Jump to content
Ferryman

DllCall with multiple outputs

Recommended Posts

Ferryman

I am trying to access CPU MSR registers by using WinRing0 low-level driver.

All of the other functions work fine, however I am not able to access any functions which would return multiple values.

MSR Read function should return two DWORD;, eax and edx.

CPUID function should return quad DWORDs; eax, ebx, ecx, edx.

For RdMsr:

BOOL // TRUE: success, FALSE: failure
WINAPI Rdmsr(
        DWORD index,                                    // MSR index
        PDWORD eax,                                          // bit  0-31
        PDWORD edx                                            // bit 32-63

For CPUID:

BOOL // TRUE: success, FALSE: failure
WINAPI Cpuid(
        DWORD index,                                    // CPUID index
        PDWORD eax,
        PDWORD ebx,
        PDWORD ecx,
        PDWORD edx

$DLL=DllOpen("WinRing0x64.dll")
$CPUID1 = DllCall($DLL, "bool", "Cpuid", "dword", "0x00000001", "dword", "", "dword", "", "dword", "", "dword", "")

$CPUID1[0] - $CPUID1[5] variables return zero, except $CPUID1[1] which is 1 (0x00000001) of course.

Any help would be highly appreciated as I am a total newbie with AutoIT :

Share this post


Link to post
Share on other sites
trancexx

PDWORD is "dword*" (notice asterisk).

  • Like 1

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites
Ferryman

PDWORD is "dword*" (notice asterisk).

That was simple, thank you :)

I would now have yet another issue.

I need to access the physical memory, however it is done with a buffer, and naturally I have no clue how to create one.

I have tried with DllStructCreate and MemAlloc, however both methods seem to fail.

The required format for the call is:

DWORD // Read size(byte), 0: failure
WINAPI ReadPhysicalMemory(
DWORD_PTR address, // Physical Memory Address
PBYTE buffer,  // Buffer
DWORD count,  // Count
DWORD unitSize  // Unit Size (BYTE, WORD, DWORD)

I can easily access the physical memory with another Dll (WinIo), however the driver is unsigned and it would require activation of "Test Mode" on X64 OS.

Any help is HIGHLY appreciated, thanks!

Share this post


Link to post
Share on other sites
francischi
Posted (edited)

Hi Ferryman, can you share how did you access physical memory via WinIO dll?

Edited by Melba23
Reformatted text and removed HUGE quote

Share this post


Link to post
Share on other sites
FrancescoDiMuro

Hi @francischi, and welcome to the AutoIt forum :)
Did you see that this post is 5 years old?
I suggest you to open a new one, in which you ask what you want.
Remeber always to check first the Forum Rules and Forum Etiquette :)

Best Regards.


Click here to see my signature:

Spoiler

Thoughts:

  • I will always thank you for the time you spent for me.
    I'm here to ask, and from your response, I'd like to learn.
    By my knowledge, I can help someone else, and "that someone" could help in turn another, and so on.

/*--------------------------------------------------------------------------------------------------------------------------------------------------------------------------*/

ALWAYS GOOD TO READ:

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×