IDA - driver.sys.i64 (driver.sys) C:\Users\xerox\Desktop\amlegit.com\driver.sys.i64

__int64 __fastcall ioctl_hook_setup(__int64 DRIVER_OBJECT) { // [COLLAPSED LOCAL DECLARATIONS. PRESS KEYPAD CTRL-"+" TO EXPAND] device_name = (const UNICODE_STRING *)(DRIVER_OBJECT + 0x38); pdriver_object = (struct _DRIVER_OBJECT *)DRIVER_OBJECT; debug_with_prefix((__int64)"Going to %wZ @ 0x%p\n", DRIVER_OBJECT + 0x38, DRIVER_OBJECT); if ( !pdriver_object->DeviceObject ) { register_result = register_device(pdriver_object, (PDEVICE_OBJECT *)&qword_140006180); if ( (register_result & 0xC0000000) == 0xC0000000 ) { debug_with_prefix((__int64)"Failed to create Device!\n"); return register_result; } v5 = 1; goto LABEL_11; } if ( !ObQueryNameInfo() ) { print_string = "Unnamed device. Skipping.\n"; LABEL_7: debug_with_prefix((__int64)print_string); return 0xC0000002i64; // STATUS_NOT_IMPLEMENTED } RtlInitUnicodeString(&gpu_energy_drv_str, L"\\Driver\\GpuEnergyDrv"); if ( !RtlEqualUnicodeString(&gpu_energy_drv_str, device_name, 0) ) { print_string = "Not our target driver. Skipping.\n"; goto LABEL_7; } original_ioctl = install_ioctl_hook((__int64)pdriver_object, (__int64)ioctl_inline_hook); v5 = 0; LABEL_11: byte_140006188 = v5; qword_140006180 = (__int64)pdriver_object->DeviceObject; if ( (sub_1400044CC(pdriver_object->MajorFunction, qword_1400060A0, 28i64) & 0xC0000000) == 0xC0000000 ) { if ( byte_140006188 == 1 ) sub_140001544(&qword_140006180); byte_140006188 = 0; result = 0xC0000305i64; } else { pdriver_object->MajorFunction[0] = (PDRIVER_DISPATCH)IRP_MJ_CREATE; pdriver_object->MajorFunction[2] = (PDRIVER_DISPATCH)IRP_MJ_CLOSE; pdriver_object->MajorFunction[14] = (PDRIVER_DISPATCH)IOCTL_HOOK_FUNCTION; pdriver_obj = (__int64)pdriver_object; if ( (int)sub_140001438(qword_140006180) < 0 ) debug_with_prefix((__int64)"Failed to create symlink\n"); if ( pdriver_object->DriverUnload ) { driver_unload_orig = (__int64)pdriver_object->DriverUnload; pdriver_object->DriverUnload = (PDRIVER_UNLOAD)new_driver_unload; } debug_with_prefix((__int64)"Successfully hooked %wZ @ 0x%p\n", device_name, pdriver_object); result = 0i64; } return result; }