init.c

VC实现的系统HOOK,可以对系统的中断情况查询。

/*
InterruptHook
Copyright (C) 2003  Alexander M.

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
*/

#include <ntddk.h>
#include "dispatch.h"
#include "hook.h"
#include "debug.h"

PDEVICE_OBJECT	gpCtrlDevice = NULL;

NTSTATUS
DriverEntry(
		IN	PDRIVER_OBJECT		pDriverObject, 
		IN	PUNICODE_STRING		pRegistryPath )
{
	NTSTATUS iStatus = STATUS_SUCCESS;
	UNICODE_STRING	DeviceName, SymlinkName;
	ULONG	i;
	char c1, c2;

	RtlInitUnicodeString( &DeviceName, L"\\Device\\InterruptHook" );
	RtlInitUnicodeString( &SymlinkName, L"\\DosDevices\\InterruptHook" );

	do
	{
		iStatus = IoCreateDevice( 
			pDriverObject, 
			0, 
			&DeviceName, 
			FILE_DEVICE_UNKNOWN, 
			0, 
			TRUE, 
			&gpCtrlDevice );

		if( !NT_SUCCESS( iStatus ) )
		{
			DPRINT( "DriverEntry: IoCreateDevice failed 0x%.8X\n", iStatus );
			break;
		}

		gpCtrlDevice->Flags |= DO_DIRECT_IO;

		iStatus = IoCreateSymbolicLink( 
			&SymlinkName, 
			&DeviceName );

		if( !NT_SUCCESS( iStatus ) )
		{
			DPRINT( "DriverEntry: IoCreateSymbolicLink failed 0x%.8X\n", iStatus );
			break;
		}

		for( i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++ )
			pDriverObject->MajorFunction[i] = IoDispatch;

		pDriverObject->MajorFunction[IRP_MJ_READ]			= 
		pDriverObject->MajorFunction[IRP_MJ_WRITE]			= IoReadWrite;
		pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = IoDeviceControl;

		pDriverObject->DriverUnload							= Unload;

		BackupNtVectors();
		SetExternalHandlers();

		return iStatus;
	} while( FALSE );

	if( gpCtrlDevice )
		IoDeleteDevice( gpCtrlDevice );

	return iStatus;
}