DMPAPI(bool) io_Free(void* handle) {
bool result = true;
IO_BASE_t* base;
if ((base = (IO_BASE_t*)handle) == NULL) return false;
switch (base->iotype)
{
case IO_USE_PORTIO:
// TODO: for WinXP or Linux Kernel Mode, free Port-I/O region here
break;
case IO_USE_MMIO:
#if defined DMP_DOS_DJGPP
dpmi_LinMapFree(base->addr);
dpmi_SelFree(base->mmio_selector);
#elif defined USE_WINIO3
UnmapPhysicalMemory(base->mmio_info);
#elif defined USE_PHYMEM
UnmapPhyMem((void*)base->addr, base->size);
#else
// TODO: for WinXP or Linux Kernel Mode, free MMIO region here
#endif
break;
default:
err_print((char*)"%s: unknown io-type!\n", __FUNCTION__);
result = false;
break;
}
free_io_base(base);
return result;
}
bool CPhyMem::CopyDmiMemory(PBYTE buf,DWORD phyAddr,DWORD size)
{
if((physmem = OpenPhysicalMemory()))
{
if(MapPhysicalMemory( physmem, &phyAddr, &size,
&vaddress ))
{
memcpy((void*)buf,(void*)vaddress,size);
UnmapPhysicalMemory( vaddress );
CloseHandle( physmem );
return true;
}
return false;
}
return false;
}
static STDCALL void dhahelperunload(IN PDRIVER_OBJECT DriverObject){
UNICODE_STRING DeviceLinkUnicodeString;
NTSTATUS ntStatus=STATUS_SUCCESS;
OutputDebugString ("dhahelper: entering dhahelperunload");
OutputDebugString ("dhahelper: unmapping remaining memory");
while(alloccount && (ntStatus==STATUS_SUCCESS))ntStatus = UnmapPhysicalMemory(alloclist[alloccount-1].UserVirtualAddress);
RtlInitUnicodeString (&DeviceLinkUnicodeString, L"\\DosDevices\\DHAHELPER");
ntStatus = IoDeleteSymbolicLink (&DeviceLinkUnicodeString);
if (NT_SUCCESS(ntStatus)){
IoDeleteDevice (DriverObject->DeviceObject);
}
else {
OutputDebugString ("dhahelper: IoDeleteSymbolicLink failed");
}
OutputDebugString ("dhahelper: leaving dhahelperunload");
}
bool _stdcall SetPhysLong(PBYTE pbPhysAddr, DWORD dwPhysVal)
{
PDWORD pdwLinAddr;
HANDLE PhysicalMemoryHandle;
if (!IsWinIoInitialized)
return false;
pdwLinAddr = (PDWORD)MapPhysToLin(pbPhysAddr, 4, &PhysicalMemoryHandle);
if (pdwLinAddr == NULL)
return false;
*pdwLinAddr = dwPhysVal;
UnmapPhysicalMemory(PhysicalMemoryHandle, (PBYTE)pdwLinAddr);
return true;
}
BOOL OperateProcessMemory(HANDLE ProcessId, PVOID VirtualAddress, PVOID Buffer, SIZE_T BufferSize, PROCESS_MEMORY_OPERATION MemoryOperation) {
KAPC_STATE ApcState;
BOOL Status = SwitchToSpecifiedProcessAddressSpace(ProcessId, &ApcState);
if (Status) {
PHYSICAL_ADDRESS PhysicalAddress = GetPhysicalAddress(VirtualAddress);
PVOID MappedMemory = MapPhysicalMemoryWithProtect(PhysicalAddress, BufferSize, PAGE_READWRITE);
HANDLE SecureHandle;
SecureVirtualMemory(MappedMemory, BufferSize, PAGE_READWRITE, &SecureHandle);
switch (MemoryOperation) {
case MemoryRead:
RtlCopyMemory(Buffer, MappedMemory, BufferSize);
break;
case MemoryWrite:
RtlCopyMemory(MappedMemory, Buffer, BufferSize);
break;
}
UnsecureVirtualMemory(SecureHandle);
UnmapPhysicalMemory(MappedMemory, BufferSize);
DetachFromSpecifiedProcessAddressSpace(&ApcState);
}
return Status;
}
DMPAPI(bool) io_Free(void* handle) {
bool result = true;
IO_BASE_t* base;
if ((base = (IO_BASE_t*)handle) == NULL) return false;
switch (base->iotype)
{
case IO_USE_PORTIO:
// do nothing ...
break;
case IO_USE_MMIO:
#if defined DMP_DOS_DJGPP
dpmi_LinMapFree(base->addr);
dpmi_SelFree(base->mmio_selector);
#elif defined DMP_LINUX
if ((IO_mmioFD != -1) && ((void*)base->addr != (void *)-1)) //&&
if (munmap((void*)(base->mmio_realaddr), base->size) == -1)
{
err_print("%s: fail to free MMIO region (%d)!\n", __FUNCTION__, errno);
result = false;
}
#elif defined USE_WINIO3
UnmapPhysicalMemory(base->mmio_info);
#elif defined USE_PHYMEM
UnmapPhyMem((void*)base->addr, base->size);
#endif
break;
default:
err_print("%s: unknown io-type!\n", __FUNCTION__);
result = false;
break;
}
free_io_base(base);
return result;
}
NTSTATUS WinIoDispatch(IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp)
{
PIO_STACK_LOCATION IrpStack;
ULONG dwInputBufferLength;
ULONG dwOutputBufferLength;
ULONG dwIoControlCode;
PVOID pvIOBuffer;
NTSTATUS ntStatus;
struct tagPhys32Struct Phys32Struct;
OutputDebugString ("Entering WinIoDispatch");
// Init to default settings
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
IrpStack = IoGetCurrentIrpStackLocation(Irp);
// Get the pointer to the input/output buffer and it's length
pvIOBuffer = Irp->AssociatedIrp.SystemBuffer;
dwInputBufferLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
dwOutputBufferLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
switch (IrpStack->MajorFunction)
{
case IRP_MJ_CREATE:
OutputDebugString("IRP_MJ_CREATE");
break;
case IRP_MJ_CLOSE:
OutputDebugString("IRP_MJ_CLOSE");
break;
case IRP_MJ_DEVICE_CONTROL:
OutputDebugString("IRP_MJ_DEVICE_CONTROL");
dwIoControlCode = IrpStack->Parameters.DeviceIoControl.IoControlCode;
switch (dwIoControlCode)
{
case IOCTL_WINIO_ENABLEDIRECTIO:
OutputDebugString("IOCTL_WINIO_ENABLEDIRECTIO");
pIOPM = MmAllocateNonCachedMemory(sizeof(IOPM));
if (pIOPM)
{
RtlZeroMemory(pIOPM, sizeof(IOPM));
Ke386IoSetAccessProcess(PsGetCurrentProcess(), 1);
Ke386SetIoAccessMap(1, pIOPM);
}
else
Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;
break;
case IOCTL_WINIO_DISABLEDIRECTIO:
OutputDebugString("IOCTL_WINIO_DISABLEDIRECTIO");
if (pIOPM)
{
Ke386IoSetAccessProcess(PsGetCurrentProcess(), 0);
Ke386SetIoAccessMap(1, pIOPM);
MmFreeNonCachedMemory(pIOPM, sizeof(IOPM));
pIOPM = NULL;
}
break;
case IOCTL_WINIO_MAPPHYSTOLIN:
OutputDebugString("IOCTL_WINIO_MAPPHYSTOLIN");
if (dwInputBufferLength)
{
memcpy (&Phys32Struct, pvIOBuffer, dwInputBufferLength);
ntStatus = MapPhysicalMemoryToLinearSpace(Phys32Struct.pvPhysAddress,
Phys32Struct.dwPhysMemSizeInBytes,
&Phys32Struct.pvPhysMemLin,
&Phys32Struct.PhysicalMemoryHandle);
if (NT_SUCCESS(ntStatus))
{
memcpy (pvIOBuffer, &Phys32Struct, dwInputBufferLength);
Irp->IoStatus.Information = dwInputBufferLength;
}
Irp->IoStatus.Status = ntStatus;
}
else
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
case IOCTL_WINIO_UNMAPPHYSADDR:
OutputDebugString("IOCTL_WINIO_UNMAPPHYSADDR");
if (dwInputBufferLength)
{
memcpy (&Phys32Struct, pvIOBuffer, dwInputBufferLength);
ntStatus = UnmapPhysicalMemory(Phys32Struct.PhysicalMemoryHandle, Phys32Struct.pvPhysMemLin);
Irp->IoStatus.Status = ntStatus;
}
else
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
default:
OutputDebugString("ERROR: Unknown IRP_MJ_DEVICE_CONTROL");
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
}
break;
}
// DON'T get cute and try to use the status field of the irp in the
// return status. That IRP IS GONE as soon as you call IoCompleteRequest.
ntStatus = Irp->IoStatus.Status;
IoCompleteRequest (Irp, IO_NO_INCREMENT);
// We never have pending operation so always return the status code.
OutputDebugString("Leaving WinIoDispatch");
return ntStatus;
}
NTSTATUS hwinterfaceDeviceControl(IN PDEVICE_OBJECT DeviceObject, IN PIRP pIrp)
{
PIO_STACK_LOCATION stkloc;
NTSTATUS ntStatus = STATUS_SUCCESS;
struct tagPhys32Struct Phys32Struct;
PUCHAR cData;
PUSHORT sData;
PULONG lData;
PUSHORT address;
ULONG inBuffersize;
ULONG outBuffersize;
ULONG inBuf;
PVOID CtrlBuff;
stkloc = IoGetCurrentIrpStackLocation( pIrp );
inBuffersize = stkloc->Parameters.DeviceIoControl.InputBufferLength;
outBuffersize = stkloc->Parameters.DeviceIoControl.OutputBufferLength;
CtrlBuff = pIrp->AssociatedIrp.SystemBuffer;
cData = (PUCHAR) CtrlBuff;
sData = (PUSHORT) CtrlBuff;
lData = (PULONG) CtrlBuff;
address = (PUSHORT) CtrlBuff;
switch ( stkloc->Parameters.DeviceIoControl.IoControlCode )
{
case IOCTL_READ_PORT_UCHAR:
if ((inBuffersize >= 2) && (outBuffersize >= 1))
{
UCHAR value;
value = READ_PORT_UCHAR((PUCHAR)address[0]);
cData[0] = value;
}
else
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
}
pIrp->IoStatus.Information = sizeof(UCHAR);
ntStatus = STATUS_SUCCESS;
break;
case IOCTL_WRITE_PORT_UCHAR:
if (inBuffersize >= 3)
{
WRITE_PORT_UCHAR((PUCHAR)address[0], cData[2]); //Byte 0,1=Address Byte 2=Value
pIrp->IoStatus.Information = 10;
}
else
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
pIrp->IoStatus.Information = 0;
ntStatus = STATUS_SUCCESS;
}
break;
case IOCTL_READ_PORT_USHORT:
if ((inBuffersize >= 2) && (outBuffersize >= 2))
{
USHORT value;
value = READ_PORT_USHORT((PUSHORT)address[0]);
sData[0] = value;
}
else
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
}
pIrp->IoStatus.Information = sizeof(USHORT);
ntStatus = STATUS_SUCCESS;
break;
case IOCTL_WRITE_PORT_USHORT:
if (inBuffersize >= 4)
{
WRITE_PORT_USHORT((PUSHORT)address[0], sData[1]); //Short 0=Address Short 1=Value
pIrp->IoStatus.Information = 10;
}
else
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
pIrp->IoStatus.Information = 0;
ntStatus = STATUS_SUCCESS;
}
break;
case IOCTL_READ_PORT_ULONG:
if ((inBuffersize >= 4) && (outBuffersize >= 4))
{
ULONG value;
value = READ_PORT_ULONG((PULONG)address[0]);
lData[0] = value;
}
else
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
}
pIrp->IoStatus.Information = sizeof(ULONG);
ntStatus = STATUS_SUCCESS;
break;
case IOCTL_WRITE_PORT_ULONG:
if (inBuffersize >= 8)
{
WRITE_PORT_ULONG(&(lData[0]), lData[1]); //Short 0=Address long 1=Value
pIrp->IoStatus.Information = 10;
}
else
{
ntStatus = STATUS_BUFFER_TOO_SMALL;
pIrp->IoStatus.Information = 0;
ntStatus = STATUS_SUCCESS;
}
break;
case IOCTL_WINIO_MAPPHYSTOLIN:
if (inBuffersize)
{
memcpy (&Phys32Struct, CtrlBuff, inBuffersize);
ntStatus = MapPhysicalMemoryToLinearSpace(Phys32Struct.pvPhysAddress,
Phys32Struct.dwPhysMemSizeInBytes,
&Phys32Struct.pvPhysMemLin,
&Phys32Struct.PhysicalMemoryHandle);
if (NT_SUCCESS(ntStatus))
{
memcpy (CtrlBuff, &Phys32Struct, inBuffersize);
pIrp->IoStatus.Information = inBuffersize;
}
pIrp->IoStatus.Status = ntStatus;
}
else
pIrp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
case IOCTL_WINIO_UNMAPPHYSADDR:
if (inBuffersize)
{
memcpy (&Phys32Struct, CtrlBuff, inBuffersize);
ntStatus = UnmapPhysicalMemory(Phys32Struct.PhysicalMemoryHandle, Phys32Struct.pvPhysMemLin);
pIrp->IoStatus.Status = ntStatus;
}
else
pIrp->IoStatus.Status = STATUS_INVALID_PARAMETER;
break;
default:
ntStatus = STATUS_UNSUCCESSFUL;
pIrp->IoStatus.Information = 0;
break;
}
pIrp->IoStatus.Status = ntStatus;
IoCompleteRequest( pIrp, IO_NO_INCREMENT );
return ntStatus;
}
void *unmap_memory(tagPhysStruct_t *phys) {
UnmapPhysicalMemory(phys);
}
