maxObjects, 0 ); return ntStatus; } // AddDevice #pragma code_seg() NTSTATUS _IRQL_requires_max_(DISPATCH_LEVEL) PowerControlCallback ( _In_ LPCGUID PowerControlCode, _In_opt_ PVOID InBuffer, _In_ SIZE_T InBufferSize, _Out_writes_bytes_to_(OutBufferSize, *BytesReturned) PVOID OutBuffer, _In_ SIZE_T OutBufferSize, _Out_opt_ PSIZE_T BytesReturned, _In_opt_ PVOID Context ) { UNREFERENCED_PARAMETER(PowerControlCode); UNREFERENCED_PARAMETER(BytesReturned); UNREFERENCED_PARAMETER(InBuffer); UNREFERENCED_PARAMETER(OutBuffer); UNREFERENCED_PARAMETER(OutBufferSize); UNREFERENCED_PARAMETER(InBufferSize); UNREFERENCED_PARAMETER(Context); return STATUS_NOT_IMPLEMENTED; }
_In_ HANDLE hEventLog, _Out_ PDWORD OldestRecord) { if (OldestRecord) { *OldestRecord = 0; } return TRUE; } extern __declspec(dllexport) BOOL WINAPI ReadEventLogA( _In_ HANDLE hEventLog, _In_ DWORD dwReadFlags, _In_ DWORD dwRecordOffset, _Out_writes_bytes_to_(nNumberOfBytesToRead, *pnBytesRead) LPVOID lpBuffer, _In_ DWORD nNumberOfBytesToRead, _Out_ DWORD *pnBytesRead, _Out_ DWORD *pnMinNumberOfBytesNeeded) { if (pnBytesRead) { *pnBytesRead = 0; } if (pnMinNumberOfBytesNeeded) { *pnMinNumberOfBytesNeeded= 0; } return TRUE; } #ifdef __cplusplus } #endif /* __cplusplus */ #endif // WIN_IOT
fdoData = FdoGetData(WdfWmiInstanceGetDevice(WmiInstance)); // // We will update only writable elements. // BusEnumDebugLevel = fdoData->StdToasterBusData.DebugPrintLevel = ((PTOASTER_BUS_WMI_STD_DATA)InBuffer)->DebugPrintLevel; return STATUS_SUCCESS; } NTSTATUS Bus_EvtStdDataQueryInstance( _In_ WDFWMIINSTANCE WmiInstance, _In_ ULONG OutBufferSize, _Out_writes_bytes_to_(OutBufferSize, *BufferUsed) PVOID OutBuffer, _Out_ PULONG BufferUsed ) /*++ Routine Description: This routine is a callback into the driver to set for the contents of a wmi instance Arguments: WmiInstance is the instance being set OutBufferSize on has the maximum size available to write the data block.
// plug-ins. Of particular note in this sample is that to get a handle // the IPrintCoreHelper plug-in in the PublishDriverInterface callback, // this routine must return OEMPUBLISH_IPRINTCOREHELPER in the out // parameter when the mode is OEMGI_GETREQUESTEDHELPERINTERFACES. // // Returns: // S_OK for supported modes, E_FAIL for everything else. // // //---------------------------------------------------------------------------- HRESULT __stdcall COemUI2::GetInfo( _In_ DWORD dwMode, // The mode indicates what information is being requested by the // core driver. _Out_writes_bytes_to_(cbSize, *pcbNeeded) PVOID pBuffer, // The output buffer is the location into which the requested info // should be written _In_ DWORD cbSize, // The size of the output buffer. _Out_ PDWORD pcbNeeded // If the size of the buffer is insufficient, use this parameter // to indicate to the core driver how much space is required. ) { HRESULT hrResult = S_OK; #if DBG PWSTR pszTag; switch(dwMode)
#include "stdafx.h" #include "injector.h" #include <tlhelp32.h> BOOL WINAPI ReadProcessMemoryEx(_In_ HANDLE hProcess, _In_ LPCVOID lpBaseAddress, _Out_writes_bytes_to_(nSize, *lpNumberOfBytesRead) LPVOID lpBuffer, _In_ SIZE_T nSize, _Out_opt_ SIZE_T * lpNumberOfBytesRead) { MEMORY_BASIC_INFORMATION mbi; DWORD flOldProtect; if (VirtualQueryEx(hProcess, lpBaseAddress, &mbi, sizeof(MEMORY_BASIC_INFORMATION)) != sizeof(MEMORY_BASIC_INFORMATION)) { _tprintf(TEXT("VirtualQueryEx errorcode = %d\n"), GetLastError()); return FALSE; } if (!mbi.Protect || (mbi.Protect & PAGE_GUARD)) return FALSE; if (!(mbi.Protect & PAGE_READONLY)) { if (!VirtualProtectEx(hProcess, mbi.BaseAddress, mbi.RegionSize, PAGE_READONLY, &flOldProtect)) return FALSE; ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead);
End: if (wsaErr != 0) { WSASetLastError(wsaErr); return SOCKET_ERROR; } return NO_ERROR; } INT WSAAPI mwsNSPIoCtl(_In_ HANDLE hLookup, _In_ DWORD dwControlCode, _In_reads_bytes_(cbInBuffer) LPVOID lpvInBuffer, _In_ DWORD cbInBuffer, _Out_writes_bytes_to_(cbOutBuffer, *lpcbBytesReturned) LPVOID lpvOutBuffer, _In_ DWORD cbOutBuffer, _Out_ LPDWORD lpcbBytesReturned, _In_opt_ LPWSACOMPLETION lpCompletion, _In_ LPWSATHREADID lpThreadId) { WSASetLastError(ERROR_CALL_NOT_IMPLEMENTED); return ERROR_CALL_NOT_IMPLEMENTED; } INT WSAAPI mwsNSPLookupServiceEnd(_In_ HANDLE hLookup) { PWSHANDLEINTERN pLook; HANDLE hHeap;
--*/ { KIRQL oldIrql; KeAcquireSpinLock(&MiniFSWatcherData.OutputBufferLock, &oldIrql); InsertTailList(&MiniFSWatcherData.OutputBufferList, &RecordList->List); KeReleaseSpinLock(&MiniFSWatcherData.OutputBufferLock, oldIrql); } NTSTATUS SpyGetLog ( _Out_writes_bytes_to_(OutputBufferLength,*ReturnOutputBufferLength) PUCHAR OutputBuffer, _In_ ULONG OutputBufferLength, _Out_ PULONG ReturnOutputBufferLength ) /*++ Routine Description: This function fills OutputBuffer with as many LOG_RECORDs as possible. The LOG_RECORDs are variable sizes and are tightly packed in the OutputBuffer. NOTE: This code must be NON-PAGED because it uses a spin-lock. Arguments: OutputBuffer - The user's buffer to fill with the log data we have collected
* - Deserializes pBuffer into an IPortableDeviceValues which holds the command * input parameters from the WPD application. * - Creates an IPortableDeviceValues for the results. * - Calls the WpdBaseDriver to handle the message. (The results of this * operation are put into the previously created results IPortableDeviceValues.) * - The results IPortableDeviceValues is then serialized back into pBuffer, making * sure that it does not overrun ulOutputBufferLength. * *****************************************************************************/ HRESULT CQueue::ProcessWpdMessage( ULONG ControlCode, _In_ ContextMap* pClientContextMap, _In_ IWDFDevice* pDevice, _In_reads_bytes_(ulInputBufferLength) PVOID pInBuffer, ULONG ulInputBufferLength, _Out_writes_bytes_to_(ulOutputBufferLength, *pdwBytesWritten) PVOID pOutBuffer, ULONG ulOutputBufferLength, _Out_ DWORD* pdwBytesWritten) { HRESULT hr = S_OK; CComPtr<IPortableDeviceValues> pParams; CComPtr<IPortableDeviceValues> pResults; CComPtr<WpdBaseDriver> pWpdBaseDriver; *pdwBytesWritten = 0; if (hr == S_OK) { hr = m_pWpdSerializer->GetIPortableDeviceValuesFromBuffer((BYTE*)pInBuffer, ulInputBufferLength, &pParams);
#include "stdafx.h" #include "http_private.h" #include "SecureServerSocket.h" #include "RequestQueue.h" #ifdef _DEBUG #define new DEBUG_NEW #undef THIS_FILE static char THIS_FILE[] = __FILE__; #endif ULONG WINAPI HttpReceiveClientCertificate(IN HANDLE RequestQueueHandle ,IN HTTP_CONNECTION_ID ConnectionId ,IN ULONG Flags ,_Out_writes_bytes_to_(SslClientCertInfoSize, *BytesReceived) PHTTP_SSL_CLIENT_CERT_INFO SslClientCertInfo ,IN ULONG SslClientCertInfoSize ,_Out_opt_ PULONG BytesReceived ,IN LPOVERLAPPED Overlapped OPTIONAL) { // Overlapped I/O not implemented yet if(Overlapped) { return ERROR_IMPLEMENTATION_LIMIT; } // Need pointers and bytes if(SslClientCertInfo == nullptr || SslClientCertInfoSize == 0 || BytesReceived == nullptr) { return ERROR_INVALID_PARAMETER; }
if (!Hive) { Hive = &g_Hives[0]; } HiveAddress = Hive->HivePtr; } return ExtRemoteTyped("(nt!_HHIVE *)@$extin", HiveAddress); } BOOL RegGetKeyValue( _In_ PWSTR FullKeyPath, _In_ PWSTR ValueName, _Out_writes_bytes_to_(DataLength, *pDataLength) PVOID Data, _In_ ULONG DataLength, _Out_range_(0, DataLength) PULONG pValueLength ) { BOOL Status = FALSE; ULONG ValueLength = 0; ZeroMemory(Data, DataLength); try { ExtRemoteTyped CmHive = GetHive(FullKeyPath); ExtRemoteTyped KeyNode = GetKeyNode(FullKeyPath); ULONG ValuesCount = KeyNode.Field("ValueList").Field("Count").GetUlong();