O'Reilly logo

Gray Hat Python by Justin Seitz

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Determining Supported IOCTL Codes

The IOCTL dispatch routine commonly will perform various actions based on the value of the code being passed in to the routine. We want to be able to exercise each of the possible paths that are determined by the IOCTL code, which is why we go to all the trouble of finding these values. Let's first examine what the C source code for a skeleton IOCTL dispatch function would look like, and then we'll see how to decode the assembly to retrieve the IOCTL code values. Example 10-5 shows a typical IOCTL dispatch routine.

Example 10-5. A simplified IOCTL dispatch routine with three supported IOCTL codes (0x1337, 0x1338, 0x1339)

 NTSTATUS IOCTLDispatch( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { ULONG FunctionCode; ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required