├── .gitattributes
├── .gitignore
├── EasyRing0.sln
├── Tutorial_1_Driver_Management
├── Tutorial_1_Driver_Management.vcxproj
└── main.cpp
├── Tutorial_2_Simple_Driver
├── Tutorial_2_Simple_Driver.inf
├── Tutorial_2_Simple_Driver.vcxproj
└── main.c
├── Tutorial_3_Hide_Driver
├── Tutorial_3_Hide_Driver.inf
├── Tutorial_3_Hide_Driver.vcxproj
└── main.c
├── Tutorial_4_Dispatch_Communication_CLI
├── Tutorial_4_Dispatch_Communication_CLI.cpp
└── Tutorial_4_Dispatch_Communication_CLI.vcxproj
├── Tutorial_4_Dispatch_Communication_Sys
├── Tutorial_4_Dispatch_Communication_Sys.inf
├── Tutorial_4_Dispatch_Communication_Sys.vcxproj
└── main.c
├── Tutorial_5_IOCTL_Communication_CLI
├── Tutorial_5_IOCTL_Communication_CLI.cpp
└── Tutorial_5_IOCTL_Communication_CLI.vcxproj
├── Tutorial_5_IOCTL_Communication_SYS
├── Tutorial_5_IOCTL_Communication_SYS.inf
├── Tutorial_5_IOCTL_Communication_SYS.vcxproj
└── main.c
├── Tutorial_6_ShareMem_Communication_CLI
├── Tutorial_6_ShareMem_Communication_CLI.cpp
└── Tutorial_6_ShareMem_Communication_CLI.vcxproj
├── Tutorial_6_ShareMem_Communication_SYS
├── Tutorial_6_ShareMem_Communication_SYS.inf
├── Tutorial_6_ShareMem_Communication_SYS.vcxproj
├── helper.c
├── helper.h
└── main.c
├── Tutorial_7_NamedPipe_Communication_Client_SYS
├── Tutorial_7_NamedPipe_Communication_Client_SYS.inf
├── Tutorial_7_NamedPipe_Communication_Client_SYS.vcxproj
└── main.c
└── Tutorial_7_NamedPipe_Communication_Server_CLI
├── Tutorial_7_NamedPipe_Communication_Server_CLI.cpp
└── Tutorial_7_NamedPipe_Communication_Server_CLI.vcxproj
/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Windows image file caches
2 | [Tt]humbs.db
3 | *.DS_Store
4 | ehthumbs.db
5 |
6 | # Folder config file
7 | Desktop.ini
8 |
9 | # Recycle Bin used on file shares
10 | $RECYCLE.BIN/
11 |
12 | # Windows Installer files
13 | *.cab
14 | *.msi
15 | *.msm
16 | *.msp
17 |
18 | # Windows shortcuts
19 | *.lnk
20 |
21 | # =========================
22 | # Operating System Files
23 | # =========================
24 |
25 | # OSX
26 | # =========================
27 |
28 | .DS_Store
29 | .AppleDouble
30 | .LSOverride
31 |
32 | # Thumbnails
33 | ._*
34 |
35 | # Files that might appear in the root of a volume
36 | .DocumentRevisions-V100
37 | .fseventsd
38 | .Spotlight-V100
39 | .TemporaryItems
40 | .Trashes
41 | .VolumeIcon.icns
42 |
43 | # Directories potentially created on remote AFP share
44 | .AppleDB
45 | .AppleDesktop
46 | Network Trash Folder
47 | Temporary Items
48 | .apdisk
49 |
50 | #Visual Studio files
51 | .vs/
52 | *.[Oo]bj
53 | *.user
54 | *.aps
55 | *.pch
56 | *.vspscc
57 | *.vssscc
58 | *_i.c
59 | *_p.c
60 | *.obj
61 | *.ncb
62 | *.suo
63 | *.tlb
64 | *.tlh
65 | *.bak
66 | *.[Cc]ache
67 | *.ilk
68 | *.log
69 | *.tlog
70 | *.pdb
71 | *.cer
72 | *.lib
73 | *.sbr
74 | *.sdf
75 | *.opensdf
76 | *.unsuccessfulbuild
77 | *.lastbuildstate
78 | ipch/
79 | obj/
80 | cmake/
81 | [Bb]in
82 | [Dd]ebug*/
83 | [Rr]elease*/
84 | Ankh.NoLoad
85 |
86 | # visual studio database projects
87 | *.dbmdl
88 |
89 | *.ggpk
90 | *.idb
91 | *.db
92 | *.iobj
93 | *.ipdb
--------------------------------------------------------------------------------
/EasyRing0.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.28705.295
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Tutorial_1_Driver_Management", "Tutorial_1_Driver_Management\Tutorial_1_Driver_Management.vcxproj", "{B3F17D81-02F9-4AE7-B083-402E36F8BB3F}"
7 | EndProject
8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Tutorial_2_Simple_Driver", "Tutorial_2_Simple_Driver\Tutorial_2_Simple_Driver.vcxproj", "{45A73DB4-792F-4B27-A07F-09B9A8E085B1}"
9 | EndProject
10 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Tutorial_3_Hide_Driver", "Tutorial_3_Hide_Driver\Tutorial_3_Hide_Driver.vcxproj", "{E2F6ED11-D1C6-4F06-BB24-74624F49BD25}"
11 | EndProject
12 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Tutorial_4_Dispatch_Communication_CLI", "Tutorial_4_Dispatch_Communication_CLI\Tutorial_4_Dispatch_Communication_CLI.vcxproj", "{4E8B5546-C340-44F3-BAE7-A374141CEFDD}"
13 | EndProject
14 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Tutorial_4_Dispatch_Communication_SYS", "Tutorial_4_Dispatch_Communication_Sys\Tutorial_4_Dispatch_Communication_Sys.vcxproj", "{C962399D-4EF6-4F5E-B9EA-892ED6CB9729}"
15 | EndProject
16 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Tutorial_5_IOCTL_Communication_CLI", "Tutorial_5_IOCTL_Communication_CLI\Tutorial_5_IOCTL_Communication_CLI.vcxproj", "{53BD8836-87B3-4CFA-AB99-24E7AF6F9264}"
17 | EndProject
18 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Tutorial_5_IOCTL_Communication_SYS", "Tutorial_5_IOCTL_Communication_SYS\Tutorial_5_IOCTL_Communication_SYS.vcxproj", "{4A66052B-B3AB-412D-A72A-C5C1733188C9}"
19 | EndProject
20 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Tutorial_6_ShareMem_Communication_CLI", "Tutorial_6_ShareMem_Communication_CLI\Tutorial_6_ShareMem_Communication_CLI.vcxproj", "{868436CA-0CE1-4722-BD8D-3AE186474F0B}"
21 | EndProject
22 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Tutorial_6_ShareMem_Communication_SYS", "Tutorial_6_ShareMem_Communication_SYS\Tutorial_6_ShareMem_Communication_SYS.vcxproj", "{99D22E9F-FDF2-49D7-9FA9-F89B0D998337}"
23 | EndProject
24 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Tutorial_7_NamedPipe_Communication_Server_CLI", "Tutorial_7_NamedPipe_Communication_Server_CLI\Tutorial_7_NamedPipe_Communication_Server_CLI.vcxproj", "{7E1D1E5F-3E1E-49E1-A07A-3F2E39308AA2}"
25 | EndProject
26 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Tutorial_7_NamedPipe_Communication_Client_SYS", "Tutorial_7_NamedPipe_Communication_Client_SYS\Tutorial_7_NamedPipe_Communication_Client_SYS.vcxproj", "{0671AB6F-81A6-402A-8605-5A71451B8EC5}"
27 | EndProject
28 | Global
29 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
30 | Debug|x64 = Debug|x64
31 | Debug|x86 = Debug|x86
32 | Release|x64 = Release|x64
33 | Release|x86 = Release|x86
34 | EndGlobalSection
35 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
36 | {B3F17D81-02F9-4AE7-B083-402E36F8BB3F}.Debug|x64.ActiveCfg = Debug|x64
37 | {B3F17D81-02F9-4AE7-B083-402E36F8BB3F}.Debug|x64.Build.0 = Debug|x64
38 | {B3F17D81-02F9-4AE7-B083-402E36F8BB3F}.Debug|x86.ActiveCfg = Debug|Win32
39 | {B3F17D81-02F9-4AE7-B083-402E36F8BB3F}.Debug|x86.Build.0 = Debug|Win32
40 | {B3F17D81-02F9-4AE7-B083-402E36F8BB3F}.Release|x64.ActiveCfg = Release|x64
41 | {B3F17D81-02F9-4AE7-B083-402E36F8BB3F}.Release|x64.Build.0 = Release|x64
42 | {B3F17D81-02F9-4AE7-B083-402E36F8BB3F}.Release|x86.ActiveCfg = Release|Win32
43 | {B3F17D81-02F9-4AE7-B083-402E36F8BB3F}.Release|x86.Build.0 = Release|Win32
44 | {45A73DB4-792F-4B27-A07F-09B9A8E085B1}.Debug|x64.ActiveCfg = Debug|x64
45 | {45A73DB4-792F-4B27-A07F-09B9A8E085B1}.Debug|x64.Build.0 = Debug|x64
46 | {45A73DB4-792F-4B27-A07F-09B9A8E085B1}.Debug|x64.Deploy.0 = Debug|x64
47 | {45A73DB4-792F-4B27-A07F-09B9A8E085B1}.Debug|x86.ActiveCfg = Debug|Win32
48 | {45A73DB4-792F-4B27-A07F-09B9A8E085B1}.Debug|x86.Build.0 = Debug|Win32
49 | {45A73DB4-792F-4B27-A07F-09B9A8E085B1}.Debug|x86.Deploy.0 = Debug|Win32
50 | {45A73DB4-792F-4B27-A07F-09B9A8E085B1}.Release|x64.ActiveCfg = Release|x64
51 | {45A73DB4-792F-4B27-A07F-09B9A8E085B1}.Release|x64.Build.0 = Release|x64
52 | {45A73DB4-792F-4B27-A07F-09B9A8E085B1}.Release|x64.Deploy.0 = Release|x64
53 | {45A73DB4-792F-4B27-A07F-09B9A8E085B1}.Release|x86.ActiveCfg = Release|Win32
54 | {45A73DB4-792F-4B27-A07F-09B9A8E085B1}.Release|x86.Build.0 = Release|Win32
55 | {45A73DB4-792F-4B27-A07F-09B9A8E085B1}.Release|x86.Deploy.0 = Release|Win32
56 | {E2F6ED11-D1C6-4F06-BB24-74624F49BD25}.Debug|x64.ActiveCfg = Debug|x64
57 | {E2F6ED11-D1C6-4F06-BB24-74624F49BD25}.Debug|x64.Build.0 = Debug|x64
58 | {E2F6ED11-D1C6-4F06-BB24-74624F49BD25}.Debug|x64.Deploy.0 = Debug|x64
59 | {E2F6ED11-D1C6-4F06-BB24-74624F49BD25}.Debug|x86.ActiveCfg = Debug|Win32
60 | {E2F6ED11-D1C6-4F06-BB24-74624F49BD25}.Debug|x86.Build.0 = Debug|Win32
61 | {E2F6ED11-D1C6-4F06-BB24-74624F49BD25}.Debug|x86.Deploy.0 = Debug|Win32
62 | {E2F6ED11-D1C6-4F06-BB24-74624F49BD25}.Release|x64.ActiveCfg = Release|x64
63 | {E2F6ED11-D1C6-4F06-BB24-74624F49BD25}.Release|x64.Build.0 = Release|x64
64 | {E2F6ED11-D1C6-4F06-BB24-74624F49BD25}.Release|x64.Deploy.0 = Release|x64
65 | {E2F6ED11-D1C6-4F06-BB24-74624F49BD25}.Release|x86.ActiveCfg = Release|Win32
66 | {E2F6ED11-D1C6-4F06-BB24-74624F49BD25}.Release|x86.Build.0 = Release|Win32
67 | {E2F6ED11-D1C6-4F06-BB24-74624F49BD25}.Release|x86.Deploy.0 = Release|Win32
68 | {4E8B5546-C340-44F3-BAE7-A374141CEFDD}.Debug|x64.ActiveCfg = Debug|x64
69 | {4E8B5546-C340-44F3-BAE7-A374141CEFDD}.Debug|x64.Build.0 = Debug|x64
70 | {4E8B5546-C340-44F3-BAE7-A374141CEFDD}.Debug|x86.ActiveCfg = Debug|Win32
71 | {4E8B5546-C340-44F3-BAE7-A374141CEFDD}.Debug|x86.Build.0 = Debug|Win32
72 | {4E8B5546-C340-44F3-BAE7-A374141CEFDD}.Release|x64.ActiveCfg = Release|x64
73 | {4E8B5546-C340-44F3-BAE7-A374141CEFDD}.Release|x64.Build.0 = Release|x64
74 | {4E8B5546-C340-44F3-BAE7-A374141CEFDD}.Release|x86.ActiveCfg = Release|Win32
75 | {4E8B5546-C340-44F3-BAE7-A374141CEFDD}.Release|x86.Build.0 = Release|Win32
76 | {C962399D-4EF6-4F5E-B9EA-892ED6CB9729}.Debug|x64.ActiveCfg = Debug|x64
77 | {C962399D-4EF6-4F5E-B9EA-892ED6CB9729}.Debug|x64.Build.0 = Debug|x64
78 | {C962399D-4EF6-4F5E-B9EA-892ED6CB9729}.Debug|x64.Deploy.0 = Debug|x64
79 | {C962399D-4EF6-4F5E-B9EA-892ED6CB9729}.Debug|x86.ActiveCfg = Debug|Win32
80 | {C962399D-4EF6-4F5E-B9EA-892ED6CB9729}.Debug|x86.Build.0 = Debug|Win32
81 | {C962399D-4EF6-4F5E-B9EA-892ED6CB9729}.Debug|x86.Deploy.0 = Debug|Win32
82 | {C962399D-4EF6-4F5E-B9EA-892ED6CB9729}.Release|x64.ActiveCfg = Release|x64
83 | {C962399D-4EF6-4F5E-B9EA-892ED6CB9729}.Release|x64.Build.0 = Release|x64
84 | {C962399D-4EF6-4F5E-B9EA-892ED6CB9729}.Release|x64.Deploy.0 = Release|x64
85 | {C962399D-4EF6-4F5E-B9EA-892ED6CB9729}.Release|x86.ActiveCfg = Release|Win32
86 | {C962399D-4EF6-4F5E-B9EA-892ED6CB9729}.Release|x86.Build.0 = Release|Win32
87 | {C962399D-4EF6-4F5E-B9EA-892ED6CB9729}.Release|x86.Deploy.0 = Release|Win32
88 | {53BD8836-87B3-4CFA-AB99-24E7AF6F9264}.Debug|x64.ActiveCfg = Debug|x64
89 | {53BD8836-87B3-4CFA-AB99-24E7AF6F9264}.Debug|x64.Build.0 = Debug|x64
90 | {53BD8836-87B3-4CFA-AB99-24E7AF6F9264}.Debug|x86.ActiveCfg = Debug|Win32
91 | {53BD8836-87B3-4CFA-AB99-24E7AF6F9264}.Debug|x86.Build.0 = Debug|Win32
92 | {53BD8836-87B3-4CFA-AB99-24E7AF6F9264}.Release|x64.ActiveCfg = Release|x64
93 | {53BD8836-87B3-4CFA-AB99-24E7AF6F9264}.Release|x64.Build.0 = Release|x64
94 | {53BD8836-87B3-4CFA-AB99-24E7AF6F9264}.Release|x86.ActiveCfg = Release|Win32
95 | {53BD8836-87B3-4CFA-AB99-24E7AF6F9264}.Release|x86.Build.0 = Release|Win32
96 | {4A66052B-B3AB-412D-A72A-C5C1733188C9}.Debug|x64.ActiveCfg = Debug|x64
97 | {4A66052B-B3AB-412D-A72A-C5C1733188C9}.Debug|x64.Build.0 = Debug|x64
98 | {4A66052B-B3AB-412D-A72A-C5C1733188C9}.Debug|x64.Deploy.0 = Debug|x64
99 | {4A66052B-B3AB-412D-A72A-C5C1733188C9}.Debug|x86.ActiveCfg = Debug|Win32
100 | {4A66052B-B3AB-412D-A72A-C5C1733188C9}.Debug|x86.Build.0 = Debug|Win32
101 | {4A66052B-B3AB-412D-A72A-C5C1733188C9}.Debug|x86.Deploy.0 = Debug|Win32
102 | {4A66052B-B3AB-412D-A72A-C5C1733188C9}.Release|x64.ActiveCfg = Release|x64
103 | {4A66052B-B3AB-412D-A72A-C5C1733188C9}.Release|x64.Build.0 = Release|x64
104 | {4A66052B-B3AB-412D-A72A-C5C1733188C9}.Release|x64.Deploy.0 = Release|x64
105 | {4A66052B-B3AB-412D-A72A-C5C1733188C9}.Release|x86.ActiveCfg = Release|Win32
106 | {4A66052B-B3AB-412D-A72A-C5C1733188C9}.Release|x86.Build.0 = Release|Win32
107 | {4A66052B-B3AB-412D-A72A-C5C1733188C9}.Release|x86.Deploy.0 = Release|Win32
108 | {868436CA-0CE1-4722-BD8D-3AE186474F0B}.Debug|x64.ActiveCfg = Debug|x64
109 | {868436CA-0CE1-4722-BD8D-3AE186474F0B}.Debug|x64.Build.0 = Debug|x64
110 | {868436CA-0CE1-4722-BD8D-3AE186474F0B}.Debug|x86.ActiveCfg = Debug|Win32
111 | {868436CA-0CE1-4722-BD8D-3AE186474F0B}.Debug|x86.Build.0 = Debug|Win32
112 | {868436CA-0CE1-4722-BD8D-3AE186474F0B}.Release|x64.ActiveCfg = Release|x64
113 | {868436CA-0CE1-4722-BD8D-3AE186474F0B}.Release|x64.Build.0 = Release|x64
114 | {868436CA-0CE1-4722-BD8D-3AE186474F0B}.Release|x86.ActiveCfg = Release|Win32
115 | {868436CA-0CE1-4722-BD8D-3AE186474F0B}.Release|x86.Build.0 = Release|Win32
116 | {99D22E9F-FDF2-49D7-9FA9-F89B0D998337}.Debug|x64.ActiveCfg = Debug|x64
117 | {99D22E9F-FDF2-49D7-9FA9-F89B0D998337}.Debug|x64.Build.0 = Debug|x64
118 | {99D22E9F-FDF2-49D7-9FA9-F89B0D998337}.Debug|x64.Deploy.0 = Debug|x64
119 | {99D22E9F-FDF2-49D7-9FA9-F89B0D998337}.Debug|x86.ActiveCfg = Debug|Win32
120 | {99D22E9F-FDF2-49D7-9FA9-F89B0D998337}.Debug|x86.Build.0 = Debug|Win32
121 | {99D22E9F-FDF2-49D7-9FA9-F89B0D998337}.Debug|x86.Deploy.0 = Debug|Win32
122 | {99D22E9F-FDF2-49D7-9FA9-F89B0D998337}.Release|x64.ActiveCfg = Release|x64
123 | {99D22E9F-FDF2-49D7-9FA9-F89B0D998337}.Release|x64.Build.0 = Release|x64
124 | {99D22E9F-FDF2-49D7-9FA9-F89B0D998337}.Release|x64.Deploy.0 = Release|x64
125 | {99D22E9F-FDF2-49D7-9FA9-F89B0D998337}.Release|x86.ActiveCfg = Release|Win32
126 | {99D22E9F-FDF2-49D7-9FA9-F89B0D998337}.Release|x86.Build.0 = Release|Win32
127 | {99D22E9F-FDF2-49D7-9FA9-F89B0D998337}.Release|x86.Deploy.0 = Release|Win32
128 | {7E1D1E5F-3E1E-49E1-A07A-3F2E39308AA2}.Debug|x64.ActiveCfg = Debug|x64
129 | {7E1D1E5F-3E1E-49E1-A07A-3F2E39308AA2}.Debug|x64.Build.0 = Debug|x64
130 | {7E1D1E5F-3E1E-49E1-A07A-3F2E39308AA2}.Debug|x86.ActiveCfg = Debug|Win32
131 | {7E1D1E5F-3E1E-49E1-A07A-3F2E39308AA2}.Debug|x86.Build.0 = Debug|Win32
132 | {7E1D1E5F-3E1E-49E1-A07A-3F2E39308AA2}.Release|x64.ActiveCfg = Release|x64
133 | {7E1D1E5F-3E1E-49E1-A07A-3F2E39308AA2}.Release|x64.Build.0 = Release|x64
134 | {7E1D1E5F-3E1E-49E1-A07A-3F2E39308AA2}.Release|x86.ActiveCfg = Release|Win32
135 | {7E1D1E5F-3E1E-49E1-A07A-3F2E39308AA2}.Release|x86.Build.0 = Release|Win32
136 | {0671AB6F-81A6-402A-8605-5A71451B8EC5}.Debug|x64.ActiveCfg = Debug|x64
137 | {0671AB6F-81A6-402A-8605-5A71451B8EC5}.Debug|x64.Build.0 = Debug|x64
138 | {0671AB6F-81A6-402A-8605-5A71451B8EC5}.Debug|x64.Deploy.0 = Debug|x64
139 | {0671AB6F-81A6-402A-8605-5A71451B8EC5}.Debug|x86.ActiveCfg = Debug|Win32
140 | {0671AB6F-81A6-402A-8605-5A71451B8EC5}.Debug|x86.Build.0 = Debug|Win32
141 | {0671AB6F-81A6-402A-8605-5A71451B8EC5}.Debug|x86.Deploy.0 = Debug|Win32
142 | {0671AB6F-81A6-402A-8605-5A71451B8EC5}.Release|x64.ActiveCfg = Release|x64
143 | {0671AB6F-81A6-402A-8605-5A71451B8EC5}.Release|x64.Build.0 = Release|x64
144 | {0671AB6F-81A6-402A-8605-5A71451B8EC5}.Release|x64.Deploy.0 = Release|x64
145 | {0671AB6F-81A6-402A-8605-5A71451B8EC5}.Release|x86.ActiveCfg = Release|Win32
146 | {0671AB6F-81A6-402A-8605-5A71451B8EC5}.Release|x86.Build.0 = Release|Win32
147 | {0671AB6F-81A6-402A-8605-5A71451B8EC5}.Release|x86.Deploy.0 = Release|Win32
148 | EndGlobalSection
149 | GlobalSection(SolutionProperties) = preSolution
150 | HideSolutionNode = FALSE
151 | EndGlobalSection
152 | GlobalSection(ExtensibilityGlobals) = postSolution
153 | SolutionGuid = {CE8830F0-5797-4508-BE5C-0A5EB40B25FB}
154 | EndGlobalSection
155 | EndGlobal
156 |
--------------------------------------------------------------------------------
/Tutorial_1_Driver_Management/Tutorial_1_Driver_Management.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 15.0
23 | {B3F17D81-02F9-4AE7-B083-402E36F8BB3F}
24 | Win32Proj
25 | Tutorial1DriverManagement
26 | 10.0
27 |
28 |
29 |
30 | Application
31 | true
32 | v142
33 | Unicode
34 |
35 |
36 | Application
37 | false
38 | v142
39 | true
40 | Unicode
41 |
42 |
43 | Application
44 | true
45 | v142
46 | Unicode
47 |
48 |
49 | Application
50 | false
51 | v142
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | true
78 |
79 |
80 | false
81 |
82 |
83 | false
84 |
85 |
86 |
87 | NotUsing
88 | Level3
89 | Disabled
90 | true
91 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
92 | true
93 |
94 |
95 | Console
96 | true
97 |
98 |
99 |
100 |
101 | NotUsing
102 | Level3
103 | Disabled
104 | true
105 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
106 | true
107 |
108 |
109 | Console
110 | true
111 |
112 |
113 |
114 |
115 | NotUsing
116 | Level3
117 | MaxSpeed
118 | true
119 | true
120 | true
121 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
122 | true
123 |
124 |
125 | Console
126 | true
127 | true
128 | true
129 |
130 |
131 |
132 |
133 | NotUsing
134 | Level3
135 | MaxSpeed
136 | true
137 | true
138 | true
139 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
140 | true
141 |
142 |
143 | Console
144 | true
145 | true
146 | true
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
--------------------------------------------------------------------------------
/Tutorial_1_Driver_Management/main.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mq1n/EasyRing0/30b8db946122a0f381ca1304ca0839f270777d03/Tutorial_1_Driver_Management/main.cpp
--------------------------------------------------------------------------------
/Tutorial_2_Simple_Driver/Tutorial_2_Simple_Driver.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; Tutorial_2_Simple_Driver.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=System
8 | ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318}
9 | Provider=%ManufacturerName%
10 | DriverVer=
11 | CatalogFile=Tutorial_2_Simple_Driver.cat
12 |
13 | [DestinationDirs]
14 | DefaultDestDir = 12
15 |
16 |
17 | [SourceDisksNames]
18 | 1 = %DiskName%,,,""
19 |
20 | [SourceDisksFiles]
21 |
22 |
23 | [Manufacturer]
24 | %ManufacturerName%=Standard,NT$ARCH$
25 |
26 | [Standard.NT$ARCH$]
27 |
28 |
29 | [Strings]
30 | ManufacturerName="" ;TODO: Replace with your manufacturer name
31 | ClassName=""
32 | DiskName="Tutorial_2_Simple_Driver Source Disk"
33 |
--------------------------------------------------------------------------------
/Tutorial_2_Simple_Driver/Tutorial_2_Simple_Driver.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Debug
22 | ARM
23 |
24 |
25 | Release
26 | ARM
27 |
28 |
29 | Debug
30 | ARM64
31 |
32 |
33 | Release
34 | ARM64
35 |
36 |
37 |
38 | {45A73DB4-792F-4B27-A07F-09B9A8E085B1}
39 | {dd38f7fc-d7bd-488b-9242-7d8754cde80d}
40 | v4.5
41 | 12.0
42 | Debug
43 | Win32
44 | Tutorial_2_Simple_Driver
45 |
46 |
47 |
48 | Windows10
49 | true
50 | WindowsKernelModeDriver10.0
51 | Driver
52 | WDM
53 |
54 |
55 | Windows10
56 | false
57 | WindowsKernelModeDriver10.0
58 | Driver
59 | WDM
60 |
61 |
62 | Windows10
63 | true
64 | WindowsKernelModeDriver10.0
65 | Driver
66 | WDM
67 |
68 |
69 | Windows10
70 | false
71 | WindowsKernelModeDriver10.0
72 | Driver
73 | WDM
74 |
75 |
76 | Windows10
77 | true
78 | WindowsKernelModeDriver10.0
79 | Driver
80 | WDM
81 |
82 |
83 | Windows10
84 | false
85 | WindowsKernelModeDriver10.0
86 | Driver
87 | WDM
88 |
89 |
90 | Windows10
91 | true
92 | WindowsKernelModeDriver10.0
93 | Driver
94 | WDM
95 |
96 |
97 | Windows10
98 | false
99 | WindowsKernelModeDriver10.0
100 | Driver
101 | WDM
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 | DbgengKernelDebugger
113 |
114 |
115 | DbgengKernelDebugger
116 |
117 |
118 | DbgengKernelDebugger
119 |
120 |
121 | DbgengKernelDebugger
122 |
123 |
124 | DbgengKernelDebugger
125 |
126 |
127 | DbgengKernelDebugger
128 |
129 |
130 | DbgengKernelDebugger
131 |
132 |
133 | DbgengKernelDebugger
134 |
135 |
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
--------------------------------------------------------------------------------
/Tutorial_2_Simple_Driver/main.c:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | VOID OnDriverUnload(IN PDRIVER_OBJECT pDriverObject)
4 | {
5 | UNREFERENCED_PARAMETER(pDriverObject);
6 |
7 | DbgPrint("Driver unload routine triggered!\n");
8 | }
9 |
10 | NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath)
11 | {
12 | UNREFERENCED_PARAMETER(pRegistryPath);
13 |
14 | if (!pDriverObject)
15 | return STATUS_FAILED_DRIVER_ENTRY;
16 |
17 | DbgPrint("Hello World!\n");
18 |
19 | pDriverObject->DriverUnload = &OnDriverUnload;
20 | return STATUS_SUCCESS;
21 | }
22 |
23 |
24 |
--------------------------------------------------------------------------------
/Tutorial_3_Hide_Driver/Tutorial_3_Hide_Driver.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; Tutorial_3_Hide_Driver.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=System
8 | ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318}
9 | Provider=%ManufacturerName%
10 | DriverVer=
11 | CatalogFile=Tutorial_3_Hide_Driver.cat
12 |
13 | [DestinationDirs]
14 | DefaultDestDir = 12
15 |
16 |
17 | [SourceDisksNames]
18 | 1 = %DiskName%,,,""
19 |
20 | [SourceDisksFiles]
21 |
22 |
23 | [Manufacturer]
24 | %ManufacturerName%=Standard,NT$ARCH$
25 |
26 | [Standard.NT$ARCH$]
27 |
28 |
29 | [Strings]
30 | ManufacturerName="" ;TODO: Replace with your manufacturer name
31 | ClassName=""
32 | DiskName="Tutorial_3_Hide_Driver Source Disk"
33 |
--------------------------------------------------------------------------------
/Tutorial_3_Hide_Driver/Tutorial_3_Hide_Driver.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Debug
22 | ARM
23 |
24 |
25 | Release
26 | ARM
27 |
28 |
29 | Debug
30 | ARM64
31 |
32 |
33 | Release
34 | ARM64
35 |
36 |
37 |
38 | {E2F6ED11-D1C6-4F06-BB24-74624F49BD25}
39 | {dd38f7fc-d7bd-488b-9242-7d8754cde80d}
40 | v4.5
41 | 12.0
42 | Debug
43 | Win32
44 | Tutorial_3_Hide_Driver
45 |
46 |
47 |
48 | Windows10
49 | true
50 | WindowsKernelModeDriver10.0
51 | Driver
52 | WDM
53 |
54 |
55 | Windows10
56 | false
57 | WindowsKernelModeDriver10.0
58 | Driver
59 | WDM
60 |
61 |
62 | Windows10
63 | true
64 | WindowsKernelModeDriver10.0
65 | Driver
66 | WDM
67 |
68 |
69 | Windows10
70 | false
71 | WindowsKernelModeDriver10.0
72 | Driver
73 | WDM
74 |
75 |
76 | Windows10
77 | true
78 | WindowsKernelModeDriver10.0
79 | Driver
80 | WDM
81 |
82 |
83 | Windows10
84 | false
85 | WindowsKernelModeDriver10.0
86 | Driver
87 | WDM
88 |
89 |
90 | Windows10
91 | true
92 | WindowsKernelModeDriver10.0
93 | Driver
94 | WDM
95 |
96 |
97 | Windows10
98 | false
99 | WindowsKernelModeDriver10.0
100 | Driver
101 | WDM
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 | DbgengKernelDebugger
113 |
114 |
115 | DbgengKernelDebugger
116 |
117 |
118 | DbgengKernelDebugger
119 |
120 |
121 | DbgengKernelDebugger
122 |
123 |
124 | DbgengKernelDebugger
125 |
126 |
127 | DbgengKernelDebugger
128 |
129 |
130 | DbgengKernelDebugger
131 |
132 |
133 | DbgengKernelDebugger
134 |
135 |
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
--------------------------------------------------------------------------------
/Tutorial_3_Hide_Driver/main.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | #pragma warning(push)
5 | #pragma warning(disable: 4201)
6 | typedef struct _LDR_DATA_TABLE_ENTRY
7 | {
8 | LIST_ENTRY InLoadOrderLinks;
9 | LIST_ENTRY InMemoryOrderLinks;
10 | LIST_ENTRY InInitializationOrderLinks;
11 | PVOID DllBase;
12 | PVOID EntryPoint;
13 | ULONG SizeOfImage;
14 | UNICODE_STRING FullDllName;
15 | UNICODE_STRING BaseDllName;
16 | ULONG Flags;
17 | WORD LoadCount;
18 | WORD TlsIndex;
19 | union
20 | {
21 | LIST_ENTRY HashLinks;
22 | struct
23 | {
24 | PVOID SectionPointer;
25 | ULONG CheckSum;
26 | };
27 | };
28 | union
29 | {
30 | ULONG TimeDateStamp;
31 | PVOID LoadedImports;
32 | };
33 | struct _ACTIVATION_CONTEXT * EntryPointActivationContext;
34 | PVOID PatchInformation;
35 | LIST_ENTRY ForwarderLinks;
36 | LIST_ENTRY ServiceTagLinks;
37 | LIST_ENTRY StaticLinks;
38 | } LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
39 | #pragma warning(pop)
40 |
41 | VOID OnDriverUnload(IN PDRIVER_OBJECT pDriverObject)
42 | {
43 | UNREFERENCED_PARAMETER(pDriverObject);
44 |
45 | DbgPrint("Driver unload routine triggered!\n");
46 | }
47 |
48 | NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath)
49 | {
50 | UNREFERENCED_PARAMETER(pRegistryPath);
51 |
52 | if (!pDriverObject)
53 | return STATUS_FAILED_DRIVER_ENTRY;
54 |
55 | DbgPrint("Driver loaded!\n");
56 |
57 | KIRQL irql = KeRaiseIrqlToDpcLevel();
58 |
59 | PLDR_DATA_TABLE_ENTRY CurDriverEntry = (PLDR_DATA_TABLE_ENTRY)pDriverObject->DriverSection;
60 | PLDR_DATA_TABLE_ENTRY NextDriverEntry = (PLDR_DATA_TABLE_ENTRY)CurDriverEntry->InLoadOrderLinks.Flink;
61 | PLDR_DATA_TABLE_ENTRY PrevDriverEntry = (PLDR_DATA_TABLE_ENTRY)CurDriverEntry->InLoadOrderLinks.Blink;
62 |
63 | PrevDriverEntry->InLoadOrderLinks.Flink = CurDriverEntry->InLoadOrderLinks.Flink;
64 | NextDriverEntry->InLoadOrderLinks.Blink = CurDriverEntry->InLoadOrderLinks.Blink;
65 |
66 | CurDriverEntry->InLoadOrderLinks.Flink = (PLIST_ENTRY)CurDriverEntry;
67 | CurDriverEntry->InLoadOrderLinks.Blink = (PLIST_ENTRY)CurDriverEntry;
68 |
69 | KeLowerIrql(irql);
70 |
71 | DbgPrint("Driver hiding completed!\n");
72 |
73 | pDriverObject->DriverUnload = &OnDriverUnload;
74 | return STATUS_SUCCESS;
75 | }
76 |
77 |
78 |
--------------------------------------------------------------------------------
/Tutorial_4_Dispatch_Communication_CLI/Tutorial_4_Dispatch_Communication_CLI.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mq1n/EasyRing0/30b8db946122a0f381ca1304ca0839f270777d03/Tutorial_4_Dispatch_Communication_CLI/Tutorial_4_Dispatch_Communication_CLI.cpp
--------------------------------------------------------------------------------
/Tutorial_4_Dispatch_Communication_CLI/Tutorial_4_Dispatch_Communication_CLI.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 15.0
23 | {4E8B5546-C340-44F3-BAE7-A374141CEFDD}
24 | Win32Proj
25 | Tutorial4DispatchCommunicationCLI
26 | 10.0
27 |
28 |
29 |
30 | Application
31 | true
32 | v142
33 | Unicode
34 |
35 |
36 | Application
37 | false
38 | v142
39 | true
40 | Unicode
41 |
42 |
43 | Application
44 | true
45 | v142
46 | Unicode
47 |
48 |
49 | Application
50 | false
51 | v142
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | true
78 |
79 |
80 | false
81 |
82 |
83 | false
84 |
85 |
86 |
87 | NotUsing
88 | Level3
89 | Disabled
90 | true
91 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
92 | true
93 |
94 |
95 | Console
96 | true
97 |
98 |
99 |
100 |
101 | NotUsing
102 | Level3
103 | Disabled
104 | true
105 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
106 | true
107 |
108 |
109 | Console
110 | true
111 |
112 |
113 |
114 |
115 | NotUsing
116 | Level3
117 | MaxSpeed
118 | true
119 | true
120 | true
121 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
122 | true
123 |
124 |
125 | Console
126 | true
127 | true
128 | true
129 |
130 |
131 |
132 |
133 | NotUsing
134 | Level3
135 | MaxSpeed
136 | true
137 | true
138 | true
139 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
140 | true
141 |
142 |
143 | Console
144 | true
145 | true
146 | true
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
--------------------------------------------------------------------------------
/Tutorial_4_Dispatch_Communication_Sys/Tutorial_4_Dispatch_Communication_Sys.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; Tutorial_4_Dispatch_Communication_Sys.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=System
8 | ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318}
9 | Provider=%ManufacturerName%
10 | DriverVer=
11 | CatalogFile=Tutorial_4_Dispatch_Communication_Sys.cat
12 |
13 | [DestinationDirs]
14 | DefaultDestDir = 12
15 |
16 |
17 | [SourceDisksNames]
18 | 1 = %DiskName%,,,""
19 |
20 | [SourceDisksFiles]
21 |
22 |
23 | [Manufacturer]
24 | %ManufacturerName%=Standard,NT$ARCH$
25 |
26 | [Standard.NT$ARCH$]
27 |
28 |
29 | [Strings]
30 | ManufacturerName="" ;TODO: Replace with your manufacturer name
31 | ClassName=""
32 | DiskName="Tutorial_4_Dispatch_Communication_Sys Source Disk"
33 |
--------------------------------------------------------------------------------
/Tutorial_4_Dispatch_Communication_Sys/Tutorial_4_Dispatch_Communication_Sys.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Debug
22 | ARM
23 |
24 |
25 | Release
26 | ARM
27 |
28 |
29 | Debug
30 | ARM64
31 |
32 |
33 | Release
34 | ARM64
35 |
36 |
37 |
38 | {C962399D-4EF6-4F5E-B9EA-892ED6CB9729}
39 | {dd38f7fc-d7bd-488b-9242-7d8754cde80d}
40 | v4.5
41 | 12.0
42 | Debug
43 | Win32
44 | Tutorial_4_Dispatch_Communication_Sys
45 | Tutorial_4_Dispatch_Communication_SYS
46 |
47 |
48 |
49 | Windows10
50 | true
51 | WindowsKernelModeDriver10.0
52 | Driver
53 | WDM
54 |
55 |
56 | Windows10
57 | false
58 | WindowsKernelModeDriver10.0
59 | Driver
60 | WDM
61 |
62 |
63 | Windows10
64 | true
65 | WindowsKernelModeDriver10.0
66 | Driver
67 | WDM
68 |
69 |
70 | Windows10
71 | false
72 | WindowsKernelModeDriver10.0
73 | Driver
74 | WDM
75 |
76 |
77 | Windows10
78 | true
79 | WindowsKernelModeDriver10.0
80 | Driver
81 | WDM
82 |
83 |
84 | Windows10
85 | false
86 | WindowsKernelModeDriver10.0
87 | Driver
88 | WDM
89 |
90 |
91 | Windows10
92 | true
93 | WindowsKernelModeDriver10.0
94 | Driver
95 | WDM
96 |
97 |
98 | Windows10
99 | false
100 | WindowsKernelModeDriver10.0
101 | Driver
102 | WDM
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 |
113 | DbgengKernelDebugger
114 |
115 |
116 | DbgengKernelDebugger
117 |
118 |
119 | DbgengKernelDebugger
120 | true
121 |
122 |
123 | DbgengKernelDebugger
124 |
125 |
126 | DbgengKernelDebugger
127 |
128 |
129 | DbgengKernelDebugger
130 |
131 |
132 | DbgengKernelDebugger
133 |
134 |
135 | DbgengKernelDebugger
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
--------------------------------------------------------------------------------
/Tutorial_4_Dispatch_Communication_Sys/main.c:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | const WCHAR sc_wszDeviceNameBuffer[] = L"\\Device\\Dispatch_Test";
4 | const WCHAR sc_wszDeviceSymLinkBuffer[] = L"\\DosDevices\\Dispatch_Test";
5 |
6 | NTSTATUS OnIRPRead(PDEVICE_OBJECT pDriverObject, PIRP pIrp)
7 | {
8 | UNREFERENCED_PARAMETER(pDriverObject);
9 |
10 | char szBuffer[255] = "Hello from kernel land!";
11 | strcpy(pIrp->AssociatedIrp.SystemBuffer, szBuffer);
12 | DbgPrint("Message: %s(%u) sent from kernel!", szBuffer, strlen(szBuffer));
13 |
14 | pIrp->IoStatus.Status = STATUS_SUCCESS;
15 | pIrp->IoStatus.Information = strlen(szBuffer);
16 | IoCompleteRequest(pIrp, IO_NO_INCREMENT);
17 | return STATUS_SUCCESS;
18 | }
19 |
20 | NTSTATUS OnIRPWrite(PDEVICE_OBJECT pDriverObject, PIRP pIrp)
21 | {
22 | UNREFERENCED_PARAMETER(pDriverObject);
23 |
24 | char szBuffer[255] = { 0 };
25 | strcpy(szBuffer, pIrp->AssociatedIrp.SystemBuffer);
26 | DbgPrint("User message received: %s(%u)", szBuffer, strlen(szBuffer));
27 |
28 | pIrp->IoStatus.Status = STATUS_SUCCESS;
29 | pIrp->IoStatus.Information = strlen(szBuffer);
30 | IoCompleteRequest(pIrp, IO_NO_INCREMENT);
31 | return STATUS_SUCCESS;
32 | }
33 |
34 | NTSTATUS OnMajorFunctionCall(PDEVICE_OBJECT pDriverObject, PIRP pIrp)
35 | {
36 | PIO_STACK_LOCATION pStack = IoGetCurrentIrpStackLocation(pIrp);
37 | switch (pStack->MajorFunction)
38 | {
39 | case IRP_MJ_READ:
40 | OnIRPRead(pDriverObject, pIrp);
41 | break;
42 |
43 | case IRP_MJ_WRITE:
44 | OnIRPWrite(pDriverObject, pIrp);
45 | break;
46 |
47 | default:
48 | pIrp->IoStatus.Status = STATUS_SUCCESS;
49 | IoCompleteRequest(pIrp, IO_NO_INCREMENT);
50 | }
51 | return STATUS_SUCCESS;
52 | }
53 |
54 |
55 | VOID OnDriverUnload(IN PDRIVER_OBJECT pDriverObject)
56 | {
57 | UNREFERENCED_PARAMETER(pDriverObject);
58 |
59 | DbgPrint("Driver unload routine triggered!\n");
60 |
61 | UNICODE_STRING symLink;
62 | RtlInitUnicodeString(&symLink, sc_wszDeviceSymLinkBuffer);
63 |
64 | IoDeleteSymbolicLink(&symLink);
65 | if (pDriverObject && pDriverObject->DeviceObject)
66 | {
67 | IoDeleteDevice(pDriverObject->DeviceObject);
68 | }
69 | }
70 |
71 | NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath)
72 | {
73 | // Process params
74 | UNREFERENCED_PARAMETER(pRegistryPath);
75 |
76 | if (!pDriverObject)
77 | {
78 | DbgPrint("DispatchTestSys driver entry is null!\n");
79 | return STATUS_FAILED_DRIVER_ENTRY;
80 | }
81 |
82 | // Hello world!
83 | DbgPrint("Driver loaded, system range start in %p, Our entry at: %p\n", MmSystemRangeStart, DriverEntry);
84 |
85 | // Register unload routine
86 | pDriverObject->DriverUnload = &OnDriverUnload;
87 |
88 | // Veriable decleration
89 | NTSTATUS ntStatus = 0;
90 |
91 | // Normalize name and symbolic link.
92 | UNICODE_STRING deviceNameUnicodeString, deviceSymLinkUnicodeString;
93 | RtlInitUnicodeString(&deviceNameUnicodeString, sc_wszDeviceNameBuffer);
94 | RtlInitUnicodeString(&deviceSymLinkUnicodeString, sc_wszDeviceSymLinkBuffer);
95 |
96 | // Create the device.
97 | PDEVICE_OBJECT pDeviceObject = NULL;
98 | ntStatus = IoCreateDevice(pDriverObject, 0, &deviceNameUnicodeString, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
99 | if (ntStatus != STATUS_SUCCESS)
100 | {
101 | DbgPrint("DispatchTestSys IoCreateDevice fail! Status: %p\n", ntStatus);
102 | return ntStatus;
103 | }
104 |
105 | // Create the symbolic link
106 | ntStatus = IoCreateSymbolicLink(&deviceSymLinkUnicodeString, &deviceNameUnicodeString);
107 | if (ntStatus != STATUS_SUCCESS)
108 | {
109 | DbgPrint("DispatchTestSys IoCreateSymbolicLink fail! Status: %p\n", ntStatus);
110 | return ntStatus;
111 | }
112 |
113 | // Register driver major callbacks
114 | for (ULONG t = 0; t <= IRP_MJ_MAXIMUM_FUNCTION; t++)
115 | pDriverObject->MajorFunction[t] = &OnMajorFunctionCall;
116 |
117 | pDeviceObject->Flags |= DO_BUFFERED_IO;
118 |
119 | DbgPrint("Ioctl driver entry completed!\n");
120 |
121 | return STATUS_SUCCESS;
122 | }
123 |
124 |
125 |
--------------------------------------------------------------------------------
/Tutorial_5_IOCTL_Communication_CLI/Tutorial_5_IOCTL_Communication_CLI.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mq1n/EasyRing0/30b8db946122a0f381ca1304ca0839f270777d03/Tutorial_5_IOCTL_Communication_CLI/Tutorial_5_IOCTL_Communication_CLI.cpp
--------------------------------------------------------------------------------
/Tutorial_5_IOCTL_Communication_CLI/Tutorial_5_IOCTL_Communication_CLI.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 15.0
23 | {53BD8836-87B3-4CFA-AB99-24E7AF6F9264}
24 | Win32Proj
25 | Tutorial5IOCTLCommunicationCLI
26 | 10.0
27 |
28 |
29 |
30 | Application
31 | true
32 | v142
33 | Unicode
34 |
35 |
36 | Application
37 | false
38 | v142
39 | true
40 | Unicode
41 |
42 |
43 | Application
44 | true
45 | v142
46 | Unicode
47 |
48 |
49 | Application
50 | false
51 | v142
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | true
78 |
79 |
80 | false
81 |
82 |
83 | false
84 |
85 |
86 |
87 | NotUsing
88 | Level3
89 | Disabled
90 | true
91 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
92 | true
93 |
94 |
95 | Console
96 | true
97 |
98 |
99 |
100 |
101 | NotUsing
102 | Level3
103 | Disabled
104 | true
105 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
106 | true
107 |
108 |
109 | Console
110 | true
111 |
112 |
113 |
114 |
115 | NotUsing
116 | Level3
117 | MaxSpeed
118 | true
119 | true
120 | true
121 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
122 | true
123 |
124 |
125 | Console
126 | true
127 | true
128 | true
129 |
130 |
131 |
132 |
133 | NotUsing
134 | Level3
135 | MaxSpeed
136 | true
137 | true
138 | true
139 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
140 | true
141 |
142 |
143 | Console
144 | true
145 | true
146 | true
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
--------------------------------------------------------------------------------
/Tutorial_5_IOCTL_Communication_SYS/Tutorial_5_IOCTL_Communication_SYS.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; Tutorial_5_IOCTL_Communication_SYS.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=System
8 | ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318}
9 | Provider=%ManufacturerName%
10 | DriverVer=
11 | CatalogFile=Tutorial_5_IOCTL_Communication_SYS.cat
12 |
13 | [DestinationDirs]
14 | DefaultDestDir = 12
15 |
16 |
17 | [SourceDisksNames]
18 | 1 = %DiskName%,,,""
19 |
20 | [SourceDisksFiles]
21 |
22 |
23 | [Manufacturer]
24 | %ManufacturerName%=Standard,NT$ARCH$
25 |
26 | [Standard.NT$ARCH$]
27 |
28 |
29 | [Strings]
30 | ManufacturerName="" ;TODO: Replace with your manufacturer name
31 | ClassName=""
32 | DiskName="Tutorial_5_IOCTL_Communication_SYS Source Disk"
33 |
--------------------------------------------------------------------------------
/Tutorial_5_IOCTL_Communication_SYS/Tutorial_5_IOCTL_Communication_SYS.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Debug
22 | ARM
23 |
24 |
25 | Release
26 | ARM
27 |
28 |
29 | Debug
30 | ARM64
31 |
32 |
33 | Release
34 | ARM64
35 |
36 |
37 |
38 | {4A66052B-B3AB-412D-A72A-C5C1733188C9}
39 | {dd38f7fc-d7bd-488b-9242-7d8754cde80d}
40 | v4.5
41 | 12.0
42 | Debug
43 | Win32
44 | Tutorial_5_IOCTL_Communication_SYS
45 |
46 |
47 |
48 | Windows10
49 | true
50 | WindowsKernelModeDriver10.0
51 | Driver
52 | WDM
53 |
54 |
55 | Windows10
56 | false
57 | WindowsKernelModeDriver10.0
58 | Driver
59 | WDM
60 |
61 |
62 | Windows10
63 | true
64 | WindowsKernelModeDriver10.0
65 | Driver
66 | WDM
67 |
68 |
69 | Windows10
70 | false
71 | WindowsKernelModeDriver10.0
72 | Driver
73 | WDM
74 |
75 |
76 | Windows10
77 | true
78 | WindowsKernelModeDriver10.0
79 | Driver
80 | WDM
81 |
82 |
83 | Windows10
84 | false
85 | WindowsKernelModeDriver10.0
86 | Driver
87 | WDM
88 |
89 |
90 | Windows10
91 | true
92 | WindowsKernelModeDriver10.0
93 | Driver
94 | WDM
95 |
96 |
97 | Windows10
98 | false
99 | WindowsKernelModeDriver10.0
100 | Driver
101 | WDM
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 | DbgengKernelDebugger
113 |
114 |
115 | DbgengKernelDebugger
116 |
117 |
118 | DbgengKernelDebugger
119 | true
120 |
121 |
122 | DbgengKernelDebugger
123 | true
124 |
125 |
126 | DbgengKernelDebugger
127 |
128 |
129 | DbgengKernelDebugger
130 |
131 |
132 | DbgengKernelDebugger
133 |
134 |
135 | DbgengKernelDebugger
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
--------------------------------------------------------------------------------
/Tutorial_5_IOCTL_Communication_SYS/main.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | #define SUM_IO_CODE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_NEITHER, FILE_ANY_ACCESS)
5 | #define DIFF_IO_CODE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_NEITHER, FILE_ANY_ACCESS)
6 | #define MSG_IO_CODE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x802, METHOD_NEITHER, FILE_ANY_ACCESS)
7 |
8 | const WCHAR sc_wszDeviceNameBuffer[] = L"\\Device\\IOCTL_Test";
9 | const WCHAR sc_wszDeviceSymLinkBuffer[] = L"\\DosDevices\\IOCTL_Test";
10 |
11 | typedef struct _KERNEL_IO_SUM_DATA
12 | {
13 | INT iNumberFirst;
14 | INT iNumberSecond;
15 | INT iResult;
16 | } SKernelIOSumData, *PKernelIOSumData;
17 |
18 | typedef struct _KERNEL_IO_DIFF_DATA
19 | {
20 | INT iNumberFirst;
21 | INT iNumberSecond;
22 | INT iResult;
23 | } SKernelIODiffData, *PKernelIODiffData;
24 |
25 | typedef struct _KERNEL_IO_MSG_DATA
26 | {
27 | CHAR szMessage[255];
28 | BOOL bReceived;
29 | } SKernelIOMsgData, *PKernelIOMsgData;
30 |
31 | #define IO_INPUT(Type) ((Type)(pIrpStack->Parameters.DeviceIoControl.Type3InputBuffer))
32 | #define IO_OUTPUT(Type) ((Type)(pIrp->UserBuffer))
33 |
34 | NTSTATUS OnIoControl(PDEVICE_OBJECT pDriverObject, PIRP pIrp)
35 | {
36 | UNREFERENCED_PARAMETER(pDriverObject);
37 |
38 | DbgPrint("IRP_MJ_DEVICE_CONTROL handled!\n");
39 |
40 | NTSTATUS ntStatus = STATUS_SUCCESS;
41 | __try
42 | {
43 | PIO_STACK_LOCATION pIrpStack = IoGetCurrentIrpStackLocation(pIrp);
44 | ULONG uIoControlCode = pIrpStack->Parameters.DeviceIoControl.IoControlCode;
45 | switch (uIoControlCode)
46 | {
47 | case SUM_IO_CODE:
48 | {
49 | DbgPrint("Sum packet received\n");
50 |
51 | IO_OUTPUT(PKernelIOSumData)->iResult = IO_INPUT(PKernelIOSumData)->iNumberFirst + IO_INPUT(PKernelIOSumData)->iNumberSecond;
52 | pIrp->IoStatus.Information = sizeof(SKernelIOSumData);
53 | } break;
54 |
55 | case DIFF_IO_CODE:
56 | {
57 | DbgPrint("Diff packet received\n");
58 |
59 | IO_OUTPUT(PKernelIODiffData)->iResult = IO_INPUT(PKernelIODiffData)->iNumberFirst - IO_INPUT(PKernelIODiffData)->iNumberSecond;
60 | pIrp->IoStatus.Information = sizeof(SKernelIODiffData);
61 | } break;
62 |
63 | case MSG_IO_CODE:
64 | {
65 | DbgPrint("Msg packet received. Content: %s\n", IO_INPUT(PKernelIOMsgData)->szMessage);
66 |
67 | IO_OUTPUT(PKernelIOMsgData)->bReceived = TRUE;
68 | pIrp->IoStatus.Information = sizeof(SKernelIOMsgData);
69 | } break;
70 | }
71 | }
72 | __except (EXCEPTION_EXECUTE_HANDLER)
73 | {
74 | ntStatus = STATUS_UNSUCCESSFUL;
75 | DbgPrint("OnIoControl Exception catched!\n");
76 | }
77 |
78 | pIrp->IoStatus.Status = ntStatus;
79 | IoCompleteRequest(pIrp, IO_NO_INCREMENT);
80 | return ntStatus;
81 | }
82 |
83 | NTSTATUS OnMajorFunctionCall(PDEVICE_OBJECT pDriverObject, PIRP pIrp)
84 | {
85 | PIO_STACK_LOCATION pStack = IoGetCurrentIrpStackLocation(pIrp);
86 | switch (pStack->MajorFunction)
87 | {
88 | case IRP_MJ_DEVICE_CONTROL:
89 | OnIoControl(pDriverObject, pIrp);
90 | break;
91 |
92 | default:
93 | pIrp->IoStatus.Status = STATUS_SUCCESS;
94 | IoCompleteRequest(pIrp, IO_NO_INCREMENT);
95 | }
96 | return STATUS_SUCCESS;
97 | }
98 |
99 |
100 | VOID OnDriverUnload(IN PDRIVER_OBJECT pDriverObject)
101 | {
102 | UNREFERENCED_PARAMETER(pDriverObject);
103 |
104 | DbgPrint("Driver unload routine triggered!\n");
105 |
106 | UNICODE_STRING symLink;
107 | RtlInitUnicodeString(&symLink, sc_wszDeviceSymLinkBuffer);
108 |
109 | IoDeleteSymbolicLink(&symLink);
110 | if (pDriverObject && pDriverObject->DeviceObject)
111 | {
112 | IoDeleteDevice(pDriverObject->DeviceObject);
113 | }
114 | }
115 |
116 | NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath)
117 | {
118 | // Process params
119 | UNREFERENCED_PARAMETER(pRegistryPath);
120 |
121 | if (!pDriverObject)
122 | {
123 | DbgPrint("IoctlTestSys driver entry is null!\n");
124 | return STATUS_FAILED_DRIVER_ENTRY;
125 | }
126 |
127 | // Hello world!
128 | DbgPrint("Driver loaded, system range start in %p, Our entry at: %p\n", MmSystemRangeStart, DriverEntry);
129 |
130 | // Register unload routine
131 | pDriverObject->DriverUnload = &OnDriverUnload;
132 |
133 | // Veriable decleration
134 | NTSTATUS ntStatus = 0;
135 |
136 | // Normalize name and symbolic link.
137 | UNICODE_STRING deviceNameUnicodeString, deviceSymLinkUnicodeString;
138 | RtlInitUnicodeString(&deviceNameUnicodeString, sc_wszDeviceNameBuffer);
139 | RtlInitUnicodeString(&deviceSymLinkUnicodeString, sc_wszDeviceSymLinkBuffer);
140 |
141 | // Create the device.
142 | PDEVICE_OBJECT pDeviceObject = NULL;
143 | ntStatus = IoCreateDevice(pDriverObject, 0, &deviceNameUnicodeString, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
144 | if (ntStatus != STATUS_SUCCESS)
145 | {
146 | DbgPrint("IoctlTestSys IoCreateDevice fail! Status: %p\n", ntStatus);
147 | return ntStatus;
148 | }
149 |
150 | // Create the symbolic link
151 | ntStatus = IoCreateSymbolicLink(&deviceSymLinkUnicodeString, &deviceNameUnicodeString);
152 | if (ntStatus != STATUS_SUCCESS)
153 | {
154 | DbgPrint("IoctlTestSys IoCreateSymbolicLink fail! Status: %p\n", ntStatus);
155 | return ntStatus;
156 | }
157 |
158 | // Register driver major callbacks
159 | for (ULONG t = 0; t <= IRP_MJ_MAXIMUM_FUNCTION; t++)
160 | pDriverObject->MajorFunction[t] = &OnMajorFunctionCall;
161 |
162 | pDeviceObject->Flags |= DO_DIRECT_IO;
163 | pDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;
164 |
165 | DbgPrint("IoctlTestSys driver entry completed!\n");
166 |
167 | return STATUS_SUCCESS;
168 | }
169 |
170 |
171 |
--------------------------------------------------------------------------------
/Tutorial_6_ShareMem_Communication_CLI/Tutorial_6_ShareMem_Communication_CLI.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mq1n/EasyRing0/30b8db946122a0f381ca1304ca0839f270777d03/Tutorial_6_ShareMem_Communication_CLI/Tutorial_6_ShareMem_Communication_CLI.cpp
--------------------------------------------------------------------------------
/Tutorial_6_ShareMem_Communication_CLI/Tutorial_6_ShareMem_Communication_CLI.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 15.0
23 | {868436CA-0CE1-4722-BD8D-3AE186474F0B}
24 | Win32Proj
25 | Tutorial6ShareMemCommunicationCLI
26 | 10.0
27 |
28 |
29 |
30 | Application
31 | true
32 | v142
33 | Unicode
34 |
35 |
36 | Application
37 | false
38 | v142
39 | true
40 | Unicode
41 |
42 |
43 | Application
44 | true
45 | v142
46 | Unicode
47 |
48 |
49 | Application
50 | false
51 | v142
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | true
78 |
79 |
80 | false
81 |
82 |
83 | false
84 |
85 |
86 |
87 | NotUsing
88 | Level3
89 | Disabled
90 | true
91 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
92 | true
93 |
94 |
95 | Console
96 | true
97 |
98 |
99 |
100 |
101 | NotUsing
102 | Level3
103 | Disabled
104 | true
105 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
106 | true
107 |
108 |
109 | Console
110 | true
111 |
112 |
113 |
114 |
115 | NotUsing
116 | Level3
117 | MaxSpeed
118 | true
119 | true
120 | true
121 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
122 | true
123 |
124 |
125 | Console
126 | true
127 | true
128 | true
129 |
130 |
131 |
132 |
133 | NotUsing
134 | Level3
135 | MaxSpeed
136 | true
137 | true
138 | true
139 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
140 | true
141 |
142 |
143 | Console
144 | true
145 | true
146 | true
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
--------------------------------------------------------------------------------
/Tutorial_6_ShareMem_Communication_SYS/Tutorial_6_ShareMem_Communication_SYS.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; Tutorial_6_ShareMem_Communication_SYS.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=System
8 | ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318}
9 | Provider=%ManufacturerName%
10 | DriverVer=
11 | CatalogFile=Tutorial_6_ShareMem_Communication_SYS.cat
12 |
13 | [DestinationDirs]
14 | DefaultDestDir = 12
15 |
16 |
17 | [SourceDisksNames]
18 | 1 = %DiskName%,,,""
19 |
20 | [SourceDisksFiles]
21 |
22 |
23 | [Manufacturer]
24 | %ManufacturerName%=Standard,NT$ARCH$
25 |
26 | [Standard.NT$ARCH$]
27 |
28 |
29 | [Strings]
30 | ManufacturerName="" ;TODO: Replace with your manufacturer name
31 | ClassName=""
32 | DiskName="Tutorial_6_ShareMem_Communication_SYS Source Disk"
33 |
--------------------------------------------------------------------------------
/Tutorial_6_ShareMem_Communication_SYS/Tutorial_6_ShareMem_Communication_SYS.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Debug
22 | ARM
23 |
24 |
25 | Release
26 | ARM
27 |
28 |
29 | Debug
30 | ARM64
31 |
32 |
33 | Release
34 | ARM64
35 |
36 |
37 |
38 | {99D22E9F-FDF2-49D7-9FA9-F89B0D998337}
39 | {dd38f7fc-d7bd-488b-9242-7d8754cde80d}
40 | v4.5
41 | 12.0
42 | Debug
43 | Win32
44 | Tutorial_6_ShareMem_Communication_SYS
45 |
46 |
47 |
48 | Windows10
49 | true
50 | WindowsKernelModeDriver10.0
51 | Driver
52 | WDM
53 |
54 |
55 | Windows10
56 | false
57 | WindowsKernelModeDriver10.0
58 | Driver
59 | WDM
60 |
61 |
62 | Windows10
63 | true
64 | WindowsKernelModeDriver10.0
65 | Driver
66 | WDM
67 |
68 |
69 | Windows10
70 | false
71 | WindowsKernelModeDriver10.0
72 | Driver
73 | WDM
74 |
75 |
76 | Windows10
77 | true
78 | WindowsKernelModeDriver10.0
79 | Driver
80 | WDM
81 |
82 |
83 | Windows10
84 | false
85 | WindowsKernelModeDriver10.0
86 | Driver
87 | WDM
88 |
89 |
90 | Windows10
91 | true
92 | WindowsKernelModeDriver10.0
93 | Driver
94 | WDM
95 |
96 |
97 | Windows10
98 | false
99 | WindowsKernelModeDriver10.0
100 | Driver
101 | WDM
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 | DbgengKernelDebugger
113 |
114 |
115 | DbgengKernelDebugger
116 |
117 |
118 | DbgengKernelDebugger
119 | true
120 |
121 |
122 | DbgengKernelDebugger
123 | true
124 |
125 |
126 | DbgengKernelDebugger
127 |
128 |
129 | DbgengKernelDebugger
130 |
131 |
132 | DbgengKernelDebugger
133 |
134 |
135 | DbgengKernelDebugger
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
--------------------------------------------------------------------------------
/Tutorial_6_ShareMem_Communication_SYS/helper.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include "helper.h"
3 |
4 | // https://github.com/mic101/windows/blob/master/WRK-v1.2/base/ntos/rtl/sysvol.c
5 |
6 | #define LongAlignPtr(Ptr) ((PVOID)(((ULONG_PTR)(Ptr) + 3) & -4))
7 | #define LongAlignSize(Size) (((ULONG)(Size) + 3) & -4)
8 |
9 | #define RtlpClearControlBits( SD, Bits ) \
10 | ( \
11 | ( SD )->Control &= ~( Bits ) \
12 | )
13 |
14 | #define AreControlBitsSet( SD, Bits ) \
15 | (BOOLEAN) \
16 | ( \
17 | (( SD )->Control & ( Bits )) == ( Bits ) \
18 | )
19 |
20 | #define OwnerAddrSecurityDescriptor( SD ) \
21 | ( ((SD)->Control & SE_SELF_RELATIVE) ? \
22 | ( (((SECURITY_DESCRIPTOR_RELATIVE *) (SD))->Owner == 0) ? ((PSID) NULL) : \
23 | (PSID)RtlOffsetToPointer((SD), ((SECURITY_DESCRIPTOR_RELATIVE *) (SD))->Owner) \
24 | ) : \
25 | (PSID)((SD)->Owner) \
26 | )
27 |
28 | #define GroupAddrSecurityDescriptor( SD ) \
29 | ( ((SD)->Control & SE_SELF_RELATIVE) ? \
30 | ( (((SECURITY_DESCRIPTOR_RELATIVE *) (SD))->Group == 0) ? ((PSID) NULL) : \
31 | (PSID)RtlOffsetToPointer((SD), ((SECURITY_DESCRIPTOR_RELATIVE *) (SD))->Group) \
32 | ) : \
33 | (PSID)((SD)->Group) \
34 | )
35 |
36 | #define SaclAddrSecurityDescriptor( SD ) \
37 | ( (!((SD)->Control & SE_SACL_PRESENT) ) ? \
38 | (PACL)NULL : \
39 | ( ((SD)->Control & SE_SELF_RELATIVE) ? \
40 | ( (((SECURITY_DESCRIPTOR_RELATIVE *) (SD))->Sacl == 0) ? ((PACL) NULL) : \
41 | (PACL)RtlOffsetToPointer((SD), ((SECURITY_DESCRIPTOR_RELATIVE *) (SD))->Sacl) \
42 | ) : \
43 | (PACL)((SD)->Sacl) \
44 | ) \
45 | )
46 |
47 | #define DaclAddrSecurityDescriptor( SD ) \
48 | ( (!((SD)->Control & SE_DACL_PRESENT) ) ? \
49 | (PACL)NULL : \
50 | ( ((SD)->Control & SE_SELF_RELATIVE) ? \
51 | ( (((SECURITY_DESCRIPTOR_RELATIVE *) (SD))->Dacl == 0) ? ((PACL) NULL) : \
52 | (PACL)RtlOffsetToPointer((SD), ((SECURITY_DESCRIPTOR_RELATIVE *) (SD))->Dacl) \
53 | ) : \
54 | (PACL)((SD)->Dacl) \
55 | ) \
56 | )
57 |
58 | VOID DoQuerySecurityDescriptor(__in PISECURITY_DESCRIPTOR SecurityDescriptor, __deref_out PSID *Owner, __out PULONG OwnerSize, __deref_out PSID *PrimaryGroup, __out PULONG PrimaryGroupSize, __deref_out PACL *Dacl, __out PULONG DaclSize, __deref_out PACL *Sacl, __out PULONG SaclSize)
59 | {
60 | *Owner = OwnerAddrSecurityDescriptor(SecurityDescriptor);
61 | if (*Owner != NULL) {
62 | *OwnerSize = LongAlignSize(SeLengthSid(*Owner));
63 | }
64 | else {
65 | *OwnerSize = 0;
66 | }
67 |
68 | *Dacl = DaclAddrSecurityDescriptor(SecurityDescriptor);
69 | if (*Dacl != NULL) {
70 | *DaclSize = LongAlignSize((*Dacl)->AclSize);
71 | }
72 | else {
73 | *DaclSize = 0;
74 | }
75 |
76 | *PrimaryGroup = GroupAddrSecurityDescriptor(SecurityDescriptor);
77 | if (*PrimaryGroup != NULL) {
78 | *PrimaryGroupSize = LongAlignSize(SeLengthSid(*PrimaryGroup));
79 | }
80 | else {
81 | *PrimaryGroupSize = 0;
82 | }
83 |
84 | *Sacl = SaclAddrSecurityDescriptor(SecurityDescriptor);
85 | if (*Sacl != NULL) {
86 | *SaclSize = LongAlignSize((*Sacl)->AclSize);
87 | }
88 | else {
89 | *SaclSize = 0;
90 | }
91 | }
92 |
93 | NTSTATUS RtlSelfRelativeToAbsoluteSD2(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, PULONG pBufferSize)
94 | {
95 | ULONG_PTR ptr;
96 | PSID owner;
97 | PSID group;
98 | PACL dacl;
99 | PACL sacl;
100 | ULONG daclSize;
101 | ULONG saclSize;
102 | ULONG ownerSize;
103 | ULONG groupSize;
104 | ULONG newBufferSize;
105 | LONG deltaSize;
106 |
107 | PISECURITY_DESCRIPTOR psd = (PISECURITY_DESCRIPTOR)pSelfRelativeSecurityDescriptor;
108 | PISECURITY_DESCRIPTOR_RELATIVE psdr = (PISECURITY_DESCRIPTOR_RELATIVE)pSelfRelativeSecurityDescriptor;
109 |
110 | C_ASSERT(sizeof(SECURITY_DESCRIPTOR) >= sizeof(SECURITY_DESCRIPTOR_RELATIVE));
111 | C_ASSERT(sizeof(psd->Control) == sizeof(psdr->Control));
112 | C_ASSERT(FIELD_OFFSET(SECURITY_DESCRIPTOR, Control) == FIELD_OFFSET(SECURITY_DESCRIPTOR_RELATIVE, Control));
113 |
114 | if (psd == (PISECURITY_DESCRIPTOR)0)
115 | return (STATUS_INVALID_PARAMETER_1);
116 |
117 | if (pBufferSize == (PULONG)0)
118 | return (STATUS_INVALID_PARAMETER_2);
119 |
120 | if (!AreControlBitsSet(psd, SE_SELF_RELATIVE))
121 | return (STATUS_BAD_DESCRIPTOR_FORMAT);
122 |
123 | DoQuerySecurityDescriptor(psd, &owner, &ownerSize, &group, &groupSize, &dacl, &daclSize, &sacl, &saclSize);
124 |
125 | deltaSize = sizeof(SECURITY_DESCRIPTOR) - sizeof(SECURITY_DESCRIPTOR_RELATIVE);
126 | if (deltaSize == 0)
127 | {
128 | RtlpClearControlBits(psd, SE_SELF_RELATIVE);
129 |
130 | ASSERT(sizeof(psd->Owner) == sizeof(psdr->Owner));
131 | ASSERT(sizeof(psd->Group) == sizeof(psdr->Group));
132 | ASSERT(sizeof(psd->Sacl) == sizeof(psdr->Sacl));
133 | ASSERT(sizeof(psd->Dacl) == sizeof(psdr->Dacl));
134 |
135 | psd->Owner = owner;
136 | psd->Group = group;
137 | psd->Sacl = sacl;
138 | psd->Dacl = dacl;
139 |
140 | return (STATUS_SUCCESS);
141 | }
142 |
143 | #define ULONG_PTR_SDEND( _Adr ) ( (ULONG_PTR)(_Adr) + (ULONG_PTR)(_Adr##Size) )
144 |
145 | ptr = owner > group ? ULONG_PTR_SDEND(owner) : ULONG_PTR_SDEND(group);
146 | ptr = ptr > (ULONG_PTR)dacl ? ptr : ULONG_PTR_SDEND(dacl);
147 | ptr = ptr > (ULONG_PTR)sacl ? ptr : ULONG_PTR_SDEND(sacl);
148 |
149 | newBufferSize = sizeof(SECURITY_DESCRIPTOR);
150 | if (ptr)
151 | {
152 | #define ULONG_ROUND_UP( x, y ) ((ULONG)(x) + ((y)-1) & ~((y)-1))
153 |
154 | newBufferSize += ULONG_ROUND_UP((ULONG_PTR)ptr - (ULONG_PTR)(psdr + 1), sizeof(PVOID));
155 | }
156 |
157 | if (newBufferSize > *pBufferSize)
158 | {
159 | *pBufferSize = newBufferSize;
160 | return (STATUS_BUFFER_TOO_SMALL);
161 | }
162 |
163 | if (ptr)
164 | {
165 | RtlMoveMemory((PVOID)(psd + 1), (PVOID)(psdr + 1), newBufferSize - sizeof(SECURITY_DESCRIPTOR));
166 | }
167 |
168 | RtlpClearControlBits(psd, SE_SELF_RELATIVE);
169 |
170 | psd->Owner = (PSID)(owner ? (ULONG_PTR)owner + deltaSize : 0);
171 | psd->Group = (PSID)(group ? (ULONG_PTR)group + deltaSize : 0);
172 | psd->Sacl = (PACL)(sacl ? (ULONG_PTR)sacl + deltaSize : 0);
173 | psd->Dacl = (PACL)(dacl ? (ULONG_PTR)dacl + deltaSize : 0);
174 |
175 | return (STATUS_SUCCESS);
176 | }
177 |
178 | NTSTATUS CreateStandardSCAndACL(OUT PSECURITY_DESCRIPTOR* SecurityDescriptor, OUT PACL* Acl)
179 | {
180 | PSECURITY_DESCRIPTOR sd = ExAllocatePoolWithTag(PagedPool, sizeof(SECURITY_DESCRIPTOR), 'SloV');
181 | if (!sd)
182 | return STATUS_INSUFFICIENT_RESOURCES;
183 |
184 | NTSTATUS ntStatus = RtlCreateSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION);
185 | if (!NT_SUCCESS(ntStatus))
186 | {
187 | ExFreePool(sd);
188 | return ntStatus;
189 | }
190 |
191 | UCHAR pAdminSidBuffer[2 * sizeof(SID)];
192 | SID* pAdminSid = (SID*)pAdminSidBuffer;
193 | pAdminSid->Revision = SID_REVISION;
194 | pAdminSid->SubAuthorityCount = 2;
195 | pAdminSid->IdentifierAuthority = (SID_IDENTIFIER_AUTHORITY)SECURITY_NT_AUTHORITY;
196 | pAdminSid->SubAuthority[0] = SECURITY_BUILTIN_DOMAIN_RID;
197 | pAdminSid->SubAuthority[1] = DOMAIN_ALIAS_RID_ADMINS;
198 |
199 | UCHAR pSystemSidBuffer[2 * sizeof(SID)];
200 | SID* pSystemSid = (SID*)pSystemSidBuffer;
201 | pSystemSid->Revision = SID_REVISION;
202 | pSystemSid->SubAuthorityCount = 1;
203 | pSystemSid->IdentifierAuthority = (SID_IDENTIFIER_AUTHORITY)SECURITY_NT_AUTHORITY;
204 | pSystemSid->SubAuthority[0] = SECURITY_LOCAL_SYSTEM_RID;
205 |
206 | ULONG ulACLLength = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(pAdminSid) - sizeof(ULONG) + sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(pSystemSidBuffer) - sizeof(ULONG);
207 | PACL pACL = ExAllocatePoolWithTag(PagedPool, ulACLLength, 'SloV');
208 | if (!pACL)
209 | {
210 | ExFreePool(sd);
211 | return STATUS_INSUFFICIENT_RESOURCES;
212 | }
213 |
214 | ntStatus = RtlCreateAcl(pACL, ulACLLength, ACL_REVISION);
215 | if (!NT_SUCCESS(ntStatus))
216 | {
217 | ExFreePool(pACL);
218 | ExFreePool(sd);
219 | return ntStatus;
220 | }
221 |
222 | ntStatus = RtlAddAccessAllowedAceEx(pACL, ACL_REVISION, OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE, STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL, pAdminSid);
223 | if (!NT_SUCCESS(ntStatus))
224 | {
225 | ExFreePool(pACL);
226 | ExFreePool(sd);
227 | return ntStatus;
228 | }
229 |
230 | ntStatus = RtlAddAccessAllowedAceEx(pACL, ACL_REVISION, OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE, STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL, pSystemSid);
231 | if (!NT_SUCCESS(ntStatus))
232 | {
233 | ExFreePool(pACL);
234 | ExFreePool(sd);
235 | return ntStatus;
236 | }
237 |
238 | ntStatus = RtlSetDaclSecurityDescriptor(sd, TRUE, pACL, FALSE);
239 | if (!NT_SUCCESS(ntStatus))
240 | {
241 | ExFreePool(pACL);
242 | ExFreePool(sd);
243 | return ntStatus;
244 | }
245 |
246 | *SecurityDescriptor = sd;
247 | *Acl = pACL;
248 |
249 | return STATUS_SUCCESS;
250 | }
251 |
252 | NTSTATUS GrantAccess(HANDLE hSection, IN PACL StandardAcl)
253 | {
254 | NTSTATUS ntStatus = STATUS_UNSUCCESSFUL;
255 | ULONG ulNeedSize = 0;
256 |
257 | ntStatus = NtQuerySecurityObject(hSection, OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, NULL, 0, &ulNeedSize);
258 | if (ntStatus != STATUS_BUFFER_TOO_SMALL)
259 | {
260 | DbgPrint("NtQuerySecurityObject fail! Status: %p Need size: %u\n", ntStatus, ulNeedSize);
261 | return ntStatus;
262 | }
263 |
264 | PSECURITY_DESCRIPTOR sd = ExAllocatePoolWithTag(PagedPool, ulNeedSize, 'SloV');
265 | if (!sd)
266 | {
267 | DbgPrint("ExAllocatePoolWithTag fail! Status: %p\n", ntStatus);
268 | return STATUS_INSUFFICIENT_RESOURCES;
269 | }
270 |
271 | ntStatus = NtQuerySecurityObject(hSection, OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, sd, ulNeedSize, &ulNeedSize);
272 | if (!NT_SUCCESS(ntStatus))
273 | {
274 | DbgPrint("NtQuerySecurityObject fail! Status: %p\n", ntStatus);
275 | ExFreePool(sd);
276 | return ntStatus;
277 | }
278 |
279 | PACL pACL = NULL;
280 | BOOLEAN bDaclPresent, bDaclDefaulted;
281 | ntStatus = RtlGetDaclSecurityDescriptor(sd, &bDaclPresent, &pACL, &bDaclDefaulted);
282 | if (!NT_SUCCESS(ntStatus))
283 | {
284 | DbgPrint("RtlGetDaclSecurityDescriptor fail! Status: %p\n", ntStatus);
285 | ExFreePool(sd);
286 | return ntStatus;
287 | }
288 |
289 | PSID pSid = NULL;
290 | BOOLEAN bOwnerDefaulted;
291 | ntStatus = RtlGetOwnerSecurityDescriptor(sd, &pSid, &bOwnerDefaulted);
292 | if (!NT_SUCCESS(ntStatus))
293 | {
294 | DbgPrint("RtlGetOwnerSecurityDescriptor fail! Status: %p\n", ntStatus);
295 | ExFreePool(sd);
296 | return ntStatus;
297 | }
298 |
299 | UCHAR pAdminSidBuffer[2 * sizeof(SID)];
300 | SID* pAdminSid = (SID*)pAdminSidBuffer;
301 | pAdminSid->Revision = SID_REVISION;
302 | pAdminSid->SubAuthorityCount = 2;
303 | pAdminSid->IdentifierAuthority = (SID_IDENTIFIER_AUTHORITY)SECURITY_NT_AUTHORITY;
304 | pAdminSid->SubAuthority[0] = SECURITY_BUILTIN_DOMAIN_RID;
305 | pAdminSid->SubAuthority[1] = DOMAIN_ALIAS_RID_ADMINS;
306 |
307 | UCHAR pSystemSidBuffer[2 * sizeof(SID)];
308 | SID* pSystemSid = (SID*)pSystemSidBuffer;
309 | pSystemSid->Revision = SID_REVISION;
310 | pSystemSid->SubAuthorityCount = 1;
311 | pSystemSid->IdentifierAuthority = (SID_IDENTIFIER_AUTHORITY)SECURITY_NT_AUTHORITY;
312 | pSystemSid->SubAuthority[0] = SECURITY_LOCAL_SYSTEM_RID;
313 |
314 | ULONG sdLength2 = ulNeedSize;
315 | ntStatus = RtlSelfRelativeToAbsoluteSD2(sd, &sdLength2);
316 | if (ntStatus == STATUS_BUFFER_TOO_SMALL)
317 | {
318 | PSECURITY_DESCRIPTOR sd2 = ExAllocatePoolWithTag(PagedPool, sdLength2, 'SloV');
319 | if (!sd2)
320 | {
321 | ExFreePool(sd);
322 | return STATUS_INSUFFICIENT_RESOURCES;
323 | }
324 |
325 | RtlCopyMemory(sd2, sd, ulNeedSize);
326 | ExFreePool(sd);
327 |
328 | sd = sd2;
329 | ulNeedSize = sdLength2;
330 |
331 | ntStatus = RtlSelfRelativeToAbsoluteSD2(sd, &ulNeedSize);
332 | if (!NT_SUCCESS(ntStatus))
333 | {
334 | ExFreePool(sd);
335 | return ntStatus;
336 | }
337 | }
338 |
339 | ntStatus = RtlSetOwnerSecurityDescriptor(sd, pAdminSid, FALSE);
340 | if (!NT_SUCCESS(ntStatus))
341 | {
342 | DbgPrint("RtlSetOwnerSecurityDescriptor fail! Status: %p\n", ntStatus);
343 | ExFreePool(sd);
344 | return ntStatus;
345 | }
346 |
347 | ntStatus = RtlSetDaclSecurityDescriptor(sd, TRUE, StandardAcl, FALSE);
348 | if (!NT_SUCCESS(ntStatus))
349 | {
350 | DbgPrint("RtlSetDaclSecurityDescriptor fail! Status: %p\n", ntStatus);
351 | ExFreePool(sd);
352 | return ntStatus;
353 | }
354 |
355 | if (!RtlValidSecurityDescriptor(sd))
356 | {
357 | DbgPrint("RtlSetOwnerSecurityDescriptor fail! Status: %p\n", ntStatus);
358 | ExFreePool(sd);
359 | return STATUS_UNSUCCESSFUL;
360 | }
361 |
362 | ntStatus = NtSetSecurityObject(hSection, OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, sd);
363 | if (!NT_SUCCESS(ntStatus))
364 | {
365 | DbgPrint("NtSetSecurityObject fail! Status: %p\n", ntStatus);
366 | ExFreePool(sd);
367 | return ntStatus;
368 | }
369 |
370 | ExFreePool(sd);
371 | return ntStatus;
372 | }
373 |
374 |
--------------------------------------------------------------------------------
/Tutorial_6_ShareMem_Communication_SYS/helper.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 |
4 | NTSTATUS CreateStandardSCAndACL(OUT PSECURITY_DESCRIPTOR* SecurityDescriptor, OUT PACL* Acl);
5 | NTSTATUS GrantAccess(HANDLE hSection, IN PACL StandardAcl);
6 |
--------------------------------------------------------------------------------
/Tutorial_6_ShareMem_Communication_SYS/main.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include "helper.h"
4 |
5 | const WCHAR gc_wszDeviceNameBuffer[] = L"\\Device\\ShMem_Test";
6 | const WCHAR gc_wszDeviceSymLinkBuffer[] = L"\\DosDevices\\ShMem_Test";
7 | const WCHAR gc_wszSharedSectionName[] = L"\\BaseNamedObjects\\SharedMemoryTest";
8 |
9 | PVOID g_pSharedSection = NULL;
10 | PVOID g_pSectionObj = NULL;
11 | HANDLE g_hSection = NULL;
12 |
13 | //----------------------------------------------------------------------
14 |
15 | VOID ReadSharedMemory()
16 | {
17 | if (!g_hSection)
18 | return;
19 |
20 | if (g_pSharedSection)
21 | ZwUnmapViewOfSection(NtCurrentProcess(), g_pSharedSection);
22 |
23 | SIZE_T ulViewSize = 1024 * 10;
24 | NTSTATUS ntStatus = ZwMapViewOfSection(g_hSection, NtCurrentProcess(), &g_pSharedSection, 0, ulViewSize, NULL, &ulViewSize, ViewShare, 0, PAGE_READWRITE | PAGE_NOCACHE);
25 | if (ntStatus != STATUS_SUCCESS)
26 | {
27 | DbgPrint("ZwMapViewOfSection fail! Status: %p\n", ntStatus);
28 | ZwClose(g_hSection);
29 | return;
30 | }
31 | DbgPrint("ZwMapViewOfSection completed!\n");
32 |
33 | DbgPrint("Shared memory read data: %s\n", (PCHAR)g_pSharedSection);
34 | }
35 |
36 | NTSTATUS CreateSharedMemory()
37 | {
38 | NTSTATUS ntStatus = STATUS_UNSUCCESSFUL;
39 |
40 | UNICODE_STRING uSectionName = { 0 };
41 | RtlInitUnicodeString(&uSectionName, gc_wszSharedSectionName);
42 |
43 | OBJECT_ATTRIBUTES objAttributes = { 0 };
44 | InitializeObjectAttributes(&objAttributes, &uSectionName, OBJ_CASE_INSENSITIVE, NULL, NULL);
45 |
46 | LARGE_INTEGER lMaxSize = { 0 };
47 | lMaxSize.HighPart = 0;
48 | lMaxSize.LowPart = 1024 * 10;
49 | ntStatus = ZwCreateSection(&g_hSection, SECTION_ALL_ACCESS, &objAttributes, &lMaxSize, PAGE_READWRITE, SEC_COMMIT, NULL);
50 | if (ntStatus != STATUS_SUCCESS)
51 | {
52 | DbgPrint("ZwCreateSection fail! Status: %p\n", ntStatus);
53 | return ntStatus;
54 | }
55 | DbgPrint("ZwCreateSection completed!\n");
56 |
57 | ntStatus = ObReferenceObjectByHandle(g_hSection, SECTION_ALL_ACCESS, NULL, KernelMode, &g_pSectionObj, 0);
58 | if (ntStatus != STATUS_SUCCESS)
59 | {
60 | DbgPrint("ObReferenceObjectByHandle fail! Status: %p\n", ntStatus);
61 | return ntStatus;
62 | }
63 | DbgPrint("ObReferenceObjectByHandle completed!\n");
64 |
65 | // ---
66 | PACL pACL = NULL;
67 | PSECURITY_DESCRIPTOR pSecurityDescriptor = { 0 };
68 | ntStatus = CreateStandardSCAndACL(&pSecurityDescriptor, &pACL);
69 | if (ntStatus != STATUS_SUCCESS)
70 | {
71 | DbgPrint("CreateStandardSCAndACL fail! Status: %p\n", ntStatus);
72 | ObDereferenceObject(g_pSectionObj);
73 | ZwClose(g_hSection);
74 | return ntStatus;
75 | }
76 |
77 | ntStatus = GrantAccess(g_hSection, pACL);
78 | if (ntStatus != STATUS_SUCCESS)
79 | {
80 | DbgPrint("GrantAccess fail! Status: %p\n", ntStatus);
81 | ExFreePool(pACL);
82 | ExFreePool(pSecurityDescriptor);
83 | ObDereferenceObject(g_pSectionObj);
84 | ZwClose(g_hSection);
85 | return ntStatus;
86 | }
87 |
88 | ExFreePool(pACL);
89 | ExFreePool(pSecurityDescriptor);
90 |
91 | SIZE_T ulViewSize = 0;
92 | ntStatus = ZwMapViewOfSection(g_hSection, NtCurrentProcess(), &g_pSharedSection, 0, lMaxSize.LowPart, NULL, &ulViewSize, ViewShare, 0, PAGE_READWRITE | PAGE_NOCACHE);
93 | if (ntStatus != STATUS_SUCCESS)
94 | {
95 | DbgPrint("ZwMapViewOfSection fail! Status: %p\n", ntStatus);
96 | ObDereferenceObject(g_pSectionObj);
97 | ZwClose(g_hSection);
98 | return ntStatus;
99 | }
100 | DbgPrint("ZwMapViewOfSection completed!\n");
101 |
102 | PCHAR TestString = "Message from kernel";
103 | memcpy(g_pSharedSection, TestString, 19);
104 | ReadSharedMemory();
105 |
106 | return ntStatus;
107 | }
108 |
109 | NTSTATUS OnIRPWrite(PDEVICE_OBJECT pDriverObject, PIRP pIrp)
110 | {
111 | UNREFERENCED_PARAMETER(pDriverObject);
112 |
113 | char szBuffer[255] = { 0 };
114 | strcpy(szBuffer, pIrp->AssociatedIrp.SystemBuffer);
115 | DbgPrint("User message received: %s(%u)", szBuffer, strlen(szBuffer));
116 |
117 | if (!strcmp(szBuffer, "read_shared_memory"))
118 | {
119 | ReadSharedMemory();
120 | }
121 |
122 | pIrp->IoStatus.Status = STATUS_SUCCESS;
123 | pIrp->IoStatus.Information = strlen(szBuffer);
124 | IoCompleteRequest(pIrp, IO_NO_INCREMENT);
125 | return STATUS_SUCCESS;
126 | }
127 |
128 | NTSTATUS OnMajorFunctionCall(PDEVICE_OBJECT pDriverObject, PIRP pIrp)
129 | {
130 | UNREFERENCED_PARAMETER(pDriverObject);
131 |
132 | PIO_STACK_LOCATION pStack = IoGetCurrentIrpStackLocation(pIrp);
133 | switch (pStack->MajorFunction)
134 | {
135 | case IRP_MJ_WRITE:
136 | OnIRPWrite(pDriverObject, pIrp);
137 | break;
138 |
139 | default:
140 | pIrp->IoStatus.Status = STATUS_SUCCESS;
141 | IoCompleteRequest(pIrp, IO_NO_INCREMENT);
142 | }
143 | return STATUS_SUCCESS;
144 | }
145 |
146 | VOID OnDriverUnload(IN PDRIVER_OBJECT pDriverObject)
147 | {
148 | UNREFERENCED_PARAMETER(pDriverObject);
149 |
150 | DbgPrint("Driver unload routine triggered!\n");
151 |
152 | if (g_pSharedSection)
153 | ZwUnmapViewOfSection(NtCurrentProcess(), g_pSharedSection);
154 |
155 | if (g_pSectionObj)
156 | ObDereferenceObject(g_pSectionObj);
157 |
158 | if (g_hSection)
159 | ZwClose(g_hSection);
160 |
161 | UNICODE_STRING symLink;
162 | RtlInitUnicodeString(&symLink, gc_wszDeviceSymLinkBuffer);
163 |
164 | IoDeleteSymbolicLink(&symLink);
165 | if (pDriverObject && pDriverObject->DeviceObject)
166 | {
167 | IoDeleteDevice(pDriverObject->DeviceObject);
168 | }
169 | }
170 |
171 | NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath)
172 | {
173 | // Process params
174 | UNREFERENCED_PARAMETER(pRegistryPath);
175 |
176 | if (!pDriverObject)
177 | {
178 | DbgPrint("ShareMemTestSys driver entry is null!\n");
179 | return STATUS_FAILED_DRIVER_ENTRY;
180 | }
181 |
182 | // Hello world!
183 | DbgPrint("Driver loaded, system range start in %p, Our entry at: %p\n", MmSystemRangeStart, DriverEntry);
184 |
185 | // Register unload routine
186 | pDriverObject->DriverUnload = &OnDriverUnload;
187 |
188 | // Veriable decleration
189 | NTSTATUS ntStatus = 0;
190 |
191 | // Normalize name and symbolic link.
192 | UNICODE_STRING deviceNameUnicodeString, deviceSymLinkUnicodeString;
193 | RtlInitUnicodeString(&deviceNameUnicodeString, gc_wszDeviceNameBuffer);
194 | RtlInitUnicodeString(&deviceSymLinkUnicodeString, gc_wszDeviceSymLinkBuffer);
195 |
196 | // Create the device.
197 | PDEVICE_OBJECT pDeviceObject = NULL;
198 | ntStatus = IoCreateDevice(pDriverObject, 0, &deviceNameUnicodeString, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
199 | if (ntStatus != STATUS_SUCCESS)
200 | {
201 | DbgPrint("ShareMemTestSys IoCreateDevice fail! Status: %p\n", ntStatus);
202 | return ntStatus;
203 | }
204 |
205 | // Create the symbolic link
206 | ntStatus = IoCreateSymbolicLink(&deviceSymLinkUnicodeString, &deviceNameUnicodeString);
207 | if (ntStatus != STATUS_SUCCESS)
208 | {
209 | DbgPrint("ShareMemTestSys IoCreateSymbolicLink fail! Status: %p\n", ntStatus);
210 | return ntStatus;
211 | }
212 |
213 | // Register driver major callbacks
214 | for (ULONG t = 0; t <= IRP_MJ_MAXIMUM_FUNCTION; t++)
215 | pDriverObject->MajorFunction[t] = &OnMajorFunctionCall;
216 |
217 | CreateSharedMemory();
218 |
219 | pDeviceObject->Flags |= DO_BUFFERED_IO;
220 |
221 | DbgPrint("ShareMemTestSys driver entry completed!\n");
222 |
223 | return STATUS_SUCCESS;
224 | }
225 |
226 |
227 |
--------------------------------------------------------------------------------
/Tutorial_7_NamedPipe_Communication_Client_SYS/Tutorial_7_NamedPipe_Communication_Client_SYS.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; Tutorial_7_NamedPipe_Communication_Client_SYS.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=System
8 | ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318}
9 | Provider=%ManufacturerName%
10 | DriverVer=
11 | CatalogFile=Tutorial_7_NamedPipe_Communication_Client_SYS.cat
12 |
13 | [DestinationDirs]
14 | DefaultDestDir = 12
15 |
16 |
17 | [SourceDisksNames]
18 | 1 = %DiskName%,,,""
19 |
20 | [SourceDisksFiles]
21 |
22 |
23 | [Manufacturer]
24 | %ManufacturerName%=Standard,NT$ARCH$
25 |
26 | [Standard.NT$ARCH$]
27 |
28 |
29 | [Strings]
30 | ManufacturerName="" ;TODO: Replace with your manufacturer name
31 | ClassName=""
32 | DiskName="Tutorial_7_NamedPipe_Communication_Client_SYS Source Disk"
33 |
--------------------------------------------------------------------------------
/Tutorial_7_NamedPipe_Communication_Client_SYS/Tutorial_7_NamedPipe_Communication_Client_SYS.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Debug
22 | ARM
23 |
24 |
25 | Release
26 | ARM
27 |
28 |
29 | Debug
30 | ARM64
31 |
32 |
33 | Release
34 | ARM64
35 |
36 |
37 |
38 | {0671AB6F-81A6-402A-8605-5A71451B8EC5}
39 | {dd38f7fc-d7bd-488b-9242-7d8754cde80d}
40 | v4.5
41 | 12.0
42 | Debug
43 | Win32
44 | Tutorial_7_NamedPipe_Communication_Client_SYS
45 |
46 |
47 |
48 | Windows10
49 | true
50 | WindowsKernelModeDriver10.0
51 | Driver
52 | WDM
53 |
54 |
55 | Windows10
56 | false
57 | WindowsKernelModeDriver10.0
58 | Driver
59 | WDM
60 |
61 |
62 | Windows10
63 | true
64 | WindowsKernelModeDriver10.0
65 | Driver
66 | WDM
67 |
68 |
69 | Windows10
70 | false
71 | WindowsKernelModeDriver10.0
72 | Driver
73 | WDM
74 |
75 |
76 | Windows10
77 | true
78 | WindowsKernelModeDriver10.0
79 | Driver
80 | WDM
81 |
82 |
83 | Windows10
84 | false
85 | WindowsKernelModeDriver10.0
86 | Driver
87 | WDM
88 |
89 |
90 | Windows10
91 | true
92 | WindowsKernelModeDriver10.0
93 | Driver
94 | WDM
95 |
96 |
97 | Windows10
98 | false
99 | WindowsKernelModeDriver10.0
100 | Driver
101 | WDM
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 | DbgengKernelDebugger
113 |
114 |
115 | DbgengKernelDebugger
116 |
117 |
118 | DbgengKernelDebugger
119 |
120 |
121 | DbgengKernelDebugger
122 |
123 |
124 | DbgengKernelDebugger
125 |
126 |
127 | DbgengKernelDebugger
128 |
129 |
130 | DbgengKernelDebugger
131 |
132 |
133 | DbgengKernelDebugger
134 |
135 |
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
--------------------------------------------------------------------------------
/Tutorial_7_NamedPipe_Communication_Client_SYS/main.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 |
5 | #define PIPE_OPEN_IO_CODE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_NEITHER, FILE_ANY_ACCESS)
6 | #define PIPE_MSG_IO_CODE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_NEITHER, FILE_ANY_ACCESS)
7 |
8 | const WCHAR gc_wszDeviceNameBuffer[] = L"\\Device\\PipeClient_Test";
9 | const WCHAR gc_wszDeviceSymLinkBuffer[] = L"\\DosDevices\\PipeClient_Test";
10 | const WCHAR gc_wszPipeName[] = L"\\Device\\NamedPipe\\TestCommPipe";
11 |
12 | static HANDLE s_hServerPipe = NULL;
13 | static KMUTEX s_pPipeMutex = { 0 };
14 |
15 | typedef struct _KERNEL_IO_DBG_MSG_DATA
16 | {
17 | CHAR szMessage[255];
18 | } SKernelIODbgMsgData, *PKernelIODbgMsgData;
19 |
20 | // PIPE
21 | VOID WritePipeMessage(const char* c_szMessage, ...)
22 | {
23 | char szBuff[0x100];
24 |
25 | va_list vaArgList;
26 | va_start(vaArgList, c_szMessage);
27 | vsprintf(szBuff, c_szMessage, vaArgList);
28 | va_end(vaArgList);
29 |
30 | if (KeGetCurrentIrql() == PASSIVE_LEVEL)
31 | {
32 | KeWaitForMutexObject(&s_pPipeMutex, Executive, KernelMode, FALSE, NULL);
33 |
34 | if (s_hServerPipe)
35 | {
36 | IO_STATUS_BLOCK IoStatusBlock;
37 | ZwWriteFile(s_hServerPipe, 0, NULL, NULL, &IoStatusBlock, szBuff, (ULONG)strlen(szBuff) + 1, NULL, NULL);
38 | }
39 |
40 | KeReleaseMutex(&s_pPipeMutex, FALSE);
41 | }
42 | }
43 |
44 | VOID OpenServerPipe()
45 | {
46 | UNICODE_STRING usPipeName;
47 | RtlInitUnicodeString(&usPipeName, gc_wszPipeName);
48 |
49 | OBJECT_ATTRIBUTES ObjectAttributes;
50 | InitializeObjectAttributes(&ObjectAttributes, &usPipeName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
51 |
52 | KeWaitForMutexObject(&s_pPipeMutex, Executive, KernelMode, FALSE, NULL);
53 |
54 | IO_STATUS_BLOCK IoStatusBlock;
55 | NTSTATUS ntStatus = ZwCreateFile(&s_hServerPipe, FILE_WRITE_DATA | SYNCHRONIZE, &ObjectAttributes, &IoStatusBlock,0, FILE_ATTRIBUTE_NORMAL, 0, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
56 | if (!NT_SUCCESS(ntStatus))
57 | {
58 | DbgPrint("ZwCreateFile fail, Status: %p\n", ntStatus);
59 | }
60 |
61 | KeReleaseMutex(&s_pPipeMutex, FALSE);
62 | }
63 |
64 | VOID CloseServerPipe()
65 | {
66 | KeWaitForMutexObject(&s_pPipeMutex, Executive, KernelMode, FALSE, NULL);
67 |
68 | if (s_hServerPipe)
69 | {
70 | ZwClose(s_hServerPipe);
71 | s_hServerPipe = NULL;
72 | }
73 |
74 | KeReleaseMutex(&s_pPipeMutex, FALSE);
75 | }
76 |
77 | // IOCTL
78 | #define IO_INPUT(Type) ((Type)(pIrpStack->Parameters.DeviceIoControl.Type3InputBuffer))
79 | #define IO_OUTPUT(Type) ((Type)(pIrp->UserBuffer))
80 |
81 | NTSTATUS OnIoControl(PDEVICE_OBJECT pDriverObject, PIRP pIrp)
82 | {
83 | UNREFERENCED_PARAMETER(pDriverObject);
84 |
85 | DbgPrint("IRP_MJ_DEVICE_CONTROL handled!\n");
86 |
87 | NTSTATUS ntStatus = STATUS_SUCCESS;
88 | __try
89 | {
90 | PIO_STACK_LOCATION pIrpStack = IoGetCurrentIrpStackLocation(pIrp);
91 | ULONG uIoControlCode = pIrpStack->Parameters.DeviceIoControl.IoControlCode;
92 | switch (uIoControlCode)
93 | {
94 | case PIPE_OPEN_IO_CODE:
95 | {
96 | DbgPrint("Pipe open packet received\n");
97 | OpenServerPipe();
98 | } break;
99 |
100 | case PIPE_MSG_IO_CODE:
101 | {
102 | DbgPrint("Pipe message packet received\n");
103 | WritePipeMessage(IO_INPUT(PKernelIODbgMsgData)->szMessage);
104 | } break;
105 | }
106 | }
107 | __except (EXCEPTION_EXECUTE_HANDLER)
108 | {
109 | ntStatus = STATUS_UNSUCCESSFUL;
110 | DbgPrint("OnIoControl Exception catched!\n");
111 | }
112 |
113 | pIrp->IoStatus.Status = ntStatus;
114 | IoCompleteRequest(pIrp, IO_NO_INCREMENT);
115 | return ntStatus;
116 | }
117 |
118 | NTSTATUS OnMajorFunctionCall(PDEVICE_OBJECT pDriverObject, PIRP pIrp)
119 | {
120 | PIO_STACK_LOCATION pStack = IoGetCurrentIrpStackLocation(pIrp);
121 | switch (pStack->MajorFunction)
122 | {
123 | case IRP_MJ_DEVICE_CONTROL:
124 | OnIoControl(pDriverObject, pIrp);
125 | break;
126 |
127 | default:
128 | pIrp->IoStatus.Status = STATUS_SUCCESS;
129 | IoCompleteRequest(pIrp, IO_NO_INCREMENT);
130 | }
131 | return STATUS_SUCCESS;
132 | }
133 |
134 | // Routine
135 | VOID OnDriverUnload(IN PDRIVER_OBJECT pDriverObject)
136 | {
137 | UNREFERENCED_PARAMETER(pDriverObject);
138 |
139 | DbgPrint("Driver unload routine triggered!\n");
140 |
141 | CloseServerPipe();
142 |
143 | UNICODE_STRING symLink;
144 | RtlInitUnicodeString(&symLink, gc_wszDeviceSymLinkBuffer);
145 |
146 | IoDeleteSymbolicLink(&symLink);
147 | if (pDriverObject && pDriverObject->DeviceObject)
148 | {
149 | IoDeleteDevice(pDriverObject->DeviceObject);
150 | }
151 | }
152 |
153 | NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath)
154 | {
155 | // Process params
156 | UNREFERENCED_PARAMETER(pRegistryPath);
157 |
158 | if (!pDriverObject)
159 | {
160 | DbgPrint("NamedPipeTestSys driver entry is null!\n");
161 | return STATUS_FAILED_DRIVER_ENTRY;
162 | }
163 |
164 | // Hello world!
165 | DbgPrint("Driver loaded, system range start in %p, Our entry at: %p\n", MmSystemRangeStart, DriverEntry);
166 |
167 | // Register unload routine
168 | pDriverObject->DriverUnload = &OnDriverUnload;
169 |
170 | // Veriable decleration
171 | NTSTATUS ntStatus = 0;
172 |
173 | // Normalize name and symbolic link.
174 | UNICODE_STRING deviceNameUnicodeString, deviceSymLinkUnicodeString;
175 | RtlInitUnicodeString(&deviceNameUnicodeString, gc_wszDeviceNameBuffer);
176 | RtlInitUnicodeString(&deviceSymLinkUnicodeString, gc_wszDeviceSymLinkBuffer);
177 |
178 | // Create the device.
179 | PDEVICE_OBJECT pDeviceObject = NULL;
180 | ntStatus = IoCreateDevice(pDriverObject, 0, &deviceNameUnicodeString, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject);
181 | if (ntStatus != STATUS_SUCCESS)
182 | {
183 | DbgPrint("NamedPipeTestSys IoCreateDevice fail! Status: %p\n", ntStatus);
184 | return ntStatus;
185 | }
186 |
187 | // Create the symbolic link
188 | ntStatus = IoCreateSymbolicLink(&deviceSymLinkUnicodeString, &deviceNameUnicodeString);
189 | if (ntStatus != STATUS_SUCCESS)
190 | {
191 | DbgPrint("NamedPipeTestSys IoCreateSymbolicLink fail! Status: %p\n", ntStatus);
192 | return ntStatus;
193 | }
194 |
195 | // Register driver major callbacks
196 | for (ULONG t = 0; t <= IRP_MJ_MAXIMUM_FUNCTION; t++)
197 | pDriverObject->MajorFunction[t] = &OnMajorFunctionCall;
198 |
199 | pDeviceObject->Flags |= DO_DIRECT_IO;
200 | pDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;
201 |
202 | KeInitializeMutex(&s_pPipeMutex, 0);
203 |
204 | DbgPrint("NamedPipeTestSys driver entry completed!\n");
205 |
206 | return STATUS_SUCCESS;
207 | }
208 |
209 |
210 |
--------------------------------------------------------------------------------
/Tutorial_7_NamedPipe_Communication_Server_CLI/Tutorial_7_NamedPipe_Communication_Server_CLI.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mq1n/EasyRing0/30b8db946122a0f381ca1304ca0839f270777d03/Tutorial_7_NamedPipe_Communication_Server_CLI/Tutorial_7_NamedPipe_Communication_Server_CLI.cpp
--------------------------------------------------------------------------------
/Tutorial_7_NamedPipe_Communication_Server_CLI/Tutorial_7_NamedPipe_Communication_Server_CLI.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 15.0
23 | {7E1D1E5F-3E1E-49E1-A07A-3F2E39308AA2}
24 | Win32Proj
25 | Tutorial7NamedPipeCommunicationServerCLI
26 | 10.0
27 |
28 |
29 |
30 | Application
31 | true
32 | v142
33 | Unicode
34 |
35 |
36 | Application
37 | false
38 | v142
39 | true
40 | Unicode
41 |
42 |
43 | Application
44 | true
45 | v142
46 | Unicode
47 |
48 |
49 | Application
50 | false
51 | v142
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | true
78 |
79 |
80 | false
81 |
82 |
83 | false
84 |
85 |
86 |
87 | NotUsing
88 | Level3
89 | Disabled
90 | true
91 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
92 | true
93 |
94 |
95 | Console
96 | true
97 |
98 |
99 |
100 |
101 | NotUsing
102 | Level3
103 | Disabled
104 | true
105 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
106 | true
107 |
108 |
109 | Console
110 | true
111 |
112 |
113 |
114 |
115 | NotUsing
116 | Level3
117 | MaxSpeed
118 | true
119 | true
120 | true
121 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
122 | true
123 |
124 |
125 | Console
126 | true
127 | true
128 | true
129 |
130 |
131 |
132 |
133 | NotUsing
134 | Level3
135 | MaxSpeed
136 | true
137 | true
138 | true
139 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
140 | true
141 |
142 |
143 | Console
144 | true
145 | true
146 | true
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
--------------------------------------------------------------------------------