正如标题所说,我无法从c++内核驱动程序接收任何东西,尽管我知道输出缓冲区在c++中被正确设置。
c++代码:
PVOID outputBuffer = Irp->UserBuffer;
LONG outputBufferLength = irpStack->Parameters.DeviceIoControl.OutputBufferLength
LONG tempVmFullAccessCount = g_VmFullAccessCount;
KdPrint(("Long size: %dn", sizeof(LONG)));
LONG constValue = 123;
RtlCopyMemory(outputBuffer, &constValue, sizeof(LONG));
information = sizeof(LONG);
KdPrint(("Output buffer value: %dn", *((PLONG)outputBuffer)));
锈代码:
let mut bytes_returned: DWORD = 0;
let mut buffer: [u8; 4] = [0; 4];
let output_buffer = buffer.as_mut_ptr() as PVOID;
let result: BOOL = unsafe {
DeviceIoControl(
h_device,
IOCTL_NOTIFY_USERMODE_APP,
null_mut(),
0,
output_buffer,
size_of::<i32>() as u32,
&mut bytes_returned as *mut DWORD,
null_mut(),
)
};
if result != FALSE {
// Handle the result
println!("Bytes returned: {}", bytes_returned);
println!("VM Full Access Counter: {}", vm_full_access_counter);
println!("Size of i32: {}", size_of::<i32>());
vm_full_access_counter = i32::from_ne_bytes(buffer);
println!("VM Full Access Counter: {}", vm_full_access_counter);
} else {
eprintln!("DeviceIoControl failed. Error: {}", unsafe { winapi::um::errhandlingapi::GetLastError() });
}
output_buffer总是[0,0,0,0]。我尝试了很多方法,比如直接传递变量,而不是传递u8缓冲区
let mut vm_full_access_counter: i32 = 100;
let mut bytes_returned: DWORD = 0;
let result: BOOL = unsafe {
DeviceIoControl(
h_device,
IOCTL_NOTIFY_USERMODE_APP,
null_mut(),
0,
&mut vm_full_access_counter as *mut i32 as PVOID,
size_of::<i32>() as u32,
&mut bytes_returned as *mut DWORD,
null_mut(),
)
};
if result != FALSE {
// Handle the result
println!("Bytes returned: {}", bytes_returned);
println!("VM Full Access Counter: {}", vm_full_access_counter);
println!("Size of i32: {}", size_of::<i32>());
let raw_ptr = &mut vm_full_access_counter as *mut i32;
let value = unsafe { *raw_ptr };
println!("VM Full Access Counter: {}", value);
} else {
eprintln!("DeviceIoControl failed. Error: {}", unsafe { winapi::um::errhandlingapi::GetLastError() });
}
变量/buffer的结果总是0。
几个重要的事情:
- 检查LONG和i32的大小,它们是4字节
- c++中的outputBuffer变量肯定正在写入,内核打印123
- 在Rust中,某些东西正在被写入vm_full_access_counter变量,因为在deviceiocontrol调用后再次记录它时,它不是100。
- 返回的字节数为4
- 我已经尝试添加定时器与Arc &互斥锁和记录缓冲区变量,以确保它没有收到任何延迟的更新,尽管由于#3,这是没有意义的。
修复....
PVOID outputBuffer = Irp->AssociatedIrp.SystemBuffer;
写入的缓冲区类型不正确。