:00011528 55 push ebp
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:000114C6(C)
|
:00011529 8BEC mov ebp, esp
:0001152B 53 push ebx
:0001152C 56 push esi
:0001152D 57 push edi
:0001152E 6808110100 push 00011108
:00011533 33DB xor ebx, ebx
:00011535 33F6 xor esi, esi
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:00011537 E884060000 Call 00011BC0
:0001153C 59 pop ecx
:0001153D 8B4D08 mov ecx, dword ptr [ebp+08]
:00011540 B8F82E00FA mov eax, FA002EF8
:00011545 3BC8 cmp ecx, eax
:00011547 0F8722020000 ja 0001176F
:0001154D 0F84E8010000 je 0001173B
:00011553 81F9E02E00FA cmp ecx, FA002EE0
:00011559 0F848A010000 je 000116E9
:0001155F 81F9E42E00FA cmp ecx, FA002EE4
:00011565 0F8418010000 je 00011683
:0001156B 81F9E82E00FA cmp ecx, FA002EE8
:00011571 0F84DE000000 je 00011655
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001150C(C)
|
:00011577 81F9EC2E00FA cmp ecx, FA002EEC
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001151A(C)
|
:0001157D 0F8487000000 je 0001160A
:00011583 81F9F02E00FA cmp ecx, FA002EF0
:00011589 7439 je 000115C4
:0001158B 81F9F42E00FA cmp ecx, FA002EF4
:00011591 0F850C020000 jne 000117A3
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_PORT_WR"
->"ITE
"
|
:00011597 6830110100 push 00011130
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:0001159C E81F060000 Call 00011BC0
:000115A1 395D0C cmp dword ptr [ebp+0C], ebx
:000115A4 59 pop ecx
:000115A5 7413 je 000115BA
:000115A7 837D1010 cmp dword ptr [ebp+10], 00000010
:000115AB 720D jb 000115BA
:000115AD FF750C push [ebp+0C]
:000115B0 E89DF6FFFF call 00010C52
:000115B5 E9BF020000 jmp 00011879
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:000115A5(C), :000115AB(C)
|
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: Invalid Buffer
"
|
:000115BA 6864110100 push 00011164
:000115BF E9C3020000 jmp 00011887
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00011589(C)
|
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_PORT_RE"
->"AD
"
|
:000115C4 6884110100 push 00011184
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:000115C9 E8F2050000 Call 00011BC0
:000115CE 395D14 cmp dword ptr [ebp+14], ebx
:000115D1 59 pop ecx
:000115D2 742C je 00011600
:000115D4 395D0C cmp dword ptr [ebp+0C], ebx
:000115D7 7427 je 00011600
:000115D9 8B4518 mov eax, dword ptr [ebp+18]
:000115DC 3B4510 cmp eax, dword ptr [ebp+10]
:000115DF 6A10 push 00000010
:000115E1 5B pop ebx
:000115E2 7404 je 000115E8
:000115E4 3BC3 cmp eax, ebx
:000115E6 7218 jb 00011600
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:000115E2(C)
|
:000115E8 FF750C push [ebp+0C]
:000115EB E860F5FFFF call 00010B50
:000115F0 8BF0 mov esi, eax
:000115F2 85F6 test esi, esi
:000115F4 0F85FA020000 jne 000118F4
:000115FA 53 push ebx
:000115FB FF750C push [ebp+0C]
:000115FE EB3F jmp 0001163F
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:000115D2(C), :000115D7(C), :000115E6(C)
|
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: Invalid Buffer
"
|
:00011600 68B8110100 push 000111B8
:00011605 E97D020000 jmp 00011887
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001157D(C)
|
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_UNMAP
"
|
:0001160A 68D8110100 push 000111D8
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:0001160F E8AC050000 Call 00011BC0
:00011614 8B7D0C mov edi, dword ptr [ebp+0C]
:00011617 3BFB cmp edi, ebx
:00011619 59 pop ecx
:0001161A 750A jne 00011626
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: Invalid Buffer
"
|
:0001161C 6808120100 push 00011208
:00011621 E961020000 jmp 00011887
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001161A(C)
|
:00011626 FF770C push [edi+0C]
:00011629 FF37 push dword ptr [edi]
:0001162B E824FAFFFF call 00011054
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00011681(U)
|
:00011630 8BF0 mov esi, eax
:00011632 3BF3 cmp esi, ebx
:00011634 0F85BA020000 jne 000118F4
:0001163A 6A10 push 00000010
:0001163C 5B pop ebx
:0001163D 53 push ebx
:0001163E 57 push edi
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:000115FE(U)
|
:0001163F 8B451C mov eax, dword ptr [ebp+1C]
:00011642 8918 mov dword ptr [eax], ebx
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001172C(U)
|
:00011644 FF7514 push [ebp+14]
* Reference To: ntoskrnl.memmove, Ord:04A3h
|
:00011647 FF15DC020100 Call dword ptr [000102DC]
:0001164D 83C40C add esp, 0000000C
:00011650 E99F020000 jmp 000118F4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00011571(C)
|
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_PHY_TO_"
->"VIRTUAL
"
|
:00011655 6828120100 push 00011228
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:0001165A E861050000 Call 00011BC0
:0001165F 8B7D0C mov edi, dword ptr [ebp+0C]
:00011662 3BFB cmp edi, ebx
:00011664 59 pop ecx
:00011665 750A jne 00011671
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: Invalid Buffer
"
|
:00011667 6860120100 push 00011260
:0001166C E916020000 jmp 00011887
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00011665(C)
|
:00011671 57 push edi
:00011672 8D470C lea eax, dword ptr [edi+0C]
:00011675 50 push eax
:00011676 FF7704 push [edi+04]
:00011679 FF7708 push [edi+08]
:0001167C E8E3F7FFFF call 00010E64
:00011681 EBAD jmp 00011630
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00011565(C)
|
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_DEALLOC"
->"_BUFFER
"
|
:00011683 6880120100 push 00011280
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:00011688 E833050000 Call 00011BC0
:0001168D 8B750C mov esi, dword ptr [ebp+0C]
:00011690 3BF3 cmp esi, ebx
:00011692 59 pop ecx
:00011693 750A jne 0001169F
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: Invalid Buffer
"
|
:00011695 68B8120100 push 000112B8
:0001169A E9E8010000 jmp 00011887
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00011693(C)
|
:0001169F FF760C push [esi+0C]
:000116A2 0FB64618 movzx eax, byte ptr [esi+18]
:000116A6 FF7614 push [esi+14]
:000116A9 50 push eax
* Possible StringData Ref from Code Obj ->"***ucIsMDL : %X ulLow = %X pHandle "
->": %X
"
|
:000116AA 68D8120100 push 000112D8
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:000116AF E80C050000 Call 00011BC0
:000116B4 83C410 add esp, 00000010
:000116B7 807E1800 cmp byte ptr [esi+18], 00
:000116BB 740E je 000116CB
:000116BD FF7520 push [ebp+20]
:000116C0 56 push esi
:000116C1 E8F6EFFFFF call 000106BC
:000116C6 E9AE010000 jmp 00011879
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:000116BB(C)
|
:000116CB 8B760C mov esi, dword ptr [esi+0C]
:000116CE 56 push esi
* Possible StringData Ref from Code Obj ->"***pHandle : %X
"
|
:000116CF 6804130100 push 00011304
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:000116D4 E8E7040000 Call 00011BC0
:000116D9 59 pop ecx
:000116DA 59 pop ecx
:000116DB 56 push esi
* Reference To: ntoskrnl.MmFreeContiguousMemory, Ord:023Dh
|
:000116DC FF1500030100 Call dword ptr [00010300]
:000116E2 33F6 xor esi, esi
:000116E4 E992010000 jmp 0001187B
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00011559(C)
|
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_ALLOC_B"
->"UFFER
"
|
:000116E9 6818130100 push 00011318
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:000116EE E8CD040000 Call 00011BC0
:000116F3 395D14 cmp dword ptr [ebp+14], ebx
:000116F6 59 pop ecx
:000116F7 7438 je 00011731
:000116F9 395D0C cmp dword ptr [ebp+0C], ebx
:000116FC 7433 je 00011731
:000116FE 8B4518 mov eax, dword ptr [ebp+18]
:00011701 3B4510 cmp eax, dword ptr [ebp+10]
:00011704 7405 je 0001170B
:00011706 83F810 cmp eax, 00000010
:00011709 7226 jb 00011731
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00011704(C)
|
:0001170B FF7520 push [ebp+20]
:0001170E FF750C push [ebp+0C]
:00011711 E870EDFFFF call 00010486
:00011716 8BF0 mov esi, eax
:00011718 3BF3 cmp esi, ebx
:0001171A 0F85D4010000 jne 000118F4
:00011720 8B4D1C mov ecx, dword ptr [ebp+1C]
:00011723 6A19 push 00000019
:00011725 58 pop eax
:00011726 8901 mov dword ptr [ecx], eax
:00011728 50 push eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00011763(U)
|
:00011729 FF750C push [ebp+0C]
:0001172C E913FFFFFF jmp 00011644
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:000116F7(C), :000116FC(C), :00011709(C)
|
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: Invalid Buffer
"
|
:00011731 6850130100 push 00011350
:00011736 E94C010000 jmp 00011887
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001154D(C)
|
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_PORT_DM"
->"IACCESS
"
|
:0001173B 6870130100 push 00011370
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:00011740 E87B040000 Call 00011BC0
:00011745 395D0C cmp dword ptr [ebp+0C], ebx
:00011748 59 pop ecx
:00011749 741A je 00011765
:0001174B 6A1E push 0000001E
:0001174D 5F pop edi
:0001174E 397D10 cmp dword ptr [ebp+10], edi
:00011751 7212 jb 00011765
:00011753 FF750C push [ebp+0C]
:00011756 E81BF3FFFF call 00010A76
:0001175B 8BF0 mov esi, eax
:0001175D 8B451C mov eax, dword ptr [ebp+1C]
:00011760 8938 mov dword ptr [eax], edi
:00011762 57 push edi
:00011763 EBC4 jmp 00011729
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00011749(C), :00011751(C)
|
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: Invalid Buffer
"
|
:00011765 68A8130100 push 000113A8
:0001176A E918010000 jmp 00011887
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00011547(C)
|
:0001176F 81F9FC2E00FA cmp ecx, FA002EFC
:00011775 0F8440010000 je 000118BB
:0001177B 81F9002F00FA cmp ecx, FA002F00
:00011781 0F840D010000 je 00011894
:00011787 81F9042F00FA cmp ecx, FA002F04
:0001178D 0F84C8000000 je 0001185B
:00011793 81F9082F00FA cmp ecx, FA002F08
:00011799 746A je 00011805
:0001179B 81F90C2F00FA cmp ecx, FA002F0C
:000117A1 7415 je 000117B8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00011591(C)
|
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS:Unknown IoctlCode
"
|
:000117A3 68C8130100 push 000113C8
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:000117A8 E813040000 Call 00011BC0
:000117AD 59 pop ecx
:000117AE BE0D0000C0 mov esi, C000000D
:000117B3 E93C010000 jmp 000118F4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:000117A1(C)
|
* Possible StringData Ref from Code Obj ->"IOCTL_WINIO_DISABLEDIRECTIO"
|
:000117B8 68EC130100 push 000113EC
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:000117BD E8FE030000 Call 00011BC0
:000117C2 391DE01B0100 cmp dword ptr [00011BE0], ebx
:000117C8 59 pop ecx
:000117C9 0F8425010000 je 000118F4
:000117CF 53 push ebx
* Reference To: ntoskrnl.IoGetCurrentProcess, Ord:013Ah
|
:000117D0 FF15D8020100 Call dword ptr [000102D8]
:000117D6 50 push eax
* Reference To: ntoskrnl.Ke386IoSetAccessProcess, Ord:019Fh
|
:000117D7 E8F0030000 Call 00011BCC
:000117DC FF35E01B0100 push dword ptr [00011BE0]
:000117E2 6A01 push 00000001
* Reference To: ntoskrnl.Ke386SetIoAccessMap, Ord:01A1h
|
:000117E4 E8DD030000 Call 00011BC6
:000117E9 6800200000 push 00002000
:000117EE FF35E01B0100 push dword ptr [00011BE0]
* Reference To: ntoskrnl.MmFreeNonCachedMemory, Ord:023Fh
|
:000117F4 FF15CC020100 Call dword ptr [000102CC]
:000117FA 891DE01B0100 mov dword ptr [00011BE0], ebx
:00011800 E9EF000000 jmp 000118F4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00011799(C)
|
* Possible StringData Ref from Code Obj ->"IOCTL_WINIO_ENABLEDIRECTIO"
|
:00011805 6808140100 push 00011408
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:0001180A E8B1030000 Call 00011BC0
:0001180F C7042400200000 mov dword ptr [esp], 00002000
* Reference To: ntoskrnl.MmAllocateNonCachedMemory, Ord:0234h
|
:00011816 FF15C8020100 Call dword ptr [000102C8]
:0001181C 8BF8 mov edi, eax
:0001181E 3BFB cmp edi, ebx
:00011820 893DE01B0100 mov dword ptr [00011BE0], edi
:00011826 7429 je 00011851
:00011828 33C0 xor eax, eax
:0001182A B900080000 mov ecx, 00000800
:0001182F 6A01 push 00000001
:00011831 F3 repz
:00011832 AB stosd
* Reference To: ntoskrnl.IoGetCurrentProcess, Ord:013Ah
|
:00011833 FF15D8020100 Call dword ptr [000102D8]
:00011839 50 push eax
* Reference To: ntoskrnl.Ke386IoSetAccessProcess, Ord:019Fh
|
:0001183A E88D030000 Call 00011BCC
:0001183F FF35E01B0100 push dword ptr [00011BE0]
:00011845 6A01 push 00000001
* Reference To: ntoskrnl.Ke386SetIoAccessMap, Ord:01A1h
|
:00011847 E87A030000 Call 00011BC6
:0001184C E9A3000000 jmp 000118F4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00011826(C)
|
:00011851 BE9A0000C0 mov esi, C000009A
:00011856 E999000000 jmp 000118F4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0001178D(C)
|
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_FIX_CAL"
->"LGATE
"
|
:0001185B 6824140100 push 00011424
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:00011860 E85B030000 Call 00011BC0
:00011865 395D0C cmp dword ptr [ebp+0C], ebx
:00011868 59 pop ecx
:00011869 7417 je 00011882
:0001186B 837D100E cmp dword ptr [ebp+10], 0000000E
:0001186F 7211 jb 00011882
:00011871 FF750C push [ebp+0C]
:00011874 E8BFEFFFFF call 00010838
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:000115B5(U), :000116C6(U), :000118B2(U)
|
:00011879 8BF0 mov esi, eax
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:000116E4(U)
|
:0001187B 8B451C mov eax, dword ptr [ebp+1C]
:0001187E 8918 mov dword ptr [eax], ebx
:00011880 EB72 jmp 000118F4
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00011869(C), :0001186F(C)
|
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: Invalid Buffer
"
|
:00011882 685C140100 push 0001145C
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:000115BF(U), :00011605(U), :00011621(U), :0001166C(U), :0001169A(U)
|:00011736(U), :0001176A(U), :000118B9(U), :000118DA(U)
|
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:00011887 E834030000 Call 00011BC0
:0001188C 59 pop ecx
:0001188D BE060200C0 mov esi, C0000206
:00011892 EB60 jmp 000118F4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00011781(C)
|
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_FIX_SEL"
->"ECTOR
"
|
:00011894 687C140100 push 0001147C
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:00011899 E822030000 Call 00011BC0
:0001189E 395D0C cmp dword ptr [ebp+0C], ebx
:000118A1 59 pop ecx
:000118A2 7410 je 000118B4
:000118A4 837D100C cmp dword ptr [ebp+10], 0000000C
:000118A8 720A jb 000118B4
:000118AA FF750C push [ebp+0C]
:000118AD E8BAEEFFFF call 0001076C
:000118B2 EBC5 jmp 00011879
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:000118A2(C), :000118A8(C)
|
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: Invalid Buffer
"
|
:000118B4 68B4140100 push 000114B4
:000118B9 EBCC jmp 00011887
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00011775(C)
|
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_GET_VER"
->"SION
"
|
:000118BB 68D4140100 push 000114D4
* Reference To: ntoskrnl.DbgPrint, Ord:002Dh
|
:000118C0 E8FB020000 Call 00011BC0
:000118C5 8B4514 mov eax, dword ptr [ebp+14]
:000118C8 3BC3 cmp eax, ebx
:000118CA 59 pop ecx
:000118CB 6A06 push 00000006
:000118CD 59 pop ecx
:000118CE 750C jne 000118DC
:000118D0 394D18 cmp dword ptr [ebp+18], ecx
:000118D3 7307 jnb 000118DC
* Possible StringData Ref from Code Obj ->"GenericDrv.SYS: Invalid Buffer
"
|
:000118D5 6808150100 push 00011508
:000118DA EBAB jmp 00011887
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:000118CE(C), :000118D3(C)
|
:000118DC 66C7000100 mov word ptr [eax], 0001
:000118E1 66C740020400 mov [eax+02], 0004
:000118E7 66C740040100 mov [eax+04], 0001
:000118ED 8B451C mov eax, dword ptr [ebp+1C]
:000118F0 8908 mov dword ptr [eax], ecx
:000118F2 33F6 xor esi, esi
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:000115F4(C), :00011634(C), :00011650(U), :0001171A(C), :000117B3(U)
|:000117C9(C), :00011800(U), :0001184C(U), :00011856(U), :00011880(U)
|:00011892(U)
|
:000118F4 5F pop edi
:000118F5 8BC6 mov eax, esi
:000118F7 5E pop esi
:000118F8 5B pop ebx
:000118F9 5D pop ebp
:000118FA C21C00 ret 001C
NTSTATUS __stdcall fun1(POINTER_ALIGNMENT IoControlCode, //ebp+0x8
PVOID SystemBuffer, //ebp+0xc
ULONG POINTER_ALIGNMENT InputBufferLength,//ebp+0x10
PVOID SystemBuffer1, //ebp+0x14
ULONG OutputBufferLength, //ebp+0x18
PULONG irp, //ebp+0x1c
PVOID DeviceExtension //ebp+0x20
)
{
int rete=0;
switch(IoControlCode)
{
case 0xFA002EF8:
{
DbgPrint("GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_PORT_DM");
if((SystemBuffer==NULL)||((InputBufferLength < 0x1E)))
{
DbgPrint("GenericDrv.SYS: Invalid Buffer");
return 0xC0000206;
}
else
{
rete=call 10A76 fun9(SystemBuffer);
*irp=0x1E;
memmove(SystemBuffer1,SystemBuffer);//[ebp+14],[ebp+0C]
return rete;
}
}
case 0xFA002EE0:
{
DbgPrint("GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_ALLOC_B");
if((SystemBuffer1==NULL)||(SystemBuffer==NULL))
{
DbgPrint((short*)0x11350);
return 0xC0000206;
}
if(OutputBufferLength==InputBufferLength)
{
rete=call 10486 fun8(SystemBuffer,DeviceExtension);
if(rete==0)
{
*irp=0x19;
memmove(SystemBuffer1,SystemBuffer);//[ebp+14],[ebp+0C]
}
return rete;
}
case 0xFA002EE4:
{
DbgPrint("GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_DEALLOC");
if(SystemBuffer!=NULL)
{
DbgPrint("***ucIsMDL : %X ulLow = %X pHandle ");
if(0==*(PCHAR)((ULONG)SystemBuffer+0x18))
{
DbgPrint("***pHandle : %X");
MmFreeContiguousMemory(*(PULONG)((ULONG)SystemBuffer+0xc));
*irp=0;
return 0;
}
else
{
rete=call 106BC fun7(esi,DeviceExtension);
*irp=0;
return rete;
}
}
else
{
DbgPrint("GenericDrv.SYS: Invalid Buffer");
return 0xC0000206;
}
}
case 0xFA002EE8:
{
DbgPrint("GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_PHY_TO_");
if(SystemBuffer!=NULL)
{
rete=call 10E64 fun6(*(PULONG)((ULONG)SystemBuffer+0x8),
*(PULONG)((ULONG)SystemBuffer+0x4),
(ULONG)SystemBuffer+0xc,SystemBuffer);
if(rete==0)
{
*irp=0x10;
memmove(SystemBuffer1,SystemBuffer);//[ebp+14],edi
}
return rete;
}
}
case 0xFA002EEC:
{
DbgPrint("GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_UNMAP");
if(SystemBuffer!=NULL)
{
rete=call 0x11054 fun4(*(PULONG)(SystemBuffer),SystemBuffer);
if(rete==0)
{
*irp=0x10;
memmove(SystemBuffer1,SystemBuffer);//[ebp+14],edi
}
return rete;
}
else
{
DbgPrint("GenericDrv.SYS: Invalid Buffer");
return 0xC0000206;
}
}
case 0xFA002EF0:
{
DbgPrint("GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_PORT_RE");
if((NULL==SystemBuffer1)||(NULL==SystemBuffer))
{
DbgPrint("GenericDrv.SYS: Invalid Buffer");
return 0xC0000206;
}
if(OutputBufferLength==InputBufferLength)
{
rete= call 00010B50 fun3(SystemBuffer);
if(rete==0)
{
*irp=0x10;
memmove(SystemBuffer1,SystemBuffer);//[ebp+14],[ebp+0C]
}
return rete;
}
}
default:
{
if(IoControlCode> 0xFA002EF8)
{
switch(IoControlCode)
{
case 0xFA002EFC:{
DbgPrint("GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_GET_VER");
if((SystemBuffer1!=NULL)||(OutputBufferLength > 0x6))
{
*(short*)(SystemBuffer1)=1;
*(short*)((ULONG)SystemBuffer1+2)=4;
*(short*)((ULONG)SystemBuffer1+4)=1;
*irp=0x6;
return 0;
}
else
{
DbgPrint("GenericDrv.SYS: Invalid Buffer");
return 0xC0000206;
}
}
case 0xFA002F00:{
DbgPrint("GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_FIX_SEL");
if((SystemBuffer==ebx)||(InputBufferLength<0xc))
{
DbgPrint("GenericDrv.SYS: Invalid Buffer");
return 0xC0000206;
}
else
{
rete=call 1076C fun11(SystemBuffer);
*irp=0;
return rete;
}
}
case 0xFA002F04:{
DbgPrint("GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_FIX_CAL");
if((SystemBuffer==NULL)||(InputBufferLength<0xe))
{
DbgPrint("GenericDrv.SYS: Invalid Buffer");
return 0xC0000206;
}
else
{
rete=call 10838 fun10(SystemBuffer);
*irp=0;
return rete;
}
}
case 0xFA002F08:{
DbgPrint("IOCTL_WINIO_ENABLEDIRECTIO");
rete=call MmAllocateNonCachedMemory(0x2000);
*(PULONG)0x11BE=rete;
if(rete!=0)
{
for(int i=0;i<0x800;i++)
{
*(PULONG)(rete)=0;
rete+=4;
}
rete=IoGetCurrentProcess();
rete=Ke386IoSetAccessProcess(rete,1);
Ke386SetIoAccessMap(1,*(PULONG)0x11BE0);
return 0;
}
return 0xC000009A;
}
case 0xFA002F0C:{
{
DbgPrint("IOCTL_WINIO_DISABLEDIRECTIO");
if(*(PULONG)0x11BE0!=0)
{
rete=IoGetCurrentProcess();
rete=Ke386IoSetAccessProcess(rete,0);
Ke386SetIoAccessMap(1,*(PULONG)0x11BE0);
MmFreeNonCachedMemory(*(PULONG)0x11BE0,2);
*(PULONG)(0x11BE0)=0;
}
return 0;
}
}
default:
{
DbgPrint("GenericDrv.SYS:Unknown IoctlCode");
return 0xC000000D;
}
}
}
if(IoControlCode!=0xFA002EF4)
{
DbgPrint("GenericDrv.SYS:Unknown IoctlCode");
return 0xC000000D;
}
DbgPrint("GenericDrv.SYS: IoCtl IOCTL_GENERICDRV_PORT_WR");
if((NULL==SystemBuffer)||(InputBufferLength<0x10))
{
DbgPrint("GenericDrv.SYS: Invalid Buffer");
return 0xC0000206;
}
rete=call 10C52 fun2(SystemBuffer);
*irp=0;
return rete;
}
}
}
738
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
