public static Boolean MsIoUnmapMemory(IntPtr hDriver, APIDef.MSIO_PHYSICAL_MEMORY_INFO MemMapInfo)
{
IntPtr pMpmi = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(APIDef.MSIO_PHYSICAL_MEMORY_INFO)));
APIDef.RtlZeroMemory(pMpmi, Marshal.SizeOf(typeof(APIDef.MSIO_PHYSICAL_MEMORY_INFO)));
Marshal.StructureToPtr(MemMapInfo, pMpmi, true);
APIDef.IO_STATUS_BLOCK isb = new APIDef.IO_STATUS_BLOCK();
UInt32 CallRes = APIDef.NtDeviceIoControlFile(
hDriver,
IntPtr.Zero,
IntPtr.Zero,
IntPtr.Zero,
ref isb,
APIDef.IOCTL_MSIO_UNMAPPHYSADDR,
pMpmi,
(UInt32)Marshal.SizeOf(typeof(APIDef.MSIO_PHYSICAL_MEMORY_INFO)),
pMpmi,
(UInt32)Marshal.SizeOf(typeof(APIDef.MSIO_PHYSICAL_MEMORY_INFO)));
// Free alloc
Marshal.FreeHGlobal(pMpmi);
if (CallRes != APIDef.NTSTATUS_STATUS_SUCCESS)
{
return(false);
}
else
{
return(true);
}
}
public static IntPtr GetDriverHandle()
{
if (!Wrapper.IsMsIoLoaded())
{
Console.WriteLine("[!] MsIo driver is not currently loaded..");
return(IntPtr.Zero);
}
APIDef.UNICODE_STRING ObjectName = new APIDef.UNICODE_STRING();
APIDef.RtlInitUnicodeString(ref ObjectName, ("\\DosDevices\\MsIo"));
IntPtr pObjectName = Marshal.AllocHGlobal(Marshal.SizeOf(ObjectName));
Marshal.StructureToPtr(ObjectName, pObjectName, true);
APIDef.OBJECT_ATTRIBUTES objectAttributes = new APIDef.OBJECT_ATTRIBUTES();
objectAttributes.Length = Marshal.SizeOf(objectAttributes);
objectAttributes.ObjectName = pObjectName;
objectAttributes.Attributes = 0x40; // OBJ_CASE_INSENSITIVE
APIDef.IO_STATUS_BLOCK ioStatusBlock = new APIDef.IO_STATUS_BLOCK();
IntPtr hDriver = IntPtr.Zero;
UInt32 CallRes = APIDef.NtCreateFile(ref hDriver, (UInt32)(APIDef.FileAccessFlags.WRITE_DAC | APIDef.FileAccessFlags.FILE_GENERIC_READ | APIDef.FileAccessFlags.FILE_GENERIC_WRITE), ref objectAttributes, ref ioStatusBlock, IntPtr.Zero, 0, 0, 0x1, 0, IntPtr.Zero, 0);
if (CallRes == APIDef.NTSTATUS_STATUS_ACCESS_DENIED)
{
Console.WriteLine("[!] STATUS_ACCESS_DENIED : You must run VirtToPhys as Administrator..");
return(IntPtr.Zero);
}
else
{
if (CallRes == APIDef.NTSTATUS_STATUS_SUCCESS)
{
return(hDriver);
}
else
{
Console.WriteLine("[!] Failed to get device handle : " + string.Format("{0:X}", CallRes));
return(IntPtr.Zero);
}
}
}
public static APIDef.MSIO_PHYSICAL_MEMORY_INFO MsIoAllocatePhysicalMemory(IntPtr hDriver, IntPtr BaseAddress, UInt32 Size)
{
APIDef.MSIO_PHYSICAL_MEMORY_INFO mpmi = new APIDef.MSIO_PHYSICAL_MEMORY_INFO();
mpmi.ViewSize = (UIntPtr)(BaseAddress.ToInt64() + Size);
IntPtr pMpmi = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(APIDef.MSIO_PHYSICAL_MEMORY_INFO)));
APIDef.RtlZeroMemory(pMpmi, Marshal.SizeOf(typeof(APIDef.MSIO_PHYSICAL_MEMORY_INFO)));
Marshal.StructureToPtr(mpmi, pMpmi, true);
APIDef.IO_STATUS_BLOCK isb = new APIDef.IO_STATUS_BLOCK();
UInt32 CallRes = APIDef.NtDeviceIoControlFile(
hDriver,
IntPtr.Zero,
IntPtr.Zero,
IntPtr.Zero,
ref isb,
APIDef.IOCTL_MSIO_MAPPHYSTOLIN,
pMpmi,
(UInt32)Marshal.SizeOf(typeof(APIDef.MSIO_PHYSICAL_MEMORY_INFO)),
pMpmi,
(UInt32)Marshal.SizeOf(typeof(APIDef.MSIO_PHYSICAL_MEMORY_INFO)));
if (CallRes != APIDef.NTSTATUS_STATUS_SUCCESS)
{
// Free alloc
Marshal.FreeHGlobal(pMpmi);
// Make sure baseaddress is null
mpmi.BaseAddess = IntPtr.Zero;
return(mpmi);
}
else
{
// Ptr->Struct
mpmi = (APIDef.MSIO_PHYSICAL_MEMORY_INFO)Marshal.PtrToStructure(pMpmi, typeof(APIDef.MSIO_PHYSICAL_MEMORY_INFO));
// Free alloc
Marshal.FreeHGlobal(pMpmi);
return(mpmi);
}
}