2016-02-04 12:42:05 +08:00
|
|
|
/*******************************************************************************
|
|
|
|
*
|
2017-04-20 17:52:12 +08:00
|
|
|
* (C) COPYRIGHT AUTHORS, 2016 - 2017
|
2016-02-04 12:42:05 +08:00
|
|
|
*
|
|
|
|
* TITLE: MAIN.C
|
|
|
|
*
|
2017-04-20 17:52:12 +08:00
|
|
|
* VERSION: 1.01
|
2016-02-04 12:42:05 +08:00
|
|
|
*
|
2017-04-20 17:52:12 +08:00
|
|
|
* DATE: 20 Apr 2017
|
2016-02-04 12:42:05 +08:00
|
|
|
*
|
|
|
|
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
|
|
|
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
|
|
|
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
|
|
|
|
* PARTICULAR PURPOSE.
|
|
|
|
*
|
|
|
|
*******************************************************************************/
|
|
|
|
|
|
|
|
#include <ntddk.h>
|
|
|
|
|
|
|
|
DRIVER_INITIALIZE DriverEntry;
|
|
|
|
#pragma alloc_text(INIT, DriverEntry)
|
|
|
|
|
|
|
|
/*
|
|
|
|
* DriverEntry
|
|
|
|
*
|
|
|
|
* Purpose:
|
|
|
|
*
|
|
|
|
* Driver base entry point.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
NTSTATUS DriverEntry(
|
2017-04-20 17:52:12 +08:00
|
|
|
_In_ struct _DRIVER_OBJECT *DriverObject,
|
|
|
|
_In_ PUNICODE_STRING RegistryPath
|
|
|
|
)
|
2016-02-04 12:42:05 +08:00
|
|
|
{
|
2017-04-20 17:52:12 +08:00
|
|
|
PEPROCESS Process;
|
|
|
|
KIRQL Irql;
|
|
|
|
PWSTR sIrql;
|
2016-02-04 12:42:05 +08:00
|
|
|
|
2017-04-20 17:52:12 +08:00
|
|
|
/* This parameters are invalid due to nonstandard way of loading and should not be used. */
|
|
|
|
UNREFERENCED_PARAMETER(DriverObject);
|
|
|
|
UNREFERENCED_PARAMETER(RegistryPath);
|
2016-02-04 12:42:05 +08:00
|
|
|
|
2017-04-20 17:52:12 +08:00
|
|
|
DbgPrint("Hello from kernel mode, system range start is %p, code mapped at %p\n", MmSystemRangeStart, DriverEntry);
|
2016-02-04 12:42:05 +08:00
|
|
|
|
2017-04-20 17:52:12 +08:00
|
|
|
Process = PsGetCurrentProcess();
|
|
|
|
DbgPrint("I'm at %s, Process : %lu (%p)\n",
|
|
|
|
__FUNCTION__,
|
|
|
|
(ULONG)PsGetCurrentProcessId(),
|
|
|
|
Process);
|
2016-02-04 12:42:05 +08:00
|
|
|
|
2017-04-20 17:52:12 +08:00
|
|
|
Irql = KeGetCurrentIrql();
|
2016-02-04 12:42:05 +08:00
|
|
|
|
2017-04-20 17:52:12 +08:00
|
|
|
switch (Irql) {
|
2016-02-04 12:42:05 +08:00
|
|
|
|
2017-04-20 17:52:12 +08:00
|
|
|
case PASSIVE_LEVEL:
|
|
|
|
sIrql = L"PASSIVE_LEVEL";
|
|
|
|
break;
|
|
|
|
case APC_LEVEL:
|
|
|
|
sIrql = L"APC_LEVEL";
|
|
|
|
break;
|
|
|
|
case DISPATCH_LEVEL:
|
|
|
|
sIrql = L"DISPATCH_LEVEL";
|
|
|
|
break;
|
|
|
|
case CMCI_LEVEL:
|
|
|
|
sIrql = L"CMCI_LEVEL";
|
|
|
|
break;
|
|
|
|
case CLOCK_LEVEL:
|
|
|
|
sIrql = L"CLOCK_LEVEL";
|
|
|
|
break;
|
|
|
|
case IPI_LEVEL:
|
|
|
|
sIrql = L"IPI_LEVEL";
|
|
|
|
break;
|
|
|
|
case HIGH_LEVEL:
|
|
|
|
sIrql = L"HIGH_LEVEL";
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
sIrql = L"Unknown Value";
|
|
|
|
break;
|
|
|
|
}
|
2016-02-04 12:42:05 +08:00
|
|
|
|
2017-04-20 17:52:12 +08:00
|
|
|
DbgPrint("KeGetCurrentIrql=%ws\n", sIrql);
|
2016-02-04 12:42:05 +08:00
|
|
|
|
2017-04-20 17:52:12 +08:00
|
|
|
return STATUS_SUCCESS;
|
2016-02-04 12:42:05 +08:00
|
|
|
}
|