📄 callmsgring0iorw.cpp
字号:
//
// CallMsgRing0Iorw.cpp
//
// Generated by C DriverWizard 3.2.0 (Build 2485)
// Requires DDK Only
// File created on 3/12/2005
//
#include "CallMsgRing0App.h"
#define HOOKINT 0x0f0
void Ring0Msg()
{
MessageBox(0,L"Called from Ring0!",L"Ring0Call",MB_OK);
_asm int HOOKINT
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// CallMsgRing0IOCTL_CALL_RING3CompleteCallback
// Callback to complete application processing of I/O request
//
// Arguments:
// IN Context
// Our I/O request item
//
// Return Value:
// none
//
VOID CallMsgRing0IOCTL_CALL_RING3CompleteCallback(PVOID Context)
{
PCALLMSGRING0_LIST_ITEM ioItem = (PCALLMSGRING0_LIST_ITEM)Context;
CallMsgRing0OutputText(
_T("Executed IOCTL_CALL_RING3 request: in buffer size (%d), out buffer size (%d), return length (%d) error (%d)"),
ioItem->InSize,
ioItem->OutSize,
ioItem->ReturnLength,
ioItem->Error
);
// Dump the output buffer
CallMsgRing0OutputBuffer(ioItem->OutBuffer, ioItem->ReturnLength);
// Free our buffer memory
free(ioItem->InBuffer);
free(ioItem->OutBuffer);
// Close our overlapped event handle
CloseHandle(ioItem->IoOverlapped.hEvent);
// Free our ioItem memory
free(ioItem);
return;
}
DWORD stack[0x10000];
//////////////////////////////////////////////////////////////////////////////
// CallMsgRing0ExecuteIo
// Routine to execute the user chosen I/O type
//
// Arguments:
// IN hDlg
// Handle to dialog
//
// Return Value:
// status.
//
ULONG CallMsgRing0ExecuteIo(HWND hDlg)
{
TCHAR str[MAX_STRING_LENGTH];
HWND hWnd;
ULONG error = ERROR_SUCCESS;
DWORD inPattern;
DWORD outPattern;
DWORD ii;
DWORD itemIndex;
PCALLMSGRING0_LIST_ITEM ioItem;
DWORD returned;
CallMsgRing0OutputText(_T("CallMsgRing0ExecuteIo++"));
// Use do/while to handle cleanup
do
{
// Allocate a list entry
ioItem = (PCALLMSGRING0_LIST_ITEM)malloc(sizeof(CALLMSGRING0_LIST_ITEM));
if (ioItem == NULL)
{
CallMsgRing0OutputText(_T("Failed to create read I/O list entry, ReadFile not executed"));
error = ERROR_OUTOFMEMORY;
break;
}
ZeroMemory(ioItem, sizeof(CALLMSGRING0_LIST_ITEM));
// Setup the overlapped struct
// Zero the overlapped structure. Make sure this is done anytime
// an overlapped structure is reused as well.
ZeroMemory(&ioItem->IoOverlapped, sizeof(OVERLAPPED));
// Setup the event
ioItem->IoOverlapped.hEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
if (ioItem->IoOverlapped.hEvent == NULL)
{
error = GetLastError();
CallMsgRing0OutputText(_T("NewTextExecuteIo failed to allocate overlapped event error (%d)"), error);
break;
}
// Get the buffer sizes
GetDlgItemText(hDlg, IDC_IN_SIZE_EDIT, str, MAX_STRING_LENGTH);
ioItem->InSize = _ttol(str);
GetDlgItemText(hDlg, IDC_OUT_SIZE_EDIT, str, MAX_STRING_LENGTH);
ioItem->OutSize = _ttol(str);
// Get the data patterns
GetDlgItemText(hDlg, IDC_IN_DATA_EDIT, str, MAX_STRING_LENGTH);
(VOID)_stscanf(str, _T("%x"), &inPattern);
GetDlgItemText(hDlg, IDC_OUT_DATA_EDIT, str, MAX_STRING_LENGTH);
(VOID)_stscanf(str, _T("%x"), &outPattern);
// Setup the transfer
hWnd = GetDlgItem(hDlg, IDC_OP_TYPE_COMBO);
// Get the current operation selection
itemIndex = (DWORD)SendMessage(hWnd, CB_GETCURSEL, 0, 0);
// Get the selection text
SendMessage(hWnd, CB_GETLBTEXT, (WPARAM)itemIndex, (LPARAM)str);
if ((!_tcscmp(str, _T("IOCTL_CALL_RING3"))) && ((ioItem->OutSize > 0) || (ioItem->InSize > 0)))
{
// Setup the in buffer if specified
if (ioItem->InSize > 0)
{
ioItem->InBuffer = (PCHAR)malloc(ioItem->InSize);
if (ioItem->InBuffer == NULL)
{
error = ERROR_OUTOFMEMORY;
CallMsgRing0OutputText(_T("Failed to create in buffer, IOCTL_CALL_RING3 not executed"));
break;
}
// set the in buffer data
for (ii = 0; ii < ioItem->InSize; ii += sizeof(DWORD))
{
CopyMemory(
ioItem->InBuffer + ii,
&inPattern,
min(sizeof(DWORD), ioItem->InSize - ii)
);
}
}
// Setup the out buffer if specified
if (ioItem->OutSize > 0)
{
ioItem->OutBuffer = (PCHAR)malloc(ioItem->OutSize);
if (ioItem->OutBuffer == NULL)
{
error = ERROR_OUTOFMEMORY;
CallMsgRing0OutputText(_T("Failed to create out buffer, IOCTL_CALL_RING3 not executed"));
break;
}
// set the out buffer data
for (ii = 0; ii < ioItem->OutSize; ii += sizeof(DWORD))
{
CopyMemory(
ioItem->OutBuffer + ii,
&outPattern,
min(sizeof(DWORD), ioItem->OutSize - ii)
);
}
}
if(ioItem->InSize<8) break;
*(PVOID*)(ioItem->InBuffer)=Ring0Msg;
*((PVOID*)(ioItem->InBuffer)+1)=(PBYTE)stack+0x10000;
if ((!DeviceIoControl(
g_hDevice,
IOCTL_CALL_RING3,
ioItem->InBuffer,
ioItem->InSize,
ioItem->OutBuffer,
ioItem->OutSize,
&returned,
&ioItem->IoOverlapped
)) &&
(GetLastError() != ERROR_IO_PENDING))
{
error = GetLastError();
CallMsgRing0OutputText(_T("IOCTL_CALL_RING3 failed with error (%d)"), error);
break;
}
// Setup the entry
ioItem->Callback = CallMsgRing0IOCTL_CALL_RING3CompleteCallback;
CallMsgRing0OutputText(_T("Adding entry to list"));
// Get our list protection
EnterCriticalSection(&g_IoListLock);
// Add this entry to the end of the list
ioItem->Next = &g_IoList;
ioItem->Previous = g_IoList.Previous;
g_IoList.Previous->Next = ioItem;
g_IoList.Previous = ioItem;
// Drop our list protection
LeaveCriticalSection(&g_IoListLock);
CallMsgRing0OutputText(_T("Added entry to list"));
break;
}
}
while (FALSE);
if (error != ERROR_SUCCESS)
{
// Free our buffers
if (ioItem->InBuffer != NULL)
{
free(ioItem->InBuffer);
}
if (ioItem->OutBuffer != NULL)
{
free(ioItem->OutBuffer);
}
// Close our overlapped event handle
if (ioItem->IoOverlapped.hEvent != NULL)
{
CloseHandle(ioItem->IoOverlapped.hEvent);
}
// Free the ioItem memory
free(ioItem);
}
CallMsgRing0OutputText(_T("CallMsgRing0ExecuteIo--"));
return error;
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// CallMsgRing0IoCompletionThread
// Thread used complete processing of overlapped I/O requests.
//
// Arguments:
// IN Context
// Not used
//
// Return Value:
// Thread exit value
//
UINT __stdcall CallMsgRing0IoCompletionThread(PVOID Context)
{
PCALLMSGRING0_LIST_ITEM ioEntry;
PCALLMSGRING0_LIST_ITEM tempEntry;
HANDLE hIoCompletionThreadTerminationEvent = (HANDLE)Context;
CallMsgRing0OutputText(_T("IoCompletionThread"));
while (1)
{
// Get our list protection
EnterCriticalSection(&g_IoListLock);
ioEntry = g_IoList.Next;
// If the list is populated then go through and wait on each I/O to complete
while (ioEntry != &g_IoList)
{
// Drop our list protection
LeaveCriticalSection(&g_IoListLock);
CallMsgRing0OutputText(_T("I/O loop"));
ioEntry->Error = ERROR_SUCCESS;
assert(WaitForSingleObject(ioEntry->IoOverlapped.hEvent, INFINITE) == WAIT_OBJECT_0);
assert(HasOverlappedIoCompleted(&ioEntry->IoOverlapped));
if (!GetOverlappedResult(
g_hDevice,
&ioEntry->IoOverlapped,
&ioEntry->ReturnLength,
TRUE
))
{
ioEntry->Error = GetLastError();
}
CallMsgRing0OutputText(_T("I/O for entry completed"));
// Get our list protection
EnterCriticalSection(&g_IoListLock);
// Remove the entry from the list and get the next entry
tempEntry = ioEntry;
ioEntry = ioEntry->Next;
tempEntry->Previous->Next = tempEntry->Next;
tempEntry->Next->Previous = tempEntry->Previous;
// Call the I/O callback
tempEntry->Callback(tempEntry);
}
// Drop our list protection
LeaveCriticalSection(&g_IoListLock);
if (WaitForSingleObject(hIoCompletionThreadTerminationEvent, 0) == WAIT_OBJECT_0)
{
break;
}
Sleep(500);
}
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -