From 9934500ad2bac1465e043445bac9c832b5f305db Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Thu, 29 Jul 2021 00:27:10 +0200 Subject: Set DriverUnload callback after DriverEntry called. Added appropriate README advisory. Signed-off-by: Toni Uhlig --- CRT/kcrt.c | 6 +++++- README.md | 5 +++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CRT/kcrt.c b/CRT/kcrt.c index ccff181..f2ea550 100644 --- a/CRT/kcrt.c +++ b/CRT/kcrt.c @@ -264,10 +264,14 @@ void __cdecl _CRT_DriverUnload(_In_ struct _DRIVER_OBJECT * DriverObject) NTSTATUS __cdecl _CRT_DriverEntry(_In_ struct _DRIVER_OBJECT * DriverObject, _In_ PUNICODE_STRING RegistryPath) { + NTSTATUS retval; + KCRT_OnDriverEntry(); + retval = DriverEntry(DriverObject, RegistryPath); + /* support for service stopping and CRT de-init */ DriverObject->DriverUnload = _CRT_DriverUnload; - return DriverEntry(DriverObject, RegistryPath); + return retval; } diff --git a/README.md b/README.md index c808e5d..a379646 100644 --- a/README.md +++ b/README.md @@ -82,8 +82,9 @@ NTSTATUS MyDriverEntry(_In_ struct _DRIVER_OBJECT * DriverObject, _In_ PUNICODE_ } ``` -shouldn't be used. Instead the function `DriverUnload` will be called. -So make sure that the symbol `DriverUnload` exists and has the usual ddk function signature: +**must not** used. Overwriting `DriverObject->DriverUnload` with your own function may BSOD. +Instead the function `DriverUnload` will be called. +Make sure that the symbol `DriverUnload` exists and has the usual ddk function signature: `void DriverUnload(_In_ struct _DRIVER_OBJECT * DriverObject)`. This is required to make ctors/dtors work without calling additional functions in `DriverEntry` / `DriverUnload`. -- cgit v1.2.3