Comments (10)
thomhughes
commented on June 12, 2024
I thought I would add
public struct COPY_MEM
{
public UInt64 localbuf;
public UInt64 targetPtr;
public UInt64 size;
public ulong pid;
public bool write;
}from blackbone.
commented on June 12, 2024
Something like this shoud work
[DllImport("Kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
static extern bool DeviceIoControl(
IntPtr hDevice,
uint IoControlCode,
[MarshalAs(UnmanagedType.AsAny)]
[In] object InBuffer,
int nInBufferSize,
[MarshalAs(UnmanagedType.AsAny)]
[Out] object OutBuffer,
uint nOutBufferSize,
ref int pBytesReturned,
IntPtr Overlapped
);
[DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
static extern IntPtr CreateFile(
[MarshalAs(UnmanagedType.LPTStr)] string filename,
[MarshalAs(UnmanagedType.U4)] FileAccess access,
[MarshalAs(UnmanagedType.U4)] FileShare share,
IntPtr securityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode creationDisposition,
[MarshalAs(UnmanagedType.U4)] FileAttributes flagsAndAttributes,
IntPtr templateFile
);
[DllImport("kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool CloseHandle(IntPtr hObject);
struct COPY_MEM
{
public Int64 localbuf;
public Int64 targetPtr;
public Int64 size;
public int pid;
public byte write;
};
static readonly IntPtr INVALID_HANDLE_VALUE = new IntPtr(-1);
static uint CtlCode(uint DeviceType, uint Function, uint Method, uint Access)
{
return ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method);
}
static void Main(string[] args)
{
var hDrv = CreateFile(
"\\\\.\\Blackbone", FileAccess.ReadWrite,
FileShare.ReadWrite, IntPtr.Zero,
FileMode.Open, FileAttributes.Normal, IntPtr.Zero
);
if (hDrv != INVALID_HANDLE_VALUE)
{
var info = new COPY_MEM();
var buf = new byte[0x1000];
var pinned = GCHandle.Alloc(buf, GCHandleType.Pinned);
info.pid = Process.GetCurrentProcess().Id;
info.size = buf.Length;
info.write = 0;
info.localbuf = pinned.AddrOfPinnedObject().ToInt64();
info.targetPtr = Process.GetCurrentProcess().Modules[0].BaseAddress.ToInt64();
var bytes = 0;
var res = DeviceIoControl(
hDrv,
CtlCode(0x8005, 0x803, 0, 1 | 2),
info, Marshal.SizeOf(info),
null, 0,
ref bytes,
IntPtr.Zero
);
pinned.Free();
CloseHandle(hDrv);
}
}from blackbone.
thomhughes
commented on June 12, 2024
It works but not 100% it gives me PAGE_FAULT_IN_NONPAGED_AREA bluescreen. Do you have any ideas why?
from blackbone.
thomhughes
commented on June 12, 2024
This issue happens in an application such as csgo when you get in game or the round ends. I think it is to do with the pointers updating and the kernel trying to read the old pointer.
from blackbone.
commented on June 12, 2024
Can you upload a BSOD minidump somewhere please?
from blackbone.
thomhughes
commented on June 12, 2024
Ok I will just replicate the issue
from blackbone.
thomhughes
commented on June 12, 2024
http://a.pomf.se/cppczr.rar sysinfo and dump
from blackbone.
thomhughes
commented on June 12, 2024
Do you have any ideas why?
from blackbone.
commented on June 12, 2024
During pointer updates you are passing a wrong pointer to the driver. The pointer belongs to the kernel-space address range and system crashes because there is no reliable way to validate such address. You should do a pointer sanity check before passing it to the driver or use ProbeForRead in the driver itself to protect from reading invalid kernel addresses. But this will completely disable reading from kernel space.
from blackbone.
commented on June 12, 2024
Outdated by now I suppose.
from blackbone.
Related Issues (20)
- Very long initialization "Process thisProc"
- Question
- cannot open file BlackBone.lib HOT 8
- MmapDll MmapDll HOT 1
- Map two DLLs HOT 2
- Attach to blender,and call Init routine crash
- BlackBone copy memory HOT 1
- BlackBone: ManualMap: Failed to get import 'StrChrA' from image 'shlwapi.dll'
- MmapDll Driver
- missing WINVER_10_21H2 offsets. HOT 1
- How to run my c++ code in remote process
- Driver().EnsureLoaded() returns -1073741772 HOT 5
- MapInHighMem HOT 1
- memory leak
- LNK1181 cannot open input file
- blackbone visualstudio 2022 build error HOT 4
- Windows 22H2 support/Windows 11 support HOT 3
- ldasm return value error
- Does not build on VS2022 17.5.4 HOT 6
- BBMMapDriver函数PsCreateSystemThread没有释放句柄
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from blackbone.