Jump to content
Tuts 4 You

Need To Find All Functions That Deal With CD-DVD Rom


Mr.reCoder

Recommended Posts

lol...the part about researching... i meant it...

try googling for an ioctl decoder and some of the ioctl codes like IOCTL_CDROM_* and the scsi ioctls to get the path/unit/lun/id

and quite a few other, checking on msdn also might be a good idea

you really are way out of your depth and it shows...

you really did not listen to any advice given to you...

and GetDriveTypeA goes to GetDriveTypeW anyway, so you only need to hook one...and those apis actually go much deeper.. its also a really stupid api to start with as it just returns what type of drive it is... 05 for cdrom etc...

stop thinking you know it all...

do some research

do some more research

design things first

dwIoControlCode is a dword using masking / bitflags for its specified operation (the dword explains access method etc)... and its also how drivers work (yeh you were going to write one remember?)

R E S E A R C H

A L L

T H E

T H I N G S ! ! !

Edited by evlncrn8
  • Like 1
Link to comment

@evlncrn8:

first of any thing; Thank you for nice comments; now i am researching about all functions! but in the case of GetDriveType I mean that i won't hook both of them! this is example only! cowboy.gif

I used most common method to hook; this method is dll injection with CreateRemoteThread function (that is rin3!!!).

this method worked on Themida protected app and I hooked CreateProcessW @ CreateFileW @ GetDriveTypeW and I ripped the stack of all this functions!sorcerer.gif

-------------------------------------------------------------------------------------------------------------------------------------

@ragdog

thank you for nice and usefull tool!

is there any source code for this tool? else i must reverse it and extract it's codes!!!

--------------------------------------------------------------------------------------------------------------------------------------

MANY REGARDS...

Link to comment
i must reverse it and extract it's codes!!!

Why this?

This tool contain not any hex codes

You add in the field Mnemonic as example IOCTL_CDROM_READ_TOC

Now can you see in the field Ioctl code the code 00024000

and backwards you have only a hex code and need the definition

add in ioctl field the hex code the definition can you see in Mnemonic field.

Now add in you project

Masm32

IOCTL_CDROM_READ_TOC equ 00024000h

C

#define IOCTL_CDROM_READ_TOC 0x024000

This is a very nice tool from Four-F

and other driver programming examples with ioctl can you found in Kmdkit from Four-F sites

Yes it give a source for IOCTLDecoder it is written in Masm

0547543IoctlDecoder.rar

Greets,

Edited by ragdog
Link to comment

injection may not be the best approach, it wont work for example on starforce as the dll does everything and is loaded in the iat.. way before oep is reached (ie: way before a remote thread is accessed)..

Link to comment

@ragdog

thank you and also Four-F

for this nice tool and it source...

______________________________________________________

@evlncrn8

yes! this is not best approach! but it worked on many protections...

and i will use another approaches too...

I am working and researching... :D

thanks...

Link to comment
  • 4 weeks later...

While the starter of this thread is a big noobie, I still find it an interesting thread.

Ragdog, nice tools, can you provide a link to that kit? Seems very interesting stuff.

Mr.reCoder: dude, you really need to do some research, I think you better start with cdrom/dvd formats, which discuss the structure of discs, also mmc2/3 documents, iso9660 documents, there's some nice books too by Kris Kaspersky and others... ecma130 document, and many many many more.

Edited by Fungus
Link to comment

IOCTL codes are not random, pretty easy to understand:

http://msdn.microsof...y/ms902086.aspx


#define CTL_CODE(t,f,m,a) (((t)<<16)|((a)<<14)|((f)<<2)|(m))

Just reverse the CTL_CODE macro....


#define DeviceType_M(t)((t)>>16)

@Fungus
/>http://www.freewebs.com/four-f/

Kmdkit = Kernel Mode Driver Development Kit

Big disadvantage: MASM :( Coding a driver in ASM pretty sucks, too error-prone. But there are still some nice examples.

Link to comment

Agree with Fungus, interesting thread but the thread starter looks to be drowning before the tide has come in! evlncrn8's comments were interesting, never looked at a project like this however it's intriguing to see what's involved. Mr.reCoder you may need a snorkel for this one... good luck

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...