NTSTATUS kkll_m_modules_fromAddr(PKIWI_BUFFER outBuffer, PVOID addr)
{
KKLL_M_MODULE_FROM_ADDR structAddr = {FALSE, (ULONG_PTR) addr};
NTSTATUS status = kkll_m_modules_enum(0, NULL, outBuffer, kkll_m_modules_fromAddr_callback, &structAddr);
if(NT_SUCCESS(status) && !structAddr.isFound)
status = kprintf(outBuffer, L"0x%p [ ? ]\n", addr);
return status;
}
NTSTATUS MimiDispatchDeviceControl(IN OUT DEVICE_OBJECT *DeviceObject, IN OUT IRP *Irp)
{
NTSTATUS status = STATUS_NOT_SUPPORTED;
PIO_STACK_LOCATION pIoStackIrp = NULL;
size_t szBufferIn, szBufferOut, szReallyOut = 0;
PVOID bufferIn, bufferOut;
KIWI_BUFFER kOutputBuffer = {&szBufferOut, (PWSTR *) &bufferOut};
ULONG i;
PMDL pMdl;
pIoStackIrp = IoGetCurrentIrpStackLocation(Irp);
if(pIoStackIrp)
{
szBufferIn = pIoStackIrp->Parameters.DeviceIoControl.InputBufferLength;
szBufferOut = pIoStackIrp->Parameters.DeviceIoControl.OutputBufferLength;
bufferIn = pIoStackIrp->Parameters.DeviceIoControl.Type3InputBuffer;
bufferOut = Irp->UserBuffer;
switch(pIoStackIrp->Parameters.DeviceIoControl.IoControlCode)
{
case IOCTL_MIMIDRV_RAW:
status = kprintf(&kOutputBuffer, L"Raw command (not implemented yet) : %s\n", bufferIn);
break;
case IOCTL_MIMIDRV_PING:
status = kprintf(&kOutputBuffer, L"Input : %s\nOutput : %s\n", bufferIn, L"pong");
break;
case IOCTL_MIMIDRV_BSOD:
KeBugCheck(MANUALLY_INITIATED_CRASH);
break;
case IOCTL_MIMIDRV_DEBUG_BUFFER:
status = kprintf(&kOutputBuffer, L"in (0x%p - %u) ; out (0x%p - %u)\n", bufferIn, szBufferIn, bufferOut, szBufferOut);
break;
case IOCTL_MIMIDRV_PROCESS_LIST:
status = kkll_m_process_enum(szBufferIn, bufferIn, &kOutputBuffer, kkll_m_process_list_callback, NULL); // input needed ?
break;
case IOCTL_MIMIDRV_PROCESS_TOKEN:
status = kkll_m_process_token(szBufferIn, bufferIn, &kOutputBuffer);
break;
case IOCTL_MIMIDRV_PROCESS_PROTECT:
status = kkll_m_process_protect(szBufferIn, bufferIn, &kOutputBuffer);
break;
case IOCTL_MIMIDRV_PROCESS_FULLPRIV:
status = kkll_m_process_fullprivileges(szBufferIn, bufferIn, &kOutputBuffer);
break;
case IOCTL_MIMIDRV_MODULE_LIST:
status = kkll_m_modules_enum(szBufferIn, bufferIn, &kOutputBuffer, kkll_m_modules_list_callback, NULL); // input needed ?
break;
case IOCTL_MIMIDRV_SSDT_LIST:
status = kkll_m_ssdt_list(&kOutputBuffer);
break;
case IOCTL_MIMIDRV_NOTIFY_PROCESS_LIST:
status = kkll_m_notify_list_process(&kOutputBuffer);
break;
case IOCTL_MIMIDRV_NOTIFY_THREAD_LIST:
status = kkll_m_notify_list_thread(&kOutputBuffer);
break;
case IOCTL_MIMIDRV_NOTIFY_IMAGE_LIST:
status = kkll_m_notify_list_image(&kOutputBuffer);
break;
case IOCTL_MIMIDRV_NOTIFY_REG_LIST:
status = kkll_m_notify_list_reg(&kOutputBuffer);
break;
case IOCTL_MIMIDRV_NOTIFY_OBJECT_LIST:
status = kkll_m_notify_list_object(&kOutputBuffer);
break;
case IOCTL_MIMIDRV_FILTER_LIST:
status = kkll_m_filters_list(&kOutputBuffer);
break;
case IOCTL_MIMIDRV_MINIFILTER_LIST:
status = kkll_m_minifilters_list(&kOutputBuffer);
break;
case IOCTL_MIMIDRV_VM_READ:
status = kkll_m_memory_vm_read(bufferOut, bufferIn, szBufferOut);
break;
case IOCTL_MIMIDRV_VM_WRITE:
status = kkll_m_memory_vm_write(bufferOut, bufferIn, szBufferIn);
break;
case IOCTL_MIMIDRV_VM_ALLOC:
status = kkll_m_memory_vm_alloc(szBufferIn, (PVOID *) bufferOut);
break;
case IOCTL_MIMIDRV_VM_FREE:
status = kkll_m_memory_vm_free(bufferIn);
break;
case IOCTL_MIMIDRV_CREATEREMOTETHREAD:
status = ((PMIMIDRV_THREAD_INFO) bufferIn)->pRoutine(((PMIMIDRV_THREAD_INFO) bufferIn)->pArg);
break;
}
if(NT_SUCCESS(status))
szReallyOut = pIoStackIrp->Parameters.DeviceIoControl.OutputBufferLength - szBufferOut;
}
Irp->IoStatus.Status = status;
Irp->IoStatus.Information = szReallyOut;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return status;
}
