[PATCH 02/03 v4 ] ntoskrnl.exe: Track drivers created with IoCreateDriver

Mon Jul 25 07:25:05 CDT 2016

Thanks!

New version sent!
-aric

On 7/24/16 1:05 PM, Thomas Faber wrote:
>>  NTSTATUS WINAPI IoCreateDriver( UNICODE_STRING *name, PDRIVER_INITIALIZE init )
>>  {
>> -    DRIVER_OBJECT *driver;
>> -    DRIVER_EXTENSION *extension;
>> +    struct wine_driver *driver;
>>      NTSTATUS status;
>>  
>>      TRACE("(%s, %p)\n", debugstr_us(name), init);
>>  
>>      if (!(driver = RtlAllocateHeap( GetProcessHeap(), HEAP_ZERO_MEMORY,
>> -                                    sizeof(*driver) + sizeof(*extension) )))
>> +                                    sizeof(*driver) )))
>>          return STATUS_NO_MEMORY;
>>  
>> -    if ((status = RtlDuplicateUnicodeString( 1, name, &driver->DriverName )))
>> +    if ((status = RtlDuplicateUnicodeString( 1, name, &driver->driver_obj.DriverName)))
> 
> Missing space before the closing parenthesis here. ;p
> 
>>      {
>>          RtlFreeHeap( GetProcessHeap(), 0, driver );
>>          return status;
>>      }
> 
> 
> 
>> @@ -892,13 +959,18 @@ NTSTATUS WINAPI IoCreateDriver( UNICODE_STRING *name, PDRIVER_INITIALIZE init )
>>  /***********************************************************************
>>   *           IoDeleteDriver   (NTOSKRNL.EXE.@)
>>   */
>> -void WINAPI IoDeleteDriver( DRIVER_OBJECT *driver )
>> +void WINAPI IoDeleteDriver( DRIVER_OBJECT *driver_object )
>>  {
>> -    TRACE("(%p)\n", driver);
>> +    TRACE("(%p)\n", driver_object);
>> +
>> +    EnterCriticalSection( &drivers_cs );
>> +    if (wine_drivers)
>> +        wine_rb_remove( wine_drivers, &driver_object->DriverName );
>> +    LeaveCriticalSection( &drivers_cs );
>>  
>> -    RtlFreeUnicodeString( &driver->DriverName );
>> -    RtlFreeUnicodeString( &driver->DriverExtension->ServiceKeyName );
>> -    RtlFreeHeap( GetProcessHeap(), 0, driver );
>> +    RtlFreeUnicodeString( &driver_object->DriverName );
>> +    RtlFreeUnicodeString( &driver_object->DriverExtension->ServiceKeyName );
>> +    RtlFreeHeap( GetProcessHeap(), 0, driver_object );
>>  }
> 
> You need to free the wine_driver now rather than the DRIVER_OBJECT,
> i.e. use CONTAINING_RECORD.
> 
> 
> Thanks,
> Thomas
> 
> 