Hmm i maybe stupid, but i cannot figure out how i have to combine the inputbuffer
Code:
BOOL requestDrv(PVOID inAdr, int inSz, PVOID outAdr, int outSz, long IOCtlReq)
i have to put the function number (in this case 16)
the offsert and the processname into that buffer at adr inAdr so that i can be extracted here:
Code:
...
pIOBuffer = (PULONG)pIrp->AssociatedIrp.SystemBuffer;
// Check to ensure input buffer is big enough to hold a port number and
// the output buffer is at least as big as the port data width.
// Used terms:
// VA - virtual address = normal address used in programs
// PA - physical address
//
// check input & output
nPort = *pIOBuffer; // Get read type
// return result
switch (nPort){
...
// first parameter (8 bytes) is still function (=16)
// second parameter (8 bytes) is offset of key
// third parameter (8 bytes) is process name up to 7 chars (0 at end)
if (InBufferSize<24) return STATUS_INVALID_PARAMETER;
cs= (char*) (pIOBuffer+2);
cs[7]=0; //Get Proc Name mx Len 7
pv=myFindProcess(cs); // find process, name in first param
nOut=0;
if (pv){
KeAttachProcess(pv); // attach to process
d32=myGetPA((DWORD32)*(pIOBuffer +1)); // first get PA for given VA. For myGetPA see case #13
nOut=myReadPA(d32); // then return result read from PA. For myReadPA see case #10
KeDetachProcess();
how is that buffer filled ?
any hints are greatly apreciated