ReactOS  0.4.14-dev-323-g6fe6a88
undoc.c
Go to the documentation of this file.
1 #include "DriverTester.h"
2 
3 static BOOL
5 {
7  HANDLE hToken;
8  LUID luid;
9 
12  &hToken))
13  {
14  return FALSE;
15  }
16 
19  &luid))
20  {
21  CloseHandle(hToken);
22  return FALSE;
23  }
24 
25  tp.PrivilegeCount = 1;
26  tp.Privileges[0].Luid = luid;
27 
28  if (bSet)
29  {
30  tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
31  }
32  else
33  {
34  tp.Privileges[0].Attributes = 0;
35  }
36 
37  AdjustTokenPrivileges(hToken,
38  FALSE,
39  &tp,
40  sizeof(TOKEN_PRIVILEGES),
41  NULL,
42  NULL);
43  if (GetLastError() != ERROR_SUCCESS)
44  {
45  CloseHandle(hToken);
46  return FALSE;
47  }
48 
49  CloseHandle(hToken);
50 
51  return TRUE;
52 }
53 
54 
55 BOOL
57  LPWSTR lpDevice)
58 {
59  LPWSTR lpFullPath = NULL;
60  DWORD size;
61 
62  if (lpPath)
63  {
64  size = GetLongPathNameW(lpPath,
65  0,
66  0);
67  if (!size)
68  return FALSE;
69 
70  size = (size + 1) * sizeof(WCHAR);
71 
72  lpFullPath = HeapAlloc(GetProcessHeap(),
73  0,
74  size);
75  if (!lpFullPath)
76  return FALSE;
77 
78  if (GetLongPathNameW(lpPath,
79  lpFullPath,
80  size))
81  {
82  HANDLE hDevice;
85  DWORD len;
86 
87  hDevice = CreateFileW(lpFullPath,
89  0,
90  NULL,
93  NULL);
94 
95  HeapFree(GetProcessHeap(), 0, lpFullPath);
96 
97  if(hDevice == INVALID_HANDLE_VALUE)
98  {
99  wprintf(L"[%x] Failed to open %s\n", GetLastError(), DRIVER_NAME);
100  return FALSE;
101  }
102 
103  size = MAX_PATH * sizeof(WCHAR);
105  if (!pObjName)
106  return FALSE;
107 
108  Status = NtQueryObject(hDevice,
110  pObjName,
111  size,
112  &size);
113  if (Status == STATUS_SUCCESS)
114  {
115  len = pObjName->Name.Length / sizeof(WCHAR);
116  wcsncpy(lpDevice, pObjName->Name.Buffer, len);
117  lpDevice[len] = UNICODE_NULL;
118 
120 
121  return TRUE;
122  }
123 
125  }
126  }
127 
128  return FALSE;
129 }
130 
131 
132 BOOL
134 {
135  WCHAR szDriverPath[MAX_PATH];
136  UNICODE_STRING DriverPath;
137  NTSTATUS Status = -1;
138 
139  wcscpy(szDriverPath,
140  L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\");
141  wcscat(szDriverPath,
142  lpService);
143 
144  RtlInitUnicodeString(&DriverPath,
145  szDriverPath);
146 
147  if (SetPrivilege(TRUE))
148  {
149  Status = NtLoadDriver(&DriverPath);
150  if (Status != STATUS_SUCCESS)
151  {
153  wprintf(L"NtUnloadDriver failed [%lu]\n", err);
154  }
155 
157  }
158 
159  return (Status == STATUS_SUCCESS);
160 }
161 
162 
163 BOOL
165 {
166  WCHAR szDriverPath[MAX_PATH];
167  UNICODE_STRING DriverPath;
168  NTSTATUS Status = -1;
169 
170  wcscpy(szDriverPath,
171  L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\");
172  wcscat(szDriverPath,
173  lpService);
174 
175  RtlInitUnicodeString(&DriverPath,
176  szDriverPath);
177 
178  if (SetPrivilege(TRUE))
179  {
180  Status = NtUnloadDriver(&DriverPath);
181  if (Status != STATUS_SUCCESS)
182  {
184  wprintf(L"NtUnloadDriver failed [%lu]\n", err);
185  }
186 
188  }
189 
190  return (Status == STATUS_SUCCESS);
191 }
192 
193 
194 //
195 // We shouldn't be able to call this from umode.
196 // Returns true if
197 //
198 BOOL
200 {
203  DWORD bufSize;
204 
206 
208  RtlInitUnicodeString(&Buffer.DriverName, lpDriverPath);
209 
210  if (SetPrivilege(TRUE))
211  {
213  &Buffer,
214  bufSize);
216  {
217  wprintf(L"SystemLoadGdiDriverInformation can only be used in kmode.\n");
218  }
219  else if (Status == STATUS_SUCCESS)
220  {
221  wprintf(L"SystemLoadGdiDriverInformation incorrectly loaded the driver\n");
222  NtUnloadDriver(&Buffer.DriverName);
223 
224  return TRUE;
225  }
226  else
227  {
229  wprintf(L"LoadVia_SystemLoadGdiDriverInformation failed [%lu]\n", err);
230  }
231 
233  }
234 
235  return FALSE;
236 }
237 
238 
239 BOOL
241 {
244  DWORD bufSize;
245 
246  RtlInitUnicodeString(&Buffer, lpDriverPath);
247  bufSize = sizeof(UNICODE_STRING);
248 
249  if (SetPrivilege(TRUE))
250  {
252  &Buffer,
253  bufSize);
255  {
256  wprintf(L"SystemExtendServiceTableInformation can only be used in kmode.\n");
257  }
258  else if (Status == STATUS_SUCCESS)
259  {
260  wprintf(L"SystemExtendServiceTableInformation incorrectly loaded the driver\n");
262 
263  return TRUE;
264  }
265  else
266  {
268  wprintf(L"LoadVia_SystemExtendServiceTableInformation failed [%lu] - 0x%x\n", err, Status);
269  }
270 
272  }
273 
274  return FALSE;
275 }
276 
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
#define TRUE
Definition: types.h:120
#define CloseHandle
Definition: compat.h:398
#define ERROR_SUCCESS
Definition: deptool.c:10
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185
LONG NTSTATUS
Definition: precomp.h:26
#define INVALID_HANDLE_VALUE
Definition: compat.h:391
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
#define ZeroMemory
Definition: winbase.h:1642
#define wprintf(...)
Definition: whoami.c:18
#define LookupPrivilegeValue
Definition: winbase.h:3694
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
GLuint GLsizei bufSize
Definition: glext.h:6040
#define UNICODE_NULL
unsigned int BOOL
Definition: ntddk_ex.h:94
#define GENERIC_WRITE
Definition: nt_native.h:90
smooth NULL
Definition: ftsmooth.c:416
static POBJECTS_AND_NAME_A pObjName
Definition: security.c:77
Definition: bufpool.h:45
NTSYSAPI NTSTATUS NTAPI NtSetSystemInformation(IN INT SystemInformationClass, IN PVOID SystemInformation, IN ULONG SystemInformationLength)
#define OPEN_EXISTING
Definition: compat.h:426
_In_ uint64_t _In_ uint64_t _In_ uint64_t _In_opt_ traverse_ptr * tp
Definition: btrfs.c:2855
BOOL ConvertPath(LPCWSTR lpPath, LPWSTR lpDevice)
Definition: undoc.c:56
DWORD WINAPI GetLongPathNameW(IN LPCWSTR lpszShortPath, OUT LPWSTR lpszLongPath, IN DWORD cchBuffer)
Definition: path.c:1455
GLsizeiptr size
Definition: glext.h:5919
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
__wchar_t WCHAR
Definition: xmlstorage.h:180
NTSTATUS NtQueryObject(IN HANDLE Handle, IN OBJECT_INFO_CLASS ObjectInformationClass, OUT PVOID ObjectInformation, IN ULONG ObjectInformationLength, OUT PULONG ReturnLength)
HANDLE WINAPI GetCurrentProcess(VOID)
Definition: proc.c:1138
#define MAX_PATH
Definition: compat.h:26
unsigned long DWORD
Definition: ntddk_ex.h:95
BOOL NtStopDriver(LPCWSTR lpService)
Definition: undoc.c:164
#define FILE_ATTRIBUTE_NORMAL
Definition: compat.h:126
_CRTIMP wchar_t *__cdecl wcscpy(_Out_writes_z_(_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
static const WCHAR L[]
Definition: oid.c:1250
#define DRIVER_NAME
Definition: ext2fs.h:136
GLenum GLsizei len
Definition: glext.h:6722
#define GENERIC_READ
Definition: compat.h:124
#define SystemExtendServiceTableInformation
Definition: DriverTester.h:35
#define err(...)
static BOOL SetPrivilege(BOOL bSet)
Definition: undoc.c:4
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:376
Status
Definition: gdiplustypes.h:24
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
#define SystemLoadGdiDriverInformation
Definition: DriverTester.h:34
BOOL LoadVia_SystemExtendServiceTableInformation(LPWSTR lpDriverPath)
Definition: undoc.c:240
_CRTIMP wchar_t *__cdecl wcsncpy(wchar_t *_Dest, const wchar_t *_Source, size_t _Count)
NTSTATUS NtUnloadDriver(IN PUNICODE_STRING DriverServiceName)
Definition: driver.c:2147
_CRTIMP wchar_t *__cdecl wcscat(_Inout_updates_z_(_String_length_(_Dest)+_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
BOOL NtStartDriver(LPCWSTR lpService)
Definition: undoc.c:133
BOOL LoadVia_SystemLoadGdiDriverInformation(LPWSTR lpDriverPath)
Definition: undoc.c:199
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:296
struct _UNICODE_STRING UNICODE_STRING
#define CreateFileW
Definition: compat.h:400
struct _SYSTEM_GDI_DRIVER_INFORMATION SYSTEM_GDI_DRIVER_INFORMATION
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
WCHAR * LPWSTR
Definition: xmlstorage.h:184
IN BOOLEAN OUT PSTR Buffer
Definition: progress.h:34
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define TOKEN_ADJUST_PRIVILEGES
Definition: setypes.h:876
NTSTATUS NTAPI NtLoadDriver(IN PUNICODE_STRING DriverServiceName)
Definition: driver.c:2090
#define HeapFree(x, y, z)
Definition: compat.h:394
#define SE_LOAD_DRIVER_NAME
Definition: winnt_old.h:374