HyperDbg Debugger
Loading...
Searching...
No Matches
install.h File Reference

Main interface to connect applications to driver headers. More...

Go to the source code of this file.

Macros

#define LIBHYPERDBG_API   __declspec(dllimport)
#define DRIVER_FUNC_INSTALL   0x01
#define DRIVER_FUNC_STOP   0x02
#define DRIVER_FUNC_REMOVE   0x03

Functions

BOOLEAN InstallDriver (SC_HANDLE SchSCManager, LPCTSTR DriverName, LPCTSTR ServiceExe)
 Install driver.
BOOLEAN RemoveDriver (SC_HANDLE SchSCManager, LPCTSTR DriverName)
 Remove Driver.
BOOLEAN StartDriver (SC_HANDLE SchSCManager, LPCTSTR DriverName)
 Start Driver.
BOOLEAN StopDriver (SC_HANDLE SchSCManager, LPCTSTR DriverName)
 Stop driver.
BOOLEAN ManageDriver (_In_ LPCTSTR DriverName, _In_ LPCTSTR ServiceName, _In_ UINT16 Function)
BOOLEAN SetupPathForFileName (const CHAR *FileName, _Inout_updates_bytes_all_(BufferLength) PCHAR FileLocation, ULONG BufferLength, BOOLEAN CheckFileExists)
 Setup file name.

Detailed Description

Main interface to connect applications to driver headers.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2020-04-11

Macro Definition Documentation

◆ DRIVER_FUNC_INSTALL

#define DRIVER_FUNC_INSTALL   0x01

◆ DRIVER_FUNC_REMOVE

#define DRIVER_FUNC_REMOVE   0x03

◆ DRIVER_FUNC_STOP

#define DRIVER_FUNC_STOP   0x02

◆ LIBHYPERDBG_API

#define LIBHYPERDBG_API   __declspec(dllimport)

Function Documentation

◆ InstallDriver()

BOOLEAN InstallDriver ( SC_HANDLE SchSCManager,
LPCTSTR DriverName,
LPCTSTR ServiceExe )

Install driver.

Parameters
SC_HANDLE
LPCTSTR
LPCTSTR
Returns
BOOLEAN
24{
25 SC_HANDLE SchService;
26 DWORD LastError;
27
28 //
29 // NOTE: This creates an entry for a standalone driver. If this
30 // is modified for use with a driver that requires a Tag,
31 // Group, and/or Dependencies, it may be necessary to
32 // query the registry for existing driver information
33 // (in order to determine a unique Tag, etc.)
34 //
35
36 //
37 // Create a new a service object
38 //
39 SchService = CreateService(SchSCManager, // handle of service control manager database
40 DriverName, // address of name of service to start
41 DriverName, // address of display name
42 SERVICE_ALL_ACCESS, // type of access to service
43 SERVICE_KERNEL_DRIVER, // type of service
44 SERVICE_DEMAND_START, // when to start service
45 SERVICE_ERROR_NORMAL, // severity if service fails to start
46 ServiceExe, // address of name of binary file
47 NULL, // service does not belong to a group
48 NULL, // no tag requested
49 NULL, // no dependency names
50 NULL, // use LocalSystem account
51 NULL // no password for service account
52 );
53
54 if (SchService == NULL)
55 {
56 LastError = GetLastError();
57
58 if (LastError == ERROR_SERVICE_EXISTS)
59 {
60 //
61 // The service is already been created
62 // means that, the driver is previously installed
63 //
64 ShowMessages("the service (driver) already exists\n");
65
66 //
67 // We need to remove the old instance of the driver first
68 // Because the version of the driver might be different from the
69 // user-mode application
70 //
71 ShowMessages("trying to remove the old instance of the driver first\n");
72
73 //
74 // Stop the driver
75 //
76 ManageDriver(DriverName, NULL, DRIVER_FUNC_STOP);
77
78 //
79 // Remove the driver
80 //
81 if (ManageDriver(DriverName, NULL, DRIVER_FUNC_REMOVE))
82 {
83 ShowMessages("the old instance of the driver is removed successfully\n");
84 }
85 else
86 {
87 ShowMessages("err, failed to remove the old instance of the driver\n");
88 return FALSE;
89 }
90
91 //
92 // Try to install the driver again
93 //
94 ShowMessages("installing the driver again\n");
95
96 if (InstallDriver(SchSCManager, DriverName, ServiceExe))
97 {
98 return TRUE;
99 }
100 else
101 {
102 ShowMessages("err, failed to install the driver after removing the old instance\n");
103 return FALSE;
104 }
105 }
106 else if (LastError == ERROR_SERVICE_MARKED_FOR_DELETE)
107 {
108 //
109 // Previous instance of the service is not fully deleted so sleep
110 // and try again
111 //
112 ShowMessages("err, previous instance of the service is not fully deleted. Try "
113 "again...\n");
114 return FALSE;
115 }
116 else
117 {
118 ShowMessages("err, CreateService failed (%x)\n", LastError);
119
120 //
121 // Indicate an error
122 //
123 return FALSE;
124 }
125 }
126
127 //
128 // Close the service object
129 //
130 if (SchService)
131 {
132 CloseServiceHandle(SchService);
133 }
134
135 //
136 // Indicate success
137 //
138 return TRUE;
139}
#define TRUE
Definition BasicTypes.h:114
#define FALSE
Definition BasicTypes.h:113
unsigned long DWORD
Definition BasicTypes.h:38
BOOLEAN InstallDriver(SC_HANDLE SchSCManager, LPCTSTR DriverName, LPCTSTR ServiceExe)
Install driver.
Definition install.cpp:23
BOOLEAN ManageDriver(LPCTSTR DriverName, LPCTSTR ServiceName, UINT16 Function)
Manage Driver.
Definition install.cpp:150
#define DRIVER_FUNC_STOP
Definition install.h:35
#define DRIVER_FUNC_REMOVE
Definition install.h:36

◆ ManageDriver()

BOOLEAN ManageDriver ( _In_ LPCTSTR DriverName,
_In_ LPCTSTR ServiceName,
_In_ UINT16 Function )

◆ RemoveDriver()

BOOLEAN RemoveDriver ( SC_HANDLE SchSCManager,
LPCTSTR DriverName )

Remove Driver.

Parameters
SC_HANDLE
LPCTSTR
Returns
BOOLEAN
255{
256 SC_HANDLE SchService;
257 BOOLEAN Res;
258
259 //
260 // Open the handle to the existing service
261 //
262 SchService = OpenService(SchSCManager, DriverName, SERVICE_ALL_ACCESS);
263
264 if (SchService == NULL)
265 {
266 ShowMessages("err, OpenService failed (%x)\n", GetLastError());
267
268 //
269 // Indicate error
270 //
271 return FALSE;
272 }
273
274 //
275 // Mark the service for deletion from the service control manager database
276 //
277 if (DeleteService(SchService))
278 {
279 //
280 // Indicate success
281 //
282 Res = TRUE;
283 }
284 else
285 {
286 ShowMessages("err, DeleteService failed (%x)\n", GetLastError());
287
288 //
289 // Indicate failure. Fall through to properly close the service handle
290 //
291 Res = FALSE;
292 }
293
294 //
295 // Close the service object
296 //
297 if (SchService)
298 {
299 CloseServiceHandle(SchService);
300 }
301
302 return Res;
303}
UCHAR BOOLEAN
Definition BasicTypes.h:35

◆ SetupPathForFileName()

BOOLEAN SetupPathForFileName ( const CHAR * FileName,
_Inout_updates_bytes_all_(BufferLength) PCHAR FileLocation,
ULONG BufferLength,
BOOLEAN CheckFileExists )

Setup file name.

Parameters
FileName
FileLocation
BufferLength
CheckFileExists
Returns
BOOLEAN
476{
477 HANDLE FileHandle;
478 DWORD FileLocLen = 0;
479 HMODULE ProcHandle = GetModuleHandle(NULL);
480 CHAR * Pos;
481
482 //
483 // Get the current directory.
484 //
485
486 /*
487 //
488 // We use the location of running exe instead of
489 // finding driver based on current directory
490 //
491 FileLocLen = GetCurrentDirectory(BufferLength, DriverLocation);
492
493 if (FileLocLen == 0) {
494
495 ShowMessages("err, GetCurrentDirectory failed (%x)\n", GetLastError());
496
497 return FALSE;
498 }
499 */
500
501 GetModuleFileName(ProcHandle, FileLocation, BufferLength);
502
503 Pos = strrchr(FileLocation, '\\');
504 if (Pos != NULL)
505 {
506 //
507 // this will put the null terminator here. you can also copy to
508 // another string if you want, we can also use PathCchRemoveFileSpec
509 //
510 *Pos = '\0';
511 }
512
513 //
514 // Setup path name to driver file
515 //
516 if (FAILED(
517 StringCbCat(FileLocation, BufferLength, "\\")))
518 {
519 return FALSE;
520 }
521 if (FAILED(
522 StringCbCat(FileLocation, BufferLength, FileName)))
523 {
524 return FALSE;
525 }
526
527 if (CheckFileExists)
528 {
529 //
530 // ensure file is in the specified directory
531 //
532 if ((FileHandle = CreateFile(FileLocation, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL)) == INVALID_HANDLE_VALUE)
533 {
534 ShowMessages("err, target file is not loaded\n");
535
536 //
537 // Indicate failure
538 //
539 return FALSE;
540 }
541
542 //
543 // Close open file handle
544 //
545 if (FileHandle)
546 {
547 CloseHandle(FileHandle);
548 }
549 }
550
551 //
552 // Indicate success
553 //
554 return TRUE;
555}
PHANDLE FileHandle
Definition SyscallFootprints.h:133
char CHAR
Definition BasicTypes.h:33

◆ StartDriver()

BOOLEAN StartDriver ( SC_HANDLE SchSCManager,
LPCTSTR DriverName )

Start Driver.

Parameters
SC_HANDLE
LPCTSTR
Returns
BOOLEAN
314{
315 SC_HANDLE SchService;
316 DWORD LastError;
317 BOOLEAN Status = TRUE;
318
319 //
320 // Open the handle to the existing service
321 //
322 SchService = OpenService(SchSCManager, DriverName, SERVICE_ALL_ACCESS);
323
324 if (SchService == NULL)
325 {
326 ShowMessages("err, OpenService failed (%x)\n", GetLastError());
327
328 //
329 // Indicate failure
330 //
331 return FALSE;
332 }
333
334 //
335 // Start the execution of the service (i.e. start the driver)
336 //
337 if (!StartService(SchService, // service identifier
338 0, // number of arguments
339 NULL // pointer to arguments
340 ))
341 {
342 LastError = GetLastError();
343
344 if (LastError == ERROR_SERVICE_ALREADY_RUNNING)
345 {
346 //
347 // Ignore this error
348 //
349 }
350 else if (LastError == ERROR_PATH_NOT_FOUND)
351 {
352 //
353 // Driver not found, or anti-virus limits the access to it
354 //
355 ShowMessages("err, path to the driver not found, or the access to the driver file is limited\n");
356
357 ShowMessages("most of the time, it's because anti-virus software is not finished scanning the drivers, "
358 "so, if you try to load the driver again (re-enter the previous command), the problem will be solved\n");
359
360 //
361 // Indicate failure
362 //
363 Status = FALSE;
364 }
365 else if (LastError == ERROR_INVALID_IMAGE_HASH)
366 {
367 ShowMessages(
368 "err, failed loading driver\n"
369 "it's because either the driver signature enforcement is enabled or HVCI prevents the driver from loading\n"
370 "you should disable the driver signature enforcement by attaching WinDbg or from the boot menu\n"
371 "if the driver signature enforcement is disabled, HVCI might prevent the driver from loading\n"
372 "HyperDbg is not compatible with Virtualization Based Security (VBS)\n"
373 "please follow the instructions from: https://docs.hyperdbg.org/getting-started/build-and-install \n");
374
375 //
376 // Indicate failure. Fall through to properly close the service handle
377 //
378 Status = FALSE;
379 }
380 else
381 {
382 ShowMessages("err, StartService failure (%x)\n", LastError);
383
384 //
385 // Indicate failure. Fall through to properly close the service handle
386 //
387 Status = FALSE;
388 }
389 }
390
391 //
392 // Close the service object
393 //
394 if (SchService)
395 {
396 CloseServiceHandle(SchService);
397 }
398
399 return Status;
400}

◆ StopDriver()

BOOLEAN StopDriver ( SC_HANDLE SchSCManager,
LPCTSTR DriverName )

Stop driver.

Parameters
SC_HANDLE
LPCTSTR
Returns
BOOLEAN
411{
412 BOOLEAN Res = TRUE;
413 SC_HANDLE SchService;
414 SERVICE_STATUS serviceStatus;
415
416 //
417 // Open the handle to the existing service
418 //
419 SchService = OpenService(SchSCManager, DriverName, SERVICE_ALL_ACCESS);
420
421 if (SchService == NULL)
422 {
423 ShowMessages("err, OpenService failed (%x)\n", GetLastError());
424
425 return FALSE;
426 }
427
428 //
429 // Request that the service stop
430 //
431 if (ControlService(SchService, SERVICE_CONTROL_STOP, &serviceStatus))
432 {
433 //
434 // Indicate success
435 //
436 Res = TRUE;
437 }
438 else
439 {
440 ShowMessages("warning, failed to stop the driver. Possible reasons include the driver not currently running or an unsuccessful unload from a previous run. "
441 "This is not an error, HyperDbg tries to remove the previous driver and load it again (%x)\n",
442 GetLastError());
443
444 //
445 // Indicate failure. Fall through to properly close the service handle
446 //
447 Res = FALSE;
448 }
449
450 //
451 // Close the service object
452 //
453 if (SchService)
454 {
455 CloseServiceHandle(SchService);
456 }
457
458 return Res;
459}