Rizin
unix-like reverse engineering framework and cli tools
io_rzk_windows.h
Go to the documentation of this file.
1 // SPDX-FileCopyrightText: 2016 skuater <skuater@hotmail.com>
2 // SPDX-FileCopyrightText: 2016 Rakholiya Jenish
3 // SPDX-FileCopyrightText: 2017 Jose Diaz <josediazplay@gmail.com>
4 // SPDX-License-Identifier: LGPL-3.0-only
5 
6 #ifndef __IO_RZK_WINDOWS_H__
7 #define __IO_RZK_WINDOWS_H__
8 #include <rz_windows.h>
9 
10 #include <rz_io.h>
11 #include <rz_lib.h>
12 #include <rz_types.h>
13 #include <rz_util.h>
14 #include <sys/types.h>
15 
16 typedef struct {
17  HANDLE hnd;
18 } RzIOW32;
19 typedef struct _PPA {
20  LARGE_INTEGER address;
21  DWORD len;
22  unsigned char buffer;
23 } PA, *PPA;
24 
25 typedef struct _RTL_PROCESS_MODULE_INFORMATION {
26  HANDLE Section;
27  PVOID MappedBase;
28  PVOID ImageBase;
29  ULONG ImageSize;
30  ULONG Flags;
31  USHORT LoadOrderIndex;
32  USHORT InitOrderIndex;
33  USHORT LoadCount;
34  USHORT OffsetToFileName;
35  UCHAR FullPathName[256];
36 } RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION;
37 
38 typedef struct _RTL_PROCESS_MODULES {
39  ULONG NumberOfModules;
40  RTL_PROCESS_MODULE_INFORMATION Modules[1];
41 } RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES;
42 
43 #define RZK_DEVICE "\\\\.\\rzk\\"
44 
45 #define IOCTL_CODE(DeviceType, Function, Method, Access) \
46  (((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method))
47 #if 0
48 FILE_DEVICE_UNKNOWN 0x22
49 FILE_READ_ACCESS 1
50 FILE_WRITE_ACCESS 2
51 #endif
52 #define CLOSE_DRIVER IOCTL_CODE(0x22, 0x803, 0, 1 | 2)
53 #define IOCTL_READ_PHYS_MEM IOCTL_CODE(0x22, 0x807, 0, 1 | 2)
54 #define IOCTL_READ_KERNEL_MEM IOCTL_CODE(0x22, 0x804, 0, 1 | 2)
55 #define IOCTL_WRITE_KERNEL_MEM IOCTL_CODE(0x22, 0x805, 0, 1 | 2)
56 #define IOCTL_GET_PHYSADDR IOCTL_CODE(0x22, 0x809, 0, 1 | 2)
57 #define IOCTL_WRITE_PHYS_MEM IOCTL_CODE(0x22, 0x808, 0, 1 | 2)
58 #define IOCTL_GET_SYSTEM_MODULES IOCTL_CODE(0x22, 0x80a, 0, 1 | 2)
59 
60 extern HANDLE gHandleDriver;
61 
62 BOOL StartStopService(LPCTSTR lpServiceName, BOOL bStop);
63 int GetSystemModules(RzIO *io);
64 int ReadKernelMemory(ut64 address, ut8 *buf, int len);
65 int WriteKernelMemory(ut64 address, const ut8 *buf, int len);
66 int Init(const char *driverPath);
67 
68 #endif
len
size_t len
Definition: 6502dis.c:15
PA
struct _PPA PA
gHandleDriver
HANDLE gHandleDriver
Definition: io_rzk_windows.c:8
RTL_PROCESS_MODULES
struct _RTL_PROCESS_MODULES RTL_PROCESS_MODULES
GetSystemModules
int GetSystemModules(RzIO *io)
Definition: io_rzk_windows.c:94
PRTL_PROCESS_MODULES
struct _RTL_PROCESS_MODULES * PRTL_PROCESS_MODULES
RTL_PROCESS_MODULE_INFORMATION
struct _RTL_PROCESS_MODULE_INFORMATION RTL_PROCESS_MODULE_INFORMATION
ReadKernelMemory
int ReadKernelMemory(ut64 address, ut8 *buf, int len)
Definition: io_rzk_windows.c:118
PPA
struct _PPA * PPA
StartStopService
BOOL StartStopService(LPCTSTR lpServiceName, BOOL bStop)
Definition: io_rzk_windows.c:43
WriteKernelMemory
int WriteKernelMemory(ut64 address, const ut8 *buf, int len)
Definition: io_rzk_windows.c:147
PRTL_PROCESS_MODULE_INFORMATION
struct _RTL_PROCESS_MODULE_INFORMATION * PRTL_PROCESS_MODULE_INFORMATION
Init
int Init(const char *driverPath)
Definition: io_rzk_windows.c:175
buf
voidpf void * buf
Definition: ioapi.h:138
ut8
uint8_t ut8
Definition: lh5801.h:11
rz_io.h
rz_lib.h
rz_types.h
rz_util.h
rz_windows.h
RzIOW32::hnd
HANDLE hnd
Definition: io_rzk_windows.h:17
_PPA
Definition: io_rzk_windows.h:19
_PPA::address
LARGE_INTEGER address
Definition: io_rzk_windows.h:20
_PPA::len
DWORD len
Definition: io_rzk_windows.h:21
_PPA::buffer
unsigned char buffer
Definition: io_rzk_windows.h:22
_RTL_PROCESS_MODULES
Definition: io_rzk_windows.h:38
_RTL_PROCESS_MODULES::Modules
RTL_PROCESS_MODULE_INFORMATION Modules[1]
Definition: io_rzk_windows.h:40
_RTL_PROCESS_MODULES::NumberOfModules
ULONG NumberOfModules
Definition: io_rzk_windows.h:39
_RTL_PROCESS_MODULE_INFORMATION
Definition: io_rzk_windows.h:25
_RTL_PROCESS_MODULE_INFORMATION::Flags
ULONG Flags
Definition: io_rzk_windows.h:30
_RTL_PROCESS_MODULE_INFORMATION::ImageBase
PVOID ImageBase
Definition: io_rzk_windows.h:28
_RTL_PROCESS_MODULE_INFORMATION::LoadCount
USHORT LoadCount
Definition: io_rzk_windows.h:33
_RTL_PROCESS_MODULE_INFORMATION::FullPathName
UCHAR FullPathName[256]
Definition: io_rzk_windows.h:35
_RTL_PROCESS_MODULE_INFORMATION::InitOrderIndex
USHORT InitOrderIndex
Definition: io_rzk_windows.h:32
_RTL_PROCESS_MODULE_INFORMATION::MappedBase
PVOID MappedBase
Definition: io_rzk_windows.h:27
_RTL_PROCESS_MODULE_INFORMATION::OffsetToFileName
USHORT OffsetToFileName
Definition: io_rzk_windows.h:34
_RTL_PROCESS_MODULE_INFORMATION::ImageSize
ULONG ImageSize
Definition: io_rzk_windows.h:29
_RTL_PROCESS_MODULE_INFORMATION::LoadOrderIndex
USHORT LoadOrderIndex
Definition: io_rzk_windows.h:31
_RTL_PROCESS_MODULE_INFORMATION::Section
HANDLE Section
Definition: io_rzk_windows.h:26
rz_io_t
Definition: rz_io.h:59
FILE_WRITE_ACCESS
#define FILE_WRITE_ACCESS
Definition: winapi.h:4492
FILE_READ_ACCESS
#define FILE_READ_ACCESS
Definition: winapi.h:4488
HANDLE
DWORD * HANDLE
Definition: windows_debug.h:119
ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()
ULONG
ULONG
Definition: windows_debug.h:124
PVOID
PVOID
Definition: windows_debug.h:124
DWORD
DWORD
Definition: windows_debug.h:119