Last active
January 21, 2021 02:27
-
-
Save uf0o/4a8baea6cbe22fe406fb61a605c3ed06 to your computer and use it in GitHub Desktop.
Usage of 'NtOpenFile' to access a device driver that doesn't export any symlink
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| #include <winternl.h> | |
| #pragma comment(lib, "ntdll") | |
| #define IOCTL_BEEP CTL_CODE(FILE_DEVICE_BEEP, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) | |
| typedef struct _BEEP_SETTINGS { | |
| ULONG ulFrequency; | |
| ULONG ulDuration; | |
| } BEEP_SETTINGS; | |
| int Error(const char* msg) { | |
| printf("%s (%u)\n", msg, GetLastError()); | |
| return 1; | |
| } | |
| int main() { | |
| UNICODE_STRING name; | |
| OBJECT_ATTRIBUTES BeepObjectAttributes; | |
| IO_STATUS_BLOCK IOBlock; | |
| RtlInitUnicodeString(&name, L"\\Device\\Beep"); | |
| InitializeObjectAttributes(&BeepObjectAttributes, &name, 0, nullptr, nullptr); | |
| IO_STATUS_BLOCK isb; | |
| HANDLE hDevice; | |
| auto status = NtOpenFile(&hDevice, GENERIC_WRITE, &BeepObjectAttributes, &isb, FILE_SHARE_WRITE, 0); | |
| BEEP_SETTINGS BeepSettings; | |
| BeepSettings.ulDuration = 10000; | |
| BeepSettings.ulFrequency = 500; | |
| DWORD bytes; | |
| if (!::DeviceIoControl(hDevice, IOCTL_BEEP, &BeepSettings, sizeof(BeepSettings), nullptr, 0, &bytes, nullptr)) | |
| return Error("failed in DeviceIoControl"); | |
| Sleep(1000); | |
| CloseHandle(hDevice); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment