Тема: Удаленный BSOD
Показать сообщение отдельно

  #5  
Старый 23.03.2007, 17:43
_Great_
Флудер
Регистрация: 27.12.2005
Сообщений: 2,372
С нами: 10721066

Репутация: 4360


По умолчанию
Че там писать то

Код:
#define _X86_
#include <ntddk.h>

UNICODE_STRING DeviceName;
UNICODE_STRING SymbolicLinkName;
PDEVICE_OBJECT deviceObject;

#define IOCTL_CRASH_SYSTEM      CTL_CODE( FILE_DEVICE_UNKNOWN, 0x01, METHOD_BUFFERED, FILE_ANY_ACCESS )
NTSTATUS DriverIoControl(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
    PIO_STACK_LOCATION pisl     = IoGetCurrentIrpStackLocation(Irp);
	NTSTATUS           status   = STATUS_UNSUCCESSFUL;
	ULONG              BuffSize = pisl->Parameters.DeviceIoControl.InputBufferLength;
	PUCHAR             pBuff    = (PUCHAR)Irp->AssociatedIrp.SystemBuffer;

	Irp->IoStatus.Information = 0;

	if( pisl->Parameters.DeviceIoControl.IoControlCode == IOCTL_CRASH_SYSTEM )
		KeBugCheckEx( IRQL_NOT_LESS_OR_EQUAL, &KeBugCheckEx, HIGH_LEVEL, &KeBugCheck, &DbgPrint);

    Irp->IoStatus.Status = status;
    IoCompleteRequest(Irp, IO_NO_INCREMENT);
    return status;
}

NTSTATUS DriverCreateClose(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
    Irp->IoStatus.Information = 0;
    Irp->IoStatus.Status = STATUS_SUCCESS;
    IoCompleteRequest(Irp, IO_NO_INCREMENT);
    return STATUS_SUCCESS;
}

void DriverUnload(IN PDRIVER_OBJECT DriverObject)
{
	IoDeleteSymbolicLink (&SymbolicLinkName);
	if(deviceObject)
		IoDeleteDevice (deviceObject);
}

NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
	NTSTATUS status;

	RtlInitUnicodeString(&DeviceName, L"\\Device\\crashd");
    RtlInitUnicodeString(&SymbolicLinkName, L"\\DosDevices\\crashd");

	status = IoCreateDevice(DriverObject, 
		                    0, 
							&DeviceName, 
							FILE_DEVICE_UNKNOWN, 
							0, 
							TRUE, 
							&deviceObject);
	
	if (!NT_SUCCESS(status))
	{
		return STATUS_UNSUCCESSFUL;
	}
	
	deviceObject->Flags |= DO_BUFFERED_IO;
	status = IoCreateSymbolicLink(&SymbolicLinkName, &DeviceName);
	if (!NT_SUCCESS(status))
	{
		IoDeleteDevice(deviceObject);
		return STATUS_UNSUCCESSFUL;
	}
	DriverObject->DriverUnload = DriverUnload;
	DriverObject->MajorFunction [IRP_MJ_CREATE] =
          DriverObject->MajorFunction [IRP_MJ_CLOSE ] = DriverCreateClose;
          DriverObject->MajorFunction [IRP_MJ_DEVICE_CONTROL ] = DriverIoControl;

	return STATUS_SUCCESS;
}
Использовать примерно так в ринг3:

Код:
HANDLE hFile = CreateFile( "\\\\.\\crashd", GENERIC_READ, .... );
DeviceIoContol( hFile, IOCTL_CRASH_SYSTEM, 0, 0, ....);
Последний раз редактировалось _Great_; 23.03.2007 в 17:48..
 
Ответить с цитированием