forked from gentilkiwi/mimikatz
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ioctl.h
67 lines (53 loc) · 4.05 KB
/
ioctl.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
/* Benjamin DELPY `gentilkiwi`
http://blog.gentilkiwi.com
Licence : http://creativecommons.org/licenses/by/3.0/fr/
*/
#define IOCTL_MIMIDRV_RAW CTL_CODE(FILE_DEVICE_UNKNOWN, 0x000, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_PING CTL_CODE(FILE_DEVICE_UNKNOWN, 0x001, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_BSOD CTL_CODE(FILE_DEVICE_UNKNOWN, 0x002, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_DEBUG_BUFFER CTL_CODE(FILE_DEVICE_UNKNOWN, 0x003, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_PROCESS_LIST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x010, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_PROCESS_TOKEN CTL_CODE(FILE_DEVICE_UNKNOWN, 0x011, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_PROCESS_PROTECT CTL_CODE(FILE_DEVICE_UNKNOWN, 0x012, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_PROCESS_FULLPRIV CTL_CODE(FILE_DEVICE_UNKNOWN, 0x013, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_MODULE_LIST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x020, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_SSDT_LIST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x030, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_NOTIFY_PROCESS_LIST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x040, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_NOTIFY_THREAD_LIST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x041, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_NOTIFY_IMAGE_LIST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x042, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_NOTIFY_REG_LIST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x043, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_NOTIFY_OBJECT_LIST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x044, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_NOTIFY_PROCESS_REMOVE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x045, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_NOTIFY_OBJECT_REMOVE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x049, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_FILTER_LIST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x050, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_MINIFILTER_LIST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x051, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_VM_READ CTL_CODE(FILE_DEVICE_UNKNOWN, 0x060, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_VM_WRITE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x061, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_VM_ALLOC CTL_CODE(FILE_DEVICE_UNKNOWN, 0x062, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_VM_FREE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x063, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
#define IOCTL_MIMIDRV_CREATEREMOTETHREAD CTL_CODE(FILE_DEVICE_UNKNOWN, 0x070, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA)
typedef struct _PS_PROTECTION {
UCHAR Type : 3;
UCHAR Audit : 1;
UCHAR Signer: 4;
} PS_PROTECTION, *PPS_PROTECTION;
typedef struct _KIWI_PROCESS_SIGNATURE_PROTECTION {
UCHAR SignatureLevel;
UCHAR SectionSignatureLevel;
PS_PROTECTION Protection;
} KIWI_PROCESS_SIGNATURE_PROTECTION, *PKIWI_PROCESS_SIGNATURE_PROTECTION;
typedef struct _MIMIDRV_PROCESS_PROTECT_INFORMATION {
ULONG processId;
KIWI_PROCESS_SIGNATURE_PROTECTION SignatureProtection;
} MIMIDRV_PROCESS_PROTECT_INFORMATION, *PMIMIDRV_PROCESS_PROTECT_INFORMATION;
typedef struct _MIMIDRV_PROCESS_TOKEN_FROM_TO {
ULONG fromProcessId;
ULONG toProcessId;
} MIMIDRV_PROCESS_TOKEN_FROM_TO, *PMIMIDRV_PROCESS_TOKEN_FROM_TO;
typedef DWORD (NTAPI * PTHREAD_START_ROUTINE)(PVOID lpThreadParameter);
typedef PTHREAD_START_ROUTINE LPTHREAD_START_ROUTINE;
typedef struct _MIMIDRV_THREAD_INFO {
PTHREAD_START_ROUTINE pRoutine;
PVOID pArg;
} MIMIDRV_THREAD_INFO, *PMIMIDRV_THREAD_INFO;