Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Ring0] Have a problem about tranfer the data from kernel mode to user

Vic
Vic
in Programming and Coding

Featured Replies

Posted 

// In My Driver.Function ViC_ZwOpenProcess(PID: DWord): THandle; stdcall;
var
  ProcessHandle: THandle;
  ClientId: CLIENT_ID;
  ObjectAttributes: OBJECT_ATTRIBUTES;
const PROCESS_ALL_ACCESS: DWord = $001F0FFF;
begin
  Result:= 0;
  with ObjectAttributes do
  begin
	Length:= SizeOf(OBJECT_ATTRIBUTES);
	RootDirectory:= 0;
	ObjectName:= NIL;
	Attributes:= 0;
	SecurityDescriptor:= NIL;
	SecurityQualityOfService:= NIL;
  end;
  with ClientId do
  begin
	UniqueProcess:= PID;
	UniqueThread:= 0;
  end;
  if (ZwOpenProcess(@ProcessHandle,PROCESS_ALL_ACCESS,@ObjectAttributes,@ClientId) <> 0) then
  DbgPrint('ZwOpenProcess: -> Failed')
  else Result:= ProcessHandle;
end;Function ViC_OnIoDevControl(DeviceObject: pDeviceObject; Irp: PIRP): NTSTATUS; stdcall;
var
  pSysBuf: Pointer;
  status: NTSTATUS;
  IrpStack: PIO_STACK_LOCATION;
  dwBytesReturned, dwIoControlCode, hProcess, VIC_OP: DWord;
begin
  DbgPrint('VIC: + DriverOnIoDevControl');
  status:= STATUS_SUCCESS;
  dwBytesReturned:= 0;
  IrpStack:= IoGetCurrentIrpStackLocation(Irp);
  dwIoControlCode:= IrpStack^.Parameters.DeviceIoControl.IoControlCode;
  pSysBuf:= Irp^.AssociatedIrp.SystemBuffer;
  VIC_OP:= CTL_CODE(FILE_DEVICE_UNKNOWN,$801,METHOD_BUFFERED,FILE_ANY_ACCESS);  
  if (dwIoControlCode = VIC_OP) then
  begin
	PID:= DWord(pSysBuf^);
	hProcess:= ViC_ZwOpenProcess(PID);
        DWord(pSysBuf^):= hProcess; <~~~~~~~~~ HERE
	dwBytesReturned:= SizeOf(hProcess);
	DbgPrint('VIC: The process was openned');
  end else status:= STATUS_INVALID_DEVICE_REQUEST;
  Irp^.IoStatus.Status:= status;
  Irp^.IoStatus.Information:= dwBytesReturned;
  IoCompleteRequest(Irp,IO_NO_INCREMENT);
  Result:= status;
end;// In My Loader.
Procedure ViC_ZwOpenProcess(PID: DWord); stdcall;
var VIC_OP: DWord;
begin
  hDev:= CreateFile(PAnsiChar('\\.\' + Copy(nFile,1,Length(nFile) - 4)),GENERIC_READ + GENERIC_WRITE,0,NIL,OPEN_EXISTING,0,0);
  if (hDev = INVALID_HANDLE_VALUE) then
  begin
	OutputDebugStringA('CreateFile was failed.');
	ControlService(hSv,SERVICE_CONTROL_STOP,svStatus);
	DeleteService(hSv);
	CloseServiceHandle(Scm);
	Exit;
  end;
  OutputDebugStringA('CreateFile was success.');
  VIC_OP:= CTL_CODE(FILE_DEVICE_UNKNOWN,$801,METHOD_BUFFERED,FILE_ANY_ACCESS);
  inBuf:= PID;
  IoSucc:= DeviceIoControl(hDev,VIC_OP,@inBuf,SizeOf(inBuf),@outBuf,SizeOf(outBuf),dwReturned,NIL); <~~~~~~~~~ HERE
  OutputDebugStringA(PAnsiChar(Format('VIC: Input: %d - Output: %d',[inBuf,outBuf])));
  if (IoSucc = False) then CloseHandle(hDev);
  else OutputDebugStringA('DeviceIoControl was failed.');
end;

Hi all you,

Please help me. I was coded a driver but I have a problem, I don't know why I cannot to tranfer the data from kernel mode to user mode. Who can help me? I very need it in the next time. sad.png Thanks so much.

BR,

vic4key

Edited by vic4key

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.