n3ls0n
28.04.2010, 19:14
какие есть варианты загрузки дров
помимо :
- NtloadDriver
- NtSetSystemInformation (старый без реестра
SYSTEM_LOAD_AND_CALL_IMAGE )
- SCM (стандартных)
юзаю след.
// some my services
#define KERNEL_MEM_DRIVER_FILENAME_EX L"direct.sys"
#define KERNEL_MEM_DRIVER_FILENAME_EXA "direct.sys"
#define KERNEL_MEM_SERVICE_NAME_EX L"KrlSysData"
#define KERNEL_MEM_DRIVER_SERVICE_NAME_EX L"KernelMemDriver Service"
#define MAGIC_IOCTL 0x00088004
typedef struct _tagLOAD
{
WORD Len;
WCHAR ServiceName[512];
} LOAD ,*PLOAD;
BOOL InstallRegKeys4Driver()
{
BOOL bRet = FALSE;
WCHAR szDriverPath[MAX_PATH] = {'\0'};
GetModuleFileNameW(GetModuleHandle(0),szDriverPath ,sizeof(szDriverPath));
PathRemoveFileSpecW(szDriverPath);
PathAppendW(szDriverPath,KERNEL_MEM_DRIVER_FILENAM E_EX);
WCHAR szImgPath[MAX_PATH] = {'\0'};
wsprintfW(szImgPath,L"%s%s",L"\\??\\",szDriverPath);
HKEY hKey;
WCHAR szRegPath[MAX_PATH] = {0};
wsprintfW(szRegPath,L"%s%s",L"SYSTEM\\CurrentControlSet\\Services\\",KERNEL_MEM_SERVICE_NAME_EX);
if( RegCreateKeyExW(HKEY_LOCAL_MACHINE,szRegPath,0,NUL L,0,KEY_READ | KEY_WRITE,NULL,&hKey,NULL) == ERROR_SUCCESS )
{
RegSetValueExW(hKey,L"DisplayName",0,REG_SZ,(LPBYTE)KERNEL_MEM_DRIVER_SERVICE_NAME_E X,(DWORD)lstrlenW(KERNEL_MEM_DRIVER_SERVICE_NAME_E X)*2);
RegSetValueExW(hKey,L"ImagePath",0,REG_EXPAND_SZ,(LPBYTE)szImgPath,(DWORD)lstrlenW (szImgPath)*2);
DWORD dwType = SERVICE_KERNEL_DRIVER;
DWORD dwStart = SERVICE_DEMAND_START;
RegSetValueExW(hKey,L"Type",0,REG_DWORD,(LPBYTE)&dwType,(DWORD)sizeof(dwType));
RegSetValueExW(hKey,L"Start",0,REG_DWORD,(LPBYTE)&dwStart,(DWORD)sizeof(dwStart) );
bRet = TRUE;
}
return bRet;
}
BOOL GetPrivilege (PCHAR pPrivilegeName)
{
HANDLE hToken;
LUID Luid;
BOOL bReturn = FALSE;
TOKEN_PRIVILEGES TokenPrivileges;
ZeroMemory(&TokenPrivileges,sizeof(TokenPrivileges));
if (OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST _PRIVILEGES | TOKEN_QUERY,&hToken))
{
if (LookupPrivilegeValue(NULL,pPrivilegeName,&Luid))
{
TokenPrivileges.PrivilegeCount = 0x01;
TokenPrivileges.Privileges[0x00].Luid = Luid;
TokenPrivileges.Privileges[0x00].Attributes = SE_PRIVILEGE_ENABLED;
if (AdjustTokenPrivileges(hToken,0x00,&TokenPrivileges,sizeof(TokenPrivileges),NULL,NULL) )
{
bReturn = TRUE;
}
}
}
CloseHandle(hToken);
return bReturn;
}
BOOL LoadKernelMemDriverEx()
{
BOOL bRet = FALSE;
if (InstallRegKeys4Driver())
{
HANDLE hDevice = CreateFile ("\\\\.\\FltMgr" , GENERIC_READ | GENERIC_WRITE , FILE_SHARE_READ | FILE_SHARE_WRITE , NULL , OPEN_EXISTING , FILE_ATTRIBUTE_NORMAL , NULL );
if( hDevice != INVALID_HANDLE_VALUE )
{
LOAD service_to_load;
DWORD dwRet=0;
lstrcpyW(service_to_load.ServiceName ,KERNEL_MEM_SERVICE_NAME_EX);
service_to_load.Len = wcslen( service_to_load.ServiceName )*sizeof(WCHAR);
if (GetPrivilege(SE_LOAD_DRIVER_NAME))
{
if (DeviceIoControl( hDevice , MAGIC_IOCTL , &service_to_load , sizeof(service_to_load) , NULL , 0 , &dwRet , NULL ))
{
bRet = TRUE;
}
}
}
}
return bRet;
}
помимо :
- NtloadDriver
- NtSetSystemInformation (старый без реестра
SYSTEM_LOAD_AND_CALL_IMAGE )
- SCM (стандартных)
юзаю след.
// some my services
#define KERNEL_MEM_DRIVER_FILENAME_EX L"direct.sys"
#define KERNEL_MEM_DRIVER_FILENAME_EXA "direct.sys"
#define KERNEL_MEM_SERVICE_NAME_EX L"KrlSysData"
#define KERNEL_MEM_DRIVER_SERVICE_NAME_EX L"KernelMemDriver Service"
#define MAGIC_IOCTL 0x00088004
typedef struct _tagLOAD
{
WORD Len;
WCHAR ServiceName[512];
} LOAD ,*PLOAD;
BOOL InstallRegKeys4Driver()
{
BOOL bRet = FALSE;
WCHAR szDriverPath[MAX_PATH] = {'\0'};
GetModuleFileNameW(GetModuleHandle(0),szDriverPath ,sizeof(szDriverPath));
PathRemoveFileSpecW(szDriverPath);
PathAppendW(szDriverPath,KERNEL_MEM_DRIVER_FILENAM E_EX);
WCHAR szImgPath[MAX_PATH] = {'\0'};
wsprintfW(szImgPath,L"%s%s",L"\\??\\",szDriverPath);
HKEY hKey;
WCHAR szRegPath[MAX_PATH] = {0};
wsprintfW(szRegPath,L"%s%s",L"SYSTEM\\CurrentControlSet\\Services\\",KERNEL_MEM_SERVICE_NAME_EX);
if( RegCreateKeyExW(HKEY_LOCAL_MACHINE,szRegPath,0,NUL L,0,KEY_READ | KEY_WRITE,NULL,&hKey,NULL) == ERROR_SUCCESS )
{
RegSetValueExW(hKey,L"DisplayName",0,REG_SZ,(LPBYTE)KERNEL_MEM_DRIVER_SERVICE_NAME_E X,(DWORD)lstrlenW(KERNEL_MEM_DRIVER_SERVICE_NAME_E X)*2);
RegSetValueExW(hKey,L"ImagePath",0,REG_EXPAND_SZ,(LPBYTE)szImgPath,(DWORD)lstrlenW (szImgPath)*2);
DWORD dwType = SERVICE_KERNEL_DRIVER;
DWORD dwStart = SERVICE_DEMAND_START;
RegSetValueExW(hKey,L"Type",0,REG_DWORD,(LPBYTE)&dwType,(DWORD)sizeof(dwType));
RegSetValueExW(hKey,L"Start",0,REG_DWORD,(LPBYTE)&dwStart,(DWORD)sizeof(dwStart) );
bRet = TRUE;
}
return bRet;
}
BOOL GetPrivilege (PCHAR pPrivilegeName)
{
HANDLE hToken;
LUID Luid;
BOOL bReturn = FALSE;
TOKEN_PRIVILEGES TokenPrivileges;
ZeroMemory(&TokenPrivileges,sizeof(TokenPrivileges));
if (OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST _PRIVILEGES | TOKEN_QUERY,&hToken))
{
if (LookupPrivilegeValue(NULL,pPrivilegeName,&Luid))
{
TokenPrivileges.PrivilegeCount = 0x01;
TokenPrivileges.Privileges[0x00].Luid = Luid;
TokenPrivileges.Privileges[0x00].Attributes = SE_PRIVILEGE_ENABLED;
if (AdjustTokenPrivileges(hToken,0x00,&TokenPrivileges,sizeof(TokenPrivileges),NULL,NULL) )
{
bReturn = TRUE;
}
}
}
CloseHandle(hToken);
return bReturn;
}
BOOL LoadKernelMemDriverEx()
{
BOOL bRet = FALSE;
if (InstallRegKeys4Driver())
{
HANDLE hDevice = CreateFile ("\\\\.\\FltMgr" , GENERIC_READ | GENERIC_WRITE , FILE_SHARE_READ | FILE_SHARE_WRITE , NULL , OPEN_EXISTING , FILE_ATTRIBUTE_NORMAL , NULL );
if( hDevice != INVALID_HANDLE_VALUE )
{
LOAD service_to_load;
DWORD dwRet=0;
lstrcpyW(service_to_load.ServiceName ,KERNEL_MEM_SERVICE_NAME_EX);
service_to_load.Len = wcslen( service_to_load.ServiceName )*sizeof(WCHAR);
if (GetPrivilege(SE_LOAD_DRIVER_NAME))
{
if (DeviceIoControl( hDevice , MAGIC_IOCTL , &service_to_load , sizeof(service_to_load) , NULL , 0 , &dwRet , NULL ))
{
bRet = TRUE;
}
}
}
}
return bRet;
}