///
/// IRP Device IoCtl Handler
///
/// The pointer to DEVICE_OBJECT
/// The pointer to IRP
/// NTSTATUS
NTSTATUS IrpDeviceIoCtlHandler(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) {
ULONG IoControlCode = 0;
PIO_STACK_LOCATION IrpSp = NULL;
NTSTATUS Status = STATUS_NOT_SUPPORTED;
UNREFERENCED_PARAMETER(DeviceObject);
PAGED_CODE();
IrpSp = IoGetCurrentIrpStackLocation(Irp);
IoControlCode = IrpSp->Parameters.DeviceIoControl.IoControlCode;
if (IrpSp) {
switch (IoControlCode) {
case HACKSYS_EVD_IOCTL_STACK_OVERFLOW:
DbgPrint("****** HACKSYS_EVD_STACKOVERFLOW ******\n");
Status = StackOverflowIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_STACKOVERFLOW ******\n");
break;
case HACKSYS_EVD_IOCTL_STACK_OVERFLOW_GS:
DbgPrint("****** HACKSYS_EVD_IOCTL_STACK_OVERFLOW_GS ******\n");
Status = StackOverflowGSIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_STACK_OVERFLOW_GS ******\n");
break;
case HACKSYS_EVD_IOCTL_ARBITRARY_OVERWRITE:
DbgPrint("****** HACKSYS_EVD_IOCTL_ARBITRARY_OVERWRITE ******\n");
Status = ArbitraryOverwriteIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_ARBITRARY_OVERWRITE ******\n");
break;
case HACKSYS_EVD_IOCTL_NON_PAGED_POOL_OVERFLOW:
DbgPrint("****** HACKSYS_EVD_IOCTL_NON_PAGED_POOL_OVERFLOW ******\n");
Status = NonPagedPoolOverflowIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_NON_PAGED_POOL_OVERFLOW ******\n");
break;
case HACKSYS_EVD_IOCTL_ALLOCATE_UAF_OBJECT:
DbgPrint("****** HACKSYS_EVD_IOCTL_ALLOCATE_UAF_OBJECT ******\n");
Status = AllocateUaFObjectIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_ALLOCATE_UAF_OBJECT ******\n");
break;
case HACKSYS_EVD_IOCTL_USE_UAF_OBJECT:
DbgPrint("****** HACKSYS_EVD_IOCTL_USE_UAF_OBJECT ******\n");
Status = UseUaFObjectIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_USE_UAF_OBJECT ******\n");
break;
case HACKSYS_EVD_IOCTL_FREE_UAF_OBJECT:
DbgPrint("****** HACKSYS_EVD_IOCTL_FREE_UAF_OBJECT ******\n");
Status = FreeUaFObjectIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_FREE_UAF_OBJECT ******\n");
break;
case HACKSYS_EVD_IOCTL_ALLOCATE_FAKE_OBJECT:
DbgPrint("****** HACKSYS_EVD_IOCTL_ALLOCATE_FAKE_OBJECT ******\n");
Status = AllocateFakeObjectIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_ALLOCATE_FAKE_OBJECT ******\n");
break;
case HACKSYS_EVD_IOCTL_TYPE_CONFUSION:
DbgPrint("****** HACKSYS_EVD_IOCTL_TYPE_CONFUSION ******\n");
Status = TypeConfusionIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_TYPE_CONFUSION ******\n");
break;
case HACKSYS_EVD_IOCTL_INTEGER_OVERFLOW:
DbgPrint("****** HACKSYS_EVD_IOCTL_INTEGER_OVERFLOW ******\n");
Status = IntegerOverflowIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_INTEGER_OVERFLOW ******\n");
break;
case HACKSYS_EVD_IOCTL_NULL_POINTER_DEREFERENCE:
DbgPrint("****** HACKSYS_EVD_IOCTL_NULL_POINTER_DEREFERENCE ******\n");
Status = NullPointerDereferenceIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_NULL_POINTER_DEREFERENCE ******\n");
break;
case HACKSYS_EVD_IOCTL_UNINITIALIZED_STACK_VARIABLE:
DbgPrint("****** HACKSYS_EVD_IOCTL_UNINITIALIZED_STACK_VARIABLE ******\n");
Status = UninitializedStackVariableIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_UNINITIALIZED_STACK_VARIABLE ******\n");
break;
case HACKSYS_EVD_IOCTL_UNINITIALIZED_HEAP_VARIABLE:
DbgPrint("****** HACKSYS_EVD_IOCTL_UNINITIALIZED_HEAP_VARIABLE ******\n");
Status = UninitializedHeapVariableIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_UNINITIALIZED_HEAP_VARIABLE ******\n");
break;
case HACKSYS_EVD_IOCTL_DOUBLE_FETCH:
DbgPrint("****** HACKSYS_EVD_IOCTL_DOUBLE_FETCH ******\n");
Status = DoubleFetchIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_DOUBLE_FETCH ******\n");
break;
case HACKSYS_EVD_IOCTL_INSECURE_KERNEL_FILE_ACCESS:
DbgPrint("****** HACKSYS_EVD_IOCTL_INSECURE_KERNEL_FILE_ACCESS ******\n");
Status = InsecureKernelFileAccessIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_INSECURE_KERNEL_FILE_ACCESS ******\n");
break;
case HACKSYS_EVD_IOCTL_MEMORY_DISCLOSURE:
DbgPrint("****** HACKSYS_EVD_IOCTL_MEMORY_DISCLOSURE ******\n");
Status = MemoryDisclosureIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_MEMORY_DISCLOSURE ******\n");
break;
case HACKSYS_EVD_IOCTL_PAGED_POOL_SESSION:
DbgPrint("****** HACKSYS_EVD_IOCTL_PAGED_POOL_SESSION ******\n");
Status = PagedPoolSessionOverflowIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_PAGED_POOL_SESSION ******\n");
break;
case HACKSYS_EVD_IOCTL_WRITE_NULL:
DbgPrint("****** HACKSYS_EVD_IOCTL_WRITE_NULL ******\n");
Status = WriteNULLIoctlHandler(Irp, IrpSp);
DbgPrint("****** HACKSYS_EVD_IOCTL_WRITE_NULL ******\n");
break;
default:
DbgPrint("[-] Invalid IOCTL Code: 0x%X\n", IoControlCode);
Status = STATUS_INVALID_DEVICE_REQUEST;
break;
}
}
}