|
|
#include <stdio.h>
#include <ntddk.h>
typedef unsigned long DWORD; // i like DWORD so i define it to use in driver
// main function
NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject,IN PUNICODE_STRING RegistryPath){
HANDLE fHandle; // handle to file
OBJECT_ATTRIBUTES ObjectAttributes; // object attributes
LARGE_INTEGER Interval; // integer, we will use it for sleep function
UNICODE_STRING FileName; // file name
IO_STATUS_BLOCK ioStatusBlock; // IO status block
DWORD dwSeconds = 10; // time to sleep
char myString[] = {"OWNED!!!"}; // string to print to file
Interval.QuadPart = -(unsigned __int64)dwSeconds * 10000 * 1000; // initialize our time interval
if(KeGetCurrentIrql() != PASSIVE_LEVEL) return STATUS_INVALID_DEVICE_STATE;
RtlInitUnicodeString(&FileName, L"\\DosDevices\\C:\\0WN3ED.TXT"); // our file -> unicode string
InitializeObjectAttributes( &ObjectAttributes, &FileName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL );
ZwCreateFile( // create our file
&fHandle,
GENERIC_WRITE,
&ObjectAttributes,
&ioStatusBlock,
NULL,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_OVERWRITE_IF,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL,
0
);
ZwWriteFile(fHandle, // write text to file
NULL,
NULL,
NULL,
&ioStatusBlock,
myString,
strlen(myString),
NULL,
NULL
);
ZwClose(fHandle); // close handle to file
KeDelayExecutionThread(KernelMode,FALSE,&Interval ); // sleep for some time to let user read our message from native application
return STATUS_SUCCESS;
}
//--------------------------------------------------------------------------------------
|
By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.
If a file you wish to view isn't highlighted, and is a text file (not binary), please
let us know and we'll add colourisation support for it.
Submit an article or tip