NTSTATUS entry(_DRIVER_OBJECT *DriverObject,_UNICODE_STRING *RegistryPath) { NTSTATUS NVar1; _DEVICE_OBJECT *local_38; _UNICODE_STRING local_30; _UNICODE_STRING local_20 [2]; if (((DAT_00013108 == 0) || (DAT_00013108 == 0x2b992ddfa232)) && (DAT_00013108 = (_DAT_fffff78000000320 ^ 0x13108) & 0xffffffffffff, DAT_00013108 == 0)) { DAT_00013108 = 0x2b992ddfa232; } _DAT_00013100 = ~DAT_00013108; local_38 = (_DEVICE_OBJECT *)0x0; DbgPrint("Entering DriverEntry"); RtlInitUnicodeString(&local_30,L"\\Device\\MsIo"); NVar1 = IoCreateDevice(DriverObject,0,&local_30,0x8010,0,'\0',&local_38); if (NVar1 < 0) { DbgPrint("ERROR: IoCreateDevice failed"); } else { *(code **)&DriverObject->DispatchDeviceIOControl = ioctl; *(code **)&DriverObject->DispatchClose = ioctl; *(code **)&DriverObject->DispatchCreate = ioctl; *(code **)&DriverObject->DriverUnload = DriverUnload; RtlInitUnicodeString(local_20,L"\\DosDevices\\MsIo"); NVar1 = IoCreateSymbolicLink(local_20,&local_30); if (NVar1 < 0) { DbgPrint("ERROR: IoCreateSymbolicLink failed"); IoDeleteDevice(local_38); } } DbgPrint("Leaving DriverEntry"); return NVar1; } void DriverUnload(longlong param_1) { NTSTATUS NVar1; _UNICODE_STRING local_18; DbgPrint("Entering MsIoUnload"); RtlInitUnicodeString(&local_18,L"\\DosDevices\\MsIo"); NVar1 = IoDeleteSymbolicLink(&local_18); if (-1 < NVar1) { IoDeleteDevice(*(_DEVICE_OBJECT **)(param_1 + 8)); DbgPrint("Leaving MsIoUnload"); return; } DbgPrint("ERROR: IoDeleteSymbolicLink"); DbgPrint("Leaving MsIoUnload"); return; } NTSTATUS ioctl(_DEVICE_OBJECT *DeviceObject,_IRP *Irp) { UCHAR MajorFunction; uint InputBufferLength; ULONG UVar1; NTSTATUS NVar2; _IO_STACK_LOCATION *CurrentStackLocation; undefined8 *SystemBuffer; byte bVar3; ushort uVar4; undefined4 uVar5; ulonglong InputBufferLength0; ulonglong uVar6; char *pcVar7; undefined2 local_res10; undefined4 local_res12; char local_res16; longlong local_48; ulonglong local_40; undefined8 local_38; longlong local_30; longlong local_28 [3]; DbgPrint("---Entry MsIoDispatch---"); CurrentStackLocation = Irp->CurrentStackLocation; SystemBuffer = (undefined8 *)Irp->SystemBuffer; (Irp->IoStatus).Status = 0; (Irp->IoStatus).Information = 0; MajorFunction = CurrentStackLocation->MajorFunction; InputBufferLength = *(uint *)&CurrentStackLocation->InputBufferLength; InputBufferLength0 = (ulonglong)InputBufferLength; if (MajorFunction == '\0') { pcVar7 = "IRP_MJ_CREATE"; } else { if (MajorFunction != '\x02') { if (MajorFunction == '\x0e') { DbgPrint("IRP_MJ_DEVICE_CONTROL"); UVar1 = CurrentStackLocation->IoControlCode; if (UVar1 == 0x80102040) { DbgPrint("IOCTL_MSIO_MAPPHYSTOLIN"); if (InputBufferLength != 0) { CopyMemoryBlock(&local_48,SystemBuffer,InputBufferLength0); uVar6 = MapArbitraryPhysicalMemory(local_40,local_48,&local_30,&local_38,local_28); if (-1 < (int)uVar6) { CopyMemoryBlock(SystemBuffer,&local_48,InputBufferLength0); (Irp->IoStatus).Information = InputBufferLength0; } (Irp->IoStatus).Status = (int)uVar6; goto LAB_0001167f; } } else { if (UVar1 == 0x80102044) { DbgPrint("IOCTL_MSIO_UNMAPPHYSADDR"); if (InputBufferLength != 0) { CopyMemoryBlock(&local_48,SystemBuffer,InputBufferLength0); InputBufferLength0 = UnmapPhysicalMemory(local_38,local_30,local_28[0]); (Irp->IoStatus).Status = (LONG)InputBufferLength0; goto LAB_0001167f; } } else { if (UVar1 == 0x80102050) { DbgPrint("IOCTL_MSIO_READPORT"); if (InputBufferLength != 0) { CopyMemoryBlock((undefined8 *)&local_res10,SystemBuffer,InputBufferLength0); if (local_res16 == '\x01') { bVar3 = in(local_res10); *(uint *)SystemBuffer = (uint)bVar3; (Irp->IoStatus).Information = 4; } else { if (local_res16 == '\x02') { uVar4 = in(local_res10); *(uint *)SystemBuffer = (uint)uVar4; (Irp->IoStatus).Information = 4; } else { if (local_res16 == '\x04') { uVar5 = in(local_res10); *(undefined4 *)SystemBuffer = uVar5; (Irp->IoStatus).Information = 4; } else { *(undefined4 *)SystemBuffer = local_res12; (Irp->IoStatus).Information = 4; } } } goto LAB_0001167f; } } else { if (UVar1 == 0x80102054) { DbgPrint("IOCTL_MSIO_WRITEPORT"); if (InputBufferLength != 0) { CopyMemoryBlock((undefined8 *)&local_res10,SystemBuffer,InputBufferLength0); if (local_res16 == '\x01') { out(local_res10,(undefined)local_res12); } else { if (local_res16 == '\x02') { out(local_res10,(undefined2)local_res12); } else { if (local_res16 == '\x04') { out(local_res10,local_res12); } } } goto LAB_0001167f; } } else { DbgPrint("ERROR: Unknown IRP_MJ_DEVICE_CONTROL"); } } } } (Irp->IoStatus).Status = -0x3ffffff3; } goto LAB_0001167f; } pcVar7 = "IRP_MJ_CLOSE"; } DbgPrint(pcVar7); LAB_0001167f: NVar2 = (Irp->IoStatus).Status; IofCompleteRequest(Irp,'\0'); DbgPrint("Leaving MsIoDispatch"); return NVar2; } ulonglong MapArbitraryPhysicalMemory (ulonglong param_1,longlong param_2,longlong *param_3,undefined8 *param_4, undefined8 *param_5) { undefined8 *puVar1; UCHAR UVar2; UCHAR UVar3; uint uVar4; ULONGLONG local_res10 [2]; ULONG local_res20 [2]; PVOID local_98; longlong local_90; ulonglong local_88; ulonglong local_80; _UNICODE_STRING local_78; _OBJECT_ATTRIBUTES local_68; local_98 = (PVOID)0x0; local_res10[0] = param_2; DbgPrint("Entering MapPhysicalMemoryToLinearSpace"); RtlInitUnicodeString(&local_78,L"\\Device\\PhysicalMemory"); puVar1 = param_5; local_68.ObjectName = &local_78; *param_4 = 0; *param_5 = 0; local_68.Length = 0x30; local_68.RootDirectory = (void *)0x0; local_68.Attributes = 0x40; local_68.SecurityDescriptor = (void *)0x0; local_68.SecurityQualityOfService = (void *)0x0; uVar4 = ZwOpenSection((HANDLE *)param_4,0xf001f,&local_68); if ((int)uVar4 < 0) { DbgPrint("ERROR: ZwOpenSection failed"); } else { uVar4 = ObReferenceObjectByHandle(*param_4,0xf001f,0,0,puVar1,0); if ((int)uVar4 < 0) { DbgPrint("ERROR: ObReferenceObjectByHandle failed"); } else { local_88 = param_1 & 0xffffffff; local_90 = local_88 + local_res10[0]; local_res20[0] = 0; UVar2 = HalTranslateBusAddress(Isa,0,local_88,local_res20,&local_88); local_res20[0] = 0; UVar3 = HalTranslateBusAddress(Isa,0,local_90,local_res20,&local_90); if ((UVar2 == '\0') || (UVar3 == '\0')) { DbgPrint("ERROR: HalTranslateBusAddress failed"); } else { local_res10[0] = local_90 - local_88; local_80 = local_88; uVar4 = ZwMapViewOfSection((HANDLE)*param_4,(HANDLE)0xffffffffffffffff,&local_98,0, local_res10[0],&local_80,local_res10,1,0,0x204); if (uVar4 == 0xc0000018) { uVar4 = ZwMapViewOfSection((HANDLE)*param_4,(HANDLE)0xffffffffffffffff,&local_98,0, local_res10[0],&local_80,local_res10,1,0,4); } if ((int)uVar4 < 0) { DbgPrint("ERROR: ZwMapViewOfSection failed"); } else { local_98 = (PVOID)((longlong)local_98 + (local_88 - local_80)); *(PVOID *)param_3 = local_98; } } } } if ((int)uVar4 < 0) { ZwClose((HANDLE)*param_4); } DbgPrint("Leaving MapPhysicalMemoryToLinearSpace"); return (ulonglong)uVar4; } ulonglong UnmapPhysicalMemory(HANDLE param_1,PVOID param_2,longlong param_3) { uint uVar1; DbgPrint("Entering UnmapPhysicalMemory"); uVar1 = ZwUnmapViewOfSection((HANDLE)0xffffffffffffffff,param_2); if ((int)uVar1 < 0) { DbgPrint("ERROR: UnmapViewOfSection failed"); } if (param_3 != 0) { ObfDereferenceObject(param_3); } ZwClose(param_1); DbgPrint("Leaving UnmapPhysicalMemory"); return (ulonglong)uVar1; }