pivoidddddddddddddddddddddd

1. #include <ntddk.h>
2.  
3. #define IoRequestCode(code)     CTL_CODE(FILE_DEVICE_UNKNOWN, code, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
4. #define ReadRequestCode         IoRequestCode(0x0701)
5. #define WriteRequestCode        IoRequestCode(0x0702)
6. using ulong = unsigned long;
7.  
8. UNICODE_STRING devicePath, DOSDevicePath;
9.  
10. // Undocumented kernel functions
11.  
12. NTSTATUS NTAPI MmCopyVirtualMemory
13. (
14.     PEPROCESS SourceProcess,
15.     PVOID SourceAddress,
16.     PEPROCESS TargetProcess,
17.     PVOID TargetAddress,
18.     SIZE_T BufferSize,
19.     KPROCESSOR_MODE PreviousMode,
20.     PSIZE_T ReturnSize
21. );
22.  
23. NTSTATUS NTKERNELAPI PsLookupProcessByProcessId
24. (
25.     _In_ HANDLE ProcessId,
26.     _Outptr_ PEPROCESS* Process
27. );
28.  
29. enum ResponseStatus
30. {
31.     BadProcessId = 0xDEADBEEF
32. };
33.  
34. class ReadRequest
35. {
36.     public:
37.     ReadRequest(ulong pid, ulong addr, ulong sz) : Pid(pid), Addr(addr), Sz(sz) {};
38.     ulong Pid, Addr, Sz;
39.     void* Response;
40. };
41.  
42. class WriteRequest
43. {
44.     public:
45.     WriteRequest(ulong pid, ulong addr, void* data, ulong sz) : Pid(pid), Addr(addr), Data(data), Sz(sz) {};
46.     ulong Pid, Addr, Sz;
47.     void* Data;
48. };
49.  
50. NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
51. {
52.     DbgPrint("Driver loaded\n");
53.     PDEVICE_OBJECT pDevice;
54.  
55.     RtlInitUnicodeString(&devicePath, L"\\Device\\MmDrv");
56.     RtlInitUnicodeString(&DOSDevicePath, L"\\DosDevices\\MmDrv");
57.  
58.     IoCreateDevice(pDriverObject, 0, &devicePath, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDevice);
59.     IoCreateSymbolicLink(&DOSDevicePath, &devicePath);
60.  
61.     pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = IoControl;
62.     pDriverObject->DriverUnload = OnUnload;
63.  
64.     pDevice->Flags |= DO_DIRECT_IO;
65.     pDevice->Flags &= ~DO_DEVICE_INITIALIZING;
66. }
67.  
68. void OnUnload(PDRIVER_OBJECT pDriver)
69. {
70.     IoDeleteSymbolicLink(&DOSDevicePath);
71.     IoDeleteDevice(pDriver->DeviceObject);
72. }
73.  
74. NTSTATUS IoControl(PDEVICE_OBJECT pDevice, PIRP pIrp)
75. {
76.     PIO_STACK_LOCATION ioStack = IoGetCurrentIrpStackLocation(pIrp);
77.     ULONG code = ioStack->Parameters.DeviceIoControl.IoControlCode;
78.     NTSTATUS status;
79.  
80.     if (code = ReadRequestCode)
81.     {
82.         ReadRequest* request = (ReadRequest*)pIrp->AssociatedIrp.SystemBuffer;
83.         PEPROCESS process;
84.         if (NT_SUCCESS(PsLookupProcessByProcessId((HANDLE)request->Pid, &process)))
85.         {
86.             MmCopyVirtualMemory(process, (PVOID)request->Addr, IoGetCurrentProcess(), request->Response, request->Sz, KernelMode, &request->Sz);
87.             status = STATUS_SUCCESS;
88.         }
89.         else
90.         {
91.             status = BadProcessId;
92.         }
93.     }
94.     if (code = WriteRequestCode)
95.     {
96.         WriteRequest* request = (WriteRequest*)pIrp->AssociatedIrp.SystemBuffer;
97.         PEPROCESS process;
98.         if (NT_SUCCESS(PsLookupProcessByProcessId((HANDLE)request->Pid, &process)))
99.         {
100.             MmCopyVirtualMemory(IoGetCurrentProcess(), request->Data, process, (PVOID)request->Addr, request->Sz, KernelMode, &request->Sz);
101.         }
102.         else
103.         {
104.             status = BadProcessId;
105.         }
106.     }
107.    
108.     pIrp->IoStatus.Status = status;
109.     IoCompleteRequest(pIrp, IO_NO_INCREMENT);
110. }