Jump to content
Sign in to follow this  
Ferryman

DllCall with multiple outputs

Recommended Posts

Ferryman

I am trying to access CPU MSR registers by using WinRing0 low-level driver.

All of the other functions work fine, however I am not able to access any functions which would return multiple values.

MSR Read function should return two DWORD;, eax and edx.

CPUID function should return quad DWORDs; eax, ebx, ecx, edx.

For RdMsr:

BOOL // TRUE: success, FALSE: failure
WINAPI Rdmsr(
        DWORD index,                                    // MSR index
        PDWORD eax,                                          // bit  0-31
        PDWORD edx                                            // bit 32-63

For CPUID:

BOOL // TRUE: success, FALSE: failure
WINAPI Cpuid(
        DWORD index,                                    // CPUID index
        PDWORD eax,
        PDWORD ebx,
        PDWORD ecx,
        PDWORD edx

$DLL=DllOpen("WinRing0x64.dll")
$CPUID1 = DllCall($DLL, "bool", "Cpuid", "dword", "0x00000001", "dword", "", "dword", "", "dword", "", "dword", "")

$CPUID1[0] - $CPUID1[5] variables return zero, except $CPUID1[1] which is 1 (0x00000001) of course.

Any help would be highly appreciated as I am a total newbie with AutoIT :

Share this post


Link to post
Share on other sites
trancexx

PDWORD is "dword*" (notice asterisk).


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites
Ferryman

PDWORD is "dword*" (notice asterisk).

That was simple, thank you :)

I would now have yet another issue.

I need to access the physical memory, however it is done with a buffer, and naturally I have no clue how to create one.

I have tried with DllStructCreate and MemAlloc, however both methods seem to fail.

The required format for the call is:

DWORD // Read size(byte), 0: failure
WINAPI ReadPhysicalMemory(
DWORD_PTR address, // Physical Memory Address
PBYTE buffer,  // Buffer
DWORD count,  // Count
DWORD unitSize  // Unit Size (BYTE, WORD, DWORD)

I can easily access the physical memory with another Dll (WinIo), however the driver is unsigned and it would require activation of "Test Mode" on X64 OS.

Any help is HIGHLY appreciated, thanks!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×