![]() ![]() REQUEST_STRUCT *pRequest = (REQUEST_STRUCT*)Io->Context Io->Context = (PVOID)ExAllocatePool(NonPagedPool, sizeof(REQUEST_STRUCT)) If (query->PropertyId = StorageDeviceProperty) ![]() PSTORAGE_PROPERTY_QUERY query = (PSTORAGE_PROPERTY_QUERY)Irp->AssociatedIrp.SystemBuffer PIO_STACK_LOCATION Io = IoGetCurrentIrpStackLocation(Irp) ![]() NTSTATUS DiskDriverDispatch(PDEVICE_OBJECT DeviceObject, PIRP Irp) ![]() Irp->IoStatus.Status = STATUS_NOT_SUPPORTED NTSTATUS SmartCompletionRoutine(PDEVICE_OBJECT DeviceObject, PIRP Irp, PVOID Context) Return OldCompletionRoutine(DeviceObject, Irp, OldContext) If ((Irp->StackCount >(ULONG)1) & (OldCompletionRoutine != NULL)) RtlSecureZeroMemory(SerialNumber, SerialNumberLen) RtlStringCchLengthA(SerialNumber, NTSTRSAFE_MAX_CCH, &SerialNumberLen) If (FIELD_OFFSET(STORAGE_DEVICE_DESCRIPTOR, SerialNumberOffset) SerialNumberOffset > 0 & descriptor->SerialNumberOffset SerialNumberOffset OutputBufferLength = pRequest->OutputBufferLength ĭescriptor = pRequest->StorageDescriptor OldCompletionRoutine = pRequest->OldRoutine REQUEST_STRUCT* pRequest = (REQUEST_STRUCT*)Context PSTORAGE_DEVICE_DESCRIPTOR descriptor = NULL PIO_COMPLETION_ROUTINE OldCompletionRoutine = NULL NTSTATUS StorageQuer圜ompletionRoutine(PDEVICE_OBJECT DeviceObject, PIRP Irp, PVOID Context) RtlCopyMemory((void*)serialNumber, (void*)newDiskId, ++newDiskIdLen) RtlStringCchLengthA(newDiskId, NTSTRSAFE_MAX_CCH, &newDiskIdLen) NTSTATUS SpoofSerialNumber(char* serialNumber) If (NT_SUCCESS(ObReferenceObjectByName(DriverName, 0, NULL, 0, *IoDriverObjectType, KernelMode, NULL, &DrvObject))) PDRIVER_OBJECT GetDriverObject(PUNICODE_STRING DriverName) } WIN32_FIND_DATA, *PWIN32_FIND_DATA, *LPWIN32_FIND_DATA PDRIVER_DISPATCH RealDiskDeviceControl = NULL Ĭhar NumTable = "123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" Ĭhar SpoofedHWID = "XYXYXYYYYYXYXXYXYYYXXYYXXXXYYXYYYXYYX\0" I modified a windows driver that spoofs hard disk number by generating a random serial, I modified it to spoof a pre-known serial, now when it get loaded and query for the first time via wmi for the serial then it shows the pre-defined serial, but if I query again, it shows an empty string. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |