|
|
От: |
Valery A. Boronin
|
linkedin.com/in/boronin |
| Дата: | 17.04.05 14:15 | ||
| Оценка: | |||
\Registry\Machine\System\CurrentControlSet\Services\<YourDriverName>
...
Parameters
ClientDriverName = REG_SZ drvname
ClientDeviceName = REG_SZ devname
///////////////////////////////////////////////////////////////////////////
//
// Function: DriverEntry()
//
// Description:
//
// The routine is invoked at IRQL PASSIVE_LEVEL in the context of a system worker thread.
// All Filter driver specific data structures etc. are initialized here.
//
// Expected Interrupt Level (for execution) :
//
// IRQL_PASSIVE_LEVEL
//
// Return Value: STATUS_SUCCESS/Error (will cause driver to be unloaded).
//
///////////////////////////////////////////////////////////////////////////
NTSTATUS DriverEntry(
PDRIVER_OBJECT DriverObject, // created by the I/O sub-system
PUNICODE_STRING RegistryPath) // path to the registry key
{
NTSTATUS ntStatus = STATUS_SUCCESS;
RTL_QUERY_REGISTRY_TABLE paramTable[3];
UNICODE_STRING parametersPath;
UNICODE_STRING clientDriverName,clientDeviceName;
UNICODE_STRING defaultDriver;
UNICODE_STRING defaultDevice;
...
try {
try {
//VB++, 17/04/05,
//код по инициализации некоторых UNICODE_STRING и т.п., а также обработка ошибок вырезана
...
//
//query the registry
//
//оставил для примера инициализацию clientDriverName
clientDriverName.Buffer = ExAllocatePool(NonPagedPool, CLIENT_DRV_NAME_LENGTH);
if(clientDriverName.Buffer == NULL)
{
return STATUS_UNSUCCESSFUL;
}
clientDriverName.MaximumLength = CLIENT_DRV_NAME_LENGTH;
clientDriverName.Length = CLIENT_DRV_NAME_LENGTH;
RtlZeroMemory(clientDriverName.Buffer, CLIENT_DRV_NAME_LENGTH);
RtlInitUnicodeString(&defaultDriver, L"DummyDriver");
RtlInitUnicodeString(&defaultDevice, L"\\Device\\DummyDevice");
//наше добро в \Parameters - надо добавить
RtlInitUnicodeString(¶metersPath, NULL);
parametersPath.MaximumLength = RegistryPath->MaximumLength + wcslen(L"\\Parameters")*sizeof(WCHAR) + sizeof(WCHAR);
parametersPath.Length = RegistryPath->MaximumLength + wcslen(L"\\Parameters")*sizeof(WCHAR) + sizeof(WCHAR);
parametersPath.Buffer = ExAllocatePool(NonPagedPool,parametersPath.MaximumLength);
RtlZeroMemory(parametersPath.Buffer, parametersPath.MaximumLength);
wcsncat(parametersPath.Buffer, RegistryPath->Buffer, (RegistryPath->Length)/sizeof(WCHAR));
wcsncat(parametersPath.Buffer, L"\\Parameters", wcslen(L"\\Parameters"));
//we need only 2 params, last item must be zero
RtlZeroMemory(¶mTable[0], sizeof(RTL_QUERY_REGISTRY_TABLE)*3);
paramTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT;
paramTable[0].Name = L"ClientDriverName";
paramTable[0].EntryContext = &clientDriverName;
paramTable[0].DefaultData = &defaultDriver;
paramTable[0].DefaultType = REG_SZ;
paramTable[0].DefaultLength = defaultDriver.Length;
paramTable[1].Flags = RTL_QUERY_REGISTRY_DIRECT;
paramTable[1].Name = L"ClientDeviceName";
paramTable[1].EntryContext = &clientDeviceName;
paramTable[1].DefaultData = &defaultDevice;
paramTable[1].DefaultType = REG_SZ;
paramTable[1].DefaultLength = defaultDevice.Length;
//на выходе в clientDriverName и clientDeviceName должно быть искомое
//если в реестре чего-то не было - будет использовано значение по умолчанию
ntStatus = RtlQueryRegistryValues(
RTL_REGISTRY_ABSOLUTE | RTL_REGISTRY_OPTIONAL,
parametersPath.Buffer,
¶mTable[0],
NULL,
NULL);
//apply global structure with info we've just got
wcscat(FilterGlobalData.ClientDriverPath.Buffer,L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services\\");
wcscat(FilterGlobalData.ClientDriverPath.Buffer, clientDriverName.Buffer);
//we are able to use it later in the ZwLoadDriver, for ex. That's enough for RSDN question, I think ;-)
...
}
except (EXCEPTION_EXECUTE_HANDLER)
{
//
// We encountered an exception somewhere.
//
ntStatus = GetExceptionCode();
DbgBreakPoint();
}
try_exit: NOTHING;
}
finally
{
//
// If we were unsuccessful.
//
if (!NT_SUCCESS(ntStatus))
{
//
// cleanup steps
//
}
else
{
//
//In order to hook FSDs that cannot be hooked via Notification
//
...
}
}
return(ntStatus);
}