Skip to content

Commit

Permalink
v 1.3.1
Browse files Browse the repository at this point in the history 
Snapshot 14 Apr 2023
  • Loading branch information
@hfiref0x
hfiref0x committed Apr 17, 2023
1 parent 58b0cec commit bb97966
Show file tree
Hide file tree
Showing 16 changed files with 502 additions and 385 deletions.
28 changes: 14 additions & 14 deletions KDU.sha256
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ ea0d8d42a5e7d7fb908c52351f99c69f2019c105d07a1f536756691ab2a74174 *Source\Hamakaz
888a436b666b00592d29e8a2e82a9b5c7f0c1d4890aaab8cb2f623181ad07092 *Source\Hamakaze\ipcsvc.h
a29f7dd29a464e1e044afd94791a5d51c7f69ba7c30af0bf7973178e013d1028 *Source\Hamakaze\KDU.vcxproj
55f3a6393ae677fc99380250728e5f068a98eeccea68a68610482056a5f3fbb2 *Source\Hamakaze\KDU.vcxproj.filters
4b4891c7915e25ca6f58cb0d5a6b2e8c73484c73921d4ef699abbb7bd98494ec *Source\Hamakaze\KDU.vcxproj.user
2b23e54f534686163cb13717df7ab939c5adfb21d15d791298d36a72cbc5c11d *Source\Hamakaze\KDU.vcxproj.user
a76a917502286d6a7fc36127d1f880b7facb8d882c3defcb758162c223093a37 *Source\Hamakaze\kduplist.h
0d45b44d55d3986f8dfca4528c54597cfbc7b120166d9f3d526a22b530ff4480 *Source\Hamakaze\kduprov.cpp
13a842b3bc62995ab8071ae56df74065d6a1388fcda66884012c6d8addb94055 *Source\Hamakaze\kduprov.h
Expand All @@ -46,13 +46,13 @@ eaeb06030f296d1147869dc65254a990425033b64e654f5d0e1c1408eebc2d93 *Source\Hamakaz
eb15810b52b16482f3a3a679fbeed102257bfa0416243e74fce5b634daf9b074 *Source\Hamakaze\ps.h
6ab34cc400e37c37605e0b04b076f9464172c6e1ae749b19f7d0c73f2d7177e3 *Source\Hamakaze\resource.h
f02b459bbc24380e6d2e2d80dfd0372a706f9c8c2f75df939ffbd5f7d6826dda *Source\Hamakaze\resource.rc
a96ea46fac8d9c25c370aebd19a262c3277fc4bdf81043c043078f012971a7dd *Source\Hamakaze\shellcode.cpp
a6f3ec0bc0beb0ef152a2a33ca5cbd27bf538316ddf90545b31cd5a78114d6ec *Source\Hamakaze\shellcode.cpp
87c7274c6e821eb447ec87b63b0a058c59f0e64f0c109cfc1d529fb8e2f25150 *Source\Hamakaze\shellcode.h
5428b9eb02810dbc4bfd715ec657ee35a5e61e53079c65f05e1eea4f8a6fa4a0 *Source\Hamakaze\shellmasm.asm
1bc7b331c4d2be8d2b7686fee741954aa7c44f9b63f2001d451bb9d4ac6c2b61 *Source\Hamakaze\shellstager.lst
879eea1c38c0c408e3634d0ed2eeae2b8b21e1040b4b0988ea4d802de0ecd21e *Source\Hamakaze\sig.h
fb13502ed0db29b9241a6b717cdfd95cfcf0521266bea2ec26a6eb743eb524a9 *Source\Hamakaze\sup.cpp
60396a1465a67894d1020e7558d1c553c5331e457ec1e5d0cb1015ef551d85fe *Source\Hamakaze\sup.h
a6160dbf3dd84af0331f665dfd1ec81dac0ce2ba54fe2911d98bd678f6c33377 *Source\Hamakaze\sup.cpp
58a79fa6ab7e4787e0fc58176d8ec0305552223305945de454992741a6bdde11 *Source\Hamakaze\sup.h
d19e67019fc5666a80a153991ec3d2ac3a7e8dbe088dd9ff93d3e0d0ced91cde *Source\Hamakaze\sym.cpp
292efaabf3f6223761aef1fc418ec98108fb529c7260d9d4a72715378c6b7547 *Source\Hamakaze\sym.h
feeeb953ad589ad1d056b406848f810fe8ac069ed232b9d91a946b1a9dc2ff7e *Source\Hamakaze\tests.cpp
Expand All @@ -64,19 +64,19 @@ ad77ae168188a9748713ab5f7532447ca50a539fa8ebbec5ac86b273696b028e *Source\Hamakaz
fd5b39e2865e12b9525ebda8fd9e9658b341ead5932d1bcb412a189f81ca42ca *Source\Hamakaze\hde\hde64.h
9d37519623d404987300d3f3258148ba9adddfe1bed5f89a0e9e47646819c9c7 *Source\Hamakaze\hde\pstdint.h
0b6c69ad498e67907e0c574ab06123aee4ec30c99fa181099ea929a8d820bfc1 *Source\Hamakaze\hde\table64.h
76295f1463903ba5ed48ec7e04bb7c43ec4f0b76f112141aedcdbc6cc3355039 *Source\Hamakaze\idrv\alcpu.cpp
e2a05d3c5c316ce6ad5fb8439508803a23f2c1cf5c5b7835a4276b5795cf0ef4 *Source\Hamakaze\idrv\alcpu.cpp
98a21df59cb881c1029a8a6c1ad30c9481075c2e4b1fb43969ee6607816b9c9f *Source\Hamakaze\idrv\alcpu.h
de5286bda6dd23940fb2cc0f0e5d3cd12bad73ffdcf30259bc254047a5f1142f *Source\Hamakaze\idrv\asrdrv.cpp
1c2c5b6a7addf3389a6dee6b11e4a4648d403e9c456008ecefbc79deaa34afae *Source\Hamakaze\idrv\asrdrv.h
b1350783a851e6345b880c8a5313e871d2249aa5524f41406c52fa62483f2229 *Source\Hamakaze\idrv\atszio.cpp
015a6aff991174a881650c61fe1b28c5bfe3116a02a32abe5295ff389c5b7099 *Source\Hamakaze\idrv\atszio.h
498cbec6087b80ff01a3600221b27edd69db7debd6b6194a876a84af2ef5bee1 *Source\Hamakaze\idrv\dbk.cpp
24f81b4fdc1b924a36c981fb175b2dccebd7d029d6caed85fb731b74b22c7386 *Source\Hamakaze\idrv\dbk.h
92d715b1e03c9f7c14aaac7ed3cc565c4dba2586134aa32eb080284fce36ddbf *Source\Hamakaze\idrv\dell.cpp
8c61e22c624b7fce32fdb1c7fd3075c9d9ac5eb4f0ad3370f575f5af47a4d7c7 *Source\Hamakaze\idrv\dell.cpp
1d864cc688e8a2c38da6b94019f7efba771a0e0b7f68e1c3f8700b8caa76dda0 *Source\Hamakaze\idrv\dell.h
791a4d40f3f5076d0e6ed47e7db972f448ccc78ca578c35f11db637962c868a5 *Source\Hamakaze\idrv\directio64.cpp
73a97fa34df9c0733981536f2079d1eab89bfaf36b4c5d0003cb87d504764ec3 *Source\Hamakaze\idrv\directio64.h
65c53a700fff2f766420a7e0612446aed7ef8f04fd44162ff73c0ba7e3581d77 *Source\Hamakaze\idrv\gmer.cpp
e8d7c1c93512be4dd846d6c401c8135ae291354db99c926942176017db56bc91 *Source\Hamakaze\idrv\gmer.cpp
89d1cfb34afec23dbda6f40030a95386e9bbbc395666e2c0a3d066dc2fa8b0b8 *Source\Hamakaze\idrv\gmer.h
865bba446ad9f202f2bea58aec4cf48fa87448105dee2fb69caab37ec54f66e8 *Source\Hamakaze\idrv\hilscher.cpp
db94f36f0d3b946500352ab07393994f0a09e2737a63e1cdbedd3da16c72cb2d *Source\Hamakaze\idrv\hilscher.h
Expand All @@ -85,29 +85,29 @@ ae9dd179c7fdc2b1a4741399e64fa9d4a13d22b7fad45cedea9ce285fe7399ea *Source\Hamakaz
f3c889ede5142f88b54d3e5e973b46f0fb897d306695de82df9c683f72774fb8 *Source\Hamakaze\idrv\ldrsc.h
513a4821cd2ed1f2e8a1cf5566f46c82000baaa01fe08b3d8b3707442a3776c9 *Source\Hamakaze\idrv\lenovo.cpp
bde727787cee5122c4e2db9f9f8e67afda8d7ae3debea07516f92a792a103d48 *Source\Hamakaze\idrv\lenovo.h
8bcc062ab27f293c35df032340e761f18013d978fd3df33fbaca3a30a2726b5f *Source\Hamakaze\idrv\lha.cpp
895f9fbf94dad737f812de5be1fb0ab600f72d2c4b7b3d784bb14caaf62b7abc *Source\Hamakaze\idrv\lha.cpp
dcb5da7acb4997abbde8372a8daf74dae5727ca5cbf80b26876fdb4cb2a0bc08 *Source\Hamakaze\idrv\lha.h
cd54a9949aab0c5552c0defaef6b1a007e259b0b3e5ab8a3683ef0baa951a331 *Source\Hamakaze\idrv\mapmem.cpp
a03968ba9941a3ebb40de2a7e3f0f90aac6e0f750e72231a3570b6fe28c614a8 *Source\Hamakaze\idrv\mapmem.h
aa367663a843d7ca621a68a0490877b418a8b31afa11ad691e1f1af294c199dc *Source\Hamakaze\idrv\marvinhw.cpp
27c23f2e7eb5a6efceba108c2551c692f6317d03bff5563bb38d117d6699eeb4 *Source\Hamakaze\idrv\marvinhw.h
d281289e0cda5f4171e999bb1313aa235c54583aa8b0df3aa187af35b4ba2057 *Source\Hamakaze\idrv\mimidrv.cpp
395143a2f6451bc4f62a5a8f362e579e35bdc6de8f3fc4c6ab5f8bce946cd467 *Source\Hamakaze\idrv\mimidrv.h
ce53137a648e55c800e6641b9cb3bf9c148598bbb47972b947f4e4620ae61c9d *Source\Hamakaze\idrv\nal.cpp
2732060e740928d5976dc7ead49d9bf17be7fd09b98b303b2e328c9ce39a2480 *Source\Hamakaze\idrv\nal.cpp
5cb51cbc6d2b2e3174fc2ebbb713e32c34d4d367f299060f400dac331183d236 *Source\Hamakaze\idrv\nal.h
f9463d258e2528738ee749a86683079e8b870b8c84d292352952be207b9daff5 *Source\Hamakaze\idrv\phymem.cpp
399a9ced700381d0e3641f2d97a3e9f5dd59cbe22098ac9c0178454f9060d412 *Source\Hamakaze\idrv\phymem.h
0f30979d4ffbfa0d6b56fda86bfd8974b34d4acf5b4258be263a84b8d02c4ebe *Source\Hamakaze\idrv\procexp.cpp
8449d829c3285f5a22521fba0db1516c487818f901fd28939fc18fbc3da0eedb *Source\Hamakaze\idrv\procexp.h
bd0c80bc267d1fa0b423a453a22958a8b1ab1ede29291217cc045a9a877a347f *Source\Hamakaze\idrv\rtcore.cpp
08f75ea88874a507c132bafc412c88f9cc9862f78c238dcbd0cc480a04a438f4 *Source\Hamakaze\idrv\rtcore.h
7e3b832db9b2d83d706b854e30a5fc2619905f4e2187b948864bad75da55e92a *Source\Hamakaze\idrv\ryzen.cpp
8fca55a7ff95a1c230fec101938551ea6912a14345b6d39c849e5dcf9b6577eb *Source\Hamakaze\idrv\ryzen.cpp
653d97baf28622ea8ffa0fdc99c201343213ab0a7318caef012a8967cc51660c *Source\Hamakaze\idrv\ryzen.h
a0ed8a22c14b35bccd1ff0f45c8b23cad0f8c3af1d8e924caf4bfd63dfb02d89 *Source\Hamakaze\idrv\rzpnk.cpp
36ec0baeec7b61dbd9936507fcf1bf5aefec08e96ffe3bcb4883785ea2d9a542 *Source\Hamakaze\idrv\rzpnk.h
f5f39190e7aac79f20caa4d99f8e4db83e67441db83422c9c08749d46a38db8e *Source\Hamakaze\idrv\winio.cpp
35d01bbb1a19f50b23a201aef04c1ee718a137a5d9330b126645703bdd2d1514 *Source\Hamakaze\idrv\winio.cpp
d0e354d2f97e993e5e40fb6bb2b99b5bc753beb23f8213d44f99c0309210c1e8 *Source\Hamakaze\idrv\winio.h
21c357fab30206cb0942e2fbfef6716b2f315d3620827ee32db451a2ebbc3c7d *Source\Hamakaze\idrv\winring0.cpp
b3a7fc6cc6a5b33a71a7f043c9a649238de2f7755075a6f5c91c2a544c81f0d8 *Source\Hamakaze\idrv\winring0.cpp
103f50efe410f8668c40ddc68051ba49aa0ee1a5301cb54bc42991523c0edae9 *Source\Hamakaze\idrv\winring0.h
285c2c1c44e863142bd5d0606a2bc940fb0e444aa825a675d472860a0499d5e4 *Source\Hamakaze\idrv\zemana.cpp
da1ea3c2ceebfdc6e5c338461dc214798870a0d6aa16f7f23c045123fa450f71 *Source\Hamakaze\idrv\zemana.h
Expand Down Expand Up @@ -140,8 +140,8 @@ ef1b18997ea473ac8d516ef60efc64b9175418b8f078e088d783fdaef2544969 *Source\Shared\
0434d69daa20fbf87d829ffc17e43dcc2db3386aff434af888011fdec2f645a4 *Source\Shared\minirtl\_strncpy.c
8acab5c8b8b339bdaf8e7b7d06f2cd6b10d24f889ef92462e4e53abbc5dc5341 *Source\Shared\ntos\halamd64.h
ffac2569a1dd61c400cda45839c7314bdd99cfcb5c17d503807db34c168628d2 *Source\Shared\ntos\ntalpc.h
3e7447b7e1947ce73e6f1b98c3b9f15905e1a8306ff238197683a1372d91ba48 *Source\Shared\ntos\ntbuilds.h
7ffb25f7978b4a6caa874dfb406607320de94f43285b5a4e882c3676f0d6b795 *Source\Shared\ntos\ntos.h
edfa8fc4ae20deaa0f7843c15b51a80e5139d661f8c385f2b6d05863cd15c3bc *Source\Shared\ntos\ntbuilds.h
f6da2ee9a7ec2afa9bb10f22cecf315074a35d3191ec37e6043898d660d49211 *Source\Shared\ntos\ntos.h
978fc994fddd0302d469df4daefc5ff398a97da62bfabdafe50817916a97361a *Source\Shared\ntos\ntsup.c
572e137cf67f3bf6b5f2fefb4db04c713bd7e8d295d45abacddb5c920a1a0bce *Source\Shared\ntos\ntsup.h
261011d0ee9c2d2ee22dad2cdb45d66449b22b5a831fd60293f315c72968dd32 *Source\Shared\tinyaes\aes.c
Expand Down
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,7 @@ Using this program might crash your computer with BSOD. Compiled binary and sour
* KDU v1.2 release and the wonderful world of Microsoft incoherency, https://swapcontext.blogspot.com/2022/02/kdu-v12-release-and-wonderful-world-of.html
* How to exploit a vulnerable windows driver, https://github.com/stong/CVE-2020-15368
* CVE-2022-3699, https://github.com/alfarom256/CVE-2022-3699
* LOLDrivers, https://www.loldrivers.io

# Wormhole drivers code

Expand Down
2 changes: 1 addition & 1 deletion Source/Hamakaze/KDU.vcxproj.user
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LocalDebuggerCommandArguments>-test</LocalDebuggerCommandArguments>
<LocalDebuggerCommandArguments>-prv 30 -map c:\install\dummy.sys</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
</Project>
37 changes: 16 additions & 21 deletions Source/Hamakaze/idrv/alcpu.cpp
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2022
* (C) COPYRIGHT AUTHORS, 2022 - 2023
*
* TITLE: ALSYSIO64.CPP
*
* VERSION: 1.28
* VERSION: 1.31
*
* DATE: 01 Dec 2022
* DATE: 14 Apr 2023
*
* ALSYSIO64 driver routines.
*
Expand Down Expand Up @@ -70,29 +70,24 @@ BOOL WINAPI AlcWritePhysicalMemory(
value = FIELD_OFFSET(ALCPU_WRITE_REQUEST, Data) + NumberOfBytes;
size = ALIGN_UP_BY(value, PAGE_SIZE);

pRequest = (ALCPU_WRITE_REQUEST*)VirtualAlloc(NULL, size,
MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
pRequest = (ALCPU_WRITE_REQUEST*)supAllocateLockedMemory(size,
MEM_COMMIT | MEM_RESERVE,
PAGE_READWRITE);

if (pRequest) {

if (VirtualLock(pRequest, size)) {
pRequest->PhysicalAddress.QuadPart = PhysicalAddress;
pRequest->Size = NumberOfBytes;
RtlCopyMemory(&pRequest->Data, Buffer, NumberOfBytes);

pRequest->PhysicalAddress.QuadPart = PhysicalAddress;
pRequest->Size = NumberOfBytes;
RtlCopyMemory(&pRequest->Data, Buffer, NumberOfBytes);

bResult = supCallDriver(DeviceHandle,
IOCTL_ALCPU_WRITE_MEMORY,
pRequest,
(ULONG)size,
NULL,
0);

VirtualUnlock(pRequest, size);
}

VirtualFree(pRequest, 0, MEM_RELEASE);
bResult = supCallDriver(DeviceHandle,
IOCTL_ALCPU_WRITE_MEMORY,
pRequest,
(ULONG)size,
NULL,
0);

supFreeLockedMemory(pRequest, size);
}

return bResult;
Expand Down
158 changes: 71 additions & 87 deletions Source/Hamakaze/idrv/dell.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
*
* VERSION: 1.31
*
* DATE: 24 Mar 2023
* DATE: 14 Apr 2023
*
* Dell drivers routines.
*
Expand Down Expand Up @@ -132,35 +132,30 @@ BOOL WINAPI DbUtilReadVirtualMemory(

size = (SIZE_T)FIELD_OFFSET(DBUTIL_READWRITE_REQUEST, Data) + NumberOfBytes;

pRequest = (DBUTIL_READWRITE_REQUEST*)VirtualAlloc(NULL, size,
pRequest = (DBUTIL_READWRITE_REQUEST*)supAllocateLockedMemory(size,
MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);

if (pRequest) {

if (VirtualLock(pRequest, size)) {
pRequest->Unused = 0xDEADBEEF;
pRequest->VirtualAddress = VirtualAddress;
pRequest->Offset = 0;

pRequest->Unused = 0xDEADBEEF;
pRequest->VirtualAddress = VirtualAddress;
pRequest->Offset = 0;
bResult = supCallDriver(DeviceHandle,
IOCTL_DBUTIL_READVM,
pRequest,
(ULONG)size,
pRequest,
(ULONG)size);

bResult = supCallDriver(DeviceHandle,
IOCTL_DBUTIL_READVM,
pRequest,
(ULONG)size,
pRequest,
(ULONG)size);

if (!bResult) {
dwError = GetLastError();
}
else {
RtlCopyMemory(Buffer, pRequest->Data, NumberOfBytes);
}

VirtualUnlock(pRequest, size);
if (!bResult) {
dwError = GetLastError();
}
else {
RtlCopyMemory(Buffer, pRequest->Data, NumberOfBytes);
}

VirtualFree(pRequest, 0, MEM_RELEASE);
supFreeLockedMemory(pRequest, size);
}

SetLastError(dwError);
Expand Down Expand Up @@ -191,32 +186,27 @@ BOOL WINAPI DbUtilWriteVirtualMemory(

size = (SIZE_T)FIELD_OFFSET(DBUTIL_READWRITE_REQUEST, Data) + NumberOfBytes;

pRequest = (DBUTIL_READWRITE_REQUEST*)VirtualAlloc(NULL, size,
pRequest = (DBUTIL_READWRITE_REQUEST*)supAllocateLockedMemory(size,
MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);

if (pRequest) {

if (VirtualLock(pRequest, size)) {
pRequest->Unused = 0xDEADBEEF;
pRequest->VirtualAddress = VirtualAddress;
pRequest->Offset = 0;
RtlCopyMemory(&pRequest->Data, Buffer, NumberOfBytes);

pRequest->Unused = 0xDEADBEEF;
pRequest->VirtualAddress = VirtualAddress;
pRequest->Offset = 0;
RtlCopyMemory(&pRequest->Data, Buffer, NumberOfBytes);
bResult = supCallDriver(DeviceHandle,
IOCTL_DBUTIL_WRITEVM,
pRequest,
(ULONG)size,
pRequest,
(ULONG)size);

bResult = supCallDriver(DeviceHandle,
IOCTL_DBUTIL_WRITEVM,
pRequest,
(ULONG)size,
pRequest,
(ULONG)size);

if (!bResult)
dwError = GetLastError();

VirtualUnlock(pRequest, size);
}
if (!bResult)
dwError = GetLastError();

VirtualFree(pRequest, 0, MEM_RELEASE);
supFreeLockedMemory(pRequest, size);
}

SetLastError(dwError);
Expand Down Expand Up @@ -244,36 +234,33 @@ BOOL WINAPI DpdReadPhysicalMemory(
SIZE_T size;

size = sizeof(PCDCSRVC_READWRITE_REQUEST) + NumberOfBytes;
pvBuffer = (PVOID)VirtualAlloc(NULL, size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);

pvBuffer = (PVOID)supAllocateLockedMemory(size,
MEM_COMMIT | MEM_RESERVE,
PAGE_READWRITE);

if (pvBuffer) {

if (VirtualLock(pvBuffer, size)) {
request.PhysicalAddress.QuadPart = PhysicalAddress;
request.Size = NumberOfBytes;
request.Granularity = 0; //use direct memmove

bResult = supCallDriver(DeviceHandle,
IOCTL_PCDCSRVC_READPHYSMEM,
&request,
sizeof(PCDCSRVC_READWRITE_REQUEST),
pvBuffer,
NumberOfBytes);

request.PhysicalAddress.QuadPart = PhysicalAddress;
request.Size = NumberOfBytes;
request.Granularity = 0; //use direct memmove
if (bResult) {

bResult = supCallDriver(DeviceHandle,
IOCTL_PCDCSRVC_READPHYSMEM,
&request,
sizeof(PCDCSRVC_READWRITE_REQUEST),
RtlCopyMemory(Buffer,
pvBuffer,
NumberOfBytes);

if (bResult) {

RtlCopyMemory(Buffer,
pvBuffer,
NumberOfBytes);

}

VirtualUnlock(pvBuffer, size);
}

VirtualFree(pvBuffer, 0, MEM_RELEASE);

supFreeLockedMemory(pvBuffer, size);
}

return bResult;
Expand All @@ -298,36 +285,33 @@ BOOL WINAPI DpdWritePhysicalMemory(
SIZE_T size;

size = sizeof(PCDCSRVC_READWRITE_REQUEST) + NumberOfBytes;
pRequest = (PCDCSRVC_READWRITE_REQUEST*)VirtualAlloc(NULL, size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);

if (pRequest) {

if (VirtualLock(pRequest, size)) {

pRequest->PhysicalAddress.QuadPart = PhysicalAddress;
pRequest->Granularity = 0; //use direct memmove
pRequest->Size = NumberOfBytes;

//
// Append data buffer to the tail.
//
RtlCopyMemory(
RtlOffsetToPointer(pRequest, sizeof(PCDCSRVC_READWRITE_REQUEST)),
Buffer,
NumberOfBytes);
pRequest = (PCDCSRVC_READWRITE_REQUEST*)supAllocateLockedMemory(size,
MEM_COMMIT | MEM_RESERVE,
PAGE_READWRITE);

bResult = supCallDriver(DeviceHandle,
IOCTL_PCDCSRVC_WRITEPHYSMEM,
pRequest,
(ULONG)size,
NULL,
0);

VirtualUnlock(pRequest, size);
}
if (pRequest) {

VirtualFree(pRequest, 0, MEM_RELEASE);
pRequest->PhysicalAddress.QuadPart = PhysicalAddress;
pRequest->Granularity = 0; //use direct memmove
pRequest->Size = NumberOfBytes;

//
// Append data buffer to the tail.
//
RtlCopyMemory(
RtlOffsetToPointer(pRequest, sizeof(PCDCSRVC_READWRITE_REQUEST)),
Buffer,
NumberOfBytes);

bResult = supCallDriver(DeviceHandle,
IOCTL_PCDCSRVC_WRITEPHYSMEM,
pRequest,
(ULONG)size,
NULL,
0);

supFreeLockedMemory(pRequest, size);
}

return bResult;
Expand Down
Loading

0 comments on commit bb97966

Please sign in to comment.