HyperDbg Debugger
Loading...
Searching...
No Matches
Functions
install.cpp File Reference

Install functions. More...

#include "pch.h"

Functions

BOOLEAN InstallDriver (SC_HANDLE SchSCManager, LPCTSTR DriverName, LPCTSTR ServiceExe)
 Install driver.
 
BOOLEAN RemoveDriver (SC_HANDLE SchSCManager, LPCTSTR DriverName)
 Remove Driver.
 
BOOLEAN StartDriver (SC_HANDLE SchSCManager, LPCTSTR DriverName)
 Start Driver.
 
BOOLEAN StopDriver (SC_HANDLE SchSCManager, LPCTSTR DriverName)
 Stop driver.
 
BOOLEAN ManageDriver (LPCTSTR DriverName, LPCTSTR ServiceName, UINT16 Function)
 Manage Driver.
 
BOOLEAN SetupPathForFileName (const CHAR *FileName, _Inout_updates_bytes_all_(BufferLength) PCHAR FileLocation, ULONG BufferLength, BOOLEAN CheckFileExists)
 Setup file name.
 

Detailed Description

Install functions.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2020-04-11
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ InstallDriver()

BOOLEAN InstallDriver ( SC_HANDLE SchSCManager,
LPCTSTR DriverName,
LPCTSTR ServiceExe )

Install driver.

Parameters
SC_HANDLE
LPCTSTR
LPCTSTR
Returns
BOOLEAN
36{
37 SC_HANDLE SchService;
38 DWORD LastError;
39
40 //
41 // NOTE: This creates an entry for a standalone driver. If this
42 // is modified for use with a driver that requires a Tag,
43 // Group, and/or Dependencies, it may be necessary to
44 // query the registry for existing driver information
45 // (in order to determine a unique Tag, etc.)
46 //
47
48 //
49 // Create a new a service object
50 //
51 SchService = CreateService(SchSCManager, // handle of service control manager database
52 DriverName, // address of name of service to start
53 DriverName, // address of display name
54 SERVICE_ALL_ACCESS, // type of access to service
55 SERVICE_KERNEL_DRIVER, // type of service
56 SERVICE_DEMAND_START, // when to start service
57 SERVICE_ERROR_NORMAL, // severity if service fails to start
58 ServiceExe, // address of name of binary file
59 NULL, // service does not belong to a group
60 NULL, // no tag requested
61 NULL, // no dependency names
62 NULL, // use LocalSystem account
63 NULL // no password for service account
64 );
65
66 if (SchService == NULL)
67 {
68 LastError = GetLastError();
69
70 if (LastError == ERROR_SERVICE_EXISTS)
71 {
72 //
73 // Ignore this error
74 //
75 return TRUE;
76 }
77 else if (LastError == ERROR_SERVICE_MARKED_FOR_DELETE)
78 {
79 //
80 // Previous instance of the service is not fully deleted so sleep
81 // and try again
82 //
83 ShowMessages("err, previous instance of the service is not fully deleted. Try "
84 "again...\n");
85 return FALSE;
86 }
87 else
88 {
89 ShowMessages("err, CreateService failed (%x)\n", LastError);
90
91 //
92 // Indicate an error
93 //
94 return FALSE;
95 }
96 }
97
98 //
99 // Close the service object
100 //
101 if (SchService)
102 {
103 CloseServiceHandle(SchService);
104 }
105
106 //
107 // Indicate success
108 //
109 return TRUE;
110}
TRUE
#define TRUE
Definition BasicTypes.h:55
FALSE
#define FALSE
Definition BasicTypes.h:54
DWORD
unsigned long DWORD
Definition BasicTypes.h:22
ShowMessages
VOID ShowMessages(const char *Fmt,...)
Show messages.
Definition libhyperdbg.cpp:96

◆ ManageDriver()

BOOLEAN ManageDriver ( LPCTSTR DriverName,
LPCTSTR ServiceName,
UINT16 Function )

Manage Driver.

Parameters
DriverName
ServiceName
Function
Returns
BOOLEAN
122{
123 SC_HANDLE schSCManager;
124 BOOLEAN Res = TRUE;
125
126 //
127 // Insure (somewhat) that the driver and service names are valid
128 //
129 if (!DriverName || !ServiceName)
130 {
131 ShowMessages("invalid Driver or Service provided to ManageDriver() \n");
132
133 return FALSE;
134 }
135
136 //
137 // Connect to the Service Control Manager and open the Services database
138 //
139 schSCManager = OpenSCManager(NULL, // local machine
140 NULL, // local database
141 SC_MANAGER_ALL_ACCESS // access required
142 );
143
144 if (!schSCManager)
145 {
146 ShowMessages("err, OpenSCManager failed (%x)\n", GetLastError());
147
148 return FALSE;
149 }
150
151 //
152 // Do the requested function
153 //
154 switch (Function)
155 {
156 case DRIVER_FUNC_INSTALL:
157
158 //
159 // Install the driver service
160 //
161
162 if (InstallDriver(schSCManager, DriverName, ServiceName))
163 {
164 //
165 // Start the driver service (i.e. start the driver)
166 //
167 Res = StartDriver(schSCManager, DriverName);
168 }
169 else
170 {
171 //
172 // Indicate an error
173 //
174 Res = FALSE;
175 }
176
177 break;
178
179 case DRIVER_FUNC_STOP:
180
181 //
182 // Stop the driver
183 //
184 Res = StopDriver(schSCManager, DriverName);
185
186 break;
187
188 case DRIVER_FUNC_REMOVE:
189
190 //
191 // Remove the driver service
192 //
193 Res = RemoveDriver(schSCManager, DriverName);
194
195 break;
196
197 default:
198
199 ShowMessages("unknown ManageDriver() function \n");
200
201 Res = FALSE;
202
203 break;
204 }
205
206 //
207 // Close handle to service control manager
208 //
209 if (schSCManager)
210 {
211 CloseServiceHandle(schSCManager);
212 }
213
214 return Res;
215}
BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39
InstallDriver
BOOLEAN InstallDriver(SC_HANDLE SchSCManager, LPCTSTR DriverName, LPCTSTR ServiceExe)
Install driver.
Definition install.cpp:35
RemoveDriver
BOOLEAN RemoveDriver(SC_HANDLE SchSCManager, LPCTSTR DriverName)
Remove Driver.
Definition install.cpp:225
StopDriver
BOOLEAN StopDriver(SC_HANDLE SchSCManager, LPCTSTR DriverName)
Stop driver.
Definition install.cpp:380
StartDriver
BOOLEAN StartDriver(SC_HANDLE SchSCManager, LPCTSTR DriverName)
Start Driver.
Definition install.cpp:284
DRIVER_FUNC_STOP
#define DRIVER_FUNC_STOP
Definition install.h:35
DRIVER_FUNC_REMOVE
#define DRIVER_FUNC_REMOVE
Definition install.h:36
DRIVER_FUNC_INSTALL
#define DRIVER_FUNC_INSTALL
Definition install.h:34

◆ RemoveDriver()

BOOLEAN RemoveDriver ( SC_HANDLE SchSCManager,
LPCTSTR DriverName )

Remove Driver.

Parameters
SC_HANDLE
LPCTSTR
Returns
BOOLEAN
226{
227 SC_HANDLE SchService;
228 BOOLEAN Res;
229
230 //
231 // Open the handle to the existing service
232 //
233 SchService = OpenService(SchSCManager, DriverName, SERVICE_ALL_ACCESS);
234
235 if (SchService == NULL)
236 {
237 ShowMessages("err, OpenService failed (%x)\n", GetLastError());
238
239 //
240 // Indicate error
241 //
242 return FALSE;
243 }
244
245 //
246 // Mark the service for deletion from the service control manager database
247 //
248 if (DeleteService(SchService))
249 {
250 //
251 // Indicate success
252 //
253 Res = TRUE;
254 }
255 else
256 {
257 ShowMessages("err, DeleteService failed (%x)\n", GetLastError());
258
259 //
260 // Indicate failure. Fall through to properly close the service handle
261 //
262 Res = FALSE;
263 }
264
265 //
266 // Close the service object
267 //
268 if (SchService)
269 {
270 CloseServiceHandle(SchService);
271 }
272
273 return Res;
274}

◆ SetupPathForFileName()

BOOLEAN SetupPathForFileName ( const CHAR * FileName,
_Inout_updates_bytes_all_(BufferLength) PCHAR FileLocation,
ULONG BufferLength,
BOOLEAN CheckFileExists )

Setup file name.

Parameters
FileName
FileLocation
BufferLength
CheckFileExists
Returns
BOOLEAN
444{
445 HANDLE FileHandle;
446 DWORD FileLocLen = 0;
447 HMODULE ProcHandle = GetModuleHandle(NULL);
448 char * Pos;
449
450 //
451 // Get the current directory.
452 //
453
454 /*
455 //
456 // We use the location of running exe instead of
457 // finding driver based on current directory
458 //
459 FileLocLen = GetCurrentDirectory(BufferLength, DriverLocation);
460
461 if (FileLocLen == 0) {
462
463 ShowMessages("err, GetCurrentDirectory failed (%x)\n", GetLastError());
464
465 return FALSE;
466 }
467 */
468
469 GetModuleFileName(ProcHandle, FileLocation, BufferLength);
470
471 Pos = strrchr(FileLocation, '\\');
472 if (Pos != NULL)
473 {
474 //
475 // this will put the null terminator here. you can also copy to
476 // another string if you want, we can also use PathCchRemoveFileSpec
477 //
478 *Pos = '\0';
479 }
480
481 //
482 // Setup path name to driver file
483 //
484 if (FAILED(
485 StringCbCat(FileLocation, BufferLength, "\\")))
486 {
487 return FALSE;
488 }
489 if (FAILED(
490 StringCbCat(FileLocation, BufferLength, FileName)))
491 {
492 return FALSE;
493 }
494
495 if (CheckFileExists)
496 {
497 //
498 // ensure file is in the specified directory
499 //
500 if ((FileHandle = CreateFile(FileLocation, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL)) == INVALID_HANDLE_VALUE)
501 {
502 ShowMessages("err, target file is not loaded\n");
503
504 //
505 // Indicate failure
506 //
507 return FALSE;
508 }
509
510 //
511 // Close open file handle
512 //
513 if (FileHandle)
514 {
515 CloseHandle(FileHandle);
516 }
517 }
518
519 //
520 // Indicate success
521 //
522 return TRUE;
523}
FileHandle
PHANDLE FileHandle
Definition Hooks.h:129

◆ StartDriver()

BOOLEAN StartDriver ( SC_HANDLE SchSCManager,
LPCTSTR DriverName )

Start Driver.

Parameters
SC_HANDLE
LPCTSTR
Returns
BOOLEAN
285{
286 SC_HANDLE SchService;
287 DWORD LastError;
288 BOOLEAN Status = TRUE;
289
290 //
291 // Open the handle to the existing service
292 //
293 SchService = OpenService(SchSCManager, DriverName, SERVICE_ALL_ACCESS);
294
295 if (SchService == NULL)
296 {
297 ShowMessages("err, OpenService failed (%x)\n", GetLastError());
298
299 //
300 // Indicate failure
301 //
302 return FALSE;
303 }
304
305 //
306 // Start the execution of the service (i.e. start the driver)
307 //
308 if (!StartService(SchService, // service identifier
309 0, // number of arguments
310 NULL // pointer to arguments
311 ))
312 {
313 LastError = GetLastError();
314
315 if (LastError == ERROR_SERVICE_ALREADY_RUNNING)
316 {
317 //
318 // Ignore this error
319 //
320 }
321 else if (LastError == ERROR_PATH_NOT_FOUND)
322 {
323 //
324 // Driver not found, or anti-virus limits the access to it
325 //
326 ShowMessages("err, path to the driver not found, or the access to the driver file is limited\n");
327
328 ShowMessages("most of the time, it's because anti-virus software is not finished scanning the drivers, so, if you try to load the driver again (re-enter the previous command), the problem will be solved\n");
329
330 //
331 // Indicate failure
332 //
333 Status = FALSE;
334 }
335 else if (LastError == ERROR_INVALID_IMAGE_HASH)
336 {
337 ShowMessages(
338 "err, failed loading driver\n"
339 "it's because either the driver signature enforcement is enabled or HVCI prevents the driver from loading\n"
340 "you should disable the driver signature enforcement by attaching WinDbg or from the boot menu\n"
341 "if the driver signature enforcement is disabled, HVCI might prevent the driver from loading\n"
342 "HyperDbg is not compatible with Virtualization Based Security (VBS)\n"
343 "please follow the instructions from: https://docs.hyperdbg.org/getting-started/build-and-install \n");
344
345 //
346 // Indicate failure. Fall through to properly close the service handle
347 //
348 Status = FALSE;
349 }
350 else
351 {
352 ShowMessages("err, StartService failure (%x)\n", LastError);
353
354 //
355 // Indicate failure. Fall through to properly close the service handle
356 //
357 Status = FALSE;
358 }
359 }
360
361 //
362 // Close the service object
363 //
364 if (SchService)
365 {
366 CloseServiceHandle(SchService);
367 }
368
369 return Status;
370}

◆ StopDriver()

BOOLEAN StopDriver ( SC_HANDLE SchSCManager,
LPCTSTR DriverName )

Stop driver.

Parameters
SC_HANDLE
LPCTSTR
Returns
BOOLEAN
381{
382 BOOLEAN Res = TRUE;
383 SC_HANDLE SchService;
384 SERVICE_STATUS serviceStatus;
385
386 //
387 // Open the handle to the existing service
388 //
389 SchService = OpenService(SchSCManager, DriverName, SERVICE_ALL_ACCESS);
390
391 if (SchService == NULL)
392 {
393 ShowMessages("err, OpenService failed (%x)\n", GetLastError());
394
395 return FALSE;
396 }
397
398 //
399 // Request that the service stop
400 //
401 if (ControlService(SchService, SERVICE_CONTROL_STOP, &serviceStatus))
402 {
403 //
404 // Indicate success
405 //
406 Res = TRUE;
407 }
408 else
409 {
410 ShowMessages("err, ControlService failed (%x)\n", GetLastError());
411
412 //
413 // Indicate failure. Fall through to properly close the service handle
414 //
415 Res = FALSE;
416 }
417
418 //
419 // Close the service object
420 //
421 if (SchService)
422 {
423 CloseServiceHandle(SchService);
424 }
425
426 return Res;
427}