You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 lines
1.5 KiB
57 lines
1.5 KiB
#include <iostream>
|
|
#include "hook.hpp"
|
|
|
|
namespace shithook
|
|
{
|
|
static BOOL h_device_io_control(
|
|
HANDLE hDevice,
|
|
DWORD dwIoControlCode,
|
|
LPVOID lpInBuffer,
|
|
DWORD nInBufferSize,
|
|
LPVOID lpOutBuffer,
|
|
DWORD nOutBufferSize,
|
|
LPDWORD lpBytesReturned,
|
|
LPOVERLAPPED lpOverlapped
|
|
)
|
|
{
|
|
switch (dwIoControlCode)
|
|
{
|
|
case 0x2248D2:
|
|
std::cout << std::endl << "[IOCTL] Testing communication" << std::endl;
|
|
break;
|
|
case 0x224DCA:
|
|
std::cout << std::endl << "[IOCTL] Read data (MmCopyVirtualMemory)" << std::endl;
|
|
break;
|
|
case 0x225CC1:
|
|
std::cout << std::endl << "[IOCTL] Write data (MmCopyVirtualMemory)" << std::endl;
|
|
break;
|
|
case 0x224986:
|
|
std::cout << std::endl << "[IOCTL] Allocate Virtual Memory (MmMapLockedPagesSpecifyCache, ZwOpenProcess, ZwAllocateVirtualMemory)" << std::endl;
|
|
break;
|
|
case 0x235C42:
|
|
std::cout << std::endl << "[IOCTL] Spoofer (Pasted from hwid)" << std::endl;
|
|
break;
|
|
default:
|
|
std::cout << "[-] unknown ioctl code " << std::showbase << std::hex << dwIoControlCode << std::endl;
|
|
}
|
|
|
|
std::cout << "[+] buffer size: " << nInBufferSize << std::endl;
|
|
|
|
for (auto idx = 0u; idx < nInBufferSize; ++idx)
|
|
printf("0x%x ", ((uint8_t*)lpInBuffer)[idx]);
|
|
|
|
hook::disable(&DeviceIoControl);
|
|
bool result = DeviceIoControl(
|
|
hDevice,
|
|
dwIoControlCode,
|
|
lpInBuffer,
|
|
nInBufferSize,
|
|
lpOutBuffer,
|
|
nOutBufferSize,
|
|
lpBytesReturned,
|
|
lpOverlapped
|
|
);
|
|
hook::enable(&DeviceIoControl);
|
|
return result;
|
|
}
|
|
} |