ReactOS 0.4.16-dev-1521-gb8f1da6
Functions
undoc.c File Reference
#include "DriverTester.h"
Include dependency graph for undoc.c:

Go to the source code of this file.

Functions

static BOOL SetPrivilege (BOOL bSet)
 
BOOL ConvertPath (LPCWSTR lpPath, LPWSTR lpDevice)
 
BOOL NtStartDriver (LPCWSTR lpService)
 
BOOL NtStopDriver (LPCWSTR lpService)
 
BOOL LoadVia_SystemLoadGdiDriverInformation (LPWSTR lpDriverPath)
 
BOOL LoadVia_SystemExtendServiceTableInformation (LPWSTR lpDriverPath)
 

Function Documentation

◆ ConvertPath()

BOOL ConvertPath ( LPCWSTR  lpPath,
LPWSTR  lpDevice 
)

Definition at line 56 of file undoc.c.

58{
59 LPWSTR lpFullPath = NULL;
60 DWORD size;
61
62 if (lpPath)
63 {
64 size = GetLongPathNameW(lpPath,
65 0,
66 0);
67 if (!size)
68 return FALSE;
69
70 size = (size + 1) * sizeof(WCHAR);
71
72 lpFullPath = HeapAlloc(GetProcessHeap(),
73 0,
74 size);
75 if (!lpFullPath)
76 return FALSE;
77
78 if (GetLongPathNameW(lpPath,
79 lpFullPath,
80 size))
81 {
82 HANDLE hDevice;
83 POBJECT_NAME_INFORMATION pObjName;
84 NTSTATUS Status;
85 DWORD len;
86
87 hDevice = CreateFileW(lpFullPath,
88 GENERIC_READ | GENERIC_WRITE,
89 0,
90 NULL,
91 OPEN_EXISTING,
92 FILE_ATTRIBUTE_NORMAL,
93 NULL);
94
95 HeapFree(GetProcessHeap(), 0, lpFullPath);
96
97 if(hDevice == INVALID_HANDLE_VALUE)
98 {
99 wprintf(L"[%x] Failed to open %s\n", GetLastError(), DRIVER_NAME);
100 return FALSE;
101 }
102
103 size = MAX_PATH * sizeof(WCHAR);
104 pObjName = HeapAlloc(GetProcessHeap(), 0, size);
105 if (!pObjName)
106 return FALSE;
107
108 Status = NtQueryObject(hDevice,
109 ObjectNameInformation,
110 pObjName,
111 size,
112 &size);
113 if (Status == STATUS_SUCCESS)
114 {
115 len = pObjName->Name.Length / sizeof(WCHAR);
116 wcsncpy(lpDevice, pObjName->Name.Buffer, len);
117 lpDevice[len] = UNICODE_NULL;
118
119 HeapFree(GetProcessHeap(), 0, pObjName);
120
121 return TRUE;
122 }
123
124 HeapFree(GetProcessHeap(), 0, pObjName);
125 }
126 }
127
128 return FALSE;
129}
ObjectNameInformation
@ ObjectNameInformation
Definition: DriverTester.h:55
NtQueryObject
NTSTATUS NtQueryObject(IN HANDLE Handle, IN OBJECT_INFO_CLASS ObjectInformationClass, OUT PVOID ObjectInformation, IN ULONG ObjectInformationLength, OUT PULONG ReturnLength)
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
wcsncpy
wcsncpy
Definition: corecrt_wstring.h:201
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:736
OPEN_EXISTING
#define OPEN_EXISTING
Definition: compat.h:775
INVALID_HANDLE_VALUE
#define INVALID_HANDLE_VALUE
Definition: compat.h:731
HeapAlloc
#define HeapAlloc
Definition: compat.h:733
GENERIC_READ
#define GENERIC_READ
Definition: compat.h:135
MAX_PATH
#define MAX_PATH
Definition: compat.h:34
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:735
CreateFileW
#define CreateFileW
Definition: compat.h:741
FILE_ATTRIBUTE_NORMAL
#define FILE_ATTRIBUTE_NORMAL
Definition: compat.h:137
GetLongPathNameW
DWORD WINAPI GetLongPathNameW(IN LPCWSTR lpszShortPath, OUT LPWSTR lpszLongPath, IN DWORD cchBuffer)
Definition: path.c:1456
L
#define L(x)
Definition: resources.c:13
DRIVER_NAME
#define DRIVER_NAME
Definition: ext2fs.h:136
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
Status
Status
Definition: gdiplustypes.h:25
size
GLsizeiptr size
Definition: glext.h:5919
len
GLenum GLsizei len
Definition: glext.h:6722
pObjName
static POBJECTS_AND_NAME_A pObjName
Definition: security.c:77
GENERIC_WRITE
#define GENERIC_WRITE
Definition: nt_native.h:90
UNICODE_NULL
#define UNICODE_NULL
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_OBJECT_NAME_INFORMATION
Definition: nt_native.h:1269
wprintf
#define wprintf(...)
Definition: whoami.c:18
GetLastError
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
LPWSTR
WCHAR * LPWSTR
Definition: xmlstorage.h:184

Referenced by SneakyUndocumentedMethods().

◆ LoadVia_SystemExtendServiceTableInformation()

BOOL LoadVia_SystemExtendServiceTableInformation ( LPWSTR  lpDriverPath)

Definition at line 240 of file undoc.c.

241{
242 NTSTATUS Status;
243 UNICODE_STRING Buffer;
244 DWORD bufSize;
245
246 RtlInitUnicodeString(&Buffer, lpDriverPath);
247 bufSize = sizeof(UNICODE_STRING);
248
249 if (SetPrivilege(TRUE))
250 {
251 Status = NtSetSystemInformation(SystemExtendServiceTableInformation,
252 &Buffer,
253 bufSize);
254 if (Status == STATUS_PRIVILEGE_NOT_HELD)
255 {
256 wprintf(L"SystemExtendServiceTableInformation can only be used in kmode.\n");
257 }
258 else if (Status == STATUS_SUCCESS)
259 {
260 wprintf(L"SystemExtendServiceTableInformation incorrectly loaded the driver\n");
261 NtUnloadDriver(&Buffer);
262
263 return TRUE;
264 }
265 else
266 {
267 DWORD err = RtlNtStatusToDosError(Status);
268 wprintf(L"LoadVia_SystemExtendServiceTableInformation failed [%lu] - 0x%x\n", err, Status);
269 }
270
271 SetPrivilege(FALSE);
272 }
273
274 return FALSE;
275}
NtSetSystemInformation
NTSYSAPI NTSTATUS NTAPI NtSetSystemInformation(IN INT SystemInformationClass, IN PVOID SystemInformation, IN ULONG SystemInformationLength)
NtUnloadDriver
NTSTATUS NtUnloadDriver(IN PUNICODE_STRING DriverServiceName)
Definition: driver.c:2226
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
SystemExtendServiceTableInformation
#define SystemExtendServiceTableInformation
Definition: DriverTester.h:35
Buffer
Definition: bufpool.h:45
UNICODE_STRING
struct _UNICODE_STRING UNICODE_STRING
bufSize
GLuint GLsizei bufSize
Definition: glext.h:6040
RtlNtStatusToDosError
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
SetPrivilege
static BOOL SetPrivilege(BOOL bSet)
Definition: undoc.c:4
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
err
#define err(...)
Definition: reactos_support_code.h:30
_UNICODE_STRING
Definition: env_spec_w32.h:368

Referenced by SneakyUndocumentedMethods().

◆ LoadVia_SystemLoadGdiDriverInformation()

BOOL LoadVia_SystemLoadGdiDriverInformation ( LPWSTR  lpDriverPath)

Definition at line 199 of file undoc.c.

200{
201 NTSTATUS Status;
202 SYSTEM_GDI_DRIVER_INFORMATION Buffer;
203 DWORD bufSize;
204
205 bufSize = sizeof(SYSTEM_GDI_DRIVER_INFORMATION);
206
207 ZeroMemory(&Buffer, bufSize);
208 RtlInitUnicodeString(&Buffer.DriverName, lpDriverPath);
209
210 if (SetPrivilege(TRUE))
211 {
212 Status = NtSetSystemInformation(SystemLoadGdiDriverInformation,
213 &Buffer,
214 bufSize);
215 if (Status == STATUS_PRIVILEGE_NOT_HELD)
216 {
217 wprintf(L"SystemLoadGdiDriverInformation can only be used in kmode.\n");
218 }
219 else if (Status == STATUS_SUCCESS)
220 {
221 wprintf(L"SystemLoadGdiDriverInformation incorrectly loaded the driver\n");
222 NtUnloadDriver(&Buffer.DriverName);
223
224 return TRUE;
225 }
226 else
227 {
228 DWORD err = RtlNtStatusToDosError(Status);
229 wprintf(L"LoadVia_SystemLoadGdiDriverInformation failed [%lu]\n", err);
230 }
231
232 SetPrivilege(FALSE);
233 }
234
235 return FALSE;
236}
SYSTEM_GDI_DRIVER_INFORMATION
struct _SYSTEM_GDI_DRIVER_INFORMATION SYSTEM_GDI_DRIVER_INFORMATION
SystemLoadGdiDriverInformation
#define SystemLoadGdiDriverInformation
Definition: DriverTester.h:34
_SYSTEM_GDI_DRIVER_INFORMATION
Definition: DriverTester.h:44
ZeroMemory
#define ZeroMemory
Definition: winbase.h:1753

Referenced by SneakyUndocumentedMethods().

◆ NtStartDriver()

BOOL NtStartDriver ( LPCWSTR  lpService)

Definition at line 133 of file undoc.c.

134{
135 WCHAR szDriverPath[MAX_PATH];
136 UNICODE_STRING DriverPath;
137 NTSTATUS Status = -1;
138
139 wcscpy(szDriverPath,
140 L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\");
141 wcscat(szDriverPath,
142 lpService);
143
144 RtlInitUnicodeString(&DriverPath,
145 szDriverPath);
146
147 if (SetPrivilege(TRUE))
148 {
149 Status = NtLoadDriver(&DriverPath);
150 if (Status != STATUS_SUCCESS)
151 {
152 DWORD err = RtlNtStatusToDosError(Status);
153 wprintf(L"NtUnloadDriver failed [%lu]\n", err);
154 }
155
156 SetPrivilege(FALSE);
157 }
158
159 return (Status == STATUS_SUCCESS);
160}
wcscat
wcscat
Definition: corecrt_wstring.h:101
wcscpy
wcscpy
Definition: corecrt_wstring.h:120
NtLoadDriver
NTSTATUS NTAPI NtLoadDriver(IN PUNICODE_STRING DriverServiceName)
Definition: driver.c:2165

Referenced by UndocumentedMethod().

◆ NtStopDriver()

BOOL NtStopDriver ( LPCWSTR  lpService)

Definition at line 164 of file undoc.c.

165{
166 WCHAR szDriverPath[MAX_PATH];
167 UNICODE_STRING DriverPath;
168 NTSTATUS Status = -1;
169
170 wcscpy(szDriverPath,
171 L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\");
172 wcscat(szDriverPath,
173 lpService);
174
175 RtlInitUnicodeString(&DriverPath,
176 szDriverPath);
177
178 if (SetPrivilege(TRUE))
179 {
180 Status = NtUnloadDriver(&DriverPath);
181 if (Status != STATUS_SUCCESS)
182 {
183 DWORD err = RtlNtStatusToDosError(Status);
184 wprintf(L"NtUnloadDriver failed [%lu]\n", err);
185 }
186
187 SetPrivilege(FALSE);
188 }
189
190 return (Status == STATUS_SUCCESS);
191}

Referenced by SneakyUndocumentedMethods(), and UndocumentedMethod().

◆ SetPrivilege()

static BOOL SetPrivilege ( BOOL  bSet)
static

Definition at line 4 of file undoc.c.

5{
6 TOKEN_PRIVILEGES tp;
7 HANDLE hToken;
8 LUID luid;
9
10 if (!OpenProcessToken(GetCurrentProcess(),
11 TOKEN_ADJUST_PRIVILEGES,
12 &hToken))
13 {
14 return FALSE;
15 }
16
17 if(!LookupPrivilegeValue(NULL,
18 SE_LOAD_DRIVER_NAME,
19 &luid))
20 {
21 CloseHandle(hToken);
22 return FALSE;
23 }
24
25 tp.PrivilegeCount = 1;
26 tp.Privileges[0].Luid = luid;
27
28 if (bSet)
29 {
30 tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
31 }
32 else
33 {
34 tp.Privileges[0].Attributes = 0;
35 }
36
37 AdjustTokenPrivileges(hToken,
38 FALSE,
39 &tp,
40 sizeof(TOKEN_PRIVILEGES),
41 NULL,
42 NULL);
43 if (GetLastError() != ERROR_SUCCESS)
44 {
45 CloseHandle(hToken);
46 return FALSE;
47 }
48
49 CloseHandle(hToken);
50
51 return TRUE;
52}
ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10
AdjustTokenPrivileges
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:374
OpenProcessToken
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:294
CloseHandle
#define CloseHandle
Definition: compat.h:739
GetCurrentProcess
#define GetCurrentProcess()
Definition: compat.h:759
tp
_In_ uint64_t _In_ uint64_t _In_ uint64_t _In_opt_ traverse_ptr * tp
Definition: btrfs.c:2996
_LUID
Definition: devicetopology.idl:137
_TOKEN_PRIVILEGES
Definition: setypes.h:1034
LookupPrivilegeValue
#define LookupPrivilegeValue
Definition: winbase.h:3911
SE_LOAD_DRIVER_NAME
#define SE_LOAD_DRIVER_NAME
Definition: winnt_old.h:406
TOKEN_ADJUST_PRIVILEGES
#define TOKEN_ADJUST_PRIVILEGES
Definition: setypes.h:942
SE_PRIVILEGE_ENABLED
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63

Referenced by LoadVia_SystemExtendServiceTableInformation(), LoadVia_SystemLoadGdiDriverInformation(), NtStartDriver(), and NtStopDriver().