Skip to content

Commit

Permalink
驱动代码
Browse files Browse the repository at this point in the history
  • Loading branch information
joney authored and joney committed Dec 25, 2020
1 parent 7082ed9 commit c52a438
Show file tree
Hide file tree
Showing 12 changed files with 1,194 additions and 0 deletions.
152 changes: 152 additions & 0 deletions BranchTracerSys/BranchTracerSys.cpp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
#include <ntifs.h>
#include <ntddk.h>
#include "asm/debug.h"
#include "bts/bts.h"
#include "kernel-hooks/Hooks.h"
#include "kernel-tools/KernelBase.h"

#include "ioctls.h"

NTSTATUS IoctlDeviceControl(PDEVICE_OBJECT DeviceObject, PIRP Irp);
NTSTATUS IoctlCreateClose(PDEVICE_OBJECT DeviceObject, PIRP Irp);

PDEVICE_OBJECT DeviceObject;
UNICODE_STRING DeviceName;
UNICODE_STRING SymlinkName;

VOID DriverUnload(PDRIVER_OBJECT DriverObject)
{
UNREFERENCED_PARAMETER(DriverObject);
DbgPrint("Driver Unloading... \n");

IoDeleteSymbolicLink(&SymlinkName);
IoDeleteDevice(DriverObject->DeviceObject);

// Reset BTS : 释放DS_Area内存.
ResetBTS();

// 监控期间会不断产生TraceData. 结束时必须释放这些内存。
ClearThreadTraceData();
}

//StartMonitThread((HANDLE)THREADID);
//StopMonitThread((HANDLE)THREADID);


#define DEVICE_NAME L"\\Device\\Branch-Trace"
#define SYMLINK_NAME L"\\DosDevices\\Branch-Trace"
#define DRIVER_NAME L"\\Driver\\Branch-Trace"

EXTERN_C NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING pRegistryPath)
{
UNREFERENCED_PARAMETER(pRegistryPath);

// 初始化环境 : 初始化全局变量
InitializeEnvironment();

// Setup
if (!NT_SUCCESS(SetupBTS())) {
return STATUS_UNSUCCESSFUL;
}


RtlInitUnicodeString(&DeviceName, DEVICE_NAME);
RtlInitUnicodeString(&SymlinkName, SYMLINK_NAME);


// 创建设备对象
IoCreateDevice(DriverObject, 0, &DeviceName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &DeviceObject);

// 设置通讯方式
DeviceObject->Flags |= DO_BUFFERED_IO;

IoCreateSymbolicLink(&SymlinkName, &DeviceName);


DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = IoctlDeviceControl;
DriverObject->MajorFunction[IRP_MJ_CREATE] = IoctlCreateClose;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = IoctlCreateClose;
DriverObject->DriverUnload = DriverUnload;

DbgPrint("DriverEntry Completed!\n");
return STATUS_SUCCESS;
}


NTSTATUS IoctlCreateClose(PDEVICE_OBJECT pDeviceObject, PIRP Irp)
{
UNREFERENCED_PARAMETER(pDeviceObject);
UNREFERENCED_PARAMETER(Irp);

Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}

NTSTATUS IoctlDeviceControl(PDEVICE_OBJECT pDeviceObject, PIRP Irp)
{
UNREFERENCED_PARAMETER(pDeviceObject);
UNREFERENCED_PARAMETER(Irp);

NTSTATUS Status = STATUS_SUCCESS;
ULONG InfoSize = 0;
PIO_STACK_LOCATION Stack = IoGetCurrentIrpStackLocation(Irp);
ULONG ControlCode = Stack->Parameters.DeviceIoControl.IoControlCode;


switch (ControlCode) {
case IOCTL_START_THREAD_TRACE: {
// 开始监控
PSTART_THREAD_TRACE_PARAM Request = (PSTART_THREAD_TRACE_PARAM)Irp->AssociatedIrp.SystemBuffer;
if (Request->ThreadId == 0) {
Status = STATUS_UNSUCCESSFUL;
break;
}

if (!StartMonitThread((HANDLE)Request->ThreadId)) {
DbgPrint("StartMonitThread Failed!\n");
Status = STATUS_UNSUCCESSFUL;
break;
}
break;
}

case IOCTL_STOP_THREAD_TRACE:
{
PSTOP_THREAD_TRACE_PARAM Request = (PSTOP_THREAD_TRACE_PARAM)Irp->AssociatedIrp.SystemBuffer;
StopMonitThread((HANDLE)Request->ThreadId);

DbgBreakPoint();
SIZE_T BufferSize = 0;
if (Request->Buffer != NULL) {
if (!ReadThreadTraceData((HANDLE)Request->ThreadId, Request->Buffer,
Request->BufferSize, Request->FilterStart, Request->FilterEnd, &BufferSize)) {
Status = STATUS_UNSUCCESSFUL;
break;
}
}

// 清理数据
ClearThreadTraceData();
Request->ReadSize = BufferSize;
InfoSize = sizeof(STOP_THREAD_TRACE_PARAM);
Status = STATUS_SUCCESS;
break;

}


default: {
Status = STATUS_INVALID_DEVICE_REQUEST;
InfoSize = 0;
break;
}
}

Irp->IoStatus.Status = Status;
Irp->IoStatus.Information = InfoSize;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return Status;
}

142 changes: 142 additions & 0 deletions BranchTracerSys/BranchTracerSys.vcxproj
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,142 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{D043300D-A14F-4E73-99A3-73C48E142404}</ProjectGuid>
<TemplateGuid>{dd38f7fc-d7bd-488b-9242-7d8754cde80d}</TemplateGuid>
<TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
<MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
<Configuration>Debug</Configuration>
<Platform Condition="'$(Platform)' == ''">Win32</Platform>
<RootNamespace>BranchTracerSys</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<TargetVersion>Windows7</TargetVersion>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
<DriverType>WDM</DriverType>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<TargetVersion>Windows7</TargetVersion>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
<DriverType>WDM</DriverType>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<TargetVersion>Windows7</TargetVersion>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
<DriverType>WDM</DriverType>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<TargetVersion>Windows7</TargetVersion>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
<DriverType>WDM</DriverType>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
<ExcludePath>$(ExcludePath)</ExcludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
<ExcludePath>$(ExcludePath)</ExcludePath>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
</ClCompile>
</ItemDefinitionGroup>
<ItemGroup>
<FilesToPackage Include="$(TargetPath)" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="BranchTracerSys.cpp" />
<ClCompile Include="bts\bts.cpp" />
<ClCompile Include="kernel-hooks\Hooks.cpp" />
<ClCompile Include="kernel-hooks\LDasm.c" />
<ClCompile Include="kernel-tools\apc_ex.c" />
<ClCompile Include="kernel-tools\KernelBase.c" />
</ItemGroup>
<ItemGroup>
<None Include="asm\cpu.inc" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="asm\debug.h" />
<ClInclude Include="bts\bts.h" />
<ClInclude Include="ioctls.h" />
<ClInclude Include="kernel-hooks\Hooks.h" />
<ClInclude Include="kernel-hooks\LDasm.h" />
<ClInclude Include="kernel-tools\apc_ex.h" />
<ClInclude Include="kernel-tools\KernelBase.h" />
<ClInclude Include="kernel-tools\my_ntstatus.h" />
<ClInclude Include="kernel-tools\nt_enums.h" />
<ClInclude Include="kernel-tools\nt_imports.h" />
<ClInclude Include="kernel-tools\nt_include.h" />
<ClInclude Include="kernel-tools\nt_structs.h" />
</ItemGroup>
<ItemGroup>
<MASM Include="asm\debug32.asm">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
</MASM>
<MASM Include="asm\debug64.asm">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
</MASM>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
Loading

0 comments on commit c52a438

Please sign in to comment.