[Ring0] Have a problem about tranfer the data from kernel mode to user

[Vic]

// In My Driver.Function ViC_ZwOpenProcess(PID: DWord): THandle; stdcall;
var
  ProcessHandle: THandle;
  ClientId: CLIENT_ID;
  ObjectAttributes: OBJECT_ATTRIBUTES;
const PROCESS_ALL_ACCESS: DWord = $001F0FFF;
begin
  Result:= 0;
  with ObjectAttributes do
  begin
	Length:= SizeOf(OBJECT_ATTRIBUTES);
	RootDirectory:= 0;
	ObjectName:= NIL;
	Attributes:= 0;
	SecurityDescriptor:= NIL;
	SecurityQualityOfService:= NIL;
  end;
  with ClientId do
  begin
	UniqueProcess:= PID;
	UniqueThread:= 0;
  end;
  if (ZwOpenProcess(@ProcessHandle,PROCESS_ALL_ACCESS,@ObjectAttributes,@ClientId) <> 0) then
  DbgPrint('ZwOpenProcess: -> Failed')
  else Result:= ProcessHandle;
end;Function ViC_OnIoDevControl(DeviceObject: pDeviceObject; Irp: PIRP): NTSTATUS; stdcall;
var
  pSysBuf: Pointer;
  status: NTSTATUS;
  IrpStack: PIO_STACK_LOCATION;
  dwBytesReturned, dwIoControlCode, hProcess, VIC_OP: DWord;
begin
  DbgPrint('VIC: + DriverOnIoDevControl');
  status:= STATUS_SUCCESS;
  dwBytesReturned:= 0;
  IrpStack:= IoGetCurrentIrpStackLocation(Irp);
  dwIoControlCode:= IrpStack^.Parameters.DeviceIoControl.IoControlCode;
  pSysBuf:= Irp^.AssociatedIrp.SystemBuffer;
  VIC_OP:= CTL_CODE(FILE_DEVICE_UNKNOWN,$801,METHOD_BUFFERED,FILE_ANY_ACCESS);  
  if (dwIoControlCode = VIC_OP) then
  begin
	PID:= DWord(pSysBuf^);
	hProcess:= ViC_ZwOpenProcess(PID);
        DWord(pSysBuf^):= hProcess; <~~~~~~~~~ HERE
	dwBytesReturned:= SizeOf(hProcess);
	DbgPrint('VIC: The process was openned');
  end else status:= STATUS_INVALID_DEVICE_REQUEST;
  Irp^.IoStatus.Status:= status;
  Irp^.IoStatus.Information:= dwBytesReturned;
  IoCompleteRequest(Irp,IO_NO_INCREMENT);
  Result:= status;
end;// In My Loader.
Procedure ViC_ZwOpenProcess(PID: DWord); stdcall;
var VIC_OP: DWord;
begin
  hDev:= CreateFile(PAnsiChar('\\.\' + Copy(nFile,1,Length(nFile) - 4)),GENERIC_READ + GENERIC_WRITE,0,NIL,OPEN_EXISTING,0,0);
  if (hDev = INVALID_HANDLE_VALUE) then
  begin
	OutputDebugStringA('CreateFile was failed.');
	ControlService(hSv,SERVICE_CONTROL_STOP,svStatus);
	DeleteService(hSv);
	CloseServiceHandle(Scm);
	Exit;
  end;
  OutputDebugStringA('CreateFile was success.');
  VIC_OP:= CTL_CODE(FILE_DEVICE_UNKNOWN,$801,METHOD_BUFFERED,FILE_ANY_ACCESS);
  inBuf:= PID;
  IoSucc:= DeviceIoControl(hDev,VIC_OP,@inBuf,SizeOf(inBuf),@outBuf,SizeOf(outBuf),dwReturned,NIL); <~~~~~~~~~ HERE
  OutputDebugStringA(PAnsiChar(Format('VIC: Input: %d - Output: %d',[inBuf,outBuf])));
  if (IoSucc = False) then CloseHandle(hDev);
  else OutputDebugStringA('DeviceIoControl was failed.');
end;

Hi all you,

Please help me. I was coded a driver but I have a problem, I don't know why I cannot to tranfer the data from kernel mode to user mode. Who can help me? I very need it in the next time. Thanks so much.

BR,

vic4key

Edited March 21, 2012 by vic4key