HyperDbg Debugger
Loading...
Searching...
No Matches
Ioctl.c File Reference

IOCTL Functions form user mode and other parts. More...

#include "pch.h"

Functions

NTSTATUS DrvDispatchIoControl (PDEVICE_OBJECT DeviceObject, PIRP Irp)
 Driver IOCTL Dispatcher.

Detailed Description

IOCTL Functions form user mode and other parts.

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2020-06-01

Function Documentation

◆ DrvDispatchIoControl()

NTSTATUS DrvDispatchIoControl ( PDEVICE_OBJECT DeviceObject,
PIRP Irp )

Driver IOCTL Dispatcher.

Parameters
DeviceObject
Irp
Returns
NTSTATUS
24{
25 PIO_STACK_LOCATION IrpStack;
26 PREGISTER_NOTIFY_BUFFER RegisterEventRequest;
27 NTSTATUS Status;
28
29 UNREFERENCED_PARAMETER(DeviceObject);
30
31 //
32 // Here's the best place to see if there is any allocation pending
33 // to be allcated as we're in PASSIVE_LEVEL
34 //
35 // DO NOT CHANGE CALLING OF THE FOLLOWING FUNCTION
36 //
37 // PoolManagerCheckAndPerformAllocationAndDeallocation();
38
40 {
41 IrpStack = IoGetCurrentIrpStackLocation(Irp);
42
43 switch (IrpStack->Parameters.DeviceIoControl.IoControlCode)
44 {
46
47 //
48 // First validate the parameters.
49 //
50 if (IrpStack->Parameters.DeviceIoControl.InputBufferLength < SIZEOF_REGISTER_EVENT || Irp->AssociatedIrp.SystemBuffer == NULL)
51 {
52 Status = STATUS_INVALID_PARAMETER;
53 LogError("Err, invalid parameter to IOCTL dispatcher");
54 break;
55 }
56
57 //
58 // IRPs supply a pointer to a buffer at Irp->AssociatedIrp.SystemBuffer.
59 // This buffer represents both the input buffer and the output buffer that
60 // are specified in calls to DeviceIoControl
61 //
62 RegisterEventRequest = (PREGISTER_NOTIFY_BUFFER)Irp->AssociatedIrp.SystemBuffer;
63
64 switch (RegisterEventRequest->Type)
65 {
66 case IRP_BASED:
67
69
70 break;
71 case EVENT_BASED:
72
74 {
75 Status = STATUS_SUCCESS;
76 }
77 else
78 {
79 Status = STATUS_UNSUCCESSFUL;
80 }
81
82 break;
83 default:
84 LogError("Err, unknown notification type from user-mode");
85 Status = STATUS_INVALID_PARAMETER;
86 break;
87 }
88 break;
89
90 default:
91 LogError("Err, unknown IOCTL");
92 Status = STATUS_NOT_IMPLEMENTED;
93 break;
94 }
95 }
96 else
97 {
98 //
99 // We're no longer serve IOCTL
100 //
101 Status = STATUS_SUCCESS;
102 }
103
104 if (Status != STATUS_PENDING)
105 {
106 Irp->IoStatus.Status = Status;
107
108 IoCompleteRequest(Irp, IO_NO_INCREMENT);
109 }
110
111 return Status;
112}
#define STATUS_UNSUCCESSFUL
Definition Windows.h:172
void * PVOID
Definition BasicTypes.h:56
struct _REGISTER_NOTIFY_BUFFER * PREGISTER_NOTIFY_BUFFER
@ EVENT_BASED
Definition DataTypes.h:288
@ IRP_BASED
Definition DataTypes.h:287
#define SIZEOF_REGISTER_EVENT
Definition Events.h:438
#define IOCTL_REGISTER_EVENT
ioctl, register a new event
Definition Ioctls.h:114
IMPORT_EXPORT_HYPERLOG BOOLEAN LogRegisterEventBasedNotification(PVOID TargetIrp)
Create an event-based usermode notifying mechanism.
Definition Logging.c:1594
IMPORT_EXPORT_HYPERLOG BOOLEAN LogRegisterIrpBasedNotification(PVOID TargetIrp, LONG *Status)
Register a new IRP Pending thread which listens for new buffers.
Definition Logging.c:1475
#define LogError(format,...)
Log in the case of error.
Definition HyperDbgHyperLogIntrinsics.h:113
BOOLEAN g_VmmInitialized
Shows whether the VMM is initialized or not.
Definition Global.h:24
NOTIFY_TYPE Type
Definition DataTypes.h:312