📄 comspy.c
字号:
return status;
}
NTSTATUS ComSpy_Close(PDEVICE_OBJECT DeviceObject, PIRP Irp)
{
NTSTATUS NtStatus = STATUS_SUCCESS;
PDEVICE_EXTENSION pExt = (PDEVICE_EXTENSION)DeviceObject->DeviceExtension;
PIO_STACK_LOCATION IrpStack;
DbgPrint("+ ComSpy_Close Called \r\n");
if(DeviceObject->DeviceType==FILE_DEVICE_COMPORT)
{
return IOCtrl_CreateClose(DeviceObject,Irp);
}
IrpStack = IoGetCurrentIrpStackLocation(Irp);
IoSkipCurrentIrpStackLocation(Irp);
// IoCopyCurrentIrpStackLocationToNext(Irp);
// IoSetCompletionRoutine(Irp, (PIO_COMPLETION_ROUTINE) DefaultCompletion, NULL, TRUE, TRUE, TRUE);
NtStatus = IoCallDriver(pExt->TargetDeviceObject, Irp);
DbgPrint("- ComSpy_Close Exit 0x%0x \r\n", NtStatus);
return NtStatus;
}
NTSTATUS ComSpy_DispatchPassThrough(PDEVICE_OBJECT DeviceObject, PIRP Irp)
{
PIO_STACK_LOCATION IrpStack;
// PIO_STACK_LOCATION NextIrpStack;
NTSTATUS NtStatus = STATUS_NOT_SUPPORTED;
PDEVICE_EXTENSION pExt = (PDEVICE_EXTENSION)DeviceObject->DeviceExtension;
DbgPrint("ComSpy_DispatchPassThrough Called \r\n");
if(DeviceObject->DeviceType==FILE_DEVICE_COMPORT)
{
return IOCtrl_CreateClose(DeviceObject,Irp);
}
IrpStack = IoGetCurrentIrpStackLocation(Irp);
// NextIrpStack = IoGetNextIrpStackLocation(Irp);
switch(IrpStack->MajorFunction)
{
case IRP_MJ_CREATE:
DbgPrint("ComSpy (IRP_MJ_CREATE)...\n");
break;
case IRP_MJ_CLOSE:
DbgPrint("ComSpy (IRP_MJ_CLOSE)...\n");
break;
case IRP_MJ_READ:
DbgPrint("ComSpy (IRP_MJ_READ)...\n");
break;
case IRP_MJ_WRITE:
DbgPrint("ComSpy (IRP_MJ_WRITE)...\n");
break;
case IRP_MJ_DEVICE_CONTROL:
DbgPrint("ComSpy (IRP_MJ_DEVICE_CONTROL)...\n");
break;
case IRP_MJ_CLEANUP:
DbgPrint("ComSpy (IRP_MJ_CLEANUP)...\n");
break;
case IRP_MJ_POWER:
DbgPrint("ComSpy (IRP_MJ_POWER)... MinorFunction 0x%x\n",IrpStack->MinorFunction);
break;
default:
DbgPrint("ComSpy (OTHER_MAJOR_FUNCTION)... 0x%x \n",IrpStack->MajorFunction);
break;
}
IoSkipCurrentIrpStackLocation(Irp);
// IoCopyCurrentIrpStackLocationToNext(Irp);
// IoSetCompletionRoutine(Irp, (PIO_COMPLETION_ROUTINE) DefaultCompletion, pExt, TRUE, TRUE, TRUE);
NtStatus = IoCallDriver(pExt->TargetDeviceObject, Irp);
DbgPrint("ComSpy_DispatchPassThrough Exit 0x%0x \r\n", NtStatus);
return NtStatus;
}
NTSTATUS DefaultCompletion(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp,IN PVOID Context)
{
// NTSTATUS status;
DbgPrint("DefaultCompletion Called \r\n" );
if (Irp->PendingReturned)
{
IoMarkIrpPending(Irp);
}
return STATUS_SUCCESS;
}
NTSTATUS Add_IoControlDevice( IN PDRIVER_OBJECT DriverObj, IN PUNICODE_STRING RegtryPath)
{
PDEVICE_OBJECT deviceObject;
NTSTATUS status;
UNICODE_STRING uniNameString, uniDOSString;
PZT_DEVICE_EXTENSION pDevExt;
DbgPrint("ComSpy_IOCtrl Create Device OK \n");
RtlInitUnicodeString(&uniNameString, NameBuffer);
RtlInitUnicodeString(&uniDOSString, DOSNameBuffer);
status = IoCreateDevice(DriverObj,sizeof(ZT_DEVICE_EXTENSION),
&uniNameString,
FILE_DEVICE_COMPORT,
0, FALSE, &deviceObject);
if(!NT_SUCCESS(status))
{
return status;
}
pDevExt = (PZT_DEVICE_EXTENSION )( deviceObject->DeviceExtension );
RtlZeroMemory( pDevExt, sizeof( PZT_DEVICE_EXTENSION ) );
pDevExt->fdo=deviceObject;
////////////////////////////////////////////////////////////
pDevExt->SystemVirtualAddress = ExAllocatePool(NonPagedPool, 8);
pDevExt->MyMdl = IoAllocateMdl(pDevExt->SystemVirtualAddress, 8, FALSE, FALSE, NULL);
MmBuildMdlForNonPagedPool(pDevExt->MyMdl);
///////////////////////////////////////////////////////////
status = IoCreateSymbolicLink (&uniDOSString, &uniNameString);
if (!NT_SUCCESS(status))
{
return status;
}
deviceObject->Flags |= DO_BUFFERED_IO;
/////////////////////////////////////////////////////
return STATUS_SUCCESS;
}
NTSTATUS IOCtrl_CreateClose(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
PIO_STACK_LOCATION IrpStack;
NTSTATUS ntStatus;
PIO_REQ pReq;
PLIST_ENTRY link;
DbgPrint("ComSpy_IOCtrl Dispatch OK \n");
Irp->IoStatus.Status = STATUS_SUCCESS; // 返回状态
Irp->IoStatus.Information = 0;
IrpStack = IoGetCurrentIrpStackLocation(Irp);
switch (IrpStack->MajorFunction)
{
case IRP_MJ_CREATE:
DbgPrint("ComSpy IOCtrl (IRP_MJ_CREATE)...\n");
g_bStartMon=0x1;
break;
case IRP_MJ_CLOSE:
g_bStartMon=0x0;
DbgPrint("ComSpy IOCtrl (IRP_MJ_CLOSE)...\n");
/////////////////////////////////////////
while (link = ExInterlockedRemoveHeadList(&g_data_lst, &g_req_splock))
{
pReq= CONTAINING_RECORD(link,IO_REQ,entry);
ExFreePool(pReq->pData);
ExFreePool(pReq);
}
/////////////////////////////////////////
break;
default:
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
DbgPrint("ComSpy IOCtrl (OTHER_MAJOR_FUNCTION)... 0x%x \n",IrpStack->MajorFunction);
break;
}
ntStatus = Irp->IoStatus.Status;
IoCompleteRequest (Irp, IO_NO_INCREMENT); //complete the request
return ntStatus;
}
NTSTATUS OpenCompletion(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp,
IN PVOID Context)
{
PIO_REQ req;
DbgPrint("ComSpy CreateCompletion OK \n");
if (Irp->PendingReturned)
{
IoMarkIrpPending(Irp);
}
if (Irp->IoStatus.Status==STATUS_SUCCESS)
{
PIO_STACK_LOCATION cur;
cur = IoGetCurrentIrpStackLocation(Irp);
req = ExAllocatePool(NonPagedPool,sizeof(IO_REQ));
req->type=REQ_OPEN;
// req->SizeRequested=cur->Parameters.Read.Length;
req->SizeCopied=Irp->IoStatus.Information;
if(req->SizeCopied)
{
req->pData=ExAllocatePool(NonPagedPool,req->SizeCopied);
RtlCopyMemory(req->pData,NULL,req->SizeCopied);
}
ExInterlockedInsertTailList(&g_data_lst, &(req->entry),&g_req_splock);
}
return STATUS_SUCCESS;
}
NTSTATUS CloseCompletion(IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,IN PVOID Context)
{
PIO_REQ req;
DbgPrint("ComSpy CloseCompletion OK \n");
if (Irp->PendingReturned)
{
IoMarkIrpPending(Irp);
}
if (Irp->IoStatus.Information)
{
PIO_STACK_LOCATION cur;
cur = IoGetCurrentIrpStackLocation(Irp);
req = ExAllocatePool(NonPagedPool,sizeof(IO_REQ));
req->type=REQ_CLOSE;
// req->SizeRequested=cur->Parameters.Read.Length;
req->SizeCopied=Irp->IoStatus.Information;
if(req->SizeCopied)
{
req->pData=ExAllocatePool(NonPagedPool,req->SizeCopied);
RtlCopyMemory(req->pData,NULL,req->SizeCopied);
}
ExInterlockedInsertTailList(&g_data_lst, &(req->entry),&g_req_splock);
}
return STATUS_SUCCESS;
}
NTSTATUS ReadCompletion(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp,IN PVOID Context)
{
PIO_REQ req;
DbgPrint("ComSpy ReadCompletion OK \n");
if (Irp->PendingReturned)
{
IoMarkIrpPending(Irp);
}
if (Irp->IoStatus.Status==STATUS_SUCCESS && g_bStartMon!=0)
{
PIO_STACK_LOCATION cur;
cur = IoGetCurrentIrpStackLocation(Irp);
req = ExAllocatePool(NonPagedPool,sizeof(IO_REQ));
req->type=REQ_READ;
// req->SizeRequested=cur->Parameters.Read.Length;
req->SizeCopied=Irp->IoStatus.Information;
if(req->SizeCopied)
{
req->pData=ExAllocatePool(NonPagedPool,req->SizeCopied);
RtlCopyMemory(req->pData,Irp->AssociatedIrp.SystemBuffer,req->SizeCopied);
}
req->SizeTotal= sizeof(IO_REQ)+req->SizeCopied;
g_szCount=g_szCount+req->SizeTotal;
ExInterlockedInsertTailList(&g_data_lst, &(req->entry),&g_req_splock);
/////////////////////////////////////////////////////
memcpy(SystemVirtualAddress, &g_szCount, 4);
DbgPrint("ComSpy ReadCompletion OK Add Bytes %x \n",req->SizeTotal);
KeSetEvent(gpEventObject,0,FALSE);
}
return STATUS_SUCCESS;
}
NTSTATUS WriteCompletion(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp,IN PVOID Context)
{
PIO_REQ req;
DbgPrint("ComSpy WriteCompletion OK \n");
if (Irp->PendingReturned)
{
IoMarkIrpPending(Irp);
}
if (Irp->IoStatus.Status==STATUS_SUCCESS && g_bStartMon!=0 )
{
PIO_STACK_LOCATION cur;
cur = IoGetCurrentIrpStackLocation(Irp);
req = ExAllocatePool(NonPagedPool,sizeof(IO_REQ));
req->type=REQ_WRITE;
// req->SizeRequested=cur->Parameters.Read.Length;
req->SizeCopied=Irp->IoStatus.Information;
if(req->SizeCopied)
{
req->pData=ExAllocatePool(NonPagedPool,req->SizeCopied);
RtlCopyMemory(req->pData,Irp->AssociatedIrp.SystemBuffer,req->SizeCopied);
}
req->SizeTotal= sizeof(IO_REQ)+req->SizeCopied;
g_szCount=g_szCount+req->SizeTotal;
ExInterlockedInsertTailList(&g_data_lst, &(req->entry),&g_req_splock);
/////////////////////////////////////////////////////
memcpy(SystemVirtualAddress, &g_szCount, 4);
DbgPrint("ComSpy WriteCompletion OK Add Bytes %x \n",req->SizeTotal);
KeSetEvent(gpEventObject,0,FALSE);
}
return STATUS_SUCCESS;
}
NTSTATUS IOCompletion(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp,
IN PVOID Context)
{
PIO_REQ req;
// DbgPrint("ComSpy IoCtlCompletion OK \n");
if (Irp->PendingReturned)
{
IoMarkIrpPending(Irp);
}
if (Irp->IoStatus.Status==STATUS_SUCCESS && g_bStartMon!=0)
{
PIO_STACK_LOCATION cur;
cur = IoGetCurrentIrpStackLocation(Irp);
// DbgPrint("IoCtlCompletion IoControlCode %x \n",cur->Parameters.DeviceIoControl.IoControlCode);
switch(cur->Parameters.DeviceIoControl.IoControlCode)
{
case IOCTL_SERIAL_SET_BAUD_RATE:
req = ExAllocatePool(NonPagedPool,sizeof(IO_REQ));
req->type=REQ_SETBAUDRATE;
// req->SizeRequested=sizeof(ULONG);
req->SizeCopied=sizeof(ULONG);
if(req->SizeCopied)
{
req->pData=ExAllocatePool(NonPagedPool,req->SizeCopied);
RtlCopyMemory(req->pData,Irp->AssociatedIrp.SystemBuffer,req->SizeCopied);
}
req->SizeTotal= sizeof(IO_REQ)+req->SizeCopied;
g_szCount=g_szCount+req->SizeTotal;
ExInterlockedInsertTailList(&g_data_lst, &(req->entry),&g_req_splock);
/////////////////////////////////////////////////////
memcpy(SystemVirtualAddress, &g_szCount, 4);
DbgPrint("ComSpy IoCtlCompletion OK Add Bytes %x \n",req->SizeTotal);
KeSetEvent(gpEventObject,0,FALSE);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -