 | USHORT uh_sum; /* udp checksum */
51 | };
52 |
53 | #define TH_FIN 0x01
54 | #define TH_SYN 0x02
55 | #define TH_RST 0x04
56 | #define TH_PUSH 0x08
57 | #define TH_ACK 0x10
58 | #define TH_URG 0x20
59 |
60 | struct tcp_hdr {
61 | USHORT th_sport; /* source port */
62 | USHORT th_dport; /* destination port */
63 | ULONG th_seq; /* sequence number */
64 | ULONG th_ack; /* acknowledgement number */
65 |
66 | UCHAR th_x2:4; /* (unused) */
67 | UCHAR th_off:4; /* data offset */
68 | UCHAR th_flags;
69 |
70 | USHORT th_win; /* window */
71 | USHORT th_sum; /* checksum */
72 | USHORT th_urp; /* urgent pointer */
73 | };
74 |
75 | #pragma pack()
76 |
77 | #endif
78 |
--------------------------------------------------------------------------------
/tdi_fw/packet.h:
--------------------------------------------------------------------------------
1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
2 | //
3 | // $Id: packet.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $
4 |
5 | #ifndef _packet_h_
6 | #define _packet_h_
7 |
8 | NTSTATUS init_packet(void);
9 | void free_packet(void);
10 |
11 | #endif
12 |
--------------------------------------------------------------------------------
/tdi_fw/pid_pname.h:
--------------------------------------------------------------------------------
1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
2 | //
3 | // $Id: pid_pname.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $
4 |
5 | #ifndef _pid_pname_h_
6 | #define _pid_pname_h_
7 |
8 | void pid_pname_init(void);
9 | void pid_pname_free(void);
10 |
11 | BOOLEAN pid_pname_resolve(ULONG pid, char *buf, int buf_size);
12 |
13 | NTSTATUS pid_pname_set_event(ULONG pid, KEVENT *event);
14 |
15 | NTSTATUS pid_pname_set(ULONG pid, const char *pname, int context);
16 | int pid_pname_get_context(ULONG pid);
17 |
18 | #endif
19 |
--------------------------------------------------------------------------------
/tdi_fw/readme.txt:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/tdi_fw/sids.h:
--------------------------------------------------------------------------------
1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
2 | *
3 | * Redistribution and use in source forms, with and without modification,
4 | * are permitted provided that this entire comment appears intact.
5 | *
6 | * Redistribution in binary form may occur without any restrictions.
7 | *
8 | * This software is provided ``AS IS'' without any warranties of any kind.
9 | */
10 |
11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
12 | //
13 | // $Id: sids.h,v 1.1 2009/04/28 12:53:28 tanwen Exp $
14 |
15 | #ifndef _sids_h_
16 | #define _sids_h_
17 |
18 | /* SID stuff */
19 |
20 | struct _SID_AND_ATTRIBUTES *get_current_sid_a(ULONG *sid_a_size);
21 | struct _SID_AND_ATTRIBUTES *copy_sid_a(struct _SID_AND_ATTRIBUTES *sid_a, ULONG sid_a_size);
22 |
23 | void sids_init(void);
24 |
25 | int get_sid_id(struct _SID_AND_ATTRIBUTES *sid_a, ULONG sid_a_size);
26 |
27 | /* size can be NULL; buf is ULONG sid_len; SID ... */
28 | NTSTATUS set_sid_list(char *buf, ULONG size);
29 |
30 | #endif
31 |
--------------------------------------------------------------------------------
/tdi_fw/sock.c:
--------------------------------------------------------------------------------
1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
2 | *
3 | * Redistribution and use in source forms, with and without modification,
4 | * are permitted provided that this entire comment appears intact.
5 | *
6 | * Redistribution in binary form may occur without any restrictions.
7 | *
8 | * This software is provided ``AS IS'' without any warranties of any kind.
9 | */
10 |
11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
12 | //
13 | // $Id: sock.c,v 1.1 2009/04/28 12:53:28 tanwen Exp $
14 |
15 | /*
16 | * Some helpers from sockets
17 | */
18 |
19 | #include
20 | #include
21 | #include "sock.h"
22 |
23 | u_long
24 | ntohl (u_long netlong)
25 | {
26 | u_long result = 0;
27 | ((char *)&result)[0] = ((char *)&netlong)[3];
28 | ((char *)&result)[1] = ((char *)&netlong)[2];
29 | ((char *)&result)[2] = ((char *)&netlong)[1];
30 | ((char *)&result)[3] = ((char *)&netlong)[0];
31 | return result;
32 | }
33 |
34 | u_short
35 | ntohs (u_short netshort)
36 | {
37 | u_short result = 0;
38 | ((char *)&result)[0] = ((char *)&netshort)[1];
39 | ((char *)&result)[1] = ((char *)&netshort)[0];
40 | return result;
41 | }
42 |
--------------------------------------------------------------------------------
/tdi_fw/tdi_fw_lib.h:
--------------------------------------------------------------------------------
1 | /**
2 | * @file tdi_fw_lib
3 | * @author tan wen
4 | * @brief I add this file to simplise the including of tdi_fw.lib's
5 | * header file. tdi_fw.lib is a library based on tdi_fw. You
6 | * can link this library to build a tdi filter driver easily.
7 | */
8 |
9 | #ifndef _TDI_FW_LIB_HEADER_
10 | #define _TDI_FW_LIB_HEADER_
11 |
12 | #include
13 | #include
14 | #include "net.h"
15 | #include "sock.h"
16 | #include "ipc.h"
17 |
18 | /** If you use tdi_fw.lib to build your tdi filter driver, you must write
19 | * tdifw_driver_entry(), tdifw_driver_unload(), tdifw_user_device_dispatch(),
20 | * tdifw_filter(). You can't change these function's name or use their name
21 | * to define other functions or vals. These functions' prototypes are as below.
22 | */
23 |
24 | /** tdifw_driver_entry is just like DriverEntry. tdi_fw.lib already havs the
25 | * function which named DriverEntry. So when you is using tdi_fw.lib to develop
26 | * a tdi neckwork filter, use tdifw_driver_entry instead. Don't to set driver's
27 | * dispatch function here. tdi_fw has used them. But if you create any device
28 | * here, you may use tdifw_register_user_device() to resigter them. When any
29 | * irp is sending to your devices, tdifw_user_device_dispatch() will be called.
30 | * You can dispatch your irp here.
31 | */
32 | extern NTSTATUS
33 | tdifw_driver_entry(
34 | IN PDRIVER_OBJECT theDriverObject,
35 | IN PUNICODE_STRING theRegistryPath);
36 |
37 | /** tdifw_driver_unload is just like DriverUnload. It will be called when this
38 | * driver is unloading. Delete all devices you created and free memory you
39 | * allocated here.
40 | */
41 | extern VOID
42 | tdifw_driver_unload(
43 | IN PDRIVER_OBJECT DriverObject);
44 |
45 | /** tdifw_user_device_dispatch() will be called when any device which you
46 | * have created and used tdifw_register_user_device() to register got any
47 | * irp. You should complete any such irp here. Don't passthru.
48 | */
49 | extern NTSTATUS tdifw_user_device_dispatch(
50 | IN PDEVICE_OBJECT DeviceObject, IN PIRP irp);
51 |
52 | /** These function will be call when any network event happends. You can choose
53 | * interested event to filter. return FLT_ALLOW to passthru or FLT_DENY to
54 | * refuse this event. See the strcut flt_request for more details.
55 | */
56 | extern int tdifw_filter(struct flt_request *request);
57 |
58 | BOOLEAN tdifw_register_user_device(PDEVICE_OBJECT dev);
59 |
60 | #endif // _TDI_FW_LIB_HEADER_
61 |
--------------------------------------------------------------------------------
/tdifw_smpl/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1998
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | !ENDIF
10 |
11 | #
12 | # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
13 | # file to this component. This file merely indirects to the real make file
14 | # that is shared by all the components of Windows NT
15 | #
16 |
17 | #
18 | # if building in a DDK environment
19 | #
20 | !IF defined(DDK_TARGET_OS)
21 |
22 | #
23 | # ensure that said build environment is at least Windows XP
24 | # 0x500 == Windows 2000
25 | # 0x501 == Windows XP
26 | # 0x502 == Windows .NET
27 | #
28 | ! IF defined(_NT_TARGET_VERSION) && $(_NT_TARGET_VERSION)>=0x501
29 | ! INCLUDE $(NTMAKEENV)\makefile.def
30 | ! ELSE
31 | ! message BUILDMSG: Warning : The sample "$(MAKEDIR)" is not valid for the current OS target.
32 | ! ENDIF
33 |
34 | !ELSE
35 |
36 | #
37 | # not a DDK environment, probably RAZZLE, so build
38 | #
39 | ! INCLUDE $(NTMAKEENV)\makefile.def
40 |
41 | !ENDIF
42 |
43 |
--------------------------------------------------------------------------------
/tdifw_smpl/my_build.bat:
--------------------------------------------------------------------------------
1 | @echo on
2 | @echo %1 is chk or fre %2 is WXP or W2K or WNET.
3 |
4 | if "%4"=="/a" call my_clean %1 %2
5 |
6 | pushd.
7 | call %BASEDIR%\bin\setenv.bat %BASEDIR% %1 %2
8 | popd
9 |
10 | @echo on
11 | build
--------------------------------------------------------------------------------
/tdifw_smpl/my_clean.bat:
--------------------------------------------------------------------------------
1 | if exist Debug rd /s /q Debug
2 | if exist Release rd /s /q Release
3 | if exist obj%1_%2_x86 rd /s /q obj%1_%2_x86
4 |
--------------------------------------------------------------------------------
/tdifw_smpl/readme.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MAKEFILE PROJECT : sflt_smpl Project Overview
3 | ========================================================================
4 |
5 | AppWizard has created this sflt_smpl project for you.
6 |
7 | This file contains a summary of what you will find in each of the files that
8 | make up your sflt_smpl project.
9 |
10 |
11 | sflt_smpl.vcproj
12 | This is the main project file for VC++ projects generated using an Application Wizard.
13 | It contains information about the version of Visual C++ that generated the file, and
14 | information about the platforms, configurations, and project features selected with the
15 | Application Wizard.
16 |
17 | This project allows you to build/clean/rebuild from within Visual Studio by calling the commands you have input
18 | in the wizard. The build command can be nmake or any other tool you use.
19 |
20 | This project does not contain any files, so there are none displayed in Solution Explorer.
21 |
22 | /////////////////////////////////////////////////////////////////////////////
23 |
--------------------------------------------------------------------------------
/tdifw_smpl/sources:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1997 - 1999
4 |
5 | Module Name:
6 |
7 | sources.
8 |
9 | !ENDIF
10 |
11 | TARGETNAME=tdifw_smpl
12 | TARGETPATH=obj
13 | TARGETTYPE=DRIVER
14 | DRIVERTYPE=DRIVER
15 | SOURCES=tdifw_smpl.c
16 |
17 | LIB_POST_FIX=WNET
18 |
19 | !if "$(DDK_TARGET_OS)"=="WinXP"
20 | LIB_POST_FIX=WXP
21 | !endif
22 |
23 | !if "$(DDK_TARGET_OS)"=="Win2K"
24 | LIB_POST_FIX=W2K
25 | !endif
26 |
27 | TARGETLIBS= $(DDK_LIB_PATH)\tdi.lib \
28 | ..\lib\tdi_fw_$(DDKBUILDENV)_$(LIB_POST_FIX).lib
29 |
30 |
31 |
--------------------------------------------------------------------------------
/tdifw_smpl/tdifw_smpl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/fml927/windows_kernel_security_and_driver_development/bb01f42acb40fc60512edd5b5b0bcc8744acaccd/tdifw_smpl/tdifw_smpl.c
--------------------------------------------------------------------------------
/tdifw_smpl/tdifw_smpl.vcproj.7.10.old:
--------------------------------------------------------------------------------
1 |
2 |
8 |
9 |
11 |
12 |
13 |
18 |
24 |
25 |
30 |
36 |
37 |
38 |
39 |
40 |
41 |
45 |
47 |
48 |
50 |
51 |
53 |
54 |
55 |
59 |
60 |
64 |
65 |
67 |
68 |
70 |
71 |
73 |
74 |
75 |
76 |
77 |
78 |
--------------------------------------------------------------------------------