Not getting full memory read in output buffer(driver)

**azzclown** · 04-19-2015

Im using this code to get memory content from notepad:
PCHAR outBuf=null
int addr = 0x12345667<--- you get the point, its the hex address that i want to read.

Code:

		RtlCopyMemory(                       //routine copies the contents of a source memory block to a destination memory block.
			outBuf,				 //A pointer to the destination memory block to copy the bytes to.
			(const void*)addr,            	 //A pointer to the source memory block to copy the bytes from.
			OutputBufferLength   //The number of bytes to copy from the source to the destination.
			);

my output in kernel debug is this:

00000124 127.78936005 SHOOOOOIIIIIIIIITTT
00000125 127.78937531 Data to User : !HEXDUMP!
00000126 127.78937531 H
00000127 127.78937531 .
00000128 127.78937531 O
00000129 127.78937531 .
00000130 127.78937531 L
00000131 127.78937531 .
00000132 127.78937531 A
00000133 127.78937531 .
00000134 127.78937531 .
00000135 127.78937531 .
00000136 127.78937531 .
00000137 127.78937531 .
00000138 127.78937531 .
00000139 127.78939056 .
00000140 127.78939056 .
00000141 127.78939056 .
00000142 127.78939056 .
00000143 127.78939056 .
00000144 127.78939056 .
00000145 127.78939056 .
00000146 127.78939056 .
00000147 127.78939056 .
00000148 127.78939056 .
00000149 127.78939056 .
00000150 127.78939056 .
00000151 127.78939056 .
00000152 127.78939056 .
00000153 127.78939056 .
00000154 127.78939056 .
00000155 127.78939056 .
00000156 127.78939056 .
00000157 127.78939819 .
00000158 127.78939819 .
00000159 127.78939819 .
00000160 127.78939819 .
00000161 127.78939819 .
00000162 127.78939819 .
00000163 127.78939819 .
00000164 127.78939819 .
00000165 127.78939819 .
00000166 127.78939819 .
00000167 127.78939819 .
00000168 127.78939819 .
00000169 127.78939819 .
00000170 127.78939819 .
00000171 127.78939819 .
00000172 127.78939819 .
00000173 127.78939819 .
00000174 127.78939819 .
00000175 127.78941345

================================================== ==========================================

So as you can see im am getting the message into kernel. Btw HOLA means HELLO.

This is my application output
Message received:H <------------------------------------ THIS IS THE PROBLEM, Im looking to get the whole message i put in notepad that was "HOLA"
bytes read:49

readBuffer from the app is a char[50]<--- have tried [1024].

im communicating using this code:

Code:

	
DeviceIoControl(
		hDevice, // device to be queried
		IOCTL_NONPNP_METHOD_BUFFERED, // operation to perform
		welcome,	 //A pointer to the input buffer that contains the data required to perform the operation.
		strlen(welcome), //The size of the input buffer, in bytes
		ReadBuffer,		//A pointer to the output buffer that is to receive the data returned by the operation.
		sizeof(ReadBuffer), //The size of the output buffer, in bytes.
		&dwBytesRead, //A pointer to a variable that receives the size of the data stored in the output buffer, in bytes.
		NULL);		  //A pointer to an OVERLAPPED structure.
	std::cout << ReadBuffer;
	printf("Message received: %s\n", ReadBuffer);
	printf("Bytes read : %d\n", dwBytesRead);

**azzclown** · 04-20-2015

Ok so i figured it out. Its pretty stupid of my part but yeah incase someone is going trough the same..... My buffer is a char array (char[]) so to check if i was getting the message from my driver i had to to:
std::cout << ReadBuffer[0] << std::endl;<--- prints H
std::cout << ReadBuffer[2] << std::endl;<--- prints O
std::cout << ReadBuffer[4]<<std::endl;<---- Print L
std::cout << ReadBuffer[6] << std::endl;<----prints A

So yeah the code is working fine. What i need is to find a way to put that on a string.... i tried:

std::string char_String = std::string(myChar);<--- but that only print H, seems like it stops the copy at myChar[0] i really dont know i have to read what exactly that is supposed to do.

Anyway i think i can find a way to make it work. Maybe a for( to convert letters every +2 spaces in the array to string... that will include spaces from the message(as long as it written write(get it,write?)). That would need two strings tho, one for appending each letter and another one to get one char letter. Something like this:

string1=char[0]
string2 = append string1.

so in the for( string1 will get the char[i] and we will append it to the string2 to build up the message.

Im just writting this for documentation , maybe it will help someone. Also i dont know if this will works as i have yet to try it(although the theory sounds fine to me) and i dont know if there is a function given by c++ for this, i will be doing a little research since less code is always better. This way i said has flaws like if in notepad the message is written with a space in the begging, or like if someone write more than one space in a row, it could really screw your output. Also you could end with alot of useless spaces at the end of your string lol

Im no expert in programming, dont treat this as if this is coming from one haha

**Hell_Demon** · 04-20-2015

try wchar[] or std::wstring, they're wide characters(2 bytes)

**Hitokiri~** · 04-21-2015

As said above, the output is being generated as wide-characters. You can either follow the above and use std::wstring/wchar_t[] or use wcstombs() which converts wide character arrays to multi-byte arrays.

**azzclown** · 04-21-2015

Originally Posted by Hell_Demon

try wchar[] or std::wstring, they're wide characters(2 bytes)

Changed to pwchar my output buffer in driver, also changed to wchar_t my buffer that receive data in the application, also , "converted" this wchar_t buffer to wstring and with wcout im seeing the message, so freaking cool. Following your advice fixed it, great!!!

Thread: Not getting full memory read in output buffer(driver)

Thread Tools

Display