Clever Geek Handbook

Persistently write to file from Windows kernel driver

Hi I'm new to kernel level programming and am trying to create a simple log writer driver. I am trying to get the persistent driver to write the selected text at every predefined interval to a file in the system path. (I'm not familiar with IRQ connection yet)

I have the following global values ​​for time

// Timer 
PKTIMER pTimer = NULL; // Pointer to the timer
PKDPC pDpcObject = NULL; // Pointer to the DPC
#define IDLE_INTERVAL (10000)

I am calling the following code in DriverEntry (However, the problem with the following code is that its write function is not working when the computer restarts) Can anyone suggest a fix? Should it be called by the main IRQ?

while(1)
    {

        if (pTimer == NULL) // if timer object does not exist:
        {
            // Allocate memory for the object timer
            pTimer = (PKTIMER) ExAllocatePool (NonPagedPool, sizeof (KTIMER));
            KeInitializeTimer (pTimer); // Initialize the timer object
            // Allocate memory for the DPC object and initialize it
            pDpcObject = (PKDPC) ExAllocatePool (NonPagedPool, sizeof (KDPC));
            KeInitializeDpc (pDpcObject, MyDeferredRoutine, pTimer);
        }

        LARGE_INTEGER dueTime;
        dueTime.QuadPart = -10000 * IDLE_INTERVAL; // 10000 * 10000 * 1 ns
        // "Platoon" timer:
        KeSetTimerEx (pTimer,
                dueTime, // latency relative interval
                (IDLE_INTERVAL / 2), // period of 5 seconds, i.e. 5000 * 1 ms
                pDpcObject);

            if (KeReadStateTimer (pTimer))
            {
                //DbgPrint ("- Example- KeReadStateTimer returns TRUE.");
            }
            else
            {
            //  DbgPrint ("- Example- KeReadStateTimer returns FALSE.");
            }
        }
        Status = KeWaitForSingleObject (pTimer,
                       Executive, // IN KWAIT_REASON WaitReason,
                       KernelMode, // IN KPROCESSOR_MODE WaitMode,
                       FALSE, // IN BOOLEAN Alertable,
                       NULL); // IN PLARGE_INTEGER Timeout OPTIONAL



    RtlInitUnicodeString(&TestName, L"\\??\\C:\\log.txt");

    InitializeObjectAttributes(&ObjAttr, &TestName,
                                OBJ_CASE_INSENSITIVE,
                                0, NULL);

    Status = NtCreateFile(&TestFile,
                         FILE_WRITE_DATA + SYNCHRONIZE,
                         &ObjAttr,
                         &IoStatus, NULL,
                         FILE_ATTRIBUTE_NORMAL,
                         FILE_SHARE_WRITE,
                         FILE_OVERWRITE_IF,
                         FILE_SYNCHRONOUS_IO_NONALERT,
                         NULL, 0);
  if(Status == STATUS_SUCCESS)
  {
      Status = NtWriteFile(TestFile,
                            0, NULL, NULL,
                            &IoStatus,
                            (PCHAR)"OUR LOG STORED TO LOG FILE",
                            22,
                            NULL, NULL);
  }
  NtClose(TestFile);
    }
+3


source to share


No one has answered this question yet

Check out similar questions:



More articles:


All Articles