When i try to read with my Kernel Driver a Value then it just read the first 4 or 8 byte... but when i want to read an vector i have to read all 3 floats with 3 reads^^
Usermode struct:
Code:
typedef struct _NEVERFORGET_READWRITE
{
PVOID value; // Buffer address
ULONGLONG address; // Target address
ULONGLONG size; // Buffer size
ULONG pid; // Target process id
} NEVERFORGET_READWRITE, *PNEVERFORGET_READWRITE;
HTML Code:
template <typename T> T ReadProcessMemory(DWORD address) { DWORD bytes = 0; NEVERFORGET_READWRITE Output; Output.address = address; Output.pid = GetPid(); Output.size = sizeof(T); if (DeviceIoControl(handleDriver, IOCTL_Read_NeverForgetMe, &Output, sizeof(Output), &Output, sizeof(Output), &bytes, NULL)) { //DWORD64 *intPtr = static_cast<DWORD64*>(Output.value); //T converted = *(T*)&intPtr; T converted = *(T*)&Output.value; return converted; } return{}; } template <typename T> T WriteProcessMemory(DWORD address, T value) { DWORD bytes = 0; NEVERFORGET_READWRITE Output; Output.address = address; Output.pid = GetPid(); Output.size = sizeof(T); void *voidPtr = &value; Output.value = voidPtr; if (DeviceIoControl(handleDriver, IOCTL_Write_NeverForgetMe, &Output, sizeof(Output), &Output, sizeof(Output), &bytes, NULL)) { DWORD64 *intPtr = static_cast<DWORD64*>(Output.value); T converted = *(T*)&intPtr; return converted; } return{}; }
Code:
typedef struct _NEVERFORGET_READWRITE
{
PVOID value; // Buffer address
ULONGLONG address; // Target address
ULONGLONG size; // Buffer size
ULONG pid; // Target process id
} NEVERFORGET_READWRITE, *PNEVERFORGET_READWRITE;
Code:
NTSTATUS KeReadVirtualMemory(PEPROCESS Process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size)
{
SIZE_T Bytes;
DbgPrint("[KeReadVirtualMemory]: %llx\n", SourceAddress);
if (NT_SUCCESS(MmCopyVirtualMemory(Process, SourceAddress, PsGetCurrentProcess(), TargetAddress, Size, KernelMode, &Bytes))) {
DbgPrint("[KeReadVirtualMemory] Output: %f\n", TargetAddress);
return STATUS_SUCCESS;
}
else {
return STATUS_ACCESS_DENIED;
}
}
NTSTATUS KeWriteProcessMemory(PEPROCESS Process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size)
{
PEPROCESS SourceProcess = PsGetCurrentProcess();
PEPROCESS TargetProcess = Process;
SIZE_T Result;
if (NT_SUCCESS(MmCopyVirtualMemory(SourceProcess, SourceAddress, TargetProcess, TargetAddress, Size, KernelMode, &Result)))
return STATUS_SUCCESS; // operation was successful
else
return STATUS_ACCESS_DENIED;
}
PSIZE_T bytes;
case IOCTL_Read_NeverForgetMe:
if (inputBufferLength >= sizeof(NEVERFORGET_READWRITE) && ioBuffer) {
PNEVERFORGET_READWRITE test = (PNEVERFORGET_READWRITE)ioBuffer;
PEPROCESS Process;
if (NT_SUCCESS(PsLookupProcessByProcessId((PVOID)(UINT_PTR)test->pid, &Process))) {
KeReadVirtualMemory(Process, test->address,&test->value, test->size); //eig mit &
}
Bytes = sizeof(test);
Irp->IoStatus.Status = STATUS_SUCCESS;
}
else {
Irp->IoStatus.Status = STATUS_INFO_LENGTH_MISMATCH;
}
break;
case IOCTL_Write_NeverForgetMe:
if (inputBufferLength >= sizeof(NEVERFORGET_READWRITE) && ioBuffer) {
PNEVERFORGET_READWRITE test = (PNEVERFORGET_READWRITE)ioBuffer;
PEPROCESS Process;
if (NT_SUCCESS(PsLookupProcessByProcessId((PVOID)(UINT_PTR)test->pid, &Process))){
KeWriteProcessMemory(Process, test->value, test->address, test->size); //eig mit &
}
Bytes = sizeof(test);
Irp->IoStatus.Status = STATUS_SUCCESS;
}
else {
Irp->IoStatus.Status = STATUS_INFO_LENGTH_MISMATCH;
}
break;
Irp->IoStatus.Information = Bytes;
