API tools faq
paste
Advertisement
vovan333

KMDF MM Driver

vovan333
Jun 4th, 2017
118
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ (WinAPI) 2.03 KB | None | 0 0
raw download clone embed print report
  1. #include <ntddk.h>
  2.  
  3. #define IoRequestCode(code)     CTL_CODE(FILE_DEVICE_UNKNOWN, code, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
  4. #define ReadRequestCode         IoRequestCode(0x0701)
  5. #define WriteRequestCode        IoRequestCode(0x0702)
  6. using ulong = unsigned long;
  7.  
  8. UNICODE_STRING devicePath, dosDevicePath;
  9.  
  10. // Undocumented kernel function definitions
  11.  
  12. NTSTATUS NTAPI MmCopyVirtualMemory
  13. (
  14.     PEPROCESS SourceProcess,
  15.     PVOID SourceAddress,
  16.     PEPROCESS TargetProcess,
  17.     PVOID TargetAddress,
  18.     SIZE_T BufferSize,
  19.     KPROCESSOR_MODE PreviousMode,
  20.     PSIZE_T ReturnSize
  21. );
  22.  
  23. NTKERNELAPI NTSTATUS PsLookupProcessByProcessId
  24. (
  25.     _In_ HANDLE ProcessId,
  26.     _Outptr_ PEPROCESS *Process
  27. );
  28.  
  29. class ReadRequest
  30. {
  31.     public:
  32.     ReadRequest(ulong pid, ulong addr, ulong sz) : Pid(pid), Addr(addr), Sz(sz) {};
  33.     ulong Pid, Addr, Sz;
  34.     void* Result;
  35. };
  36.  
  37. class WriteRequest
  38. {
  39.     public:
  40.     WriteRequest(ulong pid, ulong addr, void* data, ulong sz) : Pid(pid), Addr(addr), Data(data), Sz(sz) {};
  41.     ulong Pid, Addr, Sz;
  42.     void* Data;
  43. };
  44.  
  45. NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
  46. {
  47.     DbgPrint("Driver loaded \n");
  48.     PDEVICE_OBJECT pDevice;
  49.     RtlInitUnicodeString(&devicePath, L"\\Device\\MmDrv");
  50.     RtlInitUnicodeString(&dosDevicePath, L"\\DosDevices\\MmDrv");
  51.  
  52.     IoCreateDevice(pDriverObject, 0, &devicePath, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDevice);
  53.     IoCreateSymbolicLink(&dosDevicePath, &devicePath);
  54.  
  55.     pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = IoControl;
  56.     pDriverObject->MajorFunction[IRP_MJ_CREATE] = CreateCall;
  57.     pDriverObject->MajorFunction[IRP_MJ_CLOSE] = CloseCall;
  58.     pDriverObject->DriverUnload = OnUnload;
  59.  
  60.     pDevice->Flags |= DO_DIRECT_IO;
  61.     pDevice->Flags &= ~DO_DEVICE_INITIALIZING;
  62. }
  63.  
  64. NTSTATUS IoControl(PDEVICE_OBJECT pDevice, PIRP pIrp)
  65. {
  66.     PIO_STACK_LOCATION ioStack = IoGetCurrentIrpStackLocation(pIrp);
  67.     ULONG code = ioStack->Parameters.DeviceIoControl.IoControlCode;
  68.  
  69.     if (code = ReadRequestCode)
  70.     {
  71.         ReadRequest* request = (ReadRequest*)pIrp->AssociatedIrp.SystemBuffer;
  72.  
  73.     }
  74. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!