IOCTLpus

IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).

Here is an example of a communication with a driver:

If no arguments is passed to IOCTLpus, it will run in GUI mode; if the --cli argument is passed it will run in CLI mode.

Example: --cli --guid \\.\PhysicalDrive0 --ioctl 70000 -i 32 -o 32 --input 0000000000000000000000000000000000000000000000000000000000000000

CLI Usage:

  --cli                Run IOCTLpus in CLI mode.

  --guid               Path/GUID of the driver to interact with.

  --ioctl              IOCTL code.

  -i, --input-size     (Default: 32) Input Size (decimal).

  -o, --output-size    (Default: 32) Output Size (decimal).

  --input              Input buffer.

  -r, --repeat         (Default: 0) # of times to repeat the IOCTL request.

  --access-mask        (Default: 20000000) Access Mask.

  --help               Display this help screen.

  --version            Display version information.

Tentative Roadmap

• [x] Create handles using Device Interface GUIDs in addition to symbolic links. [GIF]
• [ ] Persist requests to SQLite databases.
• [ ] Apply filters to request history.
• [ ] Integrate Kaitai Struct to define and view buffer structures (inspired by).
• [x] Develop an API to use the tool headlessly (e.g. for fuzzing).
• [x] Design a cool logo.

Similar Tools

• jerome-pouiller / ioctl
• xst3nz / ioctlbf

Developers

• Developed in 2017 by Jackson Thuraisamy @Jackson_T
• Updated in 2021 by Paolo Stagno @Void_Sec

Licence

GPLv3