// In My Driver.

Function ViC_ZwOpenProcess(PID: DWord): THandle; stdcall;
var
ProcessHandle: THandle;
ClientId: CLIENT_ID;
ObjectAttributes: OBJECT_ATTRIBUTES;
const PROCESS_ALL_ACCESS: DWord = $001F0FFF;
begin
Result:= 0;
with ObjectAttributes do
begin
Length:= SizeOf(OBJECT_ATTRIBUTES);
RootDirectory:= 0;
ObjectName:= NIL;
Attributes:= 0;
SecurityDescriptor:= NIL;
SecurityQualityOfService:= NIL;
end;
with ClientId do
begin
UniqueProcess:= PID;
UniqueThread:= 0;
end;
if (ZwOpenProcess(@ProcessHandle,PROCESS_ALL_ACCESS,@ ObjectAttributes,@ClientId) <> 0) then
DbgPrint('ZwOpenProcess: -> Failed')
else Result:= ProcessHandle;
end;

Function ViC_OnIoDevControl(DeviceObject: pDeviceObject; Irp: PIRP): NTSTATUS; stdcall;
var
pSysBuf: Pointer;
status: NTSTATUS;
IrpStack: PIO_STACK_LOCATION;
dwBytesReturned, dwIoControlCode, hProcess, VIC_OP: DWord;
begin
DbgPrint('VIC: + DriverOnIoDevControl');
status:= STATUS_SUCCESS;
dwBytesReturned:= 0;
IrpStack:= IoGetCurrentIrpStackLocation(Irp);
dwIoControlCode:= IrpStack^.Parameters.DeviceIoControl.IoControlCode ;
pSysBuf:= Irp^.AssociatedIrp.SystemBuffer;
VIC_OP:= CTL_CODE(FILE_DEVICE_UNKNOWN,$801,METHOD_BUFFERED, FILE_ANY_ACCESS);
if (dwIoControlCode = VIC_OP) then
begin
PID:= DWord(pSysBuf^);
hProcess:= ViC_ZwOpenProcess(PID);
DWord(pSysBuf^):= hProcess; <~~~~~~~~~ HERE
dwBytesReturned:= SizeOf(hProcess);
DbgPrint('VIC: The process was openned');
end else status:= STATUS_INVALID_DEVICE_REQUEST;
Irp^.IoStatus.Status:= status;
Irp^.IoStatus.Information:= dwBytesReturned;
IoCompleteRequest(Irp,IO_NO_INCREMENT);
Result:= status;
end;

// In My Loader.
Procedure ViC_ZwOpenProcess(PID: DWord); stdcall;
var VIC_OP: DWord;
begin
hDev:= CreateFile(PAnsiChar('\\.\' + Copy(nFile,1,Length(nFile) - 4)),GENERIC_READ + GENERIC_WRITE,0,NIL,OPEN_EXISTING,0,0);
if (hDev = INVALID_HANDLE_VALUE) then
begin
OutputDebugStringA('CreateFile was failed.');
ControlService(hSv,SERVICE_CONTROL_STOP,svStatus);
DeleteService(hSv);
CloseServiceHandle(Scm);
Exit;
end;
OutputDebugStringA('CreateFile was success.');
VIC_OP:= CTL_CODE(FILE_DEVICE_UNKNOWN,$801,METHOD_BUFFERED, FILE_ANY_ACCESS);
inBuf:= PID;
IoSucc:= DeviceIoControl(hDev,VIC_OP,@inBuf,SizeOf(inBuf),@ outBuf,SizeOf(outBuf),dwReturned,NIL); <~~~~~~~~~ HERE
OutputDebugStringA(PAnsiChar(Format('VIC: Input: %d - Output: %d',[inBuf,outBuf])));
if (IoSucc = False) then CloseHandle(hDev);
else OutputDebugStringA('DeviceIoControl was failed.');
end;

Hi all you,
Please help me. I was coded a driver but I have a problem, I don't know why I cannot to tranfer the data from kernel mode to user mode. Who can help me? I very need it in the next time. Thanks so much.
BR,
vic4key

Are you sure the Delphi libraries can operate in ring o?. I thought they were not suitable. Also, the Delphi linker will not produce correct ring 0 code. For example, I have never seen a kernel mode device driver written in Delphi. If the problem was in a C driver I would check IRQL level.

BTW, please drop the sig. Short one liner is OK, but no multiple line sigs please.

Git

[Please DO NOT reply to yourself, use the Edit button to edit your post]

Im sure my lib no problem. I'm usin' MeerKat 1.1 to code the driver. I think that source cannt wrong but i dont know it cannot tranfer. So no who can help me? :(
I see the driver code by Delphi then so normal. :|

BR, vic4key

OK. I had resolved. LOL Thank you for your interest.

BR,
vic4key

I think maybe you have seen SERVICE code in Delphi, but believe me, if you are going to use the delphi linker or the delphi RTL, you can NOT write kernel mode device drivers with it. With Meerkat, maybe you can kludge together some form of driver, but not for kernel use. Most people will stay away even from C++ when writing drivers. It really is the territory of plain vanilla C and you are fighting against the tide trying to force a good GUI language to play tricks it does not support.

Git

I don't think so. As my think, everythin' C++ can do then Delphi can do it too. I'm doin' a project to protect the games online so I need to code some driver for it to use.
You can see my sample test here, it's nothin':
+ ZwOpenProcess
+ ZwTerminateProcess
+ Protect the process
+ Hide the Process
Download (http://www.mediafire.com/?7wla1pwvvv62fb4)
You enter the PID of process to protect, hide,... After that press button correspond. ;)
It's nothin' LOL
BR,
vic4key