| View previous topic :: View next topic |
| Author |
Message |
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
 Posted: Fri Aug 22, 2008 10:57 am Post subject: Rpm Driver. Can some1 check... >.> |
 |
|
I just made a rpm driver. So can some1 check it. I dun wanna get bsod.
Here:
| Code: | #include <ntddk.h>
//Declares
#define IOCTL_READMEMORY CTL_CODE(IOCTL_UNKNOWN_BASE, 0x0870, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
#define IOCTL_WRITEMEMORY CTL_CODE(IOCTL_UNKNOWN_BASE, 0x0871, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
void UnloadDriver(PDRIVER_OBJECT DriverObject);
NTSTATUS MJDeviceControl(IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp);
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath){
DriverObject->DriverUnload = UnloadDriver;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = MJDeviceControl;
return STATUS_SUCCESS;
}
NTSTATUS MJDeviceControl(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
NTSTATUS ntStatus;
PIO_STACK_LOCATION irpStack = IoGetCurrentIrpStackLocation(Irp);
switch(irpStack->Parameters.DeviceIoControl.IoControlCode)
{
case IOCTL_READMEMORY:
__try
{
struct input
{
UINT_PTR processid;
char *startaddress;
unsigned short int bytestoread;
} *pinp,inp;
PEPROCESS selectedprocess;
pinp=Irp->AssociatedIrp.SystemBuffer;
ntStatus=ReadProcessMemory(pinp->processid+7,NULL,pinp->startaddress,pinp->bytestoread,pinp) ? STATUS_SUCCESS : STATUS_UNSUCCESSFUL;
}
__except(1)
{
ntStatus = STATUS_UNSUCCESSFUL;
};
break;
default:
break;
}
Irp->IoStatus.Status = ntStatus;
if(ntStatus == STATUS_SUCCESS)
Irp->IoStatus.Information = irpStack->Parameters.DeviceIoControl.OutputBufferLength;
else
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return ntStatus;
}
}
void UnloadDriver(PDRIVER_OBJECT DriverObject)
{
IoDeleteDevice(DriverObject->DeviceObject);
} |
And yes I suck like crap at C.
An yes. When Im calling rpm, I will go processid-7
And yes. I did rip it from ce. But I modifyed it a bit O.O
Last edited by dnsi0 on Fri Aug 22, 2008 11:06 am; edited 1 time in total |
|
| Back to top |
|
 |
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Fri Aug 22, 2008 11:01 am Post subject: |
|
|
Nice job ripping that directly from the CE Driver 
I think you should learn a bit more about driver programing...
I don't think it'll BSOD, but you should know what your doing before attempting any kernel shit.
Btw, I don't see any ReadProcessMemory function in there.... And if your using CE's, it won't work if your looking to use it on something like MapleStory or something with a protection, as GameGuard hooks KeAttachProcess, KiAttachProcess and KiMoveAcpState.
For Testing drivers just use a virtual machine, that way you never have to really worry about your own system.
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Fri Aug 22, 2008 11:03 am Post subject: |
|
|
| Yea. I did. But I modifyed it so that you don't need all teh otehr crap for it to work.
|
|
| Back to top |
|
|
GMZorita
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 21 Mar 2007
Posts: 1361
|
| Posted: Fri Aug 22, 2008 11:04 am Post subject: |
|
|
If you made it yourself you should be able to test it yourself.
Don't waste somebody else time for you.
And don't even expect that someone will try it for you.
_________________
Gone |
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Fri Aug 22, 2008 11:05 am Post subject: |
|
|
| GMZorita wrote: | If you made it yourself you should be able to test it yourself.
Don't waste somebody else time for you.
And don't even expect that someone will try it for you. |
Im too lazy to install a vm 
|
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Fri Aug 22, 2008 11:06 am Post subject: |
|
|
| dnsi0 wrote: | | GMZorita wrote: | If you made it yourself you should be able to test it yourself.
Don't waste somebody else time for you.
And don't even expect that someone will try it for you. |
Im too lazy to install a vm |
Then give up on driver programming. 
If your to lazy to simply install a virtual machine to test your own drivers then you shouldn't be making drivers at all.
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Fri Aug 22, 2008 11:06 am Post subject: |
|
|
| Really. I cant seem to find a good one. Recomand one?
|
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Fri Aug 22, 2008 11:07 am Post subject: |
|
|
| dnsi0 wrote: | | Really. I cant seem to find a good one. Recomand one? |
VMWare Workstation
_________________
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Fri Aug 22, 2008 3:56 pm Post subject: |
|
|
| Add KeBugCheck(0); after driver entry for 1337 hax.
|
|
| Back to top |
|
|
pkedpker
Master Cheater
![]() Reputation: 1
Joined: 11 Oct 2006
Posts: 412
|
| Posted: Fri Aug 22, 2008 4:17 pm Post subject: |
|
|
who cares about bsod?? just reboot computer wow big deal?
_________________
|
|
| Back to top |
|
|
DeviantGeek
Newbie cheater
![]() Reputation: 0
Joined: 30 Apr 2006
Posts: 20
Location: 127.0.0.1
|
| Posted: Fri Aug 22, 2008 8:21 pm Post subject: |
|
|
| this probably wont even compile. you gotta remember your working in kernel mode. ReadProcessMemory isnt available in kernel last i checked. gotta use the Mm series of functions
|
|
| Back to top |
|
|
sponge
I'm a spammer
 Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Fri Aug 22, 2008 8:36 pm Post subject: |
|
|
NtReadVirtualMemory.
_________________
|
|
| Back to top |
|
|
Noz3001
I'm a spammer
 Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Sat Aug 23, 2008 4:11 am Post subject: |
|
|
| sponge wrote: | | NtReadVirtualMemory. |
ZwReadVirtualMemory 
This is 100% ripped from ce source XD.
PS: You forgot to rip the actual function! lolol
|
|
| Back to top |
|
|
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
| Posted: Sat Aug 23, 2008 6:57 am Post subject: |
|
|
| Same thing... Zw* calls the Nt* functions.
|
|
| Back to top |
|
|
Noz3001
I'm a spammer
Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Sat Aug 23, 2008 10:08 am Post subject: |
|
|
| rapion124 wrote: | | Same thing... Zw* calls the Nt* functions. |
Uhh, I know...
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
