27 _In_ ULONG KphControlCode,
29 _In_ ULONG InBufferLength
35 _In_opt_ PWSTR DeviceName
46 return STATUS_ADDRESS_ALREADY_EXISTS;
63 FILE_GENERIC_READ | FILE_GENERIC_WRITE,
66 FILE_SHARE_READ | FILE_SHARE_WRITE,
77 NtSetInformationObject(
91 _In_opt_ PWSTR DeviceName,
99 _In_opt_ PWSTR DeviceName,
105 WCHAR fullDeviceName[256];
108 SC_HANDLE serviceHandle;
109 BOOLEAN started =
FALSE;
110 BOOLEAN created =
FALSE;
118 if (!
PhFormatToBuffer(format, 2, fullDeviceName,
sizeof(fullDeviceName), NULL))
119 return STATUS_NAME_TOO_LONG;
124 if (
NT_SUCCESS(status) || status == STATUS_ADDRESS_ALREADY_EXISTS)
128 status != STATUS_NO_SUCH_DEVICE &&
129 status != STATUS_NO_SUCH_FILE &&
130 status != STATUS_OBJECT_NAME_NOT_FOUND &&
131 status != STATUS_OBJECT_PATH_NOT_FOUND
139 scmHandle = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT);
143 serviceHandle = OpenService(scmHandle, DeviceName, SERVICE_START);
147 if (StartService(serviceHandle, 0, NULL))
150 CloseServiceHandle(serviceHandle);
153 CloseServiceHandle(scmHandle);
160 scmHandle = OpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE);
164 serviceHandle = CreateService(
169 SERVICE_KERNEL_DRIVER,
170 SERVICE_DEMAND_START,
171 SERVICE_ERROR_IGNORE,
195 goto CreateAndConnectEnd;
199 if (StartService(serviceHandle, 0, NULL))
203 CloseServiceHandle(scmHandle);
221 DeleteService(serviceHandle);
222 CloseServiceHandle(serviceHandle);
236 return STATUS_ALREADY_DISCONNECTED;
243 NtSetInformationObject(
264 _In_opt_ PWSTR DeviceName,
269 HANDLE parametersKeyHandle = NULL;
279 L
"System\\CurrentControlSet\\Services\\",
284 ¶metersKeyHandle,
287 ¶metersKeyName->
sr,
298 status =
NtSetValueKey(parametersKeyHandle, &valueName, 0, REG_DWORD, &Parameters->SecurityLevel,
sizeof(ULONG));
303 if (Parameters->CreateDynamicConfiguration)
327 if (disposition == REG_CREATED_NEW_KEY)
331 NtClose(parametersKeyHandle);
337 _In_opt_ PWSTR DeviceName,
345 _In_opt_ PWSTR DeviceName,
350 NTSTATUS status = STATUS_SUCCESS;
352 SC_HANDLE serviceHandle;
357 scmHandle = OpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE);
362 serviceHandle = CreateService(
367 SERVICE_KERNEL_DRIVER,
368 SERVICE_SYSTEM_START,
369 SERVICE_ERROR_IGNORE,
387 DeleteService(serviceHandle);
392 if (!StartService(serviceHandle, 0, NULL))
396 CloseServiceHandle(serviceHandle);
403 CloseServiceHandle(scmHandle);
409 _In_opt_ PWSTR DeviceName
412 NTSTATUS status = STATUS_SUCCESS;
414 SC_HANDLE serviceHandle;
419 scmHandle = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT);
424 serviceHandle = OpenService(scmHandle, DeviceName, SERVICE_STOP | DELETE);
428 SERVICE_STATUS serviceStatus;
430 ControlService(serviceHandle, SERVICE_CONTROL_STOP, &serviceStatus);
432 if (!DeleteService(serviceHandle))
435 CloseServiceHandle(serviceHandle);
442 CloseServiceHandle(scmHandle);
448 _In_ ULONG KphControlCode,
450 _In_ ULONG InBufferLength
470 _Out_ PULONG Features
476 } input = { Features };
486 _Out_ PHANDLE ProcessHandle,
487 _In_ ACCESS_MASK DesiredAccess,
493 PHANDLE ProcessHandle;
494 ACCESS_MASK DesiredAccess;
496 } input = { ProcessHandle, DesiredAccess, ClientId };
506 _In_ HANDLE ProcessHandle,
507 _In_ ACCESS_MASK DesiredAccess,
508 _Out_ PHANDLE TokenHandle
513 HANDLE ProcessHandle;
514 ACCESS_MASK DesiredAccess;
516 } input = { ProcessHandle, DesiredAccess, TokenHandle };
526 _In_ HANDLE ProcessHandle,
527 _In_ ACCESS_MASK DesiredAccess,
528 _Out_ PHANDLE JobHandle
533 HANDLE ProcessHandle;
534 ACCESS_MASK DesiredAccess;
536 } input = { ProcessHandle, DesiredAccess, JobHandle };
546 _In_ HANDLE ProcessHandle
551 HANDLE ProcessHandle;
552 } input = { ProcessHandle };
562 _In_ HANDLE ProcessHandle
567 HANDLE ProcessHandle;
568 } input = { ProcessHandle };
578 _In_ HANDLE ProcessHandle,
579 _In_ NTSTATUS ExitStatus
585 HANDLE ProcessHandle;
587 } input = { ProcessHandle, ExitStatus };
597 if (status == STATUS_CANT_TERMINATE_SELF)
606 _In_ HANDLE ProcessHandle,
607 _In_ PVOID BaseAddress,
608 _Out_writes_bytes_(BufferSize) PVOID Buffer,
609 _In_ SIZE_T BufferSize,
610 _Out_opt_ PSIZE_T NumberOfBytesRead
615 HANDLE ProcessHandle;
619 PSIZE_T NumberOfBytesRead;
620 } input = { ProcessHandle, BaseAddress, Buffer, BufferSize, NumberOfBytesRead };
630 _In_ HANDLE ProcessHandle,
631 _In_opt_ PVOID BaseAddress,
632 _In_reads_bytes_(BufferSize) PVOID Buffer,
633 _In_ SIZE_T BufferSize,
634 _Out_opt_ PSIZE_T NumberOfBytesWritten
639 HANDLE ProcessHandle;
643 PSIZE_T NumberOfBytesWritten;
644 } input = { ProcessHandle, BaseAddress, Buffer, BufferSize, NumberOfBytesWritten };
654 _In_opt_ HANDLE ProcessHandle,
655 _In_ PVOID BaseAddress,
656 _Out_writes_bytes_(BufferSize) PVOID Buffer,
657 _In_ SIZE_T BufferSize,
658 _Out_opt_ PSIZE_T NumberOfBytesRead
663 HANDLE ProcessHandle;
667 PSIZE_T NumberOfBytesRead;
668 } input = { ProcessHandle, BaseAddress, Buffer, BufferSize, NumberOfBytesRead };
678 _In_ HANDLE ProcessHandle,
680 _Out_writes_bytes_(ProcessInformationLength) PVOID ProcessInformation,
681 _In_ ULONG ProcessInformationLength,
682 _Out_opt_ PULONG ReturnLength
687 HANDLE ProcessHandle;
689 PVOID ProcessInformation;
690 ULONG ProcessInformationLength;
692 } input = { ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, ReturnLength };
702 _In_ HANDLE ProcessHandle,
704 _In_reads_bytes_(ProcessInformationLength) PVOID ProcessInformation,
705 _In_ ULONG ProcessInformationLength
710 HANDLE ProcessHandle;
712 PVOID ProcessInformation;
713 ULONG ProcessInformationLength;
714 } input = { ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength };
724 _Out_ PHANDLE ThreadHandle,
725 _In_ ACCESS_MASK DesiredAccess,
731 PHANDLE ThreadHandle;
732 ACCESS_MASK DesiredAccess;
734 } input = { ThreadHandle, DesiredAccess, ClientId };
744 _In_ HANDLE ThreadHandle,
745 _In_ ACCESS_MASK DesiredAccess,
746 _Out_ PHANDLE ProcessHandle
752 ACCESS_MASK DesiredAccess;
753 PHANDLE ProcessHandle;
754 } input = { ThreadHandle, DesiredAccess, ProcessHandle };
764 _In_ HANDLE ThreadHandle,
765 _In_ NTSTATUS ExitStatus
773 } input = { ThreadHandle, ExitStatus };
781 if (status == STATUS_CANT_TERMINATE_SELF)
790 _In_ HANDLE ThreadHandle,
791 _In_ NTSTATUS ExitStatus
798 } input = { ThreadHandle, ExitStatus };
808 _In_ HANDLE ThreadHandle,
809 _Inout_ PCONTEXT ThreadContext
815 PCONTEXT ThreadContext;
816 } input = { ThreadHandle, ThreadContext };
826 _In_ HANDLE ThreadHandle,
827 _In_ PCONTEXT ThreadContext
833 PCONTEXT ThreadContext;
834 } input = { ThreadHandle, ThreadContext };
844 _In_ HANDLE ThreadHandle,
845 _In_ ULONG FramesToSkip,
846 _In_ ULONG FramesToCapture,
847 _Out_writes_(FramesToCapture) PVOID *BackTrace,
848 _Out_opt_ PULONG CapturedFrames,
849 _Out_opt_ PULONG BackTraceHash
856 ULONG FramesToCapture;
858 PULONG CapturedFrames;
859 PULONG BackTraceHash;
860 } input = { ThreadHandle, FramesToSkip, FramesToCapture, BackTrace, CapturedFrames, BackTraceHash };
870 _In_ HANDLE ThreadHandle,
872 _Out_writes_bytes_(ThreadInformationLength) PVOID ThreadInformation,
873 _In_ ULONG ThreadInformationLength,
874 _Out_opt_ PULONG ReturnLength
881 PVOID ThreadInformation;
882 ULONG ThreadInformationLength;
884 } input = { ThreadHandle, ThreadInformationClass, ThreadInformation, ThreadInformationLength, ReturnLength };
894 _In_ HANDLE ThreadHandle,
896 _In_reads_bytes_(ThreadInformationLength) PVOID ThreadInformation,
897 _In_ ULONG ThreadInformationLength
904 PVOID ThreadInformation;
905 ULONG ThreadInformationLength;
906 } input = { ThreadHandle, ThreadInformationClass, ThreadInformation, ThreadInformationLength };
916 _In_ HANDLE ProcessHandle,
917 _Out_writes_bytes_(BufferLength) PVOID Buffer,
918 _In_opt_ ULONG BufferLength,
919 _Out_opt_ PULONG ReturnLength
924 HANDLE ProcessHandle;
928 } input = { ProcessHandle, Buffer, BufferLength, ReturnLength };
938 _In_ HANDLE ProcessHandle,
944 ULONG bufferSize = 2048;
946 buffer = PhAllocate(bufferSize);
957 if (status == STATUS_BUFFER_TOO_SMALL)
960 buffer = PhAllocate(bufferSize);
980 _In_ HANDLE ProcessHandle,
983 _Out_writes_bytes_(ObjectInformationLength) PVOID ObjectInformation,
984 _In_ ULONG ObjectInformationLength,
985 _Out_opt_ PULONG ReturnLength
990 HANDLE ProcessHandle;
993 PVOID ObjectInformation;
994 ULONG ObjectInformationLength;
996 } input = { ProcessHandle, Handle, ObjectInformationClass, ObjectInformation, ObjectInformationLength, ReturnLength };
1006 _In_ HANDLE ProcessHandle,
1009 _In_reads_bytes_(ObjectInformationLength) PVOID ObjectInformation,
1010 _In_ ULONG ObjectInformationLength
1015 HANDLE ProcessHandle;
1018 PVOID ObjectInformation;
1019 ULONG ObjectInformationLength;
1020 } input = { ProcessHandle, Handle, ObjectInformationClass, ObjectInformation, ObjectInformationLength };
1030 _In_ HANDLE SourceProcessHandle,
1031 _In_ HANDLE SourceHandle,
1032 _In_opt_ HANDLE TargetProcessHandle,
1033 _Out_opt_ PHANDLE TargetHandle,
1034 _In_ ACCESS_MASK DesiredAccess,
1035 _In_ ULONG HandleAttributes,
1042 HANDLE SourceProcessHandle;
1043 HANDLE SourceHandle;
1044 HANDLE TargetProcessHandle;
1045 PHANDLE TargetHandle;
1046 ACCESS_MASK DesiredAccess;
1047 ULONG HandleAttributes;
1049 } input = { SourceProcessHandle, SourceHandle, TargetProcessHandle, TargetHandle, DesiredAccess, HandleAttributes, Options };
1057 if (status == STATUS_CANT_TERMINATE_SELF)
1060 if (Options & DUPLICATE_CLOSE_SOURCE)
1061 status = NtClose(SourceHandle);
1068 _Out_ PHANDLE DriverHandle,
1074 PHANDLE DriverHandle;
1076 } input = { DriverHandle, ObjectAttributes };
1086 _In_ HANDLE DriverHandle,
1088 _Out_writes_bytes_(DriverInformationLength) PVOID DriverInformation,
1089 _In_ ULONG DriverInformationLength,
1090 _Out_opt_ PULONG ReturnLength
1095 HANDLE DriverHandle;
1097 PVOID DriverInformation;
1098 ULONG DriverInformationLength;
1099 PULONG ReturnLength;
1100 } input = { DriverHandle, DriverInformationClass, DriverInformation, DriverInformationLength, ReturnLength };
1.8.2