driver_sourcecode

1. #include <ntifs.h>
2. #include <ntddk.h>
3.  
4. typedef struct _SYSTEM_THREAD_INFORMATION
5. {
6.     LARGE_INTEGER KernelTime;
7.     LARGE_INTEGER UserTime;
8.     LARGE_INTEGER CreateTime;
9.     ULONG WaitTime;
10.     PVOID StartAddress;
11.     CLIENT_ID ClientId;
12.     KPRIORITY Priority;
13.     LONG BasePriority;
14.     ULONG ContextSwitches;
15.     ULONG ThreadState;
16.     KWAIT_REASON WaitReason;
17. }SYSTEM_THREAD_INFORMATION,*PSYSTEM_THREAD_INFORMATION;
18.  
19. typedef struct _SYSTEM_PROCESS_INFO
20. {
21.     ULONG NextEntryOffset;
22.     ULONG NumberOfThreads;
23.     LARGE_INTEGER WorkingSetPrivateSize;
24.     ULONG HardFaultCount;
25.     ULONG NumberOfThreadsHighWatermark;
26.     ULONGLONG CycleTime;
27.     LARGE_INTEGER CreateTime;
28.     LARGE_INTEGER UserTime;
29.     LARGE_INTEGER KernelTime;
30.     UNICODE_STRING ImageName;
31.     KPRIORITY BasePriority;
32.     HANDLE UniqueProcessId;
33.     HANDLE InheritedFromUniqueProcessId;
34.     ULONG HandleCount;
35.     ULONG SessionId;
36.     ULONG_PTR UniqueProcessKey;
37.     SIZE_T PeakVirtualSize;
38.     SIZE_T VirtualSize;
39.     ULONG PageFaultCount;
40.     SIZE_T PeakWorkingSetSize;
41.     SIZE_T WorkingSetSize;
42.     SIZE_T QuotaPeakPagedPoolUsage;
43.     SIZE_T QuotaPagedPoolUsage;
44.     SIZE_T QuotaPeakNonPagedPoolUsage;
45.     SIZE_T QuotaNonPagedPoolUsage;
46.     SIZE_T PagefileUsage;
47.     SIZE_T PeakPagefileUsage;
48.     SIZE_T PrivatePageCount;
49.     LARGE_INTEGER ReadOperationCount;
50.     LARGE_INTEGER WriteOperationCount;
51.     LARGE_INTEGER OtherOperationCount;
52.     LARGE_INTEGER ReadTransferCount;
53.     LARGE_INTEGER WriteTransferCount;
54.     LARGE_INTEGER OtherTransferCount;
55.     SYSTEM_THREAD_INFORMATION Threads[1];
56. }SYSTEM_PROCESS_INFO,*PSYSTEM_PROCESS_INFO;
57.  
58. typedef struct _LDR_DATA_TABLE_ENTRY
59. {
60.      LIST_ENTRY InLoadOrderLinks;
61.      LIST_ENTRY InMemoryOrderLinks;
62.      LIST_ENTRY InInitializationOrderLinks;
63.      PVOID DllBase;
64.      PVOID EntryPoint;
65.      ULONG SizeOfImage;
66.      UNICODE_STRING FullDllName;
67.      UNICODE_STRING BaseDllName;
68.      ULONG Flags;
69.      USHORT LoadCount;
70.      USHORT TlsIndex;
71.  
72.      union
73.      {
74.           LIST_ENTRY HashLinks;
75.  
76.           struct
77.           {
78.                PVOID SectionPointer;
79.                ULONG CheckSum;
80.           };
81.      };
82.  
83.      union
84.      {
85.           ULONG TimeDateStamp;
86.           PVOID LoadedImports;
87.      };
88.  
89.      struct _ACTIVATION_CONTEXT * EntryPointActivationContext;
90.      PVOID PatchInformation;
91.      LIST_ENTRY ForwarderLinks;
92.      LIST_ENTRY ServiceTagLinks;
93.      LIST_ENTRY StaticLinks;
94. }LDR_DATA_TABLE_ENTRY,*PLDR_DATA_TABLE_ENTRY;
95.  
96. typedef struct _IMAGE_DOS_HEADER
97. {
98.      USHORT e_magic;
99.      USHORT e_cblp;
100.      USHORT e_cp;
101.      USHORT e_crlc;
102.      USHORT e_cparhdr;
103.      USHORT e_minalloc;
104.      USHORT e_maxalloc;
105.      USHORT e_ss;
106.      USHORT e_sp;
107.      USHORT e_csum;
108.      USHORT e_ip;
109.      USHORT e_cs;
110.      USHORT e_lfarlc;
111.      USHORT e_ovno;
112.      USHORT e_res[4];
113.      USHORT e_oemid;
114.      USHORT e_oeminfo;
115.      USHORT e_res2[10];
116.      LONG e_lfanew;
117. }IMAGE_DOS_HEADER,*PIMAGE_DOS_HEADER;
118.  
119. typedef struct _IMAGE_DATA_DIRECTORY
120. {
121.      ULONG VirtualAddress;
122.      ULONG Size;
123. }IMAGE_DATA_DIRECTORY,*PIMAGE_DATA_DIRECTORY;
124.  
125. typedef struct _IMAGE_FILE_HEADER
126. {
127.      USHORT Machine;
128.      USHORT NumberOfSections;
129.      ULONG TimeDateStamp;
130.      ULONG PointerToSymbolTable;
131.      ULONG NumberOfSymbols;
132.      USHORT SizeOfOptionalHeader;
133.      USHORT Characteristics;
134. }IMAGE_FILE_HEADER,*PIMAGE_FILE_HEADER;
135.  
136. typedef struct _IMAGE_OPTIONAL_HEADER
137. {
138.      USHORT Magic;
139.      UCHAR MajorLinkerVersion;
140.      UCHAR MinorLinkerVersion;
141.      ULONG SizeOfCode;
142.      ULONG SizeOfInitializedData;
143.      ULONG SizeOfUninitializedData;
144.      ULONG AddressOfEntryPoint;
145.      ULONG BaseOfCode;
146.      ULONG BaseOfData;
147.      ULONG ImageBase;
148.      ULONG SectionAlignment;
149.      ULONG FileAlignment;
150.      USHORT MajorOperatingSystemVersion;
151.      USHORT MinorOperatingSystemVersion;
152.      USHORT MajorImageVersion;
153.      USHORT MinorImageVersion;
154.      USHORT MajorSubsystemVersion;
155.      USHORT MinorSubsystemVersion;
156.      ULONG Win32VersionValue;
157.      ULONG SizeOfImage;
158.      ULONG SizeOfHeaders;
159.      ULONG CheckSum;
160.      USHORT Subsystem;
161.      USHORT DllCharacteristics;
162.      ULONG SizeOfStackReserve;
163.      ULONG SizeOfStackCommit;
164.      ULONG SizeOfHeapReserve;
165.      ULONG SizeOfHeapCommit;
166.      ULONG LoaderFlags;
167.      ULONG NumberOfRvaAndSizes;
168.      IMAGE_DATA_DIRECTORY DataDirectory[16];
169. }IMAGE_OPTIONAL_HEADER,*PIMAGE_OPTIONAL_HEADER;
170.  
171. typedef struct _IMAGE_NT_HEADERS
172. {
173.      ULONG Signature;
174.      IMAGE_FILE_HEADER FileHeader;
175.      IMAGE_OPTIONAL_HEADER OptionalHeader;
176. }IMAGE_NT_HEADERS,*PIMAGE_NT_HEADERS;
177.  
178. typedef struct _IMAGE_EXPORT_DIRECTORY
179. {
180.     ULONG   Characteristics;
181.     ULONG   TimeDateStamp;
182.     USHORT  MajorVersion;
183.     USHORT  MinorVersion;
184.     ULONG   Name;
185.     ULONG   Base;
186.     ULONG   NumberOfFunctions;
187.     ULONG   NumberOfNames;
188.     ULONG   AddressOfFunctions;
189.     ULONG   AddressOfNames;
190.     ULONG   AddressOfNameOrdinals;
191. }IMAGE_EXPORT_DIRECTORY,*PIMAGE_EXPORT_DIRECTORY;
192.  
193. #define IMAGE_DIRECTORY_ENTRY_EXPORT 0
194.  
195. extern "C" NTSTATUS ZwQuerySystemInformation(ULONG InfoClass,PVOID Buffer,ULONG Length,PULONG ReturnLength);
196. extern "C" LPSTR PsGetProcessImageFileName(PEPROCESS Process);
197.  
198. typedef NTSTATUS (*PLDR_LOAD_DLL)(PWSTR,PULONG,PUNICODE_STRING,PVOID*);
199.  
200. typedef struct _INJECT_INFO
201. {
202.     HANDLE ProcessId;
203.     wchar_t DllName[1024];
204. }INJECT_INFO,*PINJECT_INFO;
205.  
206. typedef struct _KINJECT
207. {
208.     UNICODE_STRING DllName;
209.     wchar_t Buffer[1024];
210.     PLDR_LOAD_DLL LdrLoadDll;
211.     PVOID DllBase;
212.     ULONG Executed;
213. }KINJECT,*PKINJECT;
214.  
215. typedef enum _KAPC_ENVIRONMENT
216. {
217.     OriginalApcEnvironment,
218.     AttachedApcEnvironment,
219.     CurrentApcEnvironment,
220.     InsertApcEnvironment
221. }KAPC_ENVIRONMENT,*PKAPC_ENVIRONMENT;
222.  
223. typedef VOID (NTAPI *PKNORMAL_ROUTINE)(
224.     PVOID NormalContext,
225.     PVOID SystemArgument1,
226.     PVOID SystemArgument2
227.     );
228.  
229. typedef VOID KKERNEL_ROUTINE(
230.     PRKAPC Apc,
231.     PKNORMAL_ROUTINE *NormalRoutine,
232.     PVOID *NormalContext,
233.     PVOID *SystemArgument1,
234.     PVOID *SystemArgument2
235.     );
236.  
237. typedef KKERNEL_ROUTINE (NTAPI *PKKERNEL_ROUTINE);
238.  
239. typedef VOID (NTAPI *PKRUNDOWN_ROUTINE)(
240.     PRKAPC Apc
241.     );
242.  
243. extern "C" void KeInitializeApc(
244.     PRKAPC Apc,
245.     PRKTHREAD Thread,
246.     KAPC_ENVIRONMENT Environment,
247.     PKKERNEL_ROUTINE KernelRoutine,
248.     PKRUNDOWN_ROUTINE RundownRoutine,
249.     PKNORMAL_ROUTINE NormalRoutine,
250.     KPROCESSOR_MODE ProcessorMode,
251.     PVOID NormalContext
252.     );
253.  
254. extern "C" BOOLEAN KeInsertQueueApc(
255.     PRKAPC Apc,
256.     PVOID SystemArgument1,
257.     PVOID SystemArgument2,
258.     KPRIORITY Increment
259.     );
260.  
261. UNICODE_STRING DeviceName=RTL_CONSTANT_STRING(L"\\Device\\KeInject"),SymbolicLink=RTL_CONSTANT_STRING(L"\\DosDevices\\KeInject");
262.  
263. ULONG ApcStateOffset; // Offset to the ApcState structure
264. PLDR_LOAD_DLL LdrLoadDll; // LdrLoadDll address
265.  
266. void Unload(PDRIVER_OBJECT pDriverObject)
267. {
268.     DbgPrint("DLL injection driver unloaded.");
269.  
270.     IoDeleteSymbolicLink(&SymbolicLink);
271.     IoDeleteDevice(pDriverObject->DeviceObject);
272. }
273.  
274. void NTAPI KernelRoutine(PKAPC apc,PKNORMAL_ROUTINE* NormalRoutine,PVOID* NormalContext,PVOID* SystemArgument1,PVOID* SystemArgument2)
275. {
276.     ExFreePool(apc);
277. }
278.  
279. void NTAPI InjectDllApc(PVOID NormalContext,PVOID SystemArgument1,PVOID SystemArgument2)
280. {
281.     PKINJECT inject=(PKINJECT)NormalContext;
282.  
283.     inject->LdrLoadDll(NULL,NULL,&inject->DllName,&inject->DllBase);
284.     inject->Executed=TRUE;
285. }
286.  
287. BOOLEAN InjectDll(PINJECT_INFO InjectInfo)
288. {
289.     PEPROCESS Process;
290.     PETHREAD Thread;
291.  
292.     PKINJECT mem;
293.     ULONG size;
294.  
295.     PKAPC_STATE ApcState;
296.     PKAPC apc;
297.  
298.     PVOID buffer;
299.     PSYSTEM_PROCESS_INFO pSpi;
300.  
301.     LARGE_INTEGER delay;
302.  
303.     buffer=ExAllocatePool(NonPagedPool,1024*1024); // Allocate memory for the system information
304.  
305.     if(!buffer)
306.     {
307.         DbgPrint("Error: Unable to allocate memory for the process thread list.");
308.         return FALSE;
309.     }
310.  
311.     // Get the process thread list
312.  
313.     if(!NT_SUCCESS(ZwQuerySystemInformation(5,buffer,1024*1024,NULL)))
314.     {
315.         DbgPrint("Error: Unable to query process thread list.");
316.          
317.         ExFreePool(buffer);
318.         return FALSE;
319.     }
320.  
321.     pSpi=(PSYSTEM_PROCESS_INFO)buffer;
322.  
323.     // Find a target thread
324.  
325.     while(pSpi->NextEntryOffset)
326.     {
327.         if(pSpi->UniqueProcessId==InjectInfo->ProcessId)
328.         {
329.             DbgPrint("Target thread found. TID: %d",pSpi->Threads[0].ClientId.UniqueThread);
330.             break;
331.         }
332.  
333.         pSpi=(PSYSTEM_PROCESS_INFO)((PUCHAR)pSpi+pSpi->NextEntryOffset);
334.     }
335.  
336.     // Reference the target process
337.  
338.     if(!NT_SUCCESS(PsLookupProcessByProcessId(InjectInfo->ProcessId,&Process)))
339.     {
340.         DbgPrint("Error: Unable to reference the target process.");
341.          
342.         ExFreePool(buffer);
343.         return FALSE;
344.     }
345.  
346.     DbgPrint("Process name: %s",PsGetProcessImageFileName(Process));
347.     DbgPrint("EPROCESS address: %#x",Process);
348.  
349.     // Reference the target thread
350.  
351.     if(!NT_SUCCESS(PsLookupThreadByThreadId(pSpi->Threads[0].ClientId.UniqueThread,&Thread)))
352.     {
353.         DbgPrint("Error: Unable to reference the target thread.");
354.         ObDereferenceObject(Process); // Dereference the target process
355.  
356.         ExFreePool(buffer); // Free the allocated memory
357.         return FALSE;
358.     }
359.  
360.     DbgPrint("ETHREAD address: %#x",Thread);
361.  
362.     ExFreePool(buffer); // Free the allocated memory
363.     KeAttachProcess(Process); // Attach to target process's address space
364.  
365.     mem=NULL;
366.     size=4096;
367.  
368.     // Allocate memory in the target process
369.  
370.     if(!NT_SUCCESS(ZwAllocateVirtualMemory(NtCurrentProcess(),(PVOID*)&mem,0,&size,MEM_COMMIT|MEM_RESERVE,PAGE_EXECUTE_READWRITE)))
371.     {
372.         DbgPrint("Error: Unable to allocate memory in the target process.");
373.         KeDetachProcess(); // Detach from target process's address space
374.  
375.         ObDereferenceObject(Process); // Dereference the target process
376.         ObDereferenceObject(Thread); // Dereference the target thread
377.  
378.         return FALSE;
379.     }
380.  
381.     DbgPrint("Memory allocated at %#x",mem);
382.  
383.     mem->LdrLoadDll=LdrLoadDll; // Write the address of LdrLoadDll to target process
384.     wcscpy(mem->Buffer,InjectInfo->DllName); // Write the DLL name to target process
385.  
386.     RtlInitUnicodeString(&mem->DllName,mem->Buffer); // Initialize the UNICODE_STRING structure
387.     ApcState=(PKAPC_STATE)((PUCHAR)Thread+ApcStateOffset); // Calculate the address of the ApcState structure
388.  
389.     ApcState->UserApcPending=TRUE; // Force the target thread to execute APC
390.  
391.     memcpy((PKINJECT)(mem+1),InjectDllApc,(ULONG)KernelRoutine-(ULONG)InjectDllApc); // Copy the APC code to target process
392.     DbgPrint("APC code address: %#x",(PKINJECT)(mem+1));
393.  
394.     apc=(PKAPC)ExAllocatePool(NonPagedPool,sizeof(KAPC)); // Allocate the APC object
395.  
396.     if(!apc)
397.     {
398.         DbgPrint("Error: Unable to allocate the APC object.");
399.         size=0;
400.  
401.         ZwFreeVirtualMemory(NtCurrentProcess(),(PVOID*)&mem,&size,MEM_RELEASE);  // Free the allocated memory
402.         KeDetachProcess(); // Detach from target process's address space
403.  
404.         ObDereferenceObject(Process); // Dereference the target process
405.         ObDereferenceObject(Thread); // Dereference the target thread
406.  
407.         return FALSE;
408.     }
409.  
410.     KeInitializeApc(apc,Thread,OriginalApcEnvironment,KernelRoutine,NULL,(PKNORMAL_ROUTINE)((PKINJECT)mem+1),UserMode,mem); // Initialize the APC
411.     DbgPrint("Inserting APC to target thread");
412.  
413.     // Insert the APC to the target thread
414.  
415.     if(!KeInsertQueueApc(apc,NULL,NULL,IO_NO_INCREMENT))
416.     {
417.         DbgPrint("Error: Unable to insert APC to target thread.");
418.         size=0;
419.          
420.         ZwFreeVirtualMemory(NtCurrentProcess(),(PVOID*)&mem,&size,MEM_RELEASE); // Free the allocated memory
421.         KeDetachProcess(); // Detach from target process's address space
422.  
423.         ObDereferenceObject(Process); // Dereference the target process
424.         ObDereferenceObject(Thread); // Dereference the target thread
425.  
426.         ExFreePool(apc); // Free the APC object
427.         return FALSE;
428.     }
429.  
430.     delay.QuadPart=-100*10000;
431.  
432.     while(!mem->Executed)
433.     {
434.         KeDelayExecutionThread(KernelMode,FALSE,&delay); // Wait for the injection to complete
435.     }
436.  
437.     if(!mem->DllBase)
438.     {
439.         DbgPrint("Error: Unable to inject DLL into target process.");
440.         size=0;
441.  
442.         ZwFreeVirtualMemory(NtCurrentProcess(),(PVOID*)&mem,&size,MEM_RELEASE);
443.         KeDetachProcess();
444.  
445.         ObDereferenceObject(Process);
446.         ObDereferenceObject(Thread);
447.          
448.         return FALSE;
449.     }
450.  
451.     DbgPrint("DLL injected at %#x",mem->DllBase);
452.     size=0;
453.  
454.     ZwFreeVirtualMemory(NtCurrentProcess(),(PVOID*)&mem,&size,MEM_RELEASE); // Free the allocated memory
455.     KeDetachProcess(); // Detach from target process's address space
456.  
457.     ObDereferenceObject(Process); // Dereference the target process
458.     ObDereferenceObject(Thread);  // Dereference the target thread
459.  
460.     return TRUE;
461. }
462.  
463. NTSTATUS DriverDispatch(PDEVICE_OBJECT DeviceObject,PIRP irp)
464. {
465.     PIO_STACK_LOCATION io;
466.     PINJECT_INFO InjectInfo;
467.  
468.     NTSTATUS status;
469.  
470.     io=IoGetCurrentIrpStackLocation(irp);
471.     irp->IoStatus.Information=0;
472.  
473.     switch(io->MajorFunction)
474.     {
475.         case IRP_MJ_CREATE:
476.             status=STATUS_SUCCESS;
477.             break;
478.         case IRP_MJ_CLOSE:
479.             status=STATUS_SUCCESS;
480.             break;
481.         case IRP_MJ_READ:
482.             status=STATUS_SUCCESS;
483.             break;
484.         case IRP_MJ_WRITE:
485.  
486.             InjectInfo=(PINJECT_INFO)MmGetSystemAddressForMdlSafe(irp->MdlAddress,NormalPagePriority);
487.  
488.             if(!InjectInfo)
489.             {
490.                 status=STATUS_INSUFFICIENT_RESOURCES;
491.                 break;
492.             }
493.  
494.             if(!InjectDll(InjectInfo))
495.             {
496.                 status=STATUS_UNSUCCESSFUL;
497.                 break;
498.             }
499.  
500.             status=STATUS_SUCCESS;
501.             irp->IoStatus.Information=sizeof(INJECT_INFO);
502.  
503.             break;
504.  
505.         default:
506.             status=STATUS_INVALID_DEVICE_REQUEST;
507.             break;
508.     }
509.  
510.     irp->IoStatus.Status=status;
511.  
512.     IoCompleteRequest(irp,IO_NO_INCREMENT);
513.     return status;
514. }
515.  
516. NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject,PUNICODE_STRING pRegistryPath)
517. {
518.     PDEVICE_OBJECT DeviceObject;
519.     PEPROCESS Process;
520.     PETHREAD Thread;
521.     PKAPC_STATE ApcState;
522.  
523.     PVOID KdVersionBlock,NtdllBase;
524.     PULONG ptr,Functions,Names;
525.     PUSHORT Ordinals;
526.  
527.     PLDR_DATA_TABLE_ENTRY MmLoadedUserImageList,ModuleEntry;
528.     ULONG i;
529.  
530.     PIMAGE_DOS_HEADER pIDH;
531.     PIMAGE_NT_HEADERS pINH;
532.     PIMAGE_EXPORT_DIRECTORY pIED;
533.  
534.     pDriverObject->DriverUnload=Unload;
535.  
536.     KdVersionBlock=(PVOID)__readfsdword(0x34); // Get the KdVersionBlock
537.     MmLoadedUserImageList=*(PLDR_DATA_TABLE_ENTRY*)((PUCHAR)KdVersionBlock+0x228); // Get the MmLoadUserImageList
538.  
539.     DbgPrint("KdVersionBlock address: %#x",KdVersionBlock);
540.     DbgPrint("MmLoadedUserImageList address: %#x",MmLoadedUserImageList);
541.  
542.     ModuleEntry=(PLDR_DATA_TABLE_ENTRY)MmLoadedUserImageList->InLoadOrderLinks.Flink; // Move to first entry
543.     NtdllBase=ModuleEntry->DllBase; // ntdll is always located in first entry
544.  
545.     DbgPrint("ntdll base address: %#x",NtdllBase);
546.  
547.     pIDH=(PIMAGE_DOS_HEADER)NtdllBase;
548.     pINH=(PIMAGE_NT_HEADERS)((PUCHAR)NtdllBase+pIDH->e_lfanew);
549.     pIED=(PIMAGE_EXPORT_DIRECTORY)((PUCHAR)NtdllBase+pINH->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
550.  
551.     Functions=(PULONG)((PUCHAR)NtdllBase+pIED->AddressOfFunctions);
552.     Names=(PULONG)((PUCHAR)NtdllBase+pIED->AddressOfNames);
553.  
554.     Ordinals=(PUSHORT)((PUCHAR)NtdllBase+pIED->AddressOfNameOrdinals);
555.  
556.     // Parse the export table to locate LdrLoadDll
557.  
558.     for(i=0;i<pIED->NumberOfNames;i++)
559.     {
560.         if(!strcmp((char*)NtdllBase+Names[i],"LdrLoadDll"))
561.         {
562.             LdrLoadDll=(PLDR_LOAD_DLL)((PUCHAR)NtdllBase+Functions[Ordinals[i]]);
563.             break;
564.         }
565.     }
566.  
567.     DbgPrint("LdrLoadDll address: %#x",LdrLoadDll);
568.  
569.     Process=PsGetCurrentProcess();
570.     Thread=PsGetCurrentThread();
571.  
572.     ptr=(PULONG)Thread;
573.  
574.     // Locate the ApcState structure
575.  
576.     for(i=0;i<512;i++)
577.     {
578.         if(ptr[i]==(ULONG)Process)
579.         {
580.             ApcState=CONTAINING_RECORD(&ptr[i],KAPC_STATE,Process); // Get the actual address of KAPC_STATE
581.             ApcStateOffset=(ULONG)ApcState-(ULONG)Thread; // Calculate the offset of the ApcState structure
582.  
583.             break;
584.         }
585.     }
586.  
587.     DbgPrint("ApcState offset: %#x",ApcStateOffset);
588.  
589.     IoCreateDevice(pDriverObject,0,&DeviceName,FILE_DEVICE_UNKNOWN,FILE_DEVICE_SECURE_OPEN,FALSE,&DeviceObject);
590.     IoCreateSymbolicLink(&SymbolicLink,&DeviceName);
591.  
592.     for(i=0;i<IRP_MJ_MAXIMUM_FUNCTION;i++)
593.     {
594.         pDriverObject->MajorFunction[i]=DriverDispatch;
595.     }
596.  
597.     DeviceObject->Flags&=~DO_DEVICE_INITIALIZING;
598.     DeviceObject->Flags|=DO_DIRECT_IO;
599.  
600.     DbgPrint("DLL injection driver loaded.");
601.     return STATUS_SUCCESS;
602. }