First commit

Author: DoubleLabyrinth

.gitignore

@@ -0,0 +1,5 @@
+.vs/
+bin/
+obj/
+asset/pki-architecture.xml
+

CustomKernelSignersPersistent/CustomKernelSignersPersistent.vcxproj

@@ -0,0 +1,139 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{912F26A3-E2FA-4503-AF55-1980A05845E1}</ProjectGuid>
+    <TemplateGuid>{dd38f7fc-d7bd-488b-9242-7d8754cde80d}</TemplateGuid>
+    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
+    <Configuration>Debug</Configuration>
+    <Platform Condition="'$(Platform)' == ''">Win32</Platform>
+    <RootNamespace>CustomKernelSignersPersistent</RootNamespace>
+    <WindowsTargetPlatformVersion>$(LatestTargetPlatformVersion)</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <TargetVersion>Windows10</TargetVersion>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+    <ConfigurationType>Driver</ConfigurationType>
+    <DriverType>WDM</DriverType>
+    <DriverTargetPlatform>Desktop</DriverTargetPlatform>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <TargetVersion>Windows10</TargetVersion>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+    <ConfigurationType>Driver</ConfigurationType>
+    <DriverType>WDM</DriverType>
+    <DriverTargetPlatform>Desktop</DriverTargetPlatform>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <TargetVersion>Windows10</TargetVersion>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+    <ConfigurationType>Driver</ConfigurationType>
+    <DriverType>WDM</DriverType>
+    <DriverTargetPlatform>Desktop</DriverTargetPlatform>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <TargetVersion>Windows10</TargetVersion>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
+    <ConfigurationType>Driver</ConfigurationType>
+    <DriverType>WDM</DriverType>
+    <DriverTargetPlatform>Desktop</DriverTargetPlatform>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+    <TargetName>ckspdrv</TargetName>
+    <OutDir>$(SolutionDir)bin\$(Platform)-$(ConfigurationName)\</OutDir>
+    <IntDir>$(SolutionDir)obj\$(Platform)-$(ConfigurationName)\$(ProjectName)\</IntDir>
+    <TimeStampServer />
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+    <TargetName>ckspdrv</TargetName>
+    <OutDir>$(SolutionDir)bin\$(Platform)-$(ConfigurationName)\</OutDir>
+    <IntDir>$(SolutionDir)obj\$(Platform)-$(ConfigurationName)\$(ProjectName)\</IntDir>
+    <TimeStampServer />
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+    <TimeStampServer />
+    <TargetName>ckspdrv</TargetName>
+    <OutDir>$(SolutionDir)bin\$(Platform)-$(ConfigurationName)\</OutDir>
+    <IntDir>$(SolutionDir)obj\$(Platform)-$(ConfigurationName)\$(ProjectName)\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
+    <TimeStampServer />
+    <TargetName>ckspdrv</TargetName>
+    <OutDir>$(SolutionDir)bin\$(Platform)-$(ConfigurationName)\</OutDir>
+    <IntDir>$(SolutionDir)obj\$(Platform)-$(ConfigurationName)\$(ProjectName)\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <DriverSign>
+      <FileDigestAlgorithm>
+      </FileDigestAlgorithm>
+    </DriverSign>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <DriverSign>
+      <FileDigestAlgorithm>
+      </FileDigestAlgorithm>
+    </DriverSign>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <DriverSign>
+      <FileDigestAlgorithm>
+      </FileDigestAlgorithm>
+    </DriverSign>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <DriverSign>
+      <FileDigestAlgorithm>
+      </FileDigestAlgorithm>
+    </DriverSign>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <FilesToPackage Include="$(TargetPath)" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="cksp_defs.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="cksp_entry.c" />
+    <ClCompile Include="cksp_irp_null.c" />
+    <ClCompile Include="cksp_main.c" />
+    <ClCompile Include="cksp_unload.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

CustomKernelSignersPersistent/CustomKernelSignersPersistent.vcxproj.filters

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+    <Filter Include="Driver Files">
+      <UniqueIdentifier>{8E41214B-6785-4CFE-B992-037D68949A14}</UniqueIdentifier>
+      <Extensions>inf;inv;inx;mof;mc;</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="cksp_defs.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="cksp_entry.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="cksp_irp_null.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="cksp_unload.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="cksp_main.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>

CustomKernelSignersPersistent/CustomKernelSignersPersistent.vcxproj.user

@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <ShowAllFiles>true</ShowAllFiles>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <SignMode>Off</SignMode>
+    <CrossCertificateFile>
+    </CrossCertificateFile>
+    <ProductionCertificate>
+    </ProductionCertificate>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <SignMode>Off</SignMode>
+    <CrossCertificateFile>
+    </CrossCertificateFile>
+    <ProductionCertificate>
+    </ProductionCertificate>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <SignMode>Off</SignMode>
+    <CrossCertificateFile>
+    </CrossCertificateFile>
+    <ProductionCertificate>
+    </ProductionCertificate>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <SignMode>Off</SignMode>
+    <CrossCertificateFile>
+    </CrossCertificateFile>
+    <ProductionCertificate>
+    </ProductionCertificate>
+  </PropertyGroup>
+</Project>

CustomKernelSignersPersistent/cksp_defs.h

@@ -0,0 +1,72 @@
+#pragma once
+#include <ntifs.h>
+
+NTSTATUS NTAPI ZwQueryLicenseValue(
+    _In_ PUNICODE_STRING ValueName,
+    _Out_opt_ PULONG Type,
+    _Out_writes_bytes_to_opt_(DataSize, *ResultDataSize) PVOID Data,
+    _In_ ULONG DataSize,
+    _Out_ PULONG ResultDataSize
+);
+
+NTSTATUS NTAPI ExUpdateLicenseData(
+    _In_ ULONG cbBytes,
+    _In_reads_bytes_(cbBytes) PVOID lpBytes
+);
+
+typedef enum _CKSP_WORKER_ACTION {
+    CkspWorkerActionNone = 0,
+    CkspWorkerActionStop = 1
+} CKSP_WORKER_ACTION;
+
+typedef struct _CKSP_WORKER_CONTEXT {
+    UNICODE_STRING                  LaunchDriverServiceName;
+    HANDLE                          ProductOptionsKeyChangeEventHandle;
+    PKEVENT                         ProductOptionsKeyChangeEventObject;
+    HANDLE                          ProductOptionsKey;
+    PKEY_VALUE_PARTIAL_INFORMATION  ProductPolicyValueInfo;
+    ULONG                           ProductPolicyValueInfoSize;
+    CKSP_WORKER_ACTION              Action;
+} CKSP_WORKER_CONTEXT, *PCKSP_WORKER_CONTEXT;
+
+extern PCKSP_WORKER_CONTEXT g_CkspWorkerContext;
+extern HANDLE g_CkspWorkerThreadHandle;
+extern PVOID  g_CkspWorkerThreadObject;
+
+NTSTATUS NTAPI DriverEntry(
+    _In_ PDRIVER_OBJECT DriverObject, 
+    _In_ PUNICODE_STRING RegistryPath
+);
+
+VOID NTAPI DriverUnload(
+    _In_ PDRIVER_OBJECT DriverObject
+);
+
+NTSTATUS NTAPI IrpNullHandler(
+    _In_ PDEVICE_OBJECT DeviceObject, 
+    _In_ PIRP Irp
+);
+
+//
+// CKSP routines
+//
+
+NTSTATUS CkspInitContext(
+    _In_ PCKSP_WORKER_CONTEXT Context,
+    _In_ PDRIVER_OBJECT DriverObject,
+    _In_ PUNICODE_STRING RegistryPath
+);
+
+VOID CkspClearContext(
+    _In_ PCKSP_WORKER_CONTEXT Context
+);
+
+VOID NTAPI CkspWorker(
+    _In_ PVOID StartContext
+);
+
+VOID CkspDeferUnloadAsPossible(
+    _In_ PCKSP_WORKER_CONTEXT Context
+);
+
+

CustomKernelSignersPersistent/cksp_entry.c

@@ -0,0 +1,70 @@
+#include "cksp_defs.h"
+
+PCKSP_WORKER_CONTEXT g_CkspWorkerContext;
+HANDLE g_CkspWorkerThreadHandle;
+PVOID  g_CkspWorkerThreadObject;
+
+NTSTATUS NTAPI DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath) {
+    NTSTATUS Status;
+    OBJECT_ATTRIBUTES ThreadAttribute;
+
+    //
+    // We don't handle any IRQs
+    //
+    for (int i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; ++i)
+        DriverObject->MajorFunction[i] = IrpNullHandler;
+
+    DriverObject->DriverUnload = DriverUnload;
+
+    //
+    // Allocate CKSP context
+    //
+    g_CkspWorkerContext = (PCKSP_WORKER_CONTEXT)ExAllocatePoolWithTag(NonPagedPool, sizeof(CKSP_WORKER_CONTEXT), 'cksp');
+    if (g_CkspWorkerContext == NULL) {
+        Status = STATUS_NO_MEMORY;
+        goto ON_DriverEntry_ERROR;
+    }
+
+    //
+    // Initialize CKSP context
+    //
+    Status = CkspInitContext(g_CkspWorkerContext, DriverObject, RegistryPath);
+    if (!NT_SUCCESS(Status))
+        goto ON_DriverEntry_ERROR;
+    
+    //
+    // Launch CkspWorker thread
+    //
+    InitializeObjectAttributes(&ThreadAttribute, NULL, OBJ_KERNEL_HANDLE, NULL, NULL);
+    Status = PsCreateSystemThread(&g_CkspWorkerThreadHandle,
+                                  THREAD_ALL_ACCESS,
+                                  &ThreadAttribute,
+                                  NULL,
+                                  NULL,
+                                  CkspWorker,
+                                  g_CkspWorkerContext);
+    if (!NT_SUCCESS(Status)) {
+        goto ON_DriverEntry_ERROR;
+    } else {
+        //
+        // never fail here
+        //
+        ObReferenceObjectByHandle(g_CkspWorkerThreadHandle,
+                                  THREAD_ALL_ACCESS,
+                                  *PsThreadType,
+                                  KernelMode,
+                                  &g_CkspWorkerThreadObject,
+                                  NULL);
+    }
+
+    return Status;
+
+ON_DriverEntry_ERROR:
+    if (g_CkspWorkerContext) {
+        CkspClearContext(g_CkspWorkerContext);
+        ExFreePoolWithTag(g_CkspWorkerContext, 'cksp');
+        g_CkspWorkerContext = NULL;
+    }
+    return Status;
+}
+

CustomKernelSignersPersistent/cksp_irp_null.c

@@ -0,0 +1,12 @@
+#include "cksp_defs.h"
+
+NTSTATUS NTAPI IrpNullHandler(_In_ PDEVICE_OBJECT DeviceObject, _In_ PIRP Irp) {
+    UNREFERENCED_PARAMETER(DeviceObject);
+
+    Irp->IoStatus.Information = 0;
+    Irp->IoStatus.Status = STATUS_NOT_SUPPORTED;
+
+    IoCompleteRequest(Irp, IO_NO_INCREMENT);
+    return STATUS_NOT_SUPPORTED;
+}
+