def create_driver_object(self, name=None, pe=None):
"""
Create a driver object for the driver that is going to be emulated
"""
drv = objman.Driver(emu=self)
# If no PE was supplied, assign a dummy driver
if not pe:
# Get the path for the dummy driver
default_path = self.get_native_module_path('default_sys')
pe = w32common.DecoyModule(path=default_path)
if name:
bn = ntpath.basename(name)
else:
bn = 'none'
pe.decoy_path = ('%sdrivers\\%s.sys' %
(self.get_system_root(), os.path.basename(bn)))
pe.decoy_base = pe.get_base()
else:
if not name:
bn = pe.path
path = '%sdrivers\\%s' % (self.get_system_root(),
os.path.basename(bn))
pe.decoy_path = path
pe.decoy_base = pe.base
drv.init_driver_object(name, pe, is_decoy=False)
self.add_object(drv)
self.drivers.append(drv)
return drv
def init_sys_modules(self, modules_config):
"""
Get the system modules (e.g. drivers) that are loaded in the emulator
"""
sys_mods = []
for modconf in modules_config:
mod = w32common.DecoyModule()
mod.name = modconf['name']
base = modconf.get('base_addr')
if isinstance(base, str):
base = int(base, 16)
mod.decoy_base = base
mod.decoy_path = modconf['path']
drv = modconf.get('driver')
if drv:
devs = drv.get('devices')
for dev in devs:
name = dev.get('name', '')
do = self.new_object(objman.Device)
do.name = name
sys_mods.append(mod)
return sys_mods
def create_driver_object(self, name=None, pe=None):
"""
Create a driver object for the driver that is going to be emulated
"""
drv = objman.Driver(emu=self)
# If no PE was supplied, assign a dummy driver
if not pe:
# Get the path for the dummy driver
default_path = self.get_native_module_path('default_sys')
pe = w32common.DecoyModule(path=default_path)
if name:
bn = ntpath.basename(name)
else:
bn = 'none'
pe.decoy_path = ('%sdrivers\\%s.sys' %
(self.get_system_root(), os.path.basename(bn)))
pe.decoy_base = pe.get_base()
ep = pe.get_base() + pe.ep
drv.object.MajorFunction[ddk.IRP_MJ_CREATE] = ep + 1
drv.object.MajorFunction[ddk.IRP_MJ_READ] = ep + 2
drv.object.MajorFunction[ddk.IRP_MJ_WRITE] = ep + 3
drv.object.MajorFunction[ddk.IRP_MJ_DEVICE_CONTROL] = ep + 4
drv.object.MajorFunction[ddk.IRP_MJ_PNP] = ep + 5
drv.object.MajorFunction[
ddk.IRP_MJ_INTERNAL_DEVICE_CONTROL] = ep + 6
else:
if not name:
bn = pe.path
path = '%sdrivers\\%s' % (self.get_system_root(),
os.path.basename(bn))
pe.decoy_path = path
pe.decoy_base = pe.base
drv.init_driver_object(name, pe)
self.add_object(drv)
self.drivers.append(drv)
return drv
