📄 main.cpp
字号:
/*++
Copyright (c) 2002 Sten
Contact information:
mail: stenri@mail.ru
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
Module Name:
main.cpp
Abstract: Implements DriverEntry and other driver-related functions.
Revision History:
29.11.2002 - File renamed to main.cpp
Sten 05/06/2002 - dbg.cpp Initial release
--*/
extern "C" {
#pragma warning ( push, 3 )
#include <ntddk.h>
#pragma warning ( pop )
}
#pragma warning ( disable: 4514 ) // unreferenced inline function has been removed
#pragma warning ( disable: 4127 ) // conditional expression is constant
#include <windef.h>
#include <ntverp.h>
#include <stdio.h>
#include "wdbgexts.h"
#include "ver.h"
#include "defs.h"
#include "pgfault.h"
#include "ntoskrnl.h"
#include "softice.h"
#include "multicpu.h"
#include "ac97.h"
#include "keyboard.h"
extern "C" {
extern char Font08x08;
extern char Font08x16;
}
extern void InitThread();
extern DWORD si_Init();
extern void InstallActivateBPsHook(); // activatehook.cpp
extern void RemoveActivateBPsHook();
extern void InstallDeactivateBPsHook(); // activatehook.cpp
extern void RemoveDeactivateBPsHook();
extern NTSTATUS InitSwapContextHook(); // taskswch.cpp
extern void RemoveSwapContextHook();
extern NTSTATUS InitProcessHook(); // process.cpp
extern void RemoveProcessHook();
extern NTSTATUS ProtectInit(); // protect.cpp
extern void ProtectDone();
extern NTSTATUS InitNTosKernel(); // ntoskrnl.cpp
extern int RehookSystemApi(); // cmd_unhook.cpp
extern NTSTATUS InitSiwvid(PDRIVER_OBJECT Drv); // siwvid.cpp
extern void DoneSiwvid();
extern void MyDumpFilter(void); // cmd_cp.cpp
extern NTSTATUS InitTracer(void); // tracer.cpp
extern void DoneTracer(void);
VOID UnloadDriver(IN PDRIVER_OBJECT Driver);
PDRIVER_OBJECT MyDriver=0;
static char szBanner[] =
"------------------------------------------------------\n"
"- IceExt version %u.%02u -\n"
"- (c) Sten, 2002-2004 -\n"
"------------------------------------------------------\n";
BOOLEAN IsRegistryKeyExists(IN PWSTR pszRegPath, IN PWSTR pszParameter)
{
HANDLE hkey;
NTSTATUS ntStatus;
OBJECT_ATTRIBUTES oa;
UNICODE_STRING RegistryPath;
ASSERT(pszRegPath);
if (!pszRegPath)
return FALSE;
RtlInitUnicodeString(&RegistryPath, pszRegPath);
InitializeObjectAttributes(&oa, &RegistryPath, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, NULL, NULL);
ntStatus = ZwOpenKey(&hkey, KEY_READ, &oa);
if (NT_SUCCESS(ntStatus))
{
ULONG size = 0;
RtlInitUnicodeString(&RegistryPath, pszParameter);
ntStatus = ZwQueryValueKey(hkey, &RegistryPath, KeyValuePartialInformation, NULL, 0, &size);
if (ntStatus == STATUS_BUFFER_TOO_SMALL) ntStatus = STATUS_SUCCESS;
ZwClose(hkey);
}
return NT_SUCCESS(ntStatus);
}
ULONG ReadRegistryUlong(IN PWSTR pszRegPath, IN PWSTR pszParameter, ULONG ulDefaultValue)
{
HANDLE hkey;
NTSTATUS ntStatus;
OBJECT_ATTRIBUTES oa;
UNICODE_STRING RegistryPath;
struct{
KEY_VALUE_PARTIAL_INFORMATION kvpi;
UCHAR Padding[3];
}reg_data;
ASSERT(pszRegPath);
if (!pszRegPath)
return ulDefaultValue;
RtlZeroMemory(®_data, sizeof(reg_data));
RtlInitUnicodeString(&RegistryPath, pszRegPath);
InitializeObjectAttributes(&oa, &RegistryPath, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, NULL, NULL);
ntStatus = ZwOpenKey(&hkey, KEY_READ, &oa);
if (NT_SUCCESS(ntStatus))
{
ULONG size = 0;
RtlInitUnicodeString(&RegistryPath, pszParameter);
ntStatus = ZwQueryValueKey(hkey, &RegistryPath, KeyValuePartialInformation, ®_data, sizeof(reg_data), &size);
ZwClose(hkey);
}
return NT_SUCCESS(ntStatus) ? *(PULONG)®_data.kvpi.Data : ulDefaultValue;
}
/////////////////////////////////////////////////////////////////////////////
//
// DriverEntry
//
// NOTE: SoftICE calls this routine from it's hook with params like to
// DLLEntryPoint
/////////////////////////////////////////////////////////////////////////////
extern "C"
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath)
{
UNREFERENCED_PARAMETER(RegistryPath);
MyDriver = DriverObject;
DriverObject->DriverUnload = UnloadDriver;
// print banner
DbgPrint(szBanner, ICEEXT_VERSION_MAJOR, ICEEXT_VERSION_MINOR);
mp_Init(); // init MP module
si_Init(); // find some useful SoftICE functions
ULONG dwIceExtBase = UtGetModuleBaseByAddr((ULONG)&UnloadDriver);
if (dwIceExtBase && si_InitCompleted)
{
si_LoadKDE(dwIceExtBase);
}
else
{
si_InitCompleted = FALSE;
}
return STATUS_SUCCESS;
}
/////////////////////////////////////////////////////////////////////////////
//
// WinDbgExtensionDllInit
//
//
//
/////////////////////////////////////////////////////////////////////////////
EXT_API_VERSION ApiVersion = { 3, 5, EXT_API_VERSION_NUMBER, 0 };
WINDBG_EXTENSION_APIS ExtensionApis;
static USHORT SavedMajorVersion;
static USHORT SavedMinorVersion;
static VOID ProcessIniFile(VOID);
VOID
WinDbgExtensionDllInit(PWINDBG_EXTENSION_APIS lpExtensionApis,
USHORT MajorVersion,
USHORT MinorVersion)
{
ExtensionApis = *lpExtensionApis;
DbgPrint("mp_PCR_VA: %08X\n", mp_PCR_VA);
DbgPrint("mp_PCR_VA_array: %08X\n", mp_PCR_VA_array);
DbgPrint("mp_NumOfCPUs: %08X\n", mp_NumOfCPUs);
SavedMajorVersion = MajorVersion;
SavedMinorVersion = MinorVersion;
if (!si_InitCompleted) return; // nothing to do
if (!NT_SUCCESS(InitNTosKernel())) // find addresses of NTOSKRNL.EXE and
// NTDLL.DLL and link dynamically some
// symbols.
// N.B. This is critical function, so I do not
// continue initialization if it fails.
{
si_InitCompleted = FALSE;
return;
}
InitSiwvid(MyDriver); // Initialize interface to the Siwvid driver
si_InstallDumpFilter(MyDumpFilter); // Install my own dump window character
// filter. So that SoftICE will
// display russian symbols in dump.
InstallInt0eHandler(); // install my own page faults handler
// I can't do it in DriverEntry, because I get
// wrong OldHandler this way.
InstallActivateBPsHook(); // Install my own activate BPs hook
// inside SoftICE body
InstallDeactivateBPsHook(); // Install my own deactivate BPs hook
// inside SoftICE body
InitSwapContextHook(); // Install my own swap context hook into
// ntoskrnl.exe image
InitProcessHook(); // Install process creation/deletion hook
ProtectInit(); // Install protection hooks
InitTracer(); // Install tracer hooks
ac97_Init(); // Initialize AC'97 subsystem
InitThread();
//
// Sten: ProcessIniFile() is temporarily commented out as this call
// causes BSOD when IceExt driver is loaded with help of loader
// application.
//
// TODO: Fix this.
//
// ProcessIniFile(); // Process WinIce.DAT and execute IceExt initialization line
DbgPrint("------------------------------------------------------\n");
return;
}// WinDbgExtensionDllInit()
/////////////////////////////////////////////////////////////////////////////
//
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -