├── .gitignore
├── KeCPU
├── KeCPU.sln
└── KeCPU
│ ├── KeCPU.vcxproj
│ ├── KeCPU.vcxproj.filters
│ ├── KeMain.cpp
│ ├── cpu.cpp
│ └── cpu.h
├── KeDateTime
├── KeDateTime.sln
└── KeDateTime
│ ├── KeDateTime.vcxproj
│ ├── KeDateTime.vcxproj.filters
│ └── KeMain.cpp
├── KeDebug
├── KeDebug.sln
└── KeDebug
│ ├── KeDebug.inf
│ ├── KeDebug.vcxproj
│ ├── KeDebug.vcxproj.filters
│ └── KeMain.cpp
├── KeFileRead
├── KeFileRead.sln
└── KeFileRead
│ ├── KeFileRead.inf
│ ├── KeFileRead.vcxproj
│ ├── KeFileRead.vcxproj.filters
│ └── KeMain.cpp
├── KeFileWrite
├── KeFileWrite.sln
└── KeFileWrite
│ ├── KeFileWrite.inf
│ ├── KeFileWrite.vcxproj
│ ├── KeFileWrite.vcxproj.filters
│ └── KeMain.cpp
├── KeHeapAlloc
├── KeHeapAlloc.sln
└── KeHeapAlloc
│ ├── KeHeapAlloc.inf
│ ├── KeHeapAlloc.vcxproj
│ ├── KeHeapAlloc.vcxproj.filters
│ └── KeMain.cpp
├── KeJsonParser
├── KeJsonParser.sln
└── KeJsonParser
│ ├── KeJson.cpp
│ ├── KeJsonParser.vcxproj
│ ├── KeJsonParser.vcxproj.filters
│ └── jsmn.h
├── KeLinkList
├── KeLinkList.sln
└── KeLinkList
│ ├── AutoLock.h
│ ├── FastMutex.cpp
│ ├── FastMutex.h
│ ├── KeLinkList.inf
│ ├── KeLinkList.vcxproj
│ ├── KeLinkList.vcxproj.filters
│ ├── KeMain.cpp
│ └── LinkedList.h
├── KeLongIntegerData
├── KeLongIntegerData.sln
└── KeLongIntegerData
│ ├── KeLongIntegerData.inf
│ ├── KeLongIntegerData.vcxproj
│ ├── KeLongIntegerData.vcxproj.filters
│ └── KeMain.cpp
├── KeMalloc
├── KeMalloc.sln
└── KeMalloc
│ ├── KeMain.cpp
│ ├── KeMalloc.cpp
│ ├── KeMalloc.h
│ ├── KeMalloc.vcxproj
│ └── KeMalloc.vcxproj.filters
├── KeOSBuild
├── KeOSBuild.sln
└── KeOSBuild
│ ├── KeMain.cpp
│ ├── KeOSBuild.vcxproj
│ └── KeOSBuild.vcxproj.filters
├── KeOSVersion
├── KeOSVersion.sln
└── KeOSVersion
│ ├── KeMain.cpp
│ ├── KeOSVersion.vcxproj
│ ├── KeOSVersion.vcxproj.filters
│ ├── OSVersion.cpp
│ └── OSVersion.h
├── KeShellCode
├── Image
│ └── Shellcode.PNG
├── KeShellCode.sln
└── KeShellCode
│ ├── KeMain.cpp
│ ├── KeShellCode.inf
│ ├── KeShellCode.vcxproj
│ └── KeShellCode.vcxproj.filters
├── KeSpinLock
├── KeSpinLock.sln
└── KeSpinLock
│ ├── KeMain.cpp
│ ├── KeSpinLock.inf
│ ├── KeSpinLock.vcxproj
│ └── KeSpinLock.vcxproj.filters
├── KeString
├── KeString.sln
└── KeString
│ ├── KeMain.cpp
│ ├── KeString.vcxproj
│ ├── KeString.vcxproj.filters
│ └── kstring.h
├── KeThread
├── Image
│ └── thread.PNG
├── KeThread.sln
└── KeThread
│ ├── KeMain.cpp
│ ├── KeThread.vcxproj
│ └── KeThread.vcxproj.filters
├── KeTimer
├── Image
│ └── timer.PNG
├── KeTimer.sln
└── KeTimer
│ ├── KeMain.cpp
│ ├── KeTimer.vcxproj
│ └── KeTimer.vcxproj.filters
├── KeVector
├── KeVector.sln
└── KeVector
│ ├── KeMain.cpp
│ ├── KeVector.vcxproj
│ ├── KeVector.vcxproj.filters
│ └── kvector.h
├── KeWdmVersion
├── KeWdmVersion.sln
└── KeWdmVersion
│ ├── KeMain.cpp
│ ├── KeWdmVersion.inf
│ ├── KeWdmVersion.vcxproj
│ └── KeWdmVersion.vcxproj.filters
└── README.md
/.gitignore:
--------------------------------------------------------------------------------
1 |
2 | # Created by https://www.gitignore.io/api/visualstudio
3 | # Edit at https://www.gitignore.io/?templates=visualstudio
4 |
5 | ### VisualStudio ###
6 | ## Ignore Visual Studio temporary files, build results, and
7 | ## files generated by popular Visual Studio add-ons.
8 | ##
9 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
10 |
11 | # User-specific files
12 | *.rsuser
13 | *.suo
14 | *.user
15 | *.userosscache
16 | *.sln.docstates
17 |
18 | # User-specific files (MonoDevelop/Xamarin Studio)
19 | *.userprefs
20 |
21 | # Mono auto generated files
22 | mono_crash.*
23 |
24 | # Build results
25 | [Dd]ebug/
26 | [Dd]ebugPublic/
27 | [Rr]elease/
28 | [Rr]eleases/
29 | x64/
30 | x86/
31 | [Aa][Rr][Mm]/
32 | [Aa][Rr][Mm]64/
33 | bld/
34 | [Bb]in/
35 | [Oo]bj/
36 | [Ll]og/
37 |
38 | # Visual Studio 2015/2017 cache/options directory
39 | .vs/
40 | # Uncomment if you have tasks that create the project's static files in wwwroot
41 | #wwwroot/
42 |
43 | # Visual Studio 2017 auto generated files
44 | Generated\ Files/
45 |
46 | # MSTest test Results
47 | [Tt]est[Rr]esult*/
48 | [Bb]uild[Ll]og.*
49 |
50 | # NUnit
51 | *.VisualState.xml
52 | TestResult.xml
53 | nunit-*.xml
54 |
55 | # Build Results of an ATL Project
56 | [Dd]ebugPS/
57 | [Rr]eleasePS/
58 | dlldata.c
59 |
60 | # Benchmark Results
61 | BenchmarkDotNet.Artifacts/
62 |
63 | # .NET Core
64 | project.lock.json
65 | project.fragment.lock.json
66 | artifacts/
67 |
68 | # StyleCop
69 | StyleCopReport.xml
70 |
71 | # Files built by Visual Studio
72 | *_i.c
73 | *_p.c
74 | *_h.h
75 | *.ilk
76 | *.obj
77 | *.iobj
78 | *.pch
79 | *.pdb
80 | *.ipdb
81 | *.pgc
82 | *.pgd
83 | *.rsp
84 | *.sbr
85 | *.tlb
86 | *.tli
87 | *.tlh
88 | *.tmp
89 | *.tmp_proj
90 | *_wpftmp.csproj
91 | *.log
92 | *.vspscc
93 | *.vssscc
94 | .builds
95 | *.pidb
96 | *.svclog
97 | *.scc
98 |
99 | # Chutzpah Test files
100 | _Chutzpah*
101 |
102 | # Visual C++ cache files
103 | ipch/
104 | *.aps
105 | *.ncb
106 | *.opendb
107 | *.opensdf
108 | *.sdf
109 | *.cachefile
110 | *.VC.db
111 | *.VC.VC.opendb
112 |
113 | # Visual Studio profiler
114 | *.psess
115 | *.vsp
116 | *.vspx
117 | *.sap
118 |
119 | # Visual Studio Trace Files
120 | *.e2e
121 |
122 | # TFS 2012 Local Workspace
123 | $tf/
124 |
125 | # Guidance Automation Toolkit
126 | *.gpState
127 |
128 | # ReSharper is a .NET coding add-in
129 | _ReSharper*/
130 | *.[Rr]e[Ss]harper
131 | *.DotSettings.user
132 |
133 | # JustCode is a .NET coding add-in
134 | .JustCode
135 |
136 | # TeamCity is a build add-in
137 | _TeamCity*
138 |
139 | # DotCover is a Code Coverage Tool
140 | *.dotCover
141 |
142 | # AxoCover is a Code Coverage Tool
143 | .axoCover/*
144 | !.axoCover/settings.json
145 |
146 | # Visual Studio code coverage results
147 | *.coverage
148 | *.coveragexml
149 |
150 | # NCrunch
151 | _NCrunch_*
152 | .*crunch*.local.xml
153 | nCrunchTemp_*
154 |
155 | # MightyMoose
156 | *.mm.*
157 | AutoTest.Net/
158 |
159 | # Web workbench (sass)
160 | .sass-cache/
161 |
162 | # Installshield output folder
163 | [Ee]xpress/
164 |
165 | # DocProject is a documentation generator add-in
166 | DocProject/buildhelp/
167 | DocProject/Help/*.HxT
168 | DocProject/Help/*.HxC
169 | DocProject/Help/*.hhc
170 | DocProject/Help/*.hhk
171 | DocProject/Help/*.hhp
172 | DocProject/Help/Html2
173 | DocProject/Help/html
174 |
175 | # Click-Once directory
176 | publish/
177 |
178 | # Publish Web Output
179 | *.[Pp]ublish.xml
180 | *.azurePubxml
181 | # Note: Comment the next line if you want to checkin your web deploy settings,
182 | # but database connection strings (with potential passwords) will be unencrypted
183 | *.pubxml
184 | *.publishproj
185 |
186 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
187 | # checkin your Azure Web App publish settings, but sensitive information contained
188 | # in these scripts will be unencrypted
189 | PublishScripts/
190 |
191 | # NuGet Packages
192 | *.nupkg
193 | # NuGet Symbol Packages
194 | *.snupkg
195 | # The packages folder can be ignored because of Package Restore
196 | **/[Pp]ackages/*
197 | # except build/, which is used as an MSBuild target.
198 | !**/[Pp]ackages/build/
199 | # Uncomment if necessary however generally it will be regenerated when needed
200 | #!**/[Pp]ackages/repositories.config
201 | # NuGet v3's project.json files produces more ignorable files
202 | *.nuget.props
203 | *.nuget.targets
204 |
205 | # Microsoft Azure Build Output
206 | csx/
207 | *.build.csdef
208 |
209 | # Microsoft Azure Emulator
210 | ecf/
211 | rcf/
212 |
213 | # Windows Store app package directories and files
214 | AppPackages/
215 | BundleArtifacts/
216 | Package.StoreAssociation.xml
217 | _pkginfo.txt
218 | *.appx
219 | *.appxbundle
220 | *.appxupload
221 |
222 | # Visual Studio cache files
223 | # files ending in .cache can be ignored
224 | *.[Cc]ache
225 | # but keep track of directories ending in .cache
226 | !?*.[Cc]ache/
227 |
228 | # Others
229 | ClientBin/
230 | ~$*
231 | *~
232 | *.dbmdl
233 | *.dbproj.schemaview
234 | *.jfm
235 | *.pfx
236 | *.publishsettings
237 | orleans.codegen.cs
238 |
239 | # Including strong name files can present a security risk
240 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
241 | #*.snk
242 |
243 | # Since there are multiple workflows, uncomment next line to ignore bower_components
244 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
245 | #bower_components/
246 |
247 | # RIA/Silverlight projects
248 | Generated_Code/
249 |
250 | # Backup & report files from converting an old project file
251 | # to a newer Visual Studio version. Backup files are not needed,
252 | # because we have git ;-)
253 | _UpgradeReport_Files/
254 | Backup*/
255 | UpgradeLog*.XML
256 | UpgradeLog*.htm
257 | ServiceFabricBackup/
258 | *.rptproj.bak
259 |
260 | # SQL Server files
261 | *.mdf
262 | *.ldf
263 | *.ndf
264 |
265 | # Business Intelligence projects
266 | *.rdl.data
267 | *.bim.layout
268 | *.bim_*.settings
269 | *.rptproj.rsuser
270 | *- [Bb]ackup.rdl
271 | *- [Bb]ackup ([0-9]).rdl
272 | *- [Bb]ackup ([0-9][0-9]).rdl
273 |
274 | # Microsoft Fakes
275 | FakesAssemblies/
276 |
277 | # GhostDoc plugin setting file
278 | *.GhostDoc.xml
279 |
280 | # Node.js Tools for Visual Studio
281 | .ntvs_analysis.dat
282 | node_modules/
283 |
284 | # Visual Studio 6 build log
285 | *.plg
286 |
287 | # Visual Studio 6 workspace options file
288 | *.opt
289 |
290 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
291 | *.vbw
292 |
293 | # Visual Studio LightSwitch build output
294 | **/*.HTMLClient/GeneratedArtifacts
295 | **/*.DesktopClient/GeneratedArtifacts
296 | **/*.DesktopClient/ModelManifest.xml
297 | **/*.Server/GeneratedArtifacts
298 | **/*.Server/ModelManifest.xml
299 | _Pvt_Extensions
300 |
301 | # Paket dependency manager
302 | .paket/paket.exe
303 | paket-files/
304 |
305 | # FAKE - F# Make
306 | .fake/
307 |
308 | # CodeRush personal settings
309 | .cr/personal
310 |
311 | # Python Tools for Visual Studio (PTVS)
312 | __pycache__/
313 | *.pyc
314 |
315 | # Cake - Uncomment if you are using it
316 | # tools/**
317 | # !tools/packages.config
318 |
319 | # Tabs Studio
320 | *.tss
321 |
322 | # Telerik's JustMock configuration file
323 | *.jmconfig
324 |
325 | # BizTalk build output
326 | *.btp.cs
327 | *.btm.cs
328 | *.odx.cs
329 | *.xsd.cs
330 |
331 | # OpenCover UI analysis results
332 | OpenCover/
333 |
334 | # Azure Stream Analytics local run output
335 | ASALocalRun/
336 |
337 | # MSBuild Binary and Structured Log
338 | *.binlog
339 |
340 | # NVidia Nsight GPU debugger configuration file
341 | *.nvuser
342 |
343 | # MFractors (Xamarin productivity tool) working folder
344 | .mfractor/
345 |
346 | # Local History for Visual Studio
347 | .localhistory/
348 |
349 | # BeatPulse healthcheck temp database
350 | healthchecksdb
351 |
352 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
353 | MigrationBackup/
354 |
355 | # End of https://www.gitignore.io/api/visualstudio
356 |
--------------------------------------------------------------------------------
/KeCPU/KeCPU.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeCPU", "KeCPU\KeCPU.vcxproj", "{A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Debug|ARM.Build.0 = Debug|ARM
22 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Debug|x64.ActiveCfg = Debug|x64
27 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Debug|x64.Build.0 = Debug|x64
28 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Debug|x64.Deploy.0 = Debug|x64
29 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Debug|x86.ActiveCfg = Debug|Win32
30 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Debug|x86.Build.0 = Debug|Win32
31 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Debug|x86.Deploy.0 = Debug|Win32
32 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Release|ARM.ActiveCfg = Release|ARM
33 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Release|ARM.Build.0 = Release|ARM
34 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Release|ARM.Deploy.0 = Release|ARM
35 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Release|ARM64.Build.0 = Release|ARM64
37 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Release|x64.ActiveCfg = Release|x64
39 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Release|x64.Build.0 = Release|x64
40 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Release|x64.Deploy.0 = Release|x64
41 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Release|x86.ActiveCfg = Release|Win32
42 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Release|x86.Build.0 = Release|Win32
43 | {A1F55CF5-5A9A-4587-AAE2-26E1CFDDC44D}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeCPU/KeCPU/KeCPU.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {8E41214B-6785-4CFE-B992-037D68949A14}
18 | inf;inv;inx;mof;mc;
19 |
20 |
21 |
22 |
23 | Source Files
24 |
25 |
26 | Source Files
27 |
28 |
29 |
30 |
31 | Header Files
32 |
33 |
34 |
--------------------------------------------------------------------------------
/KeCPU/KeCPU/KeMain.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include "cpu.h"
3 |
4 | VOID UnloadDriver(PDRIVER_OBJECT DriverObject) {
5 | UNREFERENCED_PARAMETER(DriverObject);
6 | KdPrint(("Unload My Driver \n"));
7 | }
8 |
9 | extern "C" NTSTATUS
10 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
11 |
12 | UNREFERENCED_PARAMETER(DriverObject);
13 | UNREFERENCED_PARAMETER(RegistryPath);
14 | CPU::HLT();
15 | CPU::EnableSmep();
16 | CPU::EnableWriteProtection();
17 |
18 | DriverObject->DriverUnload = (PDRIVER_UNLOAD)UnloadDriver;
19 | KdPrint(("Driver has been registered!\n"));
20 | return STATUS_SUCCESS;
21 | }
22 |
--------------------------------------------------------------------------------
/KeCPU/KeCPU/cpu.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include "CPU.h"
3 |
4 | extern "C" void _enable();
5 | extern "C" void _disable();
6 | extern "C" void __halt();
7 | extern "C" unsigned long long __readmsr(unsigned long Index);
8 | extern "C" void __writemsr(unsigned long Index, unsigned long long Value);
9 | extern "C" void __cpuid(int Info[4], int FunctionIdEax);
10 | extern "C" void __cpuidex(int Info[4], int FunctionIdEx, int SubfunctionIdEcx);
11 | extern "C" unsigned long long __rdpmc(unsigned long Counter);
12 | extern "C" unsigned long long __rdtsc();
13 | extern "C" unsigned long long __rdtscp(unsigned int* TscAux);
14 | #ifdef _AMD64_
15 | extern "C" unsigned long long __readcr0();
16 | extern "C" void __writecr0(unsigned long long Value);
17 | extern "C" unsigned long long __readcr4();
18 | extern "C" void __writecr4(unsigned long long Value);
19 | #elif _X86_
20 | extern "C" unsigned long __readcr0();
21 | extern "C" void __writecr0(unsigned long Value);
22 | extern "C" unsigned long __readcr4();
23 | extern "C" void __writecr4(unsigned long Value);
24 | #endif
25 |
26 | namespace CPU {
27 | void CLI() {
28 | _enable();
29 | }
30 |
31 | void STI() {
32 | _disable();
33 | }
34 |
35 | void HLT() {
36 | __halt();
37 | }
38 |
39 | unsigned long long RDMSR(unsigned long Index) {
40 | return __readmsr(Index);
41 | }
42 |
43 | void WRMSR(unsigned long Index, unsigned long long Value) {
44 | __writemsr(Index, Value);
45 | }
46 |
47 | void CPUID(int FunctionIdEax, PCPUID_INFO Cpuid) {
48 | __cpuid(reinterpret_cast(Cpuid), FunctionIdEax);
49 | }
50 |
51 | void CPUIDEX(int FunctionIdEax, int SubfunctionIdEcx, PCPUID_INFO Cpuid) {
52 | __cpuidex(reinterpret_cast(Cpuid), FunctionIdEax, SubfunctionIdEcx);
53 | }
54 |
55 | unsigned long long RDPMC(unsigned long Counter) {
56 | return __readpmc(Counter);
57 | }
58 |
59 | unsigned long long RDTSC() {
60 | return __rdtsc();
61 | }
62 |
63 | unsigned long long RDTSCP(unsigned int* TscAux) {
64 | return __rdtscp(TscAux);
65 | }
66 |
67 | bool IsRdtscpPresent() {
68 | CPUID_INFO Info;
69 | CPUID(0x80000001, &Info);
70 | return (Info.Edx & (1 << 27)) != 0;
71 | }
72 |
73 | void DisableWriteProtection() {
74 | __writecr0(__readcr0() & ~(1 << 16));
75 | }
76 |
77 | void EnableWriteProtection() {
78 | __writecr0(__readcr0() | (1 << 16));
79 | }
80 |
81 | bool IsSmepPresent() {
82 | CPUID_INFO Info;
83 | CPUIDEX(7, 0, &Info);
84 | return (Info.Ebx & (1 << 7)) != 0;
85 | }
86 |
87 | bool IsSmapPresent() {
88 | CPUID_INFO Info;
89 | CPUIDEX(7, 0, &Info);
90 | return (Info.Ebx & (1 << 20)) != 0;
91 | }
92 |
93 | void DisableSmep() {
94 | __writecr4(__readcr4() & ~(1 << 20));
95 | }
96 |
97 | void EnableSmep() {
98 | __writecr4(__readcr4() | (1 << 20));
99 | }
100 |
101 | void DisableSmap() {
102 | __writecr4(__readcr4() & ~(1 << 21));
103 | }
104 |
105 | void EnableSmap() {
106 | __writecr4(__readcr4() | (1 << 21));
107 | }
108 | }
--------------------------------------------------------------------------------
/KeCPU/KeCPU/cpu.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | namespace CPU {
4 | void CLI();
5 | void STI();
6 | void HLT();
7 |
8 | unsigned long long RDMSR(unsigned long Index);
9 | void WRMSR(unsigned long Index, unsigned long long Value);
10 |
11 | typedef struct _CPUID_INFO {
12 | unsigned int Eax;
13 | unsigned int Ebx;
14 | unsigned int Ecx;
15 | unsigned int Edx;
16 | } CPUID_INFO, *PCPUID_INFO;
17 |
18 | void CPUID(int FunctionIdEax, PCPUID_INFO Cpuid);
19 | void CPUIDEX(int FunctionIdEax, int SubfunctionIdEcx, PCPUID_INFO Cpuid);
20 |
21 | unsigned long long RDPMC(unsigned long Counter);
22 | unsigned long long RDTSC();
23 | unsigned long long RDTSCP(unsigned int* TscAux);
24 | bool IsRdtscpPresent();
25 |
26 | void DisableWriteProtection();
27 | void EnableWriteProtection();
28 |
29 | bool IsSmepPresent();
30 | bool IsSmapPresent();
31 | void DisableSmep();
32 | void EnableSmep();
33 | void DisableSmap();
34 | void EnableSmap();
35 | }
--------------------------------------------------------------------------------
/KeDateTime/KeDateTime.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeDateTime", "KeDateTime\KeDateTime.vcxproj", "{C2A35996-8E41-4E8A-B12D-85E24151B6A5}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Debug|ARM.Build.0 = Debug|ARM
22 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Debug|x64.ActiveCfg = Debug|x64
27 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Debug|x64.Build.0 = Debug|x64
28 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Debug|x64.Deploy.0 = Debug|x64
29 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Debug|x86.ActiveCfg = Debug|Win32
30 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Debug|x86.Build.0 = Debug|Win32
31 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Debug|x86.Deploy.0 = Debug|Win32
32 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Release|ARM.ActiveCfg = Release|ARM
33 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Release|ARM.Build.0 = Release|ARM
34 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Release|ARM.Deploy.0 = Release|ARM
35 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Release|ARM64.Build.0 = Release|ARM64
37 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Release|x64.ActiveCfg = Release|x64
39 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Release|x64.Build.0 = Release|x64
40 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Release|x64.Deploy.0 = Release|x64
41 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Release|x86.ActiveCfg = Release|Win32
42 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Release|x86.Build.0 = Release|Win32
43 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeDateTime/KeDateTime/KeDateTime.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Debug
22 | ARM
23 |
24 |
25 | Release
26 | ARM
27 |
28 |
29 | Debug
30 | ARM64
31 |
32 |
33 | Release
34 | ARM64
35 |
36 |
37 |
38 | {C2A35996-8E41-4E8A-B12D-85E24151B6A5}
39 | {1bc93793-694f-48fe-9372-81e2b05556fd}
40 | v4.5
41 | 12.0
42 | Debug
43 | Win32
44 | KeDateTime
45 | 10.0.10586.0
46 |
47 |
48 |
49 | Windows10
50 | true
51 | WindowsKernelModeDriver10.0
52 | Driver
53 | KMDF
54 | Universal
55 |
56 |
57 | Windows10
58 | false
59 | WindowsKernelModeDriver10.0
60 | Driver
61 | KMDF
62 | Universal
63 |
64 |
65 | Windows10
66 | true
67 | WindowsKernelModeDriver10.0
68 | Driver
69 | KMDF
70 | Universal
71 |
72 |
73 | Windows10
74 | false
75 | WindowsKernelModeDriver10.0
76 | Driver
77 | KMDF
78 | Universal
79 |
80 |
81 | Windows10
82 | true
83 | WindowsKernelModeDriver10.0
84 | Driver
85 | KMDF
86 | Universal
87 |
88 |
89 | Windows10
90 | false
91 | WindowsKernelModeDriver10.0
92 | Driver
93 | KMDF
94 | Universal
95 |
96 |
97 | Windows10
98 | true
99 | WindowsKernelModeDriver10.0
100 | Driver
101 | KMDF
102 | Universal
103 |
104 |
105 | Windows10
106 | false
107 | WindowsKernelModeDriver10.0
108 | Driver
109 | KMDF
110 | Universal
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 | DbgengKernelDebugger
122 | $(VC_IncludePath);$(WindowsSDK_IncludePath);
123 |
124 |
125 | DbgengKernelDebugger
126 |
127 |
128 | DbgengKernelDebugger
129 |
130 |
131 | DbgengKernelDebugger
132 |
133 |
134 | DbgengKernelDebugger
135 |
136 |
137 | DbgengKernelDebugger
138 |
139 |
140 | DbgengKernelDebugger
141 |
142 |
143 | DbgengKernelDebugger
144 |
145 |
146 |
147 | C:\Program Files %28x86%29\Windows Kits\10\Include\10.0.17134.0\km;%(AdditionalIncludeDirectories)
148 |
149 |
150 | DriverEntry
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 |
161 |
162 |
--------------------------------------------------------------------------------
/KeDateTime/KeDateTime/KeDateTime.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {8E41214B-6785-4CFE-B992-037D68949A14}
18 | inf;inv;inx;mof;mc;
19 |
20 |
21 |
22 |
23 | Source Files
24 |
25 |
26 |
--------------------------------------------------------------------------------
/KeDateTime/KeDateTime/KeMain.cpp:
--------------------------------------------------------------------------------
1 | #include
2 |
3 |
4 | VOID UnloadDriver(PDRIVER_OBJECT DriverObject) {
5 | UNREFERENCED_PARAMETER(DriverObject);
6 | KdPrint(("Unload My Driver \n"));
7 | }
8 |
9 | extern "C" NTSTATUS
10 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
11 |
12 | UNREFERENCED_PARAMETER(DriverObject);
13 | UNREFERENCED_PARAMETER(RegistryPath);
14 |
15 | LARGE_INTEGER system_time = { 0 };
16 | LARGE_INTEGER local_time = { 0 };
17 |
18 | TIME_FIELDS local_time_fields = { 0 };
19 |
20 | KeQuerySystemTime(&system_time);
21 | ExSystemTimeToLocalTime(&system_time, &local_time);
22 | RtlTimeToTimeFields(&local_time, &local_time_fields);
23 | DbgPrint("time is %4d-%2d-%2d %2d-%2d-%2d, \r\n", local_time_fields.Year, local_time_fields.Month, local_time_fields.Day,
24 | local_time_fields.Hour, local_time_fields.Minute, local_time_fields.Second);
25 |
26 | DriverObject->DriverUnload = (PDRIVER_UNLOAD)UnloadDriver;
27 | KdPrint(("Driver has been registered!\n"));
28 | return STATUS_SUCCESS;
29 | }
30 |
--------------------------------------------------------------------------------
/KeDebug/KeDebug.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeDebug", "KeDebug\KeDebug.vcxproj", "{DEE55D45-10F0-4932-9B42-4DB8C27225DB}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Debug|ARM.Build.0 = Debug|ARM
22 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Debug|x64.ActiveCfg = Debug|x64
27 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Debug|x64.Build.0 = Debug|x64
28 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Debug|x64.Deploy.0 = Debug|x64
29 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Debug|x86.ActiveCfg = Debug|Win32
30 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Debug|x86.Build.0 = Debug|Win32
31 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Debug|x86.Deploy.0 = Debug|Win32
32 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Release|ARM.ActiveCfg = Release|ARM
33 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Release|ARM.Build.0 = Release|ARM
34 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Release|ARM.Deploy.0 = Release|ARM
35 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Release|ARM64.Build.0 = Release|ARM64
37 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Release|x64.ActiveCfg = Release|x64
39 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Release|x64.Build.0 = Release|x64
40 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Release|x64.Deploy.0 = Release|x64
41 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Release|x86.ActiveCfg = Release|Win32
42 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Release|x86.Build.0 = Release|Win32
43 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeDebug/KeDebug/KeDebug.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; KeDebug.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=Sample ; TODO: edit Class
8 | ClassGuid={78A1C341-4539-11d3-B88D-00C04FAD5171} ; TODO: edit ClassGuid
9 | Provider=%ManufacturerName%
10 | CatalogFile=KeDebug.cat
11 | DriverVer= ; TODO: set DriverVer in stampinf property pages
12 |
13 | [DestinationDirs]
14 | DefaultDestDir = 12
15 | KeDebug_Device_CoInstaller_CopyFiles = 11
16 |
17 | ; ================= Class section =====================
18 |
19 | [ClassInstall32]
20 | Addreg=SampleClassReg
21 |
22 | [SampleClassReg]
23 | HKR,,,0,%ClassName%
24 | HKR,,Icon,,-5
25 |
26 | [SourceDisksNames]
27 | 1 = %DiskName%,,,""
28 |
29 | [SourceDisksFiles]
30 | KeDebug.sys = 1,,
31 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
32 |
33 | ;*****************************************
34 | ; Install Section
35 | ;*****************************************
36 |
37 | [Manufacturer]
38 | %ManufacturerName%=Standard,NT$ARCH$
39 |
40 | [Standard.NT$ARCH$]
41 | %KeDebug.DeviceDesc%=KeDebug_Device, Root\KeDebug ; TODO: edit hw-id
42 |
43 | [KeDebug_Device.NT]
44 | CopyFiles=Drivers_Dir
45 |
46 | [Drivers_Dir]
47 | KeDebug.sys
48 |
49 | ;-------------- Service installation
50 | [KeDebug_Device.NT.Services]
51 | AddService = KeDebug,%SPSVCINST_ASSOCSERVICE%, KeDebug_Service_Inst
52 |
53 | ; -------------- KeDebug driver install sections
54 | [KeDebug_Service_Inst]
55 | DisplayName = %KeDebug.SVCDESC%
56 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER
57 | StartType = 3 ; SERVICE_DEMAND_START
58 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL
59 | ServiceBinary = %12%\KeDebug.sys
60 |
61 | ;
62 | ;--- KeDebug_Device Coinstaller installation ------
63 | ;
64 |
65 | [KeDebug_Device.NT.CoInstallers]
66 | AddReg=KeDebug_Device_CoInstaller_AddReg
67 | CopyFiles=KeDebug_Device_CoInstaller_CopyFiles
68 |
69 | [KeDebug_Device_CoInstaller_AddReg]
70 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
71 |
72 | [KeDebug_Device_CoInstaller_CopyFiles]
73 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
74 |
75 | [KeDebug_Device.NT.Wdf]
76 | KmdfService = KeDebug, KeDebug_wdfsect
77 | [KeDebug_wdfsect]
78 | KmdfLibraryVersion = $KMDFVERSION$
79 |
80 | [Strings]
81 | SPSVCINST_ASSOCSERVICE= 0x00000002
82 | ManufacturerName="" ;TODO: Replace with your manufacturer name
83 | ClassName="Samples" ; TODO: edit ClassName
84 | DiskName = "KeDebug Installation Disk"
85 | KeDebug.DeviceDesc = "KeDebug Device"
86 | KeDebug.SVCDESC = "KeDebug Service"
87 |
--------------------------------------------------------------------------------
/KeDebug/KeDebug/KeDebug.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Debug
22 | ARM
23 |
24 |
25 | Release
26 | ARM
27 |
28 |
29 | Debug
30 | ARM64
31 |
32 |
33 | Release
34 | ARM64
35 |
36 |
37 |
38 | {DEE55D45-10F0-4932-9B42-4DB8C27225DB}
39 | {1bc93793-694f-48fe-9372-81e2b05556fd}
40 | v4.5
41 | 12.0
42 | Debug
43 | Win32
44 | KeDebug
45 |
46 |
47 |
48 | Windows10
49 | true
50 | WindowsKernelModeDriver10.0
51 | Driver
52 | KMDF
53 | Universal
54 |
55 |
56 | Windows10
57 | false
58 | WindowsKernelModeDriver10.0
59 | Driver
60 | KMDF
61 | Universal
62 |
63 |
64 | Windows10
65 | true
66 | WindowsKernelModeDriver10.0
67 | Driver
68 | KMDF
69 | Universal
70 |
71 |
72 | Windows10
73 | false
74 | WindowsKernelModeDriver10.0
75 | Driver
76 | KMDF
77 | Universal
78 |
79 |
80 | Windows10
81 | true
82 | WindowsKernelModeDriver10.0
83 | Driver
84 | KMDF
85 | Universal
86 |
87 |
88 | Windows10
89 | false
90 | WindowsKernelModeDriver10.0
91 | Driver
92 | KMDF
93 | Universal
94 |
95 |
96 | Windows10
97 | true
98 | WindowsKernelModeDriver10.0
99 | Driver
100 | KMDF
101 | Universal
102 |
103 |
104 | Windows10
105 | false
106 | WindowsKernelModeDriver10.0
107 | Driver
108 | KMDF
109 | Universal
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 | DbgengKernelDebugger
121 |
122 |
123 | DbgengKernelDebugger
124 |
125 |
126 | DbgengKernelDebugger
127 |
128 |
129 | DbgengKernelDebugger
130 |
131 |
132 | DbgengKernelDebugger
133 |
134 |
135 | DbgengKernelDebugger
136 |
137 |
138 | DbgengKernelDebugger
139 |
140 |
141 | DbgengKernelDebugger
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
--------------------------------------------------------------------------------
/KeDebug/KeDebug/KeDebug.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {8E41214B-6785-4CFE-B992-037D68949A14}
18 | inf;inv;inx;mof;mc;
19 |
20 |
21 |
22 |
23 | Driver Files
24 |
25 |
26 |
--------------------------------------------------------------------------------
/KeDebug/KeDebug/KeMain.cpp:
--------------------------------------------------------------------------------
1 |
2 | #include
3 |
4 | //typedef struct _UNICODE_STRING {
5 | // USHORT Length;
6 | // USHORT MaximumLength;
7 | // PWSTR Buffer;
8 | //} UNICODE_STRING;
9 | //typedef UNICODE_STRING *PUNICODE_STRING;
10 | //
11 | //typedef struct _STRING {
12 | // USHORT Length;
13 | // USHORT MaximumLength;
14 | // PCHAR Buffer;
15 | //} STRING;
16 | //typedef STRING *PSTRING;
17 | //typedef STRING ANSI_STRING;
18 | //typedef PSTRING PANSI_STRING;
19 |
20 | VOID UnloadDriver(PDRIVER_OBJECT DriverObject) {
21 | UNREFERENCED_PARAMETER(DriverObject);
22 | KdPrint(("Unload My Driver \n"));
23 | }
24 |
25 | UNICODE_STRING pUStr;
26 | //PUNICODE_STRING pUStr;
27 | PANSI_STRING pAStr = (PANSI_STRING)"Hello Ansi";
28 |
29 | // Refs : https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/wdm/nf-wdm-dbgprint
30 | // Unicode format codes (%C, %S, %lc, %ls, %wc, %ws, and %wZ)
31 |
32 | extern "C" NTSTATUS
33 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
34 |
35 | UNREFERENCED_PARAMETER(DriverObject);
36 | UNREFERENCED_PARAMETER(RegistryPath);
37 | RtlInitUnicodeString(&pUStr, L"Hello Unicode!");
38 |
39 | DbgPrint("Unicode string (wZ): %wZ\n", pUStr.Length / sizeof(WCHAR), pUStr.Length / sizeof(WCHAR), &pUStr);
40 | KdPrint(("Unicode string (S): %S\n", &pUStr));
41 | DbgPrint("Char (C): %C\n", 'A');
42 | KdPrint(("Char (C): %C\n", 'A'));
43 | KdPrint(("Unicode string (ls): %ls\n", pUStr));
44 | DbgPrint("Unicode string With DbgPrint() (ws): %wZ\n", &pUStr);
45 | KdPrint(("Unicode string With KdPrint() (ws): %wZ\n", &pUStr));
46 | KdPrint(("ANSI string: %.*s\n", pAStr->Length / sizeof(CHAR), pAStr));
47 |
48 | DriverObject->DriverUnload = (PDRIVER_UNLOAD)UnloadDriver;
49 | KdPrint(("Driver has been registered!\n"));
50 | return STATUS_SUCCESS;
51 | }
52 |
--------------------------------------------------------------------------------
/KeFileRead/KeFileRead.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeFileRead", "KeFileRead\KeFileRead.vcxproj", "{4C360664-EF83-4D6F-8787-DABB4FBD90B1}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Debug|ARM.Build.0 = Debug|ARM
22 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Debug|x64.ActiveCfg = Debug|x64
27 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Debug|x64.Build.0 = Debug|x64
28 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Debug|x64.Deploy.0 = Debug|x64
29 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Debug|x86.ActiveCfg = Debug|Win32
30 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Debug|x86.Build.0 = Debug|Win32
31 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Debug|x86.Deploy.0 = Debug|Win32
32 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Release|ARM.ActiveCfg = Release|ARM
33 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Release|ARM.Build.0 = Release|ARM
34 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Release|ARM.Deploy.0 = Release|ARM
35 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Release|ARM64.Build.0 = Release|ARM64
37 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Release|x64.ActiveCfg = Release|x64
39 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Release|x64.Build.0 = Release|x64
40 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Release|x64.Deploy.0 = Release|x64
41 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Release|x86.ActiveCfg = Release|Win32
42 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Release|x86.Build.0 = Release|Win32
43 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeFileRead/KeFileRead/KeFileRead.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; KeFileRead.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=Sample ; TODO: edit Class
8 | ClassGuid={78A1C341-4539-11d3-B88D-00C04FAD5171} ; TODO: edit ClassGuid
9 | Provider=%ManufacturerName%
10 | CatalogFile=KeFileRead.cat
11 | DriverVer= ; TODO: set DriverVer in stampinf property pages
12 |
13 | [DestinationDirs]
14 | DefaultDestDir = 12
15 | KeFileRead_Device_CoInstaller_CopyFiles = 11
16 |
17 | ; ================= Class section =====================
18 |
19 | [ClassInstall32]
20 | Addreg=SampleClassReg
21 |
22 | [SampleClassReg]
23 | HKR,,,0,%ClassName%
24 | HKR,,Icon,,-5
25 |
26 | [SourceDisksNames]
27 | 1 = %DiskName%,,,""
28 |
29 | [SourceDisksFiles]
30 | KeFileRead.sys = 1,,
31 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
32 |
33 | ;*****************************************
34 | ; Install Section
35 | ;*****************************************
36 |
37 | [Manufacturer]
38 | %ManufacturerName%=Standard,NT$ARCH$
39 |
40 | [Standard.NT$ARCH$]
41 | %KeFileRead.DeviceDesc%=KeFileRead_Device, Root\KeFileRead ; TODO: edit hw-id
42 |
43 | [KeFileRead_Device.NT]
44 | CopyFiles=Drivers_Dir
45 |
46 | [Drivers_Dir]
47 | KeFileRead.sys
48 |
49 | ;-------------- Service installation
50 | [KeFileRead_Device.NT.Services]
51 | AddService = KeFileRead,%SPSVCINST_ASSOCSERVICE%, KeFileRead_Service_Inst
52 |
53 | ; -------------- KeFileRead driver install sections
54 | [KeFileRead_Service_Inst]
55 | DisplayName = %KeFileRead.SVCDESC%
56 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER
57 | StartType = 3 ; SERVICE_DEMAND_START
58 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL
59 | ServiceBinary = %12%\KeFileRead.sys
60 |
61 | ;
62 | ;--- KeFileRead_Device Coinstaller installation ------
63 | ;
64 |
65 | [KeFileRead_Device.NT.CoInstallers]
66 | AddReg=KeFileRead_Device_CoInstaller_AddReg
67 | CopyFiles=KeFileRead_Device_CoInstaller_CopyFiles
68 |
69 | [KeFileRead_Device_CoInstaller_AddReg]
70 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
71 |
72 | [KeFileRead_Device_CoInstaller_CopyFiles]
73 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
74 |
75 | [KeFileRead_Device.NT.Wdf]
76 | KmdfService = KeFileRead, KeFileRead_wdfsect
77 | [KeFileRead_wdfsect]
78 | KmdfLibraryVersion = $KMDFVERSION$
79 |
80 | [Strings]
81 | SPSVCINST_ASSOCSERVICE= 0x00000002
82 | ManufacturerName="" ;TODO: Replace with your manufacturer name
83 | ClassName="Samples" ; TODO: edit ClassName
84 | DiskName = "KeFileRead Installation Disk"
85 | KeFileRead.DeviceDesc = "KeFileRead Device"
86 | KeFileRead.SVCDESC = "KeFileRead Service"
87 |
--------------------------------------------------------------------------------
/KeFileRead/KeFileRead/KeFileRead.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Debug
22 | ARM
23 |
24 |
25 | Release
26 | ARM
27 |
28 |
29 | Debug
30 | ARM64
31 |
32 |
33 | Release
34 | ARM64
35 |
36 |
37 |
38 | {4C360664-EF83-4D6F-8787-DABB4FBD90B1}
39 | {1bc93793-694f-48fe-9372-81e2b05556fd}
40 | v4.5
41 | 12.0
42 | Debug
43 | Win32
44 | KeFileRead
45 | 10.0.10586.0
46 |
47 |
48 |
49 | Windows10
50 | true
51 | WindowsKernelModeDriver10.0
52 | Driver
53 | KMDF
54 | Universal
55 |
56 |
57 | Windows10
58 | false
59 | WindowsKernelModeDriver10.0
60 | Driver
61 | KMDF
62 | Universal
63 |
64 |
65 | Windows10
66 | true
67 | WindowsKernelModeDriver10.0
68 | Driver
69 | KMDF
70 | Universal
71 |
72 |
73 | Windows10
74 | false
75 | WindowsKernelModeDriver10.0
76 | Driver
77 | KMDF
78 | Universal
79 |
80 |
81 | Windows10
82 | true
83 | WindowsKernelModeDriver10.0
84 | Driver
85 | KMDF
86 | Universal
87 |
88 |
89 | Windows10
90 | false
91 | WindowsKernelModeDriver10.0
92 | Driver
93 | KMDF
94 | Universal
95 |
96 |
97 | Windows10
98 | true
99 | WindowsKernelModeDriver10.0
100 | Driver
101 | KMDF
102 | Universal
103 |
104 |
105 | Windows10
106 | false
107 | WindowsKernelModeDriver10.0
108 | Driver
109 | KMDF
110 | Universal
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 | DbgengKernelDebugger
122 | $(VC_IncludePath);$(WindowsSDK_IncludePath);
123 |
124 |
125 | DbgengKernelDebugger
126 |
127 |
128 | DbgengKernelDebugger
129 |
130 |
131 | DbgengKernelDebugger
132 |
133 |
134 | DbgengKernelDebugger
135 |
136 |
137 | DbgengKernelDebugger
138 |
139 |
140 | DbgengKernelDebugger
141 |
142 |
143 | DbgengKernelDebugger
144 |
145 |
146 |
147 | C:\Program Files %28x86%29\Windows Kits\10\Include\10.0.17134.0\km;%(AdditionalIncludeDirectories)
148 |
149 |
150 | DriverEntry
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 |
161 |
162 |
--------------------------------------------------------------------------------
/KeFileRead/KeFileRead/KeFileRead.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Resource Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/KeFileRead/KeFileRead/KeMain.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | #define BUFFER_SIZE 20
5 |
6 | void DrvUnload(_In_ PDRIVER_OBJECT DriverObject) {
7 | UNREFERENCED_PARAMETER(DriverObject);
8 | KdPrint(("Driver Unload called\n"));
9 | }
10 |
11 | #define BUFFER_SIZE 20
12 | CHAR buffer[BUFFER_SIZE];
13 |
14 |
15 | extern "C" NTSTATUS
16 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath) {
17 |
18 | UNREFERENCED_PARAMETER(RegistryPath);
19 |
20 | HANDLE file_handle;
21 | NTSTATUS status;
22 | NTSTATUS ntstatus;
23 | LARGE_INTEGER byteOffset;
24 |
25 | IO_STATUS_BLOCK iosb;
26 | OBJECT_ATTRIBUTES object_attributes;
27 | // Create text file : C:\\ProgramData\\test.txt // read : Helloword
28 | UNICODE_STRING ufile_name = RTL_CONSTANT_STRING(L"\\??\\C:\\ProgramData\\test.txt");
29 |
30 | InitializeObjectAttributes(
31 | &object_attributes,
32 | &ufile_name,
33 | OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
34 | NULL,
35 | NULL);
36 |
37 | status = ZwCreateFile(
38 | &file_handle,
39 | GENERIC_READ | GENERIC_WRITE,
40 | &object_attributes,
41 | &iosb,
42 | NULL,
43 | FILE_ATTRIBUTE_NORMAL,
44 | FILE_SHARE_READ,
45 | FILE_OPEN_IF,
46 | FILE_NON_DIRECTORY_FILE |
47 | FILE_RANDOM_ACCESS |
48 | FILE_SYNCHRONOUS_IO_NONALERT,
49 | NULL,
50 | 0);
51 | if (status == STATUS_SUCCESS) {
52 |
53 | byteOffset.LowPart = byteOffset.HighPart = 0;
54 | ntstatus = ZwReadFile(file_handle, NULL, NULL, NULL, &iosb, buffer, BUFFER_SIZE, &byteOffset, NULL);
55 | if (NT_SUCCESS(ntstatus)) {
56 | buffer[BUFFER_SIZE - 1] = '\0';
57 | DbgPrint("%s\n", buffer);
58 | }
59 | }
60 | ZwClose(file_handle);
61 | DriverObject->DriverUnload = DrvUnload;
62 | KdPrint(("Driver initialized successfully\n"));
63 | return STATUS_SUCCESS;
64 | }
65 |
66 |
--------------------------------------------------------------------------------
/KeFileWrite/KeFileWrite.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeFileWrite", "KeFileWrite\KeFileWrite.vcxproj", "{670A6D85-CAC4-4060-AC7A-18EE584B891F}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Debug|ARM.Build.0 = Debug|ARM
22 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Debug|x64.ActiveCfg = Debug|x64
27 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Debug|x64.Build.0 = Debug|x64
28 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Debug|x64.Deploy.0 = Debug|x64
29 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Debug|x86.ActiveCfg = Debug|Win32
30 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Debug|x86.Build.0 = Debug|Win32
31 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Debug|x86.Deploy.0 = Debug|Win32
32 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Release|ARM.ActiveCfg = Release|ARM
33 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Release|ARM.Build.0 = Release|ARM
34 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Release|ARM.Deploy.0 = Release|ARM
35 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Release|ARM64.Build.0 = Release|ARM64
37 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Release|x64.ActiveCfg = Release|x64
39 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Release|x64.Build.0 = Release|x64
40 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Release|x64.Deploy.0 = Release|x64
41 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Release|x86.ActiveCfg = Release|Win32
42 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Release|x86.Build.0 = Release|Win32
43 | {670A6D85-CAC4-4060-AC7A-18EE584B891F}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeFileWrite/KeFileWrite/KeFileWrite.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; KeFileWrite.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=Sample ; TODO: edit Class
8 | ClassGuid={78A1C341-4539-11d3-B88D-00C04FAD5171} ; TODO: edit ClassGuid
9 | Provider=%ManufacturerName%
10 | CatalogFile=KeFileWrite.cat
11 | DriverVer= ; TODO: set DriverVer in stampinf property pages
12 |
13 | [DestinationDirs]
14 | DefaultDestDir = 12
15 | KeFileWrite_Device_CoInstaller_CopyFiles = 11
16 |
17 | ; ================= Class section =====================
18 |
19 | [ClassInstall32]
20 | Addreg=SampleClassReg
21 |
22 | [SampleClassReg]
23 | HKR,,,0,%ClassName%
24 | HKR,,Icon,,-5
25 |
26 | [SourceDisksNames]
27 | 1 = %DiskName%,,,""
28 |
29 | [SourceDisksFiles]
30 | KeFileWrite.sys = 1,,
31 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
32 |
33 | ;*****************************************
34 | ; Install Section
35 | ;*****************************************
36 |
37 | [Manufacturer]
38 | %ManufacturerName%=Standard,NT$ARCH$
39 |
40 | [Standard.NT$ARCH$]
41 | %KeFileWrite.DeviceDesc%=KeFileWrite_Device, Root\KeFileWrite ; TODO: edit hw-id
42 |
43 | [KeFileWrite_Device.NT]
44 | CopyFiles=Drivers_Dir
45 |
46 | [Drivers_Dir]
47 | KeFileWrite.sys
48 |
49 | ;-------------- Service installation
50 | [KeFileWrite_Device.NT.Services]
51 | AddService = KeFileWrite,%SPSVCINST_ASSOCSERVICE%, KeFileWrite_Service_Inst
52 |
53 | ; -------------- KeFileWrite driver install sections
54 | [KeFileWrite_Service_Inst]
55 | DisplayName = %KeFileWrite.SVCDESC%
56 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER
57 | StartType = 3 ; SERVICE_DEMAND_START
58 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL
59 | ServiceBinary = %12%\KeFileWrite.sys
60 |
61 | ;
62 | ;--- KeFileWrite_Device Coinstaller installation ------
63 | ;
64 |
65 | [KeFileWrite_Device.NT.CoInstallers]
66 | AddReg=KeFileWrite_Device_CoInstaller_AddReg
67 | CopyFiles=KeFileWrite_Device_CoInstaller_CopyFiles
68 |
69 | [KeFileWrite_Device_CoInstaller_AddReg]
70 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
71 |
72 | [KeFileWrite_Device_CoInstaller_CopyFiles]
73 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
74 |
75 | [KeFileWrite_Device.NT.Wdf]
76 | KmdfService = KeFileWrite, KeFileWrite_wdfsect
77 | [KeFileWrite_wdfsect]
78 | KmdfLibraryVersion = $KMDFVERSION$
79 |
80 | [Strings]
81 | SPSVCINST_ASSOCSERVICE= 0x00000002
82 | ManufacturerName="" ;TODO: Replace with your manufacturer name
83 | ClassName="Samples" ; TODO: edit ClassName
84 | DiskName = "KeFileWrite Installation Disk"
85 | KeFileWrite.DeviceDesc = "KeFileWrite Device"
86 | KeFileWrite.SVCDESC = "KeFileWrite Service"
87 |
--------------------------------------------------------------------------------
/KeFileWrite/KeFileWrite/KeFileWrite.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Resource Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/KeFileWrite/KeFileWrite/KeMain.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 |
5 | #define BUFFER_SIZE 20
6 |
7 | void DrvUnload(_In_ PDRIVER_OBJECT DriverObject) {
8 | UNREFERENCED_PARAMETER(DriverObject);
9 | KdPrint(("Driver Unload called\n"));
10 | }
11 |
12 | extern "C" NTSTATUS
13 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath) {
14 |
15 | UNREFERENCED_PARAMETER(RegistryPath);
16 |
17 |
18 | HANDLE file_handle;
19 |
20 | NTSTATUS status;
21 | NTSTATUS ntstatus;
22 |
23 | IO_STATUS_BLOCK iosb;
24 | OBJECT_ATTRIBUTES object_attributes;
25 | UNICODE_STRING ufile_name = RTL_CONSTANT_STRING(L"\\??\\C:\\ProgramData\\a.txt");
26 |
27 | InitializeObjectAttributes(
28 | &object_attributes,
29 | &ufile_name,
30 | OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
31 | NULL,
32 | NULL);
33 |
34 | status = ZwCreateFile(
35 | &file_handle,
36 | GENERIC_READ | GENERIC_WRITE,
37 | &object_attributes,
38 | &iosb,
39 | NULL,
40 | FILE_ATTRIBUTE_NORMAL,
41 | FILE_SHARE_READ,
42 | FILE_OPEN_IF,
43 | FILE_NON_DIRECTORY_FILE |
44 | FILE_RANDOM_ACCESS |
45 | FILE_SYNCHRONOUS_IO_NONALERT,
46 | NULL,
47 | 0);
48 | if (status == STATUS_SUCCESS) {
49 | KdPrint(("File Write\n"));
50 | // Write to file
51 | NTSTATUS status;
52 | WCHAR *BUFFER = L"HelloWorld!";
53 | //ULONG strlen = RtlStringCbLengthW(BUFFER, BUFFER_SIZE, NULL);
54 | //ULONG strlen_ = wcslen(BUFFER);
55 | //ULONG stLength = sizeof(BUFFER);
56 | ntstatus = ZwWriteFile(file_handle, NULL, NULL, NULL, &iosb,
57 | BUFFER, BUFFER_SIZE, NULL, NULL);
58 | if (ntstatus == STATUS_SUCCESS) {
59 | KdPrint(("File Write is Done\n"));
60 | }
61 | }
62 | ZwClose(file_handle);
63 | DriverObject->DriverUnload = DrvUnload;
64 | KdPrint(("Driver initialized successfully\n"));
65 | return STATUS_SUCCESS;
66 | }
67 |
68 |
--------------------------------------------------------------------------------
/KeHeapAlloc/KeHeapAlloc.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeHeapAlloc", "KeHeapAlloc\KeHeapAlloc.vcxproj", "{4BA48A0A-321D-485B-BE0F-1823FCC12F88}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Debug|ARM.Build.0 = Debug|ARM
22 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Debug|x64.ActiveCfg = Debug|x64
27 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Debug|x64.Build.0 = Debug|x64
28 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Debug|x64.Deploy.0 = Debug|x64
29 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Debug|x86.ActiveCfg = Debug|Win32
30 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Debug|x86.Build.0 = Debug|Win32
31 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Debug|x86.Deploy.0 = Debug|Win32
32 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Release|ARM.ActiveCfg = Release|ARM
33 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Release|ARM.Build.0 = Release|ARM
34 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Release|ARM.Deploy.0 = Release|ARM
35 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Release|ARM64.Build.0 = Release|ARM64
37 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Release|x64.ActiveCfg = Release|x64
39 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Release|x64.Build.0 = Release|x64
40 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Release|x64.Deploy.0 = Release|x64
41 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Release|x86.ActiveCfg = Release|Win32
42 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Release|x86.Build.0 = Release|Win32
43 | {4BA48A0A-321D-485B-BE0F-1823FCC12F88}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeHeapAlloc/KeHeapAlloc/KeHeapAlloc.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; KeHeapAlloc.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=Sample ; TODO: edit Class
8 | ClassGuid={78A1C341-4539-11d3-B88D-00C04FAD5171} ; TODO: edit ClassGuid
9 | Provider=%ManufacturerName%
10 | CatalogFile=KeHeapAlloc.cat
11 | DriverVer= ; TODO: set DriverVer in stampinf property pages
12 |
13 | [DestinationDirs]
14 | DefaultDestDir = 12
15 | KeHeapAlloc_Device_CoInstaller_CopyFiles = 11
16 |
17 | ; ================= Class section =====================
18 |
19 | [ClassInstall32]
20 | Addreg=SampleClassReg
21 |
22 | [SampleClassReg]
23 | HKR,,,0,%ClassName%
24 | HKR,,Icon,,-5
25 |
26 | [SourceDisksNames]
27 | 1 = %DiskName%,,,""
28 |
29 | [SourceDisksFiles]
30 | KeHeapAlloc.sys = 1,,
31 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
32 |
33 | ;*****************************************
34 | ; Install Section
35 | ;*****************************************
36 |
37 | [Manufacturer]
38 | %ManufacturerName%=Standard,NT$ARCH$
39 |
40 | [Standard.NT$ARCH$]
41 | %KeHeapAlloc.DeviceDesc%=KeHeapAlloc_Device, Root\KeHeapAlloc ; TODO: edit hw-id
42 |
43 | [KeHeapAlloc_Device.NT]
44 | CopyFiles=Drivers_Dir
45 |
46 | [Drivers_Dir]
47 | KeHeapAlloc.sys
48 |
49 | ;-------------- Service installation
50 | [KeHeapAlloc_Device.NT.Services]
51 | AddService = KeHeapAlloc,%SPSVCINST_ASSOCSERVICE%, KeHeapAlloc_Service_Inst
52 |
53 | ; -------------- KeHeapAlloc driver install sections
54 | [KeHeapAlloc_Service_Inst]
55 | DisplayName = %KeHeapAlloc.SVCDESC%
56 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER
57 | StartType = 3 ; SERVICE_DEMAND_START
58 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL
59 | ServiceBinary = %12%\KeHeapAlloc.sys
60 |
61 | ;
62 | ;--- KeHeapAlloc_Device Coinstaller installation ------
63 | ;
64 |
65 | [KeHeapAlloc_Device.NT.CoInstallers]
66 | AddReg=KeHeapAlloc_Device_CoInstaller_AddReg
67 | CopyFiles=KeHeapAlloc_Device_CoInstaller_CopyFiles
68 |
69 | [KeHeapAlloc_Device_CoInstaller_AddReg]
70 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
71 |
72 | [KeHeapAlloc_Device_CoInstaller_CopyFiles]
73 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
74 |
75 | [KeHeapAlloc_Device.NT.Wdf]
76 | KmdfService = KeHeapAlloc, KeHeapAlloc_wdfsect
77 | [KeHeapAlloc_wdfsect]
78 | KmdfLibraryVersion = $KMDFVERSION$
79 |
80 | [Strings]
81 | SPSVCINST_ASSOCSERVICE= 0x00000002
82 | ManufacturerName="" ;TODO: Replace with your manufacturer name
83 | ClassName="Samples" ; TODO: edit ClassName
84 | DiskName = "KeHeapAlloc Installation Disk"
85 | KeHeapAlloc.DeviceDesc = "KeHeapAlloc Device"
86 | KeHeapAlloc.SVCDESC = "KeHeapAlloc Service"
87 |
--------------------------------------------------------------------------------
/KeHeapAlloc/KeHeapAlloc/KeHeapAlloc.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Resource Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/KeHeapAlloc/KeHeapAlloc/KeMain.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 |
5 | void DrvUnload(_In_ PDRIVER_OBJECT DriverObject) {
6 | UNREFERENCED_PARAMETER(DriverObject);
7 | KdPrint(("Driver Unload called\n"));
8 | }
9 |
10 | extern "C" NTSTATUS
11 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath) {
12 |
13 | UNREFERENCED_PARAMETER(RegistryPath);
14 |
15 | PVOID memory = NULL;
16 | PVOID buffer = NULL;
17 | ULONG bufferSize = 42;
18 |
19 | // create heap in order to allocate memory later
20 | memory = RtlCreateHeap(
21 | HEAP_GROWABLE,
22 | NULL,
23 | 1000,
24 | 0, NULL, NULL
25 | );
26 |
27 | // allocate buffer of bufferSize
28 | buffer = RtlAllocateHeap(
29 | memory,
30 | HEAP_ZERO_MEMORY,
31 | bufferSize
32 | );
33 | PANSI_STRING pAStr = (PANSI_STRING)"Hello";
34 | /*
35 | RtlCopyMemory
36 | RtlMoveMemory
37 | RtlFillMemory
38 | RtlZeroMemory
39 | RtlCompareMemory
40 | */
41 | RtlCopyMemory(buffer, pAStr, 20);
42 | KdPrint(("String (S): %s\n", buffer));
43 | RtlFreeHeap(memory, 0, buffer);
44 | RtlDestroyHeap(memory);
45 |
46 | DriverObject->DriverUnload = DrvUnload;
47 | KdPrint(("Driver initialized successfully\n"));
48 | return STATUS_SUCCESS;
49 | }
50 |
--------------------------------------------------------------------------------
/KeJsonParser/KeJsonParser.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeJsonParser", "KeJsonParser\KeJsonParser.vcxproj", "{DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Debug|ARM.Build.0 = Debug|ARM
22 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Debug|x64.ActiveCfg = Debug|x64
27 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Debug|x64.Build.0 = Debug|x64
28 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Debug|x64.Deploy.0 = Debug|x64
29 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Debug|x86.ActiveCfg = Debug|Win32
30 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Debug|x86.Build.0 = Debug|Win32
31 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Debug|x86.Deploy.0 = Debug|Win32
32 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Release|ARM.ActiveCfg = Release|ARM
33 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Release|ARM.Build.0 = Release|ARM
34 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Release|ARM.Deploy.0 = Release|ARM
35 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Release|ARM64.Build.0 = Release|ARM64
37 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Release|x64.ActiveCfg = Release|x64
39 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Release|x64.Build.0 = Release|x64
40 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Release|x64.Deploy.0 = Release|x64
41 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Release|x86.ActiveCfg = Release|Win32
42 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Release|x86.Build.0 = Release|Win32
43 | {DD7A1EC3-CC6E-40C3-9210-3B63E9BE7270}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeJsonParser/KeJsonParser/KeJson.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include "jsmn.h"
3 |
4 |
5 |
6 | static const char *JSON_STRING =
7 | "{\"user\": \"johndoe\", \"admin\": false, \"uid\": 1000,\n "
8 | "\"groups\": [\"users\", \"wheel\", \"audio\", \"video\"]}";
9 |
10 | void DrvUnload(_In_ PDRIVER_OBJECT DriverObject) {
11 | UNREFERENCED_PARAMETER(DriverObject);
12 | KdPrint(("Driver Unload called\n"));
13 | }
14 |
15 |
16 | int jsoneq(const char *json, jsmntok_t *tok, const char *s) {
17 | if (tok->type == JSMN_STRING && (int)strlen(s) == tok->end - tok->start &&
18 | strncmp(json + tok->start, s, tok->end - tok->start) == 0) {
19 | return 0;
20 | }
21 | return -1;
22 | }
23 |
24 | extern "C" NTSTATUS
25 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath) {
26 |
27 | UNREFERENCED_PARAMETER(RegistryPath);
28 | int i;
29 | int r = false;
30 | jsmn_parser p;
31 | jsmntok_t t[128];
32 |
33 |
34 | jsmn_init(&p);
35 | r = jsmn_parse(&p, JSON_STRING, strlen(JSON_STRING), t, sizeof(t) / sizeof(t[0]));
36 | if (r < 0) {
37 | KdPrint(("Failed to parse JSON: %d\n", r));
38 | return 1;
39 | }
40 | /* Assume the top-level element is an object */
41 | if (r < 1 || t[0].type != JSMN_OBJECT) {
42 | KdPrint(("Object expected\n"));
43 | return 1;
44 | }
45 | for (i = 1; i < r; i++) {
46 | if (jsoneq(JSON_STRING, &t[i], "user") == 0) {
47 | /* We may use strndup() to fetch string value */
48 | KdPrint(("- User: %.*s\n", t[i + 1].end - t[i + 1].start, JSON_STRING + t[i + 1].start));
49 | i++;
50 | }
51 | }
52 | DriverObject->DriverUnload = DrvUnload;
53 | KdPrint(("Driver initialized successfully\n"));
54 | return STATUS_SUCCESS;
55 | }
56 |
--------------------------------------------------------------------------------
/KeJsonParser/KeJsonParser/KeJsonParser.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {8E41214B-6785-4CFE-B992-037D68949A14}
18 | inf;inv;inx;mof;mc;
19 |
20 |
21 |
22 |
23 | Source Files
24 |
25 |
26 |
27 |
28 | Header Files
29 |
30 |
31 |
--------------------------------------------------------------------------------
/KeLinkList/KeLinkList.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeLinkList", "KeLinkList\KeLinkList.vcxproj", "{3733734E-51D0-43F2-907C-7AEECBD00A87}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Debug|ARM.Build.0 = Debug|ARM
22 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Debug|x64.ActiveCfg = Debug|x64
27 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Debug|x64.Build.0 = Debug|x64
28 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Debug|x64.Deploy.0 = Debug|x64
29 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Debug|x86.ActiveCfg = Debug|Win32
30 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Debug|x86.Build.0 = Debug|Win32
31 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Debug|x86.Deploy.0 = Debug|Win32
32 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Release|ARM.ActiveCfg = Release|ARM
33 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Release|ARM.Build.0 = Release|ARM
34 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Release|ARM.Deploy.0 = Release|ARM
35 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Release|ARM64.Build.0 = Release|ARM64
37 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Release|x64.ActiveCfg = Release|x64
39 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Release|x64.Build.0 = Release|x64
40 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Release|x64.Deploy.0 = Release|x64
41 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Release|x86.ActiveCfg = Release|Win32
42 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Release|x86.Build.0 = Release|Win32
43 | {3733734E-51D0-43F2-907C-7AEECBD00A87}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeLinkList/KeLinkList/AutoLock.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | template
3 |
4 | struct AutoLock {
5 | AutoLock(TLock& lock) : _lock(lock) {
6 | _lock.Lock();
7 | }
8 |
9 | ~AutoLock() {
10 | _lock.Unlock();
11 | }
12 |
13 | private:
14 | TLock& _lock;
15 | };
--------------------------------------------------------------------------------
/KeLinkList/KeLinkList/FastMutex.cpp:
--------------------------------------------------------------------------------
1 | #include "FastMutex.h"
2 |
3 | void FastMutex::Init() {
4 | ExInitializeFastMutex(&_mutex);
5 | }
6 |
7 | void FastMutex::Lock() {
8 | ExAcquireFastMutex(&_mutex);
9 | }
10 |
11 | void FastMutex::Unlock() {
12 | ExReleaseFastMutex(&_mutex);
13 | }
--------------------------------------------------------------------------------
/KeLinkList/KeLinkList/FastMutex.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 |
4 | class FastMutex {
5 | public:
6 | void Init();
7 |
8 | void Lock();
9 | void Unlock();
10 |
11 | private:
12 | FAST_MUTEX _mutex;
13 | };
--------------------------------------------------------------------------------
/KeLinkList/KeLinkList/KeLinkList.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; KeLinkList.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=Sample ; TODO: edit Class
8 | ClassGuid={78A1C341-4539-11d3-B88D-00C04FAD5171} ; TODO: edit ClassGuid
9 | Provider=%ManufacturerName%
10 | CatalogFile=KeLinkList.cat
11 | DriverVer= ; TODO: set DriverVer in stampinf property pages
12 |
13 | [DestinationDirs]
14 | DefaultDestDir = 12
15 | KeLinkList_Device_CoInstaller_CopyFiles = 11
16 |
17 | ; ================= Class section =====================
18 |
19 | [ClassInstall32]
20 | Addreg=SampleClassReg
21 |
22 | [SampleClassReg]
23 | HKR,,,0,%ClassName%
24 | HKR,,Icon,,-5
25 |
26 | [SourceDisksNames]
27 | 1 = %DiskName%,,,""
28 |
29 | [SourceDisksFiles]
30 | KeLinkList.sys = 1,,
31 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
32 |
33 | ;*****************************************
34 | ; Install Section
35 | ;*****************************************
36 |
37 | [Manufacturer]
38 | %ManufacturerName%=Standard,NT$ARCH$
39 |
40 | [Standard.NT$ARCH$]
41 | %KeLinkList.DeviceDesc%=KeLinkList_Device, Root\KeLinkList ; TODO: edit hw-id
42 |
43 | [KeLinkList_Device.NT]
44 | CopyFiles=Drivers_Dir
45 |
46 | [Drivers_Dir]
47 | KeLinkList.sys
48 |
49 | ;-------------- Service installation
50 | [KeLinkList_Device.NT.Services]
51 | AddService = KeLinkList,%SPSVCINST_ASSOCSERVICE%, KeLinkList_Service_Inst
52 |
53 | ; -------------- KeLinkList driver install sections
54 | [KeLinkList_Service_Inst]
55 | DisplayName = %KeLinkList.SVCDESC%
56 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER
57 | StartType = 3 ; SERVICE_DEMAND_START
58 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL
59 | ServiceBinary = %12%\KeLinkList.sys
60 |
61 | ;
62 | ;--- KeLinkList_Device Coinstaller installation ------
63 | ;
64 |
65 | [KeLinkList_Device.NT.CoInstallers]
66 | AddReg=KeLinkList_Device_CoInstaller_AddReg
67 | CopyFiles=KeLinkList_Device_CoInstaller_CopyFiles
68 |
69 | [KeLinkList_Device_CoInstaller_AddReg]
70 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
71 |
72 | [KeLinkList_Device_CoInstaller_CopyFiles]
73 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
74 |
75 | [KeLinkList_Device.NT.Wdf]
76 | KmdfService = KeLinkList, KeLinkList_wdfsect
77 | [KeLinkList_wdfsect]
78 | KmdfLibraryVersion = $KMDFVERSION$
79 |
80 | [Strings]
81 | SPSVCINST_ASSOCSERVICE= 0x00000002
82 | ManufacturerName="" ;TODO: Replace with your manufacturer name
83 | ClassName="Samples" ; TODO: edit ClassName
84 | DiskName = "KeLinkList Installation Disk"
85 | KeLinkList.DeviceDesc = "KeLinkList Device"
86 | KeLinkList.SVCDESC = "KeLinkList Service"
87 |
--------------------------------------------------------------------------------
/KeLinkList/KeLinkList/KeLinkList.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Resource Files
20 |
21 |
22 | Resource Files
23 |
24 |
25 |
26 |
27 | Header Files
28 |
29 |
30 | Header Files
31 |
32 |
33 | Header Files
34 |
35 |
36 |
--------------------------------------------------------------------------------
/KeLinkList/KeLinkList/KeMain.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include "LinkedList.h"
3 | //#include
4 | //#include
5 | //#include
6 |
7 | #define DRIVER_TAG 'hell'
8 |
9 |
10 | struct MyData {
11 | int Data;
12 | LIST_ENTRY Entry;
13 | int MoreData;
14 | };
15 |
16 |
17 | PVOID NTAPI GetKernelProcAddress(LPCWSTR SystemRoutineName) {
18 | UNICODE_STRING Name;
19 | RtlInitUnicodeString(&Name, SystemRoutineName);
20 | return MmGetSystemRoutineAddress(&Name);
21 | }
22 |
23 |
24 | void DrvUnload(_In_ PDRIVER_OBJECT DriverObject) {
25 | UNREFERENCED_PARAMETER(DriverObject);
26 | KdPrint(("Driver Unload called\n"));
27 | }
28 |
29 | LinkedList MyList;
30 |
31 |
32 | extern "C" NTSTATUS
33 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath) {
34 |
35 | UNREFERENCED_PARAMETER(RegistryPath);
36 |
37 | MyList.Init();
38 | auto item = static_cast(ExAllocatePoolWithTag(NonPagedPool, sizeof(MyData), DRIVER_TAG));
39 | item->Data = 8;
40 | item->MoreData = 19;
41 | MyList.PushBack(item);
42 |
43 | DriverObject->DriverUnload = DrvUnload;
44 | KdPrint(("Driver initialized successfully\n"));
45 | return STATUS_SUCCESS;
46 | }
47 |
--------------------------------------------------------------------------------
/KeLinkList/KeLinkList/LinkedList.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "AutoLock.h"
4 | #include "FastMutex.h"
5 |
6 | template
7 | class LinkedList {
8 | public:
9 | void Init() {
10 | InitializeListHead(&_head);
11 | _lock.Init();
12 | }
13 |
14 | // expects a LIST_ENTRY named "Entry"
15 |
16 | void PushBack(T* item) {
17 | AutoLock locker(_lock);
18 | InsertTailList(&_head, &item->Entry);
19 | }
20 |
21 | void PushFront(T* value) {
22 | AutoLock locker(_lock);
23 | InsertHeadList(&_head, &item->Entry);
24 | }
25 |
26 | T* RemoveHead() {
27 | AutoLock locker(_lock);
28 | auto entry = RemoveHeadList(&_head);
29 | return CONTAINING_RECORD(entry, T, Entry);
30 | }
31 |
32 | T* GetHeadItem() {
33 | AutoLock locker(_lock);
34 | auto entry = _head->Flink;
35 | return CONTAINING_RECORD(entry, T, Entry);
36 | }
37 |
38 | private:
39 | LIST_ENTRY _head;
40 | TLock _lock;
41 | };
--------------------------------------------------------------------------------
/KeLongIntegerData/KeLongIntegerData.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeLongIntegerData", "KeLongIntegerData\KeLongIntegerData.vcxproj", "{E383838B-1959-4743-951A-7A01A9E9224C}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {E383838B-1959-4743-951A-7A01A9E9224C}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {E383838B-1959-4743-951A-7A01A9E9224C}.Debug|ARM.Build.0 = Debug|ARM
22 | {E383838B-1959-4743-951A-7A01A9E9224C}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {E383838B-1959-4743-951A-7A01A9E9224C}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {E383838B-1959-4743-951A-7A01A9E9224C}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {E383838B-1959-4743-951A-7A01A9E9224C}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {E383838B-1959-4743-951A-7A01A9E9224C}.Debug|x64.ActiveCfg = Debug|x64
27 | {E383838B-1959-4743-951A-7A01A9E9224C}.Debug|x64.Build.0 = Debug|x64
28 | {E383838B-1959-4743-951A-7A01A9E9224C}.Debug|x64.Deploy.0 = Debug|x64
29 | {E383838B-1959-4743-951A-7A01A9E9224C}.Debug|x86.ActiveCfg = Debug|Win32
30 | {E383838B-1959-4743-951A-7A01A9E9224C}.Debug|x86.Build.0 = Debug|Win32
31 | {E383838B-1959-4743-951A-7A01A9E9224C}.Debug|x86.Deploy.0 = Debug|Win32
32 | {E383838B-1959-4743-951A-7A01A9E9224C}.Release|ARM.ActiveCfg = Release|ARM
33 | {E383838B-1959-4743-951A-7A01A9E9224C}.Release|ARM.Build.0 = Release|ARM
34 | {E383838B-1959-4743-951A-7A01A9E9224C}.Release|ARM.Deploy.0 = Release|ARM
35 | {E383838B-1959-4743-951A-7A01A9E9224C}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {E383838B-1959-4743-951A-7A01A9E9224C}.Release|ARM64.Build.0 = Release|ARM64
37 | {E383838B-1959-4743-951A-7A01A9E9224C}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {E383838B-1959-4743-951A-7A01A9E9224C}.Release|x64.ActiveCfg = Release|x64
39 | {E383838B-1959-4743-951A-7A01A9E9224C}.Release|x64.Build.0 = Release|x64
40 | {E383838B-1959-4743-951A-7A01A9E9224C}.Release|x64.Deploy.0 = Release|x64
41 | {E383838B-1959-4743-951A-7A01A9E9224C}.Release|x86.ActiveCfg = Release|Win32
42 | {E383838B-1959-4743-951A-7A01A9E9224C}.Release|x86.Build.0 = Release|Win32
43 | {E383838B-1959-4743-951A-7A01A9E9224C}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeLongIntegerData/KeLongIntegerData/KeLongIntegerData.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; KeLongIntegerData.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=Sample ; TODO: edit Class
8 | ClassGuid={78A1C341-4539-11d3-B88D-00C04FAD5171} ; TODO: edit ClassGuid
9 | Provider=%ManufacturerName%
10 | CatalogFile=KeLongIntegerData.cat
11 | DriverVer= ; TODO: set DriverVer in stampinf property pages
12 |
13 | [DestinationDirs]
14 | DefaultDestDir = 12
15 | KeLongIntegerData_Device_CoInstaller_CopyFiles = 11
16 |
17 | ; ================= Class section =====================
18 |
19 | [ClassInstall32]
20 | Addreg=SampleClassReg
21 |
22 | [SampleClassReg]
23 | HKR,,,0,%ClassName%
24 | HKR,,Icon,,-5
25 |
26 | [SourceDisksNames]
27 | 1 = %DiskName%,,,""
28 |
29 | [SourceDisksFiles]
30 | KeLongIntegerData.sys = 1,,
31 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
32 |
33 | ;*****************************************
34 | ; Install Section
35 | ;*****************************************
36 |
37 | [Manufacturer]
38 | %ManufacturerName%=Standard,NT$ARCH$
39 |
40 | [Standard.NT$ARCH$]
41 | %KeLongIntegerData.DeviceDesc%=KeLongIntegerData_Device, Root\KeLongIntegerData ; TODO: edit hw-id
42 |
43 | [KeLongIntegerData_Device.NT]
44 | CopyFiles=Drivers_Dir
45 |
46 | [Drivers_Dir]
47 | KeLongIntegerData.sys
48 |
49 | ;-------------- Service installation
50 | [KeLongIntegerData_Device.NT.Services]
51 | AddService = KeLongIntegerData,%SPSVCINST_ASSOCSERVICE%, KeLongIntegerData_Service_Inst
52 |
53 | ; -------------- KeLongIntegerData driver install sections
54 | [KeLongIntegerData_Service_Inst]
55 | DisplayName = %KeLongIntegerData.SVCDESC%
56 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER
57 | StartType = 3 ; SERVICE_DEMAND_START
58 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL
59 | ServiceBinary = %12%\KeLongIntegerData.sys
60 |
61 | ;
62 | ;--- KeLongIntegerData_Device Coinstaller installation ------
63 | ;
64 |
65 | [KeLongIntegerData_Device.NT.CoInstallers]
66 | AddReg=KeLongIntegerData_Device_CoInstaller_AddReg
67 | CopyFiles=KeLongIntegerData_Device_CoInstaller_CopyFiles
68 |
69 | [KeLongIntegerData_Device_CoInstaller_AddReg]
70 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
71 |
72 | [KeLongIntegerData_Device_CoInstaller_CopyFiles]
73 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
74 |
75 | [KeLongIntegerData_Device.NT.Wdf]
76 | KmdfService = KeLongIntegerData, KeLongIntegerData_wdfsect
77 | [KeLongIntegerData_wdfsect]
78 | KmdfLibraryVersion = $KMDFVERSION$
79 |
80 | [Strings]
81 | SPSVCINST_ASSOCSERVICE= 0x00000002
82 | ManufacturerName="" ;TODO: Replace with your manufacturer name
83 | ClassName="Samples" ; TODO: edit ClassName
84 | DiskName = "KeLongIntegerData Installation Disk"
85 | KeLongIntegerData.DeviceDesc = "KeLongIntegerData Device"
86 | KeLongIntegerData.SVCDESC = "KeLongIntegerData Service"
87 |
--------------------------------------------------------------------------------
/KeLongIntegerData/KeLongIntegerData/KeLongIntegerData.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Debug
22 | ARM
23 |
24 |
25 | Release
26 | ARM
27 |
28 |
29 | Debug
30 | ARM64
31 |
32 |
33 | Release
34 | ARM64
35 |
36 |
37 |
38 | {E383838B-1959-4743-951A-7A01A9E9224C}
39 | {1bc93793-694f-48fe-9372-81e2b05556fd}
40 | v4.5
41 | 12.0
42 | Debug
43 | Win32
44 | KeLongIntegerData
45 | 10.0.10586.0
46 |
47 |
48 |
49 | Windows10
50 | true
51 | WindowsKernelModeDriver10.0
52 | Driver
53 | KMDF
54 | Universal
55 |
56 |
57 | Windows10
58 | false
59 | WindowsKernelModeDriver10.0
60 | Driver
61 | KMDF
62 | Universal
63 |
64 |
65 | Windows10
66 | true
67 | WindowsKernelModeDriver10.0
68 | Driver
69 | KMDF
70 | Universal
71 |
72 |
73 | Windows10
74 | false
75 | WindowsKernelModeDriver10.0
76 | Driver
77 | KMDF
78 | Universal
79 |
80 |
81 | Windows10
82 | true
83 | WindowsKernelModeDriver10.0
84 | Driver
85 | KMDF
86 | Universal
87 |
88 |
89 | Windows10
90 | false
91 | WindowsKernelModeDriver10.0
92 | Driver
93 | KMDF
94 | Universal
95 |
96 |
97 | Windows10
98 | true
99 | WindowsKernelModeDriver10.0
100 | Driver
101 | KMDF
102 | Universal
103 |
104 |
105 | Windows10
106 | false
107 | WindowsKernelModeDriver10.0
108 | Driver
109 | KMDF
110 | Universal
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 | DbgengKernelDebugger
122 |
123 |
124 | DbgengKernelDebugger
125 | $(VC_IncludePath);$(WindowsSDK_IncludePath);
126 |
127 |
128 | DbgengKernelDebugger
129 |
130 |
131 | DbgengKernelDebugger
132 |
133 |
134 | DbgengKernelDebugger
135 |
136 |
137 | DbgengKernelDebugger
138 |
139 |
140 | DbgengKernelDebugger
141 |
142 |
143 | DbgengKernelDebugger
144 |
145 |
146 |
147 | C:\Program Files %28x86%29\Windows Kits\10\Include\10.0.17134.0\km;%(AdditionalIncludeDirectories)
148 |
149 |
150 | DriverEntry
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 |
161 |
162 |
--------------------------------------------------------------------------------
/KeLongIntegerData/KeLongIntegerData/KeLongIntegerData.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Resource Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/KeLongIntegerData/KeLongIntegerData/KeMain.cpp:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | //typedef __int64 LONGLONG;
4 | //typedef union _LARGE_INTEGER {
5 | // struct {
6 | // ULONG LowPart;
7 | // LONG HighPart;
8 | // };
9 | // struct {
10 | // ULONG LowPart;
11 | // LONG HighPart;
12 | // } u;
13 | // LONGLONG QuadPart;
14 | //} LARGE_INTEGER;
15 |
16 |
17 | void DrvUnload(_In_ PDRIVER_OBJECT DriverObject) {
18 | UNREFERENCED_PARAMETER(DriverObject);
19 | KdPrint(("Driver Unload called\n"));
20 | }
21 |
22 | extern "C" NTSTATUS
23 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath) {
24 |
25 | UNREFERENCED_PARAMETER(RegistryPath);
26 | LARGE_INTEGER a, b;
27 | a.QuadPart = 100;
28 | a.QuadPart *= 100;
29 | b.QuadPart = a.QuadPart;
30 | if (b.QuadPart > 1000)
31 | {
32 | KdPrint(("b.QuadPart < 1000, LowPart = %x HighPart = %x", b.LowPart, b.HighPart));
33 | }
34 | DriverObject->DriverUnload = DrvUnload;
35 | KdPrint(("Driver initialized successfully\n"));
36 | return STATUS_SUCCESS;
37 | }
--------------------------------------------------------------------------------
/KeMalloc/KeMalloc.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeMalloc", "KeMalloc\KeMalloc.vcxproj", "{9AF3CD2E-4575-47B8-9190-8F95AA02A92D}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Debug|ARM.Build.0 = Debug|ARM
22 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Debug|x64.ActiveCfg = Debug|x64
27 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Debug|x64.Build.0 = Debug|x64
28 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Debug|x64.Deploy.0 = Debug|x64
29 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Debug|x86.ActiveCfg = Debug|Win32
30 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Debug|x86.Build.0 = Debug|Win32
31 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Debug|x86.Deploy.0 = Debug|Win32
32 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Release|ARM.ActiveCfg = Release|ARM
33 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Release|ARM.Build.0 = Release|ARM
34 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Release|ARM.Deploy.0 = Release|ARM
35 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Release|ARM64.Build.0 = Release|ARM64
37 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Release|x64.ActiveCfg = Release|x64
39 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Release|x64.Build.0 = Release|x64
40 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Release|x64.Deploy.0 = Release|x64
41 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Release|x86.ActiveCfg = Release|Win32
42 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Release|x86.Build.0 = Release|Win32
43 | {9AF3CD2E-4575-47B8-9190-8F95AA02A92D}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeMalloc/KeMalloc/KeMain.cpp:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | #include "KeMalloc.h"
4 |
5 |
6 |
7 | void DrvUnload(_In_ PDRIVER_OBJECT DriverObject) {
8 | UNREFERENCED_PARAMETER(DriverObject);
9 | KdPrint(("Driver Unload called\n"));
10 | }
11 |
12 |
13 | struct MyData2 {
14 | int Count;
15 | char *name;
16 | };
17 |
18 | extern "C" NTSTATUS
19 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath) {
20 |
21 | UNREFERENCED_PARAMETER(RegistryPath);
22 | int i;
23 | int r = false;
24 |
25 | auto msize = new MyData2;
26 | msize->Count = 123456;
27 | msize->name = "test";
28 | KdPrint(("My Count is : %d\n", msize->Count));
29 | KdPrint(("My Count is : %s\n", msize->name));
30 | delete msize;
31 |
32 | DriverObject->DriverUnload = DrvUnload;
33 | KdPrint(("Driver initialized successfully\n"));
34 | return STATUS_SUCCESS;
35 | }
36 |
--------------------------------------------------------------------------------
/KeMalloc/KeMalloc/KeMalloc.cpp:
--------------------------------------------------------------------------------
1 | #include "KeMalloc.h"
2 | #include
3 |
4 | constexpr unsigned long PoolTag = 'abcd';
5 |
6 | void* __cdecl operator new(size_t Size) {
7 | void* Pointer = ExAllocatePoolWithTag(NonPagedPool, Size, PoolTag);
8 | if (Pointer) RtlZeroMemory(Pointer, Size);
9 | return Pointer;
10 | }
11 |
12 | void* __cdecl operator new(size_t Size, POOL_TYPE PoolType) {
13 | void* Pointer = ExAllocatePoolWithTag(PoolType, Size, PoolTag);
14 | if (Pointer) RtlZeroMemory(Pointer, Size);
15 | return Pointer;
16 | }
17 |
18 | void* __cdecl operator new[](size_t Size) {
19 | void* Pointer = ExAllocatePoolWithTag(NonPagedPool, Size, PoolTag);
20 | if (Pointer) RtlZeroMemory(Pointer, Size);
21 | return Pointer;
22 | }
23 |
24 | void* __cdecl operator new[](size_t Size, POOL_TYPE PoolType) {
25 | void* Pointer = ExAllocatePoolWithTag(PoolType, Size, PoolTag);
26 | if (Pointer) RtlZeroMemory(Pointer, Size);
27 | return Pointer;
28 | }
29 |
30 | void __cdecl operator delete(void* Pointer) {
31 | ExFreePoolWithTag(Pointer, PoolTag);
32 | }
33 |
34 | void __cdecl operator delete(void* Pointer, size_t Size) {
35 | UNREFERENCED_PARAMETER(Size);
36 | ExFreePoolWithTag(Pointer, PoolTag);
37 | }
38 |
39 | void __cdecl operator delete[](void* Pointer) {
40 | ExFreePoolWithTag(Pointer, PoolTag);
41 | }
42 |
43 | void __cdecl operator delete[](void* Pointer, size_t Size) {
44 | UNREFERENCED_PARAMETER(Size);
45 | ExFreePoolWithTag(Pointer, PoolTag);
46 | }
47 |
--------------------------------------------------------------------------------
/KeMalloc/KeMalloc/KeMalloc.h:
--------------------------------------------------------------------------------
1 |
2 | #include
3 |
4 |
5 | void* __cdecl operator new(size_t Size);
6 |
7 | void* __cdecl operator new(size_t Size, POOL_TYPE PoolType);
8 |
9 | void* __cdecl operator new[](size_t Size);
10 |
11 | void* __cdecl operator new[](size_t Size);
12 |
13 | void* __cdecl operator new[](size_t Size, POOL_TYPE PoolType);
14 |
15 | void __cdecl operator delete(void* Pointer);
16 |
17 | void __cdecl operator delete(void* Pointer, size_t Size);
18 |
19 | void __cdecl operator delete[](void* Pointer);
20 |
21 | void __cdecl operator delete[](void* Pointer, size_t Size);
--------------------------------------------------------------------------------
/KeMalloc/KeMalloc/KeMalloc.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {8E41214B-6785-4CFE-B992-037D68949A14}
18 | inf;inv;inx;mof;mc;
19 |
20 |
21 |
22 |
23 | Source Files
24 |
25 |
26 |
27 |
28 | Header Files
29 |
30 |
31 |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/KeOSBuild/KeOSBuild.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeOSBuild", "KeOSBuild\KeOSBuild.vcxproj", "{768F201F-484A-4215-B73D-515C7C479233}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {768F201F-484A-4215-B73D-515C7C479233}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {768F201F-484A-4215-B73D-515C7C479233}.Debug|ARM.Build.0 = Debug|ARM
22 | {768F201F-484A-4215-B73D-515C7C479233}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {768F201F-484A-4215-B73D-515C7C479233}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {768F201F-484A-4215-B73D-515C7C479233}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {768F201F-484A-4215-B73D-515C7C479233}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {768F201F-484A-4215-B73D-515C7C479233}.Debug|x64.ActiveCfg = Debug|x64
27 | {768F201F-484A-4215-B73D-515C7C479233}.Debug|x64.Build.0 = Debug|x64
28 | {768F201F-484A-4215-B73D-515C7C479233}.Debug|x64.Deploy.0 = Debug|x64
29 | {768F201F-484A-4215-B73D-515C7C479233}.Debug|x86.ActiveCfg = Debug|Win32
30 | {768F201F-484A-4215-B73D-515C7C479233}.Debug|x86.Build.0 = Debug|Win32
31 | {768F201F-484A-4215-B73D-515C7C479233}.Debug|x86.Deploy.0 = Debug|Win32
32 | {768F201F-484A-4215-B73D-515C7C479233}.Release|ARM.ActiveCfg = Release|ARM
33 | {768F201F-484A-4215-B73D-515C7C479233}.Release|ARM.Build.0 = Release|ARM
34 | {768F201F-484A-4215-B73D-515C7C479233}.Release|ARM.Deploy.0 = Release|ARM
35 | {768F201F-484A-4215-B73D-515C7C479233}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {768F201F-484A-4215-B73D-515C7C479233}.Release|ARM64.Build.0 = Release|ARM64
37 | {768F201F-484A-4215-B73D-515C7C479233}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {768F201F-484A-4215-B73D-515C7C479233}.Release|x64.ActiveCfg = Release|x64
39 | {768F201F-484A-4215-B73D-515C7C479233}.Release|x64.Build.0 = Release|x64
40 | {768F201F-484A-4215-B73D-515C7C479233}.Release|x64.Deploy.0 = Release|x64
41 | {768F201F-484A-4215-B73D-515C7C479233}.Release|x86.ActiveCfg = Release|Win32
42 | {768F201F-484A-4215-B73D-515C7C479233}.Release|x86.Build.0 = Release|Win32
43 | {768F201F-484A-4215-B73D-515C7C479233}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeOSBuild/KeOSBuild/KeMain.cpp:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | void DrvUnload(_In_ PDRIVER_OBJECT DriverObject) {
4 | UNREFERENCED_PARAMETER(DriverObject);
5 |
6 | KdPrint(("driver Unload called\n"));
7 | }
8 |
9 | extern "C" NTSTATUS
10 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath) {
11 |
12 | UNREFERENCED_PARAMETER(DriverObject);
13 | UNREFERENCED_PARAMETER(RegistryPath);
14 |
15 | DriverObject->DriverUnload = DrvUnload;
16 |
17 | RTL_OSVERSIONINFOW info = { sizeof(info) };
18 | RtlGetVersion(&info);
19 | KdPrint(("Windows Version: %d.%d.%d\n", info.dwMajorVersion, info.dwMinorVersion, info.dwBuildNumber));
20 |
21 | KdPrint(("driver initialized successfully\n"));
22 |
23 | return STATUS_SUCCESS;
24 | }
25 |
--------------------------------------------------------------------------------
/KeOSBuild/KeOSBuild/KeOSBuild.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Debug
22 | ARM
23 |
24 |
25 | Release
26 | ARM
27 |
28 |
29 | Debug
30 | ARM64
31 |
32 |
33 | Release
34 | ARM64
35 |
36 |
37 |
38 | {768F201F-484A-4215-B73D-515C7C479233}
39 | {1bc93793-694f-48fe-9372-81e2b05556fd}
40 | v4.5
41 | 12.0
42 | Debug
43 | Win32
44 | KeOSBuild
45 |
46 |
47 |
48 | Windows10
49 | true
50 | WindowsKernelModeDriver10.0
51 | Driver
52 | KMDF
53 | Universal
54 |
55 |
56 | Windows10
57 | false
58 | WindowsKernelModeDriver10.0
59 | Driver
60 | KMDF
61 | Universal
62 |
63 |
64 | Windows10
65 | true
66 | WindowsKernelModeDriver10.0
67 | Driver
68 | KMDF
69 | Universal
70 |
71 |
72 | Windows10
73 | false
74 | WindowsKernelModeDriver10.0
75 | Driver
76 | KMDF
77 | Universal
78 |
79 |
80 | Windows10
81 | true
82 | WindowsKernelModeDriver10.0
83 | Driver
84 | KMDF
85 | Universal
86 |
87 |
88 | Windows10
89 | false
90 | WindowsKernelModeDriver10.0
91 | Driver
92 | KMDF
93 | Universal
94 |
95 |
96 | Windows10
97 | true
98 | WindowsKernelModeDriver10.0
99 | Driver
100 | KMDF
101 | Universal
102 |
103 |
104 | Windows10
105 | false
106 | WindowsKernelModeDriver10.0
107 | Driver
108 | KMDF
109 | Universal
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 | DbgengKernelDebugger
121 |
122 |
123 | DbgengKernelDebugger
124 |
125 |
126 | DbgengKernelDebugger
127 |
128 |
129 | DbgengKernelDebugger
130 |
131 |
132 | DbgengKernelDebugger
133 |
134 |
135 | DbgengKernelDebugger
136 |
137 |
138 | DbgengKernelDebugger
139 |
140 |
141 | DbgengKernelDebugger
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
--------------------------------------------------------------------------------
/KeOSBuild/KeOSBuild/KeOSBuild.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {8E41214B-6785-4CFE-B992-037D68949A14}
18 | inf;inv;inx;mof;mc;
19 |
20 |
21 |
22 |
23 | Driver Files
24 |
25 |
26 |
--------------------------------------------------------------------------------
/KeOSVersion/KeOSVersion.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeOSVersion", "KeOSVersion\KeOSVersion.vcxproj", "{1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Debug|ARM.Build.0 = Debug|ARM
22 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Debug|x64.ActiveCfg = Debug|x64
27 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Debug|x64.Build.0 = Debug|x64
28 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Debug|x64.Deploy.0 = Debug|x64
29 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Debug|x86.ActiveCfg = Debug|Win32
30 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Debug|x86.Build.0 = Debug|Win32
31 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Debug|x86.Deploy.0 = Debug|Win32
32 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Release|ARM.ActiveCfg = Release|ARM
33 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Release|ARM.Build.0 = Release|ARM
34 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Release|ARM.Deploy.0 = Release|ARM
35 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Release|ARM64.Build.0 = Release|ARM64
37 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Release|x64.ActiveCfg = Release|x64
39 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Release|x64.Build.0 = Release|x64
40 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Release|x64.Deploy.0 = Release|x64
41 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Release|x86.ActiveCfg = Release|Win32
42 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Release|x86.Build.0 = Release|Win32
43 | {1501F0C8-78E5-4FC1-8518-2FD2B0BE9613}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeOSVersion/KeOSVersion/KeMain.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include "OSVersion.h"
3 |
4 | VOID UnloadDriver(PDRIVER_OBJECT DriverObject) {
5 | UNREFERENCED_PARAMETER(DriverObject);
6 | KdPrint(("Unload My Driver \n"));
7 | }
8 |
9 | extern "C" NTSTATUS
10 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
11 |
12 | UNREFERENCED_PARAMETER(DriverObject);
13 | UNREFERENCED_PARAMETER(RegistryPath);
14 |
15 | bool BlStatusWin10 = false;
16 | bool BLStatusWin7 = false;
17 |
18 | BlStatusWin10 = OSVersion::IsWindows10OrGreater();
19 | BLStatusWin7 = OSVersion::IsWindows7OrGreater();
20 |
21 | if (BlStatusWin10 == true) {
22 | KdPrint(("Your OS Is a Windows 10\n"));
23 | }
24 | if (BLStatusWin7 == true) {
25 | KdPrint(("Your OS Is a Windows 7\n"));
26 | }
27 | UNREFERENCED_PARAMETER(RegistryPath);
28 | DriverObject->DriverUnload = (PDRIVER_UNLOAD)UnloadDriver;
29 | KdPrint(("Driver has been registered!\n"));
30 |
31 |
32 | return STATUS_SUCCESS;
33 | }
--------------------------------------------------------------------------------
/KeOSVersion/KeOSVersion/KeOSVersion.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {8E41214B-6785-4CFE-B992-037D68949A14}
18 | inf;inv;inx;mof;mc;
19 |
20 |
21 |
22 |
23 | Source Files
24 |
25 |
26 | Source Files
27 |
28 |
29 |
30 |
31 | Header Files
32 |
33 |
34 |
--------------------------------------------------------------------------------
/KeOSVersion/KeOSVersion/OSVersion.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include "OSVersion.h"
3 |
4 | BOOLEAN OSVersion::Initialized = FALSE;
5 | OSVersion::_OSVersion OSVersion::Version = {};
6 |
7 | _IRQL_requires_max_(PASSIVE_LEVEL)
8 | VOID OSVersion::Initialize() {
9 | if (Initialized) return;
10 | PsGetVersion(&Version.Major, &Version.Minor, NULL, NULL);
11 | Initialized = TRUE;
12 | }
13 |
14 | BOOLEAN OSVersion::IsGreaterThan(ULONG Major, ULONG Minor) {
15 | if (!Initialized) Initialize();
16 | return (Version.Major > Major) || (Version.Major == Major && Version.Minor >= Minor);
17 | }
18 |
19 | BOOLEAN OSVersion::IsWindowsXPOrGreater() {
20 | return IsGreaterThan(5, 1);
21 | }
22 |
23 | BOOLEAN OSVersion::IsWindowsXP64OrGreater() {
24 | return IsGreaterThan(5, 2);
25 | }
26 |
27 | BOOLEAN OSVersion::IsWindowsVistaOrGreater() {
28 | return IsGreaterThan(6, 0);
29 | }
30 |
31 | BOOLEAN OSVersion::IsWindows7OrGreater() {
32 | return IsGreaterThan(6, 1);
33 | }
34 |
35 | BOOLEAN OSVersion::IsWindows8OrGreater() {
36 | return IsGreaterThan(6, 2);
37 | }
38 |
39 | BOOLEAN OSVersion::IsWindows81OrGreater() {
40 | return IsGreaterThan(6, 3);
41 | }
42 |
43 | BOOLEAN OSVersion::IsWindows10OrGreater() {
44 | return IsGreaterThan(10, 0);
45 | }
--------------------------------------------------------------------------------
/KeOSVersion/KeOSVersion/OSVersion.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | class OSVersion final {
4 | private:
5 | using _OSVersion = struct {
6 | ULONG Major;
7 | ULONG Minor;
8 | };
9 | static BOOLEAN Initialized;
10 | static _OSVersion Version;
11 | static VOID Initialize();
12 | public:
13 | static BOOLEAN IsGreaterThan(ULONG Major, ULONG Minor);
14 | static BOOLEAN IsWindowsXPOrGreater();
15 | static BOOLEAN IsWindowsXP64OrGreater();
16 | static BOOLEAN IsWindowsVistaOrGreater();
17 | static BOOLEAN IsWindows7OrGreater();
18 | static BOOLEAN IsWindows8OrGreater();
19 | static BOOLEAN IsWindows81OrGreater();
20 | static BOOLEAN IsWindows10OrGreater();
21 | };
--------------------------------------------------------------------------------
/KeShellCode/Image/Shellcode.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/raminfp/basic-windows-kernel-programming/ea9f1658e4148fe4328ca780d62de79894709d76/KeShellCode/Image/Shellcode.PNG
--------------------------------------------------------------------------------
/KeShellCode/KeShellCode.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeShellCode", "KeShellCode\KeShellCode.vcxproj", "{8F07B073-E949-4C77-847D-8A964B132417}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {8F07B073-E949-4C77-847D-8A964B132417}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {8F07B073-E949-4C77-847D-8A964B132417}.Debug|ARM.Build.0 = Debug|ARM
22 | {8F07B073-E949-4C77-847D-8A964B132417}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {8F07B073-E949-4C77-847D-8A964B132417}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {8F07B073-E949-4C77-847D-8A964B132417}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {8F07B073-E949-4C77-847D-8A964B132417}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {8F07B073-E949-4C77-847D-8A964B132417}.Debug|x64.ActiveCfg = Debug|x64
27 | {8F07B073-E949-4C77-847D-8A964B132417}.Debug|x64.Build.0 = Debug|x64
28 | {8F07B073-E949-4C77-847D-8A964B132417}.Debug|x64.Deploy.0 = Debug|x64
29 | {8F07B073-E949-4C77-847D-8A964B132417}.Debug|x86.ActiveCfg = Debug|Win32
30 | {8F07B073-E949-4C77-847D-8A964B132417}.Debug|x86.Build.0 = Debug|Win32
31 | {8F07B073-E949-4C77-847D-8A964B132417}.Debug|x86.Deploy.0 = Debug|Win32
32 | {8F07B073-E949-4C77-847D-8A964B132417}.Release|ARM.ActiveCfg = Release|ARM
33 | {8F07B073-E949-4C77-847D-8A964B132417}.Release|ARM.Build.0 = Release|ARM
34 | {8F07B073-E949-4C77-847D-8A964B132417}.Release|ARM.Deploy.0 = Release|ARM
35 | {8F07B073-E949-4C77-847D-8A964B132417}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {8F07B073-E949-4C77-847D-8A964B132417}.Release|ARM64.Build.0 = Release|ARM64
37 | {8F07B073-E949-4C77-847D-8A964B132417}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {8F07B073-E949-4C77-847D-8A964B132417}.Release|x64.ActiveCfg = Release|x64
39 | {8F07B073-E949-4C77-847D-8A964B132417}.Release|x64.Build.0 = Release|x64
40 | {8F07B073-E949-4C77-847D-8A964B132417}.Release|x64.Deploy.0 = Release|x64
41 | {8F07B073-E949-4C77-847D-8A964B132417}.Release|x86.ActiveCfg = Release|Win32
42 | {8F07B073-E949-4C77-847D-8A964B132417}.Release|x86.Build.0 = Release|Win32
43 | {8F07B073-E949-4C77-847D-8A964B132417}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeShellCode/KeShellCode/KeMain.cpp:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | #if _WIN64
4 | typedef ULONG64(__fastcall *asmShell)(ULONG64, ULONG64);
5 | #else
6 | typedef ULONG32(__fastcall *asmShell)(ULONG32, ULONG32);
7 | #endif
8 |
9 | VOID UnloadDriver(PDRIVER_OBJECT DriverObject) {
10 | UNREFERENCED_PARAMETER(DriverObject);
11 | KdPrint(("Unload My Driver \n"));
12 | }
13 |
14 | extern "C" NTSTATUS
15 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
16 |
17 | UNREFERENCED_PARAMETER(DriverObject);
18 | UNREFERENCED_PARAMETER(RegistryPath);
19 |
20 | DriverObject->DriverUnload = (PDRIVER_UNLOAD)UnloadDriver;
21 | asmShell shellcode = NULL;
22 | /*
23 | // b - a
24 | 0x0000000000000000: 48 dec eax
25 | 0x0000000000000001: 29 D1 sub ecx, edx
26 | 0x0000000000000003: 48 dec eax
27 | 0x0000000000000004: 89 C8 mov eax, ecx
28 | 0x0000000000000006: C3 ret
29 | // b + a
30 | 0x0000000000000000: 48 dec eax
31 | 0x0000000000000001: 01 D1 add ecx, edx
32 | 0x0000000000000003: 48 dec eax
33 | 0x0000000000000004: 89 C8 mov eax, ecx
34 | 0x0000000000000006: C3 ret
35 | */
36 | //UCHAR machinecode[8] = "\x48\x29\xd1\x48\x89\xc8\xc3";
37 | #if _WIN64
38 | UCHAR machinecode[10] = "\xff\xc8\x29\xd1\xff\xc8\x89\xc8\xc3";
39 | #else
40 | UCHAR machinecode[8] = "\x48\x01\xd1\x48\x89\xc8\xc3";
41 | #endif
42 | shellcode = (asmShell)ExAllocatePool(NonPagedPool, 8);
43 | if (shellcode == NULL)
44 | goto Exit;
45 | RtlCopyMemory(shellcode, machinecode, 8);
46 | KdPrint(("Driver has been registered!\n"));
47 | KdPrint(("Result is %d \r\n", shellcode(5, 2)));
48 |
49 | Exit:
50 | if (shellcode == NULL)
51 | ExFreePool(shellcode);
52 | return STATUS_SUCCESS;
53 |
54 |
55 | //
56 | //return STATUS_SUCCESS;
57 | }
58 |
--------------------------------------------------------------------------------
/KeShellCode/KeShellCode/KeShellCode.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; KeShellCode.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=Sample ; TODO: edit Class
8 | ClassGuid={78A1C341-4539-11d3-B88D-00C04FAD5171} ; TODO: edit ClassGuid
9 | Provider=%ManufacturerName%
10 | CatalogFile=KeShellCode.cat
11 | DriverVer= ; TODO: set DriverVer in stampinf property pages
12 |
13 | [DestinationDirs]
14 | DefaultDestDir = 12
15 | KeShellCode_Device_CoInstaller_CopyFiles = 11
16 |
17 | ; ================= Class section =====================
18 |
19 | [ClassInstall32]
20 | Addreg=SampleClassReg
21 |
22 | [SampleClassReg]
23 | HKR,,,0,%ClassName%
24 | HKR,,Icon,,-5
25 |
26 | [SourceDisksNames]
27 | 1 = %DiskName%,,,""
28 |
29 | [SourceDisksFiles]
30 | KeShellCode.sys = 1,,
31 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
32 |
33 | ;*****************************************
34 | ; Install Section
35 | ;*****************************************
36 |
37 | [Manufacturer]
38 | %ManufacturerName%=Standard,NT$ARCH$
39 |
40 | [Standard.NT$ARCH$]
41 | %KeShellCode.DeviceDesc%=KeShellCode_Device, Root\KeShellCode ; TODO: edit hw-id
42 |
43 | [KeShellCode_Device.NT]
44 | CopyFiles=Drivers_Dir
45 |
46 | [Drivers_Dir]
47 | KeShellCode.sys
48 |
49 | ;-------------- Service installation
50 | [KeShellCode_Device.NT.Services]
51 | AddService = KeShellCode,%SPSVCINST_ASSOCSERVICE%, KeShellCode_Service_Inst
52 |
53 | ; -------------- KeShellCode driver install sections
54 | [KeShellCode_Service_Inst]
55 | DisplayName = %KeShellCode.SVCDESC%
56 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER
57 | StartType = 3 ; SERVICE_DEMAND_START
58 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL
59 | ServiceBinary = %12%\KeShellCode.sys
60 |
61 | ;
62 | ;--- KeShellCode_Device Coinstaller installation ------
63 | ;
64 |
65 | [KeShellCode_Device.NT.CoInstallers]
66 | AddReg=KeShellCode_Device_CoInstaller_AddReg
67 | CopyFiles=KeShellCode_Device_CoInstaller_CopyFiles
68 |
69 | [KeShellCode_Device_CoInstaller_AddReg]
70 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
71 |
72 | [KeShellCode_Device_CoInstaller_CopyFiles]
73 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
74 |
75 | [KeShellCode_Device.NT.Wdf]
76 | KmdfService = KeShellCode, KeShellCode_wdfsect
77 | [KeShellCode_wdfsect]
78 | KmdfLibraryVersion = $KMDFVERSION$
79 |
80 | [Strings]
81 | SPSVCINST_ASSOCSERVICE= 0x00000002
82 | ManufacturerName="" ;TODO: Replace with your manufacturer name
83 | ClassName="Samples" ; TODO: edit ClassName
84 | DiskName = "KeShellCode Installation Disk"
85 | KeShellCode.DeviceDesc = "KeShellCode Device"
86 | KeShellCode.SVCDESC = "KeShellCode Service"
87 |
--------------------------------------------------------------------------------
/KeShellCode/KeShellCode/KeShellCode.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Debug
22 | ARM
23 |
24 |
25 | Release
26 | ARM
27 |
28 |
29 | Debug
30 | ARM64
31 |
32 |
33 | Release
34 | ARM64
35 |
36 |
37 |
38 | {8F07B073-E949-4C77-847D-8A964B132417}
39 | {1bc93793-694f-48fe-9372-81e2b05556fd}
40 | v4.5
41 | 12.0
42 | Debug
43 | Win32
44 | KeShellCode
45 | 10.0.10586.0
46 |
47 |
48 |
49 | Windows10
50 | true
51 | WindowsKernelModeDriver10.0
52 | Driver
53 | KMDF
54 | Universal
55 |
56 |
57 | Windows10
58 | false
59 | WindowsKernelModeDriver10.0
60 | Driver
61 | KMDF
62 | Universal
63 |
64 |
65 | Windows10
66 | true
67 | WindowsKernelModeDriver10.0
68 | Driver
69 | KMDF
70 | Universal
71 |
72 |
73 | Windows10
74 | false
75 | WindowsKernelModeDriver10.0
76 | Driver
77 | KMDF
78 | Universal
79 |
80 |
81 | Windows10
82 | true
83 | WindowsKernelModeDriver10.0
84 | Driver
85 | KMDF
86 | Universal
87 |
88 |
89 | Windows10
90 | false
91 | WindowsKernelModeDriver10.0
92 | Driver
93 | KMDF
94 | Universal
95 |
96 |
97 | Windows10
98 | true
99 | WindowsKernelModeDriver10.0
100 | Driver
101 | KMDF
102 | Universal
103 |
104 |
105 | Windows10
106 | false
107 | WindowsKernelModeDriver10.0
108 | Driver
109 | KMDF
110 | Universal
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 | DbgengKernelDebugger
122 | $(VC_IncludePath);$(WindowsSDK_IncludePath);
123 |
124 |
125 | DbgengKernelDebugger
126 |
127 |
128 | DbgengKernelDebugger
129 |
130 |
131 | DbgengKernelDebugger
132 |
133 |
134 | DbgengKernelDebugger
135 |
136 |
137 | DbgengKernelDebugger
138 |
139 |
140 | DbgengKernelDebugger
141 |
142 |
143 | DbgengKernelDebugger
144 |
145 |
146 |
147 | C:\Program Files %28x86%29\Windows Kits\10\Include\10.0.17134.0\km;%(AdditionalIncludeDirectories)
148 |
149 |
150 | DriverEntry
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 |
161 |
162 |
--------------------------------------------------------------------------------
/KeShellCode/KeShellCode/KeShellCode.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/KeSpinLock/KeSpinLock.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeSpinLock", "KeSpinLock\KeSpinLock.vcxproj", "{0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Debug|ARM.Build.0 = Debug|ARM
22 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Debug|x64.ActiveCfg = Debug|x64
27 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Debug|x64.Build.0 = Debug|x64
28 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Debug|x64.Deploy.0 = Debug|x64
29 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Debug|x86.ActiveCfg = Debug|Win32
30 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Debug|x86.Build.0 = Debug|Win32
31 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Debug|x86.Deploy.0 = Debug|Win32
32 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Release|ARM.ActiveCfg = Release|ARM
33 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Release|ARM.Build.0 = Release|ARM
34 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Release|ARM.Deploy.0 = Release|ARM
35 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Release|ARM64.Build.0 = Release|ARM64
37 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Release|x64.ActiveCfg = Release|x64
39 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Release|x64.Build.0 = Release|x64
40 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Release|x64.Deploy.0 = Release|x64
41 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Release|x86.ActiveCfg = Release|Win32
42 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Release|x86.Build.0 = Release|Win32
43 | {0252F5D3-29C6-4EF9-A7FF-4B419D8A3D4F}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeSpinLock/KeSpinLock/KeMain.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/raminfp/basic-windows-kernel-programming/ea9f1658e4148fe4328ca780d62de79894709d76/KeSpinLock/KeSpinLock/KeMain.cpp
--------------------------------------------------------------------------------
/KeSpinLock/KeSpinLock/KeSpinLock.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; KeSpinLock.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=Sample ; TODO: edit Class
8 | ClassGuid={78A1C341-4539-11d3-B88D-00C04FAD5171} ; TODO: edit ClassGuid
9 | Provider=%ManufacturerName%
10 | CatalogFile=KeSpinLock.cat
11 | DriverVer= ; TODO: set DriverVer in stampinf property pages
12 |
13 | [DestinationDirs]
14 | DefaultDestDir = 12
15 | KeSpinLock_Device_CoInstaller_CopyFiles = 11
16 |
17 | ; ================= Class section =====================
18 |
19 | [ClassInstall32]
20 | Addreg=SampleClassReg
21 |
22 | [SampleClassReg]
23 | HKR,,,0,%ClassName%
24 | HKR,,Icon,,-5
25 |
26 | [SourceDisksNames]
27 | 1 = %DiskName%,,,""
28 |
29 | [SourceDisksFiles]
30 | KeSpinLock.sys = 1,,
31 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
32 |
33 | ;*****************************************
34 | ; Install Section
35 | ;*****************************************
36 |
37 | [Manufacturer]
38 | %ManufacturerName%=Standard,NT$ARCH$
39 |
40 | [Standard.NT$ARCH$]
41 | %KeSpinLock.DeviceDesc%=KeSpinLock_Device, Root\KeSpinLock ; TODO: edit hw-id
42 |
43 | [KeSpinLock_Device.NT]
44 | CopyFiles=Drivers_Dir
45 |
46 | [Drivers_Dir]
47 | KeSpinLock.sys
48 |
49 | ;-------------- Service installation
50 | [KeSpinLock_Device.NT.Services]
51 | AddService = KeSpinLock,%SPSVCINST_ASSOCSERVICE%, KeSpinLock_Service_Inst
52 |
53 | ; -------------- KeSpinLock driver install sections
54 | [KeSpinLock_Service_Inst]
55 | DisplayName = %KeSpinLock.SVCDESC%
56 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER
57 | StartType = 3 ; SERVICE_DEMAND_START
58 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL
59 | ServiceBinary = %12%\KeSpinLock.sys
60 |
61 | ;
62 | ;--- KeSpinLock_Device Coinstaller installation ------
63 | ;
64 |
65 | [KeSpinLock_Device.NT.CoInstallers]
66 | AddReg=KeSpinLock_Device_CoInstaller_AddReg
67 | CopyFiles=KeSpinLock_Device_CoInstaller_CopyFiles
68 |
69 | [KeSpinLock_Device_CoInstaller_AddReg]
70 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
71 |
72 | [KeSpinLock_Device_CoInstaller_CopyFiles]
73 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
74 |
75 | [KeSpinLock_Device.NT.Wdf]
76 | KmdfService = KeSpinLock, KeSpinLock_wdfsect
77 | [KeSpinLock_wdfsect]
78 | KmdfLibraryVersion = $KMDFVERSION$
79 |
80 | [Strings]
81 | SPSVCINST_ASSOCSERVICE= 0x00000002
82 | ManufacturerName="" ;TODO: Replace with your manufacturer name
83 | ClassName="Samples" ; TODO: edit ClassName
84 | DiskName = "KeSpinLock Installation Disk"
85 | KeSpinLock.DeviceDesc = "KeSpinLock Device"
86 | KeSpinLock.SVCDESC = "KeSpinLock Service"
87 |
--------------------------------------------------------------------------------
/KeSpinLock/KeSpinLock/KeSpinLock.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Resource Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/KeString/KeString.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeString", "KeString\KeString.vcxproj", "{811786F1-A52A-4E04-A39E-7BEBA73F5F60}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Debug|ARM.Build.0 = Debug|ARM
22 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Debug|x64.ActiveCfg = Debug|x64
27 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Debug|x64.Build.0 = Debug|x64
28 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Debug|x64.Deploy.0 = Debug|x64
29 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Debug|x86.ActiveCfg = Debug|Win32
30 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Debug|x86.Build.0 = Debug|Win32
31 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Debug|x86.Deploy.0 = Debug|Win32
32 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Release|ARM.ActiveCfg = Release|ARM
33 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Release|ARM.Build.0 = Release|ARM
34 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Release|ARM.Deploy.0 = Release|ARM
35 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Release|ARM64.Build.0 = Release|ARM64
37 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Release|x64.ActiveCfg = Release|x64
39 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Release|x64.Build.0 = Release|x64
40 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Release|x64.Deploy.0 = Release|x64
41 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Release|x86.ActiveCfg = Release|Win32
42 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Release|x86.Build.0 = Release|Win32
43 | {811786F1-A52A-4E04-A39E-7BEBA73F5F60}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeString/KeString/KeMain.cpp:
--------------------------------------------------------------------------------
1 |
2 | #include
3 | #include "kstring.h"
4 |
5 | #define DRIVER_TAG 'ABCD'
6 |
7 | VOID UnloadDriver(PDRIVER_OBJECT DriverObject) {
8 | UNREFERENCED_PARAMETER(DriverObject);
9 | KdPrint(("Unload My Driver \n"));
10 | }
11 |
12 | extern "C" NTSTATUS
13 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
14 |
15 | UNREFERENCED_PARAMETER(DriverObject);
16 | UNREFERENCED_PARAMETER(RegistryPath);
17 |
18 | kstring regPath(RegistryPath);
19 | regPath.ToLower();
20 | regPath += L"hello";
21 |
22 | KdPrint(("Path : %*.*ws\n", regPath.Length()));
23 | KdPrint(("\n\n"));
24 |
25 | DriverObject->DriverUnload = (PDRIVER_UNLOAD)UnloadDriver;
26 | KdPrint(("Driver has been registered!\n"));
27 |
28 |
29 | return STATUS_SUCCESS;
30 | }
31 |
--------------------------------------------------------------------------------
/KeString/KeString/KeString.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {8E41214B-6785-4CFE-B992-037D68949A14}
18 | inf;inv;inx;mof;mc;
19 |
20 |
21 |
22 |
23 | Header Files
24 |
25 |
26 |
27 |
28 | Source Files
29 |
30 |
31 |
--------------------------------------------------------------------------------
/KeString/KeString/kstring.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | template
4 | class kstring final {
5 | public:
6 | explicit kstring(const wchar_t* str = nullptr) : kstring(str, 0) {}
7 | kstring(const wchar_t* str, ULONG count) {
8 | if (str) {
9 | m_Len = count == 0 ? static_cast(wcslen(str)) : count;
10 | m_Capacity = m_Len + 1;
11 | m_str = Allocate(m_Capacity, str);
12 | if (!m_str)
13 | ExRaiseStatus(STATUS_NO_MEMORY);
14 | }
15 | else {
16 | m_str = nullptr;
17 | m_Len = m_Capacity = 0;
18 | }
19 | }
20 |
21 | kstring(const kstring& other) : m_Len(other.m_Len) {
22 | m_Pool = other.m_Pool;
23 | m_Tag = other.m_Tag;
24 | if (m_Len > 0) {
25 | m_str = Allocate(m_Len, other.m_str);
26 | }
27 | else {
28 | m_str = nullptr;
29 | }
30 | }
31 |
32 | kstring(PCUNICODE_STRING str) {
33 | m_Len = str->Length / sizeof(WCHAR);
34 | m_str = Allocate(m_Len, str->Buffer);
35 | }
36 |
37 | kstring& operator= (const kstring& other) {
38 | if (this != &other) {
39 | if (m_str)
40 | ExFreePoolWithTag(m_str, m_Tag);
41 | m_Len = other.m_Len;
42 | m_Tag = other.m_Tag;
43 | m_Pool = other.m_Pool;
44 | if (other.m_str) {
45 | m_str = Allocate(m_Len, other.m_str);
46 | }
47 | }
48 | return *this;
49 | }
50 |
51 | kstring(kstring&& other) {
52 | m_Len = other.m_Len;
53 | m_str = other.m_str;
54 | m_Pool = other.m_Pool;
55 | other.m_str = nullptr;
56 | other.m_Len = 0;
57 | }
58 |
59 | kstring& operator=(kstring&& other) {
60 | if (this != &other) {
61 | if (m_str)
62 | ExFreePoolWithTag(m_str, m_Tag);
63 | m_Len = other.m_Len;
64 | m_str = other.m_str;
65 | other.m_str = nullptr;
66 | other.m_Len = 0;
67 | }
68 | return *this;
69 | }
70 |
71 | ~kstring() {
72 | Release();
73 | }
74 |
75 | kstring& operator+=(const kstring& other) {
76 | return Append(other);
77 | }
78 |
79 | kstring& operator+=(PCWSTR str) {
80 | m_Len += static_cast(::wcslen(str));
81 | auto newBuffer = Allocate(m_Len, m_str);
82 | ::wcscat_s(newBuffer, m_Len + 1, str);
83 | Release();
84 | m_str = newBuffer;
85 | return *this;
86 | }
87 |
88 | bool operator==(const kstring& other);
89 |
90 | operator const wchar_t* () const {
91 | return m_str;
92 | }
93 |
94 | const wchar_t* Get() const {
95 | return m_str;
96 | }
97 |
98 | ULONG Length() const {
99 | return m_Len;
100 | }
101 |
102 | kstring ToLower() const {
103 | kstring temp(m_str);
104 | ::_wcslwr(temp.m_str);
105 | return temp;
106 | }
107 |
108 | kstring& ToLower() {
109 | ::_wcslwr(m_str);
110 | return *this;
111 | }
112 |
113 | kstring& Truncate(ULONG length) {
114 | if (count >= m_Len) {
115 | NT_ASSERT(false);
116 | }
117 | else {
118 | m_Len = count;
119 | m_str[m_Len] = L'\0';
120 | }
121 | return *this;
122 | }
123 |
124 | kstring& Append(PCWSTR str, ULONG len = 0) {
125 | if (len == 0)
126 | len = (ULONG)::wcslen(str);
127 | auto newBuffer = m_str;
128 | auto newAlloc = false;
129 | m_Len += len;
130 | if (m_Len + 1 > m_Capacity) {
131 | newBuffer = Allocate(m_Capacity = m_Len + 8, m_str);
132 | newAlloc = true;
133 | }
134 | ::wcsncat_s(newBuffer, m_Capacity, str, len);
135 | if (newAlloc) {
136 | Release();
137 | m_str = newBuffer;
138 | }
139 | return *this;
140 | }
141 |
142 | void Release() {
143 | if (m_str) {
144 | ExFreePoolWithTag(m_str, m_Tag);
145 | m_str = nullptr;
146 | }
147 | }
148 |
149 | const wchar_t GetAt(size_t index) const {
150 | NT_ASSERT(index < m_Len);
151 | return m_str[index];
152 | }
153 |
154 | wchar_t& GetAt(size_t index) {
155 | NT_ASSERT(index < m_Len);
156 | return m_str[indeex];
157 | }
158 |
159 | const wchar_t operator[](size_t index) const {
160 | return GetAt(index);
161 | }
162 |
163 | wchar_t& operator[](size_t index) {
164 | return GetAt(index);
165 | }
166 |
167 | UNICODE_STRING* GetUnicodeString(PUNICODE_STRING ustr) {
168 | RtlInitUnicodeString(ustr, m_str);
169 | return ustr;
170 | }
171 |
172 | private:
173 | wchar_t* Allocate(size_t chars, const wchar_t* src = nullptr) {
174 | auto str = static_cast(ExAllocatePoolWithTag(PoolType, sizeof(WCHAR) * (chars + 1), Tag));
175 | if (!str) {
176 | KdPrint(("Failed to allocate kstring of length %d chars\n", chars));
177 | return nullptr;
178 | }
179 | if (src) {
180 | wcscpy_s(str, chars + 1, src);
181 | }
182 | return str;
183 | }
184 |
185 | private:
186 | wchar_t* m_str;
187 | ULONG m_Len, m_Capacity;
188 | POOL_TYPE m_Pool;
189 | ULONG m_Tag;
190 | };
191 |
--------------------------------------------------------------------------------
/KeThread/Image/thread.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/raminfp/basic-windows-kernel-programming/ea9f1658e4148fe4328ca780d62de79894709d76/KeThread/Image/thread.PNG
--------------------------------------------------------------------------------
/KeThread/KeThread.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeThread", "KeThread\KeThread.vcxproj", "{7D3C2C78-13AD-4161-8343-5544F05AEAF4}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Debug|ARM.Build.0 = Debug|ARM
22 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Debug|x64.ActiveCfg = Debug|x64
27 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Debug|x64.Build.0 = Debug|x64
28 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Debug|x64.Deploy.0 = Debug|x64
29 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Debug|x86.ActiveCfg = Debug|Win32
30 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Debug|x86.Build.0 = Debug|Win32
31 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Debug|x86.Deploy.0 = Debug|Win32
32 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Release|ARM.ActiveCfg = Release|ARM
33 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Release|ARM.Build.0 = Release|ARM
34 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Release|ARM.Deploy.0 = Release|ARM
35 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Release|ARM64.Build.0 = Release|ARM64
37 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Release|x64.ActiveCfg = Release|x64
39 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Release|x64.Build.0 = Release|x64
40 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Release|x64.Deploy.0 = Release|x64
41 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Release|x86.ActiveCfg = Release|Win32
42 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Release|x86.Build.0 = Release|Win32
43 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeThread/KeThread/KeMain.cpp:
--------------------------------------------------------------------------------
1 | #include
2 |
3 |
4 | VOID UnloadDriver(PDRIVER_OBJECT DriverObject) {
5 | UNREFERENCED_PARAMETER(DriverObject);
6 | KdPrint(("Unload My Driver \n"));
7 | }
8 |
9 |
10 | VOID MyProc(IN PVOID Context) {
11 | UNREFERENCED_PARAMETER(Context);
12 | DbgPrint("my new thread \r\n");
13 | PsTerminateSystemThread(STATUS_SUCCESS);
14 | }
15 |
16 | extern "C" NTSTATUS
17 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
18 |
19 | UNREFERENCED_PARAMETER(DriverObject);
20 | UNREFERENCED_PARAMETER(RegistryPath);
21 |
22 | HANDLE ThreadHandel = NULL;
23 | NTSTATUS status;
24 | status = PsCreateSystemThread(&ThreadHandel, 0, NULL, NULL, NULL, MyProc, NULL);
25 |
26 | if (!NT_SUCCESS(status)) {
27 | DbgPrint("Create Thread failed \r\n");
28 | return status;
29 | }
30 |
31 | DriverObject->DriverUnload = (PDRIVER_UNLOAD)UnloadDriver;
32 | KdPrint(("Driver has been registered!\n"));
33 | return STATUS_SUCCESS;
34 | }
35 |
--------------------------------------------------------------------------------
/KeThread/KeThread/KeThread.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Debug
22 | ARM
23 |
24 |
25 | Release
26 | ARM
27 |
28 |
29 | Debug
30 | ARM64
31 |
32 |
33 | Release
34 | ARM64
35 |
36 |
37 |
38 | {7D3C2C78-13AD-4161-8343-5544F05AEAF4}
39 | {1bc93793-694f-48fe-9372-81e2b05556fd}
40 | v4.5
41 | 12.0
42 | Debug
43 | Win32
44 | KeThread
45 | 10.0.10586.0
46 |
47 |
48 |
49 | Windows10
50 | true
51 | WindowsKernelModeDriver10.0
52 | Driver
53 | KMDF
54 | Universal
55 |
56 |
57 | Windows10
58 | false
59 | WindowsKernelModeDriver10.0
60 | Driver
61 | KMDF
62 | Universal
63 |
64 |
65 | Windows10
66 | true
67 | WindowsKernelModeDriver10.0
68 | Driver
69 | KMDF
70 | Universal
71 |
72 |
73 | Windows10
74 | false
75 | WindowsKernelModeDriver10.0
76 | Driver
77 | KMDF
78 | Universal
79 |
80 |
81 | Windows10
82 | true
83 | WindowsKernelModeDriver10.0
84 | Driver
85 | KMDF
86 | Universal
87 |
88 |
89 | Windows10
90 | false
91 | WindowsKernelModeDriver10.0
92 | Driver
93 | KMDF
94 | Universal
95 |
96 |
97 | Windows10
98 | true
99 | WindowsKernelModeDriver10.0
100 | Driver
101 | KMDF
102 | Universal
103 |
104 |
105 | Windows10
106 | false
107 | WindowsKernelModeDriver10.0
108 | Driver
109 | KMDF
110 | Universal
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 | DbgengKernelDebugger
122 | $(VC_IncludePath);$(WindowsSDK_IncludePath);
123 |
124 |
125 | DbgengKernelDebugger
126 |
127 |
128 | DbgengKernelDebugger
129 |
130 |
131 | DbgengKernelDebugger
132 |
133 |
134 | DbgengKernelDebugger
135 |
136 |
137 | DbgengKernelDebugger
138 |
139 |
140 | DbgengKernelDebugger
141 |
142 |
143 | DbgengKernelDebugger
144 |
145 |
146 |
147 | C:\Program Files %28x86%29\Windows Kits\10\Include\10.0.17134.0\km;%(AdditionalIncludeDirectories)
148 |
149 |
150 | DriverEntry
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 |
161 |
162 |
--------------------------------------------------------------------------------
/KeThread/KeThread/KeThread.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {8E41214B-6785-4CFE-B992-037D68949A14}
18 | inf;inv;inx;mof;mc;
19 |
20 |
21 |
22 |
23 | Source Files
24 |
25 |
26 |
--------------------------------------------------------------------------------
/KeTimer/Image/timer.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/raminfp/basic-windows-kernel-programming/ea9f1658e4148fe4328ca780d62de79894709d76/KeTimer/Image/timer.PNG
--------------------------------------------------------------------------------
/KeTimer/KeTimer.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeTimer", "KeTimer\KeTimer.vcxproj", "{527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Debug|ARM.Build.0 = Debug|ARM
22 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Debug|x64.ActiveCfg = Debug|x64
27 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Debug|x64.Build.0 = Debug|x64
28 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Debug|x64.Deploy.0 = Debug|x64
29 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Debug|x86.ActiveCfg = Debug|Win32
30 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Debug|x86.Build.0 = Debug|Win32
31 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Debug|x86.Deploy.0 = Debug|Win32
32 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Release|ARM.ActiveCfg = Release|ARM
33 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Release|ARM.Build.0 = Release|ARM
34 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Release|ARM.Deploy.0 = Release|ARM
35 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Release|ARM64.Build.0 = Release|ARM64
37 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Release|x64.ActiveCfg = Release|x64
39 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Release|x64.Build.0 = Release|x64
40 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Release|x64.Deploy.0 = Release|x64
41 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Release|x86.ActiveCfg = Release|Win32
42 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Release|x86.Build.0 = Release|Win32
43 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeTimer/KeTimer/KeMain.cpp:
--------------------------------------------------------------------------------
1 | #include
2 |
3 |
4 |
5 | #define DELAY_ONE_MICROSEC (-10) // native value -> relative time
6 | #define DELAY_ONE_MILLISEC (DELAY_ONE_MICROSEC*1000)
7 |
8 |
9 | KTIMER myTimer;
10 | LARGE_INTEGER due = { 0 };
11 | KDPC myDpc;
12 |
13 |
14 | VOID UnloadDriver(PDRIVER_OBJECT DriverObject) {
15 | UNREFERENCED_PARAMETER(DriverObject);
16 | KeCancelTimer(&myTimer);
17 | KdPrint(("Unload My Driver \n"));
18 | }
19 |
20 | VOID myDpcFunc(IN PKDPC Dpc, IN PVOID context, IN PVOID SysArgument1, IN PVOID SysArgument2) {
21 | UNREFERENCED_PARAMETER(Dpc);
22 | UNREFERENCED_PARAMETER(context);
23 | UNREFERENCED_PARAMETER(SysArgument1);
24 | UNREFERENCED_PARAMETER(SysArgument2);
25 |
26 | DbgPrint("Timer Working\t\n");
27 | KeSetTimer(&myTimer, due, &myDpc);
28 | }
29 | extern "C" NTSTATUS
30 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
31 |
32 | UNREFERENCED_PARAMETER(DriverObject);
33 | UNREFERENCED_PARAMETER(RegistryPath);
34 |
35 | LARGE_INTEGER system_time = { 0 };
36 | LARGE_INTEGER local_time = { 0 };
37 | TIME_FIELDS local_time_fields = { 0 };
38 |
39 | due.QuadPart = 5000 * DELAY_ONE_MILLISEC;
40 | KeInitializeTimer(&myTimer);
41 | KeInitializeDpc(&myDpc, myDpcFunc, NULL);
42 | KeSetTimer(&myTimer, due, &myDpc);
43 |
44 | DriverObject->DriverUnload = (PDRIVER_UNLOAD)UnloadDriver;
45 | KdPrint(("Driver has been registered!\n"));
46 | return STATUS_SUCCESS;
47 | }
48 |
--------------------------------------------------------------------------------
/KeTimer/KeTimer/KeTimer.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Debug
22 | ARM
23 |
24 |
25 | Release
26 | ARM
27 |
28 |
29 | Debug
30 | ARM64
31 |
32 |
33 | Release
34 | ARM64
35 |
36 |
37 |
38 | {527FEAD8-08D3-4C4F-834B-0D1A87C3E65E}
39 | {1bc93793-694f-48fe-9372-81e2b05556fd}
40 | v4.5
41 | 12.0
42 | Debug
43 | Win32
44 | KeTimer
45 | 10.0.10586.0
46 |
47 |
48 |
49 | Windows10
50 | true
51 | WindowsKernelModeDriver10.0
52 | Driver
53 | KMDF
54 | Universal
55 |
56 |
57 | Windows10
58 | false
59 | WindowsKernelModeDriver10.0
60 | Driver
61 | KMDF
62 | Universal
63 |
64 |
65 | Windows10
66 | true
67 | WindowsKernelModeDriver10.0
68 | Driver
69 | KMDF
70 | Universal
71 |
72 |
73 | Windows10
74 | false
75 | WindowsKernelModeDriver10.0
76 | Driver
77 | KMDF
78 | Universal
79 |
80 |
81 | Windows10
82 | true
83 | WindowsKernelModeDriver10.0
84 | Driver
85 | KMDF
86 | Universal
87 |
88 |
89 | Windows10
90 | false
91 | WindowsKernelModeDriver10.0
92 | Driver
93 | KMDF
94 | Universal
95 |
96 |
97 | Windows10
98 | true
99 | WindowsKernelModeDriver10.0
100 | Driver
101 | KMDF
102 | Universal
103 |
104 |
105 | Windows10
106 | false
107 | WindowsKernelModeDriver10.0
108 | Driver
109 | KMDF
110 | Universal
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 | DbgengKernelDebugger
122 | $(VC_IncludePath);$(WindowsSDK_IncludePath);
123 |
124 |
125 | DbgengKernelDebugger
126 |
127 |
128 | DbgengKernelDebugger
129 |
130 |
131 | DbgengKernelDebugger
132 |
133 |
134 | DbgengKernelDebugger
135 |
136 |
137 | DbgengKernelDebugger
138 |
139 |
140 | DbgengKernelDebugger
141 |
142 |
143 | DbgengKernelDebugger
144 |
145 |
146 |
147 | C:\Program Files %28x86%29\Windows Kits\10\Include\10.0.17134.0\km;%(AdditionalIncludeDirectories)
148 |
149 |
150 | DriverEntry
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 |
161 |
162 |
--------------------------------------------------------------------------------
/KeTimer/KeTimer/KeTimer.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {8E41214B-6785-4CFE-B992-037D68949A14}
18 | inf;inv;inx;mof;mc;
19 |
20 |
21 |
22 |
23 | Source Files
24 |
25 |
26 |
--------------------------------------------------------------------------------
/KeVector/KeVector.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeVector", "KeVector\KeVector.vcxproj", "{CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Debug|ARM.Build.0 = Debug|ARM
22 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Debug|x64.ActiveCfg = Debug|x64
27 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Debug|x64.Build.0 = Debug|x64
28 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Debug|x64.Deploy.0 = Debug|x64
29 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Debug|x86.ActiveCfg = Debug|Win32
30 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Debug|x86.Build.0 = Debug|Win32
31 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Debug|x86.Deploy.0 = Debug|Win32
32 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Release|ARM.ActiveCfg = Release|ARM
33 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Release|ARM.Build.0 = Release|ARM
34 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Release|ARM.Deploy.0 = Release|ARM
35 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Release|ARM64.Build.0 = Release|ARM64
37 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Release|x64.ActiveCfg = Release|x64
39 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Release|x64.Build.0 = Release|x64
40 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Release|x64.Deploy.0 = Release|x64
41 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Release|x86.ActiveCfg = Release|Win32
42 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Release|x86.Build.0 = Release|Win32
43 | {CD00B77E-66BD-47EF-80B1-D9B6E33EF29B}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeVector/KeVector/KeMain.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include "kvector.h"
3 |
4 | #define DRIVER_TAG 'abcd'
5 |
6 | template
7 | using vector = kvector;
8 |
9 | VOID UnloadDriver(PDRIVER_OBJECT DriverObject) {
10 | UNREFERENCED_PARAMETER(DriverObject);
11 | KdPrint(("Unload My Driver \n"));
12 | }
13 |
14 |
15 | extern "C" NTSTATUS
16 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) {
17 |
18 | UNREFERENCED_PARAMETER(DriverObject);
19 | UNREFERENCED_PARAMETER(RegistryPath);
20 |
21 | vector v;
22 | v.Add(5);
23 | v.Add(12);
24 | v.Add(8);
25 | v.Add(4);
26 | v.Add(2);
27 |
28 | KdPrint(("Vector number is : %d\n", v.GetAt(0)));
29 | KdPrint(("Vector number is : %d\n", v.GetAt(1)));
30 | KdPrint(("Vector number is : %d\n", v.GetAt(2)));
31 |
32 | DriverObject->DriverUnload = (PDRIVER_UNLOAD)UnloadDriver;
33 | KdPrint(("Driver has been registered!\n"));
34 | return STATUS_SUCCESS;
35 | }
36 |
--------------------------------------------------------------------------------
/KeVector/KeVector/KeVector.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {8E41214B-6785-4CFE-B992-037D68949A14}
18 | inf;inv;inx;mof;mc;
19 |
20 |
21 |
22 |
23 | Source Files
24 |
25 |
26 |
27 |
28 | Header Files
29 |
30 |
31 |
--------------------------------------------------------------------------------
/KeVector/KeVector/kvector.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | template
4 | struct kvector {
5 | //static_assert(Tag != 0);
6 | kvector(ULONG capacity = 0) {
7 | if (capacity == 0)
8 | capacity = 4;
9 | m_Size = 0;
10 |
11 | m_array = Allocate(m_Capacity = capacity);
12 | }
13 |
14 | kvector(const kvector&) = delete;
15 | kvector& operator=(const kvector&) = delete;
16 |
17 | ~kvector() {
18 | if (m_array)
19 | ExFreePoolWithTag(m_array, Tag);
20 | }
21 |
22 | ULONG Size() const {
23 | return m_Size;
24 | }
25 |
26 | size_t Capacity() const {
27 | return m_Capacity;
28 | }
29 |
30 | void Add(const T& value) {
31 | NT_ASSERT(m_Size <= m_Capacity);
32 | if (m_Size == m_Capacity)
33 | Resize(m_Capacity * 2);
34 | m_array[m_Size++] = value;
35 | }
36 |
37 | T& GetAt(size_t index) {
38 | NT_ASSERT(index < m_Size);
39 | return m_array[index];
40 | }
41 |
42 | const T& GetAt(size_t index) const {
43 | NT_ASSERT(index < m_Size);
44 | return m_array[index];
45 | }
46 |
47 | T& operator[](size_t index) {
48 | return GetAt(index);
49 | }
50 |
51 | const T& operator[](size_t index) const {
52 | return GetAt(index);
53 | }
54 |
55 | void SetAt(size_t index, const T& value) {
56 | NT_ASSERT(index < m_Size);
57 | m_array[index] = value;
58 | }
59 |
60 | void RemoveAt(size_t index) {
61 | NT_ASSERT(index < m_Size);
62 | if (index < m_Size - 1) {
63 | memcpy(m_array + index, m_array + (index + 1), (m_Size - index - 1) * sizeof(T));
64 | }
65 | m_Size--;
66 | }
67 |
68 | void Clear() {
69 | m_Size = 0;
70 | }
71 |
72 | void Resize(ULONG capacity) {
73 | T* array = Allocate(m_Capacity = capacity);
74 | memcpy(array, m_array, sizeof(T) * m_Size);
75 | m_array = array;
76 | }
77 |
78 | T* begin() {
79 | return m_array;
80 | }
81 |
82 | const T* begin() const {
83 | return m_array;
84 | }
85 |
86 | T* end() {
87 | return m_array + m_Size;
88 | }
89 |
90 | const T* end() const {
91 | return m_array + m_Size;
92 | }
93 |
94 | private:
95 | T* Allocate(ULONG size) {
96 | auto buffer = static_cast(ExAllocatePoolWithTag(PoolType, sizeof(T) * size, Tag));
97 | if (!buffer) return nullptr;
98 |
99 | RtlZeroMemory(buffer, sizeof(T) * size);
100 | return buffer;
101 | }
102 |
103 | private:
104 | T* m_array;
105 | ULONG m_Size, m_Capacity;
106 | };
107 |
108 | //template
109 | //void DestroyVector(kvector& v) {
110 | // for (size_t i = 0; i < v.Size(); ++i)
111 | // delete v[i];
112 | //}
--------------------------------------------------------------------------------
/KeWdmVersion/KeWdmVersion.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.26228.4
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KeWdmVersion", "KeWdmVersion\KeWdmVersion.vcxproj", "{A90B37C2-2079-4A90-A587-6F746285E411}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|ARM = Debug|ARM
11 | Debug|ARM64 = Debug|ARM64
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|ARM = Release|ARM
15 | Release|ARM64 = Release|ARM64
16 | Release|x64 = Release|x64
17 | Release|x86 = Release|x86
18 | EndGlobalSection
19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | {A90B37C2-2079-4A90-A587-6F746285E411}.Debug|ARM.ActiveCfg = Debug|ARM
21 | {A90B37C2-2079-4A90-A587-6F746285E411}.Debug|ARM.Build.0 = Debug|ARM
22 | {A90B37C2-2079-4A90-A587-6F746285E411}.Debug|ARM.Deploy.0 = Debug|ARM
23 | {A90B37C2-2079-4A90-A587-6F746285E411}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | {A90B37C2-2079-4A90-A587-6F746285E411}.Debug|ARM64.Build.0 = Debug|ARM64
25 | {A90B37C2-2079-4A90-A587-6F746285E411}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | {A90B37C2-2079-4A90-A587-6F746285E411}.Debug|x64.ActiveCfg = Debug|x64
27 | {A90B37C2-2079-4A90-A587-6F746285E411}.Debug|x64.Build.0 = Debug|x64
28 | {A90B37C2-2079-4A90-A587-6F746285E411}.Debug|x64.Deploy.0 = Debug|x64
29 | {A90B37C2-2079-4A90-A587-6F746285E411}.Debug|x86.ActiveCfg = Debug|Win32
30 | {A90B37C2-2079-4A90-A587-6F746285E411}.Debug|x86.Build.0 = Debug|Win32
31 | {A90B37C2-2079-4A90-A587-6F746285E411}.Debug|x86.Deploy.0 = Debug|Win32
32 | {A90B37C2-2079-4A90-A587-6F746285E411}.Release|ARM.ActiveCfg = Release|ARM
33 | {A90B37C2-2079-4A90-A587-6F746285E411}.Release|ARM.Build.0 = Release|ARM
34 | {A90B37C2-2079-4A90-A587-6F746285E411}.Release|ARM.Deploy.0 = Release|ARM
35 | {A90B37C2-2079-4A90-A587-6F746285E411}.Release|ARM64.ActiveCfg = Release|ARM64
36 | {A90B37C2-2079-4A90-A587-6F746285E411}.Release|ARM64.Build.0 = Release|ARM64
37 | {A90B37C2-2079-4A90-A587-6F746285E411}.Release|ARM64.Deploy.0 = Release|ARM64
38 | {A90B37C2-2079-4A90-A587-6F746285E411}.Release|x64.ActiveCfg = Release|x64
39 | {A90B37C2-2079-4A90-A587-6F746285E411}.Release|x64.Build.0 = Release|x64
40 | {A90B37C2-2079-4A90-A587-6F746285E411}.Release|x64.Deploy.0 = Release|x64
41 | {A90B37C2-2079-4A90-A587-6F746285E411}.Release|x86.ActiveCfg = Release|Win32
42 | {A90B37C2-2079-4A90-A587-6F746285E411}.Release|x86.Build.0 = Release|Win32
43 | {A90B37C2-2079-4A90-A587-6F746285E411}.Release|x86.Deploy.0 = Release|Win32
44 | EndGlobalSection
45 | GlobalSection(SolutionProperties) = preSolution
46 | HideSolutionNode = FALSE
47 | EndGlobalSection
48 | EndGlobal
49 |
--------------------------------------------------------------------------------
/KeWdmVersion/KeWdmVersion/KeMain.cpp:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | // https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-ioiswdmversionavailable#requirements
4 |
5 | void DrvUnload(_In_ PDRIVER_OBJECT DriverObject) {
6 | UNREFERENCED_PARAMETER(DriverObject);
7 | KdPrint(("Driver Unload called\n"));
8 | }
9 |
10 | extern "C" NTSTATUS
11 | DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath) {
12 |
13 | UNREFERENCED_PARAMETER(RegistryPath);
14 | if (IoIsWdmVersionAvailable(1, 0x10)) {
15 | KdPrint(("WDM 1.10 is supported, this is Windows 2000, or better.\n"));
16 | }
17 | else if (IoIsWdmVersionAvailable(1, 5)) {
18 | KdPrint(("WDM 1.05 is supported,\n"));
19 | }
20 | else {
21 | KdPrint(("WDM 1.0 is always supported.\n"));
22 | }
23 | DriverObject->DriverUnload = DrvUnload;
24 | KdPrint(("Driver initialized successfully\n"));
25 | return STATUS_SUCCESS;
26 | }
27 |
--------------------------------------------------------------------------------
/KeWdmVersion/KeWdmVersion/KeWdmVersion.inf:
--------------------------------------------------------------------------------
1 | ;
2 | ; KeWdmVersion.inf
3 | ;
4 |
5 | [Version]
6 | Signature="$WINDOWS NT$"
7 | Class=Sample ; TODO: edit Class
8 | ClassGuid={78A1C341-4539-11d3-B88D-00C04FAD5171} ; TODO: edit ClassGuid
9 | Provider=%ManufacturerName%
10 | CatalogFile=KeWdmVersion.cat
11 | DriverVer= ; TODO: set DriverVer in stampinf property pages
12 |
13 | [DestinationDirs]
14 | DefaultDestDir = 12
15 | KeWdmVersion_Device_CoInstaller_CopyFiles = 11
16 |
17 | ; ================= Class section =====================
18 |
19 | [ClassInstall32]
20 | Addreg=SampleClassReg
21 |
22 | [SampleClassReg]
23 | HKR,,,0,%ClassName%
24 | HKR,,Icon,,-5
25 |
26 | [SourceDisksNames]
27 | 1 = %DiskName%,,,""
28 |
29 | [SourceDisksFiles]
30 | KeWdmVersion.sys = 1,,
31 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
32 |
33 | ;*****************************************
34 | ; Install Section
35 | ;*****************************************
36 |
37 | [Manufacturer]
38 | %ManufacturerName%=Standard,NT$ARCH$
39 |
40 | [Standard.NT$ARCH$]
41 | %KeWdmVersion.DeviceDesc%=KeWdmVersion_Device, Root\KeWdmVersion ; TODO: edit hw-id
42 |
43 | [KeWdmVersion_Device.NT]
44 | CopyFiles=Drivers_Dir
45 |
46 | [Drivers_Dir]
47 | KeWdmVersion.sys
48 |
49 | ;-------------- Service installation
50 | [KeWdmVersion_Device.NT.Services]
51 | AddService = KeWdmVersion,%SPSVCINST_ASSOCSERVICE%, KeWdmVersion_Service_Inst
52 |
53 | ; -------------- KeWdmVersion driver install sections
54 | [KeWdmVersion_Service_Inst]
55 | DisplayName = %KeWdmVersion.SVCDESC%
56 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER
57 | StartType = 3 ; SERVICE_DEMAND_START
58 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL
59 | ServiceBinary = %12%\KeWdmVersion.sys
60 |
61 | ;
62 | ;--- KeWdmVersion_Device Coinstaller installation ------
63 | ;
64 |
65 | [KeWdmVersion_Device.NT.CoInstallers]
66 | AddReg=KeWdmVersion_Device_CoInstaller_AddReg
67 | CopyFiles=KeWdmVersion_Device_CoInstaller_CopyFiles
68 |
69 | [KeWdmVersion_Device_CoInstaller_AddReg]
70 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
71 |
72 | [KeWdmVersion_Device_CoInstaller_CopyFiles]
73 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
74 |
75 | [KeWdmVersion_Device.NT.Wdf]
76 | KmdfService = KeWdmVersion, KeWdmVersion_wdfsect
77 | [KeWdmVersion_wdfsect]
78 | KmdfLibraryVersion = $KMDFVERSION$
79 |
80 | [Strings]
81 | SPSVCINST_ASSOCSERVICE= 0x00000002
82 | ManufacturerName="" ;TODO: Replace with your manufacturer name
83 | ClassName="Samples" ; TODO: edit ClassName
84 | DiskName = "KeWdmVersion Installation Disk"
85 | KeWdmVersion.DeviceDesc = "KeWdmVersion Device"
86 | KeWdmVersion.SVCDESC = "KeWdmVersion Service"
87 |
--------------------------------------------------------------------------------
/KeWdmVersion/KeWdmVersion/KeWdmVersion.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Resource Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ### Basic Windows Kernel Programming +++ Tutorial
2 |
3 |
4 |
5 | ### Visual Studio Configuration
6 |
7 | 1- General ==> Windows SDK Version ===> 10.0.10586.0
8 |
9 | 2- VC++ Directories ==> Include Directories = $(VC_IncludePath);$(WindowsSDK_IncludePath);
10 |
11 | 3- C/C++ ===> General ===> Additional Include Directories ===> C:\Program Files %28x86%29\Windows Kits\10\Include\10.0.17134.0\km;%(AdditionalIncludeDirectories)
12 |
13 | 4- Linker ===> Advanced ===> Entry Point ===> DriverEntry
14 |
15 | 5- Delete file .inf
16 |
17 |
18 | #### Enable kernel debug Of registery
19 |
20 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\Deubug Print Filter\DEFAULT 0xf
21 |
22 | #### Topics:
23 | 1- [KeCPU](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeCPU)
24 | 2- [KeDateTime](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeDateTime)
25 | 3- [KeDebug](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeDebug)
26 | 4- [KeJsonParser](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeJsonParser)
27 | 5- [KeMalloc](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeMalloc)
28 | 6- [KeOSBuild](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeOSBuild)
29 | 7- [KeOSVersion](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeOSVersion)
30 | 8- [KeShellCode](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeShellCode)
31 | 9- [KeString](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeString)
32 | 10- [KeThread](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeThread)
33 | 11- [KeTimer](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeTimer)
34 | 12- [KeVector](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeVector)
35 | 13- [KeHeapAlloc](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeHeapAlloc)
36 | 14- [KeFileWrite](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeFileWrite)
37 | 15- [KeFileRead](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeFileRead)
38 | 16- [KeLinkList](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeLinkList)
39 | 17- [KeSpinLock](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeSpinLock)
40 | 18- [KeWdmVersion](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeWdmVersion)
41 | 19- [KeLongIntegerData](https://github.com/raminfp/basicwindowskernelprogramming/tree/master/KeLongIntegerData)
42 |
43 | #### TODO
44 | - Advance Windows kernel Programming
45 |
46 |
47 | #### Awesome Book by Pavel Yosifovich - https://leanpub.com/windowskernelprogramming
48 |
49 | 
51 |
--------------------------------------------------------------------------------