|
|
目前处理了磁盘、SMBIOS 表、注册表、磁盘型号、EFI、TPM、USB、显示器、GUID。
处理的 IOCTL 列表:
IOCTL_STORAGE_QUERY_PROPERTY (Prop=0)
IOCTL_STORAGE_QUERY_PROPERTY (Prop=1)
IOCTL_STORAGE_QUERY_PROPERTY (Prop=3)
IOCTL_STORAGE_QUERY_PROPERTY (Prop=49)
IOCTL_STORAGE_QUERY_PROPERTY (Prop=50)
IOCTL_STORAGE_QUERY_PROPERTY (Prop=57)
IOCTL_STORAGE_QUERY_PROPERTY (其他)
IOCTL_SCSI_PASS_THROUGH
IOCTL_SCSI_PASS_THROUGH_DIRECT
IOCTL_SCSI_PASS_THROUGH_EX
IOCTL_SCSI_PASS_THROUGH_DIRECT_EX
IOCTL_ATA_PASS_THROUGH
IOCTL_ATA_PASS_THROUGH_DIRECT
IOCTL_SCSI_MINIPORT
IOCTL_SCSI_MINIPORT_IDENTIFY
IOCTL_INTEL_NVME_PASS_THROUGH
NVME_PASS_THROUGH_SRB_IO_CODE
SMART_RCV_DRIVE_DATA
IOCTL_STORAGE_GET_MEDIA_SERIAL_NUMBER
IOCTL_STORAGE_GET_DEVICE_NUMBER_EX
IOCTL_STORAGE_FIRMWARE_GET_INFO
IOCTL_STORAGE_PREDICT_FAILURE
0x00050010 (ScsiAdapterInquiry)
IOCTL_DISK_GET_PARTITION_INFO_EX
IOCTL_DISK_GET_DRIVE_LAYOUT_EX
IOCTL_MOUNTMGR_QUERY_POINTS
IOCTL_MOUNTDEV_QUERY_UNIQUE_ID
IRP_MJ_QUERY_VOLUME_INFORMATION
所有 spaceport IOCTL
被阻止的 IOCTL(返回 STATUS_NOT_SUPPORTED):
IOCTL_ATA_MINIPORT
IOCTL_IDE_PASS_THROUGH
IOCTL_MPIO_PASS_THROUGH_PATH
IOCTL_MPIO_PASS_THROUGH_PATH_DIRECT
钩子不是未被检测的,请自行解决;这里列出了所有被钩子的驱动:
disk.sys, storahci.sys, stornvme.sys, partmgr.sys, mountmgr.sys,
volmgr.sys, spaceport.sys, Ntfs.sys, nsiproxy.sys, nsi.sys, Tcp.sys,
ndiswan.sys, 所有 NDIS 微型端口驱动
|
上一篇:jsmpc ai自动逆向成品+python源代码
|
发表于 
发表于