HyperDbg Debugger
Loading...
Searching...
No Matches
Driver.c File Reference

The project entry (RM). More...

#include "pch.h"

Functions

NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
 Main Driver Entry in the case of driver load.
VOID DrvUnload (PDRIVER_OBJECT DriverObject)
 Run in the case of driver unload to unregister the devices.
NTSTATUS DrvCreate (PDEVICE_OBJECT DeviceObject, PIRP Irp)
 IRP_MJ_CREATE Function handler.
NTSTATUS DrvRead (PDEVICE_OBJECT DeviceObject, PIRP Irp)
 IRP_MJ_READ Function handler.
NTSTATUS DrvWrite (PDEVICE_OBJECT DeviceObject, PIRP Irp)
 IRP_MJ_WRITE Function handler.
NTSTATUS DrvClose (PDEVICE_OBJECT DeviceObject, PIRP Irp)
 IRP_MJ_CLOSE Function handler.
NTSTATUS DrvUnsupported (PDEVICE_OBJECT DeviceObject, PIRP Irp)
 Unsupported message for all other IRP_MJ_* handlers.

Detailed Description

The project entry (RM).

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.2
Date
2023-01-29

Function Documentation

◆ DriverEntry()

NTSTATUS DriverEntry ( PDRIVER_OBJECT DriverObject,
PUNICODE_STRING RegistryPath )

Main Driver Entry in the case of driver load.

Load & Unload.

Parameters
DriverObject
RegistryPath
Returns
NTSTATUS

Main Driver Entry in the case of driver load.

26{
27 NTSTATUS Ntstatus = STATUS_SUCCESS;
28 UINT64 Index = 0;
29 PDEVICE_OBJECT DeviceObject = NULL;
30 UNICODE_STRING DriverName = RTL_CONSTANT_STRING(L"\\Device\\HyperDbgReversingMachineDevice");
31 UNICODE_STRING DosDeviceName = RTL_CONSTANT_STRING(L"\\DosDevices\\HyperDbgReversingMachineDevice");
32
33 UNREFERENCED_PARAMETER(RegistryPath);
34 UNREFERENCED_PARAMETER(DriverObject);
35
36 //
37 // Opt-in to using non-executable pool memory on Windows 8 and later.
38 // https://msdn.microsoft.com/en-us/library/windows/hardware/hh920402(v=vs.85).aspx
39 //
40 ExInitializeDriverRuntime(DrvRtPoolNxOptIn);
41
42 //
43 // Creating the device for interaction with user-mode
44 //
45 Ntstatus = IoCreateDevice(DriverObject,
46 0,
47 &DriverName,
49 FILE_DEVICE_SECURE_OPEN,
50 FALSE,
51 &DeviceObject);
52
53 if (Ntstatus == STATUS_SUCCESS)
54 {
55 for (Index = 0; Index < IRP_MJ_MAXIMUM_FUNCTION; Index++)
56 DriverObject->MajorFunction[Index] = DrvUnsupported;
57
58 //
59 // We cannot use logging mechanism of HyperDbg as it's not initialized yet
60 //
61 DbgPrint("Setting device major functions");
62
63 DriverObject->MajorFunction[IRP_MJ_CLOSE] = DrvClose;
64 DriverObject->MajorFunction[IRP_MJ_CREATE] = DrvCreate;
65 DriverObject->MajorFunction[IRP_MJ_READ] = DrvRead;
66 DriverObject->MajorFunction[IRP_MJ_WRITE] = DrvWrite;
67 DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DrvDispatchIoControl;
68
69 DriverObject->DriverUnload = DrvUnload;
70 IoCreateSymbolicLink(&DosDeviceName, &DriverName);
71 }
72
73 //
74 // Establish user-buffer access method.
75 //
76 if (DeviceObject != NULL)
77 {
78 DeviceObject->Flags |= DO_BUFFERED_IO;
79 }
80
81 //
82 // We cannot use logging mechanism of HyperDbg as it's not initialized yet
83 //
84 DbgPrint("HyperDbg's device and major functions are loaded");
85
86
87 ASSERT(NT_SUCCESS(Ntstatus));
88 return Ntstatus;
89}
#define FALSE
Definition BasicTypes.h:113
#define FILE_DEVICE_UNKNOWN
Definition Ioctls.h:52
struct _UNICODE_STRING UNICODE_STRING
NTSTATUS DrvWrite(PDEVICE_OBJECT DeviceObject, PIRP Irp)
IRP_MJ_WRITE Function handler.
Definition Driver.c:216
NTSTATUS DrvUnsupported(PDEVICE_OBJECT DeviceObject, PIRP Irp)
Unsupported message for all other IRP_MJ_* handlers.
Definition Driver.c:266
NTSTATUS DrvRead(PDEVICE_OBJECT DeviceObject, PIRP Irp)
IRP_MJ_READ Function handler.
Definition Driver.c:192
NTSTATUS DrvClose(PDEVICE_OBJECT DeviceObject, PIRP Irp)
IRP_MJ_CLOSE Function handler.
Definition Driver.c:240
VOID DrvUnload(PDRIVER_OBJECT DriverObject)
Run in the case of driver unload to unregister the devices.
Definition Driver.c:98
NTSTATUS DrvCreate(PDEVICE_OBJECT DeviceObject, PIRP Irp)
IRP_MJ_CREATE Function handler.
Definition Driver.c:120
NTSTATUS DrvDispatchIoControl(PDEVICE_OBJECT DeviceObject, PIRP Irp)
Driver IOCTL Dispatcher.
Definition Ioctl.c:23
NULL()
Definition test-case-generator.py:530

◆ DrvClose()

NTSTATUS DrvClose ( PDEVICE_OBJECT DeviceObject,
PIRP Irp )

IRP_MJ_CLOSE Function handler.

Parameters
DeviceObject
Irp
Returns
NTSTATUS
241{
242 UNREFERENCED_PARAMETER(DeviceObject);
243
244 //
245 // If the close is called means that all of the IOCTLs
246 // are not in a pending state so we can safely allow
247 // a new handle creation for future calls to the driver
248 //
250
251 Irp->IoStatus.Status = STATUS_SUCCESS;
252 Irp->IoStatus.Information = 0;
253 IoCompleteRequest(Irp, IO_NO_INCREMENT);
254
255 return STATUS_SUCCESS;
256}
BOOLEAN g_HandleInUse
Determines whether the one application gets the handle or not this is used to ensure that only one ap...
Definition Global.h:18

◆ DrvCreate()

NTSTATUS DrvCreate ( PDEVICE_OBJECT DeviceObject,
PIRP Irp )

IRP_MJ_CREATE Function handler.

IRP Major Functions.

Parameters
DeviceObject
Irp
Returns
NTSTATUS

IRP_MJ_CREATE Function handler.

121{
122 UNREFERENCED_PARAMETER(DeviceObject);
123
124 //
125 // Check for privilege
126 //
127 // Check for the correct security access.
128 // The caller must have the SeDebugPrivilege.
129 //
130
131 LUID DebugPrivilege = {SE_DEBUG_PRIVILEGE, 0};
132
133 if (!SeSinglePrivilegeCheck(DebugPrivilege, Irp->RequestorMode))
134 {
135 Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
136 Irp->IoStatus.Information = 0;
137 IoCompleteRequest(Irp, IO_NO_INCREMENT);
138
139 return STATUS_ACCESS_DENIED;
140 }
141
142 //
143 // Check to allow just one handle to the driver
144 // means that only one application can get the handle
145 // and new application won't allowed to create a new
146 // handle unless the IRP_MJ_CLOSE called.
147 //
148 if (g_HandleInUse)
149 {
150 //
151 // A driver got the handle before
152 //
153 Irp->IoStatus.Status = STATUS_SUCCESS;
154 Irp->IoStatus.Information = 0;
155 IoCompleteRequest(Irp, IO_NO_INCREMENT);
156
157 return STATUS_SUCCESS;
158 }
159
160 //
161 // Initialize the vmm and the reversing machine
162 //
164 {
165 Irp->IoStatus.Status = STATUS_SUCCESS;
166 Irp->IoStatus.Information = 0;
167 IoCompleteRequest(Irp, IO_NO_INCREMENT);
168
169 return STATUS_SUCCESS;
170 }
171 else
172 {
173 //
174 // There was a problem, so not loaded
175 //
176 Irp->IoStatus.Status = STATUS_UNSUCCESSFUL;
177 Irp->IoStatus.Information = 0;
178 IoCompleteRequest(Irp, IO_NO_INCREMENT);
179
180 return STATUS_UNSUCCESSFUL;
181 }
182}
#define STATUS_UNSUCCESSFUL
Definition Windows.h:172
BOOLEAN LoaderInitVmmAndReversingMachine()
Initialize the VMM and Reversing Machine.
Definition Loader.c:19

◆ DrvRead()

NTSTATUS DrvRead ( PDEVICE_OBJECT DeviceObject,
PIRP Irp )

IRP_MJ_READ Function handler.

Parameters
DeviceObject
Irp
Returns
NTSTATUS
193{
194 UNREFERENCED_PARAMETER(DeviceObject);
195
196 //
197 // Not used
198 //
199 DbgPrint("This function is not used");
200
201 Irp->IoStatus.Status = STATUS_SUCCESS;
202 Irp->IoStatus.Information = 0;
203 IoCompleteRequest(Irp, IO_NO_INCREMENT);
204
205 return STATUS_SUCCESS;
206}

◆ DrvUnload()

VOID DrvUnload ( PDRIVER_OBJECT DriverObject)

Run in the case of driver unload to unregister the devices.

Parameters
DriverObject
Returns
VOID
99{
100 UNICODE_STRING DosDeviceName;
101
102 RtlInitUnicodeString(&DosDeviceName, L"\\DosDevices\\HyperDbgReversingMachineDevice");
103 IoDeleteSymbolicLink(&DosDeviceName);
104 IoDeleteDevice(DriverObject->DeviceObject);
105
106 //
107 // Unloading VMM and Debugger
108 //
110}
VOID LoaderUninitLogTracer()
Uninitialize the log tracer.
Definition Loader.c:104

◆ DrvUnsupported()

NTSTATUS DrvUnsupported ( PDEVICE_OBJECT DeviceObject,
PIRP Irp )

Unsupported message for all other IRP_MJ_* handlers.

Parameters
DeviceObject
Irp
Returns
NTSTATUS
267{
268 UNREFERENCED_PARAMETER(DeviceObject);
269
270 //
271 // Not supported
272 //
273 DbgPrint("This function is not supported");
274
275 Irp->IoStatus.Status = STATUS_SUCCESS;
276 Irp->IoStatus.Information = 0;
277 IoCompleteRequest(Irp, IO_NO_INCREMENT);
278
279 return STATUS_SUCCESS;
280}

◆ DrvWrite()

NTSTATUS DrvWrite ( PDEVICE_OBJECT DeviceObject,
PIRP Irp )

IRP_MJ_WRITE Function handler.

Parameters
DeviceObject
Irp
Returns
NTSTATUS
217{
218 UNREFERENCED_PARAMETER(DeviceObject);
219
220 //
221 // Not used
222 //
223 DbgPrint("This function is not used");
224
225 Irp->IoStatus.Status = STATUS_SUCCESS;
226 Irp->IoStatus.Information = 0;
227 IoCompleteRequest(Irp, IO_NO_INCREMENT);
228
229 return STATUS_SUCCESS;
230}