1 files changed, 58 insertions, 0 deletions

diff --git a/examples/dpp-example.c b/examples/dpp-example.c
index cc32009..2b9f26f 100644
--- a/examples/dpp-example.c
+++ b/examples/dpp-example.c
@@ -18,6 +18,27 @@ extern NTSTATUS NTAPI WrapperZwQuerySystemInformation(_In_ int SystemInformation
                                                       _Inout_ PVOID SystemInformation,
                                                       _In_ ULONG SystemInformationLength,
                                                       _Out_opt_ PULONG ReturnLength);
+extern NTSTATUS NTAPI WrapperZwCreateFile(_Out_ PHANDLE FileHandle,
+                                          _In_ ACCESS_MASK DesiredAccess,
+                                          _In_ POBJECT_ATTRIBUTES ObjectAttributes,
+                                          _Out_ PIO_STATUS_BLOCK StatusBlock,
+                                          _In_ PLARGE_INTEGER AllocationSize,
+                                          _In_ ULONG FileAttributes,
+                                          _In_ ULONG ShareAccess,
+                                          _In_ ULONG CreateDisposition,
+                                          _In_ ULONG CreateOptions,
+                                          _In_ PVOID EaBuffer,
+                                          _In_ ULONG EaLength);
+extern NTSTATUS NTAPI WrapperZwClose(_In_ HANDLE Handle);
+extern NTSTATUS NTAPI WrapperZwWriteFile(_In_ HANDLE FileHandle,
+                                         _In_ HANDLE Event,
+                                         _In_ PIO_APC_ROUTINE ApcRoutine,
+                                         _In_ PVOID ApcContext,
+                                         _Out_ PIO_STATUS_BLOCK StatusBlock,
+                                         _In_ PVOID Buffer,
+                                         _In_ ULONG Length,
+                                         _In_ PLARGE_INTEGER ByteOffset,
+                                         _In_ PULONG Key);
 
 int example_exception_handler(_In_ EXCEPTION_POINTERS * lpEP)
 {
@@ -59,6 +80,40 @@ static void zw_test()
     }
 }
 
+static NTSTATUS WriteToFile()
+{
+    UNICODE_STRING fileName = RTL_CONSTANT_STRING(L"\\??\\C:\\dpp-example-text.log");
+    OBJECT_ATTRIBUTES objAttr;
+    IO_STATUS_BLOCK ioStatusBlock;
+    HANDLE fileHandle;
+    NTSTATUS status;
+
+    InitializeObjectAttributes(&objAttr, &fileName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);
+
+    status = WrapperZwCreateFile(&fileHandle,
+                                 GENERIC_WRITE,
+                                 &objAttr,
+                                 &ioStatusBlock,
+                                 NULL,
+                                 FILE_ATTRIBUTE_NORMAL,
+                                 0,
+                                 FILE_OVERWRITE_IF,
+                                 FILE_SYNCHRONOUS_IO_NONALERT,
+                                 NULL,
+                                 0);
+
+    if (!NT_SUCCESS(status))
+    {
+        return status;
+    }
+
+    CHAR data[] = "Test data from the kernel driver\n";
+    status = WrapperZwWriteFile(fileHandle, NULL, NULL, NULL, &ioStatusBlock, data, sizeof(data) - 1, NULL, NULL);
+
+    WrapperZwClose(fileHandle);
+    return status;
+}
+
 NTSTATUS DriverEntry(struct _DRIVER_OBJECT * DriverObject, PUNICODE_STRING RegistryPath)
 {
     (void)DriverObject;
@@ -86,6 +141,9 @@ NTSTATUS DriverEntry(struct _DRIVER_OBJECT * DriverObject, PUNICODE_STRING Regis
     _enable();
     DbgPrint("%s\n", "Done with Disable/Enable Interrupts!");
 
+    DbgPrint("%s\n", "WriteToFile");
+    WriteToFile();
+
     return STATUS_SUCCESS;
 }