Skip to content

matthiaskonrath/ioctl.py

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
README.md
README.md
 
 
ioctl.py
ioctl.py
 
 

Repository files navigation

ioctl.py

Quick script to decode I/O control values for Windows drivers:

  • Determine Device Type,
  • Determine Access Check,
  • Determine Function Code,
  • Determine I/O Method, and
  • Output CTL_CODE macro template (if possible).

Usage

Usage: example.py <ioctl code>

Usage: example.py 0x222003

Output

root@kali:~# ./ioctl.py 0x2222CE                                      
[*] Device Type: FILE_DEVICE_UNKNOWN
[*] Function Code: 0x8b3
[*] Access Check: FILE_ANY_ACCESS
[*] I/O Method: METHOD_OUT_DIRECT
[*] CTL_CODE(FILE_DEVICE_UNKNOWN, 0x8b3, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)

Notes

Harcoded dictionary values come from: ntddk.h, devioctl.h, and irclass_ioctl.h.

Inspired by the OSR online tool: https://www.osronline.com/article.cfm%5earticle=229.htm

Created with help from: https://social.technet.microsoft.com/wiki/contents/articles/24653.decoding-io-control-codes-ioctl-fsctl-and-deviceiocodes-with-table-of-known-values.aspx

Could have bugs, only tested 3 IOCTLs.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%