forked from Alex3434/wmi-static-spoofer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
info.txt
105 lines (93 loc) · 3.3 KB
/
info.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
1) Download windows sdk (windbg only) https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/
2) Enable kernel debug cmd:
bcdedit /debug on
3) Reboot
cd C:\Program Files (x86)\Windows Kits\10\Debuggers\x64
windbg -kl
==========================================
lkd> dt storport!_RAID_UNIT_EXTENSION -b
+0x000 ObjectType :
RaidUnknownObject = 0n-1
RaidAdapterObject = 0n0
RaidUnitObject = 0n1
RaidDriverObject = 0n2
+0x008 DeviceObject : Ptr64
+0x010 UnitExtension : Ptr64
+0x018 Adapter : Ptr64
+0x020 PerProcessorData : Ptr64
+0x028 SlowLock : Uint8B
+0x030 DeviceState :
DeviceStateNotPresent = 0n0
DeviceStateWorking = 0n1
DeviceStateStopped = 0n2
DeviceStatePendingStop = 0n3
DeviceStatePendingRemove = 0n4
DeviceStateSurpriseRemoval = 0n5
DeviceStateDeleted = 0n6
DeviceStateDisabled = 0n7
DeviceStateNoResource = 0n8
+0x038 NextUnit : _LIST_ENTRY
+0x000 Flink : Ptr64
+0x008 Blink : Ptr64
+0x048 UnitTableLink : _LIST_ENTRY
+0x000 Flink : Ptr64
+0x008 Blink : Ptr64
+0x058 StorAddressBTL8 : _STOR_ADDR_BTL8
+0x000 Type : Uint2B
+0x002 Port : Uint2B
+0x004 AddressLength : Uint4B
+0x008 Path : UChar
+0x009 Target : UChar
+0x00a Lun : UChar
+0x00b Reserved : UChar
+0x058 AddressType : Uint2B
+0x05a AddressPort : Uint2B
+0x05c AddressLength : Uint4B
+0x060 Address : _STOR_SCSI_ADDRESS
+0x000 PathId : UChar
+0x001 TargetId : UChar
+0x002 Lun : UChar
+0x003 Reserved : UChar
+0x068 Identity : _STOR_SCSI_IDENTITY
+0x000 InquiryData : Ptr64
+0x008 SerialNumber : _STRING
+0x000 Length : Uint2B
+0x002 MaximumLength : Uint2B
+0x008 Buffer : Ptr64
+0x018 Supports1667 : UChar
+0x019 ZonedDevice : UChar
+0x020 DeviceId : Ptr64
+0x028 AtaDeviceId : Ptr64
+0x030 RichDeviceDescription : Ptr64
=======================================
typedef struct _VendorInfo
{
char pad_0x0000[0x8];
char Info[64];
} VendorInfo;
typedef struct _HDD_EXTENSION
{
char pad_0x0000[0x68];
VendorInfo* pVendorInfo;
char pad_0x0068[0x8];
char* pHDDSerial;
char pad_0x0078[0x30];
} HDD_EXTENSION, *PHDD_EXTENSION;
======
lkd> u storport
storport!StorpTelemetryLogUnitSmartAttributesMeasures <PERF> (storport+0x0):
fffff800`30e30000 4d5a pop r10
=====
lkd> u storport!RaidUnitRegisterInterfaces
storport!RaidUnitRegisterInterfaces:
fffff800`30e4a6a8 48895c2418 mov qword ptr [rsp+18h],rbx
fffff800`30e4a6ad 55 push rbp
fffff800`30e4a6ae 56 push rsi
fffff800`30e4a6af 57 push rdi
fffff800`30e4a6b0 4883ec50 sub rsp,50h
fffff800`30e4a6b4 8b4160 mov eax,dword ptr [rcx+60h]
fffff800`30e4a6b7 4c8d0d52130400 lea r9,[storport!`string' (fffff800`30e8ba10)]
fffff800`30e4a6be 488b5118 mov rdx,qword ptr [rcx+18h]
=====
RaidUnitRegisterInterfaces offset:
0x30e4a6a8 - 0x30e30000 = 0x1A6A8