add a sample project for a windows driver

fourks · Apr 24, 2016 · c7cf97f · c7cf97f
1 parent e51eeae
commit c7cf97f
Show file tree

Hide file tree

Showing 5 changed files with 308 additions and 0 deletions.
diff --git a/contrib/cs_driver/README b/contrib/cs_driver/README
@@ -0,0 +1,5 @@
+This directory contains a sample project for using Capstone from a Windows 
+driver. Open cs_driver.sln with Visual Studio 2013 or newer and see cs_driver.c 
+for details.
+
+For prerequisites to compile Capstone for drivers, see COMPILE_MSVC.TXT.
diff --git a/contrib/cs_driver/cs_driver.sln b/contrib/cs_driver/cs_driver.sln
@@ -0,0 +1,49 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.40629.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cs_driver", "cs_driver\cs_driver.vcxproj", "{F29A9424-0ECD-4FFE-9CB7-C844756373BB}"
+	ProjectSection(ProjectDependencies) = postProject
+		{FE197816-EF84-4E8D-B29D-E0A6BA2B144B} = {FE197816-EF84-4E8D-B29D-E0A6BA2B144B}
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "capstone_static_winkernel", "..\..\msvc\capstone_static_winkernel\capstone_static_winkernel.vcxproj", "{FE197816-EF84-4E8D-B29D-E0A6BA2B144B}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Debug|x64 = Debug|x64
+		Release|Win32 = Release|Win32
+		Release|x64 = Release|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{F29A9424-0ECD-4FFE-9CB7-C844756373BB}.Debug|Win32.ActiveCfg = Debug|Win32
+		{F29A9424-0ECD-4FFE-9CB7-C844756373BB}.Debug|Win32.Build.0 = Debug|Win32
+		{F29A9424-0ECD-4FFE-9CB7-C844756373BB}.Debug|Win32.Deploy.0 = Debug|Win32
+		{F29A9424-0ECD-4FFE-9CB7-C844756373BB}.Debug|x64.ActiveCfg = Debug|x64
+		{F29A9424-0ECD-4FFE-9CB7-C844756373BB}.Debug|x64.Build.0 = Debug|x64
+		{F29A9424-0ECD-4FFE-9CB7-C844756373BB}.Debug|x64.Deploy.0 = Debug|x64
+		{F29A9424-0ECD-4FFE-9CB7-C844756373BB}.Release|Win32.ActiveCfg = Release|Win32
+		{F29A9424-0ECD-4FFE-9CB7-C844756373BB}.Release|Win32.Build.0 = Release|Win32
+		{F29A9424-0ECD-4FFE-9CB7-C844756373BB}.Release|Win32.Deploy.0 = Release|Win32
+		{F29A9424-0ECD-4FFE-9CB7-C844756373BB}.Release|x64.ActiveCfg = Release|x64
+		{F29A9424-0ECD-4FFE-9CB7-C844756373BB}.Release|x64.Build.0 = Release|x64
+		{F29A9424-0ECD-4FFE-9CB7-C844756373BB}.Release|x64.Deploy.0 = Release|x64
+		{FE197816-EF84-4E8D-B29D-E0A6BA2B144B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{FE197816-EF84-4E8D-B29D-E0A6BA2B144B}.Debug|Win32.Build.0 = Debug|Win32
+		{FE197816-EF84-4E8D-B29D-E0A6BA2B144B}.Debug|Win32.Deploy.0 = Debug|Win32
+		{FE197816-EF84-4E8D-B29D-E0A6BA2B144B}.Debug|x64.ActiveCfg = Debug|x64
+		{FE197816-EF84-4E8D-B29D-E0A6BA2B144B}.Debug|x64.Build.0 = Debug|x64
+		{FE197816-EF84-4E8D-B29D-E0A6BA2B144B}.Debug|x64.Deploy.0 = Debug|x64
+		{FE197816-EF84-4E8D-B29D-E0A6BA2B144B}.Release|Win32.ActiveCfg = Release|Win32
+		{FE197816-EF84-4E8D-B29D-E0A6BA2B144B}.Release|Win32.Build.0 = Release|Win32
+		{FE197816-EF84-4E8D-B29D-E0A6BA2B144B}.Release|Win32.Deploy.0 = Release|Win32
+		{FE197816-EF84-4E8D-B29D-E0A6BA2B144B}.Release|x64.ActiveCfg = Release|x64
+		{FE197816-EF84-4E8D-B29D-E0A6BA2B144B}.Release|x64.Build.0 = Release|x64
+		{FE197816-EF84-4E8D-B29D-E0A6BA2B144B}.Release|x64.Deploy.0 = Release|x64
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/contrib/cs_driver/cs_driver/cs_driver.c b/contrib/cs_driver/cs_driver/cs_driver.c
@@ -0,0 +1,99 @@
+/* Capstone Driver */
+/* By Satoshi Tanda <[email protected]>, 2016 */
+
+// Firstly, compile capstone_static_winkernel and
+// generate capstone_static_winkernel.lib. It can be done by adding the
+// capstone_static_winkernel project to your solution and compiling it first.
+//
+// Then, configure your drive project (cs_driver in this example) to locate to
+// capstone.h and capstone_static_winkernel.lib. To do it, open project
+// properties of the project and set Configuration to "All Configurations" and
+// Platform to "All Platforms". Then, add the following entries:
+//    - C/C++ > General > Additional Include Directories
+//      - $(SolutionDir)capstone\include
+//    - Linker > Input > Additional Dependencies
+//      - $(OutDir)capstone_static_winkernel.lib
+//      - ntstrsafe.lib
+//
+// Note that ntstrsafe.lib is required to resolve __fltused indirectly used in
+// Capstone.
+
+#include <ntddk.h>
+#include <capstone.h>
+
+// 'conversion' : from function pointer 'type1' to data pointer 'type2'
+#pragma warning(disable : 4054)
+
+
+DRIVER_INITIALIZE DriverEntry;
+static NTSTATUS cs_driver_hello();
+
+
+// Driver entry point
+EXTERN_C NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject,
+                              PUNICODE_STRING RegistryPath) {
+  printf("Entering DriverEntry()\n");
+
+  cs_driver_hello();
+
+  printf("Leaving DriverEntry()\n");
+  return STATUS_CANCELLED;
+}
+
+// Hello, Capstone!
+static NTSTATUS cs_driver_hello() {
+  csh handle;
+  cs_insn *insn;
+  size_t count;
+  KFLOATING_SAVE float_save;
+  NTSTATUS status = STATUS_UNSUCCESSFUL;
+
+  // Any of Capstone APIs cannot be called at IRQL higher than DISPATCH_LEVEL
+  // since our malloc implementation based on ExAllocatePoolWithTag() is not able
+  // to allocate memory at higher IRQL than the DISPATCH_LEVEL level.
+  NT_ASSERT(KeGetCurrentIrql() <= DISPATCH_LEVEL);
+
+  // On a 32bit driver, KeSaveFloatingPointState() is required before using any
+  // Capstone function because Capstone can access to the MMX/x87 registers and
+  // 32bit Windows requires drivers to use KeSaveFloatingPointState() before and
+  // KeRestoreFloatingPointState() after accesing to them. See "Using Floating
+  // Point or MMX in a WDM Driver" on MSDN for more details.
+  status = KeSaveFloatingPointState(&float_save);
+  if (!NT_SUCCESS(status)) {
+    return status;
+  }
+
+  // Do stuff just like user-mode. All functionalites are supported.
+  if (cs_open(CS_ARCH_X86, (sizeof(void *) == 4) ? CS_MODE_32 : CS_MODE_64,
+              &handle) != CS_ERR_OK) {
+    goto exit;
+  }
+
+  count = cs_disasm(handle, (uint8_t *)&cs_driver_hello, 0x80,
+                    (uint64_t)&cs_driver_hello, 0, &insn);
+  if (count > 0) {
+    printf("cs_driver!cs_driver_hello:\n");
+    for (size_t j = 0; j < count; j++) {
+      printf("0x%p\t%s\t\t%s\n", (void *)(uintptr_t)insn[j].address,
+             insn[j].mnemonic, insn[j].op_str);
+    }
+    cs_free(insn, count);
+  }
+  cs_close(&handle);
+
+exit:;
+  // Restores the nonvolatile floating-point context.
+  KeRestoreFloatingPointState(&float_save);
+  return status;
+}
+
+// printf()
+_Use_decl_annotations_ int __cdecl printf(const char *_Format, ...) {
+  NTSTATUS status;
+  va_list args;
+
+  va_start(args, _Format);
+  status = vDbgPrintEx(DPFLTR_DEFAULT_ID, DPFLTR_ERROR_LEVEL, _Format, args);
+  va_end(args);
+  return NT_SUCCESS(status);
+}
diff --git a/contrib/cs_driver/cs_driver/cs_driver.vcxproj b/contrib/cs_driver/cs_driver/cs_driver.vcxproj
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{F29A9424-0ECD-4FFE-9CB7-C844756373BB}</ProjectGuid>
+    <TemplateGuid>{1bc93793-694f-48fe-9372-81e2b05556fd}</TemplateGuid>
+    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <MinimumVisualStudioVersion>11.0</MinimumVisualStudioVersion>
+    <Configuration>Win8.1 Debug</Configuration>
+    <Platform Condition="'$(Platform)' == ''">Win32</Platform>
+    <RootNamespace>cs_driver</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <TargetVersion>Windows7</TargetVersion>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>WindowsKernelModeDriver8.1</PlatformToolset>
+    <ConfigurationType>Driver</ConfigurationType>
+    <DriverType>KMDF</DriverType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <TargetVersion>Windows7</TargetVersion>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>WindowsKernelModeDriver8.1</PlatformToolset>
+    <ConfigurationType>Driver</ConfigurationType>
+    <DriverType>KMDF</DriverType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <TargetVersion>Windows7</TargetVersion>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>WindowsKernelModeDriver8.1</PlatformToolset>
+    <ConfigurationType>Driver</ConfigurationType>
+    <DriverType>KMDF</DriverType>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <TargetVersion>Windows7</TargetVersion>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>WindowsKernelModeDriver8.1</PlatformToolset>
+    <ConfigurationType>Driver</ConfigurationType>
+    <DriverType>KMDF</DriverType>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WppScanConfigurationData Condition="'%(ClCompile. ScanConfigurationData)'  == ''">trace.h</WppScanConfigurationData>
+      <WppKernelMode>true</WppKernelMode>
+      <AdditionalIncludeDirectories>$(SolutionDir)..\..\include;$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>$(OutDir)capstone_static_winkernel.lib;ntstrsafe.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WppScanConfigurationData Condition="'%(ClCompile. ScanConfigurationData)'  == ''">trace.h</WppScanConfigurationData>
+      <WppKernelMode>true</WppKernelMode>
+      <AdditionalIncludeDirectories>$(SolutionDir)..\..\include;$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>$(OutDir)capstone_static_winkernel.lib;ntstrsafe.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WppScanConfigurationData Condition="'%(ClCompile. ScanConfigurationData)'  == ''">trace.h</WppScanConfigurationData>
+      <WppKernelMode>true</WppKernelMode>
+      <AdditionalIncludeDirectories>$(SolutionDir)..\..\include;$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>$(OutDir)capstone_static_winkernel.lib;ntstrsafe.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WppScanConfigurationData Condition="'%(ClCompile. ScanConfigurationData)'  == ''">trace.h</WppScanConfigurationData>
+      <WppKernelMode>true</WppKernelMode>
+      <AdditionalIncludeDirectories>$(SolutionDir)..\..\include;$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>$(OutDir)capstone_static_winkernel.lib;ntstrsafe.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <FilesToPackage Include="$(TargetPath)" />
+    <FilesToPackage Include="@(Inf->'%(CopyOutput)')" Condition="'@(Inf)'!=''" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="cs_driver.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
diff --git a/contrib/cs_driver/cs_driver/cs_driver.vcxproj.filters b/contrib/cs_driver/cs_driver/cs_driver.vcxproj.filters
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+    <Filter Include="Driver Files">
+      <UniqueIdentifier>{8E41214B-6785-4CFE-B992-037D68949A14}</UniqueIdentifier>
+      <Extensions>inf;inv;inx;mof;mc;</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="cs_driver.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>