Exetools  

Go Back   Exetools > General > General Discussion

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 02-22-2010, 23:39
benina benina is offline
Friend
 
Join Date: Nov 2004
Posts: 47
Rept. Given: 10
Rept. Rcvd 5 Times in 2 Posts
Thanks Given: 13
Thanks Rcvd at 3 Times in 3 Posts
benina Reputation: 5
How to pass the large data in kernel mode to user mode?

Hi
I need to pass the large data in kernel mode to user mode. So, i created a file from kernel mode and write request data to new file.
Do you can show other method for me, please?.Thanz u to help me.
This is my source in kernel mode:
Code:
			
			Status = ZwQuerySystemInformation(
							 _SystemProcessesAndThreadsInformation, pBuffer,0, &cb_x); 
			
			_snprintf(buffer,255,"ROOTKIT: Get var cb_x 1: %4X  \n",cb_x);
      DbgPrint(buffer);	
if (cb_x!=0)
{   
  		pBuffer = ExAllocatePool (NonPagedPool, cb_x); 
			if (pBuffer == NULL) // if memory allocation failed, exit
					{
      		DbgPrint("ROOTKIT: ExAllocatePool failed");
					
			
			
					}
			else
					{
      		DbgPrint("ROOTKIT: ExAllocatePool OK");
      		

					Status = ZwQuerySystemInformation(
					_SystemProcessesAndThreadsInformation, pBuffer, cb_x, &cb_x);

					_snprintf(buffer,255,"ROOTKIT: Get var cb_x 2: %4X  \n",cb_x);
      		DbgPrint(buffer);	
 					};


RtlInitUnicodeString(&g_usFileName,FILE_NAME_TXT);					
InitializeObjectAttributes(&oa, &g_usFileName,
														OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);				
Status_f=ZwCreateFile(&hFile,FILE_WRITE_DATA|SYNCHRONIZE,&oa,&iosb, 0, FILE_ATTRIBUTE_NORMAL, 
                        FILE_SHARE_READ,FILE_OPEN|FILE_CREATE, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0);
                        
if (Status_f == STATUS_SUCCESS)
	{
        DbgPrint("ROOTKIT: File created\n");
        Status_f=ZwWriteFile(hFile, 0, NULL, NULL,&iosb, 
                        pBuffer,cb_x, NULL, NULL);

        ZwClose(hFile);
   }
    else
    	{
    			_snprintf(buffer,255,"ROOTKIT: Can't create file. Status: %08X\n",(ULONG)Status_f );
      		DbgPrint(buffer);
    		
    };
                        
                        
                        
                        
 					
			ExFreePool(pBuffer); // free the memory associated with the buffer 
};

Last edited by benina; 02-22-2010 at 23:50.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hades:Windows kernel driver lets reverse engineers monitor user and kernel mode code sh3dow Source Code 0 05-12-2016 03:15
Use IDA in kernel mode ?? Veyskarami General Discussion 14 02-23-2013 12:38
Kernel-Mode GUI!? (like SoftIce) Cobi General Discussion 1 01-21-2005 02:24
Kernel Mode Driver for NT SPeY General Discussion 12 04-22-2004 15:34


All times are GMT +8. The time now is 15:19.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )