Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


NtDeviceIoControl IoControlCode Logger with Console Output..

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
BanMe
Master Cheater
Reputation: 0

Joined: 29 Nov 2005
Posts: 375
Location: Farmington NH, USA
PostPosted: Mon Aug 11, 2008 10:55 pm    Post subject: NtDeviceIoControl IoControlCode Logger with Console Output.. Reply with quote
I used NtHookEngine by Daniel Pistelli from code project on this lil tool.. so props to that guy for the nice supplemental engine code..

Code:

#define _CRT_SECURE_NO_WARNINGS
#include <windows.h>
#include <winternl.h>


BOOL (__cdecl *HookFunction)(ULONG_PTR OriginalFunction, ULONG_PTR NewFunction);
VOID (__cdecl *UnhookFunction)(ULONG_PTR Function);
ULONG_PTR (__cdecl *GetOriginalFunction)(ULONG_PTR Hook);

NTSTATUS
NTAPI
NtDeviceIoControlFile_Hook(         
   HANDLE FileHandle,
    HANDLE Event,
    PIO_APC_ROUTINE ApcRoutine,
    PVOID ApcContext,
    PIO_STATUS_BLOCK IoStatusBlock,
    ULONG IoControlCode,
    PVOID InputBuffer,
    ULONG InputBufferLength,
    PVOID OutputBuffer,
    ULONG OutputBufferLength
);
BOOL APIENTRY DllMain( HMODULE hModule, DWORD dwReason, LPVOID lpvReserved )
{
   HMODULE hHookEngineDll = LoadLibrary(L"NtHookEngine.dll");

   HookFunction = (BOOL (__cdecl *)(ULONG_PTR, ULONG_PTR))
      GetProcAddress(hHookEngineDll, "HookFunction");

   UnhookFunction = (VOID (__cdecl *)(ULONG_PTR))
      GetProcAddress(hHookEngineDll, "UnhookFunction");

   GetOriginalFunction = (ULONG_PTR (__cdecl *)(ULONG_PTR))
      GetProcAddress(hHookEngineDll, "GetOriginalFunction");

   if (HookFunction == NULL || UnhookFunction == NULL ||
      GetOriginalFunction == NULL)
      return 0;

   
   switch( dwReason )
   {
   case DLL_PROCESS_ATTACH:
      HookFunction((ULONG_PTR) GetProcAddress(LoadLibrary(L"ntdll.dll"),
      "NtDeviceIoControlFile"),(ULONG_PTR) &NtDeviceIoControlFile_Hook);
      break;
   case DLL_PROCESS_DETACH:
      UnhookFunction((ULONG_PTR) GetProcAddress(LoadLibrary(L"ntdll.dll"),
      "NtDeviceIoControlFile"));
      break;
   case DLL_THREAD_ATTACH:
      break;
   case DLL_THREAD_DETACH:
      break;
   }
   return true;
}

int Alloc = 0;
NTSTATUS
NTAPI
NtDeviceIoControlFile_Hook(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine,
    PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, ULONG IoControlCode,PVOID InputBuffer,
    ULONG InputBufferLength,PVOID OutputBuffer,ULONG OutputBufferLength)
{
NTSTATUS (NTAPI * pNtDeviceIoControlFile)(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,ULONG,PVOID,ULONG,PVOID,ULONG);
char string[255] = {0};
DWORD Written;
HANDLE Output = INVALID_HANDLE_VALUE;
if(Alloc == 0)
{
   if(AllocConsole())
   {
      Alloc = 1;
      Output = GetStdHandle(STD_OUTPUT_HANDLE);
      if(Output != INVALID_HANDLE_VALUE)
      {
         SetConsoleTitle(L"IOCTL Dialog");
         SetConsoleTextAttribute(Output,0x4);
         sprintf((char*)string,"IoControlCode: %x FileHandle: %x \n",IoControlCode,FileHandle);
         WriteConsoleA(Output,(void *)&string, (DWORD)strlen(string),&Written,0);
      }
   }
}
else
{
   Output = GetStdHandle(STD_OUTPUT_HANDLE);
   if(Output != INVALID_HANDLE_VALUE)
   {
      sprintf((char*)string,"IoControlCode: %x FileHandle: %x \n",IoControlCode,FileHandle);
      WriteConsoleA(Output,(void *)&string, (DWORD)strlen(string),&Written,0);
   }
}
pNtDeviceIoControlFile = (NTSTATUS (NTAPI *)(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,ULONG,PVOID,ULONG,PVOID,ULONG))
   GetOriginalFunction((ULONG_PTR)NtDeviceIoControlFile_Hook);
return pNtDeviceIoControlFile(FileHandle,Event,ApcRoutine,ApcContext,IoStatusBlock,IoControlCode,InputBuffer,InputBufferLength,OutputBuffer,OutputBufferLength);
}


anyone like dislike this?

any requested changes or bug tweaks you guys see ?

all feedback welcome Very Happy

Greets BanMe

The Extension 'zip' was deactivated by an board admin, therefore this Attachment is not displayed.
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites