-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
355 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
|
||
Microsoft Visual Studio Solution File, Format Version 12.00 | ||
# Visual Studio Version 17 | ||
VisualStudioVersion = 17.11.35327.3 | ||
MinimumVisualStudioVersion = 10.0.40219.1 | ||
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SilentLoad", "SilentLoad\SilentLoad.vcxproj", "{A5D2F9C8-0DC2-4A2D-B72F-2FD5FF740043}" | ||
EndProject | ||
Global | ||
GlobalSection(SolutionConfigurationPlatforms) = preSolution | ||
Debug|x64 = Debug|x64 | ||
Debug|x86 = Debug|x86 | ||
Release|x64 = Release|x64 | ||
Release|x86 = Release|x86 | ||
EndGlobalSection | ||
GlobalSection(ProjectConfigurationPlatforms) = postSolution | ||
{A5D2F9C8-0DC2-4A2D-B72F-2FD5FF740043}.Debug|x64.ActiveCfg = Debug|x64 | ||
{A5D2F9C8-0DC2-4A2D-B72F-2FD5FF740043}.Debug|x64.Build.0 = Debug|x64 | ||
{A5D2F9C8-0DC2-4A2D-B72F-2FD5FF740043}.Debug|x86.ActiveCfg = Debug|Win32 | ||
{A5D2F9C8-0DC2-4A2D-B72F-2FD5FF740043}.Debug|x86.Build.0 = Debug|Win32 | ||
{A5D2F9C8-0DC2-4A2D-B72F-2FD5FF740043}.Release|x64.ActiveCfg = Release|x64 | ||
{A5D2F9C8-0DC2-4A2D-B72F-2FD5FF740043}.Release|x64.Build.0 = Release|x64 | ||
{A5D2F9C8-0DC2-4A2D-B72F-2FD5FF740043}.Release|x86.ActiveCfg = Release|Win32 | ||
{A5D2F9C8-0DC2-4A2D-B72F-2FD5FF740043}.Release|x86.Build.0 = Release|Win32 | ||
EndGlobalSection | ||
GlobalSection(SolutionProperties) = preSolution | ||
HideSolutionNode = FALSE | ||
EndGlobalSection | ||
GlobalSection(ExtensibilityGlobals) = postSolution | ||
SolutionGuid = {FB2054AB-CC9E-4B15-B438-B4E89375DCD1} | ||
EndGlobalSection | ||
EndGlobal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,140 @@ | ||
<?xml version="1.0" encoding="utf-8"?> | ||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | ||
<ItemGroup Label="ProjectConfigurations"> | ||
<ProjectConfiguration Include="Debug|Win32"> | ||
<Configuration>Debug</Configuration> | ||
<Platform>Win32</Platform> | ||
</ProjectConfiguration> | ||
<ProjectConfiguration Include="Release|Win32"> | ||
<Configuration>Release</Configuration> | ||
<Platform>Win32</Platform> | ||
</ProjectConfiguration> | ||
<ProjectConfiguration Include="Debug|x64"> | ||
<Configuration>Debug</Configuration> | ||
<Platform>x64</Platform> | ||
</ProjectConfiguration> | ||
<ProjectConfiguration Include="Release|x64"> | ||
<Configuration>Release</Configuration> | ||
<Platform>x64</Platform> | ||
</ProjectConfiguration> | ||
</ItemGroup> | ||
<PropertyGroup Label="Globals"> | ||
<VCProjectVersion>17.0</VCProjectVersion> | ||
<Keyword>Win32Proj</Keyword> | ||
<ProjectGuid>{a5d2f9c8-0dc2-4a2d-b72f-2fd5ff740043}</ProjectGuid> | ||
<RootNamespace>SilentLoad</RootNamespace> | ||
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion> | ||
</PropertyGroup> | ||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> | ||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration"> | ||
<ConfigurationType>Application</ConfigurationType> | ||
<UseDebugLibraries>true</UseDebugLibraries> | ||
<PlatformToolset>v143</PlatformToolset> | ||
<CharacterSet>Unicode</CharacterSet> | ||
</PropertyGroup> | ||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration"> | ||
<ConfigurationType>Application</ConfigurationType> | ||
<UseDebugLibraries>false</UseDebugLibraries> | ||
<PlatformToolset>v143</PlatformToolset> | ||
<WholeProgramOptimization>true</WholeProgramOptimization> | ||
<CharacterSet>Unicode</CharacterSet> | ||
</PropertyGroup> | ||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration"> | ||
<ConfigurationType>Application</ConfigurationType> | ||
<UseDebugLibraries>true</UseDebugLibraries> | ||
<PlatformToolset>v143</PlatformToolset> | ||
<CharacterSet>Unicode</CharacterSet> | ||
</PropertyGroup> | ||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration"> | ||
<ConfigurationType>Application</ConfigurationType> | ||
<UseDebugLibraries>false</UseDebugLibraries> | ||
<PlatformToolset>v143</PlatformToolset> | ||
<WholeProgramOptimization>true</WholeProgramOptimization> | ||
<CharacterSet>Unicode</CharacterSet> | ||
</PropertyGroup> | ||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> | ||
<ImportGroup Label="ExtensionSettings"> | ||
</ImportGroup> | ||
<ImportGroup Label="Shared"> | ||
</ImportGroup> | ||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> | ||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> | ||
</ImportGroup> | ||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> | ||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> | ||
</ImportGroup> | ||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> | ||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> | ||
</ImportGroup> | ||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> | ||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> | ||
</ImportGroup> | ||
<PropertyGroup Label="UserMacros" /> | ||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> | ||
<ClCompile> | ||
<WarningLevel>Level3</WarningLevel> | ||
<SDLCheck>true</SDLCheck> | ||
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> | ||
<ConformanceMode>true</ConformanceMode> | ||
</ClCompile> | ||
<Link> | ||
<SubSystem>Console</SubSystem> | ||
<GenerateDebugInformation>true</GenerateDebugInformation> | ||
<AdditionalDependencies>ntdll.lib;%(AdditionalDependencies)</AdditionalDependencies> | ||
</Link> | ||
</ItemDefinitionGroup> | ||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> | ||
<ClCompile> | ||
<WarningLevel>Level3</WarningLevel> | ||
<FunctionLevelLinking>true</FunctionLevelLinking> | ||
<IntrinsicFunctions>true</IntrinsicFunctions> | ||
<SDLCheck>true</SDLCheck> | ||
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> | ||
<ConformanceMode>true</ConformanceMode> | ||
</ClCompile> | ||
<Link> | ||
<SubSystem>Console</SubSystem> | ||
<EnableCOMDATFolding>true</EnableCOMDATFolding> | ||
<OptimizeReferences>true</OptimizeReferences> | ||
<GenerateDebugInformation>true</GenerateDebugInformation> | ||
<AdditionalDependencies>ntdll.lib;%(AdditionalDependencies)</AdditionalDependencies> | ||
</Link> | ||
</ItemDefinitionGroup> | ||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> | ||
<ClCompile> | ||
<WarningLevel>Level3</WarningLevel> | ||
<SDLCheck>true</SDLCheck> | ||
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> | ||
<ConformanceMode>true</ConformanceMode> | ||
<LanguageStandard_C>stdc17</LanguageStandard_C> | ||
</ClCompile> | ||
<Link> | ||
<SubSystem>Console</SubSystem> | ||
<GenerateDebugInformation>true</GenerateDebugInformation> | ||
<AdditionalDependencies>ntdll.lib;%(AdditionalDependencies)</AdditionalDependencies> | ||
</Link> | ||
</ItemDefinitionGroup> | ||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> | ||
<ClCompile> | ||
<WarningLevel>Level3</WarningLevel> | ||
<FunctionLevelLinking>true</FunctionLevelLinking> | ||
<IntrinsicFunctions>true</IntrinsicFunctions> | ||
<SDLCheck>true</SDLCheck> | ||
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> | ||
<ConformanceMode>true</ConformanceMode> | ||
</ClCompile> | ||
<Link> | ||
<SubSystem>Console</SubSystem> | ||
<EnableCOMDATFolding>true</EnableCOMDATFolding> | ||
<OptimizeReferences>true</OptimizeReferences> | ||
<GenerateDebugInformation>true</GenerateDebugInformation> | ||
<AdditionalDependencies>ntdll.lib;%(AdditionalDependencies)</AdditionalDependencies> | ||
</Link> | ||
</ItemDefinitionGroup> | ||
<ItemGroup> | ||
<ClCompile Include="main.cpp" /> | ||
</ItemGroup> | ||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> | ||
<ImportGroup Label="ExtensionTargets"> | ||
</ImportGroup> | ||
</Project> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
<?xml version="1.0" encoding="utf-8"?> | ||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | ||
<ItemGroup> | ||
<Filter Include="Source Files"> | ||
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier> | ||
<Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions> | ||
</Filter> | ||
<Filter Include="Header Files"> | ||
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier> | ||
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions> | ||
</Filter> | ||
<Filter Include="Resource Files"> | ||
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier> | ||
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions> | ||
</Filter> | ||
</ItemGroup> | ||
<ItemGroup> | ||
<ClCompile Include="main.cpp"> | ||
<Filter>Source Files</Filter> | ||
</ClCompile> | ||
</ItemGroup> | ||
</Project> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,162 @@ | ||
#include <Windows.h> | ||
#include <stdio.h> | ||
#include <winternl.h> | ||
#include <strsafe.h> | ||
|
||
#define SERVICE_NAME L"SilentLoad" | ||
#define DRIVER_PATH L"\\??\\C:\\Windows\\System32\\drivers\\SilentLoad.sys" | ||
|
||
typedef NTSTATUS(NTAPI* _NtLoadDriver)(PUNICODE_STRING DriverServiceName); | ||
|
||
static _NtLoadDriver NtLoadDriver = NULL; | ||
|
||
static bool GrantPrivilege(LPCTSTR privilege) | ||
{ | ||
HANDLE Token; | ||
TOKEN_PRIVILEGES TokenPrivileges; | ||
LUID Luid; | ||
|
||
if (!LookupPrivilegeValueW(NULL, SE_LOAD_DRIVER_NAME, &Luid)) | ||
return false; | ||
|
||
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &Token)) | ||
return false; | ||
|
||
TokenPrivileges = { 0 }; | ||
TokenPrivileges.PrivilegeCount = 1; | ||
TokenPrivileges.Privileges[0].Luid = Luid; | ||
TokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; | ||
|
||
if (!AdjustTokenPrivileges(Token, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL) | ||
|| GetLastError() == ERROR_NOT_ALL_ASSIGNED) | ||
{ | ||
CloseHandle(Token); | ||
return false; | ||
} | ||
|
||
CloseHandle(Token); | ||
|
||
return true; | ||
} | ||
|
||
static _NtLoadDriver ResolveNtLoadDriver() | ||
{ | ||
HMODULE Handle; | ||
|
||
Handle = GetModuleHandleW(L"ntdll.dll"); | ||
if (!Handle) | ||
return NULL; | ||
|
||
return (_NtLoadDriver)GetProcAddress(Handle, "NtLoadDriver"); | ||
} | ||
|
||
static bool AddService(LPCWSTR ServiceName, LPCWSTR DriverPath) | ||
{ | ||
HKEY ServicesKey; | ||
DWORD ImagePathLength; | ||
DWORD ServiceType; | ||
DWORD ServiceStartType; | ||
DWORD ServiceErrorControl; | ||
DWORD ServiceNameLength; | ||
|
||
if (!NT_SUCCESS(RegOpenKeyExW(HKEY_LOCAL_MACHINE, L"SYSTEM\\CurrentControlSet\\Services", 0, KEY_ALL_ACCESS, &ServicesKey))) | ||
goto Error; | ||
|
||
if (!NT_SUCCESS(RegCreateKeyW(ServicesKey, ServiceName, &ServicesKey))) | ||
goto Error; | ||
|
||
ImagePathLength = (wcslen(DriverPath) + 1) * sizeof(WCHAR); | ||
if (!NT_SUCCESS(RegSetValueExW(ServicesKey, L"ImagePath", 0, REG_EXPAND_SZ, (LPBYTE)DriverPath, ImagePathLength))) | ||
goto Error; | ||
|
||
ServiceType = SERVICE_KERNEL_DRIVER; | ||
if (!NT_SUCCESS(RegSetValueExW(ServicesKey, L"Type", 0, REG_DWORD, (LPBYTE)&ServiceType, sizeof(ServiceType)))) | ||
goto Error; | ||
|
||
ServiceStartType = SERVICE_DEMAND_START; | ||
if (!NT_SUCCESS(RegSetValueExW(ServicesKey, L"Start", 0, REG_DWORD, (LPBYTE)&ServiceStartType, sizeof(ServiceStartType)))) | ||
goto Error; | ||
|
||
ServiceErrorControl = SERVICE_ERROR_NORMAL; | ||
if (!NT_SUCCESS(RegSetValueExW(ServicesKey, L"ErrorControl", 0, REG_DWORD, (LPBYTE)&ServiceErrorControl, sizeof(ServiceErrorControl)))) | ||
goto Error; | ||
|
||
ServiceNameLength = (wcslen(ServiceName) + 1) * sizeof(WCHAR); | ||
if (!NT_SUCCESS(RegSetValueExW(ServicesKey, L"DisplayName", 0, REG_SZ, (LPBYTE)ServiceName, ServiceNameLength))) | ||
goto Error; | ||
|
||
RegCloseKey(ServicesKey); | ||
|
||
return true; | ||
|
||
Error: | ||
RegCloseKey(ServicesKey); | ||
|
||
return false; | ||
} | ||
|
||
static bool RemoveService(LPCWSTR ServiceName) | ||
{ | ||
WCHAR RegistryPath[MAX_PATH]; | ||
|
||
StringCchPrintfW(RegistryPath, ARRAYSIZE(RegistryPath), L"SYSTEM\\CurrentControlSet\\Services\\%s", ServiceName); | ||
|
||
return NT_SUCCESS(RegDeleteTreeW(HKEY_LOCAL_MACHINE, RegistryPath)); | ||
} | ||
|
||
static bool LoadDriver(LPCWSTR ServiceName) | ||
{ | ||
UNICODE_STRING DriverServiceName; | ||
WCHAR Buffer[MAX_PATH]; | ||
NTSTATUS Status; | ||
|
||
StringCchPrintfW(Buffer, ARRAYSIZE(Buffer), L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\%s", ServiceName); | ||
RtlInitUnicodeString(&DriverServiceName, Buffer); | ||
|
||
Status = NtLoadDriver(&DriverServiceName); | ||
if (Status == 0xC000010E) | ||
{ | ||
printf("Driver already loaded\n"); | ||
return true; | ||
} | ||
|
||
return NT_SUCCESS(Status); | ||
|
||
} | ||
|
||
int main(int argc, char* argv[]) | ||
{ | ||
if (!GrantPrivilege(SE_LOAD_DRIVER_NAME)) | ||
{ | ||
printf("Failed to grant privilege\n"); | ||
goto End; | ||
} | ||
|
||
NtLoadDriver = ResolveNtLoadDriver(); | ||
if (!NtLoadDriver) | ||
{ | ||
printf("Failed to resolve NtLoadDriver\n"); | ||
goto End; | ||
} | ||
|
||
printf("NtLoadDriver: 0x%p\n", NtLoadDriver); | ||
|
||
if (!AddService(SERVICE_NAME, DRIVER_PATH)) | ||
{ | ||
printf("Failed to add service\n"); | ||
goto End; | ||
} | ||
|
||
if (!LoadDriver(SERVICE_NAME)) | ||
{ | ||
printf("Failed to load driver\n"); | ||
goto End; | ||
} | ||
|
||
|
||
End: | ||
if (!RemoveService(SERVICE_NAME)) | ||
printf("Failed to remove service\n"); | ||
|
||
return 0; | ||
} |