-
Notifications
You must be signed in to change notification settings - Fork 6
/
main.c
40 lines (32 loc) · 1.14 KB
/
main.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#include "include.h"
#include <intrin.h>
#include "utils.h"
NTSTATUS DriverEntry(
_In_ PDRIVER_OBJECT DriverObject,
_In_ PUNICODE_STRING RegistryPath
)
{
UNREFERENCED_PARAMETER(RegistryPath);
UNREFERENCED_PARAMETER(DriverObject);
DbgPrint("LoaderDriver executing main\n");
UNICODE_STRING drv_name;
RtlUnicodeStringInit(&drv_name, L"\\Driver\\tdx");
PDRIVER_OBJECT tdx_driver;
NTSTATUS status =
ObReferenceObjectByName(&drv_name, OBJ_CASE_INSENSITIVE, NULL, FILE_ALL_ACCESS, *IoDriverObjectType, KernelMode, NULL, &tdx_driver);
if (!NT_SUCCESS(status))
{
DbgPrint("Invalid driver name.");
return status;
}
ObDereferenceObject(tdx_driver);
//register object callbacks for process protection
KeInitializeEvent(&killWaitingThread, NotificationEvent, FALSE);
DbgPrint("Register callbacks returned: 0x%X\n", RegisterCallbacks());
//Get the self reference PML4 index
g_SelfReferencePML4Index = GetSelfReferencePML4Index();
DbgPrint("self ref pml4 index = 0x%X\n", g_SelfReferencePML4Index);
originalIoControl = tdx_driver->MajorFunction[IRP_MJ_DEVICE_CONTROL];
tdx_driver->MajorFunction[IRP_MJ_DEVICE_CONTROL] = HandleIO;
return 0x1337;
}