If someone can fix my problem i can offer up to 20€.... i guess my mistake is just a casting mistake....
When i try to read with my Kernel Driver a Value then it just read the first 4 or 8 byte... but when i want to read an vector i have to read all 3 floats with 3 reads^^
Usermode struct:
Code:
typedef struct _NEVERFORGET_READWRITE
{
PVOID value; // Buffer address
ULONGLONG address; // Target address
ULONGLONG size; // Buffer size
ULONG pid; // Target process id
} NEVERFORGET_READWRITE, *PNEVERFORGET_READWRITE;
Usermode Read/Write:
HTML Code:
template <typename T>
T ReadProcessMemory(DWORD address) {
DWORD bytes = 0;
NEVERFORGET_READWRITE Output;
Output.address = address;
Output.pid = GetPid();
Output.size = sizeof(T);
if (DeviceIoControl(handleDriver, IOCTL_Read_NeverForgetMe, &Output, sizeof(Output), &Output, sizeof(Output), &bytes, NULL)) {
//DWORD64 *intPtr = static_cast<DWORD64*>(Output.value);
//T converted = *(T*)&intPtr;
T converted = *(T*)&Output.value;
return converted;
}
return{};
}
template <typename T>
T WriteProcessMemory(DWORD address, T value) {
DWORD bytes = 0;
NEVERFORGET_READWRITE Output;
Output.address = address;
Output.pid = GetPid();
Output.size = sizeof(T);
void *voidPtr = &value;
Output.value = voidPtr;
if (DeviceIoControl(handleDriver, IOCTL_Write_NeverForgetMe, &Output, sizeof(Output), &Output, sizeof(Output), &bytes, NULL)) {
DWORD64 *intPtr = static_cast<DWORD64*>(Output.value);
T converted = *(T*)&intPtr;
return converted;
}
return{};
}
Kernel Struct:
Code:
typedef struct _NEVERFORGET_READWRITE
{
PVOID value; // Buffer address
ULONGLONG address; // Target address
ULONGLONG size; // Buffer size
ULONG pid; // Target process id
} NEVERFORGET_READWRITE, *PNEVERFORGET_READWRITE;
Kernel read/write
Code:
NTSTATUS KeReadVirtualMemory(PEPROCESS Process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size)
{
SIZE_T Bytes;
DbgPrint("[KeReadVirtualMemory]: %llx\n", SourceAddress);
if (NT_SUCCESS(MmCopyVirtualMemory(Process, SourceAddress, PsGetCurrentProcess(), TargetAddress, Size, KernelMode, &Bytes))) {
DbgPrint("[KeReadVirtualMemory] Output: %f\n", TargetAddress);
return STATUS_SUCCESS;
}
else {
return STATUS_ACCESS_DENIED;
}
}
NTSTATUS KeWriteProcessMemory(PEPROCESS Process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size)
{
PEPROCESS SourceProcess = PsGetCurrentProcess();
PEPROCESS TargetProcess = Process;
SIZE_T Result;
if (NT_SUCCESS(MmCopyVirtualMemory(SourceProcess, SourceAddress, TargetProcess, TargetAddress, Size, KernelMode, &Result)))
return STATUS_SUCCESS; // operation was successful
else
return STATUS_ACCESS_DENIED;
}
PSIZE_T bytes;
case IOCTL_Read_NeverForgetMe:
if (inputBufferLength >= sizeof(NEVERFORGET_READWRITE) && ioBuffer) {
PNEVERFORGET_READWRITE test = (PNEVERFORGET_READWRITE)ioBuffer;
PEPROCESS Process;
if (NT_SUCCESS(PsLookupProcessByProcessId((PVOID)(UINT_PTR)test->pid, &Process))) {
KeReadVirtualMemory(Process, test->address,&test->value, test->size); //eig mit &
}
Bytes = sizeof(test);
Irp->IoStatus.Status = STATUS_SUCCESS;
}
else {
Irp->IoStatus.Status = STATUS_INFO_LENGTH_MISMATCH;
}
break;
case IOCTL_Write_NeverForgetMe:
if (inputBufferLength >= sizeof(NEVERFORGET_READWRITE) && ioBuffer) {
PNEVERFORGET_READWRITE test = (PNEVERFORGET_READWRITE)ioBuffer;
PEPROCESS Process;
if (NT_SUCCESS(PsLookupProcessByProcessId((PVOID)(UINT_PTR)test->pid, &Process))){
KeWriteProcessMemory(Process, test->value, test->address, test->size); //eig mit &
}
Bytes = sizeof(test);
Irp->IoStatus.Status = STATUS_SUCCESS;
}
else {
Irp->IoStatus.Status = STATUS_INFO_LENGTH_MISMATCH;
}
break;
Irp->IoStatus.Information = Bytes;
