A usage example of DeviceIoCteatol in C++
- 2020-04-02 02:53:22
- OfStack
This article is a translation of an example of DeviceIoCteatol in C++. Share with you for your reference. Specific methods are as follows:
The application code is as follows:
DWORD dwBytesReturned = 0;
BYTE bytBuffer_1[512];
BYTE bytBuffer_2[512];
CHAR string[2048];
HANDLE hDevice, hDriver;
BOOL bRet;
bRet = DeviceIoControl(hDriver, IOCTL_WRITE, (LPVOID)bytBuffer_1, 512,
NULL, 0, &dwBytesReturned, NULL);
if(bRet == FALSE)
{
printf("nFailed - DeviceIoControl - IOCTL_WRITE.n");
return 0;
}
printf("nWrite MBR using I/O port operations...n");
bRet = ReadFile(hDevice, (LPVOID)bytBuffer_1, 512, &dwBytesReturned, NULL);
if(bRet == FALSE)
{
printf("nFailed - ReadFile - the second one.n");
return 0;
}
printf("nRead MBR using the ReadFile function...n");
printf("- - - - - - - - - - - - - - - - - - - - - - - - - - - -");
sprintf(string, "n");
for(DWORD n = 0; n < 512; n++)
{
sprintf(string, "%s %02X", string, bytBuffer_1[n]);
if(((n + 1) % 16) == 0)
sprintf(string, "%sn", string);
if(((n + 1) % 16) == 8)
sprintf(string, "%s -", string);
}
printf("%s", string);
printf("- - - - - - - - - - - - - - - - - - - - - - - - - - - -");
bRet = DeviceIoControl(hDriver, IOCTL_READ, NULL, 0, (LPVOID)bytBuffer_2, 512,
&dwBytesReturned, NULL);
if(bRet == FALSE)
{
printf("nFailed - DeviceIoControl - IOCTL_READ - the second one.n");
return 0;
}
printf("nRead MBR using I/O port operations...n");
printf("- - - - - - - - - - - - - - - - - - - - - - - - - - - -");
sprintf(string, "n");
for(DWORD t = 0; t < 512; t++)
{
sprintf(string, "%s %02X", string, bytBuffer_2[t]);
if(((t + 1) % 16) == 0)
sprintf(string, "%sn", string);
if(((t + 1) % 16) == 8)
sprintf(string, "%s -", string);
}
printf("%s", string);
printf("- - - - - - - - - - - - - - - - - - - - - - - - - - - -");
printf("nSucceed - Kill HDDGMon.n");
return 1;
}
The driver code is as follows:
#include <ntddk.h>
#define DEVICE_NAME L"\Device\KillHDDGMon"
#define LINK_NAME L"\DosDevices\KillHDDGMon"
#define IOCTL_WRITE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_READ CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS)
VOID Unload(
__in struct _DRIVER_OBJECT *DriverObject
)
{
UNICODE_STRING ustrLinkName;
DbgPrint("Driver Unload.....");
RtlInitUnicodeString(&ustrLinkName, LINK_NAME);
IoDeleteSymbolicLink(&ustrLinkName);
IoDeleteDevice(DriverObject->DeviceObject);
}
NTSTATUS DispatchCreateClose(
__inout struct _DEVICE_OBJECT *DeviceObject,
__inout struct _IRP *Irp
)
{
NTSTATUS status = STATUS_SUCCESS;
KdPrint(("Dispatch CreateClose..."));
Irp->IoStatus.Status = status;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return status;
}
NTSTATUS DispatchIoctl(
__inout struct _DEVICE_OBJECT *DeviceObject,
__inout struct _IRP *Irp
)
{
NTSTATUS status = STATUS_SUCCESS;
PIO_STACK_LOCATION pIrpStack;
ULONG outSize;
ULONG IoControlCode;
PVOID pIoBuffer;
KdPrint(("Dispatch Ioctl..."));
pIoBuffer = Irp->AssociatedIrp.SystemBuffer;
pIrpStack = IoGetCurrentIrpStackLocation(Irp);
outSize = pIrpStack->Parameters.DeviceIoControl.OutputBufferLength;
IoControlCode = pIrpStack->Parameters.DeviceIoControl.IoControlCode;
switch (IoControlCode)
{
case IOCTL_WRITE:
__asm
{
push eax
push edx
//---------------------------------------------------
//The following code USES the I/O port to write the main boot area & NBSP; < br / >
mov dx,1f6h //The disk number and head number & PI to read in; < br / >
mov al,0a0h //Disk 0, head 0& PI; < br / >
out dx,al
mov dx,1f2h //Number of sectors to write < br / >
mov al,1 //Write a sector & NBSP; < br / >
out dx,al
mov dx,1f3h //The number of the sector to write & NBSP; < br / >
mov al,1 //Write 1 sector & NBSP; < br / >
out dx,al
mov dx,1f4h //The lower 8 digits of the cylinder to be written & cake; < br / >
mov al,0 //The lower 8 bits are 0& PI; < br / >
out dx,al
mov dx,1f5h //The height of the cylinder to be written is 2 PI & PI; < br / >
mov al,0 //The higher two bits are 0& PI; < br / >
out dx,al
mov dx,1f7h //Command port & NBSP; < br / >
mov al,30h //Try sectors & NBSP; < br / >
out dx,al
still_going_1:
in al,dx
test al,8 //If the sector buffer is not ready it jumps and does not execute down until it is ready. < br / >
jz still_going_1
pop edx
pop eax
}
WRITE_PORT_BUFFER_USHORT((PUSHORT)0x1f0, (PUSHORT)pIoBuffer, 256);
status = STATUS_SUCCESS;
break;
case IOCTL_READ:
if (outSize >= 512)
{
__asm
{
push eax
push edx
//---------------------------------------------------
//The following code USES the I/O port to read the main boot area & NBSP; < br / >
mov dx,1f6h //The disk number and head number & PI to read in; < br / >
mov al,0a0h //Disk 0, head 0& PI; < br / >
out dx,al
mov dx,1f2h //Number of sectors to read & NBSP; < br / >
mov al,1 //Read a sector & NBSP; < br / >
out dx,al
mov dx,1f3h //Sector number to read & cake; < br / >
mov al,1 //Sector number 1& NBSP; < br / >
out dx,al
mov dx,1f4h //The lower 8 digits of the cylinder to read & cake; < br / >
mov al,0 //The lowest 8 digits of the cylinder are 0& PI; < br / >
out dx,al
mov dx,1f5h //Cylinder height 2 & cake; < br / >
mov al,0 //The cylinder height is 2 bits 0 (we can be sure that the cylinder number used to read is 0 by ports 1F4H and 1F5H) & PI; < br / >
out dx,al
mov dx,1f7h //Command port & NBSP; < br / >
mov al,20h //Try to read sector & NBSP; < br / >
out dx,al
still_going_2:
in al,dx //Whether the sector buffer is ready & cake; < br / >
test al,8 //If the sector buffer is not ready, jump until it is ready. & have spent < br / >
jz still_going_2
/* mov cx,512/2 //Set the number of cycles (512/2)
mov di,offset buffer
mov dx,1f0h //
is a byte of data to be transmitted
rep insw //Transmitting data & NBSP; & have spent & have spent & have spent * / & have spent < br / >
//---------------------------------------------------
pop edx
pop eax
}
READ_PORT_BUFFER_USHORT((PUSHORT)0x1f0, (PUSHORT)pIoBuffer, 256);
status = STATUS_SUCCESS;
}
else
{
Irp->IoStatus.Information = 0;
status = STATUS_BUFFER_TOO_SMALL;
}
break;
}
Irp->IoStatus.Status = status;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return status;
}
NTSTATUS DriverEntry(
__in struct _DRIVER_OBJECT *DriverObject,
__in PUNICODE_STRING RegistryPath
)
{
NTSTATUS status = STATUS_SUCCESS;
UNICODE_STRING ustrDevName;
UNICODE_STRING ustrLinkName;
PDEVICE_OBJECT pDevObj=NULL;
DriverObject->DriverUnload = Unload;
DriverObject->MajorFunction[IRP_MJ_CREATE] = DispatchCreateClose;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = DispatchCreateClose;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchIoctl;
RtlInitUnicodeString(&ustrDevName, DEVICE_NAME);
status = IoCreateDevice(DriverObject, 0, &ustrDevName, FILE_DEVICE_UNKNOWN, 0,FALSE, &pDevObj);
if (!NT_SUCCESS(status))
{
return status;
}
RtlInitUnicodeString(&ustrLinkName, LINK_NAME);
status = IoCreateSymbolicLink(&ustrLinkName, &ustrDevName);
if (!NT_SUCCESS(status))
{
IoDeleteSymbolicLink(&ustrLinkName);
return status;
}
return status;
}
Hope that the article described in the C++ programming to help you.