I'm having a problem getting the driver to unload. I am setting the DriverUnload function, and my DbgPrint confirms that the unload function is being called.
Using "DriverView" I can see that the driver is still loaded, and attempting to load the driver again gives an error (StartService-ERROR_FILE_NOT_FOUND) until restart.
Driver:
Using "DriverView" I can see that the driver is still loaded, and attempting to load the driver again gives an error (StartService-ERROR_FILE_NOT_FOUND) until restart.
Driver:
Code: Select all
Loader:#include "main.h"
#include <ntddk.h>
#pragma alloc_text(INIT, DriverEntry)
#pragma alloc_text(PAGE, handleDriverUnload)
#pragma alloc_text(PAGE, handleDriverUnused)
#pragma alloc_text(PAGE, handleDriverWrite)
void handleDriverUnload(PDRIVER_OBJECT pDriverObject)
{
UNICODE_STRING usDosDeviceName;
DbgPrint("[Test]: handleDriverUnload\n");
RtlInitUnicodeString(&usDosDeviceName, L"\\DosDevices\\Test");
IoDeleteSymbolicLink(&usDosDeviceName);
IoDeleteDevice(pDriverObject->DeviceObject);
}
NTSTATUS handleDriverUnused(PDEVICE_OBJECT pDeviceObject, PIRP pIrp)
{
UNREFERENCED_PARAMETER(pDeviceObject);
UNREFERENCED_PARAMETER(pIrp);
return STATUS_SUCCESS;
}
NTSTATUS handleDriverWrite(PDEVICE_OBJECT pDeviceObject, PIRP pIrp)
{
PIO_STACK_LOCATION pIoStackIrp = NULL;
PCHAR pWriteDataBuffer;
UNREFERENCED_PARAMETER(pDeviceObject);
DbgPrint("[Test]: handleDriverWrite\n");
pIoStackIrp = IoGetCurrentIrpStackLocation(pIrp);
if(pIoStackIrp)
{
pWriteDataBuffer = (PCHAR) pIrp->AssociatedIrp.SystemBuffer;
if(pWriteDataBuffer)
{
//
}
}
return STATUS_SUCCESS;
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
{
NTSTATUS status = STATUS_SUCCESS;
PDEVICE_OBJECT pDeviceObject = NULL;
UNICODE_STRING usDriverName, usDosDeviceName;
int funcIndex;
UNREFERENCED_PARAMETER(pRegistryPath);
DbgPrint("[Test]: DriverEntry\n");
RtlInitUnicodeString(&usDriverName, L"\\Device\\Test");
RtlInitUnicodeString(&usDosDeviceName, L"\\DosDevices\\Test");
status = IoCreateDevice(pDriverObject,
0,
&usDriverName,
FILE_DEVICE_UNKNOWN,
FILE_DEVICE_SECURE_OPEN,
FALSE,
&pDeviceObject);
if(NT_SUCCESS(status))
{
pDeviceObject->Flags = DO_BUFFERED_IO;
pDeviceObject->Flags &= (~DO_DEVICE_INITIALIZING);
for (funcIndex = 0; funcIndex <= IRP_MJ_MAXIMUM_FUNCTION; funcIndex++)
pDriverObject->MajorFunction[funcIndex] = handleDriverUnused;
pDriverObject->MajorFunction[IRP_MJ_WRITE] = handleDriverWrite;
pDriverObject->DriverUnload = handleDriverUnload;
IoCreateSymbolicLink(&usDosDeviceName, &usDriverName);
}
return status;
}
Code: Select all
#include <Windows.h>
#include <iostream>
int main()
{
SC_HANDLE hSCManager;
SC_HANDLE hService;
SERVICE_STATUS ss;
hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE);
if(hSCManager)
{
std::cout << "Create service\n";
hService = CreateService(hSCManager, "Test",
"Test Driver",
SERVICE_START | DELETE | SERVICE_STOP,
SERVICE_KERNEL_DRIVER,
SERVICE_DEMAND_START,
SERVICE_ERROR_IGNORE,
"D:\\dev\\Test.sys",
NULL, NULL, NULL, NULL, NULL);
if(!hService)
{
std::cout << "OpenService\n";
hService = OpenService(hSCManager, "Test", SERVICE_START | DELETE | SERVICE_STOP);
}
if(hService)
{
std::cout << "Start service\n";
if(!StartService(hService, 0, NULL))
{
std::cout << "StartService failed - " << GetLastError() << '\n';
}
std::cin.sync();
std::cin.get();
if(!ControlService(hService, SERVICE_CONTROL_STOP, &ss))
{
std::cout << "ControlService failed - " << GetLastError() << '\n';
std::cout << ss.dwCurrentState << '\n';
}
if(!DeleteService(hService))
{
std::cout << "DeleteService failed - " << GetLastError() << '\n';
}
if(!CloseServiceHandle(hService))
{
std::cout << "CloseServiceHandle failed - " << GetLastError() << '\n';
}
}
CloseServiceHandle(hSCManager);
}
std::cin.sync();
std::cin.get();
return 0;
}
