mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-24 20:35:25 +00:00
118 lines
2.9 KiB
C
118 lines
2.9 KiB
C
|
#define DEVICE_NAME L"IOCTLfuzzer"
|
||
|
#define DBG_PIPE_NAME L"IOCTLfuzzer"
|
||
|
#define DBG_PIPE_NAME_A "IOCTLfuzzer"
|
||
|
|
||
|
#define IOCTL_DRV_CONTROL CTL_CODE(FILE_DEVICE_UNKNOWN, 0x01, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
|
||
|
|
||
|
#define S_ERROR 0x00
|
||
|
#define S_SUCCESS 0x01
|
||
|
|
||
|
#define C_ADD_DEVICE 0x01
|
||
|
#define C_ADD_DRIVER 0x02
|
||
|
#define C_ADD_IOCTL 0x03
|
||
|
#define C_ADD_PROCESS 0x04
|
||
|
#define C_SET_OPTIONS 0x05
|
||
|
#define C_GET_DEVICE_INFO 0x06
|
||
|
#define C_CHECK_HOOKS 0x07
|
||
|
#define C_DEL_OPTIONS 0x08
|
||
|
#define C_GET_OBJECT_NAME 0x09
|
||
|
|
||
|
// fuzzing options
|
||
|
#define FUZZ_OPT_LOG_IOCTL 0x00000001
|
||
|
#define FUZZ_OPT_LOG_IOCTL_BUFFERS 0x00000002
|
||
|
#define FUZZ_OPT_LOG_IOCTL_GLOBAL 0x00000004
|
||
|
#define FUZZ_OPT_LOG_EXCEPTIONS 0x00000008
|
||
|
#define FUZZ_OPT_LOG_DEBUG 0x00000010
|
||
|
#define FUZZ_OPT_FUZZ 0x00000020
|
||
|
#define FUZZ_OPT_FUZZ_SIZE 0x00000040
|
||
|
#define FUZZ_OPT_FUZZ_FAIR 0x00000080
|
||
|
#define FUZZ_OPT_FUZZ_BOOT 0x00000100
|
||
|
#define FUZZ_OPT_NO_SDT_HOOKS 0x00000200
|
||
|
|
||
|
typedef ULONG FUZZING_TYPE;
|
||
|
|
||
|
#define FuzzingType_Random 0x00000001
|
||
|
#define FuzzingType_Dword 0x00000002
|
||
|
|
||
|
// area to store some variables, that must located in user mode
|
||
|
#pragma pack(push, 1)
|
||
|
typedef struct _USER_MODE_DATA
|
||
|
{
|
||
|
IO_STATUS_BLOCK IoStatus;
|
||
|
|
||
|
} USER_MODE_DATA,
|
||
|
*PUSER_MODE_DATA;
|
||
|
#pragma pack(pop)
|
||
|
|
||
|
#define MAX_REQUEST_STRING 0x100
|
||
|
|
||
|
#pragma pack(push, 1)
|
||
|
typedef struct _REQUEST_BUFFER
|
||
|
{
|
||
|
// operation status (see S_* definitions)
|
||
|
ULONG Status;
|
||
|
|
||
|
// operation code (see C_* definitions)
|
||
|
ULONG Code;
|
||
|
|
||
|
union
|
||
|
{
|
||
|
struct
|
||
|
{
|
||
|
ULONG Options;
|
||
|
ULONG FuzzThreadId;
|
||
|
FUZZING_TYPE FuzzingType;
|
||
|
PUSER_MODE_DATA UserModeData;
|
||
|
ULONG KiDispatchException_Offset;
|
||
|
|
||
|
} Options;
|
||
|
|
||
|
struct
|
||
|
{
|
||
|
PVOID DeviceObjectAddr;
|
||
|
PVOID DriverObjectAddr;
|
||
|
char szDriverObjectName[MAX_REQUEST_STRING];
|
||
|
char szDriverFilePath[MAX_REQUEST_STRING];
|
||
|
|
||
|
} DeviceInfo;
|
||
|
|
||
|
struct
|
||
|
{
|
||
|
// for C_ADD_IOCTL
|
||
|
ULONG IoctlCode;
|
||
|
|
||
|
// for all C_ADD_*
|
||
|
BOOLEAN bAllow;
|
||
|
|
||
|
// for C_ADD_DEVICE, C_ADD_DRIVER and C_ADD_PROCESS
|
||
|
char szObjectName[MAX_REQUEST_STRING];
|
||
|
|
||
|
/*
|
||
|
If TRUE -- debugger command, that stored in Buff[],
|
||
|
must be executed for every IOCTL, that has been matched
|
||
|
by this object.
|
||
|
*/
|
||
|
BOOLEAN bDbgcbAction;
|
||
|
|
||
|
} AddObject;
|
||
|
|
||
|
struct
|
||
|
{
|
||
|
HANDLE hObject;
|
||
|
char szObjectName[MAX_REQUEST_STRING];
|
||
|
|
||
|
} ObjectName;
|
||
|
|
||
|
struct
|
||
|
{
|
||
|
BOOLEAN bHooksInstalled;
|
||
|
|
||
|
} CheckHooks;
|
||
|
};
|
||
|
|
||
|
char Buff[1];
|
||
|
|
||
|
} REQUEST_BUFFER,
|
||
|
*PREQUEST_BUFFER;
|
||
|
#pragma pack(pop)
|