KMDF mMCopyVirtualMemory

1. #include "driver.h"
2. #include <ntddk.h>
3. #include "driver.tmh"
4. #pragma comment(lib, "Ntoskrnl.lib")
5.  
6. #ifdef ALLOC_PRAGMA
7. #pragma alloc_text (INIT, DriverEntry)
8. #pragma alloc_text (PAGE, CallOfDutySysFileEvtDeviceAdd)
9. #pragma alloc_text (PAGE, CallOfDutySysFileEvtDriverContextCleanup)
10. #endif
11.  
12. NTSTATUS KeReadProcessMemory(PEPROCESS Process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size)
13. {
14.     PEPROCESS SourceProcess = Process;
15.     PEPROCESS TargetProcess = PsGetCurrentProcess();
16.     SIZE_T Result;
17.     if (NT_SUCCESS(MmCopyVirtualMemory(SourceProcess, SourceAddress, TargetProcess, TargetAddress, Size, KernelMode, &Result)))
18.         return STATUS_SUCCESS;
19.     else
20.         return STATUS_ACCESS_DENIED;
21. }
22. NTSTATUS KeWriteProcessMemory(PEPROCESS Process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size)
23. {
24.     PEPROCESS SourceProcess = PsGetCurrentProcess();
25.     PEPROCESS TargetProcess = Process;
26.     SIZE_T Result;
27.  
28.     if (NT_SUCCESS(MmCopyVirtualMemory(SourceProcess, SourceAddress, TargetProcess, TargetAddress, Size, KernelMode, &Result)))
29.         return STATUS_SUCCESS;
30.     else
31.         return STATUS_ACCESS_DENIED;
32.  
33. }
34.  
35. NTSTATUS
36. DriverEntry(_In_ PDRIVER_OBJECT  DriverObject, _In_ PUNICODE_STRING RegistryPath)
37. {
38.     WDF_DRIVER_CONFIG config;
39.     NTSTATUS status;
40.     WDF_OBJECT_ATTRIBUTES attributes;
41.     WPP_INIT_TRACING(DriverObject, RegistryPath);
42.     TraceEvents(TRACE_LEVEL_INFORMATION, TRACE_DRIVER, "%!FUNC! Entry");
43.     WDF_OBJECT_ATTRIBUTES_INIT(&attributes);
44.     attributes.EvtCleanupCallback = CallOfDutySysFileEvtDriverContextCleanup;
45.  
46.     WDF_DRIVER_CONFIG_INIT(&config,
47.                            CallOfDutySysFileEvtDeviceAdd
48.                            );
49.  
50.     status = WdfDriverCreate(DriverObject,
51.                              RegistryPath,
52.                              &attributes,
53.                              &config,
54.                              WDF_NO_HANDLE
55.                              );
56.  
57.     if (!NT_SUCCESS(status)) {
58.         TraceEvents(TRACE_LEVEL_ERROR, TRACE_DRIVER, "WdfDriverCreate failed %!STATUS!", status);
59.         WPP_CLEANUP(DriverObject);
60.         return status;
61.     }
62.  
63.     TraceEvents(TRACE_LEVEL_INFORMATION, TRACE_DRIVER, "%!FUNC! Exit");
64.  
65.  
66.  
67.     return status;
68. }
69.  
70. NTSTATUS
71. CallOfDutySysFileEvtDeviceAdd(
72.     _In_    WDFDRIVER       Driver,
73.     _Inout_ PWDFDEVICE_INIT DeviceInit
74.     )
75. {
76.     NTSTATUS status;
77.  
78.     UNREFERENCED_PARAMETER(Driver);
79.  
80.     PAGED_CODE();
81.  
82.     TraceEvents(TRACE_LEVEL_INFORMATION, TRACE_DRIVER, "%!FUNC! Entry");
83.  
84.     status = CallOfDutySysFileCreateDevice(DeviceInit);
85.  
86.     TraceEvents(TRACE_LEVEL_INFORMATION, TRACE_DRIVER, "%!FUNC! Exit");
87.  
88.     return status;
89. }
90.  
91. VOID
92. CallOfDutySysFileEvtDriverContextCleanup(
93.     _In_ WDFOBJECT DriverObject
94.     )
95. {
96.     UNREFERENCED_PARAMETER(DriverObject);
97.  
98.     PAGED_CODE();
99.  
100.     TraceEvents(TRACE_LEVEL_INFORMATION, TRACE_DRIVER, "%!FUNC! Entry");
101.  
102.     WPP_CLEANUP(WdfDriverWdmGetDriverObject((WDFDRIVER)DriverObject));
103. }