Rizin
unix-like reverse engineering framework and cli tools
Classes | Macros | Typedefs | Functions | Variables
io_rzk_windows.h File Reference
#include <rz_windows.h>
#include <rz_io.h>
#include <rz_lib.h>
#include <rz_types.h>
#include <rz_util.h>
#include <sys/types.h>

Go to the source code of this file.

Classes

struct  RzIOW32
 
struct  _PPA
 
struct  _RTL_PROCESS_MODULE_INFORMATION
 
struct  _RTL_PROCESS_MODULES
 

Macros

#define RZK_DEVICE   "\\\\.\\rzk\\"
 
#define IOCTL_CODE(DeviceType, Function, Method, Access)    (((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method))
 
#define CLOSE_DRIVER   IOCTL_CODE(0x22, 0x803, 0, 1 | 2)
 
#define IOCTL_READ_PHYS_MEM   IOCTL_CODE(0x22, 0x807, 0, 1 | 2)
 
#define IOCTL_READ_KERNEL_MEM   IOCTL_CODE(0x22, 0x804, 0, 1 | 2)
 
#define IOCTL_WRITE_KERNEL_MEM   IOCTL_CODE(0x22, 0x805, 0, 1 | 2)
 
#define IOCTL_GET_PHYSADDR   IOCTL_CODE(0x22, 0x809, 0, 1 | 2)
 
#define IOCTL_WRITE_PHYS_MEM   IOCTL_CODE(0x22, 0x808, 0, 1 | 2)
 
#define IOCTL_GET_SYSTEM_MODULES   IOCTL_CODE(0x22, 0x80a, 0, 1 | 2)
 

Typedefs

typedef struct _PPA PA
 
typedef struct _PPAPPA
 
typedef struct _RTL_PROCESS_MODULE_INFORMATION RTL_PROCESS_MODULE_INFORMATION
 
typedef struct _RTL_PROCESS_MODULE_INFORMATIONPRTL_PROCESS_MODULE_INFORMATION
 
typedef struct _RTL_PROCESS_MODULES RTL_PROCESS_MODULES
 
typedef struct _RTL_PROCESS_MODULESPRTL_PROCESS_MODULES
 

Functions

BOOL StartStopService (LPCTSTR lpServiceName, BOOL bStop)
 
int GetSystemModules (RzIO *io)
 
int ReadKernelMemory (ut64 address, ut8 *buf, int len)
 
int WriteKernelMemory (ut64 address, const ut8 *buf, int len)
 
int Init (const char *driverPath)
 

Variables

HANDLE gHandleDriver
 

Macro Definition Documentation

◆ CLOSE_DRIVER

#define CLOSE_DRIVER   IOCTL_CODE(0x22, 0x803, 0, 1 | 2)

Definition at line 52 of file io_rzk_windows.h.

◆ IOCTL_CODE

#define IOCTL_CODE (   DeviceType,
  Function,
  Method,
  Access 
)     (((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method))

Definition at line 45 of file io_rzk_windows.h.

◆ IOCTL_GET_PHYSADDR

#define IOCTL_GET_PHYSADDR   IOCTL_CODE(0x22, 0x809, 0, 1 | 2)

Definition at line 56 of file io_rzk_windows.h.

◆ IOCTL_GET_SYSTEM_MODULES

#define IOCTL_GET_SYSTEM_MODULES   IOCTL_CODE(0x22, 0x80a, 0, 1 | 2)

Definition at line 58 of file io_rzk_windows.h.

◆ IOCTL_READ_KERNEL_MEM

#define IOCTL_READ_KERNEL_MEM   IOCTL_CODE(0x22, 0x804, 0, 1 | 2)

Definition at line 54 of file io_rzk_windows.h.

◆ IOCTL_READ_PHYS_MEM

#define IOCTL_READ_PHYS_MEM   IOCTL_CODE(0x22, 0x807, 0, 1 | 2)

Definition at line 53 of file io_rzk_windows.h.

◆ IOCTL_WRITE_KERNEL_MEM

#define IOCTL_WRITE_KERNEL_MEM   IOCTL_CODE(0x22, 0x805, 0, 1 | 2)

Definition at line 55 of file io_rzk_windows.h.

◆ IOCTL_WRITE_PHYS_MEM

#define IOCTL_WRITE_PHYS_MEM   IOCTL_CODE(0x22, 0x808, 0, 1 | 2)

Definition at line 57 of file io_rzk_windows.h.

◆ RZK_DEVICE

#define RZK_DEVICE   "\\\\.\\rzk\\"

Definition at line 43 of file io_rzk_windows.h.

Typedef Documentation

◆ PA

typedef struct _PPA PA

◆ PPA

typedef struct _PPA * PPA

◆ PRTL_PROCESS_MODULE_INFORMATION

typedef struct _RTL_PROCESS_MODULE_INFORMATION * PRTL_PROCESS_MODULE_INFORMATION

◆ PRTL_PROCESS_MODULES

typedef struct _RTL_PROCESS_MODULES * PRTL_PROCESS_MODULES

◆ RTL_PROCESS_MODULE_INFORMATION

typedef struct _RTL_PROCESS_MODULE_INFORMATION RTL_PROCESS_MODULE_INFORMATION

◆ RTL_PROCESS_MODULES

typedef struct _RTL_PROCESS_MODULES RTL_PROCESS_MODULES

Function Documentation

◆ GetSystemModules()

int GetSystemModules ( RzIO io)

Definition at line 94 of file io_rzk_windows.c.

94  {
95  DWORD bRead = 0;
96  int i;
97  LPVOID lpBufMods = NULL;
98  int bufmodsize = 1024 * 1024;
99  if (gHandleDriver) {
100  if (!(lpBufMods = malloc(bufmodsize))) {
101  eprintf("[rzk] GetSystemModules: Error can't allocate %i bytes of memory.\n", bufmodsize);
102  return -1;
103  }
104  if (DeviceIoControl(gHandleDriver, IOCTL_GET_SYSTEM_MODULES, lpBufMods, bufmodsize, lpBufMods, bufmodsize, &bRead, NULL)) {
105  PRTL_PROCESS_MODULES pm = (PRTL_PROCESS_MODULES)lpBufMods;
106  PRTL_PROCESS_MODULE_INFORMATION pMod = pm->Modules;
107  for (i = 0; i < pm->NumberOfModules; i++) {
108  const char *fileName = GetFileName((const char *)pMod[i].FullPathName);
109  io->cb_printf("f nt.%s 0x%x @ 0x%p\n", fileName, pMod[i].ImageSize, pMod[i].ImageBase);
110  }
111  }
112  } else {
113  eprintf("Driver not initialized.\n");
114  }
115  return 1;
116 }
i
lzma_index ** i
Definition: index.h:629
NULL
#define NULL
Definition: cris-opc.c:27
gHandleDriver
HANDLE gHandleDriver
Definition: io_rzk_windows.c:8
GetFileName
static const char * GetFileName(const char *path)
Definition: io_rzk_windows.c:83
PRTL_PROCESS_MODULES
struct _RTL_PROCESS_MODULES * PRTL_PROCESS_MODULES
IOCTL_GET_SYSTEM_MODULES
#define IOCTL_GET_SYSTEM_MODULES
Definition: io_rzk_windows.h:58
malloc
void * malloc(size_t size)
Definition: malloc.c:123
eprintf
#define eprintf(x, y...)
Definition: rlcc.c:7
_RTL_PROCESS_MODULES
Definition: io_rzk_windows.h:38
_RTL_PROCESS_MODULES::Modules
RTL_PROCESS_MODULE_INFORMATION Modules[1]
Definition: io_rzk_windows.h:40
_RTL_PROCESS_MODULES::NumberOfModules
ULONG NumberOfModules
Definition: io_rzk_windows.h:39
_RTL_PROCESS_MODULE_INFORMATION
Definition: io_rzk_windows.h:25
rz_io_t::cb_printf
PrintfCallback cb_printf
Definition: rz_io.h:91
DWORD
DWORD
Definition: windows_debug.h:119

References rz_io_t::cb_printf, DWORD, eprintf, test-lz4-speed::fileName, GetFileName(), gHandleDriver, i, IOCTL_GET_SYSTEM_MODULES, malloc(), _RTL_PROCESS_MODULES::Modules, NULL, and _RTL_PROCESS_MODULES::NumberOfModules.

Referenced by rzk__system().

◆ Init()

int Init ( const char *  driverPath)

Definition at line 175 of file io_rzk_windows.c.

175  {
176  BOOL ret = FALSE;
177  if (InitDriver() == FALSE) {
178  if (strlen(driverPath)) {
179  StartStopService(TEXT("rzk"), TRUE);
180  RemoveService(TEXT("rzk"));
181  eprintf("Installing driver: %s\n", driverPath);
182  if (InstallService(driverPath, TEXT("rzk"), TEXT("rzk"))) {
183  StartStopService(TEXT("rzk"), FALSE);
184  ret = InitDriver();
185  }
186  } else {
187  eprintf("Error initalizating driver, try rzk://pathtodriver\nEx: rizin.exe rzk://c:\\rzk.sys");
188  }
189  } else {
190  eprintf("Driver present [OK]\n");
191  ret = TRUE;
192  }
193  return ret;
194 }
InstallService
static BOOL InstallService(const char *rutaDriver, LPCTSTR lpServiceName, LPCTSTR lpDisplayName)
Definition: io_rzk_windows.c:10
InitDriver
static BOOL InitDriver(VOID)
Definition: io_rzk_windows.c:75
RemoveService
static BOOL RemoveService(LPCTSTR lpServiceName)
Definition: io_rzk_windows.c:27
StartStopService
BOOL StartStopService(LPCTSTR lpServiceName, BOOL bStop)
Definition: io_rzk_windows.c:43
TRUE
#define TRUE
Definition: mybfd.h:103
FALSE
#define FALSE
Definition: mybfd.h:102

References eprintf, FALSE, InitDriver(), InstallService(), RemoveService(), StartStopService(), and TRUE.

Referenced by rzk__open().

◆ ReadKernelMemory()

int ReadKernelMemory ( ut64  address,
ut8 buf,
int  len 
)

Definition at line 118 of file io_rzk_windows.c.

118  {
119  DWORD ret = -1, bRead = 0;
120  LPVOID lpBuffer = NULL;
121  int bufsize;
122  PPA p;
123  memset(buf, '\xff', len);
124  if (gHandleDriver) {
125  bufsize = sizeof(PA) + len;
126  if (!(lpBuffer = malloc(bufsize))) {
127  eprintf("[rzk] ReadKernelMemory: Error can't allocate %i bytes of memory.\n", bufsize);
128  return -1;
129  }
130  p = (PPA)lpBuffer;
131  p->address.QuadPart = address;
132  p->len = len;
133  if (DeviceIoControl(gHandleDriver, IOCTL_READ_KERNEL_MEM, lpBuffer, bufsize, lpBuffer, bufsize, &bRead, NULL)) {
134  memcpy(buf, lpBuffer, len);
135  ret = len;
136  } else {
137  ret = -1;
138  // eprintf("[rzk] ReadKernelMemory: Error IOCTL_READ_KERNEL_MEM.\n");
139  }
140  free(lpBuffer);
141  } else {
142  eprintf("Driver not initialized.\n");
143  }
144  return ret;
145 }
len
size_t len
Definition: 6502dis.c:15
free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
PA
struct _PPA PA
PPA
struct _PPA * PPA
IOCTL_READ_KERNEL_MEM
#define IOCTL_READ_KERNEL_MEM
Definition: io_rzk_windows.h:54
buf
voidpf void * buf
Definition: ioapi.h:138
memset
return memset(p, 0, total)
p
void * p
Definition: libc.cpp:67
memcpy
memcpy(mem, inblock.get(), min(CONTAINING_RECORD(inblock.get(), MEMBLOCK, data) ->size, size))
_PPA
Definition: io_rzk_windows.h:19

References DWORD, eprintf, free(), gHandleDriver, IOCTL_READ_KERNEL_MEM, len, malloc(), memcpy(), memset(), NULL, and p.

Referenced by rzk__read().

◆ StartStopService()

BOOL StartStopService ( LPCTSTR  lpServiceName,
BOOL  bStop 
)

Definition at line 43 of file io_rzk_windows.c.

43  {
44  HANDLE hSCManager;
45  HANDLE hService;
46  SERVICE_STATUS ssStatus;
47  BOOL ret = FALSE;
48  hSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_CREATE_SERVICE);
49  if (hSCManager) {
50  hService = OpenService(hSCManager, lpServiceName, SERVICE_START | DELETE | SERVICE_STOP);
51  if (hService) {
52  if (!bStop) {
53  if (StartService(hService, 0, NULL)) {
54  eprintf("Service started [OK]\n");
55  ret = TRUE;
56  } else {
57  eprintf("Service started [FAIL]\n");
58  }
59  } else {
60  if (ControlService(hService, SERVICE_CONTROL_STOP, &ssStatus)) {
61  eprintf("Service Stopped [OK]\n");
62  ret = TRUE;
63  } else {
64  eprintf("Service Stopped [FAIL]\n");
65  }
66  }
67  CloseServiceHandle(hService);
68  DeleteService(hService);
69  }
70  CloseServiceHandle(hSCManager);
71  }
72  return ret;
73 }
HANDLE
DWORD * HANDLE
Definition: windows_debug.h:119

References eprintf, FALSE, HANDLE, NULL, and TRUE.

Referenced by Init(), and rzk__close().

◆ WriteKernelMemory()

int WriteKernelMemory ( ut64  address,
const ut8 buf,
int  len 
)

Definition at line 147 of file io_rzk_windows.c.

147  {
148  DWORD ret = -1, bRead = 0;
149  LPVOID lpBuffer = NULL;
150  int bufsize;
151  PPA p;
152  if (gHandleDriver) {
153  bufsize = sizeof(PA) + len;
154  if (!(lpBuffer = malloc(bufsize))) {
155  eprintf("[rzk] WriteKernelMemory: Error can't allocate %i bytes of memory.\n", bufsize);
156  return -1;
157  }
158  p = (PPA)lpBuffer;
159  p->address.QuadPart = address;
160  p->len = len;
161  memcpy(&p->buffer, buf, len);
162  if (DeviceIoControl(gHandleDriver, IOCTL_WRITE_KERNEL_MEM, lpBuffer, bufsize, lpBuffer, bufsize, &bRead, NULL)) {
163  ret = len;
164  } else {
165  eprintf("[rzk] WriteKernelMemory: Error IOCTL_WRITE_KERNEL_MEM.\n");
166  ret = -1;
167  }
168  free(lpBuffer);
169  } else {
170  eprintf("Driver not initialized.\n");
171  }
172  return ret;
173 }
IOCTL_WRITE_KERNEL_MEM
#define IOCTL_WRITE_KERNEL_MEM
Definition: io_rzk_windows.h:55

References DWORD, eprintf, free(), gHandleDriver, IOCTL_WRITE_KERNEL_MEM, len, malloc(), memcpy(), NULL, and p.

Referenced by rzk__write().

Variable Documentation

◆ gHandleDriver

HANDLE gHandleDriver
extern

Definition at line 8 of file io_rzk_windows.c.

Referenced by GetSystemModules(), InitDriver(), ReadKernelMemory(), rzk__close(), and WriteKernelMemory().