2016-07-21 23:02:31 +00:00
|
|
|
#include <fltKernel.h>
|
|
|
|
#include <Ntddk.h>
|
|
|
|
#include "ExcludeList.h"
|
|
|
|
|
|
|
|
#include "RegFilter.h"
|
|
|
|
#include "FsFilter.h"
|
|
|
|
#include "PsMonitor.h"
|
|
|
|
#include "Device.h"
|
|
|
|
#include "Driver.h"
|
2016-12-18 18:11:10 +00:00
|
|
|
#include "Configs.h"
|
2016-07-21 23:02:31 +00:00
|
|
|
|
|
|
|
PDRIVER_OBJECT g_driverObject = NULL;
|
|
|
|
|
2016-12-12 20:40:35 +00:00
|
|
|
volatile LONG g_driverActive = FALSE;
|
2016-07-21 23:02:31 +00:00
|
|
|
|
|
|
|
// =========================================================================================
|
|
|
|
|
2016-12-12 20:40:35 +00:00
|
|
|
VOID EnableDisableDriver(BOOLEAN enabled)
|
2016-07-21 23:02:31 +00:00
|
|
|
{
|
2016-12-12 20:40:35 +00:00
|
|
|
InterlockedExchange(&g_driverActive, (LONG)enabled);
|
2016-07-21 23:02:31 +00:00
|
|
|
}
|
|
|
|
|
2016-12-12 20:40:35 +00:00
|
|
|
BOOLEAN IsDriverEnabled()
|
2016-07-21 23:02:31 +00:00
|
|
|
{
|
2016-12-12 20:40:35 +00:00
|
|
|
return (g_driverActive ? TRUE : FALSE);
|
2016-07-21 23:02:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// =========================================================================================
|
|
|
|
|
|
|
|
VOID DriverUnload(PDRIVER_OBJECT DriverObject)
|
|
|
|
{
|
|
|
|
UNREFERENCED_PARAMETER(DriverObject);
|
|
|
|
|
|
|
|
DestroyDevice();
|
|
|
|
DestroyRegistryFilter();
|
|
|
|
DestroyFSMiniFilter();
|
|
|
|
DestroyPsMonitor();
|
|
|
|
}
|
|
|
|
|
|
|
|
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
|
|
|
|
{
|
|
|
|
NTSTATUS status;
|
|
|
|
|
|
|
|
UNREFERENCED_PARAMETER(RegistryPath);
|
|
|
|
|
2016-12-12 20:40:35 +00:00
|
|
|
EnableDisableDriver(TRUE);
|
2016-07-21 23:02:31 +00:00
|
|
|
|
2016-12-18 18:11:10 +00:00
|
|
|
status = InitializeConfigs(RegistryPath);
|
|
|
|
if (!NT_SUCCESS(status))
|
|
|
|
DbgPrint("FsFilter1!" __FUNCTION__ ": can't initialize configs\n");
|
|
|
|
|
2016-07-21 23:02:31 +00:00
|
|
|
status = InitializePsMonitor(DriverObject);
|
|
|
|
if (!NT_SUCCESS(status))
|
|
|
|
DbgPrint("FsFilter1!" __FUNCTION__ ": object monitor didn't start\n");
|
|
|
|
|
|
|
|
status = InitializeFSMiniFilter(DriverObject);
|
|
|
|
if (!NT_SUCCESS(status))
|
|
|
|
DbgPrint("FsFilter1!" __FUNCTION__ ": file-system mini-filter didn't start\n");
|
|
|
|
|
|
|
|
status = InitializeRegistryFilter(DriverObject);
|
|
|
|
if (!NT_SUCCESS(status))
|
|
|
|
DbgPrint("FsFilter1!" __FUNCTION__ ": registry filter didn't start\n");
|
|
|
|
|
|
|
|
status = InitializeDevice(DriverObject);
|
|
|
|
if (!NT_SUCCESS(status))
|
|
|
|
DbgPrint("FsFilter1!" __FUNCTION__ ": can't create device\n");
|
|
|
|
|
2016-12-18 18:11:10 +00:00
|
|
|
DestroyConfigs();
|
|
|
|
|
2016-07-21 23:02:31 +00:00
|
|
|
DriverObject->DriverUnload = DriverUnload;
|
|
|
|
g_driverObject = DriverObject;
|
|
|
|
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
|