From 1ef60bc4c5d16fa513c1196bf67ed2a8d27a7279 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20H=C3=B6glinger-Stelzer?= Date: Sun, 25 Jun 2023 16:46:11 +0200 Subject: [PATCH] Added more display friendly dumping --- README.md | 6 +++- .../SmartArrayControllerTool.cpp | 30 +++++++++++++++++-- 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a6f8b8f..078d1a7 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,10 @@ Trying to figure out which requests the [HP ProLiant Array Configuration Utility Heavily work in progress 🔥 +## Details + +The ACU sends a couple of `IOCTL_SCSI_MINIPORT` IOCTLs with custom payloads on controller selection; + ## 3rd party sources - [HP ProLiant Array Configuration Utility for Windows 64-bit](https://support.hpe.com/connect/s/softwaredetails?language=en_US&softwareId=MTX_669f83062c7b492083c2aa7125) @@ -13,4 +17,4 @@ Heavily work in progress 🔥 - [cciss_defs.h](https://github.com/torvalds/linux/blob/a92b7d26c743b9dc06d520f863d624e94978a1d9/include/uapi/linux/cciss_defs.h) - [cciss_ioctl.h](https://github.com/torvalds/linux/blob/a92b7d26c743b9dc06d520f863d624e94978a1d9/include/uapi/linux/cciss_ioctl.h) - [SCSI Pass-Through Interface Tool](https://github.com/microsoft/Windows-driver-samples/tree/f5fe952f1fc90cfcff535407d56f49953d22e8da/storage/tools/spti) -- [HPSA - Hewlett Packard Smart Array driver](https://kernel.org/doc/html/v6.4-rc7/scsi/hpsa.html) \ No newline at end of file +- [HPSA - Hewlett Packard Smart Array driver](https://kernel.org/doc/html/v6.4-rc7/scsi/hpsa.html) diff --git a/SmartArrayControllerTool/SmartArrayControllerTool.cpp b/SmartArrayControllerTool/SmartArrayControllerTool.cpp index b7b7ad9..99612c3 100644 --- a/SmartArrayControllerTool/SmartArrayControllerTool.cpp +++ b/SmartArrayControllerTool/SmartArrayControllerTool.cpp @@ -17,12 +17,16 @@ // STL // #include +#include #include #include +#include #include #include +std::wstring_convert> converter; + // // Sends a sample request, sniffed from the official HP Array Configuration Utility // @@ -72,6 +76,16 @@ void MiniportExample(HANDLE handle) 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + PSRB_IO_CONTROL pIoControl = (PSRB_IO_CONTROL)&payload[0]; + + std::wcout << L"[I] - HeaderLength: " << std::dec << pIoControl->HeaderLength << std::endl; + std::wcout << L"[I] - Signature: " << converter.from_bytes((const char*)pIoControl->Signature) << std::endl; + std::wcout << L"[I] - Timeout: " << std::dec << pIoControl->Timeout << std::endl; + std::wcout << L"[I] - ControlCode: " << std::hex << pIoControl->ControlCode << std::endl; + std::wcout << L"[I] - ReturnCode: " << std::dec << pIoControl->ReturnCode << std::endl; + std::wcout << L"[I] - Length: " << std::dec << pIoControl->Length << std::endl; + std::wcout << std::endl; + DWORD bytesReturned = 0; BOOL ret = DeviceIoControl( handle, @@ -87,8 +101,20 @@ void MiniportExample(HANDLE handle) if (ret) { std::wcout << L"Request succeeded" << std::endl; + std::wcout << std::endl; - const std::vector buffer((PUCHAR)payload, (PUCHAR)payload + ARRAYSIZE(payload)); + std::wcout << L"[O] - HeaderLength: " << std::dec << pIoControl->HeaderLength << std::endl; + std::wcout << L"[O] - Signature: " << converter.from_bytes((const char*)pIoControl->Signature) << std::endl; + std::wcout << L"[O] - Timeout: " << std::dec << pIoControl->Timeout << std::endl; + std::wcout << L"[O] - ControlCode: " << std::hex << pIoControl->ControlCode << std::endl; + std::wcout << L"[O] - ReturnCode: " << std::dec << pIoControl->ReturnCode << std::endl; + std::wcout << L"[O] - Length: " << std::dec << pIoControl->Length << std::endl; + std::wcout << std::endl; + + // + // Skips sizeof(SRB_IO_CONTROL) and only dumps the data buffer afterwards + // + const std::vector buffer((PUCHAR)payload + pIoControl->HeaderLength, (PUCHAR)payload + pIoControl->HeaderLength + pIoControl->Length); std::wostringstream ss; @@ -136,6 +162,6 @@ int wmain(int argc, wchar_t* argv[]) std::wcout << L"Successfully opened device " << deviceName << std::endl; MiniportExample(handle); - + CloseHandle(handle); }