📄 main.cpp
字号:
// UnloadDriver
//
// Called at driver unload. Calls all ShutdownXXX & RemoveXXX routines.
//
/////////////////////////////////////////////////////////////////////////////
VOID UnloadDriver(IN PDRIVER_OBJECT Driver)
{
PAGED_CODE();
UNREFERENCED_PARAMETER(Driver);
DbgPrint("UNLOAD CALLED\n");
mp_Done();
DbgPrint("Clearing Bang Funcs Array.\n");
si_ClearBangFuncsArray();
if (!si_InitCompleted) return; // nothing to do
DbgPrint("Removing dump filter.\n");
si_RemoveDumpFilter(); // Removes my own dump window character filter.
DbgPrint("Removing int 0e handler.\n");
RemoveInt0eHandler(); // remove my page faults handler
// not a good idea to do it, because something
// can hook int 0E after I've installed my handler
DbgPrint("Removing ActivateBPs hook.\n");
RemoveActivateBPsHook(); // remove my own activate BPs hook from
// SoftICE body
DbgPrint("Removing DeactivateBPs hook.\n");
RemoveDeactivateBPsHook(); // remove my own deactivate BPs hook from
// SoftICE body
DbgPrint("Removing SwapContext hook.\n");
RemoveSwapContextHook(); // remove my own SwapContext hook from
// ntoskrnl.exe image
DbgPrint("Removing Process hook.\n");
RemoveProcessHook(); // remove the process creation/deletion hook
DbgPrint("Calling DoneTracer.\n");
DoneTracer(); // remove all tracer hooks
DbgPrint("Calling ac97_Done.\n");
ac97_Done();
DbgPrint("Calling ProtectDone.\n");
ProtectDone(); // remove protection hooks
DbgPrint("Rehooking system api.\n");
RehookSystemApi(); // restore old byte at si_ActivateHooks if
// !UNHOOK cmd has been used
DbgPrint("Activating hooks.\n");
si_ActivateHooks(); // Activate SoftICE hooks
// Load standard siwvid 8x8 font
// Don't know where to get standard 8x16 font
DbgPrint("Loading standard font.\n");
siw_LoadFont((char*)si_Fonts[0]->Body, 2048);
DbgPrint("Deinitializing Siwvid.\n");
DoneSiwvid(); // Deinitialize Siwvid
// Now we must set SoftICE to use it's old font
si_PutToKbdBufferChar('s'); // "set font 1"
si_PutToKbdBufferChar('e');
si_PutToKbdBufferChar('t');
si_PutToKbdBufferChar(' ');
si_PutToKbdBufferChar('f');
si_PutToKbdBufferChar('o');
si_PutToKbdBufferChar('n');
si_PutToKbdBufferChar('t');
si_PutToKbdBufferChar(' ');
si_PutToKbdBufferChar((const char)('1' + *si_CurFontIdx));
si_PutToKbdBufferChar('\x0D'); // ENTER
si_PutToKbdBufferChar('x'); // "x"
si_PutToKbdBufferChar('\x0D'); // ENTER
si_NTIce(); // execute
DbgPrint("UNLOAD OK.\n");
return;
} // Unload driver
/*
VOID ProcessIniFile(VOID)
{
IO_STATUS_BLOCK ioStatus;
ULONG ntStatus;
UNICODE_STRING unicodeFullName;
OBJECT_ATTRIBUTES objectAttributes;
FILE_STANDARD_INFORMATION eof;
HANDLE hFile = 0;
PUCHAR pWinIceBuffer = NULL;
RtlInitUnicodeString(&unicodeFullName, L"\\SystemRoot\\System32\\drivers\\WINICE.DAT");
InitializeObjectAttributes( &objectAttributes,
&unicodeFullName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
ntStatus = ZwCreateFile( &hFile,
GENERIC_READ | SYNCHRONIZE,
&objectAttributes,
&ioStatus,
0,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_OPEN_IF,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0);
if(!NT_SUCCESS(ntStatus))
{
DbgPrint("IceExt was unable to open WINICE.DAT (%08X)\n", ntStatus);
goto cleanup;
}
ntStatus = ZwQueryInformationFile(hFile, &ioStatus, &eof, sizeof(eof), FileStandardInformation);
if(!NT_SUCCESS(ntStatus))
{
DbgPrint("IceExt was unable get WINICE.DAT file size (%08X)\n", ntStatus);
goto cleanup;
}
pWinIceBuffer = (PUCHAR)ExAllocatePool(PagedPool, eof.EndOfFile.LowPart+sizeof(UCHAR));
if (!pWinIceBuffer)
{
DbgPrint("IceExt was unable to allocate %d bytes of memory\n", eof.EndOfFile.QuadPart);
goto cleanup;
}
ntStatus = ZwReadFile(hFile,
NULL,
NULL,
NULL,
&ioStatus,
pWinIceBuffer,
eof.EndOfFile.LowPart,
NULL,
NULL);
if (!NT_SUCCESS(ntStatus))
{
DbgPrint("IceExt was unable to read WINICE.DAT into memory\n", eof.EndOfFile.QuadPart);
goto cleanup;
}
DbgPrint("WINICE.DAT: %08X\n", pWinIceBuffer);
//
// Process WinICE.DAT
//
pWinIceBuffer[eof.EndOfFile.LowPart] = '\0';
BOOL fTagFound; fTagFound = FALSE;
PUCHAR pBuf; pBuf = pWinIceBuffer;
#define INIT_LINE_TAG "EXTINIT"
#define INIT_LINE_TAG_SIZE (sizeof(INIT_LINE_TAG) - sizeof(UCHAR))
do
{
// exit if size of the rest of the buffer is not enough to hold EXTINIT tag
if ((ULONG_PTR)(pBuf - pWinIceBuffer + INIT_LINE_TAG_SIZE) >= eof.EndOfFile.LowPart) break;
// search for EXTINIT tag
if (_strnicmp((const char *)pBuf, INIT_LINE_TAG, INIT_LINE_TAG_SIZE) != 0) goto next_line;
pBuf += INIT_LINE_TAG_SIZE;
// check for '=' sign
while (*pBuf == ' ' || *pBuf == '\t') pBuf++; // skip white spaces
if ((*pBuf) != '=') goto next_line;
pBuf++;
// check for opening apostrophe
while (*pBuf == ' ' || *pBuf == '\t') pBuf++; // skip white spaces
UCHAR chBrace; chBrace = *pBuf;
// " or ' allowed here
switch(chBrace)
{
case '\'':
case '"':
break;
default:
goto next_line;
}
pBuf++; // skip apostrophe
while (*pBuf == ' ' || *pBuf == '\t') pBuf++; // skip white spaces
fTagFound = TRUE;
do
{
if (*pBuf == '\0') break; // end of file?
if (*pBuf == chBrace) break; // end of line?
if (*pBuf == ';')
{
si_PutToKbdBufferChar(KBD_ENTER); // treat ';' character as ENTER
pBuf++;
while (*pBuf == ' ' || *pBuf == '\t') pBuf++; // skip white spaces
}
else
{
si_PutToKbdBufferChar(*pBuf);
pBuf++;
}
}while(*pBuf != '\n');
break;
// search for CR
next_line:
do
{
if (*pBuf == '\0') break;
pBuf++;
}while(*pBuf != '\n');
pBuf++;
}while(*pBuf != '\0');
if (fTagFound) si_NTIce(); // execute commands
cleanup:
if (pWinIceBuffer) ExFreePool(pWinIceBuffer);
ZwClose(hFile);
}
*/
/////////////////////////////////////////////////////////////////////////////
//
// ExtensionApiVersion
//
// Get Extension Api Version
//
/////////////////////////////////////////////////////////////////////////////
extern "C" LPEXT_API_VERSION
ExtensionApiVersion(VOID)
{
return &ApiVersion;
}// ExtensionApiVersion()
/////////////////////////////////////////////////////////////////////////////
//
// CheckVersion
//
// Check Extension Api Version
//
/////////////////////////////////////////////////////////////////////////////
extern "C" VOID
CheckVersion(VOID)
{
#if DBG
if ( (SavedMajorVersion != 0x0c)
||(SavedMinorVersion != VER_PRODUCTBUILD) )
{
dprintf("\r\n*** Extension DLL(%d Checked) does not match target system(%d %s)\r\n\r\n",
VER_PRODUCTBUILD, SavedMinorVersion,
(SavedMajorVersion==0x0f) ? "Free" : "Checked" );
}
#else
if ( (SavedMajorVersion != 0x0f)
||(SavedMinorVersion != VER_PRODUCTBUILD) )
{
dprintf("\r\n*** Extension DLL(%d Free) does not match target system(%d %s)\r\n\r\n",
VER_PRODUCTBUILD, SavedMinorVersion, (SavedMajorVersion==0x0f) ? "Free" : "Checked" );
}
#endif
}// CheckVersion()
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -